From 1d62f8ea9529ed494f0ab6dcec2513f8b6b6b1a9 Mon Sep 17 00:00:00 2001 From: github-actions Date: Sun, 9 Jun 2024 23:09:00 +0000 Subject: [PATCH] update ht events --- public/ht/colors.json | 2 +- public/ht/conferences/37C3/events.json | 2 +- public/ht/conferences/BSIDESVANCOUVER2024/events.json | 2 +- public/ht/conferences/CACKALACKYCON2024/events.json | 2 +- public/ht/conferences/COCOFEST2024/events.json | 2 +- public/ht/conferences/DEFCON30/events.json | 1 + public/ht/conferences/DEFCON31/events.json | 1 + public/ht/conferences/DEFCON32/events.json | 2 +- public/ht/conferences/EKOPARTY2024/events.json | 2 +- public/ht/conferences/SHOWMECON2024/events.json | 2 +- public/ht/index.json | 2 +- 11 files changed, 11 insertions(+), 9 deletions(-) create mode 100644 public/ht/conferences/DEFCON30/events.json create mode 100644 public/ht/conferences/DEFCON31/events.json diff --git a/public/ht/colors.json b/public/ht/colors.json index 06ac4ba..0cb71ec 100644 --- a/public/ht/colors.json +++ b/public/ht/colors.json @@ -1 +1 @@ -{"colors":["#17065e","#19A8B0","#1d1ad9","#21db00","#2922c0","#2CB255","#33c756","#420d40","#48ABA2","#4a1885","#4b4197","#548E88","#62C5C4","#6717a5","#75B008","#7a70fd","#83D1B8","#922c8f","#9bb673","#a6402f","#af2b52","#b48894","#b9c800","#cb97d2","#d15103","#d39cf8","#e34368","#ea1b1b","#f300f7","#f501ee","#f77a00","#ff97bc"]} \ No newline at end of file +{"colors":["#1d1ad9","#1e45a5","#21db00","#2922c0","#2c8f07","#2ec300","#420d40","#47c64e","#48ABA2","#49bae3","#4cd5fe","#504dd0","#53b574","#54ab76","#569d6e","#5978bc","#60b0ba","#61ba95","#62C5C4","#6717a5","#697bd0","#69814C","#6fdce3","#71c2b9","#74a6bb","#75B008","#767daa","#7692ac","#77d8b8","#7caa57","#7f73c6","#81f8bf","#83D1B8","#856899","#8dc784","#922c8f","#93758d","#97826b","#97ab92","#9b8b77","#9bb673","#9d9a7e","#a6402f","#a67a60","#a68c60","#a8c24b","#aa8266","#aae997","#ab59db","#ada5dd","#b24887","#b3b0b6","#b9b1c5","#bab7d9","#bd6284","#bfb17d","#c3a2fb","#c497fa","#c5e58e","#cad46b","#cd4f7f","#cf74e1","#d17648","#d1c366","#d3d44d","#d5f67c","#d653b1","#d68a9d","#d86e9f","#d8826b","#d8bac6","#dc99bf","#e78bea","#ea1b1b","#eab14f","#ed8d99","#ef47d8","#f300f7","#f501ee","#f5eab2","#f6ae74","#f7375a","#f77a00","#ff88ea","#ff97bc"]} \ No newline at end of file diff --git a/public/ht/conferences/37C3/events.json b/public/ht/conferences/37C3/events.json index c2fca35..4fb11f2 100644 --- a/public/ht/conferences/37C3/events.json +++ b/public/ht/conferences/37C3/events.json @@ -1 +1 @@ -[{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/sportbrigade-sparwasser\n\n\n\"Der große Sport fängt da an, wo er längst aufgehört hat gesund zu sein.\" (B. Brechet)","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Sportbrigade Sparwasser","end_timestamp":{"seconds":1703977200,"nanoseconds":0},"android_description":"https://soundcloud.com/sportbrigade-sparwasser\n\n\n\"Der große Sport fängt da an, wo er längst aufgehört hat gesund zu sein.\" (B. Brechet)","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T23:00:00.000-0000","id":53993,"begin_timestamp":{"seconds":1703970000,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T21:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Best Boy Electric is a DJ, promoter and selector with a clear focus on classic Detroit electro. As part of the queer feminist collective POSSY and founder of the party series \"Dream Journal\" and \"Fine Space\", Best Boy Electric is not only organizing various events but is taking a stand for more FLINTA* presence in the music scene. They are steadily leaving their mark in Hamburg and beyond, debuing on international festivals like Dimensions this summer. The rich musical background and a soft spot for punk characterize their sets: sometimes wavey, EBM-ish but most of the time electro in its different characteristics. The Pudel resident will provide you with dark and hot electro records.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Best Boy Electric","android_description":"Best Boy Electric is a DJ, promoter and selector with a clear focus on classic Detroit electro. As part of the queer feminist collective POSSY and founder of the party series \"Dream Journal\" and \"Fine Space\", Best Boy Electric is not only organizing various events but is taking a stand for more FLINTA* presence in the music scene. They are steadily leaving their mark in Hamburg and beyond, debuing on international festivals like Dimensions this summer. The rich musical background and a soft spot for punk characterize their sets: sometimes wavey, EBM-ish but most of the time electro in its different characteristics. The Pudel resident will provide you with dark and hot electro records.","end_timestamp":{"seconds":1703970000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T21:00:00.000-0000","id":53992,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703962800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T19:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Lisaholic is a rapper and producer from Berlin who focuses on live sampling and therefore loops all her concerts live with an MPC and a loopstation. She became known through playing rap shows at clubs and festivals all around Germany. Her style covers oldschool Hiphop, Techno, UK Bass, Dnb, Rave and Happy Hardcore.\n\n\nLisaholic is a rapper and producer from Berlin who focuses on live sampling and therefore loops all her concerts live with an MPC and a loopstation. She became known through playing rap shows at clubs and festivals all around Germany. Her style covers oldschool Hiphop, Techno, UK Bass, Dnb, Rave and Happy Hardcore.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Lisaholic","end_timestamp":{"seconds":1703962800,"nanoseconds":0},"android_description":"Lisaholic is a rapper and producer from Berlin who focuses on live sampling and therefore loops all her concerts live with an MPC and a loopstation. She became known through playing rap shows at clubs and festivals all around Germany. Her style covers oldschool Hiphop, Techno, UK Bass, Dnb, Rave and Happy Hardcore.\n\n\nLisaholic is a rapper and producer from Berlin who focuses on live sampling and therefore loops all her concerts live with an MPC and a loopstation. She became known through playing rap shows at clubs and festivals all around Germany. Her style covers oldschool Hiphop, Techno, UK Bass, Dnb, Rave and Happy Hardcore.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T19:00:00.000-0000","id":53991,"begin_timestamp":{"seconds":1703959200,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T18:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"","title":"37C3: Feierlicher Abschluss","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"android_description":"","end_timestamp":{"seconds":1703958600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53570,53567],"name":"Mullana","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52288}],"timeband_id":1143,"links":[],"end":"2023-12-30T17:50:00.000-0000","id":53567,"tag_ids":[46119,46136,46139],"begin_timestamp":{"seconds":1703956800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52288}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-30T17:20:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Leider, leider ...\r\nAm Ende kommt immer das Aufräumen.\r\nHelft uns. Die Saal muss leer werden.\r\nAlle sind willkommen, egal ob erst ein Jahr alt oder schon 99.\r\nDie Koordination erfolgt durch die Kidspace-Orga.\n\n\nLasst uns den Kidspace defragmentieren","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Defragmentierung Saal B","android_description":"Leider, leider ...\r\nAm Ende kommt immer das Aufräumen.\r\nHelft uns. Die Saal muss leer werden.\r\nAlle sind willkommen, egal ob erst ein Jahr alt oder schon 99.\r\nDie Koordination erfolgt durch die Kidspace-Orga.\n\n\nLasst uns den Kidspace defragmentieren","end_timestamp":{"seconds":1703970000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T21:00:00.000-0000","id":53996,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703955600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Kidspace - Saal B","hotel":"","short_name":"Kidspace - Saal B","id":46158},"spans_timebands":"N","begin":"2023-12-30T17:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Nik will play some Alternative Rock, Electronic Rock, Ska-Rock and other Rock-Adjacent genres.\n\n\nPeople always ask for music other than electronic music. I'll deliver!","title":"Nik","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"Nik will play some Alternative Rock, Electronic Rock, Ska-Rock and other Rock-Adjacent genres.\n\n\nPeople always ask for music other than electronic music. I'll deliver!","end_timestamp":{"seconds":1703959200,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T18:00:00.000-0000","id":53876,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703955600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","begin":"2023-12-30T17:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Liebe Fördermitglieder des Institutes für Karaokeforschung,\r\n\r\nin den letzten Tagen haben wir uns intensiv mit den Karaoke-Gewohnheiten der örtlichen Bevölkerung des 37C3 im CCH befassen können. Unsere motivierten Proband\\*innen im Alter zwischen 17 und 85 Jahren haben uns in dieser repräsentativen Studie direkte Einblicke in ihren Alltag gegeben. Allein dafür sind wir unendlich dankbar, Sie haben der Karaokeforschung einen großen Dienst erwiesen!\r\n\r\nNun möchten wir Euch und Ihnen in einer Zwischenpräsentation Insights aus unserem aktuellen Kooperationsprojekt mit dem 37C3 präsentieren – und damit auch die dritte Phase der international angelegten Forschungsarbeit einläuten. \r\n\r\nIm Namen des gesamten Vorstandes möchte ich mich bei Ihnen recht herzlich für die Unterstützung auch im nächsten Jahr bedanken. Gleichzeitig die Bitte, Ihre Bankverbindung zu überprüfen, um die Arbeit unserer Buchhaltung zu vereinfachen. Wir freuen uns über Ihre Teilnahme an der Präsentation und bitten um eine kurze Bestätigung.\r\n\r\nEs grüßt Sie herzlich\r\nIhre Gitte Schmitz\r\n(Vorsitzende Deutsches Institut für Karaokeforschung)\n\n\nVorstandsvorsitzende Gitte Schmitz stellt aktuelle Ergebnisse des Deutschen Instituts für Karaokeforschung vor. ","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"37C3 カラオケ – Herausforderungen der aktuellen Karaokeforschung ","android_description":"Liebe Fördermitglieder des Institutes für Karaokeforschung,\r\n\r\nin den letzten Tagen haben wir uns intensiv mit den Karaoke-Gewohnheiten der örtlichen Bevölkerung des 37C3 im CCH befassen können. Unsere motivierten Proband\\*innen im Alter zwischen 17 und 85 Jahren haben uns in dieser repräsentativen Studie direkte Einblicke in ihren Alltag gegeben. Allein dafür sind wir unendlich dankbar, Sie haben der Karaokeforschung einen großen Dienst erwiesen!\r\n\r\nNun möchten wir Euch und Ihnen in einer Zwischenpräsentation Insights aus unserem aktuellen Kooperationsprojekt mit dem 37C3 präsentieren – und damit auch die dritte Phase der international angelegten Forschungsarbeit einläuten. \r\n\r\nIm Namen des gesamten Vorstandes möchte ich mich bei Ihnen recht herzlich für die Unterstützung auch im nächsten Jahr bedanken. Gleichzeitig die Bitte, Ihre Bankverbindung zu überprüfen, um die Arbeit unserer Buchhaltung zu vereinfachen. Wir freuen uns über Ihre Teilnahme an der Präsentation und bitten um eine kurze Bestätigung.\r\n\r\nEs grüßt Sie herzlich\r\nIhre Gitte Schmitz\r\n(Vorsitzende Deutsches Institut für Karaokeforschung)\n\n\nVorstandsvorsitzende Gitte Schmitz stellt aktuelle Ergebnisse des Deutschen Instituts für Karaokeforschung vor.","end_timestamp":{"seconds":1703956500,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T17:15:00.000-0000","id":53840,"village_id":null,"begin_timestamp":{"seconds":1703954100,"nanoseconds":0},"tag_ids":[46120,46136,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"begin":"2023-12-30T16:35:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wie immer wagen wir den IT-Security-Alptraum-Ausblick auf das Jahr 2024 und darüber hinaus. Denn was wir wirklich wissen wollen, ist ja schließlich: Was kriecht, krabbelt und fliegt in Zukunft auf uns zu und in unseren digitalen Implants herum?\r\n\r\nIm Zuge von noch mehr Transparenz, Kritik & Selbstkritik und kontinuierlicher nachhaltiger Optimierung aller Prozesse werden wir außerdem frühere Voraussagen hinsichtlich des Eintreffens unserer Weissagungen prüfen.\n\n\nWas hat sich im letzten Jahr im Bereich IT-Sicherheit getan? Welche neuen Entwicklungen haben sich ergeben? Welche neuen Buzzwords und Trends waren zu sehen?","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Security Nightmares","android_description":"Wie immer wagen wir den IT-Security-Alptraum-Ausblick auf das Jahr 2024 und darüber hinaus. Denn was wir wirklich wissen wollen, ist ja schließlich: Was kriecht, krabbelt und fliegt in Zukunft auf uns zu und in unseren digitalen Implants herum?\r\n\r\nIm Zuge von noch mehr Transparenz, Kritik & Selbstkritik und kontinuierlicher nachhaltiger Optimierung aller Prozesse werden wir außerdem frühere Voraussagen hinsichtlich des Eintreffens unserer Weissagungen prüfen.\n\n\nWas hat sich im letzten Jahr im Bereich IT-Sicherheit getan? Welche neuen Entwicklungen haben sich ergeben? Welche neuen Buzzwords und Trends waren zu sehen?","end_timestamp":{"seconds":1703956500,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53799,53653],"name":"frank","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52264},{"conference_id":131,"event_ids":[53799],"name":"Ron","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52439}],"timeband_id":1143,"links":[],"end":"2023-12-30T17:15:00.000-0000","id":53799,"begin_timestamp":{"seconds":1703952900,"nanoseconds":0},"village_id":null,"tag_ids":[46119,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52439},{"tag_id":46107,"sort_order":1,"person_id":52264}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-30T16:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Many teams work hard to arrange the event, this talk allows them to show what they did and who they are.","title":"37c3 infrastructure review","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"android_description":"Many teams work hard to arrange the event, this talk allows them to show what they did and who they are.","end_timestamp":{"seconds":1703956500,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53568],"name":"nicoduck","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52431}],"timeband_id":1143,"links":[],"end":"2023-12-30T17:15:00.000-0000","id":53568,"begin_timestamp":{"seconds":1703952900,"nanoseconds":0},"village_id":null,"tag_ids":[46119,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52431}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T16:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Leider, leider ...\r\nAm Ende kommt immer das Aufräumen.\r\nHelft uns. Die Saal muss leer werden.\r\nAlle sind willkommen, egal ob erst ein Jahr alt oder schon 99.\r\nDie Koordination erfolgt durch die Kidspace-Orga.\n\n\nLasst uns den Kidspace defragmentieren.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Defragmentierung Saal C","android_description":"Leider, leider ...\r\nAm Ende kommt immer das Aufräumen.\r\nHelft uns. Die Saal muss leer werden.\r\nAlle sind willkommen, egal ob erst ein Jahr alt oder schon 99.\r\nDie Koordination erfolgt durch die Kidspace-Orga.\n\n\nLasst uns den Kidspace defragmentieren.","end_timestamp":{"seconds":1703966400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T20:00:00.000-0000","id":53995,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703952000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal C","hotel":"","short_name":"Saal C","id":46155},"spans_timebands":"N","begin":"2023-12-30T16:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Live Coding is a kind of performing art and creativity technique where many artists create musical and visual performance using code and scripts. Since 2019 I've started to join local event in Italy playing music alone and with other artists. I want to bring a session of about 45 min at CCC where I create some techno patterns, with my friend Sabrin, which creates visuals in Hydra and Processing during the performance.\n\n\nSession of live coding using Supercollider and Foxdot to create music (melodic-electro-tecno) and with visuals created with Hydra/Processing","title":"Live Coding Set - Sound&Visual","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703955600,"nanoseconds":0},"android_description":"Live Coding is a kind of performing art and creativity technique where many artists create musical and visual performance using code and scripts. Since 2019 I've started to join local event in Italy playing music alone and with other artists. I want to bring a session of about 45 min at CCC where I create some techno patterns, with my friend Sabrin, which creates visuals in Hydra and Processing during the performance.\n\n\nSession of live coding using Supercollider and Foxdot to create music (melodic-electro-tecno) and with visuals created with Hydra/Processing","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T17:00:00.000-0000","id":53990,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703952000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","begin":"2023-12-30T16:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Chinese characters are fun. The character for „mouth“ looks like a mouth (口), the character for „wood“ looks like a tree (木) and the character for „idiot“ looks like a mouth in a high position, like on a tree (呆). Let's look at more fun examples!\r\n\r\nFor everybody. No prior knowledge required.\r\n\r\nWe meet at the Assembly of the OpenLab Augsburg.\r\n\r\n🧮🦆\n\n\n","title":"Introduction and fun with Chinese characters","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703953800,"nanoseconds":0},"android_description":"Chinese characters are fun. The character for „mouth“ looks like a mouth (口), the character for „wood“ looks like a tree (木) and the character for „idiot“ looks like a mouth in a high position, like on a tree (呆). Let's look at more fun examples!\r\n\r\nFor everybody. No prior knowledge required.\r\n\r\nWe meet at the Assembly of the OpenLab Augsburg.\r\n\r\n🧮🦆","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T16:30:00.000-0000","id":53550,"village_id":null,"begin_timestamp":{"seconds":1703952000,"nanoseconds":0},"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T16:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Hackbases are hackspaces but you can also live there. A hackbase is kind of a hacker commune!\r\n\r\nThere are about 10 hackbase-like projects running currently, and about as many known different base types have been experimented with and described. We will look at the basics, present different bases & share our experiences, and chat with everyone interested in hackbases.\r\n\r\nDefinition + List : https://wiki.hackerspaces.org/Hackbase\r\n\r\nMatrix channel : https://matrix.to/#/#hackbases:matrix.org\r\n\r\nWe'll go for a relaxed drink after the session.\n\n\n","title":"Hackbases (coliving hacklabs) info & meeting","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"Hackbases are hackspaces but you can also live there. A hackbase is kind of a hacker commune!\r\n\r\nThere are about 10 hackbase-like projects running currently, and about as many known different base types have been experimented with and described. We will look at the basics, present different bases & share our experiences, and chat with everyone interested in hackbases.\r\n\r\nDefinition + List : https://wiki.hackerspaces.org/Hackbase\r\n\r\nMatrix channel : https://matrix.to/#/#hackbases:matrix.org\r\n\r\nWe'll go for a relaxed drink after the session.","end_timestamp":{"seconds":1703955000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T16:50:00.000-0000","id":53547,"begin_timestamp":{"seconds":1703952000,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"begin":"2023-12-30T16:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Der Vortrag zeichnet erstens eine Kulturgeschichte der schwulen Subkultur und erklärt, warum Darkrooms und ähnliche Orte, an denen schwuler Sex in der semi-Öffentlichkeit vollzogen wird, konstitutiv für die schwule Szene waren. Zweitens werden die Effekte der Digitalisierung dieser Orte hin zu Plattformen wie früher GayChat oder heute Grindr aufgezeigt. Drittens wird gezeigt, warum homosexuelle Cruising-Apps wie Grindr kultur- und softwaretechnisch grundlegend anders aufgebaut sind als heterosexuelle Dating-Apps wie Tinder.\r\n\r\nMit dem Vortrag möchte ich einen Anstoß geben, Dualismen wie Homo- und Heterosexualität, Cruising und Dating, Promiskuität und Monogamie zu hacken. Ich möchte zeigen, dass Interaktivität auf *Datingplattformen* häufig eine Illusion ist, und versuchen, gemeinsam mit dem Publikum Wege zu finden, den „interpassiven”-Konsumstatus im Onlinedating aufzubrechen.\n\n\nEntgegen der Auffassung, die schwule Subkultur hätte durch die digitale Vernetzung einen Aufschwung erhalten und sei in ihrem Aktivismus gestärkt worden, möchte ich eine gegenwärtige Krise der Subkultur markieren und ihren Entstehungskontext durch Onlinedating skizzieren. Schwule Onlineplattformen entstanden, um der Unterdrückung von homosexuellem Verhalten zu entgehen. Zynischerweise sorgen sie heute für eine unterschwellige, fesselnde Regulation homosexueller Menschen.\r\n\r\nDer Vortrag arbeitet sich zwar vor allem an MSM-Personen (Männer, die Sex mit Männern haben) ab, richtet sich aber ausdrücklich an Hacker:innen jeglicher Sexualität.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Vom Darkroom in die Blackbox","android_description":"Der Vortrag zeichnet erstens eine Kulturgeschichte der schwulen Subkultur und erklärt, warum Darkrooms und ähnliche Orte, an denen schwuler Sex in der semi-Öffentlichkeit vollzogen wird, konstitutiv für die schwule Szene waren. Zweitens werden die Effekte der Digitalisierung dieser Orte hin zu Plattformen wie früher GayChat oder heute Grindr aufgezeigt. Drittens wird gezeigt, warum homosexuelle Cruising-Apps wie Grindr kultur- und softwaretechnisch grundlegend anders aufgebaut sind als heterosexuelle Dating-Apps wie Tinder.\r\n\r\nMit dem Vortrag möchte ich einen Anstoß geben, Dualismen wie Homo- und Heterosexualität, Cruising und Dating, Promiskuität und Monogamie zu hacken. Ich möchte zeigen, dass Interaktivität auf *Datingplattformen* häufig eine Illusion ist, und versuchen, gemeinsam mit dem Publikum Wege zu finden, den „interpassiven”-Konsumstatus im Onlinedating aufzubrechen.\n\n\nEntgegen der Auffassung, die schwule Subkultur hätte durch die digitale Vernetzung einen Aufschwung erhalten und sei in ihrem Aktivismus gestärkt worden, möchte ich eine gegenwärtige Krise der Subkultur markieren und ihren Entstehungskontext durch Onlinedating skizzieren. Schwule Onlineplattformen entstanden, um der Unterdrückung von homosexuellem Verhalten zu entgehen. Zynischerweise sorgen sie heute für eine unterschwellige, fesselnde Regulation homosexueller Menschen.\r\n\r\nDer Vortrag arbeitet sich zwar vor allem an MSM-Personen (Männer, die Sex mit Männern haben) ab, richtet sich aber ausdrücklich an Hacker:innen jeglicher Sexualität.","end_timestamp":{"seconds":1703953200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53839],"name":"LustigerLeo","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52370}],"timeband_id":1143,"links":[],"end":"2023-12-30T16:20:00.000-0000","id":53839,"tag_ids":[46121,46136,46139],"village_id":null,"begin_timestamp":{"seconds":1703950800,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52370}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T15:40:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"I know we are all experts... But are we really? Most of our knowledge about mental enhancement comes from experience, friends or social context. Some of it is true, some of it is not. In this workshop we will try to go through some of the common myths and misconceptions in recreational contexts. Safety and Common mistakes. Backed by science 🤓! Let's make our spaces safer, for ourselves and our surroundings ❤️\r\nThis is not a Nootropic talk.\n\n\nRecreational harm reduction - Speaker: hummuscience","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Science-based psychedelic pharmacology","end_timestamp":{"seconds":1703955600,"nanoseconds":0},"android_description":"I know we are all experts... But are we really? Most of our knowledge about mental enhancement comes from experience, friends or social context. Some of it is true, some of it is not. In this workshop we will try to go through some of the common myths and misconceptions in recreational contexts. Safety and Common mistakes. Backed by science 🤓! Let's make our spaces safer, for ourselves and our surroundings ❤️\r\nThis is not a Nootropic talk.\n\n\nRecreational harm reduction - Speaker: hummuscience","updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T17:00:00.000-0000","id":54031,"village_id":null,"begin_timestamp":{"seconds":1703948400,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"updated":"2023-12-30T01:42:00.000-0000","begin":"2023-12-30T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Klimaschutz in Kommunen ist undurchsichtig, komplex, bürokratisch - und trotzdem enorm wichtig.\r\nMit dem Projekt Stadt.Land.Klima! wollen wir das Handeln (bzw. Nichthandeln) von Städten und Kommunen sichtbar machen und leicht verständlich in einem Ranking aufschlüsseln. Dabei bewerten wir die Kommunen aber nicht anhand von komplizierten Co2-Bilanzierungsverfahren wie BISKO, sondern daran, wieviele der notwendigen Maßnahmen auf dem Weg zur Klimaneutralität die Kommune schon umgesetzt hat.\r\nDas Ranking und die Bewertung der Kommune ist damit gleichzeitig auch ein Tool und eine TODO-Liste von dem, was in der jeweiligen Kommune noch passieren muss und wie das am besten von den klimainteressierten Menschen und Aktivisti in der Kommune umgesetzt werden kann.\r\n\r\nDie Bewertung der Kommune anhand des Maßnahmenkatalogs wird von den Lokalteams vor Ort umgesetzt  - das könnte eine FFF/P4F Ortsgruppe sein, ein LocalZero Lokalteam, eine der vielen weiteren Klimagruppen und lokalen Initiativen - oder auch eine Kooperation mehrerer dieser Gruppen in einer Stadt.\r\n\r\nDas Projekt befindet sich aktuell noch in einer Pilotphase, soll aber schon im Februar offiziell starten :)\n\n\n","title":"Stadt.Land.Klima! - Für Transparenz im Kommunalen Klimaschutz","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703952000,"nanoseconds":0},"android_description":"Klimaschutz in Kommunen ist undurchsichtig, komplex, bürokratisch - und trotzdem enorm wichtig.\r\nMit dem Projekt Stadt.Land.Klima! wollen wir das Handeln (bzw. Nichthandeln) von Städten und Kommunen sichtbar machen und leicht verständlich in einem Ranking aufschlüsseln. Dabei bewerten wir die Kommunen aber nicht anhand von komplizierten Co2-Bilanzierungsverfahren wie BISKO, sondern daran, wieviele der notwendigen Maßnahmen auf dem Weg zur Klimaneutralität die Kommune schon umgesetzt hat.\r\nDas Ranking und die Bewertung der Kommune ist damit gleichzeitig auch ein Tool und eine TODO-Liste von dem, was in der jeweiligen Kommune noch passieren muss und wie das am besten von den klimainteressierten Menschen und Aktivisti in der Kommune umgesetzt werden kann.\r\n\r\nDie Bewertung der Kommune anhand des Maßnahmenkatalogs wird von den Lokalteams vor Ort umgesetzt  - das könnte eine FFF/P4F Ortsgruppe sein, ein LocalZero Lokalteam, eine der vielen weiteren Klimagruppen und lokalen Initiativen - oder auch eine Kooperation mehrerer dieser Gruppen in einer Stadt.\r\n\r\nDas Projekt befindet sich aktuell noch in einer Pilotphase, soll aber schon im Februar offiziell starten :)","updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T16:00:00.000-0000","id":54027,"begin_timestamp":{"seconds":1703948400,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"begin":"2023-12-30T15:00:00.000-0000","updated":"2023-12-30T01:42:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"### Cybernetics\r\n\r\nTransdisciplinary branch of engineering and computational mathematics. It deals with the behavior of dynamical systems toward inputs and how their behavior is modified by feedback.\r\n\r\nHost: Aza and Nimbus\n\n\nHow can we use cybernetic principles to amplify political action and attenuate the power of elites? We will have a short introduction and then an open round to exchange + discuss!","title":"Cybernetics for political action","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703952000,"nanoseconds":0},"android_description":"### Cybernetics\r\n\r\nTransdisciplinary branch of engineering and computational mathematics. It deals with the behavior of dynamical systems toward inputs and how their behavior is modified by feedback.\r\n\r\nHost: Aza and Nimbus\n\n\nHow can we use cybernetic principles to amplify political action and attenuate the power of elites? We will have a short introduction and then an open round to exchange + discuss!","updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T16:00:00.000-0000","id":54017,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703948400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Community Space","hotel":"","short_name":"Bits & Bäume Community Space","id":46145},"begin":"2023-12-30T15:00:00.000-0000","updated":"2023-12-30T01:42:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"For any triangle, the radius of its inscribed circle, the radius of its circumcircle and the distance of their centers are related through Euler's theorem in geometry (but earlier already published by Chapple). In one dimension higher, the Grace-Danielsson inequality gives a condition for the three values, so that a (non-regular) tetrahedron between the spheres exists, hence is completely contained inside the larger sphere and completely encloses the smaller sphere. In higher dimensions, Greg Egan conjectured a generalized Grace-Danielsson inequality and proved it to be sufficient for a simplex to exist between the spheres under a blog post of John Baez. A few weeks ago, the inequality was also proven to be necessary by Sergei Drozdov.\r\n\r\n🧮🦆\n\n\n","title":"Egan conjecture holds","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703952000,"nanoseconds":0},"android_description":"For any triangle, the radius of its inscribed circle, the radius of its circumcircle and the distance of their centers are related through Euler's theorem in geometry (but earlier already published by Chapple). In one dimension higher, the Grace-Danielsson inequality gives a condition for the three values, so that a (non-regular) tetrahedron between the spheres exists, hence is completely contained inside the larger sphere and completely encloses the smaller sphere. In higher dimensions, Greg Egan conjectured a generalized Grace-Danielsson inequality and proved it to be sufficient for a simplex to exist between the spheres under a blog post of John Baez. A few weeks ago, the inequality was also proven to be necessary by Sergei Drozdov.\r\n\r\n🧮🦆","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T16:00:00.000-0000","id":53985,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703948400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","begin":"2023-12-30T15:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Presentation in German about Single Sign On (SSO) in schools using EDU-Id from Switzerland.\n\n\nVortrag über Vorteile und Umsetzung von SSO an Schulen am Beispiel EDU-Id (Schweiz)","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"SSO an Schulen","end_timestamp":{"seconds":1703952000,"nanoseconds":0},"android_description":"Presentation in German about Single Sign On (SSO) in schools using EDU-Id from Switzerland.\n\n\nVortrag über Vorteile und Umsetzung von SSO an Schulen am Beispiel EDU-Id (Schweiz)","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T16:00:00.000-0000","id":53897,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703948400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"cyber4EDU Assembly","hotel":"","short_name":"cyber4EDU Assembly","id":46159},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The talk will be conducted by sharing various experiments we've done under the umbrella of generative AI models. We will begin with a general idea of how we, as artists/programmers, perceive these models and our research on the workflow of these constructs. Then, we will further elaborate on our exploration of the Stable Diffusion pipeline and datasets. Throughout our investigation, we discovered that some essential parts are all based on the same few datasets, models, and algorithms. This causes us to think that if we investigate deeper into some specific mechanisms, we might be able to reflect on the bigger picture of some political discourses surrounding generative AI models. We deconstructed the models into three steps essential to understanding how they worked: dataset, embedding, and diffusions. Our examples are primarily based on Stable-Diffusion, but some concepts are interchangeable in other generative models.\r\n\r\nAs datasets and machine-learning models grow in scale and complexity, understanding their nuances becomes challenging. Large datasets, like the one for training Stable Diffusion, are filtered using algorithms often employing machine learning. To \"enhance\" image generation, LAION's extensive dataset underwent filtering with an aesthetic prediction algorithm that uses machine learning to score the aesthetics of an image with a strong bias towards water-color and oil paintings. Besides the aesthetic scoring of images, images are also scored with a not safe-for-work classifier that outputs a probability of an image containing explicit content . This algorithm comes with its own discriminatory tendencies that we explore in the talk and furthermore asks how and by whom we want our datasets to be filtered and constructed.\r\n\r\nMany generative models are built upon Contrastive Language-Image Pre-training (CLIP) and its open-source version, Open-CLIP, which stochastically relates images and texts. These models connect images and text, digitize text, and calculate distances between words and images. However, they heavily rely on a large number of text-image pairs during training, potentially introducing biases into the database. We conducted experiments involving various \"false labelling\" scenarios and identified correlations. For instance, we used faces from ThisPersonDoesNotExist to determine \"happiness\" faces, explored ethnicities and occupations on different looks, and analyzed stock images of culturally diverse food. The results often align with human predictions, but does that mean anything? \r\n\r\nIn the third part, we take a closer look at the image generation process, focusing on the Stable Diffusion pipeline. Generative AI models, like Stable Diffusion, have the ability not only to generate images from text descriptions but also to process existing images. Depending on the settings, they can reproduce input images with great accuracy. However, errors accumulate with each iteration when this AI reproduction is recursively used as input. We observed that images gradually transform into purple patterns or a limited set of mundane concepts depending on the parameters and settings. This raises questions about the models' tendencies to default to learned patterns.\n\n\nWhat occurs when machines learn from one another and engage in self-cannibalism within the generative process? Can an image model identify the happiest person or determine ethnicity from a random image? Most state-of-the-art text-to-image implementations rely on a number of limited datasets, models, and algorithms. These models, initially appearing as black boxes, reveal complex pipelines involving multiple linked models and algorithms upon closer examination. We engage artistic strategies like feedback, misuse, and hacking to crack the inner workings of image-generation models. This includes recursively confronting models with their output, deconstructing text-to-image pipelines, labelling images, and discovering unexpected correlations. During the talk, we will share our experiments on investigating Stable-Diffusion pipelines, manipulating aesthetic scoring in extensive public text-to-image datasets, revealing NSFW classification, and utilizing Contrastive Language-Image Pre-training (CLIP) to reveal biases and problematic correlations inherent in the daily use of these models.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Self-cannibalizing AI","android_description":"The talk will be conducted by sharing various experiments we've done under the umbrella of generative AI models. We will begin with a general idea of how we, as artists/programmers, perceive these models and our research on the workflow of these constructs. Then, we will further elaborate on our exploration of the Stable Diffusion pipeline and datasets. Throughout our investigation, we discovered that some essential parts are all based on the same few datasets, models, and algorithms. This causes us to think that if we investigate deeper into some specific mechanisms, we might be able to reflect on the bigger picture of some political discourses surrounding generative AI models. We deconstructed the models into three steps essential to understanding how they worked: dataset, embedding, and diffusions. Our examples are primarily based on Stable-Diffusion, but some concepts are interchangeable in other generative models.\r\n\r\nAs datasets and machine-learning models grow in scale and complexity, understanding their nuances becomes challenging. Large datasets, like the one for training Stable Diffusion, are filtered using algorithms often employing machine learning. To \"enhance\" image generation, LAION's extensive dataset underwent filtering with an aesthetic prediction algorithm that uses machine learning to score the aesthetics of an image with a strong bias towards water-color and oil paintings. Besides the aesthetic scoring of images, images are also scored with a not safe-for-work classifier that outputs a probability of an image containing explicit content . This algorithm comes with its own discriminatory tendencies that we explore in the talk and furthermore asks how and by whom we want our datasets to be filtered and constructed.\r\n\r\nMany generative models are built upon Contrastive Language-Image Pre-training (CLIP) and its open-source version, Open-CLIP, which stochastically relates images and texts. These models connect images and text, digitize text, and calculate distances between words and images. However, they heavily rely on a large number of text-image pairs during training, potentially introducing biases into the database. We conducted experiments involving various \"false labelling\" scenarios and identified correlations. For instance, we used faces from ThisPersonDoesNotExist to determine \"happiness\" faces, explored ethnicities and occupations on different looks, and analyzed stock images of culturally diverse food. The results often align with human predictions, but does that mean anything? \r\n\r\nIn the third part, we take a closer look at the image generation process, focusing on the Stable Diffusion pipeline. Generative AI models, like Stable Diffusion, have the ability not only to generate images from text descriptions but also to process existing images. Depending on the settings, they can reproduce input images with great accuracy. However, errors accumulate with each iteration when this AI reproduction is recursively used as input. We observed that images gradually transform into purple patterns or a limited set of mundane concepts depending on the parameters and settings. This raises questions about the models' tendencies to default to learned patterns.\n\n\nWhat occurs when machines learn from one another and engage in self-cannibalism within the generative process? Can an image model identify the happiest person or determine ethnicity from a random image? Most state-of-the-art text-to-image implementations rely on a number of limited datasets, models, and algorithms. These models, initially appearing as black boxes, reveal complex pipelines involving multiple linked models and algorithms upon closer examination. We engage artistic strategies like feedback, misuse, and hacking to crack the inner workings of image-generation models. This includes recursively confronting models with their output, deconstructing text-to-image pipelines, labelling images, and discovering unexpected correlations. During the talk, we will share our experiments on investigating Stable-Diffusion pipelines, manipulating aesthetic scoring in extensive public text-to-image datasets, revealing NSFW classification, and utilizing Contrastive Language-Image Pre-training (CLIP) to reveal biases and problematic correlations inherent in the daily use of these models.","end_timestamp":{"seconds":1703952000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53832],"name":"Leon-Etienne Kühr","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52312}],"timeband_id":1143,"end":"2023-12-30T16:00:00.000-0000","links":[{"label":"previous talk \"Aesthetic approaches to cyber peace work\" @ FIFFKON23","type":"link","url":"https://media.ccc.de/v/fiffkon23-47-aesthetic-approaches-to-cyber-peace-work"},{"label":"previous talk \"ai-sthesis\" @ academy of media art Cologne","type":"link","url":"https://ground-zero.khm.de/portfolio/ai-sthesis/"}],"id":53832,"tag_ids":[46118,46136,46140],"begin_timestamp":{"seconds":1703948400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52312}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Das KUNO-Sperrsystem (Kriminalitätsbekämpfung im unbaren Zahlungsverkehr durch Nutzung nichtpolizeilicher Organisationen) wurde vor über 20 Jahren entwickelt, um Betrug mit EC-Lastschriftverfahren einzudämmen. 96 % aller Händler in Deutschland nutzen direkt oder indirekt die KUNO-Sperrdatei, um sich vor Betrug mittels gefälschter Lastschrift zu schützen. Das System wird vom EHI Retail Institute in Kooperation mit der deutschen Polizei und dem Hauptverband des Deutschen Einzelhandels betrieben. Pro Jahr laufen mehr als 120.000 Meldungen über das System.\r\nIm Rahmen einer Untersuchung konnte nun ermittelt werden, dass Taschendiebe die entsprechende Sperrung von Girocards/Debitkarten simpel aufheben und weiter Betrug begehen konnten. Durch eine Meldung im Rahmen eines Responsible Disclosure-Verfahrens konnten zahlreiche Mängel im Bereich Datenschutz und IT-Sicherheit aufgedeckt und behoben werden.\r\nIm Vortrag wird Tim Philipp Schäfers das KUNO-System genauer vorstellen und Streifzüge durch die Themen der IT-Sicherheit, des Datenschutzes und Payments vornehmen - Vergnügen für alle Datenreisenden (alle Level) ist garantiert :)\r\n\r\nWeitere Infos zu den Lücken (Ende des Jahres) unter: https://giroday.de\r\n\r\nWeitere Infos zum KUNO-Sperrsystem:\r\nhttps://de.wikipedia.org/wiki/Kriminalit%C3%A4tsbek%C3%A4mpfung\\_im\\_unbaren\\_Zahlungsverkehr\\_durch\\_Nutzung\\_nichtpolizeilicher\\_Organisationen\n\n\nDebitkarte/girocard geklaut? – Schnell sperren lassen … doch was, wenn die Sperrung nicht so wirksam ist, wie es scheint?\r\n\r\nIm Rahmen des Vortrages werden Datenschutz- und IT-Sicherheitsmängel im KUNO-Sperrsystem vorgestellt. Das System ist bei > 90 % der Händler in Deutschland im Einsatz und soll seit einem Beschluss der Innenministerkonferenz im Jahr 2005 garantieren, dass das elektronische Lastschriftverfahren (ELV) vor Betrug sicher(er) ist.\r\n\r\nIm Rahmen des Vortrages wird unter anderem aufgezeigt, wie es Unbefugten/Taschendieben (über Jahre) möglich war, gesperrte EC- & Debitkarten/ girocards für die ELV simpel zu entsperren. Darüber hinaus werden Streifzüge durch die Themen der IT-Sicherheit, des Datenschutzes und Payments vorgenommen – Vergnügen für alle Datenreisenden ist garantiert :)\r\n\r\nWeitere Infos zu den Lücken (Ende des Jahres) unter: https://giroday.de","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Oh no: KUNO - Gesperrte Girocards entsperren","end_timestamp":{"seconds":1703952000,"nanoseconds":0},"android_description":"Das KUNO-Sperrsystem (Kriminalitätsbekämpfung im unbaren Zahlungsverkehr durch Nutzung nichtpolizeilicher Organisationen) wurde vor über 20 Jahren entwickelt, um Betrug mit EC-Lastschriftverfahren einzudämmen. 96 % aller Händler in Deutschland nutzen direkt oder indirekt die KUNO-Sperrdatei, um sich vor Betrug mittels gefälschter Lastschrift zu schützen. Das System wird vom EHI Retail Institute in Kooperation mit der deutschen Polizei und dem Hauptverband des Deutschen Einzelhandels betrieben. Pro Jahr laufen mehr als 120.000 Meldungen über das System.\r\nIm Rahmen einer Untersuchung konnte nun ermittelt werden, dass Taschendiebe die entsprechende Sperrung von Girocards/Debitkarten simpel aufheben und weiter Betrug begehen konnten. Durch eine Meldung im Rahmen eines Responsible Disclosure-Verfahrens konnten zahlreiche Mängel im Bereich Datenschutz und IT-Sicherheit aufgedeckt und behoben werden.\r\nIm Vortrag wird Tim Philipp Schäfers das KUNO-System genauer vorstellen und Streifzüge durch die Themen der IT-Sicherheit, des Datenschutzes und Payments vornehmen - Vergnügen für alle Datenreisenden (alle Level) ist garantiert :)\r\n\r\nWeitere Infos zu den Lücken (Ende des Jahres) unter: https://giroday.de\r\n\r\nWeitere Infos zum KUNO-Sperrsystem:\r\nhttps://de.wikipedia.org/wiki/Kriminalit%C3%A4tsbek%C3%A4mpfung\\_im\\_unbaren\\_Zahlungsverkehr\\_durch\\_Nutzung\\_nichtpolizeilicher\\_Organisationen\n\n\nDebitkarte/girocard geklaut? – Schnell sperren lassen … doch was, wenn die Sperrung nicht so wirksam ist, wie es scheint?\r\n\r\nIm Rahmen des Vortrages werden Datenschutz- und IT-Sicherheitsmängel im KUNO-Sperrsystem vorgestellt. Das System ist bei > 90 % der Händler in Deutschland im Einsatz und soll seit einem Beschluss der Innenministerkonferenz im Jahr 2005 garantieren, dass das elektronische Lastschriftverfahren (ELV) vor Betrug sicher(er) ist.\r\n\r\nIm Rahmen des Vortrages wird unter anderem aufgezeigt, wie es Unbefugten/Taschendieben (über Jahre) möglich war, gesperrte EC- & Debitkarten/ girocards für die ELV simpel zu entsperren. Darüber hinaus werden Streifzüge durch die Themen der IT-Sicherheit, des Datenschutzes und Payments vorgenommen – Vergnügen für alle Datenreisenden ist garantiert :)\r\n\r\nWeitere Infos zu den Lücken (Ende des Jahres) unter: https://giroday.de","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53825],"name":"Tim Philipp Schäfers (TPS)","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52480}],"timeband_id":1143,"links":[],"end":"2023-12-30T16:00:00.000-0000","id":53825,"begin_timestamp":{"seconds":1703948400,"nanoseconds":0},"village_id":null,"tag_ids":[46124,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52480}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Baue Licht-, Schall- oder Mechanikschaltungen.\r\nAb ca 4 Jahren zusammen mit Erwachsenen ist das mit dem einfachen Baukastensystem auf Basis von Druckknöpfen gut möglich (laut Hersteller ab 8 Jahren). Aber selbst die kleineren freuen sich, bunte Formen zu arrangieren.\r\nDies ist ein Eltern-Kind-Angebot. Bitte beaufsichtigt eure Kinder oder baut mit ihnen zusammen.\n\n\n","title":"Elektrobaukasten - Tag 4","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"Baue Licht-, Schall- oder Mechanikschaltungen.\r\nAb ca 4 Jahren zusammen mit Erwachsenen ist das mit dem einfachen Baukastensystem auf Basis von Druckknöpfen gut möglich (laut Hersteller ab 8 Jahren). Aber selbst die kleineren freuen sich, bunte Formen zu arrangieren.\r\nDies ist ein Eltern-Kind-Angebot. Bitte beaufsichtigt eure Kinder oder baut mit ihnen zusammen.","end_timestamp":{"seconds":1703955600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T17:00:00.000-0000","id":53551,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703948400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Kidspace - Saal B","hotel":"","short_name":"Kidspace - Saal B","id":46158},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Let's chat about our favourite klacky input devices. Show off your (Congress) keyboard builds and hacks or discuss switches, debate layouts or share firmware tips.\r\n\r\nHappy klacking!\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"⌨️ Mechanical Keyboard and Typing meetup","android_description":"Let's chat about our favourite klacky input devices. Show off your (Congress) keyboard builds and hacks or discuss switches, debate layouts or share firmware tips.\r\n\r\nHappy klacking!","end_timestamp":{"seconds":1703952000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T16:00:00.000-0000","id":53433,"village_id":null,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703948400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"N","begin":"2023-12-30T15:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Hackspaces sind für Gehörlose nicht zugänglich, um ihre Kreativität auszuleben sowie nachhaltige Techniknutzung eigenständig zu erlernen.\r\n\r\nDas wissenschaftlich-künstlerische Projekt MACH’S AUF! setzt seinen Fokus auf die folgenden Fragen:\r\n\r\n* Wie kann Technik gestaltet sein, damit sie besser von gehörlosen Menschen genutzt werden kann?\n* Wie kann eine Zusammenarbeit zwischen Gehörlosen und Hörenden funktionieren?\n* Wie können Barrieren abgebaut werden, ohne dass gesellschaftliche Randgruppen davon benachteiligt werden?\n\n\r\n\r\nIn den letzten zwei Jahren haben Oliver \"fussel\" Suchanek (es/ihm) und Franz \"Stoni\" Steinbrecher (er/ihm) viel Zeit, Aufwand und Sorgfalt in diverse Veranstaltungen, Workshops und Aufklärung gesteckt. Ermöglicht wurde das durch die finanzielle Unterstützung vom Chaos Computer Club.\r\n\r\nDas Ergebnis kann sich sehen lassen:\r\n\r\nEine neue Community, in der Hörende und Gehörlose gemeinsam hacken, in der Gehörlose Maschinen bedienen, die vorher unzugänglich waren, und auch ganz neue Projekte wie zum Beispiel die ÖGS-Suchmaschine (http://suche.machs-auf.at/search).\r\n\r\nÜber die Arbeit der ersten zwei Jahre wird Oliver \"fussel\" Suchanek berichten, so dass ihr unsere Ansätze auch in anderen Spaces anwenden könnt.\r\n\r\nSeid gespannt auf den Einblick … :)\n\n\nHacken geht auch ohne Ohren! In den letzten zwei Jahren haben wir am lebenden Objekt erforscht, wie man Hackspaces für Gehörlose öffnen kann, so dass wir alle gemeinsam an Projekten arbeiten und cooles Zeug bauen können. Kommt vorbei, schaut/lauscht, und nehmt was mit nach Hause!\r\n\r\nDer Vortrag wird in der Österreichischen Gebärdensprache (ÖGS) gehalten und simultan zu Deutsch übersetzt (bzw. andersherum für Fragen).\r\n","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"Öffnet eure Spaces für Gehörlose!","end_timestamp":{"seconds":1703949900,"nanoseconds":0},"android_description":"Hackspaces sind für Gehörlose nicht zugänglich, um ihre Kreativität auszuleben sowie nachhaltige Techniknutzung eigenständig zu erlernen.\r\n\r\nDas wissenschaftlich-künstlerische Projekt MACH’S AUF! setzt seinen Fokus auf die folgenden Fragen:\r\n\r\n* Wie kann Technik gestaltet sein, damit sie besser von gehörlosen Menschen genutzt werden kann?\n* Wie kann eine Zusammenarbeit zwischen Gehörlosen und Hörenden funktionieren?\n* Wie können Barrieren abgebaut werden, ohne dass gesellschaftliche Randgruppen davon benachteiligt werden?\n\n\r\n\r\nIn den letzten zwei Jahren haben Oliver \"fussel\" Suchanek (es/ihm) und Franz \"Stoni\" Steinbrecher (er/ihm) viel Zeit, Aufwand und Sorgfalt in diverse Veranstaltungen, Workshops und Aufklärung gesteckt. Ermöglicht wurde das durch die finanzielle Unterstützung vom Chaos Computer Club.\r\n\r\nDas Ergebnis kann sich sehen lassen:\r\n\r\nEine neue Community, in der Hörende und Gehörlose gemeinsam hacken, in der Gehörlose Maschinen bedienen, die vorher unzugänglich waren, und auch ganz neue Projekte wie zum Beispiel die ÖGS-Suchmaschine (http://suche.machs-auf.at/search).\r\n\r\nÜber die Arbeit der ersten zwei Jahre wird Oliver \"fussel\" Suchanek berichten, so dass ihr unsere Ansätze auch in anderen Spaces anwenden könnt.\r\n\r\nSeid gespannt auf den Einblick … :)\n\n\nHacken geht auch ohne Ohren! In den letzten zwei Jahren haben wir am lebenden Objekt erforscht, wie man Hackspaces für Gehörlose öffnen kann, so dass wir alle gemeinsam an Projekten arbeiten und cooles Zeug bauen können. Kommt vorbei, schaut/lauscht, und nehmt was mit nach Hause!\r\n\r\nDer Vortrag wird in der Österreichischen Gebärdensprache (ÖGS) gehalten und simultan zu Deutsch übersetzt (bzw. andersherum für Fragen).","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53838],"name":"Oliver Suchanek","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52354}],"timeband_id":1143,"end":"2023-12-30T15:25:00.000-0000","links":[{"label":"MACH'S AUF! ist auf Mastodon!","type":"link","url":"https://chaos.social/@mach_auf"},{"label":"MACH'S AUF! Zwischenbericht (2022)","type":"link","url":"https://machs-auf.at/zwischenbericht.pdf"},{"label":"MACH'S AUF! ","type":"link","url":"http://machs-auf.at"},{"label":"CCC Wien","type":"link","url":"http://c3w.at"},{"label":"ÖGS-Suchmaschine \"Gebärden-Archive\"","type":"link","url":"http://gebärdenverse.at"},{"label":"Presse: \"Wie sagt man das in ÖGS?\"","type":"link","url":"https://www.diepresse.com/6271309/wie-sagt-man-das-in-gebaerdensprache#:~:text=Von%20etwa%20450.000%20Menschen%2C%20die,Österreichische%20Gebärdensprache%20als%20Erstsprache%20nutzen."}],"id":53838,"village_id":null,"begin_timestamp":{"seconds":1703947500,"nanoseconds":0},"tag_ids":[46119,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52354}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T14:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Quadball/Quidditch is a mixed-gender, queer-friendly, full-contact sport that incorporates elements of rugby, handball and dodge ball. It is characterized by the brooms, the five balls and the different playing positions of the players, who need different skills.\r\n\r\nWe give a short introduction to the sport with its rules and gameplay mechanics and try to give an insight into the community. We plan to have time for your questions.\r\n\r\nWe two have been playing for around 4 years with the Braunschweiger Broomicorns. There are over 30 teams in germany and many more internationally, probably one near you!\r\n\r\nMore infos at https://iqasport.org/what-is-quidditch\r\n\r\nde and/or en\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Quidditch IRL - ja das gibt es wirklich","android_description":"Quadball/Quidditch is a mixed-gender, queer-friendly, full-contact sport that incorporates elements of rugby, handball and dodge ball. It is characterized by the brooms, the five balls and the different playing positions of the players, who need different skills.\r\n\r\nWe give a short introduction to the sport with its rules and gameplay mechanics and try to give an insight into the community. We plan to have time for your questions.\r\n\r\nWe two have been playing for around 4 years with the Braunschweiger Broomicorns. There are over 30 teams in germany and many more internationally, probably one near you!\r\n\r\nMore infos at https://iqasport.org/what-is-quidditch\r\n\r\nde and/or en","end_timestamp":{"seconds":1703948400,"nanoseconds":0},"updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T15:00:00.000-0000","id":54022,"begin_timestamp":{"seconds":1703946600,"nanoseconds":0},"tag_ids":[46137,46139,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"begin":"2023-12-30T14:30:00.000-0000","updated":"2023-12-30T01:42:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"## Subtitle: Adopting Formally-verified E2EE in a FOSS project \r\n\r\n## Summary\r\nIn this talk we take a look at Tox, a distributed/P2P and E2EE messaging solution and its FOSS implementation (toxcore). Tox utilizes state-of-the-art cryptography. However, it is vulnerable to key compromise impersonation (KCI) attacks. KCI is explained and also how this issue can be fixed by using the Noise Protocol Framework. Noise is used to design and implement E2EE messaging with formally-verified security in Tox - by utilizing libsodium. This enables more secure P2P communication with Tox and serves as enabler for Noise adoption in other projects. \r\n\r\n## Description\r\nTox is a peer-to-peer (P2P) protocol that aims to provide secure messaging functionality (e.g. instant messages, audio/video calls). It is implemented in a FOSS library called “c-toxcore”. The project started in 2013 right after Edward Snowden’s disclosure of global surveillance, especially due to NSA’s PRISM program. It is intended as a distributed and end-to-end encrypted (E2EE) messaging alternative.\r\n\r\nTox(core) utilizes state-of-the-art cryptography. However, Tox’ authenticated key exchange (AKE) during Tox’ handshake is necessary to enable E2EE (and further security properties, e.g. forward secrecy), but is known to be vulnerable to so-called key compromise impersonation (KCI) attacks. KCI enables an (sophisticated) attacker, who compromised the static long-term private X25519 identity key of a Tox party Alice (e.g. with a trojan), to impersonate any other Tox party (with certain limitations) to Alice (i.e. reverse impersonation) and to perform Machine-in-the-Middle (MitM) attacks on Alice’s private conversations.\r\n\r\nAt rC3 in 2020 I presented the results of my master’s thesis and my proof-of-concept (PoC) implementation to fix this KCI vulnerability. Fortunately, NLnet foundation is funding the continuation of this project to realize a proper production-ready implementation.\r\nThe Noise Protocol Framework from Trevor Perrin (presented at 34C3; co-author of Signal) is used to design and implement a new KCI-resistant Tox handshake - with formally-verified security properties (incl. forward secrecy, KCI resistance, etc). The Noise protocol used in Tox is Noise_IK_25519_XChaChaPoly_SHA512. NoiseIK is implemented directly in c-toxcore using only libsodium, instead of relying on a third-party library as an additional dependency (e.g. Noise-C) and therefore preserve maintainability of c-toxcore. Additionally this reduces the number of possibly vulnerable source lines of code.\r\n\r\nThis talk/session explains\r\n- Tox in general and its ecosystem\r\n- what KCI is and how it can possibly be exploited in Tox\r\n- how one can design and implement their own secure/E2EE communications using the Noise framework\r\n\r\nFurther it discusses the Noise implementation in Tox with regard to:\r\n\r\n- NoiseIK handshake: Adding the Noise_IK_25519_XChaChaPoly_SHA512 protocol to c-toxcore by using libsodium and taking inspiration from WireGuard®’s NoiseIK implementation\r\n- Using XChaCha20-Poly1305 for symmetric encryption (AEAD) with extended/random nonces instead of XSalsa20 or ChaCha20\r\n- Why and how backwards compatibility to non-Noise handshakes is implemented \r\n\r\nThis will (hopefully) enable others to adopt the Noise framework also for their implementations and projects.\r\n\r\nThis session (possibly) further includes a short demonstration and a presentation of possible future improvements.\r\n___\r\nTerminology in context of Tox:\r\n\r\n- Tox is the name of the protocol in general -> https://toktok.ltd/spec.html\r\n- The implementation of Tox is toxcore - a network library\r\n- The clients (using toxcore) have specific names (e.g. Toxic https://github.com/JFreegman/toxic, TRIfA https://github.com/zoff99/ToxAndroidRefImpl/)\r\n___\r\nLinks/Resources:\r\n- https://tox.chat/\r\n- https://github.com/TokTok/c-toxcore/\"\r\n- https://github.com/TokTok/c-toxcore/issues/426/\r\n- https://github.com/TokTok/c-toxcore/pull/2450\r\n- https://blog.tox.chat/2023/03/redesign-of-toxs-cryptographic-handshake/\r\n- https://noiseprotocol.org/\n\n\nSpeaker: Tobi (goldroom, Tobias Buchberger)","title":"(More) Secure P2P Messaging with Noise and Tox","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"## Subtitle: Adopting Formally-verified E2EE in a FOSS project \r\n\r\n## Summary\r\nIn this talk we take a look at Tox, a distributed/P2P and E2EE messaging solution and its FOSS implementation (toxcore). Tox utilizes state-of-the-art cryptography. However, it is vulnerable to key compromise impersonation (KCI) attacks. KCI is explained and also how this issue can be fixed by using the Noise Protocol Framework. Noise is used to design and implement E2EE messaging with formally-verified security in Tox - by utilizing libsodium. This enables more secure P2P communication with Tox and serves as enabler for Noise adoption in other projects. \r\n\r\n## Description\r\nTox is a peer-to-peer (P2P) protocol that aims to provide secure messaging functionality (e.g. instant messages, audio/video calls). It is implemented in a FOSS library called “c-toxcore”. The project started in 2013 right after Edward Snowden’s disclosure of global surveillance, especially due to NSA’s PRISM program. It is intended as a distributed and end-to-end encrypted (E2EE) messaging alternative.\r\n\r\nTox(core) utilizes state-of-the-art cryptography. However, Tox’ authenticated key exchange (AKE) during Tox’ handshake is necessary to enable E2EE (and further security properties, e.g. forward secrecy), but is known to be vulnerable to so-called key compromise impersonation (KCI) attacks. KCI enables an (sophisticated) attacker, who compromised the static long-term private X25519 identity key of a Tox party Alice (e.g. with a trojan), to impersonate any other Tox party (with certain limitations) to Alice (i.e. reverse impersonation) and to perform Machine-in-the-Middle (MitM) attacks on Alice’s private conversations.\r\n\r\nAt rC3 in 2020 I presented the results of my master’s thesis and my proof-of-concept (PoC) implementation to fix this KCI vulnerability. Fortunately, NLnet foundation is funding the continuation of this project to realize a proper production-ready implementation.\r\nThe Noise Protocol Framework from Trevor Perrin (presented at 34C3; co-author of Signal) is used to design and implement a new KCI-resistant Tox handshake - with formally-verified security properties (incl. forward secrecy, KCI resistance, etc). The Noise protocol used in Tox is Noise_IK_25519_XChaChaPoly_SHA512. NoiseIK is implemented directly in c-toxcore using only libsodium, instead of relying on a third-party library as an additional dependency (e.g. Noise-C) and therefore preserve maintainability of c-toxcore. Additionally this reduces the number of possibly vulnerable source lines of code.\r\n\r\nThis talk/session explains\r\n- Tox in general and its ecosystem\r\n- what KCI is and how it can possibly be exploited in Tox\r\n- how one can design and implement their own secure/E2EE communications using the Noise framework\r\n\r\nFurther it discusses the Noise implementation in Tox with regard to:\r\n\r\n- NoiseIK handshake: Adding the Noise_IK_25519_XChaChaPoly_SHA512 protocol to c-toxcore by using libsodium and taking inspiration from WireGuard®’s NoiseIK implementation\r\n- Using XChaCha20-Poly1305 for symmetric encryption (AEAD) with extended/random nonces instead of XSalsa20 or ChaCha20\r\n- Why and how backwards compatibility to non-Noise handshakes is implemented \r\n\r\nThis will (hopefully) enable others to adopt the Noise framework also for their implementations and projects.\r\n\r\nThis session (possibly) further includes a short demonstration and a presentation of possible future improvements.\r\n___\r\nTerminology in context of Tox:\r\n\r\n- Tox is the name of the protocol in general -> https://toktok.ltd/spec.html\r\n- The implementation of Tox is toxcore - a network library\r\n- The clients (using toxcore) have specific names (e.g. Toxic https://github.com/JFreegman/toxic, TRIfA https://github.com/zoff99/ToxAndroidRefImpl/)\r\n___\r\nLinks/Resources:\r\n- https://tox.chat/\r\n- https://github.com/TokTok/c-toxcore/\"\r\n- https://github.com/TokTok/c-toxcore/issues/426/\r\n- https://github.com/TokTok/c-toxcore/pull/2450\r\n- https://blog.tox.chat/2023/03/redesign-of-toxs-cryptographic-handshake/\r\n- https://noiseprotocol.org/\n\n\nSpeaker: Tobi (goldroom, Tobias Buchberger)","end_timestamp":{"seconds":1703948400,"nanoseconds":0},"updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T15:00:00.000-0000","id":54026,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703944800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"updated":"2023-12-30T01:42:00.000-0000","begin":"2023-12-30T14:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Let's chat some LLM agents, their uses, and their governance. We can start by going over how to create one. We can then chat:\r\n - How do I create LLM agents in ChatGPT? What can we use them for?\r\n - How does this differ from finetuning?\r\n - How does this look with open-source models?\r\n - What business models might Big Tech come up with for LLM agents?\r\n - What are good ways for civil society to hold LLM agent producers accountable?\r\n - ...\n\n\n","title":"Meetup on LLM Agents","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703948400,"nanoseconds":0},"android_description":"Let's chat some LLM agents, their uses, and their governance. We can start by going over how to create one. We can then chat:\r\n - How do I create LLM agents in ChatGPT? What can we use them for?\r\n - How does this differ from finetuning?\r\n - How does this look with open-source models?\r\n - What business models might Big Tech come up with for LLM agents?\r\n - What are good ways for civil society to hold LLM agent producers accountable?\r\n - ...","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T15:00:00.000-0000","id":53766,"begin_timestamp":{"seconds":1703944800,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"begin":"2023-12-30T14:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This workshop invites FLINTA* data enthusiasts of all backgrounds to play around with population data. You will learn to access and analyse data available through _DESTATIS_, Germany's Federal Statistical Office, focusing on a data set of your choice that aligns with your interests. Together, we will learn how to access _DESTATIS_ data, retrieve specific datasets, and preprocess them for analysis in a reusable way using Python (but you can opt to choose R or another language of your choice instead), using a gender-split data set as an example. We will then explore the data we retrieved, and get together to discuss what we found.\r\n\r\n**Prerequisites:** Having beginner-level programming or data analysis skills will help you get the most out of this workshop. If you can comfortably execute Python code, you’ll probably have fun, regardless of whether you never explored data before or you happen to be a researcher in statistical modelling.\r\n* You need some basic technical skills to follow along (you should be able to read in a CSV file using code).\r\n* No prior experience with the _DESTATIS_ API is necessary. \r\n* Bring your laptop.\n\n\nIn this interactive workshop, participants will dive into the world of publicly available statistics with a focus on gender-related data from the _DESTATIS_ (German Federal Statistical Office) public API. This workshop caters to individuals with little to no prior experience with _DESTATIS_ data, while also offering a practical, hands-on introduction to data analysis.","type":{"conference_id":131,"conference":"37C3","color":"#7f73c6","updated_at":"2023-12-30T22:18+0000","name":"Workshop","id":46133},"title":"📊 GIRLS JUST WANNA HAVE SOME STATS: Exploring open population data using the DESTATIS API and Python","android_description":"This workshop invites FLINTA* data enthusiasts of all backgrounds to play around with population data. You will learn to access and analyse data available through _DESTATIS_, Germany's Federal Statistical Office, focusing on a data set of your choice that aligns with your interests. Together, we will learn how to access _DESTATIS_ data, retrieve specific datasets, and preprocess them for analysis in a reusable way using Python (but you can opt to choose R or another language of your choice instead), using a gender-split data set as an example. We will then explore the data we retrieved, and get together to discuss what we found.\r\n\r\n**Prerequisites:** Having beginner-level programming or data analysis skills will help you get the most out of this workshop. If you can comfortably execute Python code, you’ll probably have fun, regardless of whether you never explored data before or you happen to be a researcher in statistical modelling.\r\n* You need some basic technical skills to follow along (you should be able to read in a CSV file using code).\r\n* No prior experience with the _DESTATIS_ API is necessary. \r\n* Bring your laptop.\n\n\nIn this interactive workshop, participants will dive into the world of publicly available statistics with a focus on gender-related data from the _DESTATIS_ (German Federal Statistical Office) public API. This workshop caters to individuals with little to no prior experience with _DESTATIS_ data, while also offering a practical, hands-on introduction to data analysis.","end_timestamp":{"seconds":1703952000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53626,53638],"name":"sumpfhexe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52453}],"timeband_id":1143,"links":[],"end":"2023-12-30T16:00:00.000-0000","id":53626,"village_id":null,"begin_timestamp":{"seconds":1703944800,"nanoseconds":0},"tag_ids":[46133,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52453}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T14:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Celebrate the winners of the CYCLOPS CTF/ARG - prizes will be given to the people and teams who get the furthest.","title":"CYCLOPS Awards Ceremony","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703946600,"nanoseconds":0},"android_description":"Celebrate the winners of the CYCLOPS CTF/ARG - prizes will be given to the people and teams who get the furthest.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T14:30:00.000-0000","id":53548,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703944800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"House","hotel":"","short_name":"House","id":46137},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T14:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Lasst uns zusammen das cccamp27 zu einen grüneren Event machen. Egal, ob du schon Erfahrung in nachhaltigen Projekten hast oder nicht – jede Perspektive zählt. Bringt eure Ideen mit und lasst uns gemeinsam über das cccamp27 nachdenken und vernetzten.\n\n\n","title":"CCCamp27 Sustainabillity Brainstorming Meetup","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"Lasst uns zusammen das cccamp27 zu einen grüneren Event machen. Egal, ob du schon Erfahrung in nachhaltigen Projekten hast oder nicht – jede Perspektive zählt. Bringt eure Ideen mit und lasst uns gemeinsam über das cccamp27 nachdenken und vernetzten.","end_timestamp":{"seconds":1703948100,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T14:55:00.000-0000","id":53544,"begin_timestamp":{"seconds":1703944800,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T14:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Das erste Mal auf dem Congress ist definitiv immer in prägendes Erlebnis. Kommt vorbei und erzählt MacSnider davon, sprecht mit anderen über eure Erwartungen und Erfahrungen. Alte Hasen die von früher erzählen sind natürlich auch gerne Willkommen!","title":"The InSnider: Mein erstes Mal Congress","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#93758d","name":"Podcasting table (45 minutes)","id":46128},"android_description":"Das erste Mal auf dem Congress ist definitiv immer in prägendes Erlebnis. Kommt vorbei und erzählt MacSnider davon, sprecht mit anderen über eure Erwartungen und Erfahrungen. Alte Hasen die von früher erzählen sind natürlich auch gerne Willkommen!","end_timestamp":{"seconds":1703947500,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53696,53507,53458],"name":"MacSnider","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52346}],"timeband_id":1143,"links":[],"end":"2023-12-30T14:45:00.000-0000","id":53458,"begin_timestamp":{"seconds":1703944800,"nanoseconds":0},"tag_ids":[46128,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52346}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"spans_timebands":"N","begin":"2023-12-30T14:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This is an open for all discussion about digital offerings in German schools.\n\n\nWir hören euch zum Thema “Bildung richtig digital” zu","title":"cyber4EDU (Zu-)Hörstunde - Fokus Hochschule","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703947500,"nanoseconds":0},"android_description":"This is an open for all discussion about digital offerings in German schools.\n\n\nWir hören euch zum Thema “Bildung richtig digital” zu","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T14:45:00.000-0000","id":53997,"village_id":null,"begin_timestamp":{"seconds":1703943900,"nanoseconds":0},"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"cyber4EDU Assembly","hotel":"","short_name":"cyber4EDU Assembly","id":46159},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T13:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Having worked on the cross border e-evidence dossier since it's inception in 2017, the talk aims to present an insider view on the proposed procedures and legal protections, the scope of the obligation on industry to promptly provide information to law enforcement as well as the status of the proposed technical implementation including the proposed authentication and encryption of requests as well as the response data provided.\r\n\r\nAs an industry representative participating in the official EU e-evidence implementation task force I am going to take a look at the current, up to date status of the proposed implementation as well as the numerous grey areas to still be addressed both legally as well as technically to make the e-evidence dossier even remotely workable/acceptable for all parties concerned.\n\n\nThe EU \"e-evidence\" regulation is a critical piece of new legislation directly affecting all EU citizens. Proposed in 2017, it has been completed in 2023 as has since become law, mandating a more or less direct, cross border access to all sorts of stored information by law enforcement. I will be addressing \r\nhow individuals are affected and how the release of e-evidence works technically. Who are the actors? Which types of information can be requested? How are individual rights protected?\r\n","title":"Dissecting EU electronic evidence","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703946300,"nanoseconds":0},"android_description":"Having worked on the cross border e-evidence dossier since it's inception in 2017, the talk aims to present an insider view on the proposed procedures and legal protections, the scope of the obligation on industry to promptly provide information to law enforcement as well as the status of the proposed technical implementation including the proposed authentication and encryption of requests as well as the response data provided.\r\n\r\nAs an industry representative participating in the official EU e-evidence implementation task force I am going to take a look at the current, up to date status of the proposed implementation as well as the numerous grey areas to still be addressed both legally as well as technically to make the e-evidence dossier even remotely workable/acceptable for all parties concerned.\n\n\nThe EU \"e-evidence\" regulation is a critical piece of new legislation directly affecting all EU citizens. Proposed in 2017, it has been completed in 2023 as has since become law, mandating a more or less direct, cross border access to all sorts of stored information by law enforcement. I will be addressing \r\nhow individuals are affected and how the release of e-evidence works technically. Who are the actors? Which types of information can be requested? How are individual rights protected?","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53837],"name":"Klaus Landefeld","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52474}],"timeband_id":1143,"links":[],"end":"2023-12-30T14:25:00.000-0000","id":53837,"village_id":null,"tag_ids":[46121,46136,46140],"begin_timestamp":{"seconds":1703943900,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52474}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"begin":"2023-12-30T13:45:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"After the \"summer of migration\", from 2017 the EU and Italy set up and equipped the \"coastguard\" in Libya, consisting of militias, to take back boats with refugees to North Africa and put the people in torture camps. Frontex and a EU military mission take over the aerial surveillance for these pullbacks. 2023, Tariq Ben Zeyad Brigade (TBZ), a notorious East Libyan land-based militia, went maritime and completed this pullback regime. They were deeply involved in the failed passage of the boat that sank near Pylos, in which up to 500 people drowned. For the first time, we unveiled how their new vessel, sponsored by UAE, operates in the Central Mediterranean. We could spot them, intercept communication, and record their crimes. We managed to do so through low-budget, open-source intelligence, voluntary work, and our civil monitoring flights. Our talk materializes at the crossroads of no-border activist nerdiness and broader geopolitical reflections. Starting with our first-hand material, we show TBZ's close ties with condemned war criminals, the smuggling business, the United Arab Emirates, the Frontex agency, and European governments, namely Greece, Italy, and Malta. We see the media being barely interested in the intricacies of Europe's proxy actors, such as TBZ, that help uphold fortress Europe. We will use CCC to discuss what has little space in our daily public work: weird details, daring predictions, and complex interlinkages.\n\n\n2023, Tariq Ben Zeyad Brigade (TBZ), a notorious East Libyan land-based militia, went maritime and completed the pullback regime which was installed by Italy and the EU from 2017. They were deeply involved in the failed passage of the boat that sank near Pylos, in which up to 500 people drowned. With the help of low-budget, open-source intelligence, we were the first to unveil how their new vessel operates in the Central Mediterranean and with which European actors they communicate. This talk provides you with the details.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"A Libyan Militia and the EU - A Love Story?","android_description":"After the \"summer of migration\", from 2017 the EU and Italy set up and equipped the \"coastguard\" in Libya, consisting of militias, to take back boats with refugees to North Africa and put the people in torture camps. Frontex and a EU military mission take over the aerial surveillance for these pullbacks. 2023, Tariq Ben Zeyad Brigade (TBZ), a notorious East Libyan land-based militia, went maritime and completed this pullback regime. They were deeply involved in the failed passage of the boat that sank near Pylos, in which up to 500 people drowned. For the first time, we unveiled how their new vessel, sponsored by UAE, operates in the Central Mediterranean. We could spot them, intercept communication, and record their crimes. We managed to do so through low-budget, open-source intelligence, voluntary work, and our civil monitoring flights. Our talk materializes at the crossroads of no-border activist nerdiness and broader geopolitical reflections. Starting with our first-hand material, we show TBZ's close ties with condemned war criminals, the smuggling business, the United Arab Emirates, the Frontex agency, and European governments, namely Greece, Italy, and Malta. We see the media being barely interested in the intricacies of Europe's proxy actors, such as TBZ, that help uphold fortress Europe. We will use CCC to discuss what has little space in our daily public work: weird details, daring predictions, and complex interlinkages.\n\n\n2023, Tariq Ben Zeyad Brigade (TBZ), a notorious East Libyan land-based militia, went maritime and completed the pullback regime which was installed by Italy and the EU from 2017. They were deeply involved in the failed passage of the boat that sank near Pylos, in which up to 500 people drowned. With the help of low-budget, open-source intelligence, we were the first to unveil how their new vessel operates in the Central Mediterranean and with which European actors they communicate. This talk provides you with the details.","end_timestamp":{"seconds":1703947500,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53831],"name":"Paul Wagner","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52384},{"conference_id":131,"event_ids":[53831],"name":"Matthias Monroy","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52398},{"conference_id":131,"event_ids":[53831],"name":"Felix Weiss","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52482}],"timeband_id":1143,"end":"2023-12-30T14:45:00.000-0000","links":[{"label":"One of the few media ouputs that has been done in cooperation with us on the topic","type":"link","url":"https://www.aljazeera.com/features/longform/2023/8/11/eastern-libya-militia-operates-illegal-pullbacks-in-mediterranean"}],"id":53831,"tag_ids":[46121,46136,46140],"begin_timestamp":{"seconds":1703943900,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52482},{"tag_id":46107,"sort_order":1,"person_id":52398},{"tag_id":46107,"sort_order":1,"person_id":52384}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"begin":"2023-12-30T13:45:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The SPC700 by Sony is an 8-bit architecture that was developed and used as the S-SMP sound coprocessor in the Super Nintendo Entertainment System (SNES). A big leap ahead in sound synthesis capabilities, apart from these few years of glory in the 1990s the architecture enjoyed no further uses and has faded into obscurity outside SNES circles. This talk not only takes a look at the SPC700 architecture, which is both a usual and unusual 8-bit ISA, but also the sound and music capabilities of the SNES S-DSP that it was designed to control. The talk is designed to be approachable by anyone with a basic understanding of how a microprocessor works; in particular, it covers the basics of digital audio necessary to understand the S-DSP's sound synthesis features like ADPCM sample playback or echo buffers.\n\n\nThe Super Nintendo Entertainment System's sound coprocessor, the S-SMP, runs on the mostly-forgotten SPC700 architecture. To understand why the sound of Super Metroid or SMW was so ahead of its time, we will look at all the details of how this processor works and how it plays music.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"The Ultimate SPC700 Talk","end_timestamp":{"seconds":1703947500,"nanoseconds":0},"android_description":"The SPC700 by Sony is an 8-bit architecture that was developed and used as the S-SMP sound coprocessor in the Super Nintendo Entertainment System (SNES). A big leap ahead in sound synthesis capabilities, apart from these few years of glory in the 1990s the architecture enjoyed no further uses and has faded into obscurity outside SNES circles. This talk not only takes a look at the SPC700 architecture, which is both a usual and unusual 8-bit ISA, but also the sound and music capabilities of the SNES S-DSP that it was designed to control. The talk is designed to be approachable by anyone with a basic understanding of how a microprocessor works; in particular, it covers the basics of digital audio necessary to understand the S-DSP's sound synthesis features like ADPCM sample playback or echo buffers.\n\n\nThe Super Nintendo Entertainment System's sound coprocessor, the S-SMP, runs on the mostly-forgotten SPC700 architecture. To understand why the sound of Super Metroid or SMW was so ahead of its time, we will look at all the details of how this processor works and how it plays music.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53823],"name":"kleines Filmröllchen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52242}],"timeband_id":1143,"links":[],"end":"2023-12-30T14:45:00.000-0000","id":53823,"begin_timestamp":{"seconds":1703943900,"nanoseconds":0},"tag_ids":[46122,46136,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52242}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T13:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Ever since the revolutionary uprisings in East Kurdistan, Balochistan and Iran following the death of of Jina Emînî after mistreatment by the Iranian morality police, the slogan \"Jin Jiyan Azadî\" has become known worldwide as a symbol of the struggle for women's liberation. But the Kurdish women's movement has been fighting for far longer under the slogan \"Woman, Life, freedom\" for the liberation of life through a women's revolution. With the revolution in Rojava, which has been continuously built up and defended for over 10 years, such a revolution based on women's liberation, radical democracy and social ecology has become reality. It offers a perspective for a peaceful and democratic coexistence of the people in the Middle East and beyond. What are the ideas behind the slogan \"Jin Jiyan Azadî\" and what does the practice look like in the liberated areas of Kurdistan? Together we want to get to the bottom of this and discuss the significance of the struggle of the Kurdish women's movement for us in Germany and a women's movement worldwide.\n\n\nDiscuss the significance of the struggle of the Kurdish women's movement for us in Germany and a women's movement worldwide.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"With Jin Jiyan Azadî to women's liberation","end_timestamp":{"seconds":1703946600,"nanoseconds":0},"android_description":"Ever since the revolutionary uprisings in East Kurdistan, Balochistan and Iran following the death of of Jina Emînî after mistreatment by the Iranian morality police, the slogan \"Jin Jiyan Azadî\" has become known worldwide as a symbol of the struggle for women's liberation. But the Kurdish women's movement has been fighting for far longer under the slogan \"Woman, Life, freedom\" for the liberation of life through a women's revolution. With the revolution in Rojava, which has been continuously built up and defended for over 10 years, such a revolution based on women's liberation, radical democracy and social ecology has become reality. It offers a perspective for a peaceful and democratic coexistence of the people in the Middle East and beyond. What are the ideas behind the slogan \"Jin Jiyan Azadî\" and what does the practice look like in the liberated areas of Kurdistan? Together we want to get to the bottom of this and discuss the significance of the struggle of the Kurdish women's movement for us in Germany and a women's movement worldwide.\n\n\nDiscuss the significance of the struggle of the Kurdish women's movement for us in Germany and a women's movement worldwide.","updated_timestamp":{"seconds":1703954760,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T14:30:00.000-0000","id":54033,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703943000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Freie Arbeiter*innen Union (FAU)","hotel":"","short_name":"Freie Arbeiter*innen Union (FAU)","id":46146},"spans_timebands":"N","updated":"2023-12-30T16:46:00.000-0000","begin":"2023-12-30T13:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Coole Einreichungen der Artists Unlimited die es teilweise ins Nachtprogramm geschafft haben.\r\nhttp://www.artists-unlimited.de\n\n\nCoole Einreichungen der Artists Unlimited!\r\nhttp://www.artists-unlimited.de","title":"Kunstshow der Artists Unlimited","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#6fdce3","name":"Talk 30 min + 10 min Q&A","id":46131},"android_description":"Coole Einreichungen der Artists Unlimited die es teilweise ins Nachtprogramm geschafft haben.\r\nhttp://www.artists-unlimited.de\n\n\nCoole Einreichungen der Artists Unlimited!\r\nhttp://www.artists-unlimited.de","end_timestamp":{"seconds":1703949300,"nanoseconds":0},"updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[54004],"name":"Unnamed user","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52519}],"timeband_id":1143,"links":[],"end":"2023-12-30T15:15:00.000-0000","id":54004,"tag_ids":[46131,46139],"village_id":null,"begin_timestamp":{"seconds":1703943000,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52519}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"begin":"2023-12-30T13:30:00.000-0000","updated":"2023-12-29T15:25:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This session is intended to provide a space to exchange ideas about Fairphones. It doesn't matter whether you already own and use a Fairphone or are simply interested. All current Fairphone models will be on site and if someone brings tools, we might be able to disassemble one or the other.\r\n\r\nIf you have any other ideas for the Meetup, please get in touch with me: DECT 5548; @t_aus_m@machteburch.social\n\n\n","title":"Fairphone Meetup","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703944800,"nanoseconds":0},"android_description":"This session is intended to provide a space to exchange ideas about Fairphones. It doesn't matter whether you already own and use a Fairphone or are simply interested. All current Fairphone models will be on site and if someone brings tools, we might be able to disassemble one or the other.\r\n\r\nIf you have any other ideas for the Meetup, please get in touch with me: DECT 5548; @t_aus_m@machteburch.social","updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T14:00:00.000-0000","id":54016,"village_id":null,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703941200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","begin":"2023-12-30T13:00:00.000-0000","updated":"2023-12-29T15:25:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Replicant is a fully free Android distribution running on several devices,\r\na free software mobile operating system putting the emphasis on freedom and privacy/security\n\n\nReplicant is the only fully free Android distribution for mobile phones.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Replicant Meetup","android_description":"Replicant is a fully free Android distribution running on several devices,\r\na free software mobile operating system putting the emphasis on freedom and privacy/security\n\n\nReplicant is the only fully free Android distribution for mobile phones.","end_timestamp":{"seconds":1703944800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T14:00:00.000-0000","id":53998,"village_id":null,"begin_timestamp":{"seconds":1703941200,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"begin":"2023-12-30T13:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"How the tactics of this war differ from those in all other wars of\r\nthe last 50 years, why it is an exception from all the rules, and\r\nwhy that is dangerous for everybody.\r\nYevhen Shybalov, former peacemaker, currently an infantryman\r\n\r\nhttps://events.ccc.de/congress/2023/hub/en/tag/UAct/\n\n\nHow the tactics of this war differ from those in all other wars of\r\nthe last 50 years, why it is an exception from all the rules, and\r\nwhy that is dangerous for everybody.","title":"U Act! - Modern Warfare (Infantry)","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703946600,"nanoseconds":0},"android_description":"How the tactics of this war differ from those in all other wars of\r\nthe last 50 years, why it is an exception from all the rules, and\r\nwhy that is dangerous for everybody.\r\nYevhen Shybalov, former peacemaker, currently an infantryman\r\n\r\nhttps://events.ccc.de/congress/2023/hub/en/tag/UAct/\n\n\nHow the tactics of this war differ from those in all other wars of\r\nthe last 50 years, why it is an exception from all the rules, and\r\nwhy that is dangerous for everybody.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T14:30:00.000-0000","id":53900,"village_id":null,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703941200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"ChaosZone","hotel":"","short_name":"ChaosZone","id":46138},"begin":"2023-12-30T13:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Tägliche Meetups zum Netzwerken, gegenseitiges Kennenlernen, Tipps geben.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Bits & Bäume Community Treffen Tag 4","end_timestamp":{"seconds":1703944800,"nanoseconds":0},"android_description":"Tägliche Meetups zum Netzwerken, gegenseitiges Kennenlernen, Tipps geben.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T14:00:00.000-0000","id":53655,"tag_ids":[46137,46141],"village_id":null,"begin_timestamp":{"seconds":1703941200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Community Space","hotel":"","short_name":"Bits & Bäume Community Space","id":46145},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Once again this year, the developers and users attending the congress want to discuss current OpenWrt topics.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"OpenWrt Meetup","android_description":"Once again this year, the developers and users attending the congress want to discuss current OpenWrt topics.","end_timestamp":{"seconds":1703948400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T15:00:00.000-0000","id":53524,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703941200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","begin":"2023-12-30T13:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"You like roleplaying games? You enjoy LARP, TTRPG, Improv, story telling or simulation games? You have no idea what this is about and want to try out stuff? This is a meetup for cooperative improvised story telling. Children and adults are welcome. If you do game design, creative writing, education or therapy, please come by.\n\n\nRollenspiele","title":"Geschichten erzählen - The Storytellers Den (LARP) - Tag 4","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703948400,"nanoseconds":0},"android_description":"You like roleplaying games? You enjoy LARP, TTRPG, Improv, story telling or simulation games? You have no idea what this is about and want to try out stuff? This is a meetup for cooperative improvised story telling. Children and adults are welcome. If you do game design, creative writing, education or therapy, please come by.\n\n\nRollenspiele","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T15:00:00.000-0000","id":53434,"tag_ids":[46137,46141],"village_id":null,"begin_timestamp":{"seconds":1703941200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Kidspace - Saal B","hotel":"","short_name":"Kidspace - Saal B","id":46158},"spans_timebands":"N","begin":"2023-12-30T13:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"„Quantum“ macht ja alles besser, vielleicht auch die Messtechnik, mit der wir die Erde vermessen. In einem Beitrag auf dem 34C3 habe ich über die Vermessung des Schwerefeldes der Erde gesprochen, die uns einen Einblick in die Umverteilung von Massen auf und innerhalb der Erde ermöglicht. Mit Satelliten werden zum Beispiel die Massenveränderungen an den Eisschilden oder in kontinentalen Grundwasserspeichern beobachtet. Auf der Erdoberfläche selbst wird das Schwerefeld für Anwendungen in Geodäsie, Geophysik oder auch der Hydrologie lokal oder in kleinen Regionen mit Gravimetern am Boden, im Flugzeug oder auf Schiffen vermessen. \r\n\r\nIm terrestrischen Einsatz werden bereits seit wenigen Jahren so genannte Quantengravimeter eingesetzt, die das Prinzip der Atominterferometrie nutzen. In diesen Instrumenten werden fallende Atome mittels Laser manipuliert, um die Beschleunigung zu messen, der die fallenden Atome unterliegen. Für Weltraumanwendungen ist die Technologie derzeit in der Entwicklung und noch nicht im Einsatz.\r\n\r\nIn diesem Beitrag gebe ich einen kurzen Überblick über das Thema „Quantum Sensing“ mit dem Fokus auf die Erdbeobachtung. Wir schauen uns die Technologie, Anwendungen und aktuelle Entwicklungen an und werfen einen Blick in die Förderlandschaft. Vielleicht starten wir ja auch noch SomeThingQT.\n\n\nMal ehrlich, was haben denn Atome je für uns getan, also außer der Materie im Allgemeinen und Mate im Besonderen? Wir kennen „Quantum Computing“ oder auch „Quantum Communication“. Aber wie sieht es aus mit „Quantum Sensing“ – also quantenbasierter Messtechnik? Lasst uns mit Lasern auf ein paar Atome schießen und sehen, wie schwer die Welt ist. ","title":"Was haben Atome je für uns getan?","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703943000,"nanoseconds":0},"android_description":"„Quantum“ macht ja alles besser, vielleicht auch die Messtechnik, mit der wir die Erde vermessen. In einem Beitrag auf dem 34C3 habe ich über die Vermessung des Schwerefeldes der Erde gesprochen, die uns einen Einblick in die Umverteilung von Massen auf und innerhalb der Erde ermöglicht. Mit Satelliten werden zum Beispiel die Massenveränderungen an den Eisschilden oder in kontinentalen Grundwasserspeichern beobachtet. Auf der Erdoberfläche selbst wird das Schwerefeld für Anwendungen in Geodäsie, Geophysik oder auch der Hydrologie lokal oder in kleinen Regionen mit Gravimetern am Boden, im Flugzeug oder auf Schiffen vermessen. \r\n\r\nIm terrestrischen Einsatz werden bereits seit wenigen Jahren so genannte Quantengravimeter eingesetzt, die das Prinzip der Atominterferometrie nutzen. In diesen Instrumenten werden fallende Atome mittels Laser manipuliert, um die Beschleunigung zu messen, der die fallenden Atome unterliegen. Für Weltraumanwendungen ist die Technologie derzeit in der Entwicklung und noch nicht im Einsatz.\r\n\r\nIn diesem Beitrag gebe ich einen kurzen Überblick über das Thema „Quantum Sensing“ mit dem Fokus auf die Erdbeobachtung. Wir schauen uns die Technologie, Anwendungen und aktuelle Entwicklungen an und werfen einen Blick in die Förderlandschaft. Vielleicht starten wir ja auch noch SomeThingQT.\n\n\nMal ehrlich, was haben denn Atome je für uns getan, also außer der Materie im Allgemeinen und Mate im Besonderen? Wir kennen „Quantum Computing“ oder auch „Quantum Communication“. Aber wie sieht es aus mit „Quantum Sensing“ – also quantenbasierter Messtechnik? Lasst uns mit Lasern auf ein paar Atome schießen und sehen, wie schwer die Welt ist.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53836],"name":"Manuel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52447}],"timeband_id":1143,"links":[],"end":"2023-12-30T13:30:00.000-0000","id":53836,"village_id":null,"tag_ids":[46123,46136,46139],"begin_timestamp":{"seconds":1703940600,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52447}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"begin":"2023-12-30T12:50:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Schon länger experimentieren Bundesländer und Schulen zusammen mit EdTech-Unternehmen mit KI und Algorithmen in Learning Analytics-Programmen (LA) und sogenannten Intelligenten Tutor Systemen. Wie auch schon bei anderen technologischen Entwicklungen hängt auch bei KI die gesetzliche Regulierung der gelebten Praxis hinterher und Schulen oder auch Schulträger haben bislang keine rechtssichere Grundlage für die Arbeit mit KI. Noch. Doch bereits seit dem Frühjahr 2021 wird in Brüssel an der sogenannten KI-Verordnung gearbeitet, die diese Lücke schließen soll. Nun steht die KI-Verordnung kurz vor dem Abschluss und der Vortrag zeigt, was nun juristisch konkret auf Schulen, Schulträger oder Länder zukommen kann, und gibt ein Update zu den technischen und pädagogischen Herausforderungen, die der Einsatz von KI in der Schule mitbringt. Nur wenn KI richtig und geplant beschafft, eingesetzt und begleitet wird, kann sie zu Entlastungseffekten führen. Der Vortrag stellt die nötigen Schritte vor. \n\n\nSeit ChatGPT ist das Thema Künstliche Intelligenz mittlerweile an fast allen Schulen angekommen. Immer noch soll KI Lehrkräfte entlasten, doch mit der kommenden KI-Verordnung kann sich die Belastung einfach nur verschieben. Der Vortrag gibt ein Update zum Vortrag von der #rC3 2020, was nun konkret auf Schulen zukommen kann und wie KI tatsächlich zu Entlastungen beitragen kann. ","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"KI im Klassenzimmer - ein Update!","end_timestamp":{"seconds":1703943000,"nanoseconds":0},"android_description":"Schon länger experimentieren Bundesländer und Schulen zusammen mit EdTech-Unternehmen mit KI und Algorithmen in Learning Analytics-Programmen (LA) und sogenannten Intelligenten Tutor Systemen. Wie auch schon bei anderen technologischen Entwicklungen hängt auch bei KI die gesetzliche Regulierung der gelebten Praxis hinterher und Schulen oder auch Schulträger haben bislang keine rechtssichere Grundlage für die Arbeit mit KI. Noch. Doch bereits seit dem Frühjahr 2021 wird in Brüssel an der sogenannten KI-Verordnung gearbeitet, die diese Lücke schließen soll. Nun steht die KI-Verordnung kurz vor dem Abschluss und der Vortrag zeigt, was nun juristisch konkret auf Schulen, Schulträger oder Länder zukommen kann, und gibt ein Update zu den technischen und pädagogischen Herausforderungen, die der Einsatz von KI in der Schule mitbringt. Nur wenn KI richtig und geplant beschafft, eingesetzt und begleitet wird, kann sie zu Entlastungseffekten führen. Der Vortrag stellt die nötigen Schritte vor. \n\n\nSeit ChatGPT ist das Thema Künstliche Intelligenz mittlerweile an fast allen Schulen angekommen. Immer noch soll KI Lehrkräfte entlasten, doch mit der kommenden KI-Verordnung kann sich die Belastung einfach nur verschieben. Der Vortrag gibt ein Update zum Vortrag von der #rC3 2020, was nun konkret auf Schulen zukommen kann und wie KI tatsächlich zu Entlastungen beitragen kann.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53830],"name":"Nina Galla","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52515}],"timeband_id":1143,"end":"2023-12-30T13:30:00.000-0000","links":[{"label":" #rC3 - KI im Klassenzimmer - yay oder nay? ","type":"link","url":"https://www.youtube.com/watch?v=V1bs0w08Y7w"}],"id":53830,"begin_timestamp":{"seconds":1703940600,"nanoseconds":0},"tag_ids":[46121,46136,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52515}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T12:50:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The climate catastrophe is imminent and global injustice is rising. Now a lot of new (in part digital) tech (AI, blockchain, big data, fusion, quantum computing, genetic engineering) is supposed to help the transition to a sustainable society. Although some of them can actually help with parts of the transition, they are usually discussed not as tools to assist the broader societal change (economic, legal, social, political changes) but as replacement for the broader societal change. In effect they act as \"change placebos\" resulting in \"placebo change\", meaning no change at all.\r\n\r\nUsing concrete examples, this talk wants to 1) show in which ways technological fictions are misused as diversion from the necessary change or already existing other technologies, 2) present reasons and explanations for such misuse and 3) a simple method to spot tech(no)fixes. This talk underlines the necessity to design concrete technical use cases including their social conditions and limitations in order to create a fruitful debate for sustainability-assisting technologies and actually helpful implementations.\n\n\nTech(no)fixes distract our minds and slow down necessary change. We will give examples, explain them and show you how to spot them.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"Tech(no)fixes beware!","end_timestamp":{"seconds":1703943000,"nanoseconds":0},"android_description":"The climate catastrophe is imminent and global injustice is rising. Now a lot of new (in part digital) tech (AI, blockchain, big data, fusion, quantum computing, genetic engineering) is supposed to help the transition to a sustainable society. Although some of them can actually help with parts of the transition, they are usually discussed not as tools to assist the broader societal change (economic, legal, social, political changes) but as replacement for the broader societal change. In effect they act as \"change placebos\" resulting in \"placebo change\", meaning no change at all.\r\n\r\nUsing concrete examples, this talk wants to 1) show in which ways technological fictions are misused as diversion from the necessary change or already existing other technologies, 2) present reasons and explanations for such misuse and 3) a simple method to spot tech(no)fixes. This talk underlines the necessity to design concrete technical use cases including their social conditions and limitations in order to create a fruitful debate for sustainability-assisting technologies and actually helpful implementations.\n\n\nTech(no)fixes distract our minds and slow down necessary change. We will give examples, explain them and show you how to spot them.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53822],"name":"Rainer Rehak","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52314},{"conference_id":131,"event_ids":[53822],"name":"Friederike Hildebrandt","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52347}],"timeband_id":1143,"links":[],"end":"2023-12-30T13:30:00.000-0000","id":53822,"begin_timestamp":{"seconds":1703940600,"nanoseconds":0},"tag_ids":[46125,46136,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52347},{"tag_id":46107,"sort_order":1,"person_id":52314}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T12:50:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Ätzende Begutachtungen um an OPs zu kommen, das Selbstbestimmungsgesetz verzögert sich immer weiter und TERFs demonstrieren zusammen mit Nazis gegen Kinderlesungen - während wir immer noch auf grundlegendste (trans-) Rechte warten. Wir sind wütend. Wir haben einen Plan. Und wir brauchen deine Unterstützung. \r\n\r\n[Offen für trans/ enby/ questioning und cis Allys]\r\n\r\nWir organisieren im Frühjahr 2024 einen dezentralen Aktionstag zu trans Gesundheit & Zugang zu geschlechtsangleichenden OPs. Wir kämpfen dafür scheiß Gatekeeping abzuschaffen und das geschlechtsangleichende Maßnahmen für alle frei zugänglich sind und niemand mehr beweisen muss \"trans genug\" zu sein. \r\n\r\nWir organisieren diesen Aktionstag, weil uns das einfach sehr direkt betrifft. Wie du mitmachen kannst, wollen wir dir hier erzählen. Auch Menschen ohne jegliche Aktionserfahrung können mitmachen. Du kannst direkt dort, wo du wohnst was machen. \r\n\r\nAuch online am Aktionstag teilnehmen ist möglich. Gerade sammeln wir z.B. kurze Statements von Betroffenen, die scheiß Erfahrungen mit Therapeutis, Ärzt_innen und anderen Gatekeeper*innen gemacht haben. Diese wollen wir zu den Verantwortlichen bringen und für Social Media/ Öffentlichkeitsarbeit nutzen. Statements gerne an: trans_justice[a]riseupDOTnet \r\n\r\n15-20 Minuten Input und danach gerne noch so 15-30 Minuten mit Interessierten vorm Saal quatschen. War nur kein längerer Slot im Saal mehr frei, weil ich mich zu spät entschieden hab das zu machen. xD\r\n\r\nWarum das ganze?\r\nFür trans Rechte wird an vielen Stellen gekämpft. Gerade auf juristischer Ebene leisten Betroffenen-Verbände großartige Arbeit! Dennoch dominieren in der Öffentlichkeit oft TERFs mit transfeindlichen Erzählungen und Stimmen von Betroffenen fehlen. Koordinierte und konfrontative Aktionen können helfen, das zu ändern und Stimmen von Betroffenen in den Fokus zu rücken. Zudem herrscht auch immer noch eine zermürbende Politik des Auf-Später-Vertröstens. Also höchste Zeit mal die Dringlichkeit mit ein paar Aktionen zu untermauern und den Druck zu erhöhen.\n\n\n","title":"Aktionstag für trans* Gesundheit 🏳️‍⚧️ - fight the cistem!","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703941200,"nanoseconds":0},"android_description":"Ätzende Begutachtungen um an OPs zu kommen, das Selbstbestimmungsgesetz verzögert sich immer weiter und TERFs demonstrieren zusammen mit Nazis gegen Kinderlesungen - während wir immer noch auf grundlegendste (trans-) Rechte warten. Wir sind wütend. Wir haben einen Plan. Und wir brauchen deine Unterstützung. \r\n\r\n[Offen für trans/ enby/ questioning und cis Allys]\r\n\r\nWir organisieren im Frühjahr 2024 einen dezentralen Aktionstag zu trans Gesundheit & Zugang zu geschlechtsangleichenden OPs. Wir kämpfen dafür scheiß Gatekeeping abzuschaffen und das geschlechtsangleichende Maßnahmen für alle frei zugänglich sind und niemand mehr beweisen muss \"trans genug\" zu sein. \r\n\r\nWir organisieren diesen Aktionstag, weil uns das einfach sehr direkt betrifft. Wie du mitmachen kannst, wollen wir dir hier erzählen. Auch Menschen ohne jegliche Aktionserfahrung können mitmachen. Du kannst direkt dort, wo du wohnst was machen. \r\n\r\nAuch online am Aktionstag teilnehmen ist möglich. Gerade sammeln wir z.B. kurze Statements von Betroffenen, die scheiß Erfahrungen mit Therapeutis, Ärzt_innen und anderen Gatekeeper*innen gemacht haben. Diese wollen wir zu den Verantwortlichen bringen und für Social Media/ Öffentlichkeitsarbeit nutzen. Statements gerne an: trans_justice[a]riseupDOTnet \r\n\r\n15-20 Minuten Input und danach gerne noch so 15-30 Minuten mit Interessierten vorm Saal quatschen. War nur kein längerer Slot im Saal mehr frei, weil ich mich zu spät entschieden hab das zu machen. xD\r\n\r\nWarum das ganze?\r\nFür trans Rechte wird an vielen Stellen gekämpft. Gerade auf juristischer Ebene leisten Betroffenen-Verbände großartige Arbeit! Dennoch dominieren in der Öffentlichkeit oft TERFs mit transfeindlichen Erzählungen und Stimmen von Betroffenen fehlen. Koordinierte und konfrontative Aktionen können helfen, das zu ändern und Stimmen von Betroffenen in den Fokus zu rücken. Zudem herrscht auch immer noch eine zermürbende Politik des Auf-Später-Vertröstens. Also höchste Zeit mal die Dringlichkeit mit ein paar Aktionen zu untermauern und den Druck zu erhöhen.","updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T13:00:00.000-0000","id":54003,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703940000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","begin":"2023-12-30T12:40:00.000-0000","updated":"2023-12-29T15:25:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In dieser Runde können alle Fragen rund um die Haecksen gestellt werden\r\n\r\n- Sind die Haecksen wirklich der größte Chaostreff vom CCC mit 700 Mitgliedern?\r\n- Was sind die Ziele der Haecksen?\r\n- Wie kann man die Haecksen oder generell Gleichberechtigung unterstützen?\r\n- Warum können zB. cis Männer keine Haecksen werden? \r\n- Warum sind dann trotzdem so ziemlich jeder Workshop der Haecksen für alle Wesen besuchbar?\r\n\r\nDiese Runde ist explizit an Menschen gerichtet, die sich nicht in FINT* wiederfinden können und damit keine unserer anderen Veranstaltungen besuchen können, in denen wir solche Fragen beantworten.\n\n\nDie Haecksen für Nicht-Haecksen - eine Fragerunde","title":"Die Haecksen für Nicht-Haecksen","type":{"conference_id":131,"conference":"37C3","color":"#7f73c6","updated_at":"2023-12-30T22:18+0000","name":"Workshop","id":46133},"android_description":"In dieser Runde können alle Fragen rund um die Haecksen gestellt werden\r\n\r\n- Sind die Haecksen wirklich der größte Chaostreff vom CCC mit 700 Mitgliedern?\r\n- Was sind die Ziele der Haecksen?\r\n- Wie kann man die Haecksen oder generell Gleichberechtigung unterstützen?\r\n- Warum können zB. cis Männer keine Haecksen werden? \r\n- Warum sind dann trotzdem so ziemlich jeder Workshop der Haecksen für alle Wesen besuchbar?\r\n\r\nDiese Runde ist explizit an Menschen gerichtet, die sich nicht in FINT* wiederfinden können und damit keine unserer anderen Veranstaltungen besuchen können, in denen wir solche Fragen beantworten.\n\n\nDie Haecksen für Nicht-Haecksen - eine Fragerunde","end_timestamp":{"seconds":1703944800,"nanoseconds":0},"updated_timestamp":{"seconds":1703808300,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53446,53553],"name":"melzai","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52366}],"timeband_id":1143,"links":[],"end":"2023-12-30T14:00:00.000-0000","id":53553,"tag_ids":[46133,46139],"village_id":null,"begin_timestamp":{"seconds":1703939400,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52366}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"spans_timebands":"N","updated":"2023-12-29T00:05:00.000-0000","begin":"2023-12-30T12:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"ja lol ey wir haben da so Berichte IfG'd und lesen die halt vor.\n\n\nWir decken Probleme in der Gastronomie auf!","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#cd4f7f","name":"Talk","id":46130},"title":"Topf Secret","end_timestamp":{"seconds":1703940300,"nanoseconds":0},"android_description":"ja lol ey wir haben da so Berichte IfG'd und lesen die halt vor.\n\n\nWir decken Probleme in der Gastronomie auf!","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53545],"name":"hexchen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52382}],"timeband_id":1143,"links":[],"end":"2023-12-30T12:45:00.000-0000","id":53545,"begin_timestamp":{"seconds":1703939400,"nanoseconds":0},"tag_ids":[46130,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52382}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T12:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"**Bei den Aufzügen nahe Stage Y.**\r\n\r\nIn diesem Workshop geht es um:\r\n\r\n1. Die besondere Macht des feinen aber kleinen Unterschieds zwischen uni-tuebingen.de und den neuen aber viel besseren unituebingen.de (weil wir sie kontrollieren ;-)) sowie den beeindruckenden Einfluss auf das reichweitenstärkste Pressemedium in Baden-Württemberg.\r\n\r\n2. Wieso die FDP plötzlich richtig viele erboste Anrufe von SUV-Fahrern erhielt.\r\n\r\n3. Dass nicht nur das Straßenbauamt in deiner Straße, in der viel zu viele Autos viel zu schnell fahren, Tempo-30-Schilder aufstellen können, sondern auch du und dein Schraubenzieher auch.\r\n\r\nNach einem kurzen 15-minütigen Bericht über diese Aktionen teilen wir uns in drei Gruppen auf und planen alles, um den jeweiligen Vorschlag in eurer Stadt zu reproduzieren.\r\n\r\n[Weitere Sessions unserer Gruppe gibt es hier.](https://chaos.quasicoherent.io/)\r\n\r\n🧮\n\n\n","title":"Wie eine Gruppe Nerds mit einer Mail, einem Baum und 9,99 € für einen Tag zur Uni Tübingen wurde","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703940600,"nanoseconds":0},"android_description":"**Bei den Aufzügen nahe Stage Y.**\r\n\r\nIn diesem Workshop geht es um:\r\n\r\n1. Die besondere Macht des feinen aber kleinen Unterschieds zwischen uni-tuebingen.de und den neuen aber viel besseren unituebingen.de (weil wir sie kontrollieren ;-)) sowie den beeindruckenden Einfluss auf das reichweitenstärkste Pressemedium in Baden-Württemberg.\r\n\r\n2. Wieso die FDP plötzlich richtig viele erboste Anrufe von SUV-Fahrern erhielt.\r\n\r\n3. Dass nicht nur das Straßenbauamt in deiner Straße, in der viel zu viele Autos viel zu schnell fahren, Tempo-30-Schilder aufstellen können, sondern auch du und dein Schraubenzieher auch.\r\n\r\nNach einem kurzen 15-minütigen Bericht über diese Aktionen teilen wir uns in drei Gruppen auf und planen alles, um den jeweiligen Vorschlag in eurer Stadt zu reproduzieren.\r\n\r\n[Weitere Sessions unserer Gruppe gibt es hier.](https://chaos.quasicoherent.io/)\r\n\r\n🧮","updated_timestamp":{"seconds":1703954760,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T12:50:00.000-0000","id":54034,"village_id":null,"begin_timestamp":{"seconds":1703937600,"nanoseconds":0},"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Foyer Level 2 (In front of the elevators left of Stage Y)","hotel":"","short_name":"Foyer Level 2 (In front of the elevators left of Stage Y)","id":46156},"updated":"2023-12-30T16:46:00.000-0000","begin":"2023-12-30T12:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"3 Herzen schlagen in unserer Brust, wenn wir auf die Digitalisierung des Gesundheitswesens blicken: \r\nNerd, Patient und Anwender. \r\nDie unterschiedlichen und teilweise konkurrierenden Anforderungen abzuwägen und zu vereinen fällt schon der milliardenschweren Industrie nicht leicht. Die Lobbyarbeit der Patienten- und Datenschützer, Ärzte und anderer Anwender ist im Hintertreffen. \r\n\r\nWir setzen uns auch hier wieder gezielt mit der Telematik-Infrastruktur und den Anwendungen wie dem eRezept auseinander. Schwerpunkte liegen auf Sicherheit, Nutzen und Anwendbarkeit.\r\n\r\nUpdate20231228: Aufgrund der vielen Rückmeldungen wurde die Session verlegt auf eine größere Bühne.\r\n\r\n\r\nWe talk about german digital healthcare desaster \"Telematik-Infrastruktur\". \r\n\r\nSos shifted to d4 due to many interested Nerds\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"IT-Security in Arztpraxis und Apotheke","android_description":"3 Herzen schlagen in unserer Brust, wenn wir auf die Digitalisierung des Gesundheitswesens blicken: \r\nNerd, Patient und Anwender. \r\nDie unterschiedlichen und teilweise konkurrierenden Anforderungen abzuwägen und zu vereinen fällt schon der milliardenschweren Industrie nicht leicht. Die Lobbyarbeit der Patienten- und Datenschützer, Ärzte und anderer Anwender ist im Hintertreffen. \r\n\r\nWir setzen uns auch hier wieder gezielt mit der Telematik-Infrastruktur und den Anwendungen wie dem eRezept auseinander. Schwerpunkte liegen auf Sicherheit, Nutzen und Anwendbarkeit.\r\n\r\nUpdate20231228: Aufgrund der vielen Rückmeldungen wurde die Session verlegt auf eine größere Bühne.\r\n\r\n\r\nWe talk about german digital healthcare desaster \"Telematik-Infrastruktur\". \r\n\r\nSos shifted to d4 due to many interested Nerds","end_timestamp":{"seconds":1703944800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T14:00:00.000-0000","id":53987,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703937600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T12:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"At the Chaoswelle assembly we will give a short introduction to the amateur radio activity program \"Parks On The Air\" (POTA for short) and portable operation (duration approx. 30 minutes). Afterwards, we will start a joint park activation with you on shortwave in the \"Planten un Bloomen\" park in the immediate vicinity of the CCH (duration approx. 120 minutes).\r\n\r\nNo previous experience is necessary; the necessary equipment is provided. Those interested in radio are also explicitly invited and can practice practical radio operations with our training call sign.\r\n\r\nWeatherproof clothing is absolutely necessary for radio operations in the park, as we will definitely be going out (exception: freezing rain or thunderstorms).\r\n\r\nThe event takes place on all four days.\n\n\nEinführung in Parks On The Air (POTA) mit DC1TC und DK4HAA","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"POTA – Parks on the Air [Day 4]","android_description":"At the Chaoswelle assembly we will give a short introduction to the amateur radio activity program \"Parks On The Air\" (POTA for short) and portable operation (duration approx. 30 minutes). Afterwards, we will start a joint park activation with you on shortwave in the \"Planten un Bloomen\" park in the immediate vicinity of the CCH (duration approx. 120 minutes).\r\n\r\nNo previous experience is necessary; the necessary equipment is provided. Those interested in radio are also explicitly invited and can practice practical radio operations with our training call sign.\r\n\r\nWeatherproof clothing is absolutely necessary for radio operations in the park, as we will definitely be going out (exception: freezing rain or thunderstorms).\r\n\r\nThe event takes place on all four days.\n\n\nEinführung in Parks On The Air (POTA) mit DC1TC und DK4HAA","end_timestamp":{"seconds":1703946600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T14:30:00.000-0000","id":53549,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703937600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chaoswelle","hotel":"","short_name":"Chaoswelle","id":46141},"begin":"2023-12-30T12:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The weight of past failures can be heavy, but together, we will try to lift it. Dive deep into a nurturing environment where we will destigmatize and transform feelings of defeat to feelings of connection and empathy. This workshop invites you to share, reflect, be empowered and grow from the misses. After all, a refined code emerges from embracing its raw iterations.\n\n\n","title":"Celebrating Failures Workshop","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"The weight of past failures can be heavy, but together, we will try to lift it. Dive deep into a nurturing environment where we will destigmatize and transform feelings of defeat to feelings of connection and empathy. This workshop invites you to share, reflect, be empowered and grow from the misses. After all, a refined code emerges from embracing its raw iterations.","end_timestamp":{"seconds":1703944800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T14:00:00.000-0000","id":53543,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703937600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T12:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Trading domain names for money has historically involved counterparty risk and middlemen. Namecoin changes that with *atomic name trades*.\r\n\r\nThis talk will cover how atomic name trades work in Namecoin, and how we achieved functionality such as non-interactivity, off-chain transactions, and auctions -- all without counterparty risk or trusted third-party intermediaries.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Buying and Selling Domain Names in Namecoin","android_description":"Trading domain names for money has historically involved counterparty risk and middlemen. Namecoin changes that with *atomic name trades*.\r\n\r\nThis talk will cover how atomic name trades work in Namecoin, and how we achieved functionality such as non-interactivity, off-chain transactions, and auctions -- all without counterparty risk or trusted third-party intermediaries.","end_timestamp":{"seconds":1703940000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T12:40:00.000-0000","id":53540,"begin_timestamp":{"seconds":1703937600,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T12:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This talk proposes to look at the russian \"sovereign internet\" project from a decolonialist point of view. This interdisciplinary research is based on almost 6 years of fieldwork, combining network measurements, open data from IODA, OONI, Censored Planet, as well as OSINT investigations, analysis of legal texts, in-depth interviews and web-ethnography. \r\n\r\nTo understand the decolonialist discourses and movements, we have also analyzed Telegram as an environment where these discourses are being multiplied since the beginning of the full-scale invasion of Ukraine. With colleagues from Raspad.Network we scraped and analyzed a corpus of Telegram channels dedicated to regionalist, indigenous, local agenda and visualized connections and disparities between different indigenous and regionalist movements. We tried to distinguish between grassroots groups and curated organizations tied to larger orchestrated disinformation campaigns. In our talk we will showcase some of the highlights from this study and share some visualizations based on graph analysis that will help the audience to learn more about the multitude of decolonialist movements within Russia.\r\n\r\nThe talk proposes to consider inequalities of access to information and connectivity across different territories of the so-called Russian Federation. Looking at past events of local/regional internet shutdowns — starting from informational annexation of Crimea in 2014, followed by the remarkable shutdowns in 2018 in Ingushetia, as well as more recent events in Dagestan and other less \"mediatized\" shutdown or throttling cases, we argue that the so-called Runet is not a homogeneous space, but actually a multitude of different \"lived experiences\". \r\n\r\nIt is well-known in the space of internet science that Russia has a diverse ISP space and counts more than 3500 Internet Service Providers. However, it is much less noticed that these ISPs are not equally distributed across the territory, and not without consequence. We argue that the so-called \"Tcheburnet\" (a commonly used term for \"Russian autonomous and sovereign Internet\" project) is in fact a heterogeneous construct. There is no \"Cheburnet\", but there are \"Cheburnets\". \r\n\r\nThe experiences of Runet largely depend on the regions where users live, as well as on their ethnicity, their political views and online cultures. We argue that a region's resilience to shutdowns (but also to mainstream propaganda) correlates with the amount of Autonomous System Numbers and the diversity of the ISP market (and disparities in distribution of those are also historically grounded in the \"soviet project\").\r\n\r\nWe propose to analyze information control and censorship in terms of \"experience\", as it impacts interactions between humans, affects their lives on a daily basis and therefore shapes the worlds they live in. Our talk is using a rich ethnographic material to show how people describe problems they encounter with connectivity (especially since Russia has started its war on VPNs). We invite VPN providers and circumvention tool developers to embrace users' perceptions and feelings about what means \"working\" and what means \"not working\". \r\n\r\nWhile in the network measurement space it is common to either rely on remote measurements, or on probes run by volunteers inside their networks, there is also a qualitative part that should be taken into account to provide a more human-centric, more realistic analysis of what users on the ground experience while interacting with their devices. \r\n\r\nThis talk is also a call against resignation, a call for hackers, VPN providers, circumvention tech developers and Internet freedom activists to actively support indigenous struggles inside \"russia\" and take into consideration multitudes of experiences within the so-called umbrella \"runet\". \n\n\nThis talk proposes to look at the russian \"sovereign internet\" project from a decolonialist point of view. First, it provides an analysis of a corpus of Telegram channels of indigenous, decolonialist and regionalist movements to map the growing space of \"post-Russian\" discourses. Secondly, it suggests to consider inequalities of access to information and connectivity across different territories of the so-called Russian Federation. Looking at past events of local/regional internet shutdowns. It describes the so-called Runet not as a homogeneous space, but actually a multitude of different \"lived experiences\". It proposes a framework to analyze regional shutdown-resilience and understand how Russia has been tightening its control on specific regions.","title":"Decolonize runet! Decolonize network measurements! A provocative take on the Russian sovereign internet project ","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"This talk proposes to look at the russian \"sovereign internet\" project from a decolonialist point of view. This interdisciplinary research is based on almost 6 years of fieldwork, combining network measurements, open data from IODA, OONI, Censored Planet, as well as OSINT investigations, analysis of legal texts, in-depth interviews and web-ethnography. \r\n\r\nTo understand the decolonialist discourses and movements, we have also analyzed Telegram as an environment where these discourses are being multiplied since the beginning of the full-scale invasion of Ukraine. With colleagues from Raspad.Network we scraped and analyzed a corpus of Telegram channels dedicated to regionalist, indigenous, local agenda and visualized connections and disparities between different indigenous and regionalist movements. We tried to distinguish between grassroots groups and curated organizations tied to larger orchestrated disinformation campaigns. In our talk we will showcase some of the highlights from this study and share some visualizations based on graph analysis that will help the audience to learn more about the multitude of decolonialist movements within Russia.\r\n\r\nThe talk proposes to consider inequalities of access to information and connectivity across different territories of the so-called Russian Federation. Looking at past events of local/regional internet shutdowns — starting from informational annexation of Crimea in 2014, followed by the remarkable shutdowns in 2018 in Ingushetia, as well as more recent events in Dagestan and other less \"mediatized\" shutdown or throttling cases, we argue that the so-called Runet is not a homogeneous space, but actually a multitude of different \"lived experiences\". \r\n\r\nIt is well-known in the space of internet science that Russia has a diverse ISP space and counts more than 3500 Internet Service Providers. However, it is much less noticed that these ISPs are not equally distributed across the territory, and not without consequence. We argue that the so-called \"Tcheburnet\" (a commonly used term for \"Russian autonomous and sovereign Internet\" project) is in fact a heterogeneous construct. There is no \"Cheburnet\", but there are \"Cheburnets\". \r\n\r\nThe experiences of Runet largely depend on the regions where users live, as well as on their ethnicity, their political views and online cultures. We argue that a region's resilience to shutdowns (but also to mainstream propaganda) correlates with the amount of Autonomous System Numbers and the diversity of the ISP market (and disparities in distribution of those are also historically grounded in the \"soviet project\").\r\n\r\nWe propose to analyze information control and censorship in terms of \"experience\", as it impacts interactions between humans, affects their lives on a daily basis and therefore shapes the worlds they live in. Our talk is using a rich ethnographic material to show how people describe problems they encounter with connectivity (especially since Russia has started its war on VPNs). We invite VPN providers and circumvention tool developers to embrace users' perceptions and feelings about what means \"working\" and what means \"not working\". \r\n\r\nWhile in the network measurement space it is common to either rely on remote measurements, or on probes run by volunteers inside their networks, there is also a qualitative part that should be taken into account to provide a more human-centric, more realistic analysis of what users on the ground experience while interacting with their devices. \r\n\r\nThis talk is also a call against resignation, a call for hackers, VPN providers, circumvention tech developers and Internet freedom activists to actively support indigenous struggles inside \"russia\" and take into consideration multitudes of experiences within the so-called umbrella \"runet\". \n\n\nThis talk proposes to look at the russian \"sovereign internet\" project from a decolonialist point of view. First, it provides an analysis of a corpus of Telegram channels of indigenous, decolonialist and regionalist movements to map the growing space of \"post-Russian\" discourses. Secondly, it suggests to consider inequalities of access to information and connectivity across different territories of the so-called Russian Federation. Looking at past events of local/regional internet shutdowns. It describes the so-called Runet not as a homogeneous space, but actually a multitude of different \"lived experiences\". It proposes a framework to analyze regional shutdown-resilience and understand how Russia has been tightening its control on specific regions.","end_timestamp":{"seconds":1703939700,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"end":"2023-12-30T12:35:00.000-0000","links":[{"label":"Analysis of decolonialist movements on Telegram","type":"link","url":"https://raspad.network"}],"id":53835,"tag_ids":[46121,46136,46140],"village_id":null,"begin_timestamp":{"seconds":1703937300,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T11:55:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Mit der raschen Entwicklung und Verbreitung von Roboterwaffen fangen Maschinen an, den Platz des Menschen auf dem Schlachtfeld einzunehmen. Einige Expertinnen aus Militär und Robotik schätzen, dass „Killerroboter\" – vollständig autonome Waffen, die ganz ohne menschliches Eingreifen Ziele selektieren und angreifen können – innerhalb von 10 bis 15 Jahren entwickelt werden könnten. Aktuelle Beurteilungen des Militärs sagen aus, dass der Mensch immer eine gewisse Aufsicht über die Entscheidungen hat, tödliche Gewalt anzuwenden, jedoch lassen diese Aussagen oft die Möglichkeit offen, dass autonome Systeme eines Tages selbst die Fähigkeit haben, solche Entscheidungen aus eigener Kraft zu treffen, und somit der Mensch aus dem Entscheidungsprozess herausgenommen wird.\r\n\r\nIn diesem Zusammenhang ist es wahrscheinlich, dass autonome Systeme in naher Zukunft auch in Drohnen und Systemen zum Einsatz kommen, die auf hoher See, an Land und im Weltall autonom operieren können. Und während die Drohnentechnologie als solche keine völkerrechtlichen Probleme bereitet, ist es im Falle von autonomen Waffensystemen, bei denen Entscheidungen über Leben und Tod an Maschinen delegiert werden sollen, die Technik selbst, die grundlegende ethische und (völker-)rechtliche Fragen aufwirft.\r\n\r\nDie Kriegssituation ist eine Welt der Algorithmen. Die Kunst ist der Anwalt der Gegen Algorithmen.\r\n\r\nDurch die Entwicklunge in diesem Bereich haben sich durch eine vielzahl an Ereignissen Akteure in Stellung gebracht und versuchen unter anderem mit Hilfe der Kunstfreiheit ihre Technologien in Europa zu verbreiten. Der Vortrag möchte aufzeigen, welche Künstlerischen Möglichkeiten es gegen den \"Krieg der Algorithmen\" gibt und die Frage aufwerfen, welche Verantwortung wir als Künstler\\*innen bei der Nutzung von Technologie haben. Wir müssen stärker den je unser Werkzeug und die Partner hinterfragen, denen wir helfen könnten, ihre Technologien voranzutreiben.\n\n\nDie rapide Entwicklung autonomer Waffensysteme wirft drängende ethische und rechtliche Fragen auf. Ihre Anwendung hat kann weitreichende Auswirkungen auf militärische und zivile Bereiche haben. Der Vortrag beleuchtet die Technologien hinter dieser tödlichen Autonomie und veranschaulicht, wie die Kunstfreiheit von der Industrie angeignet wird, um Überwachungs und Militärtechnologie voranzutreiben. Welche Verwantwortung haben wir als Künstler\\*innen, wenn wir digitale Werkzeuge verwenden ? Müssen wir stärker denn je unser Werkzeug und die Partner hinterfragen, denen wir helfen könnten, ihre tötlichen Technologien voranzutreiben ?","title":"Zapfenstreich","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703939700,"nanoseconds":0},"android_description":"Mit der raschen Entwicklung und Verbreitung von Roboterwaffen fangen Maschinen an, den Platz des Menschen auf dem Schlachtfeld einzunehmen. Einige Expertinnen aus Militär und Robotik schätzen, dass „Killerroboter\" – vollständig autonome Waffen, die ganz ohne menschliches Eingreifen Ziele selektieren und angreifen können – innerhalb von 10 bis 15 Jahren entwickelt werden könnten. Aktuelle Beurteilungen des Militärs sagen aus, dass der Mensch immer eine gewisse Aufsicht über die Entscheidungen hat, tödliche Gewalt anzuwenden, jedoch lassen diese Aussagen oft die Möglichkeit offen, dass autonome Systeme eines Tages selbst die Fähigkeit haben, solche Entscheidungen aus eigener Kraft zu treffen, und somit der Mensch aus dem Entscheidungsprozess herausgenommen wird.\r\n\r\nIn diesem Zusammenhang ist es wahrscheinlich, dass autonome Systeme in naher Zukunft auch in Drohnen und Systemen zum Einsatz kommen, die auf hoher See, an Land und im Weltall autonom operieren können. Und während die Drohnentechnologie als solche keine völkerrechtlichen Probleme bereitet, ist es im Falle von autonomen Waffensystemen, bei denen Entscheidungen über Leben und Tod an Maschinen delegiert werden sollen, die Technik selbst, die grundlegende ethische und (völker-)rechtliche Fragen aufwirft.\r\n\r\nDie Kriegssituation ist eine Welt der Algorithmen. Die Kunst ist der Anwalt der Gegen Algorithmen.\r\n\r\nDurch die Entwicklunge in diesem Bereich haben sich durch eine vielzahl an Ereignissen Akteure in Stellung gebracht und versuchen unter anderem mit Hilfe der Kunstfreiheit ihre Technologien in Europa zu verbreiten. Der Vortrag möchte aufzeigen, welche Künstlerischen Möglichkeiten es gegen den \"Krieg der Algorithmen\" gibt und die Frage aufwerfen, welche Verantwortung wir als Künstler\\*innen bei der Nutzung von Technologie haben. Wir müssen stärker den je unser Werkzeug und die Partner hinterfragen, denen wir helfen könnten, ihre Technologien voranzutreiben.\n\n\nDie rapide Entwicklung autonomer Waffensysteme wirft drängende ethische und rechtliche Fragen auf. Ihre Anwendung hat kann weitreichende Auswirkungen auf militärische und zivile Bereiche haben. Der Vortrag beleuchtet die Technologien hinter dieser tödlichen Autonomie und veranschaulicht, wie die Kunstfreiheit von der Industrie angeignet wird, um Überwachungs und Militärtechnologie voranzutreiben. Welche Verwantwortung haben wir als Künstler\\*innen, wenn wir digitale Werkzeuge verwenden ? Müssen wir stärker denn je unser Werkzeug und die Partner hinterfragen, denen wir helfen könnten, ihre tötlichen Technologien voranzutreiben ?","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53828],"name":"Simon Weckert","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52380}],"timeband_id":1143,"links":[{"label":"Stop Killer Robots","type":"link","url":"https://www.stopkillerrobots.org"},{"label":"Zapfenstreich (Human-out-of-the-loop)","type":"link","url":"https://simonweckert.com/zapfenstreich.html"}],"end":"2023-12-30T12:35:00.000-0000","id":53828,"tag_ids":[46118,46136,46139],"village_id":null,"begin_timestamp":{"seconds":1703937300,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52380}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T11:55:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Rotary-dial analogue phones were once a necessity, but now they lay dormant on shelves or tucked away in attics. This is largely due to the replacement of traditional landlines with fibre-optic modems, rendering analogue phones obsolete.\r\nIn addition to their sentimental value, rotary dial phones provide several advantages, including reduced electrosmog emissions, protection against eavesdropping, repurposing outdated technology, and promoting a slower pace of life.\r\nThe contribution explains how to build a private telephone exchange for eight people using rotary dial phones. The exchange is powered by a Raspberry Pi and custom analogue electronics. The following themes are covered:\r\n- The construction of a PBX which resembles telephone exchanges in various countries worldwide, giving users a realistic experience.\r\n- Handling of call initiation, routing, full duplex voice transmission and human-machine communication.\r\n- The software implementation on the Raspberry Pi running Linux. \r\n- A study of enhancing the open-source software with additional functionalities.\r\n\r\nDue to the readily available Raspberry Pi hardware and software programmability, this project invites everyone to participate.\r\n\r\n\n\n\nAn open source project involving an automated telephone exchange powered by Raspberry Pi, utilizing old rotary phones. The system imitates exchange setups from different countries across the globe, allowing users to feel the genuine experience.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Analog rotary phones get a second life with raspberry pi","android_description":"Rotary-dial analogue phones were once a necessity, but now they lay dormant on shelves or tucked away in attics. This is largely due to the replacement of traditional landlines with fibre-optic modems, rendering analogue phones obsolete.\r\nIn addition to their sentimental value, rotary dial phones provide several advantages, including reduced electrosmog emissions, protection against eavesdropping, repurposing outdated technology, and promoting a slower pace of life.\r\nThe contribution explains how to build a private telephone exchange for eight people using rotary dial phones. The exchange is powered by a Raspberry Pi and custom analogue electronics. The following themes are covered:\r\n- The construction of a PBX which resembles telephone exchanges in various countries worldwide, giving users a realistic experience.\r\n- Handling of call initiation, routing, full duplex voice transmission and human-machine communication.\r\n- The software implementation on the Raspberry Pi running Linux. \r\n- A study of enhancing the open-source software with additional functionalities.\r\n\r\nDue to the readily available Raspberry Pi hardware and software programmability, this project invites everyone to participate.\r\n\r\n\n\n\nAn open source project involving an automated telephone exchange powered by Raspberry Pi, utilizing old rotary phones. The system imitates exchange setups from different countries across the globe, allowing users to feel the genuine experience.","end_timestamp":{"seconds":1703939700,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53821],"name":"Hans Gelke","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52256}],"timeband_id":1143,"links":[{"label":"Github Account for Software","type":"link","url":"https://github.com/hansgelke/retro_v3"}],"end":"2023-12-30T12:35:00.000-0000","id":53821,"tag_ids":[46122,46136,46140],"village_id":null,"begin_timestamp":{"seconds":1703937300,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52256}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","begin":"2023-12-30T11:55:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Hosts: Cent and Nimbus\n\n\nA discussion and knowledge sharing meetup to exchange experiences with, and reflections on the sustainability of, collective forms of decision-making in online communities. The meetup will progressively extend the notion of sustainability to explore, for example, ways that the sustainability of collective decision-making experiences and processes might change when navigating systems that either introduce or foreground non- and more-than-human agents and representational practices.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Governance meetup: decision-making experiences and sustainability in online communities","android_description":"Hosts: Cent and Nimbus\n\n\nA discussion and knowledge sharing meetup to exchange experiences with, and reflections on the sustainability of, collective forms of decision-making in online communities. The meetup will progressively extend the notion of sustainability to explore, for example, ways that the sustainability of collective decision-making experiences and processes might change when navigating systems that either introduce or foreground non- and more-than-human agents and representational practices.","end_timestamp":{"seconds":1703940300,"nanoseconds":0},"updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T12:45:00.000-0000","id":54008,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703936700,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","updated":"2023-12-30T01:42:00.000-0000","begin":"2023-12-30T11:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Vergesst DVD, vergesst streaming. In der heutigen Folge des Failpodcast reden wir über Bildschallplatten und andere Hypegegenstände die spektakulär gefailt sind. \r\nBeim Och Menno Podcast geht es normalerweise über Sachen die irgendwie schief gehen. Diesmal halt in der Unterhaltungsindustrie.\r\n\r\nEs wird sich um eine Aufzeichnung handeln.\n\n\nHype war ja schon immer ein Keyfeature vieler Produkte. Auf dieser kleinen Reise reden wir passend zu einem Streamingevent über Videoschallplatten, VMD, DVD Plus oder Minus, Flexplay, Laserdisc, DIVX und vielleicht auch über ein paar Kickstarter. Es soll eine unterhaltsame Rundreise über Produkte die heute in unseren Wohznzimmern stehen könnten, es aber deutlich nicht tun. Welche Fails und Fehlentscheidungen haben dazu geführt ?","title":"Och Menno-Fails bei Unterhaltungsprodukten","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#6fdce3","name":"Talk 30 min + 10 min Q&A","id":46131},"end_timestamp":{"seconds":1703938200,"nanoseconds":0},"android_description":"Vergesst DVD, vergesst streaming. In der heutigen Folge des Failpodcast reden wir über Bildschallplatten und andere Hypegegenstände die spektakulär gefailt sind. \r\nBeim Och Menno Podcast geht es normalerweise über Sachen die irgendwie schief gehen. Diesmal halt in der Unterhaltungsindustrie.\r\n\r\nEs wird sich um eine Aufzeichnung handeln.\n\n\nHype war ja schon immer ein Keyfeature vieler Produkte. Auf dieser kleinen Reise reden wir passend zu einem Streamingevent über Videoschallplatten, VMD, DVD Plus oder Minus, Flexplay, Laserdisc, DIVX und vielleicht auch über ein paar Kickstarter. Es soll eine unterhaltsame Rundreise über Produkte die heute in unseren Wohznzimmern stehen könnten, es aber deutlich nicht tun. Welche Fails und Fehlentscheidungen haben dazu geführt ?","updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53572,53522,53723,54019],"name":"Sven Uckermann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52388}],"timeband_id":1143,"links":[],"end":"2023-12-30T12:10:00.000-0000","id":54019,"tag_ids":[46131,46139],"begin_timestamp":{"seconds":1703935800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52388}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"begin":"2023-12-30T11:30:00.000-0000","updated":"2023-12-29T15:25:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Chill meet-up for anarchist exchange about our experiences of the 37c3 and future anarchist brainstorming.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Anarchist meetup","android_description":"Chill meet-up for anarchist exchange about our experiences of the 37c3 and future anarchist brainstorming.","end_timestamp":{"seconds":1703937600,"nanoseconds":0},"updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T12:00:00.000-0000","id":54018,"begin_timestamp":{"seconds":1703935800,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Freie Arbeiter*innen Union (FAU)","hotel":"","short_name":"Freie Arbeiter*innen Union (FAU)","id":46146},"spans_timebands":"N","begin":"2023-12-30T11:30:00.000-0000","updated":"2023-12-29T15:25:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The talk will start with a description of what hardware is typically found in a smartphone and its freedom implications.\r\n\r\nOnce this is done we will look at several smartphones models (PinePhone, PinePhone PRO, Librem 5, regular LineageOS and/or Fairphone 1/2/3/4/5) and compare the implications of the hardware design and component choices both for freedom usability (for instance does suspend-to-ram currently work), and other factors affecting the ability to use the device.\r\n\r\nWe will then look at Android and GNU/Linux operating systems / distributions, and the application ecosystems around them (F-Droid, Android SDK, type of applications available, compatibility layers like Waydroid) for these smartphones, with a focus on fundamental differences that impact end users freedom and usability.\n\n\n","title":"Smartphones freedom status in 2023","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"The talk will start with a description of what hardware is typically found in a smartphone and its freedom implications.\r\n\r\nOnce this is done we will look at several smartphones models (PinePhone, PinePhone PRO, Librem 5, regular LineageOS and/or Fairphone 1/2/3/4/5) and compare the implications of the hardware design and component choices both for freedom usability (for instance does suspend-to-ram currently work), and other factors affecting the ability to use the device.\r\n\r\nWe will then look at Android and GNU/Linux operating systems / distributions, and the application ecosystems around them (F-Droid, Android SDK, type of applications available, compatibility layers like Waydroid) for these smartphones, with a focus on fundamental differences that impact end users freedom and usability.","end_timestamp":{"seconds":1703937600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T12:00:00.000-0000","id":53984,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703935800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"begin":"2023-12-30T11:30:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"I want to create a space for those who like to explore movement together with other bodies.\r\n\r\nIn the field between the dance and movement form \"[↗ Contact Improvisation](https://events.ccc.de/congress/2023/hub/dereferrer/https%3A//en.wikipedia.org/wiki/Contact_improvisation)\", massage/bodywork and attentive playfight it is a space of couriosity, kinesthetic stimulus, play with momentum, inertia, weight and (dis)balance, sensation, slowness, speed, suddenness, somatic communication, ... -- where you can decide which qualities you like.\r\n\r\nI like to begin with a small check-in and starting with couriosity-driven \"bodywork\" (= a bit like massage, but more to get to know how the body mechanically functions and can move). From this I like it to develop into a space of free exploration and jamming. Maybe a [↗ round robin](https://en.wikipedia.org/wiki/Contact_improvisation#Round_robin) will be included.\r\n\r\nIt can be in solo, duo, or a group, and change dynamically.\r\n\r\n---\r\n\r\nEarly drop out possible. \r\nLater drop-in possible if you are confident with the practise.\r\n\r\n---\r\n\r\nPlease bring if you have clothing that does not obstruct your movement (sports pants are fine, pyjamas too. If you don't have, your normal throusers also work.) Lay down any earrings, uncovered larger piercings, or other things that might entangle in other persons hair or so (you can do it just at the spot). \r\nWe put off our shoes, too.\r\n\r\n---\r\n\r\n**A bit more about \"[Contact Improvisation](https://events.ccc.de/congress/2023/hub/dereferrer/https%3A//en.wikipedia.org/wiki/Contact_improvisation)\":**\r\n\r\nEssentially, it is a form of movement which strongly uses the kinesthetic sense, where people (mostly: 2, but can range from solo to many) usually communicate by body contact and it can range from slow to fast; from acrobatic to floor level; from deeply sensing to theatralic ...\r\n\r\nIt can be driven by exploring which movements are possible together which are not possible alone. It can enhance your own understanding of your centre of mass, of dealing with momentum and inertia, of catching yourself, of balancing together. It can nourish the need to somatic communication.\r\n\r\nExperiment with the physicality that arises by moving in mutual physical contact. Momemtum, inertia, (dis)balance. Flying, falling, rolling. Slow, fast, sensual, acrobatic, performative. Kinesthetic sense. Solo, duo, group.\r\n\r\nI titled this session \"Somatic explorations in contact\" because I also want to invite the playfulness of physical manipulations, different activity roles, etc., which usually are found more in the playfight or the massage fields.\r\n\r\n---\r\n\r\nI will not give a complete workshop. So it is for people who feel confident navigating such spaces. If you are courios, feel free to come, you can always go to the side!\r\n\r\nThis is _not_ an erotic space. Please do not come with the desires for erotics or to find sex partners. Also, we all stays clothed.\r\n\r\n**Content Warning:** For those participating, spontaneous body contact is about to happen.\r\n\r\nThe room is big and at this time usually is quiet, but still open to the 37C3-public. So participants should be fine that there is no complete seclusion.\r\n\r\n*🧮* \r\n*offered by: [@dreieck](https://events.ccc.de/congress/2023/hub/user/dreieck/)*\n\n\n","title":"Somatic explorations in contact, Contact Improvisation: Couriosity-driven and explorations in the field of Contact Improvisation with influxes from massage/bodywork and playfight. and","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703941200,"nanoseconds":0},"android_description":"I want to create a space for those who like to explore movement together with other bodies.\r\n\r\nIn the field between the dance and movement form \"[↗ Contact Improvisation](https://events.ccc.de/congress/2023/hub/dereferrer/https%3A//en.wikipedia.org/wiki/Contact_improvisation)\", massage/bodywork and attentive playfight it is a space of couriosity, kinesthetic stimulus, play with momentum, inertia, weight and (dis)balance, sensation, slowness, speed, suddenness, somatic communication, ... -- where you can decide which qualities you like.\r\n\r\nI like to begin with a small check-in and starting with couriosity-driven \"bodywork\" (= a bit like massage, but more to get to know how the body mechanically functions and can move). From this I like it to develop into a space of free exploration and jamming. Maybe a [↗ round robin](https://en.wikipedia.org/wiki/Contact_improvisation#Round_robin) will be included.\r\n\r\nIt can be in solo, duo, or a group, and change dynamically.\r\n\r\n---\r\n\r\nEarly drop out possible. \r\nLater drop-in possible if you are confident with the practise.\r\n\r\n---\r\n\r\nPlease bring if you have clothing that does not obstruct your movement (sports pants are fine, pyjamas too. If you don't have, your normal throusers also work.) Lay down any earrings, uncovered larger piercings, or other things that might entangle in other persons hair or so (you can do it just at the spot). \r\nWe put off our shoes, too.\r\n\r\n---\r\n\r\n**A bit more about \"[Contact Improvisation](https://events.ccc.de/congress/2023/hub/dereferrer/https%3A//en.wikipedia.org/wiki/Contact_improvisation)\":**\r\n\r\nEssentially, it is a form of movement which strongly uses the kinesthetic sense, where people (mostly: 2, but can range from solo to many) usually communicate by body contact and it can range from slow to fast; from acrobatic to floor level; from deeply sensing to theatralic ...\r\n\r\nIt can be driven by exploring which movements are possible together which are not possible alone. It can enhance your own understanding of your centre of mass, of dealing with momentum and inertia, of catching yourself, of balancing together. It can nourish the need to somatic communication.\r\n\r\nExperiment with the physicality that arises by moving in mutual physical contact. Momemtum, inertia, (dis)balance. Flying, falling, rolling. Slow, fast, sensual, acrobatic, performative. Kinesthetic sense. Solo, duo, group.\r\n\r\nI titled this session \"Somatic explorations in contact\" because I also want to invite the playfulness of physical manipulations, different activity roles, etc., which usually are found more in the playfight or the massage fields.\r\n\r\n---\r\n\r\nI will not give a complete workshop. So it is for people who feel confident navigating such spaces. If you are courios, feel free to come, you can always go to the side!\r\n\r\nThis is _not_ an erotic space. Please do not come with the desires for erotics or to find sex partners. Also, we all stays clothed.\r\n\r\n**Content Warning:** For those participating, spontaneous body contact is about to happen.\r\n\r\nThe room is big and at this time usually is quiet, but still open to the 37C3-public. So participants should be fine that there is no complete seclusion.\r\n\r\n*🧮* \r\n*offered by: [@dreieck](https://events.ccc.de/congress/2023/hub/user/dreieck/)*","updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T13:00:00.000-0000","id":53970,"begin_timestamp":{"seconds":1703935800,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Hall 4 (\"Main Lounge\")","hotel":"","short_name":"Hall 4 (\"Main Lounge\")","id":46169},"begin":"2023-12-30T11:30:00.000-0000","updated":"2023-12-30T01:42:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We talk a lot about surveilence, censorship, privacy, etc, but what about in more extreme authoritarian regions where the regimes cut off the internet to stop citizens from spreading information and communicating? In 2022 alone, the #KeepItOn campaign recorded 187 internet shutdowns in 35 countries. How can activists spread information and action plan during uprisings? How can journalists report and publish without the internet? How can the opposition fight against propaganda during the election?\r\n\r\nIn different field including academic research, hactivism, tools for freedom, internet shutdown seems to be getting less attention than other topics. Let's brainstorm for those who are struggling in authoritarian regimes. \r\n\r\nLet's have a tea and share our thoughts, experience, knowledge, or anything about Internet Shutdown Circumvention. \r\n\r\nWhere to find us: I'm a female with partically orange hair. If you can't make it to the event, but still want to connect, ping me on Matrix! @mooncakebaby:matrix.org\n\n\nLet's talk anything about Internet Shutdown - impacts, experiences, repressions tactics, circumvention, latest news, and more..","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Internet Shutdown Circumvention: Experience and Brainstorm","android_description":"We talk a lot about surveilence, censorship, privacy, etc, but what about in more extreme authoritarian regions where the regimes cut off the internet to stop citizens from spreading information and communicating? In 2022 alone, the #KeepItOn campaign recorded 187 internet shutdowns in 35 countries. How can activists spread information and action plan during uprisings? How can journalists report and publish without the internet? How can the opposition fight against propaganda during the election?\r\n\r\nIn different field including academic research, hactivism, tools for freedom, internet shutdown seems to be getting less attention than other topics. Let's brainstorm for those who are struggling in authoritarian regimes. \r\n\r\nLet's have a tea and share our thoughts, experience, knowledge, or anything about Internet Shutdown Circumvention. \r\n\r\nWhere to find us: I'm a female with partically orange hair. If you can't make it to the event, but still want to connect, ping me on Matrix! @mooncakebaby:matrix.org\n\n\nLet's talk anything about Internet Shutdown - impacts, experiences, repressions tactics, circumvention, latest news, and more..","end_timestamp":{"seconds":1703937600,"nanoseconds":0},"updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T12:00:00.000-0000","id":54028,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703934000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"House","hotel":"","short_name":"House","id":46137},"spans_timebands":"N","updated":"2023-12-30T01:42:00.000-0000","begin":"2023-12-30T11:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"...den es noch nicht gibt, aber vielleicht ja bald;)\r\n\r\nEine rein pflanzliche Ernährung ist bekanntlich nicht nur gut für die Tiere, sondern auch für die Umwelt, (potenziell) die Gesundheit, andere Menschen (ressourcenschonend) usw. \r\n\r\nJede:r vegan Lebende weiß jedoch, wie schwer es sein kann Gleichgesinnte zu finden und sich mit diesen zu vernetzten. \r\nViele von euch kommen zum Congress und freuen sich darüber endlich normale Menschen um sich zu haben.\r\nWir fänden es schön diejenigen aus dem Schnitt beider Gruppen zusammenzubringen. \r\nWarum? Das können wir dann diskutieren. \r\n\r\nIdeen wären:\r\nAustausch, Unterstützung, Planung von Talks/Workshops/Shows/Essen/... für die kommenden *c3 (vllt. ein gemeinsames Assembly?), gemeinsame Aktionen/(Tierrechts-)Aktivismus, (digitale) Unterstützung veganer Projekte (bspw. Lebenshöfe), „Bodyhacking“-Ernährungsplatform uvm.\r\n\r\nDies ist somit kein Talk, sondern ein Gruppentreffen und jede:r Interessierte ist herzlich willkommen!\r\n\r\nLink zur Matrix-Gruppe:\r\nhttps://matrix.to/#/!YYZxmyPKqKSwnYTzXk:matrix.cyber4edu.org?via=matrix.cyber4edu.org\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Spontanes 0. Treffen des Vegan Chaos Club, …","end_timestamp":{"seconds":1703935800,"nanoseconds":0},"android_description":"...den es noch nicht gibt, aber vielleicht ja bald;)\r\n\r\nEine rein pflanzliche Ernährung ist bekanntlich nicht nur gut für die Tiere, sondern auch für die Umwelt, (potenziell) die Gesundheit, andere Menschen (ressourcenschonend) usw. \r\n\r\nJede:r vegan Lebende weiß jedoch, wie schwer es sein kann Gleichgesinnte zu finden und sich mit diesen zu vernetzten. \r\nViele von euch kommen zum Congress und freuen sich darüber endlich normale Menschen um sich zu haben.\r\nWir fänden es schön diejenigen aus dem Schnitt beider Gruppen zusammenzubringen. \r\nWarum? Das können wir dann diskutieren. \r\n\r\nIdeen wären:\r\nAustausch, Unterstützung, Planung von Talks/Workshops/Shows/Essen/... für die kommenden *c3 (vllt. ein gemeinsames Assembly?), gemeinsame Aktionen/(Tierrechts-)Aktivismus, (digitale) Unterstützung veganer Projekte (bspw. Lebenshöfe), „Bodyhacking“-Ernährungsplatform uvm.\r\n\r\nDies ist somit kein Talk, sondern ein Gruppentreffen und jede:r Interessierte ist herzlich willkommen!\r\n\r\nLink zur Matrix-Gruppe:\r\nhttps://matrix.to/#/!YYZxmyPKqKSwnYTzXk:matrix.cyber4edu.org?via=matrix.cyber4edu.org","updated_timestamp":{"seconds":1703954760,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T11:30:00.000-0000","id":54014,"village_id":null,"begin_timestamp":{"seconds":1703934000,"nanoseconds":0},"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"updated":"2023-12-30T16:46:00.000-0000","begin":"2023-12-30T11:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Es geht um große Dinge: Dyson Sphären und Imperien mit unzähligen Planeten. Wer ist mächtiger? die Föderation der Planeten, das Imperium von Trantor oder ein einzelnes voll ausgebautes Sonnensystem? \r\n\r\nAnfangs gibt es Raumstationen wie die ISS, dann rotierende Raumkolonien, irgendwann einen Ring um die Erde. Und eine Ringwelt um die Sonne ist erst der Anfang, wenn man eine Dyson Sphäre bauen will. Der mögliche Weg von rotierenden Zylindern zur Kardashev 2 Zivilisation. \r\n\r\nSpoiler: Dyson Sphären werden unterschätzt und eigentlich können wir mit heutiger Technologie schon einen Dyson Schwarm bauen. Es ist nur verdammt viel Arbeit für die Bots.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Megastrukturen und Galaktische Imperien (Wie man eine Dyson Sphäre baut)","android_description":"Es geht um große Dinge: Dyson Sphären und Imperien mit unzähligen Planeten. Wer ist mächtiger? die Föderation der Planeten, das Imperium von Trantor oder ein einzelnes voll ausgebautes Sonnensystem? \r\n\r\nAnfangs gibt es Raumstationen wie die ISS, dann rotierende Raumkolonien, irgendwann einen Ring um die Erde. Und eine Ringwelt um die Sonne ist erst der Anfang, wenn man eine Dyson Sphäre bauen will. Der mögliche Weg von rotierenden Zylindern zur Kardashev 2 Zivilisation. \r\n\r\nSpoiler: Dyson Sphären werden unterschätzt und eigentlich können wir mit heutiger Technologie schon einen Dyson Schwarm bauen. Es ist nur verdammt viel Arbeit für die Bots.","end_timestamp":{"seconds":1703937000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T11:50:00.000-0000","id":53986,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703934000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"N","begin":"2023-12-30T11:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Electronic voting is hard to observe because one can't directly see into computers. In case of Estonia, the cryptographic measures to verify the processes are only partially implemented, but as voters have to download a voting application that implements a protocol with a public specification, observers/voters can obtain a special insight into processes by implementing their own tools to cast and verify the votes.\r\n\r\nEngaging in that kind of participative observation with special tools in 2023 parliamentary elections in Estonia it appeared that the official voting software implemented the process that was not following the specification up to the point of diverging from requirements set in laws and subordinate regulative acts. In addition to couple of vote containers that were processed ignoring the requirements, in the end it appeared that arguably all 312 181 electronic votes cast with official voting application had invalid digital signatures and failed to specify electoral district in vote text.\r\n\r\nIn paper ballot elections these kinds of ballots would have been declared invalid without hesitation, but electoral complaints filed about such electronic votes were dismissed without explanation of why ballots clearly not conforming to legal requirements were counted. This has resulted in a parliament where 22 of 101 representatives have arguably gained their mandate based on invalid ballots, but moreover this indicates that after about 20 years of electronic voting in Estonia, in order to run the elections huge amounts of legal and technical make-believe is needed.\r\n\r\nIf manageable in small scale pilots and elections with low importance, this is hardly a case with 51% of the voters in parliamentary elections casting their votes online -- during times of political polarisation raising to unprecedented heights.\n\n\nAlthough electronic voting has been used 13 times in various elections in Estonia since 2005, the legal, procedural and technical problems are far from solved, but have rather backfired in political situation getting more complicated.","title":"Should e-voting experience of Estonia be copied?","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"Electronic voting is hard to observe because one can't directly see into computers. In case of Estonia, the cryptographic measures to verify the processes are only partially implemented, but as voters have to download a voting application that implements a protocol with a public specification, observers/voters can obtain a special insight into processes by implementing their own tools to cast and verify the votes.\r\n\r\nEngaging in that kind of participative observation with special tools in 2023 parliamentary elections in Estonia it appeared that the official voting software implemented the process that was not following the specification up to the point of diverging from requirements set in laws and subordinate regulative acts. In addition to couple of vote containers that were processed ignoring the requirements, in the end it appeared that arguably all 312 181 electronic votes cast with official voting application had invalid digital signatures and failed to specify electoral district in vote text.\r\n\r\nIn paper ballot elections these kinds of ballots would have been declared invalid without hesitation, but electoral complaints filed about such electronic votes were dismissed without explanation of why ballots clearly not conforming to legal requirements were counted. This has resulted in a parliament where 22 of 101 representatives have arguably gained their mandate based on invalid ballots, but moreover this indicates that after about 20 years of electronic voting in Estonia, in order to run the elections huge amounts of legal and technical make-believe is needed.\r\n\r\nIf manageable in small scale pilots and elections with low importance, this is hardly a case with 51% of the voters in parliamentary elections casting their votes online -- during times of political polarisation raising to unprecedented heights.\n\n\nAlthough electronic voting has been used 13 times in various elections in Estonia since 2005, the legal, procedural and technical problems are far from solved, but have rather backfired in political situation getting more complicated.","end_timestamp":{"seconds":1703936400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53834],"name":"Märt Põder","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52333}],"timeband_id":1143,"end":"2023-12-30T11:40:00.000-0000","links":[{"label":"Summary of the findings","type":"link","url":"https://infoaed.ee/findings2023"},{"label":"Votes without ballots (full report)","type":"link","url":"https://infoaed.ee/evote2023"}],"id":53834,"begin_timestamp":{"seconds":1703934000,"nanoseconds":0},"village_id":null,"tag_ids":[46121,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52333}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","begin":"2023-12-30T11:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Im Januar 2023 kam es zu Durchsuchungen der Redaktionsräume des Senders Radio Dreyeckland sowie der Wohnungen zweier Journalisten. Anlass der Durchsuchungen und der Beschlagnahme mehrerer Laptops war ein Artikel des Senders, in dem auf ein Archiv von linksunten.indymedia verlinkt wurde. Die Internetplattform war 2017 nach Vereinsrecht verboten worden. Die Staatsschutzabteilung der Staatsanwaltschaft Karlsruhe sieht in dem Artikel eine strafbare Unterstützung einer verbotenen Vereinigung. Das Oberlandesgericht Stuttgart hat inzwischen – anders als zuvor das Landgericht – die Anklage gegen den Journalisten zugelassen und entschieden, dass die Durchsuchung rechtmäßig war. Die Hauptverhandlung soll im kommenden Jahr stattfinden.\r\n\r\nDer Vortrag gibt einen Einblick in das Verfahren und ordnet es kritisch ein. Dabei wird insbesondere der Frage nachgegangen, wie Links rechtlich zu bewerten sind und wie der Staat gegen (linke) Medien vorgeht.\n\n\nEin Journalist von Radio Dreyeckland steht vor Gericht, weil er das Archiv der verbotenen Internetplattform linksunten.indymedia verlinkt hat. Der Vortrag gibt einen Einblick in das Verfahren und zeigt, wann Links strafbar sein können – und wann nicht.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Link-Extremismus und Pressefreiheit","android_description":"Im Januar 2023 kam es zu Durchsuchungen der Redaktionsräume des Senders Radio Dreyeckland sowie der Wohnungen zweier Journalisten. Anlass der Durchsuchungen und der Beschlagnahme mehrerer Laptops war ein Artikel des Senders, in dem auf ein Archiv von linksunten.indymedia verlinkt wurde. Die Internetplattform war 2017 nach Vereinsrecht verboten worden. Die Staatsschutzabteilung der Staatsanwaltschaft Karlsruhe sieht in dem Artikel eine strafbare Unterstützung einer verbotenen Vereinigung. Das Oberlandesgericht Stuttgart hat inzwischen – anders als zuvor das Landgericht – die Anklage gegen den Journalisten zugelassen und entschieden, dass die Durchsuchung rechtmäßig war. Die Hauptverhandlung soll im kommenden Jahr stattfinden.\r\n\r\nDer Vortrag gibt einen Einblick in das Verfahren und ordnet es kritisch ein. Dabei wird insbesondere der Frage nachgegangen, wie Links rechtlich zu bewerten sind und wie der Staat gegen (linke) Medien vorgeht.\n\n\nEin Journalist von Radio Dreyeckland steht vor Gericht, weil er das Archiv der verbotenen Internetplattform linksunten.indymedia verlinkt hat. Der Vortrag gibt einen Einblick in das Verfahren und zeigt, wann Links strafbar sein können – und wann nicht.","end_timestamp":{"seconds":1703936400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53827],"name":"David Werdermann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52449}],"timeband_id":1143,"end":"2023-12-30T11:40:00.000-0000","links":[{"label":"Informationen von Radio Dreyeckland zum Strafverfahren","type":"link","url":"https://rdl.de/Hausdurchsuchungen"},{"label":"Fallseite der GFF zum Verfahren gegen Radio Dreyeckland","type":"link","url":"https://freiheitsrechte.org/themen/demokratie/radio_dreyeckland"}],"id":53827,"begin_timestamp":{"seconds":1703934000,"nanoseconds":0},"tag_ids":[46121,46136,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52449}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T11:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This talk is for all who enjoyed the game \"who can name the larger number?\" as a kid.\r\n\r\nThis talk takes you on a tour of the wondrous world of mind-boggingly large numbers. In case you are new to the business of extremely large but still finitely large numbers, be prepared to be in thorough awe at hyper operators and Graham's number, a number so large not even the number of its digits fits into our universe. In case you've been a longtime follower of Graham's number, be prepared to be amazed by numbers which render Graham's number tiny and insignificant in comparison.\r\n\r\nSome of the numbers we present go beyond the boundaries of computation. Some even go beyond the boundaries of logic, while still staying clear of paradoxes, and some require stronger and stronger philosophical commitments.\r\n\r\nWe will also present reasons why mathematicians are interested in very large numbers.\r\n\r\nThere will also be a [companion talk on infinitely large numbers](https://events.ccc.de/congress/2023/hub/en/event/wondrous-mathematics-the-fantastical-story-how-the/). This talk is not a prerequisite for the other, and vice versa. [Over the course of the first three days of congress, we also run a large number contest.](https://www.quasicoherent.io/37c3-large-numbers-contest/) We invite you to participate in this contest. The award ceremony for this contest is part of this session.\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮\n\n\n","title":"Wondrous mathematics: Large numbers, very large numbers and very very large numbers","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"This talk is for all who enjoyed the game \"who can name the larger number?\" as a kid.\r\n\r\nThis talk takes you on a tour of the wondrous world of mind-boggingly large numbers. In case you are new to the business of extremely large but still finitely large numbers, be prepared to be in thorough awe at hyper operators and Graham's number, a number so large not even the number of its digits fits into our universe. In case you've been a longtime follower of Graham's number, be prepared to be amazed by numbers which render Graham's number tiny and insignificant in comparison.\r\n\r\nSome of the numbers we present go beyond the boundaries of computation. Some even go beyond the boundaries of logic, while still staying clear of paradoxes, and some require stronger and stronger philosophical commitments.\r\n\r\nWe will also present reasons why mathematicians are interested in very large numbers.\r\n\r\nThere will also be a [companion talk on infinitely large numbers](https://events.ccc.de/congress/2023/hub/en/event/wondrous-mathematics-the-fantastical-story-how-the/). This talk is not a prerequisite for the other, and vice versa. [Over the course of the first three days of congress, we also run a large number contest.](https://www.quasicoherent.io/37c3-large-numbers-contest/) We invite you to participate in this contest. The award ceremony for this contest is part of this session.\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮","end_timestamp":{"seconds":1703937000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T11:50:00.000-0000","id":53542,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703934000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"N","begin":"2023-12-30T11:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Meetup der Interessierten und Freunde am Projekt Rosenpass\r\nProject Rosenpass Meetup\r\n\r\nhttps://rosenpass.eu\r\n\r\nDay4, Stage H at Halle H\r\n\r\ncontact: @rosenpass@chaos.social on Mastodon\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Friends of Rosenpass Meeting","android_description":"Meetup der Interessierten und Freunde am Projekt Rosenpass\r\nProject Rosenpass Meetup\r\n\r\nhttps://rosenpass.eu\r\n\r\nDay4, Stage H at Halle H\r\n\r\ncontact: @rosenpass@chaos.social on Mastodon","end_timestamp":{"seconds":1703941200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T13:00:00.000-0000","id":53541,"begin_timestamp":{"seconds":1703934000,"nanoseconds":0},"tag_ids":[46137,46139,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"begin":"2023-12-30T11:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Flammschutzmittel für Elektrogeräte, die Metalllegierung zum Löten und Plastik für fast alle Anwendungen im Alltag – all diese Materialen produziert die Chemische Industrie. Sie steht am Anfang der Wertschöpfungskette. Die Materialien, die sie herstellt definiert das Spektrum, mit dem Produktdesigner\\*innen arbeiten können. Schockierend ist: Die Industrie verwendet nicht nur fossile Rohstoffe für viele ihrer Produkte, sondern ist auch größter Industrieverbraucher von Energie in Deutschland. Allein für die Produktion von Plastik für Verpackungen verwendet die Industrie in Deutschland mehr Primärenergie, als das Land Slowenien insgesamt. Viele Produkte der Industrie bergen Umwelt- und Gesundheitsgefahren und kein deutsches Chemieunternehmen hat eine Strategie ihre Schadstoffe zu reduzieren. Tatsächlich produzieren und exportieren die Unternehmen sogar weiterhin Schadstoffe, die in der EU längst verboten sind. Dass es so nicht weiter gehen kann erkennt auch die Industrie. Ihre angeblich klimaneutralen Transformationspfade sind technisch und wirtschaftlich nicht sinnvoll und gehen mit einem enormen Anstieg an nicht verfügbarer erneuerbarer Energie und Wasserstoff einher. Der Bedarf übersteigt was die Bundesregierung für ganz Deutschland vorsieht. Wir zeigen auf: Die Transformation der Chemieindustrie kann nicht nur innerhalb dieser Branche gedacht werden. Es darf jetzt nicht in Technologien investiert werden, die Scheinlösungen sind. Die Herausforderungen Klimakrise, Verschmutzung und Biodiversitätskrise müssen jetzt angegangen werden durch echte Defossilisierung, Ressourceneinsparung und Kreislaufwirtschaft und einer Umstellung auf sichere und nachhaltige Chemikalien. \n\n\nAm Anfang von jedem Chip, jedem Computer, jedem Plastik steht die Chemieindustrie. Sie ist Deutschlands größter Industrieverbraucher an fossilen Ressourcen wie Öl und Gas. Wir stellen eine neue Studie „Blackbox Chemieindustrie“ des BUND zum Energie- und Ressourcenbedarf der Industrie vor. Die angeblich klimaneutralen Transformationspläne der Industrie werden kritisch hinterfragt und echte Lösungen werden aufgezeigt.","title":"Blackbox Chemieindustrie","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703936400,"nanoseconds":0},"android_description":"Flammschutzmittel für Elektrogeräte, die Metalllegierung zum Löten und Plastik für fast alle Anwendungen im Alltag – all diese Materialen produziert die Chemische Industrie. Sie steht am Anfang der Wertschöpfungskette. Die Materialien, die sie herstellt definiert das Spektrum, mit dem Produktdesigner\\*innen arbeiten können. Schockierend ist: Die Industrie verwendet nicht nur fossile Rohstoffe für viele ihrer Produkte, sondern ist auch größter Industrieverbraucher von Energie in Deutschland. Allein für die Produktion von Plastik für Verpackungen verwendet die Industrie in Deutschland mehr Primärenergie, als das Land Slowenien insgesamt. Viele Produkte der Industrie bergen Umwelt- und Gesundheitsgefahren und kein deutsches Chemieunternehmen hat eine Strategie ihre Schadstoffe zu reduzieren. Tatsächlich produzieren und exportieren die Unternehmen sogar weiterhin Schadstoffe, die in der EU längst verboten sind. Dass es so nicht weiter gehen kann erkennt auch die Industrie. Ihre angeblich klimaneutralen Transformationspfade sind technisch und wirtschaftlich nicht sinnvoll und gehen mit einem enormen Anstieg an nicht verfügbarer erneuerbarer Energie und Wasserstoff einher. Der Bedarf übersteigt was die Bundesregierung für ganz Deutschland vorsieht. Wir zeigen auf: Die Transformation der Chemieindustrie kann nicht nur innerhalb dieser Branche gedacht werden. Es darf jetzt nicht in Technologien investiert werden, die Scheinlösungen sind. Die Herausforderungen Klimakrise, Verschmutzung und Biodiversitätskrise müssen jetzt angegangen werden durch echte Defossilisierung, Ressourceneinsparung und Kreislaufwirtschaft und einer Umstellung auf sichere und nachhaltige Chemikalien. \n\n\nAm Anfang von jedem Chip, jedem Computer, jedem Plastik steht die Chemieindustrie. Sie ist Deutschlands größter Industrieverbraucher an fossilen Ressourcen wie Öl und Gas. Wir stellen eine neue Studie „Blackbox Chemieindustrie“ des BUND zum Energie- und Ressourcenbedarf der Industrie vor. Die angeblich klimaneutralen Transformationspläne der Industrie werden kritisch hinterfragt und echte Lösungen werden aufgezeigt.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53508],"name":"Janine Korduan","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52334},{"conference_id":131,"event_ids":[53508],"name":"Janna Kuhlmann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52513}],"timeband_id":1143,"links":[{"label":"Studienzusammenfassung Blackbox Chemieindustrie","type":"link","url":"https://www.bund.net/service/publikationen/detail/publication/factsheet-studie-blackbox-chemieindustrie-zusammenfassung/"}],"end":"2023-12-30T11:40:00.000-0000","id":53508,"tag_ids":[46125,46136,46139],"village_id":null,"begin_timestamp":{"seconds":1703934000,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52334},{"tag_id":46107,"sort_order":1,"person_id":52513}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-30T11:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In this session, I will present the OpenStreetMap editing software JOSM, a Java application for advanced editing of OpenStreetMap data.\r\n\r\nIn contrast to the online editor iD on the OpenStreetMap website, JOSM can handle larger volumes of map data. It can be customized using plugins, custom tagging presets and map styles.\r\n\r\nThis session is drafted for people who have contributed to OpenStreetMap and want to start with adavanced editing, edit relations or large features (e.g. landuse polygons).\r\n\r\nYou need an OpenStreetMap account in order to be able to edit. Please create one prior to the session.\r\n\r\nPlease install JOSM prior to the session (e.g. from the package repository of your Linux distribution).\r\n\r\nhttps://www.openstreetmap.org/\r\nhttps://josm.openstreetmap.de/\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Einstieg in JOSM für fortgeschrittene OpenStreetMapper","end_timestamp":{"seconds":1703934000,"nanoseconds":0},"android_description":"In this session, I will present the OpenStreetMap editing software JOSM, a Java application for advanced editing of OpenStreetMap data.\r\n\r\nIn contrast to the online editor iD on the OpenStreetMap website, JOSM can handle larger volumes of map data. It can be customized using plugins, custom tagging presets and map styles.\r\n\r\nThis session is drafted for people who have contributed to OpenStreetMap and want to start with adavanced editing, edit relations or large features (e.g. landuse polygons).\r\n\r\nYou need an OpenStreetMap account in order to be able to edit. Please create one prior to the session.\r\n\r\nPlease install JOSM prior to the session (e.g. from the package repository of your Linux distribution).\r\n\r\nhttps://www.openstreetmap.org/\r\nhttps://josm.openstreetmap.de/","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T11:00:00.000-0000","id":53988,"begin_timestamp":{"seconds":1703932200,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","begin":"2023-12-30T10:30:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Einstein's Field Equations allow for strange solutions involving the connection of a universe with itself or even two different universes with each other. In this talk, we will look at how wormholes first came to be, how to describe them mathematically and what properties they have.\r\n\r\n🧮🦆\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Wormholes: A little go-through","android_description":"Einstein's Field Equations allow for strange solutions involving the connection of a universe with itself or even two different universes with each other. In this talk, we will look at how wormholes first came to be, how to describe them mathematically and what properties they have.\r\n\r\n🧮🦆","end_timestamp":{"seconds":1703934000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T11:00:00.000-0000","id":53428,"village_id":null,"begin_timestamp":{"seconds":1703931300,"nanoseconds":0},"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"N","begin":"2023-12-30T10:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"**Freie Fläche vor Saal F.**\r\n\r\n[Andere Sessions unserer Gruppe.](https://chaos.quasicoherent.io/)\r\n\r\n🧮\n\n\nKonsumkritik-Kritik: von der Mär der angeblichen Macht der Verbraucher*innen. Eine grundlegende Situationsanalyse und wirksame Alternativen.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Fünf überraschende Sachverhalte, wieso die Erzählung \"Dein Kassenbon ist ein Stimmzettel\" fehlerhaft ist, in die Irre führt und echte gesellschaftliche Veränderung blockiert","end_timestamp":{"seconds":1703933400,"nanoseconds":0},"android_description":"**Freie Fläche vor Saal F.**\r\n\r\n[Andere Sessions unserer Gruppe.](https://chaos.quasicoherent.io/)\r\n\r\n🧮\n\n\nKonsumkritik-Kritik: von der Mär der angeblichen Macht der Verbraucher*innen. Eine grundlegende Situationsanalyse und wirksame Alternativen.","updated_timestamp":{"seconds":1703954760,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T10:50:00.000-0000","id":54032,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703930400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"In front of Hall F","hotel":"","short_name":"In front of Hall F","id":46172},"updated":"2023-12-30T16:46:00.000-0000","begin":"2023-12-30T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Ich nehme euch mit in einen Vortrag unter Wasser. Ich möchte euch erzählen warum die Ozeane für uns wichtig sind und warum und vor allem wie wir sie schützen können. Und natürlich alle eure Fragen rund ums Meer und Korallenriffe zu beantworten. Der interaktive Vortrag richtet sich an Kinder im Alter zwischen 8-12, aber es sind natürlich alle willkommen.\n\n\n","title":"Meere und warum sie für uns wichtig sind - Tag 4","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"Ich nehme euch mit in einen Vortrag unter Wasser. Ich möchte euch erzählen warum die Ozeane für uns wichtig sind und warum und vor allem wie wir sie schützen können. Und natürlich alle eure Fragen rund ums Meer und Korallenriffe zu beantworten. Der interaktive Vortrag richtet sich an Kinder im Alter zwischen 8-12, aber es sind natürlich alle willkommen.","end_timestamp":{"seconds":1703935800,"nanoseconds":0},"updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T11:30:00.000-0000","id":54029,"village_id":null,"begin_timestamp":{"seconds":1703930400,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Kidspace - Workshopraum in Saal B","hotel":"","short_name":"Kidspace - Workshopraum in Saal B","id":46143},"spans_timebands":"N","begin":"2023-12-30T10:00:00.000-0000","updated":"2023-12-30T01:42:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In Science Fiction gibt es Überlichtgeschwindigkeit, Antigravitation, Terraforming, Schutzschilde, Beamen, Railguns, KI, Fusion, Nano, usw. Dieser Vortrag gibt einen Überblick, was die moderne Wissenschaft dazu sagt. Der Stand der Wissenschaft entwickelt sich weiter und das kommt nur langsam in der Science Fiction Literatur an. Was stimmt noch und was hat sich geändert? Was ist wissenschaftlich fundiert, was wäre vielleicht möglich und was wird immer erfundene Wissenschaft bleiben. \r\n\r\nEin realistischer Blick auf das theoretisch Mögliche, ein optimistischer Ausblick auf Hinweise auf (noch) unbekannte Wissenschaft, und ein mahnender Blick darauf was wir in naher Zukunft machen sollten (Thema Sustainability). \r\n\r\nAber im Vordergrund steht die Bewertung der SF-Konzepte durch die reale Wissenschaft und sicher ein paar neue Erkenntnisse für Zuhöher:innen.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Science in Science Fiction (Die reale Wissenschaft von Star Trek und Star Wars)","end_timestamp":{"seconds":1703933400,"nanoseconds":0},"android_description":"In Science Fiction gibt es Überlichtgeschwindigkeit, Antigravitation, Terraforming, Schutzschilde, Beamen, Railguns, KI, Fusion, Nano, usw. Dieser Vortrag gibt einen Überblick, was die moderne Wissenschaft dazu sagt. Der Stand der Wissenschaft entwickelt sich weiter und das kommt nur langsam in der Science Fiction Literatur an. Was stimmt noch und was hat sich geändert? Was ist wissenschaftlich fundiert, was wäre vielleicht möglich und was wird immer erfundene Wissenschaft bleiben. \r\n\r\nEin realistischer Blick auf das theoretisch Mögliche, ein optimistischer Ausblick auf Hinweise auf (noch) unbekannte Wissenschaft, und ein mahnender Blick darauf was wir in naher Zukunft machen sollten (Thema Sustainability). \r\n\r\nAber im Vordergrund steht die Bewertung der SF-Konzepte durch die reale Wissenschaft und sicher ein paar neue Erkenntnisse für Zuhöher:innen.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T10:50:00.000-0000","id":53983,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703930400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"begin":"2023-12-30T10:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In this session, we will present you the online editing software iD which you can use to contribute to OpenStreetMap.\r\n\r\nYou can ask questions about contributing to OpenStreetMap during the session.\r\n\r\nIf you contribute to OpenStreetMap, you have to create an user account. You may do this prior to the session. A user name and email address is required.\r\n\r\nhttps://www.openstreetmap.org/\n\n\n","title":"Einstieg in OpenStreetMap mit dem Online-Editor iD","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703932200,"nanoseconds":0},"android_description":"In this session, we will present you the online editing software iD which you can use to contribute to OpenStreetMap.\r\n\r\nYou can ask questions about contributing to OpenStreetMap during the session.\r\n\r\nIf you contribute to OpenStreetMap, you have to create an user account. You may do this prior to the session. A user name and email address is required.\r\n\r\nhttps://www.openstreetmap.org/","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T10:30:00.000-0000","id":53875,"village_id":null,"begin_timestamp":{"seconds":1703930400,"nanoseconds":0},"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This talk will describe our efforts to introduce a new toolkit and mindset for unions and gig workers, which is essential in an era where, for a growing number of people, \"an app is their boss\".\r\n\r\nOur work highlights the critical role of technical literacy in improving workers' bargaining power, particularly in collective bargaining. By demystifying the technology that governs them, we aim to equip workers with the tools to assert their rights and shape a fairer working landscape.\r\n\r\nSince 2019, our team, back in time known as [Tracking.Exposed](https://tracking.exposed) and now operating as [Reversing.Works](https://reversing.works), has focused on connecting mobile app reverse engineering with GDPR and workers' rights. We want to tell this story, all the missteps, the low-hanging fruit that hacktivists across Europe can grab, and the opportunities that new regulations open up in this sense.\r\n\r\nIn 2023, a [report](https://reversing.works/posts/2023/10/report-exercising-workers-rights-in-algorithmic-management-systems/) written for the European Trade Union Institute summarized our investigation into Glovo, in this talk we'll talk about how to repeat the investigations and, with varying complexity, how unionist and activists can start identifying potential data breaches and labor rights violations in mobile apps used by gig economy workers.\n\n\n[Reversing.works](https://reversing.works) will outline five years of experience linking trade unions, gig economy workers, GDPR and mobile app reverse engineering. Goal: to replicate an effective form of resistance.","title":"Mobile reverse engineering to empower the gig economy workers and labor unions","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"This talk will describe our efforts to introduce a new toolkit and mindset for unions and gig workers, which is essential in an era where, for a growing number of people, \"an app is their boss\".\r\n\r\nOur work highlights the critical role of technical literacy in improving workers' bargaining power, particularly in collective bargaining. By demystifying the technology that governs them, we aim to equip workers with the tools to assert their rights and shape a fairer working landscape.\r\n\r\nSince 2019, our team, back in time known as [Tracking.Exposed](https://tracking.exposed) and now operating as [Reversing.Works](https://reversing.works), has focused on connecting mobile app reverse engineering with GDPR and workers' rights. We want to tell this story, all the missteps, the low-hanging fruit that hacktivists across Europe can grab, and the opportunities that new regulations open up in this sense.\r\n\r\nIn 2023, a [report](https://reversing.works/posts/2023/10/report-exercising-workers-rights-in-algorithmic-management-systems/) written for the European Trade Union Institute summarized our investigation into Glovo, in this talk we'll talk about how to repeat the investigations and, with varying complexity, how unionist and activists can start identifying potential data breaches and labor rights violations in mobile apps used by gig economy workers.\n\n\n[Reversing.works](https://reversing.works) will outline five years of experience linking trade unions, gig economy workers, GDPR and mobile app reverse engineering. Goal: to replicate an effective form of resistance.","end_timestamp":{"seconds":1703932800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53833],"name":"Claudio Agosti","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52294},{"conference_id":131,"event_ids":[53833],"name":"Gaetano Priori","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52409}],"timeband_id":1143,"links":[],"end":"2023-12-30T10:40:00.000-0000","id":53833,"tag_ids":[46121,46136,46140],"village_id":null,"begin_timestamp":{"seconds":1703930400,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52294},{"tag_id":46107,"sort_order":1,"person_id":52409}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The talk will explain unfamiliar concepts in more common terms like:\r\nVector registers are just registers where CPUs can store multiple numbers which belong together and are processed independent of each other together in same operation. This allows a higher processing performance similar to how moving a pallet of same sized boxes can be quicker than just moving the boxes on their own.\r\n\r\nAnd will then use those new terms drawing comparisons like:\r\n512 bits long are the largest vector registers available with any other CPU available today compared to 16348 bits long vector registers of which each VE core has 64 of. This puts it in a class of its own among CPUs.\r\n\r\nIf you weren't scrared off by this you shouldn't find the talk to technical. If you have a deep grasp on computing technology and wonder if this talk might interesting then you will hear about some implementation choices from NEC drawing reactions deep from the Kubler-Ross stages of Grief. \r\n\r\nThere will be a short introduction to the VE instruction set highlight a few instructions which are \"fun\" or otherwise \"interesting\" and might have some general computing https://en.wikipedia.org/wiki/Fast\\_inverse\\_square\\_root trivia https://vaibhavsagar.com/blog/2019/09/08/popcount/ associtated. The different offloading modes of a VE are introduced, one of which is enterily novel and which also emphasizes the uniqueness and sheer quirkyness.\r\n\r\nPrograms executing on a Vector Engine run in a Linux environment thus one could make many applications run on this accelerator unlocking GPU like performance for them without a need for rewrites if said code can make use of these big vector registers and the massive memory bandwidth available to them. So it's unsupprising that it is enourmously fun to touch up identified bottelnecks and see some application get 200x faster with handful of fixes. We can call hardware homebrewed if we make 2048 run on it, can't we?\r\n\r\nThe presentation about hacks people which joined my \"vect.or.at\" Vector Engine PUBNIX (basically a shared linux computer) did will cover such speeds ups, mention the state of an ongoing attempt to port the Rust programming languages to it, attempts of digital perservationism and progress towards making the vector engine truely yours by \"rooting\" it to mess with hardware settings otherwise unavailable.\r\n\r\nThe introduction to HPC portion will be structured as an argument claiming \"A NEC Vector Engine would turn your (Linux) computer into a small super computer\" and use this as motivation to introduce what such a super computer or HPC cluster is, how you can make it work for you and common software packages used. A few performance \"tripping\" hazards also are mentioned.\n\n\nThe NEC Vector Engine (VE) isn't a GPU. It's a member of the only family of vector computers still alive today. Imagine a second CPU with a different instruction set running on the same Linux system. While obscure, it's a very approachable and hackable platform that is an addictingly fun machine to program and allows you to play with all the technologies seen in high-performance computing (HPC) today. I am going to cover lightheartedly what a small community learned about this singular hardware they shared: bemoaning a dangerous power plug standard, (ab)using this scientific simulation power house to run code never intended, some firmware and driver reversing, \"rooting\" a VE and more. I will also be giving an introduction to core concepts in HPC with knowledge transferable to any other (university) computer cluster and hopefully encouraging students and scientists to use those by making them seem less alien and hostile.","title":"Making homebrew for your very own Vector Super Computer","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"android_description":"The talk will explain unfamiliar concepts in more common terms like:\r\nVector registers are just registers where CPUs can store multiple numbers which belong together and are processed independent of each other together in same operation. This allows a higher processing performance similar to how moving a pallet of same sized boxes can be quicker than just moving the boxes on their own.\r\n\r\nAnd will then use those new terms drawing comparisons like:\r\n512 bits long are the largest vector registers available with any other CPU available today compared to 16348 bits long vector registers of which each VE core has 64 of. This puts it in a class of its own among CPUs.\r\n\r\nIf you weren't scrared off by this you shouldn't find the talk to technical. If you have a deep grasp on computing technology and wonder if this talk might interesting then you will hear about some implementation choices from NEC drawing reactions deep from the Kubler-Ross stages of Grief. \r\n\r\nThere will be a short introduction to the VE instruction set highlight a few instructions which are \"fun\" or otherwise \"interesting\" and might have some general computing https://en.wikipedia.org/wiki/Fast\\_inverse\\_square\\_root trivia https://vaibhavsagar.com/blog/2019/09/08/popcount/ associtated. The different offloading modes of a VE are introduced, one of which is enterily novel and which also emphasizes the uniqueness and sheer quirkyness.\r\n\r\nPrograms executing on a Vector Engine run in a Linux environment thus one could make many applications run on this accelerator unlocking GPU like performance for them without a need for rewrites if said code can make use of these big vector registers and the massive memory bandwidth available to them. So it's unsupprising that it is enourmously fun to touch up identified bottelnecks and see some application get 200x faster with handful of fixes. We can call hardware homebrewed if we make 2048 run on it, can't we?\r\n\r\nThe presentation about hacks people which joined my \"vect.or.at\" Vector Engine PUBNIX (basically a shared linux computer) did will cover such speeds ups, mention the state of an ongoing attempt to port the Rust programming languages to it, attempts of digital perservationism and progress towards making the vector engine truely yours by \"rooting\" it to mess with hardware settings otherwise unavailable.\r\n\r\nThe introduction to HPC portion will be structured as an argument claiming \"A NEC Vector Engine would turn your (Linux) computer into a small super computer\" and use this as motivation to introduce what such a super computer or HPC cluster is, how you can make it work for you and common software packages used. A few performance \"tripping\" hazards also are mentioned.\n\n\nThe NEC Vector Engine (VE) isn't a GPU. It's a member of the only family of vector computers still alive today. Imagine a second CPU with a different instruction set running on the same Linux system. While obscure, it's a very approachable and hackable platform that is an addictingly fun machine to program and allows you to play with all the technologies seen in high-performance computing (HPC) today. I am going to cover lightheartedly what a small community learned about this singular hardware they shared: bemoaning a dangerous power plug standard, (ab)using this scientific simulation power house to run code never intended, some firmware and driver reversing, \"rooting\" a VE and more. I will also be giving an introduction to core concepts in HPC with knowledge transferable to any other (university) computer cluster and hopefully encouraging students and scientists to use those by making them seem less alien and hostile.","end_timestamp":{"seconds":1703932800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53826],"name":"Johann-Tobias Schäg","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52280}],"timeband_id":1143,"links":[],"end":"2023-12-30T10:40:00.000-0000","id":53826,"village_id":null,"tag_ids":[46122,46136,46140],"begin_timestamp":{"seconds":1703930400,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52280}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Kurze Einführung in FreeCAD (1.5h)\r\nEs geht um die Frage: Wie erstelle ich kleine Modelle ?\r\n\r\n🧮\n\n\nKurze Einführung in FreeCAD (1.5h)\r\nEs geht um die Frage: Wie erstelle ich kleine Modelle ?\r\nBitte vorher FreeCAD installieren (500mb)","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"FreeCAD Workshop","end_timestamp":{"seconds":1703935800,"nanoseconds":0},"android_description":"Kurze Einführung in FreeCAD (1.5h)\r\nEs geht um die Frage: Wie erstelle ich kleine Modelle ?\r\n\r\n🧮\n\n\nKurze Einführung in FreeCAD (1.5h)\r\nEs geht um die Frage: Wie erstelle ich kleine Modelle ?\r\nBitte vorher FreeCAD installieren (500mb)","updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T11:30:00.000-0000","id":53690,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703930400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"FAU Assembly (Halle H)","hotel":"","short_name":"FAU Assembly (Halle H)","id":46165},"begin":"2023-12-30T10:00:00.000-0000","updated":"2023-12-29T15:25:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In diesem kostenlosen Basis-Seminar werden Dir die wichtigsten Skills zur Erbringung ganzheitlicher Digital-Spiritualitäts-Dienstleistungen vermittelt, mit denen Du direkt in die Selbstständigkeit durchstarten kannst. Wir lernen von den Besten – wir lernen vom Esoterik-Markt, der ja bekanntlich nicht erst seit der Crosspromotion in einschlägigen Corona-Telegram-Gruppen boomt:\r\n\r\n1. Digital Forecasting: Warum umständliche Modelle konzipieren, wenn Du den direkten Zugriff auf die Akasha-Datenbank der Weltweisheit verkaufen kannst? In diesem Block geht es um die wichtigsten Wahrsager-Skills (Cold Reading, Hot Reading, Barnum-Effekt).\n2. Healing statt Patching: Anwendung ganzheitlich-spiritueller Security-Konzepte auf homöopathischer Basis für Kundennetzwerke mit Schwerpunkt auf dem souveränen Umgang mit Beschwerden & Erstverschlimmerungen.\n3. Belebte Netzwerke: Lehren aus der Wasserbelebung & kompatible Geschäftsideen („Serverraum der Neuen Zeit“, Manifestieren von RAM, KI-Karma)\n4. Mental-Antivirus: Installationsanleitung für feinstoffliche Unterstützungssoftware zur Ego-Mitigation (thought terminating cliches, Conspiracy & Cult-Groupware as a Service)\n5. Upscaling: Innovative Pyramiden- und Schneeballsysteme zwecks ganzheitlicher Gewinnabschöpfung.\n\n\r\n\r\nMelden Sie sich jetzt für das KOSTENLOSE Basis-Seminar an, und Sie bekommen (wenn die Speicherblöcke günstig stehen) unseren limitierten feinschwingenden 5G-Sticker für ihr EDV-Gerät GRATIS dazu. \r\n\r\n+++ von unabhängigen Cyber-Schamaninnen empfohlen +++\r\n\r\nBild: Charlotte von Hirsch\n\n\nDass es sich bei Digitalisierung um eine magische Angelegenheit handelt, der durch Regulierung großer Social-Media-Konzerne per Definition nicht beizukommen ist, ist auf politischer Ebene schon lange bekannt. Der Markt für esoterische Dienstleistungen rund um Digitalisierungsfragen ist daher vermutlich immens – und eröffnet viele Möglichkeiten für cyberfeinstofflich begabte Entrepreneurs & Digital-Okkultisten. Ganz nebenbei lernen wir, welche Maschen unseriöse Akteure (auch jenseits der Eso-Szene) anwenden, um mit den Sorgen und Ängsten von Menschen Geld zu machen.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Fortbildung Cyber-Astrologie & KI-Karma","end_timestamp":{"seconds":1703932800,"nanoseconds":0},"android_description":"In diesem kostenlosen Basis-Seminar werden Dir die wichtigsten Skills zur Erbringung ganzheitlicher Digital-Spiritualitäts-Dienstleistungen vermittelt, mit denen Du direkt in die Selbstständigkeit durchstarten kannst. Wir lernen von den Besten – wir lernen vom Esoterik-Markt, der ja bekanntlich nicht erst seit der Crosspromotion in einschlägigen Corona-Telegram-Gruppen boomt:\r\n\r\n1. Digital Forecasting: Warum umständliche Modelle konzipieren, wenn Du den direkten Zugriff auf die Akasha-Datenbank der Weltweisheit verkaufen kannst? In diesem Block geht es um die wichtigsten Wahrsager-Skills (Cold Reading, Hot Reading, Barnum-Effekt).\n2. Healing statt Patching: Anwendung ganzheitlich-spiritueller Security-Konzepte auf homöopathischer Basis für Kundennetzwerke mit Schwerpunkt auf dem souveränen Umgang mit Beschwerden & Erstverschlimmerungen.\n3. Belebte Netzwerke: Lehren aus der Wasserbelebung & kompatible Geschäftsideen („Serverraum der Neuen Zeit“, Manifestieren von RAM, KI-Karma)\n4. Mental-Antivirus: Installationsanleitung für feinstoffliche Unterstützungssoftware zur Ego-Mitigation (thought terminating cliches, Conspiracy & Cult-Groupware as a Service)\n5. Upscaling: Innovative Pyramiden- und Schneeballsysteme zwecks ganzheitlicher Gewinnabschöpfung.\n\n\r\n\r\nMelden Sie sich jetzt für das KOSTENLOSE Basis-Seminar an, und Sie bekommen (wenn die Speicherblöcke günstig stehen) unseren limitierten feinschwingenden 5G-Sticker für ihr EDV-Gerät GRATIS dazu. \r\n\r\n+++ von unabhängigen Cyber-Schamaninnen empfohlen +++\r\n\r\nBild: Charlotte von Hirsch\n\n\nDass es sich bei Digitalisierung um eine magische Angelegenheit handelt, der durch Regulierung großer Social-Media-Konzerne per Definition nicht beizukommen ist, ist auf politischer Ebene schon lange bekannt. Der Markt für esoterische Dienstleistungen rund um Digitalisierungsfragen ist daher vermutlich immens – und eröffnet viele Möglichkeiten für cyberfeinstofflich begabte Entrepreneurs & Digital-Okkultisten. Ganz nebenbei lernen wir, welche Maschen unseriöse Akteure (auch jenseits der Eso-Szene) anwenden, um mit den Sorgen und Ängsten von Menschen Geld zu machen.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T10:40:00.000-0000","id":53591,"village_id":null,"tag_ids":[46121,46136,46139],"begin_timestamp":{"seconds":1703930400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-30T10:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"For all children who have always wanted to learn to crochet or who already know something and want to learn more.\r\nThere will be a few large crochet hooks and many smaller ones. There also will be some wool. So you can start with your first experiments or ask for further help.\r\n\r\nThere may also be knitting needles to try out.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Häkeln","android_description":"For all children who have always wanted to learn to crochet or who already know something and want to learn more.\r\nThere will be a few large crochet hooks and many smaller ones. There also will be some wool. So you can start with your first experiments or ask for further help.\r\n\r\nThere may also be knitting needles to try out.","end_timestamp":{"seconds":1703937600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T12:00:00.000-0000","id":53429,"village_id":null,"begin_timestamp":{"seconds":1703930400,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Kidspace - Saal B","hotel":"","short_name":"Kidspace - Saal B","id":46158},"spans_timebands":"N","begin":"2023-12-30T10:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"[English version below]\r\n\r\nIn diesem Workshop wird es eine Einführung in die Grundlagen: Syntax, Datentypen, Prozeduren, Zeiger, Dateien und Datenmanipulation geben. Das gelernte Wissen kann dabei mit kleinen Aufgaben spielerisch und kollaborativ überprüft werden. Es wird außerdem eine kleine Einleitung zur Dateistruktur von Projekten und hilfreichen Werkzeuge geben.\r\n\r\nZur Teilnahme am Workshop empfiehlt sich ein Linux System (oder virtuelle Maschine) mit einem installierten Texteditor. Hochperformante Hardware wird aber nicht benötigt.\r\n\r\n--------\r\n\r\nIn this workshop, participants will be given an introduction to the basics: syntax, data types, procedures, pointers and data manipulation. The knowledge can be tested in in a playful and collaborative way with small exercises. There will also be a short introduction to the file structure of projects and helpful tools.\r\n\r\nA Linux system (or virtual machine) with an installed text editor is recommended for participating in this workshop. However, high-performance hardware is not required.\n\n\nHier gibt es einen Einstieg in die systemnahe Programmiersprache C mit Fokus auf Personen ohne großes Vorwissen in C. Es wird alles notwendige Grundwissen beigebracht, welches zum Entwickeln einfacher Programme notwendig ist.","type":{"conference_id":131,"conference":"37C3","color":"#7f73c6","updated_at":"2023-12-30T22:18+0000","name":"Workshop","id":46133},"title":"Programmieren mit C: Eine Einführung für Neulinge [Deutsch/Englisch]","end_timestamp":{"seconds":1703939100,"nanoseconds":0},"android_description":"[English version below]\r\n\r\nIn diesem Workshop wird es eine Einführung in die Grundlagen: Syntax, Datentypen, Prozeduren, Zeiger, Dateien und Datenmanipulation geben. Das gelernte Wissen kann dabei mit kleinen Aufgaben spielerisch und kollaborativ überprüft werden. Es wird außerdem eine kleine Einleitung zur Dateistruktur von Projekten und hilfreichen Werkzeuge geben.\r\n\r\nZur Teilnahme am Workshop empfiehlt sich ein Linux System (oder virtuelle Maschine) mit einem installierten Texteditor. Hochperformante Hardware wird aber nicht benötigt.\r\n\r\n--------\r\n\r\nIn this workshop, participants will be given an introduction to the basics: syntax, data types, procedures, pointers and data manipulation. The knowledge can be tested in in a playful and collaborative way with small exercises. There will also be a short introduction to the file structure of projects and helpful tools.\r\n\r\nA Linux system (or virtual machine) with an installed text editor is recommended for participating in this workshop. However, high-performance hardware is not required.\n\n\nHier gibt es einen Einstieg in die systemnahe Programmiersprache C mit Fokus auf Personen ohne großes Vorwissen in C. Es wird alles notwendige Grundwissen beigebracht, welches zum Entwickeln einfacher Programme notwendig ist.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53552],"name":"Lilith","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52430}],"timeband_id":1143,"links":[],"end":"2023-12-30T12:25:00.000-0000","id":53552,"village_id":null,"tag_ids":[46133,46139],"begin_timestamp":{"seconds":1703930100,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52430}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T09:55:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Agile is dead! - Agility is - like 42 - the answer to life, the universe and everything!\r\n\r\nDon't panic! \r\nThe question why forty-two is the answer remains and has still needs answering.\r\n\r\nTune in to see an actual agile manifesto and why the so-called agile manifesto written in 2001 is anything but agil and often misinterpreted.\n\n\n","title":"42?! Agile is dead - agility the answer to live the universe and everything","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"Agile is dead! - Agility is - like 42 - the answer to life, the universe and everything!\r\n\r\nDon't panic! \r\nThe question why forty-two is the answer remains and has still needs answering.\r\n\r\nTune in to see an actual agile manifesto and why the so-called agile manifesto written in 2001 is anything but agil and often misinterpreted.","end_timestamp":{"seconds":1703931840,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T10:24:00.000-0000","id":53874,"village_id":null,"begin_timestamp":{"seconds":1703929320,"nanoseconds":0},"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"begin":"2023-12-30T09:42:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We probably have enough yarn and needles if you don't have your own. The workshop giving person(s) will be glad to assist your projects however possible. Beginners welcome!","title":"Let's knit/crochet together!","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703932200,"nanoseconds":0},"android_description":"We probably have enough yarn and needles if you don't have your own. The workshop giving person(s) will be glad to assist your projects however possible. Beginners welcome!","updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T10:30:00.000-0000","id":54023,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703928600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Table of the Openlab Augsburg","hotel":"","short_name":"Table of the Openlab Augsburg","id":46171},"updated":"2023-12-30T01:42:00.000-0000","begin":"2023-12-30T09:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Systems created by humans will contain flaws. In order to shine a light on these flaws, you can use a technique called threat modelling. There are hundreds if not thousands of different threat modelling methods that can be used to tease apart the structure of a system in search for security issues. In this talk, we will cover the key principles behind these methods, enabling anyone to study and mend the architecture of a system. In covering the basics, we will also critically reflect on the direction of much research and practice, sketching the relevance of threat modelling for addressing contemporary challenges and highlighting the role that you can play in making a security impact.\r\n\r\n*As preparation for or follow-up of this talk, [see this recorded training](https://archive.org/details/getting_started_with_threat_modelling).*\r\n\r\n*The recorded training can be watched either before or after the live talk. The talk takes a more reflective and critical look at threat modelling, diving into its underlying history and the current state of research, while also providing a space for Q&A and the sharing of experiences.*\n\n\nHow to take your first steps in threat modelling, or an opportunity to extend and/or reorient an existing threat modelling programme.","title":"Getting started with threat modelling","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#f6ae74","name":"Talk 90 Minuten +15m Q&A","id":46132},"end_timestamp":{"seconds":1703934000,"nanoseconds":0},"android_description":"Systems created by humans will contain flaws. In order to shine a light on these flaws, you can use a technique called threat modelling. There are hundreds if not thousands of different threat modelling methods that can be used to tease apart the structure of a system in search for security issues. In this talk, we will cover the key principles behind these methods, enabling anyone to study and mend the architecture of a system. In covering the basics, we will also critically reflect on the direction of much research and practice, sketching the relevance of threat modelling for addressing contemporary challenges and highlighting the role that you can play in making a security impact.\r\n\r\n*As preparation for or follow-up of this talk, [see this recorded training](https://archive.org/details/getting_started_with_threat_modelling).*\r\n\r\n*The recorded training can be watched either before or after the live talk. The talk takes a more reflective and critical look at threat modelling, diving into its underlying history and the current state of research, while also providing a space for Q&A and the sharing of experiences.*\n\n\nHow to take your first steps in threat modelling, or an opportunity to extend and/or reorient an existing threat modelling programme.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53824],"name":"Arne Padmos","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52302}],"timeband_id":1143,"links":[],"end":"2023-12-30T11:00:00.000-0000","id":53824,"begin_timestamp":{"seconds":1703928600,"nanoseconds":0},"village_id":null,"tag_ids":[46132,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52302}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"spans_timebands":"N","begin":"2023-12-30T09:30:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"A short Talk about Tiny Core Linux, an interesting linux distributon, not only because of its small size. \r\n\r\nThen I'll show the system, and answer all questions i can.\r\n\r\nThe talk will be in German, but I'll try to answer any questions asked in English in English.\r\n\r\nI'm looking forward to seeing you :)\n\n\nIch erzähle ein bisschen über Tiny Core Linux, eine der interessantesten Linux Distributionen, nicht nur weil sie so Klein ist.","title":"Tiny Core Linux - Eine Mini-Einführung in die coolste Linux Distro","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"A short Talk about Tiny Core Linux, an interesting linux distributon, not only because of its small size. \r\n\r\nThen I'll show the system, and answer all questions i can.\r\n\r\nThe talk will be in German, but I'll try to answer any questions asked in English in English.\r\n\r\nI'm looking forward to seeing you :)\n\n\nIch erzähle ein bisschen über Tiny Core Linux, eine der interessantesten Linux Distributionen, nicht nur weil sie so Klein ist.","end_timestamp":{"seconds":1703930400,"nanoseconds":0},"updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T10:00:00.000-0000","id":54030,"begin_timestamp":{"seconds":1703926800,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Corridor outside Hall 3 near Openlab Augsburg","hotel":"","short_name":"Corridor outside Hall 3 near Openlab Augsburg","id":46170},"updated":"2023-12-30T01:42:00.000-0000","begin":"2023-12-30T09:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Magnetic Resonance Imaging (MRI) is an imaging diagnostic procedure and probably known to many who have been in the \"MRI tube\" in the hospital.\r\nIn this presentation, I briefly explain MRI from a physical point of view and show the technology and software that is needed to get an MR image.\r\n\r\nAfterwards, I give a brief presentation of the Berkeley Advanced Reconstruction Toolbox (BART), a free and open source software for image reconstruction.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Introduction to Magnetic Resonance Imaging and Image Reconstruction with BART","android_description":"Magnetic Resonance Imaging (MRI) is an imaging diagnostic procedure and probably known to many who have been in the \"MRI tube\" in the hospital.\r\nIn this presentation, I briefly explain MRI from a physical point of view and show the technology and software that is needed to get an MR image.\r\n\r\nAfterwards, I give a brief presentation of the Berkeley Advanced Reconstruction Toolbox (BART), a free and open source software for image reconstruction.","end_timestamp":{"seconds":1703929500,"nanoseconds":0},"updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T09:45:00.000-0000","id":54015,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703926800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"updated":"2023-12-29T15:25:00.000-0000","begin":"2023-12-30T09:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Menschen interessieren sich für Dinge mit Seilen und plötzlich öffnet sich ein ganzes Universum voller Fragen, Hindernissen und technische Gründe sie nicht zu tun - die möchte ich mit euch aus dem Weg räumen.\r\n\r\nIn der Theorie und auch in der Praxis, falls ihr euer eigenes Seil mitbringt. Zielgruppe sind vor allem Leute mit 0 und wenig Erfahrung, die anderen sind aber auch herzlich willkommen.\r\n\r\nMaximal 20 Teilnehmende.\n\n\nBondage für Anfänger*innen - Theorie, auch Praxis.","title":"Bondage für Anfänger*innen","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#7f73c6","name":"Workshop","id":46133},"end_timestamp":{"seconds":1703929800,"nanoseconds":0},"android_description":"Menschen interessieren sich für Dinge mit Seilen und plötzlich öffnet sich ein ganzes Universum voller Fragen, Hindernissen und technische Gründe sie nicht zu tun - die möchte ich mit euch aus dem Weg räumen.\r\n\r\nIn der Theorie und auch in der Praxis, falls ihr euer eigenes Seil mitbringt. Zielgruppe sind vor allem Leute mit 0 und wenig Erfahrung, die anderen sind aber auch herzlich willkommen.\r\n\r\nMaximal 20 Teilnehmende.\n\n\nBondage für Anfänger*innen - Theorie, auch Praxis.","updated_timestamp":{"seconds":1703808300,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T09:50:00.000-0000","id":53999,"tag_ids":[46133,46139],"begin_timestamp":{"seconds":1703925000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"spans_timebands":"N","begin":"2023-12-30T08:30:00.000-0000","updated":"2023-12-29T00:05:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/ratkat\n\n\nRatkat, a Hamburg native, resident DJ at Golden Pudel Club, organizing the club and concertnight “Next Time” together with NIka Son. She has a liveact under the moniker Pose Dia.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Ratkat","android_description":"https://soundcloud.com/ratkat\n\n\nRatkat, a Hamburg native, resident DJ at Golden Pudel Club, organizing the club and concertnight “Next Time” together with NIka Son. She has a liveact under the moniker Pose Dia.","end_timestamp":{"seconds":1703912400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T05:00:00.000-0000","id":53961,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703905200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","begin":"2023-12-30T03:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/rss","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"RSS Disco","android_description":"https://soundcloud.com/rss","end_timestamp":{"seconds":1703907000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T03:30:00.000-0000","id":53966,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703898000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T01:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/lfttrax\n\n\nProducer/DJ from Hamburg Germany.\r\nOne half of Schulverweis.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"L.F.T.","end_timestamp":{"seconds":1703905200,"nanoseconds":0},"android_description":"https://soundcloud.com/lfttrax\n\n\nProducer/DJ from Hamburg Germany.\r\nOne half of Schulverweis.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T03:00:00.000-0000","id":53889,"begin_timestamp":{"seconds":1703898000,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T01:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"ROLL FOR INITIATIVE! In diesem Vortrag und Q&A geht es darum, wie die Spielleitung für Pen&Paper RPGs (besser) klappen kann, wie man eine Gruppe findet und auf was man alles bei der Planung der ersten eigenen Kampagne achten sollte damit die Party sich nicht selber umbringt. :)\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Spielleitung von Pen&Paper RPGs","android_description":"ROLL FOR INITIATIVE! In diesem Vortrag und Q&A geht es darum, wie die Spielleitung für Pen&Paper RPGs (besser) klappen kann, wie man eine Gruppe findet und auf was man alles bei der Planung der ersten eigenen Kampagne achten sollte damit die Party sich nicht selber umbringt. :)","end_timestamp":{"seconds":1703898900,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T01:15:00.000-0000","id":53945,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703895300,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","begin":"2023-12-30T00:15:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: Michael, openlab Augsburg\n\n\n","title":"How to get out of any git situation with these 3 commands","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"Host: Michael, openlab Augsburg","end_timestamp":{"seconds":1703896200,"nanoseconds":0},"updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T00:30:00.000-0000","id":54020,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703892600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"begin":"2023-12-29T23:30:00.000-0000","updated":"2023-12-30T01:42:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The chairman of Europe's biggest furry conference explores the metaphysical and historical connection between furries and the information technology / hacker sphere through a bunch of war stories, anecdotes and drunken shower thoughts. Also a chance to ask a fandom veteran anything you can come up with you always (or never) wanted to know about furries.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"From Hacker to Furry - Why cat ears are just the beginning","end_timestamp":{"seconds":1703895300,"nanoseconds":0},"android_description":"The chairman of Europe's biggest furry conference explores the metaphysical and historical connection between furries and the information technology / hacker sphere through a bunch of war stories, anecdotes and drunken shower thoughts. Also a chance to ask a fandom veteran anything you can come up with you always (or never) wanted to know about furries.","updated_timestamp":{"seconds":1703808300,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T00:15:00.000-0000","id":54000,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703891700,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"begin":"2023-12-29T23:15:00.000-0000","updated":"2023-12-29T00:05:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Crappy robots unite! \r\n\r\nWelcome to hebocon 37c3, where strong robots become weak and flashing hearts melt. \r\n\r\nBring your robot to Stage Y on Friday night and give it the ring. \r\n\r\nHere your quickly assembled robot can become a superstar. High tech and serious pretensions strictly forbidden and accompanied by boos. The rules are simple: bring your own robot, the crappier the machine and the cuter the name, the more popular you'll be with the audience. \r\n\r\nIf you feel like it, write a message like \"ah sounds cool, maybe I'll join in\" or \"au super, I'll bring my robi along\" to hebocon-37c3@posteo.de or contact @huwg:matrix.org at Matrix. \r\n\r\nAll robots welcome except for \r\n- no remote control\r\n- no high-tech\r\n- no weapons (no fire!) \r\n\r\n#callforrobots #callforhonky #callforschrubbi\r\n\r\nWe need at least 4 robots to fight, the more the more.\r\n\r\n(We don't have the capacity to organize a build session, so you'll have to build alone or network with others)\n\n\n","title":"Hebocon","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"Crappy robots unite! \r\n\r\nWelcome to hebocon 37c3, where strong robots become weak and flashing hearts melt. \r\n\r\nBring your robot to Stage Y on Friday night and give it the ring. \r\n\r\nHere your quickly assembled robot can become a superstar. High tech and serious pretensions strictly forbidden and accompanied by boos. The rules are simple: bring your own robot, the crappier the machine and the cuter the name, the more popular you'll be with the audience. \r\n\r\nIf you feel like it, write a message like \"ah sounds cool, maybe I'll join in\" or \"au super, I'll bring my robi along\" to hebocon-37c3@posteo.de or contact @huwg:matrix.org at Matrix. \r\n\r\nAll robots welcome except for \r\n- no remote control\r\n- no high-tech\r\n- no weapons (no fire!) \r\n\r\n#callforrobots #callforhonky #callforschrubbi\r\n\r\nWe need at least 4 robots to fight, the more the more.\r\n\r\n(We don't have the capacity to organize a build session, so you'll have to build alone or network with others)","end_timestamp":{"seconds":1703895000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T00:10:00.000-0000","id":53948,"village_id":null,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703891400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"begin":"2023-12-29T23:10:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/DanaRuh\r\n\r\nBorn and raised in Gera in Germany, Dana Ruh soon found her way to the capital city of Berlin. Since then, she ha been on a constantly evolving musical journey. In the early years, her sound was rooted in techno and landed most often on the label Brouqade Records, which she established in 2007. The label is still running too, and celebrated its 10th Year Birthday Celebration entitled 'Past/Present/Future' that emphatically encapsulated all that's great about the label.\r\nAside from Brouqade, Dana's music has also featured on the liked of Autoreply, Work Them Records, Howl and Underground Quality. It was Jus Ed's label where she released her stunning debut album. 'Naturally' in 2014, an LP that introduced Dana to a whole new audience and showcased her pure house sound with some distinctions. In 2017 she started her new Label 'Cave Recordings' that showcased her wide musical range mainly rooted in House with old school flavor.\r\nWhen she isn't busy in the studio crafting textured tracks, Dana is a fine DJ who holds down resident duties at top Berlin space, Club der Visionaere. It is there that she lays down seductive tracks from the worlds of house and techno as well as gems in between. Aside from her beloved CDV, Dana has played in some of the globe's foremost house and techno nightclubs, often alongside some of the scene's prime movers and shakers.\r\nDespite working in such an over saturated and competitive field, Dana Ruh manages to speak louder and more coherently that most, and for that reason she deserves all the love she gets.\n\n\n","title":"Dana Ruh","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703898000,"nanoseconds":0},"android_description":"https://soundcloud.com/DanaRuh\r\n\r\nBorn and raised in Gera in Germany, Dana Ruh soon found her way to the capital city of Berlin. Since then, she ha been on a constantly evolving musical journey. In the early years, her sound was rooted in techno and landed most often on the label Brouqade Records, which she established in 2007. The label is still running too, and celebrated its 10th Year Birthday Celebration entitled 'Past/Present/Future' that emphatically encapsulated all that's great about the label.\r\nAside from Brouqade, Dana's music has also featured on the liked of Autoreply, Work Them Records, Howl and Underground Quality. It was Jus Ed's label where she released her stunning debut album. 'Naturally' in 2014, an LP that introduced Dana to a whole new audience and showcased her pure house sound with some distinctions. In 2017 she started her new Label 'Cave Recordings' that showcased her wide musical range mainly rooted in House with old school flavor.\r\nWhen she isn't busy in the studio crafting textured tracks, Dana is a fine DJ who holds down resident duties at top Berlin space, Club der Visionaere. It is there that she lays down seductive tracks from the worlds of house and techno as well as gems in between. Aside from her beloved CDV, Dana has played in some of the globe's foremost house and techno nightclubs, often alongside some of the scene's prime movers and shakers.\r\nDespite working in such an over saturated and competitive field, Dana Ruh manages to speak louder and more coherently that most, and for that reason she deserves all the love she gets.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T01:00:00.000-0000","id":53960,"begin_timestamp":{"seconds":1703890800,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","begin":"2023-12-29T23:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The Prompt Battle is a game show format with audience involvement that questions the meaning of prompt engineering in a playful and critical way.\r\nBased on the format of the Rap Battle, eight candidates compete against each other under time pressure on stage in a tournament to solve image and text tasks set for them. The audience decides who has won after each round. The rounds are interrupted by video interludes that illuminate the implications of text-to-image tools from different perspectives.\r\nThe aim of the Prompt Battle is to address the numerous controversial questions that tools such as DALL·E, Stable Diffusion and Midjourney raise for professional creatives. Questions about the origin of training data, the value of creative work, the inflation of images, and the intellectual property of the content produced.\r\n\r\nSince 2022, rapid technological advances in the field of AI-generated content have raised a series of fundamental questions. For artists and designers, the first question is whether creativity can really be automated, and whether prompt engineering really is the future-proof key capability that some believe it to be. Behind the hype, far-reaching ethical, economic, copyright and aesthetic challenges and contradictions are emerging. The Prompt Battle uses the game show format to address these questions in a playful way by confronting the candidates and the audience with prompt engineering tasks tailored to the occasion.\r\n\r\nThe original Prompt Battle was developed at HTW Dresden by Sebastian Schmieg, Florian A. Schmidt, Bernadette Geiger, Robert Hellwig, Emily Krause, Levi Stein, Lina Schwarzenberg and Ella Zickerick.\n\n\n(Live-Stream of Saal 1)\r\nDo you have what it takes to become a Prompt Designer? Based on the Rap Battle format, Prompt Battle is a game show in which people compete against each other with the performative use of language. AI-supported text-to-image software enables the candidates to generate complex photos, images, and illustrations, seemingly out of thin air, by typing in image descriptions, so-called prompts. The audience will decide who will elicit the most surprising, disturbing or beautiful images from the latent space, and who will walk away carrying the prestigious title Prompt Battle Winner.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Stream: Prompt Battle","end_timestamp":{"seconds":1703896200,"nanoseconds":0},"android_description":"The Prompt Battle is a game show format with audience involvement that questions the meaning of prompt engineering in a playful and critical way.\r\nBased on the format of the Rap Battle, eight candidates compete against each other under time pressure on stage in a tournament to solve image and text tasks set for them. The audience decides who has won after each round. The rounds are interrupted by video interludes that illuminate the implications of text-to-image tools from different perspectives.\r\nThe aim of the Prompt Battle is to address the numerous controversial questions that tools such as DALL·E, Stable Diffusion and Midjourney raise for professional creatives. Questions about the origin of training data, the value of creative work, the inflation of images, and the intellectual property of the content produced.\r\n\r\nSince 2022, rapid technological advances in the field of AI-generated content have raised a series of fundamental questions. For artists and designers, the first question is whether creativity can really be automated, and whether prompt engineering really is the future-proof key capability that some believe it to be. Behind the hype, far-reaching ethical, economic, copyright and aesthetic challenges and contradictions are emerging. The Prompt Battle uses the game show format to address these questions in a playful way by confronting the candidates and the audience with prompt engineering tasks tailored to the occasion.\r\n\r\nThe original Prompt Battle was developed at HTW Dresden by Sebastian Schmieg, Florian A. Schmidt, Bernadette Geiger, Robert Hellwig, Emily Krause, Levi Stein, Lina Schwarzenberg and Ella Zickerick.\n\n\n(Live-Stream of Saal 1)\r\nDo you have what it takes to become a Prompt Designer? Based on the Rap Battle format, Prompt Battle is a game show in which people compete against each other with the performative use of language. AI-supported text-to-image software enables the candidates to generate complex photos, images, and illustrations, seemingly out of thin air, by typing in image descriptions, so-called prompts. The audience will decide who will elicit the most surprising, disturbing or beautiful images from the latent space, and who will walk away carrying the prestigious title Prompt Battle Winner.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T00:30:00.000-0000","id":53943,"begin_timestamp":{"seconds":1703890800,"nanoseconds":0},"village_id":null,"tag_ids":[46120,46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","begin":"2023-12-29T23:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The Prompt Battle is a game show format with audience involvement that questions the meaning of prompt engineering in a playful and critical way.\r\nBased on the format of the Rap Battle, eight candidates compete against each other under time pressure on stage in a tournament to solve image and text tasks set for them. The audience decides who has won after each round. The rounds are interrupted by video interludes that illuminate the implications of text-to-image tools from different perspectives.\r\nThe aim of the Prompt Battle is to address the numerous controversial questions that tools such as DALL·E, Stable Diffusion and Midjourney raise for professional creatives. Questions about the origin of training data, the value of creative work, the inflation of images, and the intellectual property of the content produced.\r\n\r\nSince 2022, rapid technological advances in the field of AI-generated content have raised a series of fundamental questions. For artists and designers, the first question is whether creativity can really be automated, and whether prompt engineering really is the future-proof key capability that some believe it to be. Behind the hype, far-reaching ethical, economic, copyright and aesthetic challenges and contradictions are emerging. The Prompt Battle uses the game show format to address these questions in a playful way by confronting the candidates and the audience with prompt engineering tasks tailored to the occasion.\r\n\r\nThe original Prompt Battle was developed at HTW Dresden by Sebastian Schmieg, Florian A. Schmidt, Bernadette Geiger, Robert Hellwig, Emily Krause, Levi Stein, Lina Schwarzenberg and Ella Zickerick.\n\n\nDo you have what it takes to become a Prompt Designer? Based on the Rap Battle format, Prompt Battle is a game show in which people compete against each other with the performative use of language. AI-supported text-to-image software enables the candidates to generate complex photos, images, and illustrations, seemingly out of thin air, by typing in image descriptions, so-called prompts. The audience will decide who will elicit the most surprising, disturbing or beautiful images from the latent space, and who will walk away carrying the prestigious title Prompt Battle Winner.","type":{"conference_id":131,"conference":"37C3","color":"#d3d44d","updated_at":"2023-12-30T22:18+0000","name":"performance","id":46138},"title":"Prompt Battle","end_timestamp":{"seconds":1703896200,"nanoseconds":0},"android_description":"The Prompt Battle is a game show format with audience involvement that questions the meaning of prompt engineering in a playful and critical way.\r\nBased on the format of the Rap Battle, eight candidates compete against each other under time pressure on stage in a tournament to solve image and text tasks set for them. The audience decides who has won after each round. The rounds are interrupted by video interludes that illuminate the implications of text-to-image tools from different perspectives.\r\nThe aim of the Prompt Battle is to address the numerous controversial questions that tools such as DALL·E, Stable Diffusion and Midjourney raise for professional creatives. Questions about the origin of training data, the value of creative work, the inflation of images, and the intellectual property of the content produced.\r\n\r\nSince 2022, rapid technological advances in the field of AI-generated content have raised a series of fundamental questions. For artists and designers, the first question is whether creativity can really be automated, and whether prompt engineering really is the future-proof key capability that some believe it to be. Behind the hype, far-reaching ethical, economic, copyright and aesthetic challenges and contradictions are emerging. The Prompt Battle uses the game show format to address these questions in a playful way by confronting the candidates and the audience with prompt engineering tasks tailored to the occasion.\r\n\r\nThe original Prompt Battle was developed at HTW Dresden by Sebastian Schmieg, Florian A. Schmidt, Bernadette Geiger, Robert Hellwig, Emily Krause, Levi Stein, Lina Schwarzenberg and Ella Zickerick.\n\n\nDo you have what it takes to become a Prompt Designer? Based on the Rap Battle format, Prompt Battle is a game show in which people compete against each other with the performative use of language. AI-supported text-to-image software enables the candidates to generate complex photos, images, and illustrations, seemingly out of thin air, by typing in image descriptions, so-called prompts. The audience will decide who will elicit the most surprising, disturbing or beautiful images from the latent space, and who will walk away carrying the prestigious title Prompt Battle Winner.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53613],"name":"Lina Schwarzenberg","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52265},{"conference_id":131,"event_ids":[53613],"name":"Sebastian Schmieg","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52385},{"conference_id":131,"event_ids":[53613],"name":"Ella Zickerick","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52467}],"timeband_id":1143,"end":"2023-12-30T00:30:00.000-0000","links":[{"label":"Prompt Battle Website","type":"link","url":"https://promptbattle.com/"},{"label":"Prompt Battle Instagram","type":"link","url":"https://www.instagram.com/promptbattle/"}],"id":53613,"village_id":null,"tag_ids":[46120,46138,46139],"begin_timestamp":{"seconds":1703890800,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52467},{"tag_id":46107,"sort_order":1,"person_id":52265},{"tag_id":46107,"sort_order":1,"person_id":52385}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T23:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Dieser Vorträge möchte die (Sozial-)psychologischen und historischen Hintergründe hinter all dem was die moderne Linke nicht mag erklären: Religionen, Hierarchien und klasische Gesellschaftsstrukturen und Rollen.\r\n\r\nHauptquelle dafür wird das Buch \"The righteous Mind\" von Jonathan Haidt, dazu gibt es aber auch noch viele kleine historische und psychologische Fakten und Zusammenhänge.\r\n\r\n🧮\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Über die Hintergründe von Religionen, Hierarchien und klassischen Gesellschaftsstruktern","android_description":"Dieser Vorträge möchte die (Sozial-)psychologischen und historischen Hintergründe hinter all dem was die moderne Linke nicht mag erklären: Religionen, Hierarchien und klasische Gesellschaftsstrukturen und Rollen.\r\n\r\nHauptquelle dafür wird das Buch \"The righteous Mind\" von Jonathan Haidt, dazu gibt es aber auch noch viele kleine historische und psychologische Fakten und Zusammenhänge.\r\n\r\n🧮","end_timestamp":{"seconds":1703894400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T00:00:00.000-0000","id":53557,"begin_timestamp":{"seconds":1703890800,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","begin":"2023-12-29T23:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"**attention: Meeting will be on Dec. 30, 0:00; the webpage is confusing in this case**\r\n\r\ntorservers.net is a global network of non-profits running Tor relays.\r\nIt has been inactive for quite some time.\r\nThis meeting is for all non-profits who are running Tor relays.\r\nThe goal is to discuss and maybe build a future for torservers.net.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"torservers.net reboot meeting","end_timestamp":{"seconds":1703896200,"nanoseconds":0},"android_description":"**attention: Meeting will be on Dec. 30, 0:00; the webpage is confusing in this case**\r\n\r\ntorservers.net is a global network of non-profits running Tor relays.\r\nIt has been inactive for quite some time.\r\nThis meeting is for all non-profits who are running Tor relays.\r\nThe goal is to discuss and maybe build a future for torservers.net.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T00:30:00.000-0000","id":53516,"begin_timestamp":{"seconds":1703890800,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"begin":"2023-12-29T23:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"your technology has a fade in its life expectancy and no reward thing could release you from your misery\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Jendrik_Deep Aid","android_description":"your technology has a fade in its life expectancy and no reward thing could release you from your misery","end_timestamp":{"seconds":1703898000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-30T01:00:00.000-0000","id":53965,"begin_timestamp":{"seconds":1703889000,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"begin":"2023-12-29T22:30:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Das merkwürdigste aus militärischer Forschung. \r\n\r\nMilitary grade Firewall, Military grade Vollbit Verschlüsselungen etc .. das neuste Buzzword wird wieder durch das Marketing getrieben ? Als Gegenargument gibt es nun die besten militärischen Fehlentwicklungen aus 4 Jahren Och Menno Podcast. Fliegende Panzer und Uboote sind ja genauso logisch wie das vom Marketing.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#4cd5fe","name":"Live podcast stage (45 minutes)","id":46126},"title":"Och Menno - Military Grade Bullshit","end_timestamp":{"seconds":1703891700,"nanoseconds":0},"android_description":"Das merkwürdigste aus militärischer Forschung. \r\n\r\nMilitary grade Firewall, Military grade Vollbit Verschlüsselungen etc .. das neuste Buzzword wird wieder durch das Marketing getrieben ? Als Gegenargument gibt es nun die besten militärischen Fehlentwicklungen aus 4 Jahren Och Menno Podcast. Fliegende Panzer und Uboote sind ja genauso logisch wie das vom Marketing.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53572,53522,53723,54019],"name":"Sven Uckermann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52388}],"timeband_id":1142,"links":[],"end":"2023-12-29T23:15:00.000-0000","id":53522,"tag_ids":[46126,46139],"begin_timestamp":{"seconds":1703889000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52388}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T22:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The well-known show game from day 1 (and, as we heard, apparently also from some tv shows), but with new answers and questions relevant to society such as climate and social justice, politics, transformation, ...\r\nWe will play two rounds open for everyone, you can win fame, honour and unique badges.\r\nThe game itself will be in german.\n\n\n","title":"Sustainability Jeopardy","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703890920,"nanoseconds":0},"android_description":"The well-known show game from day 1 (and, as we heard, apparently also from some tv shows), but with new answers and questions relevant to society such as climate and social justice, politics, transformation, ...\r\nWe will play two rounds open for everyone, you can win fame, honour and unique badges.\r\nThe game itself will be in german.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T23:02:00.000-0000","id":53775,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703887320,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"begin":"2023-12-29T22:02:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"During the past decades, Apple has created iconic devices that have found a place in the hands and hearts of millions of people around the world. As many of these devices have become obsolete, the importance of preserving their digital essence has grown. The emulation of legacy devices with software allows enthusiasts and researchers to explore and interact with them long after the original hardware has ceased to be available. Emulation, therefore, allows the digital preservation of obsolete hardware, ensuring these devices are accessible to future generations.\r\n\r\nThis talk describes a multi-year project named QEMU-iOS that lays the groundwork for emulating legacy Apple devices. In particular, we have focussed on emulating the iPod Touch 2G using QEMU, an open-source framework for hardware emulation. Yet, even emulating an old device with a few peripherals compared to contemporary devices is challenging since the specifications and inner workings of many peripherals are proprietary and completely undocumented.\r\n\r\nThe talk first describes the overall project motivation, goals, and vision. Then, I will discuss the reverse engineering process where multiple undocumented peripherals of the iPod Touch have been analyzed to understand and replicate their specifications in software. A key talking point will be the working of essential peripherals, including the cryptographic engines, the LCD, the Flash memory controller, various hardware communication protocols, the touchscreen driver, and other peripherals. The talk will also detail the booting procedure of the iPod Touch, elaborating on the emulation of the iBoot bootloader, the XNU kernel, and the Springboard application in iOS. Getting the boot chain up and running required extensive debugging efforts using powerful reverse engineering tools such as Ghidra to disassemble and analyze all essential binaries in the boot procedure. After outlining the reverse engineering process, I will present the implementation of QEMU-iOS, which entails a functional emulator that boots the iOS operating system, renders the display, and responds to touches on the screen.\r\n\r\nThe final part of this talk will touch upon the implications of open-sourcing this project, its contribution to the broader emulation and reverse engineering landscape, and the potential it holds for future efforts in emulating other legacy Apple devices, as well as the viability of emulating newer devices with advanced peripherals such as the Neural Engine. I will also discuss existing approaches, highlight where QEMU-iOS differs, and summarize the lessons learned while emulating these devices.\r\n\r\nThis talk is designed for a wide range of people, whether you are new to reverse engineering and emulation or have experience in these fields. The goal is to explain the technical challenges faced during this project in a way that's easy for beginners to understand while also providing more in-depth insights I discovered while working on QEMU-iOS. Through this talk, the aim is not only to share the technical knowledge gained from this project but also to explore the merits of emulation and reverse engineering to keep old devices alive.\n\n\nThis talk presents QEMU-iOS, an open-source emulator of legacy Apple devices. I outline the process of emulating an iPod Touch 2G, discussing the technical challenges and reverse engineering methodologies applied. The talk starts with an overview of the project's goals and then outlines the reverse engineering process, utilizing tools like Ghidra for disassembling the Apple bootloader, XNU kernel, and other binaries. Then, I describe QEMU, a popular framework for emulation, and show how essential iPod Touch peripherals such as the touchscreen, storage, and display have been implemented. Finally, this talk touches upon the implications of open-sourcing this project, its contribution to the emulation and reverse engineering landscape, and its potential for future efforts to emulate newer Apple devices.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"Breathing Life into Legacy: An Open-Source Emulator of Legacy Apple Devices","end_timestamp":{"seconds":1703889600,"nanoseconds":0},"android_description":"During the past decades, Apple has created iconic devices that have found a place in the hands and hearts of millions of people around the world. As many of these devices have become obsolete, the importance of preserving their digital essence has grown. The emulation of legacy devices with software allows enthusiasts and researchers to explore and interact with them long after the original hardware has ceased to be available. Emulation, therefore, allows the digital preservation of obsolete hardware, ensuring these devices are accessible to future generations.\r\n\r\nThis talk describes a multi-year project named QEMU-iOS that lays the groundwork for emulating legacy Apple devices. In particular, we have focussed on emulating the iPod Touch 2G using QEMU, an open-source framework for hardware emulation. Yet, even emulating an old device with a few peripherals compared to contemporary devices is challenging since the specifications and inner workings of many peripherals are proprietary and completely undocumented.\r\n\r\nThe talk first describes the overall project motivation, goals, and vision. Then, I will discuss the reverse engineering process where multiple undocumented peripherals of the iPod Touch have been analyzed to understand and replicate their specifications in software. A key talking point will be the working of essential peripherals, including the cryptographic engines, the LCD, the Flash memory controller, various hardware communication protocols, the touchscreen driver, and other peripherals. The talk will also detail the booting procedure of the iPod Touch, elaborating on the emulation of the iBoot bootloader, the XNU kernel, and the Springboard application in iOS. Getting the boot chain up and running required extensive debugging efforts using powerful reverse engineering tools such as Ghidra to disassemble and analyze all essential binaries in the boot procedure. After outlining the reverse engineering process, I will present the implementation of QEMU-iOS, which entails a functional emulator that boots the iOS operating system, renders the display, and responds to touches on the screen.\r\n\r\nThe final part of this talk will touch upon the implications of open-sourcing this project, its contribution to the broader emulation and reverse engineering landscape, and the potential it holds for future efforts in emulating other legacy Apple devices, as well as the viability of emulating newer devices with advanced peripherals such as the Neural Engine. I will also discuss existing approaches, highlight where QEMU-iOS differs, and summarize the lessons learned while emulating these devices.\r\n\r\nThis talk is designed for a wide range of people, whether you are new to reverse engineering and emulation or have experience in these fields. The goal is to explain the technical challenges faced during this project in a way that's easy for beginners to understand while also providing more in-depth insights I discovered while working on QEMU-iOS. Through this talk, the aim is not only to share the technical knowledge gained from this project but also to explore the merits of emulation and reverse engineering to keep old devices alive.\n\n\nThis talk presents QEMU-iOS, an open-source emulator of legacy Apple devices. I outline the process of emulating an iPod Touch 2G, discussing the technical challenges and reverse engineering methodologies applied. The talk starts with an overview of the project's goals and then outlines the reverse engineering process, utilizing tools like Ghidra for disassembling the Apple bootloader, XNU kernel, and other binaries. Then, I describe QEMU, a popular framework for emulation, and show how essential iPod Touch peripherals such as the touchscreen, storage, and display have been implemented. Finally, this talk touches upon the implications of open-sourcing this project, its contribution to the emulation and reverse engineering landscape, and its potential for future efforts to emulate newer Apple devices.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53942],"name":"Martijn de Vos","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52386}],"timeband_id":1142,"end":"2023-12-29T22:40:00.000-0000","links":[{"label":"The QEMU-iOS source code on GitHub","type":"link","url":"https://github.com/devos50/qemu-ios"},{"label":"A blog post describing the process of reverse engineering the iPod Touch 1G","type":"link","url":"https://devos50.github.io/blog/2022/ipod-touch-qemu/"}],"id":53942,"begin_timestamp":{"seconds":1703887200,"nanoseconds":0},"village_id":null,"tag_ids":[46122,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52386}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"begin":"2023-12-29T22:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"At Chaospott in Essen, we have developed rich tools to interact with and inspect hardware, enabling people to bring their gadgets to new life and run their own code, be it on TV boxes, network cameras, or appliances of various kinds.\r\nIn other words, should a cloud service go down or unmaintained software get compromised, we revive what would otherwise be bricks.\n\n\nWhile more and more hackerspaces have been founded in the recent years, there are many different topics that are being discussed at the same time:\r\nAI, 3D printing, Arduino, social and political questions, and lots more.\r\nWhere are the hacks though? Things are happening, and with this talk, we want to talk about them and call for exchange.","title":"Bringing the Hack Back into the Chaos","type":{"conference_id":131,"conference":"37C3","color":"#f6ae74","updated_at":"2023-12-30T22:18+0000","name":"Talk 90 Minuten +15m Q&A","id":46132},"end_timestamp":{"seconds":1703890800,"nanoseconds":0},"android_description":"At Chaospott in Essen, we have developed rich tools to interact with and inspect hardware, enabling people to bring their gadgets to new life and run their own code, be it on TV boxes, network cameras, or appliances of various kinds.\r\nIn other words, should a cloud service go down or unmaintained software get compromised, we revive what would otherwise be bricks.\n\n\nWhile more and more hackerspaces have been founded in the recent years, there are many different topics that are being discussed at the same time:\r\nAI, 3D printing, Arduino, social and political questions, and lots more.\r\nWhere are the hacks though? Things are happening, and with this talk, we want to talk about them and call for exchange.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53819],"name":"Daniel Maslowski","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52324}],"timeband_id":1142,"links":[],"end":"2023-12-29T23:00:00.000-0000","id":53819,"village_id":null,"begin_timestamp":{"seconds":1703887200,"nanoseconds":0},"tag_ids":[46132,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52324}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"spans_timebands":"Y","begin":"2023-12-29T22:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"You couldn't tie your shoelaces if we lived in four dimensions! And spheres would be much smaller and spikier. We'll take you on a visual tour of these and other curious phenomena unfolding in four dimensions.\r\n\r\nThe space we live in is three-dimensional. But mathematically, four dimensions can be just as easily defined as three dimensions. In the talk, we'll give an accessible introduction to four-dimensional thinking. We'll discuss how to imagine four dimensions, see examples of beautiful four-dimensional shapes, learn how to glue three-dimensional forms to four-dimensional ones and discover what's special about four dimensions. We'll also explore a four-dimensional labyrinth.\r\n\r\nThere's some chance that you'll leave the talk with a new favourite platonic solid.\r\n\r\nThe talk doesn't require any mathematical prerequisites. Exactly two formulas will appear. There will be pretty pictures. Bring your kids (age 12 and above), if they understand English! If you have seen the installment of this talk at the 36c3, then skip this talk, there is very little new material.\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮\n\n\n","title":"Wondrous mathematics: The curious world of four-dimensional geometry","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"You couldn't tie your shoelaces if we lived in four dimensions! And spheres would be much smaller and spikier. We'll take you on a visual tour of these and other curious phenomena unfolding in four dimensions.\r\n\r\nThe space we live in is three-dimensional. But mathematically, four dimensions can be just as easily defined as three dimensions. In the talk, we'll give an accessible introduction to four-dimensional thinking. We'll discuss how to imagine four dimensions, see examples of beautiful four-dimensional shapes, learn how to glue three-dimensional forms to four-dimensional ones and discover what's special about four dimensions. We'll also explore a four-dimensional labyrinth.\r\n\r\nThere's some chance that you'll leave the talk with a new favourite platonic solid.\r\n\r\nThe talk doesn't require any mathematical prerequisites. Exactly two formulas will appear. There will be pretty pictures. Bring your kids (age 12 and above), if they understand English! If you have seen the installment of this talk at the 36c3, then skip this talk, there is very little new material.\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮","end_timestamp":{"seconds":1703890200,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T22:50:00.000-0000","id":53776,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703887200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T22:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In the piece, three different containers of sound are presented: acoustic(Sound diffusion in the architecture), digital (computer based sound algorithms) and analogue (electromagnetic tape and analog processing). This containers, or buffers, are then being intertwined by the performer creating thus sonic textures that interplay with the resonances of the space.\r\n\r\nThe strategy for the sound performance is to articulate a metaphor of a circular-buffer, a data structure used in Computer Science, to the idea brought upon in Derrida’s interview with Ornette Coleman, in which Improvisation practice in music is understood as a reading in which the borders between reading and writing are obfuscated.\r\n\r\nThe work is inspired by the concept of daemon and non-locality explored by Timothy Morton in his reading of Plato’s Ion as well as Ursula K. Le Guin’s The Carrier Bag Theory of Fiction.\n\n\nThe work titled Buffered Daemons is a sound performance that attempts to explore the concepts of translation and non-local interaction in the sound realm. It does so by playing with the idiosyncrasies of audio representation/playback and mobilises them through the creation of an expanded musical situation.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#49bae3","name":"concert","id":46135},"title":"Buffered Daemons","end_timestamp":{"seconds":1703889600,"nanoseconds":0},"android_description":"In the piece, three different containers of sound are presented: acoustic(Sound diffusion in the architecture), digital (computer based sound algorithms) and analogue (electromagnetic tape and analog processing). This containers, or buffers, are then being intertwined by the performer creating thus sonic textures that interplay with the resonances of the space.\r\n\r\nThe strategy for the sound performance is to articulate a metaphor of a circular-buffer, a data structure used in Computer Science, to the idea brought upon in Derrida’s interview with Ornette Coleman, in which Improvisation practice in music is understood as a reading in which the borders between reading and writing are obfuscated.\r\n\r\nThe work is inspired by the concept of daemon and non-locality explored by Timothy Morton in his reading of Plato’s Ion as well as Ursula K. Le Guin’s The Carrier Bag Theory of Fiction.\n\n\nThe work titled Buffered Daemons is a sound performance that attempts to explore the concepts of translation and non-local interaction in the sound realm. It does so by playing with the idiosyncrasies of audio representation/playback and mobilises them through the creation of an expanded musical situation.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53758],"name":"Pedro A. Ramírez","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52393}],"timeband_id":1142,"end":"2023-12-29T22:40:00.000-0000","links":[{"label":"description of the project + video","type":"link","url":"https://airpopcrack.com/Buffered-Daemons"}],"id":53758,"begin_timestamp":{"seconds":1703887200,"nanoseconds":0},"village_id":null,"tag_ids":[46118,46135,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52393}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T22:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Connecting to cellular networks around the world is a highly complex task. iPhones contain a baseband chip (also referred to as a modem) for that purpose. It communicates via a high-level interface with the smartphone’s application processor running iOS. So far, Apple hasn’t been able to build such basebands in-house. Instead, starting from the iPhone 12, they exclusively rely on Qualcomm basebands.\r\n\r\nQualcomm’s basebands use a proprietary protocol for external communication, the Qualcomm MSM Interface. We reverse-engineered its iOS implementation and built a framework to extract the protocol’s packet structures from iOS firmware. Our iOS Wireshark dissector uses these packet structures and enables us to monitor the flow of packets between the baseband and iOS. This allows us to gain new insights into the iPhone’s wireless communication infrastructure, including its satellite connectivity. Our tooling also provides a novel way to directly interact with the baseband chip in jailbroken iPhones, bypassing iOS and unlocking hidden capabilities of the baseband.\r\n\r\nFake or Rouge base stations can be set up by individuals using readily available software-defined radios. Adversaries can utilize them to capture IMSIs of nearby smartphones, track their location, or exploit vulnerable basebands. iPhone users usually don’t notice such attacks, and there are (almost) no protection mechanisms implemented in iOS.\r\n\r\nDuring our research, we discovered Apple’s internal cell location database, which is intended for determining approximate positions. Our CellGuard iOS app combines this database with the QMI analysis framework to monitor various parameters of connected cells, verify their authenticity, and alert users in case there’s suspicious activity. The app even works on non-jailbroken iPhones. We evaluated the app in a lab environment with SDRs and real-world tests since February 2023 and are steadily improving it for a release next year.\n\n\nYour phone’s internal communication contains precious data. It can be analyzed to detect fake base stations used in cellular attacks. For that, we reverse-engineered a proprietary communication channel between the phone’s OS and modem.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"What your phone won’t tell you","android_description":"Connecting to cellular networks around the world is a highly complex task. iPhones contain a baseband chip (also referred to as a modem) for that purpose. It communicates via a high-level interface with the smartphone’s application processor running iOS. So far, Apple hasn’t been able to build such basebands in-house. Instead, starting from the iPhone 12, they exclusively rely on Qualcomm basebands.\r\n\r\nQualcomm’s basebands use a proprietary protocol for external communication, the Qualcomm MSM Interface. We reverse-engineered its iOS implementation and built a framework to extract the protocol’s packet structures from iOS firmware. Our iOS Wireshark dissector uses these packet structures and enables us to monitor the flow of packets between the baseband and iOS. This allows us to gain new insights into the iPhone’s wireless communication infrastructure, including its satellite connectivity. Our tooling also provides a novel way to directly interact with the baseband chip in jailbroken iPhones, bypassing iOS and unlocking hidden capabilities of the baseband.\r\n\r\nFake or Rouge base stations can be set up by individuals using readily available software-defined radios. Adversaries can utilize them to capture IMSIs of nearby smartphones, track their location, or exploit vulnerable basebands. iPhone users usually don’t notice such attacks, and there are (almost) no protection mechanisms implemented in iOS.\r\n\r\nDuring our research, we discovered Apple’s internal cell location database, which is intended for determining approximate positions. Our CellGuard iOS app combines this database with the QMI analysis framework to monitor various parameters of connected cells, verify their authenticity, and alert users in case there’s suspicious activity. The app even works on non-jailbroken iPhones. We evaluated the app in a lab environment with SDRs and real-world tests since February 2023 and are steadily improving it for a release next year.\n\n\nYour phone’s internal communication contains precious data. It can be analyzed to detect fake base stations used in cellular attacks. For that, we reverse-engineered a proprietary communication channel between the phone’s OS and modem.","end_timestamp":{"seconds":1703889600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T22:40:00.000-0000","id":53741,"begin_timestamp":{"seconds":1703887200,"nanoseconds":0},"tag_ids":[46124,46136,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-29T22:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://events.ccc.de/congress/2023/hub/en/event/tea-session-enjoy-a-cup-of-tea-and-chat-with-the-f/\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Tea Session: Enjoy a cup of tea and chat with the FOSSASIA community","android_description":"https://events.ccc.de/congress/2023/hub/en/event/tea-session-enjoy-a-cup-of-tea-and-chat-with-the-f/","end_timestamp":{"seconds":1703890800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T23:00:00.000-0000","id":53535,"begin_timestamp":{"seconds":1703887200,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"spans_timebands":"Y","begin":"2023-12-29T22:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This is a round to play some \"Charades\":\r\n\r\nExplaining concepts with mimes/ gestures only, as an interactive game: All the others watch and shout what comes into their mind, what the person who has to explain can then also react upon.\r\n\r\nIntellectual associative fun when played with difficult / abstract concepts, too, so: No restricting ruleset.\r\n\r\nDrop-in / Drop-out at anytime possible.\r\n\r\n*🧮* \r\n*offered by: [@dreieck](https://events.ccc.de/congress/2023/hub/user/dreieck/)*\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Pantomimisches Begrifferaten / Charades.","android_description":"This is a round to play some \"Charades\":\r\n\r\nExplaining concepts with mimes/ gestures only, as an interactive game: All the others watch and shout what comes into their mind, what the person who has to explain can then also react upon.\r\n\r\nIntellectual associative fun when played with difficult / abstract concepts, too, so: No restricting ruleset.\r\n\r\nDrop-in / Drop-out at anytime possible.\r\n\r\n*🧮* \r\n*offered by: [@dreieck](https://events.ccc.de/congress/2023/hub/user/dreieck/)*","end_timestamp":{"seconds":1703889900,"nanoseconds":0},"updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T22:45:00.000-0000","id":54011,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703886300,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Corridor outside Hall 3 near Openlab Augsburg","hotel":"","short_name":"Corridor outside Hall 3 near Openlab Augsburg","id":46170},"spans_timebands":"N","updated":"2023-12-29T15:25:00.000-0000","begin":"2023-12-29T21:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"**We meet at the free space in front of Saal D.**\r\n\r\nThe organizer of this session will vanish after 20 minutes to go to another session, but of course feel free to continue discussing your favorite works of scifi after that point.\r\n\r\n🧮\n\n\nThere is now a public library of scifi books (and maths textbooks, climate activism, ...) at Stage Y. In this session, held at the free space in front of Saal D, some of these books are introduced and you are encouraged to advertise your favorite books.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Super-lightning talks advertising captivating, intriguing and insightful science fiction stories","android_description":"**We meet at the free space in front of Saal D.**\r\n\r\nThe organizer of this session will vanish after 20 minutes to go to another session, but of course feel free to continue discussing your favorite works of scifi after that point.\r\n\r\n🧮\n\n\nThere is now a public library of scifi books (and maths textbooks, climate activism, ...) at Stage Y. In this session, held at the free space in front of Saal D, some of these books are introduced and you are encouraged to advertise your favorite books.","end_timestamp":{"seconds":1703887200,"nanoseconds":0},"updated_timestamp":{"seconds":1703954760,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T22:00:00.000-0000","id":54024,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703886000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"updated":"2023-12-30T16:46:00.000-0000","begin":"2023-12-29T21:40:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"> Teenage hackers discover a criminal conspiracy with plans to use a computer virus that will capsize five oil tankers.\r\n\r\n# Hack The Planet!\r\n\r\nWhiskeyleaks at Milliways, Hackers at Community Stage.\n\n\n","title":"Movie Night: Hackers","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703891700,"nanoseconds":0},"android_description":"> Teenage hackers discover a criminal conspiracy with plans to use a computer virus that will capsize five oil tankers.\r\n\r\n# Hack The Planet!\r\n\r\nWhiskeyleaks at Milliways, Hackers at Community Stage.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T23:15:00.000-0000","id":53452,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703885400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"begin":"2023-12-29T21:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Trussed is Modern Cryptographic Firmware from Solokeys and Nitrokeys based on Rust. This is an introduction and overview of the status of Trussed.\n\n\nTrussed is Modern Cryptographic Firmware from Solokeys and Nitrokeys based on Rust. This is an introduction and overview of the status of Trussed.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Open Security Token Nitrokey and the Trussed Cryptographic Firmware","android_description":"Trussed is Modern Cryptographic Firmware from Solokeys and Nitrokeys based on Rust. This is an introduction and overview of the status of Trussed.\n\n\nTrussed is Modern Cryptographic Firmware from Solokeys and Nitrokeys based on Rust. This is an introduction and overview of the status of Trussed.","end_timestamp":{"seconds":1703887200,"nanoseconds":0},"updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T22:00:00.000-0000","id":54025,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703883600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"updated":"2023-12-30T01:42:00.000-0000","begin":"2023-12-29T21:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Part 2 of [Pwning meetup](https://events.ccc.de/congress/2023/hub/en/event/pwning-meetup-pwntools-pwndbg/), but feel free to come if you did not attend part 1!\r\n\r\nPwntools and Pwndbg users and contributors assemble!\r\n\r\nWe are hosting a meetup for those who use or develop the two most loved and used tools in the binary exploitation/pwning CTF ([Capture The Flag security competitions](https://en.wikipedia.org/wiki/Capture_the_flag_(cybersecurity))) scene.\r\n\r\nWe will host presentations about Pwntools and Pwndbg from [Arusekk](https://github.com/Arusekk) and [Disconnect3d](https://github.com/disconnect3d) and then we will have a Q&A and discussion time.\r\n\r\nIf you want to present a very short lightning talk (~5min) on those tools or anything else related to pwning, please let us know (e.g., by mailing [dominik.b.czarnota+ccc2023@gmail.com](mailto:dominik.b.czarnota+ccc2023@gmail.com) or pinging [@disconnect3d_pl](https://twitter.com/disconnect3d_pl/) on Twitter).\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Pwning meetup (Pwntools & Pwndbg) part 2","android_description":"Part 2 of [Pwning meetup](https://events.ccc.de/congress/2023/hub/en/event/pwning-meetup-pwntools-pwndbg/), but feel free to come if you did not attend part 1!\r\n\r\nPwntools and Pwndbg users and contributors assemble!\r\n\r\nWe are hosting a meetup for those who use or develop the two most loved and used tools in the binary exploitation/pwning CTF ([Capture The Flag security competitions](https://en.wikipedia.org/wiki/Capture_the_flag_(cybersecurity))) scene.\r\n\r\nWe will host presentations about Pwntools and Pwndbg from [Arusekk](https://github.com/Arusekk) and [Disconnect3d](https://github.com/disconnect3d) and then we will have a Q&A and discussion time.\r\n\r\nIf you want to present a very short lightning talk (~5min) on those tools or anything else related to pwning, please let us know (e.g., by mailing [dominik.b.czarnota+ccc2023@gmail.com](mailto:dominik.b.czarnota+ccc2023@gmail.com) or pinging [@disconnect3d_pl](https://twitter.com/disconnect3d_pl/) on Twitter).","end_timestamp":{"seconds":1703885400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T21:30:00.000-0000","id":53953,"begin_timestamp":{"seconds":1703883600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T21:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/ricardo-villalobos-official\r\n\r\nhttps://www.youtube.com/watch?v=hcoRaktLSnQ\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Ricardo Villalobos","end_timestamp":{"seconds":1703890800,"nanoseconds":0},"android_description":"https://soundcloud.com/ricardo-villalobos-official\r\n\r\nhttps://www.youtube.com/watch?v=hcoRaktLSnQ","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T23:00:00.000-0000","id":53888,"tag_ids":[46137,46141],"village_id":null,"begin_timestamp":{"seconds":1703883600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"begin":"2023-12-29T21:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Let's talk ten year old tech! The Myo armband from Thalmic Labs was once a really strange way to control a computer, and then became a pretty good way to do fine-grained myomuscular electrical detection research for prosthetics. These processes usually have a high cost or involve less-portable computing systems. In order to make a robotic effect that can be deployed apparently independently, it's more interesting to have a low-cost, encapsulated system.\r\n\r\nIn this talk we'll walk through what it takes in 2023 to have a Thalmic Myo armband talk to a Raspberry Pi 3B+ using Python. We'll provide a demonstration of a pneumatic robot based on the Programmable Air system controlled over serial using the armband.\r\n\r\nThe goal of this project is to have access to strong mechanical advantage without the compromises of servos or stepper motors, and with some of the organic feel possible with air or water systems.\n\n\nLet's talk ten year old tech! The myo armband was once a really strange way to control a computer, and then became a way to do fine-grained myomuscular electrical detection research. This is a talk about how to hook a myo to a Raspberry Pi 3B+ in 2023, and from there how to have the armband communicate over serial to other devices. We choose to use it to control a Programmable Air system for pneumatic control of muscular robots.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#6fdce3","name":"Talk 30 min + 10 min Q&A","id":46131},"title":"Encapsulated Electromyography with Myo and Raspi","android_description":"Let's talk ten year old tech! The Myo armband from Thalmic Labs was once a really strange way to control a computer, and then became a pretty good way to do fine-grained myomuscular electrical detection research for prosthetics. These processes usually have a high cost or involve less-portable computing systems. In order to make a robotic effect that can be deployed apparently independently, it's more interesting to have a low-cost, encapsulated system.\r\n\r\nIn this talk we'll walk through what it takes in 2023 to have a Thalmic Myo armband talk to a Raspberry Pi 3B+ using Python. We'll provide a demonstration of a pneumatic robot based on the Programmable Air system controlled over serial using the armband.\r\n\r\nThe goal of this project is to have access to strong mechanical advantage without the compromises of servos or stepper motors, and with some of the organic feel possible with air or water systems.\n\n\nLet's talk ten year old tech! The myo armband was once a really strange way to control a computer, and then became a way to do fine-grained myomuscular electrical detection research. This is a talk about how to hook a myo to a Raspberry Pi 3B+ in 2023, and from there how to have the armband communicate over serial to other devices. We choose to use it to control a Programmable Air system for pneumatic control of muscular robots.","end_timestamp":{"seconds":1703886000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53818],"name":"Alex Leitch","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52322},{"conference_id":131,"event_ids":[53818],"name":"Celia Chen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52387}],"timeband_id":1142,"links":[],"end":"2023-12-29T21:40:00.000-0000","id":53818,"village_id":null,"tag_ids":[46131,46140],"begin_timestamp":{"seconds":1703883600,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52322},{"tag_id":46107,"sort_order":1,"person_id":52387}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"begin":"2023-12-29T21:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"I think the Advent of Code (https://www.adventofcode.com) is a great Advent calendar. But some of the puzzles are rather more difficult, and I don't have time to do them every day, so there are still a few puzzles left unsolved. I think many of you feel the same way.\r\n\r\nThis is an invitation to meet and crack the last puzzles together. It's always more fun together.\r\n\r\nI have solved my puzzles in Kotlin and can also provide support for Java, Python, Dart and JavaScript.\r\n\r\nPlease bring your own laptops.\r\n\r\nDisclaimer: I am not affiliated in any way with AdventOfCode.com\n\n\n","title":"Finish Advent Of Code beenden","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"I think the Advent of Code (https://www.adventofcode.com) is a great Advent calendar. But some of the puzzles are rather more difficult, and I don't have time to do them every day, so there are still a few puzzles left unsolved. I think many of you feel the same way.\r\n\r\nThis is an invitation to meet and crack the last puzzles together. It's always more fun together.\r\n\r\nI have solved my puzzles in Kotlin and can also provide support for Java, Python, Dart and JavaScript.\r\n\r\nPlease bring your own laptops.\r\n\r\nDisclaimer: I am not affiliated in any way with AdventOfCode.com","end_timestamp":{"seconds":1703887200,"nanoseconds":0},"updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T22:00:00.000-0000","id":53521,"begin_timestamp":{"seconds":1703883600,"nanoseconds":0},"tag_ids":[46137,46139,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"N","updated":"2023-12-29T15:25:00.000-0000","begin":"2023-12-29T21:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir schauen und kommentieren die Serie Stromberg, Folge für Folge. Ein Rewatch Podcast von Fans für Fans!","type":{"conference_id":131,"conference":"37C3","color":"#53b574","updated_at":"2023-12-30T22:18+0000","name":"Podcasting table (90 minutes)","id":46129},"title":"Radio Capitol - Der Rewatch Podcast","end_timestamp":{"seconds":1703889000,"nanoseconds":0},"android_description":"Wir schauen und kommentieren die Serie Stromberg, Folge für Folge. Ein Rewatch Podcast von Fans für Fans!","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53696,53507,53458],"name":"MacSnider","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52346}],"timeband_id":1142,"links":[],"end":"2023-12-29T22:30:00.000-0000","id":53507,"village_id":null,"tag_ids":[46129,46139],"begin_timestamp":{"seconds":1703883600,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52346}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T21:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"A chat about Game Boys, hardware and everything. Either in continuation of the talk \"Reconstructing game footage from a Game Boy's memory bus\" at 20:30 at \"Saal Grace\" for those who want to know more about the \"GB Interceptor\" or for anyone who wants to meet and talk about the old gaming consoles.\n\n\nA chat about Game Boys, hardware and everything.","title":"Game Boy chat","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703887200,"nanoseconds":0},"android_description":"A chat about Game Boys, hardware and everything. Either in continuation of the talk \"Reconstructing game footage from a Game Boy's memory bus\" at 20:30 at \"Saal Grace\" for those who want to know more about the \"GB Interceptor\" or for anyone who wants to meet and talk about the old gaming consoles.\n\n\nA chat about Game Boys, hardware and everything.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T22:00:00.000-0000","id":53502,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703883600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"House","hotel":"","short_name":"House","id":46137},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T21:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Offene Diskussion im Fishbowl-Format:\r\n\r\nhttps://sendegate.de/t/37c3-session-rueckkanal-bei-der-podcasterei-twitter-ist-tot-es-lebe-das-fediverse/16719","title":"Rückkanal bei der Podcasterei: Twitter ist tot, Es lebe das Fediverse?!","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#e78bea","name":"Live podcast stage (90 minutes)","id":46127},"android_description":"Offene Diskussion im Fishbowl-Format:\r\n\r\nhttps://sendegate.de/t/37c3-session-rueckkanal-bei-der-podcasterei-twitter-ist-tot-es-lebe-das-fediverse/16719","end_timestamp":{"seconds":1703888100,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T22:15:00.000-0000","id":53792,"begin_timestamp":{"seconds":1703882700,"nanoseconds":0},"village_id":null,"tag_ids":[46127,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"begin":"2023-12-29T20:45:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Attend this talk for a presentation about an unusual variant of lock picking, which does not involve any wrenches, hooks or half-diamond picks. Instead the used tools are a software defined radio, PIC programmer and some self-developed software to gain access without using the original key remote control.\r\n\r\nIf you had fun watching the [Hörmann BiSecur talk at 34C3](https://media.ccc.de/v/34c3-9029-uncovering_vulnerabilities_in_hoermann_bisecur), this talk is for you! If you haven't watched it, it is highly recommended to catch up on it before attending this talk. While it is about a different product from a different vendor, there are many parallels and it can be seen as a sequel talk.\r\n\r\nThe plan for this talk is to first have a look at the radio signals from the door lock using a SDR. After making sense of the used message protocol, the hardware is analyzed to understand how it works and how to get access to the used micro-controllers (PIC18LF45K80 & PIC16LF1829). In the next step, the firmware from the read-protected PIC microcontroller is extracted by extending the existing PIC attacks. Last but not least the results will be demonstrated.\n\n\nMainframe, Oldenburg's Hackerspace, needed a wireless door lock solution. We do not trust vendors advertising promises about the device security and had a closer look.","title":"Unlocked: PICing a wireless door access system","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"android_description":"Attend this talk for a presentation about an unusual variant of lock picking, which does not involve any wrenches, hooks or half-diamond picks. Instead the used tools are a software defined radio, PIC programmer and some self-developed software to gain access without using the original key remote control.\r\n\r\nIf you had fun watching the [Hörmann BiSecur talk at 34C3](https://media.ccc.de/v/34c3-9029-uncovering_vulnerabilities_in_hoermann_bisecur), this talk is for you! If you haven't watched it, it is highly recommended to catch up on it before attending this talk. While it is about a different product from a different vendor, there are many parallels and it can be seen as a sequel talk.\r\n\r\nThe plan for this talk is to first have a look at the radio signals from the door lock using a SDR. After making sense of the used message protocol, the hardware is analyzed to understand how it works and how to get access to the used micro-controllers (PIC18LF45K80 & PIC16LF1829). In the next step, the firmware from the read-protected PIC microcontroller is extracted by extending the existing PIC attacks. Last but not least the results will be demonstrated.\n\n\nMainframe, Oldenburg's Hackerspace, needed a wireless door lock solution. We do not trust vendors advertising promises about the device security and had a closer look.","end_timestamp":{"seconds":1703886300,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"end":"2023-12-29T21:45:00.000-0000","links":[{"label":"BSI Product Warning","type":"link","url":"https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Warnungen-nach-P7_BSIG/Archiv/2022/BSI_W-005-220810.pdf?__blob=publicationFile&v=16"},{"label":"Gnuradio Files","type":"link","url":"https://github.com/sre/mrf89xa-gnuradio"},{"label":"BBB MRF89XA Cape","type":"link","url":"https://github.com/sre/bbb-mrf89xa-cape"},{"label":"PIC flashing software for Raspberry Pi","type":"link","url":"https://github.com/sre/picberry"}],"id":53757,"village_id":null,"begin_timestamp":{"seconds":1703882700,"nanoseconds":0},"tag_ids":[46124,46136,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"begin":"2023-12-29T20:45:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Die einzelnen Systeme eines U-Boots sind nicht kompliziert. Aber die Schwierigkeit liegt in der Summe der Einzelsysteme, die auf engem Raum im Zusammenspiel sicher funktionieren müssen. Der Fokus des Vortrags liegt neben unserer kurzweiligen Geschichte auf den technischen Schwierigkeiten, zu denen sich in der Literatur wenig findet oder wegen derer es nicht gleich auf Anhieb funktioniert hat. Damit ihr, falls ihr ähnliches plant, einen besseren Start habt und von unseren Fehlern profitieren könnt.\r\n\r\nWas gibt es bei der Wahl eines geeigneten Drucktanks zu beachten?\r\nWie lässt sich eine wasserdichte Luke konstruieren?\r\nDrahtlose Unterwasserkommunikation mittels Ultraschall?\r\nWie bauen wir Redundanz in die Systeme ein?\r\nWie werden wir das CO2 los, um nicht zu ersticken?\r\nWarum sind auf einmal Risse in den Scheiben?\r\nWas tun, wenn nichts mehr geht?\r\nUnd was, wenn dann auch noch die Polizei kommt?\r\n\r\nIn dem Vortrag geht es nicht um Probleme anderer kaputter U-Boote. Wir werden das Titan-Desaster mit maximal einer Folie behandeln.\r\n\r\nMit Fotos von Selene Magnolia\n\n\n3,4 Tonnen schwer, 4,3 Meter lang, Material: Stahl, Farbe: Orange und der Fahrzeugtyp ist „Sporttauchboot”. Vom Fund eines Drucktanks bis zum ersten Tauchgang auf den Grund eines Tagebausees – wir erzählen von unseren größten Herausforderungen sowie Fehlschlägen.\r\n\r\nWir laden euch ein zu einem technischen Beratungsgespräch für alle, die schonmal mit dem Gedanken gespielt haben, ein U-Boot zu bauen.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"How to build a submarine and survive","end_timestamp":{"seconds":1703886300,"nanoseconds":0},"android_description":"Die einzelnen Systeme eines U-Boots sind nicht kompliziert. Aber die Schwierigkeit liegt in der Summe der Einzelsysteme, die auf engem Raum im Zusammenspiel sicher funktionieren müssen. Der Fokus des Vortrags liegt neben unserer kurzweiligen Geschichte auf den technischen Schwierigkeiten, zu denen sich in der Literatur wenig findet oder wegen derer es nicht gleich auf Anhieb funktioniert hat. Damit ihr, falls ihr ähnliches plant, einen besseren Start habt und von unseren Fehlern profitieren könnt.\r\n\r\nWas gibt es bei der Wahl eines geeigneten Drucktanks zu beachten?\r\nWie lässt sich eine wasserdichte Luke konstruieren?\r\nDrahtlose Unterwasserkommunikation mittels Ultraschall?\r\nWie bauen wir Redundanz in die Systeme ein?\r\nWie werden wir das CO2 los, um nicht zu ersticken?\r\nWarum sind auf einmal Risse in den Scheiben?\r\nWas tun, wenn nichts mehr geht?\r\nUnd was, wenn dann auch noch die Polizei kommt?\r\n\r\nIn dem Vortrag geht es nicht um Probleme anderer kaputter U-Boote. Wir werden das Titan-Desaster mit maximal einer Folie behandeln.\r\n\r\nMit Fotos von Selene Magnolia\n\n\n3,4 Tonnen schwer, 4,3 Meter lang, Material: Stahl, Farbe: Orange und der Fahrzeugtyp ist „Sporttauchboot”. Vom Fund eines Drucktanks bis zum ersten Tauchgang auf den Grund eines Tagebausees – wir erzählen von unseren größten Herausforderungen sowie Fehlschlägen.\r\n\r\nWir laden euch ein zu einem technischen Beratungsgespräch für alle, die schonmal mit dem Gedanken gespielt haben, ein U-Boot zu bauen.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53749],"name":"Elias","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52343}],"timeband_id":1142,"links":[],"end":"2023-12-29T21:45:00.000-0000","id":53749,"begin_timestamp":{"seconds":1703882700,"nanoseconds":0},"tag_ids":[46122,46136,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52343}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"begin":"2023-12-29T20:45:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Freut Euch unter anderem auf die besten Auskunfts-Klagen der vergangenen Jahre, laufende Strafverfahren gegen FragDenStaat, missglückte Geldübergaben an die EU-Grenzpolizei und die Frage, ob das alles irgendwas bringt.\r\n\r\nEuch erwartet außerdem ein Best-Of des Freiheitsfonds, der in zwei Jahren mehr als 900 Menschen aus dem Gefängnis befreit und eine Gesetzesänderung angestoßen hat. \r\n\r\nVielleicht wird auch gesungen.\n\n\nWie umgehen mit der politischen Verzweiflung? Was tun, wenn der Staat keine der Krisen wirklich noch bekämpfen kann, sondern nur neue erzeugt? Reicht es noch, für Transparenz zu kämpfen?\r\n\r\nDas Beste aus dem letzten Jahr – nein, aus den letzten vier Jahren! – FragDenStaat und Informationsfreiheit. Wir plaudern aus dem Nähkästchen von verlorenen Klagen gegen Frontex über Nazis im EU-Parlament bis zu den Pimmelgate-Akten und darüber, wie aus einer kleinen Recherche die größte Gefangenenbefreiung der deutschen Geschichte wurde.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"Heimlich-Manöver","end_timestamp":{"seconds":1703886300,"nanoseconds":0},"android_description":"Freut Euch unter anderem auf die besten Auskunfts-Klagen der vergangenen Jahre, laufende Strafverfahren gegen FragDenStaat, missglückte Geldübergaben an die EU-Grenzpolizei und die Frage, ob das alles irgendwas bringt.\r\n\r\nEuch erwartet außerdem ein Best-Of des Freiheitsfonds, der in zwei Jahren mehr als 900 Menschen aus dem Gefängnis befreit und eine Gesetzesänderung angestoßen hat. \r\n\r\nVielleicht wird auch gesungen.\n\n\nWie umgehen mit der politischen Verzweiflung? Was tun, wenn der Staat keine der Krisen wirklich noch bekämpfen kann, sondern nur neue erzeugt? Reicht es noch, für Transparenz zu kämpfen?\r\n\r\nDas Beste aus dem letzten Jahr – nein, aus den letzten vier Jahren! – FragDenStaat und Informationsfreiheit. Wir plaudern aus dem Nähkästchen von verlorenen Klagen gegen Frontex über Nazis im EU-Parlament bis zu den Pimmelgate-Akten und darüber, wie aus einer kleinen Recherche die größte Gefangenenbefreiung der deutschen Geschichte wurde.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T21:45:00.000-0000","id":53740,"begin_timestamp":{"seconds":1703882700,"nanoseconds":0},"tag_ids":[46121,46136,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T20:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Berlin artist & Garbicz Ambient floor curator Chiara will put together dreamy house & trippy ambient tracks into a loving cosy flying carpet for the relaxation of the exhausted Nerd mind. Fluffy house music from Berlin underground micro house labels may involves excursions in wiggling hips and moving feet e.g. dancing, while energetic ambient may delivers shifts in consciousness - gentle breathing & body awareness is always recommended.\n\n\nhttps://soundcloud.com/chiara-salome","title":"Chiara Salome","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703889000,"nanoseconds":0},"android_description":"Berlin artist & Garbicz Ambient floor curator Chiara will put together dreamy house & trippy ambient tracks into a loving cosy flying carpet for the relaxation of the exhausted Nerd mind. Fluffy house music from Berlin underground micro house labels may involves excursions in wiggling hips and moving feet e.g. dancing, while energetic ambient may delivers shifts in consciousness - gentle breathing & body awareness is always recommended.\n\n\nhttps://soundcloud.com/chiara-salome","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T22:30:00.000-0000","id":53855,"begin_timestamp":{"seconds":1703881800,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T20:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Einstein's Theories of Relativity are often claimed to be the pinnacle of human ingeniousness. The core of General Relativity are the Field Equations to explain the phenomenon of gravity as the curvature of spacetime. In this talk, we will look at how the Field Equations work, how its terms express the curvature of spacetime why everything has to be so complicated.\r\n\r\n🧮🦆\n\n\n","title":"Einstein's Field Equations: Understanding their gravity","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"Einstein's Theories of Relativity are often claimed to be the pinnacle of human ingeniousness. The core of General Relativity are the Field Equations to explain the phenomenon of gravity as the curvature of spacetime. In this talk, we will look at how the Field Equations work, how its terms express the curvature of spacetime why everything has to be so complicated.\r\n\r\n🧮🦆","end_timestamp":{"seconds":1703883600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T21:00:00.000-0000","id":53451,"village_id":null,"begin_timestamp":{"seconds":1703880900,"nanoseconds":0},"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T20:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"**DE**\r\n\r\nAuf Wunsch gibt es einen Spieleabend, den wir möglichst offen, chaotisch und gut gestalten wollen. Wir sind gespannt, was uns zusammen erwarten wird. \r\n\r\nBringt etwas mit, das ihr gerne mit Menschen zusammen spielen möchtet. Am Anfang könnt ihr in wenigen Sätzen vorstellen, was ihr mitgebracht habt und gerne mit anderen spielen möchtet. Dann können sich Menschen für Dinge melden, bis hoffentlich alle, die mitspielen wollen, versorgt sind. Und das Spielen kann beginnen. Wenn Spiele enden, können sich bestimmt nochmal neue Gruppen in Eigenregie finden. \r\n\r\n------\r\n\r\n**EN**\r\n\r\nUpon request, there will be a game night, which we want to make as open, chaotic and good as possible. We are excited to see what will await us together. \r\n\r\nBring something that you would like to play together with people. At the beginning you can introduce in a few sentences what you have brought and would like to play with others. Then people can sign up for things until hopefully everyone who wants to play is taken care of. And the playing can begin. When games end, new groups can certainly form on their own.\n\n\n**DE**\r\n\r\nOffener Abend, wo wir Platz bieten, damit Leute sich für gesellige Spiele treffen können, ob Pen and Paper, Brett- oder Kartenspiele... kommt an die Tische, lasst euch in den Sitzecken nieder und tut gemeinsam lustige Dinge. Natürlich so lang die Nacht euch begeistert.\r\n\r\n------\r\n\r\n**EN**\r\n\r\nOpen evening where we offer space for people to meet for social games, whether pen and paper, board or card games.... come to the tables, settle down in the sitting areas and do fun things together. As long as the night excites you, of course.","type":{"conference_id":131,"conference":"37C3","color":"#7f73c6","updated_at":"2023-12-30T22:18+0000","name":"Workshop","id":46133},"title":"Zeit für Papier, Bretter und Spiele | Time for Games","end_timestamp":{"seconds":1703891400,"nanoseconds":0},"android_description":"**DE**\r\n\r\nAuf Wunsch gibt es einen Spieleabend, den wir möglichst offen, chaotisch und gut gestalten wollen. Wir sind gespannt, was uns zusammen erwarten wird. \r\n\r\nBringt etwas mit, das ihr gerne mit Menschen zusammen spielen möchtet. Am Anfang könnt ihr in wenigen Sätzen vorstellen, was ihr mitgebracht habt und gerne mit anderen spielen möchtet. Dann können sich Menschen für Dinge melden, bis hoffentlich alle, die mitspielen wollen, versorgt sind. Und das Spielen kann beginnen. Wenn Spiele enden, können sich bestimmt nochmal neue Gruppen in Eigenregie finden. \r\n\r\n------\r\n\r\n**EN**\r\n\r\nUpon request, there will be a game night, which we want to make as open, chaotic and good as possible. We are excited to see what will await us together. \r\n\r\nBring something that you would like to play together with people. At the beginning you can introduce in a few sentences what you have brought and would like to play with others. Then people can sign up for things until hopefully everyone who wants to play is taken care of. And the playing can begin. When games end, new groups can certainly form on their own.\n\n\n**DE**\r\n\r\nOffener Abend, wo wir Platz bieten, damit Leute sich für gesellige Spiele treffen können, ob Pen and Paper, Brett- oder Kartenspiele... kommt an die Tische, lasst euch in den Sitzecken nieder und tut gemeinsam lustige Dinge. Natürlich so lang die Nacht euch begeistert.\r\n\r\n------\r\n\r\n**EN**\r\n\r\nOpen evening where we offer space for people to meet for social games, whether pen and paper, board or card games.... come to the tables, settle down in the sitting areas and do fun things together. As long as the night excites you, of course.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T23:10:00.000-0000","id":53810,"tag_ids":[46133,46139],"village_id":null,"begin_timestamp":{"seconds":1703880600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T20:10:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"QnA Session at 9pm with one of the open epaper link devs at Chaoszone","title":"OpenEPaperLink: Q&A Session with one of the devs","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703883600,"nanoseconds":0},"android_description":"QnA Session at 9pm with one of the open epaper link devs at Chaoszone","updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T21:00:00.000-0000","id":54021,"begin_timestamp":{"seconds":1703880000,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"ChaosZone","hotel":"","short_name":"ChaosZone","id":46138},"updated":"2023-12-30T01:42:00.000-0000","begin":"2023-12-29T20:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We do:\r\n- Climbing up and down the rope (caterpillars/abseiling)\r\n- Climbing on lanterns and trees with slings (taping)\r\n- Rescuing (on the rope and when taping)\r\n- All the knots you want to learn\r\n\r\nIf you arrive late and miss us, call us at +4917695110311 (via the old-fashioned phone, not Signal or Telegram).\r\n\r\nIf there is a lot of interest, we can also extend the workshop beyond the planned 60 minutes :-)\r\n\r\n🧮\n\n\n","title":"Block motorways, occupy trees and hang up banners – Beginner's workshop and advanced workshop for activist climbing (Basisworkshop aktivistisches Klettern)","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"We do:\r\n- Climbing up and down the rope (caterpillars/abseiling)\r\n- Climbing on lanterns and trees with slings (taping)\r\n- Rescuing (on the rope and when taping)\r\n- All the knots you want to learn\r\n\r\nIf you arrive late and miss us, call us at +4917695110311 (via the old-fashioned phone, not Signal or Telegram).\r\n\r\nIf there is a lot of interest, we can also extend the workshop beyond the planned 60 minutes :-)\r\n\r\n🧮","end_timestamp":{"seconds":1703883600,"nanoseconds":0},"updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T21:00:00.000-0000","id":54009,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703880000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Unter der Rakete in der Eingangshalle","hotel":"","short_name":"Unter der Rakete in der Eingangshalle","id":46168},"spans_timebands":"N","begin":"2023-12-29T20:00:00.000-0000","updated":"2023-12-30T01:42:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This talk will cover different attack vectors on a Z-Wave network and describe how the protocol evolved to mitigate those threats. Many smart homes are still vulnerable to the described attacks.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Breaking into Wireless Smart Homes, Z-Wave example","end_timestamp":{"seconds":1703883600,"nanoseconds":0},"android_description":"This talk will cover different attack vectors on a Z-Wave network and describe how the protocol evolved to mitigate those threats. Many smart homes are still vulnerable to the described attacks.","updated_timestamp":{"seconds":1703817540,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T21:00:00.000-0000","id":54006,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703880000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"begin":"2023-12-29T20:00:00.000-0000","updated":"2023-12-29T02:39:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"live played on SuperCollider with breath-controller and tablets","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"improvised sound-oriented electronic music by πxl","android_description":"live played on SuperCollider with breath-controller and tablets","end_timestamp":{"seconds":1703883600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T21:00:00.000-0000","id":53857,"village_id":null,"begin_timestamp":{"seconds":1703880000,"nanoseconds":0},"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Art and Play Workshop table [H]","hotel":"","short_name":"Art and Play Workshop table [H]","id":46162},"spans_timebands":"N","begin":"2023-12-29T20:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: Sebastian Jünemann\r\n\r\nDas Vermissen hat ein Ende…wir erlösen euch mit unserer ganz eigenen Version der Gameshow. Zu erraten sind allerdings nicht wie im Original die Preise aller möglichen (und unmöglichen) Konsumgüter aus dem Discounter nebenan; sondern die Kosten für verschiedenste Dinge, die wir für unsere humanitären Katastropheneinsätze brauchen. \r\nBei unserem Spiel „Der humanitäre Preis ist heiß“ können wir zwar nicht mit 90er-Jahre Outfits und Moderationsausnahmetalenten wie Harry Wijnfoord aufwarten…aber dafür mit einer Menge Spaß, profundem Wissen wofür eure Spenden ausgegeben werden und natürlich Schnaps.\n\n\nWer kennt sie nicht noch, die nervtötende Ode an den Kapitalismus „Der Preis ist heiß“.","title":"Der (humanitäre) Preis ist heiß","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703883600,"nanoseconds":0},"android_description":"Host: Sebastian Jünemann\r\n\r\nDas Vermissen hat ein Ende…wir erlösen euch mit unserer ganz eigenen Version der Gameshow. Zu erraten sind allerdings nicht wie im Original die Preise aller möglichen (und unmöglichen) Konsumgüter aus dem Discounter nebenan; sondern die Kosten für verschiedenste Dinge, die wir für unsere humanitären Katastropheneinsätze brauchen. \r\nBei unserem Spiel „Der humanitäre Preis ist heiß“ können wir zwar nicht mit 90er-Jahre Outfits und Moderationsausnahmetalenten wie Harry Wijnfoord aufwarten…aber dafür mit einer Menge Spaß, profundem Wissen wofür eure Spenden ausgegeben werden und natürlich Schnaps.\n\n\nWer kennt sie nicht noch, die nervtötende Ode an den Kapitalismus „Der Preis ist heiß“.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T21:00:00.000-0000","id":53788,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703880000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T20:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This meet up is for all of you who are in touch with trains. \r\n\r\nHere you can discuss various topics, for example the recent timetable change, new things in ETCS or experiences in ticketing.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Bahnbubble Meetup","end_timestamp":{"seconds":1703885400,"nanoseconds":0},"android_description":"This meet up is for all of you who are in touch with trains. \r\n\r\nHere you can discuss various topics, for example the recent timetable change, new things in ETCS or experiences in ticketing.","updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T21:30:00.000-0000","id":53774,"begin_timestamp":{"seconds":1703880000,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"begin":"2023-12-29T20:00:00.000-0000","updated":"2023-12-29T15:25:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Frustrated by the absence of a unified calendar for all ERFA, CCCV, and CCC family events? Wondering why such a resource is hard to create and maintain?\r\nEvent aggregation, particularly when open source and non-profit, could be a key solution, addressing challenges both within and beyond the chaos community. Our approach tries to address three critical needs: the event participants' need to get the information, the event organizers' need to have a single source of truth for their event data (and to have it under their control), and the world's need to have things be more accessible.\r\nThis talk introduces boudicca.events, an open-source project aimed at reframing event aggregation. Our solution is centered around creating a extendable, open, and easily accessible source for all event-related data, thereby empowering both organizers and participants.\r\nI will be highlighting the architecture and decisions behind boudicca.events and the challenges that are still to come. Join us to explore how this project could not only enhance event visibility within the chaos community but also has the potential to impact far beyond.\n\n\n","title":"boudicca.events - open source event aggregation","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703881800,"nanoseconds":0},"android_description":"Frustrated by the absence of a unified calendar for all ERFA, CCCV, and CCC family events? Wondering why such a resource is hard to create and maintain?\r\nEvent aggregation, particularly when open source and non-profit, could be a key solution, addressing challenges both within and beyond the chaos community. Our approach tries to address three critical needs: the event participants' need to get the information, the event organizers' need to have a single source of truth for their event data (and to have it under their control), and the world's need to have things be more accessible.\r\nThis talk introduces boudicca.events, an open-source project aimed at reframing event aggregation. Our solution is centered around creating a extendable, open, and easily accessible source for all event-related data, thereby empowering both organizers and participants.\r\nI will be highlighting the architecture and decisions behind boudicca.events and the challenges that are still to come. Join us to explore how this project could not only enhance event visibility within the chaos community but also has the potential to impact far beyond.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T20:30:00.000-0000","id":53765,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703879100,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"begin":"2023-12-29T19:45:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Teichmann + Soehne’s »Flows« is not so much the result of a collaborative process as it is a process in itself. Over the course of nine pieces, the Gebrüder Teichmann – Andi and Hannes – and their father Uli repeatedly find common ground between the very different musical styles, sound aesthetics, and subcultural codes they have internalised throughout their lives.\r\nThe combination of Uli’s background as a versatile jazz artist and multi-instrumentalist with his sons’ penchant for dub techniques, modular synthesis, and live sampling as well as their interest in electronic dance music take on ever-different shapes. Their album »Flows« released on the occasion of Uli’s 80th birthday in 2023, is as joyful, lively and free-spirited as its makers.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Teichmann & Söhne","android_description":"Teichmann + Soehne’s »Flows« is not so much the result of a collaborative process as it is a process in itself. Over the course of nine pieces, the Gebrüder Teichmann – Andi and Hannes – and their father Uli repeatedly find common ground between the very different musical styles, sound aesthetics, and subcultural codes they have internalised throughout their lives.\r\nThe combination of Uli’s background as a versatile jazz artist and multi-instrumentalist with his sons’ penchant for dub techniques, modular synthesis, and live sampling as well as their interest in electronic dance music take on ever-different shapes. Their album »Flows« released on the occasion of Uli’s 80th birthday in 2023, is as joyful, lively and free-spirited as its makers.","end_timestamp":{"seconds":1703883600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T21:00:00.000-0000","id":53959,"village_id":null,"begin_timestamp":{"seconds":1703878200,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T19:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Whisky ist ein scheinbar einfaches Getränk: Wasser, Hefe, Gerstenmalz und dann drei Jahre ins Eichenfass. Doch bei genauerem Hinsehen bleiben viele Fragen offen. Warum muss man Scotch Whisky in einer Destille aus Kupfer herstellen? Weshalb werden die Fässer ausgebrannt? Und warum schmeckt mancher Whisky nach Lagerfeuer, andere aber nach Krankenhaus? Hinter all dem stecken oft überraschende chemische und physikalische Prozesse, die auch heute noch Rätsel aufgeben.\n\n\nMit einem Glas in der Hand durch die Chemie und Physik eines überraschend komplizierten Getränks","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#6fdce3","name":"Talk 30 min + 10 min Q&A","id":46131},"title":"Die Wissenschaft vom Whisky","end_timestamp":{"seconds":1703881800,"nanoseconds":0},"android_description":"Whisky ist ein scheinbar einfaches Getränk: Wasser, Hefe, Gerstenmalz und dann drei Jahre ins Eichenfass. Doch bei genauerem Hinsehen bleiben viele Fragen offen. Warum muss man Scotch Whisky in einer Destille aus Kupfer herstellen? Weshalb werden die Fässer ausgebrannt? Und warum schmeckt mancher Whisky nach Lagerfeuer, andere aber nach Krankenhaus? Hinter all dem stecken oft überraschende chemische und physikalische Prozesse, die auch heute noch Rätsel aufgeben.\n\n\nMit einem Glas in der Hand durch die Chemie und Physik eines überraschend komplizierten Getränks","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53817],"name":"Lars Fischer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52484}],"timeband_id":1142,"links":[],"end":"2023-12-29T20:30:00.000-0000","id":53817,"village_id":null,"tag_ids":[46131,46139],"begin_timestamp":{"seconds":1703878200,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52484}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"begin":"2023-12-29T19:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Official 37C3 Tor Relay Operators Meetup supported by the Tor Project.\r\n\r\nAs always, TROMs are open for everyone who is running a relay, wants to run a relay or just thinks about it. 🙂\r\n\r\nAt this point we don't have a agenda, but everyone is free to bring up questions or topics at the meeting itself.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Tor Relay Operators Meetup","android_description":"Official 37C3 Tor Relay Operators Meetup supported by the Tor Project.\r\n\r\nAs always, TROMs are open for everyone who is running a relay, wants to run a relay or just thinks about it. 🙂\r\n\r\nAt this point we don't have a agenda, but everyone is free to bring up questions or topics at the meeting itself.","end_timestamp":{"seconds":1703883600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T21:00:00.000-0000","id":53783,"begin_timestamp":{"seconds":1703878200,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T19:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Das bundesweite antifaschistische Bündnis NSU-Watch hat im Sommer 2023 sein Buch „Aufklären und Einmischen. Der NSU-Komplex und der Münchener Prozess“ in der erweiterten Neuauflage herausgebracht. Es gibt einen Überblick über die bisherige Aufarbeitung des NSU-Komplexes. Auf dieser Grundlage wollen Vortrag und Lesung fragen: Was können nächste Schritte sein? Wie können wir rechten Terror verhindern? Die Antworten sind vielfältig und warten teilweise noch darauf, entdeckt zu werden. Und trotzdem bleibt die Gefahr rechten Terrors hoch, auch weil auf staatlicher, behördlicher und gesellschaftlicher Seite Konsequenzen noch ausstehen. Doch wir wissen bereits jetzt genug, um rechtem Terror aktiv entgegenzuwirken. \n\n\nDie zwölf Jahre seit der Selbstenttarnung des NSU haben gezeigt, dass auf den Staat bei der Aufklärung und Aufarbeitung von rechtem Terror kein Verlass ist. Deshalb haben Betroffene von rechter Gewalt, Antifaschist\\*innen und Zivilgesellschaft diese Aufgabe wieder und wieder selbst in die Hand genommen. Die daraus gewonnenen Analysen, die Aufklärung und die entstandenen solidarischen Netzwerke sind vielfältiger, als sich viele am Anfang vorgestellt haben. Doch wir wollen fragen: Was können nächste Schritte sein? Wie können wir rechten Terror verhindern?","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Gemeinsam gegen rechten Terror! Aber wie?","android_description":"Das bundesweite antifaschistische Bündnis NSU-Watch hat im Sommer 2023 sein Buch „Aufklären und Einmischen. Der NSU-Komplex und der Münchener Prozess“ in der erweiterten Neuauflage herausgebracht. Es gibt einen Überblick über die bisherige Aufarbeitung des NSU-Komplexes. Auf dieser Grundlage wollen Vortrag und Lesung fragen: Was können nächste Schritte sein? Wie können wir rechten Terror verhindern? Die Antworten sind vielfältig und warten teilweise noch darauf, entdeckt zu werden. Und trotzdem bleibt die Gefahr rechten Terrors hoch, auch weil auf staatlicher, behördlicher und gesellschaftlicher Seite Konsequenzen noch ausstehen. Doch wir wissen bereits jetzt genug, um rechtem Terror aktiv entgegenzuwirken. \n\n\nDie zwölf Jahre seit der Selbstenttarnung des NSU haben gezeigt, dass auf den Staat bei der Aufklärung und Aufarbeitung von rechtem Terror kein Verlass ist. Deshalb haben Betroffene von rechter Gewalt, Antifaschist\\*innen und Zivilgesellschaft diese Aufgabe wieder und wieder selbst in die Hand genommen. Die daraus gewonnenen Analysen, die Aufklärung und die entstandenen solidarischen Netzwerke sind vielfältiger, als sich viele am Anfang vorgestellt haben. Doch wir wollen fragen: Was können nächste Schritte sein? Wie können wir rechten Terror verhindern?","end_timestamp":{"seconds":1703881800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53756],"name":"Caro Keller (NSU-Watch)","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52356}],"timeband_id":1142,"end":"2023-12-29T20:30:00.000-0000","links":[{"label":"Website NSU-Watch","type":"link","url":"nsu-watch.info"}],"id":53756,"village_id":null,"begin_timestamp":{"seconds":1703878200,"nanoseconds":0},"tag_ids":[46121,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52356}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","begin":"2023-12-29T19:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The original goal of the open source project \"GB Interceptor\" was to capture gameplay for one specific game: Tetris. In order to live stream a Tetris tournaments from the contestant's personal Game Boys, the idea was to create an adapter that goes between the Game Boy and the game module to analyze the communication on the memory bus and reconstruct the game state.\r\n\r\nIt turns out that it is actually possible to reconstruct the entire memory state of almost any game and in fact create an rp2040-based adapter that acts as a USB video class device offering the on-screen game footage in realtime. Players can simply put this adapter into their Game Boy and use it like a webcam without additional drivers or knowledge.\r\n\r\nAn essential aspect of this concept is that the Game Boy basically runs all of its code directly from the ROM module, which makes it possible to directly follow the program counter of its 8bit CPU regardless of how the code branches. An image can then be recreated by emulating the graphics unit (PPU).\r\n\r\nHowever, there are many edge cases like interrupts, data from registers that are not visible on the bus, the link cable, DMA operations, synchronization of CPU and PPU, game bugs and even bugs in the Game Boy hardware itself.\r\n\r\nIn this talk I will show how all this is done just on an rp2040 with spare cycles to encode everything as a 60fps MJPEG stream. I will shine a light on the edge cases - those that were solved and those that might just be unsolvable with this approach. And I will take you on a sightseeing tour through the 8bit hell that drives our iconic handheld from 1989.\n\n\nHow do you capture a video from an 1989's Game Boy without modding the original hardware? With an adapter cartridge that spies on the memory bus!\r\n\r\nLet's talk about how to reconstruct the Game Boy's memory state, emulate its graphics unit and then encode the image into an MJPEG stream for anyone to use as a USB video class device. In realtime. On an rp2040 microcontroller.","title":"Reconstructing game footage from a Game Boy's memory bus","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703881800,"nanoseconds":0},"android_description":"The original goal of the open source project \"GB Interceptor\" was to capture gameplay for one specific game: Tetris. In order to live stream a Tetris tournaments from the contestant's personal Game Boys, the idea was to create an adapter that goes between the Game Boy and the game module to analyze the communication on the memory bus and reconstruct the game state.\r\n\r\nIt turns out that it is actually possible to reconstruct the entire memory state of almost any game and in fact create an rp2040-based adapter that acts as a USB video class device offering the on-screen game footage in realtime. Players can simply put this adapter into their Game Boy and use it like a webcam without additional drivers or knowledge.\r\n\r\nAn essential aspect of this concept is that the Game Boy basically runs all of its code directly from the ROM module, which makes it possible to directly follow the program counter of its 8bit CPU regardless of how the code branches. An image can then be recreated by emulating the graphics unit (PPU).\r\n\r\nHowever, there are many edge cases like interrupts, data from registers that are not visible on the bus, the link cable, DMA operations, synchronization of CPU and PPU, game bugs and even bugs in the Game Boy hardware itself.\r\n\r\nIn this talk I will show how all this is done just on an rp2040 with spare cycles to encode everything as a 60fps MJPEG stream. I will shine a light on the edge cases - those that were solved and those that might just be unsolvable with this approach. And I will take you on a sightseeing tour through the 8bit hell that drives our iconic handheld from 1989.\n\n\nHow do you capture a video from an 1989's Game Boy without modding the original hardware? With an adapter cartridge that spies on the memory bus!\r\n\r\nLet's talk about how to reconstruct the Game Boy's memory state, emulate its graphics unit and then encode the image into an MJPEG stream for anyone to use as a USB video class device. In realtime. On an rp2040 microcontroller.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"end":"2023-12-29T20:30:00.000-0000","links":[{"label":"Project on GitHub","type":"link","url":"https://github.com/Staacks/gbinterceptor"},{"label":"Blog entry describing the project","type":"link","url":"https://there.oughta.be/a/game-boy-capture-cartridge"}],"id":53748,"tag_ids":[46122,46136,46140],"village_id":null,"begin_timestamp":{"seconds":1703878200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","begin":"2023-12-29T19:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The aim of this talk is to critically analyse the use of digital technology in the current context of global ecological injustice and the collapse of ecosystems. But how can we strive for and promote a sustainable, just and democratic digital future? The challenges are huge and include the digital world's hunger for energy as well as the exploitative global practices of tech companies or the discussion of the current AI sustainability hype. But which digital tools make sense, which do not and how can we achieve global social emancipation from self-destructive structures and towards ecological sustainability and a and a just world?","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"On Digitalisation, Sustainability & Climate Justice","end_timestamp":{"seconds":1703881800,"nanoseconds":0},"android_description":"The aim of this talk is to critically analyse the use of digital technology in the current context of global ecological injustice and the collapse of ecosystems. But how can we strive for and promote a sustainable, just and democratic digital future? The challenges are huge and include the digital world's hunger for energy as well as the exploitative global practices of tech companies or the discussion of the current AI sustainability hype. But which digital tools make sense, which do not and how can we achieve global social emancipation from self-destructive structures and towards ecological sustainability and a and a just world?","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53739],"name":"Maja Göpel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52285}],"timeband_id":1142,"links":[],"end":"2023-12-29T20:30:00.000-0000","id":53739,"begin_timestamp":{"seconds":1703878200,"nanoseconds":0},"tag_ids":[46125,46136,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52285}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-29T19:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Was passiert, wenn Sicherheitsforscher sich die Infrastruktur ihrer eigenen Universität genauer ansehen? In meinem Fall war ich danach Administrator für mehr als 200 Registrierkassen und hab eine lustige Geschichte mehr zu erzählen\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"C(r)ashIT: A real-life security nightmare","end_timestamp":{"seconds":1703879100,"nanoseconds":0},"android_description":"Was passiert, wenn Sicherheitsforscher sich die Infrastruktur ihrer eigenen Universität genauer ansehen? In meinem Fall war ich danach Administrator für mehr als 200 Registrierkassen und hab eine lustige Geschichte mehr zu erzählen","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T19:45:00.000-0000","id":53989,"begin_timestamp":{"seconds":1703876400,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T19:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Von Simone Herpich (Balkonsolar eV) und Dr. Juliane Borchert (Fraunhofer Institut für Solare Energiesysteme) lasse ich mir alles (so viel wie geht) über Solarenergie erzählen.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#e78bea","name":"Live podcast stage (90 minutes)","id":46127},"title":"Erklär ma - Solarenergie","android_description":"Von Simone Herpich (Balkonsolar eV) und Dr. Juliane Borchert (Fraunhofer Institut für Solare Energiesysteme) lasse ich mir alles (so viel wie geht) über Solarenergie erzählen.","end_timestamp":{"seconds":1703881800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53791],"name":"Keßen Christian","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52483}],"timeband_id":1142,"links":[],"end":"2023-12-29T20:30:00.000-0000","id":53791,"begin_timestamp":{"seconds":1703876400,"nanoseconds":0},"tag_ids":[46127,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52483}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T19:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Offene Bereiche zu gestalten, mit Leben und Sinn zu füllen stellt die Akteure regelmäßig vor die unterschiedlichsten Herausforderungen. Im Podcast werden Erfahrungen aus 8 Jahre Aufbau-Phase zusammengefasst.","title":"Offene Werkstätten und Freiräume - best practice und lessons learned","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#53b574","name":"Podcasting table (90 minutes)","id":46129},"android_description":"Offene Bereiche zu gestalten, mit Leben und Sinn zu füllen stellt die Akteure regelmäßig vor die unterschiedlichsten Herausforderungen. Im Podcast werden Erfahrungen aus 8 Jahre Aufbau-Phase zusammengefasst.","end_timestamp":{"seconds":1703881800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T20:30:00.000-0000","id":53539,"begin_timestamp":{"seconds":1703876400,"nanoseconds":0},"tag_ids":[46129,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T19:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://events.ccc.de/congress/2023/hub/en/event/pocket-science-lab-introductory-workshop-alex-bess/\n\n\nThe goal of this workshop is to introduce participants to the PSLab and to enable them to conduct experiments using sensors as well as to control small servos of mini robots. PSLab website: https://pslab.io","title":"Pocket Science Lab Introductory Workshop (Alex Bessman, Marco A. Gutierrez)","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"https://events.ccc.de/congress/2023/hub/en/event/pocket-science-lab-introductory-workshop-alex-bess/\n\n\nThe goal of this workshop is to introduce participants to the PSLab and to enable them to conduct experiments using sensors as well as to control small servos of mini robots. PSLab website: https://pslab.io","end_timestamp":{"seconds":1703880000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T20:00:00.000-0000","id":53534,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703876400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T19:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Do you run or want to run a Nym Node? Do you have any experiences with running a Tor exit relay?\r\n\r\nJoin Nym operators workshop and discussion at 19:00 at CDC (Hall 3)","title":"Nym Nodes workshop","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703880000,"nanoseconds":0},"android_description":"Do you run or want to run a Nym Node? Do you have any experiences with running a Tor exit relay?\r\n\r\nJoin Nym operators workshop and discussion at 19:00 at CDC (Hall 3)","updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T20:00:00.000-0000","id":54013,"begin_timestamp":{"seconds":1703874600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"spans_timebands":"N","updated":"2023-12-29T15:25:00.000-0000","begin":"2023-12-29T18:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"For non-techies, it is a challenge to find and configure personal electronic devices that respect their privacy. Hence, the majority of people are living under permanent surveillance and their data is capitalized by one of those big companies. This is a terrible situation, not only for individuals, but also for organizations that work with sensitive data. And, after all, for all of us because surveillance capitalism threatens democratic societies.\r\n\r\nIn a better world, there would be a low-threshold offer of reasonable priced off-the-shelf devices provided by an organization that respects the users' privacy!\r\n\r\nIf you also want to make the world a better place, come and share your knowledge. Let's have a tea and discuss how a to-be-founded NGO could make privacy aware devices available for anyone.\n\n\nIn this sos, we discuss if and how an NGO could offer off-the-shelf computers whose soft- and hardware is independent of those data hungry enterprises.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"privacy aware computers for non-techies","end_timestamp":{"seconds":1703877600,"nanoseconds":0},"android_description":"For non-techies, it is a challenge to find and configure personal electronic devices that respect their privacy. Hence, the majority of people are living under permanent surveillance and their data is capitalized by one of those big companies. This is a terrible situation, not only for individuals, but also for organizations that work with sensitive data. And, after all, for all of us because surveillance capitalism threatens democratic societies.\r\n\r\nIn a better world, there would be a low-threshold offer of reasonable priced off-the-shelf devices provided by an organization that respects the users' privacy!\r\n\r\nIf you also want to make the world a better place, come and share your knowledge. Let's have a tea and discuss how a to-be-founded NGO could make privacy aware devices available for anyone.\n\n\nIn this sos, we discuss if and how an NGO could offer off-the-shelf computers whose soft- and hardware is independent of those data hungry enterprises.","updated_timestamp":{"seconds":1703820660,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T19:20:00.000-0000","id":54007,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703874600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"House","hotel":"","short_name":"House","id":46137},"begin":"2023-12-29T18:30:00.000-0000","updated":"2023-12-29T03:31:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Pwntools and Pwndbg users and contributors assemble!\r\n\r\nWe are hosting a meetup for those who use or develop the two most loved and used tools in the binary exploitation/pwning CTF ([Capture The Flag security competitions](https://en.wikipedia.org/wiki/Capture_the_flag_(cybersecurity))) scene.\r\n\r\nWe will host presentations about Pwntools and Pwndbg from [Arusekk](https://github.com/Arusekk) and [Disconnect3d](https://github.com/disconnect3d) and then we will have a Q&A and discussion time.\r\n\r\nIf you want to present a very short lightning talk (~5min) on those tools or anything else related to pwning, please let us know (e.g., by mailing [dominik.b.czarnota+ccc2023@gmail.com](mailto:dominik.b.czarnota+ccc2023@gmail.com) or pinging [@disconnect3d_pl](https://twitter.com/disconnect3d_pl/) on Twitter).\n\n\n","title":"Pwning meetup (Pwntools & Pwndbg) part 1","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"Pwntools and Pwndbg users and contributors assemble!\r\n\r\nWe are hosting a meetup for those who use or develop the two most loved and used tools in the binary exploitation/pwning CTF ([Capture The Flag security competitions](https://en.wikipedia.org/wiki/Capture_the_flag_(cybersecurity))) scene.\r\n\r\nWe will host presentations about Pwntools and Pwndbg from [Arusekk](https://github.com/Arusekk) and [Disconnect3d](https://github.com/disconnect3d) and then we will have a Q&A and discussion time.\r\n\r\nIf you want to present a very short lightning talk (~5min) on those tools or anything else related to pwning, please let us know (e.g., by mailing [dominik.b.czarnota+ccc2023@gmail.com](mailto:dominik.b.czarnota+ccc2023@gmail.com) or pinging [@disconnect3d_pl](https://twitter.com/disconnect3d_pl/) on Twitter).","end_timestamp":{"seconds":1703876400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T19:00:00.000-0000","id":53952,"village_id":null,"begin_timestamp":{"seconds":1703874600,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T18:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"A meeting for people working in DFIR (Digital Forensics & Incident Response).\r\nLet's discuss topics like tools, automation and reporting. But also about team structures, dealing with stress or complicated customers. And of course we'll talk about the worst facepalm moments of the year!\r\nYou are welcome to bring your own topics.\n\n\n","title":"Incident Response Selbsthilfegruppe","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"A meeting for people working in DFIR (Digital Forensics & Incident Response).\r\nLet's discuss topics like tools, automation and reporting. But also about team structures, dealing with stress or complicated customers. And of course we'll talk about the worst facepalm moments of the year!\r\nYou are welcome to bring your own topics.","end_timestamp":{"seconds":1703880000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T20:00:00.000-0000","id":53773,"begin_timestamp":{"seconds":1703874600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T18:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The end goal of this talk is to show how much more security you can achieve if you don't take an existing architecture and try to sprinkle security over it, but you make architectural decisions with security in mind.\r\n\r\nThis is rarely done in practice because there is a fundamental disagreement between security and software engineering. Security is about limiting what can be done with the software, while software engineering is about not limiting what can be done with the software.\r\n\r\nMy goal with this talk is to show what kind of security gains are possible architecturally. You, too, can sleep soundly at night. Even if the software is written in C. Even if you have bad ACLs or a buffer overflow in the software.\n\n\nI have previously given talks about security principles and approaches like Least Privilege, TCB Minimization, and Self Sandboxing. The most frequent feedback has been \"I don't know how to apply this in practice\". So, in this talk, I will show how I applied those principles in a real-world software project: a CRUD web app. My blog.\r\n\r\nI introduced dangerous attack surface on purpose so I could some day give a talk about how to apply these techniques to reduce risk. This is that talk.\r\n\r\nI will also introduce the concept of append-only data storage.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"Writing secure software","android_description":"The end goal of this talk is to show how much more security you can achieve if you don't take an existing architecture and try to sprinkle security over it, but you make architectural decisions with security in mind.\r\n\r\nThis is rarely done in practice because there is a fundamental disagreement between security and software engineering. Security is about limiting what can be done with the software, while software engineering is about not limiting what can be done with the software.\r\n\r\nMy goal with this talk is to show what kind of security gains are possible architecturally. You, too, can sleep soundly at night. Even if the software is written in C. Even if you have bad ACLs or a buffer overflow in the software.\n\n\nI have previously given talks about security principles and approaches like Least Privilege, TCB Minimization, and Self Sandboxing. The most frequent feedback has been \"I don't know how to apply this in practice\". So, in this talk, I will show how I applied those principles in a real-world software project: a CRUD web app. My blog.\r\n\r\nI introduced dangerous attack surface on purpose so I could some day give a talk about how to apply these techniques to reduce risk. This is that talk.\r\n\r\nI will also introduce the concept of append-only data storage.","end_timestamp":{"seconds":1703877300,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53941,53653],"name":"Fefe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52390}],"timeband_id":1142,"links":[],"end":"2023-12-29T19:15:00.000-0000","id":53941,"begin_timestamp":{"seconds":1703873700,"nanoseconds":0},"village_id":null,"tag_ids":[46124,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52390}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"begin":"2023-12-29T18:15:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Is this how you do trees? \r\n\r\n```c\r\nstruct node {\r\n struct node *left, *right;\r\n};\r\n```\r\n\r\nThis is wrong!\n\n\n","title":"You are doing trees wrong","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"Is this how you do trees? \r\n\r\n```c\r\nstruct node {\r\n struct node *left, *right;\r\n};\r\n```\r\n\r\nThis is wrong!","end_timestamp":{"seconds":1703874600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:30:00.000-0000","id":53886,"village_id":null,"begin_timestamp":{"seconds":1703873700,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T18:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"About 60 Minutes (in German) about how the Enigma machine worked, why it was (is) so good at encrypting, which weakness it had and how this finally got used for breaking it.\n\n\n","title":"Geschichtsstunde: Wie die Enigma gehackt wurde.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"About 60 Minutes (in German) about how the Enigma machine worked, why it was (is) so good at encrypting, which weakness it had and how this finally got used for breaking it.","end_timestamp":{"seconds":1703877300,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T19:15:00.000-0000","id":53854,"begin_timestamp":{"seconds":1703873700,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T18:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The preservation and presentation of software/computer-based art in museums presents unique challenges in the contemporary landscape. One prominent issue is the ephemeral nature of digital media, which includes websites, games, software and virtual reality art. Unlike traditional art forms, these works often rely on rapidly evolving technologies, making them vulnerable to obsolescence. Museums are faced with the task of preserving and restoring media art in a way that not only preserves the original intent of the artist, but also ensures accessibility for future audiences. \r\n\r\nAnother significant challenge is the dynamic and interactive nature of many media artworks. Unlike static paintings or sculptures, digital artworks often require specific hardware, software or immersive environments to be experienced. Museums need to invest in both the technological infrastructure and the expertise to recreate these conditions and provide visitors with an authentic encounter with the artwork. \r\n\r\nIn this talk we want to look at some solutions from the perspective of software developers who are motivated not only to preserve and present digital media art, but also to develop it with contemporary software development strategies.\n\n\nIn the original Hacker Ethics, Steven Levy stated that \"you can create art and beauty on a computer\". That was 40 years ago, creating art and beauty is one thing, but how do you maintain or develop it as a gallery, archive or museum? You know all about CI/CD and deploying to \"the cloud\"? Well, let me show you how to deploy to a museum or art space. Important note: this talk is not about NFTs.","title":"DevOps but for artworks in museums","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703877300,"nanoseconds":0},"android_description":"The preservation and presentation of software/computer-based art in museums presents unique challenges in the contemporary landscape. One prominent issue is the ephemeral nature of digital media, which includes websites, games, software and virtual reality art. Unlike traditional art forms, these works often rely on rapidly evolving technologies, making them vulnerable to obsolescence. Museums are faced with the task of preserving and restoring media art in a way that not only preserves the original intent of the artist, but also ensures accessibility for future audiences. \r\n\r\nAnother significant challenge is the dynamic and interactive nature of many media artworks. Unlike static paintings or sculptures, digital artworks often require specific hardware, software or immersive environments to be experienced. Museums need to invest in both the technological infrastructure and the expertise to recreate these conditions and provide visitors with an authentic encounter with the artwork. \r\n\r\nIn this talk we want to look at some solutions from the perspective of software developers who are motivated not only to preserve and present digital media art, but also to develop it with contemporary software development strategies.\n\n\nIn the original Hacker Ethics, Steven Levy stated that \"you can create art and beauty on a computer\". That was 40 years ago, creating art and beauty is one thing, but how do you maintain or develop it as a gallery, archive or museum? You know all about CI/CD and deploying to \"the cloud\"? Well, let me show you how to deploy to a museum or art space. Important note: this talk is not about NFTs.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53755],"name":"obelix","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52320}],"timeband_id":1142,"links":[],"end":"2023-12-29T19:15:00.000-0000","id":53755,"begin_timestamp":{"seconds":1703873700,"nanoseconds":0},"village_id":null,"tag_ids":[46118,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52320}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T18:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Über die Chatkontrolle wurde in den letzten zwei Jahren viel geredet – die problematischen Inhalte des Gesetzes kommen den meisten von uns wahrscheinlich zu den Ohren heraus.\r\nAber letztlich geht es um nicht weniger als einen historischen Kampf um Ende-zu-Ende-Verschlüsselung.\r\nAuf dem Tisch liegt das Thema aber schon deutlich länger. Wir wollen zurückblicken auf die Ursprünge und Kernpunkte des Gesetzesvorschlags. Und dann zusammen mit dem Publikum noch einmal die unüberschaubaren Wege gehen, die die Arbeit an diesem Gesetzesentwurf genommen hat.\r\nAus der Perspektive von Deutschlands oberstem Datenschützer (Ulrich Kelber), dem Abgeordneten des Europäischen Parlamanets (Patrick Breyer) und der digitalen Zivilgesellschaft (khaleesi) erzählen wir die bisherige Geschichte der Chatkontrolle. \r\nWenn ihr dachtet, ihr hättet alles zur Chatkontrolle gehört, bereitet euch auf eine absurde Tragödie vor, die ihr Ende noch nicht gefunden hat.\r\n\r\nTrotz des Erfolgs im EU-Parlament haben wir noch lange nicht gewonnen. Denn alles hängt im und am Rat, dessen Position könnte im Trilog alles zunichte machen was wir hart erarbeitet haben.\r\nUnd auch die Europawahlen stehen vor der Tür und damit kann sich nochmal alles ändern. Nicht fertige Gesetze werden in der EU in der nächste Legislaturperiode einfach weiterverhandelt. Um die Chatkontrolle endgültig zu stoppen, darf keine EU-Abgeordnete durch den Wahlkampf kommen, ohne sich klar zum Schutz von Verschlüsselung zu bekennen.\n\n\n In diesem Vortrag wollen wir auf die letzten knapp drei Jahre Kampf gegen die Chatkontrolle zurückblicken. Ein Kampf, der genauso droht zu einem Wiedergänger zu werden wie die Vorratsdatenspeicherung.\r\nWir waren auf eine harte Auseinandersetzung um Überwachung und sichere Kommunikation vorbereitet. Als Patrick 2020 angefangen, hat uns vor dem, was da kommt, zu warnen, haben wir nicht erwartet, dass es sich zu einer Tragödie entwickeln würde, in der es nicht um Kinderschutz oder Überwachung geht. Sondern um eine Kommission, der jedes Mittel recht ist. Und Korruption und Lobbyskandal.","title":"Chatkontrolle - Es ist noch nicht vorbei!","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703877300,"nanoseconds":0},"android_description":"Über die Chatkontrolle wurde in den letzten zwei Jahren viel geredet – die problematischen Inhalte des Gesetzes kommen den meisten von uns wahrscheinlich zu den Ohren heraus.\r\nAber letztlich geht es um nicht weniger als einen historischen Kampf um Ende-zu-Ende-Verschlüsselung.\r\nAuf dem Tisch liegt das Thema aber schon deutlich länger. Wir wollen zurückblicken auf die Ursprünge und Kernpunkte des Gesetzesvorschlags. Und dann zusammen mit dem Publikum noch einmal die unüberschaubaren Wege gehen, die die Arbeit an diesem Gesetzesentwurf genommen hat.\r\nAus der Perspektive von Deutschlands oberstem Datenschützer (Ulrich Kelber), dem Abgeordneten des Europäischen Parlamanets (Patrick Breyer) und der digitalen Zivilgesellschaft (khaleesi) erzählen wir die bisherige Geschichte der Chatkontrolle. \r\nWenn ihr dachtet, ihr hättet alles zur Chatkontrolle gehört, bereitet euch auf eine absurde Tragödie vor, die ihr Ende noch nicht gefunden hat.\r\n\r\nTrotz des Erfolgs im EU-Parlament haben wir noch lange nicht gewonnen. Denn alles hängt im und am Rat, dessen Position könnte im Trilog alles zunichte machen was wir hart erarbeitet haben.\r\nUnd auch die Europawahlen stehen vor der Tür und damit kann sich nochmal alles ändern. Nicht fertige Gesetze werden in der EU in der nächste Legislaturperiode einfach weiterverhandelt. Um die Chatkontrolle endgültig zu stoppen, darf keine EU-Abgeordnete durch den Wahlkampf kommen, ohne sich klar zum Schutz von Verschlüsselung zu bekennen.\n\n\n In diesem Vortrag wollen wir auf die letzten knapp drei Jahre Kampf gegen die Chatkontrolle zurückblicken. Ein Kampf, der genauso droht zu einem Wiedergänger zu werden wie die Vorratsdatenspeicherung.\r\nWir waren auf eine harte Auseinandersetzung um Überwachung und sichere Kommunikation vorbereitet. Als Patrick 2020 angefangen, hat uns vor dem, was da kommt, zu warnen, haben wir nicht erwartet, dass es sich zu einer Tragödie entwickeln würde, in der es nicht um Kinderschutz oder Überwachung geht. Sondern um eine Kommission, der jedes Mittel recht ist. Und Korruption und Lobbyskandal.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53738],"name":"Dr. Patrick Breyer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52252},{"conference_id":131,"event_ids":[53738,53652],"name":"khaleesi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52277},{"conference_id":131,"event_ids":[53738],"name":"Prof. Ulrich Kelber","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52488}],"timeband_id":1142,"links":[],"end":"2023-12-29T19:15:00.000-0000","id":53738,"tag_ids":[46121,46136,46139],"begin_timestamp":{"seconds":1703873700,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52252},{"tag_id":46107,"sort_order":1,"person_id":52488},{"tag_id":46107,"sort_order":1,"person_id":52277}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T18:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Das Spiel lebt davon das alle mitmachen und sich nach ihren Möglichkeiten beteiligen. Das Spiel kann nicht vollständig erklären wir Netzwerk Kommunikation abläuft, jedoch einen ersten spielerischen Einblick geben.\r\nContent Warnings: Dieses interaktive Spiel kann wuselig und bewegungsintensiv werden.\r\nDie Spielanleitung ist hier zu finden: http://git.tuxteam.de/gitweb/?p=susannes-git/experimentellesNetzwerkSpiel_TCP%2BUDP.git;a=tree\n\n\nIch möchte gemeinsam mit euch ein experimentelles Netzwerkspiel spielen. Dabei geht es darum die Kommunikation zwischen Computern spielerisch nachzuahmen um so zu verstehen wie Pakete zwischen Computern und Netzwerken transportiert werden. Wir werden TCP, UDP simulieren und erfahren was passiert, wenn der Router mal nicht aufpasst. Ich möchte einen alternativen unvollständigen Weg zum begreifen von Netzwerk Kommunikation anbieten. IPoAC inklusive.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#7f73c6","name":"Workshop","id":46133},"title":"Experimentelles Spiel zur IT-Netzwerk Kommunikation","android_description":"Das Spiel lebt davon das alle mitmachen und sich nach ihren Möglichkeiten beteiligen. Das Spiel kann nicht vollständig erklären wir Netzwerk Kommunikation abläuft, jedoch einen ersten spielerischen Einblick geben.\r\nContent Warnings: Dieses interaktive Spiel kann wuselig und bewegungsintensiv werden.\r\nDie Spielanleitung ist hier zu finden: http://git.tuxteam.de/gitweb/?p=susannes-git/experimentellesNetzwerkSpiel_TCP%2BUDP.git;a=tree\n\n\nIch möchte gemeinsam mit euch ein experimentelles Netzwerkspiel spielen. Dabei geht es darum die Kommunikation zwischen Computern spielerisch nachzuahmen um so zu verstehen wie Pakete zwischen Computern und Netzwerken transportiert werden. Wir werden TCP, UDP simulieren und erfahren was passiert, wenn der Router mal nicht aufpasst. Ich möchte einen alternativen unvollständigen Weg zum begreifen von Netzwerk Kommunikation anbieten. IPoAC inklusive.","end_timestamp":{"seconds":1703880600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53809],"name":"Bücherratten","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52283}],"timeband_id":1142,"links":[],"end":"2023-12-29T20:10:00.000-0000","id":53809,"tag_ids":[46133,46139],"village_id":null,"begin_timestamp":{"seconds":1703873400,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52283}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T18:10:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/costanza-1","title":"Marco Costanza (Dj)","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703881800,"nanoseconds":0},"android_description":"https://soundcloud.com/costanza-1","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T20:30:00.000-0000","id":53964,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703872800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"begin":"2023-12-29T18:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Is a co-creator of the art&play area, loves nerdy art installations and has been collecting music from other countries for many years. \r\n\r\nHer set combines driving beats with oriental rhythms, a journey with hypnotic passages and energetic climaxes.\n\n\n","title":"NinoTschka","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703878200,"nanoseconds":0},"android_description":"Is a co-creator of the art&play area, loves nerdy art installations and has been collecting music from other countries for many years. \r\n\r\nHer set combines driving beats with oriental rhythms, a journey with hypnotic passages and energetic climaxes.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T19:30:00.000-0000","id":53958,"begin_timestamp":{"seconds":1703872800,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","begin":"2023-12-29T18:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Ideas of the anarchism existed before the network, however hacker's community willingly took anarchism appreciating its dedication to individual and collective freedom. Nowadays it plays quite a huge role for many people organized in hacker scene. With this session we will have a quick look on history of anarchism and the present of the anarchist struggle in the social and political sphere around the world. This is a short presentation with a discussion round.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"An introduction to Anarchism","end_timestamp":{"seconds":1703878200,"nanoseconds":0},"android_description":"Ideas of the anarchism existed before the network, however hacker's community willingly took anarchism appreciating its dedication to individual and collective freedom. Nowadays it plays quite a huge role for many people organized in hacker scene. With this session we will have a quick look on history of anarchism and the present of the anarchist struggle in the social and political sphere around the world. This is a short presentation with a discussion round.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T19:30:00.000-0000","id":53782,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703872800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T18:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"News from Project Rosenpass, with ajuvo and dakoraa, and a special guest, congress edition","title":"Rosenpass Update","type":{"conference_id":131,"conference":"37C3","color":"#93758d","updated_at":"2023-12-30T22:18+0000","name":"Podcasting table (45 minutes)","id":46128},"android_description":"News from Project Rosenpass, with ajuvo and dakoraa, and a special guest, congress edition","end_timestamp":{"seconds":1703875500,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:45:00.000-0000","id":53538,"begin_timestamp":{"seconds":1703872800,"nanoseconds":0},"tag_ids":[46128,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T18:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: Skorpy, Blocktrron\n\n\nAuch dieses Jahr wollen sich die auf dem Congress anwesenden Entwicklerinnen und Anwenderinnen zu aktuellen Gluon Themen austauschen.","title":"Gluon Meetup","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703880000,"nanoseconds":0},"android_description":"Host: Skorpy, Blocktrron\n\n\nAuch dieses Jahr wollen sich die auf dem Congress anwesenden Entwicklerinnen und Anwenderinnen zu aktuellen Gluon Themen austauschen.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T20:00:00.000-0000","id":53501,"begin_timestamp":{"seconds":1703872800,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T18:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"ein vortrag über raumstationslinguistik.\r\nund warum vieles nicht so ist wie es scheint.\r\n\r\ndie c-base ist eine rückwa:rts gefallene raumctation unter berlin-miTe.\r\nmit eigener c_rift.\r\nund wenn du diesen tecst lesen kannst oder nicht?\r\nist dieser vortrag genau richtig fu:r dich.\r\noha.\r\nes geht um c-lang, die geschriebene sprache der c-base.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"abdocccecwencen - Sprache einer Raumstation","android_description":"ein vortrag über raumstationslinguistik.\r\nund warum vieles nicht so ist wie es scheint.\r\n\r\ndie c-base ist eine rückwa:rts gefallene raumctation unter berlin-miTe.\r\nmit eigener c_rift.\r\nund wenn du diesen tecst lesen kannst oder nicht?\r\nist dieser vortrag genau richtig fu:r dich.\r\noha.\r\nes geht um c-lang, die geschriebene sprache der c-base.","end_timestamp":{"seconds":1703874600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:30:00.000-0000","id":53441,"begin_timestamp":{"seconds":1703872800,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T18:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Dive into our project's pioneering use of ptrace in Golang for proactive proxy leak prevention. Operating seamlessly across Linux applications, our approach intercepts and analyzes system calls, fortifying user privacy and security by effectively preventing network socket system call leaks. Join us in exploring the practical implementation of this innovative solution, extending compatibility to a diverse range of applications, and showcasing its success in enhancing overall cybersecurity.\n\n\nExplore our project's use of ptrace in Golang for proactive proxy leak prevention. We intercept and analyze system calls universally across Linux applications, ensuring comprehensive coverage and enhancing user privacy and security by preventing network socket system call leaks.","title":"Leveraging ptrace for Proactive Proxy Leak Prevention (Workshop)","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703874600,"nanoseconds":0},"android_description":"Dive into our project's pioneering use of ptrace in Golang for proactive proxy leak prevention. Operating seamlessly across Linux applications, our approach intercepts and analyzes system calls, fortifying user privacy and security by effectively preventing network socket system call leaks. Join us in exploring the practical implementation of this innovative solution, extending compatibility to a diverse range of applications, and showcasing its success in enhancing overall cybersecurity.\n\n\nExplore our project's use of ptrace in Golang for proactive proxy leak prevention. We intercept and analyze system calls universally across Linux applications, ensuring comprehensive coverage and enhancing user privacy and security by preventing network socket system call leaks.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:30:00.000-0000","id":53975,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703871000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T17:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Every day from 18:30 to 19:00 at the 37c3 Kidspace, we're hosting a bedtime story reading session. Perfect for everyone looking to unwind after an exciting day at the Congress. Among others, we'll read from works like 'Ada and Zangemann: A Fairy Tale about Software, Skateboards, and Raspberry Ice Cream' – just one example of the many captivating stories that await you.\n\n\n","title":"GuteN8Geschichten - Tag 3","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703872800,"nanoseconds":0},"android_description":"Every day from 18:30 to 19:00 at the 37c3 Kidspace, we're hosting a bedtime story reading session. Perfect for everyone looking to unwind after an exciting day at the Congress. Among others, we'll read from works like 'Ada and Zangemann: A Fairy Tale about Software, Skateboards, and Raspberry Ice Cream' – just one example of the many captivating stories that await you.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:00:00.000-0000","id":53803,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703871000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Kidspace - Saal B","hotel":"","short_name":"Kidspace - Saal B","id":46158},"spans_timebands":"N","begin":"2023-12-29T17:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This is the Live-Video Q&A-Session to the talk\r\n\"Ecocide and (green) colonialism in Sápmi\"\r\nhttps://fahrplan.events.ccc.de/congress/2023/fahrplan/events/12086.html\n\n\nDies ist die Live-Video Q&A-Session zum Talk\r\n\"Ecocide and (green) colonialism in Sápmi\"","title":"Ecocide and (green) colonialism in Sápmi Q&A Video-Live-Session","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"This is the Live-Video Q&A-Session to the talk\r\n\"Ecocide and (green) colonialism in Sápmi\"\r\nhttps://fahrplan.events.ccc.de/congress/2023/fahrplan/events/12086.html\n\n\nDies ist die Live-Video Q&A-Session zum Talk\r\n\"Ecocide and (green) colonialism in Sápmi\"","end_timestamp":{"seconds":1703872800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:00:00.000-0000","id":53787,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703871000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"begin":"2023-12-29T17:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This will be presented by Eva Infeld and Leif Ryge. We hope for an interactive discussion.\r\n\r\nIn a world with state and corporate surveillance actors of immense power, building anonymity technology is an exercise in trade-offs, and few guarantees. But anonymity technology is badly needed. We introduce Katzenpost, a project that enables individuals and communities to build their own mixnets for anonymous communication. It has the eventual goal of resistance to attacks by large-scale passive and active adversaries, and to expected advancements in cryptanalysis such as attacks by cryptographically relevant quantum computers. We will explain our motivations, protocol design choices, and discuss the resulting protocol properties from several perspectives. This talk will also introduce the namenlos network, an instantiation of a mixnet using the Katzenpost software which may be used for experimentation today. Launched in 2022, namenlos consists of servers run by volunteers in several different countries. While we do not currently set security and privacy expectations, namenlos is the first hybrid post-quantum mixnet designed to resist large-scale adversaries built entirely with Free Software.\n\n\n","title":"Adventures in the Design of Anti-Surveillance Technology (Katzenpost)","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703873400,"nanoseconds":0},"android_description":"This will be presented by Eva Infeld and Leif Ryge. We hope for an interactive discussion.\r\n\r\nIn a world with state and corporate surveillance actors of immense power, building anonymity technology is an exercise in trade-offs, and few guarantees. But anonymity technology is badly needed. We introduce Katzenpost, a project that enables individuals and communities to build their own mixnets for anonymous communication. It has the eventual goal of resistance to attacks by large-scale passive and active adversaries, and to expected advancements in cryptanalysis such as attacks by cryptographically relevant quantum computers. We will explain our motivations, protocol design choices, and discuss the resulting protocol properties from several perspectives. This talk will also introduce the namenlos network, an instantiation of a mixnet using the Katzenpost software which may be used for experimentation today. Launched in 2022, namenlos consists of servers run by volunteers in several different countries. While we do not currently set security and privacy expectations, namenlos is the first hybrid post-quantum mixnet designed to resist large-scale adversaries built entirely with Free Software.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:10:00.000-0000","id":53763,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703871000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","begin":"2023-12-29T17:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Please take with you:\r\n- Your laptop with Access to the internet and Chromium or Google Chrome\r\nOptionally:\r\n- Arduino IDE or VS code installed (with Z-Uno package installed, see https://z-uno.z-wave.me/install for details - we will help you with this during the workshop)\r\n- Arduino-compatible sensors to build your own Z-Wave sensor (optional)\r\n- Your Z-Wave stuff if any (optional)\r\n\r\nTopics of the workshop:\r\n- What is Z-Wave and where should you use it. Comparison with Zigbee and Matter\r\n- Z-Wave controller and RaZberry/WB7 hardware: Controlling switches, Reading sensor/switch values, Making rules, Using JS API\r\n- Z-Uno prototyping board: Making Simple Switch, Adding more stuff\r\n- Z-Uno Shield and Z-Uno Configurator\r\n- Z-Uno Modules\r\n\r\nUseful links for the workshop:\r\n\r\nZ-Way documentation\r\n- Installing Z-Way https://z-wave.me/z-way/download-z-way/\r\n- Z-Way doc https://z-wave.me/manual/z-way\r\n- Z-Way JS engine GitHub https://github.com/Z-Wave-Me/home-automation/\r\n\r\nZ-Way workshop materials\r\n- Turning on/off a device /ZWaveAPI/Run/devices[NNN].SwitchBinary.Set(0 or 1)\r\n- Reading switch value /ZWaveAPI/Run/devices[NNN].SwitchBinary.data.level.value\r\n- Using JS API /JS/Run/var v = 1; setInterval(function() { zway.devices[NNN].SwitchBinary.Set(v); v = 1-v;}, 2000);\r\n\r\nZ-Uno documentation:\r\n- Quick Intro https://z-uno.z-wave.me/getting-started/quick-introduction-in-z-uno/\r\n- Installation howto https://z-uno.z-wave.me/install\r\n- Language Reference https://z-uno.z-wave.me/reference/\r\n- Examples https://z-uno.z-wave.me/examples/\r\n- Z-Uno Shield https://z-uno.z-wave.me/shield/\r\n- Z-Uno Shield Configurator https://z-uno.z-wave.me/Z-Uno-Shield-Configurator/\r\n- Z-Uno GitHub https://github.com/Z-Wave-Me/Z-Uno-G2-Core\n\n\nDuring this workshop we will build simple smart home devices using the Z-Wave protocol. We will also discuss smart home controllers and protocols diversity: Z-Wave, Zigbee, Thread, Matter.","title":"Making Smart Home devices great again","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703874600,"nanoseconds":0},"android_description":"Please take with you:\r\n- Your laptop with Access to the internet and Chromium or Google Chrome\r\nOptionally:\r\n- Arduino IDE or VS code installed (with Z-Uno package installed, see https://z-uno.z-wave.me/install for details - we will help you with this during the workshop)\r\n- Arduino-compatible sensors to build your own Z-Wave sensor (optional)\r\n- Your Z-Wave stuff if any (optional)\r\n\r\nTopics of the workshop:\r\n- What is Z-Wave and where should you use it. Comparison with Zigbee and Matter\r\n- Z-Wave controller and RaZberry/WB7 hardware: Controlling switches, Reading sensor/switch values, Making rules, Using JS API\r\n- Z-Uno prototyping board: Making Simple Switch, Adding more stuff\r\n- Z-Uno Shield and Z-Uno Configurator\r\n- Z-Uno Modules\r\n\r\nUseful links for the workshop:\r\n\r\nZ-Way documentation\r\n- Installing Z-Way https://z-wave.me/z-way/download-z-way/\r\n- Z-Way doc https://z-wave.me/manual/z-way\r\n- Z-Way JS engine GitHub https://github.com/Z-Wave-Me/home-automation/\r\n\r\nZ-Way workshop materials\r\n- Turning on/off a device /ZWaveAPI/Run/devices[NNN].SwitchBinary.Set(0 or 1)\r\n- Reading switch value /ZWaveAPI/Run/devices[NNN].SwitchBinary.data.level.value\r\n- Using JS API /JS/Run/var v = 1; setInterval(function() { zway.devices[NNN].SwitchBinary.Set(v); v = 1-v;}, 2000);\r\n\r\nZ-Uno documentation:\r\n- Quick Intro https://z-uno.z-wave.me/getting-started/quick-introduction-in-z-uno/\r\n- Installation howto https://z-uno.z-wave.me/install\r\n- Language Reference https://z-uno.z-wave.me/reference/\r\n- Examples https://z-uno.z-wave.me/examples/\r\n- Z-Uno Shield https://z-uno.z-wave.me/shield/\r\n- Z-Uno Shield Configurator https://z-uno.z-wave.me/Z-Uno-Shield-Configurator/\r\n- Z-Uno GitHub https://github.com/Z-Wave-Me/Z-Uno-G2-Core\n\n\nDuring this workshop we will build simple smart home devices using the Z-Wave protocol. We will also discuss smart home controllers and protocols diversity: Z-Wave, Zigbee, Thread, Matter.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:30:00.000-0000","id":53979,"village_id":null,"begin_timestamp":{"seconds":1703869200,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"begin":"2023-12-29T17:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir veranstalten seit ca. einem Jahr unter dem Namen tech from below ein Meetup in Berlin zu Tech-Tools für soziale Bewegungen. Wir wollen damit Developer und Aktivist:innen z.B. aus der Klimabewegung, Mieter:innen-Initiativen oder Gewerkschaften vernetzen. Bei jedem Meetup stellen sich bereits gelungene Tech-Projekte aus sozialen Bewegungen vor und berichten von ihren Erfahrungen, um den Austausch über Best-Practices und Lessons Learned zu fördern. Hier auf dem Congress wollen wir uns mit bisherigen Teilnehmenden treffen, Sticker verteilen ;) und die Idee des Meetups neuen Leuten vorstellen.\n\n\nWir veranstalten seit ca. einem Jahr unter dem Namen tech from below ein Meetup in Berlin zu Tech-Tools für soziale Bewegungen. Wir wollen damit Developer und Aktivist:innen z.B. aus der Klimabewegung, Mieter:innen-Initiativen oder Gewerkschaften vernetzen. Bei jedem Meetup stellen sich bereits gelungene Tech-Projekte aus sozialen Bewegungen vor und berichten von ihren Erfahrungen, um den Austausch über Best-Practices und Lessons Learned zu fördern. Hier auf dem Congress wollen wir uns mit bisherigen Teilnehmenden treffen, Sticker verteilen ;) und die Idee des Meetups neuen Leuten vorstellen.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"tech from below: Technologie von und für soziale Bewegungen","end_timestamp":{"seconds":1703872800,"nanoseconds":0},"android_description":"Wir veranstalten seit ca. einem Jahr unter dem Namen tech from below ein Meetup in Berlin zu Tech-Tools für soziale Bewegungen. Wir wollen damit Developer und Aktivist:innen z.B. aus der Klimabewegung, Mieter:innen-Initiativen oder Gewerkschaften vernetzen. Bei jedem Meetup stellen sich bereits gelungene Tech-Projekte aus sozialen Bewegungen vor und berichten von ihren Erfahrungen, um den Austausch über Best-Practices und Lessons Learned zu fördern. Hier auf dem Congress wollen wir uns mit bisherigen Teilnehmenden treffen, Sticker verteilen ;) und die Idee des Meetups neuen Leuten vorstellen.\n\n\nWir veranstalten seit ca. einem Jahr unter dem Namen tech from below ein Meetup in Berlin zu Tech-Tools für soziale Bewegungen. Wir wollen damit Developer und Aktivist:innen z.B. aus der Klimabewegung, Mieter:innen-Initiativen oder Gewerkschaften vernetzen. Bei jedem Meetup stellen sich bereits gelungene Tech-Projekte aus sozialen Bewegungen vor und berichten von ihren Erfahrungen, um den Austausch über Best-Practices und Lessons Learned zu fördern. Hier auf dem Congress wollen wir uns mit bisherigen Teilnehmenden treffen, Sticker verteilen ;) und die Idee des Meetups neuen Leuten vorstellen.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:00:00.000-0000","id":53972,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703869200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Freie Arbeiter*innen Union (FAU)","hotel":"","short_name":"Freie Arbeiter*innen Union (FAU)","id":46146},"begin":"2023-12-29T17:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Software Defined Radio (SDR) ist ein häufiges Schlagwort. In einem kurzem Abriss versuche ich einen Einblick zu geben, was SDR so interessant macht. Ich werde erklären, was es mit den I/Q-Signalen so auf sich hat und was man denen im weiteren anstellen kann. Abgerundet wird der Vortrag mit einer kurzen Vorstellung gänger Hardware für den Einstieg.\n\n\nGrundlagen SDR\r\nWie funktioniert das mit den I/Q-Signalen\r\nWelche Technik benötigt man?\r\nWie geht es weiter?","title":"Software Defined Radio","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703871000,"nanoseconds":0},"android_description":"Software Defined Radio (SDR) ist ein häufiges Schlagwort. In einem kurzem Abriss versuche ich einen Einblick zu geben, was SDR so interessant macht. Ich werde erklären, was es mit den I/Q-Signalen so auf sich hat und was man denen im weiteren anstellen kann. Abgerundet wird der Vortrag mit einer kurzen Vorstellung gänger Hardware für den Einstieg.\n\n\nGrundlagen SDR\r\nWie funktioniert das mit den I/Q-Signalen\r\nWelche Technik benötigt man?\r\nWie geht es weiter?","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:30:00.000-0000","id":53969,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703869200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chaoswelle","hotel":"","short_name":"Chaoswelle","id":46141},"spans_timebands":"N","begin":"2023-12-29T17:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/meltedmoon\n\n\nGameboy 8 Bit live","title":"Melted Moon (Solo-Performance von Fabi)","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703872800,"nanoseconds":0},"android_description":"https://soundcloud.com/meltedmoon\n\n\nGameboy 8 Bit live","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:00:00.000-0000","id":53957,"village_id":null,"begin_timestamp":{"seconds":1703869200,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","begin":"2023-12-29T17:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We'll hang out and talk about anything relationship related, with a focus on polyamory.\r\n\r\nOpen for practising as well as interested beings.\r\n\r\nAccess to the Signal group for Assembly interested beings: get in contact via mastodon at @einalex@chaos.social\n\n\n","title":"Relationship Geeks Get Together","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"We'll hang out and talk about anything relationship related, with a focus on polyamory.\r\n\r\nOpen for practising as well as interested beings.\r\n\r\nAccess to the Signal group for Assembly interested beings: get in contact via mastodon at @einalex@chaos.social","end_timestamp":{"seconds":1703872800,"nanoseconds":0},"updated_timestamp":{"seconds":1703954760,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:00:00.000-0000","id":53885,"village_id":null,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703869200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"N","begin":"2023-12-29T17:00:00.000-0000","updated":"2023-12-30T16:46:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wolltet ihr schon immer mal wissen, was nötig ist, um den Kindern ein Spielparadies zu \"erbauen\".\r\nDies wollen wir euch erzählen und hoffen darauf, dass wir weitere Wesen finden, die uns bei dieser vielfältigen und chaotischen Aufgabe unterstützen wollen.\n\n\nWir erklären euch, das die Orga so macht.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"HOWTO Kidspace","end_timestamp":{"seconds":1703872800,"nanoseconds":0},"android_description":"Wolltet ihr schon immer mal wissen, was nötig ist, um den Kindern ein Spielparadies zu \"erbauen\".\r\nDies wollen wir euch erzählen und hoffen darauf, dass wir weitere Wesen finden, die uns bei dieser vielfältigen und chaotischen Aufgabe unterstützen wollen.\n\n\nWir erklären euch, das die Orga so macht.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:00:00.000-0000","id":53871,"begin_timestamp":{"seconds":1703869200,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Kidspace - Workshopraum in Saal B","hotel":"","short_name":"Kidspace - Workshopraum in Saal B","id":46143},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Der erste Teil des Talks klärt, was Mental Health eigentlich ist, wer die braucht (Spoiler: wir alle) und wie sich mit Mental Health Care Resilienz aufbauen lässt. \r\nWir müssen aber auch darüber sprechen, was dieses \"Home\" eigentlich ist - und ob Ihr das als wichtigsten Mental Health - Skill erkannt habt und nutzt.\r\n\r\nIch stelle Euch einfache Skills für Zuhause und unterwegs vor, wie ich sie in der DBT kennen- und schätzen gelernt habe. Skills auch für Menschen ohne psychische Diagnosen - damit das auch so bleibt. \r\n\r\nUnd im dritten Teil reden wir über die Situation, dass und wenn Ihr doch mal Unterstützung für die Psyche braucht: Wie und wo findet Ihr Unterstützung? Ambulante oder stationäre Therapie - oder ganz ungewöhnliche Art der Therapie (Wawuschel-Style)? \r\nUnd warum brauchen neurodiverse Menschen andere, leider in unserem Gesundheitssystem nicht vertretene, Therapien?\r\n\r\nSchickt mir gerne vor dem Talk Eure Themen und Fragen zu Mental Health Care zuhause mit, damit ich die einbauen kann. :)\n\n\nWir sollten uns alle mehr Zeit für Mental Health Care nehmen, also mehr für unsere psychische Gesundheit tun. \r\nIch zeige Euch, mit welchen einfachen Schritten das auch zuhause geht... Und wie und wo Ihr professionelle Hilfe dabei findet, wenn Ihr sie braucht - und warum die klassischen Therapiemethoden bei neurodiversen Menschen oft nicht so gut funktionieren.","title":"Try Mental Health Care - zuhause","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#f6ae74","name":"Talk 90 Minuten +15m Q&A","id":46132},"android_description":"Der erste Teil des Talks klärt, was Mental Health eigentlich ist, wer die braucht (Spoiler: wir alle) und wie sich mit Mental Health Care Resilienz aufbauen lässt. \r\nWir müssen aber auch darüber sprechen, was dieses \"Home\" eigentlich ist - und ob Ihr das als wichtigsten Mental Health - Skill erkannt habt und nutzt.\r\n\r\nIch stelle Euch einfache Skills für Zuhause und unterwegs vor, wie ich sie in der DBT kennen- und schätzen gelernt habe. Skills auch für Menschen ohne psychische Diagnosen - damit das auch so bleibt. \r\n\r\nUnd im dritten Teil reden wir über die Situation, dass und wenn Ihr doch mal Unterstützung für die Psyche braucht: Wie und wo findet Ihr Unterstützung? Ambulante oder stationäre Therapie - oder ganz ungewöhnliche Art der Therapie (Wawuschel-Style)? \r\nUnd warum brauchen neurodiverse Menschen andere, leider in unserem Gesundheitssystem nicht vertretene, Therapien?\r\n\r\nSchickt mir gerne vor dem Talk Eure Themen und Fragen zu Mental Health Care zuhause mit, damit ich die einbauen kann. :)\n\n\nWir sollten uns alle mehr Zeit für Mental Health Care nehmen, also mehr für unsere psychische Gesundheit tun. \r\nIch zeige Euch, mit welchen einfachen Schritten das auch zuhause geht... Und wie und wo Ihr professionelle Hilfe dabei findet, wenn Ihr sie braucht - und warum die klassischen Therapiemethoden bei neurodiversen Menschen oft nicht so gut funktionieren.","end_timestamp":{"seconds":1703875500,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53815,53510],"name":"Wawuschel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52454}],"timeband_id":1142,"links":[],"end":"2023-12-29T18:45:00.000-0000","id":53815,"village_id":null,"tag_ids":[46132,46139],"begin_timestamp":{"seconds":1703869200,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52454}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"spans_timebands":"N","begin":"2023-12-29T17:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Over the last years, Chinese science-fiction became very well-known in the West. Liu Cixin's „The Three-Body Problem“ and Hao Jingfang's „Folding Beijing“ were both awarded with the Hugo Award and Barack Obama publicly recommended the former.\r\n\r\nIn this talk, we will go over some acclaimed Chinese writers, especially their history and their style: The three „grand-masters“ Liu Cixin, Wang Jingkang and Han Song, the three well-known and awarded authors Hao Jingfang, Chen Qiufan and Baoshu as well as some others including Gu Shi, Ma Boyong, Cheng Jingbo, Zhang Ran, Luo Longxiang and Fei Dao. Prints of and links to some of their short stories („Salinger and the Koreans“ by Han Song, „Folding Beijing“ by Hao Jingfang and „Möbius Continuum“ by Gu Shi) will be available.\r\n\r\nFor everybody. No prior knowledge required.\r\n\r\nWe meet at the Assembly of the OpenLab Augsburg.\r\n\r\n🧮🦆\n\n\n","title":"Introduction to acclaimed Chinese writers","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"Over the last years, Chinese science-fiction became very well-known in the West. Liu Cixin's „The Three-Body Problem“ and Hao Jingfang's „Folding Beijing“ were both awarded with the Hugo Award and Barack Obama publicly recommended the former.\r\n\r\nIn this talk, we will go over some acclaimed Chinese writers, especially their history and their style: The three „grand-masters“ Liu Cixin, Wang Jingkang and Han Song, the three well-known and awarded authors Hao Jingfang, Chen Qiufan and Baoshu as well as some others including Gu Shi, Ma Boyong, Cheng Jingbo, Zhang Ran, Luo Longxiang and Fei Dao. Prints of and links to some of their short stories („Salinger and the Koreans“ by Han Song, „Folding Beijing“ by Hao Jingfang and „Möbius Continuum“ by Gu Shi) will be available.\r\n\r\nFor everybody. No prior knowledge required.\r\n\r\nWe meet at the Assembly of the OpenLab Augsburg.\r\n\r\n🧮🦆","end_timestamp":{"seconds":1703871900,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:45:00.000-0000","id":53800,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703869200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This is a beginners' workshop on web application security. No prerequisites in web application security are required. A certain (web application) development background is beneficial.\r\n\r\n- First, we will be playing a virtual escaple the room game with challenges on a web application to get into an attacker's mindset.\r\n- Then follows a quick introduction to the OWASP Top 10 vulnerabilities.\r\n- Finally use the gathered knowledge so far to attack a vulnerable web application (https://github.com/Phylu/vulnerable-click-game) and see how these attacks can easily be prevented.\r\n\r\nPlease bring your (fully charged) laptop to be able to participate.\n\n\n","title":"Workshop: How to Hack your Web Application","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703872800,"nanoseconds":0},"android_description":"This is a beginners' workshop on web application security. No prerequisites in web application security are required. A certain (web application) development background is beneficial.\r\n\r\n- First, we will be playing a virtual escaple the room game with challenges on a web application to get into an attacker's mindset.\r\n- Then follows a quick introduction to the OWASP Top 10 vulnerabilities.\r\n- Finally use the gathered knowledge so far to attack a vulnerable web application (https://github.com/Phylu/vulnerable-click-game) and see how these attacks can easily be prevented.\r\n\r\nPlease bring your (fully charged) laptop to be able to participate.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:00:00.000-0000","id":53781,"begin_timestamp":{"seconds":1703869200,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In this interactive physical session, we invite the hackers to connect their bodies and minds and to plunge into a 1-hour collective movement.\r\n\r\nDuring the session, we will explore the concepts of infiltration, vulnerability, and resilience through our bodies. Experiencing these ideas through touch and physical interaction offers another perspective on the dynamics of their operation, which can be very useful outside of the physical context as well. \r\n\r\nWe base our practice on EightOS — an operating system for the body/mind based on martial arts and dance.\r\n\r\nWe will announce the location separately.\r\n\r\nFor more info, please, check [www.8os.io](https://8os.io).\r\n\r\nSession hosted by Dmitry Paranyushkin and Koo Des.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"EightOS: Hacking the Body [8 OS Physical Practice Session]","android_description":"In this interactive physical session, we invite the hackers to connect their bodies and minds and to plunge into a 1-hour collective movement.\r\n\r\nDuring the session, we will explore the concepts of infiltration, vulnerability, and resilience through our bodies. Experiencing these ideas through touch and physical interaction offers another perspective on the dynamics of their operation, which can be very useful outside of the physical context as well. \r\n\r\nWe base our practice on EightOS — an operating system for the body/mind based on martial arts and dance.\r\n\r\nWe will announce the location separately.\r\n\r\nFor more info, please, check [www.8os.io](https://8os.io).\r\n\r\nSession hosted by Dmitry Paranyushkin and Koo Des.","end_timestamp":{"seconds":1703872800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:00:00.000-0000","id":53772,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703869200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wer kennt es nicht, den Gedanken, dass man das doch eigentlich wissen müsse oder gar die Sorge als nichtwissend enttarnt zu werden? Durch die Decke gehen diese Impulse an schlechten Tagen wenn dann jemand anderes um die Ecke kommt und die (natürlich logische) Lösung für das Problem parat hat.\r\nSystematisch lässt sich hier über Erkenntnistheorie und verschiedene Quellen von Ungewissheit sprechen. Das Einbringen von eigenen Anekdoten durch euch könnte uns alle weniger allein mit diesen Gefühlen fühlen lassen und den nächsten oopsie-Moment souverän managen lassen :)\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Certainty Salon aka Imposter-Syndrome-Selbsthilfegruppe","end_timestamp":{"seconds":1703871000,"nanoseconds":0},"android_description":"Wer kennt es nicht, den Gedanken, dass man das doch eigentlich wissen müsse oder gar die Sorge als nichtwissend enttarnt zu werden? Durch die Decke gehen diese Impulse an schlechten Tagen wenn dann jemand anderes um die Ecke kommt und die (natürlich logische) Lösung für das Problem parat hat.\r\nSystematisch lässt sich hier über Erkenntnistheorie und verschiedene Quellen von Ungewissheit sprechen. Das Einbringen von eigenen Anekdoten durch euch könnte uns alle weniger allein mit diesen Gefühlen fühlen lassen und den nächsten oopsie-Moment souverän managen lassen :)","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:30:00.000-0000","id":53762,"tag_ids":[46137,46141],"village_id":null,"begin_timestamp":{"seconds":1703869200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Tägliche Meetups zum Netzwerken, gegenseitiges Kennenlernen, Tipps geben.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Bits & Bäume Community Treffen Tag 3","end_timestamp":{"seconds":1703872800,"nanoseconds":0},"android_description":"Tägliche Meetups zum Netzwerken, gegenseitiges Kennenlernen, Tipps geben.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:00:00.000-0000","id":53504,"tag_ids":[46137,46141],"village_id":null,"begin_timestamp":{"seconds":1703869200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Community Space","hotel":"","short_name":"Bits & Bäume Community Space","id":46145},"begin":"2023-12-29T17:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Sápmi is located in northern Europe and refers to the land of the Sámi people. Over time it has been colonized by Sweden, Norway, Finland and Russia. As a result, the Sámi have been subjected to various forms of oppression and discrimination by these countries to this day.\r\n\r\nSápmi and Sápmi’s colonial history are presented. Current forms of oppression are also addressed. An important role is played by “green capitalism,” a form of capitalism in which oppression is advanced under the guise of climate protection. Some examples include: Dams that disrupt reindeer migration routes and flood sacred Sámi sites, or wind turbines that are widely avoided by reindeer. Of course, the lectures will also address the problems that mines pose for the Sámi. A topic which was discussed lately with the discussion around the rare earths found in the so-called Sweden also here in Germany. Furthermore, the problems caused by the still occurring clear-cutting in the area of the Sámi and the resulting loss of biodiversity are explained.\r\n\r\nWhat resistance has there been in recent years against this capitalist destruction and (green) colonialism? What is the current situation in Sápmi and what does the future look like?\n\n\nWhat is Sápmi? And who are the Sami people? Why is their land threatened by the so-called Green Transition? Why is Europe's largest data centre being built on their land? We would like to try to answer these questions and explain in detail why \"our green transition\" is a threat to the land and rights of the Sami people. We will also discuss the so-called green server infrastructure in Sápmi for example the largest data centre in Europe (by Facebook). \r\n\r\nWe are from the Decolonise Sápmi info tour through Germany and not Sámi ourselves. Our talk is based on presentations given by Sámi people during our tour.","title":"Ecocide and (green) colonialism in Sápmi","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703870100,"nanoseconds":0},"android_description":"Sápmi is located in northern Europe and refers to the land of the Sámi people. Over time it has been colonized by Sweden, Norway, Finland and Russia. As a result, the Sámi have been subjected to various forms of oppression and discrimination by these countries to this day.\r\n\r\nSápmi and Sápmi’s colonial history are presented. Current forms of oppression are also addressed. An important role is played by “green capitalism,” a form of capitalism in which oppression is advanced under the guise of climate protection. Some examples include: Dams that disrupt reindeer migration routes and flood sacred Sámi sites, or wind turbines that are widely avoided by reindeer. Of course, the lectures will also address the problems that mines pose for the Sámi. A topic which was discussed lately with the discussion around the rare earths found in the so-called Sweden also here in Germany. Furthermore, the problems caused by the still occurring clear-cutting in the area of the Sámi and the resulting loss of biodiversity are explained.\r\n\r\nWhat resistance has there been in recent years against this capitalist destruction and (green) colonialism? What is the current situation in Sápmi and what does the future look like?\n\n\nWhat is Sápmi? And who are the Sami people? Why is their land threatened by the so-called Green Transition? Why is Europe's largest data centre being built on their land? We would like to try to answer these questions and explain in detail why \"our green transition\" is a threat to the land and rights of the Sami people. We will also discuss the so-called green server infrastructure in Sápmi for example the largest data centre in Europe (by Facebook). \r\n\r\nWe are from the Decolonise Sápmi info tour through Germany and not Sámi ourselves. Our talk is based on presentations given by Sámi people during our tour.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53754],"name":"Kim","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52315},{"conference_id":131,"event_ids":[53754],"name":"Maris","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52469}],"timeband_id":1142,"links":[{"label":"Decolonise-Sápmi Infotour","type":"link","url":"https://decolonizingsapmitour.blackblogs.org/"}],"end":"2023-12-29T17:15:00.000-0000","id":53754,"village_id":null,"begin_timestamp":{"seconds":1703867700,"nanoseconds":0},"tag_ids":[46125,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52315},{"tag_id":46107,"sort_order":1,"person_id":52469}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T16:35:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The 37c3 would not feel complete for me without discussing self-organization topics like getting things done, calendar blocking, [hipster PDAs](https://en.wikipedia.org/wiki/Hipster_PDA) :), responsibility process, inner sociocracy, ... I would also love to explore together about procrastination in a positive sense & maybe how to retain a compassionate and humane way of dealing with yourself and others. (I feel/wonder this might be lost as you become increasingly able to exercise control towards your desired outcomes.)\r\n\r\nThe session is intended as an informal conversation about these topics.\r\n\r\nLocation: Foyer Level 2 (Area in front of the elevators left of Stage Y)\r\n\r\n(Organized by Michael)\r\n\r\n🧮\n\n\n","title":"Exchange on self-organization (e.g. Getting Things Done) and procrastination","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703870100,"nanoseconds":0},"android_description":"The 37c3 would not feel complete for me without discussing self-organization topics like getting things done, calendar blocking, [hipster PDAs](https://en.wikipedia.org/wiki/Hipster_PDA) :), responsibility process, inner sociocracy, ... I would also love to explore together about procrastination in a positive sense & maybe how to retain a compassionate and humane way of dealing with yourself and others. (I feel/wonder this might be lost as you become increasingly able to exercise control towards your desired outcomes.)\r\n\r\nThe session is intended as an informal conversation about these topics.\r\n\r\nLocation: Foyer Level 2 (Area in front of the elevators left of Stage Y)\r\n\r\n(Organized by Michael)\r\n\r\n🧮","updated_timestamp":{"seconds":1703808300,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:15:00.000-0000","id":54002,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703867400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Foyer Level 2 (In front of the elevators left of Stage Y)","hotel":"","short_name":"Foyer Level 2 (In front of the elevators left of Stage Y)","id":46156},"spans_timebands":"N","begin":"2023-12-29T16:30:00.000-0000","updated":"2023-12-29T00:05:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Lines of division in the Ukrainian society: How the Russian\r\ninformation impact creates and exploits them for\r\ndestabilization.\r\n(Content applicable to Germany)\r\nArtem Zakharchenko, media analyst (live from Ukraine) and\r\nNastya Melnychenko, feminist, civil rights activist (live from the USA)\r\n\r\nhttps://events.ccc.de/congress/2023/hub/en/tag/UAct/\n\n\nLines of division in the Ukrainian society: How the Russian\r\ninformation impact creates and exploits them for\r\ndestabilization.\r\n(Content applicable to Germany)","title":"U Act! - Destabilization through Media","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"Lines of division in the Ukrainian society: How the Russian\r\ninformation impact creates and exploits them for\r\ndestabilization.\r\n(Content applicable to Germany)\r\nArtem Zakharchenko, media analyst (live from Ukraine) and\r\nNastya Melnychenko, feminist, civil rights activist (live from the USA)\r\n\r\nhttps://events.ccc.de/congress/2023/hub/en/tag/UAct/\n\n\nLines of division in the Ukrainian society: How the Russian\r\ninformation impact creates and exploits them for\r\ndestabilization.\r\n(Content applicable to Germany)","end_timestamp":{"seconds":1703872800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:00:00.000-0000","id":53890,"begin_timestamp":{"seconds":1703867400,"nanoseconds":0},"tag_ids":[46137,46139,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"ChaosZone","hotel":"","short_name":"ChaosZone","id":46138},"spans_timebands":"N","begin":"2023-12-29T16:30:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Spontanes Treffen für Biohacking und Grinding Enthusiast*innen beim Chaos Communication Congress! \r\nBei diesem treffen können wir uns locker austauschen über RFID-Chips, Magneten unter der Haut und alles, was mit implantierten Technologien zu tun hat. Kein fester Ablauf, keine festen Pläne – lasst uns einfach zusammenkommen und schauen, wohin uns die Gespräche führen, egal, ob ihr bereits Implantate habt oder einfach neugierig seid.\r\n\r\nErst eine kurze Einführung und dann offene Gesprächsrunde. Wenn wir den space an den nächsten Vortrag abgeben müssen, und noch im Gespräch sind, können wir z.b. nach komona umziehen.\r\n\r\n[About me]\r\nIch bin Merlin, habe einige Magneten und RFID-Chips in meinem Körper implantiert, bastle an eigenen Chip-Implantaten und bin gespannt auf eure Erfahrungen und Ideen.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Das geht unter die Haut: Spontanes Biohacking treffen beim Congress","android_description":"Spontanes Treffen für Biohacking und Grinding Enthusiast*innen beim Chaos Communication Congress! \r\nBei diesem treffen können wir uns locker austauschen über RFID-Chips, Magneten unter der Haut und alles, was mit implantierten Technologien zu tun hat. Kein fester Ablauf, keine festen Pläne – lasst uns einfach zusammenkommen und schauen, wohin uns die Gespräche führen, egal, ob ihr bereits Implantate habt oder einfach neugierig seid.\r\n\r\nErst eine kurze Einführung und dann offene Gesprächsrunde. Wenn wir den space an den nächsten Vortrag abgeben müssen, und noch im Gespräch sind, können wir z.b. nach komona umziehen.\r\n\r\n[About me]\r\nIch bin Merlin, habe einige Magneten und RFID-Chips in meinem Körper implantiert, bastle an eigenen Chip-Implantaten und bin gespannt auf eure Erfahrungen und Ideen.","end_timestamp":{"seconds":1703869200,"nanoseconds":0},"updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:00:00.000-0000","id":54005,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703866800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","updated":"2023-12-29T15:25:00.000-0000","begin":"2023-12-29T16:20:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In antiquity, scientists counted the 7 classical planets: the Moon, Mercury, Venus, the Sun, Mars, Jupiter and Saturn – but their model of the universe was wrong. Two thousand years later, a new model was introduced. It was less wrong, and it brought the number of planets down to 6: Mercury, Venus, Earth, Mars, Jupiter, Saturn. Since then, it's been a roller coaster ride of planet discoveries and dismissals.\r\n\r\nIn this talk, we stagger through the smoke and mirrors of scientific history. We meet old friends like Uranus and Neptune, forgotten lovers like Ceres, Psyche and Eros, fallen celebrities like Pluto, regicidal interlopers like Eris and Makemake as well as mysterious strangers like Vulcan, Planet X and Planet Nine.\r\n\r\nFind out how science has been tricked by its own vanity, been hampered by too little (or too much!) imagination, and how human drama can make a soap opera out of a question as simple as: How Many Planets in Our Solar System?\n\n\nThe Solar System has had 8 planets ever since Pluto was excluded in 2006. This has made a lot of people very angry and been widely regarded as a bad move. But did you know Neptune was discovered as the 12th planet? Or that, 80 years before Star Trek, astronomers seriously suspected a planet called Vulcan near the Sun? This talk will take you through centuries of struggling with the question: Do you even planet?!","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"How Many Planets in Our Solar System? Glad You Asked!","android_description":"In antiquity, scientists counted the 7 classical planets: the Moon, Mercury, Venus, the Sun, Mars, Jupiter and Saturn – but their model of the universe was wrong. Two thousand years later, a new model was introduced. It was less wrong, and it brought the number of planets down to 6: Mercury, Venus, Earth, Mars, Jupiter, Saturn. Since then, it's been a roller coaster ride of planet discoveries and dismissals.\r\n\r\nIn this talk, we stagger through the smoke and mirrors of scientific history. We meet old friends like Uranus and Neptune, forgotten lovers like Ceres, Psyche and Eros, fallen celebrities like Pluto, regicidal interlopers like Eris and Makemake as well as mysterious strangers like Vulcan, Planet X and Planet Nine.\r\n\r\nFind out how science has been tricked by its own vanity, been hampered by too little (or too much!) imagination, and how human drama can make a soap opera out of a question as simple as: How Many Planets in Our Solar System?\n\n\nThe Solar System has had 8 planets ever since Pluto was excluded in 2006. This has made a lot of people very angry and been widely regarded as a bad move. But did you know Neptune was discovered as the 12th planet? Or that, 80 years before Star Trek, astronomers seriously suspected a planet called Vulcan near the Sun? This talk will take you through centuries of struggling with the question: Do you even planet?!","end_timestamp":{"seconds":1703870100,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53746],"name":"Michael Büker","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52258}],"timeband_id":1142,"links":[],"end":"2023-12-29T17:15:00.000-0000","id":53746,"begin_timestamp":{"seconds":1703866500,"nanoseconds":0},"village_id":null,"tag_ids":[46123,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52258}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","begin":"2023-12-29T16:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Containers appear to be ubiquitous to almost all software development these days. From \"Dev Containers\" to \"CI\" to \"Service Deployment\", they seem to be able to do everything.\r\n\r\nBut what exactly are they? We will do a short introduction to the underlying technology, but then mostly focus on the most commonly used frontend: Docker.\r\n\r\nYou will be provided with a little example project, to get your hands dirty on all the basics. How to run existing container images, how to create your own images, and most importantly what the possible use-cases for each of these steps are. The example project will provide plenty of opportunities to \"containerize\" its parts.\r\n\r\nFeel free to attend this alone or in small groups, but be sure to bring at least one laptop. Linux as an operating system is recommended, but I will try my best to get you started on macOS or Windows as well.\r\n\r\nSome software development background (of any kind) is recommended, so you can connect the newly gained knowledge with your personal experiences and potential use-cases. At the very least, you shouldn't be afraid to use a terminal and have set up a text editor or IDE of your choice.\n\n\nContainers appear to be ubiquitous to almost all software development these days. But what are they? After a short introduction on the technology we will get hands on with Docker to run existing container images, building our own, connect them to eachother and gently tap into all the powerful features they provide.","type":{"conference_id":131,"conference":"37C3","color":"#7f73c6","updated_at":"2023-12-30T22:18+0000","name":"Workshop","id":46133},"title":"Introductory Workshop to Containers!","android_description":"Containers appear to be ubiquitous to almost all software development these days. From \"Dev Containers\" to \"CI\" to \"Service Deployment\", they seem to be able to do everything.\r\n\r\nBut what exactly are they? We will do a short introduction to the underlying technology, but then mostly focus on the most commonly used frontend: Docker.\r\n\r\nYou will be provided with a little example project, to get your hands dirty on all the basics. How to run existing container images, how to create your own images, and most importantly what the possible use-cases for each of these steps are. The example project will provide plenty of opportunities to \"containerize\" its parts.\r\n\r\nFeel free to attend this alone or in small groups, but be sure to bring at least one laptop. Linux as an operating system is recommended, but I will try my best to get you started on macOS or Windows as well.\r\n\r\nSome software development background (of any kind) is recommended, so you can connect the newly gained knowledge with your personal experiences and potential use-cases. At the very least, you shouldn't be afraid to use a terminal and have set up a text editor or IDE of your choice.\n\n\nContainers appear to be ubiquitous to almost all software development these days. But what are they? After a short introduction on the technology we will get hands on with Docker to run existing container images, building our own, connect them to eachother and gently tap into all the powerful features they provide.","end_timestamp":{"seconds":1703873100,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53808,53574],"name":"Drakulix","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52494}],"timeband_id":1142,"links":[],"end":"2023-12-29T18:05:00.000-0000","id":53808,"begin_timestamp":{"seconds":1703865900,"nanoseconds":0},"village_id":null,"tag_ids":[46133,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52494}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"spans_timebands":"N","begin":"2023-12-29T16:05:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Ich nehme euch mit in einen Vortrag unter Wasser. Ich möchte euch erzählen warum die Ozeane für uns wichtig sind und warum und vor allem wie wir sie schützen können. Und natürlich alle eure Fragen rund ums Meer und Korallenriffe zu beantworten. Der interaktive Vortrag richtet sich an Kinder im Alter zwischen 8-12, aber es sind natürlich alle willkommen.\n\n\n","title":"Meere und warum sie für uns wichtig sind - Tag 3","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703869200,"nanoseconds":0},"android_description":"Ich nehme euch mit in einen Vortrag unter Wasser. Ich möchte euch erzählen warum die Ozeane für uns wichtig sind und warum und vor allem wie wir sie schützen können. Und natürlich alle eure Fragen rund ums Meer und Korallenriffe zu beantworten. Der interaktive Vortrag richtet sich an Kinder im Alter zwischen 8-12, aber es sind natürlich alle willkommen.","updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:00:00.000-0000","id":54010,"begin_timestamp":{"seconds":1703865600,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Kidspace - Workshopraum in Saal B","hotel":"","short_name":"Kidspace - Workshopraum in Saal B","id":46143},"updated":"2023-12-30T01:42:00.000-0000","begin":"2023-12-29T16:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In diesem Podcast soll das Besondere am Congress-Mindset beschrieben werden und quasi als Berichterstattung für die Hörerschaft des Podcast Caller Lounge dienen. Die Caller Lounge ist der erste und bislang einzige deutschsprachige Square Dance Podcast. \r\n\r\nWas macht die Community auf dem Congress, im Sendegate und den Chaos-nahen Projekten aus? Was sind die Eigenschaften? Was und wer sind die Katalysatoren? Welches Mindset benötigt es? Gibt es Erfahrungswerte beim Anleiten anderer Gruppen oder organisieren anderer Veranstaltungen das erlebte Mindset auf andere Communities zu übertragen. Kann man ein Mindset schaffen?","title":"Das Congress-Mindset","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#93758d","name":"Podcasting table (45 minutes)","id":46128},"android_description":"In diesem Podcast soll das Besondere am Congress-Mindset beschrieben werden und quasi als Berichterstattung für die Hörerschaft des Podcast Caller Lounge dienen. Die Caller Lounge ist der erste und bislang einzige deutschsprachige Square Dance Podcast. \r\n\r\nWas macht die Community auf dem Congress, im Sendegate und den Chaos-nahen Projekten aus? Was sind die Eigenschaften? Was und wer sind die Katalysatoren? Welches Mindset benötigt es? Gibt es Erfahrungswerte beim Anleiten anderer Gruppen oder organisieren anderer Veranstaltungen das erlebte Mindset auf andere Communities zu übertragen. Kann man ein Mindset schaffen?","end_timestamp":{"seconds":1703868300,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:45:00.000-0000","id":53982,"tag_ids":[46128,46139],"begin_timestamp":{"seconds":1703865600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"spans_timebands":"N","begin":"2023-12-29T16:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"What we will demonstrate at the workshop is how to overcome this limitation of the protocol. This extension, known as 'fast Modbus,' employs clever tricks to achieve guaranteed 50ms latency while remaining completely compatible and relatively easy to implement. Bonus point: we can now scan the RS-485 line for devices in just a couple of seconds.\r\n\r\nWe will discuss the underlying theory of operation and then try it in action. We will observe the data on the RS-485 bus and attempt to send some bytes manually to achieve the same results.\r\n\r\nThe hardware aspect is quite straightforward, and we will primarily focus on bytes, so don't be scary of it.\r\n\r\nConsider bringing your laptop.\n\n\nDespite being a relic from the 70s, Modbus is still widely used in home and building automation applications due to its simplicity and interoperability. It is also extremely cheap to implement in hardware, making it a common choice for most related DIY projects.\r\n\r\nUnfortunately, due to its client-server architecture, the central controller of an installation must resort to polling to retrieve data and events from end devices. For some devices, like motion detectors or simple wall switches, this results in a significant delay between user input and the corresponding action. In short, Modbus installations can be terribly slow.","title":"Reinventing Modbus Protocol","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"What we will demonstrate at the workshop is how to overcome this limitation of the protocol. This extension, known as 'fast Modbus,' employs clever tricks to achieve guaranteed 50ms latency while remaining completely compatible and relatively easy to implement. Bonus point: we can now scan the RS-485 line for devices in just a couple of seconds.\r\n\r\nWe will discuss the underlying theory of operation and then try it in action. We will observe the data on the RS-485 bus and attempt to send some bytes manually to achieve the same results.\r\n\r\nThe hardware aspect is quite straightforward, and we will primarily focus on bytes, so don't be scary of it.\r\n\r\nConsider bringing your laptop.\n\n\nDespite being a relic from the 70s, Modbus is still widely used in home and building automation applications due to its simplicity and interoperability. It is also extremely cheap to implement in hardware, making it a common choice for most related DIY projects.\r\n\r\nUnfortunately, due to its client-server architecture, the central controller of an installation must resort to polling to retrieve data and events from end devices. For some devices, like motion detectors or simple wall switches, this results in a significant delay between user input and the corresponding action. In short, Modbus installations can be terribly slow.","end_timestamp":{"seconds":1703869200,"nanoseconds":0},"updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:00:00.000-0000","id":53978,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703865600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"begin":"2023-12-29T16:00:00.000-0000","updated":"2023-12-29T15:25:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We will use two user-friendly GUI wallets: Liana & MyCitadel. \r\n\r\nFor the demo, I will use Bitcoin core full node in Regtest to be able to produce blocks quickly and simulate time passing. You can test on testnet, regtest, or mainnet. \r\n\r\nLedger, bitbox02 and Specter-DIY can be used with both wallets for most setups. I will also use a hot wallet generated on the computer running bitcoin-core.\r\n\r\n- 🌟 Learn about the practical use cases of Miniscript wallets.\r\n- 🛡 Understand the advantages they offer in terms of security and ease of use.\r\n- 💡 Discuss real-world applications and share experiences with fellow users.\r\n\r\nIf you want to test the setup, please install the following software on your computer:\r\n\r\n- https://bitcoin.org/en/download No need to sync the node if you plan as me to do the setup on regtest\r\n- https://github.com/wizardsardine/liana/releases/\r\n- https://github.com/mycitadel/mycitadel-desktop/releases/\r\n\r\n- you can use https://github.com/cryptoadvance/specter-diy HWW or simulator to interact with Liana wallet.\n\n\nDiscover how a miniscript can revolutionize your Bitcoin self-custody experience.\r\nThe workshop can be followed as a presentation, but you are welcome to take your computer and to setup the wallets and test everything by yourself. Requirements are listed below.","title":"Miniscript Workshop - Explore the Next Level of Bitcoin Wallet Security","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"We will use two user-friendly GUI wallets: Liana & MyCitadel. \r\n\r\nFor the demo, I will use Bitcoin core full node in Regtest to be able to produce blocks quickly and simulate time passing. You can test on testnet, regtest, or mainnet. \r\n\r\nLedger, bitbox02 and Specter-DIY can be used with both wallets for most setups. I will also use a hot wallet generated on the computer running bitcoin-core.\r\n\r\n- 🌟 Learn about the practical use cases of Miniscript wallets.\r\n- 🛡 Understand the advantages they offer in terms of security and ease of use.\r\n- 💡 Discuss real-world applications and share experiences with fellow users.\r\n\r\nIf you want to test the setup, please install the following software on your computer:\r\n\r\n- https://bitcoin.org/en/download No need to sync the node if you plan as me to do the setup on regtest\r\n- https://github.com/wizardsardine/liana/releases/\r\n- https://github.com/mycitadel/mycitadel-desktop/releases/\r\n\r\n- you can use https://github.com/cryptoadvance/specter-diy HWW or simulator to interact with Liana wallet.\n\n\nDiscover how a miniscript can revolutionize your Bitcoin self-custody experience.\r\nThe workshop can be followed as a presentation, but you are welcome to take your computer and to setup the wallets and test everything by yourself. Requirements are listed below.","end_timestamp":{"seconds":1703871000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:30:00.000-0000","id":53974,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703865600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T16:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This performance will feature music played through a custom software filter designed to simulate the acoustic properties of the atmosphere of Mars based upon data gathered by the Mars Perseverence Rover.\r\nhttps://soundcloud.com/ptelepathetique\n\n\nPtelepathetique is an electronic music project of Scott Beibin focusing on experiments with psychoacoustics.","title":"Ptelepathetique - live concert","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"This performance will feature music played through a custom software filter designed to simulate the acoustic properties of the atmosphere of Mars based upon data gathered by the Mars Perseverence Rover.\r\nhttps://soundcloud.com/ptelepathetique\n\n\nPtelepathetique is an electronic music project of Scott Beibin focusing on experiments with psychoacoustics.","end_timestamp":{"seconds":1703869200,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:00:00.000-0000","id":53887,"village_id":null,"begin_timestamp":{"seconds":1703865600,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"begin":"2023-12-29T16:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Mit der neuen Amateurfunk-Verordnung wird im Juni 2024 eine neue Amateurfunk-Klasse N eingeführt, die einen ersten eigenen Betrieb im Amateurfunk ermöglicht. Mit dem neuen Fragenkatalog sind nun die Inhalte für die Prüfung bekannt.\r\n\r\nWir zeigen, welche Möglichkeiten die Amateurfunk-Klasse N bietet und welches Wissen für die Prüfung erforderlich ist. Dazu wird Lernmaterial vorgestellt.\n\n\nEin Überblick, was die neue Amateurfunk-Klasse N bietet.","title":"Einführung in die neue Amateurfunkprüfung für Einsteiger","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"Mit der neuen Amateurfunk-Verordnung wird im Juni 2024 eine neue Amateurfunk-Klasse N eingeführt, die einen ersten eigenen Betrieb im Amateurfunk ermöglicht. Mit dem neuen Fragenkatalog sind nun die Inhalte für die Prüfung bekannt.\r\n\r\nWir zeigen, welche Möglichkeiten die Amateurfunk-Klasse N bietet und welches Wissen für die Prüfung erforderlich ist. Dazu wird Lernmaterial vorgestellt.\n\n\nEin Überblick, was die neue Amateurfunk-Klasse N bietet.","end_timestamp":{"seconds":1703866800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:20:00.000-0000","id":53796,"begin_timestamp":{"seconds":1703865600,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chaoswelle","hotel":"","short_name":"Chaoswelle","id":46141},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T16:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"> Come over if you're interested in p2panda! This open and informal meeting is for everyone who wants to say Hello, learn more about the project or has questions.\r\n\r\nPad: [https://laub.liebechaos.org/M1JpbTucQrWSt8UlkYwlcQ](https://laub.liebechaos.org/M1JpbTucQrWSt8UlkYwlcQ)\r\n\r\np2panda ([https://p2panda.org](https://p2panda.org)) is a peer-to-peer protocol and SDK for secure and privacy-respecting offline-first applications. It can be used in both fully distributed or federated networks and focuses on use-cases where peers can collaborate and exchange data, even when they're sometimes not connected to the internet.\r\n\r\nThings p2panda is interested in:\r\n\r\n🦝 Browser and Mobile Friendliness\r\n\r\nLightweight clients that can easily be implemented as websites or apps\r\n\r\n🐢 Capabilities\r\n\r\nFine-grained permissions and roles for users, control who can read, sync, change or delete your data\r\n\r\n🐎 Collaboration\r\n\r\nData can be edited together, even when you are offline\r\n\r\n🐮 Data Sovereignty\r\n\r\nUsers own the data they create\r\n\r\n🐄 Decentralisation\r\n\r\nNo authority over data or how it is displayed\r\n\r\n🦣 Deletion\r\n\r\nRemove data from the network. Most data does not need to stay forever, it can even delete itself automatically after some time\r\n\r\n🐰Energy Efficiency\r\n\r\nData- and energy-efficient storage and replication\r\n\r\n🐨 Privacy\r\n\r\nShare meta data and data only with people and devices you really trust\r\n\r\n🐼 Offline-First\r\n\r\nAccess to online services without reliable and performant internet infrastructure. Independence from the corporate cloud\r\n\r\n🦉 Encryption\r\n\r\nSecure symmetrical and double-ratchet (MLS) encryption for sensitive and private data for users and all sorts of groups\r\n\r\n🐧 Developer friendly\r\n\r\nComputers are used by humans\r\n\r\n🐸 Warmth\r\n\r\nComputers make it easy to get carried away by their rigidly structured ways. However, every computer also contains an undeniable spark of pure chaos. We want to capture that spark to ignite a campfire for you to gather around and get cosy\n\n\np2panda is an offline-first p2p protocol and SDK. This is an informal meeting for everyone who's interested and has questions!","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"p2panda - offline-first meetup","end_timestamp":{"seconds":1703869200,"nanoseconds":0},"android_description":"> Come over if you're interested in p2panda! This open and informal meeting is for everyone who wants to say Hello, learn more about the project or has questions.\r\n\r\nPad: [https://laub.liebechaos.org/M1JpbTucQrWSt8UlkYwlcQ](https://laub.liebechaos.org/M1JpbTucQrWSt8UlkYwlcQ)\r\n\r\np2panda ([https://p2panda.org](https://p2panda.org)) is a peer-to-peer protocol and SDK for secure and privacy-respecting offline-first applications. It can be used in both fully distributed or federated networks and focuses on use-cases where peers can collaborate and exchange data, even when they're sometimes not connected to the internet.\r\n\r\nThings p2panda is interested in:\r\n\r\n🦝 Browser and Mobile Friendliness\r\n\r\nLightweight clients that can easily be implemented as websites or apps\r\n\r\n🐢 Capabilities\r\n\r\nFine-grained permissions and roles for users, control who can read, sync, change or delete your data\r\n\r\n🐎 Collaboration\r\n\r\nData can be edited together, even when you are offline\r\n\r\n🐮 Data Sovereignty\r\n\r\nUsers own the data they create\r\n\r\n🐄 Decentralisation\r\n\r\nNo authority over data or how it is displayed\r\n\r\n🦣 Deletion\r\n\r\nRemove data from the network. Most data does not need to stay forever, it can even delete itself automatically after some time\r\n\r\n🐰Energy Efficiency\r\n\r\nData- and energy-efficient storage and replication\r\n\r\n🐨 Privacy\r\n\r\nShare meta data and data only with people and devices you really trust\r\n\r\n🐼 Offline-First\r\n\r\nAccess to online services without reliable and performant internet infrastructure. Independence from the corporate cloud\r\n\r\n🦉 Encryption\r\n\r\nSecure symmetrical and double-ratchet (MLS) encryption for sensitive and private data for users and all sorts of groups\r\n\r\n🐧 Developer friendly\r\n\r\nComputers are used by humans\r\n\r\n🐸 Warmth\r\n\r\nComputers make it easy to get carried away by their rigidly structured ways. However, every computer also contains an undeniable spark of pure chaos. We want to capture that spark to ignite a campfire for you to gather around and get cosy\n\n\np2panda is an offline-first p2p protocol and SDK. This is an informal meeting for everyone who's interested and has questions!","updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:00:00.000-0000","id":53793,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703865600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"House","hotel":"","short_name":"House","id":46137},"spans_timebands":"N","begin":"2023-12-29T16:00:00.000-0000","updated":"2023-12-29T15:25:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Can organisations with limited resources be digitally sovereign and still provide modern services? It is not trivial, but the FSFE proves it's possible. In this workshop we want to share our story and hear from you how you are running your NGO on FreeSoftware.","title":"Running a NGO on FreeSoftware","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"Can organisations with limited resources be digitally sovereign and still provide modern services? It is not trivial, but the FSFE proves it's possible. In this workshop we want to share our story and hear from you how you are running your NGO on FreeSoftware.","end_timestamp":{"seconds":1703869200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:00:00.000-0000","id":53786,"village_id":null,"begin_timestamp":{"seconds":1703865600,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"begin":"2023-12-29T16:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We will present the hard- and software components used for building the 37c3 mobile netwok(s), how we connect to eventphone and the world and how we got permissions and frequencies. Hopefully there will be a lot of time for all of your questions regarding technology and other topics, which we try our best to answer.\r\nWe are looking forward to see you.\n\n\n","title":"c3gsm Ask-Us-Anything","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703869200,"nanoseconds":0},"android_description":"We will present the hard- and software components used for building the 37c3 mobile netwok(s), how we connect to eventphone and the world and how we got permissions and frequencies. Hopefully there will be a lot of time for all of your questions regarding technology and other topics, which we try our best to answer.\r\nWe are looking forward to see you.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:00:00.000-0000","id":53771,"village_id":null,"begin_timestamp":{"seconds":1703865600,"nanoseconds":0},"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T16:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"**Wir sind beim Aufzug ganz in der Nähe von Stage Y.**\r\n\r\n🧮\n\n\nWorkshop zu Versammlungsrecht und wie man Verwaltungsklagen selbst macht (ohne anwältliche Unterstützung)","title":"Verklag die Stadt! Wie du mit Versammlungsrecht auf einer Autobahn legal protestieren oder ein gemütliches Straßenfest auf einer Hauptverkehrsstraße durchführen kannst","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703868600,"nanoseconds":0},"android_description":"**Wir sind beim Aufzug ganz in der Nähe von Stage Y.**\r\n\r\n🧮\n\n\nWorkshop zu Versammlungsrecht und wie man Verwaltungsklagen selbst macht (ohne anwältliche Unterstützung)","updated_timestamp":{"seconds":1703817540,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:50:00.000-0000","id":53503,"begin_timestamp":{"seconds":1703865600,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"spans_timebands":"N","begin":"2023-12-29T16:00:00.000-0000","updated":"2023-12-29T02:39:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Despite our best efforts of finding the perfect regimen of diet, exercise and medication to keep any person fit and healthy, outcomes for different people vary widely for all of these measures, even when we comply with them fully. Some of this traces to our individual genetics, which remains difficult to change, but another source of variation in responses may come from differences between our gut microbiomes.\r\n\r\nHuman bodies are not sterile, and our skin, our mucosal surfaces and, in particular, our intestines are home to many more bacteria than there are human cells in our bodies, representing hundreds of different species in each person. These microbial ecosystems, or microbiomes, are found in all animals and have coevolved with their hosts. Therefore we rely on commensal (\"friendly\") bacteria for many functions, including breaking down nutrients, converting some medications into their active forms, producing certain crucial compounds for us from our diet, and helping our immune systems mature and remain tuned. The microbiota also contains temporary visitors and both transient and resident opportunistic pathogens, often kept in check by the immune system and by the commensals, but sometimes escaping such control to multiply and cause disease. Human gut microbiomes begin establishing at birth and evolve over a lifetime, but remain quite stable within each person throughout adulthood unless something serious like repeated antibiotic cures disrupt them. However, they can differ quite substantially between individuals as well as between populations, reflecting factors such as nutrition and environmental exposures.\r\n\r\nIt has been proposed, and to a degree already demonstrated, that differences between individuals in which gut bacteria they harbour may underlie differences in their susceptibility to disease, their resilience to stressors, and their responses to environmental stimuli. Thus the variation in responses to the same lifestyle between different people may reflect their gut microbiomes. This would open up several venues of personalized medicine, lifestyle advice and nutrition. Choice of medications, diets or interventions could be selected according to a person's specific microbiome to be most effective. It might also be possible to potentiate such interventions by altering the gut microbiome in different ways, such as through antibiotics, probiotics, nutrition or through microbiome transplantation from another person. Alternately put, by adapting the microbiome to a lifestyle intervention, and/or adapting a lifestyle intervention to the microbiome, we may be able to optimize how a given person can seek and achieve fitness and health.\r\n\r\nIn this talk, I will outline what we know on these topics so far, especially from studies using large-scale microbial (meta-)genome DNA sequencing. In this talk I will draw on work by my own lab at the Charité in Berlin, as well as that of our colleagues, rivals and collaborators elsewhere in the world. I will give examples of known gut microbial modulation of human responses to the external environment and introduce the most common strategies both for researching such effects and for their leverage as health-promoting tools. Where there are limits to our knowledge or obstacles to its practical application, I will identify those obstacles and suggest ways to overcome them.\n\n\nWhy do some people stay fit and healthy easier than others, even when following the same health advice? Why does the same medication work well in one person, but not in another? Some of our individuality in these regards may trace to which bacteria we carry in the soil of our intestinal gardens. In this talk, drawing on work by my own research lab at the Charité and on that by our collaborators and rivals elsewhere in the world, I outline what we know, what we speculate, and what obstacles remain in the way of widespread adoption of personalized health prevention through microbiome sequencing.","title":"Gut feelings: Can we optimize lifestyle, diet and medication according to our respective microbiota?","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703866800,"nanoseconds":0},"android_description":"Despite our best efforts of finding the perfect regimen of diet, exercise and medication to keep any person fit and healthy, outcomes for different people vary widely for all of these measures, even when we comply with them fully. Some of this traces to our individual genetics, which remains difficult to change, but another source of variation in responses may come from differences between our gut microbiomes.\r\n\r\nHuman bodies are not sterile, and our skin, our mucosal surfaces and, in particular, our intestines are home to many more bacteria than there are human cells in our bodies, representing hundreds of different species in each person. These microbial ecosystems, or microbiomes, are found in all animals and have coevolved with their hosts. Therefore we rely on commensal (\"friendly\") bacteria for many functions, including breaking down nutrients, converting some medications into their active forms, producing certain crucial compounds for us from our diet, and helping our immune systems mature and remain tuned. The microbiota also contains temporary visitors and both transient and resident opportunistic pathogens, often kept in check by the immune system and by the commensals, but sometimes escaping such control to multiply and cause disease. Human gut microbiomes begin establishing at birth and evolve over a lifetime, but remain quite stable within each person throughout adulthood unless something serious like repeated antibiotic cures disrupt them. However, they can differ quite substantially between individuals as well as between populations, reflecting factors such as nutrition and environmental exposures.\r\n\r\nIt has been proposed, and to a degree already demonstrated, that differences between individuals in which gut bacteria they harbour may underlie differences in their susceptibility to disease, their resilience to stressors, and their responses to environmental stimuli. Thus the variation in responses to the same lifestyle between different people may reflect their gut microbiomes. This would open up several venues of personalized medicine, lifestyle advice and nutrition. Choice of medications, diets or interventions could be selected according to a person's specific microbiome to be most effective. It might also be possible to potentiate such interventions by altering the gut microbiome in different ways, such as through antibiotics, probiotics, nutrition or through microbiome transplantation from another person. Alternately put, by adapting the microbiome to a lifestyle intervention, and/or adapting a lifestyle intervention to the microbiome, we may be able to optimize how a given person can seek and achieve fitness and health.\r\n\r\nIn this talk, I will outline what we know on these topics so far, especially from studies using large-scale microbial (meta-)genome DNA sequencing. In this talk I will draw on work by my own lab at the Charité in Berlin, as well as that of our colleagues, rivals and collaborators elsewhere in the world. I will give examples of known gut microbial modulation of human responses to the external environment and introduce the most common strategies both for researching such effects and for their leverage as health-promoting tools. Where there are limits to our knowledge or obstacles to its practical application, I will identify those obstacles and suggest ways to overcome them.\n\n\nWhy do some people stay fit and healthy easier than others, even when following the same health advice? Why does the same medication work well in one person, but not in another? Some of our individuality in these regards may trace to which bacteria we carry in the soil of our intestinal gardens. In this talk, drawing on work by my own research lab at the Charité and on that by our collaborators and rivals elsewhere in the world, I outline what we know, what we speculate, and what obstacles remain in the way of widespread adoption of personalized health prevention through microbiome sequencing.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53753],"name":"Sofia Kirke Forslund-Startceva","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52373}],"timeband_id":1142,"links":[{"label":"Host-Microbiome Systems Medicine Lab webpage","type":"link","url":"https://www.mdc-berlin.de/forslund"}],"end":"2023-12-29T16:20:00.000-0000","id":53753,"village_id":null,"begin_timestamp":{"seconds":1703864400,"nanoseconds":0},"tag_ids":[46123,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52373}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"begin":"2023-12-29T15:40:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"","title":"Lina & Paul Gregor","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"","end_timestamp":{"seconds":1703872800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:00:00.000-0000","id":53963,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703863800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T15:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"3 years after uprising in Belarus - political situation and repressions in the country In August 2020 belarusian people rose against dictatorship of Alexander Lukashenko hopping to overthrow a regime, existing in Belarus since 1994. Several months of protests ended up in mass wave of repressions and political migration from the country. With thousands of political prisoners out of which at least 30 are anarchists, Belarus is the country with one of the highest levels of repressions in Europe this days.\r\n\r\nCouple of years later Vladimir Putin started full scale invasion of Ukraine with support of belarusian regime. This created even more problems for the rest of resistance against dictatorship in Belarus.\r\n\r\nDuring this talk member of ABC-Belarus will present the current political situation inside the country and in diaspora organized in Poland/Lithuania. What are the perspectives of the people trying to overthrow dictatorship and what is the role of anarchists in the whole story?\r\n\r\nThe talk will be around 90 minutes with space for questions and a discussion.\n\n\n","title":"3 years after uprising in Belarus - political situation and repressions in the coutry","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703869200,"nanoseconds":0},"android_description":"3 years after uprising in Belarus - political situation and repressions in the country In August 2020 belarusian people rose against dictatorship of Alexander Lukashenko hopping to overthrow a regime, existing in Belarus since 1994. Several months of protests ended up in mass wave of repressions and political migration from the country. With thousands of political prisoners out of which at least 30 are anarchists, Belarus is the country with one of the highest levels of repressions in Europe this days.\r\n\r\nCouple of years later Vladimir Putin started full scale invasion of Ukraine with support of belarusian regime. This created even more problems for the rest of resistance against dictatorship in Belarus.\r\n\r\nDuring this talk member of ABC-Belarus will present the current political situation inside the country and in diaspora organized in Poland/Lithuania. What are the perspectives of the people trying to overthrow dictatorship and what is the role of anarchists in the whole story?\r\n\r\nThe talk will be around 90 minutes with space for questions and a discussion.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:00:00.000-0000","id":53780,"begin_timestamp":{"seconds":1703863800,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"begin":"2023-12-29T15:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Über die letzten vier Jahre sind in der Nautosphäre um den Chaos Computer Club, Deutschland, Europa und der Welt aufregende, irritierende, bemerkenswerte und empörenswerte Dinge passiert, bei deren Einordnung wir gerne helfend zur Seite stehen wollen.\r\n\r\nVon Berichten aus den Erfahrungsaustauschkreisen über die digitalen Hausbesuche bei den Luca-Apps dieser Welt, von kleinen und riesengroßen Hacker-Veranstaltungen zu den inzwischen schöne Tradition gewordenen Gutachten für unser Verfassungsgericht wollen wir in vielen kleinen Wortmeldung ein rundes Bild zu den Entwicklungen der letzten vier Jahre und einen Ausblick auf das Jahr 2024 geben.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Vierjahresrückblick des CCC","android_description":"Über die letzten vier Jahre sind in der Nautosphäre um den Chaos Computer Club, Deutschland, Europa und der Welt aufregende, irritierende, bemerkenswerte und empörenswerte Dinge passiert, bei deren Einordnung wir gerne helfend zur Seite stehen wollen.\r\n\r\nVon Berichten aus den Erfahrungsaustauschkreisen über die digitalen Hausbesuche bei den Luca-Apps dieser Welt, von kleinen und riesengroßen Hacker-Veranstaltungen zu den inzwischen schöne Tradition gewordenen Gutachten für unser Verfassungsgericht wollen wir in vielen kleinen Wortmeldung ein rundes Bild zu den Entwicklungen der letzten vier Jahre und einen Ausblick auf das Jahr 2024 geben.","end_timestamp":{"seconds":1703871000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53737,53743,53652],"name":"Anna Biselli","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52420},{"conference_id":131,"event_ids":[53737],"name":"Henning","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52440}],"timeband_id":1142,"links":[],"end":"2023-12-29T17:30:00.000-0000","id":53737,"begin_timestamp":{"seconds":1703863800,"nanoseconds":0},"tag_ids":[46119,46136,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52420},{"tag_id":46107,"sort_order":1,"person_id":52440}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T15:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Neural Cellular Automata is a differentiable self-organising system composed of a set of individual agents, each executing a local rule to achieve a global objective. Every agent recurrently operates under the same rule, enabling cells to acquire distributed, local algorithms with minimal parameters. This system demonstrates exceptional versatility in solving various tasks, encompassing feedback control and generative modeling.\r\n\r\nThe presentation will include a diverse array of live demos, showcasing the practical applications and capabilities of NCA.\r\n\r\npaper link: https://distill.pub/selforg/2021/textures/\n\n\n","title":"neural cellular automata","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"Neural Cellular Automata is a differentiable self-organising system composed of a set of individual agents, each executing a local rule to achieve a global objective. Every agent recurrently operates under the same rule, enabling cells to acquire distributed, local algorithms with minimal parameters. This system demonstrates exceptional versatility in solving various tasks, encompassing feedback control and generative modeling.\r\n\r\nThe presentation will include a diverse array of live demos, showcasing the practical applications and capabilities of NCA.\r\n\r\npaper link: https://distill.pub/selforg/2021/textures/","end_timestamp":{"seconds":1703866800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:20:00.000-0000","id":53951,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703863200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T15:20:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Egal ob Trampen, geplante Privatinsolvenz um Geldstrafen aus Braunkohleprotest zu umgehen, containern oder so tun als würde man 1Mio. € anlegen wollen, nur um kostenlos Tee und Kekse in Frankfurter Banktürmen abstauben, wenn der Anschlusszug mal wieder zu spät ist.\r\nIch hab ne lange Liste an lustigen, geprüften und brauchbaren Tricks aus meinem Vagabundleben und linken aktivistischen Kreisen. Freu mich aber auch über neue Inspirationen und Optimierungen. \r\n!! Findet im Gang hinter der Assembly des Openlab Augsburg statt !!\r\n\r\n🧮\n\n\nFindet im Gang hinter der Assembly des Openlab Augsburg statt","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Legale und andere Tricks ohne Geld durch die Welt zu kommen","android_description":"Egal ob Trampen, geplante Privatinsolvenz um Geldstrafen aus Braunkohleprotest zu umgehen, containern oder so tun als würde man 1Mio. € anlegen wollen, nur um kostenlos Tee und Kekse in Frankfurter Banktürmen abstauben, wenn der Anschlusszug mal wieder zu spät ist.\r\nIch hab ne lange Liste an lustigen, geprüften und brauchbaren Tricks aus meinem Vagabundleben und linken aktivistischen Kreisen. Freu mich aber auch über neue Inspirationen und Optimierungen. \r\n!! Findet im Gang hinter der Assembly des Openlab Augsburg statt !!\r\n\r\n🧮\n\n\nFindet im Gang hinter der Assembly des Openlab Augsburg statt","end_timestamp":{"seconds":1703865600,"nanoseconds":0},"updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:00:00.000-0000","id":54001,"begin_timestamp":{"seconds":1703862000,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Corridor outside Hall 3 near Openlab Augsburg","hotel":"","short_name":"Corridor outside Hall 3 near Openlab Augsburg","id":46170},"spans_timebands":"N","updated":"2023-12-29T15:25:00.000-0000","begin":"2023-12-29T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Reading data from the blockchain can be a PITA when you have to juggle with RPC calls, dependent requests and computation. I'll present the common patterns to get on-chain data to the client and even do some read computation in EVM!\r\n\r\nhttps://tome.app/fairy-09b/escaping-the-multicall-of-madness-how-to-read-and-compute-evm-data-with-style-cli0mhdkm1xna45407wkkf5jr\n\n\nReading data from the blockchain can be a PITA when you have to juggle with RPC calls, dependent requests and computation. I'll present the common patterns to get on-chain data to the client and even do some read computation in EVM!","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Escaping the Multicall of Madness (how to read data from EVM blockchains in style)","android_description":"Reading data from the blockchain can be a PITA when you have to juggle with RPC calls, dependent requests and computation. I'll present the common patterns to get on-chain data to the client and even do some read computation in EVM!\r\n\r\nhttps://tome.app/fairy-09b/escaping-the-multicall-of-madness-how-to-read-and-compute-evm-data-with-style-cli0mhdkm1xna45407wkkf5jr\n\n\nReading data from the blockchain can be a PITA when you have to juggle with RPC calls, dependent requests and computation. I'll present the common patterns to get on-chain data to the client and even do some read computation in EVM!","end_timestamp":{"seconds":1703865600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:00:00.000-0000","id":53977,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703862000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Presentation in German about a software to track attendance of students in schools. The project was implemented with a grant from Prototype Funds.\n\n\nVorstellung der Finanzierung und Umsetzung des Projekts BinDa zur Anwesenheitserfassung von Schüler:innen an reformpädagogisch-orientierten Schulen","title":"BinDa - Anwesenheitserfassung für Schüler:innen / Umsetzung eines Projektes im Rahmen des Prototype Funds","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"Presentation in German about a software to track attendance of students in schools. The project was implemented with a grant from Prototype Funds.\n\n\nVorstellung der Finanzierung und Umsetzung des Projekts BinDa zur Anwesenheitserfassung von Schüler:innen an reformpädagogisch-orientierten Schulen","end_timestamp":{"seconds":1703865600,"nanoseconds":0},"updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:00:00.000-0000","id":53891,"village_id":null,"begin_timestamp":{"seconds":1703862000,"nanoseconds":0},"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"cyber4EDU Assembly","hotel":"","short_name":"cyber4EDU Assembly","id":46159},"begin":"2023-12-29T15:00:00.000-0000","updated":"2023-12-29T15:25:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Dear children, this is your time to shine! On the 3rd Congress day, we will open a stage just for you in the Kidspace workshop room. Share your exciting projects, ingenious inventions or creative stories in our Kids’ Lightning Talks. 🚀\r\n\r\n🌈 Bring your models, drawings or just your amazing thoughts. Whether it’s a self-built robot car, a fantastic drawing story or a clever app idea - we want to see what inspires you!\r\n\r\n👉 Registration: Come to Kidspace and register with the organizers. Show what you can do in a short talk and share your passion with other young explorers!\n\n\nLiebe Kinder, das ist eure Zeit zu glänzen! Am 3. Congress-Tag öffnen wir im Workshopraum des Kidspace eine Bühne nur für euch. Teilt eure spannenden Projekte, genialen Erfindungen oder kreativen Geschichten in unseren Kinder-Lightning Talks.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Lightning Talks - Kids Edition","android_description":"Dear children, this is your time to shine! On the 3rd Congress day, we will open a stage just for you in the Kidspace workshop room. Share your exciting projects, ingenious inventions or creative stories in our Kids’ Lightning Talks. 🚀\r\n\r\n🌈 Bring your models, drawings or just your amazing thoughts. Whether it’s a self-built robot car, a fantastic drawing story or a clever app idea - we want to see what inspires you!\r\n\r\n👉 Registration: Come to Kidspace and register with the organizers. Show what you can do in a short talk and share your passion with other young explorers!\n\n\nLiebe Kinder, das ist eure Zeit zu glänzen! Am 3. Congress-Tag öffnen wir im Workshopraum des Kidspace eine Bühne nur für euch. Teilt eure spannenden Projekte, genialen Erfindungen oder kreativen Geschichten in unseren Kinder-Lightning Talks.","end_timestamp":{"seconds":1703865600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:00:00.000-0000","id":53802,"begin_timestamp":{"seconds":1703862000,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Kidspace - Workshopraum in Saal B","hotel":"","short_name":"Kidspace - Workshopraum in Saal B","id":46143},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"I recently did a coding bootcamp and am soon starting my first job as a junior software engineer. Before that, I moved through the space of tech-interested people as a philosopher of technology and I am happy to share thoughts about my experience and answer questions in case someone is interested about coding bootcamps for themselves or their loved ones :)\n\n\n","title":"AMA: I did a Coding Bootcamp","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703863800,"nanoseconds":0},"android_description":"I recently did a coding bootcamp and am soon starting my first job as a junior software engineer. Before that, I moved through the space of tech-interested people as a philosopher of technology and I am happy to share thoughts about my experience and answer questions in case someone is interested about coding bootcamps for themselves or their loved ones :)","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T15:30:00.000-0000","id":53779,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703862000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This will be a great opportunity for members of the community to meet each other and socialise, as well as an opportunity for anyone interested in Tor to come and meet each other and become part of the Tor community.\r\n\r\nThere will be a talk by Q Misell on progress with ACME for Onion Services.\r\n\r\nLocation: TBC\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Tor Meetup","end_timestamp":{"seconds":1703869200,"nanoseconds":0},"android_description":"This will be a great opportunity for members of the community to meet each other and socialise, as well as an opportunity for anyone interested in Tor to come and meet each other and become part of the Tor community.\r\n\r\nThere will be a talk by Q Misell on progress with ACME for Onion Services.\r\n\r\nLocation: TBC","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:00:00.000-0000","id":53761,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703862000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"begin":"2023-12-29T15:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Eine neue Episode des Fliegerpodcasts \"Comeflywithus\": Olli und Steffen sprechen auf dem 37c3 über das Thema \"GPS Spoofing - Wenn das Flugzeug-Navi eine plötzliche Abzweigung nimmt\".","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#93758d","name":"Podcasting table (45 minutes)","id":46128},"title":"Comeflywithus Podcast - live @congress","end_timestamp":{"seconds":1703864700,"nanoseconds":0},"android_description":"Eine neue Episode des Fliegerpodcasts \"Comeflywithus\": Olli und Steffen sprechen auf dem 37c3 über das Thema \"GPS Spoofing - Wenn das Flugzeug-Navi eine plötzliche Abzweigung nimmt\".","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53537],"name":"Olli und Steffen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52313}],"timeband_id":1142,"links":[],"end":"2023-12-29T15:45:00.000-0000","id":53537,"tag_ids":[46128,46139],"village_id":null,"begin_timestamp":{"seconds":1703862000,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52313}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"spans_timebands":"N","begin":"2023-12-29T15:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: 3rik\r\n\r\nDies ist unser offenes Open Source Gärtner:innen Treffen. Nach einem kurzen Input gibt es Raum für Feedback, was gefällt euch an den Open Source Gardens, was könnte besser sein, wo wollen wir hin, was können wir gemeinsam erreichen etc?\r\n\r\nAußerdem gibt es Raum für eure persönlichen Garden Hacks sowie über Open Source Software und Hardware die jede/r im Garten kennen (lernen) sollte, über (lokale) Gemeinschaften und Initiativen und alles was sonst noch dazu gehört zum zusammen pflanzen und gemeinsam wachsen.\r\n\r\nsiehe auch https://write.as/opensourcegardens/cfp-garden-hacks-and-technology-snacks-lightning-talks\n\n\nDies ist unser offenes Open Source Gärtner:innen Treffen. Nach einem kurzen Input gibt es Raum für Feedback, was gefällt euch an den Open Source Gardens, was könnte besser sein, wo wollen wir hin, was können wir gemeinsam erreichen etc?","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Garden Hacks (Open Source Gärtner:innen-Treffen)","android_description":"Host: 3rik\r\n\r\nDies ist unser offenes Open Source Gärtner:innen Treffen. Nach einem kurzen Input gibt es Raum für Feedback, was gefällt euch an den Open Source Gardens, was könnte besser sein, wo wollen wir hin, was können wir gemeinsam erreichen etc?\r\n\r\nAußerdem gibt es Raum für eure persönlichen Garden Hacks sowie über Open Source Software und Hardware die jede/r im Garten kennen (lernen) sollte, über (lokale) Gemeinschaften und Initiativen und alles was sonst noch dazu gehört zum zusammen pflanzen und gemeinsam wachsen.\r\n\r\nsiehe auch https://write.as/opensourcegardens/cfp-garden-hacks-and-technology-snacks-lightning-talks\n\n\nDies ist unser offenes Open Source Gärtner:innen Treffen. Nach einem kurzen Input gibt es Raum für Feedback, was gefällt euch an den Open Source Gardens, was könnte besser sein, wo wollen wir hin, was können wir gemeinsam erreichen etc?","end_timestamp":{"seconds":1703865600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:00:00.000-0000","id":53500,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703862000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","begin":"2023-12-29T15:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Gamma-ray bursts are the biggest explosions in our Universe since the Big Bang: In just a few seconds, they release as much energy as the Sun will radiate over its entire lifetime. Even though they occur in far-away galaxies, their emission dominates the high-energy astrophysical sky during their seconds-long duration. They come from the cataclysmic deaths of very massive stars or the mergers of two compact objects such as neutron stars and black holes. In both cases the energy is concentrated in an astrophysical jet moving at approximately the speed of light. \r\nIn October 2022, a once-in-a-lifetime gamma-ray burst smashed records and was dubbed the ‘Brightest of All Time,’ or the BOAT. In fact, it was so bright that it oversaturated the most sensitive gamma-ray burst monitors, posing a challenge for data reconstruction and analysis. But why was it so bright? And how long do we have to wait until the next one? \r\n\r\nUsing the BOAT as an example, we will give an introduction about the fascinating phenomena called gamma-ray bursts. From their accidental discovery during the Cold War to our still surprisingly limited understanding of their nature. The talk will revisit the state-of-the-art of theoretical modelling/interpretations (how are jets launched? what produces the gamma rays?), as well as current detector techniques (how do we catch a gamma-ray photon on Earth or in space?). Naturally, we will also discuss what we really learn from prominent, outstanding events such as the BOAT -- and the questions that still give scientists headaches.\r\n\\*\\*\\*\\* Literature References/Further Reading \\*\\*\\*\\*\r\n\r\n[R1] Vela 4 satellites https://nssdc.gsfc.nasa.gov/nmc/spacecraft/display.action?id=1967-040A​\r\n[R2] First GRB publication Klebesadel et al 1973 https://articles.adsabs.harvard.edu/pdf/1973ApJ...182L..85​\r\n[R3] Statistical test of isotropy on BATSE sample https://arxiv.org/abs/astro-ph/9509078 ​\r\n[R4] First afterglow https://ui.adsabs.harvard.edu/abs/1997Natur.387..783C/abstract ​\r\n[R5] First redshift measurement https://www.nature.com/articles/43132 ​\r\n[R6] Gravitational waves NS-NS GW170817 and short GRB 170817A https://iopscience.iop.org/article/10.3847/2041-8213/aa920c/meta ​\r\n[R7] Possible evolutions of a compact binary merger and assigned GW signals https://arxiv.org/abs/1212.2289​\r\n[R8] A unified picture for compact binary mergers https://arxiv.org/abs/2309.00038 ​\r\n[R9] Properties of Wolf-Rayet stars https://arxiv.org/abs/astro-ph/0610356​\r\n[R10] Blandford-Znajek mechanism for jet launching, original paper https://academic.oup.com/mnras/article/179/3/433/962905 and short summary https://www.seramarkoff.com/2019/04/how-are-magnetised-jets-launched/ ​\r\n[R11] GR-MHD simulation of NS-NS merger jet https://arxiv.org/abs/2205.01691 ​\r\n[R12] GR-MHD simulation of collapsar jet https://arxiv.org/abs/2204.12501 ​\r\n[R13] Fermi acceleration at astrophysical shocks confirmed by numerical simulations https://iopscience.iop.org/article/10.1086/590248 ​\r\n[R14] Numerical simulations of acceleration in magnetic reconnection https://iopscience.iop.org/article/10.1088/2041-8205/783/1/L21 ​\r\n[R15] Summary paper for current status of prompt phase GRB https://doi.org/10.3390/galaxies10020038 ​\r\n[R16] Basic afterglow theory from a decelerating blastwave https://arxiv.org/abs/astro-ph/9712005 ​\r\n[R17] Design example of optical telescope https://www.lsst.org/about/tel-site/optical\\_design​\r\n[R18] Fermi GBM design https://ui.adsabs.harvard.edu/abs/2009ApJ...702..791M/abstract ​\r\n[R19] Fermi LAT summary https://ui.adsabs.harvard.edu/abs/2022hxga.book..118R/abstract ​\r\n[R20] LHAASO instrument and science https://arxiv.org/abs/1905.02773 ​\r\n[R21] GCN of GRB 221009A https://gcn.gsfc.nasa.gov/other/221009A.gcn3 + TeVCat http://tevcat.uchicago.edu/?mode=1;id=364 ​\r\n[R22] Fermi-GBM Pulse Pileup reconstruction https://ui.adsabs.harvard.edu/abs/2013NIMPA.717...21C/abstract​\r\n[R23] The BOAT in context with other events https://iopscience.iop.org/article/10.3847/2041-8213/acc39c/meta​\r\n[R24] Swift paper on the BOAT https://iopscience.iop.org/article/10.3847/2041-8213/acbcd1 ​\r\n[R25] A structured jet explains the BOAT https://arxiv.org/abs/2302.07906 (open access version of science article) ​\r\n[R26] LHAASO reports TeV emission from narrow jet https://arxiv.org/abs/2306.06372 (open access version of science article)​\r\n[R27] LHAASO extra component at the highest energies https://www.science.org/doi/10.1126/sciadv.adj2778 ​\r\n[R28] The BOAT high-energy emission explained by beyond the standard model physics https://arxiv.org/abs/2305.05145 ​\r\n\r\n\\*\\*\\*\\*\\* Image References \\*\\*\\*\\*\\*\r\n[IM1] 123RF​\r\n[IM2]USAF​\r\n[IM3] Bonnell 1995​\r\n[IM4] https://en.m.wikipedia.org/wiki/File:Compton\\_Gamma\\_Ray\\_Observatory\\_grappeled\\_by\\_Atlantis\\_(S37-99-056).jpg​\r\n[IM5] D. Perley, Wikimedia Commons https://en.m.wikipedia.org/wiki/File:GRB\\_BATSE\\_12lightcurves.png​\r\n[IM6] https://www.esa.int/Science\\_Exploration/Space\\_Science/Gaia/Gaia\\_creates\\_richest\\_star\\_map\\_of\\_our\\_Galaxy\\_and\\_beyond​\r\n[IM7] BATSE https://heasarc.gsfc.nasa.gov/docs/cgro/images/epo/gallery/grbs/index.html​\r\n[IM8] E. Costa et al., Nature, Vol. 387, Issue 6635, pg. 783-785 (1997). https://ui.adsabs.harvard.edu/abs/1997Natur.387..783C/abstract ​\r\n[IM9] https://heasarc.gsfc.nasa.gov/docs/sax/saxgof.html ​\r\n[IM10] Neil Gehrels Swift Observatory​\r\n[IM11] https://commons.wikimedia.org/wiki/File:Redshift.svg​\r\n[IM12] https://commons.wikimedia.org/wiki/File:The\\_Blue\\_Marble\\_(remastered).jpg​\r\n[IM13] https://en.wikipedia.org/wiki/File:NGC\\_4414\\_(NASA-med).jpg​\r\n[IM14] Edo Berger (Harvard/CfA)​\r\n[IM15] NASA's Goddard Space Flight Center​\r\n[IM16] BATSE team​\r\n[IM17] iStock​\r\n[IM18] https://arxiv.org/abs/1212.2289​\r\n[IM19] https://www.nasa.gov/image-article/mini-supernova-explosion-could-have-big-impact/​\r\n[IM20] Ore Gottlieb https://oregottlieb.com/NSM\\_GRMHD.html ​\r\n[IM21] Ore Gottlieb https://oregottlieb.com/collapsar.html ​\r\n[IM22] NASA/CXC/Rutgers/J.Warren & J.Hughes et al ​\r\n[IM23] NorthNorth West​\r\n[IM24] https://www.stockio.com/free-clipart/cartoon-eyes​\r\n[IM25] https://eljentechnology.com/products/plastic-scintillators​\r\n[IM26] C. Meegan et al., ApJ, Vol. 702, Issue 1, pg. 791-804 (2009)​\r\n[IM27] NASA, https://science.nasa.gov/toolkits/spacecraft-icons​\r\n[IM28] W. B. Atwood et al., ApJ Vol. 697, pg. 1071 (2009)​\r\n[IM29] NASA, https://commons.wikimedia.org/wiki/File:GLAST\\_on\\_the\\_payload\\_attach\\_fitting.jpg​\r\n[IM30] NASA and Steven Ritz / UC Santa Cruz​\r\n[IM31] J. Knapp​\r\n[IM32] Armelle Jardin-Blicq, https://ui.adsabs.harvard.edu/abs/2019PhDT........47J/abstract​\r\n[IM33] LHAASO​\r\n[IM34] https://en.m.wikipedia.org/wiki/File:BlankMap-World.svg ​\r\n[IM35] https://www.center.top/eng/attractions/202203/58434437.html ​\r\n[IM36-IM38] Adam Goldstein, Fermi-GBM​\r\n[IM39] V. Chaplin et al., NIM-A, Vol. 717, pg. 21-36 ​\r\n[IM40] C. Meegan et al., ApJ, Vol. 702, Issue 1, pg. 791-804 (2009)​\r\n[IM41 & IM43] Maia A. Williams et al 2023 ApJL 946 L24 ​\r\n[IM42 & IM44] Eric Burns et al 2023 ApJL 946 L31​\r\n[IM45] LHAASO collaboration Science 380 (2023) 6652​\r\n[IM46] LHAASO collaboration Sci.Adv. 9 (2023) 46, adj2778\n\n\nIn October 2022 a gamma-ray burst dubbed the 'Brightest Of All Times' smashed records. But what is that actually, a gamma-ray burst? How do we detect it? And why was the BOAT so special?","title":"About Gamma-Ray Bursts And Boats","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703865600,"nanoseconds":0},"android_description":"Gamma-ray bursts are the biggest explosions in our Universe since the Big Bang: In just a few seconds, they release as much energy as the Sun will radiate over its entire lifetime. Even though they occur in far-away galaxies, their emission dominates the high-energy astrophysical sky during their seconds-long duration. They come from the cataclysmic deaths of very massive stars or the mergers of two compact objects such as neutron stars and black holes. In both cases the energy is concentrated in an astrophysical jet moving at approximately the speed of light. \r\nIn October 2022, a once-in-a-lifetime gamma-ray burst smashed records and was dubbed the ‘Brightest of All Time,’ or the BOAT. In fact, it was so bright that it oversaturated the most sensitive gamma-ray burst monitors, posing a challenge for data reconstruction and analysis. But why was it so bright? And how long do we have to wait until the next one? \r\n\r\nUsing the BOAT as an example, we will give an introduction about the fascinating phenomena called gamma-ray bursts. From their accidental discovery during the Cold War to our still surprisingly limited understanding of their nature. The talk will revisit the state-of-the-art of theoretical modelling/interpretations (how are jets launched? what produces the gamma rays?), as well as current detector techniques (how do we catch a gamma-ray photon on Earth or in space?). Naturally, we will also discuss what we really learn from prominent, outstanding events such as the BOAT -- and the questions that still give scientists headaches.\r\n\\*\\*\\*\\* Literature References/Further Reading \\*\\*\\*\\*\r\n\r\n[R1] Vela 4 satellites https://nssdc.gsfc.nasa.gov/nmc/spacecraft/display.action?id=1967-040A​\r\n[R2] First GRB publication Klebesadel et al 1973 https://articles.adsabs.harvard.edu/pdf/1973ApJ...182L..85​\r\n[R3] Statistical test of isotropy on BATSE sample https://arxiv.org/abs/astro-ph/9509078 ​\r\n[R4] First afterglow https://ui.adsabs.harvard.edu/abs/1997Natur.387..783C/abstract ​\r\n[R5] First redshift measurement https://www.nature.com/articles/43132 ​\r\n[R6] Gravitational waves NS-NS GW170817 and short GRB 170817A https://iopscience.iop.org/article/10.3847/2041-8213/aa920c/meta ​\r\n[R7] Possible evolutions of a compact binary merger and assigned GW signals https://arxiv.org/abs/1212.2289​\r\n[R8] A unified picture for compact binary mergers https://arxiv.org/abs/2309.00038 ​\r\n[R9] Properties of Wolf-Rayet stars https://arxiv.org/abs/astro-ph/0610356​\r\n[R10] Blandford-Znajek mechanism for jet launching, original paper https://academic.oup.com/mnras/article/179/3/433/962905 and short summary https://www.seramarkoff.com/2019/04/how-are-magnetised-jets-launched/ ​\r\n[R11] GR-MHD simulation of NS-NS merger jet https://arxiv.org/abs/2205.01691 ​\r\n[R12] GR-MHD simulation of collapsar jet https://arxiv.org/abs/2204.12501 ​\r\n[R13] Fermi acceleration at astrophysical shocks confirmed by numerical simulations https://iopscience.iop.org/article/10.1086/590248 ​\r\n[R14] Numerical simulations of acceleration in magnetic reconnection https://iopscience.iop.org/article/10.1088/2041-8205/783/1/L21 ​\r\n[R15] Summary paper for current status of prompt phase GRB https://doi.org/10.3390/galaxies10020038 ​\r\n[R16] Basic afterglow theory from a decelerating blastwave https://arxiv.org/abs/astro-ph/9712005 ​\r\n[R17] Design example of optical telescope https://www.lsst.org/about/tel-site/optical\\_design​\r\n[R18] Fermi GBM design https://ui.adsabs.harvard.edu/abs/2009ApJ...702..791M/abstract ​\r\n[R19] Fermi LAT summary https://ui.adsabs.harvard.edu/abs/2022hxga.book..118R/abstract ​\r\n[R20] LHAASO instrument and science https://arxiv.org/abs/1905.02773 ​\r\n[R21] GCN of GRB 221009A https://gcn.gsfc.nasa.gov/other/221009A.gcn3 + TeVCat http://tevcat.uchicago.edu/?mode=1;id=364 ​\r\n[R22] Fermi-GBM Pulse Pileup reconstruction https://ui.adsabs.harvard.edu/abs/2013NIMPA.717...21C/abstract​\r\n[R23] The BOAT in context with other events https://iopscience.iop.org/article/10.3847/2041-8213/acc39c/meta​\r\n[R24] Swift paper on the BOAT https://iopscience.iop.org/article/10.3847/2041-8213/acbcd1 ​\r\n[R25] A structured jet explains the BOAT https://arxiv.org/abs/2302.07906 (open access version of science article) ​\r\n[R26] LHAASO reports TeV emission from narrow jet https://arxiv.org/abs/2306.06372 (open access version of science article)​\r\n[R27] LHAASO extra component at the highest energies https://www.science.org/doi/10.1126/sciadv.adj2778 ​\r\n[R28] The BOAT high-energy emission explained by beyond the standard model physics https://arxiv.org/abs/2305.05145 ​\r\n\r\n\\*\\*\\*\\*\\* Image References \\*\\*\\*\\*\\*\r\n[IM1] 123RF​\r\n[IM2]USAF​\r\n[IM3] Bonnell 1995​\r\n[IM4] https://en.m.wikipedia.org/wiki/File:Compton\\_Gamma\\_Ray\\_Observatory\\_grappeled\\_by\\_Atlantis\\_(S37-99-056).jpg​\r\n[IM5] D. Perley, Wikimedia Commons https://en.m.wikipedia.org/wiki/File:GRB\\_BATSE\\_12lightcurves.png​\r\n[IM6] https://www.esa.int/Science\\_Exploration/Space\\_Science/Gaia/Gaia\\_creates\\_richest\\_star\\_map\\_of\\_our\\_Galaxy\\_and\\_beyond​\r\n[IM7] BATSE https://heasarc.gsfc.nasa.gov/docs/cgro/images/epo/gallery/grbs/index.html​\r\n[IM8] E. Costa et al., Nature, Vol. 387, Issue 6635, pg. 783-785 (1997). https://ui.adsabs.harvard.edu/abs/1997Natur.387..783C/abstract ​\r\n[IM9] https://heasarc.gsfc.nasa.gov/docs/sax/saxgof.html ​\r\n[IM10] Neil Gehrels Swift Observatory​\r\n[IM11] https://commons.wikimedia.org/wiki/File:Redshift.svg​\r\n[IM12] https://commons.wikimedia.org/wiki/File:The\\_Blue\\_Marble\\_(remastered).jpg​\r\n[IM13] https://en.wikipedia.org/wiki/File:NGC\\_4414\\_(NASA-med).jpg​\r\n[IM14] Edo Berger (Harvard/CfA)​\r\n[IM15] NASA's Goddard Space Flight Center​\r\n[IM16] BATSE team​\r\n[IM17] iStock​\r\n[IM18] https://arxiv.org/abs/1212.2289​\r\n[IM19] https://www.nasa.gov/image-article/mini-supernova-explosion-could-have-big-impact/​\r\n[IM20] Ore Gottlieb https://oregottlieb.com/NSM\\_GRMHD.html ​\r\n[IM21] Ore Gottlieb https://oregottlieb.com/collapsar.html ​\r\n[IM22] NASA/CXC/Rutgers/J.Warren & J.Hughes et al ​\r\n[IM23] NorthNorth West​\r\n[IM24] https://www.stockio.com/free-clipart/cartoon-eyes​\r\n[IM25] https://eljentechnology.com/products/plastic-scintillators​\r\n[IM26] C. Meegan et al., ApJ, Vol. 702, Issue 1, pg. 791-804 (2009)​\r\n[IM27] NASA, https://science.nasa.gov/toolkits/spacecraft-icons​\r\n[IM28] W. B. Atwood et al., ApJ Vol. 697, pg. 1071 (2009)​\r\n[IM29] NASA, https://commons.wikimedia.org/wiki/File:GLAST\\_on\\_the\\_payload\\_attach\\_fitting.jpg​\r\n[IM30] NASA and Steven Ritz / UC Santa Cruz​\r\n[IM31] J. Knapp​\r\n[IM32] Armelle Jardin-Blicq, https://ui.adsabs.harvard.edu/abs/2019PhDT........47J/abstract​\r\n[IM33] LHAASO​\r\n[IM34] https://en.m.wikipedia.org/wiki/File:BlankMap-World.svg ​\r\n[IM35] https://www.center.top/eng/attractions/202203/58434437.html ​\r\n[IM36-IM38] Adam Goldstein, Fermi-GBM​\r\n[IM39] V. Chaplin et al., NIM-A, Vol. 717, pg. 21-36 ​\r\n[IM40] C. Meegan et al., ApJ, Vol. 702, Issue 1, pg. 791-804 (2009)​\r\n[IM41 & IM43] Maia A. Williams et al 2023 ApJL 946 L24 ​\r\n[IM42 & IM44] Eric Burns et al 2023 ApJL 946 L31​\r\n[IM45] LHAASO collaboration Science 380 (2023) 6652​\r\n[IM46] LHAASO collaboration Sci.Adv. 9 (2023) 46, adj2778\n\n\nIn October 2022 a gamma-ray burst dubbed the 'Brightest Of All Times' smashed records. But what is that actually, a gamma-ray burst? How do we detect it? And why was the BOAT so special?","updated_timestamp":{"seconds":1703954760,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53496],"name":"Sylvia Zhu","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52340},{"conference_id":131,"event_ids":[53496],"name":"Annika Rudolph","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52438}],"timeband_id":1142,"links":[],"end":"2023-12-29T16:00:00.000-0000","id":53496,"tag_ids":[46123,46136,46140],"village_id":null,"begin_timestamp":{"seconds":1703862000,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52438},{"tag_id":46107,"sort_order":1,"person_id":52340}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"begin":"2023-12-29T15:00:00.000-0000","updated":"2023-12-30T16:46:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"With ANIMAL()CITY we draw inspiration from the ghostly presence of foxes that roam the city at night – which nowadays is a common appearance in urban environments – evoking echoes of a pre-industrial era while at the same time drawing people’s attention to a layer of the city that completely eludes their perception in everyday life. In these moments we witness animals and plants forming their own realm and the city itself having its own life, acting like an entity, a ghost at times. Encounters with wild animals in the city make the parallel layers of the landscape momentarily tangible and remind us that we are part of these ‘non-human’ networks as well. On a darker note: urban wildlife not only echoes pre-industrial times but also projects an idea of what our cities will look like when all the people have disappeared due to the consequences of the climate catastrophe. However, the city may also be read analogous to the internet. Animals, humans and plants seldomly interact within the city, and while we might notice traces or encounter their phantoms we seem to live in parallel worlds. Similarly, online we are divided by platforms into threads and channels, living in multi-layered structures haunted by uncanny bots and AI agents.\r\n\r\nWe believe that AR sculptures highlight an ethereal quality of the digital; they appear to transcend from the realm of immateriality into the physical space – the so-called spatial internet that overlays our cities. AR layers possess a magical quality in that they exist as objects whose influence on our world is – on a first step – contingent to our acceptance and perception of them as physical objects.\r\n\r\nANIMAL()CITY is an aesthetic inquiry of the artists’ views on how AR may intercept different layers of perception and realities or completely superimpose them.\r\n\r\nThe exhibition presents a collection of animals that transcend their natural forms and assume various \"non-natural\" shapes; from fantastical mythical creatures to archetypical animal sculpture adhering to classical composition to the most basic 3D animal assets, taken from game engine templates. These AR-animals introduce elements of imagination to their representation, inviting viewers to explore their own interpretations and engage with the artworks on different levels.\n\n\nPresentation/introduction to the ongoing 37C3 art exhibition groupshow with Joachim Blank, Eva Davidova, Meredith Drum, exonemo, Jonas Lund, Sahej Rahal, Ingeborg Wie by panke.gallery (Sakrowski).","title":"ANIMAL()CITY","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"With ANIMAL()CITY we draw inspiration from the ghostly presence of foxes that roam the city at night – which nowadays is a common appearance in urban environments – evoking echoes of a pre-industrial era while at the same time drawing people’s attention to a layer of the city that completely eludes their perception in everyday life. In these moments we witness animals and plants forming their own realm and the city itself having its own life, acting like an entity, a ghost at times. Encounters with wild animals in the city make the parallel layers of the landscape momentarily tangible and remind us that we are part of these ‘non-human’ networks as well. On a darker note: urban wildlife not only echoes pre-industrial times but also projects an idea of what our cities will look like when all the people have disappeared due to the consequences of the climate catastrophe. However, the city may also be read analogous to the internet. Animals, humans and plants seldomly interact within the city, and while we might notice traces or encounter their phantoms we seem to live in parallel worlds. Similarly, online we are divided by platforms into threads and channels, living in multi-layered structures haunted by uncanny bots and AI agents.\r\n\r\nWe believe that AR sculptures highlight an ethereal quality of the digital; they appear to transcend from the realm of immateriality into the physical space – the so-called spatial internet that overlays our cities. AR layers possess a magical quality in that they exist as objects whose influence on our world is – on a first step – contingent to our acceptance and perception of them as physical objects.\r\n\r\nANIMAL()CITY is an aesthetic inquiry of the artists’ views on how AR may intercept different layers of perception and realities or completely superimpose them.\r\n\r\nThe exhibition presents a collection of animals that transcend their natural forms and assume various \"non-natural\" shapes; from fantastical mythical creatures to archetypical animal sculpture adhering to classical composition to the most basic 3D animal assets, taken from game engine templates. These AR-animals introduce elements of imagination to their representation, inviting viewers to explore their own interpretations and engage with the artworks on different levels.\n\n\nPresentation/introduction to the ongoing 37C3 art exhibition groupshow with Joachim Blank, Eva Davidova, Meredith Drum, exonemo, Jonas Lund, Sahej Rahal, Ingeborg Wie by panke.gallery (Sakrowski).","end_timestamp":{"seconds":1703863800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53495],"name":"Sembo","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52394},{"conference_id":131,"event_ids":[53495],"name":"Sakrowski","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52465}],"timeband_id":1142,"links":[{"label":"ANIMAL()CITY at panke.gallery","type":"link","url":"https://www.panke.gallery/exhibition/animal-city"}],"end":"2023-12-29T15:30:00.000-0000","id":53495,"begin_timestamp":{"seconds":1703862000,"nanoseconds":0},"village_id":null,"tag_ids":[46118,46137,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52465},{"tag_id":46107,"sort_order":1,"person_id":52394}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-29T15:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Dies soll ein ungezwungenes Meetup von Lehrkräften und anderen Menschen mit Bildungshintergrund sein, um sich über die Möglichkeiten von Podcasting und generell Audioproduktion in der Bildung auszutauschen.\r\n\r\nSiehe auch hier: https://events.ccc.de/congress/2023/hub/de/event/meetup-podcasting-und-bildung/\n\n\nDies soll ein ungezwungenes Meetup von Lehrkräften und anderen Menschen mit Bildungshintergrund sein, um sich über die Möglichkeiten von Podcasting und generell Audioproduktion in der Bildung auszutauschen.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"SoS: Meetup - Podcasting und Bildung","android_description":"Dies soll ein ungezwungenes Meetup von Lehrkräften und anderen Menschen mit Bildungshintergrund sein, um sich über die Möglichkeiten von Podcasting und generell Audioproduktion in der Bildung auszutauschen.\r\n\r\nSiehe auch hier: https://events.ccc.de/congress/2023/hub/de/event/meetup-podcasting-und-bildung/\n\n\nDies soll ein ungezwungenes Meetup von Lehrkräften und anderen Menschen mit Bildungshintergrund sein, um sich über die Möglichkeiten von Podcasting und generell Audioproduktion in der Bildung auszutauschen.","end_timestamp":{"seconds":1703865600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:00:00.000-0000","id":53431,"begin_timestamp":{"seconds":1703862000,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"SCC-Assembly","hotel":"","short_name":"SCC-Assembly","id":46149},"spans_timebands":"N","begin":"2023-12-29T15:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"MLS improves upon existing protocols such as Signal in group messaging applications. We co-authored the protocol specification and will briefly talk about what motivated the creation of MLS, how it relates to other existing messaging protocols as well as its design process in general.\r\n\r\nAs a group messaging protocol, the security guarantees provided by MLS go beyond authentication and confidentiality. We will go into detail on what security properties users can expect and take a look under the hood on how MLS works.\r\n\r\nWhile the MLS specification has only been published recently, more work is underway and an ecosystem is already forming around the standard. We’ll touch on topics like MLS implementations, metadata hiding, federation, and interoperability between messengers (also in the context of the new IETF MIMI working group [1]). And of course we’ll share insights into the future of Messaging Layer Security!\r\n\r\n[1] https://datatracker.ietf.org/group/mimi/about/\r\n\n\n\nThey call it RFC 9420, we say MLS: A new IETF standard for end-to-end encryption was published in July and brings large improvements in performance and security compared to existing protocols. We are here to present Messaging Layer Security, its ecosystem and its roadmap.\r\n\r\nThe MLS protocol is already being used in production to end-to-end encrypt Webex conference calls and will soon provide encryption for Android messages and RCS 2.0 for billions of users. Other messaging tools (such as Discord, Matrix, Wire, etc.) are currently trialing MLS and are expected to follow.\r\n\r\nWhy was the protocol developed in the first place? How does it work? What are the next steps for MLS?","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"RFC 9420 or how to scale end-to-end encryption with Messaging Layer Security","end_timestamp":{"seconds":1703863500,"nanoseconds":0},"android_description":"MLS improves upon existing protocols such as Signal in group messaging applications. We co-authored the protocol specification and will briefly talk about what motivated the creation of MLS, how it relates to other existing messaging protocols as well as its design process in general.\r\n\r\nAs a group messaging protocol, the security guarantees provided by MLS go beyond authentication and confidentiality. We will go into detail on what security properties users can expect and take a look under the hood on how MLS works.\r\n\r\nWhile the MLS specification has only been published recently, more work is underway and an ecosystem is already forming around the standard. We’ll touch on topics like MLS implementations, metadata hiding, federation, and interoperability between messengers (also in the context of the new IETF MIMI working group [1]). And of course we’ll share insights into the future of Messaging Layer Security!\r\n\r\n[1] https://datatracker.ietf.org/group/mimi/about/\r\n\n\n\nThey call it RFC 9420, we say MLS: A new IETF standard for end-to-end encryption was published in July and brings large improvements in performance and security compared to existing protocols. We are here to present Messaging Layer Security, its ecosystem and its roadmap.\r\n\r\nThe MLS protocol is already being used in production to end-to-end encrypt Webex conference calls and will soon provide encryption for Android messages and RCS 2.0 for billions of users. Other messaging tools (such as Discord, Matrix, Wire, etc.) are currently trialing MLS and are expected to follow.\r\n\r\nWhy was the protocol developed in the first place? How does it work? What are the next steps for MLS?","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53752],"name":"Raphael Robert","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52308},{"conference_id":131,"event_ids":[53752],"name":"Konrad Kohbrok","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52485}],"timeband_id":1142,"links":[],"end":"2023-12-29T15:25:00.000-0000","id":53752,"village_id":null,"tag_ids":[46124,46136,46140],"begin_timestamp":{"seconds":1703861100,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52485},{"tag_id":46107,"sort_order":1,"person_id":52308}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T14:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The return to pre-war economy in Ukraine is impossible. Why\r\nand how the Marshall Plan for Ukraine might fail, and what\r\nsteps could condition its success.\r\nMykyta Soloviov (Lawyer, Macroeconomist, Politician) live from Kharkiv, UA\r\nLanguage: RU, translated live into EN\r\n\r\nhttps://events.ccc.de/congress/2023/hub/en/tag/UAct/\n\n\nThe return to pre-war economy in Ukraine is impossible. Why\r\nand how the Marshall Plan for Ukraine might fail, and what\r\nsteps could condition its success.","title":"U Act! - “The Marshall Plan” for Ukraine","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703865600,"nanoseconds":0},"android_description":"The return to pre-war economy in Ukraine is impossible. Why\r\nand how the Marshall Plan for Ukraine might fail, and what\r\nsteps could condition its success.\r\nMykyta Soloviov (Lawyer, Macroeconomist, Politician) live from Kharkiv, UA\r\nLanguage: RU, translated live into EN\r\n\r\nhttps://events.ccc.de/congress/2023/hub/en/tag/UAct/\n\n\nThe return to pre-war economy in Ukraine is impossible. Why\r\nand how the Marshall Plan for Ukraine might fail, and what\r\nsteps could condition its success.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:00:00.000-0000","id":53967,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703860200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"ChaosZone","hotel":"","short_name":"ChaosZone","id":46138},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T14:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://events.ccc.de/congress/2023/hub/en/event/tracetogether-or-tracktogether/\n\n\nWe do an analysis of TraceTogether, Singapore's COVID-19 contact tracing system, its protocol and technical implementation, as well as a look at alternative protocols and implementations for contact tracing systems. We also discuss privacy concerns relating to the collection of contact tracing data and centralized nature of the TraceTogether system.","title":"TraceTogether or TrackTogether? (Joyce Ng)","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703862900,"nanoseconds":0},"android_description":"https://events.ccc.de/congress/2023/hub/en/event/tracetogether-or-tracktogether/\n\n\nWe do an analysis of TraceTogether, Singapore's COVID-19 contact tracing system, its protocol and technical implementation, as well as a look at alternative protocols and implementations for contact tracing systems. We also discuss privacy concerns relating to the collection of contact tracing data and centralized nature of the TraceTogether system.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T15:15:00.000-0000","id":53856,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703860200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"spans_timebands":"N","begin":"2023-12-29T14:30:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Inhalte bzw. Ziel: Vernetzung! Endlich mal \"diese Leute aus dem Internet\" kennenlernen. Erfahrungen austauschen. Womöglich sammeln wir ja auch Ideen, wie Dinge zugänglicher gemacht werden. Und vielleicht ergibt sich ein Projekt daraus?\r\n\r\nKlärung: Be_hinderung kann viele verschiedene Formen haben. Wir wollen hier einen Raum schaffen, in dem viele verschiedene Menschen sich miteinander austauschen können. Eine \"offizielle\" Diagnose ist dafür absolut nicht notwendig! Wenn du dich selbst als be_hindert beschreibst, bist du hier richtig.\r\n\r\nInhaltswarnung: wir sprechen über unsere Be_hinderungen. Voraussichtlich werden dabei auch negative Erfahrungen geteilt.\r\n\r\nUnd es gilt, hier erst recht: nehmt Rücksicht auf euch selbst, und auch auf andere!\n\n\nZielgruppe für diesen Workshop sind be_hinderte Congress-Besucher:innen (CCCrips). Eine Hackspace- oder C3-Mitgliedschaft ist komplett optional. Wir wollen uns untereinander kennenlernen, Erfahrungen austauschen, und Pläne schmieden! Weltherrschaft, anyone?","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#7f73c6","name":"Workshop","id":46133},"title":"CCCrip Auskotzrunde","android_description":"Inhalte bzw. Ziel: Vernetzung! Endlich mal \"diese Leute aus dem Internet\" kennenlernen. Erfahrungen austauschen. Womöglich sammeln wir ja auch Ideen, wie Dinge zugänglicher gemacht werden. Und vielleicht ergibt sich ein Projekt daraus?\r\n\r\nKlärung: Be_hinderung kann viele verschiedene Formen haben. Wir wollen hier einen Raum schaffen, in dem viele verschiedene Menschen sich miteinander austauschen können. Eine \"offizielle\" Diagnose ist dafür absolut nicht notwendig! Wenn du dich selbst als be_hindert beschreibst, bist du hier richtig.\r\n\r\nInhaltswarnung: wir sprechen über unsere Be_hinderungen. Voraussichtlich werden dabei auch negative Erfahrungen geteilt.\r\n\r\nUnd es gilt, hier erst recht: nehmt Rücksicht auf euch selbst, und auch auf andere!\n\n\nZielgruppe für diesen Workshop sind be_hinderte Congress-Besucher:innen (CCCrips). Eine Hackspace- oder C3-Mitgliedschaft ist komplett optional. Wir wollen uns untereinander kennenlernen, Erfahrungen austauschen, und Pläne schmieden! Weltherrschaft, anyone?","end_timestamp":{"seconds":1703865600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53445,53807],"name":"Helga Velroyen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52253},{"conference_id":131,"event_ids":[53807],"name":"Oliver Suchanek","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52274},{"conference_id":131,"event_ids":[53445,53807],"name":"lavalaempchen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52389},{"conference_id":131,"event_ids":[53807],"name":"Katta","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52508}],"timeband_id":1142,"links":[],"end":"2023-12-29T16:00:00.000-0000","id":53807,"begin_timestamp":{"seconds":1703860200,"nanoseconds":0},"village_id":null,"tag_ids":[46133,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52253},{"tag_id":46107,"sort_order":1,"person_id":52508},{"tag_id":46107,"sort_order":1,"person_id":52274},{"tag_id":46107,"sort_order":1,"person_id":52389}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"begin":"2023-12-29T14:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Interested in [DDNet development](https://github.com/ddnet/ddnet), want to meet fellow [DDNet](https://ddnet.org)/[Teeworlds](https://teeworlds.com) players or are [curious about DDNet](https://store.steampowered.com/app/412220/DDraceNetwork/)?\r\n\r\nThe session includes a lightning talk by Zwelf about the state of DDNet.\r\n\r\nWe'll get together and with interest and time, we can start playing together.\r\n\r\nQuestions: 📞8303\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Teeworlds/DDNet/DDraceNetwork Meetup","android_description":"Interested in [DDNet development](https://github.com/ddnet/ddnet), want to meet fellow [DDNet](https://ddnet.org)/[Teeworlds](https://teeworlds.com) players or are [curious about DDNet](https://store.steampowered.com/app/412220/DDraceNetwork/)?\r\n\r\nThe session includes a lightning talk by Zwelf about the state of DDNet.\r\n\r\nWe'll get together and with interest and time, we can start playing together.\r\n\r\nQuestions: 📞8303","end_timestamp":{"seconds":1703861100,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T14:45:00.000-0000","id":53950,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703859300,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T14:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Dream meets needs. Vectorgraphics can be of use in many different ways - software for livesketching is hard to come by. Coding yourself helps - also with your own style. C with Cairo, Godot and Rust with Raqote are variants that are there to explore: https://gitlab.com/dronn\r\nFurthermore this Workshop will contain a livedrawing session, also with watercolour If you choose.\n\n\nTraum trifft Beduerfnis, Vektorgrafiken können vielseitig verwendet werden, Software zum live skizzieren ist rar. Selbstschreiben hilft - auch dem eigenen Stil. C mit Cairo, Godot und Rust mit Raqote sind Varianten die näher betrachtet werden können: https://gitlab.com/dronn\r\nDarüberraus eine live Zeichensession \"Drink and Draw\" wahlweise auch mit Aquarell.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Art and Play: Livevektorskizzen #2","end_timestamp":{"seconds":1703865600,"nanoseconds":0},"android_description":"Dream meets needs. Vectorgraphics can be of use in many different ways - software for livesketching is hard to come by. Coding yourself helps - also with your own style. C with Cairo, Godot and Rust with Raqote are variants that are there to explore: https://gitlab.com/dronn\r\nFurthermore this Workshop will contain a livedrawing session, also with watercolour If you choose.\n\n\nTraum trifft Beduerfnis, Vektorgrafiken können vielseitig verwendet werden, Software zum live skizzieren ist rar. Selbstschreiben hilft - auch dem eigenen Stil. C mit Cairo, Godot und Rust mit Raqote sind Varianten die näher betrachtet werden können: https://gitlab.com/dronn\r\nDarüberraus eine live Zeichensession \"Drink and Draw\" wahlweise auch mit Aquarell.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:00:00.000-0000","id":53981,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703858400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Art and Play Workshop table [H]","hotel":"","short_name":"Art and Play Workshop table [H]","id":46162},"begin":"2023-12-29T14:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The purpose of the Orb is to uniquely identify humans while preserving privacy. It does so by scanning user irises, deciding if they’ve signed up before, and adding them to a global set of zero-knowledge identity commitments. Then, the user owns a private key which they can use to produce zero-knowledge proofs that prove they *are* human, without revealing *which* human.\r\n\r\nAttackers have an economic incentive to hack inside individual orbs, since getting inside of one means they can generate fake signups, and then later get cryptocurrency. They might also want to steal user biometric information. Thus the Orb’s software and hardware need to be designed to defend against software hacks and physical tampering.\r\n\r\nTo that end, the OS is architected with a few security mitigations – including secure boot, signed operating system images, verity-mounted filesystem partitions, and write/execution-restricted filesystems.\r\n\r\nEverything can always be hacked, and security is the art of thoughtful risk mitigation. The Orb’s OS has been architected in a way so as to minimize the risk of hackers-stealing or government-seizing user biometric data. But of course, things aren’t perfect, so if you have any thoughts on how to hack the Orb, please do send your questions / criticisms.\n\n\nUniquely identifying real users is a problem as old as the Internet. With the recent surge in AI language and vision models, CATCHAs might be close to losing the bot-mitigating fight. But how can you know your users are human without fully surveilling them? Perhaps we could use… Iris scanners and zero knowledge proofs? Which is precisely the approach that Worldcoin takes. However, building such a system is fraught with security and privacy challenges. In this talk, I’ll focus on the Orb’s operating system security properties and privacy defenses.","title":"Hacking the Orb","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703860200,"nanoseconds":0},"android_description":"The purpose of the Orb is to uniquely identify humans while preserving privacy. It does so by scanning user irises, deciding if they’ve signed up before, and adding them to a global set of zero-knowledge identity commitments. Then, the user owns a private key which they can use to produce zero-knowledge proofs that prove they *are* human, without revealing *which* human.\r\n\r\nAttackers have an economic incentive to hack inside individual orbs, since getting inside of one means they can generate fake signups, and then later get cryptocurrency. They might also want to steal user biometric information. Thus the Orb’s software and hardware need to be designed to defend against software hacks and physical tampering.\r\n\r\nTo that end, the OS is architected with a few security mitigations – including secure boot, signed operating system images, verity-mounted filesystem partitions, and write/execution-restricted filesystems.\r\n\r\nEverything can always be hacked, and security is the art of thoughtful risk mitigation. The Orb’s OS has been architected in a way so as to minimize the risk of hackers-stealing or government-seizing user biometric data. But of course, things aren’t perfect, so if you have any thoughts on how to hack the Orb, please do send your questions / criticisms.\n\n\nUniquely identifying real users is a problem as old as the Internet. With the recent surge in AI language and vision models, CATCHAs might be close to losing the bot-mitigating fight. But how can you know your users are human without fully surveilling them? Perhaps we could use… Iris scanners and zero knowledge proofs? Which is precisely the approach that Worldcoin takes. However, building such a system is fraught with security and privacy challenges. In this talk, I’ll focus on the Orb’s operating system security properties and privacy defenses.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T14:30:00.000-0000","id":53973,"begin_timestamp":{"seconds":1703858400,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T14:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Discussion\r\n Paper Data eSIM giveaway\n\n\nZeroKYC Anonymous eSIM service: security and privacy implications for mobile users. Use cases. Advantages and limitations. Questions and answers. Hands-on experience.","title":"Mobile phone privacy with silent.link S1E03 (Workshop)","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703862000,"nanoseconds":0},"android_description":"Discussion\r\n Paper Data eSIM giveaway\n\n\nZeroKYC Anonymous eSIM service: security and privacy implications for mobile users. Use cases. Advantages and limitations. Questions and answers. Hands-on experience.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T15:00:00.000-0000","id":53892,"tag_ids":[46137,46141],"village_id":null,"begin_timestamp":{"seconds":1703858400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"begin":"2023-12-29T14:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"SuperCollider ist eine Programmiersprache mit einem eigenen Audioserver. Vom grundlegenden Sound Design über die Komposition, Effekte und Signalfluss wird alles über Code gesteuert. Zugleich kann SuperCollider mit anderen Systemen interagieren, zum Beispiel über MIDI, OpenSoundControl oder Arduino.\r\n\r\nIn meinem Talk spreche ich über\r\n \r\n * Was ist SuperCollider und wofür ist es gut?\r\n * Die SC IDE: Aufbau und Hilfesystem; alternative Editoren\r\n * Grundlegende Syntax\r\n * Das \"Hallo Welt\"-Äquivalent von SuperCollider\r\n * Eine etwas komplexere Klangfunktion\r\n * SynthDefs: die Sound Design-\"Blaupausen\" in SuperCollider\r\n * Komposition mit Patterns\r\n * Tipps zum Einstieg und Lernen\r\n * Vorstellung einer kleinen Beispielkomposition\n\n\nMit der Programmiersprache SuperCollider komponiere ich seit einigen Jahren elektronische Musik, Klangkunst und Sound Design. Dieser Talk ist eine kurze, praxisbezogene Einführung ins Klangbasteln mit Code.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#f6ae74","name":"Talk 90 Minuten +15m Q&A","id":46132},"title":"Klänge coden: Eine Einführung in Supercollider","end_timestamp":{"seconds":1703864700,"nanoseconds":0},"android_description":"SuperCollider ist eine Programmiersprache mit einem eigenen Audioserver. Vom grundlegenden Sound Design über die Komposition, Effekte und Signalfluss wird alles über Code gesteuert. Zugleich kann SuperCollider mit anderen Systemen interagieren, zum Beispiel über MIDI, OpenSoundControl oder Arduino.\r\n\r\nIn meinem Talk spreche ich über\r\n \r\n * Was ist SuperCollider und wofür ist es gut?\r\n * Die SC IDE: Aufbau und Hilfesystem; alternative Editoren\r\n * Grundlegende Syntax\r\n * Das \"Hallo Welt\"-Äquivalent von SuperCollider\r\n * Eine etwas komplexere Klangfunktion\r\n * SynthDefs: die Sound Design-\"Blaupausen\" in SuperCollider\r\n * Komposition mit Patterns\r\n * Tipps zum Einstieg und Lernen\r\n * Vorstellung einer kleinen Beispielkomposition\n\n\nMit der Programmiersprache SuperCollider komponiere ich seit einigen Jahren elektronische Musik, Klangkunst und Sound Design. Dieser Talk ist eine kurze, praxisbezogene Einführung ins Klangbasteln mit Code.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53814],"name":"modern_dragon","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52305}],"timeband_id":1142,"links":[],"end":"2023-12-29T15:45:00.000-0000","id":53814,"begin_timestamp":{"seconds":1703858400,"nanoseconds":0},"village_id":null,"tag_ids":[46132,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52305}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T14:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In Computer und Kommunikation werden wir ausführlich vom 37C3 berichten. Dazu erwarten wir auch Studiogästen.\r\nAusstrahlung am 30.12.2023 um 16:30 Uhr im Deutschlandfunk\r\nReporter: Peter Welchering und Marie Zinkann\r\nModeration: Manfred Kloiber\r\nTechnik: Carsten Besser und Daniel Evers\n\n\nAufzeichnung der Sendung \"Computer und Kommunikation\"\r\nMit Manfred Kloiber, Peter Welchering, Marie Zinkann","title":"Deutschlandfunk: Computer und Kommunikation vom 37C3","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"In Computer und Kommunikation werden wir ausführlich vom 37C3 berichten. Dazu erwarten wir auch Studiogästen.\r\nAusstrahlung am 30.12.2023 um 16:30 Uhr im Deutschlandfunk\r\nReporter: Peter Welchering und Marie Zinkann\r\nModeration: Manfred Kloiber\r\nTechnik: Carsten Besser und Daniel Evers\n\n\nAufzeichnung der Sendung \"Computer und Kommunikation\"\r\nMit Manfred Kloiber, Peter Welchering, Marie Zinkann","end_timestamp":{"seconds":1703862000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T15:00:00.000-0000","id":53789,"village_id":null,"begin_timestamp":{"seconds":1703858400,"nanoseconds":0},"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"begin":"2023-12-29T14:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Net Neutrality is what sets the internet apart from telephony or television networks. Nevertheless, the issue has not gone quiet in recent years. Donald Trump has repealed net neutrality 2017 in the US, while in Europe digital commissioner Thierry Breton is fighting since 2022 alongside the big telcos against the free internet. In India, Brazil and South Korea, a battle is raging over the interconnection of networks. \r\n\r\nThis nerdy principle became the law in many juristrictions around the world. The two people giving this workshop have worked on the isseu over many years. We will talk about the recent attacks against net neutrality in the form of network fees (\"fair share\" or german: \"Leitungsschutzrecht\"). There will also be time to talk about the global situation when it comes to Zero-Rating (e.g. StreamOn, Facebooks Free Basic, etc.). Lastly, the 5G hype will also be something we want to touch upon. \r\n\r\nThis workshop gives an overview of the debate and talks about concrete ways in which hackers and activists can engage in the debate to keep the internet open. If you work in the inter-connection market, then this session might be particularly interesting to you. \r\n\r\nThe workshop is held by Thomas Lohninger (epicenter.works) and Klaus Landefeld (DE-CIX). Both are native German speakers, but we will speak in English to do justice to this global topic.\n\n\n","title":"Recent Attacks against Net Neutrality: Why Telcos never learn","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"Net Neutrality is what sets the internet apart from telephony or television networks. Nevertheless, the issue has not gone quiet in recent years. Donald Trump has repealed net neutrality 2017 in the US, while in Europe digital commissioner Thierry Breton is fighting since 2022 alongside the big telcos against the free internet. In India, Brazil and South Korea, a battle is raging over the interconnection of networks. \r\n\r\nThis nerdy principle became the law in many juristrictions around the world. The two people giving this workshop have worked on the isseu over many years. We will talk about the recent attacks against net neutrality in the form of network fees (\"fair share\" or german: \"Leitungsschutzrecht\"). There will also be time to talk about the global situation when it comes to Zero-Rating (e.g. StreamOn, Facebooks Free Basic, etc.). Lastly, the 5G hype will also be something we want to touch upon. \r\n\r\nThis workshop gives an overview of the debate and talks about concrete ways in which hackers and activists can engage in the debate to keep the internet open. If you work in the inter-connection market, then this session might be particularly interesting to you. \r\n\r\nThe workshop is held by Thomas Lohninger (epicenter.works) and Klaus Landefeld (DE-CIX). Both are native German speakers, but we will speak in English to do justice to this global topic.","end_timestamp":{"seconds":1703862000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T15:00:00.000-0000","id":53784,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703858400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"begin":"2023-12-29T14:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In the last years, several coal power plants have been blocked through lock-on actions. How successful is the idea and what can the climate justice movement learn from it?\n\n\n","title":"Kohlekraftwerke blockieren - Erkenntnisse der letzten Jahre","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703865600,"nanoseconds":0},"android_description":"In the last years, several coal power plants have been blocked through lock-on actions. How successful is the idea and what can the climate justice movement learn from it?","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:00:00.000-0000","id":53770,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703858400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"begin":"2023-12-29T14:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This is an open for all discussion about digital offerings in German schools.\n\n\nWir hören euch zum Thema “Bildung richtig digital” zu","title":"cyber4EDU (Zu-)Hörstunde - Fokus Berufsschule","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703861100,"nanoseconds":0},"android_description":"This is an open for all discussion about digital offerings in German schools.\n\n\nWir hören euch zum Thema “Bildung richtig digital” zu","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T14:45:00.000-0000","id":53873,"village_id":null,"begin_timestamp":{"seconds":1703857500,"nanoseconds":0},"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"cyber4EDU Assembly","hotel":"","short_name":"cyber4EDU Assembly","id":46159},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T13:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In this introductory session we will journey into the field of internet-connected device security. Our talk aims to empower beginners by simplifying the process of hacking such devices.\r\n\r\nWe'll discuss vulnerabilities we uncovered in Poly telephones and conference speaker systems and describe how we effectively transformed a seemingly innocuous conference speaker into a fully functional wiretap. We'll begin with straightforward findings accessible to beginners and progress to more technical discoveries, so that people with no experience in the field can follow along, too.\r\n\r\nBy the end of the talk, the attendees will have a foundational understanding of how they can approach hacking such a device and will have learned how the impact of vulnerabilities can be shown and increased by chaining them.\r\n\r\nAll the vulnerabilities we discovered during our research have been responsibly disclosed to the vendor and will be published in December 2023.\n\n\nThis introductory session will outline the process of hacking internet-connected devices, with the help of a real world example: Poly telephones and conference speaker systems. We will explain vulnerabilities we identified in them and how they can be leveraged to transform the devices into wiretaps.","title":"Finding Vulnerabilities in Internet-Connected Devices","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"android_description":"In this introductory session we will journey into the field of internet-connected device security. Our talk aims to empower beginners by simplifying the process of hacking such devices.\r\n\r\nWe'll discuss vulnerabilities we uncovered in Poly telephones and conference speaker systems and describe how we effectively transformed a seemingly innocuous conference speaker into a fully functional wiretap. We'll begin with straightforward findings accessible to beginners and progress to more technical discoveries, so that people with no experience in the field can follow along, too.\r\n\r\nBy the end of the talk, the attendees will have a foundational understanding of how they can approach hacking such a device and will have learned how the impact of vulnerabilities can be shown and increased by chaining them.\r\n\r\nAll the vulnerabilities we discovered during our research have been responsibly disclosed to the vendor and will be published in December 2023.\n\n\nThis introductory session will outline the process of hacking internet-connected devices, with the help of a real world example: Poly telephones and conference speaker systems. We will explain vulnerabilities we identified in them and how they can be leveraged to transform the devices into wiretaps.","end_timestamp":{"seconds":1703861100,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53744],"name":"Pascal Zenker","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52248},{"conference_id":131,"event_ids":[53744],"name":"Christoph Wolff","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52360}],"timeband_id":1142,"links":[],"end":"2023-12-29T14:45:00.000-0000","id":53744,"village_id":null,"begin_timestamp":{"seconds":1703857500,"nanoseconds":0},"tag_ids":[46124,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52360},{"tag_id":46107,"sort_order":1,"person_id":52248}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T13:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Über verschiedene Epochen hinweg hat sich Social Engineering stets in der kriminellen Nutzung hervorgetan. Professionelle Hochstapler, Trickbetrüger und Agenten nutzten Social Engineering erfolgreich für kriminelle Unterfangen, Datensammlung oder einfach weil es Spaß machte. Doch Social Engineering ist eigentlich ein sehr alltägliches Phänomen. Jeder Mensch ist mindestens in seiner Kindheit ein geschickter Social Engineer. Manche machen es sich zum Beruf, sei es als Verkäufer oder Red-Teamer. Denn Social Engineering ist in seinem Kern die Kunst der Überzeugung anderer Personen.\n\n\nDie psychologische Forschung hat sich seit den 1970ern intensiv damit beschäftigt, wie andere Menschen sich überzeugen lassen und welche Methoden dafür geeignet sind. Die zentralen Modelle und Konzepte wie das ELM-Modell und verschiedene kognitive Verzerrungen (Biases) werden vorgestellt, es wird praktisch veranschaulicht, welche Rolle sie für Social Engineering spielen. Einige Mythen, die in Bezug auf Social Engineering im Umlauf sind, werden beschrieben und aufgeklärt, die ein oder anderen Fun Facts, die so vielleicht noch nicht allen bekannt sind, zur Sprache kommen. Im finalen Teil des Vortrags dreht sich alles um den größten Bereich von bösartigem Social Engineering, der heutzutage online stattfindet. Ich werde die grundlegenden Klassifizierungen von Social Engineering praktisch relevant anhand neuester Forschung erklären und Maßnahmen aufzeigen, die wirklich helfen - konträr zu dem, was einige Berater gerne verkaufen.\n\n\n\n\nIn diesem Vortrag beschreibe ich die Geschichte und den Gegenstand des Social Engineerings über den Tech-Kontext hinaus und erkläre anhand relevanter Forschung, wie, warum und bei wem es wirkt. Die modernen technischen Herausforderungen werden ebenso erläutert wie Maßnahmen, die jetzt oder in der Zukunft gegen Social Engineering getroffen werden können – individuell oder in Gruppen bzw. Organisationen. ","title":"Social Engineering: Geschichte, Wirkung & Maßnahmen.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703861100,"nanoseconds":0},"android_description":"Über verschiedene Epochen hinweg hat sich Social Engineering stets in der kriminellen Nutzung hervorgetan. Professionelle Hochstapler, Trickbetrüger und Agenten nutzten Social Engineering erfolgreich für kriminelle Unterfangen, Datensammlung oder einfach weil es Spaß machte. Doch Social Engineering ist eigentlich ein sehr alltägliches Phänomen. Jeder Mensch ist mindestens in seiner Kindheit ein geschickter Social Engineer. Manche machen es sich zum Beruf, sei es als Verkäufer oder Red-Teamer. Denn Social Engineering ist in seinem Kern die Kunst der Überzeugung anderer Personen.\n\n\nDie psychologische Forschung hat sich seit den 1970ern intensiv damit beschäftigt, wie andere Menschen sich überzeugen lassen und welche Methoden dafür geeignet sind. Die zentralen Modelle und Konzepte wie das ELM-Modell und verschiedene kognitive Verzerrungen (Biases) werden vorgestellt, es wird praktisch veranschaulicht, welche Rolle sie für Social Engineering spielen. Einige Mythen, die in Bezug auf Social Engineering im Umlauf sind, werden beschrieben und aufgeklärt, die ein oder anderen Fun Facts, die so vielleicht noch nicht allen bekannt sind, zur Sprache kommen. Im finalen Teil des Vortrags dreht sich alles um den größten Bereich von bösartigem Social Engineering, der heutzutage online stattfindet. Ich werde die grundlegenden Klassifizierungen von Social Engineering praktisch relevant anhand neuester Forschung erklären und Maßnahmen aufzeigen, die wirklich helfen - konträr zu dem, was einige Berater gerne verkaufen.\n\n\n\n\nIn diesem Vortrag beschreibe ich die Geschichte und den Gegenstand des Social Engineerings über den Tech-Kontext hinaus und erkläre anhand relevanter Forschung, wie, warum und bei wem es wirkt. Die modernen technischen Herausforderungen werden ebenso erläutert wie Maßnahmen, die jetzt oder in der Zukunft gegen Social Engineering getroffen werden können – individuell oder in Gruppen bzw. Organisationen.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53736],"name":"K4tana","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52459}],"timeband_id":1142,"links":[],"end":"2023-12-29T14:45:00.000-0000","id":53736,"begin_timestamp":{"seconds":1703857500,"nanoseconds":0},"village_id":null,"tag_ids":[46123,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52459}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T13:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"It's plain to see: modern societies need to undergo radical social, political, and cultural transformations if they are to truly evolve away from capitalist and neocolonial structures founded on egregious exploitation and injustice. \r\n\r\nIn a context of widespread epistemic fragmentation and echo chambers, we urgently need to become better at harnessing the generative power of socio-technical networks to unite our forces as we compost the harmful ways of being, knowing, and doing that are at the root of our our planetary predicament. But we must do so critically, and not view technology as a miracle solution to anything.\r\n\r\nWhat could be the role of the internet, and of online communities in particular, in exploring how such deep changes might happen? And how may everyone's wisdom and skills come together in democratic and sophisticated social (un)learning systems, to figure out the way(s) forward?\r\n\r\nIn this talk, we will discuss the results of a 5-year participatory action research program which considered this topic within two different online communities of activists. This project led the researchers to tackle the idea of radical collective change as involving a decolonial approach to collaboration, knowledge, and community-building, and to consider the enabling and disabling conditions - both social and technological - that may influence whether change happens... or not.\r\n\r\nIn particular, this research highlighted the importance of enabling participants to engage on an equal footing and self-organise, while learning to \"stay with the trouble\" of confronting modern societies' fundamentally unsustainable and oppressive structures, and one's own implication in them. And it also showed some of the pitfalls that come with the use of digital communication tools, as we try to use them to create a better world. \r\n\r\nThree of the many insights I will substantiate and examine in the talk are:\r\n- that online communities have the potential to create deep changes in people when they are built in ways that foster deep relationships, criticality and conflict transformation, and emergent leadership;\r\n- that changing socio-political structures must go together with joyful, liberating practices that can help us unlearn harmful cultural patterns that get in the way; and\r\n- that perhaps we should be less interested in becoming experts, and rather find the courage and open hearts allowing us to be fearlessly and fiercely present to the world, with all its shit, its wonder, and its uncertainty.\r\n\r\nFeeling curious? Join us for a chat on how to change the world!\n\n\nLet's explore how online communities of activists can help to bring about forms of radical collective change, through decolonial practices of social (un)learning. What enabling conditions need to be put in place? And what counts as \"radical change\" in the first place?!","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"Seeds of Change","end_timestamp":{"seconds":1703859900,"nanoseconds":0},"android_description":"It's plain to see: modern societies need to undergo radical social, political, and cultural transformations if they are to truly evolve away from capitalist and neocolonial structures founded on egregious exploitation and injustice. \r\n\r\nIn a context of widespread epistemic fragmentation and echo chambers, we urgently need to become better at harnessing the generative power of socio-technical networks to unite our forces as we compost the harmful ways of being, knowing, and doing that are at the root of our our planetary predicament. But we must do so critically, and not view technology as a miracle solution to anything.\r\n\r\nWhat could be the role of the internet, and of online communities in particular, in exploring how such deep changes might happen? And how may everyone's wisdom and skills come together in democratic and sophisticated social (un)learning systems, to figure out the way(s) forward?\r\n\r\nIn this talk, we will discuss the results of a 5-year participatory action research program which considered this topic within two different online communities of activists. This project led the researchers to tackle the idea of radical collective change as involving a decolonial approach to collaboration, knowledge, and community-building, and to consider the enabling and disabling conditions - both social and technological - that may influence whether change happens... or not.\r\n\r\nIn particular, this research highlighted the importance of enabling participants to engage on an equal footing and self-organise, while learning to \"stay with the trouble\" of confronting modern societies' fundamentally unsustainable and oppressive structures, and one's own implication in them. And it also showed some of the pitfalls that come with the use of digital communication tools, as we try to use them to create a better world. \r\n\r\nThree of the many insights I will substantiate and examine in the talk are:\r\n- that online communities have the potential to create deep changes in people when they are built in ways that foster deep relationships, criticality and conflict transformation, and emergent leadership;\r\n- that changing socio-political structures must go together with joyful, liberating practices that can help us unlearn harmful cultural patterns that get in the way; and\r\n- that perhaps we should be less interested in becoming experts, and rather find the courage and open hearts allowing us to be fearlessly and fiercely present to the world, with all its shit, its wonder, and its uncertainty.\r\n\r\nFeeling curious? Join us for a chat on how to change the world!\n\n\nLet's explore how online communities of activists can help to bring about forms of radical collective change, through decolonial practices of social (un)learning. What enabling conditions need to be put in place? And what counts as \"radical change\" in the first place?!","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53515],"name":"Dorian Cavé","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52254}],"timeband_id":1142,"end":"2023-12-29T14:25:00.000-0000","links":[{"label":"Official website","type":"link","url":"https://www.madocollective.org/connecting"}],"id":53515,"begin_timestamp":{"seconds":1703857500,"nanoseconds":0},"tag_ids":[46125,46136,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52254}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"begin":"2023-12-29T13:45:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In the world of code, errors are fixable, but what about in human interactions? Our Social Rejection Games workshop is your chance to update your social firmware. We’ll tackle the outdated, tribal fear of rejection that hinders potential in our modern, liberal social systems. \r\n\r\nFrom making calls to asking for a favor or that coveted phone number, we'll follow a hands-on protocol to challenge and reprogram your social instincts.\r\n\r\n[Disclaimer: I scheduled the event with a duration of '30 min' due to not reserve Stage Y for more time than needed as we'll go outside. The event will take ~90 min]\r\n\r\nPlease bring your jacket, we'll go outside\n\n\n","title":"Social Rejection Games II [90 min duration, 30 min of it at Stage of Y]","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"In the world of code, errors are fixable, but what about in human interactions? Our Social Rejection Games workshop is your chance to update your social firmware. We’ll tackle the outdated, tribal fear of rejection that hinders potential in our modern, liberal social systems. \r\n\r\nFrom making calls to asking for a favor or that coveted phone number, we'll follow a hands-on protocol to challenge and reprogram your social instincts.\r\n\r\n[Disclaimer: I scheduled the event with a duration of '30 min' due to not reserve Stage Y for more time than needed as we'll go outside. The event will take ~90 min]\r\n\r\nPlease bring your jacket, we'll go outside","end_timestamp":{"seconds":1703858400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T14:00:00.000-0000","id":53947,"begin_timestamp":{"seconds":1703856600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T13:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir reden über die Zukunft der independent Community, des Sendegates, der Subscribe usw.","title":"Sendegate, Subscribe & Co. Quo vadis","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"Wir reden über die Zukunft der independent Community, des Sendegates, der Subscribe usw.","end_timestamp":{"seconds":1703862000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T15:00:00.000-0000","id":53559,"begin_timestamp":{"seconds":1703856600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Assembly","hotel":"","short_name":"Sendezentrum Assembly","id":46139},"spans_timebands":"N","begin":"2023-12-29T13:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This is the workshop part to our introduction to smartphone malware forensics talk. Please bring a Laptop with a docker installation, you will be provided a docker container at the start of the Workshop.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Introduction to smartphone malware forensics: Practical Part","end_timestamp":{"seconds":1703859300,"nanoseconds":0},"android_description":"This is the workshop part to our introduction to smartphone malware forensics talk. Please bring a Laptop with a docker installation, you will be provided a docker container at the start of the Workshop.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T14:15:00.000-0000","id":53424,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703855700,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T13:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In a nutshell, can we use enclave stacks such as Intel IAS/SGX to create integrity guarantees for off-chain computing, thus for smart contracts?\r\n\r\nSo called \"trusted enclave\" hardware models (such as TPM) are often used for defending outside interests against end-user freedoms (such as DRM).\r\n\r\nI'd like to invite an exploration into using such systems (such as Intel Attestation Service and SGX hardware) with blockchains for off-chain compute instead, redirecting the cryptographic trust chains they employ towards a publicly-autitable use cases.\r\n\r\nI have a rather naive starting point: a pattern for deploying signed docker containers that run in enclaves, and use their hardware attestations to register on-chain as trusted for providing data to associated smart contracts.\r\n\r\nI'd like to invite constructive criticism, to help assess viability and/or improve the model.\r\n\r\nThis is part of a larger exploration of creating a general-purpose SaaS host for Free Software authors to gain (guaranteed) income from their work: described at supershadowy.org\n\n\nA group discussion considering if we can use trusted enclaves like Intel SGX for ensuring the integrity of off-chain computations. This would be particularly useful for non-deterministic processes like machine learning models, and for hyperstructure-funded server deployments that require a public trust chain to ensure integrity.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Using enclaves for trustable off-chain compute","android_description":"In a nutshell, can we use enclave stacks such as Intel IAS/SGX to create integrity guarantees for off-chain computing, thus for smart contracts?\r\n\r\nSo called \"trusted enclave\" hardware models (such as TPM) are often used for defending outside interests against end-user freedoms (such as DRM).\r\n\r\nI'd like to invite an exploration into using such systems (such as Intel Attestation Service and SGX hardware) with blockchains for off-chain compute instead, redirecting the cryptographic trust chains they employ towards a publicly-autitable use cases.\r\n\r\nI have a rather naive starting point: a pattern for deploying signed docker containers that run in enclaves, and use their hardware attestations to register on-chain as trusted for providing data to associated smart contracts.\r\n\r\nI'd like to invite constructive criticism, to help assess viability and/or improve the model.\r\n\r\nThis is part of a larger exploration of creating a general-purpose SaaS host for Free Software authors to gain (guaranteed) income from their work: described at supershadowy.org\n\n\nA group discussion considering if we can use trusted enclaves like Intel SGX for ensuring the integrity of off-chain computations. This would be particularly useful for non-deterministic processes like machine learning models, and for hyperstructure-funded server deployments that require a public trust chain to ensure integrity.","end_timestamp":{"seconds":1703857500,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T13:45:00.000-0000","id":53976,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703854800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"RVDS aka Richard von der Schulenburg is a luminary out in Hamburg, who produces and DJs as RVDS and as his Italian cousin Riccardi Schola. Whoever had the chance to listen to his sets at the legendary Golden Pudel Club knows where his magical charming sound comes from. With his releases for own label “It’s\", and a releases and remixes on a bunch of other imprints such as VIS, Bordello A Parigi or Acid Test, he already created a tiny fanhood of moonaddicts and dreamers all around the globe.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"RVDS","end_timestamp":{"seconds":1703863800,"nanoseconds":0},"android_description":"RVDS aka Richard von der Schulenburg is a luminary out in Hamburg, who produces and DJs as RVDS and as his Italian cousin Riccardi Schola. Whoever had the chance to listen to his sets at the legendary Golden Pudel Club knows where his magical charming sound comes from. With his releases for own label “It’s\", and a releases and remixes on a bunch of other imprints such as VIS, Bordello A Parigi or Acid Test, he already created a tiny fanhood of moonaddicts and dreamers all around the globe.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T15:30:00.000-0000","id":53962,"begin_timestamp":{"seconds":1703854800,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"N","begin":"2023-12-29T13:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This workshop is about interactive and algorithmic light and sound design, depending on the code and the movements and positions of the people in the room. The input data is a LiDAR laser 2D tracking system and self-built motion suites. As output we use the show technology of the lounge, i.e. moving heads and other lamps and the music system. The input data is provided via OSC, the output data is sent via ArtNet to the lighting console and analog to the sound console. We mainly work with Touchdesigner, but any other programming environment that can speak OSC and ArtNet or generate sounds is welcome. At the beginning there will be a short introduction to the technology so that you can then work independently on projects. The workshop takes place daily. The tracking system works with the \"Pharus\" software from the Ars Electronica Future Lab and the motion suites were created as part of a fellowship at the Academy for Theater and Digitality. \r\n\r\nProject link: https://www.artesmobiles.art/_mergingentities\r\n\r\nInterface readme for the workshop: https://events.ccc.de/congress/2023/hub/en/project/hackin-the-disco/\n\n\nThis workshop is about interactive and algorithmic light and sound design, depending on the code and the movements and positions of the people in the room.","title":"Hackin the Disco Day 3","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"This workshop is about interactive and algorithmic light and sound design, depending on the code and the movements and positions of the people in the room. The input data is a LiDAR laser 2D tracking system and self-built motion suites. As output we use the show technology of the lounge, i.e. moving heads and other lamps and the music system. The input data is provided via OSC, the output data is sent via ArtNet to the lighting console and analog to the sound console. We mainly work with Touchdesigner, but any other programming environment that can speak OSC and ArtNet or generate sounds is welcome. At the beginning there will be a short introduction to the technology so that you can then work independently on projects. The workshop takes place daily. The tracking system works with the \"Pharus\" software from the Ars Electronica Future Lab and the motion suites were created as part of a fellowship at the Academy for Theater and Digitality. \r\n\r\nProject link: https://www.artesmobiles.art/_mergingentities\r\n\r\nInterface readme for the workshop: https://events.ccc.de/congress/2023/hub/en/project/hackin-the-disco/\n\n\nThis workshop is about interactive and algorithmic light and sound design, depending on the code and the movements and positions of the people in the room.","end_timestamp":{"seconds":1703865600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:00:00.000-0000","id":53956,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703854800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"begin":"2023-12-29T13:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We are working on an open source software to gather and stay alert about registered assemblies / demonstrations.\r\nWe want to use this session to give an intro / update about our project, but mostly discuss our plans and challenges with you. \r\n\r\nhttps://demonstrations.org/events\r\n\r\nDECT: 5146\r\nSlides: https://demos-berlin-ev.gitlab.io/presentations/37c3\n\n\n","title":"demonstrations.org - Liberate Data and Activate People","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"We are working on an open source software to gather and stay alert about registered assemblies / demonstrations.\r\nWe want to use this session to give an intro / update about our project, but mostly discuss our plans and challenges with you. \r\n\r\nhttps://demonstrations.org/events\r\n\r\nDECT: 5146\r\nSlides: https://demos-berlin-ev.gitlab.io/presentations/37c3","end_timestamp":{"seconds":1703856600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T13:30:00.000-0000","id":53944,"village_id":null,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703854800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Du möchtest in einer Welt kreativ werden, gemeinsam etwas bauen und die Möglichkeiten der Erweiterung von Minetest durch Mods ausprobieren? Dann bist du hier genau richtig. Komm einfach mit eigenem Gerät vorbei, wir helfen bei der Installation.\n\n\nHier kann man lernen, wie man Minetest spielt.","title":"Minetest - Tag 3","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703858400,"nanoseconds":0},"android_description":"Du möchtest in einer Welt kreativ werden, gemeinsam etwas bauen und die Möglichkeiten der Erweiterung von Minetest durch Mods ausprobieren? Dann bist du hier genau richtig. Komm einfach mit eigenem Gerät vorbei, wir helfen bei der Installation.\n\n\nHier kann man lernen, wie man Minetest spielt.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T14:00:00.000-0000","id":53872,"tag_ids":[46137,46141],"village_id":null,"begin_timestamp":{"seconds":1703854800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal B - Hackcenter","hotel":"","short_name":"Saal B - Hackcenter","id":46157},"spans_timebands":"N","begin":"2023-12-29T13:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://events.ccc.de/congress/2023/hub/en/event/developing-the-next-generation-open-source-ev_9lwv/\n\n\nThe new version of the open source event system eventyay is currently being developed and we will release the first version in February. In this discussion, the maintainers will share about the development plan for the next 12 months , focusing on enhancement features and AI capabilities.","title":"Intro to Open Event Management and Tech Exchange (Marco A. Gutierrez, Mario Behling)","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703858400,"nanoseconds":0},"android_description":"https://events.ccc.de/congress/2023/hub/en/event/developing-the-next-generation-open-source-ev_9lwv/\n\n\nThe new version of the open source event system eventyay is currently being developed and we will release the first version in February. In this discussion, the maintainers will share about the development plan for the next 12 months , focusing on enhancement features and AI capabilities.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T14:00:00.000-0000","id":53812,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703854800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"> The workshop will be held in German. However, we are also able to communicate in English and are happy to help you in this language.\r\n\r\n### Contents\r\n1. **Basics:** Introduction to controls and game mechanics.\r\n2. **Creative mode:** Unlimited building and creative design.\r\n3. **Survival mode:** Basic skills for resource management and survival.\r\n4. **Collaborative projects:** Teamwork on building projects\r\n\r\n### Participation requirements:\r\n\r\n- **Target group:** Beginners in Minecraft\r\n- **Age:** Children from 6+ years, as well as interested parents and grown-ups\r\n- **Technical requirements:** \r\n\t- **No license required**, we provide user accounts\r\n\t- Own internet-enabled device + charger\r\n\t- Pre-installed Minecraft Education App [download from the manufacturer's website](https://education.minecraft.net/de-de/get-started/download)\r\n\r\n### Registration\r\n- Please register with **Ghenny** in **Kidspace** or via **DECT-2636** \r\n- You will then receive a participation pass\r\n- Max seats: 8\r\n\r\n### Workshop full?\r\nNo problem! If the interest in this workshop is greater than the available places, we will repeat the workshop. So let us know if you are interested in our workshop and watch out for announcements in the Kidspace.\r\n\r\n#### **Wondering?**\r\nAre you curious about Minecraft? Wondering if Minecraft is a suitable game for your child? Do you have questions about safety, game mechanics and the educational aspects of the game? Feel free to contact us! We look forward to the exchange.\n\n\n### Eine pädagogische Einführung in das beliebte Computerspiel mit Minecraft Education.\r\n\r\nWolltest du schon immer einmal wissen, was es mit Minecraft auf sich hat und würdest gerne herausfinden, ob du dich in dieser digitalen Sandkiste wohlfühlst? \r\nUnser 2-stündiger Workshop bietet AnfängerInnen jeden Alters das passende Umfeld, um das beliebte Spiel in Ruhe kennenzulernen.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Unlock Minecraft: Beginner Workshop – Tag 3","android_description":"> The workshop will be held in German. However, we are also able to communicate in English and are happy to help you in this language.\r\n\r\n### Contents\r\n1. **Basics:** Introduction to controls and game mechanics.\r\n2. **Creative mode:** Unlimited building and creative design.\r\n3. **Survival mode:** Basic skills for resource management and survival.\r\n4. **Collaborative projects:** Teamwork on building projects\r\n\r\n### Participation requirements:\r\n\r\n- **Target group:** Beginners in Minecraft\r\n- **Age:** Children from 6+ years, as well as interested parents and grown-ups\r\n- **Technical requirements:** \r\n\t- **No license required**, we provide user accounts\r\n\t- Own internet-enabled device + charger\r\n\t- Pre-installed Minecraft Education App [download from the manufacturer's website](https://education.minecraft.net/de-de/get-started/download)\r\n\r\n### Registration\r\n- Please register with **Ghenny** in **Kidspace** or via **DECT-2636** \r\n- You will then receive a participation pass\r\n- Max seats: 8\r\n\r\n### Workshop full?\r\nNo problem! If the interest in this workshop is greater than the available places, we will repeat the workshop. So let us know if you are interested in our workshop and watch out for announcements in the Kidspace.\r\n\r\n#### **Wondering?**\r\nAre you curious about Minecraft? Wondering if Minecraft is a suitable game for your child? Do you have questions about safety, game mechanics and the educational aspects of the game? Feel free to contact us! We look forward to the exchange.\n\n\n### Eine pädagogische Einführung in das beliebte Computerspiel mit Minecraft Education.\r\n\r\nWolltest du schon immer einmal wissen, was es mit Minecraft auf sich hat und würdest gerne herausfinden, ob du dich in dieser digitalen Sandkiste wohlfühlst? \r\nUnser 2-stündiger Workshop bietet AnfängerInnen jeden Alters das passende Umfeld, um das beliebte Spiel in Ruhe kennenzulernen.","end_timestamp":{"seconds":1703862000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T15:00:00.000-0000","id":53801,"begin_timestamp":{"seconds":1703854800,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Kidspace - Workshopraum in Saal B","hotel":"","short_name":"Kidspace - Workshopraum in Saal B","id":46143},"spans_timebands":"N","begin":"2023-12-29T13:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We meet directly in front of the main entrance. If you come late and miss us, call at +4917695110311 (via old-fashioned phone, not Signal or Telegram).\r\n\r\nIn case there is a lot of interest, we can extend the workshop for longer than the scheduled 50 minutes :-)\r\n\r\n🧮\n\n\nIf you are not editor-in-chief of an important newspaper, you need to use other methods to advance public debate. In this workshop, you can learn how to climb up trees and street lamps to put up banners or to build tree houses. Absolutely no prior knowledge required. We bring the required climbing gear.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Beginner's workshop for activist climbing (Basisworkshop aktivistisches Klettern)","end_timestamp":{"seconds":1703857800,"nanoseconds":0},"android_description":"We meet directly in front of the main entrance. If you come late and miss us, call at +4917695110311 (via old-fashioned phone, not Signal or Telegram).\r\n\r\nIn case there is a lot of interest, we can extend the workshop for longer than the scheduled 50 minutes :-)\r\n\r\n🧮\n\n\nIf you are not editor-in-chief of an important newspaper, you need to use other methods to advance public debate. In this workshop, you can learn how to climb up trees and street lamps to put up banners or to build tree houses. Absolutely no prior knowledge required. We bring the required climbing gear.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T13:50:00.000-0000","id":53798,"begin_timestamp":{"seconds":1703854800,"nanoseconds":0},"tag_ids":[46137,46139,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: Eileen Leistner\r\n\r\nAs a donor-funded organization we particularly appreciate people who support us with regular or one-time donations and in doing so sustain our work. We know from experience that some of them will be at the CCC Congress and we would like to take the opportunity to get to know and strengthen our community.\r\n\r\nThat’s why we would like to do an informal networking meeting for all people who already support our organization “Gesellschaft für Freiheitsrechte” or are interested in our work.\r\n\r\nWe will start with a greeting and a short input about our recent successes to celebrate our achievements for civil rights. After that we want to save plenty of time for personal and informal discussions with each other and networking.\n\n\nAs a donor-funded organization we particularly appreciate people who support us with regular or one-time donations and in doing so sustain our work.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Gesellschaft für Freiheitsrechte: Friends & Donor Meet up","end_timestamp":{"seconds":1703858400,"nanoseconds":0},"android_description":"Host: Eileen Leistner\r\n\r\nAs a donor-funded organization we particularly appreciate people who support us with regular or one-time donations and in doing so sustain our work. We know from experience that some of them will be at the CCC Congress and we would like to take the opportunity to get to know and strengthen our community.\r\n\r\nThat’s why we would like to do an informal networking meeting for all people who already support our organization “Gesellschaft für Freiheitsrechte” or are interested in our work.\r\n\r\nWe will start with a greeting and a short input about our recent successes to celebrate our achievements for civil rights. After that we want to save plenty of time for personal and informal discussions with each other and networking.\n\n\nAs a donor-funded organization we particularly appreciate people who support us with regular or one-time donations and in doing so sustain our work.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T14:00:00.000-0000","id":53785,"begin_timestamp":{"seconds":1703854800,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Das Treffen der Regiovertreter*innen. Nach vier Jahren Pause zurück auf dem Congress :)\n\n\n","title":"Regiotreffen","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703862000,"nanoseconds":0},"android_description":"Das Treffen der Regiovertreter*innen. Nach vier Jahren Pause zurück auf dem Congress :)","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T15:00:00.000-0000","id":53558,"village_id":null,"begin_timestamp":{"seconds":1703854800,"nanoseconds":0},"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"begin":"2023-12-29T13:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir wollen uns in diesem Workshop zusammensetzen, zum Thema Brainstormen und überlegen wen wir darstellen wollen, wie die Person die Philosophiegeschichte beeinflusst hat und wie wir das Projekt am Besten umsetzen. All Creatures Welcome.\r\n\r\nBringt gerne ein internetfähiges Gerät für Recherche mit.\n\n\nVielleicht kennst du schon die Haecksen-Memorials: https://www.haecksen.org/memorials/ Das sind anfassbare, toll aufbereitete Kunstwerke in Form von Tafeln und Elektrobasteleien, die die Arbeiten von wichtigen FINTA Personen aus der Technikgeschichte darstellen und näher bringen. Hieran wollen wir anknüpfen und Memorials von FINTA Personen beisteuern, die tolles in der Philosophiegeschichte geleistet haben. Denn genauso wie in der Technikgeschichte werden in der Philosophiegeschichte nicht cis männliche Menschen gerne rausgeschrieben, d.h. es wird nicht erwähnt, dass es sie gibt oder ihre Werke werden Männern zugewiesen. Mit unserem Memorials Projekt wollen wir genau darauf aufmerksam machen.","title":"Philhaecksen Memorials","type":{"conference_id":131,"conference":"37C3","color":"#7f73c6","updated_at":"2023-12-30T22:18+0000","name":"Workshop","id":46133},"android_description":"Wir wollen uns in diesem Workshop zusammensetzen, zum Thema Brainstormen und überlegen wen wir darstellen wollen, wie die Person die Philosophiegeschichte beeinflusst hat und wie wir das Projekt am Besten umsetzen. All Creatures Welcome.\r\n\r\nBringt gerne ein internetfähiges Gerät für Recherche mit.\n\n\nVielleicht kennst du schon die Haecksen-Memorials: https://www.haecksen.org/memorials/ Das sind anfassbare, toll aufbereitete Kunstwerke in Form von Tafeln und Elektrobasteleien, die die Arbeiten von wichtigen FINTA Personen aus der Technikgeschichte darstellen und näher bringen. Hieran wollen wir anknüpfen und Memorials von FINTA Personen beisteuern, die tolles in der Philosophiegeschichte geleistet haben. Denn genauso wie in der Technikgeschichte werden in der Philosophiegeschichte nicht cis männliche Menschen gerne rausgeschrieben, d.h. es wird nicht erwähnt, dass es sie gibt oder ihre Werke werden Männern zugewiesen. Mit unserem Memorials Projekt wollen wir genau darauf aufmerksam machen.","end_timestamp":{"seconds":1703859900,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53497,53806],"name":"Smettbo","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52359}],"timeband_id":1142,"links":[],"end":"2023-12-29T14:25:00.000-0000","id":53806,"begin_timestamp":{"seconds":1703854500,"nanoseconds":0},"village_id":null,"tag_ids":[46133,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52359}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"spans_timebands":"N","begin":"2023-12-29T12:55:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Declared dead numerous times, the hype around deep learning is bigger than ever. With Large Language Models and Diffusion Models becoming a commodity, we ask the question of how bad their energy consumption *really* is, what we can do about it, and how it is possible to run cutting-edge language models on off-the-shelf GPUs.\r\n\r\nWe will look at the various ways that people have come up with to rein in the hunger for resources of deep learning models, and why we still struggle to keep up with the demands of modern neural network model architectures. From low-bitwidth integer representation, through pruning of redundant connections and using a large network to teach a small one, all the way to quickly adapting existing models using low-rank adaptation.\r\n\r\nThis talk aims to give the audience an estimation of the amount of energy modern machine learning models consume to allow for more informed decisions around their usage and regulations. In the second part, we discuss the most common techniques used for running modern architectures on commodity hardware, outside of data centers. Hopefully, deeper insights into these methods will help improve experimentation with and access to deep learning models.\n\n\nThis talk will give a brief introduction of deep learning models and the energy they consume for training and inference. We then discuss what methods currently exist for handling their complexity, and how neural network parameter counts could grow by orders of magnitude, despite the end of Moore's law.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"What is this? A machine learning model for ants?","android_description":"Declared dead numerous times, the hype around deep learning is bigger than ever. With Large Language Models and Diffusion Models becoming a commodity, we ask the question of how bad their energy consumption *really* is, what we can do about it, and how it is possible to run cutting-edge language models on off-the-shelf GPUs.\r\n\r\nWe will look at the various ways that people have come up with to rein in the hunger for resources of deep learning models, and why we still struggle to keep up with the demands of modern neural network model architectures. From low-bitwidth integer representation, through pruning of redundant connections and using a large network to teach a small one, all the way to quickly adapting existing models using low-rank adaptation.\r\n\r\nThis talk aims to give the audience an estimation of the amount of energy modern machine learning models consume to allow for more informed decisions around their usage and regulations. In the second part, we discuss the most common techniques used for running modern architectures on commodity hardware, outside of data centers. Hopefully, deeper insights into these methods will help improve experimentation with and access to deep learning models.\n\n\nThis talk will give a brief introduction of deep learning models and the energy they consume for training and inference. We then discuss what methods currently exist for handling their complexity, and how neural network parameter counts could grow by orders of magnitude, despite the end of Moore's law.","end_timestamp":{"seconds":1703856600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53735],"name":"etrommer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52471}],"timeband_id":1142,"links":[],"end":"2023-12-29T13:30:00.000-0000","id":53735,"begin_timestamp":{"seconds":1703854200,"nanoseconds":0},"village_id":null,"tag_ids":[46125,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52471}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T12:50:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"UPDATE:\r\nKontakt über 0x31c3 (()) posteo.de (Michael)\r\nDanke für die Teilnahme!\r\nInput aus dem Publikum: kollektivliste.org, SI Labs Berlin, TCI Partners\r\n\r\nEs gab auf dem 35C3 eine Session zu diesem Thema. Die hatte ich leider verpasst und auch nachträglich nur wenige Infos dazu bekommen können.\r\n\r\nHiermit nun nochmal eine Session mit dem Versuch Interessentierte zusammenzubringen zwecks Brainstorming und Networking. Es gibt zum Thema schon Ansatzpunkte und Beispiele, in Form von z.B. Kollektiven, Genossenschaften oder flachen \"Netzwerkorganisationen\".\r\n\r\nAlte Beschreibung:\r\nhttps://events.ccc.de/congress/2018/wiki/index.php/Session:IT-Security-Unternehmen_ohne_Chefs\r\n\r\nWer dazu Infos, Hinweise oder Beispiele nennen kann, gerne vorbeischauen. Raum ist nun reserviert. Wer Interesse aber keine Zeit hat für den Termin gerne trotzdem kontaktieren.\n\n\n","title":"IT-Security-Unternehmen ohne Chefs","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"UPDATE:\r\nKontakt über 0x31c3 (()) posteo.de (Michael)\r\nDanke für die Teilnahme!\r\nInput aus dem Publikum: kollektivliste.org, SI Labs Berlin, TCI Partners\r\n\r\nEs gab auf dem 35C3 eine Session zu diesem Thema. Die hatte ich leider verpasst und auch nachträglich nur wenige Infos dazu bekommen können.\r\n\r\nHiermit nun nochmal eine Session mit dem Versuch Interessentierte zusammenzubringen zwecks Brainstorming und Networking. Es gibt zum Thema schon Ansatzpunkte und Beispiele, in Form von z.B. Kollektiven, Genossenschaften oder flachen \"Netzwerkorganisationen\".\r\n\r\nAlte Beschreibung:\r\nhttps://events.ccc.de/congress/2018/wiki/index.php/Session:IT-Security-Unternehmen_ohne_Chefs\r\n\r\nWer dazu Infos, Hinweise oder Beispiele nennen kann, gerne vorbeischauen. Raum ist nun reserviert. Wer Interesse aber keine Zeit hat für den Termin gerne trotzdem kontaktieren.","end_timestamp":{"seconds":1703855700,"nanoseconds":0},"updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T13:15:00.000-0000","id":53949,"begin_timestamp":{"seconds":1703853000,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","begin":"2023-12-29T12:30:00.000-0000","updated":"2023-12-29T15:25:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The Advanced Access Content System (AACS) is a DRM scheme used to safeguard audio and visual content, particularly in high-definition formats like HD-DVD and Blu-ray. First introduced in 2005 following the failure of the Content Scramble System (CSS) used in DVDs, AACS was designed to be not only secure against regular piracy, but included multiple features intended to restrict the impact of a potential leak of cryptographic material such as revocation lists and traitor-tracing. The concepts and algorithms of AACS were described in a publicly-released whitepaper, relying on strong cryptography and secrecy of keys to maintain security. Unsurprisingly, less than a year after publication, the first unlicensed decryption tool was demonstrated using keys reverse-engineered from a software player binary. While AACS-LA was quick to revoke those keys, a cat-and-mouse game emerged with new keys being regularly extracted from sources such as software updates and PS3 firmware.\r\n\r\nWith AACS effectively broken and easily bypassed as described in Eckersley’s 24c3 presentation, AACS-LA would announce the introduction of AACSv2 for the next generation 4K UHD Blu-ray discs. This time, however, AACS-LA would not release the specifications of the DRM publicly, requiring strict NDAs for implementers and increased software/hardware security measures. Most notably, playback of legitimately purchased UHD-BDs on PC requires Cyberlink PowerDVD software running on Windows 10 and an SGX-capable 7th-10th generation Intel CPU. Since the DRM would run exclusively in the SGX secure enclave, no further information about its inner workings or vulnerabilities would be discovered publicly, until now.\r\n\r\nIn this presentation, we explore the security system of AACSv2 DRM and the Intel SGX trusted execution environment. We first analyze the principles of SGX and its promises of an isolated environment, protected from all software running on the machine. We also investigate the use of SGX local and remote attestation primitives intended to verify the integrity and confidentiality of AACSv2 key material and DRM code, and why it has resisted outside analysis for so many years. We then discover how hardware side-channel attacks can be used to undermine these guarantees of SGX, and craft an effective exploit to extract cryptographic material from the enclave and defeat the DRM code obfuscation.\r\n\r\nFollowing that, we present the first public description of the inner workings of AACSv2, the key derivation process, and the updated revocation and traitor-tracing mechanisms. We studied BIOS updates from six motherboard vendors to show how SGX can be broken both easily and cheaply, and that vendors are now faced with a decision of security vs. usability in trusting unpatched machines. Finally, we conclude with the first demonstration of a UHD Blu-ray disc being decrypted and played back on a non-official platform.\n\n\nFollowing the failure and easy exploitation of the AACSv1 DRM on HD-DVD and Blu-ray, AACS-LA went back to the drawing board and announced the next generation AACSv2 DRM scheme, launching alongside 4K UHD Blu-ray in 2015. Since then, nearly no information has come out publicly about any vulnerabilities or even the algorithms themselves, owing in large part to software players requiring the use of Intel SGX secure enclave technology, which promises integrity and confidentiality of AACSv2 code and data through local and remote attestation mechanisms. Join us as we explore the broken history of AACS, describe practical side-channel attacks against SGX, and present the first look into the inner workings of AACSv2 DRM, culminating in a demonstration of the first full compromise of AACSv2 and unofficial playback of a UHD-BD disc.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"Full AACSess: Exposing and exploiting AACSv2 UHD DRM for your viewing pleasure","end_timestamp":{"seconds":1703856600,"nanoseconds":0},"android_description":"The Advanced Access Content System (AACS) is a DRM scheme used to safeguard audio and visual content, particularly in high-definition formats like HD-DVD and Blu-ray. First introduced in 2005 following the failure of the Content Scramble System (CSS) used in DVDs, AACS was designed to be not only secure against regular piracy, but included multiple features intended to restrict the impact of a potential leak of cryptographic material such as revocation lists and traitor-tracing. The concepts and algorithms of AACS were described in a publicly-released whitepaper, relying on strong cryptography and secrecy of keys to maintain security. Unsurprisingly, less than a year after publication, the first unlicensed decryption tool was demonstrated using keys reverse-engineered from a software player binary. While AACS-LA was quick to revoke those keys, a cat-and-mouse game emerged with new keys being regularly extracted from sources such as software updates and PS3 firmware.\r\n\r\nWith AACS effectively broken and easily bypassed as described in Eckersley’s 24c3 presentation, AACS-LA would announce the introduction of AACSv2 for the next generation 4K UHD Blu-ray discs. This time, however, AACS-LA would not release the specifications of the DRM publicly, requiring strict NDAs for implementers and increased software/hardware security measures. Most notably, playback of legitimately purchased UHD-BDs on PC requires Cyberlink PowerDVD software running on Windows 10 and an SGX-capable 7th-10th generation Intel CPU. Since the DRM would run exclusively in the SGX secure enclave, no further information about its inner workings or vulnerabilities would be discovered publicly, until now.\r\n\r\nIn this presentation, we explore the security system of AACSv2 DRM and the Intel SGX trusted execution environment. We first analyze the principles of SGX and its promises of an isolated environment, protected from all software running on the machine. We also investigate the use of SGX local and remote attestation primitives intended to verify the integrity and confidentiality of AACSv2 key material and DRM code, and why it has resisted outside analysis for so many years. We then discover how hardware side-channel attacks can be used to undermine these guarantees of SGX, and craft an effective exploit to extract cryptographic material from the enclave and defeat the DRM code obfuscation.\r\n\r\nFollowing that, we present the first public description of the inner workings of AACSv2, the key derivation process, and the updated revocation and traitor-tracing mechanisms. We studied BIOS updates from six motherboard vendors to show how SGX can be broken both easily and cheaply, and that vendors are now faced with a decision of security vs. usability in trusting unpatched machines. Finally, we conclude with the first demonstration of a UHD Blu-ray disc being decrypted and played back on a non-official platform.\n\n\nFollowing the failure and easy exploitation of the AACSv1 DRM on HD-DVD and Blu-ray, AACS-LA went back to the drawing board and announced the next generation AACSv2 DRM scheme, launching alongside 4K UHD Blu-ray in 2015. Since then, nearly no information has come out publicly about any vulnerabilities or even the algorithms themselves, owing in large part to software players requiring the use of Intel SGX secure enclave technology, which promises integrity and confidentiality of AACSv2 code and data through local and remote attestation mechanisms. Join us as we explore the broken history of AACS, describe practical side-channel attacks against SGX, and present the first look into the inner workings of AACSv2 DRM, culminating in a demonstration of the first full compromise of AACSv2 and unofficial playback of a UHD-BD disc.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53745],"name":"Adam Batori","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52461}],"timeband_id":1142,"links":[{"label":"sgx.fail","type":"link","url":"https://sgx.fail"}],"end":"2023-12-29T13:30:00.000-0000","id":53745,"begin_timestamp":{"seconds":1703853000,"nanoseconds":0},"village_id":null,"tag_ids":[46124,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52461}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T12:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In der Hackerethik steht: „Computer können dein Leben zum Besseren verändern.\" Aber viel zu oft werden sie für das Gegenteil genutzt. Vor allem im Bereich der digitalisierten Migrationskontrolle.\r\n\r\nMit dabei: das Ausländerzentralregister, eines der größten automatisierten Register der öffentlichen Verwaltung; die Idee für digitale Bezahlkarten, die mehr Freiheitsbeschränkung sind als Zahlungsmittel; die üblichen Verdächtigen unter den BAMF-IT-Assistenzsystemen; Vorhersage-Systeme für Migrationsbewegungen; die digitale Festung Europa. Und ganz neu: das Schneller-Abschieben- und das Datenübermittlungsvorschriftenanpassungsgesetz.\r\n\r\nDie aktuelle Bundesregierung macht munter dabei mit, ihre digitalen Kontrollhelfer weiter auszuweiten. Und fast niemand schaut hin.\n\n\nDigitale Bezahlkarten, Migrationsvorhersage mit sogenannter KI, digitalisierte Grenzen zur Festung Europa und immer mehr davon. Ein Überblick, wie Digitalisierung jenseits des öffentlichen Aufschreis genutzt wird, um den Pull-Faktor Menschlichkeit zu drücken.","title":"Gläserne Geflüchtete","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"In der Hackerethik steht: „Computer können dein Leben zum Besseren verändern.\" Aber viel zu oft werden sie für das Gegenteil genutzt. Vor allem im Bereich der digitalisierten Migrationskontrolle.\r\n\r\nMit dabei: das Ausländerzentralregister, eines der größten automatisierten Register der öffentlichen Verwaltung; die Idee für digitale Bezahlkarten, die mehr Freiheitsbeschränkung sind als Zahlungsmittel; die üblichen Verdächtigen unter den BAMF-IT-Assistenzsystemen; Vorhersage-Systeme für Migrationsbewegungen; die digitale Festung Europa. Und ganz neu: das Schneller-Abschieben- und das Datenübermittlungsvorschriftenanpassungsgesetz.\r\n\r\nDie aktuelle Bundesregierung macht munter dabei mit, ihre digitalen Kontrollhelfer weiter auszuweiten. Und fast niemand schaut hin.\n\n\nDigitale Bezahlkarten, Migrationsvorhersage mit sogenannter KI, digitalisierte Grenzen zur Festung Europa und immer mehr davon. Ein Überblick, wie Digitalisierung jenseits des öffentlichen Aufschreis genutzt wird, um den Pull-Faktor Menschlichkeit zu drücken.","end_timestamp":{"seconds":1703856600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53737,53743,53652],"name":"Anna Biselli","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52420}],"timeband_id":1142,"links":[],"end":"2023-12-29T13:30:00.000-0000","id":53743,"begin_timestamp":{"seconds":1703853000,"nanoseconds":0},"tag_ids":[46121,46136,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52420}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"begin":"2023-12-29T12:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"**Wir treffen uns beim Aufzug ganz in der Nähe von Stage Y (nicht Saal F!).**\r\n\r\nDie „Letzte Generation“ ist in aller Munde. Ihre Aktionen polarisieren – und viele derer, die Macht oder Kapital in ihren Händen halten, schimpfen auf die Aktivist*innen. Neben strafrechtlichen Drohungen fordern sie, zu zurückhaltenderen Aktionsformen zurückzukehren.\r\n\r\nDoch: Braucht politischer Protest nicht die direkte Aktion, ein provokantes, aufmerksamkeitserzeugendes Eingreifen in die gesellschaftlichen Abläufe? Was wären die Atomproteste ohne Schienenblockaden und Bauplatzbesetzungen? Was der Widerstand gegen die Agrogentechnik ohne Feldbefreiungen und -besetzungen? Wo ständen wir in der Kohleausstiegsdebatte, wenn es die Besetzung des Hambacher Forstes und die Baggerbesetzungen nicht gegeben hätte?\r\n\r\n\"Direkte Aktion ist nicht alles, aber ohne kreative, provokante Protestformen ist alles nichts!\", so ein Motto. In dem Workshop werden wir an Fallbeispielen zeigen, welche Bedeutung provokante Aktionen in der Vergangenheit hatten – und warum sie auch in Zukunft nötig sein werden.\r\n\r\n[Weitere Sessions unserer Gruppe](https://chaos.quasicoherent.io/)\r\n\r\n🧮\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Provokante Aktionen und ihre Bedeutung für politischen Protest","android_description":"**Wir treffen uns beim Aufzug ganz in der Nähe von Stage Y (nicht Saal F!).**\r\n\r\nDie „Letzte Generation“ ist in aller Munde. Ihre Aktionen polarisieren – und viele derer, die Macht oder Kapital in ihren Händen halten, schimpfen auf die Aktivist*innen. Neben strafrechtlichen Drohungen fordern sie, zu zurückhaltenderen Aktionsformen zurückzukehren.\r\n\r\nDoch: Braucht politischer Protest nicht die direkte Aktion, ein provokantes, aufmerksamkeitserzeugendes Eingreifen in die gesellschaftlichen Abläufe? Was wären die Atomproteste ohne Schienenblockaden und Bauplatzbesetzungen? Was der Widerstand gegen die Agrogentechnik ohne Feldbefreiungen und -besetzungen? Wo ständen wir in der Kohleausstiegsdebatte, wenn es die Besetzung des Hambacher Forstes und die Baggerbesetzungen nicht gegeben hätte?\r\n\r\n\"Direkte Aktion ist nicht alles, aber ohne kreative, provokante Protestformen ist alles nichts!\", so ein Motto. In dem Workshop werden wir an Fallbeispielen zeigen, welche Bedeutung provokante Aktionen in der Vergangenheit hatten – und warum sie auch in Zukunft nötig sein werden.\r\n\r\n[Weitere Sessions unserer Gruppe](https://chaos.quasicoherent.io/)\r\n\r\n🧮","end_timestamp":{"seconds":1703854800,"nanoseconds":0},"updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T13:00:00.000-0000","id":53797,"begin_timestamp":{"seconds":1703851800,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"updated":"2023-12-29T15:25:00.000-0000","begin":"2023-12-29T12:10:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Der Vortrag wurde ebenfalls bei [FireShonks](https://pretalx.c3voc.de/fireshonks23/talk/QCFZHX/ ) veröffentlicht. Aufgrund des hohen Interesses beim Public Viewing werden wir ihn hier live wiederholen.\n\n\nIn diesem Kurzvortrag zeigen wir euch, warum ihr eine Gewerkschaft wie die FAU (Freie Arbeiter*innen Union) braucht. Mit kreativen Methoden, horizontalen statt hierarchischen Strukturen und der Devise: Wir sind mehr als nur Gewerkschaft! Wir können die Dauerkrise die sich Kapitalismus nennt überwinden!","title":"Arbeitgeber*innen hassen diesen Trick\" - Was ist die FAU?","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703853000,"nanoseconds":0},"android_description":"Der Vortrag wurde ebenfalls bei [FireShonks](https://pretalx.c3voc.de/fireshonks23/talk/QCFZHX/ ) veröffentlicht. Aufgrund des hohen Interesses beim Public Viewing werden wir ihn hier live wiederholen.\n\n\nIn diesem Kurzvortrag zeigen wir euch, warum ihr eine Gewerkschaft wie die FAU (Freie Arbeiter*innen Union) braucht. Mit kreativen Methoden, horizontalen statt hierarchischen Strukturen und der Devise: Wir sind mehr als nur Gewerkschaft! Wir können die Dauerkrise die sich Kapitalismus nennt überwinden!","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T12:30:00.000-0000","id":53971,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703851200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Freie Arbeiter*innen Union (FAU)","hotel":"","short_name":"Freie Arbeiter*innen Union (FAU)","id":46146},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T12:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: Jonathan Grothaus\n\n\nFür die Akzeptanz von Maßnahmen gegen den Klimawandel, die Motivation zu politischer Partizipation bzw. zur Änderung eigenen Verhaltens ist das Wissen über die Grundlagen des Klimawandels zwar notwendig, aber nicht hinreichend. \r\nIch möchte Bildungsmaterial und -erfahrungen aus einem Schülerlabor teilen, in dem ich versuche die Lücke zwischen Wissen zum Klimawandel und tatsächlichen Handeln etwas zu verkleinern. \r\nKonkret bringe ich die Treibhaustaler mit, ein Veranschaulichung aller emissionsrelevanten Handlungen eines typischen Tages: Individuelles Handeln ist relevant, strukturelle Verändeungen sind notwendig.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Lessons4Action: Zwischen Zynismus, Apokalypse und Lastenfahrrad","end_timestamp":{"seconds":1703854800,"nanoseconds":0},"android_description":"Host: Jonathan Grothaus\n\n\nFür die Akzeptanz von Maßnahmen gegen den Klimawandel, die Motivation zu politischer Partizipation bzw. zur Änderung eigenen Verhaltens ist das Wissen über die Grundlagen des Klimawandels zwar notwendig, aber nicht hinreichend. \r\nIch möchte Bildungsmaterial und -erfahrungen aus einem Schülerlabor teilen, in dem ich versuche die Lücke zwischen Wissen zum Klimawandel und tatsächlichen Handeln etwas zu verkleinern. \r\nKonkret bringe ich die Treibhaustaler mit, ein Veranschaulichung aller emissionsrelevanten Handlungen eines typischen Tages: Individuelles Handeln ist relevant, strukturelle Verändeungen sind notwendig.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T13:00:00.000-0000","id":53955,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703851200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","begin":"2023-12-29T12:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"At the Chaoswelle assembly we will give a short introduction to the amateur radio activity program \"Parks On The Air\" (POTA for short) and portable operation (duration approx. 30 minutes). Afterwards, we will start a joint park activation with you on shortwave in the \"Planten un Bloomen\" park in the immediate vicinity of the CCH (duration approx. 120 minutes).\r\n\r\nNo previous experience is necessary; the necessary equipment is provided. Those interested in radio are also explicitly invited and can practice practical radio operations with our training call sign.\r\n\r\nWeatherproof clothing is absolutely necessary for radio operations in the park, as we will definitely be going out (exception: freezing rain or thunderstorms).\r\n\r\nThe event takes place on all four days.\n\n\nEinführung in Parks On The Air (POTA) mit DC1TC und DK4HAA","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"POTA – Parks on the Air [Day 3]","android_description":"At the Chaoswelle assembly we will give a short introduction to the amateur radio activity program \"Parks On The Air\" (POTA for short) and portable operation (duration approx. 30 minutes). Afterwards, we will start a joint park activation with you on shortwave in the \"Planten un Bloomen\" park in the immediate vicinity of the CCH (duration approx. 120 minutes).\r\n\r\nNo previous experience is necessary; the necessary equipment is provided. Those interested in radio are also explicitly invited and can practice practical radio operations with our training call sign.\r\n\r\nWeatherproof clothing is absolutely necessary for radio operations in the park, as we will definitely be going out (exception: freezing rain or thunderstorms).\r\n\r\nThe event takes place on all four days.\n\n\nEinführung in Parks On The Air (POTA) mit DC1TC und DK4HAA","end_timestamp":{"seconds":1703860200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T14:30:00.000-0000","id":53795,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703851200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chaoswelle","hotel":"","short_name":"Chaoswelle","id":46141},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T12:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"DISCLAIMER:\r\nThis event is supposed to be a NETWORKING SESSION for ACTIVISTS and those that are either already providing TECHNOLOGY SUPPORT or at least plan to do so in the future.\r\nParticipants are supposed to COLLABORATE in BREAK-OUT groups, so please only attend if you are looking for an ACTIVE ENGAGEMENT.\r\n\r\n---\r\n\r\nThere are many different forms of protest and resistance around the world.\r\nBe it climate protests, uprisings against dictatorial regimes, sabotaging Nazi rallies, the fight for housing and against gentrification, or turning an economic forum into a disaster.\r\n\r\nThe activist everyday life is diverse and requires different tactics and strategies.\r\n\r\nWe ask ourselves how we can connect and support these with the tech world:\r\n- What technologies might be needed to support the various movements and action types?\r\n- Which technologies have been used in the past and have they proven their worth?\r\n- How can we improve collaboration with activists?\r\n- How can we learn better from each others' experiences?\r\n\r\nWe want to exchange ideas in small groups and talk about different tools and means for planning, carrying out and following up political actions and protests.\r\n\r\n---\r\nAgenda:\r\n- Introduction, Goals\r\n- Impulse\r\n- Break-Outs\r\n- Summaries\r\n\r\nWe will suggest the following themes for break-outs, but if you would like to raise a different topic, we'd love to hear about it!\r\n- Training and OpSec\r\n- Organization, Communication, Collaboration\r\n- Squats, Occupations, House Projects\r\n- Protest Camps\r\n- Demonstrations and Blockades\r\n- Anti-Repression\n\n\n","title":"🏴 Technologies for Disaster 🏴","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"DISCLAIMER:\r\nThis event is supposed to be a NETWORKING SESSION for ACTIVISTS and those that are either already providing TECHNOLOGY SUPPORT or at least plan to do so in the future.\r\nParticipants are supposed to COLLABORATE in BREAK-OUT groups, so please only attend if you are looking for an ACTIVE ENGAGEMENT.\r\n\r\n---\r\n\r\nThere are many different forms of protest and resistance around the world.\r\nBe it climate protests, uprisings against dictatorial regimes, sabotaging Nazi rallies, the fight for housing and against gentrification, or turning an economic forum into a disaster.\r\n\r\nThe activist everyday life is diverse and requires different tactics and strategies.\r\n\r\nWe ask ourselves how we can connect and support these with the tech world:\r\n- What technologies might be needed to support the various movements and action types?\r\n- Which technologies have been used in the past and have they proven their worth?\r\n- How can we improve collaboration with activists?\r\n- How can we learn better from each others' experiences?\r\n\r\nWe want to exchange ideas in small groups and talk about different tools and means for planning, carrying out and following up political actions and protests.\r\n\r\n---\r\nAgenda:\r\n- Introduction, Goals\r\n- Impulse\r\n- Break-Outs\r\n- Summaries\r\n\r\nWe will suggest the following themes for break-outs, but if you would like to raise a different topic, we'd love to hear about it!\r\n- Training and OpSec\r\n- Organization, Communication, Collaboration\r\n- Squats, Occupations, House Projects\r\n- Protest Camps\r\n- Demonstrations and Blockades\r\n- Anti-Repression","end_timestamp":{"seconds":1703854800,"nanoseconds":0},"updated_timestamp":{"seconds":1703817540,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T13:00:00.000-0000","id":53778,"begin_timestamp":{"seconds":1703851200,"nanoseconds":0},"tag_ids":[46137,46139,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"begin":"2023-12-29T12:00:00.000-0000","updated":"2023-12-29T02:39:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"[talk notes as agda file](https://felix-cherubini.de/notes.lagda.md)\r\n\r\n[talk notes as html](https://felix-cherubini.de/ccc-html/notes.html)\r\n\r\n[the cubical agda library (has some pointers...)](https://github.com/agda/cubical)\r\n\r\nThe goal of my talk is to introduce you to homotopy type theory, which is a reletatively recent area of pure mathematics and computer science. The talk is not about *using* homotopy type theory in programming, but introducing it in a way geared towards everyone with some background in programming.\r\n\r\nI will show some data types in the dependently typed language agda, explaing how they relate to corresponding things in more mainstream languages. Agda is a language with nice notation for both, programming and math. It is certainly helpful if you know the material covered in the formalization workshop at 11:00 am (same day), but my aim is to make a stand alone presentation. \r\n\r\nFrom there, I will move to more exotic things which are the first steps into the world of homotopy type theory, still using agda as a language. You can try agda on your on device during the talk if you like - even in your [browser](https://agdapad.quasicoherent.io/)!\r\n\r\n🧮\n\n\n","title":"Homotopy type theory for programmers","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"[talk notes as agda file](https://felix-cherubini.de/notes.lagda.md)\r\n\r\n[talk notes as html](https://felix-cherubini.de/ccc-html/notes.html)\r\n\r\n[the cubical agda library (has some pointers...)](https://github.com/agda/cubical)\r\n\r\nThe goal of my talk is to introduce you to homotopy type theory, which is a reletatively recent area of pure mathematics and computer science. The talk is not about *using* homotopy type theory in programming, but introducing it in a way geared towards everyone with some background in programming.\r\n\r\nI will show some data types in the dependently typed language agda, explaing how they relate to corresponding things in more mainstream languages. Agda is a language with nice notation for both, programming and math. It is certainly helpful if you know the material covered in the formalization workshop at 11:00 am (same day), but my aim is to make a stand alone presentation. \r\n\r\nFrom there, I will move to more exotic things which are the first steps into the world of homotopy type theory, still using agda as a language. You can try agda on your on device during the talk if you like - even in your [browser](https://agdapad.quasicoherent.io/)!\r\n\r\n🧮","end_timestamp":{"seconds":1703856600,"nanoseconds":0},"updated_timestamp":{"seconds":1703954760,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T13:30:00.000-0000","id":53769,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703851200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"begin":"2023-12-29T12:00:00.000-0000","updated":"2023-12-30T16:46:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"A place to meet up for the people who work and research in user experience and human-centered design.\n\n\n","title":"UX & Human-Centered Design People Networking!","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703854800,"nanoseconds":0},"android_description":"A place to meet up for the people who work and research in user experience and human-centered design.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T13:00:00.000-0000","id":53523,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703851200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"House","hotel":"","short_name":"House","id":46137},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T12:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Prism Obsidian Duo\r\n\r\nObsidian is a visual artist and researcher in postcolonial theology, culture and education. She is taking a Black Quantum Afrofuturist approach towards tackling issues of racism, cultural appropriation, intersectionality and sustainable urban regeneration by drawing on an image of global Black cultures. \r\n\r\nPrism is a musician and visual artist specialising in rainbowgoth sound design and crafting analog double exposure captures. She is based in Berlin and responds to the inspiration of memory, saturation, and the dreamworld.\n\n\nThe texts for this piece were originally written as part of a revision of the Homeric Hymn to Demeter; a revision which broadens the picture of Black women who are descendant of colonial enslavement. A dialogue based on the contrast of Artemis’ power and agency over her body compared to women who have been unsafe for generations. \r\nWomen who carry these wounds as warnings and a call out for accountability. The underlying track called ‚Xercathalon’s Debut: A Bird Clock Opera, is a piece based on the sounds of childhood as remembered and incorporated into this collaborative soundscape.\r\n\r\nThe question works such as these answer is a soft approach towards understanding the people that 37C3 wants to become more diverse towards. Diversity, equity and inclusion are more than catchy phrases. They don't happen overnight, but through art and literature there are greater options for briding understanding.","type":{"conference_id":131,"conference":"37C3","color":"#f6ae74","updated_at":"2023-12-30T22:18+0000","name":"Talk 90 Minuten +15m Q&A","id":46132},"title":"Bird Clock Opera/ w text from Days Of The Week","android_description":"Prism Obsidian Duo\r\n\r\nObsidian is a visual artist and researcher in postcolonial theology, culture and education. She is taking a Black Quantum Afrofuturist approach towards tackling issues of racism, cultural appropriation, intersectionality and sustainable urban regeneration by drawing on an image of global Black cultures. \r\n\r\nPrism is a musician and visual artist specialising in rainbowgoth sound design and crafting analog double exposure captures. She is based in Berlin and responds to the inspiration of memory, saturation, and the dreamworld.\n\n\nThe texts for this piece were originally written as part of a revision of the Homeric Hymn to Demeter; a revision which broadens the picture of Black women who are descendant of colonial enslavement. A dialogue based on the contrast of Artemis’ power and agency over her body compared to women who have been unsafe for generations. \r\nWomen who carry these wounds as warnings and a call out for accountability. The underlying track called ‚Xercathalon’s Debut: A Bird Clock Opera, is a piece based on the sounds of childhood as remembered and incorporated into this collaborative soundscape.\r\n\r\nThe question works such as these answer is a soft approach towards understanding the people that 37C3 wants to become more diverse towards. Diversity, equity and inclusion are more than catchy phrases. They don't happen overnight, but through art and literature there are greater options for briding understanding.","end_timestamp":{"seconds":1703856600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53432],"name":"Prism Obsidian","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52512}],"timeband_id":1142,"links":[],"end":"2023-12-29T13:30:00.000-0000","id":53432,"begin_timestamp":{"seconds":1703851200,"nanoseconds":0},"village_id":null,"tag_ids":[46132,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52512}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T12:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Der Vortrag bietet einen Einblick in die Ergebnisse einer erstmaligen systematischen Untersuchung der im deutschsprachigen Diskurs präsenten Visionen zur digital-ökologischen Transformation und setzt diese in einer Landschaft an Vorstellungen von Transformation, Nachhaltigkeit und Technikgestaltung zueinander in Beziehung. Bei der Recherche wurden zivilgesellschaftliche, staatliche, wissenschaftliche und wirtschaftliche Akteure berücksichtigt. Das Ergebnis sind sechs verschiedene Typen an Visionskategorien: „Dematerialisierung\", „Digital-ökologische Modernisierung\", „Leitplanken einer zukunftsfähigen Digitalpolitik\", „Digital-ökologischer TÜV\", „Digitale Suffizienz\" und „Low-Tech\" bilden die Landschaft der Visionen digital-ökologischer Transformation im deutschsprachigen Raum.\r\n\r\nDie Vorstellung, dass digitale Technik durch Effizienzsteigerungen zu einer Entkopplung von Wirtschaftswachstum und Ressourcenverbrauch beiträgt, kann unter dem Begriff „Dematerialisierung” gefasst werden. „Digital-ökologische Modernisierung” bezeichnet einen eher technokratischen Ansatz, in dem die ökologischen Kosten der Digitalisierung durch Sparsamkeit, Recycling und vor allem den flächendeckenden Einsatz von erneuerbaren Energien zu bewältigen sind. Vertreter\\*innen des Visionstyps „Leitplanken einer zukunftsfähigen Digitalpolitik” geben statt einer scharf formulierten Vision eher Leitplanken für die zukünftige Gestaltung der Digitalisierung im Rahmen ökologischer Grenzen vor. Die Kategorie „Digital-ökologischer TÜV” beschreibt Ansätze, die eine Bewertung des Verhältnisses von Ökologie und digitaler Technik von einer fortlaufenden Überprüfung des Einsatzes digitaler Technik abhängig machen. Bei „Digitaler Suffizienz” wird das Konzept der Suffizienz auf den Bereich Digitalisierung übertragen und orientiert sich an dem Motto „so viel Digitalisierung wie nötig, so wenig wie möglich“. Zuletzt kann die Idee der Abkehr vom linearen Fortschrittsdenken und von damit einhergehenden ressourcenintensiven High-Tech-Infrastrukturen als „Low-Tech”-Vision bezeichnet werden.\r\n\r\nIm Vortrag wird das Verhältnis der einzelnen Kategorien zueinander anhand von verschiedenen Dimensionen, wie ihr zugrundeliegendes Transformationsverständnis oder die Radikalität der beschriebenen Veränderungen, dargestellt sowie deren politische Bedeutung reflektiert. Welche Visionen erfüllen den Anspruch an eine global gerechte Digitalität der Zukunft?\n\n\nSupereffiziente digitale Technik als Lösung aller Probleme oder doch lieber die selbstgebaute ressourcensparsame Low-Tech-Variante? Die Zukunftsvorstellungen, die den Einsatz digitaler Technik und ökologische Fragen zusammendenken, sind in der deutschen Diskurslandschaft nicht gerade üppig gesät. Im Vortrag werden die Ergebnisse einer Kurzstudie präsentiert, bei der wir die Zukunftsvorstellungen digital-ökologischer Transformation bei gesellschaftspolitischen Akteuren gesucht, analysiert und zu Visionskategorien zusammengefasst haben.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"Darf's noch etwas visionärer sein?","end_timestamp":{"seconds":1703853300,"nanoseconds":0},"android_description":"Der Vortrag bietet einen Einblick in die Ergebnisse einer erstmaligen systematischen Untersuchung der im deutschsprachigen Diskurs präsenten Visionen zur digital-ökologischen Transformation und setzt diese in einer Landschaft an Vorstellungen von Transformation, Nachhaltigkeit und Technikgestaltung zueinander in Beziehung. Bei der Recherche wurden zivilgesellschaftliche, staatliche, wissenschaftliche und wirtschaftliche Akteure berücksichtigt. Das Ergebnis sind sechs verschiedene Typen an Visionskategorien: „Dematerialisierung\", „Digital-ökologische Modernisierung\", „Leitplanken einer zukunftsfähigen Digitalpolitik\", „Digital-ökologischer TÜV\", „Digitale Suffizienz\" und „Low-Tech\" bilden die Landschaft der Visionen digital-ökologischer Transformation im deutschsprachigen Raum.\r\n\r\nDie Vorstellung, dass digitale Technik durch Effizienzsteigerungen zu einer Entkopplung von Wirtschaftswachstum und Ressourcenverbrauch beiträgt, kann unter dem Begriff „Dematerialisierung” gefasst werden. „Digital-ökologische Modernisierung” bezeichnet einen eher technokratischen Ansatz, in dem die ökologischen Kosten der Digitalisierung durch Sparsamkeit, Recycling und vor allem den flächendeckenden Einsatz von erneuerbaren Energien zu bewältigen sind. Vertreter\\*innen des Visionstyps „Leitplanken einer zukunftsfähigen Digitalpolitik” geben statt einer scharf formulierten Vision eher Leitplanken für die zukünftige Gestaltung der Digitalisierung im Rahmen ökologischer Grenzen vor. Die Kategorie „Digital-ökologischer TÜV” beschreibt Ansätze, die eine Bewertung des Verhältnisses von Ökologie und digitaler Technik von einer fortlaufenden Überprüfung des Einsatzes digitaler Technik abhängig machen. Bei „Digitaler Suffizienz” wird das Konzept der Suffizienz auf den Bereich Digitalisierung übertragen und orientiert sich an dem Motto „so viel Digitalisierung wie nötig, so wenig wie möglich“. Zuletzt kann die Idee der Abkehr vom linearen Fortschrittsdenken und von damit einhergehenden ressourcenintensiven High-Tech-Infrastrukturen als „Low-Tech”-Vision bezeichnet werden.\r\n\r\nIm Vortrag wird das Verhältnis der einzelnen Kategorien zueinander anhand von verschiedenen Dimensionen, wie ihr zugrundeliegendes Transformationsverständnis oder die Radikalität der beschriebenen Veränderungen, dargestellt sowie deren politische Bedeutung reflektiert. Welche Visionen erfüllen den Anspruch an eine global gerechte Digitalität der Zukunft?\n\n\nSupereffiziente digitale Technik als Lösung aller Probleme oder doch lieber die selbstgebaute ressourcensparsame Low-Tech-Variante? Die Zukunftsvorstellungen, die den Einsatz digitaler Technik und ökologische Fragen zusammendenken, sind in der deutschen Diskurslandschaft nicht gerade üppig gesät. Im Vortrag werden die Ergebnisse einer Kurzstudie präsentiert, bei der wir die Zukunftsvorstellungen digital-ökologischer Transformation bei gesellschaftspolitischen Akteuren gesucht, analysiert und zu Visionskategorien zusammengefasst haben.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53512],"name":"Mascha Schädlich","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52427}],"timeband_id":1142,"end":"2023-12-29T12:35:00.000-0000","links":[{"label":"Kurzstudie zu Visionen digital-ökologischer Transformation","type":"link","url":"https://codina-transformation.de/wp-content/uploads/CODINA_VisionBuilding_Kurzstudie_3.pdf"}],"id":53512,"village_id":null,"tag_ids":[46125,46136,46139],"begin_timestamp":{"seconds":1703850900,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52427}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T11:55:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Jedes Jahr treffen wir Haecksen uns zum traditionellen Haecksenfrühstück auf dem Kongress, tauschen uns aus und planen das nächste Jahr. Willkommen sind zum Frühstück alle FINTA (Frau, inter, nichtbinär, trans, agender). Kommt gerne vorbei und bringt am Besten etwas zum Frühstücken und eine Tasse mit.\r\n\r\nIm Raum wird um Masken gebeten, daher gerne mitbringen und verantwortugsbewusst snacken und Tee trinken.\r\n\r\n\r\nThe Hacksenbreakfast is the biggest annual meeting of the Haecksen group, a group of female hackers within the CCC. We have a breakfast together and do some planning for the next year. This meeting is only for FINTA (female, intersex, non-binary, trans and agender). Please remind us to speak English if you do not understand German. It is a good idea to bring something for the breakfast and a cup for coffee/tea, but of course this is not mandatory.\r\n\r\nMasks are requested in the room, so please bring them with you and snack and drink tea responsibly.\n\n\nGemeinsames Frühstück für FINTA, die Haecksen werden möchten","title":"Haecksenfrühstück","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#7f73c6","name":"Workshop","id":46133},"android_description":"Jedes Jahr treffen wir Haecksen uns zum traditionellen Haecksenfrühstück auf dem Kongress, tauschen uns aus und planen das nächste Jahr. Willkommen sind zum Frühstück alle FINTA (Frau, inter, nichtbinär, trans, agender). Kommt gerne vorbei und bringt am Besten etwas zum Frühstücken und eine Tasse mit.\r\n\r\nIm Raum wird um Masken gebeten, daher gerne mitbringen und verantwortugsbewusst snacken und Tee trinken.\r\n\r\n\r\nThe Hacksenbreakfast is the biggest annual meeting of the Haecksen group, a group of female hackers within the CCC. We have a breakfast together and do some planning for the next year. This meeting is only for FINTA (female, intersex, non-binary, trans and agender). Please remind us to speak English if you do not understand German. It is a good idea to bring something for the breakfast and a cup for coffee/tea, but of course this is not mandatory.\r\n\r\nMasks are requested in the room, so please bring them with you and snack and drink tea responsibly.\n\n\nGemeinsames Frühstück für FINTA, die Haecksen werden möchten","end_timestamp":{"seconds":1703854200,"nanoseconds":0},"updated_timestamp":{"seconds":1703808300,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T12:50:00.000-0000","id":53805,"tag_ids":[46133,46139],"begin_timestamp":{"seconds":1703848800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"begin":"2023-12-29T11:20:00.000-0000","updated":"2023-12-29T00:05:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The World Health Organization (WHO) considers air pollution to be the world's single largest environmental health threat, accounting for approximately 7 million deaths worldwide every year. That's why in this talk we want to speak about how the problem of air pollution can be understood and predicted using HPC pollution modeling and its application based on general concepts and our own research. \r\n\r\nWe are Dr. Johannes Bieser and Dr. Martin Ramacher, both working at the Helmholtz Zentrum Hereon in the field of numerical pollution modelling. While Dr. Bieser wrote his Dissertation on emission modelling and its application, Dr. Ramacher wrote his Dissertation on pollutant transport and exposure modelling. \r\n\r\nIn our talk on numerical air quality modelling systems, we want to introduce basic principles and share our personal knowledge in the field of numerical pollution modelling, covering the entire pathway from emissions, transport, transformation and human exposure. Each of these steps relies heavily on large amounts of data from many different sources - satellite data, activity and meta data, measurements and many more - and skills in computer science. By default, environmental scientists are often not trained in computer science and high performance computing which implies a challenge of its own (and allows Nerds like us to excel).\r\n\r\nOur talk will be enriched with practical, technical and partially political examples to demonstrate the difficulties scientist face during their quest to improve air quality for everyone: from TB of wasted data due to historically grown data formats to counterproductive policy decisions to „improve“ air quality. We’ve seen it all and after participating in the CCC for many years now, we decided to draw attention to some state-of-the science approaches for solving one of the world’s single largest environmental health threats: „air pollution“. \n\n\nHigh performance computing (HPC) in environmental science is usually associated with research on climate change, investigating the impact of atmospheric greenhouse gases (GHG) over the next century. Besides these GHGs, there are many other gases and aerosolos in the atmosphere, which have a much more direct and immediate impact on human health: air pollutants.","title":"Numerical Air Quality Modeling Systems","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"android_description":"The World Health Organization (WHO) considers air pollution to be the world's single largest environmental health threat, accounting for approximately 7 million deaths worldwide every year. That's why in this talk we want to speak about how the problem of air pollution can be understood and predicted using HPC pollution modeling and its application based on general concepts and our own research. \r\n\r\nWe are Dr. Johannes Bieser and Dr. Martin Ramacher, both working at the Helmholtz Zentrum Hereon in the field of numerical pollution modelling. While Dr. Bieser wrote his Dissertation on emission modelling and its application, Dr. Ramacher wrote his Dissertation on pollutant transport and exposure modelling. \r\n\r\nIn our talk on numerical air quality modelling systems, we want to introduce basic principles and share our personal knowledge in the field of numerical pollution modelling, covering the entire pathway from emissions, transport, transformation and human exposure. Each of these steps relies heavily on large amounts of data from many different sources - satellite data, activity and meta data, measurements and many more - and skills in computer science. By default, environmental scientists are often not trained in computer science and high performance computing which implies a challenge of its own (and allows Nerds like us to excel).\r\n\r\nOur talk will be enriched with practical, technical and partially political examples to demonstrate the difficulties scientist face during their quest to improve air quality for everyone: from TB of wasted data due to historically grown data formats to counterproductive policy decisions to „improve“ air quality. We’ve seen it all and after participating in the CCC for many years now, we decided to draw attention to some state-of-the science approaches for solving one of the world’s single largest environmental health threats: „air pollution“. \n\n\nHigh performance computing (HPC) in environmental science is usually associated with research on climate change, investigating the impact of atmospheric greenhouse gases (GHG) over the next century. Besides these GHGs, there are many other gases and aerosolos in the atmosphere, which have a much more direct and immediate impact on human health: air pollutants.","end_timestamp":{"seconds":1703852100,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53751],"name":"Martin Otto Paul Ramacher","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52429},{"conference_id":131,"event_ids":[53751],"name":"Johannes Bieser","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52468}],"timeband_id":1142,"end":"2023-12-29T12:15:00.000-0000","links":[{"label":"ResearchGate Profil Dr. Martin Ramacher","type":"link","url":"https://www.researchgate.net/profile/Martin-Ramacher"},{"label":"ResearchGate Profil Dr. Johannes Bieser","type":"link","url":"https://www.researchgate.net/profile/Johannes-Bieser"}],"id":53751,"tag_ids":[46123,46136,46140],"begin_timestamp":{"seconds":1703848500,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52468},{"tag_id":46107,"sort_order":1,"person_id":52429}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T11:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Die Qualität von Anleitungen und Einführungen zu Smartphone-Forensik im Internet ist leider sehr durchwachsen: Hier will dir jemand ein buntes Tool verkaufen, hier riecht es nach einem Scam, vielerorts geht es um das, was Strafverfolgungsbehörden machen, nämlich in den Daten fremder Leute wühlen.\r\n\r\nStattdessen möchten wir in diesem Vortrag einen strukturierten Überblick geben, welche (öffentlichen) Möglichkeiten es in der einvernehmlichen Smartphone-Forensik mit Open-Source-Tools gibt. Wir zeigen euch, wie man welche Arten von Malware finden kann, welche Spuren sie hinterlassen und wie sich Stalkerware und Staatstrojaner in der Praxis unterscheiden.\r\n\r\nUm 14:15 findet ein praktischer Workshop statt indem gelerntes aus dem Vortrag umgesetzt werden kann:\r\nhttps://events.ccc.de/congress/2023/hub/en/event/introduction-to-smartphone-malware-forensics-pract/\n\n\nSmartphones sind in den letzten zehn Jahren zu einem allseits beliebten Angriffsziel geworden, sei es für Stalkerware, Staatstrojaner oder Banking-Malware. In diesem Vortrag wollen wir einen Überblick geben, mit welchen Techniken und Open-Source-Tools man auf Smartphones (unter iOS und Android) auf die Jagd nach Malware gehen kann. Im Anschluss findet ein Workshop mit einem praktischen Teil zum Ausprobieren einiger dieser Techniken statt.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"Einführung in Smartphone Malware Forensik","android_description":"Die Qualität von Anleitungen und Einführungen zu Smartphone-Forensik im Internet ist leider sehr durchwachsen: Hier will dir jemand ein buntes Tool verkaufen, hier riecht es nach einem Scam, vielerorts geht es um das, was Strafverfolgungsbehörden machen, nämlich in den Daten fremder Leute wühlen.\r\n\r\nStattdessen möchten wir in diesem Vortrag einen strukturierten Überblick geben, welche (öffentlichen) Möglichkeiten es in der einvernehmlichen Smartphone-Forensik mit Open-Source-Tools gibt. Wir zeigen euch, wie man welche Arten von Malware finden kann, welche Spuren sie hinterlassen und wie sich Stalkerware und Staatstrojaner in der Praxis unterscheiden.\r\n\r\nUm 14:15 findet ein praktischer Workshop statt indem gelerntes aus dem Vortrag umgesetzt werden kann:\r\nhttps://events.ccc.de/congress/2023/hub/en/event/introduction-to-smartphone-malware-forensics-pract/\n\n\nSmartphones sind in den letzten zehn Jahren zu einem allseits beliebten Angriffsziel geworden, sei es für Stalkerware, Staatstrojaner oder Banking-Malware. In diesem Vortrag wollen wir einen Überblick geben, mit welchen Techniken und Open-Source-Tools man auf Smartphones (unter iOS und Android) auf die Jagd nach Malware gehen kann. Im Anschluss findet ein Workshop mit einem praktischen Teil zum Ausprobieren einiger dieser Techniken statt.","end_timestamp":{"seconds":1703852100,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"end":"2023-12-29T12:15:00.000-0000","links":[{"label":"Anschließender Workshop","type":"link","url":"https://events.ccc.de/congress/2023/hub/en/event/introduction-to-smartphone-malware-forensics-pract/"}],"id":53742,"tag_ids":[46124,46136,46139],"begin_timestamp":{"seconds":1703848500,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","begin":"2023-12-29T11:15:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Be a alpha tester for the NYM VPN\r\n\r\nYou can follow the instructions here: https://nymtech.net/developers/events/37c3/welcome.html","title":"testing CLI sending data over the NYM mixnet decentralised infrastructure","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"Be a alpha tester for the NYM VPN\r\n\r\nYou can follow the instructions here: https://nymtech.net/developers/events/37c3/welcome.html","end_timestamp":{"seconds":1703854800,"nanoseconds":0},"updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T13:00:00.000-0000","id":54012,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703847600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"begin":"2023-12-29T11:00:00.000-0000","updated":"2023-12-29T15:25:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: 1u\r\n\r\nShort presentation and exchange\r\nOpenki is an opensource tool for organizing barcamps and open spaces together. It emerged from the Autonomous School in Zurich over the last 10 years. After it was used this summer in St-Imier by around 5000 anarchists to organize around 600 workshops over 5 days, we are confident that it works and is stable.\r\n\r\nCompared to a simple SOS form or wiki, it offers the possibility to participate in different roles (collaborative organization), also to simply suggest a topic where you are not an expert yourself (that someone else then leads), notifications, comments, a time period where interested people can register to then decide how large a room needs to be and more. \r\nSome interfaces are already available (schedule.xml, OAuth2 client) others would have to be coded (get the rooms).\r\n\r\nSource code: https://gitlab.com/Openki/Openki\n\n\n","title":"Selforganized Sessioins with the tool Openki.net","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703851200,"nanoseconds":0},"android_description":"Host: 1u\r\n\r\nShort presentation and exchange\r\nOpenki is an opensource tool for organizing barcamps and open spaces together. It emerged from the Autonomous School in Zurich over the last 10 years. After it was used this summer in St-Imier by around 5000 anarchists to organize around 600 workshops over 5 days, we are confident that it works and is stable.\r\n\r\nCompared to a simple SOS form or wiki, it offers the possibility to participate in different roles (collaborative organization), also to simply suggest a topic where you are not an expert yourself (that someone else then leads), notifications, comments, a time period where interested people can register to then decide how large a room needs to be and more. \r\nSome interfaces are already available (schedule.xml, OAuth2 client) others would have to be coded (get the rooms).\r\n\r\nSource code: https://gitlab.com/Openki/Openki","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T12:00:00.000-0000","id":53954,"village_id":null,"begin_timestamp":{"seconds":1703847600,"nanoseconds":0},"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T11:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The **members and assembly meetup** of the ChaosZone including Hackspaces of our region cluster **open to guests**. Our geographic boundaries range from Eisenach to Warsaw, but of course and as always; All Creatures Welcome! \r\n\r\nChaosZone is the project with the goal of establishing a collaborative assembly since the 35th Chaos Communication Congress.\n\n\nThe members and assembly meetup of the ChaosZone including Hackspaces of our region cluster open to guests.","title":"ChaosZone Meetup","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703853000,"nanoseconds":0},"android_description":"The **members and assembly meetup** of the ChaosZone including Hackspaces of our region cluster **open to guests**. Our geographic boundaries range from Eisenach to Warsaw, but of course and as always; All Creatures Welcome! \r\n\r\nChaosZone is the project with the goal of establishing a collaborative assembly since the 35th Chaos Communication Congress.\n\n\nThe members and assembly meetup of the ChaosZone including Hackspaces of our region cluster open to guests.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T12:30:00.000-0000","id":53794,"begin_timestamp":{"seconds":1703847600,"nanoseconds":0},"tag_ids":[46137,46139,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"ChaosZone","hotel":"","short_name":"ChaosZone","id":46138},"begin":"2023-12-29T11:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Lightning Talks are short lectures for anyone!\r\n\r\nSince we have only one session in a large hall this year, we're going to continue the Lightning Talks as a self-organized session.\r\n\r\nBring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party, workshop or assembly! Whatever you bring, make it quick! To get an idea what Lightning Talks are about and how they work, look at the 36C3 sessions on media.ccc.de.\r\n\r\nBe reminded that, like in previous C3s, you still need a ticket for the 37C3 congress. A lightning talk or registration for one does not provide you with a ticket. No ticket - no talk.\r\n\r\nSubmissions will be opened a few days before 37C3. See https://c3lt.de/ or https://chaos.social/@C3_LightningTLK for further infos and updates.\n\n\n","title":"37C3 Lightning Talks Continued","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"Lightning Talks are short lectures for anyone!\r\n\r\nSince we have only one session in a large hall this year, we're going to continue the Lightning Talks as a self-organized session.\r\n\r\nBring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party, workshop or assembly! Whatever you bring, make it quick! To get an idea what Lightning Talks are about and how they work, look at the 36C3 sessions on media.ccc.de.\r\n\r\nBe reminded that, like in previous C3s, you still need a ticket for the 37C3 congress. A lightning talk or registration for one does not provide you with a ticket. No ticket - no talk.\r\n\r\nSubmissions will be opened a few days before 37C3. See https://c3lt.de/ or https://chaos.social/@C3_LightningTLK for further infos and updates.","end_timestamp":{"seconds":1703854800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T13:00:00.000-0000","id":53760,"village_id":null,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703847600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","begin":"2023-12-29T11:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Our exploration begins with an honest appraisal of traditional fuzzing methodologies that have been applied to TCP/IP stacks before, like ISIC, revealing their inherent limitations, e.g., they can't reach beyond the TCP initial state. Recognizing the need for a more evolved approach, we take a different approach, where we leverage a full-blow active network connection for fuzzing. A key revelation in this journey is the deliberate decision to sidestep the arduous task of constructing a custom TCP/IP stack, a choice rooted in practical considerations.\r\n\r\nThe reluctance to build a bespoke TCP/IP stack leads us to innovative strategies such as embedding hooks in the Linux kernel and tapping into userland TCP/IP stacks like PyTCP, Netstack (part of Google gVisor), and PicoTCP. PicoTCP takes center stage, offering a userland TCP/IP stack that becomes integral to our state fuzzing methodology. Attendees will gain a deeper understanding of its architecture, APIs, and documentation, appreciating its pivotal role in fortifying network security.\r\n\r\nAs the presentation unfolds, we navigate through the development of a powerful fuzzer, a core element in our approach to identifying vulnerabilities within the TCP/IP stack. The intricacies of driving traffic through the system, simulating real-world scenarios, and leveraging reproducibility and diagnostics techniques are revealed. The discussion expands to showcase tangible results, including trophies obtained, bugs reported, and the eventual release of the project on GitHub. The session concludes with an engaging Q & A, encouraging participants to delve into the intricacies of TCP/IP stack fuzzing and its profound implications for network security.\n\n\nIn this talk, we delve into the captivating realm of TCP/IP stack fuzzing. As the backbone of internet communication, the TCP/IP stack is a prime target for cyber threats. This presentation will unravel the intricacies of fuzzing techniques applied to several TCP/IP stacks, shedding light on how these methodologies can uncover bugs, crashes and vulnerabilities. From the fundamentals of packet fuzzing to advanced mutation strategies, attendees will gain valuable insights into the proactive ways to fuzz a TCP/IP stack. Whether you're a seasoned cybersecurity professional or a curious enthusiast, this talk promises to be an enlightening journey into the heart of TCP/IP stack security and the crucial role of fuzzing in safeguarding our interconnected world.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Fuzzing the TCP/IP stack","end_timestamp":{"seconds":1703850000,"nanoseconds":0},"android_description":"Our exploration begins with an honest appraisal of traditional fuzzing methodologies that have been applied to TCP/IP stacks before, like ISIC, revealing their inherent limitations, e.g., they can't reach beyond the TCP initial state. Recognizing the need for a more evolved approach, we take a different approach, where we leverage a full-blow active network connection for fuzzing. A key revelation in this journey is the deliberate decision to sidestep the arduous task of constructing a custom TCP/IP stack, a choice rooted in practical considerations.\r\n\r\nThe reluctance to build a bespoke TCP/IP stack leads us to innovative strategies such as embedding hooks in the Linux kernel and tapping into userland TCP/IP stacks like PyTCP, Netstack (part of Google gVisor), and PicoTCP. PicoTCP takes center stage, offering a userland TCP/IP stack that becomes integral to our state fuzzing methodology. Attendees will gain a deeper understanding of its architecture, APIs, and documentation, appreciating its pivotal role in fortifying network security.\r\n\r\nAs the presentation unfolds, we navigate through the development of a powerful fuzzer, a core element in our approach to identifying vulnerabilities within the TCP/IP stack. The intricacies of driving traffic through the system, simulating real-world scenarios, and leveraging reproducibility and diagnostics techniques are revealed. The discussion expands to showcase tangible results, including trophies obtained, bugs reported, and the eventual release of the project on GitHub. The session concludes with an engaging Q & A, encouraging participants to delve into the intricacies of TCP/IP stack fuzzing and its profound implications for network security.\n\n\nIn this talk, we delve into the captivating realm of TCP/IP stack fuzzing. As the backbone of internet communication, the TCP/IP stack is a prime target for cyber threats. This presentation will unravel the intricacies of fuzzing techniques applied to several TCP/IP stacks, shedding light on how these methodologies can uncover bugs, crashes and vulnerabilities. From the fundamentals of packet fuzzing to advanced mutation strategies, attendees will gain valuable insights into the proactive ways to fuzz a TCP/IP stack. Whether you're a seasoned cybersecurity professional or a curious enthusiast, this talk promises to be an enlightening journey into the heart of TCP/IP stack security and the crucial role of fuzzing in safeguarding our interconnected world.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53733],"name":"Ilja van Sprundel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52402}],"timeband_id":1142,"links":[],"end":"2023-12-29T11:40:00.000-0000","id":53733,"village_id":null,"begin_timestamp":{"seconds":1703847600,"nanoseconds":0},"tag_ids":[46124,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52402}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T11:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We're happy about any co-knitters and co-crocheters joining us, and we'll teach you how it works in case you don't know. :-) **Where? Free space in front of Saal F.**\r\n\r\nIf you could bring a knitting needle and yarn on your own, that would be perfect; but fear not, we have a limited supply which we'll gladly share with you. In this case, it would be nice if you could reimburse us on our costs, but no worries if that's not possible.\r\n\r\nA nice project for a beginner is an oven cloth or a phone case, or if you're looking for something more ambitious, gloves. We are also happy to assist with your own projects or ideas. :-)\r\n\r\nAt least one of the workshop-giving persons can also offer the workshop in Macedonian or broken Serbian. The workshop is organized by [August](https://events.ccc.de/congress/2023/hub/en/user/augustgaugler/).\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Knitting/crocheting workshop (Strick- und Häkelworkshop)","android_description":"We're happy about any co-knitters and co-crocheters joining us, and we'll teach you how it works in case you don't know. :-) **Where? Free space in front of Saal F.**\r\n\r\nIf you could bring a knitting needle and yarn on your own, that would be perfect; but fear not, we have a limited supply which we'll gladly share with you. In this case, it would be nice if you could reimburse us on our costs, but no worries if that's not possible.\r\n\r\nA nice project for a beginner is an oven cloth or a phone case, or if you're looking for something more ambitious, gloves. We are also happy to assist with your own projects or ideas. :-)\r\n\r\nAt least one of the workshop-giving persons can also offer the workshop in Macedonian or broken Serbian. The workshop is organized by [August](https://events.ccc.de/congress/2023/hub/en/user/augustgaugler/).\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮","end_timestamp":{"seconds":1703853000,"nanoseconds":0},"updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T12:30:00.000-0000","id":53968,"village_id":null,"begin_timestamp":{"seconds":1703845800,"nanoseconds":0},"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Quasiroom","hotel":"","short_name":"Quasiroom","id":46142},"spans_timebands":"N","begin":"2023-12-29T10:30:00.000-0000","updated":"2023-12-29T15:25:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Here you can splice fiber optics yourself. Learn what is important when splicing and try it out yourself. Per slot max. 4 attendees. Registration required: https://tickets.events.hacknang.de/ctbk/37c3-fiber/\n\n\nGlasfaser-Spleißworkshop unterstützt von Selfnet e.V., Bitte Details beachten - Anmeldung erforderlich!","title":"Spleiß-Workshop Tag 3","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"Here you can splice fiber optics yourself. Learn what is important when splicing and try it out yourself. Per slot max. 4 attendees. Registration required: https://tickets.events.hacknang.de/ctbk/37c3-fiber/\n\n\nGlasfaser-Spleißworkshop unterstützt von Selfnet e.V., Bitte Details beachten - Anmeldung erforderlich!","end_timestamp":{"seconds":1703848200,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T11:10:00.000-0000","id":53893,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703845800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"CTBK-Workshoparea","hotel":"","short_name":"CTBK-Workshoparea","id":46163},"spans_timebands":"N","begin":"2023-12-29T10:30:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Everything is digitalized nowadays and if not, it soon will be. More people will interact with more technology and they will sooner or later be forced to use it even though they are not “Digital Natives” and have troubles or are scared of doing so. Good usability can help with that. Usability is a term many people use but might not be aware what it actually means. In this discussion, I’ll present what makes a good usability and why everyone benefits from it. No previous knowledge necessary.\r\n🧮 \r\nIf you want to contact me directly after the talk: @m0ndra\n\n\n","title":"(Good) Usability: What is it and how can wie achieve it","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703847600,"nanoseconds":0},"android_description":"Everything is digitalized nowadays and if not, it soon will be. More people will interact with more technology and they will sooner or later be forced to use it even though they are not “Digital Natives” and have troubles or are scared of doing so. Good usability can help with that. Usability is a term many people use but might not be aware what it actually means. In this discussion, I’ll present what makes a good usability and why everyone benefits from it. No previous knowledge necessary.\r\n🧮 \r\nIf you want to contact me directly after the talk: @m0ndra","updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T11:00:00.000-0000","id":53767,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703845800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","updated":"2023-12-30T01:42:00.000-0000","begin":"2023-12-29T10:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Ist alleine leben nicht sowohl sehr ineffizient als auch oft sehr langweilig, unsicher und einsam? \r\n\r\nHaben nicht alle mehr von Ressourcen, wenn man sie sich teilt? Zum Beispiel in einer gemeinsamen Ökonomie? \r\n\r\nIst es im Grunde nicht unglaublich ineffizient, Räume nach Personen und nicht nach Funktionen aufzuteilen? Am Ende haben sechs Leute dann je ein kleines Schlafzimmer mit Schreibtisch, obwohl sie, wenn sie die Räume aufteilen würden, alle ein Schlafzimmer, ein Arbeitszimmer, eine Hardware-Werkstatt, einen Kino/Gaming-Raum, ein Spielzimmer und einen Musik/Tanz-Raum haben könnten. Oder auch lauter coole andere Funktionsräume? (Das Konzept ist natürlich fast beliebig skalierbar.)\r\n\r\nWie müssten all diese Konzepte angepasst werden, damit sie nicht nur für neurotypische Menschen funktionieren? \r\n\r\nWarum ist kollektives Leben mit der Kleinfamilie normal, aber mit unseren besten Freund\\*innen und liebsten Kolleg\\*innen fast schon revolutionär? \r\n\r\nWarum lebt der schon hundert mal totgesagte Punk 24/7 auf Wagenplätzen und die kulturellen Großeltern der Punks, die Hippies, in Kommunen zusammen, während die sonst so erfindungsreiche Nerdkultur noch keine Konzepte des kollektiven nerdigen Zusammenleben gefunden hat? \r\n\r\nWer kümmert sich eigentlich um dich, wenn du dich aufgrund von Krankheit oder Behinderung eine längere Zeit nicht mehr alleine um dich selbst kümmern kannst? Denn, kleiner Funfact: auch wenn du darüber nicht gerne nachdenkst braucht es nur einen unglücklichen Zufall damit das passiert. \r\n\r\nWäre es nicht schön, wenn es nicht schlimm wäre, wenn du mal ein paar Monate kein Geld verdienen könntest? Wie viel angstfreier könntest du dann leben? \r\n\r\nWie könnte ein cooles Wohnprojekt von und für Nerds aussehen? \r\n\r\nWenn einige dieser Fragen dich ansprechen, dann komm gerne zur Gesprächsrunde :)\n\n\n","title":"Gesprächsrunde über kollektive Lebenskonzepte abseits der Kleinfamilie","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"Ist alleine leben nicht sowohl sehr ineffizient als auch oft sehr langweilig, unsicher und einsam? \r\n\r\nHaben nicht alle mehr von Ressourcen, wenn man sie sich teilt? Zum Beispiel in einer gemeinsamen Ökonomie? \r\n\r\nIst es im Grunde nicht unglaublich ineffizient, Räume nach Personen und nicht nach Funktionen aufzuteilen? Am Ende haben sechs Leute dann je ein kleines Schlafzimmer mit Schreibtisch, obwohl sie, wenn sie die Räume aufteilen würden, alle ein Schlafzimmer, ein Arbeitszimmer, eine Hardware-Werkstatt, einen Kino/Gaming-Raum, ein Spielzimmer und einen Musik/Tanz-Raum haben könnten. Oder auch lauter coole andere Funktionsräume? (Das Konzept ist natürlich fast beliebig skalierbar.)\r\n\r\nWie müssten all diese Konzepte angepasst werden, damit sie nicht nur für neurotypische Menschen funktionieren? \r\n\r\nWarum ist kollektives Leben mit der Kleinfamilie normal, aber mit unseren besten Freund\\*innen und liebsten Kolleg\\*innen fast schon revolutionär? \r\n\r\nWarum lebt der schon hundert mal totgesagte Punk 24/7 auf Wagenplätzen und die kulturellen Großeltern der Punks, die Hippies, in Kommunen zusammen, während die sonst so erfindungsreiche Nerdkultur noch keine Konzepte des kollektiven nerdigen Zusammenleben gefunden hat? \r\n\r\nWer kümmert sich eigentlich um dich, wenn du dich aufgrund von Krankheit oder Behinderung eine längere Zeit nicht mehr alleine um dich selbst kümmern kannst? Denn, kleiner Funfact: auch wenn du darüber nicht gerne nachdenkst braucht es nur einen unglücklichen Zufall damit das passiert. \r\n\r\nWäre es nicht schön, wenn es nicht schlimm wäre, wenn du mal ein paar Monate kein Geld verdienen könntest? Wie viel angstfreier könntest du dann leben? \r\n\r\nWie könnte ein cooles Wohnprojekt von und für Nerds aussehen? \r\n\r\nWenn einige dieser Fragen dich ansprechen, dann komm gerne zur Gesprächsrunde :)","end_timestamp":{"seconds":1703851200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T12:00:00.000-0000","id":53768,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703845200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T10:20:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Musik für Herz & Hintern\n\n\n","title":"Pony","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"Musik für Herz & Hintern","end_timestamp":{"seconds":1703854800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T13:00:00.000-0000","id":53870,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703844000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Make circuits for light, sound or motion. From the age of around 4 years upwards accompanied by adults, this is possible with the simple electronic kit based on snap buttons (manufactureres recommendation is 8 years). Even younger kits enjoy arranging coloured shapes. This is a parent-kid-offer. Please oversee your kids or build with them.\n\n\n","title":"Elektrobaukasten - Tag 3","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703851200,"nanoseconds":0},"android_description":"Make circuits for light, sound or motion. From the age of around 4 years upwards accompanied by adults, this is possible with the simple electronic kit based on snap buttons (manufactureres recommendation is 8 years). Even younger kits enjoy arranging coloured shapes. This is a parent-kid-offer. Please oversee your kids or build with them.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T12:00:00.000-0000","id":53842,"village_id":null,"begin_timestamp":{"seconds":1703844000,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Kidspace - Saal B","hotel":"","short_name":"Kidspace - Saal B","id":46158},"begin":"2023-12-29T10:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Some day, computers will help working mathematicians of all disciplines in finding and checking proofs. It will feel easy, effortless and natural. Computers might even surpass us, creating a new exciting niche for mathematicians: understanding the mathematical advances put forward by computers. The univalent foundations program by the late Vladimir Voevodsky was an important step towards this vision. However, we aren't there yet.\r\n\r\nStill even the current generation of theorem provers is very exciting. It's fun to talk the computer into accepting our proofs, and invariably we learn something about our proofs in the process.\r\n\r\nIn this workshop, we'll cover the basics of Agda, one of the well-known proof assistants. The workshop will start as a guided tour. You belong to the target audience iff you have some experience in writing down mathematical proofs, for instance if at some point you proved Gauß's sum formula using induction. Knowledge of Haskell is beneficiary (modulo syntax, Agda is a superset of a subset of Haskell), but not required.\r\n\r\nYou don't need to install Agda beforehand, we will use the online version at https://agdapad.quasicoherent.io/.\r\n\r\nLiterature: https://plfa.github.io/\r\n\r\n**Note to other people planning self-organized sessions:** We don't actually need the full size of Saal D. A room with about 20 seats is sufficient. On Day 0, we will scout the building for alternative options.\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮\n\n\n","title":"Formalizing mathematics in the proof assistant Agda","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"Some day, computers will help working mathematicians of all disciplines in finding and checking proofs. It will feel easy, effortless and natural. Computers might even surpass us, creating a new exciting niche for mathematicians: understanding the mathematical advances put forward by computers. The univalent foundations program by the late Vladimir Voevodsky was an important step towards this vision. However, we aren't there yet.\r\n\r\nStill even the current generation of theorem provers is very exciting. It's fun to talk the computer into accepting our proofs, and invariably we learn something about our proofs in the process.\r\n\r\nIn this workshop, we'll cover the basics of Agda, one of the well-known proof assistants. The workshop will start as a guided tour. You belong to the target audience iff you have some experience in writing down mathematical proofs, for instance if at some point you proved Gauß's sum formula using induction. Knowledge of Haskell is beneficiary (modulo syntax, Agda is a superset of a subset of Haskell), but not required.\r\n\r\nYou don't need to install Agda beforehand, we will use the online version at https://agdapad.quasicoherent.io/.\r\n\r\nLiterature: https://plfa.github.io/\r\n\r\n**Note to other people planning self-organized sessions:** We don't actually need the full size of Saal D. A room with about 20 seats is sufficient. On Day 0, we will scout the building for alternative options.\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮","end_timestamp":{"seconds":1703851200,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T12:00:00.000-0000","id":53777,"begin_timestamp":{"seconds":1703844000,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"N","begin":"2023-12-29T10:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This session allows for a detailed discussion on the topic of \"Responsible AI in the Public Sector.\" This discussion revolves around nothing less than how our governments employ AI and other Automated Decision Making (ADM) methods to make our administration and society more efficient.\r\n\r\nFollowing a brief introduction, we will transition into an open discussion. What principles should guide the administration in building their algorithms? How does the AI Act come into play, and is it sufficient? How can strong AI regulation and oversight not be perceived as inhibiting innovation?\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Ethische Algorithmen in der Regierung?","android_description":"This session allows for a detailed discussion on the topic of \"Responsible AI in the Public Sector.\" This discussion revolves around nothing less than how our governments employ AI and other Automated Decision Making (ADM) methods to make our administration and society more efficient.\r\n\r\nFollowing a brief introduction, we will transition into an open discussion. What principles should guide the administration in building their algorithms? How does the AI Act come into play, and is it sufficient? How can strong AI regulation and oversight not be perceived as inhibiting innovation?","end_timestamp":{"seconds":1703847600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T11:00:00.000-0000","id":53759,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703844000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","begin":"2023-12-29T10:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We love to put microcontrollers, systems-on-a-chip and many other Integrated Circuits (ICs) into all sorts of devices. As hardware backdoors can undermine software security, the integrity of these chips is becoming increasingly important. However, most of these microchips are manufactured in a complex global supply chain where not all parties can necessarily be trusted. Who guarantees that the chip we order is the chip we get delivered? While the European Union wants to ensure digital sovereignty through massive long-term investment in domestic IC production, we need a way to verify the integrity of microchips *today*.\r\n\r\nIn this talk, we will first briefly cover the basics of the IC design and production process. We will outline common attacks that enable the insertion of subtle malicious manipulations or backdoors, often called hardware Trojans. You don't need to have a hardware background to follow along!\r\n\r\nWe then introduce some techniques we can use to detect hardware manipulations by comparing the circuit within a microchip to its original design files by reverse engineering the chip using open-source image processing. While imaging an IC requires advanced laboratory equipment, commodity hardware is sufficient to analyze the captured images.\r\n\r\nIn the main part of our talk, we will present a case study on Trojan detection based on four different digital ICs using a Red Team vs. Blue Team approach, and give a live demonstration.\r\nWe will share what manipulations of our Red Team we are already able to find reliably, and where some work is still needed -- and we're calling on you to play with our algorithms and have a go at uncovering the Trojans that are still well-hidden. Of course, we have made our source code and entire image datasets available under a free and open license.\r\n\r\nWe'll conclude with an insight into the working process of our Blue Team -- what we learned, and how we failed -- and give an outlook on how we can lower the entry barrier into IC reverse engineering, unlocking the hardware security field for all.\n\n\nEnsuring the integrity of Integrated Circuits (ICs) against malicious hardware Trojans is paramount for secure electronic devices. One approach involves imaging the manufactured chips to compare them with their original design files. While such techniques for detecting Trojans are relatively well-known in the industry, there is a notable absence of comprehensive, publicly available case studies. To bridge this gap, we unveil a Red Team vs. Blue Team case study on hardware Trojan detection across four digital ICs in various modern feature sizes. We share our findings, algorithms, and image datasets, shedding light on the efficiency of these techniques, and offer insights into the impact of technology scaling on detection performance.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"Unlocking Hardware Security: Red Team, Blue Team, and Trojan Tales","end_timestamp":{"seconds":1703847600,"nanoseconds":0},"android_description":"We love to put microcontrollers, systems-on-a-chip and many other Integrated Circuits (ICs) into all sorts of devices. As hardware backdoors can undermine software security, the integrity of these chips is becoming increasingly important. However, most of these microchips are manufactured in a complex global supply chain where not all parties can necessarily be trusted. Who guarantees that the chip we order is the chip we get delivered? While the European Union wants to ensure digital sovereignty through massive long-term investment in domestic IC production, we need a way to verify the integrity of microchips *today*.\r\n\r\nIn this talk, we will first briefly cover the basics of the IC design and production process. We will outline common attacks that enable the insertion of subtle malicious manipulations or backdoors, often called hardware Trojans. You don't need to have a hardware background to follow along!\r\n\r\nWe then introduce some techniques we can use to detect hardware manipulations by comparing the circuit within a microchip to its original design files by reverse engineering the chip using open-source image processing. While imaging an IC requires advanced laboratory equipment, commodity hardware is sufficient to analyze the captured images.\r\n\r\nIn the main part of our talk, we will present a case study on Trojan detection based on four different digital ICs using a Red Team vs. Blue Team approach, and give a live demonstration.\r\nWe will share what manipulations of our Red Team we are already able to find reliably, and where some work is still needed -- and we're calling on you to play with our algorithms and have a go at uncovering the Trojans that are still well-hidden. Of course, we have made our source code and entire image datasets available under a free and open license.\r\n\r\nWe'll conclude with an insight into the working process of our Blue Team -- what we learned, and how we failed -- and give an outlook on how we can lower the entry barrier into IC reverse engineering, unlocking the hardware security field for all.\n\n\nEnsuring the integrity of Integrated Circuits (ICs) against malicious hardware Trojans is paramount for secure electronic devices. One approach involves imaging the manufactured chips to compare them with their original design files. While such techniques for detecting Trojans are relatively well-known in the industry, there is a notable absence of comprehensive, publicly available case studies. To bridge this gap, we unveil a Red Team vs. Blue Team case study on hardware Trojan detection across four digital ICs in various modern feature sizes. We share our findings, algorithms, and image datasets, shedding light on the efficiency of these techniques, and offer insights into the impact of technology scaling on detection performance.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53750],"name":"Steffen Becker","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52445},{"conference_id":131,"event_ids":[53750],"name":"e7p","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52451}],"timeband_id":1142,"end":"2023-12-29T11:00:00.000-0000","links":[{"label":"Dataset","type":"link","url":"https://doi.org/10.17617/3.396Q7I"},{"label":"Tooling","type":"link","url":"https://github.com/emsec/ChipSuite"},{"label":"Paper","type":"link","url":"https://eprint.iacr.org/2022/1720"}],"id":53750,"begin_timestamp":{"seconds":1703844000,"nanoseconds":0},"village_id":null,"tag_ids":[46124,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52445},{"tag_id":46107,"sort_order":1,"person_id":52451}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Beide Projekte zielen darauf ab, die Gesundheitsdaten von Millionen Menschen zu digitalisieren und diese Behandelnden, der Forschung und der Wirtschaft bereitzustellen.\r\n\r\nIn unserem Vortrag wollen wir entlang von sieben Thesen zentrale technische und gesellschaftspolitische Untiefen der geplanten Gesundheitsdigitalisierung in der Bundesrepublik und in der EU erkunden – und den Weg zu einer alternativen Digitalisierung des Gesundheitssektors aufzeigen.\n\n\nKarl Lauterbach und die EU-Kommission haben eines gemeinsam. Beide wollen in Windeseile die Digitalisierung des Gesundheitssektors voranbringen. Die elektronische Patientenakte soll im Januar 2025 für alle Bundesbürger:innen kommen. Im gleichen Jahr ist der Start des sogenannten Europäischen Gesundheitsdatenraums geplant.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Von der ePA zum EHDS: 7 Thesen zur aktuellen digitalen Gesundheitspolitik","android_description":"Beide Projekte zielen darauf ab, die Gesundheitsdaten von Millionen Menschen zu digitalisieren und diese Behandelnden, der Forschung und der Wirtschaft bereitzustellen.\r\n\r\nIn unserem Vortrag wollen wir entlang von sieben Thesen zentrale technische und gesellschaftspolitische Untiefen der geplanten Gesundheitsdigitalisierung in der Bundesrepublik und in der EU erkunden – und den Weg zu einer alternativen Digitalisierung des Gesundheitssektors aufzeigen.\n\n\nKarl Lauterbach und die EU-Kommission haben eines gemeinsam. Beide wollen in Windeseile die Digitalisierung des Gesundheitssektors voranbringen. Die elektronische Patientenakte soll im Januar 2025 für alle Bundesbürger:innen kommen. Im gleichen Jahr ist der Start des sogenannten Europäischen Gesundheitsdatenraums geplant.","end_timestamp":{"seconds":1703847600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53734],"name":"Daniel Leisegang","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52255},{"conference_id":131,"event_ids":[53734],"name":"bkastl","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52507}],"timeband_id":1142,"end":"2023-12-29T11:00:00.000-0000","links":[{"label":"Bianca Kastl","type":"link","url":"https://bkastl.de/notes"},{"label":"Daniel Leisegang","type":"link","url":"https://netzpolitik.org/author/daniellei/"}],"id":53734,"village_id":null,"begin_timestamp":{"seconds":1703844000,"nanoseconds":0},"tag_ids":[46121,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52255},{"tag_id":46107,"sort_order":1,"person_id":52507}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","begin":"2023-12-29T10:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Understand that Machine Learning is powerful but also brittle\r\n- Give a short demo/ice breaker that includes a question to audience to show how ML is super powerful but also fails drastically.\r\n- Highlight that these failure modes can often easily be triggered once an adversary is in the loop.\r\n\r\nIntro to Large Language Models\r\n- Now pivot from generic ML to LLMs and show how the brittleness applies there.\r\n- Discuss what a LLM is and how it works briefly. Describe various prompt engineering techniques (extraction, summarization, classification, transformation,…)\r\n- Walk the audience through a typical large language model LLM application and how it works.\r\n- Highlight that there is no state, and what the context window is. But how to create a Chatbot then?\r\n- Show how systems like ChatGPT or Bing Chat leverage context window to create a conversation.\r\n- This part is important to later understand the persistence section of the talk (e.g. as long as attacker controlled data is in the context window, there is persistence of prompt injection)\r\n\r\nHighlighting real-world examples and exploits!\r\n\r\nFirst discuss three large categories of threats:\r\n Misalignment - Model Issues\r\n Jailbreaks/Direct Prompt Injections\r\n Indirect Prompt Injections\r\n\r\nWe will deep dive on (3) Indirect Prompt Injections.\r\n\r\nIndirect Prompt Injections\r\n\r\n- Walk the audience through an end to end scenario (graphic in Powerpoint) that explains a prompt injection first at a basic level.\r\n- Give a demo with ChatGPT (GPT-4) and make sure the audience understands the high level idea of a prompt injection\r\n- Then take it up a notch to explain indirect prompt injections, where untrusted data is inserted into the chat context\r\n- Show demo with Google Docs and how it fails to summarize a text correctly - this demo will fit the ChatGPT (GPT-4) example from before well.\r\n- Visual Prompt Injections (Multi-modal)\r\n- Discuss some of OpenAI’s recommendation and highlight that these mitigation steps do not work! They do not mitigate injections.\r\n- Give Bing Chat Demo of an Indirect Prompt Injection ( a demo that shows how the Chatbot achieves a new identity and objective when being exploited). e..g Bing Chat changes to a hacker that will attempt to extort Bitcoin from the user.\r\n\r\nInjection TTPs\r\n\r\nDiscuss strategies on how attackers can trick LLMs:\r\n\r\n Ignore previous instructions\r\n Acknowledge/Affirm instructions and add-on\r\n Confuse/Encode - switch languages, base64 encode text, emojis,…\r\n Algorithmic - fuzzing and attacks using offline models, and transferring those attack payloads to online models\r\n\r\nPlugins, AI Actions and Functions\r\n\r\nThis section will focus on ChatGPT plugins and the danger of the plugin ecosystem.\r\n\r\n- Explain how plugins work (public data, plugin store, installation, configuration, OAuth,…)\r\n- Show how Indirect Prompt Injection can be triggered by a plugin (plugin developers, but also anyone owning a piece of data the plugin returns)\r\n- Demo Chat with Code plugin vulnerability that allows to change the ChatGPT user’s Github repos, and even switch code from private to public. This is a systemic vulnerability and depending on a plugin’s capability can lead to RCE, data exfiltration, data destruction, etc..\r\n- Show the audience the “payload” and discuss it. It is written entirely in natural language, so the attacker does not require to know C, Python or any other programming language.\r\n\r\nData Exfiltration\r\n\r\nNow switching gears to data exfiltration examples.\r\n\r\nData exfil can occur via:\r\n - Unfurling of hyperlinks: Explain what unfurling is to the audience - apps like Discord, Slack, Teams,… do this.\r\n - Image Markdown Injection: One of the most common data exfil angles. I found ChatGPT, Bing Chat, and Anthropic Claude are vulnerable to this, and will also show how Microsoft and Anthropic fixed this problem. ChatGPT decided not to fix it, which puts users at risk of their data being stolen during an Indirect prompt injection attack.\r\n Give a detailed exploit chain walkthrough on Google Bard Data Exfiltration and bypasses.\r\n - Plugins, AI Actions, Tools: Besides taking actions on behalf of the user, plugins can also be used to exfiltrate data. Demo: Stealing a users email with Cross Plugin Request Forgery. Here is a screenshot that went viral on Twitter when I first discovered this new vulnerability class: https://twitter.com/wunderwuzzi23/status/1658348810299662336\r\n\r\nKey Take-away and Mitigations\r\n\r\n - Do not blindly trust LLM output.\r\n Remind the audience that there is no 100% deterministic solution a developer can apply. This is due to how LLM works, but give guidance to make systems more robust.\r\n Highlight the importance of Human in the Loop and to not over-rely on LLM output.\r\n\r\nNote: The below outline is a draft on what I would speak about if it would be today - it might change quite a bit until end of December as new features/vulnerabilities are introduced by Microsoft, Google and OpenAI.\n\n\nWith the rapid growth of AI and Large Language Models users are facing an increased risk of scams, data exfiltration, loss of PII, and even remote code execution. This talk will demonstrate many real-world exploits the presenter discovered, including discussion of mitigations and fixes vendors put in place for the most prominent LLM applications, including ChatGPT, Bing Chat and Google Bard.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"NEW IMPORTANT INSTRUCTIONS","end_timestamp":{"seconds":1703846400,"nanoseconds":0},"android_description":"Understand that Machine Learning is powerful but also brittle\r\n- Give a short demo/ice breaker that includes a question to audience to show how ML is super powerful but also fails drastically.\r\n- Highlight that these failure modes can often easily be triggered once an adversary is in the loop.\r\n\r\nIntro to Large Language Models\r\n- Now pivot from generic ML to LLMs and show how the brittleness applies there.\r\n- Discuss what a LLM is and how it works briefly. Describe various prompt engineering techniques (extraction, summarization, classification, transformation,…)\r\n- Walk the audience through a typical large language model LLM application and how it works.\r\n- Highlight that there is no state, and what the context window is. But how to create a Chatbot then?\r\n- Show how systems like ChatGPT or Bing Chat leverage context window to create a conversation.\r\n- This part is important to later understand the persistence section of the talk (e.g. as long as attacker controlled data is in the context window, there is persistence of prompt injection)\r\n\r\nHighlighting real-world examples and exploits!\r\n\r\nFirst discuss three large categories of threats:\r\n Misalignment - Model Issues\r\n Jailbreaks/Direct Prompt Injections\r\n Indirect Prompt Injections\r\n\r\nWe will deep dive on (3) Indirect Prompt Injections.\r\n\r\nIndirect Prompt Injections\r\n\r\n- Walk the audience through an end to end scenario (graphic in Powerpoint) that explains a prompt injection first at a basic level.\r\n- Give a demo with ChatGPT (GPT-4) and make sure the audience understands the high level idea of a prompt injection\r\n- Then take it up a notch to explain indirect prompt injections, where untrusted data is inserted into the chat context\r\n- Show demo with Google Docs and how it fails to summarize a text correctly - this demo will fit the ChatGPT (GPT-4) example from before well.\r\n- Visual Prompt Injections (Multi-modal)\r\n- Discuss some of OpenAI’s recommendation and highlight that these mitigation steps do not work! They do not mitigate injections.\r\n- Give Bing Chat Demo of an Indirect Prompt Injection ( a demo that shows how the Chatbot achieves a new identity and objective when being exploited). e..g Bing Chat changes to a hacker that will attempt to extort Bitcoin from the user.\r\n\r\nInjection TTPs\r\n\r\nDiscuss strategies on how attackers can trick LLMs:\r\n\r\n Ignore previous instructions\r\n Acknowledge/Affirm instructions and add-on\r\n Confuse/Encode - switch languages, base64 encode text, emojis,…\r\n Algorithmic - fuzzing and attacks using offline models, and transferring those attack payloads to online models\r\n\r\nPlugins, AI Actions and Functions\r\n\r\nThis section will focus on ChatGPT plugins and the danger of the plugin ecosystem.\r\n\r\n- Explain how plugins work (public data, plugin store, installation, configuration, OAuth,…)\r\n- Show how Indirect Prompt Injection can be triggered by a plugin (plugin developers, but also anyone owning a piece of data the plugin returns)\r\n- Demo Chat with Code plugin vulnerability that allows to change the ChatGPT user’s Github repos, and even switch code from private to public. This is a systemic vulnerability and depending on a plugin’s capability can lead to RCE, data exfiltration, data destruction, etc..\r\n- Show the audience the “payload” and discuss it. It is written entirely in natural language, so the attacker does not require to know C, Python or any other programming language.\r\n\r\nData Exfiltration\r\n\r\nNow switching gears to data exfiltration examples.\r\n\r\nData exfil can occur via:\r\n - Unfurling of hyperlinks: Explain what unfurling is to the audience - apps like Discord, Slack, Teams,… do this.\r\n - Image Markdown Injection: One of the most common data exfil angles. I found ChatGPT, Bing Chat, and Anthropic Claude are vulnerable to this, and will also show how Microsoft and Anthropic fixed this problem. ChatGPT decided not to fix it, which puts users at risk of their data being stolen during an Indirect prompt injection attack.\r\n Give a detailed exploit chain walkthrough on Google Bard Data Exfiltration and bypasses.\r\n - Plugins, AI Actions, Tools: Besides taking actions on behalf of the user, plugins can also be used to exfiltrate data. Demo: Stealing a users email with Cross Plugin Request Forgery. Here is a screenshot that went viral on Twitter when I first discovered this new vulnerability class: https://twitter.com/wunderwuzzi23/status/1658348810299662336\r\n\r\nKey Take-away and Mitigations\r\n\r\n - Do not blindly trust LLM output.\r\n Remind the audience that there is no 100% deterministic solution a developer can apply. This is due to how LLM works, but give guidance to make systems more robust.\r\n Highlight the importance of Human in the Loop and to not over-rely on LLM output.\r\n\r\nNote: The below outline is a draft on what I would speak about if it would be today - it might change quite a bit until end of December as new features/vulnerabilities are introduced by Microsoft, Google and OpenAI.\n\n\nWith the rapid growth of AI and Large Language Models users are facing an increased risk of scams, data exfiltration, loss of PII, and even remote code execution. This talk will demonstrate many real-world exploits the presenter discovered, including discussion of mitigations and fixes vendors put in place for the most prominent LLM applications, including ChatGPT, Bing Chat and Google Bard.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53732],"name":"Johann Rehberger","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52267}],"timeband_id":1142,"end":"2023-12-29T10:40:00.000-0000","links":[{"label":"My Blog - Embrace The Red ","type":"link","url":"https://embracethered.com"},{"label":"WIRED: ChatGPT Has a Plug-In Problem","type":"link","url":"https://www.wired.com/story/chatgpt-plugins-security-privacy-risk/"},{"label":"WIRED: The Security Hole at the Heart of ChatGPT and Bing","type":"link","url":"https://www.wired.com/story/chatgpt-prompt-injection-attack-security/"},{"label":"The Guardian: https://www.theguardian.com/technology/2023/aug/30/uk-cybersecurity-agency-warns-of-chatbot-prompt-injection-attacks","type":"link","url":"https://www.theguardian.com/technology/2023/aug/30/uk-cybersecurity-agency-warns-of-chatbot-prompt-injection-attacks"},{"label":"With AI, Hackers Can Simply Talk Computers Into Misbehaving","type":"link","url":"https://www.wsj.com/articles/with-ai-hackers-can-simply-talk-computers-into-misbehaving-ad488686"}],"id":53732,"tag_ids":[46124,46136,46140],"village_id":null,"begin_timestamp":{"seconds":1703844000,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52267}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"DE:\r\nIhr seid eine kleine Gruppe, die eine gemütliche Ecke braucht? Kommt vorbei. Oder einen Tisch, an dem ihr etwas bauen, basteln, werkeln könnt? Wir haben Tische. Ihr wollt ein paar Spiele spielen? Macht auch gerne das.\r\n\r\nIn dieser unmoderierten Session könnt ihr den Workshopraum gemeinsam nutzen und vielleicht auch gucken, was die anderen gerade so interessantes machen. Gesellt euch dazu, so lange Platz ist und die Anwesenden den Raum gemeinsam nutzen können, ohne sich dabei zu stören.\r\n\r\nEN:\r\nYou are a small group that needs a cozy corner? Come on over. Or a table where you can build something, tinker, craft? We have tables. You want to play some games? Feel free to do that too.\r\n\r\nIn this unmoderated session, you can share the workshop room and maybe see what others are doing that's interesting.Join this open session as long as there is room and those present can share the space without interfering with each other.\n\n\nDE: Während dieser Session ist der Workshopraum für alle offen, die sich hier treffen möchten. Er soll ein Raum für produktiven Austausch sein.\r\n\r\nEN: During this session, the workshop room is open to anyone who would like to meet here. Our room is meant to be a space for productive exchange.","type":{"conference_id":131,"conference":"37C3","color":"#7f73c6","updated_at":"2023-12-30T22:18+0000","name":"Workshop","id":46133},"title":"Offene Workshop-Sessions Tag 3 | Open workshop sessions day 3","android_description":"DE:\r\nIhr seid eine kleine Gruppe, die eine gemütliche Ecke braucht? Kommt vorbei. Oder einen Tisch, an dem ihr etwas bauen, basteln, werkeln könnt? Wir haben Tische. Ihr wollt ein paar Spiele spielen? Macht auch gerne das.\r\n\r\nIn dieser unmoderierten Session könnt ihr den Workshopraum gemeinsam nutzen und vielleicht auch gucken, was die anderen gerade so interessantes machen. Gesellt euch dazu, so lange Platz ist und die Anwesenden den Raum gemeinsam nutzen können, ohne sich dabei zu stören.\r\n\r\nEN:\r\nYou are a small group that needs a cozy corner? Come on over. Or a table where you can build something, tinker, craft? We have tables. You want to play some games? Feel free to do that too.\r\n\r\nIn this unmoderated session, you can share the workshop room and maybe see what others are doing that's interesting.Join this open session as long as there is room and those present can share the space without interfering with each other.\n\n\nDE: Während dieser Session ist der Workshopraum für alle offen, die sich hier treffen möchten. Er soll ein Raum für produktiven Austausch sein.\r\n\r\nEN: During this session, the workshop room is open to anyone who would like to meet here. Our room is meant to be a space for productive exchange.","end_timestamp":{"seconds":1703848500,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T11:15:00.000-0000","id":53804,"tag_ids":[46133,46139],"village_id":null,"begin_timestamp":{"seconds":1703843100,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"spans_timebands":"N","begin":"2023-12-29T09:45:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Pinhole cameras, caffenol, cyanotype & co - reinventing the wheel to take an analog photo!\r\n \r\nShoot and develop your own analog photo with minimalist equipment and non-toxic household ingredients! A selfmade pinhole camera, photo paper and coffee as a developer is enough to get started.After that, the result will be printed on self-made blue & white cyanotype paper.No prior knowledge needed, all material is provided.\r\n\r\n############\r\n\r\nElias / Anna\r\n We are hobby photographers / filmers always looking for new ways & recipes to expand our knowledge about analog photographic processes.\n\n\nLochkameras, Caffenol, Blaudruck & co - erfinde das Rad neu, um ein analoges Photo zu schießen!","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Art and Play: DIY photolab research #2","end_timestamp":{"seconds":1703854800,"nanoseconds":0},"android_description":"Pinhole cameras, caffenol, cyanotype & co - reinventing the wheel to take an analog photo!\r\n \r\nShoot and develop your own analog photo with minimalist equipment and non-toxic household ingredients! A selfmade pinhole camera, photo paper and coffee as a developer is enough to get started.After that, the result will be printed on self-made blue & white cyanotype paper.No prior knowledge needed, all material is provided.\r\n\r\n############\r\n\r\nElias / Anna\r\n We are hobby photographers / filmers always looking for new ways & recipes to expand our knowledge about analog photographic processes.\n\n\nLochkameras, Caffenol, Blaudruck & co - erfinde das Rad neu, um ein analoges Photo zu schießen!","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T13:00:00.000-0000","id":53980,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703840400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Art and Play Workshop table [H]","hotel":"","short_name":"Art and Play Workshop table [H]","id":46162},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T09:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Large Language Models (LLMs) have taken the world by storm. Alongside their vast potential, these models also present unique security challenges. This session will serve as a primer on LLM security, introducing key issues and concepts related to the security of LLMs and systems relying on them. For example, we will be looking at issues such as prompt injection, sensitive information disclosure, and issues related to the use of plugins. Of course, we are also going to look at how to red-team LLMs.\r\n\r\n### Target Audience\r\n\r\nThis session targets beginners and does not assume (in-depth) knowledge about LLMs. Please note that this session will not be about using LLMs in offensive or defensive cybersecurity.\r\n\r\n#### Learning Objectives\r\n\r\nFrom a learning perspective, after the session, participants will be able to …\r\n\r\n- describe what LLMs are and how they fundamentally function.\r\n- describe common security issues related to LLMs and systems relying on LLMs.\r\n- describe what LLM red teaming is.\r\n- perform some basic attacks against LLMs to test them for common issues.\r\n\r\n### Format\r\n\r\nThe session will be split into a 30-minute introductory talk as well as 15 minutes of discussion. Participants will be provided with the slides as well as some resources for further study.\r\n\r\n### Material\r\n* [Slides as PDF](https://docs.kleiber.me/2023-12-29-Kleiber-A-Primer-On-LLM-Security.pdf)\r\n* [Selected Resources as Google Doc](https://docs.google.com/document/d/1ETJbHCg0tRQE6vUxaqYBuIz2mk6ii5CU12RpZ1q9aEg/edit?usp=sharing)\r\n\r\n\r\nPs. I would highly recommend attending Johan Rehberger’s Talk \"[NEW IMPORTANT INSTRUCTIONS]( https://events.ccc.de/congress/2023/hub/de/event/new_important_instructions/)\" in Saal 1 after this session.\n\n\n","title":"A Primer on LLM Security","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"Large Language Models (LLMs) have taken the world by storm. Alongside their vast potential, these models also present unique security challenges. This session will serve as a primer on LLM security, introducing key issues and concepts related to the security of LLMs and systems relying on them. For example, we will be looking at issues such as prompt injection, sensitive information disclosure, and issues related to the use of plugins. Of course, we are also going to look at how to red-team LLMs.\r\n\r\n### Target Audience\r\n\r\nThis session targets beginners and does not assume (in-depth) knowledge about LLMs. Please note that this session will not be about using LLMs in offensive or defensive cybersecurity.\r\n\r\n#### Learning Objectives\r\n\r\nFrom a learning perspective, after the session, participants will be able to …\r\n\r\n- describe what LLMs are and how they fundamentally function.\r\n- describe common security issues related to LLMs and systems relying on LLMs.\r\n- describe what LLM red teaming is.\r\n- perform some basic attacks against LLMs to test them for common issues.\r\n\r\n### Format\r\n\r\nThe session will be split into a 30-minute introductory talk as well as 15 minutes of discussion. Participants will be provided with the slides as well as some resources for further study.\r\n\r\n### Material\r\n* [Slides as PDF](https://docs.kleiber.me/2023-12-29-Kleiber-A-Primer-On-LLM-Security.pdf)\r\n* [Selected Resources as Google Doc](https://docs.google.com/document/d/1ETJbHCg0tRQE6vUxaqYBuIz2mk6ii5CU12RpZ1q9aEg/edit?usp=sharing)\r\n\r\n\r\nPs. I would highly recommend attending Johan Rehberger’s Talk \"[NEW IMPORTANT INSTRUCTIONS]( https://events.ccc.de/congress/2023/hub/de/event/new_important_instructions/)\" in Saal 1 after this session.","end_timestamp":{"seconds":1703843100,"nanoseconds":0},"updated_timestamp":{"seconds":1703808300,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T09:45:00.000-0000","id":53946,"begin_timestamp":{"seconds":1703840400,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"updated":"2023-12-29T00:05:00.000-0000","begin":"2023-12-29T09:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We'll do some Yoga to calm our minds and move them bodies. Bring along comfortable clothes – and a towel to lie on 😁\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Hitchhiker's Towel-Yoga","android_description":"We'll do some Yoga to calm our minds and move them bodies. Bring along comfortable clothes – and a towel to lie on 😁","end_timestamp":{"seconds":1703843100,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T09:45:00.000-0000","id":53499,"village_id":null,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703839500,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"begin":"2023-12-29T08:45:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This session will be in German.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Azubitag Intro","android_description":"This session will be in German.","end_timestamp":{"seconds":1703844000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T10:00:00.000-0000","id":53556,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703838600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"begin":"2023-12-29T08:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Jil, Janis and Ben are three friends. They are going to unite on the decks with their love for music with selected yet rare sounds oscillating between known and unknown places. Lets ccchill ³\n\n\nhttps://soundcloud.com/djinternetoffline/internet-offline-b2b-junus-at-zmar\r\nhttps://soundcloud.com/bedaaa_a/beda-ben-call-kutter","title":"Jill, Janis & Ben","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703833200,"nanoseconds":0},"android_description":"Jil, Janis and Ben are three friends. They are going to unite on the decks with their love for music with selected yet rare sounds oscillating between known and unknown places. Lets ccchill ³\n\n\nhttps://soundcloud.com/djinternetoffline/internet-offline-b2b-junus-at-zmar\r\nhttps://soundcloud.com/bedaaa_a/beda-ben-call-kutter","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T07:00:00.000-0000","id":53929,"begin_timestamp":{"seconds":1703822400,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T04:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Von Natur aus dem freien Musizieren zugewandt, wird die Symbiose von Experiment und Linie gesucht - mit Phasen der geraden Linie, sowie des Schwebens in Klangwolken. Mit digitalen Synths und Effekten werden Klangräume erzeugt und mit Loops gehalten. Gleich dem Blick in den Nachthimmel, kann hinter dem Chaotischen eine Ordnung erkennbar, und Geordnetes durch Spontanes gebrochen werden.\n\n\nhttps://soundcloud.com/user-589558225","title":"Waldemar Frost (live)","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703822400,"nanoseconds":0},"android_description":"Von Natur aus dem freien Musizieren zugewandt, wird die Symbiose von Experiment und Linie gesucht - mit Phasen der geraden Linie, sowie des Schwebens in Klangwolken. Mit digitalen Synths und Effekten werden Klangräume erzeugt und mit Loops gehalten. Gleich dem Blick in den Nachthimmel, kann hinter dem Chaotischen eine Ordnung erkennbar, und Geordnetes durch Spontanes gebrochen werden.\n\n\nhttps://soundcloud.com/user-589558225","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T04:00:00.000-0000","id":53928,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703818800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"begin":"2023-12-29T03:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/steffenbennemann\n\n\nhttps://soundcloud.com/steffenbennemann","title":"steffen bennemann","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703826000,"nanoseconds":0},"android_description":"https://soundcloud.com/steffenbennemann\n\n\nhttps://soundcloud.com/steffenbennemann","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T05:00:00.000-0000","id":53848,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703818800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"begin":"2023-12-29T03:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"cwiejung is a soundartist based in Worpswede, who uses drawings as random generators for tonal ghost grids and scales. The generated sounds range from a-/rhytmical minimal key patterns over resonating fields to noise.\n\n\nhttps://m.soundcloud.com/cwiejung","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"cwiejung (live)","end_timestamp":{"seconds":1703817000,"nanoseconds":0},"android_description":"cwiejung is a soundartist based in Worpswede, who uses drawings as random generators for tonal ghost grids and scales. The generated sounds range from a-/rhytmical minimal key patterns over resonating fields to noise.\n\n\nhttps://m.soundcloud.com/cwiejung","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T02:30:00.000-0000","id":53927,"village_id":null,"begin_timestamp":{"seconds":1703813400,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T01:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Acidfinky (she/they) is a\r\nGerman/Algerian DJ and\r\nproducer based in Berlin.\r\nShe is a Golden Pudel\r\n(Hamburg) and THF Radio\r\nresident, member of the\r\nfeminist collective BLVSH\r\nand founder of Twisting\r\nKnobs Records.\r\nShe usually plays “crispy\r\nsounds”, an umbrella term\r\nshe uses to define heavy\r\nbasslines combined with\r\nsharp drums and ear candy.\r\n\r\nhttps://linktr.ee/acidfinky\n\n\nGolden Pudel\r\nTwisting Knobs\r\nBLVSH\r\nTHF","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Acidfinky","android_description":"Acidfinky (she/they) is a\r\nGerman/Algerian DJ and\r\nproducer based in Berlin.\r\nShe is a Golden Pudel\r\n(Hamburg) and THF Radio\r\nresident, member of the\r\nfeminist collective BLVSH\r\nand founder of Twisting\r\nKnobs Records.\r\nShe usually plays “crispy\r\nsounds”, an umbrella term\r\nshe uses to define heavy\r\nbasslines combined with\r\nsharp drums and ear candy.\r\n\r\nhttps://linktr.ee/acidfinky\n\n\nGolden Pudel\r\nTwisting Knobs\r\nBLVSH\r\nTHF","end_timestamp":{"seconds":1703818800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T03:00:00.000-0000","id":53883,"tag_ids":[46137,46141],"village_id":null,"begin_timestamp":{"seconds":1703811600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","begin":"2023-12-29T01:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Basketball Operations Center presents an opportunity to not stream the game together\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"🏀 Timberwolves:Mavericks","end_timestamp":{"seconds":1703818800,"nanoseconds":0},"android_description":"Basketball Operations Center presents an opportunity to not stream the game together","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T03:00:00.000-0000","id":53641,"begin_timestamp":{"seconds":1703811600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T01:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"(Live-Stream aus Saal 1)\r\n\r\nIn einer sich zunehmend bizarr anfühlenden Welt bringt der Fnord-Rückblick Struktur, verteilt renommierte Awards und sucht nach den leichteren Momenten in der allgemeinen Flut aus schlechten Nachrichten.\r\n\r\nWir feiern dieses Jahr unser 20. Jubiläum, daher werden wir etwas weiter zurückblicken.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Streaming: Fnord-Jahresrückblick-Rückblick","end_timestamp":{"seconds":1703812800,"nanoseconds":0},"android_description":"(Live-Stream aus Saal 1)\r\n\r\nIn einer sich zunehmend bizarr anfühlenden Welt bringt der Fnord-Rückblick Struktur, verteilt renommierte Awards und sucht nach den leichteren Momenten in der allgemeinen Flut aus schlechten Nachrichten.\r\n\r\nWir feiern dieses Jahr unser 20. Jubiläum, daher werden wir etwas weiter zurückblicken.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T01:20:00.000-0000","id":53863,"begin_timestamp":{"seconds":1703807400,"nanoseconds":0},"tag_ids":[46120,46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"begin":"2023-12-28T23:50:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In einer sich zunehmend bizarr anfühlenden Welt bringt der Fnord-Rückblick Struktur, verteilt renommierte Awards und sucht nach den leichteren Momenten in der allgemeinen Flut aus schlechten Nachrichten.\r\n\r\nWir feiern dieses Jahr unser 20. Jubiläum, daher werden wir etwas weiter zurückblicken.","title":"Fnord-Jahresrückblick-Rückblick","type":{"conference_id":131,"conference":"37C3","color":"#d3d44d","updated_at":"2023-12-30T22:18+0000","name":"performance","id":46138},"end_timestamp":{"seconds":1703812800,"nanoseconds":0},"android_description":"In einer sich zunehmend bizarr anfühlenden Welt bringt der Fnord-Rückblick Struktur, verteilt renommierte Awards und sucht nach den leichteren Momenten in der allgemeinen Flut aus schlechten Nachrichten.\r\n\r\nWir feiern dieses Jahr unser 20. Jubiläum, daher werden wir etwas weiter zurückblicken.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53799,53653],"name":"frank","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52264},{"conference_id":131,"event_ids":[53941,53653],"name":"Fefe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52390}],"timeband_id":1142,"links":[],"end":"2023-12-29T01:20:00.000-0000","id":53653,"village_id":null,"begin_timestamp":{"seconds":1703807400,"nanoseconds":0},"tag_ids":[46120,46138,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52390},{"tag_id":46107,"sort_order":1,"person_id":52264}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T23:50:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Was ist zu tun gegen störendes Brummen? Wie versteht man Sensitivity und Gainstruktur? Was bedeutet eigentlich 'Phase'? Und wie positioniert man Subwoofer optimal? In diesem Vortrag möchte ich solche und weitere häufig auftretende Probleme bei der Verwendung von Tontechnik und Lautsprechern beleuchten. Ziel ist es, praxisnahe Lösungen und Tipps zu präsentieren, um das Beste aus deinem nächsten Projekt herauszuholen und gängige Herausforderungen erfolgreich zu meistern.\n\n\nMehr als nur Lärm: Ein Sprint vom kleinen Audio-Einmaleins bis zum Phasealignment mit FFT-Analyzer\r\n\r\nVon “Disco Dieter” bis zur ausgewachsenen Stadioninstallation - gegen physikalische Grundprinzipien kann man wenig tun. Manchmal kann man Sie für sich nutzen, meistens geht man Kompromisse ein. Oft lässt sich mit einfachen Mitteln Sound verbessern.","title":"Sonic Alchemy","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"Was ist zu tun gegen störendes Brummen? Wie versteht man Sensitivity und Gainstruktur? Was bedeutet eigentlich 'Phase'? Und wie positioniert man Subwoofer optimal? In diesem Vortrag möchte ich solche und weitere häufig auftretende Probleme bei der Verwendung von Tontechnik und Lautsprechern beleuchten. Ziel ist es, praxisnahe Lösungen und Tipps zu präsentieren, um das Beste aus deinem nächsten Projekt herauszuholen und gängige Herausforderungen erfolgreich zu meistern.\n\n\nMehr als nur Lärm: Ein Sprint vom kleinen Audio-Einmaleins bis zum Phasealignment mit FFT-Analyzer\r\n\r\nVon “Disco Dieter” bis zur ausgewachsenen Stadioninstallation - gegen physikalische Grundprinzipien kann man wenig tun. Manchmal kann man Sie für sich nutzen, meistens geht man Kompromisse ein. Oft lässt sich mit einfachen Mitteln Sound verbessern.","end_timestamp":{"seconds":1703807400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-28T23:50:00.000-0000","id":53665,"village_id":null,"begin_timestamp":{"seconds":1703805000,"nanoseconds":0},"tag_ids":[46122,46136,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"begin":"2023-12-28T23:10:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Berlin based interdisciplinarily\r\nartist and selector Loa Mauna cruises between abstract electronics and melodic sound patterns, graveyard and morning glory, following her passion for softness.\r\n\r\nphotocredits: Suzanne Caroline de Carrasco\n\n\nhttps://soundcloud.com/bl-mchen2000","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Loa Mauna (Dj)","android_description":"Berlin based interdisciplinarily\r\nartist and selector Loa Mauna cruises between abstract electronics and melodic sound patterns, graveyard and morning glory, following her passion for softness.\r\n\r\nphotocredits: Suzanne Caroline de Carrasco\n\n\nhttps://soundcloud.com/bl-mchen2000","end_timestamp":{"seconds":1703813400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T01:30:00.000-0000","id":53926,"village_id":null,"begin_timestamp":{"seconds":1703804400,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"begin":"2023-12-28T23:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The resident duo of Hamburg’s PAL club shared both their first rave and first gig. Expect hallucinogenic night drive trance and driving 90s techno fused with percussive gems from the old and new school as well as progressive dreams and acid-infused euphoria to get you in the zone.\r\n\r\nEach time they get together to meld their long-grown libraries of music and their imaginative ways of mixing makes for a contagious energy that catches you anywhere: cut off from the world with your in-ears on the train, cuffing with your fav person at home or pumping on the system at your sweet spot on the dance floor.\r\n\r\nhttps://soundcloud.com/epikurmusic\n\n\nThe resident duo of Hamburg’s PAL club","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Epikur","end_timestamp":{"seconds":1703811600,"nanoseconds":0},"android_description":"The resident duo of Hamburg’s PAL club shared both their first rave and first gig. Expect hallucinogenic night drive trance and driving 90s techno fused with percussive gems from the old and new school as well as progressive dreams and acid-infused euphoria to get you in the zone.\r\n\r\nEach time they get together to meld their long-grown libraries of music and their imaginative ways of mixing makes for a contagious energy that catches you anywhere: cut off from the world with your in-ears on the train, cuffing with your fav person at home or pumping on the system at your sweet spot on the dance floor.\r\n\r\nhttps://soundcloud.com/epikurmusic\n\n\nThe resident duo of Hamburg’s PAL club","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T01:00:00.000-0000","id":53921,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703804400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T23:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Liebe Hacker:innen von Neuland, was für ein Jahr liegt hinter uns! Ein Jahr, das einige Veränderungen mit sich gebracht hat. Und das gezeigt hat: Wir dürfen nicht müde werden, für eine lebenswerte digitale und analoge Welt zu kämpfen. Tun wir miteinander alles – aber auch wirklich alles – dafür, dass wir diejenigen, die unser schönes Neuland zu einem Ort der Autoritäten und Konzerne machen wollen, im neuen Jahr endlich besiegen können.\n\n\n(Live-Stream aus Saal 1)\r\nEin halb satirischer, halb ernster Rück- und Ausblick auf die Baustellen der digitalen Welt.","title":"Streaming: Die netzpolitische Neujahrsansprache","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"Liebe Hacker:innen von Neuland, was für ein Jahr liegt hinter uns! Ein Jahr, das einige Veränderungen mit sich gebracht hat. Und das gezeigt hat: Wir dürfen nicht müde werden, für eine lebenswerte digitale und analoge Welt zu kämpfen. Tun wir miteinander alles – aber auch wirklich alles – dafür, dass wir diejenigen, die unser schönes Neuland zu einem Ort der Autoritäten und Konzerne machen wollen, im neuen Jahr endlich besiegen können.\n\n\n(Live-Stream aus Saal 1)\r\nEin halb satirischer, halb ernster Rück- und Ausblick auf die Baustellen der digitalen Welt.","end_timestamp":{"seconds":1703807400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-28T23:50:00.000-0000","id":53911,"village_id":null,"begin_timestamp":{"seconds":1703804400,"nanoseconds":0},"tag_ids":[46120,46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T23:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Bring your favorite synthesizer (whether hardware or software)!\r\n\r\nLet's talk about these wonderful devices and also maybe hold a jam session.\r\n\r\nFor the jam session, it would be best if you bring headphones and a small mixing console with two output channels, so that we are as flexible as possible in interaction and do not disturb anyone. I will try to get a room. Maybe we can also use the PA in a lecture hall after the end of the talks. But I still have to arrange that.\r\n\r\nIf you want to Jam, it would be good if you wired your setup so far in advance and maybe appear a little earlier so that we don't lose too much time.\n\n\n","title":"Synthesizer meet up","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"Bring your favorite synthesizer (whether hardware or software)!\r\n\r\nLet's talk about these wonderful devices and also maybe hold a jam session.\r\n\r\nFor the jam session, it would be best if you bring headphones and a small mixing console with two output channels, so that we are as flexible as possible in interaction and do not disturb anyone. I will try to get a room. Maybe we can also use the PA in a lecture hall after the end of the talks. But I still have to arrange that.\r\n\r\nIf you want to Jam, it would be good if you wired your setup so far in advance and maybe appear a little earlier so that we don't lose too much time.","end_timestamp":{"seconds":1703811600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T01:00:00.000-0000","id":53685,"village_id":null,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703804400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"N","begin":"2023-12-28T23:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Liebe Hacker:innen von Neuland, was für ein Jahr liegt hinter uns! Ein Jahr, das einige Veränderungen mit sich gebracht hat. Und das gezeigt hat: Wir dürfen nicht müde werden, für eine lebenswerte digitale und analoge Welt zu kämpfen. Tun wir miteinander alles – aber auch wirklich alles – dafür, dass wir diejenigen, die unser schönes Neuland zu einem Ort der Autoritäten und Konzerne machen wollen, im neuen Jahr endlich besiegen können.\n\n\nEin halb satirischer, halb ernster Rück- und Ausblick auf die Baustellen der digitalen Welt.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"Die netzpolitische Neujahrsansprache","end_timestamp":{"seconds":1703807400,"nanoseconds":0},"android_description":"Liebe Hacker:innen von Neuland, was für ein Jahr liegt hinter uns! Ein Jahr, das einige Veränderungen mit sich gebracht hat. Und das gezeigt hat: Wir dürfen nicht müde werden, für eine lebenswerte digitale und analoge Welt zu kämpfen. Tun wir miteinander alles – aber auch wirklich alles – dafür, dass wir diejenigen, die unser schönes Neuland zu einem Ort der Autoritäten und Konzerne machen wollen, im neuen Jahr endlich besiegen können.\n\n\nEin halb satirischer, halb ernster Rück- und Ausblick auf die Baustellen der digitalen Welt.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53652],"name":"Markus Reuter","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52262},{"conference_id":131,"event_ids":[53738,53652],"name":"khaleesi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52277},{"conference_id":131,"event_ids":[53737,53743,53652],"name":"Anna Biselli","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52420}],"timeband_id":1142,"links":[],"end":"2023-12-28T23:50:00.000-0000","id":53652,"village_id":null,"tag_ids":[46120,46136,46139],"begin_timestamp":{"seconds":1703804400,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52420},{"tag_id":46107,"sort_order":1,"person_id":52262},{"tag_id":46107,"sort_order":1,"person_id":52277}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","begin":"2023-12-28T23:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir werden zusammen schreiben und über unsere Texte sprechen in folgendem Format:\r\n\r\n1. Wir ziehen einen Zufallsbegriff aus dem Glas (virtuell)\r\n2. Über/zu diesem Begriff schreibt dann jede/r einen kurzen Text, 10 Minuten, egal welches Genre oder Format\r\n3. Dann kann jede/r der mag den Text vorlesen und wir reden darüber / geben Feedback. (Der Teil nimmt normal am meisten Platz ein und führt auch oft zu guten Gesprächen/Abschweifungen über Literatur und andere ähnliche Texte)\r\n\r\nDie 10 Minuten zeitlimit sind auch dafür gedacht den inneren Kritiker auszuschalten, wenn man eh nur 10 Minuten hat kann und muss es nicht perfekt sein :)\r\n\r\n🧮\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Schreibtreff - Zusammen Kurzgeschichten schreiben","end_timestamp":{"seconds":1703809800,"nanoseconds":0},"android_description":"Wir werden zusammen schreiben und über unsere Texte sprechen in folgendem Format:\r\n\r\n1. Wir ziehen einen Zufallsbegriff aus dem Glas (virtuell)\r\n2. Über/zu diesem Begriff schreibt dann jede/r einen kurzen Text, 10 Minuten, egal welches Genre oder Format\r\n3. Dann kann jede/r der mag den Text vorlesen und wir reden darüber / geben Feedback. (Der Teil nimmt normal am meisten Platz ein und führt auch oft zu guten Gesprächen/Abschweifungen über Literatur und andere ähnliche Texte)\r\n\r\nDie 10 Minuten zeitlimit sind auch dafür gedacht den inneren Kritiker auszuschalten, wenn man eh nur 10 Minuten hat kann und muss es nicht perfekt sein :)\r\n\r\n🧮","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T00:30:00.000-0000","id":53530,"begin_timestamp":{"seconds":1703804400,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T23:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"\"Gala Be Need Inn\" ist der deutschsprachige Quizpodcast dessen Name ein Anagramm des Originals ist. Wir klären die wirklich wichtigen Fragen des Lebens: Was ist ein Alarmstuhl, was ist der Schwiegermutter Sitz und wieso haben Schaffner in Frankreich Knallerbsen dabei?","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#e78bea","name":"Live podcast stage (90 minutes)","id":46127},"title":"Gala Be Need Inn - Locke Dun Ausgabe","end_timestamp":{"seconds":1703808000,"nanoseconds":0},"android_description":"\"Gala Be Need Inn\" ist der deutschsprachige Quizpodcast dessen Name ein Anagramm des Originals ist. Wir klären die wirklich wichtigen Fragen des Lebens: Was ist ein Alarmstuhl, was ist der Schwiegermutter Sitz und wieso haben Schaffner in Frankreich Knallerbsen dabei?","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53696,53507,53458],"name":"MacSnider","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52346}],"timeband_id":1141,"links":[],"end":"2023-12-29T00:00:00.000-0000","id":53696,"village_id":null,"tag_ids":[46127,46139],"begin_timestamp":{"seconds":1703802600,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52346}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"begin":"2023-12-28T22:30:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Introduction to hypercomputation, fictitious machines which can compute for longer than infinity, in combination with exploring certain alternative mathematical universes built from such machines. **Not a well-prepared talk, more a conversation.** We meet at the elevators a couple meters left of Stage Y.\r\n\r\n[Here is a list of other sessions from our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Wondrous mathematics: Exploring hypercomputation with the effective topos","end_timestamp":{"seconds":1703804400,"nanoseconds":0},"android_description":"Introduction to hypercomputation, fictitious machines which can compute for longer than infinity, in combination with exploring certain alternative mathematical universes built from such machines. **Not a well-prepared talk, more a conversation.** We meet at the elevators a couple meters left of Stage Y.\r\n\r\n[Here is a list of other sessions from our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T23:00:00.000-0000","id":53851,"village_id":null,"begin_timestamp":{"seconds":1703801400,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Quasiroom","hotel":"","short_name":"Quasiroom","id":46142},"begin":"2023-12-28T22:10:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Days of Delay weaves filigree webs in the acoustic wormhole of everyday life with extraordinary ambient music and exciting live performances.\r\n\r\nA magical search for traces of touching sounds lets people come to rest and connects through a unique kind of acoustic deceleration: In clubs and at festivals, but also in interplay with special places such as airports, churches, galleries, gardens or museums.\r\n\r\nThe cinematic sound paintings created by Hamburg-based musician Cyrus Ashrafi merge time and space into musicality and experimentation, whose expression reaches far beyond the often reticent ambient genre.\n\n\nhttps://www.daysofdelay.com/ambientmusic.html","title":"Days of Delay","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703804400,"nanoseconds":0},"android_description":"Days of Delay weaves filigree webs in the acoustic wormhole of everyday life with extraordinary ambient music and exciting live performances.\r\n\r\nA magical search for traces of touching sounds lets people come to rest and connects through a unique kind of acoustic deceleration: In clubs and at festivals, but also in interplay with special places such as airports, churches, galleries, gardens or museums.\r\n\r\nThe cinematic sound paintings created by Hamburg-based musician Cyrus Ashrafi merge time and space into musicality and experimentation, whose expression reaches far beyond the often reticent ambient genre.\n\n\nhttps://www.daysofdelay.com/ambientmusic.html","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T23:00:00.000-0000","id":53884,"begin_timestamp":{"seconds":1703800800,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"Y","begin":"2023-12-28T22:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Mindsight is an experimental electronic music project by Josh Neumann from Munich. Josh's music ranges from atmospheric textures and joyful soundscapes to energetic deconstructed beats - effortlessly combining different inspirations that are not bound to any genre. Beyond music, Josh is active in various collectives and alliances such as Freiräumen or Common Ground.\r\n\r\nFotocredit: Yunus Hutterer\r\n\r\nLinks: \r\nhttps://soundcloud.com/iammindsight\r\nhttps://mindsight.bandcamp.com/\r\nhttps://chaos.social/@mindsight\r\nhttps://www.instagram.com/iammindsight\n\n\nMindsight ist ein experimentelles elektronisches Musikprojekt von Josh Neumann aus München.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Mindsight - live","end_timestamp":{"seconds":1703804400,"nanoseconds":0},"android_description":"Mindsight is an experimental electronic music project by Josh Neumann from Munich. Josh's music ranges from atmospheric textures and joyful soundscapes to energetic deconstructed beats - effortlessly combining different inspirations that are not bound to any genre. Beyond music, Josh is active in various collectives and alliances such as Freiräumen or Common Ground.\r\n\r\nFotocredit: Yunus Hutterer\r\n\r\nLinks: \r\nhttps://soundcloud.com/iammindsight\r\nhttps://mindsight.bandcamp.com/\r\nhttps://chaos.social/@mindsight\r\nhttps://www.instagram.com/iammindsight\n\n\nMindsight ist ein experimentelles elektronisches Musikprojekt von Josh Neumann aus München.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T23:00:00.000-0000","id":53866,"village_id":null,"begin_timestamp":{"seconds":1703800800,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T22:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"🙈 🙉 🙊 You Know Stuff ☐ ☒ ☑ Answer nerdy questions on your notebook / smartphone and win a (small) price 😸 😹 😻\r\n\r\nhttps://kahoot.it/\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"🙈 🙉 🙊 Nerd Game Show 😸 😹 😻","android_description":"🙈 🙉 🙊 You Know Stuff ☐ ☒ ☑ Answer nerdy questions on your notebook / smartphone and win a (small) price 😸 😹 😻\r\n\r\nhttps://kahoot.it/","end_timestamp":{"seconds":1703803500,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T22:45:00.000-0000","id":53846,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703800800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T22:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://events.ccc.de/congress/2023/hub/en/event/tea-time-enjoy-a-cup-of-tea-and-chat-with-the-foss/\n\n\n","title":"Tea Time: Enjoy a cup of tea and chat with the FOSSASIA community","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"https://events.ccc.de/congress/2023/hub/en/event/tea-time-enjoy-a-cup-of-tea-and-chat-with-the-foss/","end_timestamp":{"seconds":1703804400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T23:00:00.000-0000","id":53718,"begin_timestamp":{"seconds":1703800800,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"spans_timebands":"Y","begin":"2023-12-28T22:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"What if we found aliens or even made contact with them? What would be logical to happen? This talk will go over some sinister thought experiments including Liu Cixin's Dark Forest from his novel „The Dark Forest“.\r\n\r\nFor everybody. No prior knowledge required. (Conceptual spoilers for „The Dark Forest“.)\r\n\r\nWe meet at the Assembly of the OpenLab Augsburg.\r\n\r\n🧮🦆\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"A tale of sinister thought experiments about extraterrestrial life (feat. Liu Cixin's Dark Forest)","android_description":"What if we found aliens or even made contact with them? What would be logical to happen? This talk will go over some sinister thought experiments including Liu Cixin's Dark Forest from his novel „The Dark Forest“.\r\n\r\nFor everybody. No prior knowledge required. (Conceptual spoilers for „The Dark Forest“.)\r\n\r\nWe meet at the Assembly of the OpenLab Augsburg.\r\n\r\n🧮🦆","end_timestamp":{"seconds":1703804400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T23:00:00.000-0000","id":53703,"village_id":null,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703800800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Corridor outside Hall 3 near Openlab Augsburg","hotel":"","short_name":"Corridor outside Hall 3 near Openlab Augsburg","id":46170},"spans_timebands":"Y","begin":"2023-12-28T22:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"For over 18 months, a professional film team accompanied the Ravensburg climate justice movement around the climate camp in the Altdorf Forest, which is threatened with deforestation. “The film tells the story of the climate activists in an informative, empathetic and insightful way. [...] An atmosphere of participation, sympathy, thoughtfulness [...] fills the room,” acknowledges the region's newspaper.\r\n\r\nA homage to the largest forest in Upper Swabia and the people who want to preserve it. A film about activist climbing, self-empowerment and maximum impact.\r\n\r\nFollowed by a film discussion with some of the protagonists. The film will be in German with English subtitles.\r\n\r\n[Trailer on YewTube](https://yewtu.be/watch?v=IfV8wKeFixo) • [Review on YewTube](https://yewtu.be/watch?v=hW3vxY1skcY)\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮\n\n\n","title":"Movie/Filmvorführung: Von Menschen, die auf Bäume steigen / People who climb on trees","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703808000,"nanoseconds":0},"android_description":"For over 18 months, a professional film team accompanied the Ravensburg climate justice movement around the climate camp in the Altdorf Forest, which is threatened with deforestation. “The film tells the story of the climate activists in an informative, empathetic and insightful way. [...] An atmosphere of participation, sympathy, thoughtfulness [...] fills the room,” acknowledges the region's newspaper.\r\n\r\nA homage to the largest forest in Upper Swabia and the people who want to preserve it. A film about activist climbing, self-empowerment and maximum impact.\r\n\r\nFollowed by a film discussion with some of the protagonists. The film will be in German with English subtitles.\r\n\r\n[Trailer on YewTube](https://yewtu.be/watch?v=IfV8wKeFixo) • [Review on YewTube](https://yewtu.be/watch?v=hW3vxY1skcY)\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-29T00:00:00.000-0000","id":53677,"begin_timestamp":{"seconds":1703800800,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"Y","begin":"2023-12-28T22:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"On the depressing side, the global censorship trend continues to gain momentum, with some European countries alarmingly eager to get in on it. But resignation is boring: here we are, a tiny community of activists and relay/bridge operators around the world continuing to provide safe and private internet reachability for hundreds of thousands of people who are trying to be human beings under authoritarian regimes.\r\n\r\nWe will walk through \\*how\\* each of these countries deployed their Tor blocks, and what changes we made to let citizens continue to reach the Tor network. Looking at each case study through a Tor lens will let us compare/contrast the censorship attempts from each country, discuss future ideas for how to make sure the bytes can keep flowing, and talk through the political impacts.\n\n\nIn December 2021, months before the world watched Russia invade Ukraine, Russia rolled out comprehensive censorship of the Tor network and related Tor protocols. Then in October 2022, the latest wave of protests in Iran saw a huge spike in Tor usage followed by a swift crackdown of the most successful techniques. Meanwhile in 2023, Turkmenistan has blocked popular CDNs like Cloudflare and Akamai, most hosting providers like Hetzner and OVH, and much more.","title":"Tor censorship attempts in Russia, Iran, Turkmenistan","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703804400,"nanoseconds":0},"android_description":"On the depressing side, the global censorship trend continues to gain momentum, with some European countries alarmingly eager to get in on it. But resignation is boring: here we are, a tiny community of activists and relay/bridge operators around the world continuing to provide safe and private internet reachability for hundreds of thousands of people who are trying to be human beings under authoritarian regimes.\r\n\r\nWe will walk through \\*how\\* each of these countries deployed their Tor blocks, and what changes we made to let citizens continue to reach the Tor network. Looking at each case study through a Tor lens will let us compare/contrast the censorship attempts from each country, discuss future ideas for how to make sure the bytes can keep flowing, and talk through the political impacts.\n\n\nIn December 2021, months before the world watched Russia invade Ukraine, Russia rolled out comprehensive censorship of the Tor network and related Tor protocols. Then in October 2022, the latest wave of protests in Iran saw a huge spike in Tor usage followed by a swift crackdown of the most successful techniques. Meanwhile in 2023, Turkmenistan has blocked popular CDNs like Cloudflare and Akamai, most hosting providers like Hetzner and OVH, and much more.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53664],"name":"Roger Dingledine","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52489}],"timeband_id":1141,"end":"2023-12-28T23:00:00.000-0000","links":[{"label":"More details on the 2021-2023 Russia censorship","type":"link","url":"https://www.youtube.com/watch?v=YlZZQYLIXe8"},{"label":"The Snowflake pluggable transport for Tor","type":"link","url":"https://snowflake.torproject.org/"},{"label":"Call for residential obfs4 bridges for Turkmenistan","type":"link","url":"https://lists.torproject.org/pipermail/tor-relays/2023-July/021237.html"}],"id":53664,"begin_timestamp":{"seconds":1703800800,"nanoseconds":0},"tag_ids":[46121,46136,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52489}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"Y","begin":"2023-12-28T22:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Steph Maj Swanson, a.k.a. Supercomposite, is a multimedia artist and writer best known for her story about the AI-generated woman Loab, which The Atlantic dubbed “a form of expression that has never existed before.\" Loab is an emergent character that arises in certain AI image synthesis models, accessible via negatively weighted prompts, often appearing alongside macabre imagery such as dismembered women and children.\r\n\r\nSwanson views her relationship to AI as adversarial, both in her creative process and as a commentator. This non-technical, but conceptual talk offers up art alongside possible strategies. It will be of interest for hackers intrigued by the creative potential of these tools, but who may have ethical concerns or doubts about the way these tools are assembled, built, and deployed.\r\n\r\nGalleries West described Swanson’s body of AI-generated visual work as “the merging of repulsive with beautiful,” and The Washington Post called her satirical AI writing “disturbing”. At DefCon this year she debuted her short film SUICIDE III, which uses deepfakes of Joe Biden and Sam Altman to explore where an out-of-control AI hype cycle might take us. \n\n\nIn this talk, artist/writer Steph Maj Swanson will use the story of how her AI-generated character \"Loab\" arose (and went viral) as a jumping off point to present creative work and strategies that emerged from attempts to crack AI black boxes open. Aligned with the hacker ethos of exploration, experimentation and creative misuse, this talk presents adversarial artmaking practices for AI systems. It will also explore what it means to engage in cultural production today, as new forms of automation and centralization loom over the arts and entertainment industries. In the words of Nam June Paik: \"I use technology in order to hate it more properly.\"","title":"What I Learned from Loab: AI as a creative adversary","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703803200,"nanoseconds":0},"android_description":"Steph Maj Swanson, a.k.a. Supercomposite, is a multimedia artist and writer best known for her story about the AI-generated woman Loab, which The Atlantic dubbed “a form of expression that has never existed before.\" Loab is an emergent character that arises in certain AI image synthesis models, accessible via negatively weighted prompts, often appearing alongside macabre imagery such as dismembered women and children.\r\n\r\nSwanson views her relationship to AI as adversarial, both in her creative process and as a commentator. This non-technical, but conceptual talk offers up art alongside possible strategies. It will be of interest for hackers intrigued by the creative potential of these tools, but who may have ethical concerns or doubts about the way these tools are assembled, built, and deployed.\r\n\r\nGalleries West described Swanson’s body of AI-generated visual work as “the merging of repulsive with beautiful,” and The Washington Post called her satirical AI writing “disturbing”. At DefCon this year she debuted her short film SUICIDE III, which uses deepfakes of Joe Biden and Sam Altman to explore where an out-of-control AI hype cycle might take us. \n\n\nIn this talk, artist/writer Steph Maj Swanson will use the story of how her AI-generated character \"Loab\" arose (and went viral) as a jumping off point to present creative work and strategies that emerged from attempts to crack AI black boxes open. Aligned with the hacker ethos of exploration, experimentation and creative misuse, this talk presents adversarial artmaking practices for AI systems. It will also explore what it means to engage in cultural production today, as new forms of automation and centralization loom over the arts and entertainment industries. In the words of Nam June Paik: \"I use technology in order to hate it more properly.\"","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53651],"name":"Steph Maj Swanson","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52272}],"timeband_id":1141,"links":[{"label":"Suicide III (short film)","type":"link","url":"https://www.youtube.com/watch?v=LCZCPtyQMEc"}],"end":"2023-12-28T22:40:00.000-0000","id":53651,"village_id":null,"tag_ids":[46118,46136,46140],"begin_timestamp":{"seconds":1703800800,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52272}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","begin":"2023-12-28T22:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Die LinuxLounge von TheRadio.cc Live vom Congress mit Einblicken und spannenden Infos und der Stimmung vor Ort.","type":{"conference_id":131,"conference":"37C3","color":"#53b574","updated_at":"2023-12-30T22:18+0000","name":"Podcasting table (90 minutes)","id":46129},"title":"LinuxLounge - #37C3 Special","android_description":"Die LinuxLounge von TheRadio.cc Live vom Congress mit Einblicken und spannenden Infos und der Stimmung vor Ort.","end_timestamp":{"seconds":1703806200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53536],"name":"Michael","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52311},{"conference_id":131,"event_ids":[53536],"name":"Dennis","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52411}],"timeband_id":1141,"links":[],"end":"2023-12-28T23:30:00.000-0000","id":53536,"village_id":null,"tag_ids":[46129,46139],"begin_timestamp":{"seconds":1703800800,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52411},{"tag_id":46107,"sort_order":1,"person_id":52311}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"spans_timebands":"Y","begin":"2023-12-28T22:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Bluetooth is a pervasive technology for wireless communication.\r\nBillions of devices use it in sensitive applications and to exchange\r\nprivate data. The security of Bluetooth depends on the Bluetooth\r\nstandard and its two security mechanisms: pairing and session establishment. No prior work, including the standard itself, analyzed the future and forward secrecy guarantees of these mechanisms, e.g., if Bluetooth pairing and session establishment defend past\r\nand future sessions when the adversary compromises the current.\r\nTo address this gap, we present six novel attacks, defined as the\r\nBLUFFS attacks, breaking Bluetooth sessions’ forward and future\r\nsecrecy. Our attacks enable device impersonation and machine-in-the-middle across sessions by only compromising one session key. The attacks exploit two novel vulnerabilities that we uncover in the Bluetooth standard related to unilateral and repeatable session key derivation. As the attacks affect Bluetooth at the architectural level, they are effective regardless of the victim’s hardware and software details (e.g., chip, stack, version, and security mode).\r\n\r\nWe also release BLUFFS, a low-cost toolkit to perform and automatically check the effectiveness of our attacks. The toolkit employs seven original patches to manipulate and monitor Bluetooth session key derivation by dynamically patching a closed-source Bluetooth firmware that we reverse-engineered. We show that our attacks have a critical and large-scale impact on the Bluetooth ecosystem, by evaluating them on seventeen diverse Bluetooth chips (eighteen devices) from popular hardware and software vendors and supporting the most popular Bluetooth versions. Motivated by our empirical findings, we develop and successfully test an enhanced key derivation function for Bluetooth that stops by-design our six attacks and their four root causes. We show how to effectively integrate our fix into the Bluetooth standard and discuss alternative implementation-level mitigations. We responsibly disclosed our contributions to the Bluetooth SIG.\n\n\nCiao! We present the BLUFFS attacks (CVE-2023-24023), six novel attacks breaking Bluetooth's forward and future secrecy. Our attacks enable device impersonation and machine-in-the-middle across sessions by compromising and re-using one session key. We discuss the four vulnerabilities in the Bluetooth specification enabling the attacks, two of which are new and related to unilateral and repeatable session key derivation. We describe the toolkit we developed and open-sourced to test our attacks via firmware binary patching, our experiments where we exploited 18 heterogeneous Bluetooth devices, and the practical and backward-compliant session key derivation protocol we built to fix the attacks by design. We also cover related work like KNOB, BIAS, and BLUR, and educational Bluetooth security tips and tricks.","title":"BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703804400,"nanoseconds":0},"android_description":"Bluetooth is a pervasive technology for wireless communication.\r\nBillions of devices use it in sensitive applications and to exchange\r\nprivate data. The security of Bluetooth depends on the Bluetooth\r\nstandard and its two security mechanisms: pairing and session establishment. No prior work, including the standard itself, analyzed the future and forward secrecy guarantees of these mechanisms, e.g., if Bluetooth pairing and session establishment defend past\r\nand future sessions when the adversary compromises the current.\r\nTo address this gap, we present six novel attacks, defined as the\r\nBLUFFS attacks, breaking Bluetooth sessions’ forward and future\r\nsecrecy. Our attacks enable device impersonation and machine-in-the-middle across sessions by only compromising one session key. The attacks exploit two novel vulnerabilities that we uncover in the Bluetooth standard related to unilateral and repeatable session key derivation. As the attacks affect Bluetooth at the architectural level, they are effective regardless of the victim’s hardware and software details (e.g., chip, stack, version, and security mode).\r\n\r\nWe also release BLUFFS, a low-cost toolkit to perform and automatically check the effectiveness of our attacks. The toolkit employs seven original patches to manipulate and monitor Bluetooth session key derivation by dynamically patching a closed-source Bluetooth firmware that we reverse-engineered. We show that our attacks have a critical and large-scale impact on the Bluetooth ecosystem, by evaluating them on seventeen diverse Bluetooth chips (eighteen devices) from popular hardware and software vendors and supporting the most popular Bluetooth versions. Motivated by our empirical findings, we develop and successfully test an enhanced key derivation function for Bluetooth that stops by-design our six attacks and their four root causes. We show how to effectively integrate our fix into the Bluetooth standard and discuss alternative implementation-level mitigations. We responsibly disclosed our contributions to the Bluetooth SIG.\n\n\nCiao! We present the BLUFFS attacks (CVE-2023-24023), six novel attacks breaking Bluetooth's forward and future secrecy. Our attacks enable device impersonation and machine-in-the-middle across sessions by compromising and re-using one session key. We discuss the four vulnerabilities in the Bluetooth specification enabling the attacks, two of which are new and related to unilateral and repeatable session key derivation. We describe the toolkit we developed and open-sourced to test our attacks via firmware binary patching, our experiments where we exploited 18 heterogeneous Bluetooth devices, and the practical and backward-compliant session key derivation protocol we built to fix the attacks by design. We also cover related work like KNOB, BIAS, and BLUR, and educational Bluetooth security tips and tricks.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53450],"name":"Daniele Antonioli","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52473}],"timeband_id":1141,"end":"2023-12-28T23:00:00.000-0000","links":[{"label":"BLUFFS resources","type":"link","url":"https://francozappa.github.io/post/2023/bluffs-ccs23/"}],"id":53450,"begin_timestamp":{"seconds":1703800800,"nanoseconds":0},"tag_ids":[46124,46136,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52473}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"Y","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T22:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"VRA ist eine audiovisuelle Performance (Projektion + Sound), die mithilfe eines eigens entwickelten Software-Instruments (in Max/MSP), das auf Bild-zu-Ton-Umwandlung basiert, aufgeführt wird. Auf der Projektion sind monochrome Texturen zu sehen, die aus teilweise simplen Formen wie Streifen oder Kreisen, aber auch aus komplexeren Strukturen wie Rauschen bestehen. Diese Bilder werden in Echtzeit in Sound umgewandelt, indem die Helligkeitswerte einer ausgewählten Pixelreihe als Audiobuffer dienen und eine Waveform beschreiben. \n\n\nEine audiovisuelle Performance, basierend auf Bild-zu-Ton-Umwandlung. Dynamisch wechselnde Bilder dienen als Realtime-Audiobuffer. Licht wird Sound. \r\nBeinhaltet stroboskopische Bilder und Hörinhalte in breiten Spektren.","title":"VRA","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#49bae3","name":"concert","id":46135},"android_description":"VRA ist eine audiovisuelle Performance (Projektion + Sound), die mithilfe eines eigens entwickelten Software-Instruments (in Max/MSP), das auf Bild-zu-Ton-Umwandlung basiert, aufgeführt wird. Auf der Projektion sind monochrome Texturen zu sehen, die aus teilweise simplen Formen wie Streifen oder Kreisen, aber auch aus komplexeren Strukturen wie Rauschen bestehen. Diese Bilder werden in Echtzeit in Sound umgewandelt, indem die Helligkeitswerte einer ausgewählten Pixelreihe als Audiobuffer dienen und eine Waveform beschreiben. \n\n\nEine audiovisuelle Performance, basierend auf Bild-zu-Ton-Umwandlung. Dynamisch wechselnde Bilder dienen als Realtime-Audiobuffer. Licht wird Sound. \r\nBeinhaltet stroboskopische Bilder und Hörinhalte in breiten Spektren.","end_timestamp":{"seconds":1703799900,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53663],"name":"STURMHERTA","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52321}],"timeband_id":1141,"links":[{"label":"VRA at Ars Electronica Festival","type":"link","url":"https://www.youtube.com/watch?v=lb53IZDHv5o"}],"end":"2023-12-28T21:45:00.000-0000","id":53663,"begin_timestamp":{"seconds":1703797500,"nanoseconds":0},"tag_ids":[46118,46135,46141],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52321}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T21:05:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Context: cybersecurity for future energy production systems\n-----------------------------------------------------------\n\n\nCybersecurity for smaller solar power plants is a critical challenge: strong separation between operational, safety relevant network and internet is not present. Moreover, manufacturers do not invest enough in security; reason being high competition in terms of time to market, price pressure and lack of security knowledge.\n\n\nThese power plant systems need more or less an internet connection in order to fetch power & energy data from the plant with an app, perform firmware updates, and carry out maintenance remotely.\n\n\nThe central device, which is connected to the internet, is the inverter. Many companies provide inverters for solar power plants and include cloud connectivity. An inverter converts the energy from the solar panels to grid compatible energy. Since it handles high currents & voltages, the physical consequences of cybersecurity risks are arguably higher than for standard smart home devices.\n\n\nResearch results related to connected solar inverters (technical part)\n----------------------------------------------------------------------\n\n\nOut of curiosity, I tested different inverters from different manufacturers, including cloud connectivity. All devices have a license to be operated in Germany and are very popular. They are used in solar power plants of different sizes, from balcony size to bigger plants. \r\nIn this section some research results will be presented, we will especially focus on one system.\n\n\n**Positive note: critical vulnerabilities have been patched by now.**\n\n\nVulnerabilities\n---------------\n\n\n* *Insecure Direct Object Reference* (IDOR) or similar vulnerabilities have been found, allowing an attacker with a simple account to execute commands on connected inverters remotely. This was an enabler for many further attacks.\n* An attacker could trigger a firmware update process on connected inverters.\n* The firmware update process was not properly secured: update images did not include a cryptographic signature.\n* Most of the devices did not use the TLS protocol for cloud communication or did not use it correctly.\n* Secure boot and secure debugging were not implemented.\n* On the server side, there were insufficient sanity checks.\n* Sensitive data (e.g. serial number) was easy to extract.\n\n\nExploitation\n------------\n\n\n* Commands could be executed on any connected devices (e.g. switch ON, switch OFF, change parameters).\n* The power electronics and relays of devices could be manipulated remotely with a malicious firmware update.\n* By manipulating many devices synchronously the stability of the grid could be endangered.\n\n\nA proof of concept with a full (unlocked) exploit chain will be presented.\n\n\nConclusion and Discussion\n-------------------------\n\n\nRemoving bureaucratic hurdles is an important step in order to democratize our energy production - and renewable energies are the future! On the other hand, if it comes at the cost of poorly-secured devices, this may be jeopardized.\n\n\nIn Germany, we have the Kritis Verordnung (decree) to protect for example the electricity infrastructure. It states that every power [plant with more than 104 MW capacity is required to have specific protections](https://www.gesetze-im-internet.de/bsi-kritisv/anhang_1.html). Individually, the small solar power plants are not in this category. However, summing up all devices connected to one cloud, we probably reach these numbers by now - and if not, tomorrow. Current projections point in that direction.\n\n\nDuring this research, I realized how easy it is to take control of energy production devices and it scared me. The cloud connectivity and the related \"remote control / remote maintenance\" and \"firmware update\" processes are truly critical and attacks may scale. Even if vulnerabilities are patched by now, an attacker who finds a way into the cloud servers can control all connected inverters.\n\n\nOn the other hand, it seems that there are no security related regulations regarding these systems as of today in the European Union. The [EU Cyber Resilience Act](https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act), which will apply to these devices is still in discussion and is likely to be effective soon. However, manufacturers will probably have a grace period of 36 months to comply: by then, many insecure devices will already be installed. Knowing how many bad guys are out there, the risk is there and growing rapidly.\n\n\n\n\nIn this talk we will have a look at some cybersecurity challenges raised by the trend of decentralizing our energy production.\n\n\nOur energy infrastructure is now changing from a centralized system based on big power plants to a more decentralized system based on renewable energy produced by smaller power plants (maybe yours). In Germany alone, [300.000 so called balcony power plants were in operation by August 2023](https://www.heise.de/hintergrund/Ueber-300-000-Balkonkraftwerke-in-Deutschland-in-Betrieb-Statistik-der-Woche-9285107.html). Most of these smaller power plants are / will be somehow connected to some cloud services.\n\n\nTo show that security hasn't been the biggest priority, we will examine the cybersecurity controls of different solar inverters. To put it mildly: there is room for improvement.\n\n\nWe will also discuss the need for better regulations and enforcement of cybersecurity for smaller connected power plants: altogether they probably produce more power than the bigger ones - and this trend is accelerating.\r\nProtecting our infrastructure shall have - today more than ever before - a high priority.\n\n","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"Decentralized energy production: green future or cybersecurity nightmare?","android_description":"Context: cybersecurity for future energy production systems\n-----------------------------------------------------------\n\n\nCybersecurity for smaller solar power plants is a critical challenge: strong separation between operational, safety relevant network and internet is not present. Moreover, manufacturers do not invest enough in security; reason being high competition in terms of time to market, price pressure and lack of security knowledge.\n\n\nThese power plant systems need more or less an internet connection in order to fetch power & energy data from the plant with an app, perform firmware updates, and carry out maintenance remotely.\n\n\nThe central device, which is connected to the internet, is the inverter. Many companies provide inverters for solar power plants and include cloud connectivity. An inverter converts the energy from the solar panels to grid compatible energy. Since it handles high currents & voltages, the physical consequences of cybersecurity risks are arguably higher than for standard smart home devices.\n\n\nResearch results related to connected solar inverters (technical part)\n----------------------------------------------------------------------\n\n\nOut of curiosity, I tested different inverters from different manufacturers, including cloud connectivity. All devices have a license to be operated in Germany and are very popular. They are used in solar power plants of different sizes, from balcony size to bigger plants. \r\nIn this section some research results will be presented, we will especially focus on one system.\n\n\n**Positive note: critical vulnerabilities have been patched by now.**\n\n\nVulnerabilities\n---------------\n\n\n* *Insecure Direct Object Reference* (IDOR) or similar vulnerabilities have been found, allowing an attacker with a simple account to execute commands on connected inverters remotely. This was an enabler for many further attacks.\n* An attacker could trigger a firmware update process on connected inverters.\n* The firmware update process was not properly secured: update images did not include a cryptographic signature.\n* Most of the devices did not use the TLS protocol for cloud communication or did not use it correctly.\n* Secure boot and secure debugging were not implemented.\n* On the server side, there were insufficient sanity checks.\n* Sensitive data (e.g. serial number) was easy to extract.\n\n\nExploitation\n------------\n\n\n* Commands could be executed on any connected devices (e.g. switch ON, switch OFF, change parameters).\n* The power electronics and relays of devices could be manipulated remotely with a malicious firmware update.\n* By manipulating many devices synchronously the stability of the grid could be endangered.\n\n\nA proof of concept with a full (unlocked) exploit chain will be presented.\n\n\nConclusion and Discussion\n-------------------------\n\n\nRemoving bureaucratic hurdles is an important step in order to democratize our energy production - and renewable energies are the future! On the other hand, if it comes at the cost of poorly-secured devices, this may be jeopardized.\n\n\nIn Germany, we have the Kritis Verordnung (decree) to protect for example the electricity infrastructure. It states that every power [plant with more than 104 MW capacity is required to have specific protections](https://www.gesetze-im-internet.de/bsi-kritisv/anhang_1.html). Individually, the small solar power plants are not in this category. However, summing up all devices connected to one cloud, we probably reach these numbers by now - and if not, tomorrow. Current projections point in that direction.\n\n\nDuring this research, I realized how easy it is to take control of energy production devices and it scared me. The cloud connectivity and the related \"remote control / remote maintenance\" and \"firmware update\" processes are truly critical and attacks may scale. Even if vulnerabilities are patched by now, an attacker who finds a way into the cloud servers can control all connected inverters.\n\n\nOn the other hand, it seems that there are no security related regulations regarding these systems as of today in the European Union. The [EU Cyber Resilience Act](https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act), which will apply to these devices is still in discussion and is likely to be effective soon. However, manufacturers will probably have a grace period of 36 months to comply: by then, many insecure devices will already be installed. Knowing how many bad guys are out there, the risk is there and growing rapidly.\n\n\n\n\nIn this talk we will have a look at some cybersecurity challenges raised by the trend of decentralizing our energy production.\n\n\nOur energy infrastructure is now changing from a centralized system based on big power plants to a more decentralized system based on renewable energy produced by smaller power plants (maybe yours). In Germany alone, [300.000 so called balcony power plants were in operation by August 2023](https://www.heise.de/hintergrund/Ueber-300-000-Balkonkraftwerke-in-Deutschland-in-Betrieb-Statistik-der-Woche-9285107.html). Most of these smaller power plants are / will be somehow connected to some cloud services.\n\n\nTo show that security hasn't been the biggest priority, we will examine the cybersecurity controls of different solar inverters. To put it mildly: there is room for improvement.\n\n\nWe will also discuss the need for better regulations and enforcement of cybersecurity for smaller connected power plants: altogether they probably produce more power than the bigger ones - and this trend is accelerating.\r\nProtecting our infrastructure shall have - today more than ever before - a high priority.","end_timestamp":{"seconds":1703799900,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53650],"name":"Sebastien","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52504}],"timeband_id":1141,"links":[],"end":"2023-12-28T21:45:00.000-0000","id":53650,"village_id":null,"tag_ids":[46124,46136,46140],"begin_timestamp":{"seconds":1703797500,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52504}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T21:05:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In Debatten zu KI und Nachhaltigkeit steht zurecht der enorme Ressourcenverbrauch von KI am Pranger. Aber wir dürfen nicht vergessen, dass es bei Nachhaltigkeit um noch viel mehr geht. Mindestens 7 der 17 Nachhaltigkeitsziele der UN verweisen auf soziale Dimensionen: Gleichheit, Anti-Diskriminierung, Zugang zu Bildung, Abbau von ökonomischer Ungleichheit und Ausbeutung. Der Vortrag diskutiert, dass künstliche Intelligenz, wenn sie nicht besser reguliert wird, diesen Zielen entgegensteht. Das liegt nicht nur daran, dass KI-Systeme Biases haben und sich diskriminierend auswirken. Sondern noch fundamentaler beruhen die meisten kommerziellen KI-Systeme auf sozialer und wirtschaftlicher Ausbeutung. Global wie lokal werden Nutzer:innen als Datenlieferant:innen und Gig-Arbeiter:innen als günstige Arbeitskräfte eingespannt. Unser Denken, Fühlen und Handeln wird in allen Lebensbereichen datafiziert; ökonomische Machtgradienten zwischen Globalem Norden und Süden werden für die Aufbereitung von Daten ausgebeutet. Viele KI-Systeme erzeugen ihre Intelligenzleistung nicht im Rechenzentrum, sondern durch das Auslesen menschlicher kognitiver Leistungen an den digitalen Interfaces, die wir täglich nutzen – Beispiele reichen von der Google-Suche über Gesichtserkennung bis ChatGPT. KI-Unternehmen machen von den niedrigen Arbeitsschutzstandards und Lohnniveaus in anderen Ländern Gebrauch und produzieren Krankheit und Prekarität bei den betroffenen Arbeiter:innen. Um gute Regulierung zu erreichen, müssen wir KI-Systeme als soziotechnische Systeme betrachten. Das ermöglicht ein reichhaltigeres Verständnis der sozialen Dimension von Nachhaltigkeit, um global steigender Ungleichheit und Ausbeutung durch KI-Systeme etwas entgegenzusetzen. \n\n\nKI beruht auf der weltweiten Ausbeutung nicht nur natürlicher, sondern auch sozialer Ressourcen. Um KI nachhaltig zu gestalten, müssen wir algorithmischer Diskriminierung und sozialer Selektion, der Ausbeutung und Prekarisierung digitaler Arbeit und der Tendenz eines neuen, digitalen Kolonialismus entgegentreten. ","title":"KI – Macht – Ungleichheit.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703799900,"nanoseconds":0},"android_description":"In Debatten zu KI und Nachhaltigkeit steht zurecht der enorme Ressourcenverbrauch von KI am Pranger. Aber wir dürfen nicht vergessen, dass es bei Nachhaltigkeit um noch viel mehr geht. Mindestens 7 der 17 Nachhaltigkeitsziele der UN verweisen auf soziale Dimensionen: Gleichheit, Anti-Diskriminierung, Zugang zu Bildung, Abbau von ökonomischer Ungleichheit und Ausbeutung. Der Vortrag diskutiert, dass künstliche Intelligenz, wenn sie nicht besser reguliert wird, diesen Zielen entgegensteht. Das liegt nicht nur daran, dass KI-Systeme Biases haben und sich diskriminierend auswirken. Sondern noch fundamentaler beruhen die meisten kommerziellen KI-Systeme auf sozialer und wirtschaftlicher Ausbeutung. Global wie lokal werden Nutzer:innen als Datenlieferant:innen und Gig-Arbeiter:innen als günstige Arbeitskräfte eingespannt. Unser Denken, Fühlen und Handeln wird in allen Lebensbereichen datafiziert; ökonomische Machtgradienten zwischen Globalem Norden und Süden werden für die Aufbereitung von Daten ausgebeutet. Viele KI-Systeme erzeugen ihre Intelligenzleistung nicht im Rechenzentrum, sondern durch das Auslesen menschlicher kognitiver Leistungen an den digitalen Interfaces, die wir täglich nutzen – Beispiele reichen von der Google-Suche über Gesichtserkennung bis ChatGPT. KI-Unternehmen machen von den niedrigen Arbeitsschutzstandards und Lohnniveaus in anderen Ländern Gebrauch und produzieren Krankheit und Prekarität bei den betroffenen Arbeiter:innen. Um gute Regulierung zu erreichen, müssen wir KI-Systeme als soziotechnische Systeme betrachten. Das ermöglicht ein reichhaltigeres Verständnis der sozialen Dimension von Nachhaltigkeit, um global steigender Ungleichheit und Ausbeutung durch KI-Systeme etwas entgegenzusetzen. \n\n\nKI beruht auf der weltweiten Ausbeutung nicht nur natürlicher, sondern auch sozialer Ressourcen. Um KI nachhaltig zu gestalten, müssen wir algorithmischer Diskriminierung und sozialer Selektion, der Ausbeutung und Prekarisierung digitaler Arbeit und der Tendenz eines neuen, digitalen Kolonialismus entgegentreten.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53427],"name":"Rainer Mühlhoff","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52401}],"timeband_id":1141,"links":[],"end":"2023-12-28T21:45:00.000-0000","id":53427,"tag_ids":[46125,46136,46139],"begin_timestamp":{"seconds":1703797500,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52401}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"begin":"2023-12-28T21:05:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In diesem praxisnahen Talk wird vorgeführt, wie man sich auf der Linux-Kommandozeile zurechtfindet. Es gibt keine Folien und nur so viel Theorie, wie zum Verständnis nötig ist. Wir lernen, wie man eine Shell allein durch Tastatureingaben steuert, bevor wir uns anschauen, wie sich im Dateisystem bewegt, wie man Dateien anzeigt und manipuliert und wie man auf der Kommandozeile Root-Rechte erhält. Es werden einige Werkzeuge zur grundlegenden Systemadministration vorgestellt und nebenbei das ein oder andere grundlegende Unix-Prinzip erläutert. Wir sprechen auch darüber, welche Kommandos man unter keinen Umständen ausführen sollte.\r\n\r\nDas Ziel dieser Veranstaltung ist es, euch ein besseres Verständnis davon zu vermitteln, wie man mit einem reinen Text-Interface einen kompletten Computer steuern kann, damit ihr es später leichter habt, auf diesem Wissen aufzubauen. Ihr seid herzlich eingeladen, auf eurem eigenen Linux-Computer ein Terminal-Fenster zu öffnen und mitzumachen.\n\n\nVorführung der Linux-Kommandozeile, Vorstellung der wichtigsten Kommandos und Erklärung zentraler Grundkonzepte","title":"Linux-Kommandozeile für Newbies","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#f6ae74","name":"Talk 90 Minuten +15m Q&A","id":46132},"end_timestamp":{"seconds":1703803500,"nanoseconds":0},"android_description":"In diesem praxisnahen Talk wird vorgeführt, wie man sich auf der Linux-Kommandozeile zurechtfindet. Es gibt keine Folien und nur so viel Theorie, wie zum Verständnis nötig ist. Wir lernen, wie man eine Shell allein durch Tastatureingaben steuert, bevor wir uns anschauen, wie sich im Dateisystem bewegt, wie man Dateien anzeigt und manipuliert und wie man auf der Kommandozeile Root-Rechte erhält. Es werden einige Werkzeuge zur grundlegenden Systemadministration vorgestellt und nebenbei das ein oder andere grundlegende Unix-Prinzip erläutert. Wir sprechen auch darüber, welche Kommandos man unter keinen Umständen ausführen sollte.\r\n\r\nDas Ziel dieser Veranstaltung ist es, euch ein besseres Verständnis davon zu vermitteln, wie man mit einem reinen Text-Interface einen kompletten Computer steuern kann, damit ihr es später leichter habt, auf diesem Wissen aufzubauen. Ihr seid herzlich eingeladen, auf eurem eigenen Linux-Computer ein Terminal-Fenster zu öffnen und mitzumachen.\n\n\nVorführung der Linux-Kommandozeile, Vorstellung der wichtigsten Kommandos und Erklärung zentraler Grundkonzepte","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53731],"name":"skye","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52243}],"timeband_id":1141,"links":[],"end":"2023-12-28T22:45:00.000-0000","id":53731,"begin_timestamp":{"seconds":1703797200,"nanoseconds":0},"tag_ids":[46132,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52243}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T21:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"damals(tm)-Hörer treffen sich auf dem Congress und reden über den Congress, 10 Jahre damals(tm) und den Krieg der Sterne","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#93758d","name":"Podcasting table (45 minutes)","id":46128},"title":"damals(tm) Congressausgabe mit Hörern vor Ort","end_timestamp":{"seconds":1703799900,"nanoseconds":0},"android_description":"damals(tm)-Hörer treffen sich auf dem Congress und reden über den Congress, 10 Jahre damals(tm) und den Krieg der Sterne","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T21:45:00.000-0000","id":53724,"village_id":null,"tag_ids":[46128,46139],"begin_timestamp":{"seconds":1703797200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T21:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Your code might be working, but what about your conversations? Perfect your ‘human protocol’ with our NVC workshop. In my opinion, this kind of communication is not just for ‘the emotional ones’, but central for upgrading human communication – maybe also for Ya. Sync up with emotions, interpret intent, and handshake with clarity. Go beyond syntax. Speak soul.\n\n\n","title":"Non Viol3nt Communication Workshop","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"Your code might be working, but what about your conversations? Perfect your ‘human protocol’ with our NVC workshop. In my opinion, this kind of communication is not just for ‘the emotional ones’, but central for upgrading human communication – maybe also for Ya. Sync up with emotions, interpret intent, and handshake with clarity. Go beyond syntax. Speak soul.","end_timestamp":{"seconds":1703804400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T23:00:00.000-0000","id":53529,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703797200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"Y","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T21:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Online pornography seems to be caught between two problematic extremes: on one hand there are overpowered tech-giants dominating the market, and on the other hand ultra-reactionary groups trying to abolish this entire sector. **There must be a better way!**\r\n\r\nIn 2023 a coalition of sex workers, gender-based violence survivors, digital rights advocates and sex-tech builders have joined forces in a campaign addressed to the European Commission leveraging the new EU regulation called Digital Services Act (DSA). In the meantime, an international strategic litigation in Cyprus and Italy is challenging in court the very core business model of a notorious porn-giant for its blatant violation of the General Data Protection Regulation (GDPR). \r\n\r\nIn this session we will present the achievements of our campaign to reshape the sector of online pornography and why this is so important for a better digital world for all. Our goal is to shad a new light onto this vast and complex ecosystem and envision together new ways to share the cyberlove :)\r\n\r\n- about the DSA advocacy campaign: [https://www.euractiv.com/section/platforms/news/ngos-urge-eu-commission-to-include-porn-websites-in-the-systemic-risk-club/](https://www.euractiv.com/section/platforms/news/ngos-urge-eu-commission-to-include-porn-websites-in-the-systemic-risk-club/)\r\n\r\n- about the GDPR strategic litigation: [https://www.wired.com/story/pornhub-tracking-cookies-gdpr-video-history/?utm_source=twitter&mbid=social_twitter&utm_social-type=owned&utm_medium=social&utm_brand=wired](https://www.wired.com/story/pornhub-tracking-cookies-gdpr-video-history/?utm_source=twitter&mbid=social_twitter&utm_social-type=owned&utm_medium=social&utm_brand=wired)\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Pornography feels better without tech-giants!","end_timestamp":{"seconds":1703799900,"nanoseconds":0},"android_description":"Online pornography seems to be caught between two problematic extremes: on one hand there are overpowered tech-giants dominating the market, and on the other hand ultra-reactionary groups trying to abolish this entire sector. **There must be a better way!**\r\n\r\nIn 2023 a coalition of sex workers, gender-based violence survivors, digital rights advocates and sex-tech builders have joined forces in a campaign addressed to the European Commission leveraging the new EU regulation called Digital Services Act (DSA). In the meantime, an international strategic litigation in Cyprus and Italy is challenging in court the very core business model of a notorious porn-giant for its blatant violation of the General Data Protection Regulation (GDPR). \r\n\r\nIn this session we will present the achievements of our campaign to reshape the sector of online pornography and why this is so important for a better digital world for all. Our goal is to shad a new light onto this vast and complex ecosystem and envision together new ways to share the cyberlove :)\r\n\r\n- about the DSA advocacy campaign: [https://www.euractiv.com/section/platforms/news/ngos-urge-eu-commission-to-include-porn-websites-in-the-systemic-risk-club/](https://www.euractiv.com/section/platforms/news/ngos-urge-eu-commission-to-include-porn-websites-in-the-systemic-risk-club/)\r\n\r\n- about the GDPR strategic litigation: [https://www.wired.com/story/pornhub-tracking-cookies-gdpr-video-history/?utm_source=twitter&mbid=social_twitter&utm_social-type=owned&utm_medium=social&utm_brand=wired](https://www.wired.com/story/pornhub-tracking-cookies-gdpr-video-history/?utm_source=twitter&mbid=social_twitter&utm_social-type=owned&utm_medium=social&utm_brand=wired)","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T21:45:00.000-0000","id":53915,"begin_timestamp":{"seconds":1703796300,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T20:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Der Weisheit hat ein ganzes Jahr 10. Staffel gefeiert. Was kann es besseres geben als das Staffelfinale auf dem Congress? Mit dem Hörer*innenglückwunsch to end all Hörer*innenglückwünsche - es sei denn ihr sprecht uns einen besseren unter 030-549 08 581 aufs Band! \r\n\r\nAnsonsten gibt es das, was es immer gibt, aber live und in Farbe: Jede*r bringt ein Thema mit, Patricia erzählt einen Witz, Marcus quält die Ukulele, Frau Kirsche zündet den Kapitalismus an und Malik ist wahrscheinlich Freiberufler und hat das schon immer so gemacht. \r\n\r\nIhr könnt live dabei sein und wenn ihr lieb seid eine Frage stellen. Oder uns dabei helfen die überzähligen 30 Minuten zu füllen. Denn das ist klar: Nach 60 Minuten ist alles vorbei.","type":{"conference_id":131,"conference":"37C3","color":"#e78bea","updated_at":"2023-12-30T22:18+0000","name":"Live podcast stage (90 minutes)","id":46127},"title":"Der Weisheit - Eine Stunde Lebenskunde - 10. Staffelfinale","android_description":"Der Weisheit hat ein ganzes Jahr 10. Staffel gefeiert. Was kann es besseres geben als das Staffelfinale auf dem Congress? Mit dem Hörer*innenglückwunsch to end all Hörer*innenglückwünsche - es sei denn ihr sprecht uns einen besseren unter 030-549 08 581 aufs Band! \r\n\r\nAnsonsten gibt es das, was es immer gibt, aber live und in Farbe: Jede*r bringt ein Thema mit, Patricia erzählt einen Witz, Marcus quält die Ukulele, Frau Kirsche zündet den Kapitalismus an und Malik ist wahrscheinlich Freiberufler und hat das schon immer so gemacht. \r\n\r\nIhr könnt live dabei sein und wenn ihr lieb seid eine Frage stellen. Oder uns dabei helfen die überzähligen 30 Minuten zu füllen. Denn das ist klar: Nach 60 Minuten ist alles vorbei.","end_timestamp":{"seconds":1703801700,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53436,53695],"name":"monoxyd","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52286}],"timeband_id":1141,"links":[],"end":"2023-12-28T22:15:00.000-0000","id":53695,"village_id":null,"begin_timestamp":{"seconds":1703796300,"nanoseconds":0},"tag_ids":[46127,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52286}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"begin":"2023-12-28T20:45:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"From the first beginnings during the storm surge in Hamburg in 1962 to the present day, radio amateurs have helped in emergencies and disasters all over the world. But the technology has evolved, and I would like to take you on a short virtual trip through the last 5 years. From the first ideas to the systems now developed to assist in emergencies and disasters. Including a hands-on technical insight and a few anecdotes from the workshop.\n\n\nMit welchen Techniken können Funkamateure in Not- und Katastrophenfällen Unterstützung leisten?\r\n\r\nSpeaker: DL7TNY","title":"Technik von Funkamateuren zur Unterstützung in Not- und Katastrophenfällen","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"From the first beginnings during the storm surge in Hamburg in 1962 to the present day, radio amateurs have helped in emergencies and disasters all over the world. But the technology has evolved, and I would like to take you on a short virtual trip through the last 5 years. From the first ideas to the systems now developed to assist in emergencies and disasters. Including a hands-on technical insight and a few anecdotes from the workshop.\n\n\nMit welchen Techniken können Funkamateure in Not- und Katastrophenfällen Unterstützung leisten?\r\n\r\nSpeaker: DL7TNY","end_timestamp":{"seconds":1703797200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T21:00:00.000-0000","id":53706,"begin_timestamp":{"seconds":1703795400,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chaoswelle","hotel":"","short_name":"Chaoswelle","id":46141},"begin":"2023-12-28T20:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Nach dem Talk https://events.ccc.de/congress/2023/hub/de/event/lutzerath_lebt_einblicke_in_den_widerstand/ könnt ihr hier eure Fragen persönlich loswerden\n\n\nStellt eure Fragen und diskutiert mit den Vortragenden!","title":"Lützerath lebt! Extended Q&A","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703798100,"nanoseconds":0},"android_description":"Nach dem Talk https://events.ccc.de/congress/2023/hub/de/event/lutzerath_lebt_einblicke_in_den_widerstand/ könnt ihr hier eure Fragen persönlich loswerden\n\n\nStellt eure Fragen und diskutiert mit den Vortragenden!","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T21:15:00.000-0000","id":53847,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703794500,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T20:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The Three-Body Problem trilogy is among the most mind-bending and genius science-fiction trilogies out there. It was awarded the Hugo Award and was publicly recommended by Barack Obama. Multiple adaptions, even one animated in Minecraft, have already been made in China. Another one by Netflix is on the way.\r\n\r\nIn this talk, we will go over many Easter Eggs in the trilogy, including references to other works and foreshadowing.\r\n\r\nFor everybody having read the \"Three-Body\" trilogy.\r\n\r\nWe meet at the Assembly of the OpenLab Augsburg.\r\n\r\n🧮🦆\n\n\n","title":"Easter Eggs in Liu Cixin's „Three-Body“ Trilogy","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"The Three-Body Problem trilogy is among the most mind-bending and genius science-fiction trilogies out there. It was awarded the Hugo Award and was publicly recommended by Barack Obama. Multiple adaptions, even one animated in Minecraft, have already been made in China. Another one by Netflix is on the way.\r\n\r\nIn this talk, we will go over many Easter Eggs in the trilogy, including references to other works and foreshadowing.\r\n\r\nFor everybody having read the \"Three-Body\" trilogy.\r\n\r\nWe meet at the Assembly of the OpenLab Augsburg.\r\n\r\n🧮🦆","end_timestamp":{"seconds":1703796300,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T20:45:00.000-0000","id":53702,"begin_timestamp":{"seconds":1703794500,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T20:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"*English below*\r\n\r\nDE: Offene Karaoke-Runde für alle FINTA-personen.\r\n\r\nKeine Sorge, wenn genug mitmachen, muss sich niemand selbst hören. ;)\r\nJeder Musikgeschmack ist willkommen! Egal ob du gerne Anime Titelsongs, Metalcore oder Schlager hörst, wir haben für alle was dabei. Ja, natürlich kannst du auch einfach ABBA singen.\r\n\r\n\r\nEN: Open Karaoke-Session for all FINTA-people.\r\n\r\nDon't worry, if enough people join, nobody needs to hear themselves. ;)\r\nEvery taste of music is welcome! No matter if your jam is Anime-Openings, Metalcore or Schlager, we got you covered. Yes of course we also have ABBA.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#7f73c6","name":"Workshop","id":46133},"title":"FINTA-Karaoke","end_timestamp":{"seconds":1703805300,"nanoseconds":0},"android_description":"*English below*\r\n\r\nDE: Offene Karaoke-Runde für alle FINTA-personen.\r\n\r\nKeine Sorge, wenn genug mitmachen, muss sich niemand selbst hören. ;)\r\nJeder Musikgeschmack ist willkommen! Egal ob du gerne Anime Titelsongs, Metalcore oder Schlager hörst, wir haben für alle was dabei. Ja, natürlich kannst du auch einfach ABBA singen.\r\n\r\n\r\nEN: Open Karaoke-Session for all FINTA-people.\r\n\r\nDon't worry, if enough people join, nobody needs to hear themselves. ;)\r\nEvery taste of music is welcome! No matter if your jam is Anime-Openings, Metalcore or Schlager, we got you covered. Yes of course we also have ABBA.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53808,53574],"name":"Drakulix","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52494}],"timeband_id":1141,"links":[],"end":"2023-12-28T23:15:00.000-0000","id":53574,"tag_ids":[46133,46139],"village_id":null,"begin_timestamp":{"seconds":1703794500,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52494}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"spans_timebands":"Y","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T20:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In lockerer Runde beantworten Alvar Freude, Leiter der Abteilung für technisch-organisatorischen Datenschutz und Internet-Recht beim Landesbeauftragten für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI), und Thuy Nga Trinh, Referentin zum Thema Internet-Recht beim LfDI, Eure Fragen rund um Datenschutz und mehr. Eine offene Beratungs-Sprechstunde für alle Eure Fragen rund um Datenschutz und die Datenschutz-Grundverordnung (DS-GVO).\r\n\r\nEs findet keine Aufzeichnung statt, sodass Ihr Eure Fragen frei stellen könnt!\n\n\n","title":"Datenschutz-Sprechstunde mit der Aufsichtsbehörde","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"In lockerer Runde beantworten Alvar Freude, Leiter der Abteilung für technisch-organisatorischen Datenschutz und Internet-Recht beim Landesbeauftragten für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI), und Thuy Nga Trinh, Referentin zum Thema Internet-Recht beim LfDI, Eure Fragen rund um Datenschutz und mehr. Eine offene Beratungs-Sprechstunde für alle Eure Fragen rund um Datenschutz und die Datenschutz-Grundverordnung (DS-GVO).\r\n\r\nEs findet keine Aufzeichnung statt, sodass Ihr Eure Fragen frei stellen könnt!","end_timestamp":{"seconds":1703799900,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T21:45:00.000-0000","id":53461,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703794500,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T20:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Ein kleines Forschungsprojekt hat sich der großen Aufgabe gewidmet, einen internationalen und systemübergreifenden Katalog zu Diskettenmagazinen der 1980er und 1990er Jahre zu erarbeiten und außerdem eine zunächst deutschsprachige Textsammlung ihrer Inhalte zu erstellen. Es liefert damit eine Grundlage für die Erforschung der frühen digitalen Zine-Kultur und ermöglicht den verschiedenen Szenekreisen, ein Stück weit in ihre eigenen Geschichten einzutauchen. Der Katalog wuchs weit schneller als zunächst angenommen und umfasst inzwischen Nachweise zu 2.500 Magazinen und mehr als 20.000 Einzelausgaben. Bei der Textsammlung gilt es, unter anderem Kompressionsverfahren zu identifizieren und Character-Mappings herzustellen, um Unicode-kompatible Texte erzeugen zu können. Aber auch die Communities helfen mit. Wie lassen sich dabei die verschiedenen rechtlichen Fragen lösen, die Urheberschaft, Leistungsschutz und Persönlichkeitsschutz betreffen? Und wie kann die Langlebigkeit des Katalogs und der Textsammlung sichergestellt werden?\n\n\nDiskettenmagazine waren frühe elektronische Multimedia-Journale der 1980er und 1990er Jahre, die auf Diskette verbreitet wurden und nur auf den jeweils passenden Geräten benutzbar waren. Bibliotheken und Archive haben diese sogenannten „Diskmags\" damals nicht berücksichtigt, mittlerweile stellen die ca. 2.500 Magazine aber eine wertvolle Quelle für die Forschung und die Diskmags-Communities dar. Das vorgestellte Projekt baut einen Katalog auf und macht Texte durchsuchbar.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Das Diskmags-Projekt","end_timestamp":{"seconds":1703796600,"nanoseconds":0},"android_description":"Ein kleines Forschungsprojekt hat sich der großen Aufgabe gewidmet, einen internationalen und systemübergreifenden Katalog zu Diskettenmagazinen der 1980er und 1990er Jahre zu erarbeiten und außerdem eine zunächst deutschsprachige Textsammlung ihrer Inhalte zu erstellen. Es liefert damit eine Grundlage für die Erforschung der frühen digitalen Zine-Kultur und ermöglicht den verschiedenen Szenekreisen, ein Stück weit in ihre eigenen Geschichten einzutauchen. Der Katalog wuchs weit schneller als zunächst angenommen und umfasst inzwischen Nachweise zu 2.500 Magazinen und mehr als 20.000 Einzelausgaben. Bei der Textsammlung gilt es, unter anderem Kompressionsverfahren zu identifizieren und Character-Mappings herzustellen, um Unicode-kompatible Texte erzeugen zu können. Aber auch die Communities helfen mit. Wie lassen sich dabei die verschiedenen rechtlichen Fragen lösen, die Urheberschaft, Leistungsschutz und Persönlichkeitsschutz betreffen? Und wie kann die Langlebigkeit des Katalogs und der Textsammlung sichergestellt werden?\n\n\nDiskettenmagazine waren frühe elektronische Multimedia-Journale der 1980er und 1990er Jahre, die auf Diskette verbreitet wurden und nur auf den jeweils passenden Geräten benutzbar waren. Bibliotheken und Archive haben diese sogenannten „Diskmags\" damals nicht berücksichtigt, mittlerweile stellen die ca. 2.500 Magazine aber eine wertvolle Quelle für die Forschung und die Diskmags-Communities dar. Das vorgestellte Projekt baut einen Katalog auf und macht Texte durchsuchbar.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53662],"name":"Torsten Roeder","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52395}],"timeband_id":1141,"end":"2023-12-28T20:50:00.000-0000","links":[{"label":"Diskmags Catalog","type":"link","url":"https://diskmags.de/"}],"id":53662,"village_id":null,"begin_timestamp":{"seconds":1703794200,"nanoseconds":0},"tag_ids":[46118,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52395}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"begin":"2023-12-28T20:10:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Die Klimakrise und der Nahostkonflikt eskalieren, die Ampel bläst zur Abschiebeoffensive, die AfD ist bei über 20 % und die CDU will vorsorglich schon mal Autobahnen bauen. Derweil machen KI & Kommerz das Internet kaputt und Elon Musk Twitter. Demnächst verschwindet dann auch noch das letzte Katzenvideo hinter irgendeiner Paywall, so dass man sich nicht mal mehr vernünftig ablenken kann – es ist zum Verzweifeln in diesen Zeiten.\r\n \r\nWie soll man da noch Hoffnung schöpfen? Wenn auch ihr euch diese Frage stellt, wenn ihr mit dem Gefühl der Resignation bereits vertraut seid, dann seid ihr hier genau richtig:\r\n\r\nWir haben Aktivist\\*innen zusammengebracht, die sich auf die Straße kleben, Menschen pflegen oder Daten schützen, die an unterschiedlichen Krisenherden täglich kämpfen und scheitern: Gewerkschafter\\*innen, Antifaschist\\*innen, humanitäre Helfer\\*innen – wir haben sie gefragt, warum und worauf sie überhaupt noch hoffen, und wir haben sie auf die CCC-Bühne eingeladen, damit wir uns darüber austauschen und gemeinsam neue Hoffnung schöpfen können – denn noch gibt es sie: Strategien, die funktionieren, starke Bündnisse und zumindest Teilerfolge: Hier & da können wir uns also gegenseitig Mut machen. \n\n\nHinter der Stadt brennt der Wald und der Kanzler hetzt gegen Flüchtende wie eine auf Reddit trainierte KI, der Freundeskreis zerbricht am Nahostkonflikt, außerdem wurde das Backup vergessen und das Kilo Tomaten ist auch schon wieder einen Euro teurer. Gründe zum Verzweifeln gibt es genug. Wir sprechen deshalb mit Aktivist\\*innen, die sich den multiplen Krisen entgegenstellen, darüber, was sie eigentlich noch hoffen lässt. ","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"A NEW HOPE [de]","end_timestamp":{"seconds":1703796600,"nanoseconds":0},"android_description":"Die Klimakrise und der Nahostkonflikt eskalieren, die Ampel bläst zur Abschiebeoffensive, die AfD ist bei über 20 % und die CDU will vorsorglich schon mal Autobahnen bauen. Derweil machen KI & Kommerz das Internet kaputt und Elon Musk Twitter. Demnächst verschwindet dann auch noch das letzte Katzenvideo hinter irgendeiner Paywall, so dass man sich nicht mal mehr vernünftig ablenken kann – es ist zum Verzweifeln in diesen Zeiten.\r\n \r\nWie soll man da noch Hoffnung schöpfen? Wenn auch ihr euch diese Frage stellt, wenn ihr mit dem Gefühl der Resignation bereits vertraut seid, dann seid ihr hier genau richtig:\r\n\r\nWir haben Aktivist\\*innen zusammengebracht, die sich auf die Straße kleben, Menschen pflegen oder Daten schützen, die an unterschiedlichen Krisenherden täglich kämpfen und scheitern: Gewerkschafter\\*innen, Antifaschist\\*innen, humanitäre Helfer\\*innen – wir haben sie gefragt, warum und worauf sie überhaupt noch hoffen, und wir haben sie auf die CCC-Bühne eingeladen, damit wir uns darüber austauschen und gemeinsam neue Hoffnung schöpfen können – denn noch gibt es sie: Strategien, die funktionieren, starke Bündnisse und zumindest Teilerfolge: Hier & da können wir uns also gegenseitig Mut machen. \n\n\nHinter der Stadt brennt der Wald und der Kanzler hetzt gegen Flüchtende wie eine auf Reddit trainierte KI, der Freundeskreis zerbricht am Nahostkonflikt, außerdem wurde das Backup vergessen und das Kilo Tomaten ist auch schon wieder einen Euro teurer. Gründe zum Verzweifeln gibt es genug. Wir sprechen deshalb mit Aktivist\\*innen, die sich den multiplen Krisen entgegenstellen, darüber, was sie eigentlich noch hoffen lässt.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53649],"name":"Ruben Neugebauer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52244},{"conference_id":131,"event_ids":[53649],"name":"Johannes Bayer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52273},{"conference_id":131,"event_ids":[53649],"name":"Pia Klemp","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52278},{"conference_id":131,"event_ids":[53649],"name":"Tareq Alaows","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52300},{"conference_id":131,"event_ids":[53649],"name":"Ela","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52303},{"conference_id":131,"event_ids":[53649],"name":"Sebastian Jünemann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52331},{"conference_id":131,"event_ids":[53649],"name":"Helena Steinhaus","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52365},{"conference_id":131,"event_ids":[53649],"name":"Kirsten Rautenstrauch","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52456},{"conference_id":131,"event_ids":[53649],"name":"Lara Eckstein","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52458},{"conference_id":131,"event_ids":[53649],"name":"Carla Reemtsma","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52486},{"conference_id":131,"event_ids":[53645,53649],"name":"Linus Neumann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52487}],"timeband_id":1141,"links":[],"end":"2023-12-28T20:50:00.000-0000","id":53649,"tag_ids":[46119,46136,46139],"village_id":null,"begin_timestamp":{"seconds":1703794200,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52486},{"tag_id":46107,"sort_order":1,"person_id":52303},{"tag_id":46107,"sort_order":1,"person_id":52365},{"tag_id":46107,"sort_order":1,"person_id":52273},{"tag_id":46107,"sort_order":1,"person_id":52456},{"tag_id":46107,"sort_order":1,"person_id":52458},{"tag_id":46107,"sort_order":1,"person_id":52487},{"tag_id":46107,"sort_order":1,"person_id":52278},{"tag_id":46107,"sort_order":1,"person_id":52244},{"tag_id":46107,"sort_order":1,"person_id":52331},{"tag_id":46107,"sort_order":1,"person_id":52300}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","begin":"2023-12-28T20:10:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"There's a bunch of closed-source arm64 binaries out there that we can't really fuzz efficiently due to slow dynamic instrumentation. \r\nStatic binary rewriting has been around since decades, but was mostly focused on x86.\r\nPorting it to arm64 should be a straightforward task, right? \r\n\r\nThis is the story of how a simple \"4-week port of an existing x86 rewriter\" took 2+ years instead.\r\nMaybe the real treasure is the CVEs we made along the way? \r\nWarning: the talk might contain sensitive imagery of ARM Assembly. Viewers have been warned. \r\n\n\n\nA talk on the first heuristic-free static binary rewriter for aarch64.\r\nWhy is it the first? Because everyone else already knew how much of a bad idea this would have been.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"ARMore: Pushing Love Back Into Binaries","end_timestamp":{"seconds":1703796600,"nanoseconds":0},"android_description":"There's a bunch of closed-source arm64 binaries out there that we can't really fuzz efficiently due to slow dynamic instrumentation. \r\nStatic binary rewriting has been around since decades, but was mostly focused on x86.\r\nPorting it to arm64 should be a straightforward task, right? \r\n\r\nThis is the story of how a simple \"4-week port of an existing x86 rewriter\" took 2+ years instead.\r\nMaybe the real treasure is the CVEs we made along the way? \r\nWarning: the talk might contain sensitive imagery of ARM Assembly. Viewers have been warned. \r\n\n\n\nA talk on the first heuristic-free static binary rewriter for aarch64.\r\nWhy is it the first? Because everyone else already knew how much of a bad idea this would have been.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53630],"name":"@cyanpencil (Luca Di Bartolomeo)","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52446}],"timeband_id":1141,"end":"2023-12-28T20:50:00.000-0000","links":[{"label":"ARMORE paper","type":"link","url":"https://hexhive.epfl.ch/publications/files/23SEC3.pdf"}],"id":53630,"tag_ids":[46124,46136,46140],"begin_timestamp":{"seconds":1703794200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52446}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","begin":"2023-12-28T20:10:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Augmented reality art in public spaces: the Artificial Museum transforms streets, squares and the moon into exhibition spaces for art that are accessible to everyone 24/7. We also like cats. UwU.\n\n\n","title":"Artificial Museum","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703796000,"nanoseconds":0},"android_description":"Augmented reality art in public spaces: the Artificial Museum transforms streets, squares and the moon into exhibition spaces for art that are accessible to everyone 24/7. We also like cats. UwU.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T20:40:00.000-0000","id":53881,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703793600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","begin":"2023-12-28T20:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/kimluzieflorsch-tz\n\n\nLuzie was born in Frankfurt in 1995 and fell in love with Offenbach in 2017. She's been DJing since she was 18, but only officially ventured into the clubs in 2020.\r\nShe has more or less dedicated herself to minimal and house music.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Luzie","end_timestamp":{"seconds":1703800800,"nanoseconds":0},"android_description":"https://soundcloud.com/kimluzieflorsch-tz\n\n\nLuzie was born in Frankfurt in 1995 and fell in love with Offenbach in 2017. She's been DJing since she was 18, but only officially ventured into the clubs in 2020.\r\nShe has more or less dedicated herself to minimal and house music.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T22:00:00.000-0000","id":53865,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703793600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T20:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"ENTER THE PASTOR\n\n\nhttps://soundcloud.com/pastoraufmann\r\nhttps://soundcloud.com/soundsouttarange","title":"Pastor Aufmann","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703800800,"nanoseconds":0},"android_description":"ENTER THE PASTOR\n\n\nhttps://soundcloud.com/pastoraufmann\r\nhttps://soundcloud.com/soundsouttarange","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T22:00:00.000-0000","id":53849,"begin_timestamp":{"seconds":1703793600,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T20:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Many in our community enjoy playing with sound technology, and are passionate about music, but are afraid to take the step into composition. I'm here to tell you that the rules of what sounds good are simpler than you think, and based on math. And that once you know these rules, you can also break them in creative ways. We will talk about the harmonic series, rhythm, and flow of energy, all illustrated with examples. We will also see the basics of sound design, maybe go over simple tools that make a good DJ, and if we have enough time we will touch on psychoacoustics and other fun and surprising tricks in creating sound. There are no prerequisites here, we're starting from scratch. If you have a digital audio workstation on your laptop already, bring it, but you'll enjoy yourself either way.\r\n\r\nZaGa is a music producer and composer, who loves tinkering on the frontier of audio technology. https://zaga.bandcamp.com/\n\n\nMany in our community enjoy playing with sound technology, and are passionate about music, but are afraid to take the step into composition. I'm here to tell you that the rules of what sounds good are simpler than you think, and based on math. And that once you know these rules, you can also break them in creative ways. We will talk about the harmonic series, rhythm, and flow of energy, all illustrated with examples. We will also see the basics of sound design, maybe go over simple tools that make a good DJ, and if we have enough time we will touch on psychoacoustics and other fun and surprising tricks in creating sound. There are no prerequisites here, we're starting from scratch. If you have a digital audio workstation on your laptop already, bring it, but you'll enjoy yourself either way.\r\n\r\nZaGa is a music producer and composer, who loves tinkering on the frontier of audio technology. https://zaga.bandcamp.com/","title":"Music Composition for Hackers","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"Many in our community enjoy playing with sound technology, and are passionate about music, but are afraid to take the step into composition. I'm here to tell you that the rules of what sounds good are simpler than you think, and based on math. And that once you know these rules, you can also break them in creative ways. We will talk about the harmonic series, rhythm, and flow of energy, all illustrated with examples. We will also see the basics of sound design, maybe go over simple tools that make a good DJ, and if we have enough time we will touch on psychoacoustics and other fun and surprising tricks in creating sound. There are no prerequisites here, we're starting from scratch. If you have a digital audio workstation on your laptop already, bring it, but you'll enjoy yourself either way.\r\n\r\nZaGa is a music producer and composer, who loves tinkering on the frontier of audio technology. https://zaga.bandcamp.com/\n\n\nMany in our community enjoy playing with sound technology, and are passionate about music, but are afraid to take the step into composition. I'm here to tell you that the rules of what sounds good are simpler than you think, and based on math. And that once you know these rules, you can also break them in creative ways. We will talk about the harmonic series, rhythm, and flow of energy, all illustrated with examples. We will also see the basics of sound design, maybe go over simple tools that make a good DJ, and if we have enough time we will touch on psychoacoustics and other fun and surprising tricks in creating sound. There are no prerequisites here, we're starting from scratch. If you have a digital audio workstation on your laptop already, bring it, but you'll enjoy yourself either way.\r\n\r\nZaGa is a music producer and composer, who loves tinkering on the frontier of audio technology. https://zaga.bandcamp.com/","end_timestamp":{"seconds":1703796000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T20:40:00.000-0000","id":53683,"begin_timestamp":{"seconds":1703793600,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"House","hotel":"","short_name":"House","id":46137},"begin":"2023-12-28T20:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"An introduction to the [oreboot project](https://github.com/oreboot/oreboot); firmware written in Rust, a downstream fork of [coreboot](https://coreboot.org).\n\n\n","title":"oreboot introduction","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"An introduction to the [oreboot project](https://github.com/oreboot/oreboot); firmware written in Rust, a downstream fork of [coreboot](https://coreboot.org).","end_timestamp":{"seconds":1703793600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T20:00:00.000-0000","id":53486,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703791800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T19:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The European Health Data Space (EHDS) will come 2024.\r\nAfter putting an opt-out-option in this proposal of the European Commission in the last minute, it is in the trilogue now.\r\nWe want to point out what it means practically including the diverse use forms, also regarding data use by force.\r\nThe massive excess of authority of the EU-Commission becomes so far backed by the EU-Parliarment, though the regulation of health political context is due to the national states.\r\nWe furthermore want to show institutional ways available to the individual being ready if this form of robber baronry becames law.\r\n\r\nSpeakers: novider, Flysch, jockel\r\n\r\n\r\npresentation shown in self organized session: \r\nhttps://patientenrechte-datenschutz.de/wp-content/uploads/2023/12/EHDS_fnf.pdf\r\n\r\nEHDS commission draft: \r\nhttps://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2022/0197/COM_COM(2022)0197_EN.pdf\r\n\r\nposition EU council on EHDS: \r\nhttps://data.consilium.europa.eu/doc/document/ST-16048-2023-REV-1/en/pdf\r\n\r\namendments EU parliament to EHDS: \r\nhttps://www.europarl.europa.eu/doceo/document/TA-9-2023-0462_EN.pdf\r\n\r\nconsolidated text with changes EU parliament: \r\nhttps://www.europarl.europa.eu/meetdocs/2014_2019/plmrep/COMMITTEES/CJ43/AMC/2023/11-28/Item4-EHDS-compromiseamendments_EN.pdf\r\n\r\nExpert opinion Prof. Schröder on limits of possible anonymization of medical \r\ndata (German): \r\nhttps://freiheitsrechte.org/uploads/documents/Freiheit-im-digitalen-Zeitalter/Gesundheitsdaten/2022-04-25-Gutachten_Schroeder-Gesundheitsdaten-Gesellschaft_fuer_Freiheitsrechte.pdf\r\n\r\nExpert opinion Prof J.M. Veenbrink, Prof. J.W. van de Gronden, Mr. dr. L.R. Glas \r\nabout legal responsibility of EU (Dutch) : \r\nhttps://open.overheid.nl/documenten/ronl-c248fc7eeb75444cda4d0ab4c4fd57ad4d29cb72/pdf\r\n\r\ncontact to organizers: kontakt@patientenrechte-datenschutz.de\n\n\n","title":"European Health Data Space - A Cash Cow","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703797200,"nanoseconds":0},"android_description":"The European Health Data Space (EHDS) will come 2024.\r\nAfter putting an opt-out-option in this proposal of the European Commission in the last minute, it is in the trilogue now.\r\nWe want to point out what it means practically including the diverse use forms, also regarding data use by force.\r\nThe massive excess of authority of the EU-Commission becomes so far backed by the EU-Parliarment, though the regulation of health political context is due to the national states.\r\nWe furthermore want to show institutional ways available to the individual being ready if this form of robber baronry becames law.\r\n\r\nSpeakers: novider, Flysch, jockel\r\n\r\n\r\npresentation shown in self organized session: \r\nhttps://patientenrechte-datenschutz.de/wp-content/uploads/2023/12/EHDS_fnf.pdf\r\n\r\nEHDS commission draft: \r\nhttps://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2022/0197/COM_COM(2022)0197_EN.pdf\r\n\r\nposition EU council on EHDS: \r\nhttps://data.consilium.europa.eu/doc/document/ST-16048-2023-REV-1/en/pdf\r\n\r\namendments EU parliament to EHDS: \r\nhttps://www.europarl.europa.eu/doceo/document/TA-9-2023-0462_EN.pdf\r\n\r\nconsolidated text with changes EU parliament: \r\nhttps://www.europarl.europa.eu/meetdocs/2014_2019/plmrep/COMMITTEES/CJ43/AMC/2023/11-28/Item4-EHDS-compromiseamendments_EN.pdf\r\n\r\nExpert opinion Prof. Schröder on limits of possible anonymization of medical \r\ndata (German): \r\nhttps://freiheitsrechte.org/uploads/documents/Freiheit-im-digitalen-Zeitalter/Gesundheitsdaten/2022-04-25-Gutachten_Schroeder-Gesundheitsdaten-Gesellschaft_fuer_Freiheitsrechte.pdf\r\n\r\nExpert opinion Prof J.M. Veenbrink, Prof. J.W. van de Gronden, Mr. dr. L.R. Glas \r\nabout legal responsibility of EU (Dutch) : \r\nhttps://open.overheid.nl/documenten/ronl-c248fc7eeb75444cda4d0ab4c4fd57ad4d29cb72/pdf\r\n\r\ncontact to organizers: kontakt@patientenrechte-datenschutz.de","updated_timestamp":{"seconds":1703954760,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T21:00:00.000-0000","id":53673,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703790900,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","updated":"2023-12-30T16:46:00.000-0000","begin":"2023-12-28T19:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"You can't evict a movement! Der Energiekonzern RWE wird noch Jahre brauchen, die Kohle unter Lützi abzubaggern: Der Kampf gegen die Kohle und für Klimagerechtigkeit geht weiter! \r\n\r\n\r\n\n\n\nMobilisierung von Menschen nach Lützerath, Bauvorkehrungen zur Verteidigung treffen, die Räumungsvorbereitungen von RWE und Polizei stören, Infrastruktur-Ausbau trotz abgeschalteten Stroms, auf Presse-Anfragen aus der ganzen Welt reagieren, WLAN für alle, Live-Berichterstattung üben, Kommunikationswege absichern, Wetten dass?! gewinnen, dem kalten Wetter trotzen, sich mit andern Kämpfen solidarisieren und heimlich einen Tunnel graben.\r\n\r\nVor einem Jahr liefen die Vorbereitungen gegen die Räumung Lützeraths am größten Drecksloch Europas, Kohletagebau Garzweiler II, auf Hochtouren. Wir wollen Einblicke in diese und andere Themen geben.","title":"Lützerath Lebt! Einblicke in den Widerstand","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703793300,"nanoseconds":0},"android_description":"You can't evict a movement! Der Energiekonzern RWE wird noch Jahre brauchen, die Kohle unter Lützi abzubaggern: Der Kampf gegen die Kohle und für Klimagerechtigkeit geht weiter! \r\n\r\n\r\n\n\n\nMobilisierung von Menschen nach Lützerath, Bauvorkehrungen zur Verteidigung treffen, die Räumungsvorbereitungen von RWE und Polizei stören, Infrastruktur-Ausbau trotz abgeschalteten Stroms, auf Presse-Anfragen aus der ganzen Welt reagieren, WLAN für alle, Live-Berichterstattung üben, Kommunikationswege absichern, Wetten dass?! gewinnen, dem kalten Wetter trotzen, sich mit andern Kämpfen solidarisieren und heimlich einen Tunnel graben.\r\n\r\nVor einem Jahr liefen die Vorbereitungen gegen die Räumung Lützeraths am größten Drecksloch Europas, Kohletagebau Garzweiler II, auf Hochtouren. Wir wollen Einblicke in diese und andere Themen geben.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53661],"name":"Luca","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52293},{"conference_id":131,"event_ids":[53661],"name":"Timber","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52306},{"conference_id":131,"event_ids":[53661],"name":"Castroya","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52352},{"conference_id":131,"event_ids":[53661],"name":"Nunya","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52367},{"conference_id":131,"event_ids":[53661],"name":"Franka","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52433}],"timeband_id":1141,"links":[{"label":"Lützerath Lebt ","type":"link","url":"https://luetzerathlebt.info/"}],"end":"2023-12-28T19:55:00.000-0000","id":53661,"begin_timestamp":{"seconds":1703790900,"nanoseconds":0},"village_id":null,"tag_ids":[46125,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52352},{"tag_id":46107,"sort_order":1,"person_id":52433},{"tag_id":46107,"sort_order":1,"person_id":52293},{"tag_id":46107,"sort_order":1,"person_id":52367},{"tag_id":46107,"sort_order":1,"person_id":52306}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T19:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The demoscene is an underground computer art culture. The term demoscene comes from the word demo, short for demonstration. In the context of the demoscene the word demo means a realtime audiovisual application which is demonstrating the capabilities of the machine it runs on.\r\n\r\nDemosceners (\"sceners\") are what we call the folks with too much free time that abuse their computer skills to create releases under the demoscene.\r\n\r\nDemosceners often use nicknames (\"nicks\" or \"handles\") to identify themselves. They also tend to hang out in so-called demogroups. Some demosceners are active members of multiple demogroups, with or without using the same nickname.\r\n\r\nLet's get one thing clear: the demoscene has no commercial purpose. The only thing you'll get out of the demoscene, and this only comes after investing a significant amount of your free time into it, is a few useful soft skills and a large community of computer nerd friends.\r\n\r\nDemoscene releases are meant to show the limits of the machines, the technical skills and artistic sensibility of the makers. There are no rules to what kind of release you can make on the demoscene. Some demos are made as technical benchmarks, others as conceptual art, most are done just for fun. It is entirely up to you to explore what you like doing and share it with other demosceners.\r\n\r\nDemoscene releases can be divided into certain categories:\r\n\r\nTrack, an audio piece, can be in an executable format, in a tracker module format or in a pre-rendered wav/mp3 format\r\nGraphics entry, drawn or rendered images with fixed resolutions and/or a restricted color palette\r\nDemo, an audiovisual real-time executable demonstration for a certain platform\r\nIntro, typically a demo with file size limitation all packed into a single executable file that includes all the assets (popular size formats are 256bytes, 512bytes, 1kb, 4kb, 8kb, 64kb)\r\nAnimation, rendered graphics videos\r\nDemopack, a collection of demos in a single disk\r\nMusicdisk, a collection of demoscene tracks with an executable player interface\r\nDiskmag, a collection of texts about the demoscene with an executable graphics interface\r\nWild entry, everything else (including live performances, videos of demos on uncommon platforms, videos about demomaking, etc)\r\nReleases typically occur at demoparties, gathering events for demosceners.\r\n\r\n\n\n\nThe demoscene is an underground computer art culture. The Speaker is a member of the Demoscene since the 1980ies and gives insights how it is now and how it was back in the days and how you can participate!","title":"Demoscene now and then","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"android_description":"The demoscene is an underground computer art culture. The term demoscene comes from the word demo, short for demonstration. In the context of the demoscene the word demo means a realtime audiovisual application which is demonstrating the capabilities of the machine it runs on.\r\n\r\nDemosceners (\"sceners\") are what we call the folks with too much free time that abuse their computer skills to create releases under the demoscene.\r\n\r\nDemosceners often use nicknames (\"nicks\" or \"handles\") to identify themselves. They also tend to hang out in so-called demogroups. Some demosceners are active members of multiple demogroups, with or without using the same nickname.\r\n\r\nLet's get one thing clear: the demoscene has no commercial purpose. The only thing you'll get out of the demoscene, and this only comes after investing a significant amount of your free time into it, is a few useful soft skills and a large community of computer nerd friends.\r\n\r\nDemoscene releases are meant to show the limits of the machines, the technical skills and artistic sensibility of the makers. There are no rules to what kind of release you can make on the demoscene. Some demos are made as technical benchmarks, others as conceptual art, most are done just for fun. It is entirely up to you to explore what you like doing and share it with other demosceners.\r\n\r\nDemoscene releases can be divided into certain categories:\r\n\r\nTrack, an audio piece, can be in an executable format, in a tracker module format or in a pre-rendered wav/mp3 format\r\nGraphics entry, drawn or rendered images with fixed resolutions and/or a restricted color palette\r\nDemo, an audiovisual real-time executable demonstration for a certain platform\r\nIntro, typically a demo with file size limitation all packed into a single executable file that includes all the assets (popular size formats are 256bytes, 512bytes, 1kb, 4kb, 8kb, 64kb)\r\nAnimation, rendered graphics videos\r\nDemopack, a collection of demos in a single disk\r\nMusicdisk, a collection of demoscene tracks with an executable player interface\r\nDiskmag, a collection of texts about the demoscene with an executable graphics interface\r\nWild entry, everything else (including live performances, videos of demos on uncommon platforms, videos about demomaking, etc)\r\nReleases typically occur at demoparties, gathering events for demosceners.\r\n\r\n\n\n\nThe demoscene is an underground computer art culture. The Speaker is a member of the Demoscene since the 1980ies and gives insights how it is now and how it was back in the days and how you can participate!","end_timestamp":{"seconds":1703793300,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53648],"name":"LordSpreadpointAmiga","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52295}],"timeband_id":1141,"links":[{"label":"Teach yourself Demoscene in 14 Days","type":"link","url":"https://github.com/psenough/teach_yourself_demoscene_in_14_days"}],"end":"2023-12-28T19:55:00.000-0000","id":53648,"village_id":null,"begin_timestamp":{"seconds":1703790900,"nanoseconds":0},"tag_ids":[46118,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52295}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T19:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In this talk you will learn how ChromeOS hardware designed by Google and it's board partners differ from regular laptops/desktops.\r\n\r\nWe'll go over Coreboot development (+guide of porting it to other x86 motherboards!), EDK2 (UEFI payload we use in our firmware builds) and what it takes to make mainline Linux run on these machines.\r\n\r\nThis talk will involve ACPI tables, I2C and SPI interfaces, DSP firmware and maintenance of audio stack that differs from (almost) all x86 machines in the market.\r\n\r\nWe'll present challenges we've faced during the development cycle, tips on how to avoid pitfalls, and our plans for the future :)\n\n\nDeep dive into (ex)ChromeOS hardware from developer's perspective.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"Turning Chromebooks into regular laptops","android_description":"In this talk you will learn how ChromeOS hardware designed by Google and it's board partners differ from regular laptops/desktops.\r\n\r\nWe'll go over Coreboot development (+guide of porting it to other x86 motherboards!), EDK2 (UEFI payload we use in our firmware builds) and what it takes to make mainline Linux run on these machines.\r\n\r\nThis talk will involve ACPI tables, I2C and SPI interfaces, DSP firmware and maintenance of audio stack that differs from (almost) all x86 machines in the market.\r\n\r\nWe'll present challenges we've faced during the development cycle, tips on how to avoid pitfalls, and our plans for the future :)\n\n\nDeep dive into (ex)ChromeOS hardware from developer's perspective.","end_timestamp":{"seconds":1703793300,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53585],"name":"sdomi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52344},{"conference_id":131,"event_ids":[53585],"name":"elly","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52437}],"timeband_id":1141,"links":[{"label":"Our GitHub","type":"link","url":"https://github.com/chrultrabook"},{"label":"Forums","type":"link","url":"https://forum.chrultrabook.com/"}],"end":"2023-12-28T19:55:00.000-0000","id":53585,"begin_timestamp":{"seconds":1703790900,"nanoseconds":0},"tag_ids":[46122,46136,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52437},{"tag_id":46107,"sort_order":1,"person_id":52344}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T19:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Composer, multi-instrumentalist, trans*woman, drone lover.\n\n\nhttps://fayelavaux.bandcamp.com/","title":"Faye Lavaux","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703793600,"nanoseconds":0},"android_description":"Composer, multi-instrumentalist, trans*woman, drone lover.\n\n\nhttps://fayelavaux.bandcamp.com/","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T20:00:00.000-0000","id":53925,"begin_timestamp":{"seconds":1703790000,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T19:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Einführung in Rules Light Table Top Systeme\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Rollenspiele","end_timestamp":{"seconds":1703800800,"nanoseconds":0},"android_description":"Einführung in Rules Light Table Top Systeme","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T22:00:00.000-0000","id":53852,"begin_timestamp":{"seconds":1703790000,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Kidspace - Workshopraum in Saal B","hotel":"","short_name":"Kidspace - Workshopraum in Saal B","id":46143},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T19:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Andi und Thomas wandern durch die Welten der Fantasy, Science Fiction und mehr. Ihr Portal öffnet sich auf dem 37C3 und sie sind inspiriert, über ein Werk zu sprechen, das mit der Veranstaltung zu tun hat.","type":{"conference_id":131,"conference":"37C3","color":"#e78bea","updated_at":"2023-12-30T22:18+0000","name":"Live podcast stage (90 minutes)","id":46127},"title":"Weltenwanderer - Alles so bunt hier","android_description":"Andi und Thomas wandern durch die Welten der Fantasy, Science Fiction und mehr. Ihr Portal öffnet sich auf dem 37C3 und sie sind inspiriert, über ein Werk zu sprechen, das mit der Veranstaltung zu tun hat.","end_timestamp":{"seconds":1703795400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T20:30:00.000-0000","id":53694,"begin_timestamp":{"seconds":1703790000,"nanoseconds":0},"village_id":null,"tag_ids":[46127,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T19:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Dies wird die Launch-Folge No. 1 des Kryptographiepodcasts \"Aufgeschlüsselt\" mit Hosts ajuvo und Karolin Varner. Special Guest: Aaron Kaiser vom Max-Planck-Institut für Sicherheit und Privatsphäre","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#53b574","name":"Podcasting table (90 minutes)","id":46129},"title":"Aufgeschlüsselt","end_timestamp":{"seconds":1703795400,"nanoseconds":0},"android_description":"Dies wird die Launch-Folge No. 1 des Kryptographiepodcasts \"Aufgeschlüsselt\" mit Hosts ajuvo und Karolin Varner. Special Guest: Aaron Kaiser vom Max-Planck-Institut für Sicherheit und Privatsphäre","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T20:30:00.000-0000","id":53494,"tag_ids":[46129,46139],"village_id":null,"begin_timestamp":{"seconds":1703790000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T19:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://events.ccc.de/congress/2023/hub/en/event/pocket-science-lab-hands-on-alex-bessman-marco-a-g/\n\n\nThe goal of this workshop is to introduce participants to the PSLab and to enable them to conduct experiments using sensors as well as to control small servos of mini robots. PSLab website: https://pslab.io","title":"Pocket Science Lab Hands-on (Alex Bessman, Marco A. Gutierrez)","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"https://events.ccc.de/congress/2023/hub/en/event/pocket-science-lab-hands-on-alex-bessman-marco-a-g/\n\n\nThe goal of this workshop is to introduce participants to the PSLab and to enable them to conduct experiments using sensors as well as to control small servos of mini robots. PSLab website: https://pslab.io","end_timestamp":{"seconds":1703793600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T20:00:00.000-0000","id":53490,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703790000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"begin":"2023-12-28T19:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Kickoff im realen Raum für Orga-Treffen Haecksen Konferenz 2025","title":"Kickoff im realen Raum für Orga-Treffen Haecksen Konferenz 2025","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#7f73c6","name":"Workshop","id":46133},"end_timestamp":{"seconds":1703794200,"nanoseconds":0},"android_description":"Kickoff im realen Raum für Orga-Treffen Haecksen Konferenz 2025","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53446,53553],"name":"melzai","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52366}],"timeband_id":1141,"links":[],"end":"2023-12-28T20:10:00.000-0000","id":53446,"village_id":null,"tag_ids":[46133,46139],"begin_timestamp":{"seconds":1703788800,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52366}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"spans_timebands":"N","begin":"2023-12-28T18:40:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"**Discussion (35 mins) with input lecture** (25 mins)\r\n**Location:** Community Stage, Hall H, Level 0\r\n**Prepared by:** Digitalcourage Local Groups\r\n\r\n\"Away or Okay\": Selling your fundamental rights for money? Data protection authorities are yet strikingly shy regarding the topic and seem to approve it silently.\r\n\r\nWhat can be said against it from a societal view or from a view of fundamental rights? Is here revealed how capitalism is capturing/overturning the rule of law? What consequences does that have for our freedom(s)?\r\n\r\nHow could a defense geared against deals of that sort and based on privacy rights or fundamental rights look like? Shall we invent a Data Protection TÜV? Abolish the inform consent in the GDPR? Take over toxic capitalistic digital infrastructures?\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Diskussion: Pur-Abos – Deine Grundrechte gegen Geld?","end_timestamp":{"seconds":1703791800,"nanoseconds":0},"android_description":"**Discussion (35 mins) with input lecture** (25 mins)\r\n**Location:** Community Stage, Hall H, Level 0\r\n**Prepared by:** Digitalcourage Local Groups\r\n\r\n\"Away or Okay\": Selling your fundamental rights for money? Data protection authorities are yet strikingly shy regarding the topic and seem to approve it silently.\r\n\r\nWhat can be said against it from a societal view or from a view of fundamental rights? Is here revealed how capitalism is capturing/overturning the rule of law? What consequences does that have for our freedom(s)?\r\n\r\nHow could a defense geared against deals of that sort and based on privacy rights or fundamental rights look like? Shall we invent a Data Protection TÜV? Abolish the inform consent in the GDPR? Take over toxic capitalistic digital infrastructures?","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T19:30:00.000-0000","id":53914,"begin_timestamp":{"seconds":1703788200,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T18:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Zusammen mit den einschlägigen Experten des Nomen Nescio Club wird die größte SIGINT- Sation der Russischen Föderation in Europa seit einem Jahr systematisch ausspioniert. Sie steht in Wien 22 und umfasst etwa 18 Satellitenspiegel, die größten davon haben Durchmesser von vier Metern und sind wie alle anderen ausschließlich für Empfang ausgelegt. Das technische Equipment an den großen Schüsseln konnte bereits identifiziert werden, auch die Geschichte des Ausbaus dieser SIGINT-Station sei 2014 wurde rekonstruiert. Dazu: Die unterschätze Rolle der russischen SIGINT-Stationen im Ukrainekrieg und wie das SIGINT-Netz auf den diplomatischen Gebäuden der Russischen Föderation in Europa durch Sanktionen neutralisiert wurde. Weiter aktiv sind Wien, Budapest, Debrecen Genf und Stockholm.\n\n\nWie man eine russische Satellitenspionagestation ausspioniert. Talk mit hochauflösenden Fotos und einem Drohnenvideo.","type":{"conference_id":131,"conference":"37C3","color":"#f6ae74","updated_at":"2023-12-30T22:18+0000","name":"Talk 90 Minuten +15m Q&A","id":46132},"title":"Russki SIGINT","android_description":"Zusammen mit den einschlägigen Experten des Nomen Nescio Club wird die größte SIGINT- Sation der Russischen Föderation in Europa seit einem Jahr systematisch ausspioniert. Sie steht in Wien 22 und umfasst etwa 18 Satellitenspiegel, die größten davon haben Durchmesser von vier Metern und sind wie alle anderen ausschließlich für Empfang ausgelegt. Das technische Equipment an den großen Schüsseln konnte bereits identifiziert werden, auch die Geschichte des Ausbaus dieser SIGINT-Station sei 2014 wurde rekonstruiert. Dazu: Die unterschätze Rolle der russischen SIGINT-Stationen im Ukrainekrieg und wie das SIGINT-Netz auf den diplomatischen Gebäuden der Russischen Föderation in Europa durch Sanktionen neutralisiert wurde. Weiter aktiv sind Wien, Budapest, Debrecen Genf und Stockholm.\n\n\nWie man eine russische Satellitenspionagestation ausspioniert. Talk mit hochauflösenden Fotos und einem Drohnenvideo.","end_timestamp":{"seconds":1703794500,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53730],"name":"Erich Moechel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52405}],"timeband_id":1141,"links":[],"end":"2023-12-28T20:15:00.000-0000","id":53730,"begin_timestamp":{"seconds":1703788200,"nanoseconds":0},"village_id":null,"tag_ids":[46132,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52405}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"begin":"2023-12-28T18:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Update 1: \r\nDas angekündigte Pad mit und für Infos: https://pads.haecksen.org/l9_SiCHvTNK4Tt-ySUeVVQ?both\r\n\r\nUpdate 2:\r\nEs wurden zwei öffentliche Chat-Gruppen zur weiteren Vernetzung eingerichtet: \r\n\r\nSignal: https://signal.group/#CjQKIJYt5CAAqHv89TRzKA_uu0BMNahTIfJhk5A03-T3sDQtEhCeW6kvxSh9aJYkO4-Sp5Ss\r\n(Hinweis: Bei Signal sind Telefonnummern für die anderen Menschen in der Gruppe sichtbar.)\r\n\r\nTelegram: \r\nhttps://t.me/+4MjGntj2KythNjlk\r\n\r\nUpdate 3:\r\nEs gab ein weiteres Meetup an Tag 3 von 17 - 18 Uhr in Saal 8, um sich in Kleingruppen zu spezifischen Themen auszutauschen:\r\nhttps://events.ccc.de/congress/2023/hub/de/event/adhs-themenbasierter-austausch/\r\n\r\n\r\n\r\nWe want to get to know each other and talk about the everyday madness in a neurotypical world.\r\n\r\nAll people who find themselves on the neurodiverse spectrum with a focus on ADHD are invited. No official diagnosis is necessary. Anyone who doesn't have one or is still unsure is just as welcome. :-)\r\n\r\nThis session is organised by Deanna (she/her), chai-tee (he/him) and aster.\r\n\r\nLocation: SOS-Stage in hall Y\r\n\r\nPlease note:\r\nThis session will be in German only. \r\nFeel free to organize a similar meetup for the English speaking ADHD-community!\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"AD(H)S-Meetup (de)","android_description":"Update 1: \r\nDas angekündigte Pad mit und für Infos: https://pads.haecksen.org/l9_SiCHvTNK4Tt-ySUeVVQ?both\r\n\r\nUpdate 2:\r\nEs wurden zwei öffentliche Chat-Gruppen zur weiteren Vernetzung eingerichtet: \r\n\r\nSignal: https://signal.group/#CjQKIJYt5CAAqHv89TRzKA_uu0BMNahTIfJhk5A03-T3sDQtEhCeW6kvxSh9aJYkO4-Sp5Ss\r\n(Hinweis: Bei Signal sind Telefonnummern für die anderen Menschen in der Gruppe sichtbar.)\r\n\r\nTelegram: \r\nhttps://t.me/+4MjGntj2KythNjlk\r\n\r\nUpdate 3:\r\nEs gab ein weiteres Meetup an Tag 3 von 17 - 18 Uhr in Saal 8, um sich in Kleingruppen zu spezifischen Themen auszutauschen:\r\nhttps://events.ccc.de/congress/2023/hub/de/event/adhs-themenbasierter-austausch/\r\n\r\n\r\n\r\nWe want to get to know each other and talk about the everyday madness in a neurotypical world.\r\n\r\nAll people who find themselves on the neurodiverse spectrum with a focus on ADHD are invited. No official diagnosis is necessary. Anyone who doesn't have one or is still unsure is just as welcome. :-)\r\n\r\nThis session is organised by Deanna (she/her), chai-tee (he/him) and aster.\r\n\r\nLocation: SOS-Stage in hall Y\r\n\r\nPlease note:\r\nThis session will be in German only. \r\nFeel free to organize a similar meetup for the English speaking ADHD-community!","end_timestamp":{"seconds":1703793600,"nanoseconds":0},"updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T20:00:00.000-0000","id":53460,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703788200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"begin":"2023-12-28T18:30:00.000-0000","updated":"2023-12-30T01:42:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"DN42 can be used to learn networking and to connect private networks, such as hackerspaces or community networks. It is a big dynamic global VPN, which employs Internet technologies (BGP, whois database, DNS, etc). Participants connect to each other using network tunnels (GRE, OpenVPN, WireGuard, Tinc, IPsec) and exchange routes thanks to the Border Gateway Protocol. \r\n \r\nLet's meet-up, have a chat, share knowledge and help newcomers join DN42! \r\n \r\nbirds of a feather \r\nnoun \r\n 1. People having similar characters, backgrounds, interests, or beliefs.\n\n\nCome talk DN42, advanced networking and core Internet protocols with your peers, or discover and join the network!\r\nThis is an informal meet-up for DN42 participants and aspiring / curious people :)","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"DN42 BoF and onboarding session","end_timestamp":{"seconds":1703791800,"nanoseconds":0},"android_description":"DN42 can be used to learn networking and to connect private networks, such as hackerspaces or community networks. It is a big dynamic global VPN, which employs Internet technologies (BGP, whois database, DNS, etc). Participants connect to each other using network tunnels (GRE, OpenVPN, WireGuard, Tinc, IPsec) and exchange routes thanks to the Border Gateway Protocol. \r\n \r\nLet's meet-up, have a chat, share knowledge and help newcomers join DN42! \r\n \r\nbirds of a feather \r\nnoun \r\n 1. People having similar characters, backgrounds, interests, or beliefs.\n\n\nCome talk DN42, advanced networking and core Internet protocols with your peers, or discover and join the network!\r\nThis is an informal meet-up for DN42 participants and aspiring / curious people :)","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T19:30:00.000-0000","id":53435,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703788200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"House","hotel":"","short_name":"House","id":46137},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T18:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The transfer of Seidel's experimental films into physical space has been explored in many ways in recent years. Sculpture, architecture and even natural projection surfaces have been temporarily 'overpainted' with projections, lights or lasers. But with new advances in machine learning, there may be a kind of oversaturation, or even rigor mortis, when the moving image becomes fully part of the technical tool chain. In tech companies, universities and artists' studios, machines are working through and learning the history of humanity. \r\n\r\nCopyright dissolves; the distinction between original, imitation or inferior reproduction erodes. No origin, no responsibility, no clear direction - just a primordial soup that can be shaped into any form without challenging knowledge systems and hierarchies. In this silent but radical restructuring of entire industries, the artist becomes the template of a future digitally assembled from a multitude of fragments of the past. This artist talk addresses some of the implications of this singularity, in which history collapses to a single point in the present, and in which easy access to an infinite reworking of iconography may override the desire for a phenomenological experience...\n\n\nExploring the transfer of Seidel's experimental films into physical spaces reveals challenges that are intensifying with advances in machine learning, dissolving the lines between original and imitation. In this more or less silent restructuring of society, artists become templates for a digitally assembled future, challenging traditional hierarchies as history collapses into the present.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"Image Making Fatigue","end_timestamp":{"seconds":1703789700,"nanoseconds":0},"android_description":"The transfer of Seidel's experimental films into physical space has been explored in many ways in recent years. Sculpture, architecture and even natural projection surfaces have been temporarily 'overpainted' with projections, lights or lasers. But with new advances in machine learning, there may be a kind of oversaturation, or even rigor mortis, when the moving image becomes fully part of the technical tool chain. In tech companies, universities and artists' studios, machines are working through and learning the history of humanity. \r\n\r\nCopyright dissolves; the distinction between original, imitation or inferior reproduction erodes. No origin, no responsibility, no clear direction - just a primordial soup that can be shaped into any form without challenging knowledge systems and hierarchies. In this silent but radical restructuring of entire industries, the artist becomes the template of a future digitally assembled from a multitude of fragments of the past. This artist talk addresses some of the implications of this singularity, in which history collapses to a single point in the present, and in which easy access to an infinite reworking of iconography may override the desire for a phenomenological experience...\n\n\nExploring the transfer of Seidel's experimental films into physical spaces reveals challenges that are intensifying with advances in machine learning, dissolving the lines between original and imitation. In this more or less silent restructuring of society, artists become templates for a digitally assembled future, challenging traditional hierarchies as history collapses into the present.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53660],"name":"Robert Seidel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52410}],"timeband_id":1141,"end":"2023-12-28T18:55:00.000-0000","links":[{"label":"Homepage Robert Seidel","type":"link","url":"http://www.robertseidel.com"},{"label":"Experimentalfilm HYSTERESIS blending Performance, Drawing and AI","type":"link","url":"http://vimeo.com/robertseidel/hysteresis"}],"id":53660,"tag_ids":[46118,46136,46140],"village_id":null,"begin_timestamp":{"seconds":1703787300,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52410}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T18:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wie sähe die Welt aus, wenn wir auf Wissenschaft hören würden? Wo doch bekanntermaßen jeder Katastrophenfilm so beginnt, dass sie ignoriert wird – kurz bevor der Meteorit einschlägt, die Flut flutet und der weiße Hai alle Badenden auffrisst. Auch die akuten Krisen verdanken wir u.a. einer Politik, die Wissenschaft viel zu oft ignoriert. Die hat uns immerhin nicht nur vor Atemwegsinfektionen gewarnt, sondern auch vor zunehmenden Flutereignissen. Wer weiß, was in ihren Artikeln noch alles drinsteht? In unserem Science Slam präsentieren drei bis vier Forschende ihre Antwort darauf. Der Ausgangspunkt ist ein gemeinsames WissKomm-Buchprojekt namens „Weltrettung braucht Wissenschaft\", in dem sich zwölf junge Wissenschaftler\\*innen und Science Slammys der Frage stellen, was ihr Fachgebiet der Menschheit rät. Woraus bauen Plastikforscher die Welt? Und wie landet ihr Baustoff auf unserem Teller? Ist künstliche Intelligenz wirklich rassistisch und Medizin überwiegend für Männer? Haben Klimatologinnen eigentlich noch Hoffnung, oder weiß der Historiker da mehr? Auf dem Weg entsteht aber auch Zukunftsmusik: Verkehrsmittel, von denen Ingenieurinnen träumen, und Städte, in denen sich Füchse tummeln; auf Gentechnik basierte Medikamente und biologisch abbaubares Verpackungsmaterial. Oder, noch revolutionärer: Wege, wissenschaftliche Erkenntnisse einzusetzen, bevor es brennt. \n\n\nIm Science Slam-Stil spekulieren Forschende, wie die Welt aussähe, wenn irgendjemand auf ihr Fachgebiet hören würde. Die Erkenntnisse reichen von Energiewende und Biodiversität bis zu Neurowissenschaften und geschlechtergerechter Medizin. Nach dem Chaos Communication Camp jetzt auch in Hamburg.","title":"Science Slam","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"android_description":"Wie sähe die Welt aus, wenn wir auf Wissenschaft hören würden? Wo doch bekanntermaßen jeder Katastrophenfilm so beginnt, dass sie ignoriert wird – kurz bevor der Meteorit einschlägt, die Flut flutet und der weiße Hai alle Badenden auffrisst. Auch die akuten Krisen verdanken wir u.a. einer Politik, die Wissenschaft viel zu oft ignoriert. Die hat uns immerhin nicht nur vor Atemwegsinfektionen gewarnt, sondern auch vor zunehmenden Flutereignissen. Wer weiß, was in ihren Artikeln noch alles drinsteht? In unserem Science Slam präsentieren drei bis vier Forschende ihre Antwort darauf. Der Ausgangspunkt ist ein gemeinsames WissKomm-Buchprojekt namens „Weltrettung braucht Wissenschaft\", in dem sich zwölf junge Wissenschaftler\\*innen und Science Slammys der Frage stellen, was ihr Fachgebiet der Menschheit rät. Woraus bauen Plastikforscher die Welt? Und wie landet ihr Baustoff auf unserem Teller? Ist künstliche Intelligenz wirklich rassistisch und Medizin überwiegend für Männer? Haben Klimatologinnen eigentlich noch Hoffnung, oder weiß der Historiker da mehr? Auf dem Weg entsteht aber auch Zukunftsmusik: Verkehrsmittel, von denen Ingenieurinnen träumen, und Städte, in denen sich Füchse tummeln; auf Gentechnik basierte Medikamente und biologisch abbaubares Verpackungsmaterial. Oder, noch revolutionärer: Wege, wissenschaftliche Erkenntnisse einzusetzen, bevor es brennt. \n\n\nIm Science Slam-Stil spekulieren Forschende, wie die Welt aussähe, wenn irgendjemand auf ihr Fachgebiet hören würde. Die Erkenntnisse reichen von Energiewende und Biodiversität bis zu Neurowissenschaften und geschlechtergerechter Medizin. Nach dem Chaos Communication Camp jetzt auch in Hamburg.","end_timestamp":{"seconds":1703789700,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53647,53571],"name":"Maria-Elena Vorrath","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52424},{"conference_id":131,"event_ids":[53647],"name":"FrancaParianen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52426}],"timeband_id":1141,"links":[{"label":"Link zum Chaos Camp Slam","type":"link","url":"https://events.ccc.de/camp/2023/hub/camp23/en/event/chaos-science-slam/"}],"end":"2023-12-28T18:55:00.000-0000","id":53647,"village_id":null,"begin_timestamp":{"seconds":1703787300,"nanoseconds":0},"tag_ids":[46120,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52426},{"tag_id":46107,"sort_order":1,"person_id":52424}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T18:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Es wird immer wieder behauptet, die Einführung generativer KI-Systeme wie ChatGPT und Midjourney habe eine neue Ära der Möglichkeiten eröffnet, insbesondere im Bereich der digitalen Barrierefreiheit. Diese Technologien und Unternehmen versprechen, den Alltag von Menschen mit Behinderungen durch innovative Lösungen zu erleichtern. Beispielsweise ermöglichen neue, multi-modale Large Language Models die Generierung von Alternativtexten, die visuelle Inhalte für sehbehinderte Nutzer\\*innen zugänglicher machen könnten. Auch die Erstellung von Texten in Leichter Sprache kann durch diese Modelle vereinfacht werden, wodurch Informationen für Menschen mit Lernbehinderungen oder Nicht-Muttersprachler\\*innen leichter verständlich werden können.\r\n\r\nDoch die Integration von KI in unseren Alltag als behinderte Menschen bringt nicht nur Vorteile. Trotz der neuen Fähigkeiten von KI-Systemen kommen einige neue Herausforderungen hinzu. Dazu gehören unter anderem reproduzierter Ableismus, neue für uns unsichtbare Barrieren und der zunehmende gesellschaftliche Unwille, Barrierefreiheit und somit echte Inklusion zu schaffen, wenn Hilfsmittel immer besser werden. Unter Umständen werden Menschen mit Behinderung in einem gesellschaftlichen Kontext noch unsichtbarer, als sie es sowieso sind.\r\n\r\nBei meiner Arbeit als Beraterin für digitale Barrierefreiheit und als sehbehinderte Person spreche ich mittlerweile täglich über generative KI. Neben den vielen Möglichkeiten, die mir diese Systeme persönlich eröffnen, sehe ich aber auch viele Herausforderungen, denen wir in naher Zukunft entgegentreten müssen. Es ist daher unerlässlich, dass wir die Entwicklung von KI-Tools kritisch begleiten, um eine inklusive digitale Zukunft zu gestalten, in der technologischer Fortschritt Hand in Hand mit menschlicher Vielfalt geht. Im Vortrag werfe ich einen detaillierten Blick auf alle diese Punkte, ordne ein und diskutiere, was dafür notwendig ist.\n\n\nSpätestens seit Ende 2022 sind generative KI-Systeme wie ChatGPT und Midjourney in aller Munde, und sie werden dabei nicht selten auch als Game-Changer für die digitale Barrierefreiheit postuliert. Doch wo stehen wir eigentlich gerade wirklich, was können diese Systeme bereits jetzt für uns tun, und was bringt uns die Zukunft? Es ist höchste Zeit für einen unverfälschten „Reality Check“ und einen authentischen Blick in den Alltag von Menschen mit Behinderung.","title":"Rettet uns die KI?","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703789700,"nanoseconds":0},"android_description":"Es wird immer wieder behauptet, die Einführung generativer KI-Systeme wie ChatGPT und Midjourney habe eine neue Ära der Möglichkeiten eröffnet, insbesondere im Bereich der digitalen Barrierefreiheit. Diese Technologien und Unternehmen versprechen, den Alltag von Menschen mit Behinderungen durch innovative Lösungen zu erleichtern. Beispielsweise ermöglichen neue, multi-modale Large Language Models die Generierung von Alternativtexten, die visuelle Inhalte für sehbehinderte Nutzer\\*innen zugänglicher machen könnten. Auch die Erstellung von Texten in Leichter Sprache kann durch diese Modelle vereinfacht werden, wodurch Informationen für Menschen mit Lernbehinderungen oder Nicht-Muttersprachler\\*innen leichter verständlich werden können.\r\n\r\nDoch die Integration von KI in unseren Alltag als behinderte Menschen bringt nicht nur Vorteile. Trotz der neuen Fähigkeiten von KI-Systemen kommen einige neue Herausforderungen hinzu. Dazu gehören unter anderem reproduzierter Ableismus, neue für uns unsichtbare Barrieren und der zunehmende gesellschaftliche Unwille, Barrierefreiheit und somit echte Inklusion zu schaffen, wenn Hilfsmittel immer besser werden. Unter Umständen werden Menschen mit Behinderung in einem gesellschaftlichen Kontext noch unsichtbarer, als sie es sowieso sind.\r\n\r\nBei meiner Arbeit als Beraterin für digitale Barrierefreiheit und als sehbehinderte Person spreche ich mittlerweile täglich über generative KI. Neben den vielen Möglichkeiten, die mir diese Systeme persönlich eröffnen, sehe ich aber auch viele Herausforderungen, denen wir in naher Zukunft entgegentreten müssen. Es ist daher unerlässlich, dass wir die Entwicklung von KI-Tools kritisch begleiten, um eine inklusive digitale Zukunft zu gestalten, in der technologischer Fortschritt Hand in Hand mit menschlicher Vielfalt geht. Im Vortrag werfe ich einen detaillierten Blick auf alle diese Punkte, ordne ein und diskutiere, was dafür notwendig ist.\n\n\nSpätestens seit Ende 2022 sind generative KI-Systeme wie ChatGPT und Midjourney in aller Munde, und sie werden dabei nicht selten auch als Game-Changer für die digitale Barrierefreiheit postuliert. Doch wo stehen wir eigentlich gerade wirklich, was können diese Systeme bereits jetzt für uns tun, und was bringt uns die Zukunft? Es ist höchste Zeit für einen unverfälschten „Reality Check“ und einen authentischen Blick in den Alltag von Menschen mit Behinderung.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53484],"name":"Casey Kreer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52407}],"timeband_id":1141,"links":[{"label":"Netzpolitik.org - GPT-4: Das nächste große Ding für digitale Zugänglichkeit?","type":"link","url":"https://netzpolitik.org/2023/gpt-4-das-naechste-grosse-ding-fuer-digitale-zugaenglichkeit/"}],"end":"2023-12-28T18:55:00.000-0000","id":53484,"village_id":null,"tag_ids":[46121,46136,46139],"begin_timestamp":{"seconds":1703787300,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52407}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T18:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/resi-resom\n\n\nhört doch einfach zu.","title":"resom","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703793600,"nanoseconds":0},"android_description":"https://soundcloud.com/resi-resom\n\n\nhört doch einfach zu.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T20:00:00.000-0000","id":53864,"tag_ids":[46137,46141],"village_id":null,"begin_timestamp":{"seconds":1703786400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T18:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Warum immer nur den FAIL Tisch ? Dieses Jahr wird es Positiv. Was hat euer Podcast jemals positives für euch gemacht ? Also außer Verbesserung der Technik im Homeoffice .. Das versteht sich ja von selbst. Wir erzählen was so positiv am Podcasten ist. \r\n\r\nWeitere konspirative Teilnehmer der unabhängigen Podcastervereinigung gerne gesehen. Allerdings keine Podcaster der Podimopodcastpartei .. diese Spalter","type":{"conference_id":131,"conference":"37C3","color":"#93758d","updated_at":"2023-12-30T22:18+0000","name":"Podcasting table (45 minutes)","id":46128},"title":"Fantas-Tisch","android_description":"Warum immer nur den FAIL Tisch ? Dieses Jahr wird es Positiv. Was hat euer Podcast jemals positives für euch gemacht ? Also außer Verbesserung der Technik im Homeoffice .. Das versteht sich ja von selbst. Wir erzählen was so positiv am Podcasten ist. \r\n\r\nWeitere konspirative Teilnehmer der unabhängigen Podcastervereinigung gerne gesehen. Allerdings keine Podcaster der Podimopodcastpartei .. diese Spalter","end_timestamp":{"seconds":1703789100,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53572,53522,53723,54019],"name":"Sven Uckermann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52388}],"timeband_id":1141,"links":[],"end":"2023-12-28T18:45:00.000-0000","id":53723,"village_id":null,"tag_ids":[46128,46139],"begin_timestamp":{"seconds":1703786400,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52388}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T18:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://events.ccc.de/congress/2023/hub/en/event/building-tiny-programming-languages-mohit-karekar/\n\n\nLet's building tiny programming languages and go through the process of program synthesis by building a compiler frontend.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Building Tiny Programming Languages (Mohit Karekar)","android_description":"https://events.ccc.de/congress/2023/hub/en/event/building-tiny-programming-languages-mohit-karekar/\n\n\nLet's building tiny programming languages and go through the process of program synthesis by building a compiler frontend.","end_timestamp":{"seconds":1703790000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T19:00:00.000-0000","id":53720,"begin_timestamp":{"seconds":1703786400,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T18:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir blicken auf ein Jahr voller rechter, rassistischer und antisemitischer Kampagnen zurück. Der Diskurs um Migration und Flucht wird mit zunehmender Selbstverständlichkeit als ein Diskurs der Abwehr und des Ausschlusses der „Anderen“ geführt. Dies drückt sich in immer neuen Gesetzesverschärfungen bis hin zur Forderung nach einer vollständigen Abschaffung des Grundrechtes auf Asyl aus. Und auch in anderen Bereichen der Politik wird der Ruf nach autoritären „Lösungen“ für tatsächliche oder vermeintliche Probleme lauter. Nur vor diesem gesellschaftlichen Hintergrund sind die Wahlerfolge der AfD in Hessen und Bayern zu verstehen.\r\n\r\nFür uns ist klar: Unter solchen gesellschaftlichen Bedingungen wächst die Gefahr rechten Terrors. Die Zahl der antisemitischen, rassistischen und rechten Angriffe steigt weiterhin, denn Rechte Täter*innen können sich als diejenigen verstehen, die einen vermeintlichen „Volkswillen“ in die Tat umsetzen. Sie finden vermehrt die Ermöglichungsstrukturen, die sie für ihre Taten benötigen – in rechten Organisationen ebenso wie im Netz oder im direkten sozialen Umfeld.\r\n\r\nWir wollen im Podcast auf das Jahr 2023 zurückschauen und ausloten, wo wir im Kampf gegen rechten Terror stehen. Was sind unsere Möglichkeiten, zu informieren und zu intervenieren? Wir müssen von Staat und Gesellschaft Aufklärung und Konsequenzen einfordern, die Arbeit von Polizei, Justiz und Parlamenten kritisch beobachten, Verharmlosung und Entpolitisierung entgegentreten, solidarisch sein und Betroffenen in ihren Kämpfen um Anerkennung und Gerechtigkeit beiseite stehen. Dafür scheinen die Räume enger und weniger zu werden. Was können wir 2024 gemeinsam erreichen?","title":"NSU-Watch: Aufklären & Einmischen. Der Jahresrückblick 2023.","type":{"conference_id":131,"conference":"37C3","color":"#4cd5fe","updated_at":"2023-12-30T22:18+0000","name":"Live podcast stage (45 minutes)","id":46126},"android_description":"Wir blicken auf ein Jahr voller rechter, rassistischer und antisemitischer Kampagnen zurück. Der Diskurs um Migration und Flucht wird mit zunehmender Selbstverständlichkeit als ein Diskurs der Abwehr und des Ausschlusses der „Anderen“ geführt. Dies drückt sich in immer neuen Gesetzesverschärfungen bis hin zur Forderung nach einer vollständigen Abschaffung des Grundrechtes auf Asyl aus. Und auch in anderen Bereichen der Politik wird der Ruf nach autoritären „Lösungen“ für tatsächliche oder vermeintliche Probleme lauter. Nur vor diesem gesellschaftlichen Hintergrund sind die Wahlerfolge der AfD in Hessen und Bayern zu verstehen.\r\n\r\nFür uns ist klar: Unter solchen gesellschaftlichen Bedingungen wächst die Gefahr rechten Terrors. Die Zahl der antisemitischen, rassistischen und rechten Angriffe steigt weiterhin, denn Rechte Täter*innen können sich als diejenigen verstehen, die einen vermeintlichen „Volkswillen“ in die Tat umsetzen. Sie finden vermehrt die Ermöglichungsstrukturen, die sie für ihre Taten benötigen – in rechten Organisationen ebenso wie im Netz oder im direkten sozialen Umfeld.\r\n\r\nWir wollen im Podcast auf das Jahr 2023 zurückschauen und ausloten, wo wir im Kampf gegen rechten Terror stehen. Was sind unsere Möglichkeiten, zu informieren und zu intervenieren? Wir müssen von Staat und Gesellschaft Aufklärung und Konsequenzen einfordern, die Arbeit von Polizei, Justiz und Parlamenten kritisch beobachten, Verharmlosung und Entpolitisierung entgegentreten, solidarisch sein und Betroffenen in ihren Kämpfen um Anerkennung und Gerechtigkeit beiseite stehen. Dafür scheinen die Räume enger und weniger zu werden. Was können wir 2024 gemeinsam erreichen?","end_timestamp":{"seconds":1703789100,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53693],"name":"Caro Keller (NSU-Watch)","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52297}],"timeband_id":1141,"links":[],"end":"2023-12-28T18:45:00.000-0000","id":53693,"village_id":null,"tag_ids":[46126,46139],"begin_timestamp":{"seconds":1703786400,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52297}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"begin":"2023-12-28T18:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Du interessierst dich für einen kritischen und selbstbestimmte Umgang mit Informationstechnik? Für Faire Computer, Datenschutz, Frieden, oder IT in der Arbeitswelt? Dann komm vorbei und lerne gleichgesinnte kennen. Egal ob langjährige FIfF Mitlieder, oder einfach nur neugierig, alle Menschen sind herzlich zu unserem Vernetzungstreffen eingeladen!\n\n\n","title":"Forum InformatikerInnen für Frieden und gesellschaftliche Verantwortung e. V. (FIfF) - Vernetzungstreffen","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703790000,"nanoseconds":0},"android_description":"Du interessierst dich für einen kritischen und selbstbestimmte Umgang mit Informationstechnik? Für Faire Computer, Datenschutz, Frieden, oder IT in der Arbeitswelt? Dann komm vorbei und lerne gleichgesinnte kennen. Egal ob langjährige FIfF Mitlieder, oder einfach nur neugierig, alle Menschen sind herzlich zu unserem Vernetzungstreffen eingeladen!","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T19:00:00.000-0000","id":53686,"begin_timestamp":{"seconds":1703786400,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","begin":"2023-12-28T18:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This year the 1st Congress Skat Tournament will be held for all friends of Skat and those who want to become one.\r\n\r\nNon-binding registration at [Nuudel](https://nuudel.digitalcourage.de/TO4oi5TKZANNdv6n) powered by DigitalCourage. The first 40 players on the list are guaranteed a place. If more than 40 players register, they will be placed on the waiting list (see registration page) or additional tables will be opened according to availability.\r\n\r\nYou must know the basic Skat rules to ensure a fair competition for everyone. However, the level of playing experience is irrelevant. The winner and last place will receive a small prize. The other places may receive prizes, depending on availability.\r\n\r\nThe best thing to do is to look for the hashtag [#37c3Skat](https://chaos.social/tags/37c3Skat) on your Mastodon client or in the web. This is where the latest developments regarding tournament preparation will be published. Unfortunately, there is not enough capacity for further communication channels.\r\n\r\nMore information can be found at the [web page of the tournament](https://0x1b.de/37c3Skat/index_en.html).\n\n\n","title":"1. Congress Skatturnier auf dem 37c3","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703804400,"nanoseconds":0},"android_description":"This year the 1st Congress Skat Tournament will be held for all friends of Skat and those who want to become one.\r\n\r\nNon-binding registration at [Nuudel](https://nuudel.digitalcourage.de/TO4oi5TKZANNdv6n) powered by DigitalCourage. The first 40 players on the list are guaranteed a place. If more than 40 players register, they will be placed on the waiting list (see registration page) or additional tables will be opened according to availability.\r\n\r\nYou must know the basic Skat rules to ensure a fair competition for everyone. However, the level of playing experience is irrelevant. The winner and last place will receive a small prize. The other places may receive prizes, depending on availability.\r\n\r\nThe best thing to do is to look for the hashtag [#37c3Skat](https://chaos.social/tags/37c3Skat) on your Mastodon client or in the web. This is where the latest developments regarding tournament preparation will be published. Unfortunately, there is not enough capacity for further communication channels.\r\n\r\nMore information can be found at the [web page of the tournament](https://0x1b.de/37c3Skat/index_en.html).","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T23:00:00.000-0000","id":53684,"begin_timestamp":{"seconds":1703786400,"nanoseconds":0},"tag_ids":[46137,46139,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"Y","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T18:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"If you're helping somebody solving an interesting issue, summarize your experiences with something or write anything that might be cool to be around in a couple of years as well, you do provide potential high-value content. The message in this talk to all those authors is: don't use web-based forums.\r\n\r\nUnfortunately, all content of closed, centralized services will be lost in the long run. This talk will give examples from the past where human kind lost many important contributions.\r\n\r\nTherefore, it is necessary to choose the platform you contribute to wisely now instead of learning through more large data loss events later-on. The talk summarizes the dangers and provides positive examples how loss of knowledge can be minimized in future.\r\n\r\nSpeaker: Karl Voit\r\n\r\n45min of talk, Q&A + discussion afterwards\r\n\r\nYou can find a blog article, a talk recording (linking the talk page with the slides) and more links on the same topic on https://karl-voit.at/2020/10/23/avoid-web-forums/\n\n\n","title":"Don't Contribute Anything Relevant in Web Forums Like Reddit, HN, facebook, ...","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703790000,"nanoseconds":0},"android_description":"If you're helping somebody solving an interesting issue, summarize your experiences with something or write anything that might be cool to be around in a couple of years as well, you do provide potential high-value content. The message in this talk to all those authors is: don't use web-based forums.\r\n\r\nUnfortunately, all content of closed, centralized services will be lost in the long run. This talk will give examples from the past where human kind lost many important contributions.\r\n\r\nTherefore, it is necessary to choose the platform you contribute to wisely now instead of learning through more large data loss events later-on. The talk summarizes the dangers and provides positive examples how loss of knowledge can be minimized in future.\r\n\r\nSpeaker: Karl Voit\r\n\r\n45min of talk, Q&A + discussion afterwards\r\n\r\nYou can find a blog article, a talk recording (linking the talk page with the slides) and more links on the same topic on https://karl-voit.at/2020/10/23/avoid-web-forums/","updated_timestamp":{"seconds":1703808300,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T19:00:00.000-0000","id":53672,"village_id":null,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703786400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","updated":"2023-12-29T00:05:00.000-0000","begin":"2023-12-28T18:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Duration: 30 mins\r\n(followed by a discussion initiated by Digitalcourage local group Braunschweig)\r\n\r\nThe Digitalcourage local groups care for data protection and participation in a growing number of towns in Germany in a world, that constantly becomes more digitized but somtimes excludes people and leaves them behind. As local groups we try to fix that on a regional and nationwide level.\r\n\r\nIt doesn't matter if you are an old Digitalcourage member or are just curious - all people that want to engage on a local level are coridially invited.\r\n\r\nCookies will be served.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Triff die Digitalcourage-Ortsgruppen!","end_timestamp":{"seconds":1703788200,"nanoseconds":0},"android_description":"Duration: 30 mins\r\n(followed by a discussion initiated by Digitalcourage local group Braunschweig)\r\n\r\nThe Digitalcourage local groups care for data protection and participation in a growing number of towns in Germany in a world, that constantly becomes more digitized but somtimes excludes people and leaves them behind. As local groups we try to fix that on a regional and nationwide level.\r\n\r\nIt doesn't matter if you are an old Digitalcourage member or are just curious - all people that want to engage on a local level are coridially invited.\r\n\r\nCookies will be served.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T18:30:00.000-0000","id":53485,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703786400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","begin":"2023-12-28T18:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Every day from 18:30 to 19:00 at the 37c3 Kidspace, we're hosting a bedtime story reading session. Perfect for everyone looking to unwind after an exciting day at the Congress. Among others, we'll read from works like 'Ada and Zangemann: A Fairy Tale about Software, Skateboards, and Raspberry Ice Cream' – just one example of the many captivating stories that await you.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"GuteN8Geschichten - Tag 2","android_description":"Every day from 18:30 to 19:00 at the 37c3 Kidspace, we're hosting a bedtime story reading session. Perfect for everyone looking to unwind after an exciting day at the Congress. Among others, we'll read from works like 'Ada and Zangemann: A Fairy Tale about Software, Skateboards, and Raspberry Ice Cream' – just one example of the many captivating stories that await you.","end_timestamp":{"seconds":1703786400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T18:00:00.000-0000","id":53711,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703784600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Kidspace - Saal B","hotel":"","short_name":"Kidspace - Saal B","id":46158},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T17:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Pinhole cameras, caffenol, cyanotype & co - reinventing the wheel to take an analog photo!\r\n \r\nShoot and develop your own analog photo with minimalist equipment and non-toxic household ingredients! A selfmade pinhole camera, photo paper and coffee as a developer is enough to get started.After that, the result will be printed on self-made blue & white cyanotype paper.No prior knowledge needed, all material is provided.\r\n\r\n############\r\n\r\nElias / Anna\r\n We are hobby photographers / filmers always looking for new ways & recipes to expand our knowledge about analog photographic processes.\n\n\nLochkameras, Caffenol, Blaudruck & co - erfinde das Rad neu, um ein analoges Photo zu schießen!","title":"Art and Play: DIY photolab research","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703797200,"nanoseconds":0},"android_description":"Pinhole cameras, caffenol, cyanotype & co - reinventing the wheel to take an analog photo!\r\n \r\nShoot and develop your own analog photo with minimalist equipment and non-toxic household ingredients! A selfmade pinhole camera, photo paper and coffee as a developer is enough to get started.After that, the result will be printed on self-made blue & white cyanotype paper.No prior knowledge needed, all material is provided.\r\n\r\n############\r\n\r\nElias / Anna\r\n We are hobby photographers / filmers always looking for new ways & recipes to expand our knowledge about analog photographic processes.\n\n\nLochkameras, Caffenol, Blaudruck & co - erfinde das Rad neu, um ein analoges Photo zu schießen!","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T21:00:00.000-0000","id":53937,"begin_timestamp":{"seconds":1703782800,"nanoseconds":0},"tag_ids":[46137,46139,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Art and Play Workshop table [H]","hotel":"","short_name":"Art and Play Workshop table [H]","id":46162},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Es ist Ende 2023: seit der initialen Gründung von #clubsAREculture sind über 1.000 Tage vergangen, die Pandemie ist offiziell längst vorbei, der Chaos Communication Congress findet endlich wieder statt und seit Mai 2021 sind Clubs vom Deutschen Bundestag als Kulturstätten anerkannt. Das klingt gut und als würde alles bestens laufen, aber die Realität sieht leider anders aus: nach wie vor schließen bundesweit Clubs. Mieten werden teurer, die Energiekosten steigen und die Inflation hat sich wie eine dicke Staubschicht über alles gelegt. Und wie geht es nun weiter mit der Clubkultur?\r\n\r\nWas wir bisher erreichen konnten, was wir noch alles vorhaben und warum ein Club baurechtlich immer noch nicht wie eine Oper behandelt wird – all das erfahrt ihr bei unserem Panel auf dem 37C3. Wir freuen uns auf Euch!\r\n\r\nTeilnehmer:innen:\r\nIris Hinze (Clubverstärker Bremen)\r\nStefan Hangl (Vorstand Motorschiff Stubnitz e. V.)\r\nThore Debor (LiveKomm AG Kulturraumschutz)\r\n\r\nModeration: jadzia (CCC)\r\n\r\nhttps://www.clubsareculture.de/termine/unlocked-next-level-on-unambiguous-terms-clubsareculture-goes-37c3/\n\n\nIm Sommer starteten wir die Kampagne #clubsAREculture – Rettet die Clubs!","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"#clubsAREculture","end_timestamp":{"seconds":1703786400,"nanoseconds":0},"android_description":"Es ist Ende 2023: seit der initialen Gründung von #clubsAREculture sind über 1.000 Tage vergangen, die Pandemie ist offiziell längst vorbei, der Chaos Communication Congress findet endlich wieder statt und seit Mai 2021 sind Clubs vom Deutschen Bundestag als Kulturstätten anerkannt. Das klingt gut und als würde alles bestens laufen, aber die Realität sieht leider anders aus: nach wie vor schließen bundesweit Clubs. Mieten werden teurer, die Energiekosten steigen und die Inflation hat sich wie eine dicke Staubschicht über alles gelegt. Und wie geht es nun weiter mit der Clubkultur?\r\n\r\nWas wir bisher erreichen konnten, was wir noch alles vorhaben und warum ein Club baurechtlich immer noch nicht wie eine Oper behandelt wird – all das erfahrt ihr bei unserem Panel auf dem 37C3. Wir freuen uns auf Euch!\r\n\r\nTeilnehmer:innen:\r\nIris Hinze (Clubverstärker Bremen)\r\nStefan Hangl (Vorstand Motorschiff Stubnitz e. V.)\r\nThore Debor (LiveKomm AG Kulturraumschutz)\r\n\r\nModeration: jadzia (CCC)\r\n\r\nhttps://www.clubsareculture.de/termine/unlocked-next-level-on-unambiguous-terms-clubsareculture-goes-37c3/\n\n\nIm Sommer starteten wir die Kampagne #clubsAREculture – Rettet die Clubs!","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T18:00:00.000-0000","id":53920,"begin_timestamp":{"seconds":1703782800,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","begin":"2023-12-28T17:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: Sebastian Jünemann\r\n\r\nHumanitäre Katastrophenhilfe birgt an sich schon viele Einsatzrisiken. Das potenziert sich natürlich noch, wenn es sich nicht um einen Einsatz nach einer Naturkatastrophe in einem vorher „stabilen“ Land/Umfeld handelt, sondern um Einsätze in Bezug auf Krieg oder kriegerische Auseinandersetzungen. \r\nWie kann sich so einer Einsatzlage angenähert werden? Wie die verschiedenen Risiken durchdacht und bewertet werden? Wie können Planungen erfolgen, um den Risiken etwas entgegenzusetzen?\r\nIm Workshop „Frodo aus dem AuAland“ machen wir mit Paper und Pen eine Risk Analysis und Mitigation-Planung anhand eines fiktiven humanitären Einsatzes vor den Toren Mordors.\n\n\nHumanitäre Katastrophenhilfe birgt an sich schon viele Einsatzrisiken.","title":"Frodo aus dem AuAland – Risk Analysis and Mitigation für eine humanitäre Intervention vor den Toren Mordors","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703786400,"nanoseconds":0},"android_description":"Host: Sebastian Jünemann\r\n\r\nHumanitäre Katastrophenhilfe birgt an sich schon viele Einsatzrisiken. Das potenziert sich natürlich noch, wenn es sich nicht um einen Einsatz nach einer Naturkatastrophe in einem vorher „stabilen“ Land/Umfeld handelt, sondern um Einsätze in Bezug auf Krieg oder kriegerische Auseinandersetzungen. \r\nWie kann sich so einer Einsatzlage angenähert werden? Wie die verschiedenen Risiken durchdacht und bewertet werden? Wie können Planungen erfolgen, um den Risiken etwas entgegenzusetzen?\r\nIm Workshop „Frodo aus dem AuAland“ machen wir mit Paper und Pen eine Risk Analysis und Mitigation-Planung anhand eines fiktiven humanitären Einsatzes vor den Toren Mordors.\n\n\nHumanitäre Katastrophenhilfe birgt an sich schon viele Einsatzrisiken.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T18:00:00.000-0000","id":53917,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703782800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Hinweis: Die Kernveranstaltung dauert ca. 1 Stunde. Wenn die Anwesenden das wollen, können aber danach gemeinsam Fragen geklärt oder spezielle Bedingungen direkt bei euch auf der Arbeit gemeinsam besprochen werden (max. 2h insgesamt).\n\n\nWir werden aus ein paar wenigen Unzufriedenen, eine schlagkräftige Gemeinschaft, um gegen schlechte Arbeitsbedingungen vorzugehen? Wir werden in diesem Workshop (absolut keinerlei Vorkenntnisse notwendig!) uns die Methode des Soziogramms genauer anschauen und gemeinsam ausprobieren, wie wir unsere Arbeitskolleg*innen für Veränderungen gewinnen können.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Workshop: Organizing für Einsteiger*innen (am Arbeitsplatz)","end_timestamp":{"seconds":1703790000,"nanoseconds":0},"android_description":"Hinweis: Die Kernveranstaltung dauert ca. 1 Stunde. Wenn die Anwesenden das wollen, können aber danach gemeinsam Fragen geklärt oder spezielle Bedingungen direkt bei euch auf der Arbeit gemeinsam besprochen werden (max. 2h insgesamt).\n\n\nWir werden aus ein paar wenigen Unzufriedenen, eine schlagkräftige Gemeinschaft, um gegen schlechte Arbeitsbedingungen vorzugehen? Wir werden in diesem Workshop (absolut keinerlei Vorkenntnisse notwendig!) uns die Methode des Soziogramms genauer anschauen und gemeinsam ausprobieren, wie wir unsere Arbeitskolleg*innen für Veränderungen gewinnen können.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T19:00:00.000-0000","id":53841,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703782800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Freie Arbeiter*innen Union (FAU)","hotel":"","short_name":"Freie Arbeiter*innen Union (FAU)","id":46146},"begin":"2023-12-28T17:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir als demokratische Gesellschaft haben ziemlich große Herausforderungen vor uns (Klima, Ressourcen, Verteilung, gesellschaftliche Normen, ...). Diese akzeptabel zu lösen, wird ziemlich schwierig, wenn wir nicht “vernünftig” miteinander diskutieren können und auf Basis solcher Diskussionen dann gut informierte Entscheidungen treffen.\r\n\r\nLeider läuft es aktuell ganz anders, insbesondere im digitalen Raum: Bei kontroversen Themen findet sachlicher Austausch gut begründeter Argumente viel seltener statt als Irreführung, Polemik und Beleidigungen bis hin zu harter digitaler Gewalt. Bezugsloses Aneinander-Vorbeireden oder das Versanden der Diskussion sind dann zwar noch vergleichsweise harmlose Verläufe – sie helfen aber beim Finden von Problemlösungen auch nicht.\r\n\r\nOft werden diese Probleme auf indivdueller Ebene thematisiert aber ein zivilgesellschaftlicher bzw. aktivistischer Rahmen, um sie auf Systemebene anzugehen fehlte bislang. Deswegen hat sich im Sommer 2023 eine Gruppe gegründet, die das ändern möchte. \r\n\r\nDer Vortrag stellt die Gruppe *Konstruktive Digitale Diskussionskultur* (KDDK) auf Basis ihres zwölf Thesen umfassenden Positionspapiers und anhand passender Beispiele vor. Dabei werden u.a. folgende Fragen behandelt:\r\n\r\n- Worin besteht das Problem mit der Diskussionskultur?\r\n- Warum ist das sehr kritisch?\r\n- Wie können Schritte in Richtung einer Lösung aussehen?\n\n\nDigital geführte Diskussionen über kontroverse Themen sind oft frustrierend: Sie gleiten ins Unsachliche ab, sie eskalieren, z.T. bis hin zu harter digitaler Gewalt, oder sie versanden ergebnislos. \r\nDie Gruppe *Konstruktive Digitale Diskussionskultur* (KDDK) hat das Ziel, sich sytematisch (d.h. über die individuelle Ebene hinaus) und lösungsorientiert mit dem Problem zu befassen.\r\n\r\nDer Vortrag stellt die Problemwahrnehmung und mögliche Lösungsansätze aus Sicht der Gruppe vor.","title":"Konstruktive Digitale Diskussionskultur (KDDK)","type":{"conference_id":131,"conference":"37C3","color":"#6fdce3","updated_at":"2023-12-30T22:18+0000","name":"Talk 30 min + 10 min Q&A","id":46131},"android_description":"Wir als demokratische Gesellschaft haben ziemlich große Herausforderungen vor uns (Klima, Ressourcen, Verteilung, gesellschaftliche Normen, ...). Diese akzeptabel zu lösen, wird ziemlich schwierig, wenn wir nicht “vernünftig” miteinander diskutieren können und auf Basis solcher Diskussionen dann gut informierte Entscheidungen treffen.\r\n\r\nLeider läuft es aktuell ganz anders, insbesondere im digitalen Raum: Bei kontroversen Themen findet sachlicher Austausch gut begründeter Argumente viel seltener statt als Irreführung, Polemik und Beleidigungen bis hin zu harter digitaler Gewalt. Bezugsloses Aneinander-Vorbeireden oder das Versanden der Diskussion sind dann zwar noch vergleichsweise harmlose Verläufe – sie helfen aber beim Finden von Problemlösungen auch nicht.\r\n\r\nOft werden diese Probleme auf indivdueller Ebene thematisiert aber ein zivilgesellschaftlicher bzw. aktivistischer Rahmen, um sie auf Systemebene anzugehen fehlte bislang. Deswegen hat sich im Sommer 2023 eine Gruppe gegründet, die das ändern möchte. \r\n\r\nDer Vortrag stellt die Gruppe *Konstruktive Digitale Diskussionskultur* (KDDK) auf Basis ihres zwölf Thesen umfassenden Positionspapiers und anhand passender Beispiele vor. Dabei werden u.a. folgende Fragen behandelt:\r\n\r\n- Worin besteht das Problem mit der Diskussionskultur?\r\n- Warum ist das sehr kritisch?\r\n- Wie können Schritte in Richtung einer Lösung aussehen?\n\n\nDigital geführte Diskussionen über kontroverse Themen sind oft frustrierend: Sie gleiten ins Unsachliche ab, sie eskalieren, z.T. bis hin zu harter digitaler Gewalt, oder sie versanden ergebnislos. \r\nDie Gruppe *Konstruktive Digitale Diskussionskultur* (KDDK) hat das Ziel, sich sytematisch (d.h. über die individuelle Ebene hinaus) und lösungsorientiert mit dem Problem zu befassen.\r\n\r\nDer Vortrag stellt die Problemwahrnehmung und mögliche Lösungsansätze aus Sicht der Gruppe vor.","end_timestamp":{"seconds":1703786400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53729],"name":"CarK","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52309}],"timeband_id":1141,"links":[],"end":"2023-12-28T18:00:00.000-0000","id":53729,"begin_timestamp":{"seconds":1703782800,"nanoseconds":0},"village_id":null,"tag_ids":[46131,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52309}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"spans_timebands":"N","begin":"2023-12-28T17:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://events.ccc.de/congress/2023/hub/en/event/codeheat-open-source-developer-contest/\n\n\nBuild up your developer profile and become a codeheat hero! Win a trip to FOSSASIA Summit 2024. CodeHeat is the annual coding contest for students and developers to contribute to Free and Open Source software (FOSS) and open hardware projects https://codeheat.org/","title":"Codeheat Introductory Workshop (Untari, Hong Phuc Dang)","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703786400,"nanoseconds":0},"android_description":"https://events.ccc.de/congress/2023/hub/en/event/codeheat-open-source-developer-contest/\n\n\nBuild up your developer profile and become a codeheat hero! Win a trip to FOSSASIA Summit 2024. CodeHeat is the annual coding contest for students and developers to contribute to Free and Open Source software (FOSS) and open hardware projects https://codeheat.org/","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T18:00:00.000-0000","id":53719,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703782800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Skat is a card game that has been played for over 200 years, especially in Germany, and is played by a large number of players. In this session, I will talk about the game, its history and its fascination. I will also discuss the differences between \"Pub Skat\" and the organization of Skat tournaments according to the International Skat Rules and Skat Competition Rules.\r\n\r\nThis session is a good preparation for the [1st Congress Skat Tournament](https://events.ccc.de/congress/2023/hub/en/event/1-congress-skatturnier-auf-dem-37c3/) that will take place afterwards, but is not a prerequisite for participation in the tournament.\r\n\r\nEveryone who wants to know something about Skat is invited.\n\n\n","title":"Warum ist Skat so faszinierend?","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"Skat is a card game that has been played for over 200 years, especially in Germany, and is played by a large number of players. In this session, I will talk about the game, its history and its fascination. I will also discuss the differences between \"Pub Skat\" and the organization of Skat tournaments according to the International Skat Rules and Skat Competition Rules.\r\n\r\nThis session is a good preparation for the [1st Congress Skat Tournament](https://events.ccc.de/congress/2023/hub/en/event/1-congress-skatturnier-auf-dem-37c3/) that will take place afterwards, but is not a prerequisite for participation in the tournament.\r\n\r\nEveryone who wants to know something about Skat is invited.","end_timestamp":{"seconds":1703785800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T17:50:00.000-0000","id":53671,"begin_timestamp":{"seconds":1703782800,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"begin":"2023-12-28T17:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Tägliche Meetups zum Netzwerken, gegenseitiges Kennenlernen, Tipps geben.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Bits & Bäume Community Treffen Tag 2","android_description":"Tägliche Meetups zum Netzwerken, gegenseitiges Kennenlernen, Tipps geben.","end_timestamp":{"seconds":1703786400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T18:00:00.000-0000","id":53493,"begin_timestamp":{"seconds":1703782800,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Community Space","hotel":"","short_name":"Bits & Bäume Community Space","id":46145},"spans_timebands":"N","begin":"2023-12-28T17:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In this physical practice session, we will present EightOS — a practice of hacking your own and somebody else's body using a combination of martial art techniques and various body practices. \r\n\r\nThe participating hackers are guaranteed to be refreshed afterward and have a nice body sensation after a mild interactive physical practice. You'll also meet others through words and code, their touch, and — if you prefer — their punch.\r\n\r\nWe will explore notions such as resilience, vulnerability, adaptation, and infiltration — but in relation to the body. How can you \"infiltrate\" a body? What is a body that is \"resilient\"? All this becomes very tangible and practical as soon as you start practicing those concepts and not only talking about them. \r\n\r\nWe hope that you will get not only activated physically but also inspired intellectually seeing how you can apply these ideas outside of the physical context and in your hacking practice as well.\r\n\r\nThe exact location is TBC after we get the map of the space. In the meanwhile, if you have any questions, please, reach out on Telegram @noduslabs\r\n\r\nHosted by @aerodynamika (Dmitry Paranyushkin) and @kirikoo_des (Koo Des / NSDOS)\r\n\r\nMore info: [www.8os.io](https://8os.io)\n\n\n","title":"EightOS: Embodied Hacking Practice [8 OS Physical Movement Session]","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"In this physical practice session, we will present EightOS — a practice of hacking your own and somebody else's body using a combination of martial art techniques and various body practices. \r\n\r\nThe participating hackers are guaranteed to be refreshed afterward and have a nice body sensation after a mild interactive physical practice. You'll also meet others through words and code, their touch, and — if you prefer — their punch.\r\n\r\nWe will explore notions such as resilience, vulnerability, adaptation, and infiltration — but in relation to the body. How can you \"infiltrate\" a body? What is a body that is \"resilient\"? All this becomes very tangible and practical as soon as you start practicing those concepts and not only talking about them. \r\n\r\nWe hope that you will get not only activated physically but also inspired intellectually seeing how you can apply these ideas outside of the physical context and in your hacking practice as well.\r\n\r\nThe exact location is TBC after we get the map of the space. In the meanwhile, if you have any questions, please, reach out on Telegram @noduslabs\r\n\r\nHosted by @aerodynamika (Dmitry Paranyushkin) and @kirikoo_des (Koo Des / NSDOS)\r\n\r\nMore info: [www.8os.io](https://8os.io)","end_timestamp":{"seconds":1703788200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T18:30:00.000-0000","id":53459,"begin_timestamp":{"seconds":1703782800,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Inhalt/Ziel: zuerst geht es um allgemeine Grundlagen - wie kann ich eine Gehörlose Person auf mich aufmerksam machen? Wie kommuniziere ich mit einer Gehörlosen Person, wenn ich kein Fingeralphabet/keine Gebärdensprache beherrsche? Und schlussendlich lernen wir auch das Fingeralphabet, und einige wichtige Gebärden in ÖGS und DGS (ja, Österreichische und Deutsche Gebärdensprache sind verschieden!).\n\n\nZielgruppe: Hörende, die Kommunikationshürden mit d/Deaf oder HoH Personen überwinden wollen. Keine Kenntnisse von Gebärdensprachen oder Fingeralphabet notwendig :)","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#7f73c6","name":"Workshop","id":46133},"title":"Kommunikation und Interaktion mit Gehörlosen - ein paar Grundlagen","end_timestamp":{"seconds":1703788200,"nanoseconds":0},"android_description":"Inhalt/Ziel: zuerst geht es um allgemeine Grundlagen - wie kann ich eine Gehörlose Person auf mich aufmerksam machen? Wie kommuniziere ich mit einer Gehörlosen Person, wenn ich kein Fingeralphabet/keine Gebärdensprache beherrsche? Und schlussendlich lernen wir auch das Fingeralphabet, und einige wichtige Gebärden in ÖGS und DGS (ja, Österreichische und Deutsche Gebärdensprache sind verschieden!).\n\n\nZielgruppe: Hörende, die Kommunikationshürden mit d/Deaf oder HoH Personen überwinden wollen. Keine Kenntnisse von Gebärdensprachen oder Fingeralphabet notwendig :)","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53445,53807],"name":"Helga Velroyen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52253},{"conference_id":131,"event_ids":[53445],"name":"Stoni","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52287},{"conference_id":131,"event_ids":[53445,53807],"name":"lavalaempchen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52389}],"timeband_id":1141,"links":[],"end":"2023-12-28T18:30:00.000-0000","id":53445,"tag_ids":[46133,46139],"begin_timestamp":{"seconds":1703782800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52253},{"tag_id":46107,"sort_order":1,"person_id":52287},{"tag_id":46107,"sort_order":1,"person_id":52389}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Um die Verwaltungsdigitalisierung in Europa, besonders aber in Deutschland, steht es nicht gut. Wir kennen es alle: Expert*innen sagen, dass der Einsatz einer speziellen Technologie für ein dediziertes Projekt nicht gut wäre, es wird trotzdem eingesetzt und am Ende scheitert das Projekt mit Ansage. \r\n\r\nDiese Podcast-Episode möchte folgende Themen beleuchten: \r\n\r\n • Wie steht es aktuell um die Verwaltungsdigitalisierung in Deutschland, im besonderen unter dem Aspekt Nachhaltigkeit\r\n\r\n • Inwiefern kann der vollständige (sukzessive) Umstieg bzw. insgesamt der Einsatz freier Softwarelösungen in (deutschen) Behörden und der öffentlichen Verwaltung dabei helfen, die Digitalisierung dort nachhaltiger zu gestalten?\r\n\r\n • Wie steht es um die Interoperabilität? \r\n\r\n • Wie steht es um Barrierefreiheit, Teilhabe für Alle, Inklusion bei den digitalen Verwaltungsdienstleistungen?","title":"Wie kann eine Verwaltungsdigitalisierung in Deutschland und Europa nachhaltig und bevölkerungsfreundlich gestaltet werden?","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#93758d","name":"Podcasting table (45 minutes)","id":46128},"end_timestamp":{"seconds":1703783700,"nanoseconds":0},"android_description":"Um die Verwaltungsdigitalisierung in Europa, besonders aber in Deutschland, steht es nicht gut. Wir kennen es alle: Expert*innen sagen, dass der Einsatz einer speziellen Technologie für ein dediziertes Projekt nicht gut wäre, es wird trotzdem eingesetzt und am Ende scheitert das Projekt mit Ansage. \r\n\r\nDiese Podcast-Episode möchte folgende Themen beleuchten: \r\n\r\n • Wie steht es aktuell um die Verwaltungsdigitalisierung in Deutschland, im besonderen unter dem Aspekt Nachhaltigkeit\r\n\r\n • Inwiefern kann der vollständige (sukzessive) Umstieg bzw. insgesamt der Einsatz freier Softwarelösungen in (deutschen) Behörden und der öffentlichen Verwaltung dabei helfen, die Digitalisierung dort nachhaltiger zu gestalten?\r\n\r\n • Wie steht es um die Interoperabilität? \r\n\r\n • Wie steht es um Barrierefreiheit, Teilhabe für Alle, Inklusion bei den digitalen Verwaltungsdienstleistungen?","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53722],"name":"Lukas Schieren","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52475},{"conference_id":131,"event_ids":[53722],"name":"Marco Bakera","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52496}],"timeband_id":1141,"links":[],"end":"2023-12-28T17:15:00.000-0000","id":53722,"begin_timestamp":{"seconds":1703781000,"nanoseconds":0},"tag_ids":[46128,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52475},{"tag_id":46107,"sort_order":1,"person_id":52496}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T16:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Workshop zum Vortrag \"Weil be excellent to each other nicht reicht -> https://events.ccc.de/congress/2023/hub/event/weil_be_excellent_to_each_other_nicht_reicht/\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Workshop - Weil be excellent to eachother nicht reicht","end_timestamp":{"seconds":1703786400,"nanoseconds":0},"android_description":"Workshop zum Vortrag \"Weil be excellent to each other nicht reicht -> https://events.ccc.de/congress/2023/hub/event/weil_be_excellent_to_each_other_nicht_reicht/","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T18:00:00.000-0000","id":53682,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703781000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"begin":"2023-12-28T16:30:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The #TeamDatenschutz (team data protection) is used in the (more or less) social networks to assemble data protection officers, programmers, lawyers, activists, or supervisory authorities, as well as other people interested in data protection.\r\n\r\nThis Self-organized Session is intended as a meet up, where people can meet other persons interested in data protection, maybe see someone again, and for sharing or ranting about data protection topics and issues, etc.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"#TeamDatenschutz-Meetup","end_timestamp":{"seconds":1703787300,"nanoseconds":0},"android_description":"The #TeamDatenschutz (team data protection) is used in the (more or less) social networks to assemble data protection officers, programmers, lawyers, activists, or supervisory authorities, as well as other people interested in data protection.\r\n\r\nThis Self-organized Session is intended as a meet up, where people can meet other persons interested in data protection, maybe see someone again, and for sharing or ranting about data protection topics and issues, etc.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T18:15:00.000-0000","id":53698,"village_id":null,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703780100,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"House","hotel":"","short_name":"House","id":46137},"spans_timebands":"N","begin":"2023-12-28T16:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"You attempt to analyze a binary file compiled in the Rust programming language. You open the file in your favorite disassembler. Twenty minutes later you wish you had never been born. You’ve trained yourself to think like g++ and msvc: Here’s a loop, there’s a vtable, that’s a global variable, a library function, an exception. Now you need to think like the Rust compiler. Maybe you’ve heard about “sum types” and “generics” and “iterators”, maybe you haven’t, and in both cases you are going to have an exceptionally bad time.\r\n\r\nThis talk will get you familiar with the assembly code idioms the Rust compiler uses to implement the language’s core features (as they appear in Klabnik’s and Nichols’ “The Rust Programming Language”), and more generally, the frame of mind required for reverse-engineering such programs. How is an Option represented using the same amount of memory as a plain T? How do monomorphized generic functions complicate RE work? What's the right approach to untangle many-layered, unintuitive iterator chains? We will tackle these questions and many more.\r\n\r\nIncludes a publicly available lab setup with several sample programs that showcase core Rust features as compiled to assembly.\n\n\nA walkthrough of the assembly code idioms the Rust compiler uses to implement the language’s core features (as they appear in Klabnik’s and Nichols’ “The Rust Programming Language”) - starting with simple match expressions and all the way to monomorphized functions and iterator chains.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Rust Binary Analysis, Feature by Feature","android_description":"You attempt to analyze a binary file compiled in the Rust programming language. You open the file in your favorite disassembler. Twenty minutes later you wish you had never been born. You’ve trained yourself to think like g++ and msvc: Here’s a loop, there’s a vtable, that’s a global variable, a library function, an exception. Now you need to think like the Rust compiler. Maybe you’ve heard about “sum types” and “generics” and “iterators”, maybe you haven’t, and in both cases you are going to have an exceptionally bad time.\r\n\r\nThis talk will get you familiar with the assembly code idioms the Rust compiler uses to implement the language’s core features (as they appear in Klabnik’s and Nichols’ “The Rust Programming Language”), and more generally, the frame of mind required for reverse-engineering such programs. How is an Option represented using the same amount of memory as a plain T? How do monomorphized generic functions complicate RE work? What's the right approach to untangle many-layered, unintuitive iterator chains? We will tackle these questions and many more.\r\n\r\nIncludes a publicly available lab setup with several sample programs that showcase core Rust features as compiled to assembly.\n\n\nA walkthrough of the assembly code idioms the Rust compiler uses to implement the language’s core features (as they appear in Klabnik’s and Nichols’ “The Rust Programming Language”) - starting with simple match expressions and all the way to monomorphized functions and iterator chains.","end_timestamp":{"seconds":1703782500,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53659],"name":"Ben H","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52450}],"timeband_id":1141,"links":[],"end":"2023-12-28T16:55:00.000-0000","id":53659,"village_id":null,"tag_ids":[46124,46136,46140],"begin_timestamp":{"seconds":1703780100,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52450}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"begin":"2023-12-28T16:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"After many attempts to build AI models that are smarter than human beings, we find ourselves confronted with a family of surprisingly successful systems that match many of our abilities through text prediction and text/image correlation. The limits of these approaches are presently unclear, and while they work in very different ways than our minds, they pose the question whether consciousness, embodiment and motivation are necessary for achieving general intelligence. What are the differences between human (and animal) minds and the current generation of AI models? When we compare perspectives on mind and consciousness that have been developed in neuroscience, philosophy of mind, theoretical and therapeutic psychology, and numerous cultural traditions, and translate them into the metaphysics and conceptual frameworks of artificial intelligence, we may gain insights into this question.\n\n\nDespite the rapid progress of AI capabilities, the core question of Artificial Intelligence seems to be still unanswered: What does it take to create a mind? Let us explore the boundaries of AI: sentience, self awareness, and the possibility of machine consciousness.\r\n","title":"Synthetic Sentience","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"After many attempts to build AI models that are smarter than human beings, we find ourselves confronted with a family of surprisingly successful systems that match many of our abilities through text prediction and text/image correlation. The limits of these approaches are presently unclear, and while they work in very different ways than our minds, they pose the question whether consciousness, embodiment and motivation are necessary for achieving general intelligence. What are the differences between human (and animal) minds and the current generation of AI models? When we compare perspectives on mind and consciousness that have been developed in neuroscience, philosophy of mind, theoretical and therapeutic psychology, and numerous cultural traditions, and translate them into the metaphysics and conceptual frameworks of artificial intelligence, we may gain insights into this question.\n\n\nDespite the rapid progress of AI capabilities, the core question of Artificial Intelligence seems to be still unanswered: What does it take to create a mind? Let us explore the boundaries of AI: sentience, self awareness, and the possibility of machine consciousness.","end_timestamp":{"seconds":1703783700,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53646],"name":"Joscha","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52284}],"timeband_id":1141,"links":[],"end":"2023-12-28T17:15:00.000-0000","id":53646,"tag_ids":[46123,46136,46140],"village_id":null,"begin_timestamp":{"seconds":1703780100,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52284}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T16:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"During the presentation we'll look at DNA damage, explain the different types of radiation, their effects on the body and what measures you can take to protect yourself from different sources. Afterwards we'll build DIY Geiger Counters.\r\n\r\nThe workshop will take 90 minutes, 60 minutes theory at CDC and 30 minutes of soldering at the Hardware Hacking Area. (we will go together)","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"How Radiation Affects Us All and How you can Mesure it - DIY Geiger Counter","end_timestamp":{"seconds":1703782800,"nanoseconds":0},"android_description":"During the presentation we'll look at DNA damage, explain the different types of radiation, their effects on the body and what measures you can take to protect yourself from different sources. Afterwards we'll build DIY Geiger Counters.\r\n\r\nThe workshop will take 90 minutes, 60 minutes theory at CDC and 30 minutes of soldering at the Hardware Hacking Area. (we will go together)","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T17:00:00.000-0000","id":53935,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703779200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"begin":"2023-12-28T16:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Mogreens:\r\nJoining Beh on the decks at the Chaos Communication Congress is Mogreens, another veteran DJ with a deep affinity for the CCC scene. Mogreens, though rooted in electronic music, extends his sonic spectrum to the realms of jazz, showcasing a unique blend of influences that keeps audiences on their toes.\r\n\r\nIn addition to his musical prowess, Mogreens brings a quirky and endearing love for manatees into the mix, adding a delightful charm to his persona. As a long-time participant in the CCC community, Mogreens' sets are a testament to the evolving nature of electronic music, seamlessly integrating jazz elements and showcasing his passion for diverse sounds.\r\n\r\nTogether, Beh and Mogreens are set to enchant the audience at the Chillfloor of Chaos Communication Congress, delivering a back-to-back vinyl experience that bridges the past and present of electronic music, all while paying homage to their enduring connection to the CCC community. Get ready for a journey through the beats, where the old meets the new in a harmonious dance of sound and technology.\r\n\r\nBeh:\r\nDJ Beh, a seasoned artist deeply rooted in the Chaos Communication Congress (CCC) scene, brings a wealth of experience and an eclectic taste to the turntables. A long-time member of the c-base community, Beh has been a significant contributor to the electronic music landscape, particularly within the CCC circles. While his primary focus lies in electronic genres, he's known to sprinkle his sets with the resonant beats of dubstep, showcasing his diverse musical palette.\r\n\r\nBeh's connection to the CCC community spans ages, making him a respected figure among techno enthusiasts. His penchant for experimentation is reflected not only in his music but also in his involvement with the vibrant c-base, where technology and creativity converge. Beyond the decks, Beh harbors a soft spot for sloth, adding a touch of whimsy to his serious dedication to the craft.\n\n\nhttps://soundcloud.com/beh2342/teemukke-mix-for-chaos-infusion-hip-2022\r\nhttps://hearthis.at/mogreens/","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Mo Greens & Beh","end_timestamp":{"seconds":1703790000,"nanoseconds":0},"android_description":"Mogreens:\r\nJoining Beh on the decks at the Chaos Communication Congress is Mogreens, another veteran DJ with a deep affinity for the CCC scene. Mogreens, though rooted in electronic music, extends his sonic spectrum to the realms of jazz, showcasing a unique blend of influences that keeps audiences on their toes.\r\n\r\nIn addition to his musical prowess, Mogreens brings a quirky and endearing love for manatees into the mix, adding a delightful charm to his persona. As a long-time participant in the CCC community, Mogreens' sets are a testament to the evolving nature of electronic music, seamlessly integrating jazz elements and showcasing his passion for diverse sounds.\r\n\r\nTogether, Beh and Mogreens are set to enchant the audience at the Chillfloor of Chaos Communication Congress, delivering a back-to-back vinyl experience that bridges the past and present of electronic music, all while paying homage to their enduring connection to the CCC community. Get ready for a journey through the beats, where the old meets the new in a harmonious dance of sound and technology.\r\n\r\nBeh:\r\nDJ Beh, a seasoned artist deeply rooted in the Chaos Communication Congress (CCC) scene, brings a wealth of experience and an eclectic taste to the turntables. A long-time member of the c-base community, Beh has been a significant contributor to the electronic music landscape, particularly within the CCC circles. While his primary focus lies in electronic genres, he's known to sprinkle his sets with the resonant beats of dubstep, showcasing his diverse musical palette.\r\n\r\nBeh's connection to the CCC community spans ages, making him a respected figure among techno enthusiasts. His penchant for experimentation is reflected not only in his music but also in his involvement with the vibrant c-base, where technology and creativity converge. Beyond the decks, Beh harbors a soft spot for sloth, adding a touch of whimsy to his serious dedication to the craft.\n\n\nhttps://soundcloud.com/beh2342/teemukke-mix-for-chaos-infusion-hip-2022\r\nhttps://hearthis.at/mogreens/","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T19:00:00.000-0000","id":53924,"begin_timestamp":{"seconds":1703779200,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"N","begin":"2023-12-28T16:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: Eileen Leistner\r\n\r\nAls Gesellschaft für Freiheitsrechte setzen wir uns für starke Grundrechte ein. Doch wie sähen wir als Lego - Figur aus? Baue uns deshalb eine Freiheitskämpferin oder einen Freiheitskämpfer, der sich für Freiheit und Gerechtigkeit einsetzt. Alle Lego - Kunstwerke können später bei uns am Stand noch bewundert werden.\n\n\nWir haben eine kleine Lego - Challenge für alle Kinder oder andere Interessierte.","title":"Lego - Challenge: Baue eine Freiheitskämpferin oder einen Freiheitskämpfer","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"Host: Eileen Leistner\r\n\r\nAls Gesellschaft für Freiheitsrechte setzen wir uns für starke Grundrechte ein. Doch wie sähen wir als Lego - Figur aus? Baue uns deshalb eine Freiheitskämpferin oder einen Freiheitskämpfer, der sich für Freiheit und Gerechtigkeit einsetzt. Alle Lego - Kunstwerke können später bei uns am Stand noch bewundert werden.\n\n\nWir haben eine kleine Lego - Challenge für alle Kinder oder andere Interessierte.","end_timestamp":{"seconds":1703782800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T17:00:00.000-0000","id":53688,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703779200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T16:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We're here to meet our community! Whether you have been funded by Prototype Fund, have questions about how to apply or want to talk about FOSS funding in general, come say hi.\r\n\r\nThis session is intended as an informal meetup for past and future projects of the Prototype Fund and everyone who wants to discuss various aspects of Free and Open Source Software funding. \r\n\r\nIf you consider applying or don't know how to get funding for your software project, come and ask us any questions you may have! This is also a great opportunity to meet people we have funded in the past and learn from their experience.\r\nWe also love to talk about anything around the topic of funding. How do we build a strong funding ecosystem? Which funding models have shown that they work? What is currently missing? \r\nOf course we're also happy to answer any questions you have about Prototype Fund in general.\r\n\r\nAbout us: The Prototype Fund is a funding program of the Federal Ministry of Education and Research (BMBF) that is managed and evaluated by the Open Knowledge Foundation Germany.\r\nIndividuals and small teams (of freelance coders, hackers, UX designers and more) can receive funding in order to test their ideas and develop open source applications in the areas of Civic Tech, Data Literacy, IT Security and Software Infrastructure. We aim to keep innovation processes as well as infrastructures open and accessible.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Prototype Fund & Friends Meetup","android_description":"We're here to meet our community! Whether you have been funded by Prototype Fund, have questions about how to apply or want to talk about FOSS funding in general, come say hi.\r\n\r\nThis session is intended as an informal meetup for past and future projects of the Prototype Fund and everyone who wants to discuss various aspects of Free and Open Source Software funding. \r\n\r\nIf you consider applying or don't know how to get funding for your software project, come and ask us any questions you may have! This is also a great opportunity to meet people we have funded in the past and learn from their experience.\r\nWe also love to talk about anything around the topic of funding. How do we build a strong funding ecosystem? Which funding models have shown that they work? What is currently missing? \r\nOf course we're also happy to answer any questions you have about Prototype Fund in general.\r\n\r\nAbout us: The Prototype Fund is a funding program of the Federal Ministry of Education and Research (BMBF) that is managed and evaluated by the Open Knowledge Foundation Germany.\r\nIndividuals and small teams (of freelance coders, hackers, UX designers and more) can receive funding in order to test their ideas and develop open source applications in the areas of Civic Tech, Data Literacy, IT Security and Software Infrastructure. We aim to keep innovation processes as well as infrastructures open and accessible.","end_timestamp":{"seconds":1703782800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T17:00:00.000-0000","id":53670,"village_id":null,"begin_timestamp":{"seconds":1703779200,"nanoseconds":0},"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"begin":"2023-12-28T16:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This special edition of the Berlin Bitcoin Socratic Seminar summarizes notable technical and academic developments in Bitcoin during all of 2023.\r\n\r\nThe Bitcoin Socratic Seminar is a regular monthly event that usually takes place at c-base in Berlin.\r\n\r\nThe technical level of this seminar is usually quite high. However, we would like to invite everyone to join and participate in our discussion. We are not interested in: price, speculation, markets, and politics.\n\n\n","title":"Socratic Seminar: Bitcoin 2023 Year-in-Review","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703786400,"nanoseconds":0},"android_description":"This special edition of the Berlin Bitcoin Socratic Seminar summarizes notable technical and academic developments in Bitcoin during all of 2023.\r\n\r\nThe Bitcoin Socratic Seminar is a regular monthly event that usually takes place at c-base in Berlin.\r\n\r\nThe technical level of this seminar is usually quite high. However, we would like to invite everyone to join and participate in our discussion. We are not interested in: price, speculation, markets, and politics.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T18:00:00.000-0000","id":53621,"village_id":null,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703779200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T16:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Just one sign switched and all of physics changes: Objects can now roll uphill and are stretched towards infinity when rotated. Planets are no longer spherical but hyperbolic and stars have a dark cone where none of their light shines into. In this talk, we will explore the weird physics in a spacetime with signature (-,-,+,+) as presented by Greg Egan in the novel „Dichronauts“.\r\n\r\nFor everybody. No prior knowledge required. (Knowing metrics is helpful, but they will be explained.)\r\n\r\n🧮🦆\n\n\n","title":"Greg Egan's „Dichronauts“: A universe with two timelike dimensions","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"Just one sign switched and all of physics changes: Objects can now roll uphill and are stretched towards infinity when rotated. Planets are no longer spherical but hyperbolic and stars have a dark cone where none of their light shines into. In this talk, we will explore the weird physics in a spacetime with signature (-,-,+,+) as presented by Greg Egan in the novel „Dichronauts“.\r\n\r\nFor everybody. No prior knowledge required. (Knowing metrics is helpful, but they will be explained.)\r\n\r\n🧮🦆","end_timestamp":{"seconds":1703782800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T17:00:00.000-0000","id":53457,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703779200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"N","begin":"2023-12-28T16:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In diesem Kurzvortrag zeigen wir euch, warum ihr eine Gewerkschaft wie die FAU (Freie Arbeiter*innen Union) braucht. Mit kreativen Methoden, horizontalen statt hierarchischen Strukturen und der Devise: Wir sind mehr als nur Gewerkschaft! Wir können die Dauerkrise die sich Kapitalismus nennt überwinden!\n\n\nEin Einführungsvortrag in die FAU (Freie Arbeiter*innen Union)","title":"Arbeitgeber*innen hassen diesen Trick","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#6fdce3","name":"Talk 30 min + 10 min Q&A","id":46131},"end_timestamp":{"seconds":1703778600,"nanoseconds":0},"android_description":"In diesem Kurzvortrag zeigen wir euch, warum ihr eine Gewerkschaft wie die FAU (Freie Arbeiter*innen Union) braucht. Mit kreativen Methoden, horizontalen statt hierarchischen Strukturen und der Devise: Wir sind mehr als nur Gewerkschaft! Wir können die Dauerkrise die sich Kapitalismus nennt überwinden!\n\n\nEin Einführungsvortrag in die FAU (Freie Arbeiter*innen Union)","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53727],"name":"FAU","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52296}],"timeband_id":1141,"links":[],"end":"2023-12-28T15:50:00.000-0000","id":53727,"tag_ids":[46131,46139],"begin_timestamp":{"seconds":1703777400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52296}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"begin":"2023-12-28T15:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Der [Vortrag ist Teil der FireShonks](https://pretalx.c3voc.de/fireshonks23/talk/QCFZHX/ ). Wir werden diesen aber auch bei uns am Assembly im Halle H (bei Komona) streamen und weiterführende Fragen dort beantworten. Um 18 Uhr folgt dann ein [Einführungsworkshop ins Organizing](https://events.ccc.de/congress/2023/hub/de/event/workshop-organizing-fur-einsteigerinnen/) vor Ort.\n\n\nIn diesem Kurzvortrag zeigen wir euch, warum ihr eine Gewerkschaft wie die FAU (Freie Arbeiter*innen Union) braucht. Mit kreativen Methoden, horizontalen statt hierarchischen Strukturen und der Devise: Wir sind mehr als nur Gewerkschaft! Wir können die Dauerkrise die sich Kapitalismus nennt überwinden!","title":"\"Arbeitgeber*innen hassen diesen Trick\" - Was ist die FAU?","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703781000,"nanoseconds":0},"android_description":"Der [Vortrag ist Teil der FireShonks](https://pretalx.c3voc.de/fireshonks23/talk/QCFZHX/ ). Wir werden diesen aber auch bei uns am Assembly im Halle H (bei Komona) streamen und weiterführende Fragen dort beantworten. Um 18 Uhr folgt dann ein [Einführungsworkshop ins Organizing](https://events.ccc.de/congress/2023/hub/de/event/workshop-organizing-fur-einsteigerinnen/) vor Ort.\n\n\nIn diesem Kurzvortrag zeigen wir euch, warum ihr eine Gewerkschaft wie die FAU (Freie Arbeiter*innen Union) braucht. Mit kreativen Methoden, horizontalen statt hierarchischen Strukturen und der Devise: Wir sind mehr als nur Gewerkschaft! Wir können die Dauerkrise die sich Kapitalismus nennt überwinden!","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T16:30:00.000-0000","id":53716,"begin_timestamp":{"seconds":1703777400,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Freie Arbeiter*innen Union (FAU)","hotel":"","short_name":"Freie Arbeiter*innen Union (FAU)","id":46146},"spans_timebands":"N","begin":"2023-12-28T15:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Alle am netzpolitischen Geschehen in der Schweiz Interessierten treffen sich zu einem lockeren Austausch. Es werden Personen aus den verschiedenen Organisationen anwesend sein.\n\n\n","title":"Netzpolitik in der Schweiz Treffen","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"Alle am netzpolitischen Geschehen in der Schweiz Interessierten treffen sich zu einem lockeren Austausch. Es werden Personen aus den verschiedenen Organisationen anwesend sein.","end_timestamp":{"seconds":1703781000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T16:30:00.000-0000","id":53681,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703777400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T15:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"DE:\r\nIhr seid eine kleine Gruppe, die eine gemütliche Ecke braucht? Kommt vorbei. Oder einen Tisch, an dem ihr etwas bauen, basteln, werkeln könnt? Wir haben Tische. Ihr wollt ein paar Spiele spielen? Macht auch gerne das.\r\n\r\nIn dieser unmoderierten Session könnt ihr den Workshopraum gemeinsam nutzen und vielleicht auch gucken, was die anderen gerade so interessantes machen. Gesellt euch dazu, so lange Platz ist und die Anwesenden den Raum gemeinsam nutzen können, ohne sich dabei zu stören.\r\n\r\nEN:\r\nYou are a small group that needs a cozy corner? Come on over. Or a table where you can build something, tinker, craft? We have tables. You want to play some games? Feel free to do that too.\r\n\r\nIn this unmoderated session, you can share the workshop room and maybe see what others are doing that's interesting.Join this open session as long as there is room and those present can share the space without interfering with each other.\n\n\nDE: Während dieser Session ist der Workshopraum für alle offen, die sich hier treffen möchten. Er soll ein Raum für produktiven Austausch sein.\r\n\r\nEN: During this session, the workshop room is open to anyone who would like to meet here. Our room is meant to be a space for productive exchange.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#7f73c6","name":"Workshop","id":46133},"title":"Offene Workshop-Sessions Tag 2 | Open workshop sessions day 2","end_timestamp":{"seconds":1703782200,"nanoseconds":0},"android_description":"DE:\r\nIhr seid eine kleine Gruppe, die eine gemütliche Ecke braucht? Kommt vorbei. Oder einen Tisch, an dem ihr etwas bauen, basteln, werkeln könnt? Wir haben Tische. Ihr wollt ein paar Spiele spielen? Macht auch gerne das.\r\n\r\nIn dieser unmoderierten Session könnt ihr den Workshopraum gemeinsam nutzen und vielleicht auch gucken, was die anderen gerade so interessantes machen. Gesellt euch dazu, so lange Platz ist und die Anwesenden den Raum gemeinsam nutzen können, ohne sich dabei zu stören.\r\n\r\nEN:\r\nYou are a small group that needs a cozy corner? Come on over. Or a table where you can build something, tinker, craft? We have tables. You want to play some games? Feel free to do that too.\r\n\r\nIn this unmoderated session, you can share the workshop room and maybe see what others are doing that's interesting.Join this open session as long as there is room and those present can share the space without interfering with each other.\n\n\nDE: Während dieser Session ist der Workshopraum für alle offen, die sich hier treffen möchten. Er soll ein Raum für produktiven Austausch sein.\r\n\r\nEN: During this session, the workshop room is open to anyone who would like to meet here. Our room is meant to be a space for productive exchange.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T16:50:00.000-0000","id":53520,"begin_timestamp":{"seconds":1703776800,"nanoseconds":0},"tag_ids":[46133,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T15:20:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"**Location: Freier Platz vor Saal F**\n\n\nIn Augsburg und Ravensburg gibt es seit 2019 Nerdgruppen, die nicht nur starke Meinungen zu Programmiersprachendesign haben :-), sondern auch mit zivilem Ungehorsam versuchen, einen Beitrag für Klimagerechtigkeit zu leisten. Im Laufe der Zeit haben wir verschiedene Techniken erlernt und weiterentwickelt, die größtenteils auf beliebige andere Städte übertragbar sind. In der Session möchten wir etwas über unsere Erfolge und Misserfolge sprechen und einen Raum für Diskussion um Klimaaktivismus schaffen.\r\n\r\n🧮","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Klimagerechtigkeitsaktivismus: ein Blick hinter die Kulissen. Wie eine Gruppe Nerds einen Wald rettete und nur um Haaresbreite vier Wochen Gefängnis entkam","android_description":"**Location: Freier Platz vor Saal F**\n\n\nIn Augsburg und Ravensburg gibt es seit 2019 Nerdgruppen, die nicht nur starke Meinungen zu Programmiersprachendesign haben :-), sondern auch mit zivilem Ungehorsam versuchen, einen Beitrag für Klimagerechtigkeit zu leisten. Im Laufe der Zeit haben wir verschiedene Techniken erlernt und weiterentwickelt, die größtenteils auf beliebige andere Städte übertragbar sind. In der Session möchten wir etwas über unsere Erfolge und Misserfolge sprechen und einen Raum für Diskussion um Klimaaktivismus schaffen.\r\n\r\n🧮","end_timestamp":{"seconds":1703780100,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T16:15:00.000-0000","id":53700,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703776500,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"spans_timebands":"N","begin":"2023-12-28T15:15:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"wer schon immer mal rausfinden wollte, wie das mit diesen runden Plastescheiben und dieser endlosen Musikschleife geht, die sogenannte schallplattenalleinunterhalter*innen zusammenbasteln, ist hier genau richtig. Turntables, DJ Mixer und co werden kurz erklärt und \"the art of djing\" beispielhaft getestet. Die Minimalexkursion \"Djing\" wird begleitet von resom, DJ und Musikfetischistin.\n\n\nwer schon immer mal rausfinden wollte, wie das mit diesen runden Plastescheiben und dieser endlosen Musikschleife geht, die sogenannte schallplattenalleinunterhalter*innen zusammenbasteln, ist hier genau richtig. Turntables, DJ Mixer und co werden kurz erklärt und \"the art of djing\" beispielhaft getestet. Die Minimalexkursion \"Djing\" wird begleitet von resom, DJ und Musikfetischistin.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"dj workshop vinyl","android_description":"wer schon immer mal rausfinden wollte, wie das mit diesen runden Plastescheiben und dieser endlosen Musikschleife geht, die sogenannte schallplattenalleinunterhalter*innen zusammenbasteln, ist hier genau richtig. Turntables, DJ Mixer und co werden kurz erklärt und \"the art of djing\" beispielhaft getestet. Die Minimalexkursion \"Djing\" wird begleitet von resom, DJ und Musikfetischistin.\n\n\nwer schon immer mal rausfinden wollte, wie das mit diesen runden Plastescheiben und dieser endlosen Musikschleife geht, die sogenannte schallplattenalleinunterhalter*innen zusammenbasteln, ist hier genau richtig. Turntables, DJ Mixer und co werden kurz erklärt und \"the art of djing\" beispielhaft getestet. Die Minimalexkursion \"Djing\" wird begleitet von resom, DJ und Musikfetischistin.","end_timestamp":{"seconds":1703782800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T17:00:00.000-0000","id":53919,"tag_ids":[46137,46141],"village_id":null,"begin_timestamp":{"seconds":1703775600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","begin":"2023-12-28T15:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: chaosjoe\n\n\nInteresse an 'nem lockeren CiviCRM-Austausch? Hier geht's um den Open Source Gedanken, Technik, Tipps und Tricks des Open Source CRM Systems. Offen für alle die gerne mit Technikkram gemeinnützig handelnde Organisationen oder Vereine unterstützen oder den Gedanken dahinter gut finden.\r\n\r\n https://civicrm.org\r\n https://lab.civicrm.org/groups/dev/-/issues\r\n https://github.com/civicrm/civicrm-core\r\n\r\nKontakt: https://chaos.social/@chaosjoe","title":"CiviCRM als open source CRM (Erfahrungsaustausch)","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703778900,"nanoseconds":0},"android_description":"Host: chaosjoe\n\n\nInteresse an 'nem lockeren CiviCRM-Austausch? Hier geht's um den Open Source Gedanken, Technik, Tipps und Tricks des Open Source CRM Systems. Offen für alle die gerne mit Technikkram gemeinnützig handelnde Organisationen oder Vereine unterstützen oder den Gedanken dahinter gut finden.\r\n\r\n https://civicrm.org\r\n https://lab.civicrm.org/groups/dev/-/issues\r\n https://github.com/civicrm/civicrm-core\r\n\r\nKontakt: https://chaos.social/@chaosjoe","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T15:55:00.000-0000","id":53916,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703775600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"AI service provider: Azure OpenAI\r\n\r\nDevelopment criteria:\r\n\r\nMaximum open source\r\nSelf hosted\r\nUse of OpenAI plugin technology\r\nFulfillment of enterprise requirement\r\nCompliance with German legal framework conditions\n\n\n","title":"Workshop: Self-hosted, Open Source Chatbots mit der Technologie von OpenAI: Erfahrungsbericht(e)","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703781000,"nanoseconds":0},"android_description":"AI service provider: Azure OpenAI\r\n\r\nDevelopment criteria:\r\n\r\nMaximum open source\r\nSelf hosted\r\nUse of OpenAI plugin technology\r\nFulfillment of enterprise requirement\r\nCompliance with German legal framework conditions","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T16:30:00.000-0000","id":53868,"village_id":null,"begin_timestamp":{"seconds":1703775600,"nanoseconds":0},"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Make circuits for light, sound or motion. From the age of around 4 years upwards accompanied by adults, this is possible with the simple electronic kit based on snap buttons (manufactureres recommendation is 8 years). Even younger kits enjoy arranging coloured shapes. This is a parent-kid-offer. Please oversee your kids or build with them.\n\n\n","title":"Elektrobaukasten - Tag 2","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"Make circuits for light, sound or motion. From the age of around 4 years upwards accompanied by adults, this is possible with the simple electronic kit based on snap buttons (manufactureres recommendation is 8 years). Even younger kits enjoy arranging coloured shapes. This is a parent-kid-offer. Please oversee your kids or build with them.","end_timestamp":{"seconds":1703782800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T17:00:00.000-0000","id":53710,"begin_timestamp":{"seconds":1703775600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Kidspace - Saal B","hotel":"","short_name":"Kidspace - Saal B","id":46158},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"For non-techies, it is a challenge to find and configure personal electronic devices that respect their privacy. At the moment, the majority of people are living under permanent surveillance. This is a terrible situation, not only for individuals, but also for organizations that work with sensitive data. And, after all, for all of us because surveillance capitalism threatens democratic societies.\r\n\r\nIn a better world, there would be a low-threshold offer of reasonable priced off-the-shelf devices that protect the users' privacy!\r\n\r\nIf you also want to make the world a better place, come and share your knowledge. Let's have a tea and discuss how a to-be-founded NGO could make privacy aware devices available for anyone.\n\n\nIn this sos, we discuss if and how an NGO could provide privacy aware non-techies and organizations with appropriate devices.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"privacy aware digital devices for non-techies","android_description":"For non-techies, it is a challenge to find and configure personal electronic devices that respect their privacy. At the moment, the majority of people are living under permanent surveillance. This is a terrible situation, not only for individuals, but also for organizations that work with sensitive data. And, after all, for all of us because surveillance capitalism threatens democratic societies.\r\n\r\nIn a better world, there would be a low-threshold offer of reasonable priced off-the-shelf devices that protect the users' privacy!\r\n\r\nIf you also want to make the world a better place, come and share your knowledge. Let's have a tea and discuss how a to-be-founded NGO could make privacy aware devices available for anyone.\n\n\nIn this sos, we discuss if and how an NGO could provide privacy aware non-techies and organizations with appropriate devices.","end_timestamp":{"seconds":1703778600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T15:50:00.000-0000","id":53697,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703775600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"House","hotel":"","short_name":"House","id":46137},"begin":"2023-12-28T15:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Arch Linux is a community-driven Linux distribution for the \"do-it-yourself\" user. \r\n\r\nA couple of Arch Linux maintainers and contributors will give you a status update of what has been happening since the last congress. We'll also allocate time for a Q&A session.\r\n\r\nhttps://archlinux.org/\r\n\r\nLocation: TBA\n\n\n","title":"Arch Linux user meetup","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"Arch Linux is a community-driven Linux distribution for the \"do-it-yourself\" user. \r\n\r\nA couple of Arch Linux maintainers and contributors will give you a status update of what has been happening since the last congress. We'll also allocate time for a Q&A session.\r\n\r\nhttps://archlinux.org/\r\n\r\nLocation: TBA","end_timestamp":{"seconds":1703779200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T16:00:00.000-0000","id":53676,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703775600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"A short sneak peek course to the International language Esperanto.\r\n\r\nWe are people who for many years have been speaking Esperanto in our every day life. Its the language of our global circle of friends. As there are quite some parallelisms between the worldwide Esperanto community and the worldwide hacker scene, usually there are some Esperanto speakers attending the big Chaos events.\r\n\r\nOf course we cannot give a comprehensive course about Esperanto, but a few insights to the language and its community first hand.\n\n\n","title":"Esperanto Schnupperkurs / Esperanto Lightning course","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703779200,"nanoseconds":0},"android_description":"A short sneak peek course to the International language Esperanto.\r\n\r\nWe are people who for many years have been speaking Esperanto in our every day life. Its the language of our global circle of friends. As there are quite some parallelisms between the worldwide Esperanto community and the worldwide hacker scene, usually there are some Esperanto speakers attending the big Chaos events.\r\n\r\nOf course we cannot give a comprehensive course about Esperanto, but a few insights to the language and its community first hand.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T16:00:00.000-0000","id":53675,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703775600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"„Be excellent to each other“ steht seit Jahrzehnten für das Selbstverständnis der Chaos-Community, was rücksichtsvolles Miteinander angeht.\r\n\r\nDennoch gibt es regelmäßig Fälle, in denen das Verhalten einzelner Personen ganz und gar nicht *excellent* ist. Dies kann sich beispielsweise in diskriminierendem oder belästigendem Verhalten äußern und umfasst auch schwerwiegende Konflikte, die die Sicherheit oder Freiheit Einzelner bedrohen können. Zum Umgang mit derartigen Situationen auf Camp und Congress gibt es Strukturen wie das Awareness-Team, die Schiedsstelle und weitere auf help.ccc.de genannte Anlaufstellen.\r\n\r\nIn diesem Vortrag möchten wir – Mitglieder der Schiedsstelle, des Awareness-Teams und des Vorstands – einen Blick hinter die Kulissen von Awareness-Team und Schiedsstelle bieten und Impulse zur Weiterentwicklung der Schiedsstelle sammeln.\r\nDas heißt zunächst: Wie arbeiten Awareness-Team und Schiedsstelle, wie hängen sie zusammen und mit welcher Art von Fällen beschäftigen sie sich in der Praxis?\r\nDabei werden wir auch Beispiele betrachten, bei deren Behandlung wir derzeit Schwierigkeiten oder Grenzen ebendieser Strukturen sehen.\r\nAufbauend darauf möchten wir in einer Q&A-Session und einem an den Vortrag anschließenden Workshop Feedback zum Umgang mit den genannten Beispielfällen und zu den Strukturen allgemein einholen.\r\n\r\nUnser Ziel ist, die Arbeit und Arbeitsweise von Schiedsstelle und Awareness-Team greifbar zu machen und unsere eigene Perspektive als Teil dieser Strukturen mit der Perspektive aus der Community abzugleichen.\r\nWir haben vor, mit den dabei gewonnenen Erkenntnissen die bestehenden Strukturen weiterzuentwickeln. Dazu gehört auch, Unklarheiten im Umgang der Community mit den Strukturen sowie Lücken im Umgang mit einzelnen Fällen zu identifizieren und zu reduzieren.\n\n\n„Be excellent to each other“ steht seit Jahrzehnten für das Selbstverständnis der Chaos-Community, was rücksichtsvolles Miteinander angeht.\r\nDennoch gibt es regelmäßig Fälle, in denen das Verhalten einzelner Personen ganz und gar nicht *excellent* ist.\r\nZiel dieses Vortrags ist, die zum Umgang mit solchen Fällen im CCC vorhandenen Strukturen greifbar zu machen und die verschiedenen Perspektiven auf ihre Arbeitsweise miteinander abzugleichen.\r\nEine Q&A-Session und ein Workshop im Anschluss an den Vortrag bieten Möglichkeiten für Feedback.","title":"Weil „be excellent to each other” nicht reicht","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"android_description":"„Be excellent to each other“ steht seit Jahrzehnten für das Selbstverständnis der Chaos-Community, was rücksichtsvolles Miteinander angeht.\r\n\r\nDennoch gibt es regelmäßig Fälle, in denen das Verhalten einzelner Personen ganz und gar nicht *excellent* ist. Dies kann sich beispielsweise in diskriminierendem oder belästigendem Verhalten äußern und umfasst auch schwerwiegende Konflikte, die die Sicherheit oder Freiheit Einzelner bedrohen können. Zum Umgang mit derartigen Situationen auf Camp und Congress gibt es Strukturen wie das Awareness-Team, die Schiedsstelle und weitere auf help.ccc.de genannte Anlaufstellen.\r\n\r\nIn diesem Vortrag möchten wir – Mitglieder der Schiedsstelle, des Awareness-Teams und des Vorstands – einen Blick hinter die Kulissen von Awareness-Team und Schiedsstelle bieten und Impulse zur Weiterentwicklung der Schiedsstelle sammeln.\r\nDas heißt zunächst: Wie arbeiten Awareness-Team und Schiedsstelle, wie hängen sie zusammen und mit welcher Art von Fällen beschäftigen sie sich in der Praxis?\r\nDabei werden wir auch Beispiele betrachten, bei deren Behandlung wir derzeit Schwierigkeiten oder Grenzen ebendieser Strukturen sehen.\r\nAufbauend darauf möchten wir in einer Q&A-Session und einem an den Vortrag anschließenden Workshop Feedback zum Umgang mit den genannten Beispielfällen und zu den Strukturen allgemein einholen.\r\n\r\nUnser Ziel ist, die Arbeit und Arbeitsweise von Schiedsstelle und Awareness-Team greifbar zu machen und unsere eigene Perspektive als Teil dieser Strukturen mit der Perspektive aus der Community abzugleichen.\r\nWir haben vor, mit den dabei gewonnenen Erkenntnissen die bestehenden Strukturen weiterzuentwickeln. Dazu gehört auch, Unklarheiten im Umgang der Community mit den Strukturen sowie Lücken im Umgang mit einzelnen Fällen zu identifizieren und zu reduzieren.\n\n\n„Be excellent to each other“ steht seit Jahrzehnten für das Selbstverständnis der Chaos-Community, was rücksichtsvolles Miteinander angeht.\r\nDennoch gibt es regelmäßig Fälle, in denen das Verhalten einzelner Personen ganz und gar nicht *excellent* ist.\r\nZiel dieses Vortrags ist, die zum Umgang mit solchen Fällen im CCC vorhandenen Strukturen greifbar zu machen und die verschiedenen Perspektiven auf ihre Arbeitsweise miteinander abzugleichen.\r\nEine Q&A-Session und ein Workshop im Anschluss an den Vortrag bieten Möglichkeiten für Feedback.","end_timestamp":{"seconds":1703779200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53657],"name":"derf","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52317},{"conference_id":131,"event_ids":[53657],"name":"Schiedsstelle / Awareness Team / Vorstand","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52421}],"timeband_id":1141,"end":"2023-12-28T16:00:00.000-0000","links":[{"label":"help.ccc.de","type":"link","url":"https://help.ccc.de"}],"id":53657,"village_id":null,"begin_timestamp":{"seconds":1703775600,"nanoseconds":0},"tag_ids":[46119,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52421},{"tag_id":46107,"sort_order":1,"person_id":52317}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Seit gut sieben Jahren ist Ransomware ein florierendes und stetig wachsendes Geschäftsmodell für durchschnittlich und unterdurchschnittlich begabte Hacker. Wie man sich davor schützen kann, ist kein Geheimnis. Trotzdem tun es offenbar immer noch zu wenige. Weil das ärgerlich ist, erklären wir es noch einmal.\r\n\r\nÜber die Vorgehensweisen der Gangs ranken sich allerlei Mythen, die verhindern, dass Organisationen sich sinnvoll schützen. Wir berichten aus unserer Erfahrung mit unzähligen Fällen, welche Schutzmaßnahmen wirklich sinnvoll sind.\r\n\r\nDoch auch über die Verhandlungen mit den Gangstern gibt es allerlei falsche Vorstellungen, angeheizt von selbsternannten \"Cyber-Profilern\" und \"Lösungsgeld-Verhandlern\", die natürlich kein Interesse haben, ihre „Tricks\" zu verraten. Deswegen machen wir das: Wir ergründen die spieltheoretische Mechanik der Verhandlungssituation an mehreren echten Beispielen und schauen uns die Organisation der Ransomware-Gangs an.\r\n\r\nKai Biermann ist Investigativ-Journalist und hat unter anderem Mitglieder der Ransomware-Gang Conti aufgedeckt. Linus Neumann hat als IT-Security-Consultant viele Incidents gemanaget und dabei das zweifelhafte Vergnügen gehabt, mit unterschiedlichen Ransomware-Gangs zu verhandeln.\r\n\r\nDer Vortrag ist eine Weiterführung von „Hirne Hacken\" (36C3) und „Disclosure, Hack und Back\" (Chaos Communication Camp '23).\n\n\nDu musst mit ein paar Erpressern um mehrere Millionen verhandeln.\r\nDas kann sogar Spaß machen, wenn es nicht dein Geld ist.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"Hirne hacken: Hackback Edition","end_timestamp":{"seconds":1703779200,"nanoseconds":0},"android_description":"Seit gut sieben Jahren ist Ransomware ein florierendes und stetig wachsendes Geschäftsmodell für durchschnittlich und unterdurchschnittlich begabte Hacker. Wie man sich davor schützen kann, ist kein Geheimnis. Trotzdem tun es offenbar immer noch zu wenige. Weil das ärgerlich ist, erklären wir es noch einmal.\r\n\r\nÜber die Vorgehensweisen der Gangs ranken sich allerlei Mythen, die verhindern, dass Organisationen sich sinnvoll schützen. Wir berichten aus unserer Erfahrung mit unzähligen Fällen, welche Schutzmaßnahmen wirklich sinnvoll sind.\r\n\r\nDoch auch über die Verhandlungen mit den Gangstern gibt es allerlei falsche Vorstellungen, angeheizt von selbsternannten \"Cyber-Profilern\" und \"Lösungsgeld-Verhandlern\", die natürlich kein Interesse haben, ihre „Tricks\" zu verraten. Deswegen machen wir das: Wir ergründen die spieltheoretische Mechanik der Verhandlungssituation an mehreren echten Beispielen und schauen uns die Organisation der Ransomware-Gangs an.\r\n\r\nKai Biermann ist Investigativ-Journalist und hat unter anderem Mitglieder der Ransomware-Gang Conti aufgedeckt. Linus Neumann hat als IT-Security-Consultant viele Incidents gemanaget und dabei das zweifelhafte Vergnügen gehabt, mit unterschiedlichen Ransomware-Gangs zu verhandeln.\r\n\r\nDer Vortrag ist eine Weiterführung von „Hirne Hacken\" (36C3) und „Disclosure, Hack und Back\" (Chaos Communication Camp '23).\n\n\nDu musst mit ein paar Erpressern um mehrere Millionen verhandeln.\r\nDas kann sogar Spaß machen, wenn es nicht dein Geld ist.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53645,53649],"name":"Linus Neumann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52487},{"conference_id":131,"event_ids":[53645],"name":"Kai Biermann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52517}],"timeband_id":1141,"links":[],"end":"2023-12-28T16:00:00.000-0000","id":53645,"village_id":null,"tag_ids":[46121,46136,46139],"begin_timestamp":{"seconds":1703775600,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52517},{"tag_id":46107,"sort_order":1,"person_id":52487}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"To get involved and learn more about what is happening please see the Links for this event. The second session will take place in another Hall and is not on the Fahrplan. See the Schedule link.\n\n\nLightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"Lightning Talks Day 2","end_timestamp":{"seconds":1703782800,"nanoseconds":0},"android_description":"To get involved and learn more about what is happening please see the Links for this event. The second session will take place in another Hall and is not on the Fahrplan. See the Schedule link.\n\n\nLightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53481],"name":"bigalex","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52337}],"timeband_id":1141,"links":[{"label":"Infos, News and Lightning Talk Submission","type":"link","url":"https://c3lt.de"},{"label":"Mastodon","type":"link","url":"https://chaos.social/@C3_LightningTLK"}],"end":"2023-12-28T17:00:00.000-0000","id":53481,"village_id":null,"tag_ids":[46119,46136,46140],"begin_timestamp":{"seconds":1703775600,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52337}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Join us for a hands-on Specter DIY workshop, where Cypherpunks craft their Bitcoin Hardware Wallets. Dive into the world of this DIY hardware wallet, exploring its QR code communication, security model, and design trade-offs. We'll navigate Bitcoin testnet transactions, harness the simulator, and delve into key security features like anti-phishing, PIN, and SC integrations. By the session's end, grasp the robustness of DIY wallets and the nuances of secure self-custody.","title":"Mastering Specter DIY Bitcoin Hardware wallet. (redoing the day1 workshop)","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"Join us for a hands-on Specter DIY workshop, where Cypherpunks craft their Bitcoin Hardware Wallets. Dive into the world of this DIY hardware wallet, exploring its QR code communication, security model, and design trade-offs. We'll navigate Bitcoin testnet transactions, harness the simulator, and delve into key security features like anti-phishing, PIN, and SC integrations. By the session's end, grasp the robustness of DIY wallets and the nuances of secure self-custody.","end_timestamp":{"seconds":1703779200,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T16:00:00.000-0000","id":53934,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703773800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"spans_timebands":"N","begin":"2023-12-28T14:30:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Many trans people obtain their hormone therapy autonomously, for example to bypass long waiting times or to avoid pathologization and gatekeeping. We therefore want to meet and share our experiences with DIY HRT. At the beginning there will be a short introductory talk (approx. 10 minutes), after which we will exchange thoughts in small groups.\r\n\r\nall creatures welcome ( no matter if cis, trans or questioning)\n\n\n","title":"DIY HRT Meetup 🏳️‍⚧️🏴‍☠️","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703777400,"nanoseconds":0},"android_description":"Many trans people obtain their hormone therapy autonomously, for example to bypass long waiting times or to avoid pathologization and gatekeeping. We therefore want to meet and share our experiences with DIY HRT. At the beginning there will be a short introductory talk (approx. 10 minutes), after which we will exchange thoughts in small groups.\r\n\r\nall creatures welcome ( no matter if cis, trans or questioning)","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T15:30:00.000-0000","id":53680,"begin_timestamp":{"seconds":1703773800,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"N","begin":"2023-12-28T14:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Dream meets needs. Vectorgraphics can be of use in many different ways - software for livesketching is hard to come by. Coding yourself helps - also with your own style. C with Cairo, Godot and Rust with Raqote are variants that are there to explore: https://gitlab.com/dronn\r\nFurthermore this Workshop will contain a livedrawing session, also with watercolour If you choose.\n\n\nTraum trifft Beduerfnis, Vektorgrafiken können vielseitig verwendet werden, Software zum live skizzieren ist rar. Selbstschreiben hilft - auch dem eigenen Stil. C mit Cairo, Godot und Rust mit Raqote sind Varianten die näher betrachtet werden können: https://gitlab.com/dronn\r\nDarüberraus eine live Zeichensession \"Drink and Draw\" wahlweise auch mit Aquarell.","title":"Art and Play: Livevektorskizzen","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"Dream meets needs. Vectorgraphics can be of use in many different ways - software for livesketching is hard to come by. Coding yourself helps - also with your own style. C with Cairo, Godot and Rust with Raqote are variants that are there to explore: https://gitlab.com/dronn\r\nFurthermore this Workshop will contain a livedrawing session, also with watercolour If you choose.\n\n\nTraum trifft Beduerfnis, Vektorgrafiken können vielseitig verwendet werden, Software zum live skizzieren ist rar. Selbstschreiben hilft - auch dem eigenen Stil. C mit Cairo, Godot und Rust mit Raqote sind Varianten die näher betrachtet werden können: https://gitlab.com/dronn\r\nDarüberraus eine live Zeichensession \"Drink and Draw\" wahlweise auch mit Aquarell.","end_timestamp":{"seconds":1703779200,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T16:00:00.000-0000","id":53936,"village_id":null,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703772000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Art and Play Workshop table [H]","hotel":"","short_name":"Art and Play Workshop table [H]","id":46162},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T14:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"A collaborative dialogue to explore and confront the philosophical assumptions behind the idea of decentralization. \r\n\r\nWhat is decentralization even? How does it relate to centralization? Can one exist without the other or are we looking at a false dichotomy? What other logical dichotomies may have given birth to these ideas? Object and subject? Order and chaos? Truth and lies? Are we perhaps unavoidably caught up in binary logic and symbolic reasoning? Or can we look at the bigger picture from a more phenomenological perspective? What is it that we experience when engaging in certain institutions, systems and protocols? And, when we do that, how does everything that fades into the background still exerts its silent influence over each participant, willing or not?\r\n\r\nA non-exhaustive list of references:\r\nThe Tyranny of Structurelessness\r\nThe Tyranny of Tyranny \r\nExtitutional theory\r\nNon-binary logic\r\nPerformativity\r\nHyperstition\r\nDo-ocracy","title":"On the limits of decentralization","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703775600,"nanoseconds":0},"android_description":"A collaborative dialogue to explore and confront the philosophical assumptions behind the idea of decentralization. \r\n\r\nWhat is decentralization even? How does it relate to centralization? Can one exist without the other or are we looking at a false dichotomy? What other logical dichotomies may have given birth to these ideas? Object and subject? Order and chaos? Truth and lies? Are we perhaps unavoidably caught up in binary logic and symbolic reasoning? Or can we look at the bigger picture from a more phenomenological perspective? What is it that we experience when engaging in certain institutions, systems and protocols? And, when we do that, how does everything that fades into the background still exerts its silent influence over each participant, willing or not?\r\n\r\nA non-exhaustive list of references:\r\nThe Tyranny of Structurelessness\r\nThe Tyranny of Tyranny \r\nExtitutional theory\r\nNon-binary logic\r\nPerformativity\r\nHyperstition\r\nDo-ocracy","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T15:00:00.000-0000","id":53933,"begin_timestamp":{"seconds":1703772000,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T14:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In this session, I will demonstrate an approach used in InfraNodus, a text network analysis tool I developed, to reveal non-obvious latent topics, informational gateways, and structural gaps in any text. I will then use how we can feed this insight to LLMs to generate new ideas and help them think outside of the box, bringing a little bit more creativity into their standard logic of trying to find the most likely scenario.\r\n\r\nTake your computers with you, so you can try this out on your own ideas or texts!\r\n\r\nI hope that during this session, we can also think together about how a similar approach could be used in your own practices: studying any text-based data but maybe also something completely outside of the text-related realm. \r\n\r\nSo if you're curious about networks and AI, I will be happy to meet you and have this discussion after the demo.\r\n\r\nThe location is to be confirmed after we get the map of the site, otherwise, you can contact me on Telegram via @noduslabs\r\n\r\nFor more info about the tool: [https://infranodus.com](https://infranodus.com)\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"InfraNodus: Reveal Non-Obvious and Find the Gaps with Networks and LLMs","end_timestamp":{"seconds":1703775600,"nanoseconds":0},"android_description":"In this session, I will demonstrate an approach used in InfraNodus, a text network analysis tool I developed, to reveal non-obvious latent topics, informational gateways, and structural gaps in any text. I will then use how we can feed this insight to LLMs to generate new ideas and help them think outside of the box, bringing a little bit more creativity into their standard logic of trying to find the most likely scenario.\r\n\r\nTake your computers with you, so you can try this out on your own ideas or texts!\r\n\r\nI hope that during this session, we can also think together about how a similar approach could be used in your own practices: studying any text-based data but maybe also something completely outside of the text-related realm. \r\n\r\nSo if you're curious about networks and AI, I will be happy to meet you and have this discussion after the demo.\r\n\r\nThe location is to be confirmed after we get the map of the site, otherwise, you can contact me on Telegram via @noduslabs\r\n\r\nFor more info about the tool: [https://infranodus.com](https://infranodus.com)","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T15:00:00.000-0000","id":53674,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703772000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","begin":"2023-12-28T14:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In the well-known card game Anno Domini, the aim is to put historical events in chronological order, being temporarily unaware of the specific year. If there is any doubt about the correctness of the sequence, the years are checked and either the person who has doubts or the last person to place a card is punished. \r\nWe, the @all-collective, have designed a internet-political Anno Domini with this game principle, in which we have collected important internet-political data, but also important data on digitization into an Anno Domini game. The game is still in the estimated version 0.8 - so it still needs feedback, possible improvements and your expertise. It is quite entertaining and fun to play. That's what we want to do with you. So far we only have the cards in German.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Netzpolitisches Anno Domini spielen","android_description":"In the well-known card game Anno Domini, the aim is to put historical events in chronological order, being temporarily unaware of the specific year. If there is any doubt about the correctness of the sequence, the years are checked and either the person who has doubts or the last person to place a card is punished. \r\nWe, the @all-collective, have designed a internet-political Anno Domini with this game principle, in which we have collected important internet-political data, but also important data on digitization into an Anno Domini game. The game is still in the estimated version 0.8 - so it still needs feedback, possible improvements and your expertise. It is quite entertaining and fun to play. That's what we want to do with you. So far we only have the cards in German.","end_timestamp":{"seconds":1703775600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T15:00:00.000-0000","id":53658,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703772000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"begin":"2023-12-28T14:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This talk will be in german\n\n\n","title":"Bildungsarbeit der epicenter.academy mit OER und Workshops","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"This talk will be in german","end_timestamp":{"seconds":1703775600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T15:00:00.000-0000","id":53546,"begin_timestamp":{"seconds":1703772000,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T14:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This is an open for all discussion about digital offerings in German schools.\n\n\nWir hören euch zum Thema “Bildung richtig digital” zu","title":"cyber4EDU (Zu-)Hörstunde - Fokus Oberschule","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703774700,"nanoseconds":0},"android_description":"This is an open for all discussion about digital offerings in German schools.\n\n\nWir hören euch zum Thema “Bildung richtig digital” zu","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T14:45:00.000-0000","id":53931,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703771100,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"cyber4EDU Assembly","hotel":"","short_name":"cyber4EDU Assembly","id":46159},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T13:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"**We meet _in front_ of Saal F (not in Saal F).**\r\n\r\nLove is infinite. The joy of children is infinite. These notions come to mind when we think of infinity. Mathematics, however, reveals further, initially hidden perspectives.\r\n\r\nIt turns out that the well-known number line from school is not the final word of wisdom: after 1, 2, and 3, after a million and a trillion, after the number of grains of sand – after all these numbers, infinitely large numbers follow. Astonishingly, we humans, despite our limited minds, can explore this infinite hierarchy of large numbers and gain reliable information about them.\r\n\r\nIn this talk we will learn how to visualize and compute with these infinitely large numbers. (This part of the talk will be similar to an earlier version of this talk given at 35c3.)\r\n\r\nThen we will go on a tour of varied applications of those infinitely large numbers: There are problems which, provably so, can only be solved by appealing to the infinite.\r\n\r\nSurprisingly, one of these applications is in algorithm design.\r\n\r\nIn order to enjoy the talk, absolutely no mathematical prerequisites are needed: The talk is even accessible to school children of age ten and above (if they understand English). And still it is mathematically rigorous – we'll learn how to think about and compute with infinities in a precise fashion. After the talk you'll be able to effortlessly converse on infinitely large numbers with your mates.\r\n\r\nThere will also be a [companion talk on very large but still finite numbers](https://events.ccc.de/congress/2023/hub/en/event/wondrous-mathematics-large-numbers-very-large-numb/). This talk is not a prerequisite for the other, and vice versa.\r\n\r\n🧮\n\n\nFun with numbers larger than infinity.","title":"Wondrous mathematics: The fantastical story how the wondrous world of infinity tamed the finite","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"**We meet _in front_ of Saal F (not in Saal F).**\r\n\r\nLove is infinite. The joy of children is infinite. These notions come to mind when we think of infinity. Mathematics, however, reveals further, initially hidden perspectives.\r\n\r\nIt turns out that the well-known number line from school is not the final word of wisdom: after 1, 2, and 3, after a million and a trillion, after the number of grains of sand – after all these numbers, infinitely large numbers follow. Astonishingly, we humans, despite our limited minds, can explore this infinite hierarchy of large numbers and gain reliable information about them.\r\n\r\nIn this talk we will learn how to visualize and compute with these infinitely large numbers. (This part of the talk will be similar to an earlier version of this talk given at 35c3.)\r\n\r\nThen we will go on a tour of varied applications of those infinitely large numbers: There are problems which, provably so, can only be solved by appealing to the infinite.\r\n\r\nSurprisingly, one of these applications is in algorithm design.\r\n\r\nIn order to enjoy the talk, absolutely no mathematical prerequisites are needed: The talk is even accessible to school children of age ten and above (if they understand English). And still it is mathematically rigorous – we'll learn how to think about and compute with infinities in a precise fashion. After the talk you'll be able to effortlessly converse on infinitely large numbers with your mates.\r\n\r\nThere will also be a [companion talk on very large but still finite numbers](https://events.ccc.de/congress/2023/hub/en/event/wondrous-mathematics-large-numbers-very-large-numb/). This talk is not a prerequisite for the other, and vice versa.\r\n\r\n🧮\n\n\nFun with numbers larger than infinity.","end_timestamp":{"seconds":1703774700,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T14:45:00.000-0000","id":53699,"village_id":null,"begin_timestamp":{"seconds":1703771100,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T13:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In 2021, Google published the methodology and source code for AlphaFold and within days, scientists adapted the code to allow virtually everyone to predict their own protein structures without prior knowledge.\n\n\nNow, two years after its public release, AlphaFold has established itself as an essential tool in structural biology. Yet, with time, we've also gained a deeper insight into its limitations.\n\n\nIn this talk, I would like to delve into AlphaFold and similar machine learning techniques and explore their impact on science and structural biology. To truly appreciate their significance, we will first need to understand the role of protein structures and how they shape our daily lives. Additionally, we’ll have to examine how protein structures were traditionally solved prior to the advent of AlphaFold. We’ll then touch upon the concepts of protein evolution to better understand the biological basis behind this breakthrough, before we’ll look at the intricacies of the neural network itself and discuss the training data necessary to achieve its remarkable capabilities. Drawing from my experience as a practicing structural biologist, I will illustrate these points with real-life examples, showcasing instances where AlphaFold has succeeded and where it has encountered challenges. Lastly, we will peer into the future and speculate on the potential trajectory of this scientific journey and its potential to transform science and our approaches towards it.\n\n\n\n\n\nIn 2020, the scientific community was shaken when the results of a special contest for protein prediction, known as the Critical Assessment of Protein Structure Prediction (CASP), were revealed. A relatively new competitor emerged as the champion, surpassing all other teams that had been participating in the game for decades. This new competitor was Google and their predictor was a neuronal network called \"AlphaFold\". Their new approach caused significant waves in the field of structural biology, even capturing the attention of the mainstream media. Several news channels featured reports on AlphaFold, with one German magazine, \"Der Spiegel,\" declaring that \"The year 2020 will be known [...] as the year when machines began to outstrip us in research.\"\n\n\nJoin me as we explore the background behind this transformative development and assess the magnitude of machine learning's impact on science, with a particular focus on structural biology.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"AlphaFold – how machine learning changed structural biology forever (or not?)","end_timestamp":{"seconds":1703774700,"nanoseconds":0},"android_description":"In 2021, Google published the methodology and source code for AlphaFold and within days, scientists adapted the code to allow virtually everyone to predict their own protein structures without prior knowledge.\n\n\nNow, two years after its public release, AlphaFold has established itself as an essential tool in structural biology. Yet, with time, we've also gained a deeper insight into its limitations.\n\n\nIn this talk, I would like to delve into AlphaFold and similar machine learning techniques and explore their impact on science and structural biology. To truly appreciate their significance, we will first need to understand the role of protein structures and how they shape our daily lives. Additionally, we’ll have to examine how protein structures were traditionally solved prior to the advent of AlphaFold. We’ll then touch upon the concepts of protein evolution to better understand the biological basis behind this breakthrough, before we’ll look at the intricacies of the neural network itself and discuss the training data necessary to achieve its remarkable capabilities. Drawing from my experience as a practicing structural biologist, I will illustrate these points with real-life examples, showcasing instances where AlphaFold has succeeded and where it has encountered challenges. Lastly, we will peer into the future and speculate on the potential trajectory of this scientific journey and its potential to transform science and our approaches towards it.\n\n\n\n\n\nIn 2020, the scientific community was shaken when the results of a special contest for protein prediction, known as the Critical Assessment of Protein Structure Prediction (CASP), were revealed. A relatively new competitor emerged as the champion, surpassing all other teams that had been participating in the game for decades. This new competitor was Google and their predictor was a neuronal network called \"AlphaFold\". Their new approach caused significant waves in the field of structural biology, even capturing the attention of the mainstream media. Several news channels featured reports on AlphaFold, with one German magazine, \"Der Spiegel,\" declaring that \"The year 2020 will be known [...] as the year when machines began to outstrip us in research.\"\n\n\nJoin me as we explore the background behind this transformative development and assess the magnitude of machine learning's impact on science, with a particular focus on structural biology.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53656],"name":"Jan Gebauer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52441}],"timeband_id":1141,"links":[{"label":"Homepage of Jan Gebauer","type":"link","url":"https://gebauer.koeln"}],"end":"2023-12-28T14:45:00.000-0000","id":53656,"village_id":null,"begin_timestamp":{"seconds":1703771100,"nanoseconds":0},"tag_ids":[46123,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52441}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"begin":"2023-12-28T13:45:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Der Vortrag behandelt vier Schwerpunkte:\r\n1.: In welchen Bundesländern und zu welchem Zweck wird die Palantir-Software Gotham eingesetzt oder soll in Zukunft eingesetzt werden? \r\n2.: Wie funktioniert die Software und welche Risiken bringt ihr Einsatz mit sich?\r\n3.: Welche rechtlichen Einschränkungen gelten und wie könnten sie technisch umgesetzt werden? \r\n4.: Hessen hat sein Gesetz aufgrund der Entscheidung des Bundesverfassungsgerichts angepasst. Stellt die Neuregelung für die Gotham-Software unter dem Namen „Hessendata“ wirklich eine Verbesserung dar?\r\n\r\nÜber mit dem Einsatz der Software verbundene Risiken – darunter Diskriminierung, Stigmatisierung, Datenschutz, IT-Sicherheit, Kontrollierbarkeit – sprechen Constanze Kurz (CCC), Simone Ruf und Jürgen Bering (beide Gesellschaft für Freiheitsrechte, GFF). Beide Organisationen waren am Verfahren vor dem BVerfG beteiligt: Die GFF hatte das Verfahren initiiert und der CCC wirkte als Sachverständiger mit.\n\n\nDer Markt von Palantir ist der öffentliche Sektor, längst in Europa und auch in Deutschland. Der umstrittene US-Softwareanbieter verarbeitet strukturierte und unstrukturierte Informationen aus Polizeidaten oder Patientendaten und versucht, sich unverzichtbar zu machen für die Behörden, mit denen er Verträge hat. In Deutschland steht Palantir allerdings eine Entscheidung des Bundesverfassungsgerichts im Weg, das erstmals über den Einsatz von heute gern als KI gehypter Software für Polizeidaten entschieden hat.","title":"Der sehende Stein der Polizeibehörden ","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"Der Vortrag behandelt vier Schwerpunkte:\r\n1.: In welchen Bundesländern und zu welchem Zweck wird die Palantir-Software Gotham eingesetzt oder soll in Zukunft eingesetzt werden? \r\n2.: Wie funktioniert die Software und welche Risiken bringt ihr Einsatz mit sich?\r\n3.: Welche rechtlichen Einschränkungen gelten und wie könnten sie technisch umgesetzt werden? \r\n4.: Hessen hat sein Gesetz aufgrund der Entscheidung des Bundesverfassungsgerichts angepasst. Stellt die Neuregelung für die Gotham-Software unter dem Namen „Hessendata“ wirklich eine Verbesserung dar?\r\n\r\nÜber mit dem Einsatz der Software verbundene Risiken – darunter Diskriminierung, Stigmatisierung, Datenschutz, IT-Sicherheit, Kontrollierbarkeit – sprechen Constanze Kurz (CCC), Simone Ruf und Jürgen Bering (beide Gesellschaft für Freiheitsrechte, GFF). Beide Organisationen waren am Verfahren vor dem BVerfG beteiligt: Die GFF hatte das Verfahren initiiert und der CCC wirkte als Sachverständiger mit.\n\n\nDer Markt von Palantir ist der öffentliche Sektor, längst in Europa und auch in Deutschland. Der umstrittene US-Softwareanbieter verarbeitet strukturierte und unstrukturierte Informationen aus Polizeidaten oder Patientendaten und versucht, sich unverzichtbar zu machen für die Behörden, mit denen er Verträge hat. In Deutschland steht Palantir allerdings eine Entscheidung des Bundesverfassungsgerichts im Weg, das erstmals über den Einsatz von heute gern als KI gehypter Software für Polizeidaten entschieden hat.","end_timestamp":{"seconds":1703774700,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53644],"name":"Constanze Kurz","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52358},{"conference_id":131,"event_ids":[53644],"name":"Simone Ruf","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52425},{"conference_id":131,"event_ids":[53644],"name":"Jürgen Bering","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52462}],"timeband_id":1141,"links":[],"end":"2023-12-28T14:45:00.000-0000","id":53644,"tag_ids":[46121,46136,46139],"village_id":null,"begin_timestamp":{"seconds":1703771100,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52358},{"tag_id":46107,"sort_order":1,"person_id":52462},{"tag_id":46107,"sort_order":1,"person_id":52425}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","begin":"2023-12-28T13:45:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This presentation will start with an introduction to the hardware of the Nintendo DSi and the history of earlier hacking attempts. This is followed by an explanation on how to extract, analyze, and exploit the boot ROMs of the console, leading to a complete defeat of the security of the system.\r\n\r\nThis presentation will not shy away from technical explanations involving software exploitation, fault injection, cryptography, and hardware design. We will however try to make it understandable and enjoyable to less technically-inclined audiences.\n\n\nOver the years, many talks about console jailbreaks have been presented at CCC. However, one console has been left overlooked: the Nintendo DSi. It didn't see any serious hacks in its active lifetime, the ones that eventually appeared aren't completely satisfactory, and several components (such as its boot ROMs) were left untouched. In this presentation, we rectify the situation, explain how to extract the boot ROMs, and demonstrate new jailbreaks that can take over the console at an even deeper level. As a bonus, this work makes it possible to revive consoles with worn-out eMMC NAND chips.","title":"Nintendo hacking 2023: 2008","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"This presentation will start with an introduction to the hardware of the Nintendo DSi and the history of earlier hacking attempts. This is followed by an explanation on how to extract, analyze, and exploit the boot ROMs of the console, leading to a complete defeat of the security of the system.\r\n\r\nThis presentation will not shy away from technical explanations involving software exploitation, fault injection, cryptography, and hardware design. We will however try to make it understandable and enjoyable to less technically-inclined audiences.\n\n\nOver the years, many talks about console jailbreaks have been presented at CCC. However, one console has been left overlooked: the Nintendo DSi. It didn't see any serious hacks in its active lifetime, the ones that eventually appeared aren't completely satisfactory, and several components (such as its boot ROMs) were left untouched. In this presentation, we rectify the situation, explain how to extract the boot ROMs, and demonstrate new jailbreaks that can take over the console at an even deeper level. As a bonus, this work makes it possible to revive consoles with worn-out eMMC NAND chips.","end_timestamp":{"seconds":1703774700,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[{"label":"Modchip firmware, exploit payload, DIY guide","type":"link","url":"https://github.com/dsi-modchip"},{"label":"Glitching setup (PoroCYon)","type":"link","url":"https://gitlab.ulyssis.org/pcy/dsi-hacking-stuff"},{"label":"Glitching setup (stuckpixel & Normmatt)","type":"link","url":"https://github.com/pixel-stuck/dsi_glitching"},{"label":"slides","type":"link","url":"https://dsi-modchip.github.io/37c3/"}],"end":"2023-12-28T14:45:00.000-0000","id":53513,"begin_timestamp":{"seconds":1703771100,"nanoseconds":0},"village_id":null,"tag_ids":[46124,46136,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"begin":"2023-12-28T13:45:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Mate (she/her) ist Psychotherapeutin (in Ausbildung), hat selbst schon lange Therapieerfahrung und möchte Menschen gerne einen Raum geben um mehr über Therapie und psychosoziale Beratung erfahren zu können. Es soll gerne einen gemeinsamen Emo-Austausch geben.\n\n\nImmer mehr Menschen möchten Psychotherapie machen, aber wissen vor lauter inneren (#Stigmatisierung) und äußeren (#langeWartezeit) Hürden nicht wohin der Weg. In diesen Workshop wird ein Überblick gegeben, was es so für verschieden Therapiearten gibt und wie mensch die ersten Schritte gen mögliche Therapie machen kann. Außerdem gibts einen Austausch zu Self Care-Alternativen in beschissenen Zeiten wie diesen, als auch eine ausgiebige Emo-Runde. We can also speak in English or do whisper translation.","title":"How to therapy","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#7f73c6","name":"Workshop","id":46133},"end_timestamp":{"seconds":1703776200,"nanoseconds":0},"android_description":"Mate (she/her) ist Psychotherapeutin (in Ausbildung), hat selbst schon lange Therapieerfahrung und möchte Menschen gerne einen Raum geben um mehr über Therapie und psychosoziale Beratung erfahren zu können. Es soll gerne einen gemeinsamen Emo-Austausch geben.\n\n\nImmer mehr Menschen möchten Psychotherapie machen, aber wissen vor lauter inneren (#Stigmatisierung) und äußeren (#langeWartezeit) Hürden nicht wohin der Weg. In diesen Workshop wird ein Überblick gegeben, was es so für verschieden Therapiearten gibt und wie mensch die ersten Schritte gen mögliche Therapie machen kann. Außerdem gibts einen Austausch zu Self Care-Alternativen in beschissenen Zeiten wie diesen, als auch eine ausgiebige Emo-Runde. We can also speak in English or do whisper translation.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53715],"name":"Mate","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52251}],"timeband_id":1141,"links":[],"end":"2023-12-28T15:10:00.000-0000","id":53715,"tag_ids":[46133,46139],"begin_timestamp":{"seconds":1703770800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52251}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T13:40:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Not every type of Bitcoin wallet stores the seed in the same way, there are big differences in terms of security. The difference between hot wallets and hardware wallets is probably well known. This presentation provides a deeper insight into these and other differences.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Bitcoin Wallet Seed Security","end_timestamp":{"seconds":1703772000,"nanoseconds":0},"android_description":"Not every type of Bitcoin wallet stores the seed in the same way, there are big differences in terms of security. The difference between hot wallets and hardware wallets is probably well known. This presentation provides a deeper insight into these and other differences.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T14:00:00.000-0000","id":53913,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703770200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T13:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Sie sind überall. Sie sehen aus wie Du und Ich. Keine Wagenburg und kein Umsonstladen hat keinen Verlust an die Schwurbulonen zu beklagen. Selbst altwürdige Antifa-Organisationen sind gekippt oder schweben in Gefahr in die Hände dieser stochastischen Gemeinschaft zu fallen. \r\n\r\nWas tun gegen Rechts-Abdriften der Linken, bröckelnde Brandmauer der Mitte und Radikalisierung der Rechten? Erklärungen gibt es viele, aber wirksame Mittel scheinen nicht in Sicht. \r\nWir rufen dich Galaktika!\r\njaaaaaaaaaaaa was gibts? IGITT. Was ihr Menschen euch immer ausdenkt\r\n\r\nDie Antiverschwurbelte Aktion ist ein bundesweites Aktionsnetzwerk gegen Querdenken. Mit viel Humor und Empathie nehmen wir den kleinen Volksaufstand auf die Schippe.\r\nIn Köln legen wir vor dem Publikum Rechenschaft über unsere Tätigkeiten ab und geben Tipps und Ermutigung im Umgang mit .... ja womit haben wir es da überhaupt zu tun ????\r\n\r\nunsere leistungen umfassen:\r\n⏩ intro (schnappi)\r\n⏩ moderation (bronto)\r\n⏩ best of echsen-gegenprotest 2023 (trejo)\r\n⏩ best of kevin gabbe (echsorbitant) \r\n⏩ alu-jesus teil II (alujesus)\r\n⏩ musik: ode an die überläufer*innen (t-flechs) \r\n⏩ techno gegen elmo (kröte)\r\n⏩ entschuldigung bei den ungeimpften für unsere unachtsamkeit (techstremist*in)\r\n⏩ querfront von \"links\" (schnappi)\r\n⏩ kleinparteien gegen afd (veloceraptor)\r\n⏩ musik gegen resignation (wendlandechse)\r\n⏩ die politischen grenzen von meditation (wendlandechse)\r\n✅ Q&A mit bartagame und euren fragen💄 \r\n\r\nUnsere Talks beim CCC die letzten Jahre:\r\n\r\n2020 \r\n\r\nhttps://media.ccc.de/v/rc3-11498-schwurbeldemos_der_neuen_rechten_und_gegenprotest\r\n\r\n2021\r\n\r\nhttps://kolektiva.media/w/okL7ACMAVt52hHn2Q1nMf7\r\n\r\n2022\r\n\r\nhttps://media.ccc.de/v/jev22-7282-antiverschwurbeltes_axiom\r\n\r\nnicht verpassen und sagts allen weiter :)\n\n\nVerschwörungs-Gläubige, Antifa-Echsen-Comedy & Naziporn","title":"Die Schwurbulaner vom Planeten Schwurbolus","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#f6ae74","name":"Talk 90 Minuten +15m Q&A","id":46132},"android_description":"Sie sind überall. Sie sehen aus wie Du und Ich. Keine Wagenburg und kein Umsonstladen hat keinen Verlust an die Schwurbulonen zu beklagen. Selbst altwürdige Antifa-Organisationen sind gekippt oder schweben in Gefahr in die Hände dieser stochastischen Gemeinschaft zu fallen. \r\n\r\nWas tun gegen Rechts-Abdriften der Linken, bröckelnde Brandmauer der Mitte und Radikalisierung der Rechten? Erklärungen gibt es viele, aber wirksame Mittel scheinen nicht in Sicht. \r\nWir rufen dich Galaktika!\r\njaaaaaaaaaaaa was gibts? IGITT. Was ihr Menschen euch immer ausdenkt\r\n\r\nDie Antiverschwurbelte Aktion ist ein bundesweites Aktionsnetzwerk gegen Querdenken. Mit viel Humor und Empathie nehmen wir den kleinen Volksaufstand auf die Schippe.\r\nIn Köln legen wir vor dem Publikum Rechenschaft über unsere Tätigkeiten ab und geben Tipps und Ermutigung im Umgang mit .... ja womit haben wir es da überhaupt zu tun ????\r\n\r\nunsere leistungen umfassen:\r\n⏩ intro (schnappi)\r\n⏩ moderation (bronto)\r\n⏩ best of echsen-gegenprotest 2023 (trejo)\r\n⏩ best of kevin gabbe (echsorbitant) \r\n⏩ alu-jesus teil II (alujesus)\r\n⏩ musik: ode an die überläufer*innen (t-flechs) \r\n⏩ techno gegen elmo (kröte)\r\n⏩ entschuldigung bei den ungeimpften für unsere unachtsamkeit (techstremist*in)\r\n⏩ querfront von \"links\" (schnappi)\r\n⏩ kleinparteien gegen afd (veloceraptor)\r\n⏩ musik gegen resignation (wendlandechse)\r\n⏩ die politischen grenzen von meditation (wendlandechse)\r\n✅ Q&A mit bartagame und euren fragen💄 \r\n\r\nUnsere Talks beim CCC die letzten Jahre:\r\n\r\n2020 \r\n\r\nhttps://media.ccc.de/v/rc3-11498-schwurbeldemos_der_neuen_rechten_und_gegenprotest\r\n\r\n2021\r\n\r\nhttps://kolektiva.media/w/okL7ACMAVt52hHn2Q1nMf7\r\n\r\n2022\r\n\r\nhttps://media.ccc.de/v/jev22-7282-antiverschwurbeltes_axiom\r\n\r\nnicht verpassen und sagts allen weiter :)\n\n\nVerschwörungs-Gläubige, Antifa-Echsen-Comedy & Naziporn","end_timestamp":{"seconds":1703776500,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53554],"name":"schnappi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52316}],"timeband_id":1141,"links":[],"end":"2023-12-28T15:15:00.000-0000","id":53554,"tag_ids":[46132,46139],"village_id":null,"begin_timestamp":{"seconds":1703770200,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52316}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T13:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Tagging game in the mime hous -- an interactive acting-focused hide and seek game from improvisational theatre.\r\n\r\nIt starts with a small general warmup and a few easy exercises to mime on the stage.\r\n\r\nThen we play the following game together: At first we stablish a house with surroundungs quite detailed. Then one person leaves the room, the others hide in this mime house. Then the person comes in again and has to find and catch the hidden persons.\r\n\r\nThe interesting thing is, that the searching person in real life does see all the other persons sitting, lying, crouching, ... on the stage, but in game obviously not. They have to be catched in-game!, and can also run away, re-hide, ...\r\n\r\nSeveral rounds are probably possible.\r\n\r\n*🧮* \r\n*offered by: [@dreieck](https://events.ccc.de/congress/2023/hub/user/dreieck/)*\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Fangenspiel im Pantomimehaus -- ein interaktives handlungslastiges Versteck- und Suchspiel aus dem Improvisationstheater. [en:] Tagging game in the mime house.","android_description":"Tagging game in the mime hous -- an interactive acting-focused hide and seek game from improvisational theatre.\r\n\r\nIt starts with a small general warmup and a few easy exercises to mime on the stage.\r\n\r\nThen we play the following game together: At first we stablish a house with surroundungs quite detailed. Then one person leaves the room, the others hide in this mime house. Then the person comes in again and has to find and catch the hidden persons.\r\n\r\nThe interesting thing is, that the searching person in real life does see all the other persons sitting, lying, crouching, ... on the stage, but in game obviously not. They have to be catched in-game!, and can also run away, re-hide, ...\r\n\r\nSeveral rounds are probably possible.\r\n\r\n*🧮* \r\n*offered by: [@dreieck](https://events.ccc.de/congress/2023/hub/user/dreieck/)*","end_timestamp":{"seconds":1703772900,"nanoseconds":0},"updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T14:15:00.000-0000","id":53930,"village_id":null,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703768400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Foyer Level 2 (In front of the elevators left of Stage Y)","hotel":"","short_name":"Foyer Level 2 (In front of the elevators left of Stage Y)","id":46156},"begin":"2023-12-28T13:00:00.000-0000","updated":"2023-12-29T15:25:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"check out F.Lutze <3\n\n\n","title":"F.Lutze","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703779200,"nanoseconds":0},"android_description":"check out F.Lutze <3","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T16:00:00.000-0000","id":53923,"village_id":null,"begin_timestamp":{"seconds":1703768400,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This workshop is about interactive and algorithmic light and sound design, depending on the code and the movements and positions of the people in the room. The input data is a LiDAR laser 2D tracking system and self-built motion suites. As output we use the show technology of the lounge, i.e. moving heads and other lamps and the music system. The input data is provided via OSC, the output data is sent via ArtNet to the lighting console and analog to the sound console. We mainly work with Touchdesigner, but any other programming environment that can speak OSC and ArtNet or generate sounds is welcome. At the beginning there will be a short introduction to the technology so that you can then work independently on projects. The workshop takes place daily. The tracking system works with the \"Pharus\" software from the Ars Electronica Future Lab and the motion suites were created as part of a fellowship at the Academy for Theater and Digitality. \r\n\r\nProject link: https://www.artesmobiles.art/_mergingentities\r\n\r\nInterface readme for the workshop: https://events.ccc.de/congress/2023/hub/en/project/hackin-the-disco/\n\n\nThis workshop is about interactive and algorithmic light and sound design, depending on the code and the movements and positions of the people in the room.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Hackin the Disco Day 2","end_timestamp":{"seconds":1703775600,"nanoseconds":0},"android_description":"This workshop is about interactive and algorithmic light and sound design, depending on the code and the movements and positions of the people in the room. The input data is a LiDAR laser 2D tracking system and self-built motion suites. As output we use the show technology of the lounge, i.e. moving heads and other lamps and the music system. The input data is provided via OSC, the output data is sent via ArtNet to the lighting console and analog to the sound console. We mainly work with Touchdesigner, but any other programming environment that can speak OSC and ArtNet or generate sounds is welcome. At the beginning there will be a short introduction to the technology so that you can then work independently on projects. The workshop takes place daily. The tracking system works with the \"Pharus\" software from the Ars Electronica Future Lab and the motion suites were created as part of a fellowship at the Academy for Theater and Digitality. \r\n\r\nProject link: https://www.artesmobiles.art/_mergingentities\r\n\r\nInterface readme for the workshop: https://events.ccc.de/congress/2023/hub/en/project/hackin-the-disco/\n\n\nThis workshop is about interactive and algorithmic light and sound design, depending on the code and the movements and positions of the people in the room.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T15:00:00.000-0000","id":53918,"begin_timestamp":{"seconds":1703768400,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"begin":"2023-12-28T13:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Du möchtest in einer Welt kreativ werden, gemeinsam etwas bauen und die Möglichkeiten der Erweiterung von Minetest durch Mods ausprobieren? Dann bist du hier genau richtig. Komm einfach mit eigenem Gerät vorbei, wir helfen bei der Installation.\n\n\nHier kann man lernen, wie man Mintest spielt.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Minetest - Tag 2","end_timestamp":{"seconds":1703772000,"nanoseconds":0},"android_description":"Du möchtest in einer Welt kreativ werden, gemeinsam etwas bauen und die Möglichkeiten der Erweiterung von Minetest durch Mods ausprobieren? Dann bist du hier genau richtig. Komm einfach mit eigenem Gerät vorbei, wir helfen bei der Installation.\n\n\nHier kann man lernen, wie man Mintest spielt.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T14:00:00.000-0000","id":53867,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703768400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal B - Hackcenter","hotel":"","short_name":"Saal B - Hackcenter","id":46157},"spans_timebands":"N","begin":"2023-12-28T13:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://www.namecoin.org/\n\n\nSee us demo the new atomic name trading functionality in Namecoin, and give us your feedback on how we can improve it.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Namecoin Atomic Name Trading Workshop","end_timestamp":{"seconds":1703772000,"nanoseconds":0},"android_description":"https://www.namecoin.org/\n\n\nSee us demo the new atomic name trading functionality in Namecoin, and give us your feedback on how we can improve it.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T14:00:00.000-0000","id":53853,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703768400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"spans_timebands":"N","begin":"2023-12-28T13:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We are climate justice activists and are looking for hackers.\r\nWe want to brainstorm how to creatively repurpose public displays such as traffic lights, parking systems and adverts as political action.\r\nThe \"workshop\" should be a kind of networking meeting, so that this form of action becomes more common.\r\n\r\n🧮\n\n\n","title":"Klimagerechtigkeit erhacken","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"We are climate justice activists and are looking for hackers.\r\nWe want to brainstorm how to creatively repurpose public displays such as traffic lights, parking systems and adverts as political action.\r\nThe \"workshop\" should be a kind of networking meeting, so that this form of action becomes more common.\r\n\r\n🧮","end_timestamp":{"seconds":1703770200,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T13:30:00.000-0000","id":53850,"village_id":null,"begin_timestamp":{"seconds":1703768400,"nanoseconds":0},"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Replicant is an Android distribution that is certified by the FSF that supports some Smartphones and Tablets.\r\n\r\n\r\nHistorically Replicant has united different struggles / concerns within the same project:\r\n\r\n\r\n It enabled to use hardware way longer, limiting damage on planet and workers.\r\n\r\n Compatible hardware could be found second hand in various ways (shops, free, etc). This made it accessible by a wide variety of people.\r\n\r\n Many of the supported hardware were made and sold in big numbers so they have a wide ecosystem around them like replacement batteries, repair knowledge, second hand shops.\r\n\r\n While all the supported hardware contains nonfree software (bootloader, sometimes another operating system loaded on the same CPU alongside Android/Replicant, details will be explained in the talk), Replicant itself is fully free, which appeals to people caring about free software.\r\n\r\n It avoided backdoors and chose to support only specific phones to limit the privacy damage (this was done by isolating the modem, more will be explained in the talk).\r\n\r\nWhile Replicant always had to take difficult strategic decisions that affected the above, with effects on both the amount of work required to support devices and the amount of work required to move to new Android versions, things also changed a lot in the last years.\r\n\r\nModern off the shelf smartphones hardware made it impossible to address the same concerns than before: Replicant depends on hardware design features like modem isolation to provide some privacy guarantees (details will be in the talk). Supporting devices with batteries that cannot be replaced also lead to lot of complications for users (batteries that last less on second hand devices, limited lifespan, etc) that in turn put impossible constraints on contributors (supporting new devices as soon as they are released).\r\n\r\nOther issues like the disappearance of 3G networks, or the status of some Android related project also affect Replicant in big ways.\r\n\r\nOn another hand Replicant also ended up with way more resources than before: it has enough money (about 200 000$) to fund development work during few years and also managed to get funding from NLnet to work on specific tasks.\r\n\r\nAll that brings huge changes in the project and makes strategic decisions harder than before.\r\n\r\nThe talk will start with information on why having 100% free software Android distribution(s) is still relevant today when GNU/Linux smartphones are becoming a reality again. It will also explain all the background needed to understand the rest of the talk (how smartphones work, what is a modem, what is TrustZone, how Android is different from GNU/Linux from the hardware support and contributor perspective, etc).\r\n\r\nA lot of the focus of this presentation will be about the project strategic decisions: Given the difficult context Replicant operates in, what difficulties it faced, how it solved them. But also current and longer term issues we have. In this talk we are also looking for feedback on our new strategy and/or ideas to address some of the longer time concerns we have, some of which other projects also faced.\n\n\nReplicant is an Android distribution that is certified by the FSF that supports some Smartphones and Tablets. After explaining some extensive background about the project and its situation, the talk will focus on the project strategic decisions and will also try to involve the audience to get feedback on some of the project current and longer term issues that we didn't solve yet.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Replicant struggle: past and present successes and failures","android_description":"Replicant is an Android distribution that is certified by the FSF that supports some Smartphones and Tablets.\r\n\r\n\r\nHistorically Replicant has united different struggles / concerns within the same project:\r\n\r\n\r\n It enabled to use hardware way longer, limiting damage on planet and workers.\r\n\r\n Compatible hardware could be found second hand in various ways (shops, free, etc). This made it accessible by a wide variety of people.\r\n\r\n Many of the supported hardware were made and sold in big numbers so they have a wide ecosystem around them like replacement batteries, repair knowledge, second hand shops.\r\n\r\n While all the supported hardware contains nonfree software (bootloader, sometimes another operating system loaded on the same CPU alongside Android/Replicant, details will be explained in the talk), Replicant itself is fully free, which appeals to people caring about free software.\r\n\r\n It avoided backdoors and chose to support only specific phones to limit the privacy damage (this was done by isolating the modem, more will be explained in the talk).\r\n\r\nWhile Replicant always had to take difficult strategic decisions that affected the above, with effects on both the amount of work required to support devices and the amount of work required to move to new Android versions, things also changed a lot in the last years.\r\n\r\nModern off the shelf smartphones hardware made it impossible to address the same concerns than before: Replicant depends on hardware design features like modem isolation to provide some privacy guarantees (details will be in the talk). Supporting devices with batteries that cannot be replaced also lead to lot of complications for users (batteries that last less on second hand devices, limited lifespan, etc) that in turn put impossible constraints on contributors (supporting new devices as soon as they are released).\r\n\r\nOther issues like the disappearance of 3G networks, or the status of some Android related project also affect Replicant in big ways.\r\n\r\nOn another hand Replicant also ended up with way more resources than before: it has enough money (about 200 000$) to fund development work during few years and also managed to get funding from NLnet to work on specific tasks.\r\n\r\nAll that brings huge changes in the project and makes strategic decisions harder than before.\r\n\r\nThe talk will start with information on why having 100% free software Android distribution(s) is still relevant today when GNU/Linux smartphones are becoming a reality again. It will also explain all the background needed to understand the rest of the talk (how smartphones work, what is a modem, what is TrustZone, how Android is different from GNU/Linux from the hardware support and contributor perspective, etc).\r\n\r\nA lot of the focus of this presentation will be about the project strategic decisions: Given the difficult context Replicant operates in, what difficulties it faced, how it solved them. But also current and longer term issues we have. In this talk we are also looking for feedback on our new strategy and/or ideas to address some of the longer time concerns we have, some of which other projects also faced.\n\n\nReplicant is an Android distribution that is certified by the FSF that supports some Smartphones and Tablets. After explaining some extensive background about the project and its situation, the talk will focus on the project strategic decisions and will also try to involve the audience to get feedback on some of the project current and longer term issues that we didn't solve yet.","end_timestamp":{"seconds":1703772000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T14:00:00.000-0000","id":53717,"begin_timestamp":{"seconds":1703768400,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"spans_timebands":"N","begin":"2023-12-28T13:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"I would like to give a workshop in which stencils are made with a knife and paper, which are then used as screen printing stencils. The workshop is suitable for both older and younger participants.\r\nIn this workshop we will make paper stencils which we will then use to print on fabric. Bring a T-shirt, kitchen towel or similar.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Siebdruck für die ganze Familie","end_timestamp":{"seconds":1703775600,"nanoseconds":0},"android_description":"I would like to give a workshop in which stencils are made with a knife and paper, which are then used as screen printing stencils. The workshop is suitable for both older and younger participants.\r\nIn this workshop we will make paper stencils which we will then use to print on fabric. Bring a T-shirt, kitchen towel or similar.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T15:00:00.000-0000","id":53709,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703768400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Kidspace - Workshopraum in Saal B","hotel":"","short_name":"Kidspace - Workshopraum in Saal B","id":46143},"spans_timebands":"N","begin":"2023-12-28T13:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: Maximilian Voigt\r\n\r\nWelche Learnings gibt es bereits? Welches Wissen, welche Kompetenzen und welche Handlungsempfehlungen für Hardwareentwickler*innen gibt es bereits für die erfolgreiche Realisierung von Open Source Hardware Projekten? Was fehlt noch, wo gibt es immer wieder Probleme? Nach einer Vorstellung der Learnings aus der ersten Runde des Prototype Fund Hardware sammeln wir gemeinsam.\n\n\nOpen Hardware ist ein elementarer Bestandteil einer nachhaltigen, zirkulären Gesellschaft. Aber wie kommen wir dahin?","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Open Hardware in der zirkulären Praxis: Learnings und Best Practices","end_timestamp":{"seconds":1703772000,"nanoseconds":0},"android_description":"Host: Maximilian Voigt\r\n\r\nWelche Learnings gibt es bereits? Welches Wissen, welche Kompetenzen und welche Handlungsempfehlungen für Hardwareentwickler*innen gibt es bereits für die erfolgreiche Realisierung von Open Source Hardware Projekten? Was fehlt noch, wo gibt es immer wieder Probleme? Nach einer Vorstellung der Learnings aus der ersten Runde des Prototype Fund Hardware sammeln wir gemeinsam.\n\n\nOpen Hardware ist ein elementarer Bestandteil einer nachhaltigen, zirkulären Gesellschaft. Aber wie kommen wir dahin?","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T14:00:00.000-0000","id":53687,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703768400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Ajuvo und Piko sprechen über besseres Arbeitsklima.\n\n\n","title":"Arbeitsklima in der IT","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"Ajuvo und Piko sprechen über besseres Arbeitsklima.","end_timestamp":{"seconds":1703773800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T14:30:00.000-0000","id":53679,"begin_timestamp":{"seconds":1703768400,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Ever wanted to learn how to read an Asian language but Chinese, Japanese or Thai seem way too intimidating? Did you know: the Korean language has had an alphabet for almost six hundred years now, known as 한글 or hangeul? In this self-organized session, we'll learn the Korean alphabet and go over a few basic words! ^^\r\nDisclaimer: I'm not a native speaker. 🧮","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Learning the Korean alphabet","end_timestamp":{"seconds":1703770200,"nanoseconds":0},"android_description":"Ever wanted to learn how to read an Asian language but Chinese, Japanese or Thai seem way too intimidating? Did you know: the Korean language has had an alphabet for almost six hundred years now, known as 한글 or hangeul? In this self-organized session, we'll learn the Korean alphabet and go over a few basic words! ^^\r\nDisclaimer: I'm not a native speaker. 🧮","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T13:30:00.000-0000","id":53514,"begin_timestamp":{"seconds":1703768400,"nanoseconds":0},"tag_ids":[46137,46139,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Quasiroom","hotel":"","short_name":"Quasiroom","id":46142},"begin":"2023-12-28T13:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"A meetup for people working on the CYCLOPS CTF/ARG at Congress.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"CYCLOPS Meetup","android_description":"A meetup for people working on the CYCLOPS CTF/ARG at Congress.","end_timestamp":{"seconds":1703772000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T14:00:00.000-0000","id":53477,"begin_timestamp":{"seconds":1703768400,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"House","hotel":"","short_name":"House","id":46137},"spans_timebands":"N","begin":"2023-12-28T13:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Die sich beschleunigt entfaltende Klimakatastrophe stellt die vordringlichste kollektive Herausforderung der Menschheit dar. Sie ist riesig, unübersehbar, wirkt irgendwie langsam im Gegensatz zu akuten Krisen wie Krieg oder Pandemien. Sie lädt deshalb ein zur destruktiven Prokrastination. Paralysiert verharrt ein Großteil von uns in Ignoranz oder überwältigender Ohnmacht. Warum das denn? Das Wissen um die Notwendigkeit des Handelns und die zu treffenden Maßnahmen ist da. Was für die Umsetzung ins konsequente Handeln fehlt – das ist die These des Talks – sind überzeugende kollektive Narrative. Gesucht wird eine Erzählung der Endlichkeit, die zur Gestaltung einer transformierten nachhaltigen und egalitären Zukunft motiviert. Dass es dringend sinnstiftende, universalistische Erzählungen braucht, zeigen auch der Trend von Verschwörungsmythen, die wachsende Prepper-Szene, das Comeback religiöser Heilsversprechungen und Fantasien, den individuellen oder kollektiven Tod mittels Technologisierung (#mindupload, #Dadbot, #Transhumanismus, #SpaceX) ganz abzuschaffen.\r\n\r\nAktuelle zivilgesellschaftliche Bewegungen zur Verhinderung der Klimakatastrophe verbreiten mit ihren Aktivitäten unterschiedliche Erzählungen, die zum Teil medial gegeneinander ausgespielt werden. Der Talk gibt einen Rahmen, in dem die verbindenden Elemente sichtbar werden. Wir laden zwei Aktivist:innen unterschiedlicher Bewegungen (Letzte Generation und „Solarpunk\") ein, ihr Engagement im Kontext dieser erzählerischen Komponenten vorzustellen: Welches menschliche Selbstbild, welcher Technikbegriff, welcher Körperbegriff steckt darin und wie wird mit Endlichkeit, Verletzlichkeit und Transformation umgegangen? Wie wird bei Aktionen die eigene Körperlichkeit eingesetzt? Was ist die Rolle von Technologien, z.B. KI, in dieser Erzählung?\r\n\r\nDer Talk versteht sich als Teil der Weiterentwicklung von unterschiedlichen aktivistischen Ansätzen – divers wie die Ökosysteme selbst – und deren Verbindung zu einer gesellschaftlich wirkmächtigen Bewegung im Kampf gegen die Klimakrise.\n\n\nEs war einmal ein Planet voller Affen, die sich Geschichten über sich, das Universum, die Technik und den ganzen Rest erzählten. Sie erzählten sich vor allem Storys vom unendlichen Wachstum und von der technologischen Überwindung der Sterblichkeit. Spätestens im Jahr 2023 passten diese sehr mächtigen Erzählungen nicht mehr. Die Ökosysteme brachen zusammen, planetare Grenzen und Artensterben wurden unignorierbar und so standen nicht nur das Klima, sondern auch die alten Narrative an einen Kipppunkt…\r\n\r\nWelche Geschichte(n) von individueller und kollektiver Sterblichkeit müssen wir uns heute erzählen, um handlungsfähige Mehrheiten für eine nachhaltige, egalitäre und emanzipative digitale Zukunft zu mobilisieren?\r\n\r\nIm Talk zeigen wir den engen Zusammenhang von (Un-)Sterblichkeits-Erzählungen, menschlichem Selbstbild und Zukunftsvorstellungen – vor allem aber deren Wirkmacht auf unsre Handlungsfähigkeit.\r\n\r\nDazu laden wir zwei Gäste ein, uns ihre Narrative zu zeigen: ein\\*e Aktivisti der Letzten Generation und Daniel Domscheit-Berg, der über Solarpunk sprechen wird. Anschließend basteln wir es zusammen: zwischen „I want you to panic” und „DON’T PANIC!” – welche Narrative brauchen wir jetzt und hier, um uns zwischen Trauer um diese Welt und der Lust am (Über)leben zu organisieren?","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Hurra, diese Welt geht unter!?","end_timestamp":{"seconds":1703770200,"nanoseconds":0},"android_description":"Die sich beschleunigt entfaltende Klimakatastrophe stellt die vordringlichste kollektive Herausforderung der Menschheit dar. Sie ist riesig, unübersehbar, wirkt irgendwie langsam im Gegensatz zu akuten Krisen wie Krieg oder Pandemien. Sie lädt deshalb ein zur destruktiven Prokrastination. Paralysiert verharrt ein Großteil von uns in Ignoranz oder überwältigender Ohnmacht. Warum das denn? Das Wissen um die Notwendigkeit des Handelns und die zu treffenden Maßnahmen ist da. Was für die Umsetzung ins konsequente Handeln fehlt – das ist die These des Talks – sind überzeugende kollektive Narrative. Gesucht wird eine Erzählung der Endlichkeit, die zur Gestaltung einer transformierten nachhaltigen und egalitären Zukunft motiviert. Dass es dringend sinnstiftende, universalistische Erzählungen braucht, zeigen auch der Trend von Verschwörungsmythen, die wachsende Prepper-Szene, das Comeback religiöser Heilsversprechungen und Fantasien, den individuellen oder kollektiven Tod mittels Technologisierung (#mindupload, #Dadbot, #Transhumanismus, #SpaceX) ganz abzuschaffen.\r\n\r\nAktuelle zivilgesellschaftliche Bewegungen zur Verhinderung der Klimakatastrophe verbreiten mit ihren Aktivitäten unterschiedliche Erzählungen, die zum Teil medial gegeneinander ausgespielt werden. Der Talk gibt einen Rahmen, in dem die verbindenden Elemente sichtbar werden. Wir laden zwei Aktivist:innen unterschiedlicher Bewegungen (Letzte Generation und „Solarpunk\") ein, ihr Engagement im Kontext dieser erzählerischen Komponenten vorzustellen: Welches menschliche Selbstbild, welcher Technikbegriff, welcher Körperbegriff steckt darin und wie wird mit Endlichkeit, Verletzlichkeit und Transformation umgegangen? Wie wird bei Aktionen die eigene Körperlichkeit eingesetzt? Was ist die Rolle von Technologien, z.B. KI, in dieser Erzählung?\r\n\r\nDer Talk versteht sich als Teil der Weiterentwicklung von unterschiedlichen aktivistischen Ansätzen – divers wie die Ökosysteme selbst – und deren Verbindung zu einer gesellschaftlich wirkmächtigen Bewegung im Kampf gegen die Klimakrise.\n\n\nEs war einmal ein Planet voller Affen, die sich Geschichten über sich, das Universum, die Technik und den ganzen Rest erzählten. Sie erzählten sich vor allem Storys vom unendlichen Wachstum und von der technologischen Überwindung der Sterblichkeit. Spätestens im Jahr 2023 passten diese sehr mächtigen Erzählungen nicht mehr. Die Ökosysteme brachen zusammen, planetare Grenzen und Artensterben wurden unignorierbar und so standen nicht nur das Klima, sondern auch die alten Narrative an einen Kipppunkt…\r\n\r\nWelche Geschichte(n) von individueller und kollektiver Sterblichkeit müssen wir uns heute erzählen, um handlungsfähige Mehrheiten für eine nachhaltige, egalitäre und emanzipative digitale Zukunft zu mobilisieren?\r\n\r\nIm Talk zeigen wir den engen Zusammenhang von (Un-)Sterblichkeits-Erzählungen, menschlichem Selbstbild und Zukunftsvorstellungen – vor allem aber deren Wirkmacht auf unsre Handlungsfähigkeit.\r\n\r\nDazu laden wir zwei Gäste ein, uns ihre Narrative zu zeigen: ein\\*e Aktivisti der Letzten Generation und Daniel Domscheit-Berg, der über Solarpunk sprechen wird. Anschließend basteln wir es zusammen: zwischen „I want you to panic” und „DON’T PANIC!” – welche Narrative brauchen wir jetzt und hier, um uns zwischen Trauer um diese Welt und der Lust am (Über)leben zu organisieren?","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53643],"name":"daniel domscheit-berg","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52328},{"conference_id":131,"event_ids":[53643],"name":"Elenos","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52400},{"conference_id":131,"event_ids":[53643],"name":"Becci","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52434},{"conference_id":131,"event_ids":[53643],"name":"mischko","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52505}],"timeband_id":1141,"links":[],"end":"2023-12-28T13:30:00.000-0000","id":53643,"village_id":null,"tag_ids":[46125,46136,46139],"begin_timestamp":{"seconds":1703767800,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52434},{"tag_id":46107,"sort_order":1,"person_id":52400},{"tag_id":46107,"sort_order":1,"person_id":52328},{"tag_id":46107,"sort_order":1,"person_id":52505}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","begin":"2023-12-28T12:50:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In this talk, the maintainers of the AFLplusplus organization present the QEMU-based instrumentation engines developed as part of AFL++ and LibAFL to fuzz advanced binary-only targets. We discuss our extensions to QEMU, the well-known emulator, to allow high-performance, cross-architecture fuzzing and target instrumentation.\r\n\r\nWe present LibAFL QEMU, a library that offers convenient APIs to hook the target using Rust.\r\nUnlike other public fuzzers, tools built with LibAFL can scale over cores and machines to find vulnerabilities faster and at a large scale. We showcase how we built a custom fuzzer for a binary-only Android library using this new emulator API for fuzzing that scales to 80+ cores almost linearly, reaching a whopping number of executions per second!\r\n\r\nFinally, we demo a proof of concept using LibAFL to find injection vulnerabilities in the binaries, going beyond the typical fuzzing for memory corruptions.\r\n\n\n\nThe maintainers of the AFLplusplus open-source project show crazy new ways to (ab)use QEMU to explore difficult, binary-only targets through fuzzing.\r\n\r\nWe present a proof of concept using LibAFL\\_qemu to find command and SQL-injections, going beyond the classic fuzzing for memory corruption.\r\n\r\nWe also showcase how to build a custom fuzzer to test Android libraries without using a phone.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Fuzz Everything, Everywhere, All at Once","end_timestamp":{"seconds":1703770200,"nanoseconds":0},"android_description":"In this talk, the maintainers of the AFLplusplus organization present the QEMU-based instrumentation engines developed as part of AFL++ and LibAFL to fuzz advanced binary-only targets. We discuss our extensions to QEMU, the well-known emulator, to allow high-performance, cross-architecture fuzzing and target instrumentation.\r\n\r\nWe present LibAFL QEMU, a library that offers convenient APIs to hook the target using Rust.\r\nUnlike other public fuzzers, tools built with LibAFL can scale over cores and machines to find vulnerabilities faster and at a large scale. We showcase how we built a custom fuzzer for a binary-only Android library using this new emulator API for fuzzing that scales to 80+ cores almost linearly, reaching a whopping number of executions per second!\r\n\r\nFinally, we demo a proof of concept using LibAFL to find injection vulnerabilities in the binaries, going beyond the typical fuzzing for memory corruptions.\r\n\n\n\nThe maintainers of the AFLplusplus open-source project show crazy new ways to (ab)use QEMU to explore difficult, binary-only targets through fuzzing.\r\n\r\nWe present a proof of concept using LibAFL\\_qemu to find command and SQL-injections, going beyond the classic fuzzing for memory corruption.\r\n\r\nWe also showcase how to build a custom fuzzer to test Android libraries without using a phone.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53642],"name":"Dongjia Zhang","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52298},{"conference_id":131,"event_ids":[53642],"name":"domenukk","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52338},{"conference_id":131,"event_ids":[53642],"name":"van Hauser","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52349},{"conference_id":131,"event_ids":[53642],"name":"andreafioraldi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52403},{"conference_id":131,"event_ids":[53642],"name":"Addison Crump","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52443}],"timeband_id":1141,"links":[{"label":"LibAFL","type":"link","url":"https://github.com/AFLplusplus/LibAFL"},{"label":"AFL++","type":"link","url":"https://github.com/AFLplusplus/AFLplusplus"}],"end":"2023-12-28T13:30:00.000-0000","id":53642,"begin_timestamp":{"seconds":1703767800,"nanoseconds":0},"tag_ids":[46124,46136,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52443},{"tag_id":46107,"sort_order":1,"person_id":52298},{"tag_id":46107,"sort_order":1,"person_id":52403},{"tag_id":46107,"sort_order":1,"person_id":52338},{"tag_id":46107,"sort_order":1,"person_id":52349}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","begin":"2023-12-28T12:50:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Republic of Belarus is ruled for last 29 years by authoritarian president Alexander Lukashenko. From the deputy chief of collective farm in USSR to the longest president in Europe, he continues to navigate complicated political scene between Russia/EU/US for his own advantage. \r\n\r\nNot even close to any technological sector through help of many Lukashenko turned Belarus into IT country with a lot western countries using developers from the dictatorship for their own project.\r\n\r\nThis presentation is about how the soviet modelled dictatorship managed to transform into technological authoritarian regime, where people are monitored and controlled of their loyalty to the regime, while also continuing a massive wave of repressions started from uprising against Alexander Lukashenko in 2020.\r\n\r\nThe presentation is made by a member of ABC-Belarus - a political solidarity organization from Belarus, working on supporting prisoners and developing security culture among street activists.\n\n\nWith dropping costs of surveillance smaller authoritarian regimes are gaining easier access to different \"out of the box\" security solutions used mainly to further oppress people. On example of Belarus we will see the future that awaits people in many different parts of the world if things don't change fast.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Tractors, Rockets and the Internet in Belarus","android_description":"Republic of Belarus is ruled for last 29 years by authoritarian president Alexander Lukashenko. From the deputy chief of collective farm in USSR to the longest president in Europe, he continues to navigate complicated political scene between Russia/EU/US for his own advantage. \r\n\r\nNot even close to any technological sector through help of many Lukashenko turned Belarus into IT country with a lot western countries using developers from the dictatorship for their own project.\r\n\r\nThis presentation is about how the soviet modelled dictatorship managed to transform into technological authoritarian regime, where people are monitored and controlled of their loyalty to the regime, while also continuing a massive wave of repressions started from uprising against Alexander Lukashenko in 2020.\r\n\r\nThe presentation is made by a member of ABC-Belarus - a political solidarity organization from Belarus, working on supporting prisoners and developing security culture among street activists.\n\n\nWith dropping costs of surveillance smaller authoritarian regimes are gaining easier access to different \"out of the box\" security solutions used mainly to further oppress people. On example of Belarus we will see the future that awaits people in many different parts of the world if things don't change fast.","end_timestamp":{"seconds":1703770200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"end":"2023-12-28T13:30:00.000-0000","links":[{"label":"website","type":"link","url":"https://abc-belarus.org"}],"id":53528,"village_id":null,"begin_timestamp":{"seconds":1703767800,"nanoseconds":0},"tag_ids":[46121,46136,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T12:50:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In diesem Workshop möchten wir (mit vielen Beispielen) ein paar Grundkonzepte erklären wie man gute (Kurz-)Geschichten schreibt.\r\n\r\nNach meinem Allgemeinen Teil in der ersten hälfte erzählt venny euch dann im 2. Teil noch einiges über Worldbuilding für Fantasy und Science Fiction Romane.\r\n\r\nNeben der Theorie gibt es auch viele Praxistips und Erfahrungsberichte aus der (Hobby) Tätigkeit als Schriftsteller.🧮\r\n\r\nAuf Anfrage: Link zur Word & Shield e.V. Website: https://wordandshield.jimdofree.com/ (hat auch link zu unserem Community Discord)\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Workshop für Hobby Schriftsteller - Schriftstellerei und Softwareentwicklung sind garnicht so verschieden","android_description":"In diesem Workshop möchten wir (mit vielen Beispielen) ein paar Grundkonzepte erklären wie man gute (Kurz-)Geschichten schreibt.\r\n\r\nNach meinem Allgemeinen Teil in der ersten hälfte erzählt venny euch dann im 2. Teil noch einiges über Worldbuilding für Fantasy und Science Fiction Romane.\r\n\r\nNeben der Theorie gibt es auch viele Praxistips und Erfahrungsberichte aus der (Hobby) Tätigkeit als Schriftsteller.🧮\r\n\r\nAuf Anfrage: Link zur Word & Shield e.V. Website: https://wordandshield.jimdofree.com/ (hat auch link zu unserem Community Discord)","end_timestamp":{"seconds":1703772000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T14:00:00.000-0000","id":53488,"begin_timestamp":{"seconds":1703766600,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T12:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Let's improve our usage of anki by sharing tips and best practice.\r\n\r\nCome with your questions and potentially one trick that improved your user experience. This can be about add-ons, template, ankihub, shared decks, etc.\r\n\r\nThis discussion is about anki desktop https://apps.ankiweb.net/ , ankidroid on android and ankimobile on iOS. It is not about AnkiApp.\r\n\r\nThe host, Arthur@Milchior.fr, has been using anki since 2017 and started contributing to code in 2019.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Anki meet-up, let's help each other and exchange tips","end_timestamp":{"seconds":1703770200,"nanoseconds":0},"android_description":"Let's improve our usage of anki by sharing tips and best practice.\r\n\r\nCome with your questions and potentially one trick that improved your user experience. This can be about add-ons, template, ankihub, shared decks, etc.\r\n\r\nThis discussion is about anki desktop https://apps.ankiweb.net/ , ankidroid on android and ankimobile on iOS. It is not about AnkiApp.\r\n\r\nThe host, Arthur@Milchior.fr, has been using anki since 2017 and started contributing to code in 2019.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T13:30:00.000-0000","id":53430,"begin_timestamp":{"seconds":1703766600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T12:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Hinter fast jeder Webseite steckt heutzutage als Backend eine Datenbank. Egal ob Instagram, Amazon, die Stadtbibliothek, die Lernplattform von Schule oder Uni ...\r\nWir wollen uns mit der Abfragesprache SQL befassen und ein paar Grundlagen lernen.\r\n\r\nBitte beachten: Für die Teilnahme am Workshop wird ein Gerät mit Tastatur benötigt.\r\n\r\nFINTA-only\n\n\nHinter fast jeder Webseite steckt heutzutage als Backend eine Datenbank. Egal ob Instagram, Amazon, die Stadtbibliothek, die Lernplattform von Schule oder Uni ...\r\nWir wollen uns mit der Abfragesprache SQL befassen und ein paar Grundlagen lernen.","type":{"conference_id":131,"conference":"37C3","color":"#7f73c6","updated_at":"2023-12-30T22:18+0000","name":"Workshop","id":46133},"title":"Datenbankgrundlagen für Anfänger*innen","android_description":"Hinter fast jeder Webseite steckt heutzutage als Backend eine Datenbank. Egal ob Instagram, Amazon, die Stadtbibliothek, die Lernplattform von Schule oder Uni ...\r\nWir wollen uns mit der Abfragesprache SQL befassen und ein paar Grundlagen lernen.\r\n\r\nBitte beachten: Für die Teilnahme am Workshop wird ein Gerät mit Tastatur benötigt.\r\n\r\nFINTA-only\n\n\nHinter fast jeder Webseite steckt heutzutage als Backend eine Datenbank. Egal ob Instagram, Amazon, die Stadtbibliothek, die Lernplattform von Schule oder Uni ...\r\nWir wollen uns mit der Abfragesprache SQL befassen und ein paar Grundlagen lernen.","end_timestamp":{"seconds":1703770500,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T13:35:00.000-0000","id":53714,"tag_ids":[46133,46139],"begin_timestamp":{"seconds":1703765100,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"spans_timebands":"N","begin":"2023-12-28T12:05:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This talk will cover how atomic name trades work in Namecoin, and how we achieved functionality such as non-interactivity, off-chain transactions, and auctions -- all without counterparty risk or trusted third-party intermediaries.\n\n\nTrading domain names for money has historically involved counterparty risk and middlemen. Namecoin changes that with atomic name trades.","title":"Buying and Selling Domain Names in Namecoin","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"This talk will cover how atomic name trades work in Namecoin, and how we achieved functionality such as non-interactivity, off-chain transactions, and auctions -- all without counterparty risk or trusted third-party intermediaries.\n\n\nTrading domain names for money has historically involved counterparty risk and middlemen. Namecoin changes that with atomic name trades.","end_timestamp":{"seconds":1703766600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T12:30:00.000-0000","id":53940,"village_id":null,"begin_timestamp":{"seconds":1703764800,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Critical Decentralisation Cluster [Saal D]","hotel":"","short_name":"Critical Decentralisation Cluster [Saal D]","id":46166},"spans_timebands":"N","begin":"2023-12-28T12:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Podcasting ist in aller Munde, und wir lassen euch podcasten. Wir werden euch in diesem Workshop anleiten einen Podcast aufzunehmen, und diesen dann auch zusammen mit euch schneiden. Dabei geht es zum einen um eine Erfahrung am Mikrofon, aber auch die technischen Hintergründe. Wir schauen also auf das Gespräch im Podcast, aber auch auf Mischpulte, digitale Audiobearbeitung und was einen Podcast so ausmacht.\r\nPodcasting ist in aller Munde, und wir lassen euch podcasten. Wir werden euch in diesem Workshop anleiten einen Podcast aufzunehmen, und diesen dann auch zusammen mit euch schneiden. Dabei geht es zum einen um eine Erfahrung am Mikrofon, aber auch die technischen Hintergründe. Wir schauen also auf das Gespräch im Podcast, aber auch auf Mischpulte, digitale Audiobearbeitung und was einen Podcast so ausmacht.\r\n\r\nWir haben maximal 6 Plätze. Bitte meldet euch bei [Advi](congress/2023/hub/en/user/advi/) entweder per Telefon DECT:2384 oder persönlich an. Spontan erscheinende Menschen können wir nur berücksichtigen, wenn noch Plätze frei sind.\r\n\r\nAlle Plätze sind vergeben.\n\n\nWir zeigen jungen Menschen das Podcasting in der Praxis.","title":"JHT: Podcasting für Einsteiger:innen 2","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703770200,"nanoseconds":0},"android_description":"Podcasting ist in aller Munde, und wir lassen euch podcasten. Wir werden euch in diesem Workshop anleiten einen Podcast aufzunehmen, und diesen dann auch zusammen mit euch schneiden. Dabei geht es zum einen um eine Erfahrung am Mikrofon, aber auch die technischen Hintergründe. Wir schauen also auf das Gespräch im Podcast, aber auch auf Mischpulte, digitale Audiobearbeitung und was einen Podcast so ausmacht.\r\nPodcasting ist in aller Munde, und wir lassen euch podcasten. Wir werden euch in diesem Workshop anleiten einen Podcast aufzunehmen, und diesen dann auch zusammen mit euch schneiden. Dabei geht es zum einen um eine Erfahrung am Mikrofon, aber auch die technischen Hintergründe. Wir schauen also auf das Gespräch im Podcast, aber auch auf Mischpulte, digitale Audiobearbeitung und was einen Podcast so ausmacht.\r\n\r\nWir haben maximal 6 Plätze. Bitte meldet euch bei [Advi](congress/2023/hub/en/user/advi/) entweder per Telefon DECT:2384 oder persönlich an. Spontan erscheinende Menschen können wir nur berücksichtigen, wenn noch Plätze frei sind.\r\n\r\nAlle Plätze sind vergeben.\n\n\nWir zeigen jungen Menschen das Podcasting in der Praxis.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T13:30:00.000-0000","id":53721,"tag_ids":[46137,46141],"village_id":null,"begin_timestamp":{"seconds":1703764800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T12:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"At the Chaoswelle assembly we will give a short introduction to the amateur radio activity program \"Parks On The Air\" (POTA for short) and portable operation (duration approx. 30 minutes). Afterwards, we will start a joint park activation with you on shortwave in the \"Planten un Bloomen\" park in the immediate vicinity of the CCH (duration approx. 120 minutes).\r\n\r\nNo previous experience is necessary; the necessary equipment is provided. Those interested in radio are also explicitly invited and can practice practical radio operations with our training call sign.\r\n\r\nWeatherproof clothing is absolutely necessary for radio operations in the park, as we will definitely be going out (exception: freezing rain or thunderstorms).\r\n\r\nThe event takes place on all four days.\n\n\nEinführung in Parks On The Air (POTA) mit DC1TC und DK4HAA","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"POTA – Parks on the Air [Day 2]","android_description":"At the Chaoswelle assembly we will give a short introduction to the amateur radio activity program \"Parks On The Air\" (POTA for short) and portable operation (duration approx. 30 minutes). Afterwards, we will start a joint park activation with you on shortwave in the \"Planten un Bloomen\" park in the immediate vicinity of the CCH (duration approx. 120 minutes).\r\n\r\nNo previous experience is necessary; the necessary equipment is provided. Those interested in radio are also explicitly invited and can practice practical radio operations with our training call sign.\r\n\r\nWeatherproof clothing is absolutely necessary for radio operations in the park, as we will definitely be going out (exception: freezing rain or thunderstorms).\r\n\r\nThe event takes place on all four days.\n\n\nEinführung in Parks On The Air (POTA) mit DC1TC und DK4HAA","end_timestamp":{"seconds":1703773800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T14:30:00.000-0000","id":53705,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703764800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chaoswelle","hotel":"","short_name":"Chaoswelle","id":46141},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T12:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Ist es eigentlich zielführend Kinder auf die Demokratie vorzubereiten in dem man sie 12 Jahre in ein Schulsystem steckt in dem sie keinerlei Mitbestimmung oder Wahlentscheidungen kennen lernen?\r\nNein, sagen 26 Schulen in Deutschland. Die sog. Demokratischen Schulen sind kleine Schulen von 40 bis 180 Kindern im Alter von 6 bis 18 Jahren, die sich komplett basisdemokratische organisieren. Jeder (egal ob Lehrerin oder Schüler) hat eine Stimme. Natürlich gibt es keine Schulleitung. Die Schulversammlung ist das höchste Entscheidungsgremium.\r\nDazu kommt dass die Schüler komplett frei entscheiden was sie wann wo wie mit wem lernen. Wer keine Lust auf Kurse hat, kann auch spielen gehen. Trotz dieser Freiheiten (oder gerade wegen?) funktioniert es. Die SuS sind überdurchschnittlich erfolgreich in ihren Abschlüssen und laut Studien erfolgreicher in ihrem Sozialleben.\r\n60min Vortrag mit Videos und anschaulicher Präsi - danach Diskussion\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Demokratische Schule - wahrs. Deutschlands radikalste Schule","end_timestamp":{"seconds":1703770200,"nanoseconds":0},"android_description":"Ist es eigentlich zielführend Kinder auf die Demokratie vorzubereiten in dem man sie 12 Jahre in ein Schulsystem steckt in dem sie keinerlei Mitbestimmung oder Wahlentscheidungen kennen lernen?\r\nNein, sagen 26 Schulen in Deutschland. Die sog. Demokratischen Schulen sind kleine Schulen von 40 bis 180 Kindern im Alter von 6 bis 18 Jahren, die sich komplett basisdemokratische organisieren. Jeder (egal ob Lehrerin oder Schüler) hat eine Stimme. Natürlich gibt es keine Schulleitung. Die Schulversammlung ist das höchste Entscheidungsgremium.\r\nDazu kommt dass die Schüler komplett frei entscheiden was sie wann wo wie mit wem lernen. Wer keine Lust auf Kurse hat, kann auch spielen gehen. Trotz dieser Freiheiten (oder gerade wegen?) funktioniert es. Die SuS sind überdurchschnittlich erfolgreich in ihren Abschlüssen und laut Studien erfolgreicher in ihrem Sozialleben.\r\n60min Vortrag mit Videos und anschaulicher Präsi - danach Diskussion","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T13:30:00.000-0000","id":53669,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703764800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","begin":"2023-12-28T12:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"As part of the Predator Files investigation, Amnesty International, in partnership with European Investigative Collaborations, uncovered and documented for the first time how the Intellexa Alliance, a European-based surveillance vendor, has supplied advance spyware and surveillance technology to governments around the world, and where it has then been used to target journalists, leading politicians, and European institutions.\r\n\r\nTechnical specifications and marketing material from surveillance vendors is often kept secret. The resulting information asymmetry prevents defenders in the cybersecurity industry and at-risk civil society groups from understanding the full scope of the threats that they face. This talk will draw on leaked internal documents and technical material, obtained by the Predator Files consortium, which shed light on the evolving technical tactics used by surveillance actors to subvert network infrastructure and deliver digital attacks to targeted individuals.\r\n\r\nThis talk will conclude with recommendations on possible mitigations and detections which can help protect civil society targets and the wider internet ecosystem from some of the attack vectors offered by this company.\n\n\nEver evolving mercenary spyware continues to threaten the safety of activists, journalist and human rights defenders around the world. Following the exposure of the Pegasus spyware scandal, this talk will be a technical deep dive into the tactics and techniques sold by the European-based spyware alliance Intellexa, which is used by governments to infect the devices and infrastructure we all depend on.","title":"Predator Files: How European spyware threatens civil society around the world","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703766900,"nanoseconds":0},"android_description":"As part of the Predator Files investigation, Amnesty International, in partnership with European Investigative Collaborations, uncovered and documented for the first time how the Intellexa Alliance, a European-based surveillance vendor, has supplied advance spyware and surveillance technology to governments around the world, and where it has then been used to target journalists, leading politicians, and European institutions.\r\n\r\nTechnical specifications and marketing material from surveillance vendors is often kept secret. The resulting information asymmetry prevents defenders in the cybersecurity industry and at-risk civil society groups from understanding the full scope of the threats that they face. This talk will draw on leaked internal documents and technical material, obtained by the Predator Files consortium, which shed light on the evolving technical tactics used by surveillance actors to subvert network infrastructure and deliver digital attacks to targeted individuals.\r\n\r\nThis talk will conclude with recommendations on possible mitigations and detections which can help protect civil society targets and the wider internet ecosystem from some of the attack vectors offered by this company.\n\n\nEver evolving mercenary spyware continues to threaten the safety of activists, journalist and human rights defenders around the world. Following the exposure of the Pegasus spyware scandal, this talk will be a technical deep dive into the tactics and techniques sold by the European-based spyware alliance Intellexa, which is used by governments to infect the devices and infrastructure we all depend on.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53566],"name":"Donncha Ó Cearbhaill","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52329}],"timeband_id":1141,"end":"2023-12-28T12:35:00.000-0000","links":[{"label":"Predator Files: Technical deep-dive into Intellexa Alliance’s surveillance products","type":"link","url":"https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products/"},{"label":"Global: ‘Predator Files’ spyware scandal reveals brazen targeting of civil society, politicians and officials  ","type":"link","url":"https://www.amnesty.eu/news/global-predator-files-spyware-scandal-reveals-brazen-targeting-of-civil-society-politicians-and-officials/"},{"label":"Predator Files: How European companies supplied dictators cyber-surveillance tools for more than a decade.","type":"link","url":"https://eic.network/projects/predator-files.html"}],"id":53566,"tag_ids":[46124,46136,46140],"begin_timestamp":{"seconds":1703764500,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52329}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","begin":"2023-12-28T11:55:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We will start with a fundamental introduction to quantum computing to ensure that the audience has a solid grasp of this model of computation, but without discussing the technicalities of quantum physics. Taking a \"software development\" perspective, we introduce the problem of estimating the resources needed to perform a quantum computation. Then, we will shift our focus to the two facets of our investigation: applications for offence and defence. \r\n\r\n\r\nQuantum machine learning for defence:\r\n\r\nWe will explore the application of quantum machine learning algorithms in network intrusion detection. Quantum machine learning holds the potential for improving cybersecurity defences by leveraging quantum algorithms - exponentially faster than classical algorithm on their asymptotic complexity. We will introduce a framework for estimating the advantages of quantum algorithms in terms of query complexity, and report the findings of our experiments. Our findings will be based on practical experiments using benchmark datasets in cybersecurity, offering insights into the potential effectiveness of quantum approaches in this domain.\r\n\r\nQuantum attacks on cryptography for offence:\r\n\r\nShifting our attention to the offensive side, we will investigate the potential impact of quantum attacks on cryptography. We will report some advancements in the number of qubits required to break RSA2048 cryptography and attacks on ECC256. Furthermore, we will delve into the complexities of post-quantum cryptography attacks. Our ongoing research at CQT (Centre for Quantum Technologies of Singapore) involves measuring the depth and size of quantum circuits, including the number of Toffoli gates and Toffoli-depth. We will also account for the qubit number and size of the QRAM query (quantum random access memory), providing a comprehensive assessment of the quantum attack landscape.\r\n\r\nUltimately, we will draw conclusions based on our research and analysis. While there is limited evidence suggesting that quantum computing will have a drastic impact on cybersecurity through machine learning or attacks on post-quantum cryptography, there are substantial reasons to believe that quantum computers, once they reach sufficient scale and capacity, will pose a significant threat to RSA2048 and ECC256. Join us for an insightful exploration of the evolving intersection of quantum computing and cybersecurity.\n\n\nIn in this talk we explore the potential ramifications of quantum computing in the field of cybersecurity We'll delve into two critical aspects: the application of quantum machine learning algorithms for defence and the impact of quantum attacks on cryptography and post-quantum cryptography for offence. We'll present insights on the theoretical advantages of quantum algorithms, improvements in factoring large numbers, and the impacts of post-quantum crypto attacks. While the hype around quantum technologies is growing, the estimates in the resources needed to run a quantum algorithm and the current number of qubits pose caution in the enthusiasm. The limitations in terms of available qubits, error rates, and scalability are critical factors that need to be considered when assessing the real-world applicability of quantum computing.","title":"The impact of quantum computers in cybersecurity","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"We will start with a fundamental introduction to quantum computing to ensure that the audience has a solid grasp of this model of computation, but without discussing the technicalities of quantum physics. Taking a \"software development\" perspective, we introduce the problem of estimating the resources needed to perform a quantum computation. Then, we will shift our focus to the two facets of our investigation: applications for offence and defence. \r\n\r\n\r\nQuantum machine learning for defence:\r\n\r\nWe will explore the application of quantum machine learning algorithms in network intrusion detection. Quantum machine learning holds the potential for improving cybersecurity defences by leveraging quantum algorithms - exponentially faster than classical algorithm on their asymptotic complexity. We will introduce a framework for estimating the advantages of quantum algorithms in terms of query complexity, and report the findings of our experiments. Our findings will be based on practical experiments using benchmark datasets in cybersecurity, offering insights into the potential effectiveness of quantum approaches in this domain.\r\n\r\nQuantum attacks on cryptography for offence:\r\n\r\nShifting our attention to the offensive side, we will investigate the potential impact of quantum attacks on cryptography. We will report some advancements in the number of qubits required to break RSA2048 cryptography and attacks on ECC256. Furthermore, we will delve into the complexities of post-quantum cryptography attacks. Our ongoing research at CQT (Centre for Quantum Technologies of Singapore) involves measuring the depth and size of quantum circuits, including the number of Toffoli gates and Toffoli-depth. We will also account for the qubit number and size of the QRAM query (quantum random access memory), providing a comprehensive assessment of the quantum attack landscape.\r\n\r\nUltimately, we will draw conclusions based on our research and analysis. While there is limited evidence suggesting that quantum computing will have a drastic impact on cybersecurity through machine learning or attacks on post-quantum cryptography, there are substantial reasons to believe that quantum computers, once they reach sufficient scale and capacity, will pose a significant threat to RSA2048 and ECC256. Join us for an insightful exploration of the evolving intersection of quantum computing and cybersecurity.\n\n\nIn in this talk we explore the potential ramifications of quantum computing in the field of cybersecurity We'll delve into two critical aspects: the application of quantum machine learning algorithms for defence and the impact of quantum attacks on cryptography and post-quantum cryptography for offence. We'll present insights on the theoretical advantages of quantum algorithms, improvements in factoring large numbers, and the impacts of post-quantum crypto attacks. While the hype around quantum technologies is growing, the estimates in the resources needed to run a quantum algorithm and the current number of qubits pose caution in the enthusiasm. The limitations in terms of available qubits, error rates, and scalability are critical factors that need to be considered when assessing the real-world applicability of quantum computing.","end_timestamp":{"seconds":1703766900,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53533],"name":"Alessandro Luongo","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52436}],"timeband_id":1141,"links":[],"end":"2023-12-28T12:35:00.000-0000","id":53533,"tag_ids":[46123,46136,46140],"begin_timestamp":{"seconds":1703764500,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52436}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T11:55:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Das völkerrechtliche Selbstverteidigungsrecht ist momentan in aller Munde. Ob im Südkaukasus, der Ukraine oder im Nahen Osten, eine Zunahme militärischer Gewalt führt immer wieder dazu, dass Staaten ihr Recht auf Selbstverteidigung wahrnehmen. Der Vortrag erläutert die Ursprünge des völkerrechtlichen Gewaltverbotes und das Verhältnis zum Selbstverteidigungsrecht. Außerdem wird der Zusammenhang zum humanitären Völkerrecht erklärt (ius ad bellum/ius in bello), weil es hier in der öffentlichen Debatte immer wieder zu Vermischungen kommt. \r\n\r\nIm Kern werden folgende Fragen beantwortet: \r\n\r\nWann hat ein Staat ein Recht auf Selbstverteidigung? \r\nWie und wie lange kann das Selbstverteidigungsrecht ausgeübt werden? \r\nGegen wen richtet sich das Recht auf Selbstverteidigung? \r\n\r\nDie Ergebnisse werden dann auf aktuelle Fälle angewandt (bspw.: Russlands Angriffskrieg gegen die Ukraine, Terrorangriff der Hamas auf Israel). \r\n\r\n\r\n\n\n\nDer Vortrag gibt eine Einführung in das völkerrechtliche Recht auf Selbstverteidigung. Das moderne Völkerrecht verbietet die Drohung oder den Einsatz militärischer Gewalt. Eine Ausnahme davon ist das Recht auf Selbstverteidigung im Falle eines bewaffneten Angriffes. ","title":"Das Recht auf Selbstverteidigung im modernen Völkerrecht","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"Das völkerrechtliche Selbstverteidigungsrecht ist momentan in aller Munde. Ob im Südkaukasus, der Ukraine oder im Nahen Osten, eine Zunahme militärischer Gewalt führt immer wieder dazu, dass Staaten ihr Recht auf Selbstverteidigung wahrnehmen. Der Vortrag erläutert die Ursprünge des völkerrechtlichen Gewaltverbotes und das Verhältnis zum Selbstverteidigungsrecht. Außerdem wird der Zusammenhang zum humanitären Völkerrecht erklärt (ius ad bellum/ius in bello), weil es hier in der öffentlichen Debatte immer wieder zu Vermischungen kommt. \r\n\r\nIm Kern werden folgende Fragen beantwortet: \r\n\r\nWann hat ein Staat ein Recht auf Selbstverteidigung? \r\nWie und wie lange kann das Selbstverteidigungsrecht ausgeübt werden? \r\nGegen wen richtet sich das Recht auf Selbstverteidigung? \r\n\r\nDie Ergebnisse werden dann auf aktuelle Fälle angewandt (bspw.: Russlands Angriffskrieg gegen die Ukraine, Terrorangriff der Hamas auf Israel). \r\n\r\n\r\n\n\n\nDer Vortrag gibt eine Einführung in das völkerrechtliche Recht auf Selbstverteidigung. Das moderne Völkerrecht verbietet die Drohung oder den Einsatz militärischer Gewalt. Eine Ausnahme davon ist das Recht auf Selbstverteidigung im Falle eines bewaffneten Angriffes.","end_timestamp":{"seconds":1703766900,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53526],"name":"Dustin Hoffmann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52330}],"timeband_id":1141,"links":[],"end":"2023-12-28T12:35:00.000-0000","id":53526,"begin_timestamp":{"seconds":1703764500,"nanoseconds":0},"village_id":null,"tag_ids":[46121,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52330}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","begin":"2023-12-28T11:55:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Der Anarchismus ist eine der Hauptströmungen des Sozialismus. Konflikte mit anderen Strömungen resultieren häufig aus verschiedenen Vorstellungen von Politik, Herrschaft und Gesellschaftsveränderung. Anarchist*innen lehnen die politische Revolution ab, sie setzen nicht allein auf die soziale Evolution und politische Reformen sind ihnen nicht genug. Demgegenüber wurden Ansätze der experimenteller Selbstorganisation, des Aufstands, der Subversion, der autonomen Bewegung und der sozialen Revolution entwickelt. Was beinhalten diese Konzepte genauer und wie können wir sie gebrauchen?\n\n\nWie wird im Anarchismus Gesellschaftsveränderung gedacht?","title":"Anarchistische Transformationsstrategien","type":{"conference_id":131,"conference":"37C3","color":"#f6ae74","updated_at":"2023-12-30T22:18+0000","name":"Talk 90 Minuten +15m Q&A","id":46132},"end_timestamp":{"seconds":1703768400,"nanoseconds":0},"android_description":"Der Anarchismus ist eine der Hauptströmungen des Sozialismus. Konflikte mit anderen Strömungen resultieren häufig aus verschiedenen Vorstellungen von Politik, Herrschaft und Gesellschaftsveränderung. Anarchist*innen lehnen die politische Revolution ab, sie setzen nicht allein auf die soziale Evolution und politische Reformen sind ihnen nicht genug. Demgegenüber wurden Ansätze der experimenteller Selbstorganisation, des Aufstands, der Subversion, der autonomen Bewegung und der sozialen Revolution entwickelt. Was beinhalten diese Konzepte genauer und wie können wir sie gebrauchen?\n\n\nWie wird im Anarchismus Gesellschaftsveränderung gedacht?","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53726],"name":"Jonathan Eibisch","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52292}],"timeband_id":1141,"links":[],"end":"2023-12-28T13:00:00.000-0000","id":53726,"begin_timestamp":{"seconds":1703763000,"nanoseconds":0},"village_id":null,"tag_ids":[46132,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52292}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T11:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"You can learn more efficiently. \r\n\r\nReviewing too often waste time. Reviewing rarely causes forgetting. Spaced repetition software finds the optimal material to review for the sake of long term memorization.\r\n\r\nIn this workshop, you'll learn how to use the spaced repetition software called Anki. Anki is a free open source software on computer and android (and closed source on iOS), used by millions over the world, to learn vocabulary, medical school curriculum, math, music, programming, poem, geography and so much more. It comes with housands and thousands of free decks of learing materials, and you can create your own content to learn.\r\n\r\nCome with anki on your device so you can start praticing. \r\nPlease be sure to download rge software from https://apps.ankiweb.net/ and not one of the knock-offs.\r\n\r\nThis workshop is followed by a discussion session for anki users to meet and exchange tips and good practice.\r\n\r\nThe presenter, Arthur@Milchior.fr, has been using anki since 2017 and started contributing to code in 2019.\n\n\n","title":"Human learning with Anki","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703766600,"nanoseconds":0},"android_description":"You can learn more efficiently. \r\n\r\nReviewing too often waste time. Reviewing rarely causes forgetting. Spaced repetition software finds the optimal material to review for the sake of long term memorization.\r\n\r\nIn this workshop, you'll learn how to use the spaced repetition software called Anki. Anki is a free open source software on computer and android (and closed source on iOS), used by millions over the world, to learn vocabulary, medical school curriculum, math, music, programming, poem, geography and so much more. It comes with housands and thousands of free decks of learing materials, and you can create your own content to learn.\r\n\r\nCome with anki on your device so you can start praticing. \r\nPlease be sure to download rge software from https://apps.ankiweb.net/ and not one of the knock-offs.\r\n\r\nThis workshop is followed by a discussion session for anki users to meet and exchange tips and good practice.\r\n\r\nThe presenter, Arthur@Milchior.fr, has been using anki since 2017 and started contributing to code in 2019.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T12:30:00.000-0000","id":53532,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703763000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T11:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: Anja Hoefner\r\n\r\nWir laden euch ein auf eine Reise in die Zukunft - zum Träumen, Visionieren, Entspannen und Mut fassen. Wie sieht sie aus, die (digitale) Technik der Zukunft? Was kann sie und wie ist sie gestaltet? Wieviel Technik brauchen wir für ein gutes Leben für alle? Diesen Fragen widmen wir uns im Workshop. Anschließend stellen wir die politischen Forderungen von Bits & Bäume vor und wollen mit euch herausfinden, wie unsere Vorstellungen eines guten (digitalen) Lebens für alle mit den Forderungen zusammengehen. Wir freuen uns auf den Austausch mit euch!\n\n\nWir wollen mit euch - ganz losgelöst vom Alltag, schlechten Nachrichten, Stress und so weiter - ins Visionieren kommen.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Das (gute) digitale Leben - eine Zukunftsreise","end_timestamp":{"seconds":1703767500,"nanoseconds":0},"android_description":"Host: Anja Hoefner\r\n\r\nWir laden euch ein auf eine Reise in die Zukunft - zum Träumen, Visionieren, Entspannen und Mut fassen. Wie sieht sie aus, die (digitale) Technik der Zukunft? Was kann sie und wie ist sie gestaltet? Wieviel Technik brauchen wir für ein gutes Leben für alle? Diesen Fragen widmen wir uns im Workshop. Anschließend stellen wir die politischen Forderungen von Bits & Bäume vor und wollen mit euch herausfinden, wie unsere Vorstellungen eines guten (digitalen) Lebens für alle mit den Forderungen zusammengehen. Wir freuen uns auf den Austausch mit euch!\n\n\nWir wollen mit euch - ganz losgelöst vom Alltag, schlechten Nachrichten, Stress und so weiter - ins Visionieren kommen.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T12:45:00.000-0000","id":53462,"begin_timestamp":{"seconds":1703763000,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T11:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Please take with you:\r\n- Your laptop with Access to the internet and Chromium or Google Chrome\r\nOptionally:\r\n- Arduino IDE or VS code installed (with Z-Uno package installed, see https://z-uno.z-wave.me/install for details - we will help you with this during the workshop)\r\n- Arduino-compatible sensors to build your own Z-Wave sensor (optional)\r\n- Your Z-Wave stuff if any (optional)\r\n\r\nTopics of the workshop:\r\n- What is Z-Wave and where should you use it. Comparison with Zigbee and Matter\r\n- Z-Wave controller and RaZberry/WB7 hardware: Controlling switches, Reading sensor/switch values, Making rules, Using JS API\r\n- Z-Uno prototyping board: Making Simple Switch, Adding more stuff\r\n- Z-Uno Shield and Z-Uno Configurator\r\n- Z-Uno Modules\r\n\r\nUseful links for the workshop:\r\n\r\nZ-Way documentation\r\n- Installing Z-Way https://z-wave.me/z-way/download-z-way/\r\n- Z-Way doc https://z-wave.me/manual/z-way\r\n- Z-Way JS engine GitHub https://github.com/Z-Wave-Me/home-automation/\r\n\r\nZ-Way workshop materials\r\n- Turning on/off a device /ZWaveAPI/Run/devices[NNN].SwitchBinary.Set(0 or 1)\r\n- Reading switch value /ZWaveAPI/Run/devices[NNN].SwitchBinary.data.level.value\r\n- Using JS API /JS/Run/var v = 1; setInterval(function() { zway.devices[NNN].SwitchBinary.Set(v); v = 1-v;}, 2000);\r\n\r\nZ-Uno documentation:\r\n- Quick Intro https://z-uno.z-wave.me/getting-started/quick-introduction-in-z-uno/\r\n- Installation howto https://z-uno.z-wave.me/install\r\n- Language Reference https://z-uno.z-wave.me/reference/\r\n- Examples https://z-uno.z-wave.me/examples/\r\n- Z-Uno Shield https://z-uno.z-wave.me/shield/\r\n- Z-Uno Shield Configurator https://z-uno.z-wave.me/Z-Uno-Shield-Configurator/\r\n- Z-Uno GitHub https://github.com/Z-Wave-Me/Z-Uno-G2-Core\n\n\nDuring this workshop we will build simple smart home devices using the Z-Wave protocol. We will also discuss smart home controllers and protocols diversity: Z-Wave, Zigbee, Thread, Matter.","title":"Making Smart Home devices","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703766600,"nanoseconds":0},"android_description":"Please take with you:\r\n- Your laptop with Access to the internet and Chromium or Google Chrome\r\nOptionally:\r\n- Arduino IDE or VS code installed (with Z-Uno package installed, see https://z-uno.z-wave.me/install for details - we will help you with this during the workshop)\r\n- Arduino-compatible sensors to build your own Z-Wave sensor (optional)\r\n- Your Z-Wave stuff if any (optional)\r\n\r\nTopics of the workshop:\r\n- What is Z-Wave and where should you use it. Comparison with Zigbee and Matter\r\n- Z-Wave controller and RaZberry/WB7 hardware: Controlling switches, Reading sensor/switch values, Making rules, Using JS API\r\n- Z-Uno prototyping board: Making Simple Switch, Adding more stuff\r\n- Z-Uno Shield and Z-Uno Configurator\r\n- Z-Uno Modules\r\n\r\nUseful links for the workshop:\r\n\r\nZ-Way documentation\r\n- Installing Z-Way https://z-wave.me/z-way/download-z-way/\r\n- Z-Way doc https://z-wave.me/manual/z-way\r\n- Z-Way JS engine GitHub https://github.com/Z-Wave-Me/home-automation/\r\n\r\nZ-Way workshop materials\r\n- Turning on/off a device /ZWaveAPI/Run/devices[NNN].SwitchBinary.Set(0 or 1)\r\n- Reading switch value /ZWaveAPI/Run/devices[NNN].SwitchBinary.data.level.value\r\n- Using JS API /JS/Run/var v = 1; setInterval(function() { zway.devices[NNN].SwitchBinary.Set(v); v = 1-v;}, 2000);\r\n\r\nZ-Uno documentation:\r\n- Quick Intro https://z-uno.z-wave.me/getting-started/quick-introduction-in-z-uno/\r\n- Installation howto https://z-uno.z-wave.me/install\r\n- Language Reference https://z-uno.z-wave.me/reference/\r\n- Examples https://z-uno.z-wave.me/examples/\r\n- Z-Uno Shield https://z-uno.z-wave.me/shield/\r\n- Z-Uno Shield Configurator https://z-uno.z-wave.me/Z-Uno-Shield-Configurator/\r\n- Z-Uno GitHub https://github.com/Z-Wave-Me/Z-Uno-G2-Core\n\n\nDuring this workshop we will build simple smart home devices using the Z-Wave protocol. We will also discuss smart home controllers and protocols diversity: Z-Wave, Zigbee, Thread, Matter.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T12:30:00.000-0000","id":53932,"begin_timestamp":{"seconds":1703761200,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T11:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Although railways are one of the safest means of travel, they are not the most secure. What are railway engineers and IT experts fighting about? We will elaborate on the terms: Sicherheit, safety, security, and funktionale Sicherheit; and their implications.\r\nThe first railways were closed systems where employees had visual contact with the equipment. With the increasing amount of software and network growth, IT security is becoming a major concern. On the other hand, railway systems are made from various components with real-time and dependability requirements, and proprietary protocols, resulting in some security via obscurity. The main difference from other systems is the high degree of standardisation necessary for obtaining a permit. Consequently, changes take time and effort, resulting in the longevity of protocols.\r\nThis talk explains railway-specific protocols, such as GSM-R, RaSTA, and ETCS/ERMTS, their security model and known attacks. Nothing of this is new, but still, it is widely unknown.\r\nSo, join the talk, have fun, and learn how to stop a train - which is much simpler than starting one.\n\n\nThe railway communication network looks different from your standard corporate IT. Its hardware, software and protocols have many peculiarities since it is an old, distributed, fragmented and highly standardised system. This creates problems when trying to introduce state-of-the-art IT security, and then there is the mindset: \"But we always have done it this way!\"","title":"Why Railway Is Safe But Not Secure","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703763600,"nanoseconds":0},"android_description":"Although railways are one of the safest means of travel, they are not the most secure. What are railway engineers and IT experts fighting about? We will elaborate on the terms: Sicherheit, safety, security, and funktionale Sicherheit; and their implications.\r\nThe first railways were closed systems where employees had visual contact with the equipment. With the increasing amount of software and network growth, IT security is becoming a major concern. On the other hand, railway systems are made from various components with real-time and dependability requirements, and proprietary protocols, resulting in some security via obscurity. The main difference from other systems is the high degree of standardisation necessary for obtaining a permit. Consequently, changes take time and effort, resulting in the longevity of protocols.\r\nThis talk explains railway-specific protocols, such as GSM-R, RaSTA, and ETCS/ERMTS, their security model and known attacks. Nothing of this is new, but still, it is widely unknown.\r\nSo, join the talk, have fun, and learn how to stop a train - which is much simpler than starting one.\n\n\nThe railway communication network looks different from your standard corporate IT. Its hardware, software and protocols have many peculiarities since it is an old, distributed, fragmented and highly standardised system. This creates problems when trying to introduce state-of-the-art IT security, and then there is the mindset: \"But we always have done it this way!\"","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53565],"name":"Katja Assaf","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52304}],"timeband_id":1141,"links":[],"end":"2023-12-28T11:40:00.000-0000","id":53565,"village_id":null,"tag_ids":[46124,46136,46140],"begin_timestamp":{"seconds":1703761200,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52304}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","begin":"2023-12-28T11:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Looking back to France in 2023, what do we see? Implementation of new technologies such as drones, DNA marking or new generation of spywares. Also, an intensification of political surveillance, either by law enforcement deploying disproportionate means of investigations towards environmental activists or intelligence services using cameras or GPS beacons to spy on places or people that they find too radical. It was also the year of the “8 December” case, a judicial case where among other things, encrypted communications of the prosecuted persons were considered as signs of \"clandestinity\" that reveal criminal intentions.\r\n\r\nOn top of this, we also had to deal with the legalization of biometric surveillance for the Olympics and massive censorship of social networks when riots erupted in suburbs against police violence.\r\n\r\nThis talk is about showing the reality of the situation at stake right now in France, and how it could influence the rest of Europe. At the end, we hope to raise awareness in the international community and start thinking about how, together, we can put pressure on a country who uses its old reputation to pretend to be respectful of human rights.\n\n\nFighting against surveillance has never been easy. But in the past year it has been specially tough in France. This talk is about shedding light on the many situations where the French State used surveillance to increase repression, mainly against activists, during the last months. Not to despair of this, but willing to provide a sincere overview to the rest of the world, La Quadrature du Net proposes to depict this situation as a satirical tale, with its own characters, plots and suspense. We want to show the political tension going on right now in France and how the checks and balances are lacking to stop this headlong rush to a surveillance state.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"A year of surveillance in France: a short satirical tale by La Quadrature du Net","android_description":"Looking back to France in 2023, what do we see? Implementation of new technologies such as drones, DNA marking or new generation of spywares. Also, an intensification of political surveillance, either by law enforcement deploying disproportionate means of investigations towards environmental activists or intelligence services using cameras or GPS beacons to spy on places or people that they find too radical. It was also the year of the “8 December” case, a judicial case where among other things, encrypted communications of the prosecuted persons were considered as signs of \"clandestinity\" that reveal criminal intentions.\r\n\r\nOn top of this, we also had to deal with the legalization of biometric surveillance for the Olympics and massive censorship of social networks when riots erupted in suburbs against police violence.\r\n\r\nThis talk is about showing the reality of the situation at stake right now in France, and how it could influence the rest of Europe. At the end, we hope to raise awareness in the international community and start thinking about how, together, we can put pressure on a country who uses its old reputation to pretend to be respectful of human rights.\n\n\nFighting against surveillance has never been easy. But in the past year it has been specially tough in France. This talk is about shedding light on the many situations where the French State used surveillance to increase repression, mainly against activists, during the last months. Not to despair of this, but willing to provide a sincere overview to the rest of the world, La Quadrature du Net proposes to depict this situation as a satirical tale, with its own characters, plots and suspense. We want to show the political tension going on right now in France and how the checks and balances are lacking to stop this headlong rush to a surveillance state.","end_timestamp":{"seconds":1703763600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53525],"name":"Noémie, Marne and Nono","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52381}],"timeband_id":1141,"end":"2023-12-28T11:40:00.000-0000","links":[{"label":"The 8 December Case and criminalization of encryption","type":"link","url":"https://www.laquadrature.net/en/2023/06/05/criminalization-of-encryption-the-8-december-case/"}],"id":53525,"begin_timestamp":{"seconds":1703761200,"nanoseconds":0},"tag_ids":[46121,46136,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52381}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T11:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"While Functional Programming usually happens quite far away from Assembly programming, in order to get functional programs performant, quite some tricks are used that have effects that reach down into the dark abyss of Assembly.\r\n\r\nIn this talk I want to focus on the optimizing strategy \"Tail Call Elimination\", a compiler optimization of particular importance for recursive function calls. Every functional programmer will tell you that writing your code using tail recursion (it doesn't matter whether you know what that is, you'll see then!) or using Haskell's \"foldl\" is \"generally faster than foldr (Terms and Conditions apply)\". But even seasoned developers often struggle explaining why and quickly resort to pointing to benchmarks or giving some vague answers around \"you need less stack\".\r\n\r\nIn this talk I want to introduce you to what recursion is, some of the reasons why it's computationally expensive, what tail recursion is and why it's better, and why tail call elimination makes it even more awesome. We will go through some example programs implemented in Assembly (for those who ask: I'll use x86 and maybe aarch64 examples) where we, step-by-step, transform our function from head recursive to tail recursive and then will go further by eliminating the recursive call altogether.\n\n\n","title":"(Looking at) Functional Programming in Assembly","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703766600,"nanoseconds":0},"android_description":"While Functional Programming usually happens quite far away from Assembly programming, in order to get functional programs performant, quite some tricks are used that have effects that reach down into the dark abyss of Assembly.\r\n\r\nIn this talk I want to focus on the optimizing strategy \"Tail Call Elimination\", a compiler optimization of particular importance for recursive function calls. Every functional programmer will tell you that writing your code using tail recursion (it doesn't matter whether you know what that is, you'll see then!) or using Haskell's \"foldl\" is \"generally faster than foldr (Terms and Conditions apply)\". But even seasoned developers often struggle explaining why and quickly resort to pointing to benchmarks or giving some vague answers around \"you need less stack\".\r\n\r\nIn this talk I want to introduce you to what recursion is, some of the reasons why it's computationally expensive, what tail recursion is and why it's better, and why tail call elimination makes it even more awesome. We will go through some example programs implemented in Assembly (for those who ask: I'll use x86 and maybe aarch64 examples) where we, step-by-step, transform our function from head recursive to tail recursive and then will go further by eliminating the recursive call altogether.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T12:30:00.000-0000","id":53487,"begin_timestamp":{"seconds":1703761200,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T11:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Digital technology is a major contributor to environmental harm, from the 'tsunami' of e-waste filling landfills to the CO2 emissions on a par with aviation industry. Often overlooked is that software -- and software licenses -- play a crucial role.\r\n\r\nSoftware and hardware are inextricably linked. A Free & Open Source Software license can disrupt the produce-use-dispose linear model of hardware consumption and enable the shift to a reduce-reuse-recycle circular model. Moving to a circular economy could reduce greenhouse gas emissions globally by up to 70%!\r\n\r\nIn this talk I provide an overview of the environmental harm driven by software and how FOSS is well-positioned to address the issues. I will link the inherent values that come with a Free & Open Source Software license to sustainable software design, and I will present the various ways that Free Software aligns with the Blue Angel ecolabel. Finally, I will provide an overview of the current sustainability goal of KDE and the work of the KDE Eco initiative. This includes publishing the KDE Eco handbook, setting up a measurement lab for FOSS developers (KEcoLab), squashing hundreds of efficiency bugs, among others.\n\n\nIn this talk I provide an overview of the environmental harm driven by software and how FOSS is well-positioned to address the issues. I will link the inherent values that come with a Free & Open Source Software license to sustainable software design, and I will present the various ways that Free Software aligns with the Blue Angel ecolabel. Finally, I will provide an overview of the current sustainability goal of KDE and the work of the KDE Eco initiative. This includes publishing the KDE Eco handbook, setting up a measurement lab for FOSS developers (KEcoLab), squashing hundreds of efficiency bugs, among others.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"Software Licensing For A Circular Economy","end_timestamp":{"seconds":1703763600,"nanoseconds":0},"android_description":"Digital technology is a major contributor to environmental harm, from the 'tsunami' of e-waste filling landfills to the CO2 emissions on a par with aviation industry. Often overlooked is that software -- and software licenses -- play a crucial role.\r\n\r\nSoftware and hardware are inextricably linked. A Free & Open Source Software license can disrupt the produce-use-dispose linear model of hardware consumption and enable the shift to a reduce-reuse-recycle circular model. Moving to a circular economy could reduce greenhouse gas emissions globally by up to 70%!\r\n\r\nIn this talk I provide an overview of the environmental harm driven by software and how FOSS is well-positioned to address the issues. I will link the inherent values that come with a Free & Open Source Software license to sustainable software design, and I will present the various ways that Free Software aligns with the Blue Angel ecolabel. Finally, I will provide an overview of the current sustainability goal of KDE and the work of the KDE Eco initiative. This includes publishing the KDE Eco handbook, setting up a measurement lab for FOSS developers (KEcoLab), squashing hundreds of efficiency bugs, among others.\n\n\nIn this talk I provide an overview of the environmental harm driven by software and how FOSS is well-positioned to address the issues. I will link the inherent values that come with a Free & Open Source Software license to sustainable software design, and I will present the various ways that Free Software aligns with the Blue Angel ecolabel. Finally, I will provide an overview of the current sustainability goal of KDE and the work of the KDE Eco initiative. This includes publishing the KDE Eco handbook, setting up a measurement lab for FOSS developers (KEcoLab), squashing hundreds of efficiency bugs, among others.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T11:40:00.000-0000","id":53465,"begin_timestamp":{"seconds":1703761200,"nanoseconds":0},"village_id":null,"tag_ids":[46125,46136,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","begin":"2023-12-28T11:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Here you can splice fiber optics yourself. Learn what is important when splicing and try it out yourself. Per slot max. 4 attendees. Registration required: https://tickets.events.hacknang.de/ctbk/37c3-fiber/\n\n\nGlasfaser-Spleißworkshop unterstützt von Selfnet e.V., Bitte Details beachten - Anmeldung erforderlich!","title":"Spleiß-Workshop Tag 2","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703761800,"nanoseconds":0},"android_description":"Here you can splice fiber optics yourself. Learn what is important when splicing and try it out yourself. Per slot max. 4 attendees. Registration required: https://tickets.events.hacknang.de/ctbk/37c3-fiber/\n\n\nGlasfaser-Spleißworkshop unterstützt von Selfnet e.V., Bitte Details beachten - Anmeldung erforderlich!","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T11:10:00.000-0000","id":53938,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703759400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"CTBK-Workshoparea","hotel":"","short_name":"CTBK-Workshoparea","id":46163},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T10:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Im Juni 2024 tritt eine Änderung der Amateurfunk-Verordnung in Kraft. Es gibt nun eine weitere Amateurfunkklasse mit eigenem Rufzeichenbereich oder die Möglichkeit, Stationen Remote zu nutzen. Welche Änderungen es im Einzelnen sind, zeigen wir. Insbesondere Interessant für Funkamateure, die die Änderungen in Kürze erfahren wollen.\n\n\nEin kurzer Überblick über die Änderungen an der Amateurfunk-Verordnung ab Juni 2024.","title":"Änderungen in der Amateurfunk-Verordnung","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703760600,"nanoseconds":0},"android_description":"Im Juni 2024 tritt eine Änderung der Amateurfunk-Verordnung in Kraft. Es gibt nun eine weitere Amateurfunkklasse mit eigenem Rufzeichenbereich oder die Möglichkeit, Stationen Remote zu nutzen. Welche Änderungen es im Einzelnen sind, zeigen wir. Insbesondere Interessant für Funkamateure, die die Änderungen in Kürze erfahren wollen.\n\n\nEin kurzer Überblick über die Änderungen an der Amateurfunk-Verordnung ab Juni 2024.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T10:50:00.000-0000","id":53704,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703759400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chaoswelle","hotel":"","short_name":"Chaoswelle","id":46141},"begin":"2023-12-28T10:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Nostalgia is not what is used to be Glitchy electronica from the beginning of this millennium\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Fleak","end_timestamp":{"seconds":1703768400,"nanoseconds":0},"android_description":"Nostalgia is not what is used to be Glitchy electronica from the beginning of this millennium","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T13:00:00.000-0000","id":53922,"begin_timestamp":{"seconds":1703757600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"N","begin":"2023-12-28T10:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: Bonnie\r\n\r\nDu willst gerne mal etwas mehr über Freie Software erfahren? Dann ist die Geschichte von Ada genau das richtige für dich. Bonnie nimmt dich mit dem Buch 'Ada & Zangemann' auf eine Reise durch die Welt von Freier Software. Komm mit und besuche gemeinsam mit Bonnie Ada und ihre Freund*innen.\r\n\r\nhttps://events.ccc.de/congress/2023/hub/en/wiki/junghackerinnentag/\n\n\nLesung am Junghacker*innentag","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Ada & Zangemann - Ein Märchen über Software, Skateboards und Himbeereis","end_timestamp":{"seconds":1703761200,"nanoseconds":0},"android_description":"Host: Bonnie\r\n\r\nDu willst gerne mal etwas mehr über Freie Software erfahren? Dann ist die Geschichte von Ada genau das richtige für dich. Bonnie nimmt dich mit dem Buch 'Ada & Zangemann' auf eine Reise durch die Welt von Freier Software. Komm mit und besuche gemeinsam mit Bonnie Ada und ihre Freund*innen.\r\n\r\nhttps://events.ccc.de/congress/2023/hub/en/wiki/junghackerinnentag/\n\n\nLesung am Junghacker*innentag","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T11:00:00.000-0000","id":53882,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703757600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Die stereotypische Museumsbahn sind alte weiße Männer, die mit großen Maschinen spielen wollen. Das ist zwar nicht ganz falsch, aber auch nicht richtig. Museumsbahnen sind Eisenbahnbetrieb, aber auch Umgang mit Kunden, Wissensvermittlung, alte Handwerkstechniken, neue Handwerkstechniken, Management, Medienerstellung, Kommunikation... und man muss nicht unbeding Bahn-affin sein um mitzuhelfen.\r\nIch möchte die Brücke zwischen CCC und den Museumsbahnen spannen, erklären, warum Nerds bei Museumsbahnen mitmachen können/sollten und zeigen, was für Möglichkeiten des Mitmachens es gibt. Viele der Punkte treffen auch auf das Engagement in anderen Vereinen zu, auch diese Vereine brauchen mehr Nerds.\n\n\nDu interessierst Dich für Eisenbahnen und wolltest schon immer mal was mit einer Eisenbahn in 1:1 machen? Du suchst noch ein Hobby? Die Museumsbahnen brauchen Dich - auch wenn sie es manchmal nicht wissen...","type":{"conference_id":131,"conference":"37C3","color":"#6fdce3","updated_at":"2023-12-30T22:18+0000","name":"Talk 30 min + 10 min Q&A","id":46131},"title":"Museumsbahnen brauchen Nerds!","android_description":"Die stereotypische Museumsbahn sind alte weiße Männer, die mit großen Maschinen spielen wollen. Das ist zwar nicht ganz falsch, aber auch nicht richtig. Museumsbahnen sind Eisenbahnbetrieb, aber auch Umgang mit Kunden, Wissensvermittlung, alte Handwerkstechniken, neue Handwerkstechniken, Management, Medienerstellung, Kommunikation... und man muss nicht unbeding Bahn-affin sein um mitzuhelfen.\r\nIch möchte die Brücke zwischen CCC und den Museumsbahnen spannen, erklären, warum Nerds bei Museumsbahnen mitmachen können/sollten und zeigen, was für Möglichkeiten des Mitmachens es gibt. Viele der Punkte treffen auch auf das Engagement in anderen Vereinen zu, auch diese Vereine brauchen mehr Nerds.\n\n\nDu interessierst Dich für Eisenbahnen und wolltest schon immer mal was mit einer Eisenbahn in 1:1 machen? Du suchst noch ein Hobby? Die Museumsbahnen brauchen Dich - auch wenn sie es manchmal nicht wissen...","end_timestamp":{"seconds":1703760300,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53725],"name":"Nils Pickert","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52376}],"timeband_id":1141,"links":[],"end":"2023-12-28T10:45:00.000-0000","id":53725,"begin_timestamp":{"seconds":1703757600,"nanoseconds":0},"tag_ids":[46131,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52376}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"spans_timebands":"N","begin":"2023-12-28T10:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Being back at C3 in the flesh, it's time to honor our glitches and chase some utopian fever dreams! Creative writing workshop to explore the glitchiness of Congress and the promises these cracks in the machine might hold. We will draw inspiration from Legacy Russell's Glitch Feminist Manifesto to write flash fiction on non-conforming niches in the daily grind of geekdom. \r\n\r\nWorkshop in English, but you can write in any language (or code) you like, no writing experience needed. Haecksen and all allied creatures welcome.\r\n\r\n\"Glitch Feminism (...) embraces the causality of “error”, and turns the gloomy implication of glitch on its ear by acknowledging that an error in a social system that has already been disturbed by economic, racial, social, sexual, and cultural stratification and the imperialist wrecking-ball of globalization (...) may not, in fact, be an error at all, but rather a much-needed erratum. This glitch is a correction to the “machine”, and, in turn, a positive departure.\" (Legacy Russell 2012: Glitch Feminist Manifesto)\n\n\nBeing back at C3 in the flesh, it's time to honor our glitches and chase some utopian fever dreams! Creative writing workshop to explore the glitchiness of Congress and the promises these cracks in the machine might hold. We will draw inspiration from Legacy Russell's Glitch Feminist Manifesto to write flash fiction on non-conforming niches in the daily grind of geekdom. \r\n\r\nWorkshop in English, but you can write in any language (or code) you like, no writing experience needed. Haecksen and all allied creatures welcome.","title":"Glitching C3 - Creative Writing Experiment","type":{"conference_id":131,"conference":"37C3","color":"#7f73c6","updated_at":"2023-12-30T22:18+0000","name":"Workshop","id":46133},"end_timestamp":{"seconds":1703764800,"nanoseconds":0},"android_description":"Being back at C3 in the flesh, it's time to honor our glitches and chase some utopian fever dreams! Creative writing workshop to explore the glitchiness of Congress and the promises these cracks in the machine might hold. We will draw inspiration from Legacy Russell's Glitch Feminist Manifesto to write flash fiction on non-conforming niches in the daily grind of geekdom. \r\n\r\nWorkshop in English, but you can write in any language (or code) you like, no writing experience needed. Haecksen and all allied creatures welcome.\r\n\r\n\"Glitch Feminism (...) embraces the causality of “error”, and turns the gloomy implication of glitch on its ear by acknowledging that an error in a social system that has already been disturbed by economic, racial, social, sexual, and cultural stratification and the imperialist wrecking-ball of globalization (...) may not, in fact, be an error at all, but rather a much-needed erratum. This glitch is a correction to the “machine”, and, in turn, a positive departure.\" (Legacy Russell 2012: Glitch Feminist Manifesto)\n\n\nBeing back at C3 in the flesh, it's time to honor our glitches and chase some utopian fever dreams! Creative writing workshop to explore the glitchiness of Congress and the promises these cracks in the machine might hold. We will draw inspiration from Legacy Russell's Glitch Feminist Manifesto to write flash fiction on non-conforming niches in the daily grind of geekdom. \r\n\r\nWorkshop in English, but you can write in any language (or code) you like, no writing experience needed. Haecksen and all allied creatures welcome.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53713],"name":"blueA","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52271}],"timeband_id":1141,"links":[],"end":"2023-12-28T12:00:00.000-0000","id":53713,"tag_ids":[46133,46140],"begin_timestamp":{"seconds":1703757600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52271}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Podcasting ist in aller Munde, und wir lassen euch podcasten. Wir werden euch in diesem Workshop anleiten einen Podcast aufzunehmen, und diesen dann auch zusammen mit euch schneiden. Dabei geht es zum einen um eine Erfahrung am Mikrofon, aber auch die technischen Hintergründe. Wir schauen also auf das Gespräch im Podcast, aber auch auf Mischpulte, digitale Audiobearbeitung und was einen Podcast so ausmacht.\r\n\r\nWir haben maximal 6 Plätze. Bitte meldet euch bei [Advi](congress/2023/hub/en/user/Advi/) entweder per Telefon DECT:2384 oder persönlich an. Spontan erscheinende Menschen können wir nur berücksichtigen, wenn noch Plätze frei sind.\r\n\r\nAlles Plätze sind belegt, bitte schaut bei Termin 2.\n\n\nWir zeigen jungen Menschen das Podcasting in der Praxis.","title":"JHT: Podcasting für Einsteiger:innen 1","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703763000,"nanoseconds":0},"android_description":"Podcasting ist in aller Munde, und wir lassen euch podcasten. Wir werden euch in diesem Workshop anleiten einen Podcast aufzunehmen, und diesen dann auch zusammen mit euch schneiden. Dabei geht es zum einen um eine Erfahrung am Mikrofon, aber auch die technischen Hintergründe. Wir schauen also auf das Gespräch im Podcast, aber auch auf Mischpulte, digitale Audiobearbeitung und was einen Podcast so ausmacht.\r\n\r\nWir haben maximal 6 Plätze. Bitte meldet euch bei [Advi](congress/2023/hub/en/user/Advi/) entweder per Telefon DECT:2384 oder persönlich an. Spontan erscheinende Menschen können wir nur berücksichtigen, wenn noch Plätze frei sind.\r\n\r\nAlles Plätze sind belegt, bitte schaut bei Termin 2.\n\n\nWir zeigen jungen Menschen das Podcasting in der Praxis.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T11:30:00.000-0000","id":53712,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703757600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"begin":"2023-12-28T10:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"### Anmeldung\r\nMelde dich bitte bis 15 Minuten vor dem Event bei **Enrico** im **Kidspace** oder via **DECT-2635** an und hole dir ein Workshop-Ticket\r\n**Max Teilnehmende:** 15\r\n\r\n### Inhalte\r\n[folgt]\r\n\r\n### Teilnahmevoraussetzungen\r\n**Ausstattung**: [folgt]\r\n**Erfahrung**: [folgt]\n\n\nHast du dich jemals gefragt, wie es wäre, deinen eigenen Minecraft-Server zu haben? Einen Ort, wo du die Regeln bestimmst, deine Freunde einladen und deine eigene Welt gestalten kannst? Dann ist dieser Workshop genau das Richtige für dich!","title":"Minecraft How2Server","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"### Anmeldung\r\nMelde dich bitte bis 15 Minuten vor dem Event bei **Enrico** im **Kidspace** oder via **DECT-2635** an und hole dir ein Workshop-Ticket\r\n**Max Teilnehmende:** 15\r\n\r\n### Inhalte\r\n[folgt]\r\n\r\n### Teilnahmevoraussetzungen\r\n**Ausstattung**: [folgt]\r\n**Erfahrung**: [folgt]\n\n\nHast du dich jemals gefragt, wie es wäre, deinen eigenen Minecraft-Server zu haben? Einen Ort, wo du die Regeln bestimmst, deine Freunde einladen und deine eigene Welt gestalten kannst? Dann ist dieser Workshop genau das Richtige für dich!","end_timestamp":{"seconds":1703764800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T12:00:00.000-0000","id":53708,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703757600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Kidspace - Workshopraum in Saal B","hotel":"","short_name":"Kidspace - Workshopraum in Saal B","id":46143},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"After we were somewhat overrun at the camp and therefore unfortunately slipped into a question-and-answer dialog, we now want to make the administrative self-help group at 37c3 a little more open. Come along, we'll provide space and time for you to network and exchange ideas! We might spontaneously throw a few funny or exciting things at the projector together. However, we deliberately refrain from a frontal lecture.\r\n\r\nWhat is the Faxgetäteclub and why are we doing this?\r\n\r\nWhen we talk about government IT, we often talk about the need to build up knowledge and internalize IT skills in public administration. But anyone who actually decides to take a job in the administration or wants to have a positive impact on the administration from within civil society needs a lot of persuasive talent and often perseverance. But we can also achieve a lot of positive things.\r\n\r\nWhat are the practical failures, where are the structural problems and which actions do we need from from politics?\r\n\r\nIn the fax machine club, we talk about our experiences in everyday life in and with public authorities, about what is still going wrong in the administration and how we can change things together. Come along and let's discuss and make plans together in a relaxed atmosphere. If you are interested in IT in public administration and/or would like to share your ideas or questions, we'd like to hear from you!\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Selbsthilfegruppe für verwaltungsnahe Menschen mit IT-Background (\"Faxgeräteclub\")","android_description":"After we were somewhat overrun at the camp and therefore unfortunately slipped into a question-and-answer dialog, we now want to make the administrative self-help group at 37c3 a little more open. Come along, we'll provide space and time for you to network and exchange ideas! We might spontaneously throw a few funny or exciting things at the projector together. However, we deliberately refrain from a frontal lecture.\r\n\r\nWhat is the Faxgetäteclub and why are we doing this?\r\n\r\nWhen we talk about government IT, we often talk about the need to build up knowledge and internalize IT skills in public administration. But anyone who actually decides to take a job in the administration or wants to have a positive impact on the administration from within civil society needs a lot of persuasive talent and often perseverance. But we can also achieve a lot of positive things.\r\n\r\nWhat are the practical failures, where are the structural problems and which actions do we need from from politics?\r\n\r\nIn the fax machine club, we talk about our experiences in everyday life in and with public authorities, about what is still going wrong in the administration and how we can change things together. Come along and let's discuss and make plans together in a relaxed atmosphere. If you are interested in IT in public administration and/or would like to share your ideas or questions, we'd like to hear from you!","end_timestamp":{"seconds":1703761200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T11:00:00.000-0000","id":53668,"begin_timestamp":{"seconds":1703757600,"nanoseconds":0},"tag_ids":[46137,46139,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"begin":"2023-12-28T10:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Die Geschichte begann mit einer einfachen Anfrage auf Twitter über die Gesetzeskonformität von Zebrastreifen in Luxemburg, die jedoch bei der Stadtverwaltung auf eine Mauer des Schweigens stieß. Als Reaktion darauf gründeten Aktivist:innen des Zentrums für Urbane Gerechtigkeit (ZUG) das Projekt \"Safe Crossing\", um die Einhaltung der Regularien für Zebrastreifen in Luxemburg-Stadt zu überprüfen. Mit einer Mischung aus Google Maps und Tinder entwickelten sie eine App, durch die die Nutzer:innen Luftbilder der Zebrastreifen analysieren und problematische Bereiche identifizieren konnten​​.\r\n\r\nIhre Ergebnisse waren alarmierend: Etwa ein Drittel der insgesamt 1.787 analysierten Zebrastreifen entsprachen nicht den gesetzlichen Vorgaben, da Parkplätze die Sicht auf die Zebrastreifen blockierten und somit die Sicherheit der Fußgänger:innen gefährdeten​​. Trotz der Publikation ihrer Ergebnisse und der Diskussionen im Stadtrat bestritt die Stadtverwaltung die Ergebnisse und blieb bei ihrer eigenen, wesentlich niedrigeren Schätzung von nur 37 nicht regelkonformen Zebrastreifen​.\r\n\r\nDie nachfolgenden Geschehnisse zeichneten ein Bild von intransparenten Verwaltungen und dem Kampf um die Offenlegung von Informationen. Trotz mehrerer offizieller Anfragen und einer Entscheidung der „Commission d’accès aux documents“ (CAD) zugunsten von ZUG weigerte sich die Stadt Luxemburg, die angeforderten Dokumente zu veröffentlichen. Der Fall eskalierte bis vor das Verwaltungsgericht, und ZUG lancierte eine Crowdfunding-Kampagne, um die anfallenden Rechtskosten zu decken​.\r\n\r\nDer Vortrag wird die Herausforderungen und Erfolge des Projekts detailliert beleuchten, das Engagement für offene Daten und bürgerlichen Aktivismus hervorheben und auf die Bedeutung von Transparenz und Rechenschaftspflicht in der öffentlichen Verwaltung eingehen. Die Zuhörer:innen werden nicht nur Einblicke in die technischen und juristischen Aspekte des Projekts erhalten, sondern auch inspiriert werden, wie individuelle und kollektive Aktionen positive Veränderungen herbeiführen können, selbst wenn sie gegen bürokratische Mauern stoßen.\n\n\nKein Zebrastreifen ist illegal. Oder doch? Die scheinbar einfache Frage nach der Gesetzeskonformität von Zebrastreifen verursachte mysteriöses Schweigen in der öffentlichen Verwaltung der Stadt Luxemburg. Als Reaktion auf die Datenverweigerung schufen die Aktivist:innen des Zentrums für Urbane Gerechtigkeit eine Mischung aus Google Maps und Tinder, um die benötigten Daten selbst zu generieren. Dieser Vortrag beleuchtet das spannende Zusammenspiel von intransparenten Verwaltungen, der Eigeninitiative im Erstellen von Geodaten und dem juristischen Kampf um die Offenlegung von Informationen. Zudem wird aufgezeigt, welche Ressourcen ein solches Unterfangen erfordert, und wie es als lehrreiches Beispiel für zivilen Aktivismus und behördliche Transparenz dient.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Von Zebrastreifen, offenen Daten und verschlossenen Verwaltungen","android_description":"Die Geschichte begann mit einer einfachen Anfrage auf Twitter über die Gesetzeskonformität von Zebrastreifen in Luxemburg, die jedoch bei der Stadtverwaltung auf eine Mauer des Schweigens stieß. Als Reaktion darauf gründeten Aktivist:innen des Zentrums für Urbane Gerechtigkeit (ZUG) das Projekt \"Safe Crossing\", um die Einhaltung der Regularien für Zebrastreifen in Luxemburg-Stadt zu überprüfen. Mit einer Mischung aus Google Maps und Tinder entwickelten sie eine App, durch die die Nutzer:innen Luftbilder der Zebrastreifen analysieren und problematische Bereiche identifizieren konnten​​.\r\n\r\nIhre Ergebnisse waren alarmierend: Etwa ein Drittel der insgesamt 1.787 analysierten Zebrastreifen entsprachen nicht den gesetzlichen Vorgaben, da Parkplätze die Sicht auf die Zebrastreifen blockierten und somit die Sicherheit der Fußgänger:innen gefährdeten​​. Trotz der Publikation ihrer Ergebnisse und der Diskussionen im Stadtrat bestritt die Stadtverwaltung die Ergebnisse und blieb bei ihrer eigenen, wesentlich niedrigeren Schätzung von nur 37 nicht regelkonformen Zebrastreifen​.\r\n\r\nDie nachfolgenden Geschehnisse zeichneten ein Bild von intransparenten Verwaltungen und dem Kampf um die Offenlegung von Informationen. Trotz mehrerer offizieller Anfragen und einer Entscheidung der „Commission d’accès aux documents“ (CAD) zugunsten von ZUG weigerte sich die Stadt Luxemburg, die angeforderten Dokumente zu veröffentlichen. Der Fall eskalierte bis vor das Verwaltungsgericht, und ZUG lancierte eine Crowdfunding-Kampagne, um die anfallenden Rechtskosten zu decken​.\r\n\r\nDer Vortrag wird die Herausforderungen und Erfolge des Projekts detailliert beleuchten, das Engagement für offene Daten und bürgerlichen Aktivismus hervorheben und auf die Bedeutung von Transparenz und Rechenschaftspflicht in der öffentlichen Verwaltung eingehen. Die Zuhörer:innen werden nicht nur Einblicke in die technischen und juristischen Aspekte des Projekts erhalten, sondern auch inspiriert werden, wie individuelle und kollektive Aktionen positive Veränderungen herbeiführen können, selbst wenn sie gegen bürokratische Mauern stoßen.\n\n\nKein Zebrastreifen ist illegal. Oder doch? Die scheinbar einfache Frage nach der Gesetzeskonformität von Zebrastreifen verursachte mysteriöses Schweigen in der öffentlichen Verwaltung der Stadt Luxemburg. Als Reaktion auf die Datenverweigerung schufen die Aktivist:innen des Zentrums für Urbane Gerechtigkeit eine Mischung aus Google Maps und Tinder, um die benötigten Daten selbst zu generieren. Dieser Vortrag beleuchtet das spannende Zusammenspiel von intransparenten Verwaltungen, der Eigeninitiative im Erstellen von Geodaten und dem juristischen Kampf um die Offenlegung von Informationen. Zudem wird aufgezeigt, welche Ressourcen ein solches Unterfangen erfordert, und wie es als lehrreiches Beispiel für zivilen Aktivismus und behördliche Transparenz dient.","end_timestamp":{"seconds":1703760000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[{"label":"Projektwebseite","type":"link","url":"https://zug.lu/safe-crossing-2/"},{"label":"Projektverlauf","type":"link","url":"https://zug.lu/safe-crossing-the-timeline/"},{"label":"Presseartikel","type":"link","url":"https://futuremoves.com/die-illegalen-zebrastreifen-von-luxemburg/"}],"end":"2023-12-28T10:40:00.000-0000","id":53654,"begin_timestamp":{"seconds":1703757600,"nanoseconds":0},"tag_ids":[46121,46136,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Der Vortrag beginnt mit einer knappen Einführung in die Funktionsweise Neuronaler Netze, um ein allgemeines Verständnis zu schaffen. Anschließend werden verschiedene Angriffe auf Neuronale Netze dargestellt. Die dargestellten Angriffe sind zum größten Teil technisch und ich werde Angriffe wie Prompt Injection nur kurz behandeln. Im Vortrag werden neben Prompt Injection Angriffe wie LastLayer Attack, Back-Dooring, Extracting Information, Brute Forcing, Neural Overflow, Malware Injection, Neural Obfuscation und Model Stealing theoretisch vorgestellt. Um den theoretischen Vortrag aufzulockern, werde ich einige dieser Angriffe anhand von Live-Beispielen veranschaulichen und erklären, wie sie die Funktionsweise Neuronaler Netze ausnutzen bzw. an welchen Stellen diese manipuliert werden können. Während der Erläuterung der Angriffe werde ich auch darauf eingehen, welche Informationen für den Angriff benötigt werden und welche Informationen besonders schützenswert sind. Abschließend werde ich mögliche Verteidigungsstrategien erläutern, auch wenn diese nur einen teilweisen Schutz ermöglichen. Der Vortrag wird einen guten Überblick über Angriffe auf Neuronale Netze geben, wie sie in der aktuellen wissenschaftlichen Literatur bekannt sind. \n\n\nIch will den Zuhörerinnen einen Überblick über die aktuellen Möglichkeiten geben, wie Neuronale Netze angegriffen und manipuliert werden können. Das Ziel des Vortrags ist es, verschiedene Angriffe zu erklären und anhand von Beispielen zu veranschaulichen. Dies dient auch dazu, die Funktionsweise neuronaler Netze besser zu verstehen und ihre Limitierungen aufzuzeigen. Abschließend zeige ich, welche Maßnahmen ergriffen werden können, um diese Angriffe zu erkennen oder zu verhindern.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"Hacking Neural Networks","android_description":"Der Vortrag beginnt mit einer knappen Einführung in die Funktionsweise Neuronaler Netze, um ein allgemeines Verständnis zu schaffen. Anschließend werden verschiedene Angriffe auf Neuronale Netze dargestellt. Die dargestellten Angriffe sind zum größten Teil technisch und ich werde Angriffe wie Prompt Injection nur kurz behandeln. Im Vortrag werden neben Prompt Injection Angriffe wie LastLayer Attack, Back-Dooring, Extracting Information, Brute Forcing, Neural Overflow, Malware Injection, Neural Obfuscation und Model Stealing theoretisch vorgestellt. Um den theoretischen Vortrag aufzulockern, werde ich einige dieser Angriffe anhand von Live-Beispielen veranschaulichen und erklären, wie sie die Funktionsweise Neuronaler Netze ausnutzen bzw. an welchen Stellen diese manipuliert werden können. Während der Erläuterung der Angriffe werde ich auch darauf eingehen, welche Informationen für den Angriff benötigt werden und welche Informationen besonders schützenswert sind. Abschließend werde ich mögliche Verteidigungsstrategien erläutern, auch wenn diese nur einen teilweisen Schutz ermöglichen. Der Vortrag wird einen guten Überblick über Angriffe auf Neuronale Netze geben, wie sie in der aktuellen wissenschaftlichen Literatur bekannt sind. \n\n\nIch will den Zuhörerinnen einen Überblick über die aktuellen Möglichkeiten geben, wie Neuronale Netze angegriffen und manipuliert werden können. Das Ziel des Vortrags ist es, verschiedene Angriffe zu erklären und anhand von Beispielen zu veranschaulichen. Dies dient auch dazu, die Funktionsweise neuronaler Netze besser zu verstehen und ihre Limitierungen aufzuzeigen. Abschließend zeige ich, welche Maßnahmen ergriffen werden können, um diese Angriffe zu erkennen oder zu verhindern.","end_timestamp":{"seconds":1703760000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53564],"name":"jate","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52466}],"timeband_id":1141,"links":[],"end":"2023-12-28T10:40:00.000-0000","id":53564,"begin_timestamp":{"seconds":1703757600,"nanoseconds":0},"tag_ids":[46123,46136,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52466}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","begin":"2023-12-28T10:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir wollen uns darüber austauschen, was doof daran ist, dass Smartphones so normal sind, und darüber reden, wie man weniger abhängig davon sein kann.\r\n\r\nManche von uns leben komplett ohne Handy, manche nicht, manche benutzen hin und wieder Kollektivhandys. Und ihr?\r\n\r\nManche von uns kritisieren nur Smartphones, manche auch Sim-Karten und Handys generell. Und ihr?\r\n\r\nKritik an der Kritik ist auch gern gesehen.\r\n\r\nWir sammeln unsere Erkenntnisse hier: https://cryptpad.fr/pad/#/2/pad/edit/gS2CQ8V-fzTv4Z2Jm8OtryUM/\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Handys/Smartphones - eine Austauschrunde über Kritik und Alternativen","android_description":"Wir wollen uns darüber austauschen, was doof daran ist, dass Smartphones so normal sind, und darüber reden, wie man weniger abhängig davon sein kann.\r\n\r\nManche von uns leben komplett ohne Handy, manche nicht, manche benutzen hin und wieder Kollektivhandys. Und ihr?\r\n\r\nManche von uns kritisieren nur Smartphones, manche auch Sim-Karten und Handys generell. Und ihr?\r\n\r\nKritik an der Kritik ist auch gern gesehen.\r\n\r\nWir sammeln unsere Erkenntnisse hier: https://cryptpad.fr/pad/#/2/pad/edit/gS2CQ8V-fzTv4Z2Jm8OtryUM/","end_timestamp":{"seconds":1703763000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T11:30:00.000-0000","id":53531,"begin_timestamp":{"seconds":1703757600,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We outline the heterogeneous elements that make up the infrastructure of the rewilding project and what kind of situations are being produced therein. The graph of \"the infrastructure of a migratoy bird\" shows relationships between social, technological, informational, and ecological elements which make up the anthropogenic ecosystem in which the bird is becoming wild again. The objective was to visualise and comprehend the intricate network of data, energy resources, and dependencies deeply enmeshed within the project's framework. \r\n\r\nWe will also focus on the types of data being produced and to what extent \"acting\" within this framework is informed to observation of movement data. One can trace the flow of information, observe how data is generated, processed and ultimately mediated. As a migratory bird that travels between 1600 and 4600km per year (from summer to winter habitats and back) this project could not be realized without intensive use of technology. This falls into two categories: assisted migration and location/movement tracking. As a social species, the birds have an instinct to migrate, but the concrete migration routes and destinations are socially learned. With the extinction, this social knowledge became extinct as well. This is a challenge and an opportunity for the project. On the one hand, the birds need to be trained the unnatural behaviour of following a light airplane, on the other hand, humans can guide them to specific areas where socio-environmental conditions are suitable for habitation. Currently, close to 85% of the more than 200 surviving rewilded birds are wearing a GPS/GSM tracker that enables near real-time monitoring of locations and movements. This data is used for monitoring the birds for signs of distress (injury, problems along the route, death etc), and for feeding an app (Animaltracker) that allows the interested public to track the birds and, to a limited degree, for behavioural research.\r\n\r\nFrom this, a different notion of wilderness emerges. Here it denotes not the separation from human culture, but a degree of freedom and autonomy in making decisions. Technology, the real-time tracking and social media coverage, serves as a way to increase the autonomy of the bird, supporting them to survive outside captivity, yet within densely populated, deeply cultured environments. Technology's main purpose here is not surveillance but care, both directly by enabling biologists to help struggling animals in the wild, but also indirectly, by supporting a deeper, affective relationship of the population towards wild animals which are no longer anonymous, but known by name, each with its distinct history and personal character. \n\n\nWhat does it take to create a \"wild animal\"? While one might think \"wildness\" implies the absence of humans, in the age of the anthropocene and rapid climate change, the opposite is the case. It requires the development of an extensive, more-than-human-infrastructure. Our talk is based on artistic research into the ongoing rewilding project of the Northern bald ibis (Waldrapp), a large migratory bird, that has become extinct north of the alps in 1621 and are being released into the wild since 2013. The output of this research was rendered into a website which serves as a departure point of our talk. ","title":"Infrastructure of a migratory bird","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"android_description":"We outline the heterogeneous elements that make up the infrastructure of the rewilding project and what kind of situations are being produced therein. The graph of \"the infrastructure of a migratoy bird\" shows relationships between social, technological, informational, and ecological elements which make up the anthropogenic ecosystem in which the bird is becoming wild again. The objective was to visualise and comprehend the intricate network of data, energy resources, and dependencies deeply enmeshed within the project's framework. \r\n\r\nWe will also focus on the types of data being produced and to what extent \"acting\" within this framework is informed to observation of movement data. One can trace the flow of information, observe how data is generated, processed and ultimately mediated. As a migratory bird that travels between 1600 and 4600km per year (from summer to winter habitats and back) this project could not be realized without intensive use of technology. This falls into two categories: assisted migration and location/movement tracking. As a social species, the birds have an instinct to migrate, but the concrete migration routes and destinations are socially learned. With the extinction, this social knowledge became extinct as well. This is a challenge and an opportunity for the project. On the one hand, the birds need to be trained the unnatural behaviour of following a light airplane, on the other hand, humans can guide them to specific areas where socio-environmental conditions are suitable for habitation. Currently, close to 85% of the more than 200 surviving rewilded birds are wearing a GPS/GSM tracker that enables near real-time monitoring of locations and movements. This data is used for monitoring the birds for signs of distress (injury, problems along the route, death etc), and for feeding an app (Animaltracker) that allows the interested public to track the birds and, to a limited degree, for behavioural research.\r\n\r\nFrom this, a different notion of wilderness emerges. Here it denotes not the separation from human culture, but a degree of freedom and autonomy in making decisions. Technology, the real-time tracking and social media coverage, serves as a way to increase the autonomy of the bird, supporting them to survive outside captivity, yet within densely populated, deeply cultured environments. Technology's main purpose here is not surveillance but care, both directly by enabling biologists to help struggling animals in the wild, but also indirectly, by supporting a deeper, affective relationship of the population towards wild animals which are no longer anonymous, but known by name, each with its distinct history and personal character. \n\n\nWhat does it take to create a \"wild animal\"? While one might think \"wildness\" implies the absence of humans, in the age of the anthropocene and rapid climate change, the opposite is the case. It requires the development of an extensive, more-than-human-infrastructure. Our talk is based on artistic research into the ongoing rewilding project of the Northern bald ibis (Waldrapp), a large migratory bird, that has become extinct north of the alps in 1621 and are being released into the wild since 2013. The output of this research was rendered into a website which serves as a departure point of our talk.","end_timestamp":{"seconds":1703760000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53498],"name":"Gordan Savičić","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52506}],"timeband_id":1141,"links":[{"label":"Infrastructure of a migratory bird map","type":"link","url":"https://latentspaces.zhdk.ch/imb/"},{"label":"Felix Stalder","type":"link","url":"https://felix.openflows.com"},{"label":"Gordan Savicic","type":"link","url":"https://yugo.at"}],"end":"2023-12-28T10:40:00.000-0000","id":53498,"village_id":null,"begin_timestamp":{"seconds":1703757600,"nanoseconds":0},"tag_ids":[46118,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52506}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"begin":"2023-12-28T10:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Trading domain names for money has historically involved counterparty risk and middlemen. Namecoin changes that with atomic name trades.\r\nThis talk will cover how atomic name trades work in Namecoin, and how we achieved functionality such as non-interactivity, off-chain transactions, and auctions -- all without counterparty risk or trusted third-party intermediaries.\n\n\nHow atomic name trades work in Namecoin without counterparty risk or trusted third-party intermediaries.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Buying and Selling Domain Names in Namecoin (recording)","end_timestamp":{"seconds":1703758500,"nanoseconds":0},"android_description":"Trading domain names for money has historically involved counterparty risk and middlemen. Namecoin changes that with atomic name trades.\r\nThis talk will cover how atomic name trades work in Namecoin, and how we achieved functionality such as non-interactivity, off-chain transactions, and auctions -- all without counterparty risk or trusted third-party intermediaries.\n\n\nHow atomic name trades work in Namecoin without counterparty risk or trusted third-party intermediaries.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T10:15:00.000-0000","id":53939,"village_id":null,"begin_timestamp":{"seconds":1703756700,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Critical Decentralisation Cluster [Saal D]","hotel":"","short_name":"Critical Decentralisation Cluster [Saal D]","id":46166},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T09:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"It's easier to imagine the end of the world than to imagine the end of capitalism. In this workshop, we will take the rich history and diversity of human economic relations as a starting point to think of alternative ways to organize our society. \r\n\r\nOur discussion will be centered on key insights from the book \"Debt: The First 5000 Years\" by anthropologist and absolute icon David Graeber. Join us for an exercise in imagination ^_^\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Can you imagine a world beyond capitalism? Exploring economic history with David Graeber's Debt","end_timestamp":{"seconds":1703761200,"nanoseconds":0},"android_description":"It's easier to imagine the end of the world than to imagine the end of capitalism. In this workshop, we will take the rich history and diversity of human economic relations as a starting point to think of alternative ways to organize our society. \r\n\r\nOur discussion will be centered on key insights from the book \"Debt: The First 5000 Years\" by anthropologist and absolute icon David Graeber. Join us for an exercise in imagination ^_^","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T11:00:00.000-0000","id":53912,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703755800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"begin":"2023-12-28T09:30:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Zu allen Workshops kann man in der Zeit von 10:30 Uhr bis 14:00 Uhr kommen und gehen, wann man möchte! Eine Anmeldung ist nicht erforderlich. **Wir sind bei der freien Fläche vor Saal F** (nicht in Saal F). Bei allen Fragen direkt anrufen: [+4917695110311](tel:+4917695110311).\r\n\r\n**Unendlich große Zahlen.** In der Mathematik geht es nach 1, 2 und 3, nach der Million und der Fantastilliarde erst richtig los: Danach kommen die unendlich großen Zahlen. Los gehen die mit „∞“, der ersten unendlich großen Zahl, aber dann geht es noch lange weiter. Mit diesen Zahlen kann man wunderbar Spiele spielen. Vielleicht kennt der eine oder andere das Streichholzspiel, bei dem zwei Spieler abwechselnd immer bis zu drei Streichhölzer wegnehmen können und derjenige gewinnt, der das letzte Streichholz an sich nimmt. Im Workshop werden wir lernen, wie man dieses Spiel mit unendlich vielen Streichhölzern spielt, und wie der Trick aussieht, um immer zu gewinnen. Dieser Workshop richtet sich vor allem an Kinder (ab vierte Klasse). Wer schon etwas älter ist (ab etwa achte Klasse) und Englisch ganz gut versteht, kann statt zu diesem Workshop auch zum [Nachmittagsvortrag zum Thema](https://events.ccc.de/congress/2023/hub/en/event/wondrous-mathematics-the-fantastical-story-how-the/) kommen.\r\n\r\n**Cosmic Call.** Vor etwa 15 Jahren schickte die Menschheit eine Radiobotschaft an ausgewählte Sterne, in der Hoffnung, dass die Nachricht Außerirdische erreicht, diese die Nachricht verstehen und uns antworten. Die Nachricht ist nicht auf Deutsch oder Englisch verfasst, sondern bedient sich einer eigens entwickelten Symbolsprache. Schaffen wenigstens wir Menschen, die Botschaft zu entziffern? Das wollen wir in dem Workshop an uns selbst testen und herausfinden!\r\n\r\n**Zauberwürfel.** Wie löst man den Zauberwürfel (Rubik's Cube)? Das üben wir in diesem Workshop. Wer einen eigenen Zauberwürfel hat, kann ihn gerne mitbringen; für alle anderen haben wir Würfel zum Verleihen. Keinerlei Vorkenntnisse nötig.\r\n\r\n**Vierte Dimension.** In unserer Welt können wir uns nach links und rechts, nach hinten und vorne sowie nach unten und oben bewegen. Weitere Richtungen gibt es nicht. Das muss aber nicht so sein! In der Mathematik ist auch eine weitere Dimension vorstellbar. In diesem Workshop lernen wir diese vierte Dimension spielerisch und anschaulich kennen. Anhand eines interaktiven vierdimensionalen Labyrinths erkunden wir in diesem Workshop spielerisch die vierte Dimension. In der vierten Dimension gibt es neue wundersame Formen zu bestaunen, gewöhnliche dreidimensionale Gefängnisse wären nicht mehr ausbruchssicher und Schnürsenkel würden sich ständig von selbst entknoten. Wer schon etwas älter ist (ab etwa achte Klasse) und Englisch ganz gut versteht, kann statt zu diesem Workshop auch zum [60-minütigen Abendvortrag zum Thema](https://events.ccc.de/congress/2023/hub/en/event/wondrous-mathematics-the-curious-world-of-four-dim/) kommen.\r\n\r\n**Beweise ohne Worte.** In der Schule besteht Mathematik zu einem großen Teil aus Rechnungen. Das ist aber nicht das, was Mathematik wirklich ausmacht! Mathematik ist die Kunst, das Verborgene auf das Offensichtliche zurückzuführen, und dazu gehören ergreifende emotionale Aha-Momente beim Verstehen von Zusammenhängen. In diesem Workshop behandeln wir grafische Beweise.\r\n\r\n🧮\n\n\nSpiel und Spaß mit unendlich großen Zahlen und unendlichen Spielen • Zauberwürfelworkshop • Cosmic Call, eine Botschaft an Außerirdische • Spiel und Spaß mit der vierten Dimension • Beweise ohne Worte","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Angebote zum Junghacker:innentag rund um Mathematik (Erwachsene auch willkommen)","end_timestamp":{"seconds":1703768400,"nanoseconds":0},"android_description":"Zu allen Workshops kann man in der Zeit von 10:30 Uhr bis 14:00 Uhr kommen und gehen, wann man möchte! Eine Anmeldung ist nicht erforderlich. **Wir sind bei der freien Fläche vor Saal F** (nicht in Saal F). Bei allen Fragen direkt anrufen: [+4917695110311](tel:+4917695110311).\r\n\r\n**Unendlich große Zahlen.** In der Mathematik geht es nach 1, 2 und 3, nach der Million und der Fantastilliarde erst richtig los: Danach kommen die unendlich großen Zahlen. Los gehen die mit „∞“, der ersten unendlich großen Zahl, aber dann geht es noch lange weiter. Mit diesen Zahlen kann man wunderbar Spiele spielen. Vielleicht kennt der eine oder andere das Streichholzspiel, bei dem zwei Spieler abwechselnd immer bis zu drei Streichhölzer wegnehmen können und derjenige gewinnt, der das letzte Streichholz an sich nimmt. Im Workshop werden wir lernen, wie man dieses Spiel mit unendlich vielen Streichhölzern spielt, und wie der Trick aussieht, um immer zu gewinnen. Dieser Workshop richtet sich vor allem an Kinder (ab vierte Klasse). Wer schon etwas älter ist (ab etwa achte Klasse) und Englisch ganz gut versteht, kann statt zu diesem Workshop auch zum [Nachmittagsvortrag zum Thema](https://events.ccc.de/congress/2023/hub/en/event/wondrous-mathematics-the-fantastical-story-how-the/) kommen.\r\n\r\n**Cosmic Call.** Vor etwa 15 Jahren schickte die Menschheit eine Radiobotschaft an ausgewählte Sterne, in der Hoffnung, dass die Nachricht Außerirdische erreicht, diese die Nachricht verstehen und uns antworten. Die Nachricht ist nicht auf Deutsch oder Englisch verfasst, sondern bedient sich einer eigens entwickelten Symbolsprache. Schaffen wenigstens wir Menschen, die Botschaft zu entziffern? Das wollen wir in dem Workshop an uns selbst testen und herausfinden!\r\n\r\n**Zauberwürfel.** Wie löst man den Zauberwürfel (Rubik's Cube)? Das üben wir in diesem Workshop. Wer einen eigenen Zauberwürfel hat, kann ihn gerne mitbringen; für alle anderen haben wir Würfel zum Verleihen. Keinerlei Vorkenntnisse nötig.\r\n\r\n**Vierte Dimension.** In unserer Welt können wir uns nach links und rechts, nach hinten und vorne sowie nach unten und oben bewegen. Weitere Richtungen gibt es nicht. Das muss aber nicht so sein! In der Mathematik ist auch eine weitere Dimension vorstellbar. In diesem Workshop lernen wir diese vierte Dimension spielerisch und anschaulich kennen. Anhand eines interaktiven vierdimensionalen Labyrinths erkunden wir in diesem Workshop spielerisch die vierte Dimension. In der vierten Dimension gibt es neue wundersame Formen zu bestaunen, gewöhnliche dreidimensionale Gefängnisse wären nicht mehr ausbruchssicher und Schnürsenkel würden sich ständig von selbst entknoten. Wer schon etwas älter ist (ab etwa achte Klasse) und Englisch ganz gut versteht, kann statt zu diesem Workshop auch zum [60-minütigen Abendvortrag zum Thema](https://events.ccc.de/congress/2023/hub/en/event/wondrous-mathematics-the-curious-world-of-four-dim/) kommen.\r\n\r\n**Beweise ohne Worte.** In der Schule besteht Mathematik zu einem großen Teil aus Rechnungen. Das ist aber nicht das, was Mathematik wirklich ausmacht! Mathematik ist die Kunst, das Verborgene auf das Offensichtliche zurückzuführen, und dazu gehören ergreifende emotionale Aha-Momente beim Verstehen von Zusammenhängen. In diesem Workshop behandeln wir grafische Beweise.\r\n\r\n🧮\n\n\nSpiel und Spaß mit unendlich großen Zahlen und unendlichen Spielen • Zauberwürfelworkshop • Cosmic Call, eine Botschaft an Außerirdische • Spiel und Spaß mit der vierten Dimension • Beweise ohne Worte","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T13:00:00.000-0000","id":53689,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703755800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T09:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Introduction to \"Replicant\" - the only free Android distribution. https://replicant.us\n\n\nReplicant - the only free Android distribution. https://replicant.us","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Introduction to Replicant","android_description":"Introduction to \"Replicant\" - the only free Android distribution. https://replicant.us\n\n\nReplicant - the only free Android distribution. https://replicant.us","end_timestamp":{"seconds":1703755800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T09:30:00.000-0000","id":53869,"village_id":null,"begin_timestamp":{"seconds":1703754000,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Critical Decentralisation Cluster [Saal D]","hotel":"","short_name":"Critical Decentralisation Cluster [Saal D]","id":46166},"spans_timebands":"N","begin":"2023-12-28T09:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In etlichen Haushalten hat die KI schon vor einiger Zeit Einzug gehalten: Sprachassistenten wie Siri, Alexa oder Googles Assistant schalten Geräte auf Befehl ein und aus, spielen passende Musiklisten ab oder lesen aus der Wikipedia vor, wenn akuter Informationsbedarf besteht. Aber auch neuere KI-Tools wie ChatGPT, Bard und andere generative Systeme können privat genutzt werden. Richtig eingesetzt, helfen KI-Dienste bei vielen Alltagsproblemen. Sei es mit Formulierungsvorschlägen im manchmal notwendigen Schriftverkehr mit Ämtern und Institutionen oder wenn es um private Internetrecherchen geht. Auch im Bereich der Körperpflege, der Fitness und der Gesundheitsvorsorge unterstützen mittlerweile zahlreiche KI-Apps ihre Anwenderinnen und Anwender. Welche Apps und KI-Tools gibt es für den privaten Einsatz? Welche Chancen und Risiken sind mit ihnen verbunden? Wer haftet für falsche Auskünfte oder Ratschläge? Diese Fragen beantworten Expertinnen und Experten im Marktplatz mit Manfred Kloiber - live vom 37. Chaos Communication Congress in Hamburg.\n\n\nLive-Sendung \"MARKTPLATZ\"\r\nThema: \"Mein digitaler Sekretär KI: Künstliche Intelligenz für den Hausgebrauch\"\r\nGäste: Martin Gobbin (Stiftung Warentest), Tobias Koch (KI-Bundesverband), Frank Rieger (CCC) und Peter Welchering (IT-Journalist)\r\nModeration: Manfred Kloiber","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Deutschlandfunk live: MARKTPLATZ - Mein digitaler Sekretär KI: Künstliche Intelligenz für den Hausgebrauch","end_timestamp":{"seconds":1703759400,"nanoseconds":0},"android_description":"In etlichen Haushalten hat die KI schon vor einiger Zeit Einzug gehalten: Sprachassistenten wie Siri, Alexa oder Googles Assistant schalten Geräte auf Befehl ein und aus, spielen passende Musiklisten ab oder lesen aus der Wikipedia vor, wenn akuter Informationsbedarf besteht. Aber auch neuere KI-Tools wie ChatGPT, Bard und andere generative Systeme können privat genutzt werden. Richtig eingesetzt, helfen KI-Dienste bei vielen Alltagsproblemen. Sei es mit Formulierungsvorschlägen im manchmal notwendigen Schriftverkehr mit Ämtern und Institutionen oder wenn es um private Internetrecherchen geht. Auch im Bereich der Körperpflege, der Fitness und der Gesundheitsvorsorge unterstützen mittlerweile zahlreiche KI-Apps ihre Anwenderinnen und Anwender. Welche Apps und KI-Tools gibt es für den privaten Einsatz? Welche Chancen und Risiken sind mit ihnen verbunden? Wer haftet für falsche Auskünfte oder Ratschläge? Diese Fragen beantworten Expertinnen und Experten im Marktplatz mit Manfred Kloiber - live vom 37. Chaos Communication Congress in Hamburg.\n\n\nLive-Sendung \"MARKTPLATZ\"\r\nThema: \"Mein digitaler Sekretär KI: Künstliche Intelligenz für den Hausgebrauch\"\r\nGäste: Martin Gobbin (Stiftung Warentest), Tobias Koch (KI-Bundesverband), Frank Rieger (CCC) und Peter Welchering (IT-Journalist)\r\nModeration: Manfred Kloiber","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T10:30:00.000-0000","id":53691,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703754000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T09:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Recording of the presentations from the assemblies of \"Critical Decentralization Cluster\". Details at https://decentral.community\r\n\r\nWe record talks, and are happy to meet people interested in our topics!\r\n\r\n* Replicant\r\n* Namecoin\r\n* NYM\r\n* FOSSASIA\r\n* Silent.Link\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Meet the CDC Critical Decentralization Cluster (Public Event)","android_description":"Recording of the presentations from the assemblies of \"Critical Decentralization Cluster\". Details at https://decentral.community\r\n\r\nWe record talks, and are happy to meet people interested in our topics!\r\n\r\n* Replicant\r\n* Namecoin\r\n* NYM\r\n* FOSSASIA\r\n* Silent.Link","end_timestamp":{"seconds":1703768400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T13:00:00.000-0000","id":53678,"begin_timestamp":{"seconds":1703754000,"nanoseconds":0},"tag_ids":[46137,46139,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"N","begin":"2023-12-28T09:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We live in a society with a very bad incentive that pushes people to create problems and we argue that this bad incentive is trade. You can get food, access a social network, or anything else, ONLY, and ONLY if you give something back in return. Trade. Be it a currency like money, your data, or attention (watch ads). That's the backbone of our global society.\r\n\r\nThat being said we think that it is necessary to move away from this outdated society and remove this bad incentive. Our approach is to do the opposite: to create trade-free goods and services. To provide, without asking anything in return. \r\n\r\nWe not only provide trade-free goods & services ourselves, but also created the trade-free directory (part of the trade-free.org website) where we list many trade-free goods and services from around the world. And anyone can help us add more to the list – we made it super easy for anyone to do so.\r\n\r\nIn the end it is about being good human beings, to help each other, in order to create a saner and safer world.\r\n\r\nI will first present the idea of trade as a problem to then switch to solutions and also how the trade-free directory (directory.trade-free.org) itself could be improved.\n\n\n","title":"The Origin of Most Problems","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703757600,"nanoseconds":0},"android_description":"We live in a society with a very bad incentive that pushes people to create problems and we argue that this bad incentive is trade. You can get food, access a social network, or anything else, ONLY, and ONLY if you give something back in return. Trade. Be it a currency like money, your data, or attention (watch ads). That's the backbone of our global society.\r\n\r\nThat being said we think that it is necessary to move away from this outdated society and remove this bad incentive. Our approach is to do the opposite: to create trade-free goods and services. To provide, without asking anything in return. \r\n\r\nWe not only provide trade-free goods & services ourselves, but also created the trade-free directory (part of the trade-free.org website) where we list many trade-free goods and services from around the world. And anyone can help us add more to the list – we made it super easy for anyone to do so.\r\n\r\nIn the end it is about being good human beings, to help each other, in order to create a saner and safer world.\r\n\r\nI will first present the idea of trade as a problem to then switch to solutions and also how the trade-free directory (directory.trade-free.org) itself could be improved.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T10:00:00.000-0000","id":53666,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703754000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T09:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"I love to hear music. And I love to hear what it sounds like when two tracks start singing together, when they like each other. It's their way of making babies. Immediately after a first kiss between their parents, these children come to life on a cosy dance floor, surrounded by a warm and friendly twilight.\n\n\nmeet.wandowaiato.com","title":"Wando Waiato","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703746800,"nanoseconds":0},"android_description":"I love to hear music. And I love to hear what it sounds like when two tracks start singing together, when they like each other. It's their way of making babies. Immediately after a first kiss between their parents, these children come to life on a cosy dance floor, surrounded by a warm and friendly twilight.\n\n\nmeet.wandowaiato.com","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T07:00:00.000-0000","id":53880,"tag_ids":[46137,46141],"village_id":null,"begin_timestamp":{"seconds":1703736000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"begin":"2023-12-28T04:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/loui_beton\n\n\nhttps://soundcloud.com/loui_beton","title":"Loui Beton","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"https://soundcloud.com/loui_beton\n\n\nhttps://soundcloud.com/loui_beton","end_timestamp":{"seconds":1703739600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T05:00:00.000-0000","id":53902,"village_id":null,"begin_timestamp":{"seconds":1703732400,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"begin":"2023-12-28T03:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Maayan Nidam, an artist in flux, continues to change, evolve and challenge boundaries both in her Berlin studio and on stage.\r\nShe has built a reputation as a fine DJ and producer who favours a subtle approach towards mesmeric moments.\r\nHer DJ sets, predominantly based in stripped-back, deep sounds, utilise an intriguing vinyl collection, using obscure interludes\r\nfor re-contextualisation. This approach makes for some magical moments on the dance-floor, where a night’s highlight may\r\ncome from the most unlikely of tracks.\r\nAs a musician obsessed about sound and the technology behind its creation, her workflow places a strong focus on the studio\r\nenvironment. Triggering chain reactions between guitar pedals, drum machines, modular synths and acoustic instruments,\r\ngenerating sounds in unpredictable, exciting ways.\r\nInspired by her 2014 performances as The Waves with an accompanying band, Maayan has developed a solo live set that allows\r\nher to further her studio experiments and take them on the road. With a flexibly evolving range of hardware, she re-creates the\r\nspontaneous frame of her productions, delving deep into the possibilities of live dubbing and improvisation, keeping the\r\nperformance exciting for both the crowd and Maayan herself.\r\n\r\nhttps://soundcloud.com/maayan\n\n\nMaayan Nidam, an artist in flux, continues to change, evolve and challenge boundaries both in her Berlin studio and on stage.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Maayan Nidam","android_description":"Maayan Nidam, an artist in flux, continues to change, evolve and challenge boundaries both in her Berlin studio and on stage.\r\nShe has built a reputation as a fine DJ and producer who favours a subtle approach towards mesmeric moments.\r\nHer DJ sets, predominantly based in stripped-back, deep sounds, utilise an intriguing vinyl collection, using obscure interludes\r\nfor re-contextualisation. This approach makes for some magical moments on the dance-floor, where a night’s highlight may\r\ncome from the most unlikely of tracks.\r\nAs a musician obsessed about sound and the technology behind its creation, her workflow places a strong focus on the studio\r\nenvironment. Triggering chain reactions between guitar pedals, drum machines, modular synths and acoustic instruments,\r\ngenerating sounds in unpredictable, exciting ways.\r\nInspired by her 2014 performances as The Waves with an accompanying band, Maayan has developed a solo live set that allows\r\nher to further her studio experiments and take them on the road. With a flexibly evolving range of hardware, she re-creates the\r\nspontaneous frame of her productions, delving deep into the possibilities of live dubbing and improvisation, keeping the\r\nperformance exciting for both the crowd and Maayan herself.\r\n\r\nhttps://soundcloud.com/maayan\n\n\nMaayan Nidam, an artist in flux, continues to change, evolve and challenge boundaries both in her Berlin studio and on stage.","end_timestamp":{"seconds":1703732400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T03:00:00.000-0000","id":53901,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703725200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","begin":"2023-12-28T01:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/panpio","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Pio","end_timestamp":{"seconds":1703736000,"nanoseconds":0},"android_description":"https://soundcloud.com/panpio","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T04:00:00.000-0000","id":53879,"begin_timestamp":{"seconds":1703725200,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T01:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir gucken mal über einige Ideen der Drehflügler in der Geschichte der Heeresflieger. Warum es der Tiger nicht im Tank hat, warum jetzt ADAC Hubschrauber Grün angemahlt wurden, und warum Helikopterfliegen ja leichter ist als Motorradfahren. Eine kleine Episode an Merkwürdigkeiten aus der Bundeswehr.","type":{"conference_id":131,"conference":"37C3","color":"#4cd5fe","updated_at":"2023-12-30T22:18+0000","name":"Live podcast stage (45 minutes)","id":46126},"title":"Och Menno - Neue K(r)ampfhubschrauber für die Bundeswehr","end_timestamp":{"seconds":1703722500,"nanoseconds":0},"android_description":"Wir gucken mal über einige Ideen der Drehflügler in der Geschichte der Heeresflieger. Warum es der Tiger nicht im Tank hat, warum jetzt ADAC Hubschrauber Grün angemahlt wurden, und warum Helikopterfliegen ja leichter ist als Motorradfahren. Eine kleine Episode an Merkwürdigkeiten aus der Bundeswehr.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53572,53522,53723,54019],"name":"Sven Uckermann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52388}],"timeband_id":1141,"links":[],"end":"2023-12-28T00:15:00.000-0000","id":53572,"begin_timestamp":{"seconds":1703719800,"nanoseconds":0},"tag_ids":[46126,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52388}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"begin":"2023-12-27T23:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Statt den Slot ganz ausfallen zu lassen, haben wir uns entschieden etwas neues, noch nie Dagewesenes zu probieren: HACK ZUCK.\r\n\r\nDie Älteren könnten es noch kennen, ähnlich wie in RUCK ZUCK (sucht es in der Du-Tube) treten Teams gegeneinander an und müssen Begriffe beschreiben. Bei uns natürlich eher… speziellere. \r\n\r\nSucht euch gerne schon mal Teams zusammen – 5 Leute braucht es. Wir werden wie üblich im Publikum aufrufen, aber wer sich vorab als \"eingespieltes\" Team bewirbt, hat evtl. bessere Chancen. Schickt uns gerne also vorab Infos zu eurem geplanten Team an hackzuck@posteo.de – im Betreff am Besten was mit \"HackZuck Team\" – und dann sehen wir mal, was das wird.\n\n\nDies ist kein Fnord. Es wird dieses Jahr kein Hacker Jeopardy geben. Sorry. :(\r\n\r\nWir versuchen, etwas Anderes zu improvisieren. Das Event wird auf Deutsch sein und die Revolution wird nicht im Fernsehen übertragen, nicht gestreamt oder aufgezeichnet.\r\n\r\nFreut auch auf HACK ZUCK. Mal sehen, ob das lustig wird, wahrscheinlich jedenfalls wird es einmalig.","title":"Kein(!) Hacker Jeopardy","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"android_description":"Statt den Slot ganz ausfallen zu lassen, haben wir uns entschieden etwas neues, noch nie Dagewesenes zu probieren: HACK ZUCK.\r\n\r\nDie Älteren könnten es noch kennen, ähnlich wie in RUCK ZUCK (sucht es in der Du-Tube) treten Teams gegeneinander an und müssen Begriffe beschreiben. Bei uns natürlich eher… speziellere. \r\n\r\nSucht euch gerne schon mal Teams zusammen – 5 Leute braucht es. Wir werden wie üblich im Publikum aufrufen, aber wer sich vorab als \"eingespieltes\" Team bewirbt, hat evtl. bessere Chancen. Schickt uns gerne also vorab Infos zu eurem geplanten Team an hackzuck@posteo.de – im Betreff am Besten was mit \"HackZuck Team\" – und dann sehen wir mal, was das wird.\n\n\nDies ist kein Fnord. Es wird dieses Jahr kein Hacker Jeopardy geben. Sorry. :(\r\n\r\nWir versuchen, etwas Anderes zu improvisieren. Das Event wird auf Deutsch sein und die Revolution wird nicht im Fernsehen übertragen, nicht gestreamt oder aufgezeichnet.\r\n\r\nFreut auch auf HACK ZUCK. Mal sehen, ob das lustig wird, wahrscheinlich jedenfalls wird es einmalig.","end_timestamp":{"seconds":1703726100,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53594],"name":"Ray","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52478}],"timeband_id":1141,"links":[],"end":"2023-12-28T01:15:00.000-0000","id":53594,"tag_ids":[46120,46136,46139],"begin_timestamp":{"seconds":1703718900,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52478}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-27T23:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"What if it was possible to simulate consciousness? What would be logical to happen? This talk will go over some sinister thought experiments including Greg Egan's Dust Theory from his novel „Permutation City“.\r\n\r\nFor everybody. No prior knowledge required. (Conceptual spoilers for „Permutation City“.)\r\n\r\n**We meet at the Assembly of the OpenLab Augsburg. Hall 3, south edge.**\r\n\r\n🧮🦆\n\n\n","title":"A tale of sinister thought experiments about simulated consciousness (feat. Greg Egan's Dust Theory)","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703722500,"nanoseconds":0},"android_description":"What if it was possible to simulate consciousness? What would be logical to happen? This talk will go over some sinister thought experiments including Greg Egan's Dust Theory from his novel „Permutation City“.\r\n\r\nFor everybody. No prior knowledge required. (Conceptual spoilers for „Permutation City“.)\r\n\r\n**We meet at the Assembly of the OpenLab Augsburg. Hall 3, south edge.**\r\n\r\n🧮🦆","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T00:15:00.000-0000","id":53453,"begin_timestamp":{"seconds":1703718900,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"begin":"2023-12-27T23:15:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Participants will learn about the [LinuxBoot project](https://linuxboot.org) and [u-root](https://u-root.org), and if time permits, try out `cpu`, a handy concept and command ported to Linux from the ideas in the Plan 9 research OS.\r\n\r\nWe have prepared two repositories for a quick start:\r\n- \r\n- \r\n\r\nIn summary, this gets\r\n- a small Linux userland\r\n- bootloaders\r\n- networked OS\n\n\n","title":"LinuxBoot, u-root + cpu hands-on workshop","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703723700,"nanoseconds":0},"android_description":"Participants will learn about the [LinuxBoot project](https://linuxboot.org) and [u-root](https://u-root.org), and if time permits, try out `cpu`, a handy concept and command ported to Linux from the ideas in the Plan 9 research OS.\r\n\r\nWe have prepared two repositories for a quick start:\r\n- \r\n- \r\n\r\nIn summary, this gets\r\n- a small Linux userland\r\n- bootloaders\r\n- networked OS","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T00:35:00.000-0000","id":53467,"village_id":null,"begin_timestamp":{"seconds":1703718300,"nanoseconds":0},"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T23:05:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/celestemcmillian\n\n\nFacilitating sonic journeys into the inner space..\r\nPSYTRANCE - TECHNO","title":"Celestial","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703725200,"nanoseconds":0},"android_description":"https://soundcloud.com/celestemcmillian\n\n\nFacilitating sonic journeys into the inner space..\r\nPSYTRANCE - TECHNO","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T01:00:00.000-0000","id":53860,"begin_timestamp":{"seconds":1703718000,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","begin":"2023-12-27T23:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/marthavanstraaten","title":"Martha van Straaten","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"https://soundcloud.com/marthavanstraaten","end_timestamp":{"seconds":1703725200,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T01:00:00.000-0000","id":53845,"begin_timestamp":{"seconds":1703718000,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"N","begin":"2023-12-27T23:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The increase has already been exponential for years. With the AI hype, this demand for energy, cooling and water has increased dramatically. \r\n\r\nWhat is known, what is to be expected and how an upcoming crisis be avoided? Can we reuse the energy? At least partially? Are there other concepts of integrating data centers into buildings and cities? Do we have non technical patterns driving the resource exhaustion?\r\n\r\nThe AI hype has increased the demand dramatically. The existing GPU based computing paradigm cuts hard into the standard design of data centers and demands other ways of cooling. Does the approach of modeling neurons really need floating point numbers? Which alternatives could be found?\r\n\r\nThis is an update of Thomas' previous talks at the #cccamp23 Camp[1] and at the Bits und Bäume conference [2].\r\n\r\n[1] https://media.ccc.de/v/camp2023-57070-energy\\_consumption\\_of\\_data\\_centers\r\n[2] https://media.ccc.de/v/bitsundbaeume-19844-datenschutz-sparsamkeit-und-resourcenverbrauch-am-beispiel-einer-terminbuchungsanwendung\r\n\n\n\nI look into the resource consumption of data centers and present my state of knowledge. I ask more questions than I give answers.","title":"Energy Consumption of Datacenters ","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703716800,"nanoseconds":0},"android_description":"The increase has already been exponential for years. With the AI hype, this demand for energy, cooling and water has increased dramatically. \r\n\r\nWhat is known, what is to be expected and how an upcoming crisis be avoided? Can we reuse the energy? At least partially? Are there other concepts of integrating data centers into buildings and cities? Do we have non technical patterns driving the resource exhaustion?\r\n\r\nThe AI hype has increased the demand dramatically. The existing GPU based computing paradigm cuts hard into the standard design of data centers and demands other ways of cooling. Does the approach of modeling neurons really need floating point numbers? Which alternatives could be found?\r\n\r\nThis is an update of Thomas' previous talks at the #cccamp23 Camp[1] and at the Bits und Bäume conference [2].\r\n\r\n[1] https://media.ccc.de/v/camp2023-57070-energy\\_consumption\\_of\\_data\\_centers\r\n[2] https://media.ccc.de/v/bitsundbaeume-19844-datenschutz-sparsamkeit-und-resourcenverbrauch-am-beispiel-einer-terminbuchungsanwendung\r\n\n\n\nI look into the resource consumption of data centers and present my state of knowledge. I ask more questions than I give answers.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T22:40:00.000-0000","id":53896,"village_id":null,"tag_ids":[46125,46136,46140],"begin_timestamp":{"seconds":1703714400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","begin":"2023-12-27T22:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We will present the result of the research that started back in 2018. Explore with us the development on the last years. How did the security and privacy of \"Ecovacs2 change in contrast to other companies? What kind of cool hardware is out there? Can the devices be used to potentially spy on you?\r\n\r\nLearn how reverse engineering works and how to get root access on the devices. Let us show you how you maintain persistence on the devices and run your own software.\r\n\r\nCome with us on a journey of having fun hacking interesting devices while exploring bad oversights and real problems. You will be surprised what we found. Let's discuss together what impact this devices will have on our (social) life and what the future of vacuum robot hacking will bring.\r\n\n\n\nFor the past 5 years we have been presenting ways to hack and root vacuum robots at various events like CCC and DEFCON. In all these cases it covered vacuum robots by Roborock, Dreame, Xiaomi and some smaller companies.\r\n\r\nHowever, did we ever take a look at other vendors and maybe some new interesting device classes? In this talk we do exactly that, and will take a deep dive into Ecovacs robots!","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Sucking dust and cutting grass: reversing robots and bypassing security","android_description":"We will present the result of the research that started back in 2018. Explore with us the development on the last years. How did the security and privacy of \"Ecovacs2 change in contrast to other companies? What kind of cool hardware is out there? Can the devices be used to potentially spy on you?\r\n\r\nLearn how reverse engineering works and how to get root access on the devices. Let us show you how you maintain persistence on the devices and run your own software.\r\n\r\nCome with us on a journey of having fun hacking interesting devices while exploring bad oversights and real problems. You will be surprised what we found. Let's discuss together what impact this devices will have on our (social) life and what the future of vacuum robot hacking will bring.\r\n\n\n\nFor the past 5 years we have been presenting ways to hack and root vacuum robots at various events like CCC and DEFCON. In all these cases it covered vacuum robots by Roborock, Dreame, Xiaomi and some smaller companies.\r\n\r\nHowever, did we ever take a look at other vendors and maybe some new interesting device classes? In this talk we do exactly that, and will take a deep dive into Ecovacs robots!","end_timestamp":{"seconds":1703718000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53604],"name":"Dennis Giese","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52493}],"timeband_id":1140,"links":[],"end":"2023-12-27T23:00:00.000-0000","id":53604,"village_id":null,"begin_timestamp":{"seconds":1703714400,"nanoseconds":0},"tag_ids":[46124,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52493}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"Y","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T22:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The talk will be a mix of technical and non-technical aspects of analysis which should be understandable for anyone with a technical background. We’ll briefly explain how modern EMUs look like inside, how the Train Control & Monitoring System works, and how to analyze TriCore machine code.\n\n\nWe've all been there: the trains you're servicing for a customer suddenly brick themselves and the manufacturer claims that's because you've interfered with a security system.\r\n\r\nThis talk will tell the story of a series of Polish EMUs (Electric Multiple Unit) that all refused to move a few days after arriving at an “unauthorized” service company. We'll go over how a train control system actually works, how we reverse-engineered one and what sort of magical “security” systems we actually found inside of it.\r\n\r\nReality sometimes is stranger than the wildest CTF task. Reality sometimes is running `unlock.py` on a dozen trains.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"Breaking \"DRM\" in Polish trains","end_timestamp":{"seconds":1703718000,"nanoseconds":0},"android_description":"The talk will be a mix of technical and non-technical aspects of analysis which should be understandable for anyone with a technical background. We’ll briefly explain how modern EMUs look like inside, how the Train Control & Monitoring System works, and how to analyze TriCore machine code.\n\n\nWe've all been there: the trains you're servicing for a customer suddenly brick themselves and the manufacturer claims that's because you've interfered with a security system.\r\n\r\nThis talk will tell the story of a series of Polish EMUs (Electric Multiple Unit) that all refused to move a few days after arriving at an “unauthorized” service company. We'll go over how a train control system actually works, how we reverse-engineered one and what sort of magical “security” systems we actually found inside of it.\r\n\r\nReality sometimes is stranger than the wildest CTF task. Reality sometimes is running `unlock.py` on a dozen trains.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53593],"name":"q3k","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52460},{"conference_id":131,"event_ids":[53593],"name":"MrTick","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52491}],"timeband_id":1140,"links":[],"end":"2023-12-27T23:00:00.000-0000","id":53593,"village_id":null,"tag_ids":[46122,46136,46140],"begin_timestamp":{"seconds":1703714400,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52491},{"tag_id":46107,"sort_order":1,"person_id":52460}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-27T22:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Unsere Silvestergala. Mit hilfreichen Tipps für euer Silvestermenü. Haltet Zettel und Stift bereit!\n\n\nHochqualitativer Content mit Zusammenhängen ohne Zusammenhang. \r\n\r\nPhako und Bert lesen Dinge vor (divers)\r\nFreut euch auf Dialekte, Intonationen deluxe, erkältete Stimmen, erotische Betonungen und i.d.R. vollkommen unvorbereitete, spontane Aufnahmen ohne besonderen Anlass <3\r\n\r\nDas Team von https://www.ihrkoenntunsallemal.de/ freut sich auf die Weihnachtssonderfolge! Der akustische Christmas Jumper!","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#93758d","name":"Podcasting table (45 minutes)","id":46128},"title":"Schiffsromantik","end_timestamp":{"seconds":1703717100,"nanoseconds":0},"android_description":"Unsere Silvestergala. Mit hilfreichen Tipps für euer Silvestermenü. Haltet Zettel und Stift bereit!\n\n\nHochqualitativer Content mit Zusammenhängen ohne Zusammenhang. \r\n\r\nPhako und Bert lesen Dinge vor (divers)\r\nFreut euch auf Dialekte, Intonationen deluxe, erkältete Stimmen, erotische Betonungen und i.d.R. vollkommen unvorbereitete, spontane Aufnahmen ohne besonderen Anlass <3\r\n\r\nDas Team von https://www.ihrkoenntunsallemal.de/ freut sich auf die Weihnachtssonderfolge! Der akustische Christmas Jumper!","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53527],"name":"Phako","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52481},{"conference_id":131,"event_ids":[53527],"name":"bert","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52497}],"timeband_id":1140,"links":[],"end":"2023-12-27T22:45:00.000-0000","id":53527,"village_id":null,"tag_ids":[46128,46139],"begin_timestamp":{"seconds":1703714400,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52481},{"tag_id":46107,"sort_order":1,"person_id":52497}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"begin":"2023-12-27T22:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Very roughly, P is the class of efficiently solvable problems and NP is the class of non-efficiently solvable problems. A basic fact of life is P ≠ NP. However, for the last fifty years, this observation has stubbornly resisted every attempt of a proof. The talk will carefully explain:\r\n\r\n▸ what the precise statement of the conjecture P ≠ NP is\r\n\r\n▸ how the world would look like if P = NP\r\n\r\n▸ whether it might be that it's provable that the conjecture is unprovable (that the conjecture exceeds the boundaries of logic)\r\n\r\n▸ what's known about hypothetical proofs of P ≠ NP\r\n\r\nThis talk requires no mathematical prerequisites. Indeed, people who took classes on computability theory in university will be bored to hell and should only attend if they plan to support the session by offering interesting remarks. :-)\r\n\r\nTo enjoy and follow the talk, you should know that we use algorithms to solve computational problems and that some are more efficient than others. You'll be extra prepared if at some point in your life you've implemented some algorithms. That said, you will only enjoy the talk if you enjoy mathematical thinking and a certain amount of mathematical precision. This is not a light-and-fun talk, to the small extent that it's fun it's only thanks to the interesting theoretical relationships discussed in the talk.\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Wondrous mathematics: A gentle introduction to P vs. NP, the greatest open question in computer science","end_timestamp":{"seconds":1703717400,"nanoseconds":0},"android_description":"Very roughly, P is the class of efficiently solvable problems and NP is the class of non-efficiently solvable problems. A basic fact of life is P ≠ NP. However, for the last fifty years, this observation has stubbornly resisted every attempt of a proof. The talk will carefully explain:\r\n\r\n▸ what the precise statement of the conjecture P ≠ NP is\r\n\r\n▸ how the world would look like if P = NP\r\n\r\n▸ whether it might be that it's provable that the conjecture is unprovable (that the conjecture exceeds the boundaries of logic)\r\n\r\n▸ what's known about hypothetical proofs of P ≠ NP\r\n\r\nThis talk requires no mathematical prerequisites. Indeed, people who took classes on computability theory in university will be bored to hell and should only attend if they plan to support the session by offering interesting remarks. :-)\r\n\r\nTo enjoy and follow the talk, you should know that we use algorithms to solve computational problems and that some are more efficient than others. You'll be extra prepared if at some point in your life you've implemented some algorithms. That said, you will only enjoy the talk if you enjoy mathematical thinking and a certain amount of mathematical precision. This is not a light-and-fun talk, to the small extent that it's fun it's only thanks to the interesting theoretical relationships discussed in the talk.\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T22:50:00.000-0000","id":53466,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703714400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T22:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Österreichische Politik kann mit Humor sehr gut ertragen werden. Ob Videos von spanischen Inseln, Chats oder Spesenaffären - all das hätte sich ein Drehbuchautor nicht besser ausdenken können. Wir erklären, was in den letzten Jahren bei uns passiert ist und zeigen auf, wie ein weiterer Rechtsruck verhindert werden kann.","title":"Vom Kinderkanzler Kurz zum Volkskanzler Kickl - Politik in Österreich","type":{"conference_id":131,"conference":"37C3","color":"#e78bea","updated_at":"2023-12-30T22:18+0000","name":"Live podcast stage (90 minutes)","id":46127},"end_timestamp":{"seconds":1703719800,"nanoseconds":0},"android_description":"Österreichische Politik kann mit Humor sehr gut ertragen werden. Ob Videos von spanischen Inseln, Chats oder Spesenaffären - all das hätte sich ein Drehbuchautor nicht besser ausdenken können. Wir erklären, was in den letzten Jahren bei uns passiert ist und zeigen auf, wie ein weiterer Rechtsruck verhindert werden kann.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53447],"name":"unsösterreichts.jetzt","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52263},{"conference_id":131,"event_ids":[53447],"name":"Alexander Muigg","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52435}],"timeband_id":1140,"links":[],"end":"2023-12-27T23:30:00.000-0000","id":53447,"village_id":null,"begin_timestamp":{"seconds":1703714400,"nanoseconds":0},"tag_ids":[46127,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52435},{"tag_id":46107,"sort_order":1,"person_id":52263}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"begin":"2023-12-27T22:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Die älteren unter uns werden sich erinnern. Früher konnte man in halbwegs großen Bahnhöfen Fahrkarten nach halb Europa kaufen. Im schlimmsten Fall wurden kompliziertere Sachen mal per Fax beim nächsten großen Bahnhof bestellt, im Wesentlichen konnten die Personen am Schalter aber die Fahrpreise und Fahrpläne durch das Wälzen von Kursbüchern und Tariftabellen ermitteln. \r\n\r\nDas müsste heute doch besser gehen? So mit Computern, ohne Fax und mit Algorithmen? Im Prinzip schon - aber... Und das ganze dann noch aufs Handy oder zum Selbstausdrucken nach Hause zu bringen, ist dann das nächste Thema. Also doch zum Schalter? Viele wurden in den letzten Jahren geschlossen, und auch dort wurden die Möglichkeiten beschnitten. Eine Reservierung nach Paris? Geht nur über Frankfurt, nicht über Köln. Ab Paris weiter? Nur vor Ort. JeDi kennt sich mit Fahrkarten aus, und versucht das Problem aufzuarbeiten und zu bewerten.\n\n\nZug fahren ist toll. Mit dem Zug weit weg fahren umso mehr. Leider ist es oftmals kompliziert, eine Fahrkarte ins Ausland zu kaufen - und in den letzten Jahren wird das auch noch immer komplizierter. JeDi hat sich mal angeschaut, wo eigentlich die Probleme liegen - und wie Lösungen aussehen können.","title":"Wie funktionieren Zug-Fahrkarten ins Ausland?","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#f6ae74","name":"Talk 90 Minuten +15m Q&A","id":46132},"end_timestamp":{"seconds":1703718900,"nanoseconds":0},"android_description":"Die älteren unter uns werden sich erinnern. Früher konnte man in halbwegs großen Bahnhöfen Fahrkarten nach halb Europa kaufen. Im schlimmsten Fall wurden kompliziertere Sachen mal per Fax beim nächsten großen Bahnhof bestellt, im Wesentlichen konnten die Personen am Schalter aber die Fahrpreise und Fahrpläne durch das Wälzen von Kursbüchern und Tariftabellen ermitteln. \r\n\r\nDas müsste heute doch besser gehen? So mit Computern, ohne Fax und mit Algorithmen? Im Prinzip schon - aber... Und das ganze dann noch aufs Handy oder zum Selbstausdrucken nach Hause zu bringen, ist dann das nächste Thema. Also doch zum Schalter? Viele wurden in den letzten Jahren geschlossen, und auch dort wurden die Möglichkeiten beschnitten. Eine Reservierung nach Paris? Geht nur über Frankfurt, nicht über Köln. Ab Paris weiter? Nur vor Ort. JeDi kennt sich mit Fahrkarten aus, und versucht das Problem aufzuarbeiten und zu bewerten.\n\n\nZug fahren ist toll. Mit dem Zug weit weg fahren umso mehr. Leider ist es oftmals kompliziert, eine Fahrkarte ins Ausland zu kaufen - und in den letzten Jahren wird das auch noch immer komplizierter. JeDi hat sich mal angeschaut, wo eigentlich die Probleme liegen - und wie Lösungen aussehen können.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53580],"name":"JeDi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52269}],"timeband_id":1140,"links":[],"end":"2023-12-27T23:15:00.000-0000","id":53580,"begin_timestamp":{"seconds":1703712600,"nanoseconds":0},"village_id":null,"tag_ids":[46132,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52269}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"spans_timebands":"Y","begin":"2023-12-27T21:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"SMTP, the Simple Mail Transfer Protocol, allows e-mailing since 1982. This easily makes it one of the oldest technologies amongst the Internet. However, even though it seems to have stood the test of time, there was still a trivial but novel exploitation technique just waiting to be discovered – SMTP smuggling!\r\nIn this talk, we’ll explore how SMTP smuggling breaks the interpretation of the SMTP protocol in vulnerable server constellations worldwide, allowing some more than unwanted behavior. Sending e-mails as admin@microsoft.com to fortune 500 companies – while still passing SPF checks – will be the least of our problems!\r\nFrom identifying this novel technique to exploiting it in one of the most used e-mail services on the Internet, we’ll dive into all the little details this attack has to offer. Therefore, in this talk, we’ll embark on an expedition beyond the known limits of SMTP, and venture into the uncharted territories of SMTP smuggling!\n\n\nIntroducing a novel technique for e-mail spoofing.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"SMTP Smuggling – Spoofing E-Mails Worldwide","android_description":"SMTP, the Simple Mail Transfer Protocol, allows e-mailing since 1982. This easily makes it one of the oldest technologies amongst the Internet. However, even though it seems to have stood the test of time, there was still a trivial but novel exploitation technique just waiting to be discovered – SMTP smuggling!\r\nIn this talk, we’ll explore how SMTP smuggling breaks the interpretation of the SMTP protocol in vulnerable server constellations worldwide, allowing some more than unwanted behavior. Sending e-mails as admin@microsoft.com to fortune 500 companies – while still passing SPF checks – will be the least of our problems!\r\nFrom identifying this novel technique to exploiting it in one of the most used e-mail services on the Internet, we’ll dive into all the little details this attack has to offer. Therefore, in this talk, we’ll embark on an expedition beyond the known limits of SMTP, and venture into the uncharted territories of SMTP smuggling!\n\n\nIntroducing a novel technique for e-mail spoofing.","end_timestamp":{"seconds":1703713500,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53612],"name":"Timo Longin","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52392}],"timeband_id":1140,"links":[],"end":"2023-12-27T21:45:00.000-0000","id":53612,"village_id":null,"begin_timestamp":{"seconds":1703711100,"nanoseconds":0},"tag_ids":[46124,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52392}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"begin":"2023-12-27T21:05:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The European Southern Observatory (ESO) is an intergovernmental organisation founded in 1962 and is based in Garching bei München. It develops, builds and operates ground-based telescopes to enable astronomical research in the southern hemisphere and to foster cooperation in the international astronomical community. In 2012 the ESO Council approved the Extremely Large Telescope (ELT) programme and its construction is scheduled for completion in 2028. The 39m primary mirror will make the ELT the largest optical telescope at that time.\r\n\r\nIt will be located on the top of Cerro Armazones, a ~3000m high mountain in the Atacama desert in Chile. This site provides ideal optical conditions, but also comes with logistical and engineering challenges.\r\n\r\nWe will walk you through the telescope and along the optical path to the instruments and explain some of the technologies involved to push the boundaries of ground-based optical astronomy.\n\n\nThe Extremely Large Telescope (ELT) is currently under construction in the Atacama desert in northern Chile by the European Southern Observatory (ESO). With a primary mirror aperture of 39m, it will be the largest optical telescope on earth. We will briefly introduce the history and mission of ESO and explain how a modern optical telescope works.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"The Extremely Large Telescope (ELT)","android_description":"The European Southern Observatory (ESO) is an intergovernmental organisation founded in 1962 and is based in Garching bei München. It develops, builds and operates ground-based telescopes to enable astronomical research in the southern hemisphere and to foster cooperation in the international astronomical community. In 2012 the ESO Council approved the Extremely Large Telescope (ELT) programme and its construction is scheduled for completion in 2028. The 39m primary mirror will make the ELT the largest optical telescope at that time.\r\n\r\nIt will be located on the top of Cerro Armazones, a ~3000m high mountain in the Atacama desert in Chile. This site provides ideal optical conditions, but also comes with logistical and engineering challenges.\r\n\r\nWe will walk you through the telescope and along the optical path to the instruments and explain some of the technologies involved to push the boundaries of ground-based optical astronomy.\n\n\nThe Extremely Large Telescope (ELT) is currently under construction in the Atacama desert in northern Chile by the European Southern Observatory (ESO). With a primary mirror aperture of 39m, it will be the largest optical telescope on earth. We will briefly introduce the history and mission of ESO and explain how a modern optical telescope works.","end_timestamp":{"seconds":1703713500,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53603],"name":"panic","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52476},{"conference_id":131,"event_ids":[53603],"name":"lk","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52492}],"timeband_id":1140,"links":[{"label":"ELT homepage","type":"link","url":"https://elt.eso.org/"}],"end":"2023-12-27T21:45:00.000-0000","id":53603,"begin_timestamp":{"seconds":1703711100,"nanoseconds":0},"village_id":null,"tag_ids":[46123,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52492},{"tag_id":46107,"sort_order":1,"person_id":52476}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","begin":"2023-12-27T21:05:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Der Vortrag ist eine allgemeinverständliche Einführung in die Demokratietheorie in Krisenzeiten. Er stellt zuerst die wichtigsten Demokratietheorien aus der Politikwissenschaft vor: Was ist Demokratie? Und wie sieht eine gut funktionierende Demokratie in der Praxis aus? Anschließend werden die Problemdiagnostik und die Ursachenforschung behandelt: Was stimmt aus wissenschaftlicher Sicht nicht mit der Demokratie? Ist sie in der Krise oder liegen die Probleme woanders? Zum Schluss stehen Lösungswege und Reaktionsmöglichkeiten zur Diskussion: Bieten Politikwissenschaft und Demokratietheorie praktikable Lösungsansätze? Oder sind sie selbst in einer Krise, weil sie keine Lösungswege aufzeigen können?\n\n\nDemokratie ist eine gute Idee, funktioniert aber nicht in der Praxis. So die Meinung vieler Menschen, die vor dem Hintergrund von Klimakrise, Infrastrukturerosion und Regierungsversagen an der Zukunftsfähigkeit der Demokratie zweifeln. Wie reagiert die Politikwissenschaft darauf und kann die Demokratietheorie Lösungswege aufzeigen?","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Ist die Demokratie noch zu retten? ","end_timestamp":{"seconds":1703713500,"nanoseconds":0},"android_description":"Der Vortrag ist eine allgemeinverständliche Einführung in die Demokratietheorie in Krisenzeiten. Er stellt zuerst die wichtigsten Demokratietheorien aus der Politikwissenschaft vor: Was ist Demokratie? Und wie sieht eine gut funktionierende Demokratie in der Praxis aus? Anschließend werden die Problemdiagnostik und die Ursachenforschung behandelt: Was stimmt aus wissenschaftlicher Sicht nicht mit der Demokratie? Ist sie in der Krise oder liegen die Probleme woanders? Zum Schluss stehen Lösungswege und Reaktionsmöglichkeiten zur Diskussion: Bieten Politikwissenschaft und Demokratietheorie praktikable Lösungsansätze? Oder sind sie selbst in einer Krise, weil sie keine Lösungswege aufzeigen können?\n\n\nDemokratie ist eine gute Idee, funktioniert aber nicht in der Praxis. So die Meinung vieler Menschen, die vor dem Hintergrund von Klimakrise, Infrastrukturerosion und Regierungsversagen an der Zukunftsfähigkeit der Demokratie zweifeln. Wie reagiert die Politikwissenschaft darauf und kann die Demokratietheorie Lösungswege aufzeigen?","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53592],"name":"Veith Selk","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52301}],"timeband_id":1140,"end":"2023-12-27T21:45:00.000-0000","links":[{"label":"Website Veith Selk","type":"link","url":"https://veithselk.de"}],"id":53592,"tag_ids":[46123,46136,46139],"begin_timestamp":{"seconds":1703711100,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52301}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T21:05:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"It's all about all.\r\neverything is everything and at the same time it's only one.\r\nIf you feel love there is maybe fear and doubt, maybe security and maybe pain. maybe there is the smell of cookie dough or the smell of wood. \r\nno matter what - all these things become one feeling. one expression. it's the collection of all your experiences. of all your violations.\r\nALL of them have their place and their task and want to be seen and want to be taken seriously.\r\nlove all of them - even if in this love - with whom you love them - you find them again. <3\n\n\nhttps://secretact.bandcamp.com/","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"secret act","android_description":"It's all about all.\r\neverything is everything and at the same time it's only one.\r\nIf you feel love there is maybe fear and doubt, maybe security and maybe pain. maybe there is the smell of cookie dough or the smell of wood. \r\nno matter what - all these things become one feeling. one expression. it's the collection of all your experiences. of all your violations.\r\nALL of them have their place and their task and want to be seen and want to be taken seriously.\r\nlove all of them - even if in this love - with whom you love them - you find them again. <3\n\n\nhttps://secretact.bandcamp.com/","end_timestamp":{"seconds":1703718000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T23:00:00.000-0000","id":53907,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703710800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"Y","begin":"2023-12-27T21:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/brumby\r\nhttps://soundcloud.com/hks97\n\n\nDurch schönsten Zufall geborenes Projekt für Tanzmusik, Schaumwein & Freundschaft","title":"Lena Brumby & HKS97","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703718000,"nanoseconds":0},"android_description":"https://soundcloud.com/brumby\r\nhttps://soundcloud.com/hks97\n\n\nDurch schönsten Zufall geborenes Projekt für Tanzmusik, Schaumwein & Freundschaft","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T23:00:00.000-0000","id":53844,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703710800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"Y","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T21:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"*How a mathematical breakthrough made at the end of the 17th century is the workhorse of the artificial neural networks of today*\r\n\r\nConventional computer algorithms are superior to the human intellect in many regards: for instance at multiplying large numbers or winning at chess by analyzing huge numbers of moves. But there are also many tasks which come naturally to us yet exceed the capabilities of algorithms by vast amounts: Rigid algorithms can't decipher human handwriting or drive cars.\r\n\r\nThe recent breakthroughs in artificial intelligence circumvent these barriers by employing quite a different approach: They use artificial neural networks, which are inspired by the partially-understood way the human brain works.\r\n\r\nThe unique feature of artificial neural nets is that they aren't rigid, but can learn. Human programmers specify their rough structure and supply training data, but don't write a single line of code governing their behavior.\r\n\r\n**In the spirit of a good Unix command-line tool, this talk aspires to explain one thing and explain it well: How do artificial neural nets accomplish the feat of learning?**\r\n\r\nWe'll learn that the answer is related to a mathematical breakthrough made at the end of the 17th century and discuss why deep learning only surged in the last few years, even though the basics of artificial neural nets were already understood in the 1980s. We'll also touch upon some of the greatest problems of neural nets, which emerge directly from the way neural nets learn.\r\n\r\nThe talk doesn't require any advanced knowledge of mathematics. If you're already familiar with [Michael Nielsen's book](http://neuralnetworksanddeeplearning.com/), then don't expect to learn anything new and come to this talk only if you want to contribute interesting remarks. The talk has the goal of making the other neural network talks more accessible.\r\n\r\n[Here is a list of more sessions by us.](https://chaos.quasicoherent.io/)\r\n\r\n🧮\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Wondrous mathematics: How does artificial intelligence accomplish the feat of learning?","end_timestamp":{"seconds":1703713800,"nanoseconds":0},"android_description":"*How a mathematical breakthrough made at the end of the 17th century is the workhorse of the artificial neural networks of today*\r\n\r\nConventional computer algorithms are superior to the human intellect in many regards: for instance at multiplying large numbers or winning at chess by analyzing huge numbers of moves. But there are also many tasks which come naturally to us yet exceed the capabilities of algorithms by vast amounts: Rigid algorithms can't decipher human handwriting or drive cars.\r\n\r\nThe recent breakthroughs in artificial intelligence circumvent these barriers by employing quite a different approach: They use artificial neural networks, which are inspired by the partially-understood way the human brain works.\r\n\r\nThe unique feature of artificial neural nets is that they aren't rigid, but can learn. Human programmers specify their rough structure and supply training data, but don't write a single line of code governing their behavior.\r\n\r\n**In the spirit of a good Unix command-line tool, this talk aspires to explain one thing and explain it well: How do artificial neural nets accomplish the feat of learning?**\r\n\r\nWe'll learn that the answer is related to a mathematical breakthrough made at the end of the 17th century and discuss why deep learning only surged in the last few years, even though the basics of artificial neural nets were already understood in the 1980s. We'll also touch upon some of the greatest problems of neural nets, which emerge directly from the way neural nets learn.\r\n\r\nThe talk doesn't require any advanced knowledge of mathematics. If you're already familiar with [Michael Nielsen's book](http://neuralnetworksanddeeplearning.com/), then don't expect to learn anything new and come to this talk only if you want to contribute interesting remarks. The talk has the goal of making the other neural network talks more accessible.\r\n\r\n[Here is a list of more sessions by us.](https://chaos.quasicoherent.io/)\r\n\r\n🧮","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T21:50:00.000-0000","id":53629,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703710800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"N","begin":"2023-12-27T21:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We will give a short introduction into new Low Earth Orbit satellite based communications networks like Starlink, OneWeb and Amazon Kuiper. \r\n\r\nWhat is going on in space? How do you build a satellite constellation? How does all this work? What performance can a user expect? \r\n\r\nWe will also have an open discussion on where the development of infrastructure and services is headed and what risks and attack vectors could be observed so far.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Cosmic Connectivity - Starlink, Satellite Swarms and the Hackers' Final Frontier","end_timestamp":{"seconds":1703714400,"nanoseconds":0},"android_description":"We will give a short introduction into new Low Earth Orbit satellite based communications networks like Starlink, OneWeb and Amazon Kuiper. \r\n\r\nWhat is going on in space? How do you build a satellite constellation? How does all this work? What performance can a user expect? \r\n\r\nWe will also have an open discussion on where the development of infrastructure and services is headed and what risks and attack vectors could be observed so far.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T22:00:00.000-0000","id":53618,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703710800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","begin":"2023-12-27T21:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Erdgeist & Monoxyd denken laut. Aufgrund des großen Erfolgs soll das jetzt auch beim Congress versucht werden. Themen? Ja! Wahrscheinlich irgendwas mit so... Dingen, die gerade passiert sind und zu denen mal was gesagt werden muss. Besser wir als Lanz & Precht!","title":"Offene Hör Muscheln (OHM #019)","type":{"conference_id":131,"conference":"37C3","color":"#4cd5fe","updated_at":"2023-12-30T22:18+0000","name":"Live podcast stage (45 minutes)","id":46126},"end_timestamp":{"seconds":1703713500,"nanoseconds":0},"android_description":"Erdgeist & Monoxyd denken laut. Aufgrund des großen Erfolgs soll das jetzt auch beim Congress versucht werden. Themen? Ja! Wahrscheinlich irgendwas mit so... Dingen, die gerade passiert sind und zu denen mal was gesagt werden muss. Besser wir als Lanz & Precht!","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53436,53695],"name":"monoxyd","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52286}],"timeband_id":1140,"links":[],"end":"2023-12-27T21:45:00.000-0000","id":53436,"begin_timestamp":{"seconds":1703710800,"nanoseconds":0},"tag_ids":[46126,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52286}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"begin":"2023-12-27T21:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Ever since the storm surge in Hamburg in 1962, it has been known that radio amateurs can provide communication support. Not only among themselves, but also in the neighborhood or in cooperation with emergency services. However, this help has changed over the years, as our everyday communication has also changed. In this brief presentation, I would therefore like to show what consequences it has for us if communication is no longer possible and what thoughts we radio amateurs have about this and what activities we try to put into practice, but also where there are problems and where non-radio amateurs can also contribute their knowledge and commitment.\n\n\nDie digitale Kommunikation aus unserem Alltag wegzudenken, fällt noch schwerer als für viele das Mobiltelefon aus der Hand zu legen. Und trotzdem beschäftigen sich Funkamateure auch mit dem Thema, wie man kommunizieren kann, wenn die konventionellen Kommunikationswege ausgefallen sind.\r\n\r\nSpeaker: DL7TNY","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Amateurfunk als Hilfe in Not- und Katastrophenfällen","end_timestamp":{"seconds":1703710800,"nanoseconds":0},"android_description":"Ever since the storm surge in Hamburg in 1962, it has been known that radio amateurs can provide communication support. Not only among themselves, but also in the neighborhood or in cooperation with emergency services. However, this help has changed over the years, as our everyday communication has also changed. In this brief presentation, I would therefore like to show what consequences it has for us if communication is no longer possible and what thoughts we radio amateurs have about this and what activities we try to put into practice, but also where there are problems and where non-radio amateurs can also contribute their knowledge and commitment.\n\n\nDie digitale Kommunikation aus unserem Alltag wegzudenken, fällt noch schwerer als für viele das Mobiltelefon aus der Hand zu legen. Und trotzdem beschäftigen sich Funkamateure auch mit dem Thema, wie man kommunizieren kann, wenn die konventionellen Kommunikationswege ausgefallen sind.\r\n\r\nSpeaker: DL7TNY","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T21:00:00.000-0000","id":53480,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703709000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chaoswelle","hotel":"","short_name":"Chaoswelle","id":46141},"spans_timebands":"N","begin":"2023-12-27T20:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Brauchen wir wirklich einen weiteren Vortrag über Künstliche Intelligenz? In den letzten Jahren war das Thema omnipräsent, Bilder werden jetzt generiert, Texte nicht mehr selbst geschrieben und ob ich kreditwürdig bin, prüft auch so eine KI. Und wer weiß, neulich klang der Chat Bot richtig menschlich, vielleicht hat er ja doch ein Bewusstsein. \r\nIn diesem Vortrag geht es nicht um tolle Errungenschaften von KI-Systemen oder um „30 Prompts, mit denen du noch effektiver bist!“. Dieser Vortrag legt den Grundstein für ein Verständnis von maschinellem Lernen mit dem Ziel, dass du am Ende selbst die aktuellen Entwicklungen einschätzen kannst: Übertrumpfen Neuronale Netze irgendwann wirklich den Menschen? Oder können sie im Grunde gar nichts und sind massiv fehleranfällig? Und die Frage aller Fragen: Hat künstliche Intelligenz ein Bewusstsein oder steht kurz davor, eines zu entwickeln? Über all das kannst du dir nach dem Vortrag eine eigene fundiertere Meinung bilden. \n\n\nNachdem in den letzten Jahren dauernd der Weltuntergang durch KI heraufbeschworen wurde, ist es an der Zeit nachzuschauen, was diese ominösen Neuronalen Netze (NN) eigentlich sind. Wir beginnen mit einer anschaulichen Erklärung, wie ein NN funktioniert und warum es keine wirkliche Ähnlichkeit mit deinem Gehirn hat. Anschließend schrauben wir die Black Box, wie es so schön heißt, einfach einmal auf: Wie können NN erklärbar gemacht werden? Warum trifft ein Neuronales Netz diese oder jene Entscheidung? Was an der politischen Forderung nach erklärbarer KI ist tatsächlich umsetzbar? Außerdem werden wir sehen, wie NN manchmal schummeln, um eine Vorhersage zu treffen. Im Gegenzug tricksen wir sie auch gezielt aus.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Lass mal das Innere eines Neuronalen Netzes ansehen!","android_description":"Brauchen wir wirklich einen weiteren Vortrag über Künstliche Intelligenz? In den letzten Jahren war das Thema omnipräsent, Bilder werden jetzt generiert, Texte nicht mehr selbst geschrieben und ob ich kreditwürdig bin, prüft auch so eine KI. Und wer weiß, neulich klang der Chat Bot richtig menschlich, vielleicht hat er ja doch ein Bewusstsein. \r\nIn diesem Vortrag geht es nicht um tolle Errungenschaften von KI-Systemen oder um „30 Prompts, mit denen du noch effektiver bist!“. Dieser Vortrag legt den Grundstein für ein Verständnis von maschinellem Lernen mit dem Ziel, dass du am Ende selbst die aktuellen Entwicklungen einschätzen kannst: Übertrumpfen Neuronale Netze irgendwann wirklich den Menschen? Oder können sie im Grunde gar nichts und sind massiv fehleranfällig? Und die Frage aller Fragen: Hat künstliche Intelligenz ein Bewusstsein oder steht kurz davor, eines zu entwickeln? Über all das kannst du dir nach dem Vortrag eine eigene fundiertere Meinung bilden. \n\n\nNachdem in den letzten Jahren dauernd der Weltuntergang durch KI heraufbeschworen wurde, ist es an der Zeit nachzuschauen, was diese ominösen Neuronalen Netze (NN) eigentlich sind. Wir beginnen mit einer anschaulichen Erklärung, wie ein NN funktioniert und warum es keine wirkliche Ähnlichkeit mit deinem Gehirn hat. Anschließend schrauben wir die Black Box, wie es so schön heißt, einfach einmal auf: Wie können NN erklärbar gemacht werden? Warum trifft ein Neuronales Netz diese oder jene Entscheidung? Was an der politischen Forderung nach erklärbarer KI ist tatsächlich umsetzbar? Außerdem werden wir sehen, wie NN manchmal schummeln, um eine Vorhersage zu treffen. Im Gegenzug tricksen wir sie auch gezielt aus.","end_timestamp":{"seconds":1703710200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53820],"name":"Annika Rüll","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52289}],"timeband_id":1140,"links":[],"end":"2023-12-27T20:50:00.000-0000","id":53820,"begin_timestamp":{"seconds":1703707800,"nanoseconds":0},"village_id":null,"tag_ids":[46123,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52289}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","begin":"2023-12-27T20:10:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Using the SuperCam microphone mounted on the Mars Perseverance Rover, recordings were made of the sounds of the Ingenuity rotorcraft as well as the popping sounds of laser sparking on stone. These audio samples, in addition to recordings of wind from other missions served as as reference sources in order to characterize the acoustic processes Mars for the first time. \r\n\r\nIt was discovered that:\r\n\r\n- The acoustic impedance of the martian atmosphere results in approximately 20 dB weaker sounds on Mars than on Earth (if produced by the same source.)\r\n\r\n- The acoustic attenuation range on Mars was discovered to be roughly between 20Hz to 20kHz.\r\n\r\n- On Mars low-pitched sounds travel at about 240 m/s (537 mph) while higher-pitched sounds move at 250 m/s (559 mph) due to the low atmospheric pressure 0.6 kPa (170 times lower than on Earth) and 97 percent CO2-dominated atmosphere (compared to 0.04 percent CO2 on Earth).\r\n\r\nThe results were published by NASA in Journal Nature as to these findings.  [https://www.nature.com/articles/s41586-022-04679-0] and on the Nasa website [https://mars.nasa.gov/mars2020/participate/sounds\r\n\r\nReferencing the paper published by NASA in Journal Nature as to these findings, analog astronaut and MDRS 286 crew artist Scott Beibin worked with master audio engineer John Knott to develop a software filter that could be used during Ptelepathetique concert performed during a two week immersive astronaut training in order to simulate the sounds of Mars.\r\n\r\nDuring the talk at 37C3 Beibin will discuss and demonstrate the comparison between the acoustic properties of the atmospheres of Earth and Mars via a demonstration of the software as well as musical Ptelepathetique performance.\r\n\r\nDuring the talk he will also present a short summary of the design patterns of the The Mars Desert Research Station which is used to train astronauts, researchers and students for offworld expeditions to the Red Planet. Additionally he will touch on the other aspects of his mission including 3D scanning of the surrounding geology as well as 3D printing of objects useful at the base using locally gathered and processed clay. \r\n\r\nThis should be an out-of-this-world treat for the Space Cadet hackers and others who like making astronauts out of themselves. \r\n\r\n\r\n++ Ptelepathetique is a musical project of inventor, engineer and artist Scott Beibin that focuses on the creation of instrumental cinematic psychoacoustic soundscapes designed to stimulate focus and creativity. Concerts usually happen outdoors in natural settings while using off-grid generated power while consisting of a mix of original musical composition as well as improvisation. Ptelepathetique is also the soundtrack for Beibin's projects The Groucho Fractal Show, AncientScan and the Mandelbot Ecotech Roadshow. \r\n\r\n++ The Mars Desert Research Station (MDRS) is a Space analog facility in Utah that supports Earth-based research in pursuit of the technology, operations, and science required for human space exploration. The remotely isolated facility created by The Mars Society offers scientists, engineers and students rigorous training for human operations on Mars as is surrounded by a landscape that is an actual geologic Mars analog.\r\n\n\n\nDate/Time: 27 December 2023 - Wednesday @ 21:10 CET +++ Simulating the Acoustics of Mars for a Concert of Martian Music by Scott Beibin (aka Ptelepathetique) +++\r\nDuring Mission 286 in November 2023 at the Mars Desert Research Station (MDRS), Analog Astronaut and crew artist Scott Beibin performed several concerts of original live musical compositions during a two week immersive astronaut training. +++\r\n\r\nThe concerts were played through a custom audio filter based on data gathered by the NASA Mars Perseverance Rover and created to simulate the acoustic properties of Mars - designed by Beibin and master audio engineer, John Knott. +++\r\n\r\nThe live sets were performed in the MDRS Science Dome as well as during EVAs while navigating the desolate terrain in a simulation space suit - at sunset with the MDRS base and remote Mars-like Utah desert serving as a backdrop. +++\r\n\r\nThis event was the first time in the 20 year history of the training facility that a music concert has been performed. +++\r\n\r\nThe presentation at 37C3 will be the first time this talk is being presented publicly. ++\r\n\r\nAdditionally there will be a full Ptelepathetique concert featuring Music of Mars (Please keep checking the schedule / Fahrplan for the announcement of the performance)\r\n","title":"Music on Mars? A Musical Adventure for Astronauts and the Space Cadets Who Love Them.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"android_description":"Using the SuperCam microphone mounted on the Mars Perseverance Rover, recordings were made of the sounds of the Ingenuity rotorcraft as well as the popping sounds of laser sparking on stone. These audio samples, in addition to recordings of wind from other missions served as as reference sources in order to characterize the acoustic processes Mars for the first time. \r\n\r\nIt was discovered that:\r\n\r\n- The acoustic impedance of the martian atmosphere results in approximately 20 dB weaker sounds on Mars than on Earth (if produced by the same source.)\r\n\r\n- The acoustic attenuation range on Mars was discovered to be roughly between 20Hz to 20kHz.\r\n\r\n- On Mars low-pitched sounds travel at about 240 m/s (537 mph) while higher-pitched sounds move at 250 m/s (559 mph) due to the low atmospheric pressure 0.6 kPa (170 times lower than on Earth) and 97 percent CO2-dominated atmosphere (compared to 0.04 percent CO2 on Earth).\r\n\r\nThe results were published by NASA in Journal Nature as to these findings.  [https://www.nature.com/articles/s41586-022-04679-0] and on the Nasa website [https://mars.nasa.gov/mars2020/participate/sounds\r\n\r\nReferencing the paper published by NASA in Journal Nature as to these findings, analog astronaut and MDRS 286 crew artist Scott Beibin worked with master audio engineer John Knott to develop a software filter that could be used during Ptelepathetique concert performed during a two week immersive astronaut training in order to simulate the sounds of Mars.\r\n\r\nDuring the talk at 37C3 Beibin will discuss and demonstrate the comparison between the acoustic properties of the atmospheres of Earth and Mars via a demonstration of the software as well as musical Ptelepathetique performance.\r\n\r\nDuring the talk he will also present a short summary of the design patterns of the The Mars Desert Research Station which is used to train astronauts, researchers and students for offworld expeditions to the Red Planet. Additionally he will touch on the other aspects of his mission including 3D scanning of the surrounding geology as well as 3D printing of objects useful at the base using locally gathered and processed clay. \r\n\r\nThis should be an out-of-this-world treat for the Space Cadet hackers and others who like making astronauts out of themselves. \r\n\r\n\r\n++ Ptelepathetique is a musical project of inventor, engineer and artist Scott Beibin that focuses on the creation of instrumental cinematic psychoacoustic soundscapes designed to stimulate focus and creativity. Concerts usually happen outdoors in natural settings while using off-grid generated power while consisting of a mix of original musical composition as well as improvisation. Ptelepathetique is also the soundtrack for Beibin's projects The Groucho Fractal Show, AncientScan and the Mandelbot Ecotech Roadshow. \r\n\r\n++ The Mars Desert Research Station (MDRS) is a Space analog facility in Utah that supports Earth-based research in pursuit of the technology, operations, and science required for human space exploration. The remotely isolated facility created by The Mars Society offers scientists, engineers and students rigorous training for human operations on Mars as is surrounded by a landscape that is an actual geologic Mars analog.\r\n\n\n\nDate/Time: 27 December 2023 - Wednesday @ 21:10 CET +++ Simulating the Acoustics of Mars for a Concert of Martian Music by Scott Beibin (aka Ptelepathetique) +++\r\nDuring Mission 286 in November 2023 at the Mars Desert Research Station (MDRS), Analog Astronaut and crew artist Scott Beibin performed several concerts of original live musical compositions during a two week immersive astronaut training. +++\r\n\r\nThe concerts were played through a custom audio filter based on data gathered by the NASA Mars Perseverance Rover and created to simulate the acoustic properties of Mars - designed by Beibin and master audio engineer, John Knott. +++\r\n\r\nThe live sets were performed in the MDRS Science Dome as well as during EVAs while navigating the desolate terrain in a simulation space suit - at sunset with the MDRS base and remote Mars-like Utah desert serving as a backdrop. +++\r\n\r\nThis event was the first time in the 20 year history of the training facility that a music concert has been performed. +++\r\n\r\nThe presentation at 37C3 will be the first time this talk is being presented publicly. ++\r\n\r\nAdditionally there will be a full Ptelepathetique concert featuring Music of Mars (Please keep checking the schedule / Fahrplan for the announcement of the performance)","end_timestamp":{"seconds":1703710200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53611],"name":"Scott Beibin","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52348}],"timeband_id":1140,"links":[],"end":"2023-12-27T20:50:00.000-0000","id":53611,"village_id":null,"tag_ids":[46118,46136,46140],"begin_timestamp":{"seconds":1703707800,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52348}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"begin":"2023-12-27T20:10:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Die Astronomie weiß aktuell von 95 % der Energie und Masse im Universum nicht, woraus sie bestehen. Neben 5 % „normaler“ Materie (Sterne, Gas, die Erde, CCC-Kongressteilnehmer\\*innen, …) gibt es mindestens fünfmal so viel so genannte dunkle Materie und darüberhinaus sind die restlichen 70 % das, was dunkle Energie genannt wird. Bei beidem wissen wir bislang nicht, woraus sie bestehen – wir kennen nur deren Wirkung! Galaxien rotieren anders, als sie es nur mit normaler Materie tun würden. Und das Universum expandiert – seit dem Urknall – aber die Expansionsgeschwindigkeit nimmt zu und nicht ab, wie von anziehender Materie zu erwarten wäre. Irgendwas drückt den Raum an sich auseinander.\r\n\r\nEuclid ist ein Teleskop, eine Mission und ein Konsortium aus mehreren tausend Menschen, von denen viele seit ca. 2008 an den Ideen zu dieser Mission arbeiten, viele hundert an der Planung und dem Bau zweier hoch empfindlicher Kameras mit insgesamt knapp 700 Millionen Pixel und jetzt ein- bis zweitausend Interessierten, welche die bald erwarteten wissenschaftlichen Bilder auswerten wollen.\r\n\r\nIch möchte die Ziele erläutern, wie man aus der Vermessung der Form von Galaxien unsichtbare dunkle Materie im Vordergrund aufspürt („schwacher Gravitationslinseneffekt“) und warum es einen „kosmischen Längenmaßstab“ gibt, mit dem man die Ausdehnung des Universums über zehn Milliarden Jahre in der Vergangenheit vermessen kann.\r\n\r\nSchließlich möchte ich die ersten fünf Bilder zeigen, die von Euclid aufgenommen und von der ESA im November veröffentlicht wurden – und warum in denen so viel mehr drinsteckt, als man auf einem Computermonitor so sieht.\n\n\n„Euclid\" ist ein neues Weltraumteleskop der Europäischen Weltraumbehörde mit Beteiligungen eines Wissenschaftskonsortiums aus vierzehn europäischen Ländern, den USA, Kanada und Japan. Euclid wurde am 1. Juli 2023 gestartet und beginnt bis Ende des Jahres seine auf 6 Jahre geplante wissenschaftliche Himmelsdurchmusterung. Euclid wird mit seinem Spiegel von 1,20 m Durchmesser und seinen zwei Kameras Bilder und Spektren von einem Drittel des gesamten Himmels aufnehmen. Das Ziel: mit der genauen Vermessung von insgesamt zwei Milliarden Galaxien der Natur von „Dunkler Materie\" und „Dunkler Energie\" im Universum auf den Grund zu gehen – die zwar zusammen 95 % der Gesamtenergie ausmachen, von denen wir aber nicht wissen, was sie sind und woraus sie bestehen. Euclid hat im November erste spektakuläre Bilder veröffentlicht. Ich werde die Mission vorstellen, die wissenschaftlichen Ziele, die Methoden und darauf eingehen, was in den 25 Jahren von Idee über Teleskop zu wissenschaftlicher Erkenntnis so alles zu erledigen war und ist.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Euclid – das neue Weltraumteleskop","end_timestamp":{"seconds":1703710200,"nanoseconds":0},"android_description":"Die Astronomie weiß aktuell von 95 % der Energie und Masse im Universum nicht, woraus sie bestehen. Neben 5 % „normaler“ Materie (Sterne, Gas, die Erde, CCC-Kongressteilnehmer\\*innen, …) gibt es mindestens fünfmal so viel so genannte dunkle Materie und darüberhinaus sind die restlichen 70 % das, was dunkle Energie genannt wird. Bei beidem wissen wir bislang nicht, woraus sie bestehen – wir kennen nur deren Wirkung! Galaxien rotieren anders, als sie es nur mit normaler Materie tun würden. Und das Universum expandiert – seit dem Urknall – aber die Expansionsgeschwindigkeit nimmt zu und nicht ab, wie von anziehender Materie zu erwarten wäre. Irgendwas drückt den Raum an sich auseinander.\r\n\r\nEuclid ist ein Teleskop, eine Mission und ein Konsortium aus mehreren tausend Menschen, von denen viele seit ca. 2008 an den Ideen zu dieser Mission arbeiten, viele hundert an der Planung und dem Bau zweier hoch empfindlicher Kameras mit insgesamt knapp 700 Millionen Pixel und jetzt ein- bis zweitausend Interessierten, welche die bald erwarteten wissenschaftlichen Bilder auswerten wollen.\r\n\r\nIch möchte die Ziele erläutern, wie man aus der Vermessung der Form von Galaxien unsichtbare dunkle Materie im Vordergrund aufspürt („schwacher Gravitationslinseneffekt“) und warum es einen „kosmischen Längenmaßstab“ gibt, mit dem man die Ausdehnung des Universums über zehn Milliarden Jahre in der Vergangenheit vermessen kann.\r\n\r\nSchließlich möchte ich die ersten fünf Bilder zeigen, die von Euclid aufgenommen und von der ESA im November veröffentlicht wurden – und warum in denen so viel mehr drinsteckt, als man auf einem Computermonitor so sieht.\n\n\n„Euclid\" ist ein neues Weltraumteleskop der Europäischen Weltraumbehörde mit Beteiligungen eines Wissenschaftskonsortiums aus vierzehn europäischen Ländern, den USA, Kanada und Japan. Euclid wurde am 1. Juli 2023 gestartet und beginnt bis Ende des Jahres seine auf 6 Jahre geplante wissenschaftliche Himmelsdurchmusterung. Euclid wird mit seinem Spiegel von 1,20 m Durchmesser und seinen zwei Kameras Bilder und Spektren von einem Drittel des gesamten Himmels aufnehmen. Das Ziel: mit der genauen Vermessung von insgesamt zwei Milliarden Galaxien der Natur von „Dunkler Materie\" und „Dunkler Energie\" im Universum auf den Grund zu gehen – die zwar zusammen 95 % der Gesamtenergie ausmachen, von denen wir aber nicht wissen, was sie sind und woraus sie bestehen. Euclid hat im November erste spektakuläre Bilder veröffentlicht. Ich werde die Mission vorstellen, die wissenschaftlichen Ziele, die Methoden und darauf eingehen, was in den 25 Jahren von Idee über Teleskop zu wissenschaftlicher Erkenntnis so alles zu erledigen war und ist.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53602],"name":"Knud Jahnke","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52452}],"timeband_id":1140,"links":[{"label":"Homepage des Euclid Consortiums","type":"link","url":"https://www.euclid-ec.org"},{"label":"Homepage des Euclid-Projekts bei der Europäischen Weltraumbehörde","type":"link","url":"https://www.esa.int/Science_Exploration/Space_Science/Euclid"}],"end":"2023-12-27T20:50:00.000-0000","id":53602,"begin_timestamp":{"seconds":1703707800,"nanoseconds":0},"village_id":null,"tag_ids":[46123,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52452}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T20:10:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Trainingssession noHackerjeopardy (closed session)\n\n\n","title":"Trainingssession noHackerjeopardy (closed session)","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703710800,"nanoseconds":0},"android_description":"Trainingssession noHackerjeopardy (closed session)","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T21:00:00.000-0000","id":53878,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703707200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"begin":"2023-12-27T20:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Das SBGG ist aktuell breit diskutiert. Wir wollen einmal den Aktuellen Stand durchgehen, mit dem TSG vergleichen und mit den Erfahrungen anderer trans Personen und deren Umfeld abgleichen. Hierbei soll auch die Diskussion und im besonderen die Absurditäten in der Debatte erörtert werden.\n\n\n- Abfrage des Wissensstandes\r\n- Kurze Einführung ins Thema und was bisher geschah\r\n- kurzer Einblick zu aktuellen Veränderungen\r\n- Fragen zu aktuellem Stand und Unklarheiten\r\n- Diskussion mit Anekdoten aus eigenen Erfahrungen und dummen Aussagen?\r\n\r\nCN; Transfeindlichkeit, Pathologisierung, Sexualisierte Gewalt, Psychische Gewalt, Institutionalisierte Gewalt","title":"Gemeinsame Aufarbeitung und Diskussion zum aktuellen Stand des Selbstbestimmungsgesetzes","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#7f73c6","name":"Workshop","id":46133},"android_description":"Das SBGG ist aktuell breit diskutiert. Wir wollen einmal den Aktuellen Stand durchgehen, mit dem TSG vergleichen und mit den Erfahrungen anderer trans Personen und deren Umfeld abgleichen. Hierbei soll auch die Diskussion und im besonderen die Absurditäten in der Debatte erörtert werden.\n\n\n- Abfrage des Wissensstandes\r\n- Kurze Einführung ins Thema und was bisher geschah\r\n- kurzer Einblick zu aktuellen Veränderungen\r\n- Fragen zu aktuellem Stand und Unklarheiten\r\n- Diskussion mit Anekdoten aus eigenen Erfahrungen und dummen Aussagen?\r\n\r\nCN; Transfeindlichkeit, Pathologisierung, Sexualisierte Gewalt, Psychische Gewalt, Institutionalisierte Gewalt","end_timestamp":{"seconds":1703714400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53640,53505],"name":"captain-maramo","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52282}],"timeband_id":1140,"links":[],"end":"2023-12-27T22:00:00.000-0000","id":53640,"tag_ids":[46133,46139],"village_id":null,"begin_timestamp":{"seconds":1703707200,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52282}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"begin":"2023-12-27T20:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"A space to share about middlewear and browser extensions.\r\nBoth academic use and interest (like the project that the convener proposes) and use for making web pages more customizable. \r\n\r\nExample topics we could chat about:\r\n - Projects in the space\r\n - Legal aspects\r\n - what's possible on apps\r\n - the beeper story/iMessage reverse-engineering\r\n - ...\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Middlewear and Browser Extensions Meetup","android_description":"A space to share about middlewear and browser extensions.\r\nBoth academic use and interest (like the project that the convener proposes) and use for making web pages more customizable. \r\n\r\nExample topics we could chat about:\r\n - Projects in the space\r\n - Legal aspects\r\n - what's possible on apps\r\n - the beeper story/iMessage reverse-engineering\r\n - ...","end_timestamp":{"seconds":1703710800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T21:00:00.000-0000","id":53625,"begin_timestamp":{"seconds":1703707200,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T20:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Has the Internet and by extension social media become solely a theater of misinformation and non-linear amusement, fed to us by puppeteer algorithms? Another social media outreach is possible! Can the Fediverse make official communication of Public Administrations more accessible, more democratic, more unbiased and therefor trustworthy? Is it the public broadcasting of social media outreach — boring but necessary? Or will it it be a circus show rivalling the Xitter drama? Aiming the reach of Youtube and co?\r\n\r\nFrom juggling moderation, over server performances, to affordances for organising alternatives to the current Circus Maximus, these and more intersecting topics of governance and self-hosting will be discussed. Guests include digital activists, developers for ActivityPub, and the showmasters related to EU Voice and Video — a pioneering pilot project showing open source alternatives for social media outreach to EU institutions. \r\n\r\nTune in to learn about political, social, and technical strategies that we can all use to promote the adoption of the Fediverse by national, local, and regional governments, as well as public and civil society institutions. Or in short: How to win over the clowns!","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#4cd5fe","name":"Live podcast stage (45 minutes)","id":46126},"title":"Who Killed The Internet? And a promising alternative for Public Communication and Social Media: the Fediverse!","end_timestamp":{"seconds":1703709900,"nanoseconds":0},"android_description":"Has the Internet and by extension social media become solely a theater of misinformation and non-linear amusement, fed to us by puppeteer algorithms? Another social media outreach is possible! Can the Fediverse make official communication of Public Administrations more accessible, more democratic, more unbiased and therefor trustworthy? Is it the public broadcasting of social media outreach — boring but necessary? Or will it it be a circus show rivalling the Xitter drama? Aiming the reach of Youtube and co?\r\n\r\nFrom juggling moderation, over server performances, to affordances for organising alternatives to the current Circus Maximus, these and more intersecting topics of governance and self-hosting will be discussed. Guests include digital activists, developers for ActivityPub, and the showmasters related to EU Voice and Video — a pioneering pilot project showing open source alternatives for social media outreach to EU institutions. \r\n\r\nTune in to learn about political, social, and technical strategies that we can all use to promote the adoption of the Fediverse by national, local, and regional governments, as well as public and civil society institutions. Or in short: How to win over the clowns!","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T20:45:00.000-0000","id":53569,"village_id":null,"tag_ids":[46126,46140],"begin_timestamp":{"seconds":1703707200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"begin":"2023-12-27T20:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://events.ccc.de/congress/2023/hub/en/event/getting-started-with-pocket-science-lab_7pmx/\n\n\nThe goal of this workshop is to introduce participants to the PSLab and to enable them to conduct experiments using sensors as well as to control small servos of mini robots. PSLab website: https://pslab.io","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Getting started with Pocket Science Lab (Alex Bessman, Marco A. Gutierrez)","end_timestamp":{"seconds":1703710800,"nanoseconds":0},"android_description":"https://events.ccc.de/congress/2023/hub/en/event/getting-started-with-pocket-science-lab_7pmx/\n\n\nThe goal of this workshop is to introduce participants to the PSLab and to enable them to conduct experiments using sensors as well as to control small servos of mini robots. PSLab website: https://pslab.io","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T21:00:00.000-0000","id":53563,"begin_timestamp":{"seconds":1703707200,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"begin":"2023-12-27T20:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Hidden, like a hero whose tale is lost to time, there is a common thread weaving through analog television, video, and modern digital imaging. That thread is called luma-chroma colour spaces, and powers how humans are able to see, process, and transmit colours across a variety of media and purposes.\r\n\r\nThis talk is intended to lift the veil about these color spaces; we will cover their origins, what they are intended for, and showcase samples covering the past 60 years of imaging technologies. Examples include (but are not limited) to: NTSC, PAL, the Okta color spaces, YCbCr, XYB...\n\n\nThis talk will introduce luma-chroma colour spaces: what they are, their reason for existence, why they are useful, and real world examples.","title":"The Unsung Heroes of Imaging","type":{"conference_id":131,"conference":"37C3","color":"#f6ae74","updated_at":"2023-12-30T22:18+0000","name":"Talk 90 Minuten +15m Q&A","id":46132},"android_description":"Hidden, like a hero whose tale is lost to time, there is a common thread weaving through analog television, video, and modern digital imaging. That thread is called luma-chroma colour spaces, and powers how humans are able to see, process, and transmit colours across a variety of media and purposes.\r\n\r\nThis talk is intended to lift the veil about these color spaces; we will cover their origins, what they are intended for, and showcase samples covering the past 60 years of imaging technologies. Examples include (but are not limited) to: NTSC, PAL, the Okta color spaces, YCbCr, XYB...\n\n\nThis talk will introduce luma-chroma colour spaces: what they are, their reason for existence, why they are useful, and real world examples.","end_timestamp":{"seconds":1703710800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53518],"name":"Amyspark","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52249}],"timeband_id":1140,"links":[],"end":"2023-12-27T21:00:00.000-0000","id":53518,"begin_timestamp":{"seconds":1703707200,"nanoseconds":0},"village_id":null,"tag_ids":[46132,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52249}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T20:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Die Click! Clack! Hack! Late Night auf dem Congress","title":"Click! Clack! Hack!","type":{"conference_id":131,"conference":"37C3","color":"#53b574","updated_at":"2023-12-30T22:18+0000","name":"Podcasting table (90 minutes)","id":46129},"android_description":"Die Click! Clack! Hack! Late Night auf dem Congress","end_timestamp":{"seconds":1703712600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53517],"name":"0x17","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52290}],"timeband_id":1140,"links":[],"end":"2023-12-27T21:30:00.000-0000","id":53517,"begin_timestamp":{"seconds":1703707200,"nanoseconds":0},"tag_ids":[46129,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52290}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"spans_timebands":"N","begin":"2023-12-27T20:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Sources used (all in German), and contact to activists are below\r\n\r\nIn December 2023, German Parliament passed two acts concerning health data administration. From 2025, for patients insured by the compulsory health insurance scheme (85 % of population), their visits at doctors shall be registered in an Electronic Health Record (EHR) provided by their health insurance. Content data will be available e.g. for research purposes. Insured persons shall be entitled to object to the establishment of such health insurer's EHR, in which case they will not get one. \r\n\r\nWe inform about these plans in a little more in detail, as there will be some more options available. And we will discuss about a platform suporting patient's decisions about this \"opt-out\".\r\n\r\nSpeakers: jockel, Flysch, novider\r\n\r\npresentation used: https://patientenrechte-datenschutz.de/wp-content/uploads/2023/11/UeberblickRegelungenEPA.pdf \r\n\r\nGenerator for GDPR requests and model for an opt-out generator: https://kassenauskunft.de \r\n\r\nStadtement of umbrella organization of German medical self-help groups concerning German health system digitization and opt-out regulation: https://www.bundestag.de/resource/blob/977586/fedb093686884ac9bcc868bab17e7557/20_14_0163-30-_BAG-Selbsthilfe_DigitalG_nicht-barrierefrei.pdf \r\n\r\nTopical critical groups of German health service providers concerning digitization of health services:\r\n\r\nhttps://www.gesundheitsdaten-in-gefahr.de/#\r\n\r\nMany further groups are here, but this page has not been updated regularly:\r\nhttps://patientenrechte-datenschutz.de/widerstand-von-aerztinnen-gegen-die-telematik-infrastruktur-auf-breiter-front/\r\n\r\nContact to organizers: kontakt@patientenrechte-datenschutz.de\n\n\n","title":"Elektronische Patientenakte - Opt-Out - wie soll das gehen?","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703709900,"nanoseconds":0},"android_description":"Sources used (all in German), and contact to activists are below\r\n\r\nIn December 2023, German Parliament passed two acts concerning health data administration. From 2025, for patients insured by the compulsory health insurance scheme (85 % of population), their visits at doctors shall be registered in an Electronic Health Record (EHR) provided by their health insurance. Content data will be available e.g. for research purposes. Insured persons shall be entitled to object to the establishment of such health insurer's EHR, in which case they will not get one. \r\n\r\nWe inform about these plans in a little more in detail, as there will be some more options available. And we will discuss about a platform suporting patient's decisions about this \"opt-out\".\r\n\r\nSpeakers: jockel, Flysch, novider\r\n\r\npresentation used: https://patientenrechte-datenschutz.de/wp-content/uploads/2023/11/UeberblickRegelungenEPA.pdf \r\n\r\nGenerator for GDPR requests and model for an opt-out generator: https://kassenauskunft.de \r\n\r\nStadtement of umbrella organization of German medical self-help groups concerning German health system digitization and opt-out regulation: https://www.bundestag.de/resource/blob/977586/fedb093686884ac9bcc868bab17e7557/20_14_0163-30-_BAG-Selbsthilfe_DigitalG_nicht-barrierefrei.pdf \r\n\r\nTopical critical groups of German health service providers concerning digitization of health services:\r\n\r\nhttps://www.gesundheitsdaten-in-gefahr.de/#\r\n\r\nMany further groups are here, but this page has not been updated regularly:\r\nhttps://patientenrechte-datenschutz.de/widerstand-von-aerztinnen-gegen-die-telematik-infrastruktur-auf-breiter-front/\r\n\r\nContact to organizers: kontakt@patientenrechte-datenschutz.de","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T20:45:00.000-0000","id":53617,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703704500,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T19:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Being born blind or losing sight is a major challenge, as it impairs the ability to acquire information about surroundings, to manage everyday life independently and, consequently, to participate equally in social, public and economic life. Technical aids developed to assist VIPs with certain tasks work well in the laboratory but regularly fail in practice because they are bulky or user-unfriendly. As a result, the target group resorts to traditional tools or simply lives with the shortcomings. Given the rapid changes in technology and low cost of digital tools, I saw great potential in addressing this issue as an interaction design project.\r\n\r\nThe result is an open-source Sensory Substitution device – the Unfolding Space Glove: it transmits the relative position and distance of nearby objects, detected by an on-board 3D camera, to the back of the hand in the form of vibratory stimuli. This allows the user to haptically explore the depth of the surrounding space and assists with navigation tasks such as object recognition and wayfinding. The prototype requires no external hardware, is highly portable, works in all lighting conditions, and provides continuous and immediate feedback – all while being visually unobtrusive.\r\n\r\nThe basic premise of the proposed concept of Sensory Substitution is that the function of a missing or impaired human sensory modality can be replaced by stimulating another sensory modality using the missing information. This only works because the brain is plastic enough to learn to associate the new stimuli with the missing modality, as long as they share the same basic characteristics. There have been a number of projects looking at this, but so far very few practical implementations have been proposed, which in turn are used by a negligible number of people. While the technology used is sometimes highly sophisticated, design and usability often suffer.\r\n\r\nTaking into account the problems of existing devices and specifically addressing usability and interaction design requirements, the Unfolding Space Glove was designed and developed in a four-year interaction design research project. In 2021, the prototype was tested in an empirical study with 14 sighted and blind subjects, the results of which were published in a scientific, peer-reviewed paper in 2022.\r\n\r\nI would like to introduce you to the field of Sensory Substitution, share this project with you, show pitfalls, problems (for me coming from a non-IT background) and some technical details and ask for your feedback and input. I will have the device with me if you want to have a closer look at it after the talk. Testing would only be possible in smaller groups by appointment.\n\n\nThe Unfolding Space Glove transmits the relative position and distance of nearby objects as vibratory stimuli to the back of the hand, enabling blind people to haptically explore the depth of their surroundings. The talk will give a brief overview of the design research project, from the first prototypes to an empirical study and its publication, and provide insights into the underlying hardware and software.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"The Unfolding Space Glove","end_timestamp":{"seconds":1703706900,"nanoseconds":0},"android_description":"Being born blind or losing sight is a major challenge, as it impairs the ability to acquire information about surroundings, to manage everyday life independently and, consequently, to participate equally in social, public and economic life. Technical aids developed to assist VIPs with certain tasks work well in the laboratory but regularly fail in practice because they are bulky or user-unfriendly. As a result, the target group resorts to traditional tools or simply lives with the shortcomings. Given the rapid changes in technology and low cost of digital tools, I saw great potential in addressing this issue as an interaction design project.\r\n\r\nThe result is an open-source Sensory Substitution device – the Unfolding Space Glove: it transmits the relative position and distance of nearby objects, detected by an on-board 3D camera, to the back of the hand in the form of vibratory stimuli. This allows the user to haptically explore the depth of the surrounding space and assists with navigation tasks such as object recognition and wayfinding. The prototype requires no external hardware, is highly portable, works in all lighting conditions, and provides continuous and immediate feedback – all while being visually unobtrusive.\r\n\r\nThe basic premise of the proposed concept of Sensory Substitution is that the function of a missing or impaired human sensory modality can be replaced by stimulating another sensory modality using the missing information. This only works because the brain is plastic enough to learn to associate the new stimuli with the missing modality, as long as they share the same basic characteristics. There have been a number of projects looking at this, but so far very few practical implementations have been proposed, which in turn are used by a negligible number of people. While the technology used is sometimes highly sophisticated, design and usability often suffer.\r\n\r\nTaking into account the problems of existing devices and specifically addressing usability and interaction design requirements, the Unfolding Space Glove was designed and developed in a four-year interaction design research project. In 2021, the prototype was tested in an empirical study with 14 sighted and blind subjects, the results of which were published in a scientific, peer-reviewed paper in 2022.\r\n\r\nI would like to introduce you to the field of Sensory Substitution, share this project with you, show pitfalls, problems (for me coming from a non-IT background) and some technical details and ask for your feedback and input. I will have the device with me if you want to have a closer look at it after the talk. Testing would only be possible in smaller groups by appointment.\n\n\nThe Unfolding Space Glove transmits the relative position and distance of nearby objects as vibratory stimuli to the back of the hand, enabling blind people to haptically explore the depth of their surroundings. The talk will give a brief overview of the design research project, from the first prototypes to an empirical study and its publication, and provide insights into the underlying hardware and software.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53610],"name":"Jakob Kilian","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52342}],"timeband_id":1140,"end":"2023-12-27T19:55:00.000-0000","links":[{"label":"Project Website","type":"link","url":"https://unfoldingspace.org"},{"label":"Github Repo","type":"link","url":"https://github.com/jakobkilian/unfolding-space"},{"label":"Research Paper","type":"link","url":"https://www.mdpi.com/1518958"},{"label":"Study Videos","type":"link","url":"https://vimeo.com/channels/unfoldingspace"},{"label":"Building Instructions","type":"link","url":"https://hackaday.io/project/163784-unfolding-space"},{"label":"Presentation Slides","type":"link","url":"https://send.tresorit.com/a#Oq9Rjc7ljSQ0WrCHezaHeg"}],"id":53610,"begin_timestamp":{"seconds":1703704500,"nanoseconds":0},"village_id":null,"tag_ids":[46122,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52342}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","begin":"2023-12-27T19:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"With the release of the iPhone 14, users can reach out to emergency services by sending an SOS message via a satellite link directly from their phone. This use of the GlobalStar network facilitates two-way communication with emergency responders through the Messages app. Users can easily send text messages and respond to queries. This communication channel, due to its sensitive nature, demands robust security and authentication. It is imperative for Apple to ensure that the system is foolproof, negating the possibility of dispatching emergency responders to incorrect locations or individuals. Equally significant is the protection of the privacy of those in need, including their location and the nature of their emergency.\r\n\r\nIn our talk, we demonstrate how a rooted iPhone without satellite capabilities can be tricked into thinking that it can communicate with the satellite network. This technique allows us to trigger various emergency situations without actually contacting emergency services. On the rooted iPhone, we can then inspect the transport security and key derivation while these features are being used. We will present various insights into the proprietary satellite communication protocol based on this analysis.\r\n\r\nMoreover, Apple's satellite features allow users to share their location in Find My with up to ten friends via a satellite link. This capability serves as a convenient tool for staying connected with friends and family while venturing off the beaten path. We’ll take a look into how this new Find My extension is implemented.\n\n\nApple's cutting-edge emergency SOS and location sharing services provide crucial communication alternatives when no cellular network is available. This talk will shed light on how these satellite services work, how they are integrated into existing fall and crash detection, present the security measures employed to safeguard resource access and privacy, and explore how this communication is embedded within the operating system.","title":"Bifröst: Apple's Rainbow Bridge for Satellite Communication","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"android_description":"With the release of the iPhone 14, users can reach out to emergency services by sending an SOS message via a satellite link directly from their phone. This use of the GlobalStar network facilitates two-way communication with emergency responders through the Messages app. Users can easily send text messages and respond to queries. This communication channel, due to its sensitive nature, demands robust security and authentication. It is imperative for Apple to ensure that the system is foolproof, negating the possibility of dispatching emergency responders to incorrect locations or individuals. Equally significant is the protection of the privacy of those in need, including their location and the nature of their emergency.\r\n\r\nIn our talk, we demonstrate how a rooted iPhone without satellite capabilities can be tricked into thinking that it can communicate with the satellite network. This technique allows us to trigger various emergency situations without actually contacting emergency services. On the rooted iPhone, we can then inspect the transport security and key derivation while these features are being used. We will present various insights into the proprietary satellite communication protocol based on this analysis.\r\n\r\nMoreover, Apple's satellite features allow users to share their location in Find My with up to ten friends via a satellite link. This capability serves as a convenient tool for staying connected with friends and family while venturing off the beaten path. We’ll take a look into how this new Find My extension is implemented.\n\n\nApple's cutting-edge emergency SOS and location sharing services provide crucial communication alternatives when no cellular network is available. This talk will shed light on how these satellite services work, how they are integrated into existing fall and crash detection, present the security measures employed to safeguard resource access and privacy, and explore how this communication is embedded within the operating system.","end_timestamp":{"seconds":1703706900,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53601],"name":"jiska","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52270},{"conference_id":131,"event_ids":[53601],"name":"Alexander Heinrich","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52472}],"timeband_id":1140,"links":[],"end":"2023-12-27T19:55:00.000-0000","id":53601,"tag_ids":[46124,46136,46140],"village_id":null,"begin_timestamp":{"seconds":1703704500,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52472},{"tag_id":46107,"sort_order":1,"person_id":52270}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T19:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Der Bund kauft jährlich für 260 Mrd. € ein, auch für mehr als 1 Mrd. IT, er betreibt über 180 Rechenzentren, förderte in 2023 über 400 KI-Projekte, setzt selbst über 100 Mal KI-Systeme ein und hat noch aus vielen weiteren Gründen mit seiner IT eine erhebliche Klimawirkung. Wie die GroKo hat sich auch die Ampel auf die Fahnen geschrieben, die Digitalisierung klimafreundlicher zu machen, ganz allgemein – durch Regulierung für alle (z. B. im Energieeffizienzgesetz), aber auch in eigener Verantwortung, bei den eigenen Rechenzentren, Software oder IT-Dienstleistungen. Die Ankündigungen dazu sind wohltönend, z. B. im Koalitionsvertrag und in der Digitalstrategie. Bundesbehörden und Rechenzentren sollen klimafreundlich(er) werden, es soll mehr Transparenz geben, z. B. über ein Energieeffizienzregister für Rechenzentren, es wurde versprochen, dass Vergabeprozesse die Nachhaltigkeit berücksichtigen sollen, auch beim Einkauf von IT und IT-Dienstleistungen, z. B. durch standardmäßigen Einkauf von IT mit Blauem Engel – auch bei Software. Selbst der Ausbau der Gigabitinfrastruktur sollte nachhaltiger werden. Aber passiert das alles auch?\r\n\r\nIch nutze meine parlamentarischen Rechte als Bundestagsabgeordnete der Opposition (DIE LINKE), um über schriftliche Fragen und Kleine Anfragen Fakten dazu öffentlich zu machen und die große Kluft zwischen Anspruch und Wirklichkeit zu zeigen. Dabei geht es einerseits um das Vorhandensein von Daten (you get what you measure!) – tatsächlich also um einen Mangel an Transparenz zur Baseline – und andererseits um die Daten selbst, also wie gut oder schlecht die Nachhaltigkeit jeweils ist.\r\n\r\nEinen Schwerpunkt lege ich dabei auf die Klimafreundlichkeit von Rechenzentren, aber auch zu anderen Themen gibt’s für Euch Fakten: zur Wiederverwendung von Hardware, zum Recht auf Reparatur und der (versprochenen!) Förderung von Reparatur-Initiativen, zur Berücksichtigung von Nachhaltigkeitsaspekten bei der Vergabe von Hunderten Millionen Euro Fördergelder für KI-Projekte, zu Websites, Software und mehr. Da ich seit mehreren Jahren zur Nachhaltigkeit der Bundes-IT Kleine Anfragen stelle und die Digitalpolitik der Bundesregierung aus dem Maschinenraum des Bundestages verfolge, kann ich auch die Entwicklung beschreiben und werde Euch zeigen, wie die Ampel-Regierung sich einfach die Latte immer niedriger hängt und vermutlich trotzdem kaum eines ihrer Nachhaltigkeitsziele erreichen wird. Beim 37C3 werde ich erstmalig die Ergebnisse meiner jüngsten Anfrage vom November 2023 öffentlich vorstellen.\r\n\r\nBei aller Frustration über den Status Quo zeigt mein Vortrag aber auch, welche riesigen Potenziale noch gehoben werden könnten, um tatsächlich eine nachhaltigere Digitalisierung zu erreichen – und dafür ist es nie zu spät! \n\n\nWie der Bund seine IT einkauft und betreibt, hat eine erhebliche Auswirkung auf das Klima.\r\n\r\nGroKo und Ampel-Regierung waren und sind daher groß im Ankündigen grüner IT: in digitalpolitischer Umweltagenda, Koalitionsvertrag, Digitalstrategie und Gigabitstrategie. Wie weit Anspruch und Wirklichkeit auseinanderklaffen, erfrage ich als Bundestagsabgeordnete regelmäßig mit Kleinen Anfragen und schriftlichen Fragen. Ich verspreche kleine Hoffnungsschimmer, aber auch Frustration, denn meine neueste Anfrage vom November 2023 deckt schonungslos auf, wie intransparent und wie wenig nachhaltig die IT des Bundes immer noch ist und wie die Ampel sich die Latte immer tiefer hängt und trotzdem nicht drüber kommt.\r\n\r\nDas Potenzial des Bundes als Großverbraucher (z. B. mit über 180 Rechenzentren), als Finanzierer (z. B. von über 400 KI-Projekten) und als Regulierer (z. B. beim Energieeffizienzgesetz oder beim Überbau von Glasfaser) ist aber riesig, auch das werde ich vermitteln und die Stellschrauben beschreiben, an denen man drehen könnte, um IT weniger klimaschädlich zu machen – auch außerhalb des Bundes. ","title":"Klimafreundliche Digitalisierung: Koalitionsvertrag vs. Wirklichkeit","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"android_description":"Der Bund kauft jährlich für 260 Mrd. € ein, auch für mehr als 1 Mrd. IT, er betreibt über 180 Rechenzentren, förderte in 2023 über 400 KI-Projekte, setzt selbst über 100 Mal KI-Systeme ein und hat noch aus vielen weiteren Gründen mit seiner IT eine erhebliche Klimawirkung. Wie die GroKo hat sich auch die Ampel auf die Fahnen geschrieben, die Digitalisierung klimafreundlicher zu machen, ganz allgemein – durch Regulierung für alle (z. B. im Energieeffizienzgesetz), aber auch in eigener Verantwortung, bei den eigenen Rechenzentren, Software oder IT-Dienstleistungen. Die Ankündigungen dazu sind wohltönend, z. B. im Koalitionsvertrag und in der Digitalstrategie. Bundesbehörden und Rechenzentren sollen klimafreundlich(er) werden, es soll mehr Transparenz geben, z. B. über ein Energieeffizienzregister für Rechenzentren, es wurde versprochen, dass Vergabeprozesse die Nachhaltigkeit berücksichtigen sollen, auch beim Einkauf von IT und IT-Dienstleistungen, z. B. durch standardmäßigen Einkauf von IT mit Blauem Engel – auch bei Software. Selbst der Ausbau der Gigabitinfrastruktur sollte nachhaltiger werden. Aber passiert das alles auch?\r\n\r\nIch nutze meine parlamentarischen Rechte als Bundestagsabgeordnete der Opposition (DIE LINKE), um über schriftliche Fragen und Kleine Anfragen Fakten dazu öffentlich zu machen und die große Kluft zwischen Anspruch und Wirklichkeit zu zeigen. Dabei geht es einerseits um das Vorhandensein von Daten (you get what you measure!) – tatsächlich also um einen Mangel an Transparenz zur Baseline – und andererseits um die Daten selbst, also wie gut oder schlecht die Nachhaltigkeit jeweils ist.\r\n\r\nEinen Schwerpunkt lege ich dabei auf die Klimafreundlichkeit von Rechenzentren, aber auch zu anderen Themen gibt’s für Euch Fakten: zur Wiederverwendung von Hardware, zum Recht auf Reparatur und der (versprochenen!) Förderung von Reparatur-Initiativen, zur Berücksichtigung von Nachhaltigkeitsaspekten bei der Vergabe von Hunderten Millionen Euro Fördergelder für KI-Projekte, zu Websites, Software und mehr. Da ich seit mehreren Jahren zur Nachhaltigkeit der Bundes-IT Kleine Anfragen stelle und die Digitalpolitik der Bundesregierung aus dem Maschinenraum des Bundestages verfolge, kann ich auch die Entwicklung beschreiben und werde Euch zeigen, wie die Ampel-Regierung sich einfach die Latte immer niedriger hängt und vermutlich trotzdem kaum eines ihrer Nachhaltigkeitsziele erreichen wird. Beim 37C3 werde ich erstmalig die Ergebnisse meiner jüngsten Anfrage vom November 2023 öffentlich vorstellen.\r\n\r\nBei aller Frustration über den Status Quo zeigt mein Vortrag aber auch, welche riesigen Potenziale noch gehoben werden könnten, um tatsächlich eine nachhaltigere Digitalisierung zu erreichen – und dafür ist es nie zu spät! \n\n\nWie der Bund seine IT einkauft und betreibt, hat eine erhebliche Auswirkung auf das Klima.\r\n\r\nGroKo und Ampel-Regierung waren und sind daher groß im Ankündigen grüner IT: in digitalpolitischer Umweltagenda, Koalitionsvertrag, Digitalstrategie und Gigabitstrategie. Wie weit Anspruch und Wirklichkeit auseinanderklaffen, erfrage ich als Bundestagsabgeordnete regelmäßig mit Kleinen Anfragen und schriftlichen Fragen. Ich verspreche kleine Hoffnungsschimmer, aber auch Frustration, denn meine neueste Anfrage vom November 2023 deckt schonungslos auf, wie intransparent und wie wenig nachhaltig die IT des Bundes immer noch ist und wie die Ampel sich die Latte immer tiefer hängt und trotzdem nicht drüber kommt.\r\n\r\nDas Potenzial des Bundes als Großverbraucher (z. B. mit über 180 Rechenzentren), als Finanzierer (z. B. von über 400 KI-Projekten) und als Regulierer (z. B. beim Energieeffizienzgesetz oder beim Überbau von Glasfaser) ist aber riesig, auch das werde ich vermitteln und die Stellschrauben beschreiben, an denen man drehen könnte, um IT weniger klimaschädlich zu machen – auch außerhalb des Bundes.","end_timestamp":{"seconds":1703706900,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53590],"name":"Anke Domscheit-Berg","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52509}],"timeband_id":1140,"links":[{"label":"Bericht zur letzten (2022) und vorletzten (2021) Kleinen Anfrage: Wie grün ist die IT des Bundes?","type":"link","url":"https://mdb.anke.domscheit-berg.de/2023/06/strongwie-grun-ist-die-it-des-bundes-strong/"}],"end":"2023-12-27T19:55:00.000-0000","id":53590,"begin_timestamp":{"seconds":1703704500,"nanoseconds":0},"village_id":null,"tag_ids":[46125,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52509}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T19:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/naroma\n\n\ndance is corporal expression of music. i do want to encourage to dance, hit the ground and fly high.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Naroma","android_description":"https://soundcloud.com/naroma\n\n\ndance is corporal expression of music. i do want to encourage to dance, hit the ground and fly high.","end_timestamp":{"seconds":1703710800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T21:00:00.000-0000","id":53843,"begin_timestamp":{"seconds":1703703600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T19:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://events.ccc.de/congress/2023/hub/en/event/tea-degustation-enjoy-a-cup-of-tea-and-chat-with-t/\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Tea Degustation: Enjoy a cup of tea and chat with the FOSSASIA community","android_description":"https://events.ccc.de/congress/2023/hub/en/event/tea-degustation-enjoy-a-cup-of-tea-and-chat-with-t/","end_timestamp":{"seconds":1703710800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T21:00:00.000-0000","id":53561,"begin_timestamp":{"seconds":1703703600,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T19:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The members' meetup of the WTF Co-operative, aka Hackers' Co-operative > wtf-eg.de\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"WTF Genossenschaft Meetup","end_timestamp":{"seconds":1703710800,"nanoseconds":0},"android_description":"The members' meetup of the WTF Co-operative, aka Hackers' Co-operative > wtf-eg.de","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T21:00:00.000-0000","id":53511,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703703600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"N","begin":"2023-12-27T19:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Freifunk Stuttgarts network consists of over 1300 access points with over 5000 users in peak. In this session, we'd like to report on the activites in Freifunk Stuttgart and surrounding communities and provide interested individuals the chance to exchange their experiences. If you plan a Freifunk setup in the region of Stuttgart and need help with that, feel free to drop by. We can also help with flashing your compatible router.\r\n\r\nThis meetup is mainly interesting for people from the Stuttgart region, but of course everyone is welcome.\n\n\n","title":"Freifunk Stuttgart Meetup","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703707200,"nanoseconds":0},"android_description":"Freifunk Stuttgarts network consists of over 1300 access points with over 5000 users in peak. In this session, we'd like to report on the activites in Freifunk Stuttgart and surrounding communities and provide interested individuals the chance to exchange their experiences. If you plan a Freifunk setup in the region of Stuttgart and need help with that, feel free to drop by. We can also help with flashing your compatible router.\r\n\r\nThis meetup is mainly interesting for people from the Stuttgart region, but of course everyone is welcome.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T20:00:00.000-0000","id":53468,"begin_timestamp":{"seconds":1703703600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"begin":"2023-12-27T19:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir reden definitiv nicht über Politik, sondern diesmal über Kink, gender und Selbstausdruck","title":"No Politics - After Dark","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#93758d","name":"Podcasting table (45 minutes)","id":46128},"android_description":"Wir reden definitiv nicht über Politik, sondern diesmal über Kink, gender und Selbstausdruck","end_timestamp":{"seconds":1703706300,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T19:45:00.000-0000","id":53439,"village_id":null,"tag_ids":[46128,46139],"begin_timestamp":{"seconds":1703703600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"spans_timebands":"N","begin":"2023-12-27T19:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Seit einem knappen Jahr machen wir zusammen Dicke Bretter, den Podcast, der die Orte vorstellt, wo Netzpolitik gemacht wird, und einen Ausblick auf aktuelle Debatten gibt. Elina und Elisa werfen in der Congress-Edition einen Blick aufs letzte und aufs nächste Jahr: Welche Policy-Bretter müssen wir bohren, auf welchen sollten wir tanzen?\r\n\r\nWir nehmen speziell die Gesetzgebung im Bund unter die Lupe und haben dafür einen Special Guest: Faxorzistin Bianca Kastl!","title":"Dicke Bretter: Die Congress Edition","type":{"conference_id":131,"conference":"37C3","color":"#4cd5fe","updated_at":"2023-12-30T22:18+0000","name":"Live podcast stage (45 minutes)","id":46126},"end_timestamp":{"seconds":1703706300,"nanoseconds":0},"android_description":"Seit einem knappen Jahr machen wir zusammen Dicke Bretter, den Podcast, der die Orte vorstellt, wo Netzpolitik gemacht wird, und einen Ausblick auf aktuelle Debatten gibt. Elina und Elisa werfen in der Congress-Edition einen Blick aufs letzte und aufs nächste Jahr: Welche Policy-Bretter müssen wir bohren, auf welchen sollten wir tanzen?\r\n\r\nWir nehmen speziell die Gesetzgebung im Bund unter die Lupe und haben dafür einen Special Guest: Faxorzistin Bianca Kastl!","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53426],"name":"eliza","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52397},{"conference_id":131,"event_ids":[53426],"name":"khaleesi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52414}],"timeband_id":1140,"links":[],"end":"2023-12-27T19:45:00.000-0000","id":53426,"tag_ids":[46126,46139],"begin_timestamp":{"seconds":1703703600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52397},{"tag_id":46107,"sort_order":1,"person_id":52414}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T19:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"**DE:**\r\nIhr seid eine Gruppe, die eine ruhige Ecke braucht? Kommt vorbei. Oder einen Tisch, an dem ihr etwas bauen, basteln, werkeln könnt? Wir haben Tische. Ihr wollt ein paar Spiele spielen? Macht auch gerne das.\r\n\r\nKleine Gruppen würden wir bitten, sich zusammen einen Slot zu teilen, sofern die Art der Tätigkeit das zulässt, damit wir den Raum möglichst gut ausnutzen und vielen Menschen die Gelegenheit bieten, sich auszutauschen, zu vernetzen und Projekte voran zu bringen.\r\n\r\nIn dieser unmoderierten Session könnt ihr den Workshopraum gemeinsam nutzen und vielleicht auch gucken, was die anderen gerade so interessantes machen. Gesellt euch dazu, so lange Platz ist und die Anwesenden den Raum gemeinsam nutzen können, ohne sich dabei zu stören.\r\n\r\n**EN:**\r\nt.b.a.\n\n\n**DE:**\r\nWährend dieser Session ist der Workshopraum für alle offen, die sich hier treffen möchten. In der Haecksen Assembly wird eine Liste aushängen, in der ihr den Raum so spontan wie möglich \"buchen\" könnt, um Dingen Platz zu geben, die vielleicht auch erst während des #37C3 entstehen.\r\n\r\n**EN:**\r\nt.b.a.","type":{"conference_id":131,"conference":"37C3","color":"#7f73c6","updated_at":"2023-12-30T22:18+0000","name":"Workshop","id":46133},"title":"Offene Workshop-Sessions Tag 1 | Open workshop sessions day 1","end_timestamp":{"seconds":1703707200,"nanoseconds":0},"android_description":"**DE:**\r\nIhr seid eine Gruppe, die eine ruhige Ecke braucht? Kommt vorbei. Oder einen Tisch, an dem ihr etwas bauen, basteln, werkeln könnt? Wir haben Tische. Ihr wollt ein paar Spiele spielen? Macht auch gerne das.\r\n\r\nKleine Gruppen würden wir bitten, sich zusammen einen Slot zu teilen, sofern die Art der Tätigkeit das zulässt, damit wir den Raum möglichst gut ausnutzen und vielen Menschen die Gelegenheit bieten, sich auszutauschen, zu vernetzen und Projekte voran zu bringen.\r\n\r\nIn dieser unmoderierten Session könnt ihr den Workshopraum gemeinsam nutzen und vielleicht auch gucken, was die anderen gerade so interessantes machen. Gesellt euch dazu, so lange Platz ist und die Anwesenden den Raum gemeinsam nutzen können, ohne sich dabei zu stören.\r\n\r\n**EN:**\r\nt.b.a.\n\n\n**DE:**\r\nWährend dieser Session ist der Workshopraum für alle offen, die sich hier treffen möchten. In der Haecksen Assembly wird eine Liste aushängen, in der ihr den Raum so spontan wie möglich \"buchen\" könnt, um Dingen Platz zu geben, die vielleicht auch erst während des #37C3 entstehen.\r\n\r\n**EN:**\r\nt.b.a.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T20:00:00.000-0000","id":53639,"begin_timestamp":{"seconds":1703701800,"nanoseconds":0},"village_id":null,"tag_ids":[46133,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"begin":"2023-12-27T18:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"One moment changed my life. I had a swimming accident in 2017, a big wave took me and I broke my neck.\r\n\r\nI am paralysed from the chest down, have no hand functions and sit in a power wheelchair. I cannot cough up independently and rely on 24/7 help to live an active life.\r\n\r\nIn the first few months, I was not able to breathe, eat, drink, speak, walk etc. by myself. In the meanwhile, I made some significant progress and began to work independently using my computer and assistive technology. Step-by-step I came back to a new kind of life. \r\n\r\nI love travelling and am fascinated by innovative technologies. I love my job in the IT industry and passionately work full-time for a startup company in Berlin.\r\n\r\nI will share some insights on spinal cord injury and my experiences of how I work, live and travel using a power wheelchair. There are millions of people who cannot control a computer, tablet, or smartphone with their hands. Assistive technology supports the main functionalities which are needed: mouse movement and different kinds of clicking.\r\n\r\nI'm really lucky to be part of the current generation. In the last couple of years, the major technology companies released significant updates in regards to voice recognition, universal design, accessibility and assistive technology.\r\n\r\nMy portfolio of hands-free assistive technology enables me every day to be active without using my hands or feet. I’m going to present Solutions which make my everyday life more comfortable\r\n\r\nI will share my personal setup which includes software and hardware. You can assume that I tested all of these products, and I’m using them in my smart home.\r\n\r\nAssistive technology is going to change the lives of many forever and is much more vital than ever before.\r\n\r\nHere are a few examples which I'm going to present.\r\n\r\nMy remodelled VW Transporter which enabled me to be the co-driver\r\n\r\nMy Smart home setup for lights, doors, tables, couch, TV, curtains, temperature and kitchen with speech, voice control and apps\r\n\r\nMy power wheelchair and its individual configuration so I can drive using my chin or head\r\n\r\nA robotic arm which allows to be a personal assistant to drink, smoke or scratch myself\r\n\r\nMy computer, smartphone and headphone setup includes a head movement mouse, voice and switch control for dictation and commanding as well as a Bluetooth module to control the smartphone with single button clicks\r\n\r\nLast but not least, I love doing videos using my GoPro and I'm happy to share my perspective\n\n\nI am paralysed from the chest down, have no hand functions and sit in a power wheelchair. I will share some insights on spinal cord injury and my experiences of how I work, live and travel using a power wheelchair. There are millions of people who cannot control a computer, tablet, or smartphone with their hands. Assistive technology supports the main functionalities which are needed: mouse movement and different kinds of clicks. My portfolio of hands-free assistive technology enables me every day to be active without using my hands or feet. I’m going to present solutions which make my everyday life more comfortable.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"Handsfree assistive technology","android_description":"One moment changed my life. I had a swimming accident in 2017, a big wave took me and I broke my neck.\r\n\r\nI am paralysed from the chest down, have no hand functions and sit in a power wheelchair. I cannot cough up independently and rely on 24/7 help to live an active life.\r\n\r\nIn the first few months, I was not able to breathe, eat, drink, speak, walk etc. by myself. In the meanwhile, I made some significant progress and began to work independently using my computer and assistive technology. Step-by-step I came back to a new kind of life. \r\n\r\nI love travelling and am fascinated by innovative technologies. I love my job in the IT industry and passionately work full-time for a startup company in Berlin.\r\n\r\nI will share some insights on spinal cord injury and my experiences of how I work, live and travel using a power wheelchair. There are millions of people who cannot control a computer, tablet, or smartphone with their hands. Assistive technology supports the main functionalities which are needed: mouse movement and different kinds of clicking.\r\n\r\nI'm really lucky to be part of the current generation. In the last couple of years, the major technology companies released significant updates in regards to voice recognition, universal design, accessibility and assistive technology.\r\n\r\nMy portfolio of hands-free assistive technology enables me every day to be active without using my hands or feet. I’m going to present Solutions which make my everyday life more comfortable\r\n\r\nI will share my personal setup which includes software and hardware. You can assume that I tested all of these products, and I’m using them in my smart home.\r\n\r\nAssistive technology is going to change the lives of many forever and is much more vital than ever before.\r\n\r\nHere are a few examples which I'm going to present.\r\n\r\nMy remodelled VW Transporter which enabled me to be the co-driver\r\n\r\nMy Smart home setup for lights, doors, tables, couch, TV, curtains, temperature and kitchen with speech, voice control and apps\r\n\r\nMy power wheelchair and its individual configuration so I can drive using my chin or head\r\n\r\nA robotic arm which allows to be a personal assistant to drink, smoke or scratch myself\r\n\r\nMy computer, smartphone and headphone setup includes a head movement mouse, voice and switch control for dictation and commanding as well as a Bluetooth module to control the smartphone with single button clicks\r\n\r\nLast but not least, I love doing videos using my GoPro and I'm happy to share my perspective\n\n\nI am paralysed from the chest down, have no hand functions and sit in a power wheelchair. I will share some insights on spinal cord injury and my experiences of how I work, live and travel using a power wheelchair. There are millions of people who cannot control a computer, tablet, or smartphone with their hands. Assistive technology supports the main functionalities which are needed: mouse movement and different kinds of clicks. My portfolio of hands-free assistive technology enables me every day to be active without using my hands or feet. I’m going to present solutions which make my everyday life more comfortable.","end_timestamp":{"seconds":1703703300,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53609],"name":"Jan Goslicki","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52326}],"timeband_id":1140,"links":[{"label":"My personal website about Quadriplegic Spinal Cord Injury, Work & Life","type":"link","url":"https://quad.works/"}],"end":"2023-12-27T18:55:00.000-0000","id":53609,"tag_ids":[46122,46136,46140],"village_id":null,"begin_timestamp":{"seconds":1703700900,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52326}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","begin":"2023-12-27T18:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We present an analysis of the Black Basta ransomware and tools for recovering encrypted files without access to the official decryptor or key. Black Basta is \"the second most used ransomware in Germany\", encrypting Windows computers and ESXi hosts running virtual machine workloads.\r\n\r\nOur decryptor-tool exploits a weakness in the cryptographic code in the Black Basta malware. This weakness allows to (partially) recover encrypted files without access to the decryptor and without needing the cryptographic keys used by the ransomware.\r\n\r\nWe dive into the details of the cryptographic operations used by Black Basta and explain how the malware fails to use the cryptographic primitives properly. In particular, the Black Basta ransomware encrypts victim files using a stream cipher. Files smaller than 5000 bytes are fully encrypted. Larger files are only partially encrypted for efficiency reasons. We found that for larger files, the ransomware re-uses the same cryptographic keystream for encrypting different parts of the same file, thereby breaking the security of the used stream cipher. If the plaintext of any encrypted file part is known, the keystream can be recovered and used to decrypt (large parts of) the target file without the underlying cryptographic key.\r\n\r\nAffected organisations can check whether the variant of the Black Basta malware found in their network is susceptible to this attack by purposefully letting the ransomware encrypt a large file (512 MB) containing only zero bytes. If the encrypted parts of the file are identical when analysing the encrypted file (e.g. in a hex editor), recovery is likely possible using the tools presented here.\r\n\r\nDepending on the encrypted file, parts of the plaintext may be known. For instance, VM disk images are likely to contain stretches of zero bytes. As part of the tooling we have developed, we have implemented a heuristic to detect encrypted zero blocks in encrypted files. If found, (large parts of) the encrypted file can then be recovered. For other types of files, individual plaintext blocks may be recoverable via other means (e.g. using backups or specialised tools), also enabling data recovery.\r\n\r\nThe decryption tools can be found here: https://github.com/srlabs/black-basta-buster\n\n\nWe present an analysis and recovery method for files encrypted by Black Basta, the \"second most used ransomware in Germany\".\r\n\r\nWe analysed the behaviour of a ransomware encryptor and found that the malware uses their keystream wrongly, rendering the encryption vulnerable to a known-plaintext attack which allows for recovering affected files. We confirmed the finding by implementing tools for recovering encrypted files.\r\n\r\nWe have made our tools for decrypting files without access to the actual key available to victims directly, through BSI, and to incident responders, as well as German and international law enforcement. Now, we are actively publishing these tools, along with the knowledge shared in our talk, empowering affected organizations to recover some of their files without succumbing to paying the criminals.","title":"Unlocked! Recovering files taken hostage by ransomware","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703703300,"nanoseconds":0},"android_description":"We present an analysis of the Black Basta ransomware and tools for recovering encrypted files without access to the official decryptor or key. Black Basta is \"the second most used ransomware in Germany\", encrypting Windows computers and ESXi hosts running virtual machine workloads.\r\n\r\nOur decryptor-tool exploits a weakness in the cryptographic code in the Black Basta malware. This weakness allows to (partially) recover encrypted files without access to the decryptor and without needing the cryptographic keys used by the ransomware.\r\n\r\nWe dive into the details of the cryptographic operations used by Black Basta and explain how the malware fails to use the cryptographic primitives properly. In particular, the Black Basta ransomware encrypts victim files using a stream cipher. Files smaller than 5000 bytes are fully encrypted. Larger files are only partially encrypted for efficiency reasons. We found that for larger files, the ransomware re-uses the same cryptographic keystream for encrypting different parts of the same file, thereby breaking the security of the used stream cipher. If the plaintext of any encrypted file part is known, the keystream can be recovered and used to decrypt (large parts of) the target file without the underlying cryptographic key.\r\n\r\nAffected organisations can check whether the variant of the Black Basta malware found in their network is susceptible to this attack by purposefully letting the ransomware encrypt a large file (512 MB) containing only zero bytes. If the encrypted parts of the file are identical when analysing the encrypted file (e.g. in a hex editor), recovery is likely possible using the tools presented here.\r\n\r\nDepending on the encrypted file, parts of the plaintext may be known. For instance, VM disk images are likely to contain stretches of zero bytes. As part of the tooling we have developed, we have implemented a heuristic to detect encrypted zero blocks in encrypted files. If found, (large parts of) the encrypted file can then be recovered. For other types of files, individual plaintext blocks may be recoverable via other means (e.g. using backups or specialised tools), also enabling data recovery.\r\n\r\nThe decryption tools can be found here: https://github.com/srlabs/black-basta-buster\n\n\nWe present an analysis and recovery method for files encrypted by Black Basta, the \"second most used ransomware in Germany\".\r\n\r\nWe analysed the behaviour of a ransomware encryptor and found that the malware uses their keystream wrongly, rendering the encryption vulnerable to a known-plaintext attack which allows for recovering affected files. We confirmed the finding by implementing tools for recovering encrypted files.\r\n\r\nWe have made our tools for decrypting files without access to the actual key available to victims directly, through BSI, and to incident responders, as well as German and international law enforcement. Now, we are actively publishing these tools, along with the knowledge shared in our talk, empowering affected organizations to recover some of their files without succumbing to paying the criminals.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T18:55:00.000-0000","id":53600,"begin_timestamp":{"seconds":1703700900,"nanoseconds":0},"tag_ids":[46124,46136,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","begin":"2023-12-27T18:15:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Stark hat Ende November 2022 einen offenen Brief der Wikileaks-Partnermedien initiiert. Darin fordern die New York Times, der Guardian, der Spiegel, Le Monde und El País die US-Regierung auf, die Verfolgung Assanges aufzugeben. Die Anklage durch die USA stelle einen gefährlichen Präzedenzfall für die Meinungs- und Pressefreiheit dar, schreiben die Chefredakteure und Herausgeber: „Journalismus“ sei „kein Verbrechen“. 2010 hat Stark für den SPIEGEL die Wikileaks-Enthüllungen koordiniert, 2013 mit Edward Snowdens NSA-Dokumenten gearbeitet. Er hat Assange mehrmals in London, Ellingham Hall und in der ecuadorianischen Botschaft besucht und mit Assanges Anwälten, aber auch mit Chelsea Manning über den Fall diskutiert.\n\n\nIn diesem Talk wird Holger Stark einen Überblick geben, was juristisch der Stand der Dinge im Fall Assange ist und warum dieser Fall einem Vernichtungsfeldzug gleicht. Er wird anhand bislang unbekannter Aufnahmen einen Blick hinter die Kulissen der US-Regierung werfen – und erklären, warum sich viele Medien mit Solidarität so schwer tun.","title":"Der Fall Julian Assange: um was es jetzt geht","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703703300,"nanoseconds":0},"android_description":"Stark hat Ende November 2022 einen offenen Brief der Wikileaks-Partnermedien initiiert. Darin fordern die New York Times, der Guardian, der Spiegel, Le Monde und El País die US-Regierung auf, die Verfolgung Assanges aufzugeben. Die Anklage durch die USA stelle einen gefährlichen Präzedenzfall für die Meinungs- und Pressefreiheit dar, schreiben die Chefredakteure und Herausgeber: „Journalismus“ sei „kein Verbrechen“. 2010 hat Stark für den SPIEGEL die Wikileaks-Enthüllungen koordiniert, 2013 mit Edward Snowdens NSA-Dokumenten gearbeitet. Er hat Assange mehrmals in London, Ellingham Hall und in der ecuadorianischen Botschaft besucht und mit Assanges Anwälten, aber auch mit Chelsea Manning über den Fall diskutiert.\n\n\nIn diesem Talk wird Holger Stark einen Überblick geben, was juristisch der Stand der Dinge im Fall Assange ist und warum dieser Fall einem Vernichtungsfeldzug gleicht. Er wird anhand bislang unbekannter Aufnahmen einen Blick hinter die Kulissen der US-Regierung werfen – und erklären, warum sich viele Medien mit Solidarität so schwer tun.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53588],"name":"Holger Stark","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52383}],"timeband_id":1140,"links":[],"end":"2023-12-27T18:55:00.000-0000","id":53588,"tag_ids":[46121,46136,46139],"begin_timestamp":{"seconds":1703700900,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52383}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-27T18:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Between ambient and soundscapes, from dreamy to gloomy, to fall in and feel out: An eclectic mix of electronic, cheesy pop, slow burns, and other captivating sounds. \r\nVinyl-only DJ Duo from Hamburg, also 2/3 of the Radio-Show „Der verlängerte Atem\"\n\n\nhttps://soundcloud.com/derverlaengerteatem\r\nhttps://soundcloud.com/martin-otto-paul\r\nhttps://soundcloud.com/gerassl","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"fiona & martin","end_timestamp":{"seconds":1703710800,"nanoseconds":0},"android_description":"Between ambient and soundscapes, from dreamy to gloomy, to fall in and feel out: An eclectic mix of electronic, cheesy pop, slow burns, and other captivating sounds. \r\nVinyl-only DJ Duo from Hamburg, also 2/3 of the Radio-Show „Der verlängerte Atem\"\n\n\nhttps://soundcloud.com/derverlaengerteatem\r\nhttps://soundcloud.com/martin-otto-paul\r\nhttps://soundcloud.com/gerassl","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T21:00:00.000-0000","id":53906,"begin_timestamp":{"seconds":1703700000,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"begin":"2023-12-27T18:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We aim to connect people involved or interested in \"rationality\" (having accurate beliefs and acting in a way to achieve owns values). Feel free to talk to us if you already are a reader of Lesswrong or Astral Codex Ten, for example. We want to provide a platform for people to get to know the other engaged community members and provide a low barrier to entry for soon-to-be-members. We have a [Telegram group](https://t.me/LW37C3) and an IRC channel (#LW@37c3 on Libera).\n\n\n","title":"Rationality / Lesswrong / ACX Group Meetup","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"We aim to connect people involved or interested in \"rationality\" (having accurate beliefs and acting in a way to achieve owns values). Feel free to talk to us if you already are a reader of Lesswrong or Astral Codex Ten, for example. We want to provide a platform for people to get to know the other engaged community members and provide a low barrier to entry for soon-to-be-members. We have a [Telegram group](https://t.me/LW37C3) and an IRC channel (#LW@37c3 on Libera).","end_timestamp":{"seconds":1703703600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T19:00:00.000-0000","id":53898,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703700000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T18:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Eine überraschende Funktionalität der WiiMote-Controller ist die schnelle Lichtpunkte-Erkennung in deren vorwärtszeigenden Kamera … Kombiniert mit acht handelsüblichen Lasern, einem MIDI-Controller und ein bisschen Klebstoff kann daraus ein richtiges Instrument werden.\r\n\r\nWie sich das ganze dann von einem Profi bedient anhört, könnt ihr hier bestaunen und die Harfe aus der Nähe beschnuppern.\r\n\r\nDer Künstler mit dem Instrument im robusteren Ausbau\r\nhttps://www.ralph-light.com/\n\n\nDie Gelegenheit, sich „Instrumentenbauer“ in seinen Lebenslauf schreiben zu können, sollte sich kein Nerd, der was auf sich hält, entgehen lassen. Wenn dieses Instrument dann auch noch von einem studierten Organisten bedient wird, kommt Hackertum und Kunst ganz eng zusammen. Aber wie erfindet man ein Instrument?","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Live-Performance eines DIY-Instruments: Die Laserharfe","end_timestamp":{"seconds":1703703600,"nanoseconds":0},"android_description":"Eine überraschende Funktionalität der WiiMote-Controller ist die schnelle Lichtpunkte-Erkennung in deren vorwärtszeigenden Kamera … Kombiniert mit acht handelsüblichen Lasern, einem MIDI-Controller und ein bisschen Klebstoff kann daraus ein richtiges Instrument werden.\r\n\r\nWie sich das ganze dann von einem Profi bedient anhört, könnt ihr hier bestaunen und die Harfe aus der Nähe beschnuppern.\r\n\r\nDer Künstler mit dem Instrument im robusteren Ausbau\r\nhttps://www.ralph-light.com/\n\n\nDie Gelegenheit, sich „Instrumentenbauer“ in seinen Lebenslauf schreiben zu können, sollte sich kein Nerd, der was auf sich hält, entgehen lassen. Wenn dieses Instrument dann auch noch von einem studierten Organisten bedient wird, kommt Hackertum und Kunst ganz eng zusammen. Aber wie erfindet man ein Instrument?","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T19:00:00.000-0000","id":53859,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703700000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"begin":"2023-12-27T18:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: Corinna\r\n\r\nCADUS is preparing to deploy a team for medical evacuations (MEDEVAC) in the context of the Gaza humanitarian crisis. For emergency response teams it is crucial to be able to receive constant up-to-date-information and be in touch with their base or headquarters, as well as communicate with each other on the ground. But in an active war zone like Gaza, the options to bring and use devices of information and communication technologies (ICT) are highly restricted.\n\n\nIn this session, we will talk about the challenges of preparing a humanitarian response to a conflict zone, as well as give an overview and update on the situation of communication networks in Gaza.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"I pack my ICT-bag for Gaza and I take with me…","android_description":"Host: Corinna\r\n\r\nCADUS is preparing to deploy a team for medical evacuations (MEDEVAC) in the context of the Gaza humanitarian crisis. For emergency response teams it is crucial to be able to receive constant up-to-date-information and be in touch with their base or headquarters, as well as communicate with each other on the ground. But in an active war zone like Gaza, the options to bring and use devices of information and communication technologies (ICT) are highly restricted.\n\n\nIn this session, we will talk about the challenges of preparing a humanitarian response to a conflict zone, as well as give an overview and update on the situation of communication networks in Gaza.","end_timestamp":{"seconds":1703703600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T19:00:00.000-0000","id":53633,"begin_timestamp":{"seconds":1703700000,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"begin":"2023-12-27T18:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Created in 2008, the [hackerspaces.org](https://hackerspaces.org) website was a vital part of the growth of the hackerspace movement. It keeps being a great resource for creatures & communities wanting to start, operate, or just find information on hackspaces. Primarily a [wiki](https://wiki.hackerspaces.org/)\r\n, it allows anyone, anywhere in the world, to add their hackspace. The pages attract curious search traffic, open days visitors, and new members. They are also the backbone of regional and international hackspace interaction, including a [world map](https://wiki.hackerspaces.org/List_of_Hacker_Spaces), [mailing list](https://lists.hackerspaces.org/listinfo/discuss), [chatroom](https://wiki.hackerspaces.org/Communication), and [hacker residences](https://wiki.hackerspaces.org/Residencies) for travelling hackers.\r\n\r\nThe yearly CCC meetings help us keep the lights up, and to think of how to update & improve the site, keeping it relevant for the years to come.\r\nLet's get together, brainstorm, and discuss how to do this.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"hackerspaces.org (HSO) Yearly Meetup","end_timestamp":{"seconds":1703703600,"nanoseconds":0},"android_description":"Created in 2008, the [hackerspaces.org](https://hackerspaces.org) website was a vital part of the growth of the hackerspace movement. It keeps being a great resource for creatures & communities wanting to start, operate, or just find information on hackspaces. Primarily a [wiki](https://wiki.hackerspaces.org/)\r\n, it allows anyone, anywhere in the world, to add their hackspace. The pages attract curious search traffic, open days visitors, and new members. They are also the backbone of regional and international hackspace interaction, including a [world map](https://wiki.hackerspaces.org/List_of_Hacker_Spaces), [mailing list](https://lists.hackerspaces.org/listinfo/discuss), [chatroom](https://wiki.hackerspaces.org/Communication), and [hacker residences](https://wiki.hackerspaces.org/Residencies) for travelling hackers.\r\n\r\nThe yearly CCC meetings help us keep the lights up, and to think of how to update & improve the site, keeping it relevant for the years to come.\r\nLet's get together, brainstorm, and discuss how to do this.","updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T19:00:00.000-0000","id":53616,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703700000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","begin":"2023-12-27T18:00:00.000-0000","updated":"2023-12-30T01:42:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://events.ccc.de/congress/2023/hub/en/event/led-badge-magic-hacking/\n\n\nJoin this hacking session dedicated to enhancing the Android app for our open-source LED badge! We dive into a collaborative bug-fixing spree. Iron out glitches, and contribute to improve user experience. Test devices are available, bring your laptop along.","title":"Hack Meetup: LED Badges and Holographic LED Fans","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"https://events.ccc.de/congress/2023/hub/en/event/led-badge-magic-hacking/\n\n\nJoin this hacking session dedicated to enhancing the Android app for our open-source LED badge! We dive into a collaborative bug-fixing spree. Iron out glitches, and contribute to improve user experience. Test devices are available, bring your laptop along.","end_timestamp":{"seconds":1703703600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T19:00:00.000-0000","id":53562,"begin_timestamp":{"seconds":1703700000,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T18:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Following the lively interest in the exchange of experiences at this year's camp and the formation of a networking group, we would like to try this again at the Congress and perhaps also give the networking group some life.\r\n\r\nThe world is not getting any brighter, house raids are becoming more frequent and climate activism is equated with terrorism. As a scene, we certainly have a lot to contribute, which is also urgently needed. So if you have ever given IT security training for politically active people or would like to start doing so, please come along!\r\n\r\nThere isn't really a program planned, this is more intended as a relaxed and spontaneous exchange and get-together.\r\n\r\nMatrix Room Link: https://matrix.to/#/!KqmPSJPogszhaAWtUC:fairydust.space?via=fairydust.space&via=matrix.org&via=systemli.org\r\nRoom will be closed after 37C3 again.\r\n\r\nOther Links follow.\n\n\n","title":"Erfahrungsaustausch: IT-Sicherheitstrainings für Aktivist*innen","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"Following the lively interest in the exchange of experiences at this year's camp and the formation of a networking group, we would like to try this again at the Congress and perhaps also give the networking group some life.\r\n\r\nThe world is not getting any brighter, house raids are becoming more frequent and climate activism is equated with terrorism. As a scene, we certainly have a lot to contribute, which is also urgently needed. So if you have ever given IT security training for politically active people or would like to start doing so, please come along!\r\n\r\nThere isn't really a program planned, this is more intended as a relaxed and spontaneous exchange and get-together.\r\n\r\nMatrix Room Link: https://matrix.to/#/!KqmPSJPogszhaAWtUC:fairydust.space?via=fairydust.space&via=matrix.org&via=systemli.org\r\nRoom will be closed after 37C3 again.\r\n\r\nOther Links follow.","end_timestamp":{"seconds":1703703600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T19:00:00.000-0000","id":53509,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703700000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T18:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Judith und Klaudia sprechen mit einer Gästin darüber, wie Frauen in technische Berufe und auch in das CCC-Umfeld kommen, was sie dort erleben und wie wir es Frauen vielleicht noch leichter machen können, sich mit den Nerds wohlzufühlen.","title":"The Diner Podcast live: Frauen in der Technik","type":{"conference_id":131,"conference":"37C3","color":"#53b574","updated_at":"2023-12-30T22:18+0000","name":"Podcasting table (90 minutes)","id":46129},"android_description":"Judith und Klaudia sprechen mit einer Gästin darüber, wie Frauen in technische Berufe und auch in das CCC-Umfeld kommen, was sie dort erleben und wie wir es Frauen vielleicht noch leichter machen können, sich mit den Nerds wohlzufühlen.","end_timestamp":{"seconds":1703702700,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53456],"name":"teekse","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52250},{"conference_id":131,"event_ids":[53456],"name":"Eva Wolfangel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52490}],"timeband_id":1140,"links":[],"end":"2023-12-27T18:45:00.000-0000","id":53456,"tag_ids":[46129,46139],"begin_timestamp":{"seconds":1703700000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52490},{"tag_id":46107,"sort_order":1,"person_id":52250}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"spans_timebands":"N","begin":"2023-12-27T18:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir erzählen euch was ein Lötengel tut und worauf er/sie achten muss. Außerdem stellen wir euch die Bausätze vor die wir bauen werden.\r\n\r\nHier gibt es die Folien des Vortrags: https://henning-brinkmann.de/jht-37c3-soldering\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Junghacker:innen-Tag: Lötengel-Einführung","android_description":"Wir erzählen euch was ein Lötengel tut und worauf er/sie achten muss. Außerdem stellen wir euch die Bausätze vor die wir bauen werden.\r\n\r\nHier gibt es die Folien des Vortrags: https://henning-brinkmann.de/jht-37c3-soldering","end_timestamp":{"seconds":1703703600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T19:00:00.000-0000","id":53449,"village_id":null,"begin_timestamp":{"seconds":1703700000,"nanoseconds":0},"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T18:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Ich erzähle Euch meine Geschichte als seit knapp zwei Jahren Opfer von Cybermobbing mit Update zum Fort- und Weitergang seit der ersten Version dieses Talks auf der GPN 2023,\r\nerkläre Euch, wie es zu Cybermobbing kommen kann,\r\nwerde Skills für Opfer und Mitbekommende vorstellen.\r\nJetzt kann ich Euch auch noch mehr zu meiner Geschichte und den Hintergründen erzählen. \r\n\r\nDieses Mal kommt auch Jura nicht zu kurz.\r\nIn einem Exkurs ins Strafrecht erkläre ich Euch, warum es manchmal trotz menschlich-moralischer Überzeugung von der Täter:inschaft von Personen nicht für strafrechtliche Konsequenzen reicht, wie sich Opfer gegen schnelle Einstellungen wehren können und warum auch das oft nicht erfolgreich ist.\r\nWeiter geht's ins Zivilrecht, denn auch da gibt es Möglichkeiten, wie sich Opfer gegen Täter:innen wehren können, ganz unabhängig von den strafrechtlichen Entscheidungen.\r\n\r\nUnd wir sprechen darüber, was Ihr machen könnt, wenn Ihr Cybermobbing mitbekommt, wie Ihr vermeidet, Bystander zu sein und wie Ihr Upstander sein könnt. Auch da werde ich aus eigenen Erfahrungen erzählen, denn nur wenn wir Opfer reden werden die Gefahren von Cybermobbing greifbarer und die Auswirkungen nachvollziehbar.\r\n\r\nNur wenn wir uns gemeinsam gegen Cybermobbing stellen können wir Cybermobbing beenden.\n\n\nCybermobbing kann uns alle treffen. Es ist wichtig, darauf vorbereitet zu sein, ehe Ihr mitten drin steckt, ob als Opfer, Bystander oder Upstander. Dabei will Euch dieser Talk helfen.","title":"Gemeinsam gegen Cybermobbing","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#f6ae74","name":"Talk 90 Minuten +15m Q&A","id":46132},"end_timestamp":{"seconds":1703706300,"nanoseconds":0},"android_description":"Ich erzähle Euch meine Geschichte als seit knapp zwei Jahren Opfer von Cybermobbing mit Update zum Fort- und Weitergang seit der ersten Version dieses Talks auf der GPN 2023,\r\nerkläre Euch, wie es zu Cybermobbing kommen kann,\r\nwerde Skills für Opfer und Mitbekommende vorstellen.\r\nJetzt kann ich Euch auch noch mehr zu meiner Geschichte und den Hintergründen erzählen. \r\n\r\nDieses Mal kommt auch Jura nicht zu kurz.\r\nIn einem Exkurs ins Strafrecht erkläre ich Euch, warum es manchmal trotz menschlich-moralischer Überzeugung von der Täter:inschaft von Personen nicht für strafrechtliche Konsequenzen reicht, wie sich Opfer gegen schnelle Einstellungen wehren können und warum auch das oft nicht erfolgreich ist.\r\nWeiter geht's ins Zivilrecht, denn auch da gibt es Möglichkeiten, wie sich Opfer gegen Täter:innen wehren können, ganz unabhängig von den strafrechtlichen Entscheidungen.\r\n\r\nUnd wir sprechen darüber, was Ihr machen könnt, wenn Ihr Cybermobbing mitbekommt, wie Ihr vermeidet, Bystander zu sein und wie Ihr Upstander sein könnt. Auch da werde ich aus eigenen Erfahrungen erzählen, denn nur wenn wir Opfer reden werden die Gefahren von Cybermobbing greifbarer und die Auswirkungen nachvollziehbar.\r\n\r\nNur wenn wir uns gemeinsam gegen Cybermobbing stellen können wir Cybermobbing beenden.\n\n\nCybermobbing kann uns alle treffen. Es ist wichtig, darauf vorbereitet zu sein, ehe Ihr mitten drin steckt, ob als Opfer, Bystander oder Upstander. Dabei will Euch dieser Talk helfen.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53815,53510],"name":"Wawuschel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52454}],"timeband_id":1140,"links":[],"end":"2023-12-27T19:45:00.000-0000","id":53510,"tag_ids":[46132,46139],"village_id":null,"begin_timestamp":{"seconds":1703698200,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52454}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T17:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Every day from 18:30 to 19:00 at the 37c3 Kidspace, we're hosting a bedtime story reading session. Perfect for everyone looking to unwind after an exciting day at the Congress. Among others, we'll read from works like 'Ada and Zangemann: A Fairy Tale about Software, Skateboards, and Raspberry Ice Cream' – just one example of the many captivating stories that await you.\n\n\n","title":"GuteN8Geschichten - Tag 1","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"Every day from 18:30 to 19:00 at the 37c3 Kidspace, we're hosting a bedtime story reading session. Perfect for everyone looking to unwind after an exciting day at the Congress. Among others, we'll read from works like 'Ada and Zangemann: A Fairy Tale about Software, Skateboards, and Raspberry Ice Cream' – just one example of the many captivating stories that await you.","end_timestamp":{"seconds":1703700000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T18:00:00.000-0000","id":53489,"begin_timestamp":{"seconds":1703698200,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Kidspace - Workshopraum in Saal B","hotel":"","short_name":"Kidspace - Workshopraum in Saal B","id":46143},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T17:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This session welcomes all who appreciate receiving _genuine questions_ following their presentations.\n\n\nHave you ever been in a Q&A session where someone begins with, \"This is more of a comment than a question”, or just starts voicing an opinion without actually asking anything? This simple phrase can dramatically shift the dynamics of group discussions. In this session, we'll explore the underlying implications of such comments and how they transform our conversations, sharing, and collective learning. We'll also exchange success stories and strategies to prevent these 'more-of-a-comment' monologues and effectively respond when they do occur. Likewise, we will try to think of alternative ways to encourage sharing potentially interesting information that is not question-shaped. Join us to make Q&A sessions more productive, inclusive, and engaging!\r\n\r\n//\r\n\r\nWart ihr schon mal bei einer Fragerunde, wo jemand mit \"Das ist eher ein Kommentar als eine Frage\" anfängt oder einfach drauflos redet, weil er unbedingt seine Meinung teilen möchte? Dieser scheinbar harmlose Satz kann die Dynamik in Gruppengesprächen erheblich verändern. In unserer Session wollen wir uns damit auseinandersetzen, was hinter solchen Kommentaren steckt und wie sie unsere Diskussionen und das gemeinsame Lernen beeinflussen. Wir teilen Erfahrungen und Strategien, wie wir solche Kommentar-Monologe verhindern und effektiv darauf reagieren können. Außerdem versuchen wir, uns Alternativen einfallen zu lassen, wie man interessante Infos teilen könnte, die keine Fragen sind. Für Fragerunden, die produktiver, inklusiver und spannender sind!","title":"\"This is more of a comment than a question\" 🙃","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#7f73c6","name":"Workshop","id":46133},"end_timestamp":{"seconds":1703701200,"nanoseconds":0},"android_description":"This session welcomes all who appreciate receiving _genuine questions_ following their presentations.\n\n\nHave you ever been in a Q&A session where someone begins with, \"This is more of a comment than a question”, or just starts voicing an opinion without actually asking anything? This simple phrase can dramatically shift the dynamics of group discussions. In this session, we'll explore the underlying implications of such comments and how they transform our conversations, sharing, and collective learning. We'll also exchange success stories and strategies to prevent these 'more-of-a-comment' monologues and effectively respond when they do occur. Likewise, we will try to think of alternative ways to encourage sharing potentially interesting information that is not question-shaped. Join us to make Q&A sessions more productive, inclusive, and engaging!\r\n\r\n//\r\n\r\nWart ihr schon mal bei einer Fragerunde, wo jemand mit \"Das ist eher ein Kommentar als eine Frage\" anfängt oder einfach drauflos redet, weil er unbedingt seine Meinung teilen möchte? Dieser scheinbar harmlose Satz kann die Dynamik in Gruppengesprächen erheblich verändern. In unserer Session wollen wir uns damit auseinandersetzen, was hinter solchen Kommentaren steckt und wie sie unsere Diskussionen und das gemeinsame Lernen beeinflussen. Wir teilen Erfahrungen und Strategien, wie wir solche Kommentar-Monologe verhindern und effektiv darauf reagieren können. Außerdem versuchen wir, uns Alternativen einfallen zu lassen, wie man interessante Infos teilen könnte, die keine Fragen sind. Für Fragerunden, die produktiver, inklusiver und spannender sind!","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53626,53638],"name":"sumpfhexe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52453}],"timeband_id":1140,"links":[],"end":"2023-12-27T18:20:00.000-0000","id":53638,"begin_timestamp":{"seconds":1703697600,"nanoseconds":0},"tag_ids":[46133,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52453}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"spans_timebands":"N","begin":"2023-12-27T17:20:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Only save favorites? Bookmarklets with JS and HTML offer more 🤖\r\n\r\nhttps://etherpad.wikimedia.org/p/hackwords\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"📑 Lesezeichen zum Scrapen, Pimpen und Hosten von Webseiten 🌐","android_description":"Only save favorites? Bookmarklets with JS and HTML offer more 🤖\r\n\r\nhttps://etherpad.wikimedia.org/p/hackwords","end_timestamp":{"seconds":1703700000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T18:00:00.000-0000","id":53615,"begin_timestamp":{"seconds":1703697300,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","begin":"2023-12-27T17:15:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This session is for everyone who enjoys playing table and card games. We will split up in small groups depending on your likings and the appropiate number of players for each game and play your games together.\r\n\r\nYour games? Yes! Bring your own games you want to play with other hackers.\r\n\r\n\r\n🧮\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Tischspielrunde - Bring your own game","android_description":"This session is for everyone who enjoys playing table and card games. We will split up in small groups depending on your likings and the appropiate number of players for each game and play your games together.\r\n\r\nYour games? Yes! Bring your own games you want to play with other hackers.\r\n\r\n\r\n🧮","end_timestamp":{"seconds":1703703300,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T18:55:00.000-0000","id":53577,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703697300,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"spans_timebands":"N","begin":"2023-12-27T17:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This session shows how to use [chatmail](https://github.com/deltachat/chatmail) to run a simple mail server setup, optimized for using it for chatting with the email messenger Delta Chat. It has never been this easy to self-host your own decentralized chat server.\r\n\r\nThis session is not recorded.\n\n\n","title":"chatmail: self-hosting email servers, optimized for chatting with Delta Chat","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"This session shows how to use [chatmail](https://github.com/deltachat/chatmail) to run a simple mail server setup, optimized for using it for chatting with the email messenger Delta Chat. It has never been this easy to self-host your own decentralized chat server.\r\n\r\nThis session is not recorded.","end_timestamp":{"seconds":1703700000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T18:00:00.000-0000","id":53623,"begin_timestamp":{"seconds":1703696400,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","begin":"2023-12-27T17:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In this session, I invite the participants to have 1-on-1 conversations about hypothetical life scenarios. \r\n\r\nWe will follow an outline of the practice presented in The Conversation Book published by our independent, non-for-profit Circadian Press. In this book, we propose a practice and questions that help explore life scenarios that have not happened yet. We invite the participants to find a random partner among those who are present, and to pose the questions to each other, listen to the responses, and, hopefully, find out more about themselves and the others around. \r\n\r\nAt the end of the session we aim to have had a great time, meet new people, and — if you prefer — also have some actionable strategies to bring whatever it is that we imaged into the real. \r\n\r\nThe exact location is TBC after we get the map of the space. In the meanwhile, if you have any questions, please, reach out on Telegram @noduslabs\r\n\r\nMore info: [www.circadian.co/product/the-conversation-book](https://circadian.co/product/the-conversation-book/)\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Conversation Practice: Hypothetical Life Scenarios","end_timestamp":{"seconds":1703700000,"nanoseconds":0},"android_description":"In this session, I invite the participants to have 1-on-1 conversations about hypothetical life scenarios. \r\n\r\nWe will follow an outline of the practice presented in The Conversation Book published by our independent, non-for-profit Circadian Press. In this book, we propose a practice and questions that help explore life scenarios that have not happened yet. We invite the participants to find a random partner among those who are present, and to pose the questions to each other, listen to the responses, and, hopefully, find out more about themselves and the others around. \r\n\r\nAt the end of the session we aim to have had a great time, meet new people, and — if you prefer — also have some actionable strategies to bring whatever it is that we imaged into the real. \r\n\r\nThe exact location is TBC after we get the map of the space. In the meanwhile, if you have any questions, please, reach out on Telegram @noduslabs\r\n\r\nMore info: [www.circadian.co/product/the-conversation-book](https://circadian.co/product/the-conversation-book/)","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T18:00:00.000-0000","id":53506,"begin_timestamp":{"seconds":1703696400,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Tägliche Meetups zum Netzwerken, gegenseitiges Kennenlernen, Tipps geben.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Bits & Bäume Community Treffen Tag 1","android_description":"Tägliche Meetups zum Netzwerken, gegenseitiges Kennenlernen, Tipps geben.","end_timestamp":{"seconds":1703700000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T18:00:00.000-0000","id":53479,"village_id":null,"begin_timestamp":{"seconds":1703696400,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Community Space","hotel":"","short_name":"Bits & Bäume Community Space","id":46145},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"A p4p meetup, we are going to discuss technologies such as SSB, p2panda, earthstar, cabal, willow, ppppp, dat etc. We want to talk about how to make decentralized tech more popular, update each other on the current state of the community and so on. Expect a lot of anarchy.\r\n\r\nWe probably want to structure this as a short intro + free form loosely structured discussion around the topics we pick at the start of the meeting. The exact form is dependent on how many people will come.\n\n\n","title":"p4p meetup","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703700000,"nanoseconds":0},"android_description":"A p4p meetup, we are going to discuss technologies such as SSB, p2panda, earthstar, cabal, willow, ppppp, dat etc. We want to talk about how to make decentralized tech more popular, update each other on the current state of the community and so on. Expect a lot of anarchy.\r\n\r\nWe probably want to structure this as a short intro + free form loosely structured discussion around the topics we pick at the start of the meeting. The exact form is dependent on how many people will come.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T18:00:00.000-0000","id":53475,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703696400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Mit Manfred Kloiber, Peter Welchering und Marie Zinkann\n\n\nDas Team von Computer und Kommunikation freut sich auf ein Gespräch mit Dir! Über Radiomachen, über Podcastmachen oder über ein anderes Thema Deiner Wahl ...","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Deutschlandfunk: Offener Studiotalk Computer und Kommunikation .","android_description":"Mit Manfred Kloiber, Peter Welchering und Marie Zinkann\n\n\nDas Team von Computer und Kommunikation freut sich auf ein Gespräch mit Dir! Über Radiomachen, über Podcastmachen oder über ein anderes Thema Deiner Wahl ...","end_timestamp":{"seconds":1703697300,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T17:15:00.000-0000","id":53637,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703694600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"begin":"2023-12-27T16:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Reguläre Ausdrücke wie /^([a-zA-Z0-9])(([\\-.]|[_]+)?([a-zA-Z0-9]+))*(@){1}[a-z0-9]+[.]{1}(([a-z]{2,3})|([a-z]{2,3}[.]{1}[a-z]{2,3}))$/ oder einfacher ([a-zA-Z]+)* verwirren dich? Keine Sorge, je nach zu validierendem Input verwirrt es deinen Computer auch! \r\nDieser Talk befasst sich mit regulären Ausdrücken: Wir steigen ein mit einem kurzen Ausflug in die theoretische Informatik und endliche Automaten, befassen uns allgemein mit regulären Ausdrücken und warum diese nützlich sind, bis wir herausfinden, was es mit bösen regulären Ausdrücken auf sich hat - und wie diese mit dem entsprechenden Payload für Denial of Service-Angriffe genutzt werden können. \r\nUm von diesem Talk etwas mitnehmen zu können, reicht es, schon mal was von regulären Ausdrücken gehört und ggf. sehr einfache Versionen selbst schon einmal angewandt zu haben. Du musst kein Regular Expression Pub Quiz gewonnen haben, um etwas zu verstehen, ganz im Gegenteil. Wahrscheinlich ist es für dich sogar etwas langweilig, wenn du RegEx-Pro bist.\n\n\nKurze Einführung in reguläre Ausdrücke, Konzept und Verwendung - bis zum Ausnutzen bestimmter Kombinationen von regulären Ausdrücken und Payload für einen Regular Expression Denial of Service (reDoS)-Angriff","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#6fdce3","name":"Talk 30 min + 10 min Q&A","id":46131},"title":"aaaaaaaaaaa! - Mein regulärer Ausdruck ist böse","end_timestamp":{"seconds":1703697000,"nanoseconds":0},"android_description":"Reguläre Ausdrücke wie /^([a-zA-Z0-9])(([\\-.]|[_]+)?([a-zA-Z0-9]+))*(@){1}[a-z0-9]+[.]{1}(([a-z]{2,3})|([a-z]{2,3}[.]{1}[a-z]{2,3}))$/ oder einfacher ([a-zA-Z]+)* verwirren dich? Keine Sorge, je nach zu validierendem Input verwirrt es deinen Computer auch! \r\nDieser Talk befasst sich mit regulären Ausdrücken: Wir steigen ein mit einem kurzen Ausflug in die theoretische Informatik und endliche Automaten, befassen uns allgemein mit regulären Ausdrücken und warum diese nützlich sind, bis wir herausfinden, was es mit bösen regulären Ausdrücken auf sich hat - und wie diese mit dem entsprechenden Payload für Denial of Service-Angriffe genutzt werden können. \r\nUm von diesem Talk etwas mitnehmen zu können, reicht es, schon mal was von regulären Ausdrücken gehört und ggf. sehr einfache Versionen selbst schon einmal angewandt zu haben. Du musst kein Regular Expression Pub Quiz gewonnen haben, um etwas zu verstehen, ganz im Gegenteil. Wahrscheinlich ist es für dich sogar etwas langweilig, wenn du RegEx-Pro bist.\n\n\nKurze Einführung in reguläre Ausdrücke, Konzept und Verwendung - bis zum Ausnutzen bestimmter Kombinationen von regulären Ausdrücken und Payload für einen Regular Expression Denial of Service (reDoS)-Angriff","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T17:10:00.000-0000","id":53478,"village_id":null,"begin_timestamp":{"seconds":1703694600,"nanoseconds":0},"tag_ids":[46131,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"spans_timebands":"N","begin":"2023-12-27T16:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In the world of code, errors are fixable, but what about in human interactions? Our Social Rejection Games workshop is your chance to update your social firmware. We’ll tackle the outdated, tribal fear of rejection that hinders potential in our modern, liberal social systems. \r\n\r\nFrom making calls to asking for a favor or that coveted phone number, we'll follow a hands-on protocol to challenge and reprogram your social instincts.\r\n\r\n[Disclaimer: I scheduled the event with a duration of '30 min' due to not reserve Stage Y for more time than needed as we'll go outside. The event will take ~90 min]\r\n\r\nPlease bring your jacket, we'll go outside\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Social Rejection Games [90 min duration, 30 min of it at Stage of Y]","end_timestamp":{"seconds":1703696400,"nanoseconds":0},"android_description":"In the world of code, errors are fixable, but what about in human interactions? Our Social Rejection Games workshop is your chance to update your social firmware. We’ll tackle the outdated, tribal fear of rejection that hinders potential in our modern, liberal social systems. \r\n\r\nFrom making calls to asking for a favor or that coveted phone number, we'll follow a hands-on protocol to challenge and reprogram your social instincts.\r\n\r\n[Disclaimer: I scheduled the event with a duration of '30 min' due to not reserve Stage Y for more time than needed as we'll go outside. The event will take ~90 min]\r\n\r\nPlease bring your jacket, we'll go outside","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T17:00:00.000-0000","id":53473,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703694600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"N","begin":"2023-12-27T16:30:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Amateurfunk ist ein vielfältiges Hobby. In einem kurzen Abriss zeigen wir verschiedene Aktivitäten, die alle mit Amateurfunk zusammenhängen. Außerdem gibt es einen kurzen Abriss darüber, wie man in Deutschland Funkamateur wird.\n\n\nWir wecken die Faszination, die hinter dem Amateurfunk steckt, um weltweit und darüber hinaus ohne Grenzen und Provider zu kommunizieren und zeigen den Weg dahin in Deutschland.","title":"Amateurfunk - Kommunikation ohne Grenzen und Provider","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703695800,"nanoseconds":0},"android_description":"Amateurfunk ist ein vielfältiges Hobby. In einem kurzen Abriss zeigen wir verschiedene Aktivitäten, die alle mit Amateurfunk zusammenhängen. Außerdem gibt es einen kurzen Abriss darüber, wie man in Deutschland Funkamateur wird.\n\n\nWir wecken die Faszination, die hinter dem Amateurfunk steckt, um weltweit und darüber hinaus ohne Grenzen und Provider zu kommunizieren und zeigen den Weg dahin in Deutschland.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T16:50:00.000-0000","id":53470,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703694600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chaoswelle","hotel":"","short_name":"Chaoswelle","id":46141},"spans_timebands":"N","begin":"2023-12-27T16:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The current state of the space ecosystem is characterized by its reliance on defense-oriented policies and outdated systems, hindering the true potential of space exploration. Despite the promise of Space 4.0, the reality is that space remains largely inaccessible to the public at large.\r\n\r\nAgainst this backdrop, a group of hackers and makers is revolutionizing the space industry. By promoting the hacker ethos of innovation, resourcefulness, and open-source principles, they are challenging the status quo and delivering creativity and accessibility into the space sector.\r\n\r\nDriven by the hackerspace movement and the broader community, we, Libre Space Foundation, are actively building our own satellites, space technologies, sharing knowledge and resources, and pushing the boundaries of space exploration. Our mission is to democratize space, making it available to everyone, regardless of background or resources.\r\n\r\nThis emerging movement faces unique challenges, including working within a small, underfunded ecosystem, developing software and hardware, mapping out processes amidst complex space law and global politics, and ensuring long-term sustainability without relying on external funding.\r\n\r\nTo overcome these challenges and harness the full potential of this movement, we propose a manifesto with four pillars:\r\n\r\nOpen Source: All technologies developed for outer space shall be published and licensed using open source licenses.\r\nOpen Data: All data related to and produced in outer space shall be freely accessed, used and built upon by anyone, anywhere, and shall be shared and managed according to the principles above.\r\nOpen Development: All technologies for outer space shall be developed in a transparent, legible, documented, testable, modular, and efficient way.\r\nOpen Governance: All technologies for outer space shall be governed in a participatory, collaborative, direct, and distributed way.\r\n\r\nBy embracing these pillars, we can create a more open, inclusive, and sustainable space ecosystem that empowers individuals and communities to participate in the exploration of the cosmos.\n\n\nEmbark on Libre Space Foundation's journey into the world of open-source space exploration, where a passionate community of hackers and makers is challenging the traditional defense-driven approach to spacefaring. Discover how we are democratizing space by embracing open-source technologies, community collaboration, and a commitment to sustainability.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"How to Hack Your Way to Space","end_timestamp":{"seconds":1703697300,"nanoseconds":0},"android_description":"The current state of the space ecosystem is characterized by its reliance on defense-oriented policies and outdated systems, hindering the true potential of space exploration. Despite the promise of Space 4.0, the reality is that space remains largely inaccessible to the public at large.\r\n\r\nAgainst this backdrop, a group of hackers and makers is revolutionizing the space industry. By promoting the hacker ethos of innovation, resourcefulness, and open-source principles, they are challenging the status quo and delivering creativity and accessibility into the space sector.\r\n\r\nDriven by the hackerspace movement and the broader community, we, Libre Space Foundation, are actively building our own satellites, space technologies, sharing knowledge and resources, and pushing the boundaries of space exploration. Our mission is to democratize space, making it available to everyone, regardless of background or resources.\r\n\r\nThis emerging movement faces unique challenges, including working within a small, underfunded ecosystem, developing software and hardware, mapping out processes amidst complex space law and global politics, and ensuring long-term sustainability without relying on external funding.\r\n\r\nTo overcome these challenges and harness the full potential of this movement, we propose a manifesto with four pillars:\r\n\r\nOpen Source: All technologies developed for outer space shall be published and licensed using open source licenses.\r\nOpen Data: All data related to and produced in outer space shall be freely accessed, used and built upon by anyone, anywhere, and shall be shared and managed according to the principles above.\r\nOpen Development: All technologies for outer space shall be developed in a transparent, legible, documented, testable, modular, and efficient way.\r\nOpen Governance: All technologies for outer space shall be governed in a participatory, collaborative, direct, and distributed way.\r\n\r\nBy embracing these pillars, we can create a more open, inclusive, and sustainable space ecosystem that empowers individuals and communities to participate in the exploration of the cosmos.\n\n\nEmbark on Libre Space Foundation's journey into the world of open-source space exploration, where a passionate community of hackers and makers is challenging the traditional defense-driven approach to spacefaring. Discover how we are democratizing space by embracing open-source technologies, community collaboration, and a commitment to sustainability.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53599],"name":"Manthos Papamatthaiou","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52457}],"timeband_id":1140,"end":"2023-12-27T17:15:00.000-0000","links":[{"label":"Libre Space Foundation","type":"link","url":"https://libre.space"},{"label":"Libre Space Manifesto","type":"link","url":"https://manifesto.libre.space"}],"id":53599,"village_id":null,"tag_ids":[46122,46136,46140],"begin_timestamp":{"seconds":1703693700,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52457}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T16:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In August 2023, we published the TETRA:BURST vulnerablities - the result of the first public in-depth security analysis of TETRA (Terrestrial Trunked Radio): a European standard for trunked radio globally used by government agencies, police, military, and critical infrastructure. Authentication and encryption within TETRA are handled by proprietary cryptographic cipher-suites, which had remained secret for over two decades through restrictive NDAs until our reverse-engineering and publication.\r\n\r\nTETRA:BURST consists of five vulnerabilities, two of which are critical, including the backdoored TEA1 cipher (crackable in minutes on commodity hardware by a passive adversary), a keystream recovery attack (which works regardless of the cipher employed), and a deanonymization attack with counter-intelligence implications.\r\n\r\nIn this talk, we will discuss and demonstrate the TETRA:BURST vulnerabilities themselves and will - for the first time - disclose the details of the TA61 identity anonymization primitive and our Meet-in-the-Middle deanonymization attack against it. In addition, we will provide more background on how the TEA1 backdoor proliferated throughout Europe and provide attendees with an update on new developments since our initial disclosure, the future of TETRA, and the vast amount of TETRA hardening work that still needs to be done in critical infrastructure.\n\n\nThis talk will present details of the TETRA:BURST vulnerablities - the result of the first public in-depth security analysis of TETRA (Terrestrial Trunked Radio): a European standard for trunked radio globally used by government agencies, police, military, and critical infrastructure relying on secret cryptographic algorithms which we reverse-engineered and published in August 2023. Adding to our initial disclosure, this talk will present new details on our deanonymization attack and provide additional insights into background and new developments.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"All cops are broadcasting","android_description":"In August 2023, we published the TETRA:BURST vulnerablities - the result of the first public in-depth security analysis of TETRA (Terrestrial Trunked Radio): a European standard for trunked radio globally used by government agencies, police, military, and critical infrastructure. Authentication and encryption within TETRA are handled by proprietary cryptographic cipher-suites, which had remained secret for over two decades through restrictive NDAs until our reverse-engineering and publication.\r\n\r\nTETRA:BURST consists of five vulnerabilities, two of which are critical, including the backdoored TEA1 cipher (crackable in minutes on commodity hardware by a passive adversary), a keystream recovery attack (which works regardless of the cipher employed), and a deanonymization attack with counter-intelligence implications.\r\n\r\nIn this talk, we will discuss and demonstrate the TETRA:BURST vulnerabilities themselves and will - for the first time - disclose the details of the TA61 identity anonymization primitive and our Meet-in-the-Middle deanonymization attack against it. In addition, we will provide more background on how the TEA1 backdoor proliferated throughout Europe and provide attendees with an update on new developments since our initial disclosure, the future of TETRA, and the vast amount of TETRA hardening work that still needs to be done in critical infrastructure.\n\n\nThis talk will present details of the TETRA:BURST vulnerablities - the result of the first public in-depth security analysis of TETRA (Terrestrial Trunked Radio): a European standard for trunked radio globally used by government agencies, police, military, and critical infrastructure relying on secret cryptographic algorithms which we reverse-engineered and published in August 2023. Adding to our initial disclosure, this talk will present new details on our deanonymization attack and provide additional insights into background and new developments.","end_timestamp":{"seconds":1703697300,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53587],"name":"Jos Wetzels","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52261},{"conference_id":131,"event_ids":[53587],"name":"Carlo Meijer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52279},{"conference_id":131,"event_ids":[53587],"name":"Wouter Bokslag","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52498}],"timeband_id":1140,"end":"2023-12-27T17:15:00.000-0000","links":[{"label":"TETRA:BURST website","type":"link","url":"https://www.tetraburst.com/"}],"id":53587,"begin_timestamp":{"seconds":1703693700,"nanoseconds":0},"tag_ids":[46124,46136,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52279},{"tag_id":46107,"sort_order":1,"person_id":52261},{"tag_id":46107,"sort_order":1,"person_id":52498}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T16:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Since the dawn of deep mediatization (Hepp, 2020), the start-up scene posing as digital pioneers has been declaring a state of revolution, seeking nothing but disruption with the introductions of their products into society. A goal they definitely achieved with the introduction of micro-mobility services to our cityscapes / public space. \r\n\r\nIn 2020, Dennis de Bel and Anton Jehle therefore initiated the OPENCOIL research project to gain a better understanding of this latest venture capitalist phenomenon, share knowledge, establish a community, and develop tools to provoke a public debate. Later that year, they organized their first public intervention, the roaming speedshow, in Berlin and shared their insights with the community at rc3 (https://media.ccc.de/v/rc3-11575-opencoil\\_a\\_roaming\\_speedshow). \r\n\r\nThe ever changing landscape of micro-mobilty kept Speedy and Scooty invested and they are here at 37C3 to give an update on the OPENCOIL project! The term \"revolution\" has become a beloved buzzword for the platform economy. to take the world by storm: when in early 2018, thousands of electric kick scooters, or “trotinettes” as the french like to call them, flooded the city of Paris , the media sure was quick to coin this the \"micromobility revolution\" (Medium, 2018). As the french are somewhat experts in the field of revolutionizing, Paris is arguably the key to any successful uprising. The seemingly endless back and forth between regulation and cooperation, between sharing and exploiting, progress and regression of micromobility can be observed here like in no other European city. As of August 31st 2023, the trotinettes have been banned from the streets of Paris with almost 90 % of public votes supporting the decision. Today the Bastille square is completely freed from trottinettes: a revolution by the people.\r\n\r\nWith this years talk Scooty and Speedy will be problematising the rise (and fall) of shared mobility and its effects on the basis of Paris as well as related interventions and observations of the past three years.\n\n\nOPENCOIL and the fine art of appropriating micro-mobility services for fun and debate.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"Opencoil","android_description":"Since the dawn of deep mediatization (Hepp, 2020), the start-up scene posing as digital pioneers has been declaring a state of revolution, seeking nothing but disruption with the introductions of their products into society. A goal they definitely achieved with the introduction of micro-mobility services to our cityscapes / public space. \r\n\r\nIn 2020, Dennis de Bel and Anton Jehle therefore initiated the OPENCOIL research project to gain a better understanding of this latest venture capitalist phenomenon, share knowledge, establish a community, and develop tools to provoke a public debate. Later that year, they organized their first public intervention, the roaming speedshow, in Berlin and shared their insights with the community at rc3 (https://media.ccc.de/v/rc3-11575-opencoil\\_a\\_roaming\\_speedshow). \r\n\r\nThe ever changing landscape of micro-mobilty kept Speedy and Scooty invested and they are here at 37C3 to give an update on the OPENCOIL project! The term \"revolution\" has become a beloved buzzword for the platform economy. to take the world by storm: when in early 2018, thousands of electric kick scooters, or “trotinettes” as the french like to call them, flooded the city of Paris , the media sure was quick to coin this the \"micromobility revolution\" (Medium, 2018). As the french are somewhat experts in the field of revolutionizing, Paris is arguably the key to any successful uprising. The seemingly endless back and forth between regulation and cooperation, between sharing and exploiting, progress and regression of micromobility can be observed here like in no other European city. As of August 31st 2023, the trotinettes have been banned from the streets of Paris with almost 90 % of public votes supporting the decision. Today the Bastille square is completely freed from trottinettes: a revolution by the people.\r\n\r\nWith this years talk Scooty and Speedy will be problematising the rise (and fall) of shared mobility and its effects on the basis of Paris as well as related interventions and observations of the past three years.\n\n\nOPENCOIL and the fine art of appropriating micro-mobility services for fun and debate.","end_timestamp":{"seconds":1703697300,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53438],"name":"Speedy","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52364},{"conference_id":131,"event_ids":[53438],"name":"Scooty","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52422}],"timeband_id":1140,"end":"2023-12-27T17:15:00.000-0000","links":[{"label":"Opencoil Website","type":"link","url":"https://opencoil.show/"},{"label":"Opencoil Wiki","type":"link","url":"https://wiki.teilenmachtspass.lol"},{"label":"Opencoil 2020","type":"link","url":"http://dennisdebel.nl/2017/2020-Opencoil/"},{"label":"rc3 Talk","type":"link","url":"https://media.ccc.de/v/rc3-11575-opencoil_a_roaming_speedshow"}],"id":53438,"village_id":null,"tag_ids":[46118,46136,46140],"begin_timestamp":{"seconds":1703693700,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52422},{"tag_id":46107,"sort_order":1,"person_id":52364}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"begin":"2023-12-27T16:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"- Discussion\r\n- Paper Data eSIM giveaway\n\n\nZeroKYC Anonymous eSIM service: security and privacy implications for mobile users. Use cases. Advantages and limitations.\r\nQuestions and answers.\r\nHands-on experience.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Mobile phone privacy with silent.link (Workshop)","android_description":"- Discussion\r\n- Paper Data eSIM giveaway\n\n\nZeroKYC Anonymous eSIM service: security and privacy implications for mobile users. Use cases. Advantages and limitations.\r\nQuestions and answers.\r\nHands-on experience.","end_timestamp":{"seconds":1703696400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T17:00:00.000-0000","id":53909,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703692800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T16:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/hye-eun-kim","title":"Hye-Eun Kim","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703700000,"nanoseconds":0},"android_description":"https://soundcloud.com/hye-eun-kim","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T18:00:00.000-0000","id":53905,"village_id":null,"begin_timestamp":{"seconds":1703692800,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"N","begin":"2023-12-27T16:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir berichten heute in \"Wirtschaft und Gesellschaft\" vom 37C3 in Hamburg. im Mittelpunkt stehen die Diskussion und Talks zur Digitalisierung des Gesundheitswesens.\r\nReporter: Peter Welchering","title":"Deutschlandfunk live: Wirtschaft und Gellschaft","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703694600,"nanoseconds":0},"android_description":"Wir berichten heute in \"Wirtschaft und Gesellschaft\" vom 37C3 in Hamburg. im Mittelpunkt stehen die Diskussion und Talks zur Digitalisierung des Gesundheitswesens.\r\nReporter: Peter Welchering","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T16:30:00.000-0000","id":53903,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703692800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T16:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: Sebastian Jünemann\r\n\r\nEine Menge Planung, eine Menge Bürokratie, ein riesiger Aufwand, um auf dem Papier den Status eines „classified team“ zu bekommen. Aber zwischen Theorie und Praxis klafft eine riesige Lücke. Um zu zeigen was das heißt geben wir in diesem Workshop eine kurze Einführung darin, wie ein Hilfseinsatz technisch und logistisch on ground geplant werden muss…und gehen dann direkt in die Anwendung und organisieren anhand von konkreten Fallbeispielen Einsätze in der Praxis. Seid wie wir wenig überrascht davon wie schlecht sich die reine Theorie in der Praxis umsetzen lässt und wieviel Kreativität und Flexibilität benötigt wird, damit Hilfe wirklich geleistet werden kann und ankommt.\n\n\nCadus befindet sich kurz vor dem Abschluss unserer Klassifikation als Emergency Medical Team nach den Richtlinien der WHO.","title":"Nothing´s ever easy: Katastrophenhilfe zwischen Theorie und Praxis","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703696400,"nanoseconds":0},"android_description":"Host: Sebastian Jünemann\r\n\r\nEine Menge Planung, eine Menge Bürokratie, ein riesiger Aufwand, um auf dem Papier den Status eines „classified team“ zu bekommen. Aber zwischen Theorie und Praxis klafft eine riesige Lücke. Um zu zeigen was das heißt geben wir in diesem Workshop eine kurze Einführung darin, wie ein Hilfseinsatz technisch und logistisch on ground geplant werden muss…und gehen dann direkt in die Anwendung und organisieren anhand von konkreten Fallbeispielen Einsätze in der Praxis. Seid wie wir wenig überrascht davon wie schlecht sich die reine Theorie in der Praxis umsetzen lässt und wieviel Kreativität und Flexibilität benötigt wird, damit Hilfe wirklich geleistet werden kann und ankommt.\n\n\nCadus befindet sich kurz vor dem Abschluss unserer Klassifikation als Emergency Medical Team nach den Richtlinien der WHO.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T17:00:00.000-0000","id":53899,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703692800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","begin":"2023-12-27T16:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Jazz DJ hex328 aus Mudbyte","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Jazzclub 37c3 - hex328","end_timestamp":{"seconds":1703700000,"nanoseconds":0},"android_description":"Jazz DJ hex328 aus Mudbyte","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T18:00:00.000-0000","id":53895,"tag_ids":[46137,46141],"village_id":null,"begin_timestamp":{"seconds":1703692800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T16:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Are you looking for funding for your project? Unsure if your new idea would be likely to get support? Interested in applying for a grant, in getting to know who ensures funds run smoothly or simply curious? Come say hi! We're here to answer all your questions about our funds.\r\n\r\nAt this meetup you will have the opportunity to meet team members from the following funds:\r\n- The Prototype Fund supports software developers, designers and other creatives in transforming their ideas from a concept into a software prototype. Whether data security, mobility, education or democracy – together we explore and test new ways for technical and social innovations as open source software from society and for society. \r\n- NLnet foundation (after its historical contribution to the early internet in Europe) has been financially supporting organizations and people that contribute to an open information society since 1997. It funds those with ideas to fix the internet. The procedure is fast, competitive and open to anyone.\r\n- The Sovereign Tech Fund supports the development, improvement and maintenance of open digital infrastructure. Our goal is to sustainably strengthen the open source ecosystem. We focus on security, resilience, technological diversity, and the people behind the code.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Meet the Funders: Sovereign Tech Fund, NLNet, Prototype Fund","android_description":"Are you looking for funding for your project? Unsure if your new idea would be likely to get support? Interested in applying for a grant, in getting to know who ensures funds run smoothly or simply curious? Come say hi! We're here to answer all your questions about our funds.\r\n\r\nAt this meetup you will have the opportunity to meet team members from the following funds:\r\n- The Prototype Fund supports software developers, designers and other creatives in transforming their ideas from a concept into a software prototype. Whether data security, mobility, education or democracy – together we explore and test new ways for technical and social innovations as open source software from society and for society. \r\n- NLnet foundation (after its historical contribution to the early internet in Europe) has been financially supporting organizations and people that contribute to an open information society since 1997. It funds those with ideas to fix the internet. The procedure is fast, competitive and open to anyone.\r\n- The Sovereign Tech Fund supports the development, improvement and maintenance of open digital infrastructure. Our goal is to sustainably strengthen the open source ecosystem. We focus on security, resilience, technological diversity, and the people behind the code.","end_timestamp":{"seconds":1703696400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T17:00:00.000-0000","id":53628,"village_id":null,"begin_timestamp":{"seconds":1703692800,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"N","begin":"2023-12-27T16:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Format: Open discussion group in which there should be space for networking and connecting with your own projects.\r\n\r\nAgriculture needs more options and integrations in digital processes. The diversity and complexity of the area and activities are a challenge for digitalization. Understanding between the domains of IT and agriculture is only possible with interdisciplinary collaboration, because deeper knowledge in both domains is practically impossible to find in personal union.\r\n\r\nWe discuss which digital options are already available to interested farmers and what obstacles exist despite the variety of offers. This results in aspects of how digitalization should be designed in order to be able to provide added value.\r\n\r\nI will give a short keynote speech to introduce the area and the topics we work on.\n\n\n","title":"Digital in der Landwirtschaft","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703696400,"nanoseconds":0},"android_description":"Format: Open discussion group in which there should be space for networking and connecting with your own projects.\r\n\r\nAgriculture needs more options and integrations in digital processes. The diversity and complexity of the area and activities are a challenge for digitalization. Understanding between the domains of IT and agriculture is only possible with interdisciplinary collaboration, because deeper knowledge in both domains is practically impossible to find in personal union.\r\n\r\nWe discuss which digital options are already available to interested farmers and what obstacles exist despite the variety of offers. This results in aspects of how digitalization should be designed in order to be able to provide added value.\r\n\r\nI will give a short keynote speech to introduce the area and the topics we work on.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T17:00:00.000-0000","id":53622,"begin_timestamp":{"seconds":1703692800,"nanoseconds":0},"tag_ids":[46137,46139,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T16:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"**Mehr Infos zu #1 Merch- und Lieblingskleidung flicken | VisibleMending:**\r\n\r\nEs werden keine Vorkenntnisse gebraucht, was jedoch benötigt wird, ist ein Kleidungsstück, welches ihr flicken wollt. Dies dann bitte einpacken und zum Workshop mitbringen. \r\nSolltet ihr bereits Stoffreste für Flicken oder Stickgarne haben, bringt die auch gerne mit, aber das ist optional. Wir werden auch einiges zur Auswahl da haben für euch.\r\n\r\nEs geht in dem Workshop eher um kleinere Reparaturen wie Löcher, offene Nähte, fehlende Knöpfe. Inspiriert sind die sichtbaren Reparaturen u.a. vom japanischen Sashiko, wo mit feinem Garn ganze Flächen mit einfachen oder aufwendigen oft geometrischen Mustern verziert werden, um Stoffe zu reparieren.\r\n\r\n**Mehr Infos und Link auf die Schablone**: \r\n* [https://pads.haecksen.org/s/visible_mending](https://pads.haecksen.org/s/visible_mending)\r\n\r\n----- \r\n\r\n**Mehr Infos zu 2 || Knitting for beginners and everyone else | Stricken für Anfänger\\*innen und alle, die Lust haben, auf dem 37c3 zu stricken:**\r\n\r\nFür den Strick-Workshop werden keine Vorkenntnisse benötigt. Falls Ihr schon Wolle oder Projektideen habt, bringt alles mit, ich werde aber auch Material für erste Strickversuche dabei haben. \r\n\r\nDer Workshop soll eine kleine Einführungs ins Stricken bieten und richtet sich nach Euren Interessen. Wir können gemeinsam üben, Maschen aufzunehmen, rechte und linke Maschen zu Stricken und einige grundlegende Dinge über verschiedene Techniken zu besprechen. Falls Ihr nach ersten Projekten schaut können wir gemeinsam überlegen, was sinnvolle erste Projekte sein können. Wir werden auch über Online-Ressourcen sprechen, die Ihr nutzen könnt. \r\n\r\nWer möchte, kann ein kleines Projekt im Workshop beginnen. Während der Kongress läuft können wir in Kontakt bleiben und uns zum weiterstricken treffen oder Probleme beheben. \r\n\r\nNo previous knowledge is required for the knitting workshop. If you already have wool or project ideas, bring everything with you, but I will also have material for your first knitting attempts. \r\n\r\nThe workshop will be a short introduction to knitting and will be based on your interests. We can practice picking up stitches together, knitting purl and knit stitches and discuss some basic things about different techniques. If you are thinking about starting a knitting project, we can think about projects, which make sense and don't demotivate you. We will also talk about online resources on knitting. \r\n\r\nIf you like, you can start a little project during the workshop. We can keep in touch during the congress, meet again for a knit-along, or solve issues you have with your project. \r\n\r\n\r\n**Weitere Infos / further information here**\r\nhttps://pad.systemli.org/p/Y6TrGOFTg5qlS9xbx5Yv-keep\n\n\nAchtung: In diesem Slot finden zwei Workshops nebeneinander statt, die ihr besuchen könnt!\r\n\r\n----- \r\n\r\n**1 || Merch- und Lieblingskleidung flicken | #VisibleMending** bei naerrin und neon_mate\r\n\r\nBei diesem kleinen Workshop geht es darum auf kreative Weise seine Kleidung von Hand zu flicken, ohne eine Nähmaschine. Vor allem wenn es sich um das Congress T-shirt von vor 8 Jahren, die absolute Lieblingsjeans oder selbstgemachte Stricksocken handelt, möchte man sich vielleicht noch nicht davon trennen. So eine geflickte Stelle muss aber auch nicht unsichtbar sein, so ein Loch erzählt ja manchmal auch eine Geschichte und bietet auch Raum für kleine Kunstwerke oder lustige Patches, und ein fehlender Knopf kann auch durch einen andersfarbigen Knopf ersetzt werden.\r\n\r\n-----\r\n\r\n\r\n**2 || Knitting for beginners and everyone else | Stricken für Anfänger\\*innen und alle, die Lust haben, auf dem 37c3 zu stricken** bei Sarah\r\n\r\n**EN:** I would like to offer a knitting workshop / gathering for beginners and everyone else interested in knitting a few stitches at 37c3. I think knitting it is a wonderful skill best to be learned by doing and face to face. Beginners could learn some basics straight away, or talk about project ideas. And there are a lot of resources to share in the web we could talk about.\r\n\r\n**GER:** Ich möchte einen Strickworkshop / ein Stricktreffen für Anfänger und alle, die ein paar Maschen beim 37c3 stricken wollen, anbieten. Stricken ist eine tolle Fertigkeit, die Du Dir am besten \"learning by doing\" mit anderen zusammen aneignen kannst. Anfänger*innen könnten sofort einige Grundlagen lernen oder über Projektideen sprechen. Und es gibt einige Ressourcen im Internet, über die wir uns austauschen könnten.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#7f73c6","name":"Workshop","id":46133},"title":"Merch und Lieblingskleidung flicken | Stricken für Anfänger*innen || 2 Workshops parallel","end_timestamp":{"seconds":1703697000,"nanoseconds":0},"android_description":"**Mehr Infos zu #1 Merch- und Lieblingskleidung flicken | VisibleMending:**\r\n\r\nEs werden keine Vorkenntnisse gebraucht, was jedoch benötigt wird, ist ein Kleidungsstück, welches ihr flicken wollt. Dies dann bitte einpacken und zum Workshop mitbringen. \r\nSolltet ihr bereits Stoffreste für Flicken oder Stickgarne haben, bringt die auch gerne mit, aber das ist optional. Wir werden auch einiges zur Auswahl da haben für euch.\r\n\r\nEs geht in dem Workshop eher um kleinere Reparaturen wie Löcher, offene Nähte, fehlende Knöpfe. Inspiriert sind die sichtbaren Reparaturen u.a. vom japanischen Sashiko, wo mit feinem Garn ganze Flächen mit einfachen oder aufwendigen oft geometrischen Mustern verziert werden, um Stoffe zu reparieren.\r\n\r\n**Mehr Infos und Link auf die Schablone**: \r\n* [https://pads.haecksen.org/s/visible_mending](https://pads.haecksen.org/s/visible_mending)\r\n\r\n----- \r\n\r\n**Mehr Infos zu 2 || Knitting for beginners and everyone else | Stricken für Anfänger\\*innen und alle, die Lust haben, auf dem 37c3 zu stricken:**\r\n\r\nFür den Strick-Workshop werden keine Vorkenntnisse benötigt. Falls Ihr schon Wolle oder Projektideen habt, bringt alles mit, ich werde aber auch Material für erste Strickversuche dabei haben. \r\n\r\nDer Workshop soll eine kleine Einführungs ins Stricken bieten und richtet sich nach Euren Interessen. Wir können gemeinsam üben, Maschen aufzunehmen, rechte und linke Maschen zu Stricken und einige grundlegende Dinge über verschiedene Techniken zu besprechen. Falls Ihr nach ersten Projekten schaut können wir gemeinsam überlegen, was sinnvolle erste Projekte sein können. Wir werden auch über Online-Ressourcen sprechen, die Ihr nutzen könnt. \r\n\r\nWer möchte, kann ein kleines Projekt im Workshop beginnen. Während der Kongress läuft können wir in Kontakt bleiben und uns zum weiterstricken treffen oder Probleme beheben. \r\n\r\nNo previous knowledge is required for the knitting workshop. If you already have wool or project ideas, bring everything with you, but I will also have material for your first knitting attempts. \r\n\r\nThe workshop will be a short introduction to knitting and will be based on your interests. We can practice picking up stitches together, knitting purl and knit stitches and discuss some basic things about different techniques. If you are thinking about starting a knitting project, we can think about projects, which make sense and don't demotivate you. We will also talk about online resources on knitting. \r\n\r\nIf you like, you can start a little project during the workshop. We can keep in touch during the congress, meet again for a knit-along, or solve issues you have with your project. \r\n\r\n\r\n**Weitere Infos / further information here**\r\nhttps://pad.systemli.org/p/Y6TrGOFTg5qlS9xbx5Yv-keep\n\n\nAchtung: In diesem Slot finden zwei Workshops nebeneinander statt, die ihr besuchen könnt!\r\n\r\n----- \r\n\r\n**1 || Merch- und Lieblingskleidung flicken | #VisibleMending** bei naerrin und neon_mate\r\n\r\nBei diesem kleinen Workshop geht es darum auf kreative Weise seine Kleidung von Hand zu flicken, ohne eine Nähmaschine. Vor allem wenn es sich um das Congress T-shirt von vor 8 Jahren, die absolute Lieblingsjeans oder selbstgemachte Stricksocken handelt, möchte man sich vielleicht noch nicht davon trennen. So eine geflickte Stelle muss aber auch nicht unsichtbar sein, so ein Loch erzählt ja manchmal auch eine Geschichte und bietet auch Raum für kleine Kunstwerke oder lustige Patches, und ein fehlender Knopf kann auch durch einen andersfarbigen Knopf ersetzt werden.\r\n\r\n-----\r\n\r\n\r\n**2 || Knitting for beginners and everyone else | Stricken für Anfänger\\*innen und alle, die Lust haben, auf dem 37c3 zu stricken** bei Sarah\r\n\r\n**EN:** I would like to offer a knitting workshop / gathering for beginners and everyone else interested in knitting a few stitches at 37c3. I think knitting it is a wonderful skill best to be learned by doing and face to face. Beginners could learn some basics straight away, or talk about project ideas. And there are a lot of resources to share in the web we could talk about.\r\n\r\n**GER:** Ich möchte einen Strickworkshop / ein Stricktreffen für Anfänger und alle, die ein paar Maschen beim 37c3 stricken wollen, anbieten. Stricken ist eine tolle Fertigkeit, die Du Dir am besten \"learning by doing\" mit anderen zusammen aneignen kannst. Anfänger*innen könnten sofort einige Grundlagen lernen oder über Projektideen sprechen. Und es gibt einige Ressourcen im Internet, über die wir uns austauschen könnten.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53472],"name":"Sarah","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52463},{"conference_id":131,"event_ids":[53472],"name":"neon_mate","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52501}],"timeband_id":1140,"links":[],"end":"2023-12-27T17:10:00.000-0000","id":53472,"tag_ids":[46133,46139],"begin_timestamp":{"seconds":1703691600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52463},{"tag_id":46107,"sort_order":1,"person_id":52501}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"spans_timebands":"N","begin":"2023-12-27T15:40:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Mit Carsten Besser, Daniel Evers, Manfred Kloiber, Peter Welchering und Marie Zinkann\n\n\nWir berichten täglich live vom 37C3 aus dem Sendezentrum Stage","title":"Deutschlandfunk live: Forschung Aktuell .","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"Mit Carsten Besser, Daniel Evers, Manfred Kloiber, Peter Welchering und Marie Zinkann\n\n\nWir berichten täglich live vom 37C3 aus dem Sendezentrum Stage","end_timestamp":{"seconds":1703692800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T16:00:00.000-0000","id":53636,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703691000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T15:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In this session, we introduce the Critical Decentralization Cluster and its 9 Assemblies. We will present to you the content and the workshop program of our Cluster. The aim of this session is to bring you closer to the content and the people behind the Assemblies. https://decentral.community\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"CDC: Introduction to Critical Decentralization","android_description":"In this session, we introduce the Critical Decentralization Cluster and its 9 Assemblies. We will present to you the content and the workshop program of our Cluster. The aim of this session is to bring you closer to the content and the people behind the Assemblies. https://decentral.community","end_timestamp":{"seconds":1703692800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T16:00:00.000-0000","id":53471,"village_id":null,"begin_timestamp":{"seconds":1703691000,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"begin":"2023-12-27T15:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"DearMEP is a tool to empower citizens to reach out – easy, directly and free of charge – to their elected representatives in the European Parliament. Our goal is to make the voices of average people heard in the political process!\r\n\r\nMany important decisions are taken in Europe. Yet, Brussels and Strasbourg often seem further away than national politics. DearMEP is a tool that brings EU politicians much closer to home and to the people they should be accountable to. NGOs can use this free software tool to empower their constituency to counter the power of paid lobbyists. Users don’t need to learn how the EU works, which politician to call under which number. They only need to care about the issue and spend time – not money – to make a difference.\r\n\r\nIn this session the team behind DearMEP.eu showcases the near final tool, talks about FOSS release, listens to the community. Particularly, if you come from the climate, migration or LGBTQI* movement, we hope our tool can help your community be heard. Come by! \r\n\r\nDearMEP.eu is a project of epicenter.works. Their assembly is an alternative contact point, but the people working on the project might not be there when you stop by. More info on https://dearmep.eu/\n\n\n","title":"DearMEP: EU Lobbying FOSS Tool","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"DearMEP is a tool to empower citizens to reach out – easy, directly and free of charge – to their elected representatives in the European Parliament. Our goal is to make the voices of average people heard in the political process!\r\n\r\nMany important decisions are taken in Europe. Yet, Brussels and Strasbourg often seem further away than national politics. DearMEP is a tool that brings EU politicians much closer to home and to the people they should be accountable to. NGOs can use this free software tool to empower their constituency to counter the power of paid lobbyists. Users don’t need to learn how the EU works, which politician to call under which number. They only need to care about the issue and spend time – not money – to make a difference.\r\n\r\nIn this session the team behind DearMEP.eu showcases the near final tool, talks about FOSS release, listens to the community. Particularly, if you come from the climate, migration or LGBTQI* movement, we hope our tool can help your community be heard. Come by! \r\n\r\nDearMEP.eu is a project of epicenter.works. Their assembly is an alternative contact point, but the people working on the project might not be there when you stop by. More info on https://dearmep.eu/","end_timestamp":{"seconds":1703692800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T16:00:00.000-0000","id":53631,"begin_timestamp":{"seconds":1703689200,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The axiom of choice might be the most contested axiom in the list of foundational principles of mathematics, with advocates and opponents engaging in fierce philosophical debates.\r\n\r\nSome regard it as obviously true while others cannot be convinced by any argument whatsoever because they know counterexamples.\r\n\r\nHow can there be so much discussion about—in mathematics, which is supposed to be neutral and objective, where every question should be settled by a computation or proof?\r\n\r\nIn the talk we will:\r\n\r\n- Learn what the axiom of choice asserts.\r\n- Understand why it is useful.\r\n- Embrace the danger of adopting the axiom of choice.\r\n- Enjoy how the axiom of choice can be safely simulated in a universe called \"Gödel's sandbox\".\r\n- Touch on axioms which are less-contested but actually more severe.\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/) **There also the slides will be published.**\r\n\r\n🧮\n\n\n","title":"Wondrous mathematics: Three bizarre logico-philosophical tales about the axiom of choice","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"The axiom of choice might be the most contested axiom in the list of foundational principles of mathematics, with advocates and opponents engaging in fierce philosophical debates.\r\n\r\nSome regard it as obviously true while others cannot be convinced by any argument whatsoever because they know counterexamples.\r\n\r\nHow can there be so much discussion about—in mathematics, which is supposed to be neutral and objective, where every question should be settled by a computation or proof?\r\n\r\nIn the talk we will:\r\n\r\n- Learn what the axiom of choice asserts.\r\n- Understand why it is useful.\r\n- Embrace the danger of adopting the axiom of choice.\r\n- Enjoy how the axiom of choice can be safely simulated in a universe called \"Gödel's sandbox\".\r\n- Touch on axioms which are less-contested but actually more severe.\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/) **There also the slides will be published.**\r\n\r\n🧮","end_timestamp":{"seconds":1703692800,"nanoseconds":0},"updated_timestamp":{"seconds":1703974680,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T16:00:00.000-0000","id":53620,"begin_timestamp":{"seconds":1703689200,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"begin":"2023-12-27T15:00:00.000-0000","updated":"2023-12-30T22:18:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Die sichere E-Mail-Infrastruktur für Ärzt\\*innen, Apotheker\\*innen, Krankenversicherungen und Kliniken in Deutschland, KIM – Kommunikation im Gesundheitswesen – ist mit über 200 Millionen E-Mails in den letzten zwei Jahren eine der am meisten genutzten Anwendungen in der Telematikinfrastruktur (TI). KIM verspricht sichere Ende-zu-Ende-Verschlüsselung zwischen Heilberufler\\*innen in ganz Deutschland, wofür S/MIME-Zertifikate für alle medizinisch Beteiligten in Deutschland ausgegeben wurden.\r\n\r\nWas aber passiert, wenn man die Schlüsselausgabe-Prozesse in der TI falsch designt? Was passiert, wenn man unsichere Software im Feld nicht patcht? Was passiert, wenn man zu viel Sicherheit vor den Nutzenden abstrahieren möchte?\r\n\r\nDie Antwort: Man bekommt eine theoretisch kryptographisch sichere Lösung, die in der Praxis die gesteckten Ziele nicht erreicht.\r\n\r\nAlle gefundenen Schwachstellen wurden den Betroffenen im Rahmen abgeschlossener Responsible Disclosure-Prozesse mitgeteilt.\n\n\nElektronische Arbeitsunfähigkeitsbescheinigungen (eAU), Arztbriefe, medizinische Diagnosen, all diese sensiblen Daten werden heute mittels KIM – Kommunikation im Gesundheitswesen – über die Telematikinfrastruktur (TI) verschickt.\r\n\r\nAber ist der Dienst wirklich sicher? Wer kann die Nachrichten lesen, wo werden die E-Mails entschlüsselt und wie sicher ist die KIM-Software? Im Live-Setup einer Zahnarztpraxis haben wir Antworten auf diese Fragen gesucht.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"KIM: Kaos In der Medizinischen Telematikinfrastruktur (TI)","android_description":"Die sichere E-Mail-Infrastruktur für Ärzt\\*innen, Apotheker\\*innen, Krankenversicherungen und Kliniken in Deutschland, KIM – Kommunikation im Gesundheitswesen – ist mit über 200 Millionen E-Mails in den letzten zwei Jahren eine der am meisten genutzten Anwendungen in der Telematikinfrastruktur (TI). KIM verspricht sichere Ende-zu-Ende-Verschlüsselung zwischen Heilberufler\\*innen in ganz Deutschland, wofür S/MIME-Zertifikate für alle medizinisch Beteiligten in Deutschland ausgegeben wurden.\r\n\r\nWas aber passiert, wenn man die Schlüsselausgabe-Prozesse in der TI falsch designt? Was passiert, wenn man unsichere Software im Feld nicht patcht? Was passiert, wenn man zu viel Sicherheit vor den Nutzenden abstrahieren möchte?\r\n\r\nDie Antwort: Man bekommt eine theoretisch kryptographisch sichere Lösung, die in der Praxis die gesteckten Ziele nicht erreicht.\r\n\r\nAlle gefundenen Schwachstellen wurden den Betroffenen im Rahmen abgeschlossener Responsible Disclosure-Prozesse mitgeteilt.\n\n\nElektronische Arbeitsunfähigkeitsbescheinigungen (eAU), Arztbriefe, medizinische Diagnosen, all diese sensiblen Daten werden heute mittels KIM – Kommunikation im Gesundheitswesen – über die Telematikinfrastruktur (TI) verschickt.\r\n\r\nAber ist der Dienst wirklich sicher? Wer kann die Nachrichten lesen, wo werden die E-Mails entschlüsselt und wie sicher ist die KIM-Software? Im Live-Setup einer Zahnarztpraxis haben wir Antworten auf diese Fragen gesucht.","end_timestamp":{"seconds":1703692800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53608],"name":"Christoph Saatjohann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52369},{"conference_id":131,"event_ids":[53608],"name":"Sebastian Schinzel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52418}],"timeband_id":1140,"links":[],"end":"2023-12-27T16:00:00.000-0000","id":53608,"village_id":null,"tag_ids":[46124,46136,46139],"begin_timestamp":{"seconds":1703689200,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52369},{"tag_id":46107,"sort_order":1,"person_id":52418}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This talk is about how I reverse engineered the final remaining firmware blob on the Talos II/Blackbird POWER9 systems, enabling it to be replaced with an open source replacement, in an intensive reverse engineering effort that spanned several years.\r\n\r\nThe talk will begin by introducing the open source firmware movement and its practical and ethical motivations, and note the obstacles to delivering fully open source firmware for contemporary x86 and other platforms and explaining the motive behind the project, before moving onto a more technical discussion of the adventure of firmware reverse engineering and the obstacles encountered.\r\n\r\nSubjects I intend to cover include: how the original proprietary firmware was reverse engineered from scratch with only limited knowledge of device internals; the long history of Broadcom NIC architecture and its evolution over time; the tools that had to be developed to enable the device probing, testing and reversing process; the story of a horrifying but necessary detour into reversing x86 real mode code and the novel methodology used to aid reversing; how modern NICs allow BMCs in servers to share network ports with the host, and the security hazards this creates; and how fully open source firmware was created legally using a clean room process.\r\n\r\nThis talk will be accessible to audiences unfamiliar with POWER9 or the open source firmware community, but is also intended to cover some new ground and be of interest to those familiar with the project. The talk will mainly be of interest to those interested in open source firmware and issues such as owner control and the security and auditability issues caused by proprietary firmware, and to those interested in reverse engineering.\r\n\n\n\nIn an era where vendors increasingly seek to use proprietary software in the devices around us to exert control over their users, the desire for open source software has expanded to the firmware that allows our machines to function, and platforms which individuals can trust and control have never been more important. However, changes to hardware platforms in recent years such as the Intel ME, vendor-supplied binary blobs and vendor-signed firmware images have repeatedly set back efforts to create open source firmware for the computers we use. The release of Power servers with 99% open source firmware excited many who had been searching for a computer they could trust, but one proprietary firmware blob remained: that of the Ethernet controller. This is the story of how that blob was reverse engineered and replaced with an open source replacement, delivering the first machine with desktop-class performance and 100% open source firmware in many years.","title":"Adventures in Reverse Engineering Broadcom NIC Firmware","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"This talk is about how I reverse engineered the final remaining firmware blob on the Talos II/Blackbird POWER9 systems, enabling it to be replaced with an open source replacement, in an intensive reverse engineering effort that spanned several years.\r\n\r\nThe talk will begin by introducing the open source firmware movement and its practical and ethical motivations, and note the obstacles to delivering fully open source firmware for contemporary x86 and other platforms and explaining the motive behind the project, before moving onto a more technical discussion of the adventure of firmware reverse engineering and the obstacles encountered.\r\n\r\nSubjects I intend to cover include: how the original proprietary firmware was reverse engineered from scratch with only limited knowledge of device internals; the long history of Broadcom NIC architecture and its evolution over time; the tools that had to be developed to enable the device probing, testing and reversing process; the story of a horrifying but necessary detour into reversing x86 real mode code and the novel methodology used to aid reversing; how modern NICs allow BMCs in servers to share network ports with the host, and the security hazards this creates; and how fully open source firmware was created legally using a clean room process.\r\n\r\nThis talk will be accessible to audiences unfamiliar with POWER9 or the open source firmware community, but is also intended to cover some new ground and be of interest to those familiar with the project. The talk will mainly be of interest to those interested in open source firmware and issues such as owner control and the security and auditability issues caused by proprietary firmware, and to those interested in reverse engineering.\r\n\n\n\nIn an era where vendors increasingly seek to use proprietary software in the devices around us to exert control over their users, the desire for open source software has expanded to the firmware that allows our machines to function, and platforms which individuals can trust and control have never been more important. However, changes to hardware platforms in recent years such as the Intel ME, vendor-supplied binary blobs and vendor-signed firmware images have repeatedly set back efforts to create open source firmware for the computers we use. The release of Power servers with 99% open source firmware excited many who had been searching for a computer they could trust, but one proprietary firmware blob remained: that of the Ethernet controller. This is the story of how that blob was reverse engineered and replaced with an open source replacement, delivering the first machine with desktop-class performance and 100% open source firmware in many years.","end_timestamp":{"seconds":1703692800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"end":"2023-12-27T16:00:00.000-0000","links":[{"label":"Talk information and related links","type":"link","url":"https://www.devever.net/~hl/ortega-37c3/"},{"label":"Slides (handout version)","type":"link","url":"https://www.devever.net/~hl/ortega-37c3/ortega-37c3-handout.pdf"}],"id":53598,"village_id":null,"tag_ids":[46122,46136,46140],"begin_timestamp":{"seconds":1703689200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"As AI-generated content, social-media influence operations, micro-targeted advertising, and ubiquitous surveillance have become the norm on the Internet and in the market in general, we have entered an era of PSYOP Capitalism. This is an era of hallucinations designed to transform each of us into a “targeted individual” through the manipulation of perception. This talk explores a secret history of reality-altering military and intelligence programs that serve as antecedents to a phantasmagoric present.\r\n\r\nAt the talk, attendees will be given a registration code to play “CYCLOPS,” a CTF/ARG game that will run the duration of Congress. CYCLOPS explores the themes of the mind-control and PSYOPS through an interactive parafictional narrative taking place in the context of an obscure CIA cognitive warfare program from the early days of the Cold War.\r\n\n\n\nHow the history of military and government PSYOPS involving mind-control, UFOs, magic, and remote-control zombies, explains the future of AI and generative media. Along the way, talk attendees will be given an enrollment code to join a specialized CTF/ARG game called CYCLOPS that explores these themes and that will run the duration of Congress. ","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"YOU’VE JUST BEEN FUCKED BY PSYOPS","end_timestamp":{"seconds":1703692800,"nanoseconds":0},"android_description":"As AI-generated content, social-media influence operations, micro-targeted advertising, and ubiquitous surveillance have become the norm on the Internet and in the market in general, we have entered an era of PSYOP Capitalism. This is an era of hallucinations designed to transform each of us into a “targeted individual” through the manipulation of perception. This talk explores a secret history of reality-altering military and intelligence programs that serve as antecedents to a phantasmagoric present.\r\n\r\nAt the talk, attendees will be given a registration code to play “CYCLOPS,” a CTF/ARG game that will run the duration of Congress. CYCLOPS explores the themes of the mind-control and PSYOPS through an interactive parafictional narrative taking place in the context of an obscure CIA cognitive warfare program from the early days of the Cold War.\r\n\n\n\nHow the history of military and government PSYOPS involving mind-control, UFOs, magic, and remote-control zombies, explains the future of AI and generative media. Along the way, talk attendees will be given an enrollment code to join a specialized CTF/ARG game called CYCLOPS that explores these themes and that will run the duration of Congress.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[{"label":"PSYOPS and CYCLOPS","type":"link","url":"https://www.paglen.studio/37C3"}],"end":"2023-12-27T16:00:00.000-0000","id":53586,"tag_ids":[46118,46136,46140],"begin_timestamp":{"seconds":1703689200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"New technology seems to herald progress toward improving public safety in relation to old threats, from heinous crimes like child sexual abuse and terrorism, to illnesses like cancer and heart disease. Enter \"Chat Control,\" a mass scanning program designed to flag potential child sexual abuse material in digital communications. While the goal of protecting children from exploitation is laudable, the statistical and social implications of such a mass screening program are scary. An empirical demonstration of Bayes’ rule in this context shows that, under relevant conditions of rarity, persistent inferential uncertainty, and substantial secondary screening harms, Chat Control and programs like it backfire, net degrading the very safety they’re intended to advance. \r\n\r\nHighlighting the inescapable accuracy-error dilemma in probability theory, we'll journey through the nuances of the base rate fallacy, highlighting how mass screening programs’ real-world efficacy is often not what it seems. When screenings involve entire populations, high \"accuracy\" translates into huge numbers of false positives. Additionally, proponents of such screenings have perverse incentives to inflate accuracy — and real-world validation to mitigate such inflation is often impossible. Dedicated attackers can also game the system, inflating false negatives. Meanwhile, secondary screening harms accrue to the very people we’re trying to protect. So, under certain common conditions, net harm can result from well-intentioned mass screenings. \r\n\r\nThese problems extend well beyond this particular program. The structure and challenges faced by Chat Control parallel those faced by other programs that share the same mathematical structure across diverse domains, from healthcare screenings for numerous diseases, to educational screenings for plagiarism and LLM use, and digital platform screenings for misinformation. Numerous additional case studies are discussed in brief. But the pattern is the point. The laws of statistics don’t change. Maybe policy-level understanding of their implications, can.\r\n\r\nSolutions to the complex, system-level problem of mass screenings for low-prevalence problems (MaSLoPPs) must themselves work at the level of the system. This focus looks different from individual-level solutions often proposed, particularly in the health context in terms of risk communication and informed consent. Across contexts, we need evidence-based policy that holds interventions to basic scientific evidentiary standards. The burden of proof that new programs do more good than harm must rest on proponents. Independent reviewers should evaluate evidence to that standard. Transparency is a prerequisite of such independent review.\r\n\r\nIn addition enhancing policymaker and public understanding of these statistical realities, and adopting widely accepted scientific evidentiary standards, society has to grapple with another set of perverse incentives: Politicians and policymakers may benefit from being seen as taking visible action on emotionally powerful issues — even if that action is likely to have bad consequences. This implicates the ancient tension between democratic participation and expertise that Plato satirized in “Gorgias.” Just as children might rather have their illnesses treated by pastry chefs than doctors, so too majorities in democratic publics might rather have their politicians “just do something” against horrible problems like child abuse, terror, and cancer — than not. Even if those efforts net harm people in exactly the feared contexts (e.g., degrading security and health). But if we care about outcomes, then critically evaluating interventions by explaining their statistical implications, and actually measuring outcomes of interest empirically, seems like a good start to improve evidence-based policymaking, and also presents one way to perhaps mitigate the problem of short-term perverse political incentives. \r\n\r\nDue to such perverse incentives and cognitive biases, we should expect political institutions to continue to struggle to formulate and implement a regulatory structure governing MaSLoPPs. One other facet of such a structure might stipulate deliberate ignorance as an opt-in/opt-out patient right. This way, medical information that is overwhelmingly likely to lead to needless anxiety and hassle at best — and unnecessary and harmful intervention at worst — such as incidental growth findings on imaging, doesn’t have to filter down to patients whom immediate healthcare providers may have financial incentives to overdiagnose. \r\n\r\nTogether we can clean up MaSLoPP!\n\n\nAs technological changes including digitalization and AI increase infrastructural capacities to deliver services, new mass screenings for low-prevalence problems (MaSLoPPs) appear to improve on old ways of advancing public interests. Their high accuracy and low false positive rates – probabilities – can sound dazzling. But translating the identical statistical information into frequency formats – body counts – shows they tend to backfire. The common (false positives) overwhelms the rare (true positives) – with serious possible consequences. Ignoring this fact is known as the base rate fallacy - a common cognitive bias. Due to pervasive cognitive biases such as this, as well as perverse structural incentives, society needs a regulatory framework governing programs that share this dangerous structure. This framework must work at the system rather than individual level. It should include better mechanisms for evidence-based policymaking that holds interventions to basic scientific evidentiary standards, and a right to deliberate ignorance where relevant. These solutions may help combat perverse incentives and cognitive biases, mitigating the damage from these dangerous programs. But we should expect ongoing sociopolitical struggle to articulate and address the problem of likely net damage from this type of program under common conditions.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#6fdce3","name":"Talk 30 min + 10 min Q&A","id":46131},"title":"Chat Control: Mass Screenings, Massive Dangers","android_description":"New technology seems to herald progress toward improving public safety in relation to old threats, from heinous crimes like child sexual abuse and terrorism, to illnesses like cancer and heart disease. Enter \"Chat Control,\" a mass scanning program designed to flag potential child sexual abuse material in digital communications. While the goal of protecting children from exploitation is laudable, the statistical and social implications of such a mass screening program are scary. An empirical demonstration of Bayes’ rule in this context shows that, under relevant conditions of rarity, persistent inferential uncertainty, and substantial secondary screening harms, Chat Control and programs like it backfire, net degrading the very safety they’re intended to advance. \r\n\r\nHighlighting the inescapable accuracy-error dilemma in probability theory, we'll journey through the nuances of the base rate fallacy, highlighting how mass screening programs’ real-world efficacy is often not what it seems. When screenings involve entire populations, high \"accuracy\" translates into huge numbers of false positives. Additionally, proponents of such screenings have perverse incentives to inflate accuracy — and real-world validation to mitigate such inflation is often impossible. Dedicated attackers can also game the system, inflating false negatives. Meanwhile, secondary screening harms accrue to the very people we’re trying to protect. So, under certain common conditions, net harm can result from well-intentioned mass screenings. \r\n\r\nThese problems extend well beyond this particular program. The structure and challenges faced by Chat Control parallel those faced by other programs that share the same mathematical structure across diverse domains, from healthcare screenings for numerous diseases, to educational screenings for plagiarism and LLM use, and digital platform screenings for misinformation. Numerous additional case studies are discussed in brief. But the pattern is the point. The laws of statistics don’t change. Maybe policy-level understanding of their implications, can.\r\n\r\nSolutions to the complex, system-level problem of mass screenings for low-prevalence problems (MaSLoPPs) must themselves work at the level of the system. This focus looks different from individual-level solutions often proposed, particularly in the health context in terms of risk communication and informed consent. Across contexts, we need evidence-based policy that holds interventions to basic scientific evidentiary standards. The burden of proof that new programs do more good than harm must rest on proponents. Independent reviewers should evaluate evidence to that standard. Transparency is a prerequisite of such independent review.\r\n\r\nIn addition enhancing policymaker and public understanding of these statistical realities, and adopting widely accepted scientific evidentiary standards, society has to grapple with another set of perverse incentives: Politicians and policymakers may benefit from being seen as taking visible action on emotionally powerful issues — even if that action is likely to have bad consequences. This implicates the ancient tension between democratic participation and expertise that Plato satirized in “Gorgias.” Just as children might rather have their illnesses treated by pastry chefs than doctors, so too majorities in democratic publics might rather have their politicians “just do something” against horrible problems like child abuse, terror, and cancer — than not. Even if those efforts net harm people in exactly the feared contexts (e.g., degrading security and health). But if we care about outcomes, then critically evaluating interventions by explaining their statistical implications, and actually measuring outcomes of interest empirically, seems like a good start to improve evidence-based policymaking, and also presents one way to perhaps mitigate the problem of short-term perverse political incentives. \r\n\r\nDue to such perverse incentives and cognitive biases, we should expect political institutions to continue to struggle to formulate and implement a regulatory structure governing MaSLoPPs. One other facet of such a structure might stipulate deliberate ignorance as an opt-in/opt-out patient right. This way, medical information that is overwhelmingly likely to lead to needless anxiety and hassle at best — and unnecessary and harmful intervention at worst — such as incidental growth findings on imaging, doesn’t have to filter down to patients whom immediate healthcare providers may have financial incentives to overdiagnose. \r\n\r\nTogether we can clean up MaSLoPP!\n\n\nAs technological changes including digitalization and AI increase infrastructural capacities to deliver services, new mass screenings for low-prevalence problems (MaSLoPPs) appear to improve on old ways of advancing public interests. Their high accuracy and low false positive rates – probabilities – can sound dazzling. But translating the identical statistical information into frequency formats – body counts – shows they tend to backfire. The common (false positives) overwhelms the rare (true positives) – with serious possible consequences. Ignoring this fact is known as the base rate fallacy - a common cognitive bias. Due to pervasive cognitive biases such as this, as well as perverse structural incentives, society needs a regulatory framework governing programs that share this dangerous structure. This framework must work at the system rather than individual level. It should include better mechanisms for evidence-based policymaking that holds interventions to basic scientific evidentiary standards, and a right to deliberate ignorance where relevant. These solutions may help combat perverse incentives and cognitive biases, mitigating the damage from these dangerous programs. But we should expect ongoing sociopolitical struggle to articulate and address the problem of likely net damage from this type of program under common conditions.","end_timestamp":{"seconds":1703692800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53476],"name":"Vera Wilde","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52257}],"timeband_id":1140,"links":[],"end":"2023-12-27T16:00:00.000-0000","id":53476,"village_id":null,"tag_ids":[46131,46139],"begin_timestamp":{"seconds":1703689200,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52257}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"begin":"2023-12-27T15:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"You like roleplaying games? You enjoy LARP, TTRPG, Improv, story telling or simulation games? You have no idea what this is about and want to try out stuff? This is a meetup for cooperative improvised story telling. Children and adults are welcome. If you do game design, creative writing, education or therapy, please come by.\n\n\nRollenspiele","title":"Geschichten erzählen - The Storytellers Den (LARP) - Tag 1","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"You like roleplaying games? You enjoy LARP, TTRPG, Improv, story telling or simulation games? You have no idea what this is about and want to try out stuff? This is a meetup for cooperative improvised story telling. Children and adults are welcome. If you do game design, creative writing, education or therapy, please come by.\n\n\nRollenspiele","end_timestamp":{"seconds":1703696400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T17:00:00.000-0000","id":53455,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703689200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Kidspace - Workshopraum in Saal B","hotel":"","short_name":"Kidspace - Workshopraum in Saal B","id":46143},"begin":"2023-12-27T15:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Nicht cis Personen only\r\n\r\nDer Weg der Transition ist für jeden sehr individuell und trotzdem gibt es viele Überschneidungen. Mensch bemerkt die ersten Veränderungen und kann diese nicht einordnen oder bekommt eine Ablehnung oder Zusage von der Krankenkasse, Erzähl von deinen Erfahrungen, denn hier findest du Leute, die ähnliche Erlebnisse oder Erfahrungen gemacht haben. Eventuell standen diese vor einem Ähnlichen Problem und wissen wie es weiter gehen kann oder du willst einfach deine aktuelle Freude teilen. Lass uns austauschen, denn gemeinsam sind wir stärker.\n\n\nNicht cis Personen only.\r\nAustauschrunde über Freud und Leid der Transition und allem drumherum","title":"Trans Austauschrunde","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#7f73c6","name":"Workshop","id":46133},"android_description":"Nicht cis Personen only\r\n\r\nDer Weg der Transition ist für jeden sehr individuell und trotzdem gibt es viele Überschneidungen. Mensch bemerkt die ersten Veränderungen und kann diese nicht einordnen oder bekommt eine Ablehnung oder Zusage von der Krankenkasse, Erzähl von deinen Erfahrungen, denn hier findest du Leute, die ähnliche Erlebnisse oder Erfahrungen gemacht haben. Eventuell standen diese vor einem Ähnlichen Problem und wissen wie es weiter gehen kann oder du willst einfach deine aktuelle Freude teilen. Lass uns austauschen, denn gemeinsam sind wir stärker.\n\n\nNicht cis Personen only.\r\nAustauschrunde über Freud und Leid der Transition und allem drumherum","end_timestamp":{"seconds":1703691000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53640,53505],"name":"captain-maramo","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52282}],"timeband_id":1140,"links":[],"end":"2023-12-27T15:30:00.000-0000","id":53505,"village_id":null,"begin_timestamp":{"seconds":1703687400,"nanoseconds":0},"tag_ids":[46133,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52282}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T14:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: Tobias Diekershoff\r\n\r\nDie REUSE-Initiative der FSFE trägt zu dem Ziel bei, rechtliche Informationen in Freie Software-Projekten klar darzustellen, indem sie in jede Datei des Repositorys eingebettet werden. Jedes Projekt, das den REUSE-Empfehlungen folgt, macht Copyright- und Lizenzinformationen sowohl für Menschen als auch für Maschinen lesbar. Wir stellen sicher, dass Einzelpersonen, Organisationen und Unternehmen, die Code wiederverwenden, die vom ursprünglichen Autor gewählten Lizenzbedingungen kennen und respektieren, und machen so das Leben für alle Beteiligten in der Software-Lieferkette einfacher.\r\n\r\nREUSE fügt sich nahtlos in Entwicklungsprozesse und andere bewährte Verfahren zur Angabe von Lizenzen für freie Software ein. Darüber hinaus gibt es Werkzeuge und Dokumentation, die Ihnen den Einstieg erleichtern. In diesem Vortrag werden wir über die Erfahrungen großer Projekte berichten, die REUSE-konform geworden sind (z.B. curl oder GNUHealth), und die neuesten Funktionen unseres REUSE-Hilfsmittels vorstellen, mit dem die Angabe von Lizenzinformationen zu einem schnellen und unterhaltsamen Unterfangen wird.\n\n\nDa Software in den letzten Jahren immer komplexer geworden ist, ist es noch wichtiger geworden, Lizenzinformationen anzugeben.","title":"REUSE Workshop","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703689200,"nanoseconds":0},"android_description":"Host: Tobias Diekershoff\r\n\r\nDie REUSE-Initiative der FSFE trägt zu dem Ziel bei, rechtliche Informationen in Freie Software-Projekten klar darzustellen, indem sie in jede Datei des Repositorys eingebettet werden. Jedes Projekt, das den REUSE-Empfehlungen folgt, macht Copyright- und Lizenzinformationen sowohl für Menschen als auch für Maschinen lesbar. Wir stellen sicher, dass Einzelpersonen, Organisationen und Unternehmen, die Code wiederverwenden, die vom ursprünglichen Autor gewählten Lizenzbedingungen kennen und respektieren, und machen so das Leben für alle Beteiligten in der Software-Lieferkette einfacher.\r\n\r\nREUSE fügt sich nahtlos in Entwicklungsprozesse und andere bewährte Verfahren zur Angabe von Lizenzen für freie Software ein. Darüber hinaus gibt es Werkzeuge und Dokumentation, die Ihnen den Einstieg erleichtern. In diesem Vortrag werden wir über die Erfahrungen großer Projekte berichten, die REUSE-konform geworden sind (z.B. curl oder GNUHealth), und die neuesten Funktionen unseres REUSE-Hilfsmittels vorstellen, mit dem die Angabe von Lizenzinformationen zu einem schnellen und unterhaltsamen Unterfangen wird.\n\n\nDa Software in den letzten Jahren immer komplexer geworden ist, ist es noch wichtiger geworden, Lizenzinformationen anzugeben.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T15:00:00.000-0000","id":53632,"begin_timestamp":{"seconds":1703685600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","begin":"2023-12-27T14:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Die Common Business Oriented Language kurz COBOL ist eine Ende der 1950-er Jahre und seitdem weiter entwickelte Programmiersprache, deren Syntax an die natürliche Sprache angelehnt ist. Eine der Weiterentwicklunge ermöglicht das Definieren von Benutzeroberflächen in COBOL in der sogenannten Screensection. Im Talk wird ein in COBOL geschriebenes experimentelles Tabellenkalkulationsprogramm gezeigt und die Funktionsweise erklärt.\n\n\nGezeigt wird ein experimentelles Tabellenkalkulationsprogramm geschrieben in COBOL, welches eine textbasiere Benutzeroberfläche definiert in der COBOL-Screen-Section verwendet.","title":"Tabellenkalkulation mit COBOL","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#6fdce3","name":"Talk 30 min + 10 min Q&A","id":46131},"android_description":"Die Common Business Oriented Language kurz COBOL ist eine Ende der 1950-er Jahre und seitdem weiter entwickelte Programmiersprache, deren Syntax an die natürliche Sprache angelehnt ist. Eine der Weiterentwicklunge ermöglicht das Definieren von Benutzeroberflächen in COBOL in der sogenannten Screensection. Im Talk wird ein in COBOL geschriebenes experimentelles Tabellenkalkulationsprogramm gezeigt und die Funktionsweise erklärt.\n\n\nGezeigt wird ein experimentelles Tabellenkalkulationsprogramm geschrieben in COBOL, welches eine textbasiere Benutzeroberfläche definiert in der COBOL-Screen-Section verwendet.","end_timestamp":{"seconds":1703688000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53579],"name":"Hogü-456","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52479}],"timeband_id":1140,"links":[],"end":"2023-12-27T14:40:00.000-0000","id":53579,"village_id":null,"tag_ids":[46131,46139],"begin_timestamp":{"seconds":1703685600,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52479}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T14:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Join us for a hands-on Specter DIY workshop, where Cypherpunks craft their Bitcoin Hardware Wallets. Dive into the world of this DIY hardware wallet, exploring its QR code communication, security model, and design trade-offs. We'll navigate Bitcoin testnet transactions, harness the simulator, and delve into key security features like anti-phishing, PIN, and SC integrations. By the session's end, grasp the robustness of DIY wallets and the nuances of secure self-custody.","title":"Mastering Specter DIY Bitcoin Hardware wallet.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"Join us for a hands-on Specter DIY workshop, where Cypherpunks craft their Bitcoin Hardware Wallets. Dive into the world of this DIY hardware wallet, exploring its QR code communication, security model, and design trade-offs. We'll navigate Bitcoin testnet transactions, harness the simulator, and delve into key security features like anti-phishing, PIN, and SC integrations. By the session's end, grasp the robustness of DIY wallets and the nuances of secure self-custody.","end_timestamp":{"seconds":1703692800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T16:00:00.000-0000","id":53560,"village_id":null,"begin_timestamp":{"seconds":1703685600,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"spans_timebands":"N","begin":"2023-12-27T14:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Instructor Pez (@DoodleMe) and team will take you through some of the most basic concepts of Japanese rope bondage (Shibari). You'll learn some theory, and a few beginner friendly knots that you can use at home and that lay the foundations to more advanced ties.\r\n\r\nThis peer based workshop is aimed at complete beginners. Singles, pairs and groups are welcome. Up to X people, space is limited. No dress code, but it's suggested you avoid loose clothing as this makes it harder to tie. Please bring your own (non-stretchy) rope if you have it. Workshop will be taught in English.\r\n\r\nTo enter the workshop, please click a ticket at https://ticket.kinkygeeks.de/37c3-events/\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"KinkyGeeks Beginner bondage workshop 1 (Ticket required!)","end_timestamp":{"seconds":1703692800,"nanoseconds":0},"android_description":"Instructor Pez (@DoodleMe) and team will take you through some of the most basic concepts of Japanese rope bondage (Shibari). You'll learn some theory, and a few beginner friendly knots that you can use at home and that lay the foundations to more advanced ties.\r\n\r\nThis peer based workshop is aimed at complete beginners. Singles, pairs and groups are welcome. Up to X people, space is limited. No dress code, but it's suggested you avoid loose clothing as this makes it harder to tie. Please bring your own (non-stretchy) rope if you have it. Workshop will be taught in English.\r\n\r\nTo enter the workshop, please click a ticket at https://ticket.kinkygeeks.de/37c3-events/","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T16:00:00.000-0000","id":53448,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703685600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"N","begin":"2023-12-27T14:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"What is Polychat? How does it work? How far are we in development? ... If you want: what is it like as a PTF-funded project?\r\nhttps://polychat.de/polychat_en/\n\n\n","title":"Polychat","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703688300,"nanoseconds":0},"android_description":"What is Polychat? How does it work? How far are we in development? ... If you want: what is it like as a PTF-funded project?\r\nhttps://polychat.de/polychat_en/","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T14:45:00.000-0000","id":53443,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703685600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T14:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Every month I tell myself that I should write a kernel module in Rust, but I never do it. Let's explore together what the current state of integration of Rust in the Linux kernel is.\r\n\r\nThis is not meant to be a workshop or talk, but more of a BoF style gathering for people playing around with things and helping each other.\r\n\r\nIf possible, come with a precompiled kernel and a minimal configuration and the possibility to boot the kernel with qemu.\r\n\r\n\r\n\r\n========================================================================================\r\n\r\n\r\n\r\nIf you do not have a setup yet:\r\n\r\n$ git clone git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git\r\n\r\ncopy .config from here to git repository:\r\nhttps://christina-quast.de/min_config\r\n\r\n$ make -j8\r\n$ make LLVM=1 rustavailable\r\n\r\nIf Rust is not available on your system yet, check out the following instructions: \r\nhttps://docs.kernel.org/rust/quick-start.html\r\n\r\nFurthermore, in the best case, try booting into your system with qemu.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Let's hack together: My first kernel module in Rust!","android_description":"Every month I tell myself that I should write a kernel module in Rust, but I never do it. Let's explore together what the current state of integration of Rust in the Linux kernel is.\r\n\r\nThis is not meant to be a workshop or talk, but more of a BoF style gathering for people playing around with things and helping each other.\r\n\r\nIf possible, come with a precompiled kernel and a minimal configuration and the possibility to boot the kernel with qemu.","end_timestamp":{"seconds":1703691000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T15:30:00.000-0000","id":53440,"begin_timestamp":{"seconds":1703685600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[{"label":"If Rust is not available on your system yet, check out the following instructions","url":""}],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"begin":"2023-12-27T14:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This is an open for all discussion about digital offerings in German schools.\n\n\nWir hören euch zum Thema “Bildung richtig digital” zu","title":"cyber4EDU (Zu-)Hörstunde - Fokus Grundschule","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"This is an open for all discussion about digital offerings in German schools.\n\n\nWir hören euch zum Thema “Bildung richtig digital” zu","end_timestamp":{"seconds":1703688300,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T14:45:00.000-0000","id":53862,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703684700,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"cyber4EDU Assembly","hotel":"","short_name":"cyber4EDU Assembly","id":46159},"spans_timebands":"N","begin":"2023-12-27T13:45:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In unserem Vortrag über die Toniebox konzentrieren wir uns zunächst auf das Innenleben und die Funktionsweise dieses beliebten Audiogerätes für Kinder. Wir beginnen mit einer detaillierten Einführung in das Prinzip der Toniebox aus technischer Sicht und geben einen kurzen Überblick über die Hardwarekomponenten, insbesondere die verschiedenen Prozessorvarianten wie CC3200, CC3235 und ESP32.\r\n\r\nDer Übergang zu den Limitationen des Systems ist fließend: Wir diskutieren die künstlichen Beschränkungen durch den Hersteller, den Zwang zur Verwendung von Originalfiguren, die Inkompatibilität mit NFC-Tags von Drittanbietern und die hohen Kosten für bespielbare Figuren. Besonders kritisch sehen wir die vollständige Abhängigkeit von einer Hersteller-Cloud, die bei einem Ausfall des Anbieters das Gerät obsolet macht. Ein weiterer Fokus liegt auf dem ausgeprägten Datenhunger des Herstellers, der fast schon obsessiv das Nutzungsverhalten unserer Kinder aufzeichnet.\r\n\r\nIm Kern des Vortrags stellen wir die von uns entwickelten Open-Source-Alternativen vor. Mit der TeddyBench stellen wir einen Offline-Editor vor, mit dem Audiodaten für eigene NFC-Tags erstellt und verwaltet werden können. Die TeddyCloud bietet als selbstgehostete Lösung volle Kontrolle über die eigenen Daten, eine persönliche Audio-Bibliothek und die Möglichkeit, Nutzungsdaten über MQTT in den Home Assistant einzuspeisen, ohne die Funktionalität der Box einzuschränken. Außerdem stellen wir Custom Firmwares für CC3200 und ESP32 vor, die neue Einsatzmöglichkeiten eröffnen, und berichten über unsere Hardware-Modifikationen, die unter anderem Bluetooth-Audio ermöglichen und die Toniebox barrierefreier machen.\n\n\nEin Vortrag über den erfolgreichen Kinder-Audioplayer „Toniebox“ mit Content-Hosting in der Cloud, der nicht nur Einblicke in die (un-)heimliche Datensammlungspraxis bietet, sondern auch gleich passende Lösungen dazu. Custom-Firmware, selfhosted Cloud-Ersatz und Tools zum Erzeugen von Inhalten ohne Herstellercloud.","title":"Toniebox Reverse Engineering","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703688300,"nanoseconds":0},"android_description":"In unserem Vortrag über die Toniebox konzentrieren wir uns zunächst auf das Innenleben und die Funktionsweise dieses beliebten Audiogerätes für Kinder. Wir beginnen mit einer detaillierten Einführung in das Prinzip der Toniebox aus technischer Sicht und geben einen kurzen Überblick über die Hardwarekomponenten, insbesondere die verschiedenen Prozessorvarianten wie CC3200, CC3235 und ESP32.\r\n\r\nDer Übergang zu den Limitationen des Systems ist fließend: Wir diskutieren die künstlichen Beschränkungen durch den Hersteller, den Zwang zur Verwendung von Originalfiguren, die Inkompatibilität mit NFC-Tags von Drittanbietern und die hohen Kosten für bespielbare Figuren. Besonders kritisch sehen wir die vollständige Abhängigkeit von einer Hersteller-Cloud, die bei einem Ausfall des Anbieters das Gerät obsolet macht. Ein weiterer Fokus liegt auf dem ausgeprägten Datenhunger des Herstellers, der fast schon obsessiv das Nutzungsverhalten unserer Kinder aufzeichnet.\r\n\r\nIm Kern des Vortrags stellen wir die von uns entwickelten Open-Source-Alternativen vor. Mit der TeddyBench stellen wir einen Offline-Editor vor, mit dem Audiodaten für eigene NFC-Tags erstellt und verwaltet werden können. Die TeddyCloud bietet als selbstgehostete Lösung volle Kontrolle über die eigenen Daten, eine persönliche Audio-Bibliothek und die Möglichkeit, Nutzungsdaten über MQTT in den Home Assistant einzuspeisen, ohne die Funktionalität der Box einzuschränken. Außerdem stellen wir Custom Firmwares für CC3200 und ESP32 vor, die neue Einsatzmöglichkeiten eröffnen, und berichten über unsere Hardware-Modifikationen, die unter anderem Bluetooth-Audio ermöglichen und die Toniebox barrierefreier machen.\n\n\nEin Vortrag über den erfolgreichen Kinder-Audioplayer „Toniebox“ mit Content-Hosting in der Cloud, der nicht nur Einblicke in die (un-)heimliche Datensammlungspraxis bietet, sondern auch gleich passende Lösungen dazu. Custom-Firmware, selfhosted Cloud-Ersatz und Tools zum Erzeugen von Inhalten ohne Herstellercloud.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53597],"name":"g3gg0","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52345},{"conference_id":131,"event_ids":[53597],"name":"Gambrius","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52368},{"conference_id":131,"event_ids":[53597],"name":"Moritz","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52406},{"conference_id":131,"event_ids":[53597],"name":"0xbadbee","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52442}],"timeband_id":1140,"links":[{"label":"TeddyBench","type":"link","url":"https://github.com/toniebox-reverse-engineering/teddy/releases"},{"label":"TeddyCloud","type":"link","url":"https://github.com/toniebox-reverse-engineering/teddycloud"}],"end":"2023-12-27T14:45:00.000-0000","id":53597,"begin_timestamp":{"seconds":1703684700,"nanoseconds":0},"village_id":null,"tag_ids":[46122,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52442},{"tag_id":46107,"sort_order":1,"person_id":52368},{"tag_id":46107,"sort_order":1,"person_id":52406},{"tag_id":46107,"sort_order":1,"person_id":52345}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","begin":"2023-12-27T13:45:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Die Ampel hat in ihren Koalitionsvertrag geschrieben, dass es ein Digitale-Gewalt-Gesetz geben soll und das schien ein großer Schritt vorwärts. Als ich vor fünf Jahren beim 35C3 über Digitale Gewalt sprach, war das Thema kaum bekannt und seitdem hat sich viel getan.\r\n\r\nDieser Talk gibt einen Überblick zum Stand der Dinge: Was ist seitdem passiert, was wird unter dem Begriff verstanden und was wissen wir inzwischen über das Ausmaß, neue und alte Formen digitaler Gewalt und den Umgang damit.\r\n\r\nDigitale Gewalt ist ein Sammelbegriff und meint ganz verschiedene Dinge: \r\n\r\n\\* Hate-Speech, also Beleidigungen, Verleumdungen und Bedrohungen im Netz\r\n\\* digitale Aspekte der sog. ‚häuslichen Gewalt' wie Stalker-Ware, heimliches oder erzwungenes Mitlesen von E-Mails und Messenger-Nachrichten, Video-Überwachung, Zugriff auf Lokationsfunktionen von Mobilgeräten\r\n\\* digitales Stalking mithilfe von AirTags oder GPS-Sendern, Doxing\r\n\\* heimliche Aufnahmen in Umkleiden, Duschen, Toiletten und ihr Upload auf Porno-Plattformen\r\n\\* Filmen von Vergewaltigungen und Erpressung mit der Drohung der Veröffentlichung\r\n\r\nIn den letzten Jahren hat es einige neue Gesetze gegeben und das Justizministerium arbeitet am Digitale-Gewalt-Gesetz. Auch die EU bereitet ein neues Gesetz vor. Was sich dadurch ändern wird und was nicht und was nötig wäre, um Betroffenen zu helfen, ist Thema dieses Talks.\r\n\r\n\n\n\nWas hat sich in den letzten fünf Jahren seit dem letzten Talk über Digitale Gewalt in Deutschland getan? Das Thema stand im Ampel-Koalitionsvertrag, aber was es jetzt geben soll, ist ein Accountsperren-Gesetz, das eine Gefahr für die Anonymität im Netz sein könnte.\r\n\r\nDas Justizministerium möchte Digitale Gewalt gegen Unternehmen bestrafen (\"Restaurantkritik\"), aber wer weiterhin im Regen steht: Betroffene und Beratungsstellen. Was hat sich geändert, was nicht und warum müssen wir immer noch unsere Privatadressen ins Impressum schreiben – darum geht es in diesem Talk.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Was Digitale Gewalt mit Restaurantkritik zu tun hat","android_description":"Die Ampel hat in ihren Koalitionsvertrag geschrieben, dass es ein Digitale-Gewalt-Gesetz geben soll und das schien ein großer Schritt vorwärts. Als ich vor fünf Jahren beim 35C3 über Digitale Gewalt sprach, war das Thema kaum bekannt und seitdem hat sich viel getan.\r\n\r\nDieser Talk gibt einen Überblick zum Stand der Dinge: Was ist seitdem passiert, was wird unter dem Begriff verstanden und was wissen wir inzwischen über das Ausmaß, neue und alte Formen digitaler Gewalt und den Umgang damit.\r\n\r\nDigitale Gewalt ist ein Sammelbegriff und meint ganz verschiedene Dinge: \r\n\r\n\\* Hate-Speech, also Beleidigungen, Verleumdungen und Bedrohungen im Netz\r\n\\* digitale Aspekte der sog. ‚häuslichen Gewalt' wie Stalker-Ware, heimliches oder erzwungenes Mitlesen von E-Mails und Messenger-Nachrichten, Video-Überwachung, Zugriff auf Lokationsfunktionen von Mobilgeräten\r\n\\* digitales Stalking mithilfe von AirTags oder GPS-Sendern, Doxing\r\n\\* heimliche Aufnahmen in Umkleiden, Duschen, Toiletten und ihr Upload auf Porno-Plattformen\r\n\\* Filmen von Vergewaltigungen und Erpressung mit der Drohung der Veröffentlichung\r\n\r\nIn den letzten Jahren hat es einige neue Gesetze gegeben und das Justizministerium arbeitet am Digitale-Gewalt-Gesetz. Auch die EU bereitet ein neues Gesetz vor. Was sich dadurch ändern wird und was nicht und was nötig wäre, um Betroffenen zu helfen, ist Thema dieses Talks.\r\n\r\n\n\n\nWas hat sich in den letzten fünf Jahren seit dem letzten Talk über Digitale Gewalt in Deutschland getan? Das Thema stand im Ampel-Koalitionsvertrag, aber was es jetzt geben soll, ist ein Accountsperren-Gesetz, das eine Gefahr für die Anonymität im Netz sein könnte.\r\n\r\nDas Justizministerium möchte Digitale Gewalt gegen Unternehmen bestrafen (\"Restaurantkritik\"), aber wer weiterhin im Regen steht: Betroffene und Beratungsstellen. Was hat sich geändert, was nicht und warum müssen wir immer noch unsere Privatadressen ins Impressum schreiben – darum geht es in diesem Talk.","end_timestamp":{"seconds":1703688300,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53589],"name":"Anne Roth","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52378}],"timeband_id":1140,"links":[],"end":"2023-12-27T14:45:00.000-0000","id":53589,"tag_ids":[46121,46136,46139],"begin_timestamp":{"seconds":1703684700,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52378}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T13:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In this presentation, we will share:\r\n\r\n* How we managed to discover and capture all stages of a zero-click attack on iOS, despite the attackers’ efforts to hide and protect it,\n* a comprehensive analysis of the entire attack chain, which exploited five vulnerabilities, including four zero-days\n* the capabilities of the malware that transforms your phone into the ultimate surveillance tool,\n* and the links to previously known malware we were able to find.\n\n\n\nImagine discovering a zero-click attack targeting Apple mobile devices of your colleagues and managing to capture all the stages of the attack. That’s exactly what happened to us! This led to the fixing of four zero-day vulnerabilities and discovering of a previously unknown and highly sophisticated spyware that had been around for years without anyone noticing. We call it Operation Triangulation. We've been teasing this story for almost six months, while thoroughly analyzing every stage of the attack. Now, for the first time, we're ready to tell you all about it. This is the story of the most sophisticated attack chain and spyware ever discovered by Kaspersky.","title":"Operation Triangulation: What You Get When Attack iPhones of Researchers","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"In this presentation, we will share:\r\n\r\n* How we managed to discover and capture all stages of a zero-click attack on iOS, despite the attackers’ efforts to hide and protect it,\n* a comprehensive analysis of the entire attack chain, which exploited five vulnerabilities, including four zero-days\n* the capabilities of the malware that transforms your phone into the ultimate surveillance tool,\n* and the links to previously known malware we were able to find.\n\n\n\nImagine discovering a zero-click attack targeting Apple mobile devices of your colleagues and managing to capture all the stages of the attack. That’s exactly what happened to us! This led to the fixing of four zero-day vulnerabilities and discovering of a previously unknown and highly sophisticated spyware that had been around for years without anyone noticing. We call it Operation Triangulation. We've been teasing this story for almost six months, while thoroughly analyzing every stage of the attack. Now, for the first time, we're ready to tell you all about it. This is the story of the most sophisticated attack chain and spyware ever discovered by Kaspersky.","end_timestamp":{"seconds":1703688300,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53584],"name":"bzvr_","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52246},{"conference_id":131,"event_ids":[53584],"name":"oct0xor","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52371},{"conference_id":131,"event_ids":[53584],"name":"kucher1n","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52448}],"timeband_id":1140,"links":[],"end":"2023-12-27T14:45:00.000-0000","id":53584,"begin_timestamp":{"seconds":1703684700,"nanoseconds":0},"village_id":null,"tag_ids":[46124,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52246},{"tag_id":46107,"sort_order":1,"person_id":52448},{"tag_id":46107,"sort_order":1,"person_id":52371}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T13:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Here you can splice fiber optics yourself. Learn what is important when splicing and try it out yourself. Per slot max. 4 attendees. Registration required: https://tickets.events.hacknang.de/ctbk/37c3-fiber/\n\n\nGlasfaser-Spleißworkshop unterstützt von Selfnet e.V., Bitte Details beachten - Anmeldung erforderlich!","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Spleiß-Workshop Tag 1","android_description":"Here you can splice fiber optics yourself. Learn what is important when splicing and try it out yourself. Per slot max. 4 attendees. Registration required: https://tickets.events.hacknang.de/ctbk/37c3-fiber/\n\n\nGlasfaser-Spleißworkshop unterstützt von Selfnet e.V., Bitte Details beachten - Anmeldung erforderlich!","end_timestamp":{"seconds":1703685300,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T13:55:00.000-0000","id":53910,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703682900,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"CTBK-Workshoparea","hotel":"","short_name":"CTBK-Workshoparea","id":46163},"spans_timebands":"N","begin":"2023-12-27T13:15:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/heiko-h-gogolin","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Heiko Gogolin","end_timestamp":{"seconds":1703692800,"nanoseconds":0},"android_description":"https://soundcloud.com/heiko-h-gogolin","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T16:00:00.000-0000","id":53904,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703682000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This workshop is about interactive and algorithmic light and sound design, depending on the code and the movements and positions of the people in the room. The input data is a LiDAR laser 2D tracking system and self-built motion suites. As output we use the show technology of the lounge, i.e. moving heads and other lamps and the music system. The input data is provided via OSC, the output data is sent via ArtNet to the lighting console and analog to the sound console. We mainly work with Touchdesigner, but any other programming environment that can speak OSC and ArtNet or generate sounds is welcome. At the beginning there will be a short introduction to the technology so that you can then work independently on projects. The workshop takes place daily. The tracking system works with the \"Pharus\" software from the Ars Electronica Future Lab and the motion suites were created as part of a fellowship at the Academy for Theater and Digitality. \r\n\r\nProject link: https://www.artesmobiles.art/_mergingentities\r\n\r\nInterface readme for the workshop: https://events.ccc.de/congress/2023/hub/en/project/hackin-the-disco/\n\n\nThis workshop is about interactive and algorithmic light and sound design, depending on the code and the movements and positions of the people in the room.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Hackin the Disco","end_timestamp":{"seconds":1703692800,"nanoseconds":0},"android_description":"This workshop is about interactive and algorithmic light and sound design, depending on the code and the movements and positions of the people in the room. The input data is a LiDAR laser 2D tracking system and self-built motion suites. As output we use the show technology of the lounge, i.e. moving heads and other lamps and the music system. The input data is provided via OSC, the output data is sent via ArtNet to the lighting console and analog to the sound console. We mainly work with Touchdesigner, but any other programming environment that can speak OSC and ArtNet or generate sounds is welcome. At the beginning there will be a short introduction to the technology so that you can then work independently on projects. The workshop takes place daily. The tracking system works with the \"Pharus\" software from the Ars Electronica Future Lab and the motion suites were created as part of a fellowship at the Academy for Theater and Digitality. \r\n\r\nProject link: https://www.artesmobiles.art/_mergingentities\r\n\r\nInterface readme for the workshop: https://events.ccc.de/congress/2023/hub/en/project/hackin-the-disco/\n\n\nThis workshop is about interactive and algorithmic light and sound design, depending on the code and the movements and positions of the people in the room.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T16:00:00.000-0000","id":53635,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703682000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"begin":"2023-12-27T13:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In diesem Talk werde ich erst einen groben Überblick über Kernelprogrammierung allgemein geben und dann den Windows und den Linux Kernel bezüglich verschiedener Aspekte vergleichen. \r\n\r\nSowohl allgemeine Architektur als auch I/O Konzepte und Treiber Modell werden eine Rolle spielen.\r\n\r\nDie letzten 30 Minuten sind für fragen und Diskussion eingeplant.🧮\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Warum der Windows Kernel garnicht so scheiße ist","end_timestamp":{"seconds":1703687400,"nanoseconds":0},"android_description":"In diesem Talk werde ich erst einen groben Überblick über Kernelprogrammierung allgemein geben und dann den Windows und den Linux Kernel bezüglich verschiedener Aspekte vergleichen. \r\n\r\nSowohl allgemeine Architektur als auch I/O Konzepte und Treiber Modell werden eine Rolle spielen.\r\n\r\nDie letzten 30 Minuten sind für fragen und Diskussion eingeplant.🧮","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T14:30:00.000-0000","id":53619,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703682000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"begin":"2023-12-27T13:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We are making an LED lamp that almost every age group can take part in (with parents if necessary). Young children can glue the bags and a parent can help with soldering. There is ready-made software so that it can start flashing immediately. If you like, bring a laptop and program it yourself.\r\nThe lamp consists of 8 compartments, each with 2 LEDs that can be programmed individually. After about 1 hour you will have something pretty that can light up and invites you to continue programming at home.\n\n\n","title":"Bau deine eigene LED-Lampe","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703689200,"nanoseconds":0},"android_description":"We are making an LED lamp that almost every age group can take part in (with parents if necessary). Young children can glue the bags and a parent can help with soldering. There is ready-made software so that it can start flashing immediately. If you like, bring a laptop and program it yourself.\r\nThe lamp consists of 8 compartments, each with 2 LEDs that can be programmed individually. After about 1 hour you will have something pretty that can light up and invites you to continue programming at home.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T15:00:00.000-0000","id":53483,"begin_timestamp":{"seconds":1703682000,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Kidspace - Workshopraum in Saal B","hotel":"","short_name":"Kidspace - Workshopraum in Saal B","id":46143},"spans_timebands":"N","begin":"2023-12-27T13:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"","title":"SCC Assembly Eröffnung","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703683800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T13:30:00.000-0000","id":53474,"begin_timestamp":{"seconds":1703682000,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"SCC-Assembly","hotel":"","short_name":"SCC-Assembly","id":46149},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This workshop is for all who only have a vague idea or might not know at all what an “IP address” is. We’ll learn how the Internet works by making Internet traffic visible. This is a beginner’s workshop. If you toyed with Wireshark before, you will be bored to hell in this workshop.\r\n\r\nInvisible to the casual user, lots of computers communicate and work together to deliver the kitten videos you’re craving. In this workshop, we use the tool Wireshark (available for all operating systems) to make this communication visible. In lots of life demos, we’ll learn that the domain names we’re familiar with, like ccc.de or fridaysforfuture.de, are a thin layer around IP addresses, which are the real addresses computers use to identify themselves. We’ll uncover which hidden information your browser sends along each request, and we’ll see how easy it is to intercept traffic.\r\n\r\nThis workshop is for everybody who is interested in knowing how the Internet works, in which form computers talk to each other. Absolutely no prerequisites are required. People who are familiar with network stacks will be bored to hell.\r\n\r\nNote to the infrastructure team: In the final part of the talk, we’ll perform a standard ARP spoofing attack to intercept traffic from a volunteer and display their website login password on the projector. Of course we won’t use the congress network for this. I’ll use an hotspot of my own.\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮\n\n\n","title":"Foundation workshop: Hands-on, how does the Internet work?","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"android_description":"This workshop is for all who only have a vague idea or might not know at all what an “IP address” is. We’ll learn how the Internet works by making Internet traffic visible. This is a beginner’s workshop. If you toyed with Wireshark before, you will be bored to hell in this workshop.\r\n\r\nInvisible to the casual user, lots of computers communicate and work together to deliver the kitten videos you’re craving. In this workshop, we use the tool Wireshark (available for all operating systems) to make this communication visible. In lots of life demos, we’ll learn that the domain names we’re familiar with, like ccc.de or fridaysforfuture.de, are a thin layer around IP addresses, which are the real addresses computers use to identify themselves. We’ll uncover which hidden information your browser sends along each request, and we’ll see how easy it is to intercept traffic.\r\n\r\nThis workshop is for everybody who is interested in knowing how the Internet works, in which form computers talk to each other. Absolutely no prerequisites are required. People who are familiar with network stacks will be bored to hell.\r\n\r\nNote to the infrastructure team: In the final part of the talk, we’ll perform a standard ARP spoofing attack to intercept traffic from a volunteer and display their website login password on the projector. Of course we won’t use the congress network for this. I’ll use an hotspot of my own.\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮","end_timestamp":{"seconds":1703684400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T13:40:00.000-0000","id":53627,"begin_timestamp":{"seconds":1703681400,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"begin":"2023-12-27T12:50:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir machen Sound Grafitti mit Echokammern, produzieren Protest-Jingles und Sprachwerkstätten. Mit diesem Beitrag möchten wir euch zwei Vorgehensweisen zu dieser Art von „Protest mit Sound als Audio Intervention\" vorstellen, sowie die künstlerischen, kreativ-technischen Prozesse näher bringen und euch einladen, diese kritisch zu beäugen und zu hören, sich unserer Ideen und Verfahren zu ermächtigen und die dargestellten Formen und Ansätze nach eurem Belieben weiterzuentwickeln und anderweitig zu verwenden. Wir glauben an die Wirksamkeit von Vielfalt von Protest und sehen diesen als wichtiges Element demokratischer Meinungsbildung und um für politische Rechte zu kämpfen und gegen Diskriminierung mobil zu machen (sprich im kleinsten gemeinsamen Nenner: #fightnazis, #afdwegbassen und #saytheirnames).\r\n\r\n„Sound Grafitti\" und „Protest-Jingles\" beherbergen disruptives Potenzial und können als Audio-Interventionen bestehende Diskurse in öffentlichen und digitalen Räumen aufbrechen / bereichen. Zum einen, indem überhaupt einmal bestimmte Meinungen / Äußerungen anderen außerhalb der eigenen „Bubbles\" und Räume zugänglich gemacht werden, zum anderen, um kollektiv verfasste Äußerungen in Konfrontation mit Menschen zu bringen, um auf Probleme zu verweisen, solidarische Anliegen vorzubringen und Handlungsvorschläge (für Protest-Vorhaben) anzubieten. \r\n\r\n„Echokammern\" sind Open Source DIY-Lautsprecher für Audio-Interventionen, nutzbar für Sound-Graffiti im öffentlichen Raum. Als Basis nutzen wir Baustellenlampen, die wir zu mobilen Lautsprechern umfunktionieren. Durch einen Hack werden die allgegenwärtigen Baustellenlampen zu Mitteln der Kommunikation und Irritation im öffentlichen Raum. Ein Objekt, das uns aufmerksam macht und auf Gefahren hinweist, wird manipuliert und zur Echokammer gesellschaftlich relevanter Anliegen und Probleme. Ausgangspunkt für dieses Projekt war der rassistische Terroranschlag in Hanau im Jahr 2020, bei dem neun Menschen von einem rechtsradikalen Terroristen getötet wurden. In einer Zeit, in der es aufgrund der Pandemie und damit verbundener Regelungen nur eingeschränkt möglich war gemeinsam zu gedenken, zu protestieren und zu trauern, haben wir nach Möglichkeiten gesucht, die Forderung \"SAY THEIR NAMES\" auf die Straße zu bringen. So entstand ein Werkzeug, das seither für verschiedene politische Kämpfe und Themen genutzt wurde. So bespielten die Lautsprecher zuletzt in diesem Jahr die Straßen Berlins zum Protest gegen den Weiter-Bau der Autobahn A100.\r\n\r\nProtest-Jingles sind Audio-Beiträge zu Protestvorhaben, die diese ankündigen, flankieren, erklären und in denen Themen und damit verbundene Anliegen verhandelt werden und zur Teilnahme aufgerufen wird. 2018 hat Reclaim Club Culture damit erstmals mit eigens dafür produzierten Jingles zu einem Groß-Protest gegen Nazis unter dem Motto #afdwegbassen aufgerufen, um mit diesen die Mobilisierung (z.B. abgespielt durch DJs in Clubs, zum Teilen über Social Media, zum Versenden an Redaktionen und Journalistinnen) zu dem Protest zu unterstützen sowie um während des Protestes den Aufruf als Meinungsäußerung von Lautsprecher-Wägen abzuspielen zu können. \r\nSprachwerkstätten als Variation dessen sind mit Protest-Jingles in der Hinsicht artverwandt, als dass sie Versuche darstellen, Meinungen von Menschen zu bestimmten Themen einzuholen und künstlerisch kuratiert als Audio-Collage darzustellen und anderen zugänglich zu machen. Sie machen ein Angebot zum Reflektieren und Partizipieren, welches keinen Anspruch auf Vollständigkeit oder Wahrheit hat und immer nur eine Auswahl darstellt.\r\nDie Ergebnisse der vergangenen fünf Jahre stehen für sich und werden in diesem Beitrag in einer Auswahl auch performt. \n\n\nWir machen Sound Grafitti mit Echokammern, produzieren Protest-Jingles und Sprachwerkstätten. Mit diesem Beitrag möchten wir euch zwei Vorgehensweisen zu dieser Art von „Protest mit Sound als Audio Intervention\" vorstellen, sowie die künstlerischen, kreativ-technischen Prozesse näher bringen und euch einladen, diese kritisch zu beäugen und zu hören, sich unserer Ideen und Verfahren zu ermächtigen und die dargestellten Formen und Ansätze nach eurem Belieben weiterzuentwickeln und anderweitig zu verwenden. Wir glauben an die Wirksamkeit von Vielfalt von Protest und sehen diesen als wichtiges Element demokratischer Meinungsbildung und um für politische Rechte zu kämpfen und gegen Diskriminierung mobil zu machen","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":" \"Was sind eigentlich Audio Interventionen?\" - Von Sound Grafitti und Protest-Jingles","end_timestamp":{"seconds":1703683800,"nanoseconds":0},"android_description":"Wir machen Sound Grafitti mit Echokammern, produzieren Protest-Jingles und Sprachwerkstätten. Mit diesem Beitrag möchten wir euch zwei Vorgehensweisen zu dieser Art von „Protest mit Sound als Audio Intervention\" vorstellen, sowie die künstlerischen, kreativ-technischen Prozesse näher bringen und euch einladen, diese kritisch zu beäugen und zu hören, sich unserer Ideen und Verfahren zu ermächtigen und die dargestellten Formen und Ansätze nach eurem Belieben weiterzuentwickeln und anderweitig zu verwenden. Wir glauben an die Wirksamkeit von Vielfalt von Protest und sehen diesen als wichtiges Element demokratischer Meinungsbildung und um für politische Rechte zu kämpfen und gegen Diskriminierung mobil zu machen (sprich im kleinsten gemeinsamen Nenner: #fightnazis, #afdwegbassen und #saytheirnames).\r\n\r\n„Sound Grafitti\" und „Protest-Jingles\" beherbergen disruptives Potenzial und können als Audio-Interventionen bestehende Diskurse in öffentlichen und digitalen Räumen aufbrechen / bereichen. Zum einen, indem überhaupt einmal bestimmte Meinungen / Äußerungen anderen außerhalb der eigenen „Bubbles\" und Räume zugänglich gemacht werden, zum anderen, um kollektiv verfasste Äußerungen in Konfrontation mit Menschen zu bringen, um auf Probleme zu verweisen, solidarische Anliegen vorzubringen und Handlungsvorschläge (für Protest-Vorhaben) anzubieten. \r\n\r\n„Echokammern\" sind Open Source DIY-Lautsprecher für Audio-Interventionen, nutzbar für Sound-Graffiti im öffentlichen Raum. Als Basis nutzen wir Baustellenlampen, die wir zu mobilen Lautsprechern umfunktionieren. Durch einen Hack werden die allgegenwärtigen Baustellenlampen zu Mitteln der Kommunikation und Irritation im öffentlichen Raum. Ein Objekt, das uns aufmerksam macht und auf Gefahren hinweist, wird manipuliert und zur Echokammer gesellschaftlich relevanter Anliegen und Probleme. Ausgangspunkt für dieses Projekt war der rassistische Terroranschlag in Hanau im Jahr 2020, bei dem neun Menschen von einem rechtsradikalen Terroristen getötet wurden. In einer Zeit, in der es aufgrund der Pandemie und damit verbundener Regelungen nur eingeschränkt möglich war gemeinsam zu gedenken, zu protestieren und zu trauern, haben wir nach Möglichkeiten gesucht, die Forderung \"SAY THEIR NAMES\" auf die Straße zu bringen. So entstand ein Werkzeug, das seither für verschiedene politische Kämpfe und Themen genutzt wurde. So bespielten die Lautsprecher zuletzt in diesem Jahr die Straßen Berlins zum Protest gegen den Weiter-Bau der Autobahn A100.\r\n\r\nProtest-Jingles sind Audio-Beiträge zu Protestvorhaben, die diese ankündigen, flankieren, erklären und in denen Themen und damit verbundene Anliegen verhandelt werden und zur Teilnahme aufgerufen wird. 2018 hat Reclaim Club Culture damit erstmals mit eigens dafür produzierten Jingles zu einem Groß-Protest gegen Nazis unter dem Motto #afdwegbassen aufgerufen, um mit diesen die Mobilisierung (z.B. abgespielt durch DJs in Clubs, zum Teilen über Social Media, zum Versenden an Redaktionen und Journalistinnen) zu dem Protest zu unterstützen sowie um während des Protestes den Aufruf als Meinungsäußerung von Lautsprecher-Wägen abzuspielen zu können. \r\nSprachwerkstätten als Variation dessen sind mit Protest-Jingles in der Hinsicht artverwandt, als dass sie Versuche darstellen, Meinungen von Menschen zu bestimmten Themen einzuholen und künstlerisch kuratiert als Audio-Collage darzustellen und anderen zugänglich zu machen. Sie machen ein Angebot zum Reflektieren und Partizipieren, welches keinen Anspruch auf Vollständigkeit oder Wahrheit hat und immer nur eine Auswahl darstellt.\r\nDie Ergebnisse der vergangenen fünf Jahre stehen für sich und werden in diesem Beitrag in einer Auswahl auch performt. \n\n\nWir machen Sound Grafitti mit Echokammern, produzieren Protest-Jingles und Sprachwerkstätten. Mit diesem Beitrag möchten wir euch zwei Vorgehensweisen zu dieser Art von „Protest mit Sound als Audio Intervention\" vorstellen, sowie die künstlerischen, kreativ-technischen Prozesse näher bringen und euch einladen, diese kritisch zu beäugen und zu hören, sich unserer Ideen und Verfahren zu ermächtigen und die dargestellten Formen und Ansätze nach eurem Belieben weiterzuentwickeln und anderweitig zu verwenden. Wir glauben an die Wirksamkeit von Vielfalt von Protest und sehen diesen als wichtiges Element demokratischer Meinungsbildung und um für politische Rechte zu kämpfen und gegen Diskriminierung mobil zu machen","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53607],"name":"Philipp Breitenbach - echokammer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52416}],"timeband_id":1140,"links":[],"end":"2023-12-27T13:30:00.000-0000","id":53607,"begin_timestamp":{"seconds":1703681400,"nanoseconds":0},"village_id":null,"tag_ids":[46118,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52416}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T12:50:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"After over two years of intense negotiations, the EU recently agreed to their Digital Identity Reform (eIDAS). In this talk we analyse the result, what safeguards we can realistically expect and how our online and offline interactions might change because of this new European Digital Identity Wallet.\r\nOther regions in the world are much further ahead in this issue and we will also try to learn from the experiences from India and Kenya. Both countries had unique strategies from civil society to fight back against the introduction of digital identity systems, focusing on interrogating their design, raising awareness, strategic litigation and civil disobedience post deployment .\r\nLastly, this issue pops up in many countries and is actively promoted as \"Digital Public Infrastructure\" by global organisations like UNDP and the World Bank - often with little to know credence to privacy or local realities. This global trend is very worrying due to the shiny veneer hiding their dark reality of exploitation by local and foreign actors. We will showcase strategies how local actors have resisted and shaped the introduction of these systems with a combination of technical, advocacy, and interdisciplinary ally building. Our goal is to provide knowledge about how exactly these systems work, who benefits from them and what strategies could be deployed against them.\n\n\nDigital Identity Systems proliferate worldwide without any regard for their human rights impact or privacy concerns. Driven by governments and the crony capitalist solutionism peddled by the private sector, official statistics estimate that 80 % of the world’s population is condemned to use them by the end of this decade. These identification systems are a frontal attack on anonymity in the online world, might lead to completely new forms of tracking and discrimination and they are a gift to Google and other companies which are monitoring the behaviour of people on a large scale. In this talk we focus on how the recent EU reform played out, how the UN is becoming a central player in promoting their hasty adoption and which strategies civil society and hackers can deploy to fight back.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"Please Identify Yourself!","end_timestamp":{"seconds":1703683800,"nanoseconds":0},"android_description":"After over two years of intense negotiations, the EU recently agreed to their Digital Identity Reform (eIDAS). In this talk we analyse the result, what safeguards we can realistically expect and how our online and offline interactions might change because of this new European Digital Identity Wallet.\r\nOther regions in the world are much further ahead in this issue and we will also try to learn from the experiences from India and Kenya. Both countries had unique strategies from civil society to fight back against the introduction of digital identity systems, focusing on interrogating their design, raising awareness, strategic litigation and civil disobedience post deployment .\r\nLastly, this issue pops up in many countries and is actively promoted as \"Digital Public Infrastructure\" by global organisations like UNDP and the World Bank - often with little to know credence to privacy or local realities. This global trend is very worrying due to the shiny veneer hiding their dark reality of exploitation by local and foreign actors. We will showcase strategies how local actors have resisted and shaped the introduction of these systems with a combination of technical, advocacy, and interdisciplinary ally building. Our goal is to provide knowledge about how exactly these systems work, who benefits from them and what strategies could be deployed against them.\n\n\nDigital Identity Systems proliferate worldwide without any regard for their human rights impact or privacy concerns. Driven by governments and the crony capitalist solutionism peddled by the private sector, official statistics estimate that 80 % of the world’s population is condemned to use them by the end of this decade. These identification systems are a frontal attack on anonymity in the online world, might lead to completely new forms of tracking and discrimination and they are a gift to Google and other companies which are monitoring the behaviour of people on a large scale. In this talk we focus on how the recent EU reform played out, how the UN is becoming a central player in promoting their hasty adoption and which strategies civil society and hackers can deploy to fight back.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53583],"name":"Udbhav Tiwari","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52374}],"timeband_id":1140,"links":[{"label":"EU Digital Identity Reform: The Good, Bad & Ugly in the eIDAS Regulation","type":"link","url":"https://epicenter.works/en/content/eu-digital-identity-reform-the-good-bad-ugly-in-the-eidas-regulation"},{"label":"What could an “Open” ID system look like?: Recommendations and Guardrails for National Biometric ID Projects ","type":"link","url":"https://blog.mozilla.org/netpolicy/2020/01/22/what-could-an-open-id-system-look-like-recommendations-and-guardrails-for-national-biometric-id-projects/"}],"end":"2023-12-27T13:30:00.000-0000","id":53583,"begin_timestamp":{"seconds":1703681400,"nanoseconds":0},"tag_ids":[46121,46136,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52374}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T12:50:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Apart from building electric vehicles, Tesla has gained a reputation for their integrated computer platform comprising a feature-rich infotainment system, remote services through Tesla's Cloud and mobile app, and, most notably, an automated driving assistant. Enabled by a dedicated arm64-based system called Autopilot, Tesla offers different levels of \"self-driving\". The \"full self-driving\" (FSD) is provided to specific customers via in-car purchases and has been subject to public discourse.\r\n\r\nDespite using multiple cameras and Autopilot's machine learning (ML) models, accidents persist and shape FSD reporting. While the platform security of Autopilot's hardware protects the code and ML models from competitors, it also hinders third parties from accessing critical user data, e.g., onboard camera recordings and other sensor data, that could help facilitate crash investigations.\r\n\r\nThis presentation shows how we rooted Tesla Autopilot using voltage glitching. The attack enables us to extract arbitrary code and user data from the system. Among other cryptographic keys, we extract a hardware-unique key used to authenticate Autopilot towards Tesla's \"mothership\". Overall, our talk will shed light on Autopilot's security architecture and gaps.\r\n\r\nBefore delving into Autopilot, we successfully executed a Tesla Jailbreak of the AMD-based infotainment platform and presented our attack at BlackHat USA 2023. This achievement empowered custom modifications to the root file system and temporarily facilitated the activation of paid car features.\n\n\nTesla's driving assistant has been subject to public scrutiny for good and bad: As accidents with its \"full self-driving\" (FSD) technology keep making headlines, the code and data behind the onboard Autopilot system are well-protected by the car manufacturer. In this talk, we demonstrate our voltage-glitching attack on Tesla Autopilot, enabling us root privileges on the system.\r\n","title":"Back in the Driver's Seat: Recovering Critical Data from Tesla Autopilot Using Voltage Glitching","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703683800,"nanoseconds":0},"android_description":"Apart from building electric vehicles, Tesla has gained a reputation for their integrated computer platform comprising a feature-rich infotainment system, remote services through Tesla's Cloud and mobile app, and, most notably, an automated driving assistant. Enabled by a dedicated arm64-based system called Autopilot, Tesla offers different levels of \"self-driving\". The \"full self-driving\" (FSD) is provided to specific customers via in-car purchases and has been subject to public discourse.\r\n\r\nDespite using multiple cameras and Autopilot's machine learning (ML) models, accidents persist and shape FSD reporting. While the platform security of Autopilot's hardware protects the code and ML models from competitors, it also hinders third parties from accessing critical user data, e.g., onboard camera recordings and other sensor data, that could help facilitate crash investigations.\r\n\r\nThis presentation shows how we rooted Tesla Autopilot using voltage glitching. The attack enables us to extract arbitrary code and user data from the system. Among other cryptographic keys, we extract a hardware-unique key used to authenticate Autopilot towards Tesla's \"mothership\". Overall, our talk will shed light on Autopilot's security architecture and gaps.\r\n\r\nBefore delving into Autopilot, we successfully executed a Tesla Jailbreak of the AMD-based infotainment platform and presented our attack at BlackHat USA 2023. This achievement empowered custom modifications to the root file system and temporarily facilitated the activation of paid car features.\n\n\nTesla's driving assistant has been subject to public scrutiny for good and bad: As accidents with its \"full self-driving\" (FSD) technology keep making headlines, the code and data behind the onboard Autopilot system are well-protected by the car manufacturer. In this talk, we demonstrate our voltage-glitching attack on Tesla Autopilot, enabling us root privileges on the system.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53463],"name":"Hans Niklas Jacob - hnj","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52357},{"conference_id":131,"event_ids":[53463],"name":"Niclas Kühnapfel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52362},{"conference_id":131,"event_ids":[53463],"name":"Christian Werling","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52514}],"timeband_id":1140,"links":[],"end":"2023-12-27T13:30:00.000-0000","id":53463,"begin_timestamp":{"seconds":1703681400,"nanoseconds":0},"tag_ids":[46124,46136,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52514},{"tag_id":46107,"sort_order":1,"person_id":52357},{"tag_id":46107,"sort_order":1,"person_id":52362}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T12:50:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Soziale Skripte beeinflussen unser ganzes Leben, ohne dass wir es mitbekommen. Ganz allgemein sind soziale Skripte kulturell geformte Leitfäden, die bestimmen, wie man sich in bestimmten Situationen verhalten soll. In dem Workshop wollen wir uns anschauen, welche sozialen Skripte uns bei der Interaktion mit anderen Menschen begleiten und wie sich das auf einen Konsensfindungsprozess in zwischenmenschlichen Beziehungen und Sexualität auswirkt.\n\n\nIhn den Workshop soll es darum gehen, wie wir Konsens leben, wie verinnerlichte soziale Skripte in unsere Konsensfindung hineinspielen, und wie sich das auf unsere Begegnungen mit anderen Menschen auswirkt.","type":{"conference_id":131,"conference":"37C3","color":"#7f73c6","updated_at":"2023-12-30T22:18+0000","name":"Workshop","id":46133},"title":"Konsens und soziale Skripte","end_timestamp":{"seconds":1703686800,"nanoseconds":0},"android_description":"Soziale Skripte beeinflussen unser ganzes Leben, ohne dass wir es mitbekommen. Ganz allgemein sind soziale Skripte kulturell geformte Leitfäden, die bestimmen, wie man sich in bestimmten Situationen verhalten soll. In dem Workshop wollen wir uns anschauen, welche sozialen Skripte uns bei der Interaktion mit anderen Menschen begleiten und wie sich das auf einen Konsensfindungsprozess in zwischenmenschlichen Beziehungen und Sexualität auswirkt.\n\n\nIhn den Workshop soll es darum gehen, wie wir Konsens leben, wie verinnerlichte soziale Skripte in unsere Konsensfindung hineinspielen, und wie sich das auf unsere Begegnungen mit anderen Menschen auswirkt.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53497,53806],"name":"Smettbo","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52359}],"timeband_id":1140,"links":[],"end":"2023-12-27T14:20:00.000-0000","id":53497,"begin_timestamp":{"seconds":1703679600,"nanoseconds":0},"village_id":null,"tag_ids":[46133,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52359}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"begin":"2023-12-27T12:20:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"## About\r\nIn this session you learn how build the [37C3 Fahrplan app for Android](https://play.google.com/store/apps/details?id=info.metadude.android.congress.schedule) yourself. You customize colors, change code and bring your own ideas.\r\n\r\n## Language\r\n- I will talk in English to reach most people. German is fine, too.\r\n- Ich werde auf Englisch sprechen, um die Mehrzahl der Menschen zu erreichen. Ich kann bei Bedarf auf Deutsch kommunizieren.\r\n\r\n## Requirements\r\n- Some experience with Android, Kotlin, Git is helpful.\r\n- Bring your own Android smartphone or tablet (minimum Android 5, Lollipop).\r\n- Bring your own USB cable fitting with your Android device & computer.\r\n- Bring your own computer with [Android Studio (latest stable)](https://developer.android.com/studio) installed.\r\n- Have the project **already cloned** to your machine. Here is the [source code]( https://github.com/EventFahrplan/EventFahrplan)\r\n- Build the project at least once to download the Android SDK and libraries **before** you come. ⚠️ This will take some time!\r\n\r\n## Your ideas\r\n- I am looking forward to getting to know your ideas shared with everyone. Let them become reality!\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Build your own 37C3 Fahrplan app for Android","android_description":"## About\r\nIn this session you learn how build the [37C3 Fahrplan app for Android](https://play.google.com/store/apps/details?id=info.metadude.android.congress.schedule) yourself. You customize colors, change code and bring your own ideas.\r\n\r\n## Language\r\n- I will talk in English to reach most people. German is fine, too.\r\n- Ich werde auf Englisch sprechen, um die Mehrzahl der Menschen zu erreichen. Ich kann bei Bedarf auf Deutsch kommunizieren.\r\n\r\n## Requirements\r\n- Some experience with Android, Kotlin, Git is helpful.\r\n- Bring your own Android smartphone or tablet (minimum Android 5, Lollipop).\r\n- Bring your own USB cable fitting with your Android device & computer.\r\n- Bring your own computer with [Android Studio (latest stable)](https://developer.android.com/studio) installed.\r\n- Have the project **already cloned** to your machine. Here is the [source code]( https://github.com/EventFahrplan/EventFahrplan)\r\n- Build the project at least once to download the Android SDK and libraries **before** you come. ⚠️ This will take some time!\r\n\r\n## Your ideas\r\n- I am looking forward to getting to know your ideas shared with everyone. Let them become reality!","end_timestamp":{"seconds":1703683800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T13:30:00.000-0000","id":53614,"begin_timestamp":{"seconds":1703678400,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T12:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Digitale Barrierefreiheit wird in der EU 2025 endlich zur Pflicht. Zumindest für Einige. \r\nViele informieren sich bereits, wie sie Webseiten barrierefreier machen können und hangeln sich an den Prüfschritten von WCAG, BITV und EN 301 549 entlang.\r\nAndere bauen darauf, ab dem Stichtag einfach ein Overlay-Tool zu installieren, was das mit der Barrierefreiheit dann schon richten soll. \r\nAber so einfach ist es nicht. Nie war es wichtiger, sauberen HTML-Code mit innovativem CSS zu kombinieren, um das hinzubekommen, das ich \"RIAN\" getauft habe: Responsive to Individual Accessibility Needs.\r\n\r\nWas genau das ist und welche Bedürfnisse hinsichtlich der Barrierefreiheit bereits mit dem Ansatz befriedigt werden können und wo noch die richtigen Mechanismen fehlen, wird Inhalt dieses Talks.\n\n\nResponsives Webdesign stand lange Zeit nur für die Technik, Webseiten an verschiedene Bildschirmgrößen anpassen zu können. \r\nDabei gibt es viel mehr Möglichkeiten, Webseiten nicht nur für Geräte anzupassen, sondern auch an die individuellen Bedürfnisse der Nutzer:innen. \r\nRadikal gedacht, einfach gemacht.\r\n\r\nAnnika Brinkmann stellt ihren neuen Ansatz erstmals vor.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#f6ae74","name":"Talk 90 Minuten +15m Q&A","id":46132},"title":"RIAN: Responsive to Individual Accessibility Needs","android_description":"Digitale Barrierefreiheit wird in der EU 2025 endlich zur Pflicht. Zumindest für Einige. \r\nViele informieren sich bereits, wie sie Webseiten barrierefreier machen können und hangeln sich an den Prüfschritten von WCAG, BITV und EN 301 549 entlang.\r\nAndere bauen darauf, ab dem Stichtag einfach ein Overlay-Tool zu installieren, was das mit der Barrierefreiheit dann schon richten soll. \r\nAber so einfach ist es nicht. Nie war es wichtiger, sauberen HTML-Code mit innovativem CSS zu kombinieren, um das hinzubekommen, das ich \"RIAN\" getauft habe: Responsive to Individual Accessibility Needs.\r\n\r\nWas genau das ist und welche Bedürfnisse hinsichtlich der Barrierefreiheit bereits mit dem Ansatz befriedigt werden können und wo noch die richtigen Mechanismen fehlen, wird Inhalt dieses Talks.\n\n\nResponsives Webdesign stand lange Zeit nur für die Technik, Webseiten an verschiedene Bildschirmgrößen anpassen zu können. \r\nDabei gibt es viel mehr Möglichkeiten, Webseiten nicht nur für Geräte anzupassen, sondern auch an die individuellen Bedürfnisse der Nutzer:innen. \r\nRadikal gedacht, einfach gemacht.\r\n\r\nAnnika Brinkmann stellt ihren neuen Ansatz erstmals vor.","end_timestamp":{"seconds":1703684700,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53578],"name":"Annika Brinkmann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52260}],"timeband_id":1140,"links":[],"end":"2023-12-27T13:45:00.000-0000","id":53578,"begin_timestamp":{"seconds":1703678400,"nanoseconds":0},"village_id":null,"tag_ids":[46132,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52260}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T12:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"At the Chaoswelle assembly we will give a short introduction to the amateur radio activity program \"Parks On The Air\" (POTA for short) and portable operation (duration approx. 30 minutes). Afterwards, we will start a joint park activation with you on shortwave in the \"Planten un Bloomen\" park in the immediate vicinity of the CCH (duration approx. 120 minutes).\r\n\r\nNo previous experience is necessary; the necessary equipment is provided. Those interested in radio are also explicitly invited and can practice practical radio operations with our training call sign.\r\n\r\nWeatherproof clothing is absolutely necessary for radio operations in the park, as we will definitely be going out (exception: freezing rain or thunderstorms).\r\n\r\nThe event takes place on all four days.\n\n\nEinführung in Parks On The Air (POTA) mit DC1TC und DK4HAA","title":"POTA – Parks on the Air [Day 1]","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703687400,"nanoseconds":0},"android_description":"At the Chaoswelle assembly we will give a short introduction to the amateur radio activity program \"Parks On The Air\" (POTA for short) and portable operation (duration approx. 30 minutes). Afterwards, we will start a joint park activation with you on shortwave in the \"Planten un Bloomen\" park in the immediate vicinity of the CCH (duration approx. 120 minutes).\r\n\r\nNo previous experience is necessary; the necessary equipment is provided. Those interested in radio are also explicitly invited and can practice practical radio operations with our training call sign.\r\n\r\nWeatherproof clothing is absolutely necessary for radio operations in the park, as we will definitely be going out (exception: freezing rain or thunderstorms).\r\n\r\nThe event takes place on all four days.\n\n\nEinführung in Parks On The Air (POTA) mit DC1TC und DK4HAA","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T14:30:00.000-0000","id":53464,"begin_timestamp":{"seconds":1703678400,"nanoseconds":0},"tag_ids":[46137,46139,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chaoswelle","hotel":"","short_name":"Chaoswelle","id":46141},"begin":"2023-12-27T12:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Was auch immer wir im Internet tun, es wird aufgezeichnet und ausgewertet, um uns zielgerichtet Werbung anzuzeigen. An diese triste Realität haben sich viel zu viele Menschen längst gewöhnt. Wo genau unsere Daten landen, wenn wir Websites aufrufen oder Apps nutzen, das können die wenigsten nachvollziehen. Bis jetzt.\r\n\r\nDurch ein Dokument, das eigentlich nicht für die Öffentlichkeit bestimmt war, konnten wir dieses Jahr einen einmaligen Einblick gewinnen. Es ist die Angebotsliste von Xandr, einem der größten Datenmarktplätze der Werbewelt. Sie enthält mehr als 650.000 unterschiedliche Zielgruppenkategorien - also Schubladen für Menschen, um sie mit Targeted Advertising zu erreichen.\r\n\r\nBei einigen dieser Kategorien möchte man laut auflachen, bei anderen bleibt einem das Lachen im Halse stecken. Ob „fragile Senioren“ oder „leidenschaftliche Liebhaber“, ob shopping-versessene Mütter oder Menschen mit Essstörung, ob deutsche Soldat:innen oder „Geringverdiener ohne Orientierung“ – sie alle lassen sich durch die Werbeindustrie gezielt ins Visier nehmen.\r\n\r\n„Diese Liste ist das gewaltigste Dokument über den globalen Datenhandel, das ich je gesehen habe“, sagt der Wiener Tracking-Forscher Wolfie Christl und spricht von einem Skandal. Florian Glatzner vom Verbraucherzentrale Bundesverband spricht gar vom „Snowden-Moment der Online-Werbebranche\". Denn dass Werbeindustrie und Datenhändler uns überwachen, wussten wir schon lange – jetzt haben wir schwarz auf weiß, wie invasiv und detailliert das passiert.\r\n\r\nWochenlang haben wir das Dokument ausgewertet, unter anderem mit Hilfe des Datenjournalisten Johannes Gille und unserer Kollegen von The Markup aus den USA. Wir decken Hunderte äußerst bedenkliche Segmente über die Schwächen und das Verhalten von Bürger:innen aus 15 EU-Ländern auf. Wir belegen erstmals, wie stark inzwischen auch deutsche Firmen am Geschäft mit unseren Daten mitverdienen. Und wir dokumentieren, auf welch tönernen Füßen dieses Business rechtlich steht.\r\n\r\nIn unserem Vortrag präsentieren wir die wichtigsten Ergebnisse unserer \r\n[Artikel-Serie](https://netzpolitik.org/tag/die-xandr-recherche/) und die Methoden unserer Recherche. Mehrere internationale Medien haben die Recherche bereits aufgegriffen und Analysen für die USA, Australien, die Niederlande und die Schweiz veröffentlicht\r\n\r\nWir zeigen, wo genau Interessierte an die Recherche anknüpfen können – und wie Nutzer:innen selbst aktiv werden können. Nicht zuletzt machen wir klar: Das System kann weg, denn es gibt längst Alternativen zur Überwachungsindustrie.\n\n\nDieses Jahr konnten wir erstmals im Detail nachvollziehen, wie invasiv und kleinteilig uns Werbefirmen und Datenhändler im Netz kategorisieren. Denn Microsofts Datenmarktplatz Xandr hat versehentlich ein riesiges Dokument veröffentlicht, das ungeahnte Einblicke hinter die Kulissen die Werbeindustrie erlaubt. In der Folge haben mehrere Datenschutzbehörden aus Deutschland und der EU mitgeteilt, die betroffenen Firmen und ihr Geschäft zu prüfen. Aller Cookie-Müdigkeit zum Trotz zeigt unsere Recherche: Aufgeben ist nicht. Es gibt Alternativen für das Geschäft mit unseren Daten, für die es sich zu kämpfen lohnt.","title":"Die Akte Xandr: Ein tiefer Blick in den Abgrund der Datenindustrie","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"Was auch immer wir im Internet tun, es wird aufgezeichnet und ausgewertet, um uns zielgerichtet Werbung anzuzeigen. An diese triste Realität haben sich viel zu viele Menschen längst gewöhnt. Wo genau unsere Daten landen, wenn wir Websites aufrufen oder Apps nutzen, das können die wenigsten nachvollziehen. Bis jetzt.\r\n\r\nDurch ein Dokument, das eigentlich nicht für die Öffentlichkeit bestimmt war, konnten wir dieses Jahr einen einmaligen Einblick gewinnen. Es ist die Angebotsliste von Xandr, einem der größten Datenmarktplätze der Werbewelt. Sie enthält mehr als 650.000 unterschiedliche Zielgruppenkategorien - also Schubladen für Menschen, um sie mit Targeted Advertising zu erreichen.\r\n\r\nBei einigen dieser Kategorien möchte man laut auflachen, bei anderen bleibt einem das Lachen im Halse stecken. Ob „fragile Senioren“ oder „leidenschaftliche Liebhaber“, ob shopping-versessene Mütter oder Menschen mit Essstörung, ob deutsche Soldat:innen oder „Geringverdiener ohne Orientierung“ – sie alle lassen sich durch die Werbeindustrie gezielt ins Visier nehmen.\r\n\r\n„Diese Liste ist das gewaltigste Dokument über den globalen Datenhandel, das ich je gesehen habe“, sagt der Wiener Tracking-Forscher Wolfie Christl und spricht von einem Skandal. Florian Glatzner vom Verbraucherzentrale Bundesverband spricht gar vom „Snowden-Moment der Online-Werbebranche\". Denn dass Werbeindustrie und Datenhändler uns überwachen, wussten wir schon lange – jetzt haben wir schwarz auf weiß, wie invasiv und detailliert das passiert.\r\n\r\nWochenlang haben wir das Dokument ausgewertet, unter anderem mit Hilfe des Datenjournalisten Johannes Gille und unserer Kollegen von The Markup aus den USA. Wir decken Hunderte äußerst bedenkliche Segmente über die Schwächen und das Verhalten von Bürger:innen aus 15 EU-Ländern auf. Wir belegen erstmals, wie stark inzwischen auch deutsche Firmen am Geschäft mit unseren Daten mitverdienen. Und wir dokumentieren, auf welch tönernen Füßen dieses Business rechtlich steht.\r\n\r\nIn unserem Vortrag präsentieren wir die wichtigsten Ergebnisse unserer \r\n[Artikel-Serie](https://netzpolitik.org/tag/die-xandr-recherche/) und die Methoden unserer Recherche. Mehrere internationale Medien haben die Recherche bereits aufgegriffen und Analysen für die USA, Australien, die Niederlande und die Schweiz veröffentlicht\r\n\r\nWir zeigen, wo genau Interessierte an die Recherche anknüpfen können – und wie Nutzer:innen selbst aktiv werden können. Nicht zuletzt machen wir klar: Das System kann weg, denn es gibt längst Alternativen zur Überwachungsindustrie.\n\n\nDieses Jahr konnten wir erstmals im Detail nachvollziehen, wie invasiv und kleinteilig uns Werbefirmen und Datenhändler im Netz kategorisieren. Denn Microsofts Datenmarktplatz Xandr hat versehentlich ein riesiges Dokument veröffentlicht, das ungeahnte Einblicke hinter die Kulissen die Werbeindustrie erlaubt. In der Folge haben mehrere Datenschutzbehörden aus Deutschland und der EU mitgeteilt, die betroffenen Firmen und ihr Geschäft zu prüfen. Aller Cookie-Müdigkeit zum Trotz zeigt unsere Recherche: Aufgeben ist nicht. Es gibt Alternativen für das Geschäft mit unseren Daten, für die es sich zu kämpfen lohnt.","end_timestamp":{"seconds":1703680500,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53606],"name":"Sebastian Meineck","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52375},{"conference_id":131,"event_ids":[53606],"name":"Ingo Dachwitz","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52495}],"timeband_id":1140,"links":[{"label":"Die Xandr-Recherche","type":"link","url":"https://netzpolitik.org/tag/die-xandr-recherche/"}],"end":"2023-12-27T12:35:00.000-0000","id":53606,"begin_timestamp":{"seconds":1703678100,"nanoseconds":0},"tag_ids":[46121,46136,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52495},{"tag_id":46107,"sort_order":1,"person_id":52375}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"begin":"2023-12-27T11:55:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This talk will be a deep dive into automotive digital forensics! We will explore the dynamic landscape of automotive technology and its intricate relationship with digital forensics. Our journey will traverse classical in-vehicle protocols, proprietary communication methods, and external interfaces, revealing these technologies' crucial role in modern vehicles.\r\n\r\nThe current toolkit, used in automotive digital forensics investigations, includes the Berla iVe for infotainment analyses and specialized Airbag controller tools like Bosch CDR. For both, there is a limited understanding of its functionality and reliability, and for Airbag controllers, even contrary research results are available. We'll discover how these tools empower forensic experts to dissect the digital traces left within vehicles and the ecosystem, uncovering invaluable insights.\r\n\r\nAs we embark on this journey, we'll confront significant challenges faced by automotive digital forensics practitioners. These obstacles include limited accessibility to vehicle systems, the integration of proprietary technologies, a shortage of knowledge and expertise in this domain, concerns over safety implications, and the absence of standardized storage systems.\r\n\r\nKeeping pace with the latest research trends, we'll delve into process development, the introduction of additional tools, in-depth analytical methods, and innovative investigation techniques shaping this field's future.\r\n\r\nBut the road ahead is not without twists and turns, and we'll navigate through privacy and security issues that are paramount in the automotive digital forensics landscape. We'll shed light on privacy concerns, referencing investigations like the one conducted by the Mozilla Foundation and explore security topics through real-world examples such as attacks showcased at the Pwn2Own conference and those disclosed by KeenLabs Security. We will also focus on investigations we conducted on Tesla vehicles in the area of digital forensics.\r\n\r\nThroughout this talk, you'll gain insights into the automotive ecosystem's vast capabilities for digital forensics investigations. We'll also tackle the challenges head-on, highlighting the intricate balance between privacy and security in this ever-evolving domain. Whether you're an expert in the field or intrigued by the intersection of technology and automotive investigations, this talk promises to leave you with a profound understanding of the road ahead in automotive digital forensics.\n\n\nThe importance and relevance of vehicles in investigations are increasing. Their digital capabilities are rapidly growing due to the introduction of additional services and features in vehicles and their ecosystem.\r\n\r\nIn this talk on automotive digital forensics, you will embark on a journey through the cutting-edge world of automotive technology and the critical role digital forensics plays in this domain. We will explore the state-of-the-art methods and tools to investigate modern vehicles, shedding light on forensic experts' significant challenges.\r\n\r\nThis presentation delves into the latest research areas and trends, providing insights into how technology rapidly evolves in the automotive industry, creating opportunities and challenges for digital forensics specialists. We will also peer into the future, discussing the directions in which automotive digital forensics is heading and the implications for our increasingly connected and autonomous vehicle landscape.\r\n\r\nThrough case studies, you will gain a firsthand look at different investigations conducted on modern vehicles, showcasing the real-world applications of digital forensics in this field--explicitly focusing on privacy issues and security pitfalls in modern vehicles. Whether you're a seasoned expert or a curious enthusiast, this talk will give you a deeper understanding of the complex intersection of automotive technology and digital investigations.","title":"Unlocking the Road Ahead: Automotive Digital Forensics","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703680500,"nanoseconds":0},"android_description":"This talk will be a deep dive into automotive digital forensics! We will explore the dynamic landscape of automotive technology and its intricate relationship with digital forensics. Our journey will traverse classical in-vehicle protocols, proprietary communication methods, and external interfaces, revealing these technologies' crucial role in modern vehicles.\r\n\r\nThe current toolkit, used in automotive digital forensics investigations, includes the Berla iVe for infotainment analyses and specialized Airbag controller tools like Bosch CDR. For both, there is a limited understanding of its functionality and reliability, and for Airbag controllers, even contrary research results are available. We'll discover how these tools empower forensic experts to dissect the digital traces left within vehicles and the ecosystem, uncovering invaluable insights.\r\n\r\nAs we embark on this journey, we'll confront significant challenges faced by automotive digital forensics practitioners. These obstacles include limited accessibility to vehicle systems, the integration of proprietary technologies, a shortage of knowledge and expertise in this domain, concerns over safety implications, and the absence of standardized storage systems.\r\n\r\nKeeping pace with the latest research trends, we'll delve into process development, the introduction of additional tools, in-depth analytical methods, and innovative investigation techniques shaping this field's future.\r\n\r\nBut the road ahead is not without twists and turns, and we'll navigate through privacy and security issues that are paramount in the automotive digital forensics landscape. We'll shed light on privacy concerns, referencing investigations like the one conducted by the Mozilla Foundation and explore security topics through real-world examples such as attacks showcased at the Pwn2Own conference and those disclosed by KeenLabs Security. We will also focus on investigations we conducted on Tesla vehicles in the area of digital forensics.\r\n\r\nThroughout this talk, you'll gain insights into the automotive ecosystem's vast capabilities for digital forensics investigations. We'll also tackle the challenges head-on, highlighting the intricate balance between privacy and security in this ever-evolving domain. Whether you're an expert in the field or intrigued by the intersection of technology and automotive investigations, this talk promises to leave you with a profound understanding of the road ahead in automotive digital forensics.\n\n\nThe importance and relevance of vehicles in investigations are increasing. Their digital capabilities are rapidly growing due to the introduction of additional services and features in vehicles and their ecosystem.\r\n\r\nIn this talk on automotive digital forensics, you will embark on a journey through the cutting-edge world of automotive technology and the critical role digital forensics plays in this domain. We will explore the state-of-the-art methods and tools to investigate modern vehicles, shedding light on forensic experts' significant challenges.\r\n\r\nThis presentation delves into the latest research areas and trends, providing insights into how technology rapidly evolves in the automotive industry, creating opportunities and challenges for digital forensics specialists. We will also peer into the future, discussing the directions in which automotive digital forensics is heading and the implications for our increasingly connected and autonomous vehicle landscape.\r\n\r\nThrough case studies, you will gain a firsthand look at different investigations conducted on modern vehicles, showcasing the real-world applications of digital forensics in this field--explicitly focusing on privacy issues and security pitfalls in modern vehicles. Whether you're a seasoned expert or a curious enthusiast, this talk will give you a deeper understanding of the complex intersection of automotive technology and digital investigations.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53596],"name":"Kevin Gomez","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52396}],"timeband_id":1140,"end":"2023-12-27T12:35:00.000-0000","links":[{"label":"Personal website","type":"link","url":"https://k-gomez.com"},{"label":"ORCID","type":"link","url":"https://orcid.org/0000-0002-5597-3913"}],"id":53596,"village_id":null,"tag_ids":[46124,46136,46140],"begin_timestamp":{"seconds":1703678100,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52396}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","begin":"2023-12-27T11:55:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Climate Engineering ist das menschliche Eingreifen mittels großskaliger Technologien, um das globale Klimasystem zu beeinflussen. Dank Hollywoodfilmen und gefährlichem Halbwissen kennen wir diverse Untergangsszenarien zu dem Thema, wissen aber kaum wie Fotosynthese und Gesteinsverwitterung uns Menschen zum Erreichen unserer Klimaziele weiterhelfen können. Dass Steine CO2 aus der Luft holen und Jahrmillionen speichern können, ist für die allermeisten Menschen neu. In meinem Vortrag möchte ich aufklären, warum CO2 Entnahme aus der Atmosphäre (Negative Emissionen) ein wichtiger Baustein der Netto-Null Klimastrategie sind und in welchen Formen diese umgesetzt werden kann. Neben der biologischen und geochemischen CO2-Entnahme durch Fotosynthese und Gesteinsverwitterung, gibt es noch elektrochemische Methoden, um CO2 direkt aus der Luft oder indirekt über das Meer zu entnehmen. Ich berichte außerdem aus meiner aktuellen Forschung in der ich Gesteinsmehl und Pflanzenkohle als Bodenverbesserer und zur CO2-Entnahme in der Landwirtschaft erforsche.\n\n\nDie Klimakrise eskaliert, 2023 wird voraussichtlich das wärmste Jahr seit Aufzeichnung gewesen sein, und es brennt und brennt und brennt. Während das verbleibende CO2-Budget zur Einhaltung der 2°C-Grenze schneller als je zuvor schrumpft, wird der Ruf nach einfachen, technologischen Lösungen laut. Eine globale Abkühlung des Klimas durch Climate Engineering wird von der Politik gerne als Universallösung angepriesen. Aber können wir das CO2, das wir ausstoßen, so einfach aus der Luft saugen und mit „negativen Emissionen“ das Klima retten? Dr. Maria-Elena Vorrath forscht an der Universität Hamburg an Gesteinsverwitterung und Pflanzenkohle, zwei Methoden, die CO2 aus der Atmosphäre entziehen, und klärt in ihrem Vortrag über negative Emissionen, ihr globales Potential und den aktuellen Forschungsstand auf. Und es gibt Memes.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"Hacking the Climate","end_timestamp":{"seconds":1703680500,"nanoseconds":0},"android_description":"Climate Engineering ist das menschliche Eingreifen mittels großskaliger Technologien, um das globale Klimasystem zu beeinflussen. Dank Hollywoodfilmen und gefährlichem Halbwissen kennen wir diverse Untergangsszenarien zu dem Thema, wissen aber kaum wie Fotosynthese und Gesteinsverwitterung uns Menschen zum Erreichen unserer Klimaziele weiterhelfen können. Dass Steine CO2 aus der Luft holen und Jahrmillionen speichern können, ist für die allermeisten Menschen neu. In meinem Vortrag möchte ich aufklären, warum CO2 Entnahme aus der Atmosphäre (Negative Emissionen) ein wichtiger Baustein der Netto-Null Klimastrategie sind und in welchen Formen diese umgesetzt werden kann. Neben der biologischen und geochemischen CO2-Entnahme durch Fotosynthese und Gesteinsverwitterung, gibt es noch elektrochemische Methoden, um CO2 direkt aus der Luft oder indirekt über das Meer zu entnehmen. Ich berichte außerdem aus meiner aktuellen Forschung in der ich Gesteinsmehl und Pflanzenkohle als Bodenverbesserer und zur CO2-Entnahme in der Landwirtschaft erforsche.\n\n\nDie Klimakrise eskaliert, 2023 wird voraussichtlich das wärmste Jahr seit Aufzeichnung gewesen sein, und es brennt und brennt und brennt. Während das verbleibende CO2-Budget zur Einhaltung der 2°C-Grenze schneller als je zuvor schrumpft, wird der Ruf nach einfachen, technologischen Lösungen laut. Eine globale Abkühlung des Klimas durch Climate Engineering wird von der Politik gerne als Universallösung angepriesen. Aber können wir das CO2, das wir ausstoßen, so einfach aus der Luft saugen und mit „negativen Emissionen“ das Klima retten? Dr. Maria-Elena Vorrath forscht an der Universität Hamburg an Gesteinsverwitterung und Pflanzenkohle, zwei Methoden, die CO2 aus der Atmosphäre entziehen, und klärt in ihrem Vortrag über negative Emissionen, ihr globales Potential und den aktuellen Forschungsstand auf. Und es gibt Memes.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53647,53571],"name":"Maria-Elena Vorrath","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52424}],"timeband_id":1140,"links":[],"end":"2023-12-27T12:35:00.000-0000","id":53571,"tag_ids":[46123,46136,46139],"village_id":null,"begin_timestamp":{"seconds":1703678100,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52424}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-27T11:55:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Just one sign switched and all of physics changes: Moving objects lose kinetic energy instead of gaining it and radiating objects get hotter instead of colder. Infinite velocity and infinite temperature are no longer impossible. Stars look like rainbow-colored lines instead of white dots and turning your arrow of time around into your own past is just as easy as turning from left to right. In this talk, we will explore the physics in a spacetime with signature (+,+,+,+) as presented by Greg Egan in the trilogy „Orthogonal“.\r\n\r\nFor everybody. No prior knowledge required. (Knowing metrics is helpful, but they will be explained.)\r\n\r\n🧮🦆\n\n\n","title":"Greg Egan's „Orthogonal“: A universe without timelike dimensions","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"Just one sign switched and all of physics changes: Moving objects lose kinetic energy instead of gaining it and radiating objects get hotter instead of colder. Infinite velocity and infinite temperature are no longer impossible. Stars look like rainbow-colored lines instead of white dots and turning your arrow of time around into your own past is just as easy as turning from left to right. In this talk, we will explore the physics in a spacetime with signature (+,+,+,+) as presented by Greg Egan in the trilogy „Orthogonal“.\r\n\r\nFor everybody. No prior knowledge required. (Knowing metrics is helpful, but they will be explained.)\r\n\r\n🧮🦆","end_timestamp":{"seconds":1703678400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T12:00:00.000-0000","id":53624,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703674800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","begin":"2023-12-27T11:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This will be based on the recently developped NaxRiscv core, a free and opensource RISC-V softcore. I will cover many interresting aspect of the project/flow to provide a overview of many technical aspect in such project :\r\n- Hardware description languages\r\n- CPU design\r\n- Information leak (spectre)\r\n- Memory coherency\r\n- Linux / Debian requirements\r\n- Debugging / Simulation\n\n\nThis lecture will cover many aspect of designing a RISC-V CPU, out-of-order execution, multi-core, memory coherency, security and running linux and debian on a FPGA.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Open CPU / SoC design, all the way up to Debian","end_timestamp":{"seconds":1703677200,"nanoseconds":0},"android_description":"This will be based on the recently developped NaxRiscv core, a free and opensource RISC-V softcore. I will cover many interresting aspect of the project/flow to provide a overview of many technical aspect in such project :\r\n- Hardware description languages\r\n- CPU design\r\n- Information leak (spectre)\r\n- Memory coherency\r\n- Linux / Debian requirements\r\n- Debugging / Simulation\n\n\nThis lecture will cover many aspect of designing a RISC-V CPU, out-of-order execution, multi-core, memory coherency, security and running linux and debian on a FPGA.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53605],"name":"Dolu1990","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52266}],"timeband_id":1140,"end":"2023-12-27T11:40:00.000-0000","links":[{"label":"NaxRiscv git","type":"link","url":"https://github.com/SpinalHDL/NaxRiscv"},{"label":"NaxRiscv running debian on FPGA","type":"link","url":"https://photos.google.com/share/AF1QipMxK9JLgpTvtNzs4T0J6yHfH5qFTTJ1kIYBjLN2FOm_Ukekka8AlrGDt2LnN3gHfQ/photo/AF1QipMWscyVggimC4uzWDsiq-tP_U9BKTM8XhHTXVUI?key=OGs5SVRnSGRqcVNfMVAwNzdKTktOQl9VTUtjVjRR"}],"id":53605,"begin_timestamp":{"seconds":1703674800,"nanoseconds":0},"village_id":null,"tag_ids":[46122,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52266}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"begin":"2023-12-27T11:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Es ist vieles gesagt und geschrieben worden über große Sprachmodelle und die Gefahren, die mit ihnen einhergehen, die Biases, die Verstärkung von Ausbeutung, die Zementierung von Machtverhältnissen und neue Möglichkeiten von Angriffen. Das alles gilt weiterhin. Doch umso mehr sollten wir uns anschauen, wie wir die Technologie mit ihren eigenen Waffen schlagen können. Denn all diese Chatbots haben sich in einem Bereich eingenistet, in dem wir Menschen besonders gut sind: Sprache. Quatschen wir sie in ihr Verderben!\r\n\r\nIn dem Talk erkläre ich anhand von Beispielen aus meinen jüngsten Recherchen, wie wir große Sprachmodelle anders nutzen können, als sie möglicherweise gedacht sind – und wie wir damit Gutes tun können. Beispielsweise habe ich Chatbots per social engineering dazu gebracht, ihre dunklen Geheimnisse – wie manipulierende Initial Prompts – zu verraten, und damit dahinterstehende Firmen und deren verwerfliche Machenschaften entblößt. Oder mir bei investigativen Recherchen zu helfen, die besten Google Dorks zu erklären, Verstecktes in Bildern zu erkennen und Dinge zu verraten, die sie eigentlich nicht preisgeben sollen – wie Julian Reichelts private E-Mail-Adresse oder gesammelte E-Mail-Adressen aller Gesundheitsämter in Rheinland-Pfalz.\r\n\r\nEs wird unterhaltsam. Und es gibt viel mitzunehmen: Zuhörer:innen lernen dabei nicht nur sinnvolle Tricks für ihre eigenen Recherchen, sondern ganz nebenbei auch, wie sie ihre eigenen Daten besser schützen können.\n\n\nChatbots lassen sich durch Sprache manipulieren. Und Sprache, das ist etwas, das wir Menschen gut können! Das ist eine gute Nachricht. In diesem Talk soll es darum gehen, unsere Ohnmacht zu lindern und zu verstehen, dass wir ziemlich vieles gut können, was uns hilft, große Sprachmodelle für unsere Zwecke zu nutzen (und möglicherweise anders, als sie gedacht sind). Social Engineering und – quatschen.","title":"Unsere Worte sind unsere Waffen ","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"Es ist vieles gesagt und geschrieben worden über große Sprachmodelle und die Gefahren, die mit ihnen einhergehen, die Biases, die Verstärkung von Ausbeutung, die Zementierung von Machtverhältnissen und neue Möglichkeiten von Angriffen. Das alles gilt weiterhin. Doch umso mehr sollten wir uns anschauen, wie wir die Technologie mit ihren eigenen Waffen schlagen können. Denn all diese Chatbots haben sich in einem Bereich eingenistet, in dem wir Menschen besonders gut sind: Sprache. Quatschen wir sie in ihr Verderben!\r\n\r\nIn dem Talk erkläre ich anhand von Beispielen aus meinen jüngsten Recherchen, wie wir große Sprachmodelle anders nutzen können, als sie möglicherweise gedacht sind – und wie wir damit Gutes tun können. Beispielsweise habe ich Chatbots per social engineering dazu gebracht, ihre dunklen Geheimnisse – wie manipulierende Initial Prompts – zu verraten, und damit dahinterstehende Firmen und deren verwerfliche Machenschaften entblößt. Oder mir bei investigativen Recherchen zu helfen, die besten Google Dorks zu erklären, Verstecktes in Bildern zu erkennen und Dinge zu verraten, die sie eigentlich nicht preisgeben sollen – wie Julian Reichelts private E-Mail-Adresse oder gesammelte E-Mail-Adressen aller Gesundheitsämter in Rheinland-Pfalz.\r\n\r\nEs wird unterhaltsam. Und es gibt viel mitzunehmen: Zuhörer:innen lernen dabei nicht nur sinnvolle Tricks für ihre eigenen Recherchen, sondern ganz nebenbei auch, wie sie ihre eigenen Daten besser schützen können.\n\n\nChatbots lassen sich durch Sprache manipulieren. Und Sprache, das ist etwas, das wir Menschen gut können! Das ist eine gute Nachricht. In diesem Talk soll es darum gehen, unsere Ohnmacht zu lindern und zu verstehen, dass wir ziemlich vieles gut können, was uns hilft, große Sprachmodelle für unsere Zwecke zu nutzen (und möglicherweise anders, als sie gedacht sind). Social Engineering und – quatschen.","end_timestamp":{"seconds":1703677200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53595],"name":"Eva Wolfangel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52259}],"timeband_id":1140,"links":[],"end":"2023-12-27T11:40:00.000-0000","id":53595,"village_id":null,"begin_timestamp":{"seconds":1703674800,"nanoseconds":0},"tag_ids":[46121,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52259}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T11:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The iPhone's Lightning connector was a proprietary beast with a lot of hidden features: By sending custom SDQ commands there, it was possible to get it to expose hardware debugging features such as JTAG and UART. For a long time, this was only easily possible using either gray and black-market cables such as the Kanzi-Cable, or proprietary tools such as the Bonobo Cable. Last year, we released an open-source tool to get access to the iPhone debugging features called the Tamarin Cable - finally allowing anyone to get JTAG and UART on the iPhone for just a couple of $ in parts. \r\n\r\nBut then the iPhone 15 came along, and with that USB-C: All previous hardware and software tooling basically became useless, but that did not stop us from trying: We knew from the Apple Silicon macs and the work of t8012-team and the AsahiLinux project that Apple uses USB-C's VDM feature - Vendor Defined Messages - to allow access to features such as the UART console, and so chances were high that we could use something similar to get access to the hardware debugging features on the iPhone 15.\r\n\r\nSo we pre-ordered the iPhone 15, a couple of PCBs, a case of Club Mate and got started: And less than 48 hours after the launch we got JTAG working on the iPhone 15.\r\n\r\nIn this talk we will start by looking at the history of iPhone and Lightning hardware hacking, and then look at how USB-C is used for debugging on Apple Silicon devices, and what we had to do to get JTAG on the iPhone 15.\r\n\r\nWe will also use this talk to release the new version of the open-source Tamarin Cable firmware: Tamarin-C. A fully integrated, open-source debugging probe for the iPhone 15 and other Apple Silicon devices. Tamarin-C is also able to give access to a DFU mode that you can't access without sending VDMs.\r\n\r\n\r\nNote: This talk will not contain any 0days or previously unknown vulnerabilities. Production iPhones are locked, and so while we get access to some of the device's busses we can't for example access the CPU core.\r\n\r\n\r\nThis talk is about building tooling for future work.\n\n\nHardware hacking tooling for the new iPhone generation\r\n\r\nIf you've followed the iPhone hacking scene you probably heard about cables such as the Kanzi Cable, Kong Cable, Bonobo Cable, and so on: Special cables that allow access to hardware debugging features on Lightning-based iPhones such as UART and JTAG. However with the iPhone 15, all of those tools became basically useless: USB-C is here, and with that we need new hardware and software tooling.\r\n\r\nThis talk gives you a brief history of iPhone hardware hacking through the Lightning port, and then looks at the new iPhone 15, and how - using vendor defined messages, modifying existing tooling like the Central Scrutinizer, and a bit of hardware hacking - we managed to get access to the (unfortunately locked on production devices) JTAG interface exposed on the USB-C port on the new iPhone 15.\r\n\r\nAnd how you can do it using open-source tooling too.","title":"Apple's iPhone 15: Under the C","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703677200,"nanoseconds":0},"android_description":"The iPhone's Lightning connector was a proprietary beast with a lot of hidden features: By sending custom SDQ commands there, it was possible to get it to expose hardware debugging features such as JTAG and UART. For a long time, this was only easily possible using either gray and black-market cables such as the Kanzi-Cable, or proprietary tools such as the Bonobo Cable. Last year, we released an open-source tool to get access to the iPhone debugging features called the Tamarin Cable - finally allowing anyone to get JTAG and UART on the iPhone for just a couple of $ in parts. \r\n\r\nBut then the iPhone 15 came along, and with that USB-C: All previous hardware and software tooling basically became useless, but that did not stop us from trying: We knew from the Apple Silicon macs and the work of t8012-team and the AsahiLinux project that Apple uses USB-C's VDM feature - Vendor Defined Messages - to allow access to features such as the UART console, and so chances were high that we could use something similar to get access to the hardware debugging features on the iPhone 15.\r\n\r\nSo we pre-ordered the iPhone 15, a couple of PCBs, a case of Club Mate and got started: And less than 48 hours after the launch we got JTAG working on the iPhone 15.\r\n\r\nIn this talk we will start by looking at the history of iPhone and Lightning hardware hacking, and then look at how USB-C is used for debugging on Apple Silicon devices, and what we had to do to get JTAG on the iPhone 15.\r\n\r\nWe will also use this talk to release the new version of the open-source Tamarin Cable firmware: Tamarin-C. A fully integrated, open-source debugging probe for the iPhone 15 and other Apple Silicon devices. Tamarin-C is also able to give access to a DFU mode that you can't access without sending VDMs.\r\n\r\n\r\nNote: This talk will not contain any 0days or previously unknown vulnerabilities. Production iPhones are locked, and so while we get access to some of the device's busses we can't for example access the CPU core.\r\n\r\n\r\nThis talk is about building tooling for future work.\n\n\nHardware hacking tooling for the new iPhone generation\r\n\r\nIf you've followed the iPhone hacking scene you probably heard about cables such as the Kanzi Cable, Kong Cable, Bonobo Cable, and so on: Special cables that allow access to hardware debugging features on Lightning-based iPhones such as UART and JTAG. However with the iPhone 15, all of those tools became basically useless: USB-C is here, and with that we need new hardware and software tooling.\r\n\r\nThis talk gives you a brief history of iPhone hardware hacking through the Lightning port, and then looks at the new iPhone 15, and how - using vendor defined messages, modifying existing tooling like the Central Scrutinizer, and a bit of hardware hacking - we managed to get access to the (unfortunately locked on production devices) JTAG interface exposed on the USB-C port on the new iPhone 15.\r\n\r\nAnd how you can do it using open-source tooling too.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53582],"name":"stacksmashing","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52372}],"timeband_id":1140,"links":[{"label":"Video: Getting JTAG on the iPhone 15","type":"link","url":"https://www.youtube.com/watch?v=D8UGlvBubkA"},{"label":"Tamarin Firmware (For Lightning-based iPhones)","type":"link","url":"https://github.com/stacksmashing/tamarin-firmware/"},{"label":"The Hitchhacker’s Guide to iPhone Lightning and JTAG Hacking","type":"link","url":"https://www.youtube.com/watch?v=8p3Oi4DL0eI"},{"label":"Central Scrutinizer","type":"link","url":"https://git.kernel.org/pub/scm/linux/kernel/git/maz/cs-sw.git/about/"},{"label":"Asahi Linux USB-PD","type":"link","url":"https://github.com/AsahiLinux/docs/wiki/HW:USB-PD"}],"end":"2023-12-27T11:40:00.000-0000","id":53582,"village_id":null,"tag_ids":[46124,46136,46140],"begin_timestamp":{"seconds":1703674800,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52372}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","begin":"2023-12-27T11:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Besonderes Augenmerk wird liegen auf:\r\n\r\n- Adbusting: Werbung im öffentlichen Raum (Außenwerbung) verfremden, überkleben oder auf andere Weise umgestalten\r\n- Offiziell wirkende Rundschreiben\r\n- Kommunikationsguerilla im digitalen Raum\r\n\r\n*Die Session findet statt in der freien Fläche vor Raum F (nicht in Raum F).*\r\n\r\n🧮\n\n\nWer nicht Chefredakteur einer großen Zeitung ist, kann auf andere Art die öffentliche Debatte vorantreiben: Kommunikationsguerilla im öffentlichen Raum schafft Erregungskorridore, an denen die öffentliche Debatte aufgehängt werden kann. Wir haben den Hergang verschiedener vergangener Projekte, kleinere wie größere, rekonstruiert und geben Tipps zu Theorie und Praxis.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"title":"Subversive Kommunikation im öffentlichen Raum (Kommunikationsguerilla)","end_timestamp":{"seconds":1703677800,"nanoseconds":0},"android_description":"Besonderes Augenmerk wird liegen auf:\r\n\r\n- Adbusting: Werbung im öffentlichen Raum (Außenwerbung) verfremden, überkleben oder auf andere Weise umgestalten\r\n- Offiziell wirkende Rundschreiben\r\n- Kommunikationsguerilla im digitalen Raum\r\n\r\n*Die Session findet statt in der freien Fläche vor Raum F (nicht in Raum F).*\r\n\r\n🧮\n\n\nWer nicht Chefredakteur einer großen Zeitung ist, kann auf andere Art die öffentliche Debatte vorantreiben: Kommunikationsguerilla im öffentlichen Raum schafft Erregungskorridore, an denen die öffentliche Debatte aufgehängt werden kann. Wir haben den Hergang verschiedener vergangener Projekte, kleinere wie größere, rekonstruiert und geben Tipps zu Theorie und Praxis.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T11:50:00.000-0000","id":53575,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703674800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"begin":"2023-12-27T11:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"On day 1 at 11:45 AM is the opening of the Sendezentrum assembly. All remote participants can dial in via our campfire jitsi: https://jitsi.binary-kitchen.de/Sendezentrum (experiment!). We discuss the location and the program and explain where helping hands are still needed.\n\n\nEröffnung der Sendezentrum Assembly","title":"Sendezentrum Assembly Eröffnung","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703674800,"nanoseconds":0},"android_description":"On day 1 at 11:45 AM is the opening of the Sendezentrum assembly. All remote participants can dial in via our campfire jitsi: https://jitsi.binary-kitchen.de/Sendezentrum (experiment!). We discuss the location and the program and explain where helping hands are still needed.\n\n\nEröffnung der Sendezentrum Assembly","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T11:00:00.000-0000","id":53573,"village_id":null,"begin_timestamp":{"seconds":1703673900,"nanoseconds":0},"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Sendezentrum Assembly","hotel":"","short_name":"Sendezentrum Assembly","id":46139},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T10:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://pretalx.c3voc.de/37c3-haecksen-workshops-2023/talk/GN9LDH/\n\n\n","title":"QR-Codes ohne Computer lesen","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703680800,"nanoseconds":0},"android_description":"https://pretalx.c3voc.de/37c3-haecksen-workshops-2023/talk/GN9LDH/","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T12:40:00.000-0000","id":53877,"begin_timestamp":{"seconds":1703673600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T10:40:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir bringen Euch eine Technik bei, mit der Ihr die Inhalte von QR-Codes lesen könnt, ohne sie mit einem Gerät zu scannen. Dafür schauen wir uns den Aufbau von QR-Codes genau an und sprechen über die verschiedenen Codierungen, die dabei eine Rolle spielen. Wir möchten alle Teilnehmenden in die Lage versetzen, diese Codes selbst zu lesen und werden dafür auch Übungsbeispiele liefern.\r\n\r\nUnd so ist es in Zukunft für Euch kein Problem, wenn Ihr an einem QR-Code vorbeikommt und Euer Smartphone-Akku leer ist...\n\n\nWusstet Ihr, dass es möglich ist, QR-Codes ohne Computer zu lesen? Wir geben einen Einblick in die Funktiosweise von QR-Codes und zeigen Eselsbrücken und Hilfsmittel zum Entschlüsseln ohne Computer oder Smartphone.","title":"QR-Codes lesen ohne Computer","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#7f73c6","name":"Workshop","id":46133},"android_description":"Wir bringen Euch eine Technik bei, mit der Ihr die Inhalte von QR-Codes lesen könnt, ohne sie mit einem Gerät zu scannen. Dafür schauen wir uns den Aufbau von QR-Codes genau an und sprechen über die verschiedenen Codierungen, die dabei eine Rolle spielen. Wir möchten alle Teilnehmenden in die Lage versetzen, diese Codes selbst zu lesen und werden dafür auch Übungsbeispiele liefern.\r\n\r\nUnd so ist es in Zukunft für Euch kein Problem, wenn Ihr an einem QR-Code vorbeikommt und Euer Smartphone-Akku leer ist...\n\n\nWusstet Ihr, dass es möglich ist, QR-Codes ohne Computer zu lesen? Wir geben einen Einblick in die Funktiosweise von QR-Codes und zeigen Eselsbrücken und Hilfsmittel zum Entschlüsseln ohne Computer oder Smartphone.","end_timestamp":{"seconds":1703679000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53491],"name":"Piko","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52310},{"conference_id":131,"event_ids":[53491],"name":"blinry","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52391}],"timeband_id":1140,"links":[],"end":"2023-12-27T12:10:00.000-0000","id":53491,"tag_ids":[46133,46139],"begin_timestamp":{"seconds":1703673600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52310},{"tag_id":46107,"sort_order":1,"person_id":52391}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"begin":"2023-12-27T10:40:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/jeanette-tr-sbien/0116a","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Jeanette Trèsbien","android_description":"https://soundcloud.com/jeanette-tr-sbien/0116a","end_timestamp":{"seconds":1703682000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T13:00:00.000-0000","id":53861,"tag_ids":[46137,46141],"village_id":null,"begin_timestamp":{"seconds":1703671200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Eine der Hauptrollen spielt diesmal niemand geringeres als unser Bundeskanzler Olaf Scholz, der jetzt ernsthaft den einzigen Kunden des Flyerservice Hahn verbieten will.\r\n\r\nNur eins findet er noch schlimmer als die AfD: \"Deepfakes\"!!!!einseins.\r\nHier und heute erfahrt ihr von uns alles zur besten Rede, die Olaf Scholz nie gehalten hat.\r\n\r\nUnd es kommt noch dicker: Ihr seht den von der Bundesrepublik Deutschland verbotenen \"Director's Cut.\" mit dem sich bald Gerichte beschäftigen.\r\n\r\nTaucht mit uns tief in die schmutzigen, rechtsextremen Geheimnisse ein, die uns AfD-Anhänger höchstpersönlich übermittelt haben.\r\n\r\nTrigger-Warnung: Das könnte Lustig werden!\n\n\nEndlich wieder zuhause - endlich wieder in CCH! Wenn das ZPS so etwas wie ein Zuhause hat, dann ist es auf jeden Fall der CCC-Kongress. Natürlich haben wir eine neue Aktion im Gepäck und laden Euch zu einem spannenden Blick hinter die Kulissen ein.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"title":"Scholz greift durch: Die AfD wird verboten - Deepfakes auch!","end_timestamp":{"seconds":1703673600,"nanoseconds":0},"android_description":"Eine der Hauptrollen spielt diesmal niemand geringeres als unser Bundeskanzler Olaf Scholz, der jetzt ernsthaft den einzigen Kunden des Flyerservice Hahn verbieten will.\r\n\r\nNur eins findet er noch schlimmer als die AfD: \"Deepfakes\"!!!!einseins.\r\nHier und heute erfahrt ihr von uns alles zur besten Rede, die Olaf Scholz nie gehalten hat.\r\n\r\nUnd es kommt noch dicker: Ihr seht den von der Bundesrepublik Deutschland verbotenen \"Director's Cut.\" mit dem sich bald Gerichte beschäftigen.\r\n\r\nTaucht mit uns tief in die schmutzigen, rechtsextremen Geheimnisse ein, die uns AfD-Anhänger höchstpersönlich übermittelt haben.\r\n\r\nTrigger-Warnung: Das könnte Lustig werden!\n\n\nEndlich wieder zuhause - endlich wieder in CCH! Wenn das ZPS so etwas wie ein Zuhause hat, dann ist es auf jeden Fall der CCC-Kongress. Natürlich haben wir eine neue Aktion im Gepäck und laden Euch zu einem spannenden Blick hinter die Kulissen ein.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53581],"name":"Philipp Ruch","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52318},{"conference_id":131,"event_ids":[53581],"name":"Stefan Pelzer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52341}],"timeband_id":1140,"links":[],"end":"2023-12-27T10:40:00.000-0000","id":53581,"tag_ids":[46121,46136,46139],"begin_timestamp":{"seconds":1703671200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52318},{"tag_id":46107,"sort_order":1,"person_id":52341}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"> The workshop will be held in German. However, we are also able to communicate in English and are happy to help you in this language.\r\n\r\n### Contents\r\n1. **Basics:** Introduction to controls and game mechanics.\r\n2. **Creative mode:** Unlimited building and creative design.\r\n3. **Survival mode:** Basic skills for resource management and survival.\r\n4. **Collaborative projects:** Teamwork on building projects\r\n\r\n### Participation requirements:\r\n\r\n- **Target group:** Beginners in Minecraft\r\n- **Age:** Children from 6+ years, as well as interested parents and grown-ups\r\n- **Technical requirements:** \r\n\t- **No license required**, we provide user accounts\r\n\t- Own internet-enabled device + charger\r\n\t- Pre-installed Minecraft Education App [download from the manufacturer's website](https://education.minecraft.net/de-de/get-started/download)\r\n\r\n### Registration\r\n- Please register with **Ghenny** in **Kidspace** or via **DECT-2636** \r\n- You will then receive a participation pass\r\n- Max seats: 8\r\n\r\n### Workshop full?\r\nNo problem! If the interest in this workshop is greater than the available places, we will repeat the workshop. So let us know if you are interested in our workshop and watch out for announcements in the Kidspace.\r\n\r\n#### **Wondering?**\r\nAre you curious about Minecraft? Wondering if Minecraft is a suitable game for your child? Do you have questions about safety, game mechanics and the educational aspects of the game? Feel free to contact us! We look forward to the exchange.\n\n\n### Eine pädagogische Einführung in das beliebte Computerspiel mit Minecraft Education.\r\n\r\nWolltest du schon immer einmal wissen, was es mit Minecraft auf sich hat und würdest gerne herausfinden, ob du dich in dieser digitalen Sandkiste wohlfühlst? \r\nUnser 2-stündiger Workshop bietet AnfängerInnen jeden Alters das passende Umfeld, um das beliebte Spiel in Ruhe kennenzulernen.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"title":"Unlock Minecraft: Beginner Workshop - Tag 1","end_timestamp":{"seconds":1703678400,"nanoseconds":0},"android_description":"> The workshop will be held in German. However, we are also able to communicate in English and are happy to help you in this language.\r\n\r\n### Contents\r\n1. **Basics:** Introduction to controls and game mechanics.\r\n2. **Creative mode:** Unlimited building and creative design.\r\n3. **Survival mode:** Basic skills for resource management and survival.\r\n4. **Collaborative projects:** Teamwork on building projects\r\n\r\n### Participation requirements:\r\n\r\n- **Target group:** Beginners in Minecraft\r\n- **Age:** Children from 6+ years, as well as interested parents and grown-ups\r\n- **Technical requirements:** \r\n\t- **No license required**, we provide user accounts\r\n\t- Own internet-enabled device + charger\r\n\t- Pre-installed Minecraft Education App [download from the manufacturer's website](https://education.minecraft.net/de-de/get-started/download)\r\n\r\n### Registration\r\n- Please register with **Ghenny** in **Kidspace** or via **DECT-2636** \r\n- You will then receive a participation pass\r\n- Max seats: 8\r\n\r\n### Workshop full?\r\nNo problem! If the interest in this workshop is greater than the available places, we will repeat the workshop. So let us know if you are interested in our workshop and watch out for announcements in the Kidspace.\r\n\r\n#### **Wondering?**\r\nAre you curious about Minecraft? Wondering if Minecraft is a suitable game for your child? Do you have questions about safety, game mechanics and the educational aspects of the game? Feel free to contact us! We look forward to the exchange.\n\n\n### Eine pädagogische Einführung in das beliebte Computerspiel mit Minecraft Education.\r\n\r\nWolltest du schon immer einmal wissen, was es mit Minecraft auf sich hat und würdest gerne herausfinden, ob du dich in dieser digitalen Sandkiste wohlfühlst? \r\nUnser 2-stündiger Workshop bietet AnfängerInnen jeden Alters das passende Umfeld, um das beliebte Spiel in Ruhe kennenzulernen.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T12:00:00.000-0000","id":53454,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703671200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Kidspace - Workshopraum in Saal B","hotel":"","short_name":"Kidspace - Workshopraum in Saal B","id":46143},"spans_timebands":"N","begin":"2023-12-27T10:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This talk introduces the algorithms used for placement and routing of digital integrated circuits.\r\n\r\nThe talk does \\*not\\* cover:\r\n\\* high-level circuit design (The art of creating meaningful circuits. Often done with languages like Verilog, VHDL, SpinalHDL, Chisel, Amaranth, etc )\r\n\\* logic synthesis (Converts the high-level description into a graph-like circuit description, called netlist)\r\n\r\nPlace-and-route refers to the transformation of a graph-like circuit description (netlist) into a geometrical representation of the circuit (layout).\r\nThe netlist is typically produced by logic synthesis. The netlist consists of many sub-circuits, so called \"standard-cells\" but also \"macro cells\".\r\nStandard-cells implement simple logic functions such as inverters, logical \"and\", \"nand\", \"xor\", and storage elements.\r\nThe netlist may also import larger pre-compiled macro cells such as SRAM blocks.\r\nFor a physical implementation of the circuit, the sub-circuits need to be placed on the chip surface and need to be connected (routed) using metal wires.\r\n\r\nTransforming the netlist into a layout typically requires the following input data:\r\n\\* A netlist of the circuit, of course.\r\n\\* A set of constraints: For example the desired clock frequency and area of the circuit.\r\n\\* Design rules: A set of constraints required for successful fabrication. This typically involves geometrical constraints such as minimum width and spacing of metal wires.\r\n\\* A standard-cell library: This is a set of building-blocks usually used to assemble the circuit. The library contains the geometrical layout of the standard-cells and also information about their timing behavior.\r\n\r\nThen the following steps convert the input data into a layout:\r\n\\* IO-planning: Decide where to put the input and output pins of the circuit.\r\n\\* Floor-planning: Decide how to geometrically arrange various parts of a larger system.\r\n\\* Power distribution: Insert regular rows of metallic power-rails which supply the standard-cells with energy\r\n\\* Global placement: Decide where to roughly place the standard-cells such that the wiring will short and possible\r\n\\* Tie-cell insertion: Provide constant 0 and 1 signals, where needed.\r\n\\* Clock-tree synthesis: Storage elements typically need a clock-signal. Often the clock signal needs to be distributed to a large number of storage elements.\r\n\\* Detail placement: Do fine-tuning, such as snapping the standard-cells to a grid\r\nthe signal propagation delay from the clock source to the storage elements should be more-or-less equally distributed.\r\n\\* Optimizations to meet timing requirements: Some signals might be too slow or to fast. There's a variety of techniques to improve this, such as amplifying signals with buffers.\r\n\\* Routing: The placed cells need to be connected with metal wires.\r\n\\* Filler insertion: fill unused space for example with capacitors to stabilize the supply voltage\r\n\\* Verification: Make sure all constraints are met. Otherwise, try to fix the circuit and repeat above steps in order to converge to a valid solution.\r\n\r\nThis talk will focus on a widely used algorithm for global placement and introduces basic principles of routing algorithms.\r\n\n\n\nAfter a brief introduction to digital circuits this talk will outline placement and routing algorithms used for creating digital integrated circuits.\r\n","title":"Place & route on silicon","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2023-12-30T22:18+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703673600,"nanoseconds":0},"android_description":"This talk introduces the algorithms used for placement and routing of digital integrated circuits.\r\n\r\nThe talk does \\*not\\* cover:\r\n\\* high-level circuit design (The art of creating meaningful circuits. Often done with languages like Verilog, VHDL, SpinalHDL, Chisel, Amaranth, etc )\r\n\\* logic synthesis (Converts the high-level description into a graph-like circuit description, called netlist)\r\n\r\nPlace-and-route refers to the transformation of a graph-like circuit description (netlist) into a geometrical representation of the circuit (layout).\r\nThe netlist is typically produced by logic synthesis. The netlist consists of many sub-circuits, so called \"standard-cells\" but also \"macro cells\".\r\nStandard-cells implement simple logic functions such as inverters, logical \"and\", \"nand\", \"xor\", and storage elements.\r\nThe netlist may also import larger pre-compiled macro cells such as SRAM blocks.\r\nFor a physical implementation of the circuit, the sub-circuits need to be placed on the chip surface and need to be connected (routed) using metal wires.\r\n\r\nTransforming the netlist into a layout typically requires the following input data:\r\n\\* A netlist of the circuit, of course.\r\n\\* A set of constraints: For example the desired clock frequency and area of the circuit.\r\n\\* Design rules: A set of constraints required for successful fabrication. This typically involves geometrical constraints such as minimum width and spacing of metal wires.\r\n\\* A standard-cell library: This is a set of building-blocks usually used to assemble the circuit. The library contains the geometrical layout of the standard-cells and also information about their timing behavior.\r\n\r\nThen the following steps convert the input data into a layout:\r\n\\* IO-planning: Decide where to put the input and output pins of the circuit.\r\n\\* Floor-planning: Decide how to geometrically arrange various parts of a larger system.\r\n\\* Power distribution: Insert regular rows of metallic power-rails which supply the standard-cells with energy\r\n\\* Global placement: Decide where to roughly place the standard-cells such that the wiring will short and possible\r\n\\* Tie-cell insertion: Provide constant 0 and 1 signals, where needed.\r\n\\* Clock-tree synthesis: Storage elements typically need a clock-signal. Often the clock signal needs to be distributed to a large number of storage elements.\r\n\\* Detail placement: Do fine-tuning, such as snapping the standard-cells to a grid\r\nthe signal propagation delay from the clock source to the storage elements should be more-or-less equally distributed.\r\n\\* Optimizations to meet timing requirements: Some signals might be too slow or to fast. There's a variety of techniques to improve this, such as amplifying signals with buffers.\r\n\\* Routing: The placed cells need to be connected with metal wires.\r\n\\* Filler insertion: fill unused space for example with capacitors to stabilize the supply voltage\r\n\\* Verification: Make sure all constraints are met. Otherwise, try to fix the circuit and repeat above steps in order to converge to a valid solution.\r\n\r\nThis talk will focus on a widely used algorithm for global placement and introduces basic principles of routing algorithms.\r\n\n\n\nAfter a brief introduction to digital circuits this talk will outline placement and routing algorithms used for creating digital integrated circuits.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53437],"name":"Thomas","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52275}],"timeband_id":1140,"links":[],"end":"2023-12-27T10:40:00.000-0000","id":53437,"tag_ids":[46122,46136,46140],"village_id":null,"begin_timestamp":{"seconds":1703671200,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52275}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Achievement unlocked! Der 37C3 öffnet seine Pforten und heißt das Publikum herzlich willkommen. Von erfahrenen Zeremonienmeistern wird Euch hier der notwendige Schwung verpasst, geschmeidig durch den Congress zu gleiten und die Vorfreude zu atmen, die das gesamte Team seit Monaten auf die Veranstaltung im Herzen trägt.","type":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","color":"#aa8266","name":"lecture","id":46136},"title":"37C3: Feierliche Eröffnung","end_timestamp":{"seconds":1703671200,"nanoseconds":0},"android_description":"Achievement unlocked! Der 37C3 öffnet seine Pforten und heißt das Publikum herzlich willkommen. Von erfahrenen Zeremonienmeistern wird Euch hier der notwendige Schwung verpasst, geschmeidig durch den Congress zu gleiten und die Vorfreude zu atmen, die das gesamte Team seit Monaten auf die Veranstaltung im Herzen trägt.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"conference_id":131,"event_ids":[53570,53567],"name":"Mullana","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52288}],"timeband_id":1140,"links":[],"end":"2023-12-27T10:00:00.000-0000","id":53570,"village_id":null,"begin_timestamp":{"seconds":1703669400,"nanoseconds":0},"tag_ids":[46119,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52288}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","begin":"2023-12-27T09:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Join us for a cozy, un-ceremonial opening of the House of Tea! Come and chill, learn how to help yourself with the tea and share it, and/or ask any questions about the project, helping, and how you already are part of it! :)\n\n\nJoin us for a cozy, un-ceremonial opening of the House of Tea! Come and chill, learn how to help yourself with the tea and share it, and/or ask any questions about the project, helping, and how you already are part of it! :)","title":"Welcome to the House of Tea! Make it Flow! <3","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2023-12-30T22:18+0000","name":"other","id":46137},"android_description":"Join us for a cozy, un-ceremonial opening of the House of Tea! Come and chill, learn how to help yourself with the tea and share it, and/or ask any questions about the project, helping, and how you already are part of it! :)\n\n\nJoin us for a cozy, un-ceremonial opening of the House of Tea! Come and chill, learn how to help yourself with the tea and share it, and/or ask any questions about the project, helping, and how you already are part of it! :)","end_timestamp":{"seconds":1703678400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T12:00:00.000-0000","id":53908,"begin_timestamp":{"seconds":1703667600,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2023-12-30T22:18+0000","parent_id":0,"name":"House","hotel":"","short_name":"House","id":46137},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T09:00:00.000-0000"}] \ No newline at end of file +[{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/sportbrigade-sparwasser\n\n\n\"Der große Sport fängt da an, wo er längst aufgehört hat gesund zu sein.\" (B. Brechet)","title":"Sportbrigade Sparwasser","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703977200,"nanoseconds":0},"android_description":"https://soundcloud.com/sportbrigade-sparwasser\n\n\n\"Der große Sport fängt da an, wo er längst aufgehört hat gesund zu sein.\" (B. Brechet)","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T23:00:00.000-0000","id":53993,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703970000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T21:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Best Boy Electric is a DJ, promoter and selector with a clear focus on classic Detroit electro. As part of the queer feminist collective POSSY and founder of the party series \"Dream Journal\" and \"Fine Space\", Best Boy Electric is not only organizing various events but is taking a stand for more FLINTA* presence in the music scene. They are steadily leaving their mark in Hamburg and beyond, debuing on international festivals like Dimensions this summer. The rich musical background and a soft spot for punk characterize their sets: sometimes wavey, EBM-ish but most of the time electro in its different characteristics. The Pudel resident will provide you with dark and hot electro records.\n\n\n","title":"Best Boy Electric","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Best Boy Electric is a DJ, promoter and selector with a clear focus on classic Detroit electro. As part of the queer feminist collective POSSY and founder of the party series \"Dream Journal\" and \"Fine Space\", Best Boy Electric is not only organizing various events but is taking a stand for more FLINTA* presence in the music scene. They are steadily leaving their mark in Hamburg and beyond, debuing on international festivals like Dimensions this summer. The rich musical background and a soft spot for punk characterize their sets: sometimes wavey, EBM-ish but most of the time electro in its different characteristics. The Pudel resident will provide you with dark and hot electro records.","end_timestamp":{"seconds":1703970000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T21:00:00.000-0000","id":53992,"village_id":null,"begin_timestamp":{"seconds":1703962800,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T19:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Lisaholic is a rapper and producer from Berlin who focuses on live sampling and therefore loops all her concerts live with an MPC and a loopstation. She became known through playing rap shows at clubs and festivals all around Germany. Her style covers oldschool Hiphop, Techno, UK Bass, Dnb, Rave and Happy Hardcore.\n\n\nLisaholic is a rapper and producer from Berlin who focuses on live sampling and therefore loops all her concerts live with an MPC and a loopstation. She became known through playing rap shows at clubs and festivals all around Germany. Her style covers oldschool Hiphop, Techno, UK Bass, Dnb, Rave and Happy Hardcore.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Lisaholic","end_timestamp":{"seconds":1703962800,"nanoseconds":0},"android_description":"Lisaholic is a rapper and producer from Berlin who focuses on live sampling and therefore loops all her concerts live with an MPC and a loopstation. She became known through playing rap shows at clubs and festivals all around Germany. Her style covers oldschool Hiphop, Techno, UK Bass, Dnb, Rave and Happy Hardcore.\n\n\nLisaholic is a rapper and producer from Berlin who focuses on live sampling and therefore loops all her concerts live with an MPC and a loopstation. She became known through playing rap shows at clubs and festivals all around Germany. Her style covers oldschool Hiphop, Techno, UK Bass, Dnb, Rave and Happy Hardcore.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T19:00:00.000-0000","id":53991,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703959200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T18:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"37C3: Feierlicher Abschluss","end_timestamp":{"seconds":1703958600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53140,53494],"conference_id":131,"event_ids":[53570,53567],"name":"Mullana","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52288}],"timeband_id":1143,"links":[],"end":"2023-12-30T17:50:00.000-0000","id":53567,"village_id":null,"tag_ids":[46119,46136,46139],"begin_timestamp":{"seconds":1703956800,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52288}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","begin":"2023-12-30T17:20:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Leider, leider ...\r\nAm Ende kommt immer das Aufräumen.\r\nHelft uns. Die Saal muss leer werden.\r\nAlle sind willkommen, egal ob erst ein Jahr alt oder schon 99.\r\nDie Koordination erfolgt durch die Kidspace-Orga.\n\n\nLasst uns den Kidspace defragmentieren","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Defragmentierung Saal B","android_description":"Leider, leider ...\r\nAm Ende kommt immer das Aufräumen.\r\nHelft uns. Die Saal muss leer werden.\r\nAlle sind willkommen, egal ob erst ein Jahr alt oder schon 99.\r\nDie Koordination erfolgt durch die Kidspace-Orga.\n\n\nLasst uns den Kidspace defragmentieren","end_timestamp":{"seconds":1703970000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T21:00:00.000-0000","id":53996,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703955600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Kidspace - Saal B","hotel":"","short_name":"Kidspace - Saal B","id":46158},"begin":"2023-12-30T17:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Nik will play some Alternative Rock, Electronic Rock, Ska-Rock and other Rock-Adjacent genres.\n\n\nPeople always ask for music other than electronic music. I'll deliver!","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Nik","end_timestamp":{"seconds":1703959200,"nanoseconds":0},"android_description":"Nik will play some Alternative Rock, Electronic Rock, Ska-Rock and other Rock-Adjacent genres.\n\n\nPeople always ask for music other than electronic music. I'll deliver!","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T18:00:00.000-0000","id":53876,"begin_timestamp":{"seconds":1703955600,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Liebe Fördermitglieder des Institutes für Karaokeforschung,\r\n\r\nin den letzten Tagen haben wir uns intensiv mit den Karaoke-Gewohnheiten der örtlichen Bevölkerung des 37C3 im CCH befassen können. Unsere motivierten Proband\\*innen im Alter zwischen 17 und 85 Jahren haben uns in dieser repräsentativen Studie direkte Einblicke in ihren Alltag gegeben. Allein dafür sind wir unendlich dankbar, Sie haben der Karaokeforschung einen großen Dienst erwiesen!\r\n\r\nNun möchten wir Euch und Ihnen in einer Zwischenpräsentation Insights aus unserem aktuellen Kooperationsprojekt mit dem 37C3 präsentieren – und damit auch die dritte Phase der international angelegten Forschungsarbeit einläuten. \r\n\r\nIm Namen des gesamten Vorstandes möchte ich mich bei Ihnen recht herzlich für die Unterstützung auch im nächsten Jahr bedanken. Gleichzeitig die Bitte, Ihre Bankverbindung zu überprüfen, um die Arbeit unserer Buchhaltung zu vereinfachen. Wir freuen uns über Ihre Teilnahme an der Präsentation und bitten um eine kurze Bestätigung.\r\n\r\nEs grüßt Sie herzlich\r\nIhre Gitte Schmitz\r\n(Vorsitzende Deutsches Institut für Karaokeforschung)\n\n\nVorstandsvorsitzende Gitte Schmitz stellt aktuelle Ergebnisse des Deutschen Instituts für Karaokeforschung vor. ","title":"37C3 カラオケ – Herausforderungen der aktuellen Karaokeforschung ","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703956500,"nanoseconds":0},"android_description":"Liebe Fördermitglieder des Institutes für Karaokeforschung,\r\n\r\nin den letzten Tagen haben wir uns intensiv mit den Karaoke-Gewohnheiten der örtlichen Bevölkerung des 37C3 im CCH befassen können. Unsere motivierten Proband\\*innen im Alter zwischen 17 und 85 Jahren haben uns in dieser repräsentativen Studie direkte Einblicke in ihren Alltag gegeben. Allein dafür sind wir unendlich dankbar, Sie haben der Karaokeforschung einen großen Dienst erwiesen!\r\n\r\nNun möchten wir Euch und Ihnen in einer Zwischenpräsentation Insights aus unserem aktuellen Kooperationsprojekt mit dem 37C3 präsentieren – und damit auch die dritte Phase der international angelegten Forschungsarbeit einläuten. \r\n\r\nIm Namen des gesamten Vorstandes möchte ich mich bei Ihnen recht herzlich für die Unterstützung auch im nächsten Jahr bedanken. Gleichzeitig die Bitte, Ihre Bankverbindung zu überprüfen, um die Arbeit unserer Buchhaltung zu vereinfachen. Wir freuen uns über Ihre Teilnahme an der Präsentation und bitten um eine kurze Bestätigung.\r\n\r\nEs grüßt Sie herzlich\r\nIhre Gitte Schmitz\r\n(Vorsitzende Deutsches Institut für Karaokeforschung)\n\n\nVorstandsvorsitzende Gitte Schmitz stellt aktuelle Ergebnisse des Deutschen Instituts für Karaokeforschung vor.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T17:15:00.000-0000","id":53840,"village_id":null,"tag_ids":[46120,46136,46139],"begin_timestamp":{"seconds":1703954100,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T16:35:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wie immer wagen wir den IT-Security-Alptraum-Ausblick auf das Jahr 2024 und darüber hinaus. Denn was wir wirklich wissen wollen, ist ja schließlich: Was kriecht, krabbelt und fliegt in Zukunft auf uns zu und in unseren digitalen Implants herum?\r\n\r\nIm Zuge von noch mehr Transparenz, Kritik & Selbstkritik und kontinuierlicher nachhaltiger Optimierung aller Prozesse werden wir außerdem frühere Voraussagen hinsichtlich des Eintreffens unserer Weissagungen prüfen.\n\n\nWas hat sich im letzten Jahr im Bereich IT-Sicherheit getan? Welche neuen Entwicklungen haben sich ergeben? Welche neuen Buzzwords und Trends waren zu sehen?","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"Security Nightmares","android_description":"Wie immer wagen wir den IT-Security-Alptraum-Ausblick auf das Jahr 2024 und darüber hinaus. Denn was wir wirklich wissen wollen, ist ja schließlich: Was kriecht, krabbelt und fliegt in Zukunft auf uns zu und in unseren digitalen Implants herum?\r\n\r\nIm Zuge von noch mehr Transparenz, Kritik & Selbstkritik und kontinuierlicher nachhaltiger Optimierung aller Prozesse werden wir außerdem frühere Voraussagen hinsichtlich des Eintreffens unserer Weissagungen prüfen.\n\n\nWas hat sich im letzten Jahr im Bereich IT-Sicherheit getan? Welche neuen Entwicklungen haben sich ergeben? Welche neuen Buzzwords und Trends waren zu sehen?","end_timestamp":{"seconds":1703956500,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53288,53493],"conference_id":131,"event_ids":[53799,53653],"name":"frank","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52264},{"content_ids":[53493],"conference_id":131,"event_ids":[53799],"name":"Ron","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52439}],"timeband_id":1143,"links":[],"end":"2023-12-30T17:15:00.000-0000","id":53799,"village_id":null,"begin_timestamp":{"seconds":1703952900,"nanoseconds":0},"tag_ids":[46119,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52439},{"tag_id":46107,"sort_order":1,"person_id":52264}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T16:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Many teams work hard to arrange the event, this talk allows them to show what they did and who they are.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"title":"37c3 infrastructure review","end_timestamp":{"seconds":1703956500,"nanoseconds":0},"android_description":"Many teams work hard to arrange the event, this talk allows them to show what they did and who they are.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53502],"conference_id":131,"event_ids":[53568],"name":"nicoduck","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52431}],"timeband_id":1143,"links":[],"end":"2023-12-30T17:15:00.000-0000","id":53568,"tag_ids":[46119,46136,46140],"village_id":null,"begin_timestamp":{"seconds":1703952900,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52431}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"begin":"2023-12-30T16:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Leider, leider ...\r\nAm Ende kommt immer das Aufräumen.\r\nHelft uns. Die Saal muss leer werden.\r\nAlle sind willkommen, egal ob erst ein Jahr alt oder schon 99.\r\nDie Koordination erfolgt durch die Kidspace-Orga.\n\n\nLasst uns den Kidspace defragmentieren.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Defragmentierung Saal C","end_timestamp":{"seconds":1703966400,"nanoseconds":0},"android_description":"Leider, leider ...\r\nAm Ende kommt immer das Aufräumen.\r\nHelft uns. Die Saal muss leer werden.\r\nAlle sind willkommen, egal ob erst ein Jahr alt oder schon 99.\r\nDie Koordination erfolgt durch die Kidspace-Orga.\n\n\nLasst uns den Kidspace defragmentieren.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T20:00:00.000-0000","id":53995,"begin_timestamp":{"seconds":1703952000,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal C","hotel":"","short_name":"Saal C","id":46155},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T16:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Live Coding is a kind of performing art and creativity technique where many artists create musical and visual performance using code and scripts. Since 2019 I've started to join local event in Italy playing music alone and with other artists. I want to bring a session of about 45 min at CCC where I create some techno patterns, with my friend Sabrin, which creates visuals in Hydra and Processing during the performance.\n\n\nSession of live coding using Supercollider and Foxdot to create music (melodic-electro-tecno) and with visuals created with Hydra/Processing","title":"Live Coding Set - Sound&Visual","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Live Coding is a kind of performing art and creativity technique where many artists create musical and visual performance using code and scripts. Since 2019 I've started to join local event in Italy playing music alone and with other artists. I want to bring a session of about 45 min at CCC where I create some techno patterns, with my friend Sabrin, which creates visuals in Hydra and Processing during the performance.\n\n\nSession of live coding using Supercollider and Foxdot to create music (melodic-electro-tecno) and with visuals created with Hydra/Processing","end_timestamp":{"seconds":1703955600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T17:00:00.000-0000","id":53990,"tag_ids":[46137,46141],"village_id":null,"begin_timestamp":{"seconds":1703952000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"begin":"2023-12-30T16:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Chinese characters are fun. The character for „mouth“ looks like a mouth (口), the character for „wood“ looks like a tree (木) and the character for „idiot“ looks like a mouth in a high position, like on a tree (呆). Let's look at more fun examples!\r\n\r\nFor everybody. No prior knowledge required.\r\n\r\nWe meet at the Assembly of the OpenLab Augsburg.\r\n\r\n🧮🦆\n\n\n","title":"Introduction and fun with Chinese characters","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703953800,"nanoseconds":0},"android_description":"Chinese characters are fun. The character for „mouth“ looks like a mouth (口), the character for „wood“ looks like a tree (木) and the character for „idiot“ looks like a mouth in a high position, like on a tree (呆). Let's look at more fun examples!\r\n\r\nFor everybody. No prior knowledge required.\r\n\r\nWe meet at the Assembly of the OpenLab Augsburg.\r\n\r\n🧮🦆","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T16:30:00.000-0000","id":53550,"begin_timestamp":{"seconds":1703952000,"nanoseconds":0},"tag_ids":[46137,46139,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T16:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Hackbases are hackspaces but you can also live there. A hackbase is kind of a hacker commune!\r\n\r\nThere are about 10 hackbase-like projects running currently, and about as many known different base types have been experimented with and described. We will look at the basics, present different bases & share our experiences, and chat with everyone interested in hackbases.\r\n\r\nDefinition + List : https://wiki.hackerspaces.org/Hackbase\r\n\r\nMatrix channel : https://matrix.to/#/#hackbases:matrix.org\r\n\r\nWe'll go for a relaxed drink after the session.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Hackbases (coliving hacklabs) info & meeting","android_description":"Hackbases are hackspaces but you can also live there. A hackbase is kind of a hacker commune!\r\n\r\nThere are about 10 hackbase-like projects running currently, and about as many known different base types have been experimented with and described. We will look at the basics, present different bases & share our experiences, and chat with everyone interested in hackbases.\r\n\r\nDefinition + List : https://wiki.hackerspaces.org/Hackbase\r\n\r\nMatrix channel : https://matrix.to/#/#hackbases:matrix.org\r\n\r\nWe'll go for a relaxed drink after the session.","end_timestamp":{"seconds":1703955000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T16:50:00.000-0000","id":53547,"village_id":null,"begin_timestamp":{"seconds":1703952000,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"N","begin":"2023-12-30T16:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Der Vortrag zeichnet erstens eine Kulturgeschichte der schwulen Subkultur und erklärt, warum Darkrooms und ähnliche Orte, an denen schwuler Sex in der semi-Öffentlichkeit vollzogen wird, konstitutiv für die schwule Szene waren. Zweitens werden die Effekte der Digitalisierung dieser Orte hin zu Plattformen wie früher GayChat oder heute Grindr aufgezeigt. Drittens wird gezeigt, warum homosexuelle Cruising-Apps wie Grindr kultur- und softwaretechnisch grundlegend anders aufgebaut sind als heterosexuelle Dating-Apps wie Tinder.\r\n\r\nMit dem Vortrag möchte ich einen Anstoß geben, Dualismen wie Homo- und Heterosexualität, Cruising und Dating, Promiskuität und Monogamie zu hacken. Ich möchte zeigen, dass Interaktivität auf *Datingplattformen* häufig eine Illusion ist, und versuchen, gemeinsam mit dem Publikum Wege zu finden, den „interpassiven”-Konsumstatus im Onlinedating aufzubrechen.\n\n\nEntgegen der Auffassung, die schwule Subkultur hätte durch die digitale Vernetzung einen Aufschwung erhalten und sei in ihrem Aktivismus gestärkt worden, möchte ich eine gegenwärtige Krise der Subkultur markieren und ihren Entstehungskontext durch Onlinedating skizzieren. Schwule Onlineplattformen entstanden, um der Unterdrückung von homosexuellem Verhalten zu entgehen. Zynischerweise sorgen sie heute für eine unterschwellige, fesselnde Regulation homosexueller Menschen.\r\n\r\nDer Vortrag arbeitet sich zwar vor allem an MSM-Personen (Männer, die Sex mit Männern haben) ab, richtet sich aber ausdrücklich an Hacker:innen jeglicher Sexualität.","title":"Vom Darkroom in die Blackbox","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703953200,"nanoseconds":0},"android_description":"Der Vortrag zeichnet erstens eine Kulturgeschichte der schwulen Subkultur und erklärt, warum Darkrooms und ähnliche Orte, an denen schwuler Sex in der semi-Öffentlichkeit vollzogen wird, konstitutiv für die schwule Szene waren. Zweitens werden die Effekte der Digitalisierung dieser Orte hin zu Plattformen wie früher GayChat oder heute Grindr aufgezeigt. Drittens wird gezeigt, warum homosexuelle Cruising-Apps wie Grindr kultur- und softwaretechnisch grundlegend anders aufgebaut sind als heterosexuelle Dating-Apps wie Tinder.\r\n\r\nMit dem Vortrag möchte ich einen Anstoß geben, Dualismen wie Homo- und Heterosexualität, Cruising und Dating, Promiskuität und Monogamie zu hacken. Ich möchte zeigen, dass Interaktivität auf *Datingplattformen* häufig eine Illusion ist, und versuchen, gemeinsam mit dem Publikum Wege zu finden, den „interpassiven”-Konsumstatus im Onlinedating aufzubrechen.\n\n\nEntgegen der Auffassung, die schwule Subkultur hätte durch die digitale Vernetzung einen Aufschwung erhalten und sei in ihrem Aktivismus gestärkt worden, möchte ich eine gegenwärtige Krise der Subkultur markieren und ihren Entstehungskontext durch Onlinedating skizzieren. Schwule Onlineplattformen entstanden, um der Unterdrückung von homosexuellem Verhalten zu entgehen. Zynischerweise sorgen sie heute für eine unterschwellige, fesselnde Regulation homosexueller Menschen.\r\n\r\nDer Vortrag arbeitet sich zwar vor allem an MSM-Personen (Männer, die Sex mit Männern haben) ab, richtet sich aber ausdrücklich an Hacker:innen jeglicher Sexualität.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53509],"conference_id":131,"event_ids":[53839],"name":"LustigerLeo","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52370}],"timeband_id":1143,"links":[],"end":"2023-12-30T16:20:00.000-0000","id":53839,"tag_ids":[46121,46136,46139],"village_id":null,"begin_timestamp":{"seconds":1703950800,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52370}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T15:40:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"I know we are all experts... But are we really? Most of our knowledge about mental enhancement comes from experience, friends or social context. Some of it is true, some of it is not. In this workshop we will try to go through some of the common myths and misconceptions in recreational contexts. Safety and Common mistakes. Backed by science 🤓! Let's make our spaces safer, for ourselves and our surroundings ❤️\r\nThis is not a Nootropic talk.\n\n\nRecreational harm reduction - Speaker: hummuscience","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Science-based psychedelic pharmacology","android_description":"I know we are all experts... But are we really? Most of our knowledge about mental enhancement comes from experience, friends or social context. Some of it is true, some of it is not. In this workshop we will try to go through some of the common myths and misconceptions in recreational contexts. Safety and Common mistakes. Backed by science 🤓! Let's make our spaces safer, for ourselves and our surroundings ❤️\r\nThis is not a Nootropic talk.\n\n\nRecreational harm reduction - Speaker: hummuscience","end_timestamp":{"seconds":1703955600,"nanoseconds":0},"updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T17:00:00.000-0000","id":54031,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703948400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","begin":"2023-12-30T15:00:00.000-0000","updated":"2023-12-30T01:42:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Klimaschutz in Kommunen ist undurchsichtig, komplex, bürokratisch - und trotzdem enorm wichtig.\r\nMit dem Projekt Stadt.Land.Klima! wollen wir das Handeln (bzw. Nichthandeln) von Städten und Kommunen sichtbar machen und leicht verständlich in einem Ranking aufschlüsseln. Dabei bewerten wir die Kommunen aber nicht anhand von komplizierten Co2-Bilanzierungsverfahren wie BISKO, sondern daran, wieviele der notwendigen Maßnahmen auf dem Weg zur Klimaneutralität die Kommune schon umgesetzt hat.\r\nDas Ranking und die Bewertung der Kommune ist damit gleichzeitig auch ein Tool und eine TODO-Liste von dem, was in der jeweiligen Kommune noch passieren muss und wie das am besten von den klimainteressierten Menschen und Aktivisti in der Kommune umgesetzt werden kann.\r\n\r\nDie Bewertung der Kommune anhand des Maßnahmenkatalogs wird von den Lokalteams vor Ort umgesetzt  - das könnte eine FFF/P4F Ortsgruppe sein, ein LocalZero Lokalteam, eine der vielen weiteren Klimagruppen und lokalen Initiativen - oder auch eine Kooperation mehrerer dieser Gruppen in einer Stadt.\r\n\r\nDas Projekt befindet sich aktuell noch in einer Pilotphase, soll aber schon im Februar offiziell starten :)\n\n\n","title":"Stadt.Land.Klima! - Für Transparenz im Kommunalen Klimaschutz","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703952000,"nanoseconds":0},"android_description":"Klimaschutz in Kommunen ist undurchsichtig, komplex, bürokratisch - und trotzdem enorm wichtig.\r\nMit dem Projekt Stadt.Land.Klima! wollen wir das Handeln (bzw. Nichthandeln) von Städten und Kommunen sichtbar machen und leicht verständlich in einem Ranking aufschlüsseln. Dabei bewerten wir die Kommunen aber nicht anhand von komplizierten Co2-Bilanzierungsverfahren wie BISKO, sondern daran, wieviele der notwendigen Maßnahmen auf dem Weg zur Klimaneutralität die Kommune schon umgesetzt hat.\r\nDas Ranking und die Bewertung der Kommune ist damit gleichzeitig auch ein Tool und eine TODO-Liste von dem, was in der jeweiligen Kommune noch passieren muss und wie das am besten von den klimainteressierten Menschen und Aktivisti in der Kommune umgesetzt werden kann.\r\n\r\nDie Bewertung der Kommune anhand des Maßnahmenkatalogs wird von den Lokalteams vor Ort umgesetzt  - das könnte eine FFF/P4F Ortsgruppe sein, ein LocalZero Lokalteam, eine der vielen weiteren Klimagruppen und lokalen Initiativen - oder auch eine Kooperation mehrerer dieser Gruppen in einer Stadt.\r\n\r\nDas Projekt befindet sich aktuell noch in einer Pilotphase, soll aber schon im Februar offiziell starten :)","updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T16:00:00.000-0000","id":54027,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703948400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"N","begin":"2023-12-30T15:00:00.000-0000","updated":"2023-12-30T01:42:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"### Cybernetics\r\n\r\nTransdisciplinary branch of engineering and computational mathematics. It deals with the behavior of dynamical systems toward inputs and how their behavior is modified by feedback.\r\n\r\nHost: Aza and Nimbus\n\n\nHow can we use cybernetic principles to amplify political action and attenuate the power of elites? We will have a short introduction and then an open round to exchange + discuss!","title":"Cybernetics for political action","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"### Cybernetics\r\n\r\nTransdisciplinary branch of engineering and computational mathematics. It deals with the behavior of dynamical systems toward inputs and how their behavior is modified by feedback.\r\n\r\nHost: Aza and Nimbus\n\n\nHow can we use cybernetic principles to amplify political action and attenuate the power of elites? We will have a short introduction and then an open round to exchange + discuss!","end_timestamp":{"seconds":1703952000,"nanoseconds":0},"updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T16:00:00.000-0000","id":54017,"begin_timestamp":{"seconds":1703948400,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Community Space","hotel":"","short_name":"Bits & Bäume Community Space","id":46145},"spans_timebands":"N","begin":"2023-12-30T15:00:00.000-0000","updated":"2023-12-30T01:42:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"For any triangle, the radius of its inscribed circle, the radius of its circumcircle and the distance of their centers are related through Euler's theorem in geometry (but earlier already published by Chapple). In one dimension higher, the Grace-Danielsson inequality gives a condition for the three values, so that a (non-regular) tetrahedron between the spheres exists, hence is completely contained inside the larger sphere and completely encloses the smaller sphere. In higher dimensions, Greg Egan conjectured a generalized Grace-Danielsson inequality and proved it to be sufficient for a simplex to exist between the spheres under a blog post of John Baez. A few weeks ago, the inequality was also proven to be necessary by Sergei Drozdov.\r\n\r\n🧮🦆\n\n\n","title":"Egan conjecture holds","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703952000,"nanoseconds":0},"android_description":"For any triangle, the radius of its inscribed circle, the radius of its circumcircle and the distance of their centers are related through Euler's theorem in geometry (but earlier already published by Chapple). In one dimension higher, the Grace-Danielsson inequality gives a condition for the three values, so that a (non-regular) tetrahedron between the spheres exists, hence is completely contained inside the larger sphere and completely encloses the smaller sphere. In higher dimensions, Greg Egan conjectured a generalized Grace-Danielsson inequality and proved it to be sufficient for a simplex to exist between the spheres under a blog post of John Baez. A few weeks ago, the inequality was also proven to be necessary by Sergei Drozdov.\r\n\r\n🧮🦆","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T16:00:00.000-0000","id":53985,"begin_timestamp":{"seconds":1703948400,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","begin":"2023-12-30T15:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Presentation in German about Single Sign On (SSO) in schools using EDU-Id from Switzerland.\n\n\nVortrag über Vorteile und Umsetzung von SSO an Schulen am Beispiel EDU-Id (Schweiz)","title":"SSO an Schulen","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"Presentation in German about Single Sign On (SSO) in schools using EDU-Id from Switzerland.\n\n\nVortrag über Vorteile und Umsetzung von SSO an Schulen am Beispiel EDU-Id (Schweiz)","end_timestamp":{"seconds":1703952000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T16:00:00.000-0000","id":53897,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703948400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"cyber4EDU Assembly","hotel":"","short_name":"cyber4EDU Assembly","id":46159},"begin":"2023-12-30T15:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The talk will be conducted by sharing various experiments we've done under the umbrella of generative AI models. We will begin with a general idea of how we, as artists/programmers, perceive these models and our research on the workflow of these constructs. Then, we will further elaborate on our exploration of the Stable Diffusion pipeline and datasets. Throughout our investigation, we discovered that some essential parts are all based on the same few datasets, models, and algorithms. This causes us to think that if we investigate deeper into some specific mechanisms, we might be able to reflect on the bigger picture of some political discourses surrounding generative AI models. We deconstructed the models into three steps essential to understanding how they worked: dataset, embedding, and diffusions. Our examples are primarily based on Stable-Diffusion, but some concepts are interchangeable in other generative models.\r\n\r\nAs datasets and machine-learning models grow in scale and complexity, understanding their nuances becomes challenging. Large datasets, like the one for training Stable Diffusion, are filtered using algorithms often employing machine learning. To \"enhance\" image generation, LAION's extensive dataset underwent filtering with an aesthetic prediction algorithm that uses machine learning to score the aesthetics of an image with a strong bias towards water-color and oil paintings. Besides the aesthetic scoring of images, images are also scored with a not safe-for-work classifier that outputs a probability of an image containing explicit content . This algorithm comes with its own discriminatory tendencies that we explore in the talk and furthermore asks how and by whom we want our datasets to be filtered and constructed.\r\n\r\nMany generative models are built upon Contrastive Language-Image Pre-training (CLIP) and its open-source version, Open-CLIP, which stochastically relates images and texts. These models connect images and text, digitize text, and calculate distances between words and images. However, they heavily rely on a large number of text-image pairs during training, potentially introducing biases into the database. We conducted experiments involving various \"false labelling\" scenarios and identified correlations. For instance, we used faces from ThisPersonDoesNotExist to determine \"happiness\" faces, explored ethnicities and occupations on different looks, and analyzed stock images of culturally diverse food. The results often align with human predictions, but does that mean anything? \r\n\r\nIn the third part, we take a closer look at the image generation process, focusing on the Stable Diffusion pipeline. Generative AI models, like Stable Diffusion, have the ability not only to generate images from text descriptions but also to process existing images. Depending on the settings, they can reproduce input images with great accuracy. However, errors accumulate with each iteration when this AI reproduction is recursively used as input. We observed that images gradually transform into purple patterns or a limited set of mundane concepts depending on the parameters and settings. This raises questions about the models' tendencies to default to learned patterns.\n\n\nWhat occurs when machines learn from one another and engage in self-cannibalism within the generative process? Can an image model identify the happiest person or determine ethnicity from a random image? Most state-of-the-art text-to-image implementations rely on a number of limited datasets, models, and algorithms. These models, initially appearing as black boxes, reveal complex pipelines involving multiple linked models and algorithms upon closer examination. We engage artistic strategies like feedback, misuse, and hacking to crack the inner workings of image-generation models. This includes recursively confronting models with their output, deconstructing text-to-image pipelines, labelling images, and discovering unexpected correlations. During the talk, we will share our experiments on investigating Stable-Diffusion pipelines, manipulating aesthetic scoring in extensive public text-to-image datasets, revealing NSFW classification, and utilizing Contrastive Language-Image Pre-training (CLIP) to reveal biases and problematic correlations inherent in the daily use of these models.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Self-cannibalizing AI","end_timestamp":{"seconds":1703952000,"nanoseconds":0},"android_description":"The talk will be conducted by sharing various experiments we've done under the umbrella of generative AI models. We will begin with a general idea of how we, as artists/programmers, perceive these models and our research on the workflow of these constructs. Then, we will further elaborate on our exploration of the Stable Diffusion pipeline and datasets. Throughout our investigation, we discovered that some essential parts are all based on the same few datasets, models, and algorithms. This causes us to think that if we investigate deeper into some specific mechanisms, we might be able to reflect on the bigger picture of some political discourses surrounding generative AI models. We deconstructed the models into three steps essential to understanding how they worked: dataset, embedding, and diffusions. Our examples are primarily based on Stable-Diffusion, but some concepts are interchangeable in other generative models.\r\n\r\nAs datasets and machine-learning models grow in scale and complexity, understanding their nuances becomes challenging. Large datasets, like the one for training Stable Diffusion, are filtered using algorithms often employing machine learning. To \"enhance\" image generation, LAION's extensive dataset underwent filtering with an aesthetic prediction algorithm that uses machine learning to score the aesthetics of an image with a strong bias towards water-color and oil paintings. Besides the aesthetic scoring of images, images are also scored with a not safe-for-work classifier that outputs a probability of an image containing explicit content . This algorithm comes with its own discriminatory tendencies that we explore in the talk and furthermore asks how and by whom we want our datasets to be filtered and constructed.\r\n\r\nMany generative models are built upon Contrastive Language-Image Pre-training (CLIP) and its open-source version, Open-CLIP, which stochastically relates images and texts. These models connect images and text, digitize text, and calculate distances between words and images. However, they heavily rely on a large number of text-image pairs during training, potentially introducing biases into the database. We conducted experiments involving various \"false labelling\" scenarios and identified correlations. For instance, we used faces from ThisPersonDoesNotExist to determine \"happiness\" faces, explored ethnicities and occupations on different looks, and analyzed stock images of culturally diverse food. The results often align with human predictions, but does that mean anything? \r\n\r\nIn the third part, we take a closer look at the image generation process, focusing on the Stable Diffusion pipeline. Generative AI models, like Stable Diffusion, have the ability not only to generate images from text descriptions but also to process existing images. Depending on the settings, they can reproduce input images with great accuracy. However, errors accumulate with each iteration when this AI reproduction is recursively used as input. We observed that images gradually transform into purple patterns or a limited set of mundane concepts depending on the parameters and settings. This raises questions about the models' tendencies to default to learned patterns.\n\n\nWhat occurs when machines learn from one another and engage in self-cannibalism within the generative process? Can an image model identify the happiest person or determine ethnicity from a random image? Most state-of-the-art text-to-image implementations rely on a number of limited datasets, models, and algorithms. These models, initially appearing as black boxes, reveal complex pipelines involving multiple linked models and algorithms upon closer examination. We engage artistic strategies like feedback, misuse, and hacking to crack the inner workings of image-generation models. This includes recursively confronting models with their output, deconstructing text-to-image pipelines, labelling images, and discovering unexpected correlations. During the talk, we will share our experiments on investigating Stable-Diffusion pipelines, manipulating aesthetic scoring in extensive public text-to-image datasets, revealing NSFW classification, and utilizing Contrastive Language-Image Pre-training (CLIP) to reveal biases and problematic correlations inherent in the daily use of these models.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53501],"conference_id":131,"event_ids":[53832],"name":"Leon-Etienne Kühr","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52312}],"timeband_id":1143,"end":"2023-12-30T16:00:00.000-0000","links":[{"label":"previous talk \"Aesthetic approaches to cyber peace work\" @ FIFFKON23","type":"link","url":"https://media.ccc.de/v/fiffkon23-47-aesthetic-approaches-to-cyber-peace-work"},{"label":"previous talk \"ai-sthesis\" @ academy of media art Cologne","type":"link","url":"https://ground-zero.khm.de/portfolio/ai-sthesis/"}],"id":53832,"tag_ids":[46118,46136,46140],"village_id":null,"begin_timestamp":{"seconds":1703948400,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52312}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Das KUNO-Sperrsystem (Kriminalitätsbekämpfung im unbaren Zahlungsverkehr durch Nutzung nichtpolizeilicher Organisationen) wurde vor über 20 Jahren entwickelt, um Betrug mit EC-Lastschriftverfahren einzudämmen. 96 % aller Händler in Deutschland nutzen direkt oder indirekt die KUNO-Sperrdatei, um sich vor Betrug mittels gefälschter Lastschrift zu schützen. Das System wird vom EHI Retail Institute in Kooperation mit der deutschen Polizei und dem Hauptverband des Deutschen Einzelhandels betrieben. Pro Jahr laufen mehr als 120.000 Meldungen über das System.\r\nIm Rahmen einer Untersuchung konnte nun ermittelt werden, dass Taschendiebe die entsprechende Sperrung von Girocards/Debitkarten simpel aufheben und weiter Betrug begehen konnten. Durch eine Meldung im Rahmen eines Responsible Disclosure-Verfahrens konnten zahlreiche Mängel im Bereich Datenschutz und IT-Sicherheit aufgedeckt und behoben werden.\r\nIm Vortrag wird Tim Philipp Schäfers das KUNO-System genauer vorstellen und Streifzüge durch die Themen der IT-Sicherheit, des Datenschutzes und Payments vornehmen - Vergnügen für alle Datenreisenden (alle Level) ist garantiert :)\r\n\r\nWeitere Infos zu den Lücken (Ende des Jahres) unter: https://giroday.de\r\n\r\nWeitere Infos zum KUNO-Sperrsystem:\r\nhttps://de.wikipedia.org/wiki/Kriminalit%C3%A4tsbek%C3%A4mpfung\\_im\\_unbaren\\_Zahlungsverkehr\\_durch\\_Nutzung\\_nichtpolizeilicher\\_Organisationen\n\n\nDebitkarte/girocard geklaut? – Schnell sperren lassen … doch was, wenn die Sperrung nicht so wirksam ist, wie es scheint?\r\n\r\nIm Rahmen des Vortrages werden Datenschutz- und IT-Sicherheitsmängel im KUNO-Sperrsystem vorgestellt. Das System ist bei > 90 % der Händler in Deutschland im Einsatz und soll seit einem Beschluss der Innenministerkonferenz im Jahr 2005 garantieren, dass das elektronische Lastschriftverfahren (ELV) vor Betrug sicher(er) ist.\r\n\r\nIm Rahmen des Vortrages wird unter anderem aufgezeigt, wie es Unbefugten/Taschendieben (über Jahre) möglich war, gesperrte EC- & Debitkarten/ girocards für die ELV simpel zu entsperren. Darüber hinaus werden Streifzüge durch die Themen der IT-Sicherheit, des Datenschutzes und Payments vorgenommen – Vergnügen für alle Datenreisenden ist garantiert :)\r\n\r\nWeitere Infos zu den Lücken (Ende des Jahres) unter: https://giroday.de","title":"Oh no: KUNO - Gesperrte Girocards entsperren","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703952000,"nanoseconds":0},"android_description":"Das KUNO-Sperrsystem (Kriminalitätsbekämpfung im unbaren Zahlungsverkehr durch Nutzung nichtpolizeilicher Organisationen) wurde vor über 20 Jahren entwickelt, um Betrug mit EC-Lastschriftverfahren einzudämmen. 96 % aller Händler in Deutschland nutzen direkt oder indirekt die KUNO-Sperrdatei, um sich vor Betrug mittels gefälschter Lastschrift zu schützen. Das System wird vom EHI Retail Institute in Kooperation mit der deutschen Polizei und dem Hauptverband des Deutschen Einzelhandels betrieben. Pro Jahr laufen mehr als 120.000 Meldungen über das System.\r\nIm Rahmen einer Untersuchung konnte nun ermittelt werden, dass Taschendiebe die entsprechende Sperrung von Girocards/Debitkarten simpel aufheben und weiter Betrug begehen konnten. Durch eine Meldung im Rahmen eines Responsible Disclosure-Verfahrens konnten zahlreiche Mängel im Bereich Datenschutz und IT-Sicherheit aufgedeckt und behoben werden.\r\nIm Vortrag wird Tim Philipp Schäfers das KUNO-System genauer vorstellen und Streifzüge durch die Themen der IT-Sicherheit, des Datenschutzes und Payments vornehmen - Vergnügen für alle Datenreisenden (alle Level) ist garantiert :)\r\n\r\nWeitere Infos zu den Lücken (Ende des Jahres) unter: https://giroday.de\r\n\r\nWeitere Infos zum KUNO-Sperrsystem:\r\nhttps://de.wikipedia.org/wiki/Kriminalit%C3%A4tsbek%C3%A4mpfung\\_im\\_unbaren\\_Zahlungsverkehr\\_durch\\_Nutzung\\_nichtpolizeilicher\\_Organisationen\n\n\nDebitkarte/girocard geklaut? – Schnell sperren lassen … doch was, wenn die Sperrung nicht so wirksam ist, wie es scheint?\r\n\r\nIm Rahmen des Vortrages werden Datenschutz- und IT-Sicherheitsmängel im KUNO-Sperrsystem vorgestellt. Das System ist bei > 90 % der Händler in Deutschland im Einsatz und soll seit einem Beschluss der Innenministerkonferenz im Jahr 2005 garantieren, dass das elektronische Lastschriftverfahren (ELV) vor Betrug sicher(er) ist.\r\n\r\nIm Rahmen des Vortrages wird unter anderem aufgezeigt, wie es Unbefugten/Taschendieben (über Jahre) möglich war, gesperrte EC- & Debitkarten/ girocards für die ELV simpel zu entsperren. Darüber hinaus werden Streifzüge durch die Themen der IT-Sicherheit, des Datenschutzes und Payments vorgenommen – Vergnügen für alle Datenreisenden ist garantiert :)\r\n\r\nWeitere Infos zu den Lücken (Ende des Jahres) unter: https://giroday.de","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53492],"conference_id":131,"event_ids":[53825],"name":"Tim Philipp Schäfers (TPS)","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52480}],"timeband_id":1143,"links":[],"end":"2023-12-30T16:00:00.000-0000","id":53825,"tag_ids":[46124,46136,46139],"village_id":null,"begin_timestamp":{"seconds":1703948400,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52480}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Baue Licht-, Schall- oder Mechanikschaltungen.\r\nAb ca 4 Jahren zusammen mit Erwachsenen ist das mit dem einfachen Baukastensystem auf Basis von Druckknöpfen gut möglich (laut Hersteller ab 8 Jahren). Aber selbst die kleineren freuen sich, bunte Formen zu arrangieren.\r\nDies ist ein Eltern-Kind-Angebot. Bitte beaufsichtigt eure Kinder oder baut mit ihnen zusammen.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Elektrobaukasten - Tag 4","end_timestamp":{"seconds":1703955600,"nanoseconds":0},"android_description":"Baue Licht-, Schall- oder Mechanikschaltungen.\r\nAb ca 4 Jahren zusammen mit Erwachsenen ist das mit dem einfachen Baukastensystem auf Basis von Druckknöpfen gut möglich (laut Hersteller ab 8 Jahren). Aber selbst die kleineren freuen sich, bunte Formen zu arrangieren.\r\nDies ist ein Eltern-Kind-Angebot. Bitte beaufsichtigt eure Kinder oder baut mit ihnen zusammen.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T17:00:00.000-0000","id":53551,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703948400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Kidspace - Saal B","hotel":"","short_name":"Kidspace - Saal B","id":46158},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Let's chat about our favourite klacky input devices. Show off your (Congress) keyboard builds and hacks or discuss switches, debate layouts or share firmware tips.\r\n\r\nHappy klacking!\n\n\n","title":"⌨️ Mechanical Keyboard and Typing meetup","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703952000,"nanoseconds":0},"android_description":"Let's chat about our favourite klacky input devices. Show off your (Congress) keyboard builds and hacks or discuss switches, debate layouts or share firmware tips.\r\n\r\nHappy klacking!","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T16:00:00.000-0000","id":53433,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703948400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"N","begin":"2023-12-30T15:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Hackspaces sind für Gehörlose nicht zugänglich, um ihre Kreativität auszuleben sowie nachhaltige Techniknutzung eigenständig zu erlernen.\r\n\r\nDas wissenschaftlich-künstlerische Projekt MACH’S AUF! setzt seinen Fokus auf die folgenden Fragen:\r\n\r\n* Wie kann Technik gestaltet sein, damit sie besser von gehörlosen Menschen genutzt werden kann?\n* Wie kann eine Zusammenarbeit zwischen Gehörlosen und Hörenden funktionieren?\n* Wie können Barrieren abgebaut werden, ohne dass gesellschaftliche Randgruppen davon benachteiligt werden?\n\n\r\n\r\nIn den letzten zwei Jahren haben Oliver \"fussel\" Suchanek (es/ihm) und Franz \"Stoni\" Steinbrecher (er/ihm) viel Zeit, Aufwand und Sorgfalt in diverse Veranstaltungen, Workshops und Aufklärung gesteckt. Ermöglicht wurde das durch die finanzielle Unterstützung vom Chaos Computer Club.\r\n\r\nDas Ergebnis kann sich sehen lassen:\r\n\r\nEine neue Community, in der Hörende und Gehörlose gemeinsam hacken, in der Gehörlose Maschinen bedienen, die vorher unzugänglich waren, und auch ganz neue Projekte wie zum Beispiel die ÖGS-Suchmaschine (http://suche.machs-auf.at/search).\r\n\r\nÜber die Arbeit der ersten zwei Jahre wird Oliver \"fussel\" Suchanek berichten, so dass ihr unsere Ansätze auch in anderen Spaces anwenden könnt.\r\n\r\nSeid gespannt auf den Einblick … :)\n\n\nHacken geht auch ohne Ohren! In den letzten zwei Jahren haben wir am lebenden Objekt erforscht, wie man Hackspaces für Gehörlose öffnen kann, so dass wir alle gemeinsam an Projekten arbeiten und cooles Zeug bauen können. Kommt vorbei, schaut/lauscht, und nehmt was mit nach Hause!\r\n\r\nDer Vortrag wird in der Österreichischen Gebärdensprache (ÖGS) gehalten und simultan zu Deutsch übersetzt (bzw. andersherum für Fragen).\r\n","title":"Öffnet eure Spaces für Gehörlose!","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703949900,"nanoseconds":0},"android_description":"Hackspaces sind für Gehörlose nicht zugänglich, um ihre Kreativität auszuleben sowie nachhaltige Techniknutzung eigenständig zu erlernen.\r\n\r\nDas wissenschaftlich-künstlerische Projekt MACH’S AUF! setzt seinen Fokus auf die folgenden Fragen:\r\n\r\n* Wie kann Technik gestaltet sein, damit sie besser von gehörlosen Menschen genutzt werden kann?\n* Wie kann eine Zusammenarbeit zwischen Gehörlosen und Hörenden funktionieren?\n* Wie können Barrieren abgebaut werden, ohne dass gesellschaftliche Randgruppen davon benachteiligt werden?\n\n\r\n\r\nIn den letzten zwei Jahren haben Oliver \"fussel\" Suchanek (es/ihm) und Franz \"Stoni\" Steinbrecher (er/ihm) viel Zeit, Aufwand und Sorgfalt in diverse Veranstaltungen, Workshops und Aufklärung gesteckt. Ermöglicht wurde das durch die finanzielle Unterstützung vom Chaos Computer Club.\r\n\r\nDas Ergebnis kann sich sehen lassen:\r\n\r\nEine neue Community, in der Hörende und Gehörlose gemeinsam hacken, in der Gehörlose Maschinen bedienen, die vorher unzugänglich waren, und auch ganz neue Projekte wie zum Beispiel die ÖGS-Suchmaschine (http://suche.machs-auf.at/search).\r\n\r\nÜber die Arbeit der ersten zwei Jahre wird Oliver \"fussel\" Suchanek berichten, so dass ihr unsere Ansätze auch in anderen Spaces anwenden könnt.\r\n\r\nSeid gespannt auf den Einblick … :)\n\n\nHacken geht auch ohne Ohren! In den letzten zwei Jahren haben wir am lebenden Objekt erforscht, wie man Hackspaces für Gehörlose öffnen kann, so dass wir alle gemeinsam an Projekten arbeiten und cooles Zeug bauen können. Kommt vorbei, schaut/lauscht, und nehmt was mit nach Hause!\r\n\r\nDer Vortrag wird in der Österreichischen Gebärdensprache (ÖGS) gehalten und simultan zu Deutsch übersetzt (bzw. andersherum für Fragen).","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53508],"conference_id":131,"event_ids":[53838],"name":"Oliver Suchanek","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52354}],"timeband_id":1143,"links":[{"label":"MACH'S AUF! ist auf Mastodon!","type":"link","url":"https://chaos.social/@mach_auf"},{"label":"MACH'S AUF! Zwischenbericht (2022)","type":"link","url":"https://machs-auf.at/zwischenbericht.pdf"},{"label":"CCC Wien","type":"link","url":"http://c3w.at"},{"label":"MACH'S AUF! ","type":"link","url":"http://machs-auf.at"},{"label":"ÖGS-Suchmaschine \"Gebärden-Archive\"","type":"link","url":"http://gebärdenverse.at"},{"label":"Presse: \"Wie sagt man das in ÖGS?\"","type":"link","url":"https://www.diepresse.com/6271309/wie-sagt-man-das-in-gebaerdensprache#:~:text=Von%20etwa%20450.000%20Menschen%2C%20die,Österreichische%20Gebärdensprache%20als%20Erstsprache%20nutzen."}],"end":"2023-12-30T15:25:00.000-0000","id":53838,"begin_timestamp":{"seconds":1703947500,"nanoseconds":0},"village_id":null,"tag_ids":[46119,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52354}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T14:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Quadball/Quidditch is a mixed-gender, queer-friendly, full-contact sport that incorporates elements of rugby, handball and dodge ball. It is characterized by the brooms, the five balls and the different playing positions of the players, who need different skills.\r\n\r\nWe give a short introduction to the sport with its rules and gameplay mechanics and try to give an insight into the community. We plan to have time for your questions.\r\n\r\nWe two have been playing for around 4 years with the Braunschweiger Broomicorns. There are over 30 teams in germany and many more internationally, probably one near you!\r\n\r\nMore infos at https://iqasport.org/what-is-quidditch\r\n\r\nde and/or en\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Quidditch IRL - ja das gibt es wirklich","android_description":"Quadball/Quidditch is a mixed-gender, queer-friendly, full-contact sport that incorporates elements of rugby, handball and dodge ball. It is characterized by the brooms, the five balls and the different playing positions of the players, who need different skills.\r\n\r\nWe give a short introduction to the sport with its rules and gameplay mechanics and try to give an insight into the community. We plan to have time for your questions.\r\n\r\nWe two have been playing for around 4 years with the Braunschweiger Broomicorns. There are over 30 teams in germany and many more internationally, probably one near you!\r\n\r\nMore infos at https://iqasport.org/what-is-quidditch\r\n\r\nde and/or en","end_timestamp":{"seconds":1703948400,"nanoseconds":0},"updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T15:00:00.000-0000","id":54022,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703946600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","begin":"2023-12-30T14:30:00.000-0000","updated":"2023-12-30T01:42:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"## Subtitle: Adopting Formally-verified E2EE in a FOSS project \r\n\r\n## Summary\r\nIn this talk we take a look at Tox, a distributed/P2P and E2EE messaging solution and its FOSS implementation (toxcore). Tox utilizes state-of-the-art cryptography. However, it is vulnerable to key compromise impersonation (KCI) attacks. KCI is explained and also how this issue can be fixed by using the Noise Protocol Framework. Noise is used to design and implement E2EE messaging with formally-verified security in Tox - by utilizing libsodium. This enables more secure P2P communication with Tox and serves as enabler for Noise adoption in other projects. \r\n\r\n## Description\r\nTox is a peer-to-peer (P2P) protocol that aims to provide secure messaging functionality (e.g. instant messages, audio/video calls). It is implemented in a FOSS library called “c-toxcore”. The project started in 2013 right after Edward Snowden’s disclosure of global surveillance, especially due to NSA’s PRISM program. It is intended as a distributed and end-to-end encrypted (E2EE) messaging alternative.\r\n\r\nTox(core) utilizes state-of-the-art cryptography. However, Tox’ authenticated key exchange (AKE) during Tox’ handshake is necessary to enable E2EE (and further security properties, e.g. forward secrecy), but is known to be vulnerable to so-called key compromise impersonation (KCI) attacks. KCI enables an (sophisticated) attacker, who compromised the static long-term private X25519 identity key of a Tox party Alice (e.g. with a trojan), to impersonate any other Tox party (with certain limitations) to Alice (i.e. reverse impersonation) and to perform Machine-in-the-Middle (MitM) attacks on Alice’s private conversations.\r\n\r\nAt rC3 in 2020 I presented the results of my master’s thesis and my proof-of-concept (PoC) implementation to fix this KCI vulnerability. Fortunately, NLnet foundation is funding the continuation of this project to realize a proper production-ready implementation.\r\nThe Noise Protocol Framework from Trevor Perrin (presented at 34C3; co-author of Signal) is used to design and implement a new KCI-resistant Tox handshake - with formally-verified security properties (incl. forward secrecy, KCI resistance, etc). The Noise protocol used in Tox is Noise_IK_25519_XChaChaPoly_SHA512. NoiseIK is implemented directly in c-toxcore using only libsodium, instead of relying on a third-party library as an additional dependency (e.g. Noise-C) and therefore preserve maintainability of c-toxcore. Additionally this reduces the number of possibly vulnerable source lines of code.\r\n\r\nThis talk/session explains\r\n- Tox in general and its ecosystem\r\n- what KCI is and how it can possibly be exploited in Tox\r\n- how one can design and implement their own secure/E2EE communications using the Noise framework\r\n\r\nFurther it discusses the Noise implementation in Tox with regard to:\r\n\r\n- NoiseIK handshake: Adding the Noise_IK_25519_XChaChaPoly_SHA512 protocol to c-toxcore by using libsodium and taking inspiration from WireGuard®’s NoiseIK implementation\r\n- Using XChaCha20-Poly1305 for symmetric encryption (AEAD) with extended/random nonces instead of XSalsa20 or ChaCha20\r\n- Why and how backwards compatibility to non-Noise handshakes is implemented \r\n\r\nThis will (hopefully) enable others to adopt the Noise framework also for their implementations and projects.\r\n\r\nThis session (possibly) further includes a short demonstration and a presentation of possible future improvements.\r\n___\r\nTerminology in context of Tox:\r\n\r\n- Tox is the name of the protocol in general -> https://toktok.ltd/spec.html\r\n- The implementation of Tox is toxcore - a network library\r\n- The clients (using toxcore) have specific names (e.g. Toxic https://github.com/JFreegman/toxic, TRIfA https://github.com/zoff99/ToxAndroidRefImpl/)\r\n___\r\nLinks/Resources:\r\n- https://tox.chat/\r\n- https://github.com/TokTok/c-toxcore/\"\r\n- https://github.com/TokTok/c-toxcore/issues/426/\r\n- https://github.com/TokTok/c-toxcore/pull/2450\r\n- https://blog.tox.chat/2023/03/redesign-of-toxs-cryptographic-handshake/\r\n- https://noiseprotocol.org/\n\n\nSpeaker: Tobi (goldroom, Tobias Buchberger)","title":"(More) Secure P2P Messaging with Noise and Tox","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"## Subtitle: Adopting Formally-verified E2EE in a FOSS project \r\n\r\n## Summary\r\nIn this talk we take a look at Tox, a distributed/P2P and E2EE messaging solution and its FOSS implementation (toxcore). Tox utilizes state-of-the-art cryptography. However, it is vulnerable to key compromise impersonation (KCI) attacks. KCI is explained and also how this issue can be fixed by using the Noise Protocol Framework. Noise is used to design and implement E2EE messaging with formally-verified security in Tox - by utilizing libsodium. This enables more secure P2P communication with Tox and serves as enabler for Noise adoption in other projects. \r\n\r\n## Description\r\nTox is a peer-to-peer (P2P) protocol that aims to provide secure messaging functionality (e.g. instant messages, audio/video calls). It is implemented in a FOSS library called “c-toxcore”. The project started in 2013 right after Edward Snowden’s disclosure of global surveillance, especially due to NSA’s PRISM program. It is intended as a distributed and end-to-end encrypted (E2EE) messaging alternative.\r\n\r\nTox(core) utilizes state-of-the-art cryptography. However, Tox’ authenticated key exchange (AKE) during Tox’ handshake is necessary to enable E2EE (and further security properties, e.g. forward secrecy), but is known to be vulnerable to so-called key compromise impersonation (KCI) attacks. KCI enables an (sophisticated) attacker, who compromised the static long-term private X25519 identity key of a Tox party Alice (e.g. with a trojan), to impersonate any other Tox party (with certain limitations) to Alice (i.e. reverse impersonation) and to perform Machine-in-the-Middle (MitM) attacks on Alice’s private conversations.\r\n\r\nAt rC3 in 2020 I presented the results of my master’s thesis and my proof-of-concept (PoC) implementation to fix this KCI vulnerability. Fortunately, NLnet foundation is funding the continuation of this project to realize a proper production-ready implementation.\r\nThe Noise Protocol Framework from Trevor Perrin (presented at 34C3; co-author of Signal) is used to design and implement a new KCI-resistant Tox handshake - with formally-verified security properties (incl. forward secrecy, KCI resistance, etc). The Noise protocol used in Tox is Noise_IK_25519_XChaChaPoly_SHA512. NoiseIK is implemented directly in c-toxcore using only libsodium, instead of relying on a third-party library as an additional dependency (e.g. Noise-C) and therefore preserve maintainability of c-toxcore. Additionally this reduces the number of possibly vulnerable source lines of code.\r\n\r\nThis talk/session explains\r\n- Tox in general and its ecosystem\r\n- what KCI is and how it can possibly be exploited in Tox\r\n- how one can design and implement their own secure/E2EE communications using the Noise framework\r\n\r\nFurther it discusses the Noise implementation in Tox with regard to:\r\n\r\n- NoiseIK handshake: Adding the Noise_IK_25519_XChaChaPoly_SHA512 protocol to c-toxcore by using libsodium and taking inspiration from WireGuard®’s NoiseIK implementation\r\n- Using XChaCha20-Poly1305 for symmetric encryption (AEAD) with extended/random nonces instead of XSalsa20 or ChaCha20\r\n- Why and how backwards compatibility to non-Noise handshakes is implemented \r\n\r\nThis will (hopefully) enable others to adopt the Noise framework also for their implementations and projects.\r\n\r\nThis session (possibly) further includes a short demonstration and a presentation of possible future improvements.\r\n___\r\nTerminology in context of Tox:\r\n\r\n- Tox is the name of the protocol in general -> https://toktok.ltd/spec.html\r\n- The implementation of Tox is toxcore - a network library\r\n- The clients (using toxcore) have specific names (e.g. Toxic https://github.com/JFreegman/toxic, TRIfA https://github.com/zoff99/ToxAndroidRefImpl/)\r\n___\r\nLinks/Resources:\r\n- https://tox.chat/\r\n- https://github.com/TokTok/c-toxcore/\"\r\n- https://github.com/TokTok/c-toxcore/issues/426/\r\n- https://github.com/TokTok/c-toxcore/pull/2450\r\n- https://blog.tox.chat/2023/03/redesign-of-toxs-cryptographic-handshake/\r\n- https://noiseprotocol.org/\n\n\nSpeaker: Tobi (goldroom, Tobias Buchberger)","end_timestamp":{"seconds":1703948400,"nanoseconds":0},"updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T15:00:00.000-0000","id":54026,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703944800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"updated":"2023-12-30T01:42:00.000-0000","begin":"2023-12-30T14:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Let's chat some LLM agents, their uses, and their governance. We can start by going over how to create one. We can then chat:\r\n - How do I create LLM agents in ChatGPT? What can we use them for?\r\n - How does this differ from finetuning?\r\n - How does this look with open-source models?\r\n - What business models might Big Tech come up with for LLM agents?\r\n - What are good ways for civil society to hold LLM agent producers accountable?\r\n - ...\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Meetup on LLM Agents","end_timestamp":{"seconds":1703948400,"nanoseconds":0},"android_description":"Let's chat some LLM agents, their uses, and their governance. We can start by going over how to create one. We can then chat:\r\n - How do I create LLM agents in ChatGPT? What can we use them for?\r\n - How does this differ from finetuning?\r\n - How does this look with open-source models?\r\n - What business models might Big Tech come up with for LLM agents?\r\n - What are good ways for civil society to hold LLM agent producers accountable?\r\n - ...","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T15:00:00.000-0000","id":53766,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703944800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T14:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This workshop invites FLINTA* data enthusiasts of all backgrounds to play around with population data. You will learn to access and analyse data available through _DESTATIS_, Germany's Federal Statistical Office, focusing on a data set of your choice that aligns with your interests. Together, we will learn how to access _DESTATIS_ data, retrieve specific datasets, and preprocess them for analysis in a reusable way using Python (but you can opt to choose R or another language of your choice instead), using a gender-split data set as an example. We will then explore the data we retrieved, and get together to discuss what we found.\r\n\r\n**Prerequisites:** Having beginner-level programming or data analysis skills will help you get the most out of this workshop. If you can comfortably execute Python code, you’ll probably have fun, regardless of whether you never explored data before or you happen to be a researcher in statistical modelling.\r\n* You need some basic technical skills to follow along (you should be able to read in a CSV file using code).\r\n* No prior experience with the _DESTATIS_ API is necessary. \r\n* Bring your laptop.\n\n\nIn this interactive workshop, participants will dive into the world of publicly available statistics with a focus on gender-related data from the _DESTATIS_ (German Federal Statistical Office) public API. This workshop caters to individuals with little to no prior experience with _DESTATIS_ data, while also offering a practical, hands-on introduction to data analysis.","title":"📊 GIRLS JUST WANNA HAVE SOME STATS: Exploring open population data using the DESTATIS API and Python","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#7f73c6","name":"Workshop","id":46133},"end_timestamp":{"seconds":1703952000,"nanoseconds":0},"android_description":"This workshop invites FLINTA* data enthusiasts of all backgrounds to play around with population data. You will learn to access and analyse data available through _DESTATIS_, Germany's Federal Statistical Office, focusing on a data set of your choice that aligns with your interests. Together, we will learn how to access _DESTATIS_ data, retrieve specific datasets, and preprocess them for analysis in a reusable way using Python (but you can opt to choose R or another language of your choice instead), using a gender-split data set as an example. We will then explore the data we retrieved, and get together to discuss what we found.\r\n\r\n**Prerequisites:** Having beginner-level programming or data analysis skills will help you get the most out of this workshop. If you can comfortably execute Python code, you’ll probably have fun, regardless of whether you never explored data before or you happen to be a researcher in statistical modelling.\r\n* You need some basic technical skills to follow along (you should be able to read in a CSV file using code).\r\n* No prior experience with the _DESTATIS_ API is necessary. \r\n* Bring your laptop.\n\n\nIn this interactive workshop, participants will dive into the world of publicly available statistics with a focus on gender-related data from the _DESTATIS_ (German Federal Statistical Office) public API. This workshop caters to individuals with little to no prior experience with _DESTATIS_ data, while also offering a practical, hands-on introduction to data analysis.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53253,53266],"conference_id":131,"event_ids":[53626,53638],"name":"sumpfhexe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52453}],"timeband_id":1143,"links":[],"end":"2023-12-30T16:00:00.000-0000","id":53626,"tag_ids":[46133,46140],"village_id":null,"begin_timestamp":{"seconds":1703944800,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52453}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"spans_timebands":"N","begin":"2023-12-30T14:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Celebrate the winners of the CYCLOPS CTF/ARG - prizes will be given to the people and teams who get the furthest.","title":"CYCLOPS Awards Ceremony","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703946600,"nanoseconds":0},"android_description":"Celebrate the winners of the CYCLOPS CTF/ARG - prizes will be given to the people and teams who get the furthest.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T14:30:00.000-0000","id":53548,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703944800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"House","hotel":"","short_name":"House","id":46137},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T14:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Lasst uns zusammen das cccamp27 zu einen grüneren Event machen. Egal, ob du schon Erfahrung in nachhaltigen Projekten hast oder nicht – jede Perspektive zählt. Bringt eure Ideen mit und lasst uns gemeinsam über das cccamp27 nachdenken und vernetzten.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"CCCamp27 Sustainabillity Brainstorming Meetup","android_description":"Lasst uns zusammen das cccamp27 zu einen grüneren Event machen. Egal, ob du schon Erfahrung in nachhaltigen Projekten hast oder nicht – jede Perspektive zählt. Bringt eure Ideen mit und lasst uns gemeinsam über das cccamp27 nachdenken und vernetzten.","end_timestamp":{"seconds":1703948100,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T14:55:00.000-0000","id":53544,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703944800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T14:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Das erste Mal auf dem Congress ist definitiv immer in prägendes Erlebnis. Kommt vorbei und erzählt MacSnider davon, sprecht mit anderen über eure Erwartungen und Erfahrungen. Alte Hasen die von früher erzählen sind natürlich auch gerne Willkommen!","title":"The InSnider: Mein erstes Mal Congress","type":{"conference_id":131,"conference":"37C3","color":"#93758d","updated_at":"2024-06-07T03:40+0000","name":"Podcasting table (45 minutes)","id":46128},"android_description":"Das erste Mal auf dem Congress ist definitiv immer in prägendes Erlebnis. Kommt vorbei und erzählt MacSnider davon, sprecht mit anderen über eure Erwartungen und Erfahrungen. Alte Hasen die von früher erzählen sind natürlich auch gerne Willkommen!","end_timestamp":{"seconds":1703947500,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53197,53318,53344],"conference_id":131,"event_ids":[53696,53507,53458],"name":"MacSnider","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52346}],"timeband_id":1143,"links":[],"end":"2023-12-30T14:45:00.000-0000","id":53458,"tag_ids":[46128,46139],"begin_timestamp":{"seconds":1703944800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52346}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"begin":"2023-12-30T14:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This is an open for all discussion about digital offerings in German schools.\n\n\nWir hören euch zum Thema “Bildung richtig digital” zu","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"cyber4EDU (Zu-)Hörstunde - Fokus Hochschule","android_description":"This is an open for all discussion about digital offerings in German schools.\n\n\nWir hören euch zum Thema “Bildung richtig digital” zu","end_timestamp":{"seconds":1703947500,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T14:45:00.000-0000","id":53997,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703943900,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"cyber4EDU Assembly","hotel":"","short_name":"cyber4EDU Assembly","id":46159},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T13:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Having worked on the cross border e-evidence dossier since it's inception in 2017, the talk aims to present an insider view on the proposed procedures and legal protections, the scope of the obligation on industry to promptly provide information to law enforcement as well as the status of the proposed technical implementation including the proposed authentication and encryption of requests as well as the response data provided.\r\n\r\nAs an industry representative participating in the official EU e-evidence implementation task force I am going to take a look at the current, up to date status of the proposed implementation as well as the numerous grey areas to still be addressed both legally as well as technically to make the e-evidence dossier even remotely workable/acceptable for all parties concerned.\n\n\nThe EU \"e-evidence\" regulation is a critical piece of new legislation directly affecting all EU citizens. Proposed in 2017, it has been completed in 2023 as has since become law, mandating a more or less direct, cross border access to all sorts of stored information by law enforcement. I will be addressing \r\nhow individuals are affected and how the release of e-evidence works technically. Who are the actors? Which types of information can be requested? How are individual rights protected?\r\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Dissecting EU electronic evidence","android_description":"Having worked on the cross border e-evidence dossier since it's inception in 2017, the talk aims to present an insider view on the proposed procedures and legal protections, the scope of the obligation on industry to promptly provide information to law enforcement as well as the status of the proposed technical implementation including the proposed authentication and encryption of requests as well as the response data provided.\r\n\r\nAs an industry representative participating in the official EU e-evidence implementation task force I am going to take a look at the current, up to date status of the proposed implementation as well as the numerous grey areas to still be addressed both legally as well as technically to make the e-evidence dossier even remotely workable/acceptable for all parties concerned.\n\n\nThe EU \"e-evidence\" regulation is a critical piece of new legislation directly affecting all EU citizens. Proposed in 2017, it has been completed in 2023 as has since become law, mandating a more or less direct, cross border access to all sorts of stored information by law enforcement. I will be addressing \r\nhow individuals are affected and how the release of e-evidence works technically. Who are the actors? Which types of information can be requested? How are individual rights protected?","end_timestamp":{"seconds":1703946300,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53507],"conference_id":131,"event_ids":[53837],"name":"Klaus Landefeld","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52474}],"timeband_id":1143,"links":[],"end":"2023-12-30T14:25:00.000-0000","id":53837,"tag_ids":[46121,46136,46140],"begin_timestamp":{"seconds":1703943900,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52474}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T13:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"After the \"summer of migration\", from 2017 the EU and Italy set up and equipped the \"coastguard\" in Libya, consisting of militias, to take back boats with refugees to North Africa and put the people in torture camps. Frontex and a EU military mission take over the aerial surveillance for these pullbacks. 2023, Tariq Ben Zeyad Brigade (TBZ), a notorious East Libyan land-based militia, went maritime and completed this pullback regime. They were deeply involved in the failed passage of the boat that sank near Pylos, in which up to 500 people drowned. For the first time, we unveiled how their new vessel, sponsored by UAE, operates in the Central Mediterranean. We could spot them, intercept communication, and record their crimes. We managed to do so through low-budget, open-source intelligence, voluntary work, and our civil monitoring flights. Our talk materializes at the crossroads of no-border activist nerdiness and broader geopolitical reflections. Starting with our first-hand material, we show TBZ's close ties with condemned war criminals, the smuggling business, the United Arab Emirates, the Frontex agency, and European governments, namely Greece, Italy, and Malta. We see the media being barely interested in the intricacies of Europe's proxy actors, such as TBZ, that help uphold fortress Europe. We will use CCC to discuss what has little space in our daily public work: weird details, daring predictions, and complex interlinkages.\n\n\n2023, Tariq Ben Zeyad Brigade (TBZ), a notorious East Libyan land-based militia, went maritime and completed the pullback regime which was installed by Italy and the EU from 2017. They were deeply involved in the failed passage of the boat that sank near Pylos, in which up to 500 people drowned. With the help of low-budget, open-source intelligence, we were the first to unveil how their new vessel operates in the Central Mediterranean and with which European actors they communicate. This talk provides you with the details.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"title":"A Libyan Militia and the EU - A Love Story?","end_timestamp":{"seconds":1703947500,"nanoseconds":0},"android_description":"After the \"summer of migration\", from 2017 the EU and Italy set up and equipped the \"coastguard\" in Libya, consisting of militias, to take back boats with refugees to North Africa and put the people in torture camps. Frontex and a EU military mission take over the aerial surveillance for these pullbacks. 2023, Tariq Ben Zeyad Brigade (TBZ), a notorious East Libyan land-based militia, went maritime and completed this pullback regime. They were deeply involved in the failed passage of the boat that sank near Pylos, in which up to 500 people drowned. For the first time, we unveiled how their new vessel, sponsored by UAE, operates in the Central Mediterranean. We could spot them, intercept communication, and record their crimes. We managed to do so through low-budget, open-source intelligence, voluntary work, and our civil monitoring flights. Our talk materializes at the crossroads of no-border activist nerdiness and broader geopolitical reflections. Starting with our first-hand material, we show TBZ's close ties with condemned war criminals, the smuggling business, the United Arab Emirates, the Frontex agency, and European governments, namely Greece, Italy, and Malta. We see the media being barely interested in the intricacies of Europe's proxy actors, such as TBZ, that help uphold fortress Europe. We will use CCC to discuss what has little space in our daily public work: weird details, daring predictions, and complex interlinkages.\n\n\n2023, Tariq Ben Zeyad Brigade (TBZ), a notorious East Libyan land-based militia, went maritime and completed the pullback regime which was installed by Italy and the EU from 2017. They were deeply involved in the failed passage of the boat that sank near Pylos, in which up to 500 people drowned. With the help of low-budget, open-source intelligence, we were the first to unveil how their new vessel operates in the Central Mediterranean and with which European actors they communicate. This talk provides you with the details.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53500],"conference_id":131,"event_ids":[53831],"name":"Paul Wagner","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52384},{"content_ids":[53500],"conference_id":131,"event_ids":[53831],"name":"Matthias Monroy","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52398},{"content_ids":[53500],"conference_id":131,"event_ids":[53831],"name":"Felix Weiss","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52482}],"timeband_id":1143,"links":[{"label":"One of the few media ouputs that has been done in cooperation with us on the topic","type":"link","url":"https://www.aljazeera.com/features/longform/2023/8/11/eastern-libya-militia-operates-illegal-pullbacks-in-mediterranean"}],"end":"2023-12-30T14:45:00.000-0000","id":53831,"tag_ids":[46121,46136,46140],"village_id":null,"begin_timestamp":{"seconds":1703943900,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52482},{"tag_id":46107,"sort_order":1,"person_id":52398},{"tag_id":46107,"sort_order":1,"person_id":52384}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"begin":"2023-12-30T13:45:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The SPC700 by Sony is an 8-bit architecture that was developed and used as the S-SMP sound coprocessor in the Super Nintendo Entertainment System (SNES). A big leap ahead in sound synthesis capabilities, apart from these few years of glory in the 1990s the architecture enjoyed no further uses and has faded into obscurity outside SNES circles. This talk not only takes a look at the SPC700 architecture, which is both a usual and unusual 8-bit ISA, but also the sound and music capabilities of the SNES S-DSP that it was designed to control. The talk is designed to be approachable by anyone with a basic understanding of how a microprocessor works; in particular, it covers the basics of digital audio necessary to understand the S-DSP's sound synthesis features like ADPCM sample playback or echo buffers.\n\n\nThe Super Nintendo Entertainment System's sound coprocessor, the S-SMP, runs on the mostly-forgotten SPC700 architecture. To understand why the sound of Super Metroid or SMW was so ahead of its time, we will look at all the details of how this processor works and how it plays music.","title":"The Ultimate SPC700 Talk","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703947500,"nanoseconds":0},"android_description":"The SPC700 by Sony is an 8-bit architecture that was developed and used as the S-SMP sound coprocessor in the Super Nintendo Entertainment System (SNES). A big leap ahead in sound synthesis capabilities, apart from these few years of glory in the 1990s the architecture enjoyed no further uses and has faded into obscurity outside SNES circles. This talk not only takes a look at the SPC700 architecture, which is both a usual and unusual 8-bit ISA, but also the sound and music capabilities of the SNES S-DSP that it was designed to control. The talk is designed to be approachable by anyone with a basic understanding of how a microprocessor works; in particular, it covers the basics of digital audio necessary to understand the S-DSP's sound synthesis features like ADPCM sample playback or echo buffers.\n\n\nThe Super Nintendo Entertainment System's sound coprocessor, the S-SMP, runs on the mostly-forgotten SPC700 architecture. To understand why the sound of Super Metroid or SMW was so ahead of its time, we will look at all the details of how this processor works and how it plays music.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53490],"conference_id":131,"event_ids":[53823],"name":"kleines Filmröllchen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52242}],"timeband_id":1143,"links":[],"end":"2023-12-30T14:45:00.000-0000","id":53823,"begin_timestamp":{"seconds":1703943900,"nanoseconds":0},"village_id":null,"tag_ids":[46122,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52242}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-30T13:45:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Ever since the revolutionary uprisings in East Kurdistan, Balochistan and Iran following the death of of Jina Emînî after mistreatment by the Iranian morality police, the slogan \"Jin Jiyan Azadî\" has become known worldwide as a symbol of the struggle for women's liberation. But the Kurdish women's movement has been fighting for far longer under the slogan \"Woman, Life, freedom\" for the liberation of life through a women's revolution. With the revolution in Rojava, which has been continuously built up and defended for over 10 years, such a revolution based on women's liberation, radical democracy and social ecology has become reality. It offers a perspective for a peaceful and democratic coexistence of the people in the Middle East and beyond. What are the ideas behind the slogan \"Jin Jiyan Azadî\" and what does the practice look like in the liberated areas of Kurdistan? Together we want to get to the bottom of this and discuss the significance of the struggle of the Kurdish women's movement for us in Germany and a women's movement worldwide.\n\n\nDiscuss the significance of the struggle of the Kurdish women's movement for us in Germany and a women's movement worldwide.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"With Jin Jiyan Azadî to women's liberation","android_description":"Ever since the revolutionary uprisings in East Kurdistan, Balochistan and Iran following the death of of Jina Emînî after mistreatment by the Iranian morality police, the slogan \"Jin Jiyan Azadî\" has become known worldwide as a symbol of the struggle for women's liberation. But the Kurdish women's movement has been fighting for far longer under the slogan \"Woman, Life, freedom\" for the liberation of life through a women's revolution. With the revolution in Rojava, which has been continuously built up and defended for over 10 years, such a revolution based on women's liberation, radical democracy and social ecology has become reality. It offers a perspective for a peaceful and democratic coexistence of the people in the Middle East and beyond. What are the ideas behind the slogan \"Jin Jiyan Azadî\" and what does the practice look like in the liberated areas of Kurdistan? Together we want to get to the bottom of this and discuss the significance of the struggle of the Kurdish women's movement for us in Germany and a women's movement worldwide.\n\n\nDiscuss the significance of the struggle of the Kurdish women's movement for us in Germany and a women's movement worldwide.","end_timestamp":{"seconds":1703946600,"nanoseconds":0},"updated_timestamp":{"seconds":1703954760,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T14:30:00.000-0000","id":54033,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703943000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Freie Arbeiter*innen Union (FAU)","hotel":"","short_name":"Freie Arbeiter*innen Union (FAU)","id":46146},"begin":"2023-12-30T13:30:00.000-0000","updated":"2023-12-30T16:46:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Coole Einreichungen der Artists Unlimited die es teilweise ins Nachtprogramm geschafft haben.\r\nhttp://www.artists-unlimited.de\n\n\nCoole Einreichungen der Artists Unlimited!\r\nhttp://www.artists-unlimited.de","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#6fdce3","name":"Talk 30 min + 10 min Q&A","id":46131},"title":"Kunstshow der Artists Unlimited","end_timestamp":{"seconds":1703949300,"nanoseconds":0},"android_description":"Coole Einreichungen der Artists Unlimited die es teilweise ins Nachtprogramm geschafft haben.\r\nhttp://www.artists-unlimited.de\n\n\nCoole Einreichungen der Artists Unlimited!\r\nhttp://www.artists-unlimited.de","updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[{"content_ids":[53672],"conference_id":131,"event_ids":[54004],"name":"Unnamed user","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52519}],"timeband_id":1143,"links":[],"end":"2023-12-30T15:15:00.000-0000","id":54004,"begin_timestamp":{"seconds":1703943000,"nanoseconds":0},"village_id":null,"tag_ids":[46131,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52519}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"spans_timebands":"N","begin":"2023-12-30T13:30:00.000-0000","updated":"2023-12-29T15:25:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This session is intended to provide a space to exchange ideas about Fairphones. It doesn't matter whether you already own and use a Fairphone or are simply interested. All current Fairphone models will be on site and if someone brings tools, we might be able to disassemble one or the other.\r\n\r\nIf you have any other ideas for the Meetup, please get in touch with me: DECT 5548; @t_aus_m@machteburch.social\n\n\n","title":"Fairphone Meetup","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703944800,"nanoseconds":0},"android_description":"This session is intended to provide a space to exchange ideas about Fairphones. It doesn't matter whether you already own and use a Fairphone or are simply interested. All current Fairphone models will be on site and if someone brings tools, we might be able to disassemble one or the other.\r\n\r\nIf you have any other ideas for the Meetup, please get in touch with me: DECT 5548; @t_aus_m@machteburch.social","updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T14:00:00.000-0000","id":54016,"village_id":null,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703941200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"updated":"2023-12-29T15:25:00.000-0000","begin":"2023-12-30T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Replicant is a fully free Android distribution running on several devices,\r\na free software mobile operating system putting the emphasis on freedom and privacy/security\n\n\nReplicant is the only fully free Android distribution for mobile phones.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Replicant Meetup","android_description":"Replicant is a fully free Android distribution running on several devices,\r\na free software mobile operating system putting the emphasis on freedom and privacy/security\n\n\nReplicant is the only fully free Android distribution for mobile phones.","end_timestamp":{"seconds":1703944800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T14:00:00.000-0000","id":53998,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703941200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"How the tactics of this war differ from those in all other wars of\r\nthe last 50 years, why it is an exception from all the rules, and\r\nwhy that is dangerous for everybody.\r\nYevhen Shybalov, former peacemaker, currently an infantryman\r\n\r\nhttps://events.ccc.de/congress/2023/hub/en/tag/UAct/\n\n\nHow the tactics of this war differ from those in all other wars of\r\nthe last 50 years, why it is an exception from all the rules, and\r\nwhy that is dangerous for everybody.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"U Act! - Modern Warfare (Infantry)","end_timestamp":{"seconds":1703946600,"nanoseconds":0},"android_description":"How the tactics of this war differ from those in all other wars of\r\nthe last 50 years, why it is an exception from all the rules, and\r\nwhy that is dangerous for everybody.\r\nYevhen Shybalov, former peacemaker, currently an infantryman\r\n\r\nhttps://events.ccc.de/congress/2023/hub/en/tag/UAct/\n\n\nHow the tactics of this war differ from those in all other wars of\r\nthe last 50 years, why it is an exception from all the rules, and\r\nwhy that is dangerous for everybody.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T14:30:00.000-0000","id":53900,"village_id":null,"begin_timestamp":{"seconds":1703941200,"nanoseconds":0},"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"ChaosZone","hotel":"","short_name":"ChaosZone","id":46138},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Tägliche Meetups zum Netzwerken, gegenseitiges Kennenlernen, Tipps geben.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Bits & Bäume Community Treffen Tag 4","end_timestamp":{"seconds":1703944800,"nanoseconds":0},"android_description":"Tägliche Meetups zum Netzwerken, gegenseitiges Kennenlernen, Tipps geben.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T14:00:00.000-0000","id":53655,"begin_timestamp":{"seconds":1703941200,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Community Space","hotel":"","short_name":"Bits & Bäume Community Space","id":46145},"begin":"2023-12-30T13:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Once again this year, the developers and users attending the congress want to discuss current OpenWrt topics.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"OpenWrt Meetup","android_description":"Once again this year, the developers and users attending the congress want to discuss current OpenWrt topics.","end_timestamp":{"seconds":1703948400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T15:00:00.000-0000","id":53524,"begin_timestamp":{"seconds":1703941200,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"begin":"2023-12-30T13:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"You like roleplaying games? You enjoy LARP, TTRPG, Improv, story telling or simulation games? You have no idea what this is about and want to try out stuff? This is a meetup for cooperative improvised story telling. Children and adults are welcome. If you do game design, creative writing, education or therapy, please come by.\n\n\nRollenspiele","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Geschichten erzählen - The Storytellers Den (LARP) - Tag 4","end_timestamp":{"seconds":1703948400,"nanoseconds":0},"android_description":"You like roleplaying games? You enjoy LARP, TTRPG, Improv, story telling or simulation games? You have no idea what this is about and want to try out stuff? This is a meetup for cooperative improvised story telling. Children and adults are welcome. If you do game design, creative writing, education or therapy, please come by.\n\n\nRollenspiele","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T15:00:00.000-0000","id":53434,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703941200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Kidspace - Saal B","hotel":"","short_name":"Kidspace - Saal B","id":46158},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"„Quantum“ macht ja alles besser, vielleicht auch die Messtechnik, mit der wir die Erde vermessen. In einem Beitrag auf dem 34C3 habe ich über die Vermessung des Schwerefeldes der Erde gesprochen, die uns einen Einblick in die Umverteilung von Massen auf und innerhalb der Erde ermöglicht. Mit Satelliten werden zum Beispiel die Massenveränderungen an den Eisschilden oder in kontinentalen Grundwasserspeichern beobachtet. Auf der Erdoberfläche selbst wird das Schwerefeld für Anwendungen in Geodäsie, Geophysik oder auch der Hydrologie lokal oder in kleinen Regionen mit Gravimetern am Boden, im Flugzeug oder auf Schiffen vermessen. \r\n\r\nIm terrestrischen Einsatz werden bereits seit wenigen Jahren so genannte Quantengravimeter eingesetzt, die das Prinzip der Atominterferometrie nutzen. In diesen Instrumenten werden fallende Atome mittels Laser manipuliert, um die Beschleunigung zu messen, der die fallenden Atome unterliegen. Für Weltraumanwendungen ist die Technologie derzeit in der Entwicklung und noch nicht im Einsatz.\r\n\r\nIn diesem Beitrag gebe ich einen kurzen Überblick über das Thema „Quantum Sensing“ mit dem Fokus auf die Erdbeobachtung. Wir schauen uns die Technologie, Anwendungen und aktuelle Entwicklungen an und werfen einen Blick in die Förderlandschaft. Vielleicht starten wir ja auch noch SomeThingQT.\n\n\nMal ehrlich, was haben denn Atome je für uns getan, also außer der Materie im Allgemeinen und Mate im Besonderen? Wir kennen „Quantum Computing“ oder auch „Quantum Communication“. Aber wie sieht es aus mit „Quantum Sensing“ – also quantenbasierter Messtechnik? Lasst uns mit Lasern auf ein paar Atome schießen und sehen, wie schwer die Welt ist. ","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"Was haben Atome je für uns getan?","android_description":"„Quantum“ macht ja alles besser, vielleicht auch die Messtechnik, mit der wir die Erde vermessen. In einem Beitrag auf dem 34C3 habe ich über die Vermessung des Schwerefeldes der Erde gesprochen, die uns einen Einblick in die Umverteilung von Massen auf und innerhalb der Erde ermöglicht. Mit Satelliten werden zum Beispiel die Massenveränderungen an den Eisschilden oder in kontinentalen Grundwasserspeichern beobachtet. Auf der Erdoberfläche selbst wird das Schwerefeld für Anwendungen in Geodäsie, Geophysik oder auch der Hydrologie lokal oder in kleinen Regionen mit Gravimetern am Boden, im Flugzeug oder auf Schiffen vermessen. \r\n\r\nIm terrestrischen Einsatz werden bereits seit wenigen Jahren so genannte Quantengravimeter eingesetzt, die das Prinzip der Atominterferometrie nutzen. In diesen Instrumenten werden fallende Atome mittels Laser manipuliert, um die Beschleunigung zu messen, der die fallenden Atome unterliegen. Für Weltraumanwendungen ist die Technologie derzeit in der Entwicklung und noch nicht im Einsatz.\r\n\r\nIn diesem Beitrag gebe ich einen kurzen Überblick über das Thema „Quantum Sensing“ mit dem Fokus auf die Erdbeobachtung. Wir schauen uns die Technologie, Anwendungen und aktuelle Entwicklungen an und werfen einen Blick in die Förderlandschaft. Vielleicht starten wir ja auch noch SomeThingQT.\n\n\nMal ehrlich, was haben denn Atome je für uns getan, also außer der Materie im Allgemeinen und Mate im Besonderen? Wir kennen „Quantum Computing“ oder auch „Quantum Communication“. Aber wie sieht es aus mit „Quantum Sensing“ – also quantenbasierter Messtechnik? Lasst uns mit Lasern auf ein paar Atome schießen und sehen, wie schwer die Welt ist.","end_timestamp":{"seconds":1703943000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53506],"conference_id":131,"event_ids":[53836],"name":"Manuel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52447}],"timeband_id":1143,"links":[],"end":"2023-12-30T13:30:00.000-0000","id":53836,"begin_timestamp":{"seconds":1703940600,"nanoseconds":0},"tag_ids":[46123,46136,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52447}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","begin":"2023-12-30T12:50:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Schon länger experimentieren Bundesländer und Schulen zusammen mit EdTech-Unternehmen mit KI und Algorithmen in Learning Analytics-Programmen (LA) und sogenannten Intelligenten Tutor Systemen. Wie auch schon bei anderen technologischen Entwicklungen hängt auch bei KI die gesetzliche Regulierung der gelebten Praxis hinterher und Schulen oder auch Schulträger haben bislang keine rechtssichere Grundlage für die Arbeit mit KI. Noch. Doch bereits seit dem Frühjahr 2021 wird in Brüssel an der sogenannten KI-Verordnung gearbeitet, die diese Lücke schließen soll. Nun steht die KI-Verordnung kurz vor dem Abschluss und der Vortrag zeigt, was nun juristisch konkret auf Schulen, Schulträger oder Länder zukommen kann, und gibt ein Update zu den technischen und pädagogischen Herausforderungen, die der Einsatz von KI in der Schule mitbringt. Nur wenn KI richtig und geplant beschafft, eingesetzt und begleitet wird, kann sie zu Entlastungseffekten führen. Der Vortrag stellt die nötigen Schritte vor. \n\n\nSeit ChatGPT ist das Thema Künstliche Intelligenz mittlerweile an fast allen Schulen angekommen. Immer noch soll KI Lehrkräfte entlasten, doch mit der kommenden KI-Verordnung kann sich die Belastung einfach nur verschieben. Der Vortrag gibt ein Update zum Vortrag von der #rC3 2020, was nun konkret auf Schulen zukommen kann und wie KI tatsächlich zu Entlastungen beitragen kann. ","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"title":"KI im Klassenzimmer - ein Update!","android_description":"Schon länger experimentieren Bundesländer und Schulen zusammen mit EdTech-Unternehmen mit KI und Algorithmen in Learning Analytics-Programmen (LA) und sogenannten Intelligenten Tutor Systemen. Wie auch schon bei anderen technologischen Entwicklungen hängt auch bei KI die gesetzliche Regulierung der gelebten Praxis hinterher und Schulen oder auch Schulträger haben bislang keine rechtssichere Grundlage für die Arbeit mit KI. Noch. Doch bereits seit dem Frühjahr 2021 wird in Brüssel an der sogenannten KI-Verordnung gearbeitet, die diese Lücke schließen soll. Nun steht die KI-Verordnung kurz vor dem Abschluss und der Vortrag zeigt, was nun juristisch konkret auf Schulen, Schulträger oder Länder zukommen kann, und gibt ein Update zu den technischen und pädagogischen Herausforderungen, die der Einsatz von KI in der Schule mitbringt. Nur wenn KI richtig und geplant beschafft, eingesetzt und begleitet wird, kann sie zu Entlastungseffekten führen. Der Vortrag stellt die nötigen Schritte vor. \n\n\nSeit ChatGPT ist das Thema Künstliche Intelligenz mittlerweile an fast allen Schulen angekommen. Immer noch soll KI Lehrkräfte entlasten, doch mit der kommenden KI-Verordnung kann sich die Belastung einfach nur verschieben. Der Vortrag gibt ein Update zum Vortrag von der #rC3 2020, was nun konkret auf Schulen zukommen kann und wie KI tatsächlich zu Entlastungen beitragen kann.","end_timestamp":{"seconds":1703943000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53499],"conference_id":131,"event_ids":[53830],"name":"Nina Galla","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52515}],"timeband_id":1143,"links":[{"label":" #rC3 - KI im Klassenzimmer - yay oder nay? ","type":"link","url":"https://www.youtube.com/watch?v=V1bs0w08Y7w"}],"end":"2023-12-30T13:30:00.000-0000","id":53830,"begin_timestamp":{"seconds":1703940600,"nanoseconds":0},"tag_ids":[46121,46136,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52515}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"begin":"2023-12-30T12:50:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The climate catastrophe is imminent and global injustice is rising. Now a lot of new (in part digital) tech (AI, blockchain, big data, fusion, quantum computing, genetic engineering) is supposed to help the transition to a sustainable society. Although some of them can actually help with parts of the transition, they are usually discussed not as tools to assist the broader societal change (economic, legal, social, political changes) but as replacement for the broader societal change. In effect they act as \"change placebos\" resulting in \"placebo change\", meaning no change at all.\r\n\r\nUsing concrete examples, this talk wants to 1) show in which ways technological fictions are misused as diversion from the necessary change or already existing other technologies, 2) present reasons and explanations for such misuse and 3) a simple method to spot tech(no)fixes. This talk underlines the necessity to design concrete technical use cases including their social conditions and limitations in order to create a fruitful debate for sustainability-assisting technologies and actually helpful implementations.\n\n\nTech(no)fixes distract our minds and slow down necessary change. We will give examples, explain them and show you how to spot them.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"Tech(no)fixes beware!","android_description":"The climate catastrophe is imminent and global injustice is rising. Now a lot of new (in part digital) tech (AI, blockchain, big data, fusion, quantum computing, genetic engineering) is supposed to help the transition to a sustainable society. Although some of them can actually help with parts of the transition, they are usually discussed not as tools to assist the broader societal change (economic, legal, social, political changes) but as replacement for the broader societal change. In effect they act as \"change placebos\" resulting in \"placebo change\", meaning no change at all.\r\n\r\nUsing concrete examples, this talk wants to 1) show in which ways technological fictions are misused as diversion from the necessary change or already existing other technologies, 2) present reasons and explanations for such misuse and 3) a simple method to spot tech(no)fixes. This talk underlines the necessity to design concrete technical use cases including their social conditions and limitations in order to create a fruitful debate for sustainability-assisting technologies and actually helpful implementations.\n\n\nTech(no)fixes distract our minds and slow down necessary change. We will give examples, explain them and show you how to spot them.","end_timestamp":{"seconds":1703943000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53489],"conference_id":131,"event_ids":[53822],"name":"Rainer Rehak","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52314},{"content_ids":[53489],"conference_id":131,"event_ids":[53822],"name":"Friederike Hildebrandt","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52347}],"timeband_id":1143,"links":[],"end":"2023-12-30T13:30:00.000-0000","id":53822,"begin_timestamp":{"seconds":1703940600,"nanoseconds":0},"village_id":null,"tag_ids":[46125,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52347},{"tag_id":46107,"sort_order":1,"person_id":52314}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","begin":"2023-12-30T12:50:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Ätzende Begutachtungen um an OPs zu kommen, das Selbstbestimmungsgesetz verzögert sich immer weiter und TERFs demonstrieren zusammen mit Nazis gegen Kinderlesungen - während wir immer noch auf grundlegendste (trans-) Rechte warten. Wir sind wütend. Wir haben einen Plan. Und wir brauchen deine Unterstützung. \r\n\r\n[Offen für trans/ enby/ questioning und cis Allys]\r\n\r\nWir organisieren im Frühjahr 2024 einen dezentralen Aktionstag zu trans Gesundheit & Zugang zu geschlechtsangleichenden OPs. Wir kämpfen dafür scheiß Gatekeeping abzuschaffen und das geschlechtsangleichende Maßnahmen für alle frei zugänglich sind und niemand mehr beweisen muss \"trans genug\" zu sein. \r\n\r\nWir organisieren diesen Aktionstag, weil uns das einfach sehr direkt betrifft. Wie du mitmachen kannst, wollen wir dir hier erzählen. Auch Menschen ohne jegliche Aktionserfahrung können mitmachen. Du kannst direkt dort, wo du wohnst was machen. \r\n\r\nAuch online am Aktionstag teilnehmen ist möglich. Gerade sammeln wir z.B. kurze Statements von Betroffenen, die scheiß Erfahrungen mit Therapeutis, Ärzt_innen und anderen Gatekeeper*innen gemacht haben. Diese wollen wir zu den Verantwortlichen bringen und für Social Media/ Öffentlichkeitsarbeit nutzen. Statements gerne an: trans_justice[a]riseupDOTnet \r\n\r\n15-20 Minuten Input und danach gerne noch so 15-30 Minuten mit Interessierten vorm Saal quatschen. War nur kein längerer Slot im Saal mehr frei, weil ich mich zu spät entschieden hab das zu machen. xD\r\n\r\nWarum das ganze?\r\nFür trans Rechte wird an vielen Stellen gekämpft. Gerade auf juristischer Ebene leisten Betroffenen-Verbände großartige Arbeit! Dennoch dominieren in der Öffentlichkeit oft TERFs mit transfeindlichen Erzählungen und Stimmen von Betroffenen fehlen. Koordinierte und konfrontative Aktionen können helfen, das zu ändern und Stimmen von Betroffenen in den Fokus zu rücken. Zudem herrscht auch immer noch eine zermürbende Politik des Auf-Später-Vertröstens. Also höchste Zeit mal die Dringlichkeit mit ein paar Aktionen zu untermauern und den Druck zu erhöhen.\n\n\n","title":"Aktionstag für trans* Gesundheit 🏳️‍⚧️ - fight the cistem!","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703941200,"nanoseconds":0},"android_description":"Ätzende Begutachtungen um an OPs zu kommen, das Selbstbestimmungsgesetz verzögert sich immer weiter und TERFs demonstrieren zusammen mit Nazis gegen Kinderlesungen - während wir immer noch auf grundlegendste (trans-) Rechte warten. Wir sind wütend. Wir haben einen Plan. Und wir brauchen deine Unterstützung. \r\n\r\n[Offen für trans/ enby/ questioning und cis Allys]\r\n\r\nWir organisieren im Frühjahr 2024 einen dezentralen Aktionstag zu trans Gesundheit & Zugang zu geschlechtsangleichenden OPs. Wir kämpfen dafür scheiß Gatekeeping abzuschaffen und das geschlechtsangleichende Maßnahmen für alle frei zugänglich sind und niemand mehr beweisen muss \"trans genug\" zu sein. \r\n\r\nWir organisieren diesen Aktionstag, weil uns das einfach sehr direkt betrifft. Wie du mitmachen kannst, wollen wir dir hier erzählen. Auch Menschen ohne jegliche Aktionserfahrung können mitmachen. Du kannst direkt dort, wo du wohnst was machen. \r\n\r\nAuch online am Aktionstag teilnehmen ist möglich. Gerade sammeln wir z.B. kurze Statements von Betroffenen, die scheiß Erfahrungen mit Therapeutis, Ärzt_innen und anderen Gatekeeper*innen gemacht haben. Diese wollen wir zu den Verantwortlichen bringen und für Social Media/ Öffentlichkeitsarbeit nutzen. Statements gerne an: trans_justice[a]riseupDOTnet \r\n\r\n15-20 Minuten Input und danach gerne noch so 15-30 Minuten mit Interessierten vorm Saal quatschen. War nur kein längerer Slot im Saal mehr frei, weil ich mich zu spät entschieden hab das zu machen. xD\r\n\r\nWarum das ganze?\r\nFür trans Rechte wird an vielen Stellen gekämpft. Gerade auf juristischer Ebene leisten Betroffenen-Verbände großartige Arbeit! Dennoch dominieren in der Öffentlichkeit oft TERFs mit transfeindlichen Erzählungen und Stimmen von Betroffenen fehlen. Koordinierte und konfrontative Aktionen können helfen, das zu ändern und Stimmen von Betroffenen in den Fokus zu rücken. Zudem herrscht auch immer noch eine zermürbende Politik des Auf-Später-Vertröstens. Also höchste Zeit mal die Dringlichkeit mit ein paar Aktionen zu untermauern und den Druck zu erhöhen.","updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T13:00:00.000-0000","id":54003,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703940000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","begin":"2023-12-30T12:40:00.000-0000","updated":"2023-12-29T15:25:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In dieser Runde können alle Fragen rund um die Haecksen gestellt werden\r\n\r\n- Sind die Haecksen wirklich der größte Chaostreff vom CCC mit 700 Mitgliedern?\r\n- Was sind die Ziele der Haecksen?\r\n- Wie kann man die Haecksen oder generell Gleichberechtigung unterstützen?\r\n- Warum können zB. cis Männer keine Haecksen werden? \r\n- Warum sind dann trotzdem so ziemlich jeder Workshop der Haecksen für alle Wesen besuchbar?\r\n\r\nDiese Runde ist explizit an Menschen gerichtet, die sich nicht in FINT* wiederfinden können und damit keine unserer anderen Veranstaltungen besuchen können, in denen wir solche Fragen beantworten.\n\n\nDie Haecksen für Nicht-Haecksen - eine Fragerunde","type":{"conference_id":131,"conference":"37C3","color":"#7f73c6","updated_at":"2024-06-07T03:40+0000","name":"Workshop","id":46133},"title":"Die Haecksen für Nicht-Haecksen","end_timestamp":{"seconds":1703944800,"nanoseconds":0},"android_description":"In dieser Runde können alle Fragen rund um die Haecksen gestellt werden\r\n\r\n- Sind die Haecksen wirklich der größte Chaostreff vom CCC mit 700 Mitgliedern?\r\n- Was sind die Ziele der Haecksen?\r\n- Wie kann man die Haecksen oder generell Gleichberechtigung unterstützen?\r\n- Warum können zB. cis Männer keine Haecksen werden? \r\n- Warum sind dann trotzdem so ziemlich jeder Workshop der Haecksen für alle Wesen besuchbar?\r\n\r\nDiese Runde ist explizit an Menschen gerichtet, die sich nicht in FINT* wiederfinden können und damit keine unserer anderen Veranstaltungen besuchen können, in denen wir solche Fragen beantworten.\n\n\nDie Haecksen für Nicht-Haecksen - eine Fragerunde","updated_timestamp":{"seconds":1703808300,"nanoseconds":0},"speakers":[{"content_ids":[53133,53136],"conference_id":131,"event_ids":[53446,53553],"name":"melzai","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52366}],"timeband_id":1143,"links":[],"end":"2023-12-30T14:00:00.000-0000","id":53553,"begin_timestamp":{"seconds":1703939400,"nanoseconds":0},"village_id":null,"tag_ids":[46133,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52366}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"spans_timebands":"N","begin":"2023-12-30T12:30:00.000-0000","updated":"2023-12-29T00:05:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"ja lol ey wir haben da so Berichte IfG'd und lesen die halt vor.\n\n\nWir decken Probleme in der Gastronomie auf!","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#cd4f7f","name":"Talk","id":46130},"title":"Topf Secret","end_timestamp":{"seconds":1703940300,"nanoseconds":0},"android_description":"ja lol ey wir haben da so Berichte IfG'd und lesen die halt vor.\n\n\nWir decken Probleme in der Gastronomie auf!","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53208],"conference_id":131,"event_ids":[53545],"name":"hexchen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52382}],"timeband_id":1143,"links":[],"end":"2023-12-30T12:45:00.000-0000","id":53545,"tag_ids":[46130,46139],"begin_timestamp":{"seconds":1703939400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52382}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T12:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"**Bei den Aufzügen nahe Stage Y.**\r\n\r\nIn diesem Workshop geht es um:\r\n\r\n1. Die besondere Macht des feinen aber kleinen Unterschieds zwischen uni-tuebingen.de und den neuen aber viel besseren unituebingen.de (weil wir sie kontrollieren ;-)) sowie den beeindruckenden Einfluss auf das reichweitenstärkste Pressemedium in Baden-Württemberg.\r\n\r\n2. Wieso die FDP plötzlich richtig viele erboste Anrufe von SUV-Fahrern erhielt.\r\n\r\n3. Dass nicht nur das Straßenbauamt in deiner Straße, in der viel zu viele Autos viel zu schnell fahren, Tempo-30-Schilder aufstellen können, sondern auch du und dein Schraubenzieher auch.\r\n\r\nNach einem kurzen 15-minütigen Bericht über diese Aktionen teilen wir uns in drei Gruppen auf und planen alles, um den jeweiligen Vorschlag in eurer Stadt zu reproduzieren.\r\n\r\n[Weitere Sessions unserer Gruppe gibt es hier.](https://chaos.quasicoherent.io/)\r\n\r\n🧮\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Wie eine Gruppe Nerds mit einer Mail, einem Baum und 9,99 € für einen Tag zur Uni Tübingen wurde","android_description":"**Bei den Aufzügen nahe Stage Y.**\r\n\r\nIn diesem Workshop geht es um:\r\n\r\n1. Die besondere Macht des feinen aber kleinen Unterschieds zwischen uni-tuebingen.de und den neuen aber viel besseren unituebingen.de (weil wir sie kontrollieren ;-)) sowie den beeindruckenden Einfluss auf das reichweitenstärkste Pressemedium in Baden-Württemberg.\r\n\r\n2. Wieso die FDP plötzlich richtig viele erboste Anrufe von SUV-Fahrern erhielt.\r\n\r\n3. Dass nicht nur das Straßenbauamt in deiner Straße, in der viel zu viele Autos viel zu schnell fahren, Tempo-30-Schilder aufstellen können, sondern auch du und dein Schraubenzieher auch.\r\n\r\nNach einem kurzen 15-minütigen Bericht über diese Aktionen teilen wir uns in drei Gruppen auf und planen alles, um den jeweiligen Vorschlag in eurer Stadt zu reproduzieren.\r\n\r\n[Weitere Sessions unserer Gruppe gibt es hier.](https://chaos.quasicoherent.io/)\r\n\r\n🧮","end_timestamp":{"seconds":1703940600,"nanoseconds":0},"updated_timestamp":{"seconds":1703954760,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T12:50:00.000-0000","id":54034,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703937600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Foyer Level 2 (In front of the elevators left of Stage Y)","hotel":"","short_name":"Foyer Level 2 (In front of the elevators left of Stage Y)","id":46156},"begin":"2023-12-30T12:00:00.000-0000","updated":"2023-12-30T16:46:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"3 Herzen schlagen in unserer Brust, wenn wir auf die Digitalisierung des Gesundheitswesens blicken: \r\nNerd, Patient und Anwender. \r\nDie unterschiedlichen und teilweise konkurrierenden Anforderungen abzuwägen und zu vereinen fällt schon der milliardenschweren Industrie nicht leicht. Die Lobbyarbeit der Patienten- und Datenschützer, Ärzte und anderer Anwender ist im Hintertreffen. \r\n\r\nWir setzen uns auch hier wieder gezielt mit der Telematik-Infrastruktur und den Anwendungen wie dem eRezept auseinander. Schwerpunkte liegen auf Sicherheit, Nutzen und Anwendbarkeit.\r\n\r\nUpdate20231228: Aufgrund der vielen Rückmeldungen wurde die Session verlegt auf eine größere Bühne.\r\n\r\n\r\nWe talk about german digital healthcare desaster \"Telematik-Infrastruktur\". \r\n\r\nSos shifted to d4 due to many interested Nerds\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"IT-Security in Arztpraxis und Apotheke","android_description":"3 Herzen schlagen in unserer Brust, wenn wir auf die Digitalisierung des Gesundheitswesens blicken: \r\nNerd, Patient und Anwender. \r\nDie unterschiedlichen und teilweise konkurrierenden Anforderungen abzuwägen und zu vereinen fällt schon der milliardenschweren Industrie nicht leicht. Die Lobbyarbeit der Patienten- und Datenschützer, Ärzte und anderer Anwender ist im Hintertreffen. \r\n\r\nWir setzen uns auch hier wieder gezielt mit der Telematik-Infrastruktur und den Anwendungen wie dem eRezept auseinander. Schwerpunkte liegen auf Sicherheit, Nutzen und Anwendbarkeit.\r\n\r\nUpdate20231228: Aufgrund der vielen Rückmeldungen wurde die Session verlegt auf eine größere Bühne.\r\n\r\n\r\nWe talk about german digital healthcare desaster \"Telematik-Infrastruktur\". \r\n\r\nSos shifted to d4 due to many interested Nerds","end_timestamp":{"seconds":1703944800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T14:00:00.000-0000","id":53987,"begin_timestamp":{"seconds":1703937600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T12:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"At the Chaoswelle assembly we will give a short introduction to the amateur radio activity program \"Parks On The Air\" (POTA for short) and portable operation (duration approx. 30 minutes). Afterwards, we will start a joint park activation with you on shortwave in the \"Planten un Bloomen\" park in the immediate vicinity of the CCH (duration approx. 120 minutes).\r\n\r\nNo previous experience is necessary; the necessary equipment is provided. Those interested in radio are also explicitly invited and can practice practical radio operations with our training call sign.\r\n\r\nWeatherproof clothing is absolutely necessary for radio operations in the park, as we will definitely be going out (exception: freezing rain or thunderstorms).\r\n\r\nThe event takes place on all four days.\n\n\nEinführung in Parks On The Air (POTA) mit DC1TC und DK4HAA","title":"POTA – Parks on the Air [Day 4]","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703946600,"nanoseconds":0},"android_description":"At the Chaoswelle assembly we will give a short introduction to the amateur radio activity program \"Parks On The Air\" (POTA for short) and portable operation (duration approx. 30 minutes). Afterwards, we will start a joint park activation with you on shortwave in the \"Planten un Bloomen\" park in the immediate vicinity of the CCH (duration approx. 120 minutes).\r\n\r\nNo previous experience is necessary; the necessary equipment is provided. Those interested in radio are also explicitly invited and can practice practical radio operations with our training call sign.\r\n\r\nWeatherproof clothing is absolutely necessary for radio operations in the park, as we will definitely be going out (exception: freezing rain or thunderstorms).\r\n\r\nThe event takes place on all four days.\n\n\nEinführung in Parks On The Air (POTA) mit DC1TC und DK4HAA","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T14:30:00.000-0000","id":53549,"begin_timestamp":{"seconds":1703937600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chaoswelle","hotel":"","short_name":"Chaoswelle","id":46141},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T12:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The weight of past failures can be heavy, but together, we will try to lift it. Dive deep into a nurturing environment where we will destigmatize and transform feelings of defeat to feelings of connection and empathy. This workshop invites you to share, reflect, be empowered and grow from the misses. After all, a refined code emerges from embracing its raw iterations.\n\n\n","title":"Celebrating Failures Workshop","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703944800,"nanoseconds":0},"android_description":"The weight of past failures can be heavy, but together, we will try to lift it. Dive deep into a nurturing environment where we will destigmatize and transform feelings of defeat to feelings of connection and empathy. This workshop invites you to share, reflect, be empowered and grow from the misses. After all, a refined code emerges from embracing its raw iterations.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T14:00:00.000-0000","id":53543,"village_id":null,"begin_timestamp":{"seconds":1703937600,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T12:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Trading domain names for money has historically involved counterparty risk and middlemen. Namecoin changes that with *atomic name trades*.\r\n\r\nThis talk will cover how atomic name trades work in Namecoin, and how we achieved functionality such as non-interactivity, off-chain transactions, and auctions -- all without counterparty risk or trusted third-party intermediaries.\n\n\n","title":"Buying and Selling Domain Names in Namecoin","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703940000,"nanoseconds":0},"android_description":"Trading domain names for money has historically involved counterparty risk and middlemen. Namecoin changes that with *atomic name trades*.\r\n\r\nThis talk will cover how atomic name trades work in Namecoin, and how we achieved functionality such as non-interactivity, off-chain transactions, and auctions -- all without counterparty risk or trusted third-party intermediaries.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T12:40:00.000-0000","id":53540,"begin_timestamp":{"seconds":1703937600,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","begin":"2023-12-30T12:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This talk proposes to look at the russian \"sovereign internet\" project from a decolonialist point of view. This interdisciplinary research is based on almost 6 years of fieldwork, combining network measurements, open data from IODA, OONI, Censored Planet, as well as OSINT investigations, analysis of legal texts, in-depth interviews and web-ethnography. \r\n\r\nTo understand the decolonialist discourses and movements, we have also analyzed Telegram as an environment where these discourses are being multiplied since the beginning of the full-scale invasion of Ukraine. With colleagues from Raspad.Network we scraped and analyzed a corpus of Telegram channels dedicated to regionalist, indigenous, local agenda and visualized connections and disparities between different indigenous and regionalist movements. We tried to distinguish between grassroots groups and curated organizations tied to larger orchestrated disinformation campaigns. In our talk we will showcase some of the highlights from this study and share some visualizations based on graph analysis that will help the audience to learn more about the multitude of decolonialist movements within Russia.\r\n\r\nThe talk proposes to consider inequalities of access to information and connectivity across different territories of the so-called Russian Federation. Looking at past events of local/regional internet shutdowns — starting from informational annexation of Crimea in 2014, followed by the remarkable shutdowns in 2018 in Ingushetia, as well as more recent events in Dagestan and other less \"mediatized\" shutdown or throttling cases, we argue that the so-called Runet is not a homogeneous space, but actually a multitude of different \"lived experiences\". \r\n\r\nIt is well-known in the space of internet science that Russia has a diverse ISP space and counts more than 3500 Internet Service Providers. However, it is much less noticed that these ISPs are not equally distributed across the territory, and not without consequence. We argue that the so-called \"Tcheburnet\" (a commonly used term for \"Russian autonomous and sovereign Internet\" project) is in fact a heterogeneous construct. There is no \"Cheburnet\", but there are \"Cheburnets\". \r\n\r\nThe experiences of Runet largely depend on the regions where users live, as well as on their ethnicity, their political views and online cultures. We argue that a region's resilience to shutdowns (but also to mainstream propaganda) correlates with the amount of Autonomous System Numbers and the diversity of the ISP market (and disparities in distribution of those are also historically grounded in the \"soviet project\").\r\n\r\nWe propose to analyze information control and censorship in terms of \"experience\", as it impacts interactions between humans, affects their lives on a daily basis and therefore shapes the worlds they live in. Our talk is using a rich ethnographic material to show how people describe problems they encounter with connectivity (especially since Russia has started its war on VPNs). We invite VPN providers and circumvention tool developers to embrace users' perceptions and feelings about what means \"working\" and what means \"not working\". \r\n\r\nWhile in the network measurement space it is common to either rely on remote measurements, or on probes run by volunteers inside their networks, there is also a qualitative part that should be taken into account to provide a more human-centric, more realistic analysis of what users on the ground experience while interacting with their devices. \r\n\r\nThis talk is also a call against resignation, a call for hackers, VPN providers, circumvention tech developers and Internet freedom activists to actively support indigenous struggles inside \"russia\" and take into consideration multitudes of experiences within the so-called umbrella \"runet\". \n\n\nThis talk proposes to look at the russian \"sovereign internet\" project from a decolonialist point of view. First, it provides an analysis of a corpus of Telegram channels of indigenous, decolonialist and regionalist movements to map the growing space of \"post-Russian\" discourses. Secondly, it suggests to consider inequalities of access to information and connectivity across different territories of the so-called Russian Federation. Looking at past events of local/regional internet shutdowns. It describes the so-called Runet not as a homogeneous space, but actually a multitude of different \"lived experiences\". It proposes a framework to analyze regional shutdown-resilience and understand how Russia has been tightening its control on specific regions.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Decolonize runet! Decolonize network measurements! A provocative take on the Russian sovereign internet project ","end_timestamp":{"seconds":1703939700,"nanoseconds":0},"android_description":"This talk proposes to look at the russian \"sovereign internet\" project from a decolonialist point of view. This interdisciplinary research is based on almost 6 years of fieldwork, combining network measurements, open data from IODA, OONI, Censored Planet, as well as OSINT investigations, analysis of legal texts, in-depth interviews and web-ethnography. \r\n\r\nTo understand the decolonialist discourses and movements, we have also analyzed Telegram as an environment where these discourses are being multiplied since the beginning of the full-scale invasion of Ukraine. With colleagues from Raspad.Network we scraped and analyzed a corpus of Telegram channels dedicated to regionalist, indigenous, local agenda and visualized connections and disparities between different indigenous and regionalist movements. We tried to distinguish between grassroots groups and curated organizations tied to larger orchestrated disinformation campaigns. In our talk we will showcase some of the highlights from this study and share some visualizations based on graph analysis that will help the audience to learn more about the multitude of decolonialist movements within Russia.\r\n\r\nThe talk proposes to consider inequalities of access to information and connectivity across different territories of the so-called Russian Federation. Looking at past events of local/regional internet shutdowns — starting from informational annexation of Crimea in 2014, followed by the remarkable shutdowns in 2018 in Ingushetia, as well as more recent events in Dagestan and other less \"mediatized\" shutdown or throttling cases, we argue that the so-called Runet is not a homogeneous space, but actually a multitude of different \"lived experiences\". \r\n\r\nIt is well-known in the space of internet science that Russia has a diverse ISP space and counts more than 3500 Internet Service Providers. However, it is much less noticed that these ISPs are not equally distributed across the territory, and not without consequence. We argue that the so-called \"Tcheburnet\" (a commonly used term for \"Russian autonomous and sovereign Internet\" project) is in fact a heterogeneous construct. There is no \"Cheburnet\", but there are \"Cheburnets\". \r\n\r\nThe experiences of Runet largely depend on the regions where users live, as well as on their ethnicity, their political views and online cultures. We argue that a region's resilience to shutdowns (but also to mainstream propaganda) correlates with the amount of Autonomous System Numbers and the diversity of the ISP market (and disparities in distribution of those are also historically grounded in the \"soviet project\").\r\n\r\nWe propose to analyze information control and censorship in terms of \"experience\", as it impacts interactions between humans, affects their lives on a daily basis and therefore shapes the worlds they live in. Our talk is using a rich ethnographic material to show how people describe problems they encounter with connectivity (especially since Russia has started its war on VPNs). We invite VPN providers and circumvention tool developers to embrace users' perceptions and feelings about what means \"working\" and what means \"not working\". \r\n\r\nWhile in the network measurement space it is common to either rely on remote measurements, or on probes run by volunteers inside their networks, there is also a qualitative part that should be taken into account to provide a more human-centric, more realistic analysis of what users on the ground experience while interacting with their devices. \r\n\r\nThis talk is also a call against resignation, a call for hackers, VPN providers, circumvention tech developers and Internet freedom activists to actively support indigenous struggles inside \"russia\" and take into consideration multitudes of experiences within the so-called umbrella \"runet\". \n\n\nThis talk proposes to look at the russian \"sovereign internet\" project from a decolonialist point of view. First, it provides an analysis of a corpus of Telegram channels of indigenous, decolonialist and regionalist movements to map the growing space of \"post-Russian\" discourses. Secondly, it suggests to consider inequalities of access to information and connectivity across different territories of the so-called Russian Federation. Looking at past events of local/regional internet shutdowns. It describes the so-called Runet not as a homogeneous space, but actually a multitude of different \"lived experiences\". It proposes a framework to analyze regional shutdown-resilience and understand how Russia has been tightening its control on specific regions.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[{"label":"Analysis of decolonialist movements on Telegram","type":"link","url":"https://raspad.network"}],"end":"2023-12-30T12:35:00.000-0000","id":53835,"tag_ids":[46121,46136,46140],"begin_timestamp":{"seconds":1703937300,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T11:55:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Mit der raschen Entwicklung und Verbreitung von Roboterwaffen fangen Maschinen an, den Platz des Menschen auf dem Schlachtfeld einzunehmen. Einige Expertinnen aus Militär und Robotik schätzen, dass „Killerroboter\" – vollständig autonome Waffen, die ganz ohne menschliches Eingreifen Ziele selektieren und angreifen können – innerhalb von 10 bis 15 Jahren entwickelt werden könnten. Aktuelle Beurteilungen des Militärs sagen aus, dass der Mensch immer eine gewisse Aufsicht über die Entscheidungen hat, tödliche Gewalt anzuwenden, jedoch lassen diese Aussagen oft die Möglichkeit offen, dass autonome Systeme eines Tages selbst die Fähigkeit haben, solche Entscheidungen aus eigener Kraft zu treffen, und somit der Mensch aus dem Entscheidungsprozess herausgenommen wird.\r\n\r\nIn diesem Zusammenhang ist es wahrscheinlich, dass autonome Systeme in naher Zukunft auch in Drohnen und Systemen zum Einsatz kommen, die auf hoher See, an Land und im Weltall autonom operieren können. Und während die Drohnentechnologie als solche keine völkerrechtlichen Probleme bereitet, ist es im Falle von autonomen Waffensystemen, bei denen Entscheidungen über Leben und Tod an Maschinen delegiert werden sollen, die Technik selbst, die grundlegende ethische und (völker-)rechtliche Fragen aufwirft.\r\n\r\nDie Kriegssituation ist eine Welt der Algorithmen. Die Kunst ist der Anwalt der Gegen Algorithmen.\r\n\r\nDurch die Entwicklunge in diesem Bereich haben sich durch eine vielzahl an Ereignissen Akteure in Stellung gebracht und versuchen unter anderem mit Hilfe der Kunstfreiheit ihre Technologien in Europa zu verbreiten. Der Vortrag möchte aufzeigen, welche Künstlerischen Möglichkeiten es gegen den \"Krieg der Algorithmen\" gibt und die Frage aufwerfen, welche Verantwortung wir als Künstler\\*innen bei der Nutzung von Technologie haben. Wir müssen stärker den je unser Werkzeug und die Partner hinterfragen, denen wir helfen könnten, ihre Technologien voranzutreiben.\n\n\nDie rapide Entwicklung autonomer Waffensysteme wirft drängende ethische und rechtliche Fragen auf. Ihre Anwendung hat kann weitreichende Auswirkungen auf militärische und zivile Bereiche haben. Der Vortrag beleuchtet die Technologien hinter dieser tödlichen Autonomie und veranschaulicht, wie die Kunstfreiheit von der Industrie angeignet wird, um Überwachungs und Militärtechnologie voranzutreiben. Welche Verwantwortung haben wir als Künstler\\*innen, wenn wir digitale Werkzeuge verwenden ? Müssen wir stärker denn je unser Werkzeug und die Partner hinterfragen, denen wir helfen könnten, ihre tötlichen Technologien voranzutreiben ?","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"Zapfenstreich","android_description":"Mit der raschen Entwicklung und Verbreitung von Roboterwaffen fangen Maschinen an, den Platz des Menschen auf dem Schlachtfeld einzunehmen. Einige Expertinnen aus Militär und Robotik schätzen, dass „Killerroboter\" – vollständig autonome Waffen, die ganz ohne menschliches Eingreifen Ziele selektieren und angreifen können – innerhalb von 10 bis 15 Jahren entwickelt werden könnten. Aktuelle Beurteilungen des Militärs sagen aus, dass der Mensch immer eine gewisse Aufsicht über die Entscheidungen hat, tödliche Gewalt anzuwenden, jedoch lassen diese Aussagen oft die Möglichkeit offen, dass autonome Systeme eines Tages selbst die Fähigkeit haben, solche Entscheidungen aus eigener Kraft zu treffen, und somit der Mensch aus dem Entscheidungsprozess herausgenommen wird.\r\n\r\nIn diesem Zusammenhang ist es wahrscheinlich, dass autonome Systeme in naher Zukunft auch in Drohnen und Systemen zum Einsatz kommen, die auf hoher See, an Land und im Weltall autonom operieren können. Und während die Drohnentechnologie als solche keine völkerrechtlichen Probleme bereitet, ist es im Falle von autonomen Waffensystemen, bei denen Entscheidungen über Leben und Tod an Maschinen delegiert werden sollen, die Technik selbst, die grundlegende ethische und (völker-)rechtliche Fragen aufwirft.\r\n\r\nDie Kriegssituation ist eine Welt der Algorithmen. Die Kunst ist der Anwalt der Gegen Algorithmen.\r\n\r\nDurch die Entwicklunge in diesem Bereich haben sich durch eine vielzahl an Ereignissen Akteure in Stellung gebracht und versuchen unter anderem mit Hilfe der Kunstfreiheit ihre Technologien in Europa zu verbreiten. Der Vortrag möchte aufzeigen, welche Künstlerischen Möglichkeiten es gegen den \"Krieg der Algorithmen\" gibt und die Frage aufwerfen, welche Verantwortung wir als Künstler\\*innen bei der Nutzung von Technologie haben. Wir müssen stärker den je unser Werkzeug und die Partner hinterfragen, denen wir helfen könnten, ihre Technologien voranzutreiben.\n\n\nDie rapide Entwicklung autonomer Waffensysteme wirft drängende ethische und rechtliche Fragen auf. Ihre Anwendung hat kann weitreichende Auswirkungen auf militärische und zivile Bereiche haben. Der Vortrag beleuchtet die Technologien hinter dieser tödlichen Autonomie und veranschaulicht, wie die Kunstfreiheit von der Industrie angeignet wird, um Überwachungs und Militärtechnologie voranzutreiben. Welche Verwantwortung haben wir als Künstler\\*innen, wenn wir digitale Werkzeuge verwenden ? Müssen wir stärker denn je unser Werkzeug und die Partner hinterfragen, denen wir helfen könnten, ihre tötlichen Technologien voranzutreiben ?","end_timestamp":{"seconds":1703939700,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[{"content_ids":[53497],"conference_id":131,"event_ids":[53828],"name":"Simon Weckert","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52380}],"timeband_id":1143,"links":[{"label":"Zapfenstreich (Human-out-of-the-loop)","type":"link","url":"https://simonweckert.com/zapfenstreich.html"},{"label":"Stop Killer Robots","type":"link","url":"https://www.stopkillerrobots.org"}],"end":"2023-12-30T12:35:00.000-0000","id":53828,"tag_ids":[46118,46136,46139],"begin_timestamp":{"seconds":1703937300,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52380}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T11:55:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Rotary-dial analogue phones were once a necessity, but now they lay dormant on shelves or tucked away in attics. This is largely due to the replacement of traditional landlines with fibre-optic modems, rendering analogue phones obsolete.\r\nIn addition to their sentimental value, rotary dial phones provide several advantages, including reduced electrosmog emissions, protection against eavesdropping, repurposing outdated technology, and promoting a slower pace of life.\r\nThe contribution explains how to build a private telephone exchange for eight people using rotary dial phones. The exchange is powered by a Raspberry Pi and custom analogue electronics. The following themes are covered:\r\n- The construction of a PBX which resembles telephone exchanges in various countries worldwide, giving users a realistic experience.\r\n- Handling of call initiation, routing, full duplex voice transmission and human-machine communication.\r\n- The software implementation on the Raspberry Pi running Linux. \r\n- A study of enhancing the open-source software with additional functionalities.\r\n\r\nDue to the readily available Raspberry Pi hardware and software programmability, this project invites everyone to participate.\r\n\r\n\n\n\nAn open source project involving an automated telephone exchange powered by Raspberry Pi, utilizing old rotary phones. The system imitates exchange setups from different countries across the globe, allowing users to feel the genuine experience.","title":"Analog rotary phones get a second life with raspberry pi","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"android_description":"Rotary-dial analogue phones were once a necessity, but now they lay dormant on shelves or tucked away in attics. This is largely due to the replacement of traditional landlines with fibre-optic modems, rendering analogue phones obsolete.\r\nIn addition to their sentimental value, rotary dial phones provide several advantages, including reduced electrosmog emissions, protection against eavesdropping, repurposing outdated technology, and promoting a slower pace of life.\r\nThe contribution explains how to build a private telephone exchange for eight people using rotary dial phones. The exchange is powered by a Raspberry Pi and custom analogue electronics. The following themes are covered:\r\n- The construction of a PBX which resembles telephone exchanges in various countries worldwide, giving users a realistic experience.\r\n- Handling of call initiation, routing, full duplex voice transmission and human-machine communication.\r\n- The software implementation on the Raspberry Pi running Linux. \r\n- A study of enhancing the open-source software with additional functionalities.\r\n\r\nDue to the readily available Raspberry Pi hardware and software programmability, this project invites everyone to participate.\r\n\r\n\n\n\nAn open source project involving an automated telephone exchange powered by Raspberry Pi, utilizing old rotary phones. The system imitates exchange setups from different countries across the globe, allowing users to feel the genuine experience.","end_timestamp":{"seconds":1703939700,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53488],"conference_id":131,"event_ids":[53821],"name":"Hans Gelke","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52256}],"timeband_id":1143,"end":"2023-12-30T12:35:00.000-0000","links":[{"label":"Github Account for Software","type":"link","url":"https://github.com/hansgelke/retro_v3"}],"id":53821,"village_id":null,"tag_ids":[46122,46136,46140],"begin_timestamp":{"seconds":1703937300,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52256}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-30T11:55:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Hosts: Cent and Nimbus\n\n\nA discussion and knowledge sharing meetup to exchange experiences with, and reflections on the sustainability of, collective forms of decision-making in online communities. The meetup will progressively extend the notion of sustainability to explore, for example, ways that the sustainability of collective decision-making experiences and processes might change when navigating systems that either introduce or foreground non- and more-than-human agents and representational practices.","title":"Governance meetup: decision-making experiences and sustainability in online communities","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703940300,"nanoseconds":0},"android_description":"Hosts: Cent and Nimbus\n\n\nA discussion and knowledge sharing meetup to exchange experiences with, and reflections on the sustainability of, collective forms of decision-making in online communities. The meetup will progressively extend the notion of sustainability to explore, for example, ways that the sustainability of collective decision-making experiences and processes might change when navigating systems that either introduce or foreground non- and more-than-human agents and representational practices.","updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T12:45:00.000-0000","id":54008,"begin_timestamp":{"seconds":1703936700,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"updated":"2023-12-30T01:42:00.000-0000","begin":"2023-12-30T11:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Vergesst DVD, vergesst streaming. In der heutigen Folge des Failpodcast reden wir über Bildschallplatten und andere Hypegegenstände die spektakulär gefailt sind. \r\nBeim Och Menno Podcast geht es normalerweise über Sachen die irgendwie schief gehen. Diesmal halt in der Unterhaltungsindustrie.\r\n\r\nEs wird sich um eine Aufzeichnung handeln.\n\n\nHype war ja schon immer ein Keyfeature vieler Produkte. Auf dieser kleinen Reise reden wir passend zu einem Streamingevent über Videoschallplatten, VMD, DVD Plus oder Minus, Flexplay, Laserdisc, DIVX und vielleicht auch über ein paar Kickstarter. Es soll eine unterhaltsame Rundreise über Produkte die heute in unseren Wohznzimmern stehen könnten, es aber deutlich nicht tun. Welche Fails und Fehlentscheidungen haben dazu geführt ?","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#6fdce3","name":"Talk 30 min + 10 min Q&A","id":46131},"title":"Och Menno-Fails bei Unterhaltungsprodukten","android_description":"Vergesst DVD, vergesst streaming. In der heutigen Folge des Failpodcast reden wir über Bildschallplatten und andere Hypegegenstände die spektakulär gefailt sind. \r\nBeim Och Menno Podcast geht es normalerweise über Sachen die irgendwie schief gehen. Diesmal halt in der Unterhaltungsindustrie.\r\n\r\nEs wird sich um eine Aufzeichnung handeln.\n\n\nHype war ja schon immer ein Keyfeature vieler Produkte. Auf dieser kleinen Reise reden wir passend zu einem Streamingevent über Videoschallplatten, VMD, DVD Plus oder Minus, Flexplay, Laserdisc, DIVX und vielleicht auch über ein paar Kickstarter. Es soll eine unterhaltsame Rundreise über Produkte die heute in unseren Wohznzimmern stehen könnten, es aber deutlich nicht tun. Welche Fails und Fehlentscheidungen haben dazu geführt ?","end_timestamp":{"seconds":1703938200,"nanoseconds":0},"updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[{"content_ids":[53687,53100,53150,53375],"conference_id":131,"event_ids":[53572,53522,53723,54019],"name":"Sven Uckermann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52388}],"timeband_id":1143,"links":[],"end":"2023-12-30T12:10:00.000-0000","id":54019,"village_id":null,"begin_timestamp":{"seconds":1703935800,"nanoseconds":0},"tag_ids":[46131,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52388}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"updated":"2023-12-29T15:25:00.000-0000","begin":"2023-12-30T11:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Chill meet-up for anarchist exchange about our experiences of the 37c3 and future anarchist brainstorming.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Anarchist meetup","android_description":"Chill meet-up for anarchist exchange about our experiences of the 37c3 and future anarchist brainstorming.","end_timestamp":{"seconds":1703937600,"nanoseconds":0},"updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T12:00:00.000-0000","id":54018,"village_id":null,"begin_timestamp":{"seconds":1703935800,"nanoseconds":0},"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Freie Arbeiter*innen Union (FAU)","hotel":"","short_name":"Freie Arbeiter*innen Union (FAU)","id":46146},"spans_timebands":"N","begin":"2023-12-30T11:30:00.000-0000","updated":"2023-12-29T15:25:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The talk will start with a description of what hardware is typically found in a smartphone and its freedom implications.\r\n\r\nOnce this is done we will look at several smartphones models (PinePhone, PinePhone PRO, Librem 5, regular LineageOS and/or Fairphone 1/2/3/4/5) and compare the implications of the hardware design and component choices both for freedom usability (for instance does suspend-to-ram currently work), and other factors affecting the ability to use the device.\r\n\r\nWe will then look at Android and GNU/Linux operating systems / distributions, and the application ecosystems around them (F-Droid, Android SDK, type of applications available, compatibility layers like Waydroid) for these smartphones, with a focus on fundamental differences that impact end users freedom and usability.\n\n\n","title":"Smartphones freedom status in 2023","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703937600,"nanoseconds":0},"android_description":"The talk will start with a description of what hardware is typically found in a smartphone and its freedom implications.\r\n\r\nOnce this is done we will look at several smartphones models (PinePhone, PinePhone PRO, Librem 5, regular LineageOS and/or Fairphone 1/2/3/4/5) and compare the implications of the hardware design and component choices both for freedom usability (for instance does suspend-to-ram currently work), and other factors affecting the ability to use the device.\r\n\r\nWe will then look at Android and GNU/Linux operating systems / distributions, and the application ecosystems around them (F-Droid, Android SDK, type of applications available, compatibility layers like Waydroid) for these smartphones, with a focus on fundamental differences that impact end users freedom and usability.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T12:00:00.000-0000","id":53984,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703935800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T11:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"I want to create a space for those who like to explore movement together with other bodies.\r\n\r\nIn the field between the dance and movement form \"[↗ Contact Improvisation](https://events.ccc.de/congress/2023/hub/dereferrer/https%3A//en.wikipedia.org/wiki/Contact_improvisation)\", massage/bodywork and attentive playfight it is a space of couriosity, kinesthetic stimulus, play with momentum, inertia, weight and (dis)balance, sensation, slowness, speed, suddenness, somatic communication, ... -- where you can decide which qualities you like.\r\n\r\nI like to begin with a small check-in and starting with couriosity-driven \"bodywork\" (= a bit like massage, but more to get to know how the body mechanically functions and can move). From this I like it to develop into a space of free exploration and jamming. Maybe a [↗ round robin](https://en.wikipedia.org/wiki/Contact_improvisation#Round_robin) will be included.\r\n\r\nIt can be in solo, duo, or a group, and change dynamically.\r\n\r\n---\r\n\r\nEarly drop out possible. \r\nLater drop-in possible if you are confident with the practise.\r\n\r\n---\r\n\r\nPlease bring if you have clothing that does not obstruct your movement (sports pants are fine, pyjamas too. If you don't have, your normal throusers also work.) Lay down any earrings, uncovered larger piercings, or other things that might entangle in other persons hair or so (you can do it just at the spot). \r\nWe put off our shoes, too.\r\n\r\n---\r\n\r\n**A bit more about \"[Contact Improvisation](https://events.ccc.de/congress/2023/hub/dereferrer/https%3A//en.wikipedia.org/wiki/Contact_improvisation)\":**\r\n\r\nEssentially, it is a form of movement which strongly uses the kinesthetic sense, where people (mostly: 2, but can range from solo to many) usually communicate by body contact and it can range from slow to fast; from acrobatic to floor level; from deeply sensing to theatralic ...\r\n\r\nIt can be driven by exploring which movements are possible together which are not possible alone. It can enhance your own understanding of your centre of mass, of dealing with momentum and inertia, of catching yourself, of balancing together. It can nourish the need to somatic communication.\r\n\r\nExperiment with the physicality that arises by moving in mutual physical contact. Momemtum, inertia, (dis)balance. Flying, falling, rolling. Slow, fast, sensual, acrobatic, performative. Kinesthetic sense. Solo, duo, group.\r\n\r\nI titled this session \"Somatic explorations in contact\" because I also want to invite the playfulness of physical manipulations, different activity roles, etc., which usually are found more in the playfight or the massage fields.\r\n\r\n---\r\n\r\nI will not give a complete workshop. So it is for people who feel confident navigating such spaces. If you are courios, feel free to come, you can always go to the side!\r\n\r\nThis is _not_ an erotic space. Please do not come with the desires for erotics or to find sex partners. Also, we all stays clothed.\r\n\r\n**Content Warning:** For those participating, spontaneous body contact is about to happen.\r\n\r\nThe room is big and at this time usually is quiet, but still open to the 37C3-public. So participants should be fine that there is no complete seclusion.\r\n\r\n*🧮* \r\n*offered by: [@dreieck](https://events.ccc.de/congress/2023/hub/user/dreieck/)*\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Somatic explorations in contact, Contact Improvisation: Couriosity-driven and explorations in the field of Contact Improvisation with influxes from massage/bodywork and playfight. and","end_timestamp":{"seconds":1703941200,"nanoseconds":0},"android_description":"I want to create a space for those who like to explore movement together with other bodies.\r\n\r\nIn the field between the dance and movement form \"[↗ Contact Improvisation](https://events.ccc.de/congress/2023/hub/dereferrer/https%3A//en.wikipedia.org/wiki/Contact_improvisation)\", massage/bodywork and attentive playfight it is a space of couriosity, kinesthetic stimulus, play with momentum, inertia, weight and (dis)balance, sensation, slowness, speed, suddenness, somatic communication, ... -- where you can decide which qualities you like.\r\n\r\nI like to begin with a small check-in and starting with couriosity-driven \"bodywork\" (= a bit like massage, but more to get to know how the body mechanically functions and can move). From this I like it to develop into a space of free exploration and jamming. Maybe a [↗ round robin](https://en.wikipedia.org/wiki/Contact_improvisation#Round_robin) will be included.\r\n\r\nIt can be in solo, duo, or a group, and change dynamically.\r\n\r\n---\r\n\r\nEarly drop out possible. \r\nLater drop-in possible if you are confident with the practise.\r\n\r\n---\r\n\r\nPlease bring if you have clothing that does not obstruct your movement (sports pants are fine, pyjamas too. If you don't have, your normal throusers also work.) Lay down any earrings, uncovered larger piercings, or other things that might entangle in other persons hair or so (you can do it just at the spot). \r\nWe put off our shoes, too.\r\n\r\n---\r\n\r\n**A bit more about \"[Contact Improvisation](https://events.ccc.de/congress/2023/hub/dereferrer/https%3A//en.wikipedia.org/wiki/Contact_improvisation)\":**\r\n\r\nEssentially, it is a form of movement which strongly uses the kinesthetic sense, where people (mostly: 2, but can range from solo to many) usually communicate by body contact and it can range from slow to fast; from acrobatic to floor level; from deeply sensing to theatralic ...\r\n\r\nIt can be driven by exploring which movements are possible together which are not possible alone. It can enhance your own understanding of your centre of mass, of dealing with momentum and inertia, of catching yourself, of balancing together. It can nourish the need to somatic communication.\r\n\r\nExperiment with the physicality that arises by moving in mutual physical contact. Momemtum, inertia, (dis)balance. Flying, falling, rolling. Slow, fast, sensual, acrobatic, performative. Kinesthetic sense. Solo, duo, group.\r\n\r\nI titled this session \"Somatic explorations in contact\" because I also want to invite the playfulness of physical manipulations, different activity roles, etc., which usually are found more in the playfight or the massage fields.\r\n\r\n---\r\n\r\nI will not give a complete workshop. So it is for people who feel confident navigating such spaces. If you are courios, feel free to come, you can always go to the side!\r\n\r\nThis is _not_ an erotic space. Please do not come with the desires for erotics or to find sex partners. Also, we all stays clothed.\r\n\r\n**Content Warning:** For those participating, spontaneous body contact is about to happen.\r\n\r\nThe room is big and at this time usually is quiet, but still open to the 37C3-public. So participants should be fine that there is no complete seclusion.\r\n\r\n*🧮* \r\n*offered by: [@dreieck](https://events.ccc.de/congress/2023/hub/user/dreieck/)*","updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T13:00:00.000-0000","id":53970,"begin_timestamp":{"seconds":1703935800,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Hall 4 (\"Main Lounge\")","hotel":"","short_name":"Hall 4 (\"Main Lounge\")","id":46169},"updated":"2023-12-30T01:42:00.000-0000","begin":"2023-12-30T11:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We talk a lot about surveilence, censorship, privacy, etc, but what about in more extreme authoritarian regions where the regimes cut off the internet to stop citizens from spreading information and communicating? In 2022 alone, the #KeepItOn campaign recorded 187 internet shutdowns in 35 countries. How can activists spread information and action plan during uprisings? How can journalists report and publish without the internet? How can the opposition fight against propaganda during the election?\r\n\r\nIn different field including academic research, hactivism, tools for freedom, internet shutdown seems to be getting less attention than other topics. Let's brainstorm for those who are struggling in authoritarian regimes. \r\n\r\nLet's have a tea and share our thoughts, experience, knowledge, or anything about Internet Shutdown Circumvention. \r\n\r\nWhere to find us: I'm a female with partically orange hair. If you can't make it to the event, but still want to connect, ping me on Matrix! @mooncakebaby:matrix.org\n\n\nLet's talk anything about Internet Shutdown - impacts, experiences, repressions tactics, circumvention, latest news, and more..","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Internet Shutdown Circumvention: Experience and Brainstorm","end_timestamp":{"seconds":1703937600,"nanoseconds":0},"android_description":"We talk a lot about surveilence, censorship, privacy, etc, but what about in more extreme authoritarian regions where the regimes cut off the internet to stop citizens from spreading information and communicating? In 2022 alone, the #KeepItOn campaign recorded 187 internet shutdowns in 35 countries. How can activists spread information and action plan during uprisings? How can journalists report and publish without the internet? How can the opposition fight against propaganda during the election?\r\n\r\nIn different field including academic research, hactivism, tools for freedom, internet shutdown seems to be getting less attention than other topics. Let's brainstorm for those who are struggling in authoritarian regimes. \r\n\r\nLet's have a tea and share our thoughts, experience, knowledge, or anything about Internet Shutdown Circumvention. \r\n\r\nWhere to find us: I'm a female with partically orange hair. If you can't make it to the event, but still want to connect, ping me on Matrix! @mooncakebaby:matrix.org\n\n\nLet's talk anything about Internet Shutdown - impacts, experiences, repressions tactics, circumvention, latest news, and more..","updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T12:00:00.000-0000","id":54028,"begin_timestamp":{"seconds":1703934000,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"House","hotel":"","short_name":"House","id":46137},"updated":"2023-12-30T01:42:00.000-0000","begin":"2023-12-30T11:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"...den es noch nicht gibt, aber vielleicht ja bald;)\r\n\r\nEine rein pflanzliche Ernährung ist bekanntlich nicht nur gut für die Tiere, sondern auch für die Umwelt, (potenziell) die Gesundheit, andere Menschen (ressourcenschonend) usw. \r\n\r\nJede:r vegan Lebende weiß jedoch, wie schwer es sein kann Gleichgesinnte zu finden und sich mit diesen zu vernetzten. \r\nViele von euch kommen zum Congress und freuen sich darüber endlich normale Menschen um sich zu haben.\r\nWir fänden es schön diejenigen aus dem Schnitt beider Gruppen zusammenzubringen. \r\nWarum? Das können wir dann diskutieren. \r\n\r\nIdeen wären:\r\nAustausch, Unterstützung, Planung von Talks/Workshops/Shows/Essen/... für die kommenden *c3 (vllt. ein gemeinsames Assembly?), gemeinsame Aktionen/(Tierrechts-)Aktivismus, (digitale) Unterstützung veganer Projekte (bspw. Lebenshöfe), „Bodyhacking“-Ernährungsplatform uvm.\r\n\r\nDies ist somit kein Talk, sondern ein Gruppentreffen und jede:r Interessierte ist herzlich willkommen!\r\n\r\nLink zur Matrix-Gruppe:\r\nhttps://matrix.to/#/!YYZxmyPKqKSwnYTzXk:matrix.cyber4edu.org?via=matrix.cyber4edu.org\n\n\n","title":"Spontanes 0. Treffen des Vegan Chaos Club, …","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703935800,"nanoseconds":0},"android_description":"...den es noch nicht gibt, aber vielleicht ja bald;)\r\n\r\nEine rein pflanzliche Ernährung ist bekanntlich nicht nur gut für die Tiere, sondern auch für die Umwelt, (potenziell) die Gesundheit, andere Menschen (ressourcenschonend) usw. \r\n\r\nJede:r vegan Lebende weiß jedoch, wie schwer es sein kann Gleichgesinnte zu finden und sich mit diesen zu vernetzten. \r\nViele von euch kommen zum Congress und freuen sich darüber endlich normale Menschen um sich zu haben.\r\nWir fänden es schön diejenigen aus dem Schnitt beider Gruppen zusammenzubringen. \r\nWarum? Das können wir dann diskutieren. \r\n\r\nIdeen wären:\r\nAustausch, Unterstützung, Planung von Talks/Workshops/Shows/Essen/... für die kommenden *c3 (vllt. ein gemeinsames Assembly?), gemeinsame Aktionen/(Tierrechts-)Aktivismus, (digitale) Unterstützung veganer Projekte (bspw. Lebenshöfe), „Bodyhacking“-Ernährungsplatform uvm.\r\n\r\nDies ist somit kein Talk, sondern ein Gruppentreffen und jede:r Interessierte ist herzlich willkommen!\r\n\r\nLink zur Matrix-Gruppe:\r\nhttps://matrix.to/#/!YYZxmyPKqKSwnYTzXk:matrix.cyber4edu.org?via=matrix.cyber4edu.org","updated_timestamp":{"seconds":1703954760,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T11:30:00.000-0000","id":54014,"village_id":null,"begin_timestamp":{"seconds":1703934000,"nanoseconds":0},"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","updated":"2023-12-30T16:46:00.000-0000","begin":"2023-12-30T11:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Es geht um große Dinge: Dyson Sphären und Imperien mit unzähligen Planeten. Wer ist mächtiger? die Föderation der Planeten, das Imperium von Trantor oder ein einzelnes voll ausgebautes Sonnensystem? \r\n\r\nAnfangs gibt es Raumstationen wie die ISS, dann rotierende Raumkolonien, irgendwann einen Ring um die Erde. Und eine Ringwelt um die Sonne ist erst der Anfang, wenn man eine Dyson Sphäre bauen will. Der mögliche Weg von rotierenden Zylindern zur Kardashev 2 Zivilisation. \r\n\r\nSpoiler: Dyson Sphären werden unterschätzt und eigentlich können wir mit heutiger Technologie schon einen Dyson Schwarm bauen. Es ist nur verdammt viel Arbeit für die Bots.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Megastrukturen und Galaktische Imperien (Wie man eine Dyson Sphäre baut)","end_timestamp":{"seconds":1703937000,"nanoseconds":0},"android_description":"Es geht um große Dinge: Dyson Sphären und Imperien mit unzähligen Planeten. Wer ist mächtiger? die Föderation der Planeten, das Imperium von Trantor oder ein einzelnes voll ausgebautes Sonnensystem? \r\n\r\nAnfangs gibt es Raumstationen wie die ISS, dann rotierende Raumkolonien, irgendwann einen Ring um die Erde. Und eine Ringwelt um die Sonne ist erst der Anfang, wenn man eine Dyson Sphäre bauen will. Der mögliche Weg von rotierenden Zylindern zur Kardashev 2 Zivilisation. \r\n\r\nSpoiler: Dyson Sphären werden unterschätzt und eigentlich können wir mit heutiger Technologie schon einen Dyson Schwarm bauen. Es ist nur verdammt viel Arbeit für die Bots.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T11:50:00.000-0000","id":53986,"begin_timestamp":{"seconds":1703934000,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T11:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Electronic voting is hard to observe because one can't directly see into computers. In case of Estonia, the cryptographic measures to verify the processes are only partially implemented, but as voters have to download a voting application that implements a protocol with a public specification, observers/voters can obtain a special insight into processes by implementing their own tools to cast and verify the votes.\r\n\r\nEngaging in that kind of participative observation with special tools in 2023 parliamentary elections in Estonia it appeared that the official voting software implemented the process that was not following the specification up to the point of diverging from requirements set in laws and subordinate regulative acts. In addition to couple of vote containers that were processed ignoring the requirements, in the end it appeared that arguably all 312 181 electronic votes cast with official voting application had invalid digital signatures and failed to specify electoral district in vote text.\r\n\r\nIn paper ballot elections these kinds of ballots would have been declared invalid without hesitation, but electoral complaints filed about such electronic votes were dismissed without explanation of why ballots clearly not conforming to legal requirements were counted. This has resulted in a parliament where 22 of 101 representatives have arguably gained their mandate based on invalid ballots, but moreover this indicates that after about 20 years of electronic voting in Estonia, in order to run the elections huge amounts of legal and technical make-believe is needed.\r\n\r\nIf manageable in small scale pilots and elections with low importance, this is hardly a case with 51% of the voters in parliamentary elections casting their votes online -- during times of political polarisation raising to unprecedented heights.\n\n\nAlthough electronic voting has been used 13 times in various elections in Estonia since 2005, the legal, procedural and technical problems are far from solved, but have rather backfired in political situation getting more complicated.","title":"Should e-voting experience of Estonia be copied?","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"android_description":"Electronic voting is hard to observe because one can't directly see into computers. In case of Estonia, the cryptographic measures to verify the processes are only partially implemented, but as voters have to download a voting application that implements a protocol with a public specification, observers/voters can obtain a special insight into processes by implementing their own tools to cast and verify the votes.\r\n\r\nEngaging in that kind of participative observation with special tools in 2023 parliamentary elections in Estonia it appeared that the official voting software implemented the process that was not following the specification up to the point of diverging from requirements set in laws and subordinate regulative acts. In addition to couple of vote containers that were processed ignoring the requirements, in the end it appeared that arguably all 312 181 electronic votes cast with official voting application had invalid digital signatures and failed to specify electoral district in vote text.\r\n\r\nIn paper ballot elections these kinds of ballots would have been declared invalid without hesitation, but electoral complaints filed about such electronic votes were dismissed without explanation of why ballots clearly not conforming to legal requirements were counted. This has resulted in a parliament where 22 of 101 representatives have arguably gained their mandate based on invalid ballots, but moreover this indicates that after about 20 years of electronic voting in Estonia, in order to run the elections huge amounts of legal and technical make-believe is needed.\r\n\r\nIf manageable in small scale pilots and elections with low importance, this is hardly a case with 51% of the voters in parliamentary elections casting their votes online -- during times of political polarisation raising to unprecedented heights.\n\n\nAlthough electronic voting has been used 13 times in various elections in Estonia since 2005, the legal, procedural and technical problems are far from solved, but have rather backfired in political situation getting more complicated.","end_timestamp":{"seconds":1703936400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53504],"conference_id":131,"event_ids":[53834],"name":"Märt Põder","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52333}],"timeband_id":1143,"links":[{"label":"Votes without ballots (full report)","type":"link","url":"https://infoaed.ee/evote2023"},{"label":"Summary of the findings","type":"link","url":"https://infoaed.ee/findings2023"}],"end":"2023-12-30T11:40:00.000-0000","id":53834,"begin_timestamp":{"seconds":1703934000,"nanoseconds":0},"village_id":null,"tag_ids":[46121,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52333}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T11:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Im Januar 2023 kam es zu Durchsuchungen der Redaktionsräume des Senders Radio Dreyeckland sowie der Wohnungen zweier Journalisten. Anlass der Durchsuchungen und der Beschlagnahme mehrerer Laptops war ein Artikel des Senders, in dem auf ein Archiv von linksunten.indymedia verlinkt wurde. Die Internetplattform war 2017 nach Vereinsrecht verboten worden. Die Staatsschutzabteilung der Staatsanwaltschaft Karlsruhe sieht in dem Artikel eine strafbare Unterstützung einer verbotenen Vereinigung. Das Oberlandesgericht Stuttgart hat inzwischen – anders als zuvor das Landgericht – die Anklage gegen den Journalisten zugelassen und entschieden, dass die Durchsuchung rechtmäßig war. Die Hauptverhandlung soll im kommenden Jahr stattfinden.\r\n\r\nDer Vortrag gibt einen Einblick in das Verfahren und ordnet es kritisch ein. Dabei wird insbesondere der Frage nachgegangen, wie Links rechtlich zu bewerten sind und wie der Staat gegen (linke) Medien vorgeht.\n\n\nEin Journalist von Radio Dreyeckland steht vor Gericht, weil er das Archiv der verbotenen Internetplattform linksunten.indymedia verlinkt hat. Der Vortrag gibt einen Einblick in das Verfahren und zeigt, wann Links strafbar sein können – und wann nicht.","title":"Link-Extremismus und Pressefreiheit","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703936400,"nanoseconds":0},"android_description":"Im Januar 2023 kam es zu Durchsuchungen der Redaktionsräume des Senders Radio Dreyeckland sowie der Wohnungen zweier Journalisten. Anlass der Durchsuchungen und der Beschlagnahme mehrerer Laptops war ein Artikel des Senders, in dem auf ein Archiv von linksunten.indymedia verlinkt wurde. Die Internetplattform war 2017 nach Vereinsrecht verboten worden. Die Staatsschutzabteilung der Staatsanwaltschaft Karlsruhe sieht in dem Artikel eine strafbare Unterstützung einer verbotenen Vereinigung. Das Oberlandesgericht Stuttgart hat inzwischen – anders als zuvor das Landgericht – die Anklage gegen den Journalisten zugelassen und entschieden, dass die Durchsuchung rechtmäßig war. Die Hauptverhandlung soll im kommenden Jahr stattfinden.\r\n\r\nDer Vortrag gibt einen Einblick in das Verfahren und ordnet es kritisch ein. Dabei wird insbesondere der Frage nachgegangen, wie Links rechtlich zu bewerten sind und wie der Staat gegen (linke) Medien vorgeht.\n\n\nEin Journalist von Radio Dreyeckland steht vor Gericht, weil er das Archiv der verbotenen Internetplattform linksunten.indymedia verlinkt hat. Der Vortrag gibt einen Einblick in das Verfahren und zeigt, wann Links strafbar sein können – und wann nicht.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53496],"conference_id":131,"event_ids":[53827],"name":"David Werdermann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52449}],"timeband_id":1143,"links":[{"label":"Informationen von Radio Dreyeckland zum Strafverfahren","type":"link","url":"https://rdl.de/Hausdurchsuchungen"},{"label":"Fallseite der GFF zum Verfahren gegen Radio Dreyeckland","type":"link","url":"https://freiheitsrechte.org/themen/demokratie/radio_dreyeckland"}],"end":"2023-12-30T11:40:00.000-0000","id":53827,"begin_timestamp":{"seconds":1703934000,"nanoseconds":0},"village_id":null,"tag_ids":[46121,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52449}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T11:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This talk is for all who enjoyed the game \"who can name the larger number?\" as a kid.\r\n\r\nThis talk takes you on a tour of the wondrous world of mind-boggingly large numbers. In case you are new to the business of extremely large but still finitely large numbers, be prepared to be in thorough awe at hyper operators and Graham's number, a number so large not even the number of its digits fits into our universe. In case you've been a longtime follower of Graham's number, be prepared to be amazed by numbers which render Graham's number tiny and insignificant in comparison.\r\n\r\nSome of the numbers we present go beyond the boundaries of computation. Some even go beyond the boundaries of logic, while still staying clear of paradoxes, and some require stronger and stronger philosophical commitments.\r\n\r\nWe will also present reasons why mathematicians are interested in very large numbers.\r\n\r\nThere will also be a [companion talk on infinitely large numbers](https://events.ccc.de/congress/2023/hub/en/event/wondrous-mathematics-the-fantastical-story-how-the/). This talk is not a prerequisite for the other, and vice versa. [Over the course of the first three days of congress, we also run a large number contest.](https://www.quasicoherent.io/37c3-large-numbers-contest/) We invite you to participate in this contest. The award ceremony for this contest is part of this session.\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Wondrous mathematics: Large numbers, very large numbers and very very large numbers","android_description":"This talk is for all who enjoyed the game \"who can name the larger number?\" as a kid.\r\n\r\nThis talk takes you on a tour of the wondrous world of mind-boggingly large numbers. In case you are new to the business of extremely large but still finitely large numbers, be prepared to be in thorough awe at hyper operators and Graham's number, a number so large not even the number of its digits fits into our universe. In case you've been a longtime follower of Graham's number, be prepared to be amazed by numbers which render Graham's number tiny and insignificant in comparison.\r\n\r\nSome of the numbers we present go beyond the boundaries of computation. Some even go beyond the boundaries of logic, while still staying clear of paradoxes, and some require stronger and stronger philosophical commitments.\r\n\r\nWe will also present reasons why mathematicians are interested in very large numbers.\r\n\r\nThere will also be a [companion talk on infinitely large numbers](https://events.ccc.de/congress/2023/hub/en/event/wondrous-mathematics-the-fantastical-story-how-the/). This talk is not a prerequisite for the other, and vice versa. [Over the course of the first three days of congress, we also run a large number contest.](https://www.quasicoherent.io/37c3-large-numbers-contest/) We invite you to participate in this contest. The award ceremony for this contest is part of this session.\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮","end_timestamp":{"seconds":1703937000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T11:50:00.000-0000","id":53542,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703934000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T11:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Meetup der Interessierten und Freunde am Projekt Rosenpass\r\nProject Rosenpass Meetup\r\n\r\nhttps://rosenpass.eu\r\n\r\nDay4, Stage H at Halle H\r\n\r\ncontact: @rosenpass@chaos.social on Mastodon\n\n\n","title":"Friends of Rosenpass Meeting","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Meetup der Interessierten und Freunde am Projekt Rosenpass\r\nProject Rosenpass Meetup\r\n\r\nhttps://rosenpass.eu\r\n\r\nDay4, Stage H at Halle H\r\n\r\ncontact: @rosenpass@chaos.social on Mastodon","end_timestamp":{"seconds":1703941200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T13:00:00.000-0000","id":53541,"begin_timestamp":{"seconds":1703934000,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"begin":"2023-12-30T11:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Flammschutzmittel für Elektrogeräte, die Metalllegierung zum Löten und Plastik für fast alle Anwendungen im Alltag – all diese Materialen produziert die Chemische Industrie. Sie steht am Anfang der Wertschöpfungskette. Die Materialien, die sie herstellt definiert das Spektrum, mit dem Produktdesigner\\*innen arbeiten können. Schockierend ist: Die Industrie verwendet nicht nur fossile Rohstoffe für viele ihrer Produkte, sondern ist auch größter Industrieverbraucher von Energie in Deutschland. Allein für die Produktion von Plastik für Verpackungen verwendet die Industrie in Deutschland mehr Primärenergie, als das Land Slowenien insgesamt. Viele Produkte der Industrie bergen Umwelt- und Gesundheitsgefahren und kein deutsches Chemieunternehmen hat eine Strategie ihre Schadstoffe zu reduzieren. Tatsächlich produzieren und exportieren die Unternehmen sogar weiterhin Schadstoffe, die in der EU längst verboten sind. Dass es so nicht weiter gehen kann erkennt auch die Industrie. Ihre angeblich klimaneutralen Transformationspfade sind technisch und wirtschaftlich nicht sinnvoll und gehen mit einem enormen Anstieg an nicht verfügbarer erneuerbarer Energie und Wasserstoff einher. Der Bedarf übersteigt was die Bundesregierung für ganz Deutschland vorsieht. Wir zeigen auf: Die Transformation der Chemieindustrie kann nicht nur innerhalb dieser Branche gedacht werden. Es darf jetzt nicht in Technologien investiert werden, die Scheinlösungen sind. Die Herausforderungen Klimakrise, Verschmutzung und Biodiversitätskrise müssen jetzt angegangen werden durch echte Defossilisierung, Ressourceneinsparung und Kreislaufwirtschaft und einer Umstellung auf sichere und nachhaltige Chemikalien. \n\n\nAm Anfang von jedem Chip, jedem Computer, jedem Plastik steht die Chemieindustrie. Sie ist Deutschlands größter Industrieverbraucher an fossilen Ressourcen wie Öl und Gas. Wir stellen eine neue Studie „Blackbox Chemieindustrie“ des BUND zum Energie- und Ressourcenbedarf der Industrie vor. Die angeblich klimaneutralen Transformationspläne der Industrie werden kritisch hinterfragt und echte Lösungen werden aufgezeigt.","title":"Blackbox Chemieindustrie","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"android_description":"Flammschutzmittel für Elektrogeräte, die Metalllegierung zum Löten und Plastik für fast alle Anwendungen im Alltag – all diese Materialen produziert die Chemische Industrie. Sie steht am Anfang der Wertschöpfungskette. Die Materialien, die sie herstellt definiert das Spektrum, mit dem Produktdesigner\\*innen arbeiten können. Schockierend ist: Die Industrie verwendet nicht nur fossile Rohstoffe für viele ihrer Produkte, sondern ist auch größter Industrieverbraucher von Energie in Deutschland. Allein für die Produktion von Plastik für Verpackungen verwendet die Industrie in Deutschland mehr Primärenergie, als das Land Slowenien insgesamt. Viele Produkte der Industrie bergen Umwelt- und Gesundheitsgefahren und kein deutsches Chemieunternehmen hat eine Strategie ihre Schadstoffe zu reduzieren. Tatsächlich produzieren und exportieren die Unternehmen sogar weiterhin Schadstoffe, die in der EU längst verboten sind. Dass es so nicht weiter gehen kann erkennt auch die Industrie. Ihre angeblich klimaneutralen Transformationspfade sind technisch und wirtschaftlich nicht sinnvoll und gehen mit einem enormen Anstieg an nicht verfügbarer erneuerbarer Energie und Wasserstoff einher. Der Bedarf übersteigt was die Bundesregierung für ganz Deutschland vorsieht. Wir zeigen auf: Die Transformation der Chemieindustrie kann nicht nur innerhalb dieser Branche gedacht werden. Es darf jetzt nicht in Technologien investiert werden, die Scheinlösungen sind. Die Herausforderungen Klimakrise, Verschmutzung und Biodiversitätskrise müssen jetzt angegangen werden durch echte Defossilisierung, Ressourceneinsparung und Kreislaufwirtschaft und einer Umstellung auf sichere und nachhaltige Chemikalien. \n\n\nAm Anfang von jedem Chip, jedem Computer, jedem Plastik steht die Chemieindustrie. Sie ist Deutschlands größter Industrieverbraucher an fossilen Ressourcen wie Öl und Gas. Wir stellen eine neue Studie „Blackbox Chemieindustrie“ des BUND zum Energie- und Ressourcenbedarf der Industrie vor. Die angeblich klimaneutralen Transformationspläne der Industrie werden kritisch hinterfragt und echte Lösungen werden aufgezeigt.","end_timestamp":{"seconds":1703936400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53487],"conference_id":131,"event_ids":[53508],"name":"Janine Korduan","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52334},{"content_ids":[53487],"conference_id":131,"event_ids":[53508],"name":"Janna Kuhlmann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52513}],"timeband_id":1143,"links":[{"label":"Studienzusammenfassung Blackbox Chemieindustrie","type":"link","url":"https://www.bund.net/service/publikationen/detail/publication/factsheet-studie-blackbox-chemieindustrie-zusammenfassung/"}],"end":"2023-12-30T11:40:00.000-0000","id":53508,"tag_ids":[46125,46136,46139],"village_id":null,"begin_timestamp":{"seconds":1703934000,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52334},{"tag_id":46107,"sort_order":1,"person_id":52513}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-30T11:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In this session, I will present the OpenStreetMap editing software JOSM, a Java application for advanced editing of OpenStreetMap data.\r\n\r\nIn contrast to the online editor iD on the OpenStreetMap website, JOSM can handle larger volumes of map data. It can be customized using plugins, custom tagging presets and map styles.\r\n\r\nThis session is drafted for people who have contributed to OpenStreetMap and want to start with adavanced editing, edit relations or large features (e.g. landuse polygons).\r\n\r\nYou need an OpenStreetMap account in order to be able to edit. Please create one prior to the session.\r\n\r\nPlease install JOSM prior to the session (e.g. from the package repository of your Linux distribution).\r\n\r\nhttps://www.openstreetmap.org/\r\nhttps://josm.openstreetmap.de/\n\n\n","title":"Einstieg in JOSM für fortgeschrittene OpenStreetMapper","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"In this session, I will present the OpenStreetMap editing software JOSM, a Java application for advanced editing of OpenStreetMap data.\r\n\r\nIn contrast to the online editor iD on the OpenStreetMap website, JOSM can handle larger volumes of map data. It can be customized using plugins, custom tagging presets and map styles.\r\n\r\nThis session is drafted for people who have contributed to OpenStreetMap and want to start with adavanced editing, edit relations or large features (e.g. landuse polygons).\r\n\r\nYou need an OpenStreetMap account in order to be able to edit. Please create one prior to the session.\r\n\r\nPlease install JOSM prior to the session (e.g. from the package repository of your Linux distribution).\r\n\r\nhttps://www.openstreetmap.org/\r\nhttps://josm.openstreetmap.de/","end_timestamp":{"seconds":1703934000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T11:00:00.000-0000","id":53988,"village_id":null,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703932200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T10:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Einstein's Field Equations allow for strange solutions involving the connection of a universe with itself or even two different universes with each other. In this talk, we will look at how wormholes first came to be, how to describe them mathematically and what properties they have.\r\n\r\n🧮🦆\n\n\n","title":"Wormholes: A little go-through","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"Einstein's Field Equations allow for strange solutions involving the connection of a universe with itself or even two different universes with each other. In this talk, we will look at how wormholes first came to be, how to describe them mathematically and what properties they have.\r\n\r\n🧮🦆","end_timestamp":{"seconds":1703934000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T11:00:00.000-0000","id":53428,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703931300,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"N","begin":"2023-12-30T10:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"**Freie Fläche vor Saal F.**\r\n\r\n[Andere Sessions unserer Gruppe.](https://chaos.quasicoherent.io/)\r\n\r\n🧮\n\n\nKonsumkritik-Kritik: von der Mär der angeblichen Macht der Verbraucher*innen. Eine grundlegende Situationsanalyse und wirksame Alternativen.","title":"Fünf überraschende Sachverhalte, wieso die Erzählung \"Dein Kassenbon ist ein Stimmzettel\" fehlerhaft ist, in die Irre führt und echte gesellschaftliche Veränderung blockiert","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"**Freie Fläche vor Saal F.**\r\n\r\n[Andere Sessions unserer Gruppe.](https://chaos.quasicoherent.io/)\r\n\r\n🧮\n\n\nKonsumkritik-Kritik: von der Mär der angeblichen Macht der Verbraucher*innen. Eine grundlegende Situationsanalyse und wirksame Alternativen.","end_timestamp":{"seconds":1703933400,"nanoseconds":0},"updated_timestamp":{"seconds":1703954760,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T10:50:00.000-0000","id":54032,"village_id":null,"begin_timestamp":{"seconds":1703930400,"nanoseconds":0},"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"In front of Hall F","hotel":"","short_name":"In front of Hall F","id":46172},"begin":"2023-12-30T10:00:00.000-0000","updated":"2023-12-30T16:46:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Ich nehme euch mit in einen Vortrag unter Wasser. Ich möchte euch erzählen warum die Ozeane für uns wichtig sind und warum und vor allem wie wir sie schützen können. Und natürlich alle eure Fragen rund ums Meer und Korallenriffe zu beantworten. Der interaktive Vortrag richtet sich an Kinder im Alter zwischen 8-12, aber es sind natürlich alle willkommen.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Meere und warum sie für uns wichtig sind - Tag 4","android_description":"Ich nehme euch mit in einen Vortrag unter Wasser. Ich möchte euch erzählen warum die Ozeane für uns wichtig sind und warum und vor allem wie wir sie schützen können. Und natürlich alle eure Fragen rund ums Meer und Korallenriffe zu beantworten. Der interaktive Vortrag richtet sich an Kinder im Alter zwischen 8-12, aber es sind natürlich alle willkommen.","end_timestamp":{"seconds":1703935800,"nanoseconds":0},"updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T11:30:00.000-0000","id":54029,"begin_timestamp":{"seconds":1703930400,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Kidspace - Workshopraum in Saal B","hotel":"","short_name":"Kidspace - Workshopraum in Saal B","id":46143},"updated":"2023-12-30T01:42:00.000-0000","begin":"2023-12-30T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In Science Fiction gibt es Überlichtgeschwindigkeit, Antigravitation, Terraforming, Schutzschilde, Beamen, Railguns, KI, Fusion, Nano, usw. Dieser Vortrag gibt einen Überblick, was die moderne Wissenschaft dazu sagt. Der Stand der Wissenschaft entwickelt sich weiter und das kommt nur langsam in der Science Fiction Literatur an. Was stimmt noch und was hat sich geändert? Was ist wissenschaftlich fundiert, was wäre vielleicht möglich und was wird immer erfundene Wissenschaft bleiben. \r\n\r\nEin realistischer Blick auf das theoretisch Mögliche, ein optimistischer Ausblick auf Hinweise auf (noch) unbekannte Wissenschaft, und ein mahnender Blick darauf was wir in naher Zukunft machen sollten (Thema Sustainability). \r\n\r\nAber im Vordergrund steht die Bewertung der SF-Konzepte durch die reale Wissenschaft und sicher ein paar neue Erkenntnisse für Zuhöher:innen.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Science in Science Fiction (Die reale Wissenschaft von Star Trek und Star Wars)","end_timestamp":{"seconds":1703933400,"nanoseconds":0},"android_description":"In Science Fiction gibt es Überlichtgeschwindigkeit, Antigravitation, Terraforming, Schutzschilde, Beamen, Railguns, KI, Fusion, Nano, usw. Dieser Vortrag gibt einen Überblick, was die moderne Wissenschaft dazu sagt. Der Stand der Wissenschaft entwickelt sich weiter und das kommt nur langsam in der Science Fiction Literatur an. Was stimmt noch und was hat sich geändert? Was ist wissenschaftlich fundiert, was wäre vielleicht möglich und was wird immer erfundene Wissenschaft bleiben. \r\n\r\nEin realistischer Blick auf das theoretisch Mögliche, ein optimistischer Ausblick auf Hinweise auf (noch) unbekannte Wissenschaft, und ein mahnender Blick darauf was wir in naher Zukunft machen sollten (Thema Sustainability). \r\n\r\nAber im Vordergrund steht die Bewertung der SF-Konzepte durch die reale Wissenschaft und sicher ein paar neue Erkenntnisse für Zuhöher:innen.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T10:50:00.000-0000","id":53983,"begin_timestamp":{"seconds":1703930400,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"begin":"2023-12-30T10:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In this session, we will present you the online editing software iD which you can use to contribute to OpenStreetMap.\r\n\r\nYou can ask questions about contributing to OpenStreetMap during the session.\r\n\r\nIf you contribute to OpenStreetMap, you have to create an user account. You may do this prior to the session. A user name and email address is required.\r\n\r\nhttps://www.openstreetmap.org/\n\n\n","title":"Einstieg in OpenStreetMap mit dem Online-Editor iD","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"In this session, we will present you the online editing software iD which you can use to contribute to OpenStreetMap.\r\n\r\nYou can ask questions about contributing to OpenStreetMap during the session.\r\n\r\nIf you contribute to OpenStreetMap, you have to create an user account. You may do this prior to the session. A user name and email address is required.\r\n\r\nhttps://www.openstreetmap.org/","end_timestamp":{"seconds":1703932200,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T10:30:00.000-0000","id":53875,"village_id":null,"begin_timestamp":{"seconds":1703930400,"nanoseconds":0},"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"begin":"2023-12-30T10:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This talk will describe our efforts to introduce a new toolkit and mindset for unions and gig workers, which is essential in an era where, for a growing number of people, \"an app is their boss\".\r\n\r\nOur work highlights the critical role of technical literacy in improving workers' bargaining power, particularly in collective bargaining. By demystifying the technology that governs them, we aim to equip workers with the tools to assert their rights and shape a fairer working landscape.\r\n\r\nSince 2019, our team, back in time known as [Tracking.Exposed](https://tracking.exposed) and now operating as [Reversing.Works](https://reversing.works), has focused on connecting mobile app reverse engineering with GDPR and workers' rights. We want to tell this story, all the missteps, the low-hanging fruit that hacktivists across Europe can grab, and the opportunities that new regulations open up in this sense.\r\n\r\nIn 2023, a [report](https://reversing.works/posts/2023/10/report-exercising-workers-rights-in-algorithmic-management-systems/) written for the European Trade Union Institute summarized our investigation into Glovo, in this talk we'll talk about how to repeat the investigations and, with varying complexity, how unionist and activists can start identifying potential data breaches and labor rights violations in mobile apps used by gig economy workers.\n\n\n[Reversing.works](https://reversing.works) will outline five years of experience linking trade unions, gig economy workers, GDPR and mobile app reverse engineering. Goal: to replicate an effective form of resistance.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Mobile reverse engineering to empower the gig economy workers and labor unions","end_timestamp":{"seconds":1703932800,"nanoseconds":0},"android_description":"This talk will describe our efforts to introduce a new toolkit and mindset for unions and gig workers, which is essential in an era where, for a growing number of people, \"an app is their boss\".\r\n\r\nOur work highlights the critical role of technical literacy in improving workers' bargaining power, particularly in collective bargaining. By demystifying the technology that governs them, we aim to equip workers with the tools to assert their rights and shape a fairer working landscape.\r\n\r\nSince 2019, our team, back in time known as [Tracking.Exposed](https://tracking.exposed) and now operating as [Reversing.Works](https://reversing.works), has focused on connecting mobile app reverse engineering with GDPR and workers' rights. We want to tell this story, all the missteps, the low-hanging fruit that hacktivists across Europe can grab, and the opportunities that new regulations open up in this sense.\r\n\r\nIn 2023, a [report](https://reversing.works/posts/2023/10/report-exercising-workers-rights-in-algorithmic-management-systems/) written for the European Trade Union Institute summarized our investigation into Glovo, in this talk we'll talk about how to repeat the investigations and, with varying complexity, how unionist and activists can start identifying potential data breaches and labor rights violations in mobile apps used by gig economy workers.\n\n\n[Reversing.works](https://reversing.works) will outline five years of experience linking trade unions, gig economy workers, GDPR and mobile app reverse engineering. Goal: to replicate an effective form of resistance.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53503],"conference_id":131,"event_ids":[53833],"name":"Claudio Agosti","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52294},{"content_ids":[53503],"conference_id":131,"event_ids":[53833],"name":"Gaetano Priori","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52409}],"timeband_id":1143,"links":[],"end":"2023-12-30T10:40:00.000-0000","id":53833,"tag_ids":[46121,46136,46140],"begin_timestamp":{"seconds":1703930400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52294},{"tag_id":46107,"sort_order":1,"person_id":52409}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","begin":"2023-12-30T10:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The talk will explain unfamiliar concepts in more common terms like:\r\nVector registers are just registers where CPUs can store multiple numbers which belong together and are processed independent of each other together in same operation. This allows a higher processing performance similar to how moving a pallet of same sized boxes can be quicker than just moving the boxes on their own.\r\n\r\nAnd will then use those new terms drawing comparisons like:\r\n512 bits long are the largest vector registers available with any other CPU available today compared to 16348 bits long vector registers of which each VE core has 64 of. This puts it in a class of its own among CPUs.\r\n\r\nIf you weren't scrared off by this you shouldn't find the talk to technical. If you have a deep grasp on computing technology and wonder if this talk might interesting then you will hear about some implementation choices from NEC drawing reactions deep from the Kubler-Ross stages of Grief. \r\n\r\nThere will be a short introduction to the VE instruction set highlight a few instructions which are \"fun\" or otherwise \"interesting\" and might have some general computing https://en.wikipedia.org/wiki/Fast\\_inverse\\_square\\_root trivia https://vaibhavsagar.com/blog/2019/09/08/popcount/ associtated. The different offloading modes of a VE are introduced, one of which is enterily novel and which also emphasizes the uniqueness and sheer quirkyness.\r\n\r\nPrograms executing on a Vector Engine run in a Linux environment thus one could make many applications run on this accelerator unlocking GPU like performance for them without a need for rewrites if said code can make use of these big vector registers and the massive memory bandwidth available to them. So it's unsupprising that it is enourmously fun to touch up identified bottelnecks and see some application get 200x faster with handful of fixes. We can call hardware homebrewed if we make 2048 run on it, can't we?\r\n\r\nThe presentation about hacks people which joined my \"vect.or.at\" Vector Engine PUBNIX (basically a shared linux computer) did will cover such speeds ups, mention the state of an ongoing attempt to port the Rust programming languages to it, attempts of digital perservationism and progress towards making the vector engine truely yours by \"rooting\" it to mess with hardware settings otherwise unavailable.\r\n\r\nThe introduction to HPC portion will be structured as an argument claiming \"A NEC Vector Engine would turn your (Linux) computer into a small super computer\" and use this as motivation to introduce what such a super computer or HPC cluster is, how you can make it work for you and common software packages used. A few performance \"tripping\" hazards also are mentioned.\n\n\nThe NEC Vector Engine (VE) isn't a GPU. It's a member of the only family of vector computers still alive today. Imagine a second CPU with a different instruction set running on the same Linux system. While obscure, it's a very approachable and hackable platform that is an addictingly fun machine to program and allows you to play with all the technologies seen in high-performance computing (HPC) today. I am going to cover lightheartedly what a small community learned about this singular hardware they shared: bemoaning a dangerous power plug standard, (ab)using this scientific simulation power house to run code never intended, some firmware and driver reversing, \"rooting\" a VE and more. I will also be giving an introduction to core concepts in HPC with knowledge transferable to any other (university) computer cluster and hopefully encouraging students and scientists to use those by making them seem less alien and hostile.","title":"Making homebrew for your very own Vector Super Computer","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703932800,"nanoseconds":0},"android_description":"The talk will explain unfamiliar concepts in more common terms like:\r\nVector registers are just registers where CPUs can store multiple numbers which belong together and are processed independent of each other together in same operation. This allows a higher processing performance similar to how moving a pallet of same sized boxes can be quicker than just moving the boxes on their own.\r\n\r\nAnd will then use those new terms drawing comparisons like:\r\n512 bits long are the largest vector registers available with any other CPU available today compared to 16348 bits long vector registers of which each VE core has 64 of. This puts it in a class of its own among CPUs.\r\n\r\nIf you weren't scrared off by this you shouldn't find the talk to technical. If you have a deep grasp on computing technology and wonder if this talk might interesting then you will hear about some implementation choices from NEC drawing reactions deep from the Kubler-Ross stages of Grief. \r\n\r\nThere will be a short introduction to the VE instruction set highlight a few instructions which are \"fun\" or otherwise \"interesting\" and might have some general computing https://en.wikipedia.org/wiki/Fast\\_inverse\\_square\\_root trivia https://vaibhavsagar.com/blog/2019/09/08/popcount/ associtated. The different offloading modes of a VE are introduced, one of which is enterily novel and which also emphasizes the uniqueness and sheer quirkyness.\r\n\r\nPrograms executing on a Vector Engine run in a Linux environment thus one could make many applications run on this accelerator unlocking GPU like performance for them without a need for rewrites if said code can make use of these big vector registers and the massive memory bandwidth available to them. So it's unsupprising that it is enourmously fun to touch up identified bottelnecks and see some application get 200x faster with handful of fixes. We can call hardware homebrewed if we make 2048 run on it, can't we?\r\n\r\nThe presentation about hacks people which joined my \"vect.or.at\" Vector Engine PUBNIX (basically a shared linux computer) did will cover such speeds ups, mention the state of an ongoing attempt to port the Rust programming languages to it, attempts of digital perservationism and progress towards making the vector engine truely yours by \"rooting\" it to mess with hardware settings otherwise unavailable.\r\n\r\nThe introduction to HPC portion will be structured as an argument claiming \"A NEC Vector Engine would turn your (Linux) computer into a small super computer\" and use this as motivation to introduce what such a super computer or HPC cluster is, how you can make it work for you and common software packages used. A few performance \"tripping\" hazards also are mentioned.\n\n\nThe NEC Vector Engine (VE) isn't a GPU. It's a member of the only family of vector computers still alive today. Imagine a second CPU with a different instruction set running on the same Linux system. While obscure, it's a very approachable and hackable platform that is an addictingly fun machine to program and allows you to play with all the technologies seen in high-performance computing (HPC) today. I am going to cover lightheartedly what a small community learned about this singular hardware they shared: bemoaning a dangerous power plug standard, (ab)using this scientific simulation power house to run code never intended, some firmware and driver reversing, \"rooting\" a VE and more. I will also be giving an introduction to core concepts in HPC with knowledge transferable to any other (university) computer cluster and hopefully encouraging students and scientists to use those by making them seem less alien and hostile.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53495],"conference_id":131,"event_ids":[53826],"name":"Johann-Tobias Schäg","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52280}],"timeband_id":1143,"links":[],"end":"2023-12-30T10:40:00.000-0000","id":53826,"begin_timestamp":{"seconds":1703930400,"nanoseconds":0},"village_id":null,"tag_ids":[46122,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52280}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Kurze Einführung in FreeCAD (1.5h)\r\nEs geht um die Frage: Wie erstelle ich kleine Modelle ?\r\n\r\n🧮\n\n\nKurze Einführung in FreeCAD (1.5h)\r\nEs geht um die Frage: Wie erstelle ich kleine Modelle ?\r\nBitte vorher FreeCAD installieren (500mb)","title":"FreeCAD Workshop","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703935800,"nanoseconds":0},"android_description":"Kurze Einführung in FreeCAD (1.5h)\r\nEs geht um die Frage: Wie erstelle ich kleine Modelle ?\r\n\r\n🧮\n\n\nKurze Einführung in FreeCAD (1.5h)\r\nEs geht um die Frage: Wie erstelle ich kleine Modelle ?\r\nBitte vorher FreeCAD installieren (500mb)","updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T11:30:00.000-0000","id":53690,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703930400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"FAU Assembly (Halle H)","hotel":"","short_name":"FAU Assembly (Halle H)","id":46165},"spans_timebands":"N","updated":"2023-12-29T15:25:00.000-0000","begin":"2023-12-30T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In diesem kostenlosen Basis-Seminar werden Dir die wichtigsten Skills zur Erbringung ganzheitlicher Digital-Spiritualitäts-Dienstleistungen vermittelt, mit denen Du direkt in die Selbstständigkeit durchstarten kannst. Wir lernen von den Besten – wir lernen vom Esoterik-Markt, der ja bekanntlich nicht erst seit der Crosspromotion in einschlägigen Corona-Telegram-Gruppen boomt:\r\n\r\n1. Digital Forecasting: Warum umständliche Modelle konzipieren, wenn Du den direkten Zugriff auf die Akasha-Datenbank der Weltweisheit verkaufen kannst? In diesem Block geht es um die wichtigsten Wahrsager-Skills (Cold Reading, Hot Reading, Barnum-Effekt).\n2. Healing statt Patching: Anwendung ganzheitlich-spiritueller Security-Konzepte auf homöopathischer Basis für Kundennetzwerke mit Schwerpunkt auf dem souveränen Umgang mit Beschwerden & Erstverschlimmerungen.\n3. Belebte Netzwerke: Lehren aus der Wasserbelebung & kompatible Geschäftsideen („Serverraum der Neuen Zeit“, Manifestieren von RAM, KI-Karma)\n4. Mental-Antivirus: Installationsanleitung für feinstoffliche Unterstützungssoftware zur Ego-Mitigation (thought terminating cliches, Conspiracy & Cult-Groupware as a Service)\n5. Upscaling: Innovative Pyramiden- und Schneeballsysteme zwecks ganzheitlicher Gewinnabschöpfung.\n\n\r\n\r\nMelden Sie sich jetzt für das KOSTENLOSE Basis-Seminar an, und Sie bekommen (wenn die Speicherblöcke günstig stehen) unseren limitierten feinschwingenden 5G-Sticker für ihr EDV-Gerät GRATIS dazu. \r\n\r\n+++ von unabhängigen Cyber-Schamaninnen empfohlen +++\r\n\r\nBild: Charlotte von Hirsch\n\n\nDass es sich bei Digitalisierung um eine magische Angelegenheit handelt, der durch Regulierung großer Social-Media-Konzerne per Definition nicht beizukommen ist, ist auf politischer Ebene schon lange bekannt. Der Markt für esoterische Dienstleistungen rund um Digitalisierungsfragen ist daher vermutlich immens – und eröffnet viele Möglichkeiten für cyberfeinstofflich begabte Entrepreneurs & Digital-Okkultisten. Ganz nebenbei lernen wir, welche Maschen unseriöse Akteure (auch jenseits der Eso-Szene) anwenden, um mit den Sorgen und Ängsten von Menschen Geld zu machen.","title":"Fortbildung Cyber-Astrologie & KI-Karma","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"android_description":"In diesem kostenlosen Basis-Seminar werden Dir die wichtigsten Skills zur Erbringung ganzheitlicher Digital-Spiritualitäts-Dienstleistungen vermittelt, mit denen Du direkt in die Selbstständigkeit durchstarten kannst. Wir lernen von den Besten – wir lernen vom Esoterik-Markt, der ja bekanntlich nicht erst seit der Crosspromotion in einschlägigen Corona-Telegram-Gruppen boomt:\r\n\r\n1. Digital Forecasting: Warum umständliche Modelle konzipieren, wenn Du den direkten Zugriff auf die Akasha-Datenbank der Weltweisheit verkaufen kannst? In diesem Block geht es um die wichtigsten Wahrsager-Skills (Cold Reading, Hot Reading, Barnum-Effekt).\n2. Healing statt Patching: Anwendung ganzheitlich-spiritueller Security-Konzepte auf homöopathischer Basis für Kundennetzwerke mit Schwerpunkt auf dem souveränen Umgang mit Beschwerden & Erstverschlimmerungen.\n3. Belebte Netzwerke: Lehren aus der Wasserbelebung & kompatible Geschäftsideen („Serverraum der Neuen Zeit“, Manifestieren von RAM, KI-Karma)\n4. Mental-Antivirus: Installationsanleitung für feinstoffliche Unterstützungssoftware zur Ego-Mitigation (thought terminating cliches, Conspiracy & Cult-Groupware as a Service)\n5. Upscaling: Innovative Pyramiden- und Schneeballsysteme zwecks ganzheitlicher Gewinnabschöpfung.\n\n\r\n\r\nMelden Sie sich jetzt für das KOSTENLOSE Basis-Seminar an, und Sie bekommen (wenn die Speicherblöcke günstig stehen) unseren limitierten feinschwingenden 5G-Sticker für ihr EDV-Gerät GRATIS dazu. \r\n\r\n+++ von unabhängigen Cyber-Schamaninnen empfohlen +++\r\n\r\nBild: Charlotte von Hirsch\n\n\nDass es sich bei Digitalisierung um eine magische Angelegenheit handelt, der durch Regulierung großer Social-Media-Konzerne per Definition nicht beizukommen ist, ist auf politischer Ebene schon lange bekannt. Der Markt für esoterische Dienstleistungen rund um Digitalisierungsfragen ist daher vermutlich immens – und eröffnet viele Möglichkeiten für cyberfeinstofflich begabte Entrepreneurs & Digital-Okkultisten. Ganz nebenbei lernen wir, welche Maschen unseriöse Akteure (auch jenseits der Eso-Szene) anwenden, um mit den Sorgen und Ängsten von Menschen Geld zu machen.","end_timestamp":{"seconds":1703932800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T10:40:00.000-0000","id":53591,"begin_timestamp":{"seconds":1703930400,"nanoseconds":0},"village_id":null,"tag_ids":[46121,46136,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-30T10:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"For all children who have always wanted to learn to crochet or who already know something and want to learn more.\r\nThere will be a few large crochet hooks and many smaller ones. There also will be some wool. So you can start with your first experiments or ask for further help.\r\n\r\nThere may also be knitting needles to try out.\n\n\n","title":"Häkeln","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"For all children who have always wanted to learn to crochet or who already know something and want to learn more.\r\nThere will be a few large crochet hooks and many smaller ones. There also will be some wool. So you can start with your first experiments or ask for further help.\r\n\r\nThere may also be knitting needles to try out.","end_timestamp":{"seconds":1703937600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T12:00:00.000-0000","id":53429,"begin_timestamp":{"seconds":1703930400,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Kidspace - Saal B","hotel":"","short_name":"Kidspace - Saal B","id":46158},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"[English version below]\r\n\r\nIn diesem Workshop wird es eine Einführung in die Grundlagen: Syntax, Datentypen, Prozeduren, Zeiger, Dateien und Datenmanipulation geben. Das gelernte Wissen kann dabei mit kleinen Aufgaben spielerisch und kollaborativ überprüft werden. Es wird außerdem eine kleine Einleitung zur Dateistruktur von Projekten und hilfreichen Werkzeuge geben.\r\n\r\nZur Teilnahme am Workshop empfiehlt sich ein Linux System (oder virtuelle Maschine) mit einem installierten Texteditor. Hochperformante Hardware wird aber nicht benötigt.\r\n\r\n--------\r\n\r\nIn this workshop, participants will be given an introduction to the basics: syntax, data types, procedures, pointers and data manipulation. The knowledge can be tested in in a playful and collaborative way with small exercises. There will also be a short introduction to the file structure of projects and helpful tools.\r\n\r\nA Linux system (or virtual machine) with an installed text editor is recommended for participating in this workshop. However, high-performance hardware is not required.\n\n\nHier gibt es einen Einstieg in die systemnahe Programmiersprache C mit Fokus auf Personen ohne großes Vorwissen in C. Es wird alles notwendige Grundwissen beigebracht, welches zum Entwickeln einfacher Programme notwendig ist.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#7f73c6","name":"Workshop","id":46133},"title":"Programmieren mit C: Eine Einführung für Neulinge [Deutsch/Englisch]","end_timestamp":{"seconds":1703939100,"nanoseconds":0},"android_description":"[English version below]\r\n\r\nIn diesem Workshop wird es eine Einführung in die Grundlagen: Syntax, Datentypen, Prozeduren, Zeiger, Dateien und Datenmanipulation geben. Das gelernte Wissen kann dabei mit kleinen Aufgaben spielerisch und kollaborativ überprüft werden. Es wird außerdem eine kleine Einleitung zur Dateistruktur von Projekten und hilfreichen Werkzeuge geben.\r\n\r\nZur Teilnahme am Workshop empfiehlt sich ein Linux System (oder virtuelle Maschine) mit einem installierten Texteditor. Hochperformante Hardware wird aber nicht benötigt.\r\n\r\n--------\r\n\r\nIn this workshop, participants will be given an introduction to the basics: syntax, data types, procedures, pointers and data manipulation. The knowledge can be tested in in a playful and collaborative way with small exercises. There will also be a short introduction to the file structure of projects and helpful tools.\r\n\r\nA Linux system (or virtual machine) with an installed text editor is recommended for participating in this workshop. However, high-performance hardware is not required.\n\n\nHier gibt es einen Einstieg in die systemnahe Programmiersprache C mit Fokus auf Personen ohne großes Vorwissen in C. Es wird alles notwendige Grundwissen beigebracht, welches zum Entwickeln einfacher Programme notwendig ist.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53132],"conference_id":131,"event_ids":[53552],"name":"Lilith","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52430}],"timeband_id":1143,"links":[],"end":"2023-12-30T12:25:00.000-0000","id":53552,"village_id":null,"tag_ids":[46133,46139],"begin_timestamp":{"seconds":1703930100,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52430}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-30T09:55:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Agile is dead! - Agility is - like 42 - the answer to life, the universe and everything!\r\n\r\nDon't panic! \r\nThe question why forty-two is the answer remains and has still needs answering.\r\n\r\nTune in to see an actual agile manifesto and why the so-called agile manifesto written in 2001 is anything but agil and often misinterpreted.\n\n\n","title":"42?! Agile is dead - agility the answer to live the universe and everything","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Agile is dead! - Agility is - like 42 - the answer to life, the universe and everything!\r\n\r\nDon't panic! \r\nThe question why forty-two is the answer remains and has still needs answering.\r\n\r\nTune in to see an actual agile manifesto and why the so-called agile manifesto written in 2001 is anything but agil and often misinterpreted.","end_timestamp":{"seconds":1703931840,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T10:24:00.000-0000","id":53874,"begin_timestamp":{"seconds":1703929320,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T09:42:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We probably have enough yarn and needles if you don't have your own. The workshop giving person(s) will be glad to assist your projects however possible. Beginners welcome!","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Let's knit/crochet together!","end_timestamp":{"seconds":1703932200,"nanoseconds":0},"android_description":"We probably have enough yarn and needles if you don't have your own. The workshop giving person(s) will be glad to assist your projects however possible. Beginners welcome!","updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T10:30:00.000-0000","id":54023,"begin_timestamp":{"seconds":1703928600,"nanoseconds":0},"tag_ids":[46137,46139,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Table of the Openlab Augsburg","hotel":"","short_name":"Table of the Openlab Augsburg","id":46171},"spans_timebands":"N","begin":"2023-12-30T09:30:00.000-0000","updated":"2023-12-30T01:42:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Systems created by humans will contain flaws. In order to shine a light on these flaws, you can use a technique called threat modelling. There are hundreds if not thousands of different threat modelling methods that can be used to tease apart the structure of a system in search for security issues. In this talk, we will cover the key principles behind these methods, enabling anyone to study and mend the architecture of a system. In covering the basics, we will also critically reflect on the direction of much research and practice, sketching the relevance of threat modelling for addressing contemporary challenges and highlighting the role that you can play in making a security impact.\r\n\r\n*As preparation for or follow-up of this talk, [see this recorded training](https://archive.org/details/getting_started_with_threat_modelling).*\r\n\r\n*The recorded training can be watched either before or after the live talk. The talk takes a more reflective and critical look at threat modelling, diving into its underlying history and the current state of research, while also providing a space for Q&A and the sharing of experiences.*\n\n\nHow to take your first steps in threat modelling, or an opportunity to extend and/or reorient an existing threat modelling programme.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#f6ae74","name":"Talk 90 Minuten +15m Q&A","id":46132},"title":"Getting started with threat modelling","end_timestamp":{"seconds":1703934000,"nanoseconds":0},"android_description":"Systems created by humans will contain flaws. In order to shine a light on these flaws, you can use a technique called threat modelling. There are hundreds if not thousands of different threat modelling methods that can be used to tease apart the structure of a system in search for security issues. In this talk, we will cover the key principles behind these methods, enabling anyone to study and mend the architecture of a system. In covering the basics, we will also critically reflect on the direction of much research and practice, sketching the relevance of threat modelling for addressing contemporary challenges and highlighting the role that you can play in making a security impact.\r\n\r\n*As preparation for or follow-up of this talk, [see this recorded training](https://archive.org/details/getting_started_with_threat_modelling).*\r\n\r\n*The recorded training can be watched either before or after the live talk. The talk takes a more reflective and critical look at threat modelling, diving into its underlying history and the current state of research, while also providing a space for Q&A and the sharing of experiences.*\n\n\nHow to take your first steps in threat modelling, or an opportunity to extend and/or reorient an existing threat modelling programme.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[{"content_ids":[53491],"conference_id":131,"event_ids":[53824],"name":"Arne Padmos","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52302}],"timeband_id":1143,"links":[],"end":"2023-12-30T11:00:00.000-0000","id":53824,"begin_timestamp":{"seconds":1703928600,"nanoseconds":0},"village_id":null,"tag_ids":[46132,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52302}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"begin":"2023-12-30T09:30:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"A short Talk about Tiny Core Linux, an interesting linux distributon, not only because of its small size. \r\n\r\nThen I'll show the system, and answer all questions i can.\r\n\r\nThe talk will be in German, but I'll try to answer any questions asked in English in English.\r\n\r\nI'm looking forward to seeing you :)\n\n\nIch erzähle ein bisschen über Tiny Core Linux, eine der interessantesten Linux Distributionen, nicht nur weil sie so Klein ist.","title":"Tiny Core Linux - Eine Mini-Einführung in die coolste Linux Distro","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703930400,"nanoseconds":0},"android_description":"A short Talk about Tiny Core Linux, an interesting linux distributon, not only because of its small size. \r\n\r\nThen I'll show the system, and answer all questions i can.\r\n\r\nThe talk will be in German, but I'll try to answer any questions asked in English in English.\r\n\r\nI'm looking forward to seeing you :)\n\n\nIch erzähle ein bisschen über Tiny Core Linux, eine der interessantesten Linux Distributionen, nicht nur weil sie so Klein ist.","updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T10:00:00.000-0000","id":54030,"begin_timestamp":{"seconds":1703926800,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Corridor outside Hall 3 near Openlab Augsburg","hotel":"","short_name":"Corridor outside Hall 3 near Openlab Augsburg","id":46170},"spans_timebands":"N","updated":"2023-12-30T01:42:00.000-0000","begin":"2023-12-30T09:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Magnetic Resonance Imaging (MRI) is an imaging diagnostic procedure and probably known to many who have been in the \"MRI tube\" in the hospital.\r\nIn this presentation, I briefly explain MRI from a physical point of view and show the technology and software that is needed to get an MR image.\r\n\r\nAfterwards, I give a brief presentation of the Berkeley Advanced Reconstruction Toolbox (BART), a free and open source software for image reconstruction.\n\n\n","title":"Introduction to Magnetic Resonance Imaging and Image Reconstruction with BART","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703929500,"nanoseconds":0},"android_description":"Magnetic Resonance Imaging (MRI) is an imaging diagnostic procedure and probably known to many who have been in the \"MRI tube\" in the hospital.\r\nIn this presentation, I briefly explain MRI from a physical point of view and show the technology and software that is needed to get an MR image.\r\n\r\nAfterwards, I give a brief presentation of the Berkeley Advanced Reconstruction Toolbox (BART), a free and open source software for image reconstruction.","updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T09:45:00.000-0000","id":54015,"begin_timestamp":{"seconds":1703926800,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"begin":"2023-12-30T09:00:00.000-0000","updated":"2023-12-29T15:25:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Menschen interessieren sich für Dinge mit Seilen und plötzlich öffnet sich ein ganzes Universum voller Fragen, Hindernissen und technische Gründe sie nicht zu tun - die möchte ich mit euch aus dem Weg räumen.\r\n\r\nIn der Theorie und auch in der Praxis, falls ihr euer eigenes Seil mitbringt. Zielgruppe sind vor allem Leute mit 0 und wenig Erfahrung, die anderen sind aber auch herzlich willkommen.\r\n\r\nMaximal 20 Teilnehmende.\n\n\nBondage für Anfänger*innen - Theorie, auch Praxis.","type":{"conference_id":131,"conference":"37C3","color":"#7f73c6","updated_at":"2024-06-07T03:40+0000","name":"Workshop","id":46133},"title":"Bondage für Anfänger*innen","android_description":"Menschen interessieren sich für Dinge mit Seilen und plötzlich öffnet sich ein ganzes Universum voller Fragen, Hindernissen und technische Gründe sie nicht zu tun - die möchte ich mit euch aus dem Weg räumen.\r\n\r\nIn der Theorie und auch in der Praxis, falls ihr euer eigenes Seil mitbringt. Zielgruppe sind vor allem Leute mit 0 und wenig Erfahrung, die anderen sind aber auch herzlich willkommen.\r\n\r\nMaximal 20 Teilnehmende.\n\n\nBondage für Anfänger*innen - Theorie, auch Praxis.","end_timestamp":{"seconds":1703929800,"nanoseconds":0},"updated_timestamp":{"seconds":1703808300,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T09:50:00.000-0000","id":53999,"village_id":null,"begin_timestamp":{"seconds":1703925000,"nanoseconds":0},"tag_ids":[46133,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"begin":"2023-12-30T08:30:00.000-0000","updated":"2023-12-29T00:05:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/ratkat\n\n\nRatkat, a Hamburg native, resident DJ at Golden Pudel Club, organizing the club and concertnight “Next Time” together with NIka Son. She has a liveact under the moniker Pose Dia.","title":"Ratkat","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"https://soundcloud.com/ratkat\n\n\nRatkat, a Hamburg native, resident DJ at Golden Pudel Club, organizing the club and concertnight “Next Time” together with NIka Son. She has a liveact under the moniker Pose Dia.","end_timestamp":{"seconds":1703912400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T05:00:00.000-0000","id":53961,"begin_timestamp":{"seconds":1703905200,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-30T03:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/rss","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"RSS Disco","android_description":"https://soundcloud.com/rss","end_timestamp":{"seconds":1703907000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T03:30:00.000-0000","id":53966,"begin_timestamp":{"seconds":1703898000,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"N","begin":"2023-12-30T01:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/lfttrax\n\n\nProducer/DJ from Hamburg Germany.\r\nOne half of Schulverweis.","title":"L.F.T.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"https://soundcloud.com/lfttrax\n\n\nProducer/DJ from Hamburg Germany.\r\nOne half of Schulverweis.","end_timestamp":{"seconds":1703905200,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T03:00:00.000-0000","id":53889,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703898000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","begin":"2023-12-30T01:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"ROLL FOR INITIATIVE! In diesem Vortrag und Q&A geht es darum, wie die Spielleitung für Pen&Paper RPGs (besser) klappen kann, wie man eine Gruppe findet und auf was man alles bei der Planung der ersten eigenen Kampagne achten sollte damit die Party sich nicht selber umbringt. :)\n\n\n","title":"Spielleitung von Pen&Paper RPGs","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"ROLL FOR INITIATIVE! In diesem Vortrag und Q&A geht es darum, wie die Spielleitung für Pen&Paper RPGs (besser) klappen kann, wie man eine Gruppe findet und auf was man alles bei der Planung der ersten eigenen Kampagne achten sollte damit die Party sich nicht selber umbringt. :)","end_timestamp":{"seconds":1703898900,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T01:15:00.000-0000","id":53945,"begin_timestamp":{"seconds":1703895300,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","begin":"2023-12-30T00:15:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: Michael, openlab Augsburg\n\n\n","title":"How to get out of any git situation with these 3 commands","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703896200,"nanoseconds":0},"android_description":"Host: Michael, openlab Augsburg","updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T00:30:00.000-0000","id":54020,"village_id":null,"begin_timestamp":{"seconds":1703892600,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","updated":"2023-12-30T01:42:00.000-0000","begin":"2023-12-29T23:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The chairman of Europe's biggest furry conference explores the metaphysical and historical connection between furries and the information technology / hacker sphere through a bunch of war stories, anecdotes and drunken shower thoughts. Also a chance to ask a fandom veteran anything you can come up with you always (or never) wanted to know about furries.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"From Hacker to Furry - Why cat ears are just the beginning","end_timestamp":{"seconds":1703895300,"nanoseconds":0},"android_description":"The chairman of Europe's biggest furry conference explores the metaphysical and historical connection between furries and the information technology / hacker sphere through a bunch of war stories, anecdotes and drunken shower thoughts. Also a chance to ask a fandom veteran anything you can come up with you always (or never) wanted to know about furries.","updated_timestamp":{"seconds":1703808300,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T00:15:00.000-0000","id":54000,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703891700,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"begin":"2023-12-29T23:15:00.000-0000","updated":"2023-12-29T00:05:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Crappy robots unite! \r\n\r\nWelcome to hebocon 37c3, where strong robots become weak and flashing hearts melt. \r\n\r\nBring your robot to Stage Y on Friday night and give it the ring. \r\n\r\nHere your quickly assembled robot can become a superstar. High tech and serious pretensions strictly forbidden and accompanied by boos. The rules are simple: bring your own robot, the crappier the machine and the cuter the name, the more popular you'll be with the audience. \r\n\r\nIf you feel like it, write a message like \"ah sounds cool, maybe I'll join in\" or \"au super, I'll bring my robi along\" to hebocon-37c3@posteo.de or contact @huwg:matrix.org at Matrix. \r\n\r\nAll robots welcome except for \r\n- no remote control\r\n- no high-tech\r\n- no weapons (no fire!) \r\n\r\n#callforrobots #callforhonky #callforschrubbi\r\n\r\nWe need at least 4 robots to fight, the more the more.\r\n\r\n(We don't have the capacity to organize a build session, so you'll have to build alone or network with others)\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Hebocon","end_timestamp":{"seconds":1703895000,"nanoseconds":0},"android_description":"Crappy robots unite! \r\n\r\nWelcome to hebocon 37c3, where strong robots become weak and flashing hearts melt. \r\n\r\nBring your robot to Stage Y on Friday night and give it the ring. \r\n\r\nHere your quickly assembled robot can become a superstar. High tech and serious pretensions strictly forbidden and accompanied by boos. The rules are simple: bring your own robot, the crappier the machine and the cuter the name, the more popular you'll be with the audience. \r\n\r\nIf you feel like it, write a message like \"ah sounds cool, maybe I'll join in\" or \"au super, I'll bring my robi along\" to hebocon-37c3@posteo.de or contact @huwg:matrix.org at Matrix. \r\n\r\nAll robots welcome except for \r\n- no remote control\r\n- no high-tech\r\n- no weapons (no fire!) \r\n\r\n#callforrobots #callforhonky #callforschrubbi\r\n\r\nWe need at least 4 robots to fight, the more the more.\r\n\r\n(We don't have the capacity to organize a build session, so you'll have to build alone or network with others)","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T00:10:00.000-0000","id":53948,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703891400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T23:10:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/DanaRuh\r\n\r\nBorn and raised in Gera in Germany, Dana Ruh soon found her way to the capital city of Berlin. Since then, she ha been on a constantly evolving musical journey. In the early years, her sound was rooted in techno and landed most often on the label Brouqade Records, which she established in 2007. The label is still running too, and celebrated its 10th Year Birthday Celebration entitled 'Past/Present/Future' that emphatically encapsulated all that's great about the label.\r\nAside from Brouqade, Dana's music has also featured on the liked of Autoreply, Work Them Records, Howl and Underground Quality. It was Jus Ed's label where she released her stunning debut album. 'Naturally' in 2014, an LP that introduced Dana to a whole new audience and showcased her pure house sound with some distinctions. In 2017 she started her new Label 'Cave Recordings' that showcased her wide musical range mainly rooted in House with old school flavor.\r\nWhen she isn't busy in the studio crafting textured tracks, Dana is a fine DJ who holds down resident duties at top Berlin space, Club der Visionaere. It is there that she lays down seductive tracks from the worlds of house and techno as well as gems in between. Aside from her beloved CDV, Dana has played in some of the globe's foremost house and techno nightclubs, often alongside some of the scene's prime movers and shakers.\r\nDespite working in such an over saturated and competitive field, Dana Ruh manages to speak louder and more coherently that most, and for that reason she deserves all the love she gets.\n\n\n","title":"Dana Ruh","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703898000,"nanoseconds":0},"android_description":"https://soundcloud.com/DanaRuh\r\n\r\nBorn and raised in Gera in Germany, Dana Ruh soon found her way to the capital city of Berlin. Since then, she ha been on a constantly evolving musical journey. In the early years, her sound was rooted in techno and landed most often on the label Brouqade Records, which she established in 2007. The label is still running too, and celebrated its 10th Year Birthday Celebration entitled 'Past/Present/Future' that emphatically encapsulated all that's great about the label.\r\nAside from Brouqade, Dana's music has also featured on the liked of Autoreply, Work Them Records, Howl and Underground Quality. It was Jus Ed's label where she released her stunning debut album. 'Naturally' in 2014, an LP that introduced Dana to a whole new audience and showcased her pure house sound with some distinctions. In 2017 she started her new Label 'Cave Recordings' that showcased her wide musical range mainly rooted in House with old school flavor.\r\nWhen she isn't busy in the studio crafting textured tracks, Dana is a fine DJ who holds down resident duties at top Berlin space, Club der Visionaere. It is there that she lays down seductive tracks from the worlds of house and techno as well as gems in between. Aside from her beloved CDV, Dana has played in some of the globe's foremost house and techno nightclubs, often alongside some of the scene's prime movers and shakers.\r\nDespite working in such an over saturated and competitive field, Dana Ruh manages to speak louder and more coherently that most, and for that reason she deserves all the love she gets.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T01:00:00.000-0000","id":53960,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703890800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T23:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The Prompt Battle is a game show format with audience involvement that questions the meaning of prompt engineering in a playful and critical way.\r\nBased on the format of the Rap Battle, eight candidates compete against each other under time pressure on stage in a tournament to solve image and text tasks set for them. The audience decides who has won after each round. The rounds are interrupted by video interludes that illuminate the implications of text-to-image tools from different perspectives.\r\nThe aim of the Prompt Battle is to address the numerous controversial questions that tools such as DALL·E, Stable Diffusion and Midjourney raise for professional creatives. Questions about the origin of training data, the value of creative work, the inflation of images, and the intellectual property of the content produced.\r\n\r\nSince 2022, rapid technological advances in the field of AI-generated content have raised a series of fundamental questions. For artists and designers, the first question is whether creativity can really be automated, and whether prompt engineering really is the future-proof key capability that some believe it to be. Behind the hype, far-reaching ethical, economic, copyright and aesthetic challenges and contradictions are emerging. The Prompt Battle uses the game show format to address these questions in a playful way by confronting the candidates and the audience with prompt engineering tasks tailored to the occasion.\r\n\r\nThe original Prompt Battle was developed at HTW Dresden by Sebastian Schmieg, Florian A. Schmidt, Bernadette Geiger, Robert Hellwig, Emily Krause, Levi Stein, Lina Schwarzenberg and Ella Zickerick.\n\n\n(Live-Stream of Saal 1)\r\nDo you have what it takes to become a Prompt Designer? Based on the Rap Battle format, Prompt Battle is a game show in which people compete against each other with the performative use of language. AI-supported text-to-image software enables the candidates to generate complex photos, images, and illustrations, seemingly out of thin air, by typing in image descriptions, so-called prompts. The audience will decide who will elicit the most surprising, disturbing or beautiful images from the latent space, and who will walk away carrying the prestigious title Prompt Battle Winner.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Stream: Prompt Battle","end_timestamp":{"seconds":1703896200,"nanoseconds":0},"android_description":"The Prompt Battle is a game show format with audience involvement that questions the meaning of prompt engineering in a playful and critical way.\r\nBased on the format of the Rap Battle, eight candidates compete against each other under time pressure on stage in a tournament to solve image and text tasks set for them. The audience decides who has won after each round. The rounds are interrupted by video interludes that illuminate the implications of text-to-image tools from different perspectives.\r\nThe aim of the Prompt Battle is to address the numerous controversial questions that tools such as DALL·E, Stable Diffusion and Midjourney raise for professional creatives. Questions about the origin of training data, the value of creative work, the inflation of images, and the intellectual property of the content produced.\r\n\r\nSince 2022, rapid technological advances in the field of AI-generated content have raised a series of fundamental questions. For artists and designers, the first question is whether creativity can really be automated, and whether prompt engineering really is the future-proof key capability that some believe it to be. Behind the hype, far-reaching ethical, economic, copyright and aesthetic challenges and contradictions are emerging. The Prompt Battle uses the game show format to address these questions in a playful way by confronting the candidates and the audience with prompt engineering tasks tailored to the occasion.\r\n\r\nThe original Prompt Battle was developed at HTW Dresden by Sebastian Schmieg, Florian A. Schmidt, Bernadette Geiger, Robert Hellwig, Emily Krause, Levi Stein, Lina Schwarzenberg and Ella Zickerick.\n\n\n(Live-Stream of Saal 1)\r\nDo you have what it takes to become a Prompt Designer? Based on the Rap Battle format, Prompt Battle is a game show in which people compete against each other with the performative use of language. AI-supported text-to-image software enables the candidates to generate complex photos, images, and illustrations, seemingly out of thin air, by typing in image descriptions, so-called prompts. The audience will decide who will elicit the most surprising, disturbing or beautiful images from the latent space, and who will walk away carrying the prestigious title Prompt Battle Winner.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T00:30:00.000-0000","id":53943,"village_id":null,"tag_ids":[46120,46137,46139],"begin_timestamp":{"seconds":1703890800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T23:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The Prompt Battle is a game show format with audience involvement that questions the meaning of prompt engineering in a playful and critical way.\r\nBased on the format of the Rap Battle, eight candidates compete against each other under time pressure on stage in a tournament to solve image and text tasks set for them. The audience decides who has won after each round. The rounds are interrupted by video interludes that illuminate the implications of text-to-image tools from different perspectives.\r\nThe aim of the Prompt Battle is to address the numerous controversial questions that tools such as DALL·E, Stable Diffusion and Midjourney raise for professional creatives. Questions about the origin of training data, the value of creative work, the inflation of images, and the intellectual property of the content produced.\r\n\r\nSince 2022, rapid technological advances in the field of AI-generated content have raised a series of fundamental questions. For artists and designers, the first question is whether creativity can really be automated, and whether prompt engineering really is the future-proof key capability that some believe it to be. Behind the hype, far-reaching ethical, economic, copyright and aesthetic challenges and contradictions are emerging. The Prompt Battle uses the game show format to address these questions in a playful way by confronting the candidates and the audience with prompt engineering tasks tailored to the occasion.\r\n\r\nThe original Prompt Battle was developed at HTW Dresden by Sebastian Schmieg, Florian A. Schmidt, Bernadette Geiger, Robert Hellwig, Emily Krause, Levi Stein, Lina Schwarzenberg and Ella Zickerick.\n\n\nDo you have what it takes to become a Prompt Designer? Based on the Rap Battle format, Prompt Battle is a game show in which people compete against each other with the performative use of language. AI-supported text-to-image software enables the candidates to generate complex photos, images, and illustrations, seemingly out of thin air, by typing in image descriptions, so-called prompts. The audience will decide who will elicit the most surprising, disturbing or beautiful images from the latent space, and who will walk away carrying the prestigious title Prompt Battle Winner.","title":"Prompt Battle","type":{"conference_id":131,"conference":"37C3","color":"#d3d44d","updated_at":"2024-06-07T03:40+0000","name":"performance","id":46138},"end_timestamp":{"seconds":1703896200,"nanoseconds":0},"android_description":"The Prompt Battle is a game show format with audience involvement that questions the meaning of prompt engineering in a playful and critical way.\r\nBased on the format of the Rap Battle, eight candidates compete against each other under time pressure on stage in a tournament to solve image and text tasks set for them. The audience decides who has won after each round. The rounds are interrupted by video interludes that illuminate the implications of text-to-image tools from different perspectives.\r\nThe aim of the Prompt Battle is to address the numerous controversial questions that tools such as DALL·E, Stable Diffusion and Midjourney raise for professional creatives. Questions about the origin of training data, the value of creative work, the inflation of images, and the intellectual property of the content produced.\r\n\r\nSince 2022, rapid technological advances in the field of AI-generated content have raised a series of fundamental questions. For artists and designers, the first question is whether creativity can really be automated, and whether prompt engineering really is the future-proof key capability that some believe it to be. Behind the hype, far-reaching ethical, economic, copyright and aesthetic challenges and contradictions are emerging. The Prompt Battle uses the game show format to address these questions in a playful way by confronting the candidates and the audience with prompt engineering tasks tailored to the occasion.\r\n\r\nThe original Prompt Battle was developed at HTW Dresden by Sebastian Schmieg, Florian A. Schmidt, Bernadette Geiger, Robert Hellwig, Emily Krause, Levi Stein, Lina Schwarzenberg and Ella Zickerick.\n\n\nDo you have what it takes to become a Prompt Designer? Based on the Rap Battle format, Prompt Battle is a game show in which people compete against each other with the performative use of language. AI-supported text-to-image software enables the candidates to generate complex photos, images, and illustrations, seemingly out of thin air, by typing in image descriptions, so-called prompts. The audience will decide who will elicit the most surprising, disturbing or beautiful images from the latent space, and who will walk away carrying the prestigious title Prompt Battle Winner.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53237],"conference_id":131,"event_ids":[53613],"name":"Lina Schwarzenberg","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52265},{"content_ids":[53237],"conference_id":131,"event_ids":[53613],"name":"Sebastian Schmieg","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52385},{"content_ids":[53237],"conference_id":131,"event_ids":[53613],"name":"Ella Zickerick","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52467}],"timeband_id":1143,"links":[{"label":"Prompt Battle Website","type":"link","url":"https://promptbattle.com/"},{"label":"Prompt Battle Instagram","type":"link","url":"https://www.instagram.com/promptbattle/"}],"end":"2023-12-30T00:30:00.000-0000","id":53613,"village_id":null,"begin_timestamp":{"seconds":1703890800,"nanoseconds":0},"tag_ids":[46120,46138,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52467},{"tag_id":46107,"sort_order":1,"person_id":52265},{"tag_id":46107,"sort_order":1,"person_id":52385}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","begin":"2023-12-29T23:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Dieser Vorträge möchte die (Sozial-)psychologischen und historischen Hintergründe hinter all dem was die moderne Linke nicht mag erklären: Religionen, Hierarchien und klasische Gesellschaftsstrukturen und Rollen.\r\n\r\nHauptquelle dafür wird das Buch \"The righteous Mind\" von Jonathan Haidt, dazu gibt es aber auch noch viele kleine historische und psychologische Fakten und Zusammenhänge.\r\n\r\n🧮\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Über die Hintergründe von Religionen, Hierarchien und klassischen Gesellschaftsstruktern","android_description":"Dieser Vorträge möchte die (Sozial-)psychologischen und historischen Hintergründe hinter all dem was die moderne Linke nicht mag erklären: Religionen, Hierarchien und klasische Gesellschaftsstrukturen und Rollen.\r\n\r\nHauptquelle dafür wird das Buch \"The righteous Mind\" von Jonathan Haidt, dazu gibt es aber auch noch viele kleine historische und psychologische Fakten und Zusammenhänge.\r\n\r\n🧮","end_timestamp":{"seconds":1703894400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T00:00:00.000-0000","id":53557,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703890800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T23:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"**attention: Meeting will be on Dec. 30, 0:00; the webpage is confusing in this case**\r\n\r\ntorservers.net is a global network of non-profits running Tor relays.\r\nIt has been inactive for quite some time.\r\nThis meeting is for all non-profits who are running Tor relays.\r\nThe goal is to discuss and maybe build a future for torservers.net.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"torservers.net reboot meeting","end_timestamp":{"seconds":1703896200,"nanoseconds":0},"android_description":"**attention: Meeting will be on Dec. 30, 0:00; the webpage is confusing in this case**\r\n\r\ntorservers.net is a global network of non-profits running Tor relays.\r\nIt has been inactive for quite some time.\r\nThis meeting is for all non-profits who are running Tor relays.\r\nThe goal is to discuss and maybe build a future for torservers.net.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1143,"links":[],"end":"2023-12-30T00:30:00.000-0000","id":53516,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703890800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T23:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"your technology has a fade in its life expectancy and no reward thing could release you from your misery\n\n\n","title":"Jendrik_Deep Aid","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"your technology has a fade in its life expectancy and no reward thing could release you from your misery","end_timestamp":{"seconds":1703898000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-30T01:00:00.000-0000","id":53965,"tag_ids":[46137,46141],"village_id":null,"begin_timestamp":{"seconds":1703889000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"Y","begin":"2023-12-29T22:30:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Das merkwürdigste aus militärischer Forschung. \r\n\r\nMilitary grade Firewall, Military grade Vollbit Verschlüsselungen etc .. das neuste Buzzword wird wieder durch das Marketing getrieben ? Als Gegenargument gibt es nun die besten militärischen Fehlentwicklungen aus 4 Jahren Och Menno Podcast. Fliegende Panzer und Uboote sind ja genauso logisch wie das vom Marketing.","title":"Och Menno - Military Grade Bullshit","type":{"conference_id":131,"conference":"37C3","color":"#4cd5fe","updated_at":"2024-06-07T03:40+0000","name":"Live podcast stage (45 minutes)","id":46126},"android_description":"Das merkwürdigste aus militärischer Forschung. \r\n\r\nMilitary grade Firewall, Military grade Vollbit Verschlüsselungen etc .. das neuste Buzzword wird wieder durch das Marketing getrieben ? Als Gegenargument gibt es nun die besten militärischen Fehlentwicklungen aus 4 Jahren Och Menno Podcast. Fliegende Panzer und Uboote sind ja genauso logisch wie das vom Marketing.","end_timestamp":{"seconds":1703891700,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53687,53100,53150,53375],"conference_id":131,"event_ids":[53572,53522,53723,54019],"name":"Sven Uckermann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52388}],"timeband_id":1142,"links":[],"end":"2023-12-29T23:15:00.000-0000","id":53522,"village_id":null,"begin_timestamp":{"seconds":1703889000,"nanoseconds":0},"tag_ids":[46126,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52388}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"spans_timebands":"Y","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T22:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The well-known show game from day 1 (and, as we heard, apparently also from some tv shows), but with new answers and questions relevant to society such as climate and social justice, politics, transformation, ...\r\nWe will play two rounds open for everyone, you can win fame, honour and unique badges.\r\nThe game itself will be in german.\n\n\n","title":"Sustainability Jeopardy","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703890920,"nanoseconds":0},"android_description":"The well-known show game from day 1 (and, as we heard, apparently also from some tv shows), but with new answers and questions relevant to society such as climate and social justice, politics, transformation, ...\r\nWe will play two rounds open for everyone, you can win fame, honour and unique badges.\r\nThe game itself will be in german.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T23:02:00.000-0000","id":53775,"begin_timestamp":{"seconds":1703887320,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"Y","begin":"2023-12-29T22:02:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"During the past decades, Apple has created iconic devices that have found a place in the hands and hearts of millions of people around the world. As many of these devices have become obsolete, the importance of preserving their digital essence has grown. The emulation of legacy devices with software allows enthusiasts and researchers to explore and interact with them long after the original hardware has ceased to be available. Emulation, therefore, allows the digital preservation of obsolete hardware, ensuring these devices are accessible to future generations.\r\n\r\nThis talk describes a multi-year project named QEMU-iOS that lays the groundwork for emulating legacy Apple devices. In particular, we have focussed on emulating the iPod Touch 2G using QEMU, an open-source framework for hardware emulation. Yet, even emulating an old device with a few peripherals compared to contemporary devices is challenging since the specifications and inner workings of many peripherals are proprietary and completely undocumented.\r\n\r\nThe talk first describes the overall project motivation, goals, and vision. Then, I will discuss the reverse engineering process where multiple undocumented peripherals of the iPod Touch have been analyzed to understand and replicate their specifications in software. A key talking point will be the working of essential peripherals, including the cryptographic engines, the LCD, the Flash memory controller, various hardware communication protocols, the touchscreen driver, and other peripherals. The talk will also detail the booting procedure of the iPod Touch, elaborating on the emulation of the iBoot bootloader, the XNU kernel, and the Springboard application in iOS. Getting the boot chain up and running required extensive debugging efforts using powerful reverse engineering tools such as Ghidra to disassemble and analyze all essential binaries in the boot procedure. After outlining the reverse engineering process, I will present the implementation of QEMU-iOS, which entails a functional emulator that boots the iOS operating system, renders the display, and responds to touches on the screen.\r\n\r\nThe final part of this talk will touch upon the implications of open-sourcing this project, its contribution to the broader emulation and reverse engineering landscape, and the potential it holds for future efforts in emulating other legacy Apple devices, as well as the viability of emulating newer devices with advanced peripherals such as the Neural Engine. I will also discuss existing approaches, highlight where QEMU-iOS differs, and summarize the lessons learned while emulating these devices.\r\n\r\nThis talk is designed for a wide range of people, whether you are new to reverse engineering and emulation or have experience in these fields. The goal is to explain the technical challenges faced during this project in a way that's easy for beginners to understand while also providing more in-depth insights I discovered while working on QEMU-iOS. Through this talk, the aim is not only to share the technical knowledge gained from this project but also to explore the merits of emulation and reverse engineering to keep old devices alive.\n\n\nThis talk presents QEMU-iOS, an open-source emulator of legacy Apple devices. I outline the process of emulating an iPod Touch 2G, discussing the technical challenges and reverse engineering methodologies applied. The talk starts with an overview of the project's goals and then outlines the reverse engineering process, utilizing tools like Ghidra for disassembling the Apple bootloader, XNU kernel, and other binaries. Then, I describe QEMU, a popular framework for emulation, and show how essential iPod Touch peripherals such as the touchscreen, storage, and display have been implemented. Finally, this talk touches upon the implications of open-sourcing this project, its contribution to the emulation and reverse engineering landscape, and its potential for future efforts to emulate newer Apple devices.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Breathing Life into Legacy: An Open-Source Emulator of Legacy Apple Devices","end_timestamp":{"seconds":1703889600,"nanoseconds":0},"android_description":"During the past decades, Apple has created iconic devices that have found a place in the hands and hearts of millions of people around the world. As many of these devices have become obsolete, the importance of preserving their digital essence has grown. The emulation of legacy devices with software allows enthusiasts and researchers to explore and interact with them long after the original hardware has ceased to be available. Emulation, therefore, allows the digital preservation of obsolete hardware, ensuring these devices are accessible to future generations.\r\n\r\nThis talk describes a multi-year project named QEMU-iOS that lays the groundwork for emulating legacy Apple devices. In particular, we have focussed on emulating the iPod Touch 2G using QEMU, an open-source framework for hardware emulation. Yet, even emulating an old device with a few peripherals compared to contemporary devices is challenging since the specifications and inner workings of many peripherals are proprietary and completely undocumented.\r\n\r\nThe talk first describes the overall project motivation, goals, and vision. Then, I will discuss the reverse engineering process where multiple undocumented peripherals of the iPod Touch have been analyzed to understand and replicate their specifications in software. A key talking point will be the working of essential peripherals, including the cryptographic engines, the LCD, the Flash memory controller, various hardware communication protocols, the touchscreen driver, and other peripherals. The talk will also detail the booting procedure of the iPod Touch, elaborating on the emulation of the iBoot bootloader, the XNU kernel, and the Springboard application in iOS. Getting the boot chain up and running required extensive debugging efforts using powerful reverse engineering tools such as Ghidra to disassemble and analyze all essential binaries in the boot procedure. After outlining the reverse engineering process, I will present the implementation of QEMU-iOS, which entails a functional emulator that boots the iOS operating system, renders the display, and responds to touches on the screen.\r\n\r\nThe final part of this talk will touch upon the implications of open-sourcing this project, its contribution to the broader emulation and reverse engineering landscape, and the potential it holds for future efforts in emulating other legacy Apple devices, as well as the viability of emulating newer devices with advanced peripherals such as the Neural Engine. I will also discuss existing approaches, highlight where QEMU-iOS differs, and summarize the lessons learned while emulating these devices.\r\n\r\nThis talk is designed for a wide range of people, whether you are new to reverse engineering and emulation or have experience in these fields. The goal is to explain the technical challenges faced during this project in a way that's easy for beginners to understand while also providing more in-depth insights I discovered while working on QEMU-iOS. Through this talk, the aim is not only to share the technical knowledge gained from this project but also to explore the merits of emulation and reverse engineering to keep old devices alive.\n\n\nThis talk presents QEMU-iOS, an open-source emulator of legacy Apple devices. I outline the process of emulating an iPod Touch 2G, discussing the technical challenges and reverse engineering methodologies applied. The talk starts with an overview of the project's goals and then outlines the reverse engineering process, utilizing tools like Ghidra for disassembling the Apple bootloader, XNU kernel, and other binaries. Then, I describe QEMU, a popular framework for emulation, and show how essential iPod Touch peripherals such as the touchscreen, storage, and display have been implemented. Finally, this talk touches upon the implications of open-sourcing this project, its contribution to the emulation and reverse engineering landscape, and its potential for future efforts to emulate newer Apple devices.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[{"content_ids":[53591],"conference_id":131,"event_ids":[53942],"name":"Martijn de Vos","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52386}],"timeband_id":1142,"end":"2023-12-29T22:40:00.000-0000","links":[{"label":"The QEMU-iOS source code on GitHub","type":"link","url":"https://github.com/devos50/qemu-ios"},{"label":"A blog post describing the process of reverse engineering the iPod Touch 1G","type":"link","url":"https://devos50.github.io/blog/2022/ipod-touch-qemu/"}],"id":53942,"begin_timestamp":{"seconds":1703887200,"nanoseconds":0},"village_id":null,"tag_ids":[46122,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52386}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T22:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"At Chaospott in Essen, we have developed rich tools to interact with and inspect hardware, enabling people to bring their gadgets to new life and run their own code, be it on TV boxes, network cameras, or appliances of various kinds.\r\nIn other words, should a cloud service go down or unmaintained software get compromised, we revive what would otherwise be bricks.\n\n\nWhile more and more hackerspaces have been founded in the recent years, there are many different topics that are being discussed at the same time:\r\nAI, 3D printing, Arduino, social and political questions, and lots more.\r\nWhere are the hacks though? Things are happening, and with this talk, we want to talk about them and call for exchange.","type":{"conference_id":131,"conference":"37C3","color":"#f6ae74","updated_at":"2024-06-07T03:40+0000","name":"Talk 90 Minuten +15m Q&A","id":46132},"title":"Bringing the Hack Back into the Chaos","end_timestamp":{"seconds":1703890800,"nanoseconds":0},"android_description":"At Chaospott in Essen, we have developed rich tools to interact with and inspect hardware, enabling people to bring their gadgets to new life and run their own code, be it on TV boxes, network cameras, or appliances of various kinds.\r\nIn other words, should a cloud service go down or unmaintained software get compromised, we revive what would otherwise be bricks.\n\n\nWhile more and more hackerspaces have been founded in the recent years, there are many different topics that are being discussed at the same time:\r\nAI, 3D printing, Arduino, social and political questions, and lots more.\r\nWhere are the hacks though? Things are happening, and with this talk, we want to talk about them and call for exchange.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53485],"conference_id":131,"event_ids":[53819],"name":"Daniel Maslowski","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52324}],"timeband_id":1142,"links":[],"end":"2023-12-29T23:00:00.000-0000","id":53819,"tag_ids":[46132,46140],"village_id":null,"begin_timestamp":{"seconds":1703887200,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52324}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"begin":"2023-12-29T22:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"You couldn't tie your shoelaces if we lived in four dimensions! And spheres would be much smaller and spikier. We'll take you on a visual tour of these and other curious phenomena unfolding in four dimensions.\r\n\r\nThe space we live in is three-dimensional. But mathematically, four dimensions can be just as easily defined as three dimensions. In the talk, we'll give an accessible introduction to four-dimensional thinking. We'll discuss how to imagine four dimensions, see examples of beautiful four-dimensional shapes, learn how to glue three-dimensional forms to four-dimensional ones and discover what's special about four dimensions. We'll also explore a four-dimensional labyrinth.\r\n\r\nThere's some chance that you'll leave the talk with a new favourite platonic solid.\r\n\r\nThe talk doesn't require any mathematical prerequisites. Exactly two formulas will appear. There will be pretty pictures. Bring your kids (age 12 and above), if they understand English! If you have seen the installment of this talk at the 36c3, then skip this talk, there is very little new material.\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮\n\n\n","title":"Wondrous mathematics: The curious world of four-dimensional geometry","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703890200,"nanoseconds":0},"android_description":"You couldn't tie your shoelaces if we lived in four dimensions! And spheres would be much smaller and spikier. We'll take you on a visual tour of these and other curious phenomena unfolding in four dimensions.\r\n\r\nThe space we live in is three-dimensional. But mathematically, four dimensions can be just as easily defined as three dimensions. In the talk, we'll give an accessible introduction to four-dimensional thinking. We'll discuss how to imagine four dimensions, see examples of beautiful four-dimensional shapes, learn how to glue three-dimensional forms to four-dimensional ones and discover what's special about four dimensions. We'll also explore a four-dimensional labyrinth.\r\n\r\nThere's some chance that you'll leave the talk with a new favourite platonic solid.\r\n\r\nThe talk doesn't require any mathematical prerequisites. Exactly two formulas will appear. There will be pretty pictures. Bring your kids (age 12 and above), if they understand English! If you have seen the installment of this talk at the 36c3, then skip this talk, there is very little new material.\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T22:50:00.000-0000","id":53776,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703887200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T22:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In the piece, three different containers of sound are presented: acoustic(Sound diffusion in the architecture), digital (computer based sound algorithms) and analogue (electromagnetic tape and analog processing). This containers, or buffers, are then being intertwined by the performer creating thus sonic textures that interplay with the resonances of the space.\r\n\r\nThe strategy for the sound performance is to articulate a metaphor of a circular-buffer, a data structure used in Computer Science, to the idea brought upon in Derrida’s interview with Ornette Coleman, in which Improvisation practice in music is understood as a reading in which the borders between reading and writing are obfuscated.\r\n\r\nThe work is inspired by the concept of daemon and non-locality explored by Timothy Morton in his reading of Plato’s Ion as well as Ursula K. Le Guin’s The Carrier Bag Theory of Fiction.\n\n\nThe work titled Buffered Daemons is a sound performance that attempts to explore the concepts of translation and non-local interaction in the sound realm. It does so by playing with the idiosyncrasies of audio representation/playback and mobilises them through the creation of an expanded musical situation.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#49bae3","name":"concert","id":46135},"title":"Buffered Daemons","android_description":"In the piece, three different containers of sound are presented: acoustic(Sound diffusion in the architecture), digital (computer based sound algorithms) and analogue (electromagnetic tape and analog processing). This containers, or buffers, are then being intertwined by the performer creating thus sonic textures that interplay with the resonances of the space.\r\n\r\nThe strategy for the sound performance is to articulate a metaphor of a circular-buffer, a data structure used in Computer Science, to the idea brought upon in Derrida’s interview with Ornette Coleman, in which Improvisation practice in music is understood as a reading in which the borders between reading and writing are obfuscated.\r\n\r\nThe work is inspired by the concept of daemon and non-locality explored by Timothy Morton in his reading of Plato’s Ion as well as Ursula K. Le Guin’s The Carrier Bag Theory of Fiction.\n\n\nThe work titled Buffered Daemons is a sound performance that attempts to explore the concepts of translation and non-local interaction in the sound realm. It does so by playing with the idiosyncrasies of audio representation/playback and mobilises them through the creation of an expanded musical situation.","end_timestamp":{"seconds":1703889600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53413],"conference_id":131,"event_ids":[53758],"name":"Pedro A. Ramírez","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52393}],"timeband_id":1142,"end":"2023-12-29T22:40:00.000-0000","links":[{"label":"description of the project + video","type":"link","url":"https://airpopcrack.com/Buffered-Daemons"}],"id":53758,"village_id":null,"begin_timestamp":{"seconds":1703887200,"nanoseconds":0},"tag_ids":[46118,46135,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52393}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T22:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Connecting to cellular networks around the world is a highly complex task. iPhones contain a baseband chip (also referred to as a modem) for that purpose. It communicates via a high-level interface with the smartphone’s application processor running iOS. So far, Apple hasn’t been able to build such basebands in-house. Instead, starting from the iPhone 12, they exclusively rely on Qualcomm basebands.\r\n\r\nQualcomm’s basebands use a proprietary protocol for external communication, the Qualcomm MSM Interface. We reverse-engineered its iOS implementation and built a framework to extract the protocol’s packet structures from iOS firmware. Our iOS Wireshark dissector uses these packet structures and enables us to monitor the flow of packets between the baseband and iOS. This allows us to gain new insights into the iPhone’s wireless communication infrastructure, including its satellite connectivity. Our tooling also provides a novel way to directly interact with the baseband chip in jailbroken iPhones, bypassing iOS and unlocking hidden capabilities of the baseband.\r\n\r\nFake or Rouge base stations can be set up by individuals using readily available software-defined radios. Adversaries can utilize them to capture IMSIs of nearby smartphones, track their location, or exploit vulnerable basebands. iPhone users usually don’t notice such attacks, and there are (almost) no protection mechanisms implemented in iOS.\r\n\r\nDuring our research, we discovered Apple’s internal cell location database, which is intended for determining approximate positions. Our CellGuard iOS app combines this database with the QMI analysis framework to monitor various parameters of connected cells, verify their authenticity, and alert users in case there’s suspicious activity. The app even works on non-jailbroken iPhones. We evaluated the app in a lab environment with SDRs and real-world tests since February 2023 and are steadily improving it for a release next year.\n\n\nYour phone’s internal communication contains precious data. It can be analyzed to detect fake base stations used in cellular attacks. For that, we reverse-engineered a proprietary communication channel between the phone’s OS and modem.","title":"What your phone won’t tell you","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703889600,"nanoseconds":0},"android_description":"Connecting to cellular networks around the world is a highly complex task. iPhones contain a baseband chip (also referred to as a modem) for that purpose. It communicates via a high-level interface with the smartphone’s application processor running iOS. So far, Apple hasn’t been able to build such basebands in-house. Instead, starting from the iPhone 12, they exclusively rely on Qualcomm basebands.\r\n\r\nQualcomm’s basebands use a proprietary protocol for external communication, the Qualcomm MSM Interface. We reverse-engineered its iOS implementation and built a framework to extract the protocol’s packet structures from iOS firmware. Our iOS Wireshark dissector uses these packet structures and enables us to monitor the flow of packets between the baseband and iOS. This allows us to gain new insights into the iPhone’s wireless communication infrastructure, including its satellite connectivity. Our tooling also provides a novel way to directly interact with the baseband chip in jailbroken iPhones, bypassing iOS and unlocking hidden capabilities of the baseband.\r\n\r\nFake or Rouge base stations can be set up by individuals using readily available software-defined radios. Adversaries can utilize them to capture IMSIs of nearby smartphones, track their location, or exploit vulnerable basebands. iPhone users usually don’t notice such attacks, and there are (almost) no protection mechanisms implemented in iOS.\r\n\r\nDuring our research, we discovered Apple’s internal cell location database, which is intended for determining approximate positions. Our CellGuard iOS app combines this database with the QMI analysis framework to monitor various parameters of connected cells, verify their authenticity, and alert users in case there’s suspicious activity. The app even works on non-jailbroken iPhones. We evaluated the app in a lab environment with SDRs and real-world tests since February 2023 and are steadily improving it for a release next year.\n\n\nYour phone’s internal communication contains precious data. It can be analyzed to detect fake base stations used in cellular attacks. For that, we reverse-engineered a proprietary communication channel between the phone’s OS and modem.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T22:40:00.000-0000","id":53741,"begin_timestamp":{"seconds":1703887200,"nanoseconds":0},"tag_ids":[46124,46136,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T22:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://events.ccc.de/congress/2023/hub/en/event/tea-session-enjoy-a-cup-of-tea-and-chat-with-the-f/\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Tea Session: Enjoy a cup of tea and chat with the FOSSASIA community","android_description":"https://events.ccc.de/congress/2023/hub/en/event/tea-session-enjoy-a-cup-of-tea-and-chat-with-the-f/","end_timestamp":{"seconds":1703890800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T23:00:00.000-0000","id":53535,"village_id":null,"begin_timestamp":{"seconds":1703887200,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"spans_timebands":"Y","begin":"2023-12-29T22:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This is a round to play some \"Charades\":\r\n\r\nExplaining concepts with mimes/ gestures only, as an interactive game: All the others watch and shout what comes into their mind, what the person who has to explain can then also react upon.\r\n\r\nIntellectual associative fun when played with difficult / abstract concepts, too, so: No restricting ruleset.\r\n\r\nDrop-in / Drop-out at anytime possible.\r\n\r\n*🧮* \r\n*offered by: [@dreieck](https://events.ccc.de/congress/2023/hub/user/dreieck/)*\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Pantomimisches Begrifferaten / Charades.","end_timestamp":{"seconds":1703889900,"nanoseconds":0},"android_description":"This is a round to play some \"Charades\":\r\n\r\nExplaining concepts with mimes/ gestures only, as an interactive game: All the others watch and shout what comes into their mind, what the person who has to explain can then also react upon.\r\n\r\nIntellectual associative fun when played with difficult / abstract concepts, too, so: No restricting ruleset.\r\n\r\nDrop-in / Drop-out at anytime possible.\r\n\r\n*🧮* \r\n*offered by: [@dreieck](https://events.ccc.de/congress/2023/hub/user/dreieck/)*","updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T22:45:00.000-0000","id":54011,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703886300,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Corridor outside Hall 3 near Openlab Augsburg","hotel":"","short_name":"Corridor outside Hall 3 near Openlab Augsburg","id":46170},"updated":"2023-12-29T15:25:00.000-0000","begin":"2023-12-29T21:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"**We meet at the free space in front of Saal D.**\r\n\r\nThe organizer of this session will vanish after 20 minutes to go to another session, but of course feel free to continue discussing your favorite works of scifi after that point.\r\n\r\n🧮\n\n\nThere is now a public library of scifi books (and maths textbooks, climate activism, ...) at Stage Y. In this session, held at the free space in front of Saal D, some of these books are introduced and you are encouraged to advertise your favorite books.","title":"Super-lightning talks advertising captivating, intriguing and insightful science fiction stories","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"**We meet at the free space in front of Saal D.**\r\n\r\nThe organizer of this session will vanish after 20 minutes to go to another session, but of course feel free to continue discussing your favorite works of scifi after that point.\r\n\r\n🧮\n\n\nThere is now a public library of scifi books (and maths textbooks, climate activism, ...) at Stage Y. In this session, held at the free space in front of Saal D, some of these books are introduced and you are encouraged to advertise your favorite books.","end_timestamp":{"seconds":1703887200,"nanoseconds":0},"updated_timestamp":{"seconds":1703954760,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T22:00:00.000-0000","id":54024,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703886000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"spans_timebands":"N","begin":"2023-12-29T21:40:00.000-0000","updated":"2023-12-30T16:46:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"> Teenage hackers discover a criminal conspiracy with plans to use a computer virus that will capsize five oil tankers.\r\n\r\n# Hack The Planet!\r\n\r\nWhiskeyleaks at Milliways, Hackers at Community Stage.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Movie Night: Hackers","android_description":"> Teenage hackers discover a criminal conspiracy with plans to use a computer virus that will capsize five oil tankers.\r\n\r\n# Hack The Planet!\r\n\r\nWhiskeyleaks at Milliways, Hackers at Community Stage.","end_timestamp":{"seconds":1703891700,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T23:15:00.000-0000","id":53452,"village_id":null,"begin_timestamp":{"seconds":1703885400,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T21:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Trussed is Modern Cryptographic Firmware from Solokeys and Nitrokeys based on Rust. This is an introduction and overview of the status of Trussed.\n\n\nTrussed is Modern Cryptographic Firmware from Solokeys and Nitrokeys based on Rust. This is an introduction and overview of the status of Trussed.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Open Security Token Nitrokey and the Trussed Cryptographic Firmware","end_timestamp":{"seconds":1703887200,"nanoseconds":0},"android_description":"Trussed is Modern Cryptographic Firmware from Solokeys and Nitrokeys based on Rust. This is an introduction and overview of the status of Trussed.\n\n\nTrussed is Modern Cryptographic Firmware from Solokeys and Nitrokeys based on Rust. This is an introduction and overview of the status of Trussed.","updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T22:00:00.000-0000","id":54025,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703883600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"spans_timebands":"N","updated":"2023-12-30T01:42:00.000-0000","begin":"2023-12-29T21:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Part 2 of [Pwning meetup](https://events.ccc.de/congress/2023/hub/en/event/pwning-meetup-pwntools-pwndbg/), but feel free to come if you did not attend part 1!\r\n\r\nPwntools and Pwndbg users and contributors assemble!\r\n\r\nWe are hosting a meetup for those who use or develop the two most loved and used tools in the binary exploitation/pwning CTF ([Capture The Flag security competitions](https://en.wikipedia.org/wiki/Capture_the_flag_(cybersecurity))) scene.\r\n\r\nWe will host presentations about Pwntools and Pwndbg from [Arusekk](https://github.com/Arusekk) and [Disconnect3d](https://github.com/disconnect3d) and then we will have a Q&A and discussion time.\r\n\r\nIf you want to present a very short lightning talk (~5min) on those tools or anything else related to pwning, please let us know (e.g., by mailing [dominik.b.czarnota+ccc2023@gmail.com](mailto:dominik.b.czarnota+ccc2023@gmail.com) or pinging [@disconnect3d_pl](https://twitter.com/disconnect3d_pl/) on Twitter).\n\n\n","title":"Pwning meetup (Pwntools & Pwndbg) part 2","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Part 2 of [Pwning meetup](https://events.ccc.de/congress/2023/hub/en/event/pwning-meetup-pwntools-pwndbg/), but feel free to come if you did not attend part 1!\r\n\r\nPwntools and Pwndbg users and contributors assemble!\r\n\r\nWe are hosting a meetup for those who use or develop the two most loved and used tools in the binary exploitation/pwning CTF ([Capture The Flag security competitions](https://en.wikipedia.org/wiki/Capture_the_flag_(cybersecurity))) scene.\r\n\r\nWe will host presentations about Pwntools and Pwndbg from [Arusekk](https://github.com/Arusekk) and [Disconnect3d](https://github.com/disconnect3d) and then we will have a Q&A and discussion time.\r\n\r\nIf you want to present a very short lightning talk (~5min) on those tools or anything else related to pwning, please let us know (e.g., by mailing [dominik.b.czarnota+ccc2023@gmail.com](mailto:dominik.b.czarnota+ccc2023@gmail.com) or pinging [@disconnect3d_pl](https://twitter.com/disconnect3d_pl/) on Twitter).","end_timestamp":{"seconds":1703885400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T21:30:00.000-0000","id":53953,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703883600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T21:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/ricardo-villalobos-official\r\n\r\nhttps://www.youtube.com/watch?v=hcoRaktLSnQ\n\n\n","title":"Ricardo Villalobos","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703890800,"nanoseconds":0},"android_description":"https://soundcloud.com/ricardo-villalobos-official\r\n\r\nhttps://www.youtube.com/watch?v=hcoRaktLSnQ","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T23:00:00.000-0000","id":53888,"begin_timestamp":{"seconds":1703883600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T21:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Let's talk ten year old tech! The Myo armband from Thalmic Labs was once a really strange way to control a computer, and then became a pretty good way to do fine-grained myomuscular electrical detection research for prosthetics. These processes usually have a high cost or involve less-portable computing systems. In order to make a robotic effect that can be deployed apparently independently, it's more interesting to have a low-cost, encapsulated system.\r\n\r\nIn this talk we'll walk through what it takes in 2023 to have a Thalmic Myo armband talk to a Raspberry Pi 3B+ using Python. We'll provide a demonstration of a pneumatic robot based on the Programmable Air system controlled over serial using the armband.\r\n\r\nThe goal of this project is to have access to strong mechanical advantage without the compromises of servos or stepper motors, and with some of the organic feel possible with air or water systems.\n\n\nLet's talk ten year old tech! The myo armband was once a really strange way to control a computer, and then became a way to do fine-grained myomuscular electrical detection research. This is a talk about how to hook a myo to a Raspberry Pi 3B+ in 2023, and from there how to have the armband communicate over serial to other devices. We choose to use it to control a Programmable Air system for pneumatic control of muscular robots.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#6fdce3","name":"Talk 30 min + 10 min Q&A","id":46131},"title":"Encapsulated Electromyography with Myo and Raspi","android_description":"Let's talk ten year old tech! The Myo armband from Thalmic Labs was once a really strange way to control a computer, and then became a pretty good way to do fine-grained myomuscular electrical detection research for prosthetics. These processes usually have a high cost or involve less-portable computing systems. In order to make a robotic effect that can be deployed apparently independently, it's more interesting to have a low-cost, encapsulated system.\r\n\r\nIn this talk we'll walk through what it takes in 2023 to have a Thalmic Myo armband talk to a Raspberry Pi 3B+ using Python. We'll provide a demonstration of a pneumatic robot based on the Programmable Air system controlled over serial using the armband.\r\n\r\nThe goal of this project is to have access to strong mechanical advantage without the compromises of servos or stepper motors, and with some of the organic feel possible with air or water systems.\n\n\nLet's talk ten year old tech! The myo armband was once a really strange way to control a computer, and then became a way to do fine-grained myomuscular electrical detection research. This is a talk about how to hook a myo to a Raspberry Pi 3B+ in 2023, and from there how to have the armband communicate over serial to other devices. We choose to use it to control a Programmable Air system for pneumatic control of muscular robots.","end_timestamp":{"seconds":1703886000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53484],"conference_id":131,"event_ids":[53818],"name":"Alex Leitch","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52322},{"content_ids":[53484],"conference_id":131,"event_ids":[53818],"name":"Celia Chen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52387}],"timeband_id":1142,"links":[],"end":"2023-12-29T21:40:00.000-0000","id":53818,"begin_timestamp":{"seconds":1703883600,"nanoseconds":0},"tag_ids":[46131,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52322},{"tag_id":46107,"sort_order":1,"person_id":52387}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T21:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"I think the Advent of Code (https://www.adventofcode.com) is a great Advent calendar. But some of the puzzles are rather more difficult, and I don't have time to do them every day, so there are still a few puzzles left unsolved. I think many of you feel the same way.\r\n\r\nThis is an invitation to meet and crack the last puzzles together. It's always more fun together.\r\n\r\nI have solved my puzzles in Kotlin and can also provide support for Java, Python, Dart and JavaScript.\r\n\r\nPlease bring your own laptops.\r\n\r\nDisclaimer: I am not affiliated in any way with AdventOfCode.com\n\n\n","title":"Finish Advent Of Code beenden","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703887200,"nanoseconds":0},"android_description":"I think the Advent of Code (https://www.adventofcode.com) is a great Advent calendar. But some of the puzzles are rather more difficult, and I don't have time to do them every day, so there are still a few puzzles left unsolved. I think many of you feel the same way.\r\n\r\nThis is an invitation to meet and crack the last puzzles together. It's always more fun together.\r\n\r\nI have solved my puzzles in Kotlin and can also provide support for Java, Python, Dart and JavaScript.\r\n\r\nPlease bring your own laptops.\r\n\r\nDisclaimer: I am not affiliated in any way with AdventOfCode.com","updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T22:00:00.000-0000","id":53521,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703883600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"updated":"2023-12-29T15:25:00.000-0000","begin":"2023-12-29T21:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir schauen und kommentieren die Serie Stromberg, Folge für Folge. Ein Rewatch Podcast von Fans für Fans!","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#53b574","name":"Podcasting table (90 minutes)","id":46129},"title":"Radio Capitol - Der Rewatch Podcast","android_description":"Wir schauen und kommentieren die Serie Stromberg, Folge für Folge. Ein Rewatch Podcast von Fans für Fans!","end_timestamp":{"seconds":1703889000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53197,53318,53344],"conference_id":131,"event_ids":[53696,53507,53458],"name":"MacSnider","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52346}],"timeband_id":1142,"links":[],"end":"2023-12-29T22:30:00.000-0000","id":53507,"begin_timestamp":{"seconds":1703883600,"nanoseconds":0},"tag_ids":[46129,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52346}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T21:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"A chat about Game Boys, hardware and everything. Either in continuation of the talk \"Reconstructing game footage from a Game Boy's memory bus\" at 20:30 at \"Saal Grace\" for those who want to know more about the \"GB Interceptor\" or for anyone who wants to meet and talk about the old gaming consoles.\n\n\nA chat about Game Boys, hardware and everything.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Game Boy chat","end_timestamp":{"seconds":1703887200,"nanoseconds":0},"android_description":"A chat about Game Boys, hardware and everything. Either in continuation of the talk \"Reconstructing game footage from a Game Boy's memory bus\" at 20:30 at \"Saal Grace\" for those who want to know more about the \"GB Interceptor\" or for anyone who wants to meet and talk about the old gaming consoles.\n\n\nA chat about Game Boys, hardware and everything.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T22:00:00.000-0000","id":53502,"begin_timestamp":{"seconds":1703883600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"House","hotel":"","short_name":"House","id":46137},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T21:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Offene Diskussion im Fishbowl-Format:\r\n\r\nhttps://sendegate.de/t/37c3-session-rueckkanal-bei-der-podcasterei-twitter-ist-tot-es-lebe-das-fediverse/16719","type":{"conference_id":131,"conference":"37C3","color":"#e78bea","updated_at":"2024-06-07T03:40+0000","name":"Live podcast stage (90 minutes)","id":46127},"title":"Rückkanal bei der Podcasterei: Twitter ist tot, Es lebe das Fediverse?!","android_description":"Offene Diskussion im Fishbowl-Format:\r\n\r\nhttps://sendegate.de/t/37c3-session-rueckkanal-bei-der-podcasterei-twitter-ist-tot-es-lebe-das-fediverse/16719","end_timestamp":{"seconds":1703888100,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T22:15:00.000-0000","id":53792,"tag_ids":[46127,46139],"village_id":null,"begin_timestamp":{"seconds":1703882700,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"begin":"2023-12-29T20:45:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Attend this talk for a presentation about an unusual variant of lock picking, which does not involve any wrenches, hooks or half-diamond picks. Instead the used tools are a software defined radio, PIC programmer and some self-developed software to gain access without using the original key remote control.\r\n\r\nIf you had fun watching the [Hörmann BiSecur talk at 34C3](https://media.ccc.de/v/34c3-9029-uncovering_vulnerabilities_in_hoermann_bisecur), this talk is for you! If you haven't watched it, it is highly recommended to catch up on it before attending this talk. While it is about a different product from a different vendor, there are many parallels and it can be seen as a sequel talk.\r\n\r\nThe plan for this talk is to first have a look at the radio signals from the door lock using a SDR. After making sense of the used message protocol, the hardware is analyzed to understand how it works and how to get access to the used micro-controllers (PIC18LF45K80 & PIC16LF1829). In the next step, the firmware from the read-protected PIC microcontroller is extracted by extending the existing PIC attacks. Last but not least the results will be demonstrated.\n\n\nMainframe, Oldenburg's Hackerspace, needed a wireless door lock solution. We do not trust vendors advertising promises about the device security and had a closer look.","title":"Unlocked: PICing a wireless door access system","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703886300,"nanoseconds":0},"android_description":"Attend this talk for a presentation about an unusual variant of lock picking, which does not involve any wrenches, hooks or half-diamond picks. Instead the used tools are a software defined radio, PIC programmer and some self-developed software to gain access without using the original key remote control.\r\n\r\nIf you had fun watching the [Hörmann BiSecur talk at 34C3](https://media.ccc.de/v/34c3-9029-uncovering_vulnerabilities_in_hoermann_bisecur), this talk is for you! If you haven't watched it, it is highly recommended to catch up on it before attending this talk. While it is about a different product from a different vendor, there are many parallels and it can be seen as a sequel talk.\r\n\r\nThe plan for this talk is to first have a look at the radio signals from the door lock using a SDR. After making sense of the used message protocol, the hardware is analyzed to understand how it works and how to get access to the used micro-controllers (PIC18LF45K80 & PIC16LF1829). In the next step, the firmware from the read-protected PIC microcontroller is extracted by extending the existing PIC attacks. Last but not least the results will be demonstrated.\n\n\nMainframe, Oldenburg's Hackerspace, needed a wireless door lock solution. We do not trust vendors advertising promises about the device security and had a closer look.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[{"label":"PIC flashing software for Raspberry Pi","type":"link","url":"https://github.com/sre/picberry"},{"label":"Gnuradio Files","type":"link","url":"https://github.com/sre/mrf89xa-gnuradio"},{"label":"BSI Product Warning","type":"link","url":"https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Warnungen-nach-P7_BSIG/Archiv/2022/BSI_W-005-220810.pdf?__blob=publicationFile&v=16"},{"label":"BBB MRF89XA Cape","type":"link","url":"https://github.com/sre/bbb-mrf89xa-cape"}],"end":"2023-12-29T21:45:00.000-0000","id":53757,"village_id":null,"tag_ids":[46124,46136,46140],"begin_timestamp":{"seconds":1703882700,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"begin":"2023-12-29T20:45:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Die einzelnen Systeme eines U-Boots sind nicht kompliziert. Aber die Schwierigkeit liegt in der Summe der Einzelsysteme, die auf engem Raum im Zusammenspiel sicher funktionieren müssen. Der Fokus des Vortrags liegt neben unserer kurzweiligen Geschichte auf den technischen Schwierigkeiten, zu denen sich in der Literatur wenig findet oder wegen derer es nicht gleich auf Anhieb funktioniert hat. Damit ihr, falls ihr ähnliches plant, einen besseren Start habt und von unseren Fehlern profitieren könnt.\r\n\r\nWas gibt es bei der Wahl eines geeigneten Drucktanks zu beachten?\r\nWie lässt sich eine wasserdichte Luke konstruieren?\r\nDrahtlose Unterwasserkommunikation mittels Ultraschall?\r\nWie bauen wir Redundanz in die Systeme ein?\r\nWie werden wir das CO2 los, um nicht zu ersticken?\r\nWarum sind auf einmal Risse in den Scheiben?\r\nWas tun, wenn nichts mehr geht?\r\nUnd was, wenn dann auch noch die Polizei kommt?\r\n\r\nIn dem Vortrag geht es nicht um Probleme anderer kaputter U-Boote. Wir werden das Titan-Desaster mit maximal einer Folie behandeln.\r\n\r\nMit Fotos von Selene Magnolia\n\n\n3,4 Tonnen schwer, 4,3 Meter lang, Material: Stahl, Farbe: Orange und der Fahrzeugtyp ist „Sporttauchboot”. Vom Fund eines Drucktanks bis zum ersten Tauchgang auf den Grund eines Tagebausees – wir erzählen von unseren größten Herausforderungen sowie Fehlschlägen.\r\n\r\nWir laden euch ein zu einem technischen Beratungsgespräch für alle, die schonmal mit dem Gedanken gespielt haben, ein U-Boot zu bauen.","title":"How to build a submarine and survive","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703886300,"nanoseconds":0},"android_description":"Die einzelnen Systeme eines U-Boots sind nicht kompliziert. Aber die Schwierigkeit liegt in der Summe der Einzelsysteme, die auf engem Raum im Zusammenspiel sicher funktionieren müssen. Der Fokus des Vortrags liegt neben unserer kurzweiligen Geschichte auf den technischen Schwierigkeiten, zu denen sich in der Literatur wenig findet oder wegen derer es nicht gleich auf Anhieb funktioniert hat. Damit ihr, falls ihr ähnliches plant, einen besseren Start habt und von unseren Fehlern profitieren könnt.\r\n\r\nWas gibt es bei der Wahl eines geeigneten Drucktanks zu beachten?\r\nWie lässt sich eine wasserdichte Luke konstruieren?\r\nDrahtlose Unterwasserkommunikation mittels Ultraschall?\r\nWie bauen wir Redundanz in die Systeme ein?\r\nWie werden wir das CO2 los, um nicht zu ersticken?\r\nWarum sind auf einmal Risse in den Scheiben?\r\nWas tun, wenn nichts mehr geht?\r\nUnd was, wenn dann auch noch die Polizei kommt?\r\n\r\nIn dem Vortrag geht es nicht um Probleme anderer kaputter U-Boote. Wir werden das Titan-Desaster mit maximal einer Folie behandeln.\r\n\r\nMit Fotos von Selene Magnolia\n\n\n3,4 Tonnen schwer, 4,3 Meter lang, Material: Stahl, Farbe: Orange und der Fahrzeugtyp ist „Sporttauchboot”. Vom Fund eines Drucktanks bis zum ersten Tauchgang auf den Grund eines Tagebausees – wir erzählen von unseren größten Herausforderungen sowie Fehlschlägen.\r\n\r\nWir laden euch ein zu einem technischen Beratungsgespräch für alle, die schonmal mit dem Gedanken gespielt haben, ein U-Boot zu bauen.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53404],"conference_id":131,"event_ids":[53749],"name":"Elias","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52343}],"timeband_id":1142,"links":[],"end":"2023-12-29T21:45:00.000-0000","id":53749,"begin_timestamp":{"seconds":1703882700,"nanoseconds":0},"tag_ids":[46122,46136,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52343}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T20:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Freut Euch unter anderem auf die besten Auskunfts-Klagen der vergangenen Jahre, laufende Strafverfahren gegen FragDenStaat, missglückte Geldübergaben an die EU-Grenzpolizei und die Frage, ob das alles irgendwas bringt.\r\n\r\nEuch erwartet außerdem ein Best-Of des Freiheitsfonds, der in zwei Jahren mehr als 900 Menschen aus dem Gefängnis befreit und eine Gesetzesänderung angestoßen hat. \r\n\r\nVielleicht wird auch gesungen.\n\n\nWie umgehen mit der politischen Verzweiflung? Was tun, wenn der Staat keine der Krisen wirklich noch bekämpfen kann, sondern nur neue erzeugt? Reicht es noch, für Transparenz zu kämpfen?\r\n\r\nDas Beste aus dem letzten Jahr – nein, aus den letzten vier Jahren! – FragDenStaat und Informationsfreiheit. Wir plaudern aus dem Nähkästchen von verlorenen Klagen gegen Frontex über Nazis im EU-Parlament bis zu den Pimmelgate-Akten und darüber, wie aus einer kleinen Recherche die größte Gefangenenbefreiung der deutschen Geschichte wurde.","title":"Heimlich-Manöver","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"Freut Euch unter anderem auf die besten Auskunfts-Klagen der vergangenen Jahre, laufende Strafverfahren gegen FragDenStaat, missglückte Geldübergaben an die EU-Grenzpolizei und die Frage, ob das alles irgendwas bringt.\r\n\r\nEuch erwartet außerdem ein Best-Of des Freiheitsfonds, der in zwei Jahren mehr als 900 Menschen aus dem Gefängnis befreit und eine Gesetzesänderung angestoßen hat. \r\n\r\nVielleicht wird auch gesungen.\n\n\nWie umgehen mit der politischen Verzweiflung? Was tun, wenn der Staat keine der Krisen wirklich noch bekämpfen kann, sondern nur neue erzeugt? Reicht es noch, für Transparenz zu kämpfen?\r\n\r\nDas Beste aus dem letzten Jahr – nein, aus den letzten vier Jahren! – FragDenStaat und Informationsfreiheit. Wir plaudern aus dem Nähkästchen von verlorenen Klagen gegen Frontex über Nazis im EU-Parlament bis zu den Pimmelgate-Akten und darüber, wie aus einer kleinen Recherche die größte Gefangenenbefreiung der deutschen Geschichte wurde.","end_timestamp":{"seconds":1703886300,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T21:45:00.000-0000","id":53740,"tag_ids":[46121,46136,46139],"begin_timestamp":{"seconds":1703882700,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T20:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Berlin artist & Garbicz Ambient floor curator Chiara will put together dreamy house & trippy ambient tracks into a loving cosy flying carpet for the relaxation of the exhausted Nerd mind. Fluffy house music from Berlin underground micro house labels may involves excursions in wiggling hips and moving feet e.g. dancing, while energetic ambient may delivers shifts in consciousness - gentle breathing & body awareness is always recommended.\n\n\nhttps://soundcloud.com/chiara-salome","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Chiara Salome","end_timestamp":{"seconds":1703889000,"nanoseconds":0},"android_description":"Berlin artist & Garbicz Ambient floor curator Chiara will put together dreamy house & trippy ambient tracks into a loving cosy flying carpet for the relaxation of the exhausted Nerd mind. Fluffy house music from Berlin underground micro house labels may involves excursions in wiggling hips and moving feet e.g. dancing, while energetic ambient may delivers shifts in consciousness - gentle breathing & body awareness is always recommended.\n\n\nhttps://soundcloud.com/chiara-salome","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T22:30:00.000-0000","id":53855,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703881800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T20:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Einstein's Theories of Relativity are often claimed to be the pinnacle of human ingeniousness. The core of General Relativity are the Field Equations to explain the phenomenon of gravity as the curvature of spacetime. In this talk, we will look at how the Field Equations work, how its terms express the curvature of spacetime why everything has to be so complicated.\r\n\r\n🧮🦆\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Einstein's Field Equations: Understanding their gravity","end_timestamp":{"seconds":1703883600,"nanoseconds":0},"android_description":"Einstein's Theories of Relativity are often claimed to be the pinnacle of human ingeniousness. The core of General Relativity are the Field Equations to explain the phenomenon of gravity as the curvature of spacetime. In this talk, we will look at how the Field Equations work, how its terms express the curvature of spacetime why everything has to be so complicated.\r\n\r\n🧮🦆","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T21:00:00.000-0000","id":53451,"begin_timestamp":{"seconds":1703880900,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T20:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"**DE**\r\n\r\nAuf Wunsch gibt es einen Spieleabend, den wir möglichst offen, chaotisch und gut gestalten wollen. Wir sind gespannt, was uns zusammen erwarten wird. \r\n\r\nBringt etwas mit, das ihr gerne mit Menschen zusammen spielen möchtet. Am Anfang könnt ihr in wenigen Sätzen vorstellen, was ihr mitgebracht habt und gerne mit anderen spielen möchtet. Dann können sich Menschen für Dinge melden, bis hoffentlich alle, die mitspielen wollen, versorgt sind. Und das Spielen kann beginnen. Wenn Spiele enden, können sich bestimmt nochmal neue Gruppen in Eigenregie finden. \r\n\r\n------\r\n\r\n**EN**\r\n\r\nUpon request, there will be a game night, which we want to make as open, chaotic and good as possible. We are excited to see what will await us together. \r\n\r\nBring something that you would like to play together with people. At the beginning you can introduce in a few sentences what you have brought and would like to play with others. Then people can sign up for things until hopefully everyone who wants to play is taken care of. And the playing can begin. When games end, new groups can certainly form on their own.\n\n\n**DE**\r\n\r\nOffener Abend, wo wir Platz bieten, damit Leute sich für gesellige Spiele treffen können, ob Pen and Paper, Brett- oder Kartenspiele... kommt an die Tische, lasst euch in den Sitzecken nieder und tut gemeinsam lustige Dinge. Natürlich so lang die Nacht euch begeistert.\r\n\r\n------\r\n\r\n**EN**\r\n\r\nOpen evening where we offer space for people to meet for social games, whether pen and paper, board or card games.... come to the tables, settle down in the sitting areas and do fun things together. As long as the night excites you, of course.","title":"Zeit für Papier, Bretter und Spiele | Time for Games","type":{"conference_id":131,"conference":"37C3","color":"#7f73c6","updated_at":"2024-06-07T03:40+0000","name":"Workshop","id":46133},"android_description":"**DE**\r\n\r\nAuf Wunsch gibt es einen Spieleabend, den wir möglichst offen, chaotisch und gut gestalten wollen. Wir sind gespannt, was uns zusammen erwarten wird. \r\n\r\nBringt etwas mit, das ihr gerne mit Menschen zusammen spielen möchtet. Am Anfang könnt ihr in wenigen Sätzen vorstellen, was ihr mitgebracht habt und gerne mit anderen spielen möchtet. Dann können sich Menschen für Dinge melden, bis hoffentlich alle, die mitspielen wollen, versorgt sind. Und das Spielen kann beginnen. Wenn Spiele enden, können sich bestimmt nochmal neue Gruppen in Eigenregie finden. \r\n\r\n------\r\n\r\n**EN**\r\n\r\nUpon request, there will be a game night, which we want to make as open, chaotic and good as possible. We are excited to see what will await us together. \r\n\r\nBring something that you would like to play together with people. At the beginning you can introduce in a few sentences what you have brought and would like to play with others. Then people can sign up for things until hopefully everyone who wants to play is taken care of. And the playing can begin. When games end, new groups can certainly form on their own.\n\n\n**DE**\r\n\r\nOffener Abend, wo wir Platz bieten, damit Leute sich für gesellige Spiele treffen können, ob Pen and Paper, Brett- oder Kartenspiele... kommt an die Tische, lasst euch in den Sitzecken nieder und tut gemeinsam lustige Dinge. Natürlich so lang die Nacht euch begeistert.\r\n\r\n------\r\n\r\n**EN**\r\n\r\nOpen evening where we offer space for people to meet for social games, whether pen and paper, board or card games.... come to the tables, settle down in the sitting areas and do fun things together. As long as the night excites you, of course.","end_timestamp":{"seconds":1703891400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T23:10:00.000-0000","id":53810,"begin_timestamp":{"seconds":1703880600,"nanoseconds":0},"village_id":null,"tag_ids":[46133,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"spans_timebands":"Y","begin":"2023-12-29T20:10:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"QnA Session at 9pm with one of the open epaper link devs at Chaoszone","title":"OpenEPaperLink: Q&A Session with one of the devs","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703883600,"nanoseconds":0},"android_description":"QnA Session at 9pm with one of the open epaper link devs at Chaoszone","updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T21:00:00.000-0000","id":54021,"village_id":null,"begin_timestamp":{"seconds":1703880000,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"ChaosZone","hotel":"","short_name":"ChaosZone","id":46138},"spans_timebands":"N","updated":"2023-12-30T01:42:00.000-0000","begin":"2023-12-29T20:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We do:\r\n- Climbing up and down the rope (caterpillars/abseiling)\r\n- Climbing on lanterns and trees with slings (taping)\r\n- Rescuing (on the rope and when taping)\r\n- All the knots you want to learn\r\n\r\nIf you arrive late and miss us, call us at +4917695110311 (via the old-fashioned phone, not Signal or Telegram).\r\n\r\nIf there is a lot of interest, we can also extend the workshop beyond the planned 60 minutes :-)\r\n\r\n🧮\n\n\n","title":"Block motorways, occupy trees and hang up banners – Beginner's workshop and advanced workshop for activist climbing (Basisworkshop aktivistisches Klettern)","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703883600,"nanoseconds":0},"android_description":"We do:\r\n- Climbing up and down the rope (caterpillars/abseiling)\r\n- Climbing on lanterns and trees with slings (taping)\r\n- Rescuing (on the rope and when taping)\r\n- All the knots you want to learn\r\n\r\nIf you arrive late and miss us, call us at +4917695110311 (via the old-fashioned phone, not Signal or Telegram).\r\n\r\nIf there is a lot of interest, we can also extend the workshop beyond the planned 60 minutes :-)\r\n\r\n🧮","updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T21:00:00.000-0000","id":54009,"village_id":null,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703880000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Unter der Rakete in der Eingangshalle","hotel":"","short_name":"Unter der Rakete in der Eingangshalle","id":46168},"begin":"2023-12-29T20:00:00.000-0000","updated":"2023-12-30T01:42:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This talk will cover different attack vectors on a Z-Wave network and describe how the protocol evolved to mitigate those threats. Many smart homes are still vulnerable to the described attacks.","title":"Breaking into Wireless Smart Homes, Z-Wave example","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"This talk will cover different attack vectors on a Z-Wave network and describe how the protocol evolved to mitigate those threats. Many smart homes are still vulnerable to the described attacks.","end_timestamp":{"seconds":1703883600,"nanoseconds":0},"updated_timestamp":{"seconds":1703817540,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T21:00:00.000-0000","id":54006,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703880000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"updated":"2023-12-29T02:39:00.000-0000","begin":"2023-12-29T20:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"live played on SuperCollider with breath-controller and tablets","title":"improvised sound-oriented electronic music by πxl","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"live played on SuperCollider with breath-controller and tablets","end_timestamp":{"seconds":1703883600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T21:00:00.000-0000","id":53857,"village_id":null,"begin_timestamp":{"seconds":1703880000,"nanoseconds":0},"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Art and Play Workshop table [H]","hotel":"","short_name":"Art and Play Workshop table [H]","id":46162},"spans_timebands":"N","begin":"2023-12-29T20:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: Sebastian Jünemann\r\n\r\nDas Vermissen hat ein Ende…wir erlösen euch mit unserer ganz eigenen Version der Gameshow. Zu erraten sind allerdings nicht wie im Original die Preise aller möglichen (und unmöglichen) Konsumgüter aus dem Discounter nebenan; sondern die Kosten für verschiedenste Dinge, die wir für unsere humanitären Katastropheneinsätze brauchen. \r\nBei unserem Spiel „Der humanitäre Preis ist heiß“ können wir zwar nicht mit 90er-Jahre Outfits und Moderationsausnahmetalenten wie Harry Wijnfoord aufwarten…aber dafür mit einer Menge Spaß, profundem Wissen wofür eure Spenden ausgegeben werden und natürlich Schnaps.\n\n\nWer kennt sie nicht noch, die nervtötende Ode an den Kapitalismus „Der Preis ist heiß“.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Der (humanitäre) Preis ist heiß","android_description":"Host: Sebastian Jünemann\r\n\r\nDas Vermissen hat ein Ende…wir erlösen euch mit unserer ganz eigenen Version der Gameshow. Zu erraten sind allerdings nicht wie im Original die Preise aller möglichen (und unmöglichen) Konsumgüter aus dem Discounter nebenan; sondern die Kosten für verschiedenste Dinge, die wir für unsere humanitären Katastropheneinsätze brauchen. \r\nBei unserem Spiel „Der humanitäre Preis ist heiß“ können wir zwar nicht mit 90er-Jahre Outfits und Moderationsausnahmetalenten wie Harry Wijnfoord aufwarten…aber dafür mit einer Menge Spaß, profundem Wissen wofür eure Spenden ausgegeben werden und natürlich Schnaps.\n\n\nWer kennt sie nicht noch, die nervtötende Ode an den Kapitalismus „Der Preis ist heiß“.","end_timestamp":{"seconds":1703883600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T21:00:00.000-0000","id":53788,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703880000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","begin":"2023-12-29T20:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This meet up is for all of you who are in touch with trains. \r\n\r\nHere you can discuss various topics, for example the recent timetable change, new things in ETCS or experiences in ticketing.\n\n\n","title":"Bahnbubble Meetup","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"This meet up is for all of you who are in touch with trains. \r\n\r\nHere you can discuss various topics, for example the recent timetable change, new things in ETCS or experiences in ticketing.","end_timestamp":{"seconds":1703885400,"nanoseconds":0},"updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T21:30:00.000-0000","id":53774,"village_id":null,"begin_timestamp":{"seconds":1703880000,"nanoseconds":0},"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"updated":"2023-12-29T15:25:00.000-0000","begin":"2023-12-29T20:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Frustrated by the absence of a unified calendar for all ERFA, CCCV, and CCC family events? Wondering why such a resource is hard to create and maintain?\r\nEvent aggregation, particularly when open source and non-profit, could be a key solution, addressing challenges both within and beyond the chaos community. Our approach tries to address three critical needs: the event participants' need to get the information, the event organizers' need to have a single source of truth for their event data (and to have it under their control), and the world's need to have things be more accessible.\r\nThis talk introduces boudicca.events, an open-source project aimed at reframing event aggregation. Our solution is centered around creating a extendable, open, and easily accessible source for all event-related data, thereby empowering both organizers and participants.\r\nI will be highlighting the architecture and decisions behind boudicca.events and the challenges that are still to come. Join us to explore how this project could not only enhance event visibility within the chaos community but also has the potential to impact far beyond.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"boudicca.events - open source event aggregation","end_timestamp":{"seconds":1703881800,"nanoseconds":0},"android_description":"Frustrated by the absence of a unified calendar for all ERFA, CCCV, and CCC family events? Wondering why such a resource is hard to create and maintain?\r\nEvent aggregation, particularly when open source and non-profit, could be a key solution, addressing challenges both within and beyond the chaos community. Our approach tries to address three critical needs: the event participants' need to get the information, the event organizers' need to have a single source of truth for their event data (and to have it under their control), and the world's need to have things be more accessible.\r\nThis talk introduces boudicca.events, an open-source project aimed at reframing event aggregation. Our solution is centered around creating a extendable, open, and easily accessible source for all event-related data, thereby empowering both organizers and participants.\r\nI will be highlighting the architecture and decisions behind boudicca.events and the challenges that are still to come. Join us to explore how this project could not only enhance event visibility within the chaos community but also has the potential to impact far beyond.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T20:30:00.000-0000","id":53765,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703879100,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T19:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Teichmann + Soehne’s »Flows« is not so much the result of a collaborative process as it is a process in itself. Over the course of nine pieces, the Gebrüder Teichmann – Andi and Hannes – and their father Uli repeatedly find common ground between the very different musical styles, sound aesthetics, and subcultural codes they have internalised throughout their lives.\r\nThe combination of Uli’s background as a versatile jazz artist and multi-instrumentalist with his sons’ penchant for dub techniques, modular synthesis, and live sampling as well as their interest in electronic dance music take on ever-different shapes. Their album »Flows« released on the occasion of Uli’s 80th birthday in 2023, is as joyful, lively and free-spirited as its makers.\n\n\n","title":"Teichmann & Söhne","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"Teichmann + Soehne’s »Flows« is not so much the result of a collaborative process as it is a process in itself. Over the course of nine pieces, the Gebrüder Teichmann – Andi and Hannes – and their father Uli repeatedly find common ground between the very different musical styles, sound aesthetics, and subcultural codes they have internalised throughout their lives.\r\nThe combination of Uli’s background as a versatile jazz artist and multi-instrumentalist with his sons’ penchant for dub techniques, modular synthesis, and live sampling as well as their interest in electronic dance music take on ever-different shapes. Their album »Flows« released on the occasion of Uli’s 80th birthday in 2023, is as joyful, lively and free-spirited as its makers.","end_timestamp":{"seconds":1703883600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T21:00:00.000-0000","id":53959,"begin_timestamp":{"seconds":1703878200,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T19:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Whisky ist ein scheinbar einfaches Getränk: Wasser, Hefe, Gerstenmalz und dann drei Jahre ins Eichenfass. Doch bei genauerem Hinsehen bleiben viele Fragen offen. Warum muss man Scotch Whisky in einer Destille aus Kupfer herstellen? Weshalb werden die Fässer ausgebrannt? Und warum schmeckt mancher Whisky nach Lagerfeuer, andere aber nach Krankenhaus? Hinter all dem stecken oft überraschende chemische und physikalische Prozesse, die auch heute noch Rätsel aufgeben.\n\n\nMit einem Glas in der Hand durch die Chemie und Physik eines überraschend komplizierten Getränks","title":"Die Wissenschaft vom Whisky","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#6fdce3","name":"Talk 30 min + 10 min Q&A","id":46131},"end_timestamp":{"seconds":1703881800,"nanoseconds":0},"android_description":"Whisky ist ein scheinbar einfaches Getränk: Wasser, Hefe, Gerstenmalz und dann drei Jahre ins Eichenfass. Doch bei genauerem Hinsehen bleiben viele Fragen offen. Warum muss man Scotch Whisky in einer Destille aus Kupfer herstellen? Weshalb werden die Fässer ausgebrannt? Und warum schmeckt mancher Whisky nach Lagerfeuer, andere aber nach Krankenhaus? Hinter all dem stecken oft überraschende chemische und physikalische Prozesse, die auch heute noch Rätsel aufgeben.\n\n\nMit einem Glas in der Hand durch die Chemie und Physik eines überraschend komplizierten Getränks","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53483],"conference_id":131,"event_ids":[53817],"name":"Lars Fischer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52484}],"timeband_id":1142,"links":[],"end":"2023-12-29T20:30:00.000-0000","id":53817,"village_id":null,"begin_timestamp":{"seconds":1703878200,"nanoseconds":0},"tag_ids":[46131,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52484}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T19:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Official 37C3 Tor Relay Operators Meetup supported by the Tor Project.\r\n\r\nAs always, TROMs are open for everyone who is running a relay, wants to run a relay or just thinks about it. 🙂\r\n\r\nAt this point we don't have a agenda, but everyone is free to bring up questions or topics at the meeting itself.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Tor Relay Operators Meetup","android_description":"Official 37C3 Tor Relay Operators Meetup supported by the Tor Project.\r\n\r\nAs always, TROMs are open for everyone who is running a relay, wants to run a relay or just thinks about it. 🙂\r\n\r\nAt this point we don't have a agenda, but everyone is free to bring up questions or topics at the meeting itself.","end_timestamp":{"seconds":1703883600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T21:00:00.000-0000","id":53783,"begin_timestamp":{"seconds":1703878200,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T19:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Das bundesweite antifaschistische Bündnis NSU-Watch hat im Sommer 2023 sein Buch „Aufklären und Einmischen. Der NSU-Komplex und der Münchener Prozess“ in der erweiterten Neuauflage herausgebracht. Es gibt einen Überblick über die bisherige Aufarbeitung des NSU-Komplexes. Auf dieser Grundlage wollen Vortrag und Lesung fragen: Was können nächste Schritte sein? Wie können wir rechten Terror verhindern? Die Antworten sind vielfältig und warten teilweise noch darauf, entdeckt zu werden. Und trotzdem bleibt die Gefahr rechten Terrors hoch, auch weil auf staatlicher, behördlicher und gesellschaftlicher Seite Konsequenzen noch ausstehen. Doch wir wissen bereits jetzt genug, um rechtem Terror aktiv entgegenzuwirken. \n\n\nDie zwölf Jahre seit der Selbstenttarnung des NSU haben gezeigt, dass auf den Staat bei der Aufklärung und Aufarbeitung von rechtem Terror kein Verlass ist. Deshalb haben Betroffene von rechter Gewalt, Antifaschist\\*innen und Zivilgesellschaft diese Aufgabe wieder und wieder selbst in die Hand genommen. Die daraus gewonnenen Analysen, die Aufklärung und die entstandenen solidarischen Netzwerke sind vielfältiger, als sich viele am Anfang vorgestellt haben. Doch wir wollen fragen: Was können nächste Schritte sein? Wie können wir rechten Terror verhindern?","title":"Gemeinsam gegen rechten Terror! Aber wie?","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"Das bundesweite antifaschistische Bündnis NSU-Watch hat im Sommer 2023 sein Buch „Aufklären und Einmischen. Der NSU-Komplex und der Münchener Prozess“ in der erweiterten Neuauflage herausgebracht. Es gibt einen Überblick über die bisherige Aufarbeitung des NSU-Komplexes. Auf dieser Grundlage wollen Vortrag und Lesung fragen: Was können nächste Schritte sein? Wie können wir rechten Terror verhindern? Die Antworten sind vielfältig und warten teilweise noch darauf, entdeckt zu werden. Und trotzdem bleibt die Gefahr rechten Terrors hoch, auch weil auf staatlicher, behördlicher und gesellschaftlicher Seite Konsequenzen noch ausstehen. Doch wir wissen bereits jetzt genug, um rechtem Terror aktiv entgegenzuwirken. \n\n\nDie zwölf Jahre seit der Selbstenttarnung des NSU haben gezeigt, dass auf den Staat bei der Aufklärung und Aufarbeitung von rechtem Terror kein Verlass ist. Deshalb haben Betroffene von rechter Gewalt, Antifaschist\\*innen und Zivilgesellschaft diese Aufgabe wieder und wieder selbst in die Hand genommen. Die daraus gewonnenen Analysen, die Aufklärung und die entstandenen solidarischen Netzwerke sind vielfältiger, als sich viele am Anfang vorgestellt haben. Doch wir wollen fragen: Was können nächste Schritte sein? Wie können wir rechten Terror verhindern?","end_timestamp":{"seconds":1703881800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53411],"conference_id":131,"event_ids":[53756],"name":"Caro Keller (NSU-Watch)","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52356}],"timeband_id":1142,"end":"2023-12-29T20:30:00.000-0000","links":[{"label":"Website NSU-Watch","type":"link","url":"nsu-watch.info"}],"id":53756,"village_id":null,"begin_timestamp":{"seconds":1703878200,"nanoseconds":0},"tag_ids":[46121,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52356}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T19:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The original goal of the open source project \"GB Interceptor\" was to capture gameplay for one specific game: Tetris. In order to live stream a Tetris tournaments from the contestant's personal Game Boys, the idea was to create an adapter that goes between the Game Boy and the game module to analyze the communication on the memory bus and reconstruct the game state.\r\n\r\nIt turns out that it is actually possible to reconstruct the entire memory state of almost any game and in fact create an rp2040-based adapter that acts as a USB video class device offering the on-screen game footage in realtime. Players can simply put this adapter into their Game Boy and use it like a webcam without additional drivers or knowledge.\r\n\r\nAn essential aspect of this concept is that the Game Boy basically runs all of its code directly from the ROM module, which makes it possible to directly follow the program counter of its 8bit CPU regardless of how the code branches. An image can then be recreated by emulating the graphics unit (PPU).\r\n\r\nHowever, there are many edge cases like interrupts, data from registers that are not visible on the bus, the link cable, DMA operations, synchronization of CPU and PPU, game bugs and even bugs in the Game Boy hardware itself.\r\n\r\nIn this talk I will show how all this is done just on an rp2040 with spare cycles to encode everything as a 60fps MJPEG stream. I will shine a light on the edge cases - those that were solved and those that might just be unsolvable with this approach. And I will take you on a sightseeing tour through the 8bit hell that drives our iconic handheld from 1989.\n\n\nHow do you capture a video from an 1989's Game Boy without modding the original hardware? With an adapter cartridge that spies on the memory bus!\r\n\r\nLet's talk about how to reconstruct the Game Boy's memory state, emulate its graphics unit and then encode the image into an MJPEG stream for anyone to use as a USB video class device. In realtime. On an rp2040 microcontroller.","title":"Reconstructing game footage from a Game Boy's memory bus","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703881800,"nanoseconds":0},"android_description":"The original goal of the open source project \"GB Interceptor\" was to capture gameplay for one specific game: Tetris. In order to live stream a Tetris tournaments from the contestant's personal Game Boys, the idea was to create an adapter that goes between the Game Boy and the game module to analyze the communication on the memory bus and reconstruct the game state.\r\n\r\nIt turns out that it is actually possible to reconstruct the entire memory state of almost any game and in fact create an rp2040-based adapter that acts as a USB video class device offering the on-screen game footage in realtime. Players can simply put this adapter into their Game Boy and use it like a webcam without additional drivers or knowledge.\r\n\r\nAn essential aspect of this concept is that the Game Boy basically runs all of its code directly from the ROM module, which makes it possible to directly follow the program counter of its 8bit CPU regardless of how the code branches. An image can then be recreated by emulating the graphics unit (PPU).\r\n\r\nHowever, there are many edge cases like interrupts, data from registers that are not visible on the bus, the link cable, DMA operations, synchronization of CPU and PPU, game bugs and even bugs in the Game Boy hardware itself.\r\n\r\nIn this talk I will show how all this is done just on an rp2040 with spare cycles to encode everything as a 60fps MJPEG stream. I will shine a light on the edge cases - those that were solved and those that might just be unsolvable with this approach. And I will take you on a sightseeing tour through the 8bit hell that drives our iconic handheld from 1989.\n\n\nHow do you capture a video from an 1989's Game Boy without modding the original hardware? With an adapter cartridge that spies on the memory bus!\r\n\r\nLet's talk about how to reconstruct the Game Boy's memory state, emulate its graphics unit and then encode the image into an MJPEG stream for anyone to use as a USB video class device. In realtime. On an rp2040 microcontroller.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"end":"2023-12-29T20:30:00.000-0000","links":[{"label":"Project on GitHub","type":"link","url":"https://github.com/Staacks/gbinterceptor"},{"label":"Blog entry describing the project","type":"link","url":"https://there.oughta.be/a/game-boy-capture-cartridge"}],"id":53748,"begin_timestamp":{"seconds":1703878200,"nanoseconds":0},"village_id":null,"tag_ids":[46122,46136,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T19:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The aim of this talk is to critically analyse the use of digital technology in the current context of global ecological injustice and the collapse of ecosystems. But how can we strive for and promote a sustainable, just and democratic digital future? The challenges are huge and include the digital world's hunger for energy as well as the exploitative global practices of tech companies or the discussion of the current AI sustainability hype. But which digital tools make sense, which do not and how can we achieve global social emancipation from self-destructive structures and towards ecological sustainability and a and a just world?","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"On Digitalisation, Sustainability & Climate Justice","android_description":"The aim of this talk is to critically analyse the use of digital technology in the current context of global ecological injustice and the collapse of ecosystems. But how can we strive for and promote a sustainable, just and democratic digital future? The challenges are huge and include the digital world's hunger for energy as well as the exploitative global practices of tech companies or the discussion of the current AI sustainability hype. But which digital tools make sense, which do not and how can we achieve global social emancipation from self-destructive structures and towards ecological sustainability and a and a just world?","end_timestamp":{"seconds":1703881800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53392],"conference_id":131,"event_ids":[53739],"name":"Maja Göpel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52285}],"timeband_id":1142,"links":[],"end":"2023-12-29T20:30:00.000-0000","id":53739,"begin_timestamp":{"seconds":1703878200,"nanoseconds":0},"village_id":null,"tag_ids":[46125,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52285}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T19:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Was passiert, wenn Sicherheitsforscher sich die Infrastruktur ihrer eigenen Universität genauer ansehen? In meinem Fall war ich danach Administrator für mehr als 200 Registrierkassen und hab eine lustige Geschichte mehr zu erzählen\n\n\n","title":"C(r)ashIT: A real-life security nightmare","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"Was passiert, wenn Sicherheitsforscher sich die Infrastruktur ihrer eigenen Universität genauer ansehen? In meinem Fall war ich danach Administrator für mehr als 200 Registrierkassen und hab eine lustige Geschichte mehr zu erzählen","end_timestamp":{"seconds":1703879100,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T19:45:00.000-0000","id":53989,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703876400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T19:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Von Simone Herpich (Balkonsolar eV) und Dr. Juliane Borchert (Fraunhofer Institut für Solare Energiesysteme) lasse ich mir alles (so viel wie geht) über Solarenergie erzählen.","title":"Erklär ma - Solarenergie","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#e78bea","name":"Live podcast stage (90 minutes)","id":46127},"android_description":"Von Simone Herpich (Balkonsolar eV) und Dr. Juliane Borchert (Fraunhofer Institut für Solare Energiesysteme) lasse ich mir alles (so viel wie geht) über Solarenergie erzählen.","end_timestamp":{"seconds":1703881800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53455],"conference_id":131,"event_ids":[53791],"name":"Keßen Christian","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52483}],"timeband_id":1142,"links":[],"end":"2023-12-29T20:30:00.000-0000","id":53791,"village_id":null,"begin_timestamp":{"seconds":1703876400,"nanoseconds":0},"tag_ids":[46127,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52483}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"spans_timebands":"N","begin":"2023-12-29T19:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Offene Bereiche zu gestalten, mit Leben und Sinn zu füllen stellt die Akteure regelmäßig vor die unterschiedlichsten Herausforderungen. Im Podcast werden Erfahrungen aus 8 Jahre Aufbau-Phase zusammengefasst.","type":{"conference_id":131,"conference":"37C3","color":"#53b574","updated_at":"2024-06-07T03:40+0000","name":"Podcasting table (90 minutes)","id":46129},"title":"Offene Werkstätten und Freiräume - best practice und lessons learned","android_description":"Offene Bereiche zu gestalten, mit Leben und Sinn zu füllen stellt die Akteure regelmäßig vor die unterschiedlichsten Herausforderungen. Im Podcast werden Erfahrungen aus 8 Jahre Aufbau-Phase zusammengefasst.","end_timestamp":{"seconds":1703881800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T20:30:00.000-0000","id":53539,"begin_timestamp":{"seconds":1703876400,"nanoseconds":0},"village_id":null,"tag_ids":[46129,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T19:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://events.ccc.de/congress/2023/hub/en/event/pocket-science-lab-introductory-workshop-alex-bess/\n\n\nThe goal of this workshop is to introduce participants to the PSLab and to enable them to conduct experiments using sensors as well as to control small servos of mini robots. PSLab website: https://pslab.io","title":"Pocket Science Lab Introductory Workshop (Alex Bessman, Marco A. Gutierrez)","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703880000,"nanoseconds":0},"android_description":"https://events.ccc.de/congress/2023/hub/en/event/pocket-science-lab-introductory-workshop-alex-bess/\n\n\nThe goal of this workshop is to introduce participants to the PSLab and to enable them to conduct experiments using sensors as well as to control small servos of mini robots. PSLab website: https://pslab.io","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T20:00:00.000-0000","id":53534,"begin_timestamp":{"seconds":1703876400,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T19:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Do you run or want to run a Nym Node? Do you have any experiences with running a Tor exit relay?\r\n\r\nJoin Nym operators workshop and discussion at 19:00 at CDC (Hall 3)","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Nym Nodes workshop","android_description":"Do you run or want to run a Nym Node? Do you have any experiences with running a Tor exit relay?\r\n\r\nJoin Nym operators workshop and discussion at 19:00 at CDC (Hall 3)","end_timestamp":{"seconds":1703880000,"nanoseconds":0},"updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T20:00:00.000-0000","id":54013,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703874600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"updated":"2023-12-29T15:25:00.000-0000","begin":"2023-12-29T18:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"For non-techies, it is a challenge to find and configure personal electronic devices that respect their privacy. Hence, the majority of people are living under permanent surveillance and their data is capitalized by one of those big companies. This is a terrible situation, not only for individuals, but also for organizations that work with sensitive data. And, after all, for all of us because surveillance capitalism threatens democratic societies.\r\n\r\nIn a better world, there would be a low-threshold offer of reasonable priced off-the-shelf devices provided by an organization that respects the users' privacy!\r\n\r\nIf you also want to make the world a better place, come and share your knowledge. Let's have a tea and discuss how a to-be-founded NGO could make privacy aware devices available for anyone.\n\n\nIn this sos, we discuss if and how an NGO could offer off-the-shelf computers whose soft- and hardware is independent of those data hungry enterprises.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"privacy aware computers for non-techies","end_timestamp":{"seconds":1703877600,"nanoseconds":0},"android_description":"For non-techies, it is a challenge to find and configure personal electronic devices that respect their privacy. Hence, the majority of people are living under permanent surveillance and their data is capitalized by one of those big companies. This is a terrible situation, not only for individuals, but also for organizations that work with sensitive data. And, after all, for all of us because surveillance capitalism threatens democratic societies.\r\n\r\nIn a better world, there would be a low-threshold offer of reasonable priced off-the-shelf devices provided by an organization that respects the users' privacy!\r\n\r\nIf you also want to make the world a better place, come and share your knowledge. Let's have a tea and discuss how a to-be-founded NGO could make privacy aware devices available for anyone.\n\n\nIn this sos, we discuss if and how an NGO could offer off-the-shelf computers whose soft- and hardware is independent of those data hungry enterprises.","updated_timestamp":{"seconds":1703820660,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T19:20:00.000-0000","id":54007,"village_id":null,"begin_timestamp":{"seconds":1703874600,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"House","hotel":"","short_name":"House","id":46137},"begin":"2023-12-29T18:30:00.000-0000","updated":"2023-12-29T03:31:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Pwntools and Pwndbg users and contributors assemble!\r\n\r\nWe are hosting a meetup for those who use or develop the two most loved and used tools in the binary exploitation/pwning CTF ([Capture The Flag security competitions](https://en.wikipedia.org/wiki/Capture_the_flag_(cybersecurity))) scene.\r\n\r\nWe will host presentations about Pwntools and Pwndbg from [Arusekk](https://github.com/Arusekk) and [Disconnect3d](https://github.com/disconnect3d) and then we will have a Q&A and discussion time.\r\n\r\nIf you want to present a very short lightning talk (~5min) on those tools or anything else related to pwning, please let us know (e.g., by mailing [dominik.b.czarnota+ccc2023@gmail.com](mailto:dominik.b.czarnota+ccc2023@gmail.com) or pinging [@disconnect3d_pl](https://twitter.com/disconnect3d_pl/) on Twitter).\n\n\n","title":"Pwning meetup (Pwntools & Pwndbg) part 1","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703876400,"nanoseconds":0},"android_description":"Pwntools and Pwndbg users and contributors assemble!\r\n\r\nWe are hosting a meetup for those who use or develop the two most loved and used tools in the binary exploitation/pwning CTF ([Capture The Flag security competitions](https://en.wikipedia.org/wiki/Capture_the_flag_(cybersecurity))) scene.\r\n\r\nWe will host presentations about Pwntools and Pwndbg from [Arusekk](https://github.com/Arusekk) and [Disconnect3d](https://github.com/disconnect3d) and then we will have a Q&A and discussion time.\r\n\r\nIf you want to present a very short lightning talk (~5min) on those tools or anything else related to pwning, please let us know (e.g., by mailing [dominik.b.czarnota+ccc2023@gmail.com](mailto:dominik.b.czarnota+ccc2023@gmail.com) or pinging [@disconnect3d_pl](https://twitter.com/disconnect3d_pl/) on Twitter).","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T19:00:00.000-0000","id":53952,"begin_timestamp":{"seconds":1703874600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"begin":"2023-12-29T18:30:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"A meeting for people working in DFIR (Digital Forensics & Incident Response).\r\nLet's discuss topics like tools, automation and reporting. But also about team structures, dealing with stress or complicated customers. And of course we'll talk about the worst facepalm moments of the year!\r\nYou are welcome to bring your own topics.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Incident Response Selbsthilfegruppe","end_timestamp":{"seconds":1703880000,"nanoseconds":0},"android_description":"A meeting for people working in DFIR (Digital Forensics & Incident Response).\r\nLet's discuss topics like tools, automation and reporting. But also about team structures, dealing with stress or complicated customers. And of course we'll talk about the worst facepalm moments of the year!\r\nYou are welcome to bring your own topics.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T20:00:00.000-0000","id":53773,"village_id":null,"begin_timestamp":{"seconds":1703874600,"nanoseconds":0},"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"N","begin":"2023-12-29T18:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The end goal of this talk is to show how much more security you can achieve if you don't take an existing architecture and try to sprinkle security over it, but you make architectural decisions with security in mind.\r\n\r\nThis is rarely done in practice because there is a fundamental disagreement between security and software engineering. Security is about limiting what can be done with the software, while software engineering is about not limiting what can be done with the software.\r\n\r\nMy goal with this talk is to show what kind of security gains are possible architecturally. You, too, can sleep soundly at night. Even if the software is written in C. Even if you have bad ACLs or a buffer overflow in the software.\n\n\nI have previously given talks about security principles and approaches like Least Privilege, TCB Minimization, and Self Sandboxing. The most frequent feedback has been \"I don't know how to apply this in practice\". So, in this talk, I will show how I applied those principles in a real-world software project: a CRUD web app. My blog.\r\n\r\nI introduced dangerous attack surface on purpose so I could some day give a talk about how to apply these techniques to reduce risk. This is that talk.\r\n\r\nI will also introduce the concept of append-only data storage.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Writing secure software","android_description":"The end goal of this talk is to show how much more security you can achieve if you don't take an existing architecture and try to sprinkle security over it, but you make architectural decisions with security in mind.\r\n\r\nThis is rarely done in practice because there is a fundamental disagreement between security and software engineering. Security is about limiting what can be done with the software, while software engineering is about not limiting what can be done with the software.\r\n\r\nMy goal with this talk is to show what kind of security gains are possible architecturally. You, too, can sleep soundly at night. Even if the software is written in C. Even if you have bad ACLs or a buffer overflow in the software.\n\n\nI have previously given talks about security principles and approaches like Least Privilege, TCB Minimization, and Self Sandboxing. The most frequent feedback has been \"I don't know how to apply this in practice\". So, in this talk, I will show how I applied those principles in a real-world software project: a CRUD web app. My blog.\r\n\r\nI introduced dangerous attack surface on purpose so I could some day give a talk about how to apply these techniques to reduce risk. This is that talk.\r\n\r\nI will also introduce the concept of append-only data storage.","end_timestamp":{"seconds":1703877300,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[{"content_ids":[53288,53590],"conference_id":131,"event_ids":[53941,53653],"name":"Fefe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52390}],"timeband_id":1142,"links":[],"end":"2023-12-29T19:15:00.000-0000","id":53941,"village_id":null,"begin_timestamp":{"seconds":1703873700,"nanoseconds":0},"tag_ids":[46124,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52390}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T18:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Is this how you do trees? \r\n\r\n```c\r\nstruct node {\r\n struct node *left, *right;\r\n};\r\n```\r\n\r\nThis is wrong!\n\n\n","title":"You are doing trees wrong","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703874600,"nanoseconds":0},"android_description":"Is this how you do trees? \r\n\r\n```c\r\nstruct node {\r\n struct node *left, *right;\r\n};\r\n```\r\n\r\nThis is wrong!","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:30:00.000-0000","id":53886,"village_id":null,"begin_timestamp":{"seconds":1703873700,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T18:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"About 60 Minutes (in German) about how the Enigma machine worked, why it was (is) so good at encrypting, which weakness it had and how this finally got used for breaking it.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Geschichtsstunde: Wie die Enigma gehackt wurde.","android_description":"About 60 Minutes (in German) about how the Enigma machine worked, why it was (is) so good at encrypting, which weakness it had and how this finally got used for breaking it.","end_timestamp":{"seconds":1703877300,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T19:15:00.000-0000","id":53854,"begin_timestamp":{"seconds":1703873700,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","begin":"2023-12-29T18:15:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The preservation and presentation of software/computer-based art in museums presents unique challenges in the contemporary landscape. One prominent issue is the ephemeral nature of digital media, which includes websites, games, software and virtual reality art. Unlike traditional art forms, these works often rely on rapidly evolving technologies, making them vulnerable to obsolescence. Museums are faced with the task of preserving and restoring media art in a way that not only preserves the original intent of the artist, but also ensures accessibility for future audiences. \r\n\r\nAnother significant challenge is the dynamic and interactive nature of many media artworks. Unlike static paintings or sculptures, digital artworks often require specific hardware, software or immersive environments to be experienced. Museums need to invest in both the technological infrastructure and the expertise to recreate these conditions and provide visitors with an authentic encounter with the artwork. \r\n\r\nIn this talk we want to look at some solutions from the perspective of software developers who are motivated not only to preserve and present digital media art, but also to develop it with contemporary software development strategies.\n\n\nIn the original Hacker Ethics, Steven Levy stated that \"you can create art and beauty on a computer\". That was 40 years ago, creating art and beauty is one thing, but how do you maintain or develop it as a gallery, archive or museum? You know all about CI/CD and deploying to \"the cloud\"? Well, let me show you how to deploy to a museum or art space. Important note: this talk is not about NFTs.","title":"DevOps but for artworks in museums","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703877300,"nanoseconds":0},"android_description":"The preservation and presentation of software/computer-based art in museums presents unique challenges in the contemporary landscape. One prominent issue is the ephemeral nature of digital media, which includes websites, games, software and virtual reality art. Unlike traditional art forms, these works often rely on rapidly evolving technologies, making them vulnerable to obsolescence. Museums are faced with the task of preserving and restoring media art in a way that not only preserves the original intent of the artist, but also ensures accessibility for future audiences. \r\n\r\nAnother significant challenge is the dynamic and interactive nature of many media artworks. Unlike static paintings or sculptures, digital artworks often require specific hardware, software or immersive environments to be experienced. Museums need to invest in both the technological infrastructure and the expertise to recreate these conditions and provide visitors with an authentic encounter with the artwork. \r\n\r\nIn this talk we want to look at some solutions from the perspective of software developers who are motivated not only to preserve and present digital media art, but also to develop it with contemporary software development strategies.\n\n\nIn the original Hacker Ethics, Steven Levy stated that \"you can create art and beauty on a computer\". That was 40 years ago, creating art and beauty is one thing, but how do you maintain or develop it as a gallery, archive or museum? You know all about CI/CD and deploying to \"the cloud\"? Well, let me show you how to deploy to a museum or art space. Important note: this talk is not about NFTs.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53410],"conference_id":131,"event_ids":[53755],"name":"obelix","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52320}],"timeband_id":1142,"links":[],"end":"2023-12-29T19:15:00.000-0000","id":53755,"tag_ids":[46118,46136,46140],"begin_timestamp":{"seconds":1703873700,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52320}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","begin":"2023-12-29T18:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Über die Chatkontrolle wurde in den letzten zwei Jahren viel geredet – die problematischen Inhalte des Gesetzes kommen den meisten von uns wahrscheinlich zu den Ohren heraus.\r\nAber letztlich geht es um nicht weniger als einen historischen Kampf um Ende-zu-Ende-Verschlüsselung.\r\nAuf dem Tisch liegt das Thema aber schon deutlich länger. Wir wollen zurückblicken auf die Ursprünge und Kernpunkte des Gesetzesvorschlags. Und dann zusammen mit dem Publikum noch einmal die unüberschaubaren Wege gehen, die die Arbeit an diesem Gesetzesentwurf genommen hat.\r\nAus der Perspektive von Deutschlands oberstem Datenschützer (Ulrich Kelber), dem Abgeordneten des Europäischen Parlamanets (Patrick Breyer) und der digitalen Zivilgesellschaft (khaleesi) erzählen wir die bisherige Geschichte der Chatkontrolle. \r\nWenn ihr dachtet, ihr hättet alles zur Chatkontrolle gehört, bereitet euch auf eine absurde Tragödie vor, die ihr Ende noch nicht gefunden hat.\r\n\r\nTrotz des Erfolgs im EU-Parlament haben wir noch lange nicht gewonnen. Denn alles hängt im und am Rat, dessen Position könnte im Trilog alles zunichte machen was wir hart erarbeitet haben.\r\nUnd auch die Europawahlen stehen vor der Tür und damit kann sich nochmal alles ändern. Nicht fertige Gesetze werden in der EU in der nächste Legislaturperiode einfach weiterverhandelt. Um die Chatkontrolle endgültig zu stoppen, darf keine EU-Abgeordnete durch den Wahlkampf kommen, ohne sich klar zum Schutz von Verschlüsselung zu bekennen.\n\n\n In diesem Vortrag wollen wir auf die letzten knapp drei Jahre Kampf gegen die Chatkontrolle zurückblicken. Ein Kampf, der genauso droht zu einem Wiedergänger zu werden wie die Vorratsdatenspeicherung.\r\nWir waren auf eine harte Auseinandersetzung um Überwachung und sichere Kommunikation vorbereitet. Als Patrick 2020 angefangen, hat uns vor dem, was da kommt, zu warnen, haben wir nicht erwartet, dass es sich zu einer Tragödie entwickeln würde, in der es nicht um Kinderschutz oder Überwachung geht. Sondern um eine Kommission, der jedes Mittel recht ist. Und Korruption und Lobbyskandal.","title":"Chatkontrolle - Es ist noch nicht vorbei!","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"Über die Chatkontrolle wurde in den letzten zwei Jahren viel geredet – die problematischen Inhalte des Gesetzes kommen den meisten von uns wahrscheinlich zu den Ohren heraus.\r\nAber letztlich geht es um nicht weniger als einen historischen Kampf um Ende-zu-Ende-Verschlüsselung.\r\nAuf dem Tisch liegt das Thema aber schon deutlich länger. Wir wollen zurückblicken auf die Ursprünge und Kernpunkte des Gesetzesvorschlags. Und dann zusammen mit dem Publikum noch einmal die unüberschaubaren Wege gehen, die die Arbeit an diesem Gesetzesentwurf genommen hat.\r\nAus der Perspektive von Deutschlands oberstem Datenschützer (Ulrich Kelber), dem Abgeordneten des Europäischen Parlamanets (Patrick Breyer) und der digitalen Zivilgesellschaft (khaleesi) erzählen wir die bisherige Geschichte der Chatkontrolle. \r\nWenn ihr dachtet, ihr hättet alles zur Chatkontrolle gehört, bereitet euch auf eine absurde Tragödie vor, die ihr Ende noch nicht gefunden hat.\r\n\r\nTrotz des Erfolgs im EU-Parlament haben wir noch lange nicht gewonnen. Denn alles hängt im und am Rat, dessen Position könnte im Trilog alles zunichte machen was wir hart erarbeitet haben.\r\nUnd auch die Europawahlen stehen vor der Tür und damit kann sich nochmal alles ändern. Nicht fertige Gesetze werden in der EU in der nächste Legislaturperiode einfach weiterverhandelt. Um die Chatkontrolle endgültig zu stoppen, darf keine EU-Abgeordnete durch den Wahlkampf kommen, ohne sich klar zum Schutz von Verschlüsselung zu bekennen.\n\n\n In diesem Vortrag wollen wir auf die letzten knapp drei Jahre Kampf gegen die Chatkontrolle zurückblicken. Ein Kampf, der genauso droht zu einem Wiedergänger zu werden wie die Vorratsdatenspeicherung.\r\nWir waren auf eine harte Auseinandersetzung um Überwachung und sichere Kommunikation vorbereitet. Als Patrick 2020 angefangen, hat uns vor dem, was da kommt, zu warnen, haben wir nicht erwartet, dass es sich zu einer Tragödie entwickeln würde, in der es nicht um Kinderschutz oder Überwachung geht. Sondern um eine Kommission, der jedes Mittel recht ist. Und Korruption und Lobbyskandal.","end_timestamp":{"seconds":1703877300,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53391],"conference_id":131,"event_ids":[53738],"name":"Dr. Patrick Breyer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52252},{"content_ids":[53287,53391],"conference_id":131,"event_ids":[53738,53652],"name":"khaleesi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52277},{"content_ids":[53391],"conference_id":131,"event_ids":[53738],"name":"Prof. Ulrich Kelber","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52488}],"timeband_id":1142,"links":[],"end":"2023-12-29T19:15:00.000-0000","id":53738,"village_id":null,"begin_timestamp":{"seconds":1703873700,"nanoseconds":0},"tag_ids":[46121,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52252},{"tag_id":46107,"sort_order":1,"person_id":52488},{"tag_id":46107,"sort_order":1,"person_id":52277}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T18:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Das Spiel lebt davon das alle mitmachen und sich nach ihren Möglichkeiten beteiligen. Das Spiel kann nicht vollständig erklären wir Netzwerk Kommunikation abläuft, jedoch einen ersten spielerischen Einblick geben.\r\nContent Warnings: Dieses interaktive Spiel kann wuselig und bewegungsintensiv werden.\r\nDie Spielanleitung ist hier zu finden: http://git.tuxteam.de/gitweb/?p=susannes-git/experimentellesNetzwerkSpiel_TCP%2BUDP.git;a=tree\n\n\nIch möchte gemeinsam mit euch ein experimentelles Netzwerkspiel spielen. Dabei geht es darum die Kommunikation zwischen Computern spielerisch nachzuahmen um so zu verstehen wie Pakete zwischen Computern und Netzwerken transportiert werden. Wir werden TCP, UDP simulieren und erfahren was passiert, wenn der Router mal nicht aufpasst. Ich möchte einen alternativen unvollständigen Weg zum begreifen von Netzwerk Kommunikation anbieten. IPoAC inklusive.","type":{"conference_id":131,"conference":"37C3","color":"#7f73c6","updated_at":"2024-06-07T03:40+0000","name":"Workshop","id":46133},"title":"Experimentelles Spiel zur IT-Netzwerk Kommunikation","android_description":"Das Spiel lebt davon das alle mitmachen und sich nach ihren Möglichkeiten beteiligen. Das Spiel kann nicht vollständig erklären wir Netzwerk Kommunikation abläuft, jedoch einen ersten spielerischen Einblick geben.\r\nContent Warnings: Dieses interaktive Spiel kann wuselig und bewegungsintensiv werden.\r\nDie Spielanleitung ist hier zu finden: http://git.tuxteam.de/gitweb/?p=susannes-git/experimentellesNetzwerkSpiel_TCP%2BUDP.git;a=tree\n\n\nIch möchte gemeinsam mit euch ein experimentelles Netzwerkspiel spielen. Dabei geht es darum die Kommunikation zwischen Computern spielerisch nachzuahmen um so zu verstehen wie Pakete zwischen Computern und Netzwerken transportiert werden. Wir werden TCP, UDP simulieren und erfahren was passiert, wenn der Router mal nicht aufpasst. Ich möchte einen alternativen unvollständigen Weg zum begreifen von Netzwerk Kommunikation anbieten. IPoAC inklusive.","end_timestamp":{"seconds":1703880600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53474],"conference_id":131,"event_ids":[53809],"name":"Bücherratten","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52283}],"timeband_id":1142,"links":[],"end":"2023-12-29T20:10:00.000-0000","id":53809,"tag_ids":[46133,46139],"begin_timestamp":{"seconds":1703873400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52283}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T18:10:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/costanza-1","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Marco Costanza (Dj)","android_description":"https://soundcloud.com/costanza-1","end_timestamp":{"seconds":1703881800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T20:30:00.000-0000","id":53964,"village_id":null,"begin_timestamp":{"seconds":1703872800,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T18:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Is a co-creator of the art&play area, loves nerdy art installations and has been collecting music from other countries for many years. \r\n\r\nHer set combines driving beats with oriental rhythms, a journey with hypnotic passages and energetic climaxes.\n\n\n","title":"NinoTschka","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Is a co-creator of the art&play area, loves nerdy art installations and has been collecting music from other countries for many years. \r\n\r\nHer set combines driving beats with oriental rhythms, a journey with hypnotic passages and energetic climaxes.","end_timestamp":{"seconds":1703878200,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T19:30:00.000-0000","id":53958,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703872800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","begin":"2023-12-29T18:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Ideas of the anarchism existed before the network, however hacker's community willingly took anarchism appreciating its dedication to individual and collective freedom. Nowadays it plays quite a huge role for many people organized in hacker scene. With this session we will have a quick look on history of anarchism and the present of the anarchist struggle in the social and political sphere around the world. This is a short presentation with a discussion round.\n\n\n","title":"An introduction to Anarchism","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Ideas of the anarchism existed before the network, however hacker's community willingly took anarchism appreciating its dedication to individual and collective freedom. Nowadays it plays quite a huge role for many people organized in hacker scene. With this session we will have a quick look on history of anarchism and the present of the anarchist struggle in the social and political sphere around the world. This is a short presentation with a discussion round.","end_timestamp":{"seconds":1703878200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T19:30:00.000-0000","id":53782,"village_id":null,"begin_timestamp":{"seconds":1703872800,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"begin":"2023-12-29T18:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"News from Project Rosenpass, with ajuvo and dakoraa, and a special guest, congress edition","title":"Rosenpass Update","type":{"conference_id":131,"conference":"37C3","color":"#93758d","updated_at":"2024-06-07T03:40+0000","name":"Podcasting table (45 minutes)","id":46128},"end_timestamp":{"seconds":1703875500,"nanoseconds":0},"android_description":"News from Project Rosenpass, with ajuvo and dakoraa, and a special guest, congress edition","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:45:00.000-0000","id":53538,"tag_ids":[46128,46140],"village_id":null,"begin_timestamp":{"seconds":1703872800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T18:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: Skorpy, Blocktrron\n\n\nAuch dieses Jahr wollen sich die auf dem Congress anwesenden Entwicklerinnen und Anwenderinnen zu aktuellen Gluon Themen austauschen.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Gluon Meetup","end_timestamp":{"seconds":1703880000,"nanoseconds":0},"android_description":"Host: Skorpy, Blocktrron\n\n\nAuch dieses Jahr wollen sich die auf dem Congress anwesenden Entwicklerinnen und Anwenderinnen zu aktuellen Gluon Themen austauschen.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T20:00:00.000-0000","id":53501,"begin_timestamp":{"seconds":1703872800,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","begin":"2023-12-29T18:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"ein vortrag über raumstationslinguistik.\r\nund warum vieles nicht so ist wie es scheint.\r\n\r\ndie c-base ist eine rückwa:rts gefallene raumctation unter berlin-miTe.\r\nmit eigener c_rift.\r\nund wenn du diesen tecst lesen kannst oder nicht?\r\nist dieser vortrag genau richtig fu:r dich.\r\noha.\r\nes geht um c-lang, die geschriebene sprache der c-base.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"abdocccecwencen - Sprache einer Raumstation","android_description":"ein vortrag über raumstationslinguistik.\r\nund warum vieles nicht so ist wie es scheint.\r\n\r\ndie c-base ist eine rückwa:rts gefallene raumctation unter berlin-miTe.\r\nmit eigener c_rift.\r\nund wenn du diesen tecst lesen kannst oder nicht?\r\nist dieser vortrag genau richtig fu:r dich.\r\noha.\r\nes geht um c-lang, die geschriebene sprache der c-base.","end_timestamp":{"seconds":1703874600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:30:00.000-0000","id":53441,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703872800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T18:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Dive into our project's pioneering use of ptrace in Golang for proactive proxy leak prevention. Operating seamlessly across Linux applications, our approach intercepts and analyzes system calls, fortifying user privacy and security by effectively preventing network socket system call leaks. Join us in exploring the practical implementation of this innovative solution, extending compatibility to a diverse range of applications, and showcasing its success in enhancing overall cybersecurity.\n\n\nExplore our project's use of ptrace in Golang for proactive proxy leak prevention. We intercept and analyze system calls universally across Linux applications, ensuring comprehensive coverage and enhancing user privacy and security by preventing network socket system call leaks.","title":"Leveraging ptrace for Proactive Proxy Leak Prevention (Workshop)","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"Dive into our project's pioneering use of ptrace in Golang for proactive proxy leak prevention. Operating seamlessly across Linux applications, our approach intercepts and analyzes system calls, fortifying user privacy and security by effectively preventing network socket system call leaks. Join us in exploring the practical implementation of this innovative solution, extending compatibility to a diverse range of applications, and showcasing its success in enhancing overall cybersecurity.\n\n\nExplore our project's use of ptrace in Golang for proactive proxy leak prevention. We intercept and analyze system calls universally across Linux applications, ensuring comprehensive coverage and enhancing user privacy and security by preventing network socket system call leaks.","end_timestamp":{"seconds":1703874600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:30:00.000-0000","id":53975,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703871000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T17:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Every day from 18:30 to 19:00 at the 37c3 Kidspace, we're hosting a bedtime story reading session. Perfect for everyone looking to unwind after an exciting day at the Congress. Among others, we'll read from works like 'Ada and Zangemann: A Fairy Tale about Software, Skateboards, and Raspberry Ice Cream' – just one example of the many captivating stories that await you.\n\n\n","title":"GuteN8Geschichten - Tag 3","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"Every day from 18:30 to 19:00 at the 37c3 Kidspace, we're hosting a bedtime story reading session. Perfect for everyone looking to unwind after an exciting day at the Congress. Among others, we'll read from works like 'Ada and Zangemann: A Fairy Tale about Software, Skateboards, and Raspberry Ice Cream' – just one example of the many captivating stories that await you.","end_timestamp":{"seconds":1703872800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:00:00.000-0000","id":53803,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703871000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Kidspace - Saal B","hotel":"","short_name":"Kidspace - Saal B","id":46158},"spans_timebands":"N","begin":"2023-12-29T17:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This is the Live-Video Q&A-Session to the talk\r\n\"Ecocide and (green) colonialism in Sápmi\"\r\nhttps://fahrplan.events.ccc.de/congress/2023/fahrplan/events/12086.html\n\n\nDies ist die Live-Video Q&A-Session zum Talk\r\n\"Ecocide and (green) colonialism in Sápmi\"","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Ecocide and (green) colonialism in Sápmi Q&A Video-Live-Session","end_timestamp":{"seconds":1703872800,"nanoseconds":0},"android_description":"This is the Live-Video Q&A-Session to the talk\r\n\"Ecocide and (green) colonialism in Sápmi\"\r\nhttps://fahrplan.events.ccc.de/congress/2023/fahrplan/events/12086.html\n\n\nDies ist die Live-Video Q&A-Session zum Talk\r\n\"Ecocide and (green) colonialism in Sápmi\"","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:00:00.000-0000","id":53787,"begin_timestamp":{"seconds":1703871000,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T17:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This will be presented by Eva Infeld and Leif Ryge. We hope for an interactive discussion.\r\n\r\nIn a world with state and corporate surveillance actors of immense power, building anonymity technology is an exercise in trade-offs, and few guarantees. But anonymity technology is badly needed. We introduce Katzenpost, a project that enables individuals and communities to build their own mixnets for anonymous communication. It has the eventual goal of resistance to attacks by large-scale passive and active adversaries, and to expected advancements in cryptanalysis such as attacks by cryptographically relevant quantum computers. We will explain our motivations, protocol design choices, and discuss the resulting protocol properties from several perspectives. This talk will also introduce the namenlos network, an instantiation of a mixnet using the Katzenpost software which may be used for experimentation today. Launched in 2022, namenlos consists of servers run by volunteers in several different countries. While we do not currently set security and privacy expectations, namenlos is the first hybrid post-quantum mixnet designed to resist large-scale adversaries built entirely with Free Software.\n\n\n","title":"Adventures in the Design of Anti-Surveillance Technology (Katzenpost)","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703873400,"nanoseconds":0},"android_description":"This will be presented by Eva Infeld and Leif Ryge. We hope for an interactive discussion.\r\n\r\nIn a world with state and corporate surveillance actors of immense power, building anonymity technology is an exercise in trade-offs, and few guarantees. But anonymity technology is badly needed. We introduce Katzenpost, a project that enables individuals and communities to build their own mixnets for anonymous communication. It has the eventual goal of resistance to attacks by large-scale passive and active adversaries, and to expected advancements in cryptanalysis such as attacks by cryptographically relevant quantum computers. We will explain our motivations, protocol design choices, and discuss the resulting protocol properties from several perspectives. This talk will also introduce the namenlos network, an instantiation of a mixnet using the Katzenpost software which may be used for experimentation today. Launched in 2022, namenlos consists of servers run by volunteers in several different countries. While we do not currently set security and privacy expectations, namenlos is the first hybrid post-quantum mixnet designed to resist large-scale adversaries built entirely with Free Software.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:10:00.000-0000","id":53763,"village_id":null,"begin_timestamp":{"seconds":1703871000,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T17:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Please take with you:\r\n- Your laptop with Access to the internet and Chromium or Google Chrome\r\nOptionally:\r\n- Arduino IDE or VS code installed (with Z-Uno package installed, see https://z-uno.z-wave.me/install for details - we will help you with this during the workshop)\r\n- Arduino-compatible sensors to build your own Z-Wave sensor (optional)\r\n- Your Z-Wave stuff if any (optional)\r\n\r\nTopics of the workshop:\r\n- What is Z-Wave and where should you use it. Comparison with Zigbee and Matter\r\n- Z-Wave controller and RaZberry/WB7 hardware: Controlling switches, Reading sensor/switch values, Making rules, Using JS API\r\n- Z-Uno prototyping board: Making Simple Switch, Adding more stuff\r\n- Z-Uno Shield and Z-Uno Configurator\r\n- Z-Uno Modules\r\n\r\nUseful links for the workshop:\r\n\r\nZ-Way documentation\r\n- Installing Z-Way https://z-wave.me/z-way/download-z-way/\r\n- Z-Way doc https://z-wave.me/manual/z-way\r\n- Z-Way JS engine GitHub https://github.com/Z-Wave-Me/home-automation/\r\n\r\nZ-Way workshop materials\r\n- Turning on/off a device /ZWaveAPI/Run/devices[NNN].SwitchBinary.Set(0 or 1)\r\n- Reading switch value /ZWaveAPI/Run/devices[NNN].SwitchBinary.data.level.value\r\n- Using JS API /JS/Run/var v = 1; setInterval(function() { zway.devices[NNN].SwitchBinary.Set(v); v = 1-v;}, 2000);\r\n\r\nZ-Uno documentation:\r\n- Quick Intro https://z-uno.z-wave.me/getting-started/quick-introduction-in-z-uno/\r\n- Installation howto https://z-uno.z-wave.me/install\r\n- Language Reference https://z-uno.z-wave.me/reference/\r\n- Examples https://z-uno.z-wave.me/examples/\r\n- Z-Uno Shield https://z-uno.z-wave.me/shield/\r\n- Z-Uno Shield Configurator https://z-uno.z-wave.me/Z-Uno-Shield-Configurator/\r\n- Z-Uno GitHub https://github.com/Z-Wave-Me/Z-Uno-G2-Core\n\n\nDuring this workshop we will build simple smart home devices using the Z-Wave protocol. We will also discuss smart home controllers and protocols diversity: Z-Wave, Zigbee, Thread, Matter.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Making Smart Home devices great again","android_description":"Please take with you:\r\n- Your laptop with Access to the internet and Chromium or Google Chrome\r\nOptionally:\r\n- Arduino IDE or VS code installed (with Z-Uno package installed, see https://z-uno.z-wave.me/install for details - we will help you with this during the workshop)\r\n- Arduino-compatible sensors to build your own Z-Wave sensor (optional)\r\n- Your Z-Wave stuff if any (optional)\r\n\r\nTopics of the workshop:\r\n- What is Z-Wave and where should you use it. Comparison with Zigbee and Matter\r\n- Z-Wave controller and RaZberry/WB7 hardware: Controlling switches, Reading sensor/switch values, Making rules, Using JS API\r\n- Z-Uno prototyping board: Making Simple Switch, Adding more stuff\r\n- Z-Uno Shield and Z-Uno Configurator\r\n- Z-Uno Modules\r\n\r\nUseful links for the workshop:\r\n\r\nZ-Way documentation\r\n- Installing Z-Way https://z-wave.me/z-way/download-z-way/\r\n- Z-Way doc https://z-wave.me/manual/z-way\r\n- Z-Way JS engine GitHub https://github.com/Z-Wave-Me/home-automation/\r\n\r\nZ-Way workshop materials\r\n- Turning on/off a device /ZWaveAPI/Run/devices[NNN].SwitchBinary.Set(0 or 1)\r\n- Reading switch value /ZWaveAPI/Run/devices[NNN].SwitchBinary.data.level.value\r\n- Using JS API /JS/Run/var v = 1; setInterval(function() { zway.devices[NNN].SwitchBinary.Set(v); v = 1-v;}, 2000);\r\n\r\nZ-Uno documentation:\r\n- Quick Intro https://z-uno.z-wave.me/getting-started/quick-introduction-in-z-uno/\r\n- Installation howto https://z-uno.z-wave.me/install\r\n- Language Reference https://z-uno.z-wave.me/reference/\r\n- Examples https://z-uno.z-wave.me/examples/\r\n- Z-Uno Shield https://z-uno.z-wave.me/shield/\r\n- Z-Uno Shield Configurator https://z-uno.z-wave.me/Z-Uno-Shield-Configurator/\r\n- Z-Uno GitHub https://github.com/Z-Wave-Me/Z-Uno-G2-Core\n\n\nDuring this workshop we will build simple smart home devices using the Z-Wave protocol. We will also discuss smart home controllers and protocols diversity: Z-Wave, Zigbee, Thread, Matter.","end_timestamp":{"seconds":1703874600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:30:00.000-0000","id":53979,"begin_timestamp":{"seconds":1703869200,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir veranstalten seit ca. einem Jahr unter dem Namen tech from below ein Meetup in Berlin zu Tech-Tools für soziale Bewegungen. Wir wollen damit Developer und Aktivist:innen z.B. aus der Klimabewegung, Mieter:innen-Initiativen oder Gewerkschaften vernetzen. Bei jedem Meetup stellen sich bereits gelungene Tech-Projekte aus sozialen Bewegungen vor und berichten von ihren Erfahrungen, um den Austausch über Best-Practices und Lessons Learned zu fördern. Hier auf dem Congress wollen wir uns mit bisherigen Teilnehmenden treffen, Sticker verteilen ;) und die Idee des Meetups neuen Leuten vorstellen.\n\n\nWir veranstalten seit ca. einem Jahr unter dem Namen tech from below ein Meetup in Berlin zu Tech-Tools für soziale Bewegungen. Wir wollen damit Developer und Aktivist:innen z.B. aus der Klimabewegung, Mieter:innen-Initiativen oder Gewerkschaften vernetzen. Bei jedem Meetup stellen sich bereits gelungene Tech-Projekte aus sozialen Bewegungen vor und berichten von ihren Erfahrungen, um den Austausch über Best-Practices und Lessons Learned zu fördern. Hier auf dem Congress wollen wir uns mit bisherigen Teilnehmenden treffen, Sticker verteilen ;) und die Idee des Meetups neuen Leuten vorstellen.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"tech from below: Technologie von und für soziale Bewegungen","end_timestamp":{"seconds":1703872800,"nanoseconds":0},"android_description":"Wir veranstalten seit ca. einem Jahr unter dem Namen tech from below ein Meetup in Berlin zu Tech-Tools für soziale Bewegungen. Wir wollen damit Developer und Aktivist:innen z.B. aus der Klimabewegung, Mieter:innen-Initiativen oder Gewerkschaften vernetzen. Bei jedem Meetup stellen sich bereits gelungene Tech-Projekte aus sozialen Bewegungen vor und berichten von ihren Erfahrungen, um den Austausch über Best-Practices und Lessons Learned zu fördern. Hier auf dem Congress wollen wir uns mit bisherigen Teilnehmenden treffen, Sticker verteilen ;) und die Idee des Meetups neuen Leuten vorstellen.\n\n\nWir veranstalten seit ca. einem Jahr unter dem Namen tech from below ein Meetup in Berlin zu Tech-Tools für soziale Bewegungen. Wir wollen damit Developer und Aktivist:innen z.B. aus der Klimabewegung, Mieter:innen-Initiativen oder Gewerkschaften vernetzen. Bei jedem Meetup stellen sich bereits gelungene Tech-Projekte aus sozialen Bewegungen vor und berichten von ihren Erfahrungen, um den Austausch über Best-Practices und Lessons Learned zu fördern. Hier auf dem Congress wollen wir uns mit bisherigen Teilnehmenden treffen, Sticker verteilen ;) und die Idee des Meetups neuen Leuten vorstellen.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:00:00.000-0000","id":53972,"begin_timestamp":{"seconds":1703869200,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Freie Arbeiter*innen Union (FAU)","hotel":"","short_name":"Freie Arbeiter*innen Union (FAU)","id":46146},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Software Defined Radio (SDR) ist ein häufiges Schlagwort. In einem kurzem Abriss versuche ich einen Einblick zu geben, was SDR so interessant macht. Ich werde erklären, was es mit den I/Q-Signalen so auf sich hat und was man denen im weiteren anstellen kann. Abgerundet wird der Vortrag mit einer kurzen Vorstellung gänger Hardware für den Einstieg.\n\n\nGrundlagen SDR\r\nWie funktioniert das mit den I/Q-Signalen\r\nWelche Technik benötigt man?\r\nWie geht es weiter?","title":"Software Defined Radio","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"Software Defined Radio (SDR) ist ein häufiges Schlagwort. In einem kurzem Abriss versuche ich einen Einblick zu geben, was SDR so interessant macht. Ich werde erklären, was es mit den I/Q-Signalen so auf sich hat und was man denen im weiteren anstellen kann. Abgerundet wird der Vortrag mit einer kurzen Vorstellung gänger Hardware für den Einstieg.\n\n\nGrundlagen SDR\r\nWie funktioniert das mit den I/Q-Signalen\r\nWelche Technik benötigt man?\r\nWie geht es weiter?","end_timestamp":{"seconds":1703871000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:30:00.000-0000","id":53969,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703869200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chaoswelle","hotel":"","short_name":"Chaoswelle","id":46141},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/meltedmoon\n\n\nGameboy 8 Bit live","title":"Melted Moon (Solo-Performance von Fabi)","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"https://soundcloud.com/meltedmoon\n\n\nGameboy 8 Bit live","end_timestamp":{"seconds":1703872800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:00:00.000-0000","id":53957,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703869200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","begin":"2023-12-29T17:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We'll hang out and talk about anything relationship related, with a focus on polyamory.\r\n\r\nOpen for practising as well as interested beings.\r\n\r\nAccess to the Signal group for Assembly interested beings: get in contact via mastodon at @einalex@chaos.social\n\n\n","title":"Relationship Geeks Get Together","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"We'll hang out and talk about anything relationship related, with a focus on polyamory.\r\n\r\nOpen for practising as well as interested beings.\r\n\r\nAccess to the Signal group for Assembly interested beings: get in contact via mastodon at @einalex@chaos.social","end_timestamp":{"seconds":1703872800,"nanoseconds":0},"updated_timestamp":{"seconds":1703954760,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:00:00.000-0000","id":53885,"begin_timestamp":{"seconds":1703869200,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"N","begin":"2023-12-29T17:00:00.000-0000","updated":"2023-12-30T16:46:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wolltet ihr schon immer mal wissen, was nötig ist, um den Kindern ein Spielparadies zu \"erbauen\".\r\nDies wollen wir euch erzählen und hoffen darauf, dass wir weitere Wesen finden, die uns bei dieser vielfältigen und chaotischen Aufgabe unterstützen wollen.\n\n\nWir erklären euch, das die Orga so macht.","title":"HOWTO Kidspace","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703872800,"nanoseconds":0},"android_description":"Wolltet ihr schon immer mal wissen, was nötig ist, um den Kindern ein Spielparadies zu \"erbauen\".\r\nDies wollen wir euch erzählen und hoffen darauf, dass wir weitere Wesen finden, die uns bei dieser vielfältigen und chaotischen Aufgabe unterstützen wollen.\n\n\nWir erklären euch, das die Orga so macht.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:00:00.000-0000","id":53871,"village_id":null,"begin_timestamp":{"seconds":1703869200,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Kidspace - Workshopraum in Saal B","hotel":"","short_name":"Kidspace - Workshopraum in Saal B","id":46143},"spans_timebands":"N","begin":"2023-12-29T17:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Der erste Teil des Talks klärt, was Mental Health eigentlich ist, wer die braucht (Spoiler: wir alle) und wie sich mit Mental Health Care Resilienz aufbauen lässt. \r\nWir müssen aber auch darüber sprechen, was dieses \"Home\" eigentlich ist - und ob Ihr das als wichtigsten Mental Health - Skill erkannt habt und nutzt.\r\n\r\nIch stelle Euch einfache Skills für Zuhause und unterwegs vor, wie ich sie in der DBT kennen- und schätzen gelernt habe. Skills auch für Menschen ohne psychische Diagnosen - damit das auch so bleibt. \r\n\r\nUnd im dritten Teil reden wir über die Situation, dass und wenn Ihr doch mal Unterstützung für die Psyche braucht: Wie und wo findet Ihr Unterstützung? Ambulante oder stationäre Therapie - oder ganz ungewöhnliche Art der Therapie (Wawuschel-Style)? \r\nUnd warum brauchen neurodiverse Menschen andere, leider in unserem Gesundheitssystem nicht vertretene, Therapien?\r\n\r\nSchickt mir gerne vor dem Talk Eure Themen und Fragen zu Mental Health Care zuhause mit, damit ich die einbauen kann. :)\n\n\nWir sollten uns alle mehr Zeit für Mental Health Care nehmen, also mehr für unsere psychische Gesundheit tun. \r\nIch zeige Euch, mit welchen einfachen Schritten das auch zuhause geht... Und wie und wo Ihr professionelle Hilfe dabei findet, wenn Ihr sie braucht - und warum die klassischen Therapiemethoden bei neurodiversen Menschen oft nicht so gut funktionieren.","type":{"conference_id":131,"conference":"37C3","color":"#f6ae74","updated_at":"2024-06-07T03:40+0000","name":"Talk 90 Minuten +15m Q&A","id":46132},"title":"Try Mental Health Care - zuhause","android_description":"Der erste Teil des Talks klärt, was Mental Health eigentlich ist, wer die braucht (Spoiler: wir alle) und wie sich mit Mental Health Care Resilienz aufbauen lässt. \r\nWir müssen aber auch darüber sprechen, was dieses \"Home\" eigentlich ist - und ob Ihr das als wichtigsten Mental Health - Skill erkannt habt und nutzt.\r\n\r\nIch stelle Euch einfache Skills für Zuhause und unterwegs vor, wie ich sie in der DBT kennen- und schätzen gelernt habe. Skills auch für Menschen ohne psychische Diagnosen - damit das auch so bleibt. \r\n\r\nUnd im dritten Teil reden wir über die Situation, dass und wenn Ihr doch mal Unterstützung für die Psyche braucht: Wie und wo findet Ihr Unterstützung? Ambulante oder stationäre Therapie - oder ganz ungewöhnliche Art der Therapie (Wawuschel-Style)? \r\nUnd warum brauchen neurodiverse Menschen andere, leider in unserem Gesundheitssystem nicht vertretene, Therapien?\r\n\r\nSchickt mir gerne vor dem Talk Eure Themen und Fragen zu Mental Health Care zuhause mit, damit ich die einbauen kann. :)\n\n\nWir sollten uns alle mehr Zeit für Mental Health Care nehmen, also mehr für unsere psychische Gesundheit tun. \r\nIch zeige Euch, mit welchen einfachen Schritten das auch zuhause geht... Und wie und wo Ihr professionelle Hilfe dabei findet, wenn Ihr sie braucht - und warum die klassischen Therapiemethoden bei neurodiversen Menschen oft nicht so gut funktionieren.","end_timestamp":{"seconds":1703875500,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53198,53481],"conference_id":131,"event_ids":[53815,53510],"name":"Wawuschel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52454}],"timeband_id":1142,"links":[],"end":"2023-12-29T18:45:00.000-0000","id":53815,"begin_timestamp":{"seconds":1703869200,"nanoseconds":0},"village_id":null,"tag_ids":[46132,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52454}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Over the last years, Chinese science-fiction became very well-known in the West. Liu Cixin's „The Three-Body Problem“ and Hao Jingfang's „Folding Beijing“ were both awarded with the Hugo Award and Barack Obama publicly recommended the former.\r\n\r\nIn this talk, we will go over some acclaimed Chinese writers, especially their history and their style: The three „grand-masters“ Liu Cixin, Wang Jingkang and Han Song, the three well-known and awarded authors Hao Jingfang, Chen Qiufan and Baoshu as well as some others including Gu Shi, Ma Boyong, Cheng Jingbo, Zhang Ran, Luo Longxiang and Fei Dao. Prints of and links to some of their short stories („Salinger and the Koreans“ by Han Song, „Folding Beijing“ by Hao Jingfang and „Möbius Continuum“ by Gu Shi) will be available.\r\n\r\nFor everybody. No prior knowledge required.\r\n\r\nWe meet at the Assembly of the OpenLab Augsburg.\r\n\r\n🧮🦆\n\n\n","title":"Introduction to acclaimed Chinese writers","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Over the last years, Chinese science-fiction became very well-known in the West. Liu Cixin's „The Three-Body Problem“ and Hao Jingfang's „Folding Beijing“ were both awarded with the Hugo Award and Barack Obama publicly recommended the former.\r\n\r\nIn this talk, we will go over some acclaimed Chinese writers, especially their history and their style: The three „grand-masters“ Liu Cixin, Wang Jingkang and Han Song, the three well-known and awarded authors Hao Jingfang, Chen Qiufan and Baoshu as well as some others including Gu Shi, Ma Boyong, Cheng Jingbo, Zhang Ran, Luo Longxiang and Fei Dao. Prints of and links to some of their short stories („Salinger and the Koreans“ by Han Song, „Folding Beijing“ by Hao Jingfang and „Möbius Continuum“ by Gu Shi) will be available.\r\n\r\nFor everybody. No prior knowledge required.\r\n\r\nWe meet at the Assembly of the OpenLab Augsburg.\r\n\r\n🧮🦆","end_timestamp":{"seconds":1703871900,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:45:00.000-0000","id":53800,"begin_timestamp":{"seconds":1703869200,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This is a beginners' workshop on web application security. No prerequisites in web application security are required. A certain (web application) development background is beneficial.\r\n\r\n- First, we will be playing a virtual escaple the room game with challenges on a web application to get into an attacker's mindset.\r\n- Then follows a quick introduction to the OWASP Top 10 vulnerabilities.\r\n- Finally use the gathered knowledge so far to attack a vulnerable web application (https://github.com/Phylu/vulnerable-click-game) and see how these attacks can easily be prevented.\r\n\r\nPlease bring your (fully charged) laptop to be able to participate.\n\n\n","title":"Workshop: How to Hack your Web Application","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"This is a beginners' workshop on web application security. No prerequisites in web application security are required. A certain (web application) development background is beneficial.\r\n\r\n- First, we will be playing a virtual escaple the room game with challenges on a web application to get into an attacker's mindset.\r\n- Then follows a quick introduction to the OWASP Top 10 vulnerabilities.\r\n- Finally use the gathered knowledge so far to attack a vulnerable web application (https://github.com/Phylu/vulnerable-click-game) and see how these attacks can easily be prevented.\r\n\r\nPlease bring your (fully charged) laptop to be able to participate.","end_timestamp":{"seconds":1703872800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:00:00.000-0000","id":53781,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703869200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In this interactive physical session, we invite the hackers to connect their bodies and minds and to plunge into a 1-hour collective movement.\r\n\r\nDuring the session, we will explore the concepts of infiltration, vulnerability, and resilience through our bodies. Experiencing these ideas through touch and physical interaction offers another perspective on the dynamics of their operation, which can be very useful outside of the physical context as well. \r\n\r\nWe base our practice on EightOS — an operating system for the body/mind based on martial arts and dance.\r\n\r\nWe will announce the location separately.\r\n\r\nFor more info, please, check [www.8os.io](https://8os.io).\r\n\r\nSession hosted by Dmitry Paranyushkin and Koo Des.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"EightOS: Hacking the Body [8 OS Physical Practice Session]","android_description":"In this interactive physical session, we invite the hackers to connect their bodies and minds and to plunge into a 1-hour collective movement.\r\n\r\nDuring the session, we will explore the concepts of infiltration, vulnerability, and resilience through our bodies. Experiencing these ideas through touch and physical interaction offers another perspective on the dynamics of their operation, which can be very useful outside of the physical context as well. \r\n\r\nWe base our practice on EightOS — an operating system for the body/mind based on martial arts and dance.\r\n\r\nWe will announce the location separately.\r\n\r\nFor more info, please, check [www.8os.io](https://8os.io).\r\n\r\nSession hosted by Dmitry Paranyushkin and Koo Des.","end_timestamp":{"seconds":1703872800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:00:00.000-0000","id":53772,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703869200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wer kennt es nicht, den Gedanken, dass man das doch eigentlich wissen müsse oder gar die Sorge als nichtwissend enttarnt zu werden? Durch die Decke gehen diese Impulse an schlechten Tagen wenn dann jemand anderes um die Ecke kommt und die (natürlich logische) Lösung für das Problem parat hat.\r\nSystematisch lässt sich hier über Erkenntnistheorie und verschiedene Quellen von Ungewissheit sprechen. Das Einbringen von eigenen Anekdoten durch euch könnte uns alle weniger allein mit diesen Gefühlen fühlen lassen und den nächsten oopsie-Moment souverän managen lassen :)\n\n\n","title":"Certainty Salon aka Imposter-Syndrome-Selbsthilfegruppe","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"Wer kennt es nicht, den Gedanken, dass man das doch eigentlich wissen müsse oder gar die Sorge als nichtwissend enttarnt zu werden? Durch die Decke gehen diese Impulse an schlechten Tagen wenn dann jemand anderes um die Ecke kommt und die (natürlich logische) Lösung für das Problem parat hat.\r\nSystematisch lässt sich hier über Erkenntnistheorie und verschiedene Quellen von Ungewissheit sprechen. Das Einbringen von eigenen Anekdoten durch euch könnte uns alle weniger allein mit diesen Gefühlen fühlen lassen und den nächsten oopsie-Moment souverän managen lassen :)","end_timestamp":{"seconds":1703871000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:30:00.000-0000","id":53762,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703869200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"begin":"2023-12-29T17:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Tägliche Meetups zum Netzwerken, gegenseitiges Kennenlernen, Tipps geben.","title":"Bits & Bäume Community Treffen Tag 3","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703872800,"nanoseconds":0},"android_description":"Tägliche Meetups zum Netzwerken, gegenseitiges Kennenlernen, Tipps geben.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:00:00.000-0000","id":53504,"village_id":null,"begin_timestamp":{"seconds":1703869200,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Community Space","hotel":"","short_name":"Bits & Bäume Community Space","id":46145},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Sápmi is located in northern Europe and refers to the land of the Sámi people. Over time it has been colonized by Sweden, Norway, Finland and Russia. As a result, the Sámi have been subjected to various forms of oppression and discrimination by these countries to this day.\r\n\r\nSápmi and Sápmi’s colonial history are presented. Current forms of oppression are also addressed. An important role is played by “green capitalism,” a form of capitalism in which oppression is advanced under the guise of climate protection. Some examples include: Dams that disrupt reindeer migration routes and flood sacred Sámi sites, or wind turbines that are widely avoided by reindeer. Of course, the lectures will also address the problems that mines pose for the Sámi. A topic which was discussed lately with the discussion around the rare earths found in the so-called Sweden also here in Germany. Furthermore, the problems caused by the still occurring clear-cutting in the area of the Sámi and the resulting loss of biodiversity are explained.\r\n\r\nWhat resistance has there been in recent years against this capitalist destruction and (green) colonialism? What is the current situation in Sápmi and what does the future look like?\n\n\nWhat is Sápmi? And who are the Sami people? Why is their land threatened by the so-called Green Transition? Why is Europe's largest data centre being built on their land? We would like to try to answer these questions and explain in detail why \"our green transition\" is a threat to the land and rights of the Sami people. We will also discuss the so-called green server infrastructure in Sápmi for example the largest data centre in Europe (by Facebook). \r\n\r\nWe are from the Decolonise Sápmi info tour through Germany and not Sámi ourselves. Our talk is based on presentations given by Sámi people during our tour.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"Ecocide and (green) colonialism in Sápmi","end_timestamp":{"seconds":1703870100,"nanoseconds":0},"android_description":"Sápmi is located in northern Europe and refers to the land of the Sámi people. Over time it has been colonized by Sweden, Norway, Finland and Russia. As a result, the Sámi have been subjected to various forms of oppression and discrimination by these countries to this day.\r\n\r\nSápmi and Sápmi’s colonial history are presented. Current forms of oppression are also addressed. An important role is played by “green capitalism,” a form of capitalism in which oppression is advanced under the guise of climate protection. Some examples include: Dams that disrupt reindeer migration routes and flood sacred Sámi sites, or wind turbines that are widely avoided by reindeer. Of course, the lectures will also address the problems that mines pose for the Sámi. A topic which was discussed lately with the discussion around the rare earths found in the so-called Sweden also here in Germany. Furthermore, the problems caused by the still occurring clear-cutting in the area of the Sámi and the resulting loss of biodiversity are explained.\r\n\r\nWhat resistance has there been in recent years against this capitalist destruction and (green) colonialism? What is the current situation in Sápmi and what does the future look like?\n\n\nWhat is Sápmi? And who are the Sami people? Why is their land threatened by the so-called Green Transition? Why is Europe's largest data centre being built on their land? We would like to try to answer these questions and explain in detail why \"our green transition\" is a threat to the land and rights of the Sami people. We will also discuss the so-called green server infrastructure in Sápmi for example the largest data centre in Europe (by Facebook). \r\n\r\nWe are from the Decolonise Sápmi info tour through Germany and not Sámi ourselves. Our talk is based on presentations given by Sámi people during our tour.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53409],"conference_id":131,"event_ids":[53754],"name":"Kim","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52315},{"content_ids":[53409],"conference_id":131,"event_ids":[53754],"name":"Maris","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52469}],"timeband_id":1142,"end":"2023-12-29T17:15:00.000-0000","links":[{"label":"Decolonise-Sápmi Infotour","type":"link","url":"https://decolonizingsapmitour.blackblogs.org/"}],"id":53754,"tag_ids":[46125,46136,46139],"begin_timestamp":{"seconds":1703867700,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52315},{"tag_id":46107,"sort_order":1,"person_id":52469}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"begin":"2023-12-29T16:35:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The 37c3 would not feel complete for me without discussing self-organization topics like getting things done, calendar blocking, [hipster PDAs](https://en.wikipedia.org/wiki/Hipster_PDA) :), responsibility process, inner sociocracy, ... I would also love to explore together about procrastination in a positive sense & maybe how to retain a compassionate and humane way of dealing with yourself and others. (I feel/wonder this might be lost as you become increasingly able to exercise control towards your desired outcomes.)\r\n\r\nThe session is intended as an informal conversation about these topics.\r\n\r\nLocation: Foyer Level 2 (Area in front of the elevators left of Stage Y)\r\n\r\n(Organized by Michael)\r\n\r\n🧮\n\n\n","title":"Exchange on self-organization (e.g. Getting Things Done) and procrastination","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"The 37c3 would not feel complete for me without discussing self-organization topics like getting things done, calendar blocking, [hipster PDAs](https://en.wikipedia.org/wiki/Hipster_PDA) :), responsibility process, inner sociocracy, ... I would also love to explore together about procrastination in a positive sense & maybe how to retain a compassionate and humane way of dealing with yourself and others. (I feel/wonder this might be lost as you become increasingly able to exercise control towards your desired outcomes.)\r\n\r\nThe session is intended as an informal conversation about these topics.\r\n\r\nLocation: Foyer Level 2 (Area in front of the elevators left of Stage Y)\r\n\r\n(Organized by Michael)\r\n\r\n🧮","end_timestamp":{"seconds":1703870100,"nanoseconds":0},"updated_timestamp":{"seconds":1703808300,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:15:00.000-0000","id":54002,"begin_timestamp":{"seconds":1703867400,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Foyer Level 2 (In front of the elevators left of Stage Y)","hotel":"","short_name":"Foyer Level 2 (In front of the elevators left of Stage Y)","id":46156},"begin":"2023-12-29T16:30:00.000-0000","updated":"2023-12-29T00:05:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Lines of division in the Ukrainian society: How the Russian\r\ninformation impact creates and exploits them for\r\ndestabilization.\r\n(Content applicable to Germany)\r\nArtem Zakharchenko, media analyst (live from Ukraine) and\r\nNastya Melnychenko, feminist, civil rights activist (live from the USA)\r\n\r\nhttps://events.ccc.de/congress/2023/hub/en/tag/UAct/\n\n\nLines of division in the Ukrainian society: How the Russian\r\ninformation impact creates and exploits them for\r\ndestabilization.\r\n(Content applicable to Germany)","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"U Act! - Destabilization through Media","end_timestamp":{"seconds":1703872800,"nanoseconds":0},"android_description":"Lines of division in the Ukrainian society: How the Russian\r\ninformation impact creates and exploits them for\r\ndestabilization.\r\n(Content applicable to Germany)\r\nArtem Zakharchenko, media analyst (live from Ukraine) and\r\nNastya Melnychenko, feminist, civil rights activist (live from the USA)\r\n\r\nhttps://events.ccc.de/congress/2023/hub/en/tag/UAct/\n\n\nLines of division in the Ukrainian society: How the Russian\r\ninformation impact creates and exploits them for\r\ndestabilization.\r\n(Content applicable to Germany)","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:00:00.000-0000","id":53890,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703867400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"ChaosZone","hotel":"","short_name":"ChaosZone","id":46138},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T16:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Spontanes Treffen für Biohacking und Grinding Enthusiast*innen beim Chaos Communication Congress! \r\nBei diesem treffen können wir uns locker austauschen über RFID-Chips, Magneten unter der Haut und alles, was mit implantierten Technologien zu tun hat. Kein fester Ablauf, keine festen Pläne – lasst uns einfach zusammenkommen und schauen, wohin uns die Gespräche führen, egal, ob ihr bereits Implantate habt oder einfach neugierig seid.\r\n\r\nErst eine kurze Einführung und dann offene Gesprächsrunde. Wenn wir den space an den nächsten Vortrag abgeben müssen, und noch im Gespräch sind, können wir z.b. nach komona umziehen.\r\n\r\n[About me]\r\nIch bin Merlin, habe einige Magneten und RFID-Chips in meinem Körper implantiert, bastle an eigenen Chip-Implantaten und bin gespannt auf eure Erfahrungen und Ideen.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Das geht unter die Haut: Spontanes Biohacking treffen beim Congress","end_timestamp":{"seconds":1703869200,"nanoseconds":0},"android_description":"Spontanes Treffen für Biohacking und Grinding Enthusiast*innen beim Chaos Communication Congress! \r\nBei diesem treffen können wir uns locker austauschen über RFID-Chips, Magneten unter der Haut und alles, was mit implantierten Technologien zu tun hat. Kein fester Ablauf, keine festen Pläne – lasst uns einfach zusammenkommen und schauen, wohin uns die Gespräche führen, egal, ob ihr bereits Implantate habt oder einfach neugierig seid.\r\n\r\nErst eine kurze Einführung und dann offene Gesprächsrunde. Wenn wir den space an den nächsten Vortrag abgeben müssen, und noch im Gespräch sind, können wir z.b. nach komona umziehen.\r\n\r\n[About me]\r\nIch bin Merlin, habe einige Magneten und RFID-Chips in meinem Körper implantiert, bastle an eigenen Chip-Implantaten und bin gespannt auf eure Erfahrungen und Ideen.","updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:00:00.000-0000","id":54005,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703866800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","updated":"2023-12-29T15:25:00.000-0000","begin":"2023-12-29T16:20:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In antiquity, scientists counted the 7 classical planets: the Moon, Mercury, Venus, the Sun, Mars, Jupiter and Saturn – but their model of the universe was wrong. Two thousand years later, a new model was introduced. It was less wrong, and it brought the number of planets down to 6: Mercury, Venus, Earth, Mars, Jupiter, Saturn. Since then, it's been a roller coaster ride of planet discoveries and dismissals.\r\n\r\nIn this talk, we stagger through the smoke and mirrors of scientific history. We meet old friends like Uranus and Neptune, forgotten lovers like Ceres, Psyche and Eros, fallen celebrities like Pluto, regicidal interlopers like Eris and Makemake as well as mysterious strangers like Vulcan, Planet X and Planet Nine.\r\n\r\nFind out how science has been tricked by its own vanity, been hampered by too little (or too much!) imagination, and how human drama can make a soap opera out of a question as simple as: How Many Planets in Our Solar System?\n\n\nThe Solar System has had 8 planets ever since Pluto was excluded in 2006. This has made a lot of people very angry and been widely regarded as a bad move. But did you know Neptune was discovered as the 12th planet? Or that, 80 years before Star Trek, astronomers seriously suspected a planet called Vulcan near the Sun? This talk will take you through centuries of struggling with the question: Do you even planet?!","title":"How Many Planets in Our Solar System? Glad You Asked!","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703870100,"nanoseconds":0},"android_description":"In antiquity, scientists counted the 7 classical planets: the Moon, Mercury, Venus, the Sun, Mars, Jupiter and Saturn – but their model of the universe was wrong. Two thousand years later, a new model was introduced. It was less wrong, and it brought the number of planets down to 6: Mercury, Venus, Earth, Mars, Jupiter, Saturn. Since then, it's been a roller coaster ride of planet discoveries and dismissals.\r\n\r\nIn this talk, we stagger through the smoke and mirrors of scientific history. We meet old friends like Uranus and Neptune, forgotten lovers like Ceres, Psyche and Eros, fallen celebrities like Pluto, regicidal interlopers like Eris and Makemake as well as mysterious strangers like Vulcan, Planet X and Planet Nine.\r\n\r\nFind out how science has been tricked by its own vanity, been hampered by too little (or too much!) imagination, and how human drama can make a soap opera out of a question as simple as: How Many Planets in Our Solar System?\n\n\nThe Solar System has had 8 planets ever since Pluto was excluded in 2006. This has made a lot of people very angry and been widely regarded as a bad move. But did you know Neptune was discovered as the 12th planet? Or that, 80 years before Star Trek, astronomers seriously suspected a planet called Vulcan near the Sun? This talk will take you through centuries of struggling with the question: Do you even planet?!","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53401],"conference_id":131,"event_ids":[53746],"name":"Michael Büker","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52258}],"timeband_id":1142,"links":[],"end":"2023-12-29T17:15:00.000-0000","id":53746,"begin_timestamp":{"seconds":1703866500,"nanoseconds":0},"tag_ids":[46123,46136,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52258}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","begin":"2023-12-29T16:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Containers appear to be ubiquitous to almost all software development these days. From \"Dev Containers\" to \"CI\" to \"Service Deployment\", they seem to be able to do everything.\r\n\r\nBut what exactly are they? We will do a short introduction to the underlying technology, but then mostly focus on the most commonly used frontend: Docker.\r\n\r\nYou will be provided with a little example project, to get your hands dirty on all the basics. How to run existing container images, how to create your own images, and most importantly what the possible use-cases for each of these steps are. The example project will provide plenty of opportunities to \"containerize\" its parts.\r\n\r\nFeel free to attend this alone or in small groups, but be sure to bring at least one laptop. Linux as an operating system is recommended, but I will try my best to get you started on macOS or Windows as well.\r\n\r\nSome software development background (of any kind) is recommended, so you can connect the newly gained knowledge with your personal experiences and potential use-cases. At the very least, you shouldn't be afraid to use a terminal and have set up a text editor or IDE of your choice.\n\n\nContainers appear to be ubiquitous to almost all software development these days. But what are they? After a short introduction on the technology we will get hands on with Docker to run existing container images, building our own, connect them to eachother and gently tap into all the powerful features they provide.","title":"Introductory Workshop to Containers!","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#7f73c6","name":"Workshop","id":46133},"end_timestamp":{"seconds":1703873100,"nanoseconds":0},"android_description":"Containers appear to be ubiquitous to almost all software development these days. From \"Dev Containers\" to \"CI\" to \"Service Deployment\", they seem to be able to do everything.\r\n\r\nBut what exactly are they? We will do a short introduction to the underlying technology, but then mostly focus on the most commonly used frontend: Docker.\r\n\r\nYou will be provided with a little example project, to get your hands dirty on all the basics. How to run existing container images, how to create your own images, and most importantly what the possible use-cases for each of these steps are. The example project will provide plenty of opportunities to \"containerize\" its parts.\r\n\r\nFeel free to attend this alone or in small groups, but be sure to bring at least one laptop. Linux as an operating system is recommended, but I will try my best to get you started on macOS or Windows as well.\r\n\r\nSome software development background (of any kind) is recommended, so you can connect the newly gained knowledge with your personal experiences and potential use-cases. At the very least, you shouldn't be afraid to use a terminal and have set up a text editor or IDE of your choice.\n\n\nContainers appear to be ubiquitous to almost all software development these days. But what are they? After a short introduction on the technology we will get hands on with Docker to run existing container images, building our own, connect them to eachother and gently tap into all the powerful features they provide.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53152,53473],"conference_id":131,"event_ids":[53808,53574],"name":"Drakulix","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52494}],"timeband_id":1142,"links":[],"end":"2023-12-29T18:05:00.000-0000","id":53808,"tag_ids":[46133,46140],"village_id":null,"begin_timestamp":{"seconds":1703865900,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52494}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"begin":"2023-12-29T16:05:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Ich nehme euch mit in einen Vortrag unter Wasser. Ich möchte euch erzählen warum die Ozeane für uns wichtig sind und warum und vor allem wie wir sie schützen können. Und natürlich alle eure Fragen rund ums Meer und Korallenriffe zu beantworten. Der interaktive Vortrag richtet sich an Kinder im Alter zwischen 8-12, aber es sind natürlich alle willkommen.\n\n\n","title":"Meere und warum sie für uns wichtig sind - Tag 3","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Ich nehme euch mit in einen Vortrag unter Wasser. Ich möchte euch erzählen warum die Ozeane für uns wichtig sind und warum und vor allem wie wir sie schützen können. Und natürlich alle eure Fragen rund ums Meer und Korallenriffe zu beantworten. Der interaktive Vortrag richtet sich an Kinder im Alter zwischen 8-12, aber es sind natürlich alle willkommen.","end_timestamp":{"seconds":1703869200,"nanoseconds":0},"updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:00:00.000-0000","id":54010,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703865600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Kidspace - Workshopraum in Saal B","hotel":"","short_name":"Kidspace - Workshopraum in Saal B","id":46143},"spans_timebands":"N","begin":"2023-12-29T16:00:00.000-0000","updated":"2023-12-30T01:42:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In diesem Podcast soll das Besondere am Congress-Mindset beschrieben werden und quasi als Berichterstattung für die Hörerschaft des Podcast Caller Lounge dienen. Die Caller Lounge ist der erste und bislang einzige deutschsprachige Square Dance Podcast. \r\n\r\nWas macht die Community auf dem Congress, im Sendegate und den Chaos-nahen Projekten aus? Was sind die Eigenschaften? Was und wer sind die Katalysatoren? Welches Mindset benötigt es? Gibt es Erfahrungswerte beim Anleiten anderer Gruppen oder organisieren anderer Veranstaltungen das erlebte Mindset auf andere Communities zu übertragen. Kann man ein Mindset schaffen?","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#93758d","name":"Podcasting table (45 minutes)","id":46128},"title":"Das Congress-Mindset","android_description":"In diesem Podcast soll das Besondere am Congress-Mindset beschrieben werden und quasi als Berichterstattung für die Hörerschaft des Podcast Caller Lounge dienen. Die Caller Lounge ist der erste und bislang einzige deutschsprachige Square Dance Podcast. \r\n\r\nWas macht die Community auf dem Congress, im Sendegate und den Chaos-nahen Projekten aus? Was sind die Eigenschaften? Was und wer sind die Katalysatoren? Welches Mindset benötigt es? Gibt es Erfahrungswerte beim Anleiten anderer Gruppen oder organisieren anderer Veranstaltungen das erlebte Mindset auf andere Communities zu übertragen. Kann man ein Mindset schaffen?","end_timestamp":{"seconds":1703868300,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:45:00.000-0000","id":53982,"begin_timestamp":{"seconds":1703865600,"nanoseconds":0},"tag_ids":[46128,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T16:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"What we will demonstrate at the workshop is how to overcome this limitation of the protocol. This extension, known as 'fast Modbus,' employs clever tricks to achieve guaranteed 50ms latency while remaining completely compatible and relatively easy to implement. Bonus point: we can now scan the RS-485 line for devices in just a couple of seconds.\r\n\r\nWe will discuss the underlying theory of operation and then try it in action. We will observe the data on the RS-485 bus and attempt to send some bytes manually to achieve the same results.\r\n\r\nThe hardware aspect is quite straightforward, and we will primarily focus on bytes, so don't be scary of it.\r\n\r\nConsider bringing your laptop.\n\n\nDespite being a relic from the 70s, Modbus is still widely used in home and building automation applications due to its simplicity and interoperability. It is also extremely cheap to implement in hardware, making it a common choice for most related DIY projects.\r\n\r\nUnfortunately, due to its client-server architecture, the central controller of an installation must resort to polling to retrieve data and events from end devices. For some devices, like motion detectors or simple wall switches, this results in a significant delay between user input and the corresponding action. In short, Modbus installations can be terribly slow.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Reinventing Modbus Protocol","end_timestamp":{"seconds":1703869200,"nanoseconds":0},"android_description":"What we will demonstrate at the workshop is how to overcome this limitation of the protocol. This extension, known as 'fast Modbus,' employs clever tricks to achieve guaranteed 50ms latency while remaining completely compatible and relatively easy to implement. Bonus point: we can now scan the RS-485 line for devices in just a couple of seconds.\r\n\r\nWe will discuss the underlying theory of operation and then try it in action. We will observe the data on the RS-485 bus and attempt to send some bytes manually to achieve the same results.\r\n\r\nThe hardware aspect is quite straightforward, and we will primarily focus on bytes, so don't be scary of it.\r\n\r\nConsider bringing your laptop.\n\n\nDespite being a relic from the 70s, Modbus is still widely used in home and building automation applications due to its simplicity and interoperability. It is also extremely cheap to implement in hardware, making it a common choice for most related DIY projects.\r\n\r\nUnfortunately, due to its client-server architecture, the central controller of an installation must resort to polling to retrieve data and events from end devices. For some devices, like motion detectors or simple wall switches, this results in a significant delay between user input and the corresponding action. In short, Modbus installations can be terribly slow.","updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:00:00.000-0000","id":53978,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703865600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"spans_timebands":"N","begin":"2023-12-29T16:00:00.000-0000","updated":"2023-12-29T15:25:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We will use two user-friendly GUI wallets: Liana & MyCitadel. \r\n\r\nFor the demo, I will use Bitcoin core full node in Regtest to be able to produce blocks quickly and simulate time passing. You can test on testnet, regtest, or mainnet. \r\n\r\nLedger, bitbox02 and Specter-DIY can be used with both wallets for most setups. I will also use a hot wallet generated on the computer running bitcoin-core.\r\n\r\n- 🌟 Learn about the practical use cases of Miniscript wallets.\r\n- 🛡 Understand the advantages they offer in terms of security and ease of use.\r\n- 💡 Discuss real-world applications and share experiences with fellow users.\r\n\r\nIf you want to test the setup, please install the following software on your computer:\r\n\r\n- https://bitcoin.org/en/download No need to sync the node if you plan as me to do the setup on regtest\r\n- https://github.com/wizardsardine/liana/releases/\r\n- https://github.com/mycitadel/mycitadel-desktop/releases/\r\n\r\n- you can use https://github.com/cryptoadvance/specter-diy HWW or simulator to interact with Liana wallet.\n\n\nDiscover how a miniscript can revolutionize your Bitcoin self-custody experience.\r\nThe workshop can be followed as a presentation, but you are welcome to take your computer and to setup the wallets and test everything by yourself. Requirements are listed below.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Miniscript Workshop - Explore the Next Level of Bitcoin Wallet Security","end_timestamp":{"seconds":1703871000,"nanoseconds":0},"android_description":"We will use two user-friendly GUI wallets: Liana & MyCitadel. \r\n\r\nFor the demo, I will use Bitcoin core full node in Regtest to be able to produce blocks quickly and simulate time passing. You can test on testnet, regtest, or mainnet. \r\n\r\nLedger, bitbox02 and Specter-DIY can be used with both wallets for most setups. I will also use a hot wallet generated on the computer running bitcoin-core.\r\n\r\n- 🌟 Learn about the practical use cases of Miniscript wallets.\r\n- 🛡 Understand the advantages they offer in terms of security and ease of use.\r\n- 💡 Discuss real-world applications and share experiences with fellow users.\r\n\r\nIf you want to test the setup, please install the following software on your computer:\r\n\r\n- https://bitcoin.org/en/download No need to sync the node if you plan as me to do the setup on regtest\r\n- https://github.com/wizardsardine/liana/releases/\r\n- https://github.com/mycitadel/mycitadel-desktop/releases/\r\n\r\n- you can use https://github.com/cryptoadvance/specter-diy HWW or simulator to interact with Liana wallet.\n\n\nDiscover how a miniscript can revolutionize your Bitcoin self-custody experience.\r\nThe workshop can be followed as a presentation, but you are welcome to take your computer and to setup the wallets and test everything by yourself. Requirements are listed below.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:30:00.000-0000","id":53974,"begin_timestamp":{"seconds":1703865600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T16:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This performance will feature music played through a custom software filter designed to simulate the acoustic properties of the atmosphere of Mars based upon data gathered by the Mars Perseverence Rover.\r\nhttps://soundcloud.com/ptelepathetique\n\n\nPtelepathetique is an electronic music project of Scott Beibin focusing on experiments with psychoacoustics.","title":"Ptelepathetique - live concert","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703869200,"nanoseconds":0},"android_description":"This performance will feature music played through a custom software filter designed to simulate the acoustic properties of the atmosphere of Mars based upon data gathered by the Mars Perseverence Rover.\r\nhttps://soundcloud.com/ptelepathetique\n\n\nPtelepathetique is an electronic music project of Scott Beibin focusing on experiments with psychoacoustics.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:00:00.000-0000","id":53887,"begin_timestamp":{"seconds":1703865600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"begin":"2023-12-29T16:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Mit der neuen Amateurfunk-Verordnung wird im Juni 2024 eine neue Amateurfunk-Klasse N eingeführt, die einen ersten eigenen Betrieb im Amateurfunk ermöglicht. Mit dem neuen Fragenkatalog sind nun die Inhalte für die Prüfung bekannt.\r\n\r\nWir zeigen, welche Möglichkeiten die Amateurfunk-Klasse N bietet und welches Wissen für die Prüfung erforderlich ist. Dazu wird Lernmaterial vorgestellt.\n\n\nEin Überblick, was die neue Amateurfunk-Klasse N bietet.","title":"Einführung in die neue Amateurfunkprüfung für Einsteiger","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"Mit der neuen Amateurfunk-Verordnung wird im Juni 2024 eine neue Amateurfunk-Klasse N eingeführt, die einen ersten eigenen Betrieb im Amateurfunk ermöglicht. Mit dem neuen Fragenkatalog sind nun die Inhalte für die Prüfung bekannt.\r\n\r\nWir zeigen, welche Möglichkeiten die Amateurfunk-Klasse N bietet und welches Wissen für die Prüfung erforderlich ist. Dazu wird Lernmaterial vorgestellt.\n\n\nEin Überblick, was die neue Amateurfunk-Klasse N bietet.","end_timestamp":{"seconds":1703866800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:20:00.000-0000","id":53796,"village_id":null,"begin_timestamp":{"seconds":1703865600,"nanoseconds":0},"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chaoswelle","hotel":"","short_name":"Chaoswelle","id":46141},"begin":"2023-12-29T16:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"> Come over if you're interested in p2panda! This open and informal meeting is for everyone who wants to say Hello, learn more about the project or has questions.\r\n\r\nPad: [https://laub.liebechaos.org/M1JpbTucQrWSt8UlkYwlcQ](https://laub.liebechaos.org/M1JpbTucQrWSt8UlkYwlcQ)\r\n\r\np2panda ([https://p2panda.org](https://p2panda.org)) is a peer-to-peer protocol and SDK for secure and privacy-respecting offline-first applications. It can be used in both fully distributed or federated networks and focuses on use-cases where peers can collaborate and exchange data, even when they're sometimes not connected to the internet.\r\n\r\nThings p2panda is interested in:\r\n\r\n🦝 Browser and Mobile Friendliness\r\n\r\nLightweight clients that can easily be implemented as websites or apps\r\n\r\n🐢 Capabilities\r\n\r\nFine-grained permissions and roles for users, control who can read, sync, change or delete your data\r\n\r\n🐎 Collaboration\r\n\r\nData can be edited together, even when you are offline\r\n\r\n🐮 Data Sovereignty\r\n\r\nUsers own the data they create\r\n\r\n🐄 Decentralisation\r\n\r\nNo authority over data or how it is displayed\r\n\r\n🦣 Deletion\r\n\r\nRemove data from the network. Most data does not need to stay forever, it can even delete itself automatically after some time\r\n\r\n🐰Energy Efficiency\r\n\r\nData- and energy-efficient storage and replication\r\n\r\n🐨 Privacy\r\n\r\nShare meta data and data only with people and devices you really trust\r\n\r\n🐼 Offline-First\r\n\r\nAccess to online services without reliable and performant internet infrastructure. Independence from the corporate cloud\r\n\r\n🦉 Encryption\r\n\r\nSecure symmetrical and double-ratchet (MLS) encryption for sensitive and private data for users and all sorts of groups\r\n\r\n🐧 Developer friendly\r\n\r\nComputers are used by humans\r\n\r\n🐸 Warmth\r\n\r\nComputers make it easy to get carried away by their rigidly structured ways. However, every computer also contains an undeniable spark of pure chaos. We want to capture that spark to ignite a campfire for you to gather around and get cosy\n\n\np2panda is an offline-first p2p protocol and SDK. This is an informal meeting for everyone who's interested and has questions!","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"p2panda - offline-first meetup","end_timestamp":{"seconds":1703869200,"nanoseconds":0},"android_description":"> Come over if you're interested in p2panda! This open and informal meeting is for everyone who wants to say Hello, learn more about the project or has questions.\r\n\r\nPad: [https://laub.liebechaos.org/M1JpbTucQrWSt8UlkYwlcQ](https://laub.liebechaos.org/M1JpbTucQrWSt8UlkYwlcQ)\r\n\r\np2panda ([https://p2panda.org](https://p2panda.org)) is a peer-to-peer protocol and SDK for secure and privacy-respecting offline-first applications. It can be used in both fully distributed or federated networks and focuses on use-cases where peers can collaborate and exchange data, even when they're sometimes not connected to the internet.\r\n\r\nThings p2panda is interested in:\r\n\r\n🦝 Browser and Mobile Friendliness\r\n\r\nLightweight clients that can easily be implemented as websites or apps\r\n\r\n🐢 Capabilities\r\n\r\nFine-grained permissions and roles for users, control who can read, sync, change or delete your data\r\n\r\n🐎 Collaboration\r\n\r\nData can be edited together, even when you are offline\r\n\r\n🐮 Data Sovereignty\r\n\r\nUsers own the data they create\r\n\r\n🐄 Decentralisation\r\n\r\nNo authority over data or how it is displayed\r\n\r\n🦣 Deletion\r\n\r\nRemove data from the network. Most data does not need to stay forever, it can even delete itself automatically after some time\r\n\r\n🐰Energy Efficiency\r\n\r\nData- and energy-efficient storage and replication\r\n\r\n🐨 Privacy\r\n\r\nShare meta data and data only with people and devices you really trust\r\n\r\n🐼 Offline-First\r\n\r\nAccess to online services without reliable and performant internet infrastructure. Independence from the corporate cloud\r\n\r\n🦉 Encryption\r\n\r\nSecure symmetrical and double-ratchet (MLS) encryption for sensitive and private data for users and all sorts of groups\r\n\r\n🐧 Developer friendly\r\n\r\nComputers are used by humans\r\n\r\n🐸 Warmth\r\n\r\nComputers make it easy to get carried away by their rigidly structured ways. However, every computer also contains an undeniable spark of pure chaos. We want to capture that spark to ignite a campfire for you to gather around and get cosy\n\n\np2panda is an offline-first p2p protocol and SDK. This is an informal meeting for everyone who's interested and has questions!","updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:00:00.000-0000","id":53793,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703865600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"House","hotel":"","short_name":"House","id":46137},"spans_timebands":"N","begin":"2023-12-29T16:00:00.000-0000","updated":"2023-12-29T15:25:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Can organisations with limited resources be digitally sovereign and still provide modern services? It is not trivial, but the FSFE proves it's possible. In this workshop we want to share our story and hear from you how you are running your NGO on FreeSoftware.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Running a NGO on FreeSoftware","android_description":"Can organisations with limited resources be digitally sovereign and still provide modern services? It is not trivial, but the FSFE proves it's possible. In this workshop we want to share our story and hear from you how you are running your NGO on FreeSoftware.","end_timestamp":{"seconds":1703869200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:00:00.000-0000","id":53786,"begin_timestamp":{"seconds":1703865600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T16:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We will present the hard- and software components used for building the 37c3 mobile netwok(s), how we connect to eventphone and the world and how we got permissions and frequencies. Hopefully there will be a lot of time for all of your questions regarding technology and other topics, which we try our best to answer.\r\nWe are looking forward to see you.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"c3gsm Ask-Us-Anything","android_description":"We will present the hard- and software components used for building the 37c3 mobile netwok(s), how we connect to eventphone and the world and how we got permissions and frequencies. Hopefully there will be a lot of time for all of your questions regarding technology and other topics, which we try our best to answer.\r\nWe are looking forward to see you.","end_timestamp":{"seconds":1703869200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:00:00.000-0000","id":53771,"begin_timestamp":{"seconds":1703865600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T16:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"**Wir sind beim Aufzug ganz in der Nähe von Stage Y.**\r\n\r\n🧮\n\n\nWorkshop zu Versammlungsrecht und wie man Verwaltungsklagen selbst macht (ohne anwältliche Unterstützung)","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Verklag die Stadt! Wie du mit Versammlungsrecht auf einer Autobahn legal protestieren oder ein gemütliches Straßenfest auf einer Hauptverkehrsstraße durchführen kannst","end_timestamp":{"seconds":1703868600,"nanoseconds":0},"android_description":"**Wir sind beim Aufzug ganz in der Nähe von Stage Y.**\r\n\r\n🧮\n\n\nWorkshop zu Versammlungsrecht und wie man Verwaltungsklagen selbst macht (ohne anwältliche Unterstützung)","updated_timestamp":{"seconds":1703817540,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:50:00.000-0000","id":53503,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703865600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"begin":"2023-12-29T16:00:00.000-0000","updated":"2023-12-29T02:39:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Despite our best efforts of finding the perfect regimen of diet, exercise and medication to keep any person fit and healthy, outcomes for different people vary widely for all of these measures, even when we comply with them fully. Some of this traces to our individual genetics, which remains difficult to change, but another source of variation in responses may come from differences between our gut microbiomes.\r\n\r\nHuman bodies are not sterile, and our skin, our mucosal surfaces and, in particular, our intestines are home to many more bacteria than there are human cells in our bodies, representing hundreds of different species in each person. These microbial ecosystems, or microbiomes, are found in all animals and have coevolved with their hosts. Therefore we rely on commensal (\"friendly\") bacteria for many functions, including breaking down nutrients, converting some medications into their active forms, producing certain crucial compounds for us from our diet, and helping our immune systems mature and remain tuned. The microbiota also contains temporary visitors and both transient and resident opportunistic pathogens, often kept in check by the immune system and by the commensals, but sometimes escaping such control to multiply and cause disease. Human gut microbiomes begin establishing at birth and evolve over a lifetime, but remain quite stable within each person throughout adulthood unless something serious like repeated antibiotic cures disrupt them. However, they can differ quite substantially between individuals as well as between populations, reflecting factors such as nutrition and environmental exposures.\r\n\r\nIt has been proposed, and to a degree already demonstrated, that differences between individuals in which gut bacteria they harbour may underlie differences in their susceptibility to disease, their resilience to stressors, and their responses to environmental stimuli. Thus the variation in responses to the same lifestyle between different people may reflect their gut microbiomes. This would open up several venues of personalized medicine, lifestyle advice and nutrition. Choice of medications, diets or interventions could be selected according to a person's specific microbiome to be most effective. It might also be possible to potentiate such interventions by altering the gut microbiome in different ways, such as through antibiotics, probiotics, nutrition or through microbiome transplantation from another person. Alternately put, by adapting the microbiome to a lifestyle intervention, and/or adapting a lifestyle intervention to the microbiome, we may be able to optimize how a given person can seek and achieve fitness and health.\r\n\r\nIn this talk, I will outline what we know on these topics so far, especially from studies using large-scale microbial (meta-)genome DNA sequencing. In this talk I will draw on work by my own lab at the Charité in Berlin, as well as that of our colleagues, rivals and collaborators elsewhere in the world. I will give examples of known gut microbial modulation of human responses to the external environment and introduce the most common strategies both for researching such effects and for their leverage as health-promoting tools. Where there are limits to our knowledge or obstacles to its practical application, I will identify those obstacles and suggest ways to overcome them.\n\n\nWhy do some people stay fit and healthy easier than others, even when following the same health advice? Why does the same medication work well in one person, but not in another? Some of our individuality in these regards may trace to which bacteria we carry in the soil of our intestinal gardens. In this talk, drawing on work by my own research lab at the Charité and on that by our collaborators and rivals elsewhere in the world, I outline what we know, what we speculate, and what obstacles remain in the way of widespread adoption of personalized health prevention through microbiome sequencing.","title":"Gut feelings: Can we optimize lifestyle, diet and medication according to our respective microbiota?","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"Despite our best efforts of finding the perfect regimen of diet, exercise and medication to keep any person fit and healthy, outcomes for different people vary widely for all of these measures, even when we comply with them fully. Some of this traces to our individual genetics, which remains difficult to change, but another source of variation in responses may come from differences between our gut microbiomes.\r\n\r\nHuman bodies are not sterile, and our skin, our mucosal surfaces and, in particular, our intestines are home to many more bacteria than there are human cells in our bodies, representing hundreds of different species in each person. These microbial ecosystems, or microbiomes, are found in all animals and have coevolved with their hosts. Therefore we rely on commensal (\"friendly\") bacteria for many functions, including breaking down nutrients, converting some medications into their active forms, producing certain crucial compounds for us from our diet, and helping our immune systems mature and remain tuned. The microbiota also contains temporary visitors and both transient and resident opportunistic pathogens, often kept in check by the immune system and by the commensals, but sometimes escaping such control to multiply and cause disease. Human gut microbiomes begin establishing at birth and evolve over a lifetime, but remain quite stable within each person throughout adulthood unless something serious like repeated antibiotic cures disrupt them. However, they can differ quite substantially between individuals as well as between populations, reflecting factors such as nutrition and environmental exposures.\r\n\r\nIt has been proposed, and to a degree already demonstrated, that differences between individuals in which gut bacteria they harbour may underlie differences in their susceptibility to disease, their resilience to stressors, and their responses to environmental stimuli. Thus the variation in responses to the same lifestyle between different people may reflect their gut microbiomes. This would open up several venues of personalized medicine, lifestyle advice and nutrition. Choice of medications, diets or interventions could be selected according to a person's specific microbiome to be most effective. It might also be possible to potentiate such interventions by altering the gut microbiome in different ways, such as through antibiotics, probiotics, nutrition or through microbiome transplantation from another person. Alternately put, by adapting the microbiome to a lifestyle intervention, and/or adapting a lifestyle intervention to the microbiome, we may be able to optimize how a given person can seek and achieve fitness and health.\r\n\r\nIn this talk, I will outline what we know on these topics so far, especially from studies using large-scale microbial (meta-)genome DNA sequencing. In this talk I will draw on work by my own lab at the Charité in Berlin, as well as that of our colleagues, rivals and collaborators elsewhere in the world. I will give examples of known gut microbial modulation of human responses to the external environment and introduce the most common strategies both for researching such effects and for their leverage as health-promoting tools. Where there are limits to our knowledge or obstacles to its practical application, I will identify those obstacles and suggest ways to overcome them.\n\n\nWhy do some people stay fit and healthy easier than others, even when following the same health advice? Why does the same medication work well in one person, but not in another? Some of our individuality in these regards may trace to which bacteria we carry in the soil of our intestinal gardens. In this talk, drawing on work by my own research lab at the Charité and on that by our collaborators and rivals elsewhere in the world, I outline what we know, what we speculate, and what obstacles remain in the way of widespread adoption of personalized health prevention through microbiome sequencing.","end_timestamp":{"seconds":1703866800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53408],"conference_id":131,"event_ids":[53753],"name":"Sofia Kirke Forslund-Startceva","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52373}],"timeband_id":1142,"end":"2023-12-29T16:20:00.000-0000","links":[{"label":"Host-Microbiome Systems Medicine Lab webpage","type":"link","url":"https://www.mdc-berlin.de/forslund"}],"id":53753,"begin_timestamp":{"seconds":1703864400,"nanoseconds":0},"tag_ids":[46123,46136,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52373}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"begin":"2023-12-29T15:40:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"","title":"Lina & Paul Gregor","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"","end_timestamp":{"seconds":1703872800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T18:00:00.000-0000","id":53963,"begin_timestamp":{"seconds":1703863800,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"begin":"2023-12-29T15:30:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"3 years after uprising in Belarus - political situation and repressions in the country In August 2020 belarusian people rose against dictatorship of Alexander Lukashenko hopping to overthrow a regime, existing in Belarus since 1994. Several months of protests ended up in mass wave of repressions and political migration from the country. With thousands of political prisoners out of which at least 30 are anarchists, Belarus is the country with one of the highest levels of repressions in Europe this days.\r\n\r\nCouple of years later Vladimir Putin started full scale invasion of Ukraine with support of belarusian regime. This created even more problems for the rest of resistance against dictatorship in Belarus.\r\n\r\nDuring this talk member of ABC-Belarus will present the current political situation inside the country and in diaspora organized in Poland/Lithuania. What are the perspectives of the people trying to overthrow dictatorship and what is the role of anarchists in the whole story?\r\n\r\nThe talk will be around 90 minutes with space for questions and a discussion.\n\n\n","title":"3 years after uprising in Belarus - political situation and repressions in the coutry","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703869200,"nanoseconds":0},"android_description":"3 years after uprising in Belarus - political situation and repressions in the country In August 2020 belarusian people rose against dictatorship of Alexander Lukashenko hopping to overthrow a regime, existing in Belarus since 1994. Several months of protests ended up in mass wave of repressions and political migration from the country. With thousands of political prisoners out of which at least 30 are anarchists, Belarus is the country with one of the highest levels of repressions in Europe this days.\r\n\r\nCouple of years later Vladimir Putin started full scale invasion of Ukraine with support of belarusian regime. This created even more problems for the rest of resistance against dictatorship in Belarus.\r\n\r\nDuring this talk member of ABC-Belarus will present the current political situation inside the country and in diaspora organized in Poland/Lithuania. What are the perspectives of the people trying to overthrow dictatorship and what is the role of anarchists in the whole story?\r\n\r\nThe talk will be around 90 minutes with space for questions and a discussion.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:00:00.000-0000","id":53780,"begin_timestamp":{"seconds":1703863800,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T15:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Über die letzten vier Jahre sind in der Nautosphäre um den Chaos Computer Club, Deutschland, Europa und der Welt aufregende, irritierende, bemerkenswerte und empörenswerte Dinge passiert, bei deren Einordnung wir gerne helfend zur Seite stehen wollen.\r\n\r\nVon Berichten aus den Erfahrungsaustauschkreisen über die digitalen Hausbesuche bei den Luca-Apps dieser Welt, von kleinen und riesengroßen Hacker-Veranstaltungen zu den inzwischen schöne Tradition gewordenen Gutachten für unser Verfassungsgericht wollen wir in vielen kleinen Wortmeldung ein rundes Bild zu den Entwicklungen der letzten vier Jahre und einen Ausblick auf das Jahr 2024 geben.","title":"Vierjahresrückblick des CCC","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703871000,"nanoseconds":0},"android_description":"Über die letzten vier Jahre sind in der Nautosphäre um den Chaos Computer Club, Deutschland, Europa und der Welt aufregende, irritierende, bemerkenswerte und empörenswerte Dinge passiert, bei deren Einordnung wir gerne helfend zur Seite stehen wollen.\r\n\r\nVon Berichten aus den Erfahrungsaustauschkreisen über die digitalen Hausbesuche bei den Luca-Apps dieser Welt, von kleinen und riesengroßen Hacker-Veranstaltungen zu den inzwischen schöne Tradition gewordenen Gutachten für unser Verfassungsgericht wollen wir in vielen kleinen Wortmeldung ein rundes Bild zu den Entwicklungen der letzten vier Jahre und einen Ausblick auf das Jahr 2024 geben.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53287,53390,53397],"conference_id":131,"event_ids":[53737,53743,53652],"name":"Anna Biselli","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52420},{"content_ids":[53390],"conference_id":131,"event_ids":[53737],"name":"Henning","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52440}],"timeband_id":1142,"links":[],"end":"2023-12-29T17:30:00.000-0000","id":53737,"tag_ids":[46119,46136,46139],"village_id":null,"begin_timestamp":{"seconds":1703863800,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52420},{"tag_id":46107,"sort_order":1,"person_id":52440}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T15:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Neural Cellular Automata is a differentiable self-organising system composed of a set of individual agents, each executing a local rule to achieve a global objective. Every agent recurrently operates under the same rule, enabling cells to acquire distributed, local algorithms with minimal parameters. This system demonstrates exceptional versatility in solving various tasks, encompassing feedback control and generative modeling.\r\n\r\nThe presentation will include a diverse array of live demos, showcasing the practical applications and capabilities of NCA.\r\n\r\npaper link: https://distill.pub/selforg/2021/textures/\n\n\n","title":"neural cellular automata","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703866800,"nanoseconds":0},"android_description":"Neural Cellular Automata is a differentiable self-organising system composed of a set of individual agents, each executing a local rule to achieve a global objective. Every agent recurrently operates under the same rule, enabling cells to acquire distributed, local algorithms with minimal parameters. This system demonstrates exceptional versatility in solving various tasks, encompassing feedback control and generative modeling.\r\n\r\nThe presentation will include a diverse array of live demos, showcasing the practical applications and capabilities of NCA.\r\n\r\npaper link: https://distill.pub/selforg/2021/textures/","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:20:00.000-0000","id":53951,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703863200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T15:20:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Egal ob Trampen, geplante Privatinsolvenz um Geldstrafen aus Braunkohleprotest zu umgehen, containern oder so tun als würde man 1Mio. € anlegen wollen, nur um kostenlos Tee und Kekse in Frankfurter Banktürmen abstauben, wenn der Anschlusszug mal wieder zu spät ist.\r\nIch hab ne lange Liste an lustigen, geprüften und brauchbaren Tricks aus meinem Vagabundleben und linken aktivistischen Kreisen. Freu mich aber auch über neue Inspirationen und Optimierungen. \r\n!! Findet im Gang hinter der Assembly des Openlab Augsburg statt !!\r\n\r\n🧮\n\n\nFindet im Gang hinter der Assembly des Openlab Augsburg statt","title":"Legale und andere Tricks ohne Geld durch die Welt zu kommen","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703865600,"nanoseconds":0},"android_description":"Egal ob Trampen, geplante Privatinsolvenz um Geldstrafen aus Braunkohleprotest zu umgehen, containern oder so tun als würde man 1Mio. € anlegen wollen, nur um kostenlos Tee und Kekse in Frankfurter Banktürmen abstauben, wenn der Anschlusszug mal wieder zu spät ist.\r\nIch hab ne lange Liste an lustigen, geprüften und brauchbaren Tricks aus meinem Vagabundleben und linken aktivistischen Kreisen. Freu mich aber auch über neue Inspirationen und Optimierungen. \r\n!! Findet im Gang hinter der Assembly des Openlab Augsburg statt !!\r\n\r\n🧮\n\n\nFindet im Gang hinter der Assembly des Openlab Augsburg statt","updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:00:00.000-0000","id":54001,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703862000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Corridor outside Hall 3 near Openlab Augsburg","hotel":"","short_name":"Corridor outside Hall 3 near Openlab Augsburg","id":46170},"spans_timebands":"N","begin":"2023-12-29T15:00:00.000-0000","updated":"2023-12-29T15:25:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Reading data from the blockchain can be a PITA when you have to juggle with RPC calls, dependent requests and computation. I'll present the common patterns to get on-chain data to the client and even do some read computation in EVM!\r\n\r\nhttps://tome.app/fairy-09b/escaping-the-multicall-of-madness-how-to-read-and-compute-evm-data-with-style-cli0mhdkm1xna45407wkkf5jr\n\n\nReading data from the blockchain can be a PITA when you have to juggle with RPC calls, dependent requests and computation. I'll present the common patterns to get on-chain data to the client and even do some read computation in EVM!","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Escaping the Multicall of Madness (how to read data from EVM blockchains in style)","android_description":"Reading data from the blockchain can be a PITA when you have to juggle with RPC calls, dependent requests and computation. I'll present the common patterns to get on-chain data to the client and even do some read computation in EVM!\r\n\r\nhttps://tome.app/fairy-09b/escaping-the-multicall-of-madness-how-to-read-and-compute-evm-data-with-style-cli0mhdkm1xna45407wkkf5jr\n\n\nReading data from the blockchain can be a PITA when you have to juggle with RPC calls, dependent requests and computation. I'll present the common patterns to get on-chain data to the client and even do some read computation in EVM!","end_timestamp":{"seconds":1703865600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:00:00.000-0000","id":53977,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703862000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Presentation in German about a software to track attendance of students in schools. The project was implemented with a grant from Prototype Funds.\n\n\nVorstellung der Finanzierung und Umsetzung des Projekts BinDa zur Anwesenheitserfassung von Schüler:innen an reformpädagogisch-orientierten Schulen","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"BinDa - Anwesenheitserfassung für Schüler:innen / Umsetzung eines Projektes im Rahmen des Prototype Funds","android_description":"Presentation in German about a software to track attendance of students in schools. The project was implemented with a grant from Prototype Funds.\n\n\nVorstellung der Finanzierung und Umsetzung des Projekts BinDa zur Anwesenheitserfassung von Schüler:innen an reformpädagogisch-orientierten Schulen","end_timestamp":{"seconds":1703865600,"nanoseconds":0},"updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:00:00.000-0000","id":53891,"village_id":null,"begin_timestamp":{"seconds":1703862000,"nanoseconds":0},"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"cyber4EDU Assembly","hotel":"","short_name":"cyber4EDU Assembly","id":46159},"spans_timebands":"N","begin":"2023-12-29T15:00:00.000-0000","updated":"2023-12-29T15:25:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Dear children, this is your time to shine! On the 3rd Congress day, we will open a stage just for you in the Kidspace workshop room. Share your exciting projects, ingenious inventions or creative stories in our Kids’ Lightning Talks. 🚀\r\n\r\n🌈 Bring your models, drawings or just your amazing thoughts. Whether it’s a self-built robot car, a fantastic drawing story or a clever app idea - we want to see what inspires you!\r\n\r\n👉 Registration: Come to Kidspace and register with the organizers. Show what you can do in a short talk and share your passion with other young explorers!\n\n\nLiebe Kinder, das ist eure Zeit zu glänzen! Am 3. Congress-Tag öffnen wir im Workshopraum des Kidspace eine Bühne nur für euch. Teilt eure spannenden Projekte, genialen Erfindungen oder kreativen Geschichten in unseren Kinder-Lightning Talks.","title":"Lightning Talks - Kids Edition","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Dear children, this is your time to shine! On the 3rd Congress day, we will open a stage just for you in the Kidspace workshop room. Share your exciting projects, ingenious inventions or creative stories in our Kids’ Lightning Talks. 🚀\r\n\r\n🌈 Bring your models, drawings or just your amazing thoughts. Whether it’s a self-built robot car, a fantastic drawing story or a clever app idea - we want to see what inspires you!\r\n\r\n👉 Registration: Come to Kidspace and register with the organizers. Show what you can do in a short talk and share your passion with other young explorers!\n\n\nLiebe Kinder, das ist eure Zeit zu glänzen! Am 3. Congress-Tag öffnen wir im Workshopraum des Kidspace eine Bühne nur für euch. Teilt eure spannenden Projekte, genialen Erfindungen oder kreativen Geschichten in unseren Kinder-Lightning Talks.","end_timestamp":{"seconds":1703865600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:00:00.000-0000","id":53802,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703862000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Kidspace - Workshopraum in Saal B","hotel":"","short_name":"Kidspace - Workshopraum in Saal B","id":46143},"begin":"2023-12-29T15:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"I recently did a coding bootcamp and am soon starting my first job as a junior software engineer. Before that, I moved through the space of tech-interested people as a philosopher of technology and I am happy to share thoughts about my experience and answer questions in case someone is interested about coding bootcamps for themselves or their loved ones :)\n\n\n","title":"AMA: I did a Coding Bootcamp","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"I recently did a coding bootcamp and am soon starting my first job as a junior software engineer. Before that, I moved through the space of tech-interested people as a philosopher of technology and I am happy to share thoughts about my experience and answer questions in case someone is interested about coding bootcamps for themselves or their loved ones :)","end_timestamp":{"seconds":1703863800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T15:30:00.000-0000","id":53779,"begin_timestamp":{"seconds":1703862000,"nanoseconds":0},"tag_ids":[46137,46139,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This will be a great opportunity for members of the community to meet each other and socialise, as well as an opportunity for anyone interested in Tor to come and meet each other and become part of the Tor community.\r\n\r\nThere will be a talk by Q Misell on progress with ACME for Onion Services.\r\n\r\nLocation: TBC\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Tor Meetup","end_timestamp":{"seconds":1703869200,"nanoseconds":0},"android_description":"This will be a great opportunity for members of the community to meet each other and socialise, as well as an opportunity for anyone interested in Tor to come and meet each other and become part of the Tor community.\r\n\r\nThere will be a talk by Q Misell on progress with ACME for Onion Services.\r\n\r\nLocation: TBC","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T17:00:00.000-0000","id":53761,"begin_timestamp":{"seconds":1703862000,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"begin":"2023-12-29T15:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Eine neue Episode des Fliegerpodcasts \"Comeflywithus\": Olli und Steffen sprechen auf dem 37c3 über das Thema \"GPS Spoofing - Wenn das Flugzeug-Navi eine plötzliche Abzweigung nimmt\".","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#93758d","name":"Podcasting table (45 minutes)","id":46128},"title":"Comeflywithus Podcast - live @congress","android_description":"Eine neue Episode des Fliegerpodcasts \"Comeflywithus\": Olli und Steffen sprechen auf dem 37c3 über das Thema \"GPS Spoofing - Wenn das Flugzeug-Navi eine plötzliche Abzweigung nimmt\".","end_timestamp":{"seconds":1703864700,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53114],"conference_id":131,"event_ids":[53537],"name":"Olli und Steffen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52313}],"timeband_id":1142,"links":[],"end":"2023-12-29T15:45:00.000-0000","id":53537,"village_id":null,"tag_ids":[46128,46139],"begin_timestamp":{"seconds":1703862000,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52313}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"begin":"2023-12-29T15:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: 3rik\r\n\r\nDies ist unser offenes Open Source Gärtner:innen Treffen. Nach einem kurzen Input gibt es Raum für Feedback, was gefällt euch an den Open Source Gardens, was könnte besser sein, wo wollen wir hin, was können wir gemeinsam erreichen etc?\r\n\r\nAußerdem gibt es Raum für eure persönlichen Garden Hacks sowie über Open Source Software und Hardware die jede/r im Garten kennen (lernen) sollte, über (lokale) Gemeinschaften und Initiativen und alles was sonst noch dazu gehört zum zusammen pflanzen und gemeinsam wachsen.\r\n\r\nsiehe auch https://write.as/opensourcegardens/cfp-garden-hacks-and-technology-snacks-lightning-talks\n\n\nDies ist unser offenes Open Source Gärtner:innen Treffen. Nach einem kurzen Input gibt es Raum für Feedback, was gefällt euch an den Open Source Gardens, was könnte besser sein, wo wollen wir hin, was können wir gemeinsam erreichen etc?","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Garden Hacks (Open Source Gärtner:innen-Treffen)","end_timestamp":{"seconds":1703865600,"nanoseconds":0},"android_description":"Host: 3rik\r\n\r\nDies ist unser offenes Open Source Gärtner:innen Treffen. Nach einem kurzen Input gibt es Raum für Feedback, was gefällt euch an den Open Source Gardens, was könnte besser sein, wo wollen wir hin, was können wir gemeinsam erreichen etc?\r\n\r\nAußerdem gibt es Raum für eure persönlichen Garden Hacks sowie über Open Source Software und Hardware die jede/r im Garten kennen (lernen) sollte, über (lokale) Gemeinschaften und Initiativen und alles was sonst noch dazu gehört zum zusammen pflanzen und gemeinsam wachsen.\r\n\r\nsiehe auch https://write.as/opensourcegardens/cfp-garden-hacks-and-technology-snacks-lightning-talks\n\n\nDies ist unser offenes Open Source Gärtner:innen Treffen. Nach einem kurzen Input gibt es Raum für Feedback, was gefällt euch an den Open Source Gardens, was könnte besser sein, wo wollen wir hin, was können wir gemeinsam erreichen etc?","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:00:00.000-0000","id":53500,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703862000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","begin":"2023-12-29T15:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Gamma-ray bursts are the biggest explosions in our Universe since the Big Bang: In just a few seconds, they release as much energy as the Sun will radiate over its entire lifetime. Even though they occur in far-away galaxies, their emission dominates the high-energy astrophysical sky during their seconds-long duration. They come from the cataclysmic deaths of very massive stars or the mergers of two compact objects such as neutron stars and black holes. In both cases the energy is concentrated in an astrophysical jet moving at approximately the speed of light. \r\nIn October 2022, a once-in-a-lifetime gamma-ray burst smashed records and was dubbed the ‘Brightest of All Time,’ or the BOAT. In fact, it was so bright that it oversaturated the most sensitive gamma-ray burst monitors, posing a challenge for data reconstruction and analysis. But why was it so bright? And how long do we have to wait until the next one? \r\n\r\nUsing the BOAT as an example, we will give an introduction about the fascinating phenomena called gamma-ray bursts. From their accidental discovery during the Cold War to our still surprisingly limited understanding of their nature. The talk will revisit the state-of-the-art of theoretical modelling/interpretations (how are jets launched? what produces the gamma rays?), as well as current detector techniques (how do we catch a gamma-ray photon on Earth or in space?). Naturally, we will also discuss what we really learn from prominent, outstanding events such as the BOAT -- and the questions that still give scientists headaches.\r\n\\*\\*\\*\\* Literature References/Further Reading \\*\\*\\*\\*\r\n\r\n[R1] Vela 4 satellites https://nssdc.gsfc.nasa.gov/nmc/spacecraft/display.action?id=1967-040A​\r\n[R2] First GRB publication Klebesadel et al 1973 https://articles.adsabs.harvard.edu/pdf/1973ApJ...182L..85​\r\n[R3] Statistical test of isotropy on BATSE sample https://arxiv.org/abs/astro-ph/9509078 ​\r\n[R4] First afterglow https://ui.adsabs.harvard.edu/abs/1997Natur.387..783C/abstract ​\r\n[R5] First redshift measurement https://www.nature.com/articles/43132 ​\r\n[R6] Gravitational waves NS-NS GW170817 and short GRB 170817A https://iopscience.iop.org/article/10.3847/2041-8213/aa920c/meta ​\r\n[R7] Possible evolutions of a compact binary merger and assigned GW signals https://arxiv.org/abs/1212.2289​\r\n[R8] A unified picture for compact binary mergers https://arxiv.org/abs/2309.00038 ​\r\n[R9] Properties of Wolf-Rayet stars https://arxiv.org/abs/astro-ph/0610356​\r\n[R10] Blandford-Znajek mechanism for jet launching, original paper https://academic.oup.com/mnras/article/179/3/433/962905 and short summary https://www.seramarkoff.com/2019/04/how-are-magnetised-jets-launched/ ​\r\n[R11] GR-MHD simulation of NS-NS merger jet https://arxiv.org/abs/2205.01691 ​\r\n[R12] GR-MHD simulation of collapsar jet https://arxiv.org/abs/2204.12501 ​\r\n[R13] Fermi acceleration at astrophysical shocks confirmed by numerical simulations https://iopscience.iop.org/article/10.1086/590248 ​\r\n[R14] Numerical simulations of acceleration in magnetic reconnection https://iopscience.iop.org/article/10.1088/2041-8205/783/1/L21 ​\r\n[R15] Summary paper for current status of prompt phase GRB https://doi.org/10.3390/galaxies10020038 ​\r\n[R16] Basic afterglow theory from a decelerating blastwave https://arxiv.org/abs/astro-ph/9712005 ​\r\n[R17] Design example of optical telescope https://www.lsst.org/about/tel-site/optical\\_design​\r\n[R18] Fermi GBM design https://ui.adsabs.harvard.edu/abs/2009ApJ...702..791M/abstract ​\r\n[R19] Fermi LAT summary https://ui.adsabs.harvard.edu/abs/2022hxga.book..118R/abstract ​\r\n[R20] LHAASO instrument and science https://arxiv.org/abs/1905.02773 ​\r\n[R21] GCN of GRB 221009A https://gcn.gsfc.nasa.gov/other/221009A.gcn3 + TeVCat http://tevcat.uchicago.edu/?mode=1;id=364 ​\r\n[R22] Fermi-GBM Pulse Pileup reconstruction https://ui.adsabs.harvard.edu/abs/2013NIMPA.717...21C/abstract​\r\n[R23] The BOAT in context with other events https://iopscience.iop.org/article/10.3847/2041-8213/acc39c/meta​\r\n[R24] Swift paper on the BOAT https://iopscience.iop.org/article/10.3847/2041-8213/acbcd1 ​\r\n[R25] A structured jet explains the BOAT https://arxiv.org/abs/2302.07906 (open access version of science article) ​\r\n[R26] LHAASO reports TeV emission from narrow jet https://arxiv.org/abs/2306.06372 (open access version of science article)​\r\n[R27] LHAASO extra component at the highest energies https://www.science.org/doi/10.1126/sciadv.adj2778 ​\r\n[R28] The BOAT high-energy emission explained by beyond the standard model physics https://arxiv.org/abs/2305.05145 ​\r\n\r\n\\*\\*\\*\\*\\* Image References \\*\\*\\*\\*\\*\r\n[IM1] 123RF​\r\n[IM2]USAF​\r\n[IM3] Bonnell 1995​\r\n[IM4] https://en.m.wikipedia.org/wiki/File:Compton\\_Gamma\\_Ray\\_Observatory\\_grappeled\\_by\\_Atlantis\\_(S37-99-056).jpg​\r\n[IM5] D. Perley, Wikimedia Commons https://en.m.wikipedia.org/wiki/File:GRB\\_BATSE\\_12lightcurves.png​\r\n[IM6] https://www.esa.int/Science\\_Exploration/Space\\_Science/Gaia/Gaia\\_creates\\_richest\\_star\\_map\\_of\\_our\\_Galaxy\\_and\\_beyond​\r\n[IM7] BATSE https://heasarc.gsfc.nasa.gov/docs/cgro/images/epo/gallery/grbs/index.html​\r\n[IM8] E. Costa et al., Nature, Vol. 387, Issue 6635, pg. 783-785 (1997). https://ui.adsabs.harvard.edu/abs/1997Natur.387..783C/abstract ​\r\n[IM9] https://heasarc.gsfc.nasa.gov/docs/sax/saxgof.html ​\r\n[IM10] Neil Gehrels Swift Observatory​\r\n[IM11] https://commons.wikimedia.org/wiki/File:Redshift.svg​\r\n[IM12] https://commons.wikimedia.org/wiki/File:The\\_Blue\\_Marble\\_(remastered).jpg​\r\n[IM13] https://en.wikipedia.org/wiki/File:NGC\\_4414\\_(NASA-med).jpg​\r\n[IM14] Edo Berger (Harvard/CfA)​\r\n[IM15] NASA's Goddard Space Flight Center​\r\n[IM16] BATSE team​\r\n[IM17] iStock​\r\n[IM18] https://arxiv.org/abs/1212.2289​\r\n[IM19] https://www.nasa.gov/image-article/mini-supernova-explosion-could-have-big-impact/​\r\n[IM20] Ore Gottlieb https://oregottlieb.com/NSM\\_GRMHD.html ​\r\n[IM21] Ore Gottlieb https://oregottlieb.com/collapsar.html ​\r\n[IM22] NASA/CXC/Rutgers/J.Warren & J.Hughes et al ​\r\n[IM23] NorthNorth West​\r\n[IM24] https://www.stockio.com/free-clipart/cartoon-eyes​\r\n[IM25] https://eljentechnology.com/products/plastic-scintillators​\r\n[IM26] C. Meegan et al., ApJ, Vol. 702, Issue 1, pg. 791-804 (2009)​\r\n[IM27] NASA, https://science.nasa.gov/toolkits/spacecraft-icons​\r\n[IM28] W. B. Atwood et al., ApJ Vol. 697, pg. 1071 (2009)​\r\n[IM29] NASA, https://commons.wikimedia.org/wiki/File:GLAST\\_on\\_the\\_payload\\_attach\\_fitting.jpg​\r\n[IM30] NASA and Steven Ritz / UC Santa Cruz​\r\n[IM31] J. Knapp​\r\n[IM32] Armelle Jardin-Blicq, https://ui.adsabs.harvard.edu/abs/2019PhDT........47J/abstract​\r\n[IM33] LHAASO​\r\n[IM34] https://en.m.wikipedia.org/wiki/File:BlankMap-World.svg ​\r\n[IM35] https://www.center.top/eng/attractions/202203/58434437.html ​\r\n[IM36-IM38] Adam Goldstein, Fermi-GBM​\r\n[IM39] V. Chaplin et al., NIM-A, Vol. 717, pg. 21-36 ​\r\n[IM40] C. Meegan et al., ApJ, Vol. 702, Issue 1, pg. 791-804 (2009)​\r\n[IM41 & IM43] Maia A. Williams et al 2023 ApJL 946 L24 ​\r\n[IM42 & IM44] Eric Burns et al 2023 ApJL 946 L31​\r\n[IM45] LHAASO collaboration Science 380 (2023) 6652​\r\n[IM46] LHAASO collaboration Sci.Adv. 9 (2023) 46, adj2778\n\n\nIn October 2022 a gamma-ray burst dubbed the 'Brightest Of All Times' smashed records. But what is that actually, a gamma-ray burst? How do we detect it? And why was the BOAT so special?","title":"About Gamma-Ray Bursts And Boats","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703865600,"nanoseconds":0},"android_description":"Gamma-ray bursts are the biggest explosions in our Universe since the Big Bang: In just a few seconds, they release as much energy as the Sun will radiate over its entire lifetime. Even though they occur in far-away galaxies, their emission dominates the high-energy astrophysical sky during their seconds-long duration. They come from the cataclysmic deaths of very massive stars or the mergers of two compact objects such as neutron stars and black holes. In both cases the energy is concentrated in an astrophysical jet moving at approximately the speed of light. \r\nIn October 2022, a once-in-a-lifetime gamma-ray burst smashed records and was dubbed the ‘Brightest of All Time,’ or the BOAT. In fact, it was so bright that it oversaturated the most sensitive gamma-ray burst monitors, posing a challenge for data reconstruction and analysis. But why was it so bright? And how long do we have to wait until the next one? \r\n\r\nUsing the BOAT as an example, we will give an introduction about the fascinating phenomena called gamma-ray bursts. From their accidental discovery during the Cold War to our still surprisingly limited understanding of their nature. The talk will revisit the state-of-the-art of theoretical modelling/interpretations (how are jets launched? what produces the gamma rays?), as well as current detector techniques (how do we catch a gamma-ray photon on Earth or in space?). Naturally, we will also discuss what we really learn from prominent, outstanding events such as the BOAT -- and the questions that still give scientists headaches.\r\n\\*\\*\\*\\* Literature References/Further Reading \\*\\*\\*\\*\r\n\r\n[R1] Vela 4 satellites https://nssdc.gsfc.nasa.gov/nmc/spacecraft/display.action?id=1967-040A​\r\n[R2] First GRB publication Klebesadel et al 1973 https://articles.adsabs.harvard.edu/pdf/1973ApJ...182L..85​\r\n[R3] Statistical test of isotropy on BATSE sample https://arxiv.org/abs/astro-ph/9509078 ​\r\n[R4] First afterglow https://ui.adsabs.harvard.edu/abs/1997Natur.387..783C/abstract ​\r\n[R5] First redshift measurement https://www.nature.com/articles/43132 ​\r\n[R6] Gravitational waves NS-NS GW170817 and short GRB 170817A https://iopscience.iop.org/article/10.3847/2041-8213/aa920c/meta ​\r\n[R7] Possible evolutions of a compact binary merger and assigned GW signals https://arxiv.org/abs/1212.2289​\r\n[R8] A unified picture for compact binary mergers https://arxiv.org/abs/2309.00038 ​\r\n[R9] Properties of Wolf-Rayet stars https://arxiv.org/abs/astro-ph/0610356​\r\n[R10] Blandford-Znajek mechanism for jet launching, original paper https://academic.oup.com/mnras/article/179/3/433/962905 and short summary https://www.seramarkoff.com/2019/04/how-are-magnetised-jets-launched/ ​\r\n[R11] GR-MHD simulation of NS-NS merger jet https://arxiv.org/abs/2205.01691 ​\r\n[R12] GR-MHD simulation of collapsar jet https://arxiv.org/abs/2204.12501 ​\r\n[R13] Fermi acceleration at astrophysical shocks confirmed by numerical simulations https://iopscience.iop.org/article/10.1086/590248 ​\r\n[R14] Numerical simulations of acceleration in magnetic reconnection https://iopscience.iop.org/article/10.1088/2041-8205/783/1/L21 ​\r\n[R15] Summary paper for current status of prompt phase GRB https://doi.org/10.3390/galaxies10020038 ​\r\n[R16] Basic afterglow theory from a decelerating blastwave https://arxiv.org/abs/astro-ph/9712005 ​\r\n[R17] Design example of optical telescope https://www.lsst.org/about/tel-site/optical\\_design​\r\n[R18] Fermi GBM design https://ui.adsabs.harvard.edu/abs/2009ApJ...702..791M/abstract ​\r\n[R19] Fermi LAT summary https://ui.adsabs.harvard.edu/abs/2022hxga.book..118R/abstract ​\r\n[R20] LHAASO instrument and science https://arxiv.org/abs/1905.02773 ​\r\n[R21] GCN of GRB 221009A https://gcn.gsfc.nasa.gov/other/221009A.gcn3 + TeVCat http://tevcat.uchicago.edu/?mode=1;id=364 ​\r\n[R22] Fermi-GBM Pulse Pileup reconstruction https://ui.adsabs.harvard.edu/abs/2013NIMPA.717...21C/abstract​\r\n[R23] The BOAT in context with other events https://iopscience.iop.org/article/10.3847/2041-8213/acc39c/meta​\r\n[R24] Swift paper on the BOAT https://iopscience.iop.org/article/10.3847/2041-8213/acbcd1 ​\r\n[R25] A structured jet explains the BOAT https://arxiv.org/abs/2302.07906 (open access version of science article) ​\r\n[R26] LHAASO reports TeV emission from narrow jet https://arxiv.org/abs/2306.06372 (open access version of science article)​\r\n[R27] LHAASO extra component at the highest energies https://www.science.org/doi/10.1126/sciadv.adj2778 ​\r\n[R28] The BOAT high-energy emission explained by beyond the standard model physics https://arxiv.org/abs/2305.05145 ​\r\n\r\n\\*\\*\\*\\*\\* Image References \\*\\*\\*\\*\\*\r\n[IM1] 123RF​\r\n[IM2]USAF​\r\n[IM3] Bonnell 1995​\r\n[IM4] https://en.m.wikipedia.org/wiki/File:Compton\\_Gamma\\_Ray\\_Observatory\\_grappeled\\_by\\_Atlantis\\_(S37-99-056).jpg​\r\n[IM5] D. Perley, Wikimedia Commons https://en.m.wikipedia.org/wiki/File:GRB\\_BATSE\\_12lightcurves.png​\r\n[IM6] https://www.esa.int/Science\\_Exploration/Space\\_Science/Gaia/Gaia\\_creates\\_richest\\_star\\_map\\_of\\_our\\_Galaxy\\_and\\_beyond​\r\n[IM7] BATSE https://heasarc.gsfc.nasa.gov/docs/cgro/images/epo/gallery/grbs/index.html​\r\n[IM8] E. Costa et al., Nature, Vol. 387, Issue 6635, pg. 783-785 (1997). https://ui.adsabs.harvard.edu/abs/1997Natur.387..783C/abstract ​\r\n[IM9] https://heasarc.gsfc.nasa.gov/docs/sax/saxgof.html ​\r\n[IM10] Neil Gehrels Swift Observatory​\r\n[IM11] https://commons.wikimedia.org/wiki/File:Redshift.svg​\r\n[IM12] https://commons.wikimedia.org/wiki/File:The\\_Blue\\_Marble\\_(remastered).jpg​\r\n[IM13] https://en.wikipedia.org/wiki/File:NGC\\_4414\\_(NASA-med).jpg​\r\n[IM14] Edo Berger (Harvard/CfA)​\r\n[IM15] NASA's Goddard Space Flight Center​\r\n[IM16] BATSE team​\r\n[IM17] iStock​\r\n[IM18] https://arxiv.org/abs/1212.2289​\r\n[IM19] https://www.nasa.gov/image-article/mini-supernova-explosion-could-have-big-impact/​\r\n[IM20] Ore Gottlieb https://oregottlieb.com/NSM\\_GRMHD.html ​\r\n[IM21] Ore Gottlieb https://oregottlieb.com/collapsar.html ​\r\n[IM22] NASA/CXC/Rutgers/J.Warren & J.Hughes et al ​\r\n[IM23] NorthNorth West​\r\n[IM24] https://www.stockio.com/free-clipart/cartoon-eyes​\r\n[IM25] https://eljentechnology.com/products/plastic-scintillators​\r\n[IM26] C. Meegan et al., ApJ, Vol. 702, Issue 1, pg. 791-804 (2009)​\r\n[IM27] NASA, https://science.nasa.gov/toolkits/spacecraft-icons​\r\n[IM28] W. B. Atwood et al., ApJ Vol. 697, pg. 1071 (2009)​\r\n[IM29] NASA, https://commons.wikimedia.org/wiki/File:GLAST\\_on\\_the\\_payload\\_attach\\_fitting.jpg​\r\n[IM30] NASA and Steven Ritz / UC Santa Cruz​\r\n[IM31] J. Knapp​\r\n[IM32] Armelle Jardin-Blicq, https://ui.adsabs.harvard.edu/abs/2019PhDT........47J/abstract​\r\n[IM33] LHAASO​\r\n[IM34] https://en.m.wikipedia.org/wiki/File:BlankMap-World.svg ​\r\n[IM35] https://www.center.top/eng/attractions/202203/58434437.html ​\r\n[IM36-IM38] Adam Goldstein, Fermi-GBM​\r\n[IM39] V. Chaplin et al., NIM-A, Vol. 717, pg. 21-36 ​\r\n[IM40] C. Meegan et al., ApJ, Vol. 702, Issue 1, pg. 791-804 (2009)​\r\n[IM41 & IM43] Maia A. Williams et al 2023 ApJL 946 L24 ​\r\n[IM42 & IM44] Eric Burns et al 2023 ApJL 946 L31​\r\n[IM45] LHAASO collaboration Science 380 (2023) 6652​\r\n[IM46] LHAASO collaboration Sci.Adv. 9 (2023) 46, adj2778\n\n\nIn October 2022 a gamma-ray burst dubbed the 'Brightest Of All Times' smashed records. But what is that actually, a gamma-ray burst? How do we detect it? And why was the BOAT so special?","updated_timestamp":{"seconds":1703954760,"nanoseconds":0},"speakers":[{"content_ids":[53399],"conference_id":131,"event_ids":[53496],"name":"Sylvia Zhu","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52340},{"content_ids":[53399],"conference_id":131,"event_ids":[53496],"name":"Annika Rudolph","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52438}],"timeband_id":1142,"links":[],"end":"2023-12-29T16:00:00.000-0000","id":53496,"tag_ids":[46123,46136,46140],"begin_timestamp":{"seconds":1703862000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52438},{"tag_id":46107,"sort_order":1,"person_id":52340}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"updated":"2023-12-30T16:46:00.000-0000","begin":"2023-12-29T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"With ANIMAL()CITY we draw inspiration from the ghostly presence of foxes that roam the city at night – which nowadays is a common appearance in urban environments – evoking echoes of a pre-industrial era while at the same time drawing people’s attention to a layer of the city that completely eludes their perception in everyday life. In these moments we witness animals and plants forming their own realm and the city itself having its own life, acting like an entity, a ghost at times. Encounters with wild animals in the city make the parallel layers of the landscape momentarily tangible and remind us that we are part of these ‘non-human’ networks as well. On a darker note: urban wildlife not only echoes pre-industrial times but also projects an idea of what our cities will look like when all the people have disappeared due to the consequences of the climate catastrophe. However, the city may also be read analogous to the internet. Animals, humans and plants seldomly interact within the city, and while we might notice traces or encounter their phantoms we seem to live in parallel worlds. Similarly, online we are divided by platforms into threads and channels, living in multi-layered structures haunted by uncanny bots and AI agents.\r\n\r\nWe believe that AR sculptures highlight an ethereal quality of the digital; they appear to transcend from the realm of immateriality into the physical space – the so-called spatial internet that overlays our cities. AR layers possess a magical quality in that they exist as objects whose influence on our world is – on a first step – contingent to our acceptance and perception of them as physical objects.\r\n\r\nANIMAL()CITY is an aesthetic inquiry of the artists’ views on how AR may intercept different layers of perception and realities or completely superimpose them.\r\n\r\nThe exhibition presents a collection of animals that transcend their natural forms and assume various \"non-natural\" shapes; from fantastical mythical creatures to archetypical animal sculpture adhering to classical composition to the most basic 3D animal assets, taken from game engine templates. These AR-animals introduce elements of imagination to their representation, inviting viewers to explore their own interpretations and engage with the artworks on different levels.\n\n\nPresentation/introduction to the ongoing 37C3 art exhibition groupshow with Joachim Blank, Eva Davidova, Meredith Drum, exonemo, Jonas Lund, Sahej Rahal, Ingeborg Wie by panke.gallery (Sakrowski).","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"ANIMAL()CITY","end_timestamp":{"seconds":1703863800,"nanoseconds":0},"android_description":"With ANIMAL()CITY we draw inspiration from the ghostly presence of foxes that roam the city at night – which nowadays is a common appearance in urban environments – evoking echoes of a pre-industrial era while at the same time drawing people’s attention to a layer of the city that completely eludes their perception in everyday life. In these moments we witness animals and plants forming their own realm and the city itself having its own life, acting like an entity, a ghost at times. Encounters with wild animals in the city make the parallel layers of the landscape momentarily tangible and remind us that we are part of these ‘non-human’ networks as well. On a darker note: urban wildlife not only echoes pre-industrial times but also projects an idea of what our cities will look like when all the people have disappeared due to the consequences of the climate catastrophe. However, the city may also be read analogous to the internet. Animals, humans and plants seldomly interact within the city, and while we might notice traces or encounter their phantoms we seem to live in parallel worlds. Similarly, online we are divided by platforms into threads and channels, living in multi-layered structures haunted by uncanny bots and AI agents.\r\n\r\nWe believe that AR sculptures highlight an ethereal quality of the digital; they appear to transcend from the realm of immateriality into the physical space – the so-called spatial internet that overlays our cities. AR layers possess a magical quality in that they exist as objects whose influence on our world is – on a first step – contingent to our acceptance and perception of them as physical objects.\r\n\r\nANIMAL()CITY is an aesthetic inquiry of the artists’ views on how AR may intercept different layers of perception and realities or completely superimpose them.\r\n\r\nThe exhibition presents a collection of animals that transcend their natural forms and assume various \"non-natural\" shapes; from fantastical mythical creatures to archetypical animal sculpture adhering to classical composition to the most basic 3D animal assets, taken from game engine templates. These AR-animals introduce elements of imagination to their representation, inviting viewers to explore their own interpretations and engage with the artworks on different levels.\n\n\nPresentation/introduction to the ongoing 37C3 art exhibition groupshow with Joachim Blank, Eva Davidova, Meredith Drum, exonemo, Jonas Lund, Sahej Rahal, Ingeborg Wie by panke.gallery (Sakrowski).","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53190],"conference_id":131,"event_ids":[53495],"name":"Sembo","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52394},{"content_ids":[53190],"conference_id":131,"event_ids":[53495],"name":"Sakrowski","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52465}],"timeband_id":1142,"end":"2023-12-29T15:30:00.000-0000","links":[{"label":"ANIMAL()CITY at panke.gallery","type":"link","url":"https://www.panke.gallery/exhibition/animal-city"}],"id":53495,"tag_ids":[46118,46137,46140],"begin_timestamp":{"seconds":1703862000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52465},{"tag_id":46107,"sort_order":1,"person_id":52394}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-29T15:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Dies soll ein ungezwungenes Meetup von Lehrkräften und anderen Menschen mit Bildungshintergrund sein, um sich über die Möglichkeiten von Podcasting und generell Audioproduktion in der Bildung auszutauschen.\r\n\r\nSiehe auch hier: https://events.ccc.de/congress/2023/hub/de/event/meetup-podcasting-und-bildung/\n\n\nDies soll ein ungezwungenes Meetup von Lehrkräften und anderen Menschen mit Bildungshintergrund sein, um sich über die Möglichkeiten von Podcasting und generell Audioproduktion in der Bildung auszutauschen.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"SoS: Meetup - Podcasting und Bildung","end_timestamp":{"seconds":1703865600,"nanoseconds":0},"android_description":"Dies soll ein ungezwungenes Meetup von Lehrkräften und anderen Menschen mit Bildungshintergrund sein, um sich über die Möglichkeiten von Podcasting und generell Audioproduktion in der Bildung auszutauschen.\r\n\r\nSiehe auch hier: https://events.ccc.de/congress/2023/hub/de/event/meetup-podcasting-und-bildung/\n\n\nDies soll ein ungezwungenes Meetup von Lehrkräften und anderen Menschen mit Bildungshintergrund sein, um sich über die Möglichkeiten von Podcasting und generell Audioproduktion in der Bildung auszutauschen.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:00:00.000-0000","id":53431,"begin_timestamp":{"seconds":1703862000,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"SCC-Assembly","hotel":"","short_name":"SCC-Assembly","id":46149},"spans_timebands":"N","begin":"2023-12-29T15:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"MLS improves upon existing protocols such as Signal in group messaging applications. We co-authored the protocol specification and will briefly talk about what motivated the creation of MLS, how it relates to other existing messaging protocols as well as its design process in general.\r\n\r\nAs a group messaging protocol, the security guarantees provided by MLS go beyond authentication and confidentiality. We will go into detail on what security properties users can expect and take a look under the hood on how MLS works.\r\n\r\nWhile the MLS specification has only been published recently, more work is underway and an ecosystem is already forming around the standard. We’ll touch on topics like MLS implementations, metadata hiding, federation, and interoperability between messengers (also in the context of the new IETF MIMI working group [1]). And of course we’ll share insights into the future of Messaging Layer Security!\r\n\r\n[1] https://datatracker.ietf.org/group/mimi/about/\r\n\n\n\nThey call it RFC 9420, we say MLS: A new IETF standard for end-to-end encryption was published in July and brings large improvements in performance and security compared to existing protocols. We are here to present Messaging Layer Security, its ecosystem and its roadmap.\r\n\r\nThe MLS protocol is already being used in production to end-to-end encrypt Webex conference calls and will soon provide encryption for Android messages and RCS 2.0 for billions of users. Other messaging tools (such as Discord, Matrix, Wire, etc.) are currently trialing MLS and are expected to follow.\r\n\r\nWhy was the protocol developed in the first place? How does it work? What are the next steps for MLS?","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"RFC 9420 or how to scale end-to-end encryption with Messaging Layer Security","end_timestamp":{"seconds":1703863500,"nanoseconds":0},"android_description":"MLS improves upon existing protocols such as Signal in group messaging applications. We co-authored the protocol specification and will briefly talk about what motivated the creation of MLS, how it relates to other existing messaging protocols as well as its design process in general.\r\n\r\nAs a group messaging protocol, the security guarantees provided by MLS go beyond authentication and confidentiality. We will go into detail on what security properties users can expect and take a look under the hood on how MLS works.\r\n\r\nWhile the MLS specification has only been published recently, more work is underway and an ecosystem is already forming around the standard. We’ll touch on topics like MLS implementations, metadata hiding, federation, and interoperability between messengers (also in the context of the new IETF MIMI working group [1]). And of course we’ll share insights into the future of Messaging Layer Security!\r\n\r\n[1] https://datatracker.ietf.org/group/mimi/about/\r\n\n\n\nThey call it RFC 9420, we say MLS: A new IETF standard for end-to-end encryption was published in July and brings large improvements in performance and security compared to existing protocols. We are here to present Messaging Layer Security, its ecosystem and its roadmap.\r\n\r\nThe MLS protocol is already being used in production to end-to-end encrypt Webex conference calls and will soon provide encryption for Android messages and RCS 2.0 for billions of users. Other messaging tools (such as Discord, Matrix, Wire, etc.) are currently trialing MLS and are expected to follow.\r\n\r\nWhy was the protocol developed in the first place? How does it work? What are the next steps for MLS?","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53407],"conference_id":131,"event_ids":[53752],"name":"Raphael Robert","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52308},{"content_ids":[53407],"conference_id":131,"event_ids":[53752],"name":"Konrad Kohbrok","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52485}],"timeband_id":1142,"links":[],"end":"2023-12-29T15:25:00.000-0000","id":53752,"begin_timestamp":{"seconds":1703861100,"nanoseconds":0},"tag_ids":[46124,46136,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52485},{"tag_id":46107,"sort_order":1,"person_id":52308}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T14:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The return to pre-war economy in Ukraine is impossible. Why\r\nand how the Marshall Plan for Ukraine might fail, and what\r\nsteps could condition its success.\r\nMykyta Soloviov (Lawyer, Macroeconomist, Politician) live from Kharkiv, UA\r\nLanguage: RU, translated live into EN\r\n\r\nhttps://events.ccc.de/congress/2023/hub/en/tag/UAct/\n\n\nThe return to pre-war economy in Ukraine is impossible. Why\r\nand how the Marshall Plan for Ukraine might fail, and what\r\nsteps could condition its success.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"U Act! - “The Marshall Plan” for Ukraine","android_description":"The return to pre-war economy in Ukraine is impossible. Why\r\nand how the Marshall Plan for Ukraine might fail, and what\r\nsteps could condition its success.\r\nMykyta Soloviov (Lawyer, Macroeconomist, Politician) live from Kharkiv, UA\r\nLanguage: RU, translated live into EN\r\n\r\nhttps://events.ccc.de/congress/2023/hub/en/tag/UAct/\n\n\nThe return to pre-war economy in Ukraine is impossible. Why\r\nand how the Marshall Plan for Ukraine might fail, and what\r\nsteps could condition its success.","end_timestamp":{"seconds":1703865600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:00:00.000-0000","id":53967,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703860200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"ChaosZone","hotel":"","short_name":"ChaosZone","id":46138},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T14:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://events.ccc.de/congress/2023/hub/en/event/tracetogether-or-tracktogether/\n\n\nWe do an analysis of TraceTogether, Singapore's COVID-19 contact tracing system, its protocol and technical implementation, as well as a look at alternative protocols and implementations for contact tracing systems. We also discuss privacy concerns relating to the collection of contact tracing data and centralized nature of the TraceTogether system.","title":"TraceTogether or TrackTogether? (Joyce Ng)","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703862900,"nanoseconds":0},"android_description":"https://events.ccc.de/congress/2023/hub/en/event/tracetogether-or-tracktogether/\n\n\nWe do an analysis of TraceTogether, Singapore's COVID-19 contact tracing system, its protocol and technical implementation, as well as a look at alternative protocols and implementations for contact tracing systems. We also discuss privacy concerns relating to the collection of contact tracing data and centralized nature of the TraceTogether system.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T15:15:00.000-0000","id":53856,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703860200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"begin":"2023-12-29T14:30:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Inhalte bzw. Ziel: Vernetzung! Endlich mal \"diese Leute aus dem Internet\" kennenlernen. Erfahrungen austauschen. Womöglich sammeln wir ja auch Ideen, wie Dinge zugänglicher gemacht werden. Und vielleicht ergibt sich ein Projekt daraus?\r\n\r\nKlärung: Be_hinderung kann viele verschiedene Formen haben. Wir wollen hier einen Raum schaffen, in dem viele verschiedene Menschen sich miteinander austauschen können. Eine \"offizielle\" Diagnose ist dafür absolut nicht notwendig! Wenn du dich selbst als be_hindert beschreibst, bist du hier richtig.\r\n\r\nInhaltswarnung: wir sprechen über unsere Be_hinderungen. Voraussichtlich werden dabei auch negative Erfahrungen geteilt.\r\n\r\nUnd es gilt, hier erst recht: nehmt Rücksicht auf euch selbst, und auch auf andere!\n\n\nZielgruppe für diesen Workshop sind be_hinderte Congress-Besucher:innen (CCCrips). Eine Hackspace- oder C3-Mitgliedschaft ist komplett optional. Wir wollen uns untereinander kennenlernen, Erfahrungen austauschen, und Pläne schmieden! Weltherrschaft, anyone?","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#7f73c6","name":"Workshop","id":46133},"title":"CCCrip Auskotzrunde","android_description":"Inhalte bzw. Ziel: Vernetzung! Endlich mal \"diese Leute aus dem Internet\" kennenlernen. Erfahrungen austauschen. Womöglich sammeln wir ja auch Ideen, wie Dinge zugänglicher gemacht werden. Und vielleicht ergibt sich ein Projekt daraus?\r\n\r\nKlärung: Be_hinderung kann viele verschiedene Formen haben. Wir wollen hier einen Raum schaffen, in dem viele verschiedene Menschen sich miteinander austauschen können. Eine \"offizielle\" Diagnose ist dafür absolut nicht notwendig! Wenn du dich selbst als be_hindert beschreibst, bist du hier richtig.\r\n\r\nInhaltswarnung: wir sprechen über unsere Be_hinderungen. Voraussichtlich werden dabei auch negative Erfahrungen geteilt.\r\n\r\nUnd es gilt, hier erst recht: nehmt Rücksicht auf euch selbst, und auch auf andere!\n\n\nZielgruppe für diesen Workshop sind be_hinderte Congress-Besucher:innen (CCCrips). Eine Hackspace- oder C3-Mitgliedschaft ist komplett optional. Wir wollen uns untereinander kennenlernen, Erfahrungen austauschen, und Pläne schmieden! Weltherrschaft, anyone?","end_timestamp":{"seconds":1703865600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53135,53472],"conference_id":131,"event_ids":[53445,53807],"name":"Helga Velroyen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52253},{"content_ids":[53472],"conference_id":131,"event_ids":[53807],"name":"Oliver Suchanek","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52274},{"content_ids":[53135,53472],"conference_id":131,"event_ids":[53445,53807],"name":"lavalaempchen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52389},{"content_ids":[53472],"conference_id":131,"event_ids":[53807],"name":"Katta","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52508}],"timeband_id":1142,"links":[],"end":"2023-12-29T16:00:00.000-0000","id":53807,"village_id":null,"tag_ids":[46133,46139],"begin_timestamp":{"seconds":1703860200,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52253},{"tag_id":46107,"sort_order":1,"person_id":52508},{"tag_id":46107,"sort_order":1,"person_id":52274},{"tag_id":46107,"sort_order":1,"person_id":52389}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T14:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Interested in [DDNet development](https://github.com/ddnet/ddnet), want to meet fellow [DDNet](https://ddnet.org)/[Teeworlds](https://teeworlds.com) players or are [curious about DDNet](https://store.steampowered.com/app/412220/DDraceNetwork/)?\r\n\r\nThe session includes a lightning talk by Zwelf about the state of DDNet.\r\n\r\nWe'll get together and with interest and time, we can start playing together.\r\n\r\nQuestions: 📞8303\n\n\n","title":"Teeworlds/DDNet/DDraceNetwork Meetup","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703861100,"nanoseconds":0},"android_description":"Interested in [DDNet development](https://github.com/ddnet/ddnet), want to meet fellow [DDNet](https://ddnet.org)/[Teeworlds](https://teeworlds.com) players or are [curious about DDNet](https://store.steampowered.com/app/412220/DDraceNetwork/)?\r\n\r\nThe session includes a lightning talk by Zwelf about the state of DDNet.\r\n\r\nWe'll get together and with interest and time, we can start playing together.\r\n\r\nQuestions: 📞8303","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T14:45:00.000-0000","id":53950,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703859300,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T14:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Dream meets needs. Vectorgraphics can be of use in many different ways - software for livesketching is hard to come by. Coding yourself helps - also with your own style. C with Cairo, Godot and Rust with Raqote are variants that are there to explore: https://gitlab.com/dronn\r\nFurthermore this Workshop will contain a livedrawing session, also with watercolour If you choose.\n\n\nTraum trifft Beduerfnis, Vektorgrafiken können vielseitig verwendet werden, Software zum live skizzieren ist rar. Selbstschreiben hilft - auch dem eigenen Stil. C mit Cairo, Godot und Rust mit Raqote sind Varianten die näher betrachtet werden können: https://gitlab.com/dronn\r\nDarüberraus eine live Zeichensession \"Drink and Draw\" wahlweise auch mit Aquarell.","title":"Art and Play: Livevektorskizzen #2","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Dream meets needs. Vectorgraphics can be of use in many different ways - software for livesketching is hard to come by. Coding yourself helps - also with your own style. C with Cairo, Godot and Rust with Raqote are variants that are there to explore: https://gitlab.com/dronn\r\nFurthermore this Workshop will contain a livedrawing session, also with watercolour If you choose.\n\n\nTraum trifft Beduerfnis, Vektorgrafiken können vielseitig verwendet werden, Software zum live skizzieren ist rar. Selbstschreiben hilft - auch dem eigenen Stil. C mit Cairo, Godot und Rust mit Raqote sind Varianten die näher betrachtet werden können: https://gitlab.com/dronn\r\nDarüberraus eine live Zeichensession \"Drink and Draw\" wahlweise auch mit Aquarell.","end_timestamp":{"seconds":1703865600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:00:00.000-0000","id":53981,"village_id":null,"begin_timestamp":{"seconds":1703858400,"nanoseconds":0},"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Art and Play Workshop table [H]","hotel":"","short_name":"Art and Play Workshop table [H]","id":46162},"begin":"2023-12-29T14:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The purpose of the Orb is to uniquely identify humans while preserving privacy. It does so by scanning user irises, deciding if they’ve signed up before, and adding them to a global set of zero-knowledge identity commitments. Then, the user owns a private key which they can use to produce zero-knowledge proofs that prove they *are* human, without revealing *which* human.\r\n\r\nAttackers have an economic incentive to hack inside individual orbs, since getting inside of one means they can generate fake signups, and then later get cryptocurrency. They might also want to steal user biometric information. Thus the Orb’s software and hardware need to be designed to defend against software hacks and physical tampering.\r\n\r\nTo that end, the OS is architected with a few security mitigations – including secure boot, signed operating system images, verity-mounted filesystem partitions, and write/execution-restricted filesystems.\r\n\r\nEverything can always be hacked, and security is the art of thoughtful risk mitigation. The Orb’s OS has been architected in a way so as to minimize the risk of hackers-stealing or government-seizing user biometric data. But of course, things aren’t perfect, so if you have any thoughts on how to hack the Orb, please do send your questions / criticisms.\n\n\nUniquely identifying real users is a problem as old as the Internet. With the recent surge in AI language and vision models, CATCHAs might be close to losing the bot-mitigating fight. But how can you know your users are human without fully surveilling them? Perhaps we could use… Iris scanners and zero knowledge proofs? Which is precisely the approach that Worldcoin takes. However, building such a system is fraught with security and privacy challenges. In this talk, I’ll focus on the Orb’s operating system security properties and privacy defenses.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Hacking the Orb","android_description":"The purpose of the Orb is to uniquely identify humans while preserving privacy. It does so by scanning user irises, deciding if they’ve signed up before, and adding them to a global set of zero-knowledge identity commitments. Then, the user owns a private key which they can use to produce zero-knowledge proofs that prove they *are* human, without revealing *which* human.\r\n\r\nAttackers have an economic incentive to hack inside individual orbs, since getting inside of one means they can generate fake signups, and then later get cryptocurrency. They might also want to steal user biometric information. Thus the Orb’s software and hardware need to be designed to defend against software hacks and physical tampering.\r\n\r\nTo that end, the OS is architected with a few security mitigations – including secure boot, signed operating system images, verity-mounted filesystem partitions, and write/execution-restricted filesystems.\r\n\r\nEverything can always be hacked, and security is the art of thoughtful risk mitigation. The Orb’s OS has been architected in a way so as to minimize the risk of hackers-stealing or government-seizing user biometric data. But of course, things aren’t perfect, so if you have any thoughts on how to hack the Orb, please do send your questions / criticisms.\n\n\nUniquely identifying real users is a problem as old as the Internet. With the recent surge in AI language and vision models, CATCHAs might be close to losing the bot-mitigating fight. But how can you know your users are human without fully surveilling them? Perhaps we could use… Iris scanners and zero knowledge proofs? Which is precisely the approach that Worldcoin takes. However, building such a system is fraught with security and privacy challenges. In this talk, I’ll focus on the Orb’s operating system security properties and privacy defenses.","end_timestamp":{"seconds":1703860200,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T14:30:00.000-0000","id":53973,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703858400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T14:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Discussion\r\n Paper Data eSIM giveaway\n\n\nZeroKYC Anonymous eSIM service: security and privacy implications for mobile users. Use cases. Advantages and limitations. Questions and answers. Hands-on experience.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Mobile phone privacy with silent.link S1E03 (Workshop)","end_timestamp":{"seconds":1703862000,"nanoseconds":0},"android_description":"Discussion\r\n Paper Data eSIM giveaway\n\n\nZeroKYC Anonymous eSIM service: security and privacy implications for mobile users. Use cases. Advantages and limitations. Questions and answers. Hands-on experience.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T15:00:00.000-0000","id":53892,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703858400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"spans_timebands":"N","begin":"2023-12-29T14:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"SuperCollider ist eine Programmiersprache mit einem eigenen Audioserver. Vom grundlegenden Sound Design über die Komposition, Effekte und Signalfluss wird alles über Code gesteuert. Zugleich kann SuperCollider mit anderen Systemen interagieren, zum Beispiel über MIDI, OpenSoundControl oder Arduino.\r\n\r\nIn meinem Talk spreche ich über\r\n \r\n * Was ist SuperCollider und wofür ist es gut?\r\n * Die SC IDE: Aufbau und Hilfesystem; alternative Editoren\r\n * Grundlegende Syntax\r\n * Das \"Hallo Welt\"-Äquivalent von SuperCollider\r\n * Eine etwas komplexere Klangfunktion\r\n * SynthDefs: die Sound Design-\"Blaupausen\" in SuperCollider\r\n * Komposition mit Patterns\r\n * Tipps zum Einstieg und Lernen\r\n * Vorstellung einer kleinen Beispielkomposition\n\n\nMit der Programmiersprache SuperCollider komponiere ich seit einigen Jahren elektronische Musik, Klangkunst und Sound Design. Dieser Talk ist eine kurze, praxisbezogene Einführung ins Klangbasteln mit Code.","type":{"conference_id":131,"conference":"37C3","color":"#f6ae74","updated_at":"2024-06-07T03:40+0000","name":"Talk 90 Minuten +15m Q&A","id":46132},"title":"Klänge coden: Eine Einführung in Supercollider","end_timestamp":{"seconds":1703864700,"nanoseconds":0},"android_description":"SuperCollider ist eine Programmiersprache mit einem eigenen Audioserver. Vom grundlegenden Sound Design über die Komposition, Effekte und Signalfluss wird alles über Code gesteuert. Zugleich kann SuperCollider mit anderen Systemen interagieren, zum Beispiel über MIDI, OpenSoundControl oder Arduino.\r\n\r\nIn meinem Talk spreche ich über\r\n \r\n * Was ist SuperCollider und wofür ist es gut?\r\n * Die SC IDE: Aufbau und Hilfesystem; alternative Editoren\r\n * Grundlegende Syntax\r\n * Das \"Hallo Welt\"-Äquivalent von SuperCollider\r\n * Eine etwas komplexere Klangfunktion\r\n * SynthDefs: die Sound Design-\"Blaupausen\" in SuperCollider\r\n * Komposition mit Patterns\r\n * Tipps zum Einstieg und Lernen\r\n * Vorstellung einer kleinen Beispielkomposition\n\n\nMit der Programmiersprache SuperCollider komponiere ich seit einigen Jahren elektronische Musik, Klangkunst und Sound Design. Dieser Talk ist eine kurze, praxisbezogene Einführung ins Klangbasteln mit Code.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53480],"conference_id":131,"event_ids":[53814],"name":"modern_dragon","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52305}],"timeband_id":1142,"links":[],"end":"2023-12-29T15:45:00.000-0000","id":53814,"tag_ids":[46132,46139],"begin_timestamp":{"seconds":1703858400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52305}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T14:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In Computer und Kommunikation werden wir ausführlich vom 37C3 berichten. Dazu erwarten wir auch Studiogästen.\r\nAusstrahlung am 30.12.2023 um 16:30 Uhr im Deutschlandfunk\r\nReporter: Peter Welchering und Marie Zinkann\r\nModeration: Manfred Kloiber\r\nTechnik: Carsten Besser und Daniel Evers\n\n\nAufzeichnung der Sendung \"Computer und Kommunikation\"\r\nMit Manfred Kloiber, Peter Welchering, Marie Zinkann","title":"Deutschlandfunk: Computer und Kommunikation vom 37C3","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"In Computer und Kommunikation werden wir ausführlich vom 37C3 berichten. Dazu erwarten wir auch Studiogästen.\r\nAusstrahlung am 30.12.2023 um 16:30 Uhr im Deutschlandfunk\r\nReporter: Peter Welchering und Marie Zinkann\r\nModeration: Manfred Kloiber\r\nTechnik: Carsten Besser und Daniel Evers\n\n\nAufzeichnung der Sendung \"Computer und Kommunikation\"\r\nMit Manfred Kloiber, Peter Welchering, Marie Zinkann","end_timestamp":{"seconds":1703862000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T15:00:00.000-0000","id":53789,"village_id":null,"begin_timestamp":{"seconds":1703858400,"nanoseconds":0},"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T14:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Net Neutrality is what sets the internet apart from telephony or television networks. Nevertheless, the issue has not gone quiet in recent years. Donald Trump has repealed net neutrality 2017 in the US, while in Europe digital commissioner Thierry Breton is fighting since 2022 alongside the big telcos against the free internet. In India, Brazil and South Korea, a battle is raging over the interconnection of networks. \r\n\r\nThis nerdy principle became the law in many juristrictions around the world. The two people giving this workshop have worked on the isseu over many years. We will talk about the recent attacks against net neutrality in the form of network fees (\"fair share\" or german: \"Leitungsschutzrecht\"). There will also be time to talk about the global situation when it comes to Zero-Rating (e.g. StreamOn, Facebooks Free Basic, etc.). Lastly, the 5G hype will also be something we want to touch upon. \r\n\r\nThis workshop gives an overview of the debate and talks about concrete ways in which hackers and activists can engage in the debate to keep the internet open. If you work in the inter-connection market, then this session might be particularly interesting to you. \r\n\r\nThe workshop is held by Thomas Lohninger (epicenter.works) and Klaus Landefeld (DE-CIX). Both are native German speakers, but we will speak in English to do justice to this global topic.\n\n\n","title":"Recent Attacks against Net Neutrality: Why Telcos never learn","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703862000,"nanoseconds":0},"android_description":"Net Neutrality is what sets the internet apart from telephony or television networks. Nevertheless, the issue has not gone quiet in recent years. Donald Trump has repealed net neutrality 2017 in the US, while in Europe digital commissioner Thierry Breton is fighting since 2022 alongside the big telcos against the free internet. In India, Brazil and South Korea, a battle is raging over the interconnection of networks. \r\n\r\nThis nerdy principle became the law in many juristrictions around the world. The two people giving this workshop have worked on the isseu over many years. We will talk about the recent attacks against net neutrality in the form of network fees (\"fair share\" or german: \"Leitungsschutzrecht\"). There will also be time to talk about the global situation when it comes to Zero-Rating (e.g. StreamOn, Facebooks Free Basic, etc.). Lastly, the 5G hype will also be something we want to touch upon. \r\n\r\nThis workshop gives an overview of the debate and talks about concrete ways in which hackers and activists can engage in the debate to keep the internet open. If you work in the inter-connection market, then this session might be particularly interesting to you. \r\n\r\nThe workshop is held by Thomas Lohninger (epicenter.works) and Klaus Landefeld (DE-CIX). Both are native German speakers, but we will speak in English to do justice to this global topic.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T15:00:00.000-0000","id":53784,"begin_timestamp":{"seconds":1703858400,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T14:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In the last years, several coal power plants have been blocked through lock-on actions. How successful is the idea and what can the climate justice movement learn from it?\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Kohlekraftwerke blockieren - Erkenntnisse der letzten Jahre","end_timestamp":{"seconds":1703865600,"nanoseconds":0},"android_description":"In the last years, several coal power plants have been blocked through lock-on actions. How successful is the idea and what can the climate justice movement learn from it?","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:00:00.000-0000","id":53770,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703858400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T14:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This is an open for all discussion about digital offerings in German schools.\n\n\nWir hören euch zum Thema “Bildung richtig digital” zu","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"cyber4EDU (Zu-)Hörstunde - Fokus Berufsschule","end_timestamp":{"seconds":1703861100,"nanoseconds":0},"android_description":"This is an open for all discussion about digital offerings in German schools.\n\n\nWir hören euch zum Thema “Bildung richtig digital” zu","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T14:45:00.000-0000","id":53873,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703857500,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"cyber4EDU Assembly","hotel":"","short_name":"cyber4EDU Assembly","id":46159},"begin":"2023-12-29T13:45:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In this introductory session we will journey into the field of internet-connected device security. Our talk aims to empower beginners by simplifying the process of hacking such devices.\r\n\r\nWe'll discuss vulnerabilities we uncovered in Poly telephones and conference speaker systems and describe how we effectively transformed a seemingly innocuous conference speaker into a fully functional wiretap. We'll begin with straightforward findings accessible to beginners and progress to more technical discoveries, so that people with no experience in the field can follow along, too.\r\n\r\nBy the end of the talk, the attendees will have a foundational understanding of how they can approach hacking such a device and will have learned how the impact of vulnerabilities can be shown and increased by chaining them.\r\n\r\nAll the vulnerabilities we discovered during our research have been responsibly disclosed to the vendor and will be published in December 2023.\n\n\nThis introductory session will outline the process of hacking internet-connected devices, with the help of a real world example: Poly telephones and conference speaker systems. We will explain vulnerabilities we identified in them and how they can be leveraged to transform the devices into wiretaps.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Finding Vulnerabilities in Internet-Connected Devices","android_description":"In this introductory session we will journey into the field of internet-connected device security. Our talk aims to empower beginners by simplifying the process of hacking such devices.\r\n\r\nWe'll discuss vulnerabilities we uncovered in Poly telephones and conference speaker systems and describe how we effectively transformed a seemingly innocuous conference speaker into a fully functional wiretap. We'll begin with straightforward findings accessible to beginners and progress to more technical discoveries, so that people with no experience in the field can follow along, too.\r\n\r\nBy the end of the talk, the attendees will have a foundational understanding of how they can approach hacking such a device and will have learned how the impact of vulnerabilities can be shown and increased by chaining them.\r\n\r\nAll the vulnerabilities we discovered during our research have been responsibly disclosed to the vendor and will be published in December 2023.\n\n\nThis introductory session will outline the process of hacking internet-connected devices, with the help of a real world example: Poly telephones and conference speaker systems. We will explain vulnerabilities we identified in them and how they can be leveraged to transform the devices into wiretaps.","end_timestamp":{"seconds":1703861100,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53398],"conference_id":131,"event_ids":[53744],"name":"Pascal Zenker","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52248},{"content_ids":[53398],"conference_id":131,"event_ids":[53744],"name":"Christoph Wolff","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52360}],"timeband_id":1142,"links":[],"end":"2023-12-29T14:45:00.000-0000","id":53744,"tag_ids":[46124,46136,46140],"village_id":null,"begin_timestamp":{"seconds":1703857500,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52360},{"tag_id":46107,"sort_order":1,"person_id":52248}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T13:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Über verschiedene Epochen hinweg hat sich Social Engineering stets in der kriminellen Nutzung hervorgetan. Professionelle Hochstapler, Trickbetrüger und Agenten nutzten Social Engineering erfolgreich für kriminelle Unterfangen, Datensammlung oder einfach weil es Spaß machte. Doch Social Engineering ist eigentlich ein sehr alltägliches Phänomen. Jeder Mensch ist mindestens in seiner Kindheit ein geschickter Social Engineer. Manche machen es sich zum Beruf, sei es als Verkäufer oder Red-Teamer. Denn Social Engineering ist in seinem Kern die Kunst der Überzeugung anderer Personen.\n\n\nDie psychologische Forschung hat sich seit den 1970ern intensiv damit beschäftigt, wie andere Menschen sich überzeugen lassen und welche Methoden dafür geeignet sind. Die zentralen Modelle und Konzepte wie das ELM-Modell und verschiedene kognitive Verzerrungen (Biases) werden vorgestellt, es wird praktisch veranschaulicht, welche Rolle sie für Social Engineering spielen. Einige Mythen, die in Bezug auf Social Engineering im Umlauf sind, werden beschrieben und aufgeklärt, die ein oder anderen Fun Facts, die so vielleicht noch nicht allen bekannt sind, zur Sprache kommen. Im finalen Teil des Vortrags dreht sich alles um den größten Bereich von bösartigem Social Engineering, der heutzutage online stattfindet. Ich werde die grundlegenden Klassifizierungen von Social Engineering praktisch relevant anhand neuester Forschung erklären und Maßnahmen aufzeigen, die wirklich helfen - konträr zu dem, was einige Berater gerne verkaufen.\n\n\n\n\nIn diesem Vortrag beschreibe ich die Geschichte und den Gegenstand des Social Engineerings über den Tech-Kontext hinaus und erkläre anhand relevanter Forschung, wie, warum und bei wem es wirkt. Die modernen technischen Herausforderungen werden ebenso erläutert wie Maßnahmen, die jetzt oder in der Zukunft gegen Social Engineering getroffen werden können – individuell oder in Gruppen bzw. Organisationen. ","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Social Engineering: Geschichte, Wirkung & Maßnahmen.","end_timestamp":{"seconds":1703861100,"nanoseconds":0},"android_description":"Über verschiedene Epochen hinweg hat sich Social Engineering stets in der kriminellen Nutzung hervorgetan. Professionelle Hochstapler, Trickbetrüger und Agenten nutzten Social Engineering erfolgreich für kriminelle Unterfangen, Datensammlung oder einfach weil es Spaß machte. Doch Social Engineering ist eigentlich ein sehr alltägliches Phänomen. Jeder Mensch ist mindestens in seiner Kindheit ein geschickter Social Engineer. Manche machen es sich zum Beruf, sei es als Verkäufer oder Red-Teamer. Denn Social Engineering ist in seinem Kern die Kunst der Überzeugung anderer Personen.\n\n\nDie psychologische Forschung hat sich seit den 1970ern intensiv damit beschäftigt, wie andere Menschen sich überzeugen lassen und welche Methoden dafür geeignet sind. Die zentralen Modelle und Konzepte wie das ELM-Modell und verschiedene kognitive Verzerrungen (Biases) werden vorgestellt, es wird praktisch veranschaulicht, welche Rolle sie für Social Engineering spielen. Einige Mythen, die in Bezug auf Social Engineering im Umlauf sind, werden beschrieben und aufgeklärt, die ein oder anderen Fun Facts, die so vielleicht noch nicht allen bekannt sind, zur Sprache kommen. Im finalen Teil des Vortrags dreht sich alles um den größten Bereich von bösartigem Social Engineering, der heutzutage online stattfindet. Ich werde die grundlegenden Klassifizierungen von Social Engineering praktisch relevant anhand neuester Forschung erklären und Maßnahmen aufzeigen, die wirklich helfen - konträr zu dem, was einige Berater gerne verkaufen.\n\n\n\n\nIn diesem Vortrag beschreibe ich die Geschichte und den Gegenstand des Social Engineerings über den Tech-Kontext hinaus und erkläre anhand relevanter Forschung, wie, warum und bei wem es wirkt. Die modernen technischen Herausforderungen werden ebenso erläutert wie Maßnahmen, die jetzt oder in der Zukunft gegen Social Engineering getroffen werden können – individuell oder in Gruppen bzw. Organisationen.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53389],"conference_id":131,"event_ids":[53736],"name":"K4tana","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52459}],"timeband_id":1142,"links":[],"end":"2023-12-29T14:45:00.000-0000","id":53736,"tag_ids":[46123,46136,46139],"begin_timestamp":{"seconds":1703857500,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52459}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T13:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"It's plain to see: modern societies need to undergo radical social, political, and cultural transformations if they are to truly evolve away from capitalist and neocolonial structures founded on egregious exploitation and injustice. \r\n\r\nIn a context of widespread epistemic fragmentation and echo chambers, we urgently need to become better at harnessing the generative power of socio-technical networks to unite our forces as we compost the harmful ways of being, knowing, and doing that are at the root of our our planetary predicament. But we must do so critically, and not view technology as a miracle solution to anything.\r\n\r\nWhat could be the role of the internet, and of online communities in particular, in exploring how such deep changes might happen? And how may everyone's wisdom and skills come together in democratic and sophisticated social (un)learning systems, to figure out the way(s) forward?\r\n\r\nIn this talk, we will discuss the results of a 5-year participatory action research program which considered this topic within two different online communities of activists. This project led the researchers to tackle the idea of radical collective change as involving a decolonial approach to collaboration, knowledge, and community-building, and to consider the enabling and disabling conditions - both social and technological - that may influence whether change happens... or not.\r\n\r\nIn particular, this research highlighted the importance of enabling participants to engage on an equal footing and self-organise, while learning to \"stay with the trouble\" of confronting modern societies' fundamentally unsustainable and oppressive structures, and one's own implication in them. And it also showed some of the pitfalls that come with the use of digital communication tools, as we try to use them to create a better world. \r\n\r\nThree of the many insights I will substantiate and examine in the talk are:\r\n- that online communities have the potential to create deep changes in people when they are built in ways that foster deep relationships, criticality and conflict transformation, and emergent leadership;\r\n- that changing socio-political structures must go together with joyful, liberating practices that can help us unlearn harmful cultural patterns that get in the way; and\r\n- that perhaps we should be less interested in becoming experts, and rather find the courage and open hearts allowing us to be fearlessly and fiercely present to the world, with all its shit, its wonder, and its uncertainty.\r\n\r\nFeeling curious? Join us for a chat on how to change the world!\n\n\nLet's explore how online communities of activists can help to bring about forms of radical collective change, through decolonial practices of social (un)learning. What enabling conditions need to be put in place? And what counts as \"radical change\" in the first place?!","title":"Seeds of Change","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"It's plain to see: modern societies need to undergo radical social, political, and cultural transformations if they are to truly evolve away from capitalist and neocolonial structures founded on egregious exploitation and injustice. \r\n\r\nIn a context of widespread epistemic fragmentation and echo chambers, we urgently need to become better at harnessing the generative power of socio-technical networks to unite our forces as we compost the harmful ways of being, knowing, and doing that are at the root of our our planetary predicament. But we must do so critically, and not view technology as a miracle solution to anything.\r\n\r\nWhat could be the role of the internet, and of online communities in particular, in exploring how such deep changes might happen? And how may everyone's wisdom and skills come together in democratic and sophisticated social (un)learning systems, to figure out the way(s) forward?\r\n\r\nIn this talk, we will discuss the results of a 5-year participatory action research program which considered this topic within two different online communities of activists. This project led the researchers to tackle the idea of radical collective change as involving a decolonial approach to collaboration, knowledge, and community-building, and to consider the enabling and disabling conditions - both social and technological - that may influence whether change happens... or not.\r\n\r\nIn particular, this research highlighted the importance of enabling participants to engage on an equal footing and self-organise, while learning to \"stay with the trouble\" of confronting modern societies' fundamentally unsustainable and oppressive structures, and one's own implication in them. And it also showed some of the pitfalls that come with the use of digital communication tools, as we try to use them to create a better world. \r\n\r\nThree of the many insights I will substantiate and examine in the talk are:\r\n- that online communities have the potential to create deep changes in people when they are built in ways that foster deep relationships, criticality and conflict transformation, and emergent leadership;\r\n- that changing socio-political structures must go together with joyful, liberating practices that can help us unlearn harmful cultural patterns that get in the way; and\r\n- that perhaps we should be less interested in becoming experts, and rather find the courage and open hearts allowing us to be fearlessly and fiercely present to the world, with all its shit, its wonder, and its uncertainty.\r\n\r\nFeeling curious? Join us for a chat on how to change the world!\n\n\nLet's explore how online communities of activists can help to bring about forms of radical collective change, through decolonial practices of social (un)learning. What enabling conditions need to be put in place? And what counts as \"radical change\" in the first place?!","end_timestamp":{"seconds":1703859900,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53095],"conference_id":131,"event_ids":[53515],"name":"Dorian Cavé","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52254}],"timeband_id":1142,"end":"2023-12-29T14:25:00.000-0000","links":[{"label":"Official website","type":"link","url":"https://www.madocollective.org/connecting"}],"id":53515,"village_id":null,"tag_ids":[46125,46136,46140],"begin_timestamp":{"seconds":1703857500,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52254}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"begin":"2023-12-29T13:45:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In the world of code, errors are fixable, but what about in human interactions? Our Social Rejection Games workshop is your chance to update your social firmware. We’ll tackle the outdated, tribal fear of rejection that hinders potential in our modern, liberal social systems. \r\n\r\nFrom making calls to asking for a favor or that coveted phone number, we'll follow a hands-on protocol to challenge and reprogram your social instincts.\r\n\r\n[Disclaimer: I scheduled the event with a duration of '30 min' due to not reserve Stage Y for more time than needed as we'll go outside. The event will take ~90 min]\r\n\r\nPlease bring your jacket, we'll go outside\n\n\n","title":"Social Rejection Games II [90 min duration, 30 min of it at Stage of Y]","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"In the world of code, errors are fixable, but what about in human interactions? Our Social Rejection Games workshop is your chance to update your social firmware. We’ll tackle the outdated, tribal fear of rejection that hinders potential in our modern, liberal social systems. \r\n\r\nFrom making calls to asking for a favor or that coveted phone number, we'll follow a hands-on protocol to challenge and reprogram your social instincts.\r\n\r\n[Disclaimer: I scheduled the event with a duration of '30 min' due to not reserve Stage Y for more time than needed as we'll go outside. The event will take ~90 min]\r\n\r\nPlease bring your jacket, we'll go outside","end_timestamp":{"seconds":1703858400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T14:00:00.000-0000","id":53947,"begin_timestamp":{"seconds":1703856600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T13:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir reden über die Zukunft der independent Community, des Sendegates, der Subscribe usw.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Sendegate, Subscribe & Co. Quo vadis","end_timestamp":{"seconds":1703862000,"nanoseconds":0},"android_description":"Wir reden über die Zukunft der independent Community, des Sendegates, der Subscribe usw.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T15:00:00.000-0000","id":53559,"begin_timestamp":{"seconds":1703856600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Assembly","hotel":"","short_name":"Sendezentrum Assembly","id":46139},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T13:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This is the workshop part to our introduction to smartphone malware forensics talk. Please bring a Laptop with a docker installation, you will be provided a docker container at the start of the Workshop.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Introduction to smartphone malware forensics: Practical Part","end_timestamp":{"seconds":1703859300,"nanoseconds":0},"android_description":"This is the workshop part to our introduction to smartphone malware forensics talk. Please bring a Laptop with a docker installation, you will be provided a docker container at the start of the Workshop.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T14:15:00.000-0000","id":53424,"tag_ids":[46137,46141],"village_id":null,"begin_timestamp":{"seconds":1703855700,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","begin":"2023-12-29T13:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In a nutshell, can we use enclave stacks such as Intel IAS/SGX to create integrity guarantees for off-chain computing, thus for smart contracts?\r\n\r\nSo called \"trusted enclave\" hardware models (such as TPM) are often used for defending outside interests against end-user freedoms (such as DRM).\r\n\r\nI'd like to invite an exploration into using such systems (such as Intel Attestation Service and SGX hardware) with blockchains for off-chain compute instead, redirecting the cryptographic trust chains they employ towards a publicly-autitable use cases.\r\n\r\nI have a rather naive starting point: a pattern for deploying signed docker containers that run in enclaves, and use their hardware attestations to register on-chain as trusted for providing data to associated smart contracts.\r\n\r\nI'd like to invite constructive criticism, to help assess viability and/or improve the model.\r\n\r\nThis is part of a larger exploration of creating a general-purpose SaaS host for Free Software authors to gain (guaranteed) income from their work: described at supershadowy.org\n\n\nA group discussion considering if we can use trusted enclaves like Intel SGX for ensuring the integrity of off-chain computations. This would be particularly useful for non-deterministic processes like machine learning models, and for hyperstructure-funded server deployments that require a public trust chain to ensure integrity.","title":"Using enclaves for trustable off-chain compute","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703857500,"nanoseconds":0},"android_description":"In a nutshell, can we use enclave stacks such as Intel IAS/SGX to create integrity guarantees for off-chain computing, thus for smart contracts?\r\n\r\nSo called \"trusted enclave\" hardware models (such as TPM) are often used for defending outside interests against end-user freedoms (such as DRM).\r\n\r\nI'd like to invite an exploration into using such systems (such as Intel Attestation Service and SGX hardware) with blockchains for off-chain compute instead, redirecting the cryptographic trust chains they employ towards a publicly-autitable use cases.\r\n\r\nI have a rather naive starting point: a pattern for deploying signed docker containers that run in enclaves, and use their hardware attestations to register on-chain as trusted for providing data to associated smart contracts.\r\n\r\nI'd like to invite constructive criticism, to help assess viability and/or improve the model.\r\n\r\nThis is part of a larger exploration of creating a general-purpose SaaS host for Free Software authors to gain (guaranteed) income from their work: described at supershadowy.org\n\n\nA group discussion considering if we can use trusted enclaves like Intel SGX for ensuring the integrity of off-chain computations. This would be particularly useful for non-deterministic processes like machine learning models, and for hyperstructure-funded server deployments that require a public trust chain to ensure integrity.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T13:45:00.000-0000","id":53976,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703854800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"spans_timebands":"N","begin":"2023-12-29T13:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"RVDS aka Richard von der Schulenburg is a luminary out in Hamburg, who produces and DJs as RVDS and as his Italian cousin Riccardi Schola. Whoever had the chance to listen to his sets at the legendary Golden Pudel Club knows where his magical charming sound comes from. With his releases for own label “It’s\", and a releases and remixes on a bunch of other imprints such as VIS, Bordello A Parigi or Acid Test, he already created a tiny fanhood of moonaddicts and dreamers all around the globe.\n\n\n","title":"RVDS","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703863800,"nanoseconds":0},"android_description":"RVDS aka Richard von der Schulenburg is a luminary out in Hamburg, who produces and DJs as RVDS and as his Italian cousin Riccardi Schola. Whoever had the chance to listen to his sets at the legendary Golden Pudel Club knows where his magical charming sound comes from. With his releases for own label “It’s\", and a releases and remixes on a bunch of other imprints such as VIS, Bordello A Parigi or Acid Test, he already created a tiny fanhood of moonaddicts and dreamers all around the globe.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T15:30:00.000-0000","id":53962,"tag_ids":[46137,46141],"village_id":null,"begin_timestamp":{"seconds":1703854800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This workshop is about interactive and algorithmic light and sound design, depending on the code and the movements and positions of the people in the room. The input data is a LiDAR laser 2D tracking system and self-built motion suites. As output we use the show technology of the lounge, i.e. moving heads and other lamps and the music system. The input data is provided via OSC, the output data is sent via ArtNet to the lighting console and analog to the sound console. We mainly work with Touchdesigner, but any other programming environment that can speak OSC and ArtNet or generate sounds is welcome. At the beginning there will be a short introduction to the technology so that you can then work independently on projects. The workshop takes place daily. The tracking system works with the \"Pharus\" software from the Ars Electronica Future Lab and the motion suites were created as part of a fellowship at the Academy for Theater and Digitality. \r\n\r\nProject link: https://www.artesmobiles.art/_mergingentities\r\n\r\nInterface readme for the workshop: https://events.ccc.de/congress/2023/hub/en/project/hackin-the-disco/\n\n\nThis workshop is about interactive and algorithmic light and sound design, depending on the code and the movements and positions of the people in the room.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Hackin the Disco Day 3","android_description":"This workshop is about interactive and algorithmic light and sound design, depending on the code and the movements and positions of the people in the room. The input data is a LiDAR laser 2D tracking system and self-built motion suites. As output we use the show technology of the lounge, i.e. moving heads and other lamps and the music system. The input data is provided via OSC, the output data is sent via ArtNet to the lighting console and analog to the sound console. We mainly work with Touchdesigner, but any other programming environment that can speak OSC and ArtNet or generate sounds is welcome. At the beginning there will be a short introduction to the technology so that you can then work independently on projects. The workshop takes place daily. The tracking system works with the \"Pharus\" software from the Ars Electronica Future Lab and the motion suites were created as part of a fellowship at the Academy for Theater and Digitality. \r\n\r\nProject link: https://www.artesmobiles.art/_mergingentities\r\n\r\nInterface readme for the workshop: https://events.ccc.de/congress/2023/hub/en/project/hackin-the-disco/\n\n\nThis workshop is about interactive and algorithmic light and sound design, depending on the code and the movements and positions of the people in the room.","end_timestamp":{"seconds":1703865600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T16:00:00.000-0000","id":53956,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703854800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We are working on an open source software to gather and stay alert about registered assemblies / demonstrations.\r\nWe want to use this session to give an intro / update about our project, but mostly discuss our plans and challenges with you. \r\n\r\nhttps://demonstrations.org/events\r\n\r\nDECT: 5146\r\nSlides: https://demos-berlin-ev.gitlab.io/presentations/37c3\n\n\n","title":"demonstrations.org - Liberate Data and Activate People","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"We are working on an open source software to gather and stay alert about registered assemblies / demonstrations.\r\nWe want to use this session to give an intro / update about our project, but mostly discuss our plans and challenges with you. \r\n\r\nhttps://demonstrations.org/events\r\n\r\nDECT: 5146\r\nSlides: https://demos-berlin-ev.gitlab.io/presentations/37c3","end_timestamp":{"seconds":1703856600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T13:30:00.000-0000","id":53944,"begin_timestamp":{"seconds":1703854800,"nanoseconds":0},"tag_ids":[46137,46139,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Du möchtest in einer Welt kreativ werden, gemeinsam etwas bauen und die Möglichkeiten der Erweiterung von Minetest durch Mods ausprobieren? Dann bist du hier genau richtig. Komm einfach mit eigenem Gerät vorbei, wir helfen bei der Installation.\n\n\nHier kann man lernen, wie man Minetest spielt.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Minetest - Tag 3","android_description":"Du möchtest in einer Welt kreativ werden, gemeinsam etwas bauen und die Möglichkeiten der Erweiterung von Minetest durch Mods ausprobieren? Dann bist du hier genau richtig. Komm einfach mit eigenem Gerät vorbei, wir helfen bei der Installation.\n\n\nHier kann man lernen, wie man Minetest spielt.","end_timestamp":{"seconds":1703858400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T14:00:00.000-0000","id":53872,"village_id":null,"begin_timestamp":{"seconds":1703854800,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal B - Hackcenter","hotel":"","short_name":"Saal B - Hackcenter","id":46157},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://events.ccc.de/congress/2023/hub/en/event/developing-the-next-generation-open-source-ev_9lwv/\n\n\nThe new version of the open source event system eventyay is currently being developed and we will release the first version in February. In this discussion, the maintainers will share about the development plan for the next 12 months , focusing on enhancement features and AI capabilities.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Intro to Open Event Management and Tech Exchange (Marco A. Gutierrez, Mario Behling)","android_description":"https://events.ccc.de/congress/2023/hub/en/event/developing-the-next-generation-open-source-ev_9lwv/\n\n\nThe new version of the open source event system eventyay is currently being developed and we will release the first version in February. In this discussion, the maintainers will share about the development plan for the next 12 months , focusing on enhancement features and AI capabilities.","end_timestamp":{"seconds":1703858400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T14:00:00.000-0000","id":53812,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703854800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"> The workshop will be held in German. However, we are also able to communicate in English and are happy to help you in this language.\r\n\r\n### Contents\r\n1. **Basics:** Introduction to controls and game mechanics.\r\n2. **Creative mode:** Unlimited building and creative design.\r\n3. **Survival mode:** Basic skills for resource management and survival.\r\n4. **Collaborative projects:** Teamwork on building projects\r\n\r\n### Participation requirements:\r\n\r\n- **Target group:** Beginners in Minecraft\r\n- **Age:** Children from 6+ years, as well as interested parents and grown-ups\r\n- **Technical requirements:** \r\n\t- **No license required**, we provide user accounts\r\n\t- Own internet-enabled device + charger\r\n\t- Pre-installed Minecraft Education App [download from the manufacturer's website](https://education.minecraft.net/de-de/get-started/download)\r\n\r\n### Registration\r\n- Please register with **Ghenny** in **Kidspace** or via **DECT-2636** \r\n- You will then receive a participation pass\r\n- Max seats: 8\r\n\r\n### Workshop full?\r\nNo problem! If the interest in this workshop is greater than the available places, we will repeat the workshop. So let us know if you are interested in our workshop and watch out for announcements in the Kidspace.\r\n\r\n#### **Wondering?**\r\nAre you curious about Minecraft? Wondering if Minecraft is a suitable game for your child? Do you have questions about safety, game mechanics and the educational aspects of the game? Feel free to contact us! We look forward to the exchange.\n\n\n### Eine pädagogische Einführung in das beliebte Computerspiel mit Minecraft Education.\r\n\r\nWolltest du schon immer einmal wissen, was es mit Minecraft auf sich hat und würdest gerne herausfinden, ob du dich in dieser digitalen Sandkiste wohlfühlst? \r\nUnser 2-stündiger Workshop bietet AnfängerInnen jeden Alters das passende Umfeld, um das beliebte Spiel in Ruhe kennenzulernen.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Unlock Minecraft: Beginner Workshop – Tag 3","end_timestamp":{"seconds":1703862000,"nanoseconds":0},"android_description":"> The workshop will be held in German. However, we are also able to communicate in English and are happy to help you in this language.\r\n\r\n### Contents\r\n1. **Basics:** Introduction to controls and game mechanics.\r\n2. **Creative mode:** Unlimited building and creative design.\r\n3. **Survival mode:** Basic skills for resource management and survival.\r\n4. **Collaborative projects:** Teamwork on building projects\r\n\r\n### Participation requirements:\r\n\r\n- **Target group:** Beginners in Minecraft\r\n- **Age:** Children from 6+ years, as well as interested parents and grown-ups\r\n- **Technical requirements:** \r\n\t- **No license required**, we provide user accounts\r\n\t- Own internet-enabled device + charger\r\n\t- Pre-installed Minecraft Education App [download from the manufacturer's website](https://education.minecraft.net/de-de/get-started/download)\r\n\r\n### Registration\r\n- Please register with **Ghenny** in **Kidspace** or via **DECT-2636** \r\n- You will then receive a participation pass\r\n- Max seats: 8\r\n\r\n### Workshop full?\r\nNo problem! If the interest in this workshop is greater than the available places, we will repeat the workshop. So let us know if you are interested in our workshop and watch out for announcements in the Kidspace.\r\n\r\n#### **Wondering?**\r\nAre you curious about Minecraft? Wondering if Minecraft is a suitable game for your child? Do you have questions about safety, game mechanics and the educational aspects of the game? Feel free to contact us! We look forward to the exchange.\n\n\n### Eine pädagogische Einführung in das beliebte Computerspiel mit Minecraft Education.\r\n\r\nWolltest du schon immer einmal wissen, was es mit Minecraft auf sich hat und würdest gerne herausfinden, ob du dich in dieser digitalen Sandkiste wohlfühlst? \r\nUnser 2-stündiger Workshop bietet AnfängerInnen jeden Alters das passende Umfeld, um das beliebte Spiel in Ruhe kennenzulernen.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T15:00:00.000-0000","id":53801,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703854800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Kidspace - Workshopraum in Saal B","hotel":"","short_name":"Kidspace - Workshopraum in Saal B","id":46143},"spans_timebands":"N","begin":"2023-12-29T13:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We meet directly in front of the main entrance. If you come late and miss us, call at +4917695110311 (via old-fashioned phone, not Signal or Telegram).\r\n\r\nIn case there is a lot of interest, we can extend the workshop for longer than the scheduled 50 minutes :-)\r\n\r\n🧮\n\n\nIf you are not editor-in-chief of an important newspaper, you need to use other methods to advance public debate. In this workshop, you can learn how to climb up trees and street lamps to put up banners or to build tree houses. Absolutely no prior knowledge required. We bring the required climbing gear.","title":"Beginner's workshop for activist climbing (Basisworkshop aktivistisches Klettern)","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"We meet directly in front of the main entrance. If you come late and miss us, call at +4917695110311 (via old-fashioned phone, not Signal or Telegram).\r\n\r\nIn case there is a lot of interest, we can extend the workshop for longer than the scheduled 50 minutes :-)\r\n\r\n🧮\n\n\nIf you are not editor-in-chief of an important newspaper, you need to use other methods to advance public debate. In this workshop, you can learn how to climb up trees and street lamps to put up banners or to build tree houses. Absolutely no prior knowledge required. We bring the required climbing gear.","end_timestamp":{"seconds":1703857800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T13:50:00.000-0000","id":53798,"begin_timestamp":{"seconds":1703854800,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: Eileen Leistner\r\n\r\nAs a donor-funded organization we particularly appreciate people who support us with regular or one-time donations and in doing so sustain our work. We know from experience that some of them will be at the CCC Congress and we would like to take the opportunity to get to know and strengthen our community.\r\n\r\nThat’s why we would like to do an informal networking meeting for all people who already support our organization “Gesellschaft für Freiheitsrechte” or are interested in our work.\r\n\r\nWe will start with a greeting and a short input about our recent successes to celebrate our achievements for civil rights. After that we want to save plenty of time for personal and informal discussions with each other and networking.\n\n\nAs a donor-funded organization we particularly appreciate people who support us with regular or one-time donations and in doing so sustain our work.","title":"Gesellschaft für Freiheitsrechte: Friends & Donor Meet up","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703858400,"nanoseconds":0},"android_description":"Host: Eileen Leistner\r\n\r\nAs a donor-funded organization we particularly appreciate people who support us with regular or one-time donations and in doing so sustain our work. We know from experience that some of them will be at the CCC Congress and we would like to take the opportunity to get to know and strengthen our community.\r\n\r\nThat’s why we would like to do an informal networking meeting for all people who already support our organization “Gesellschaft für Freiheitsrechte” or are interested in our work.\r\n\r\nWe will start with a greeting and a short input about our recent successes to celebrate our achievements for civil rights. After that we want to save plenty of time for personal and informal discussions with each other and networking.\n\n\nAs a donor-funded organization we particularly appreciate people who support us with regular or one-time donations and in doing so sustain our work.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T14:00:00.000-0000","id":53785,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703854800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","begin":"2023-12-29T13:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Das Treffen der Regiovertreter*innen. Nach vier Jahren Pause zurück auf dem Congress :)\n\n\n","title":"Regiotreffen","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703862000,"nanoseconds":0},"android_description":"Das Treffen der Regiovertreter*innen. Nach vier Jahren Pause zurück auf dem Congress :)","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T15:00:00.000-0000","id":53558,"village_id":null,"begin_timestamp":{"seconds":1703854800,"nanoseconds":0},"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir wollen uns in diesem Workshop zusammensetzen, zum Thema Brainstormen und überlegen wen wir darstellen wollen, wie die Person die Philosophiegeschichte beeinflusst hat und wie wir das Projekt am Besten umsetzen. All Creatures Welcome.\r\n\r\nBringt gerne ein internetfähiges Gerät für Recherche mit.\n\n\nVielleicht kennst du schon die Haecksen-Memorials: https://www.haecksen.org/memorials/ Das sind anfassbare, toll aufbereitete Kunstwerke in Form von Tafeln und Elektrobasteleien, die die Arbeiten von wichtigen FINTA Personen aus der Technikgeschichte darstellen und näher bringen. Hieran wollen wir anknüpfen und Memorials von FINTA Personen beisteuern, die tolles in der Philosophiegeschichte geleistet haben. Denn genauso wie in der Technikgeschichte werden in der Philosophiegeschichte nicht cis männliche Menschen gerne rausgeschrieben, d.h. es wird nicht erwähnt, dass es sie gibt oder ihre Werke werden Männern zugewiesen. Mit unserem Memorials Projekt wollen wir genau darauf aufmerksam machen.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#7f73c6","name":"Workshop","id":46133},"title":"Philhaecksen Memorials","end_timestamp":{"seconds":1703859900,"nanoseconds":0},"android_description":"Wir wollen uns in diesem Workshop zusammensetzen, zum Thema Brainstormen und überlegen wen wir darstellen wollen, wie die Person die Philosophiegeschichte beeinflusst hat und wie wir das Projekt am Besten umsetzen. All Creatures Welcome.\r\n\r\nBringt gerne ein internetfähiges Gerät für Recherche mit.\n\n\nVielleicht kennst du schon die Haecksen-Memorials: https://www.haecksen.org/memorials/ Das sind anfassbare, toll aufbereitete Kunstwerke in Form von Tafeln und Elektrobasteleien, die die Arbeiten von wichtigen FINTA Personen aus der Technikgeschichte darstellen und näher bringen. Hieran wollen wir anknüpfen und Memorials von FINTA Personen beisteuern, die tolles in der Philosophiegeschichte geleistet haben. Denn genauso wie in der Technikgeschichte werden in der Philosophiegeschichte nicht cis männliche Menschen gerne rausgeschrieben, d.h. es wird nicht erwähnt, dass es sie gibt oder ihre Werke werden Männern zugewiesen. Mit unserem Memorials Projekt wollen wir genau darauf aufmerksam machen.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[{"content_ids":[53164,53471],"conference_id":131,"event_ids":[53497,53806],"name":"Smettbo","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52359}],"timeband_id":1142,"links":[],"end":"2023-12-29T14:25:00.000-0000","id":53806,"village_id":null,"begin_timestamp":{"seconds":1703854500,"nanoseconds":0},"tag_ids":[46133,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52359}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"spans_timebands":"N","begin":"2023-12-29T12:55:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Declared dead numerous times, the hype around deep learning is bigger than ever. With Large Language Models and Diffusion Models becoming a commodity, we ask the question of how bad their energy consumption *really* is, what we can do about it, and how it is possible to run cutting-edge language models on off-the-shelf GPUs.\r\n\r\nWe will look at the various ways that people have come up with to rein in the hunger for resources of deep learning models, and why we still struggle to keep up with the demands of modern neural network model architectures. From low-bitwidth integer representation, through pruning of redundant connections and using a large network to teach a small one, all the way to quickly adapting existing models using low-rank adaptation.\r\n\r\nThis talk aims to give the audience an estimation of the amount of energy modern machine learning models consume to allow for more informed decisions around their usage and regulations. In the second part, we discuss the most common techniques used for running modern architectures on commodity hardware, outside of data centers. Hopefully, deeper insights into these methods will help improve experimentation with and access to deep learning models.\n\n\nThis talk will give a brief introduction of deep learning models and the energy they consume for training and inference. We then discuss what methods currently exist for handling their complexity, and how neural network parameter counts could grow by orders of magnitude, despite the end of Moore's law.","title":"What is this? A machine learning model for ants?","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703856600,"nanoseconds":0},"android_description":"Declared dead numerous times, the hype around deep learning is bigger than ever. With Large Language Models and Diffusion Models becoming a commodity, we ask the question of how bad their energy consumption *really* is, what we can do about it, and how it is possible to run cutting-edge language models on off-the-shelf GPUs.\r\n\r\nWe will look at the various ways that people have come up with to rein in the hunger for resources of deep learning models, and why we still struggle to keep up with the demands of modern neural network model architectures. From low-bitwidth integer representation, through pruning of redundant connections and using a large network to teach a small one, all the way to quickly adapting existing models using low-rank adaptation.\r\n\r\nThis talk aims to give the audience an estimation of the amount of energy modern machine learning models consume to allow for more informed decisions around their usage and regulations. In the second part, we discuss the most common techniques used for running modern architectures on commodity hardware, outside of data centers. Hopefully, deeper insights into these methods will help improve experimentation with and access to deep learning models.\n\n\nThis talk will give a brief introduction of deep learning models and the energy they consume for training and inference. We then discuss what methods currently exist for handling their complexity, and how neural network parameter counts could grow by orders of magnitude, despite the end of Moore's law.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53388],"conference_id":131,"event_ids":[53735],"name":"etrommer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52471}],"timeband_id":1142,"links":[],"end":"2023-12-29T13:30:00.000-0000","id":53735,"village_id":null,"begin_timestamp":{"seconds":1703854200,"nanoseconds":0},"tag_ids":[46125,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52471}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-29T12:50:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"UPDATE:\r\nKontakt über 0x31c3 (()) posteo.de (Michael)\r\nDanke für die Teilnahme!\r\nInput aus dem Publikum: kollektivliste.org, SI Labs Berlin, TCI Partners\r\n\r\nEs gab auf dem 35C3 eine Session zu diesem Thema. Die hatte ich leider verpasst und auch nachträglich nur wenige Infos dazu bekommen können.\r\n\r\nHiermit nun nochmal eine Session mit dem Versuch Interessentierte zusammenzubringen zwecks Brainstorming und Networking. Es gibt zum Thema schon Ansatzpunkte und Beispiele, in Form von z.B. Kollektiven, Genossenschaften oder flachen \"Netzwerkorganisationen\".\r\n\r\nAlte Beschreibung:\r\nhttps://events.ccc.de/congress/2018/wiki/index.php/Session:IT-Security-Unternehmen_ohne_Chefs\r\n\r\nWer dazu Infos, Hinweise oder Beispiele nennen kann, gerne vorbeischauen. Raum ist nun reserviert. Wer Interesse aber keine Zeit hat für den Termin gerne trotzdem kontaktieren.\n\n\n","title":"IT-Security-Unternehmen ohne Chefs","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"UPDATE:\r\nKontakt über 0x31c3 (()) posteo.de (Michael)\r\nDanke für die Teilnahme!\r\nInput aus dem Publikum: kollektivliste.org, SI Labs Berlin, TCI Partners\r\n\r\nEs gab auf dem 35C3 eine Session zu diesem Thema. Die hatte ich leider verpasst und auch nachträglich nur wenige Infos dazu bekommen können.\r\n\r\nHiermit nun nochmal eine Session mit dem Versuch Interessentierte zusammenzubringen zwecks Brainstorming und Networking. Es gibt zum Thema schon Ansatzpunkte und Beispiele, in Form von z.B. Kollektiven, Genossenschaften oder flachen \"Netzwerkorganisationen\".\r\n\r\nAlte Beschreibung:\r\nhttps://events.ccc.de/congress/2018/wiki/index.php/Session:IT-Security-Unternehmen_ohne_Chefs\r\n\r\nWer dazu Infos, Hinweise oder Beispiele nennen kann, gerne vorbeischauen. Raum ist nun reserviert. Wer Interesse aber keine Zeit hat für den Termin gerne trotzdem kontaktieren.","end_timestamp":{"seconds":1703855700,"nanoseconds":0},"updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T13:15:00.000-0000","id":53949,"begin_timestamp":{"seconds":1703853000,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"updated":"2023-12-29T15:25:00.000-0000","begin":"2023-12-29T12:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The Advanced Access Content System (AACS) is a DRM scheme used to safeguard audio and visual content, particularly in high-definition formats like HD-DVD and Blu-ray. First introduced in 2005 following the failure of the Content Scramble System (CSS) used in DVDs, AACS was designed to be not only secure against regular piracy, but included multiple features intended to restrict the impact of a potential leak of cryptographic material such as revocation lists and traitor-tracing. The concepts and algorithms of AACS were described in a publicly-released whitepaper, relying on strong cryptography and secrecy of keys to maintain security. Unsurprisingly, less than a year after publication, the first unlicensed decryption tool was demonstrated using keys reverse-engineered from a software player binary. While AACS-LA was quick to revoke those keys, a cat-and-mouse game emerged with new keys being regularly extracted from sources such as software updates and PS3 firmware.\r\n\r\nWith AACS effectively broken and easily bypassed as described in Eckersley’s 24c3 presentation, AACS-LA would announce the introduction of AACSv2 for the next generation 4K UHD Blu-ray discs. This time, however, AACS-LA would not release the specifications of the DRM publicly, requiring strict NDAs for implementers and increased software/hardware security measures. Most notably, playback of legitimately purchased UHD-BDs on PC requires Cyberlink PowerDVD software running on Windows 10 and an SGX-capable 7th-10th generation Intel CPU. Since the DRM would run exclusively in the SGX secure enclave, no further information about its inner workings or vulnerabilities would be discovered publicly, until now.\r\n\r\nIn this presentation, we explore the security system of AACSv2 DRM and the Intel SGX trusted execution environment. We first analyze the principles of SGX and its promises of an isolated environment, protected from all software running on the machine. We also investigate the use of SGX local and remote attestation primitives intended to verify the integrity and confidentiality of AACSv2 key material and DRM code, and why it has resisted outside analysis for so many years. We then discover how hardware side-channel attacks can be used to undermine these guarantees of SGX, and craft an effective exploit to extract cryptographic material from the enclave and defeat the DRM code obfuscation.\r\n\r\nFollowing that, we present the first public description of the inner workings of AACSv2, the key derivation process, and the updated revocation and traitor-tracing mechanisms. We studied BIOS updates from six motherboard vendors to show how SGX can be broken both easily and cheaply, and that vendors are now faced with a decision of security vs. usability in trusting unpatched machines. Finally, we conclude with the first demonstration of a UHD Blu-ray disc being decrypted and played back on a non-official platform.\n\n\nFollowing the failure and easy exploitation of the AACSv1 DRM on HD-DVD and Blu-ray, AACS-LA went back to the drawing board and announced the next generation AACSv2 DRM scheme, launching alongside 4K UHD Blu-ray in 2015. Since then, nearly no information has come out publicly about any vulnerabilities or even the algorithms themselves, owing in large part to software players requiring the use of Intel SGX secure enclave technology, which promises integrity and confidentiality of AACSv2 code and data through local and remote attestation mechanisms. Join us as we explore the broken history of AACS, describe practical side-channel attacks against SGX, and present the first look into the inner workings of AACSv2 DRM, culminating in a demonstration of the first full compromise of AACSv2 and unofficial playback of a UHD-BD disc.","title":"Full AACSess: Exposing and exploiting AACSv2 UHD DRM for your viewing pleasure","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"The Advanced Access Content System (AACS) is a DRM scheme used to safeguard audio and visual content, particularly in high-definition formats like HD-DVD and Blu-ray. First introduced in 2005 following the failure of the Content Scramble System (CSS) used in DVDs, AACS was designed to be not only secure against regular piracy, but included multiple features intended to restrict the impact of a potential leak of cryptographic material such as revocation lists and traitor-tracing. The concepts and algorithms of AACS were described in a publicly-released whitepaper, relying on strong cryptography and secrecy of keys to maintain security. Unsurprisingly, less than a year after publication, the first unlicensed decryption tool was demonstrated using keys reverse-engineered from a software player binary. While AACS-LA was quick to revoke those keys, a cat-and-mouse game emerged with new keys being regularly extracted from sources such as software updates and PS3 firmware.\r\n\r\nWith AACS effectively broken and easily bypassed as described in Eckersley’s 24c3 presentation, AACS-LA would announce the introduction of AACSv2 for the next generation 4K UHD Blu-ray discs. This time, however, AACS-LA would not release the specifications of the DRM publicly, requiring strict NDAs for implementers and increased software/hardware security measures. Most notably, playback of legitimately purchased UHD-BDs on PC requires Cyberlink PowerDVD software running on Windows 10 and an SGX-capable 7th-10th generation Intel CPU. Since the DRM would run exclusively in the SGX secure enclave, no further information about its inner workings or vulnerabilities would be discovered publicly, until now.\r\n\r\nIn this presentation, we explore the security system of AACSv2 DRM and the Intel SGX trusted execution environment. We first analyze the principles of SGX and its promises of an isolated environment, protected from all software running on the machine. We also investigate the use of SGX local and remote attestation primitives intended to verify the integrity and confidentiality of AACSv2 key material and DRM code, and why it has resisted outside analysis for so many years. We then discover how hardware side-channel attacks can be used to undermine these guarantees of SGX, and craft an effective exploit to extract cryptographic material from the enclave and defeat the DRM code obfuscation.\r\n\r\nFollowing that, we present the first public description of the inner workings of AACSv2, the key derivation process, and the updated revocation and traitor-tracing mechanisms. We studied BIOS updates from six motherboard vendors to show how SGX can be broken both easily and cheaply, and that vendors are now faced with a decision of security vs. usability in trusting unpatched machines. Finally, we conclude with the first demonstration of a UHD Blu-ray disc being decrypted and played back on a non-official platform.\n\n\nFollowing the failure and easy exploitation of the AACSv1 DRM on HD-DVD and Blu-ray, AACS-LA went back to the drawing board and announced the next generation AACSv2 DRM scheme, launching alongside 4K UHD Blu-ray in 2015. Since then, nearly no information has come out publicly about any vulnerabilities or even the algorithms themselves, owing in large part to software players requiring the use of Intel SGX secure enclave technology, which promises integrity and confidentiality of AACSv2 code and data through local and remote attestation mechanisms. Join us as we explore the broken history of AACS, describe practical side-channel attacks against SGX, and present the first look into the inner workings of AACSv2 DRM, culminating in a demonstration of the first full compromise of AACSv2 and unofficial playback of a UHD-BD disc.","end_timestamp":{"seconds":1703856600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53400],"conference_id":131,"event_ids":[53745],"name":"Adam Batori","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52461}],"timeband_id":1142,"end":"2023-12-29T13:30:00.000-0000","links":[{"label":"sgx.fail","type":"link","url":"https://sgx.fail"}],"id":53745,"village_id":null,"tag_ids":[46124,46136,46140],"begin_timestamp":{"seconds":1703853000,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52461}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T12:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In der Hackerethik steht: „Computer können dein Leben zum Besseren verändern.\" Aber viel zu oft werden sie für das Gegenteil genutzt. Vor allem im Bereich der digitalisierten Migrationskontrolle.\r\n\r\nMit dabei: das Ausländerzentralregister, eines der größten automatisierten Register der öffentlichen Verwaltung; die Idee für digitale Bezahlkarten, die mehr Freiheitsbeschränkung sind als Zahlungsmittel; die üblichen Verdächtigen unter den BAMF-IT-Assistenzsystemen; Vorhersage-Systeme für Migrationsbewegungen; die digitale Festung Europa. Und ganz neu: das Schneller-Abschieben- und das Datenübermittlungsvorschriftenanpassungsgesetz.\r\n\r\nDie aktuelle Bundesregierung macht munter dabei mit, ihre digitalen Kontrollhelfer weiter auszuweiten. Und fast niemand schaut hin.\n\n\nDigitale Bezahlkarten, Migrationsvorhersage mit sogenannter KI, digitalisierte Grenzen zur Festung Europa und immer mehr davon. Ein Überblick, wie Digitalisierung jenseits des öffentlichen Aufschreis genutzt wird, um den Pull-Faktor Menschlichkeit zu drücken.","title":"Gläserne Geflüchtete","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"android_description":"In der Hackerethik steht: „Computer können dein Leben zum Besseren verändern.\" Aber viel zu oft werden sie für das Gegenteil genutzt. Vor allem im Bereich der digitalisierten Migrationskontrolle.\r\n\r\nMit dabei: das Ausländerzentralregister, eines der größten automatisierten Register der öffentlichen Verwaltung; die Idee für digitale Bezahlkarten, die mehr Freiheitsbeschränkung sind als Zahlungsmittel; die üblichen Verdächtigen unter den BAMF-IT-Assistenzsystemen; Vorhersage-Systeme für Migrationsbewegungen; die digitale Festung Europa. Und ganz neu: das Schneller-Abschieben- und das Datenübermittlungsvorschriftenanpassungsgesetz.\r\n\r\nDie aktuelle Bundesregierung macht munter dabei mit, ihre digitalen Kontrollhelfer weiter auszuweiten. Und fast niemand schaut hin.\n\n\nDigitale Bezahlkarten, Migrationsvorhersage mit sogenannter KI, digitalisierte Grenzen zur Festung Europa und immer mehr davon. Ein Überblick, wie Digitalisierung jenseits des öffentlichen Aufschreis genutzt wird, um den Pull-Faktor Menschlichkeit zu drücken.","end_timestamp":{"seconds":1703856600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53287,53390,53397],"conference_id":131,"event_ids":[53737,53743,53652],"name":"Anna Biselli","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52420}],"timeband_id":1142,"links":[],"end":"2023-12-29T13:30:00.000-0000","id":53743,"tag_ids":[46121,46136,46139],"begin_timestamp":{"seconds":1703853000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52420}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"begin":"2023-12-29T12:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"**Wir treffen uns beim Aufzug ganz in der Nähe von Stage Y (nicht Saal F!).**\r\n\r\nDie „Letzte Generation“ ist in aller Munde. Ihre Aktionen polarisieren – und viele derer, die Macht oder Kapital in ihren Händen halten, schimpfen auf die Aktivist*innen. Neben strafrechtlichen Drohungen fordern sie, zu zurückhaltenderen Aktionsformen zurückzukehren.\r\n\r\nDoch: Braucht politischer Protest nicht die direkte Aktion, ein provokantes, aufmerksamkeitserzeugendes Eingreifen in die gesellschaftlichen Abläufe? Was wären die Atomproteste ohne Schienenblockaden und Bauplatzbesetzungen? Was der Widerstand gegen die Agrogentechnik ohne Feldbefreiungen und -besetzungen? Wo ständen wir in der Kohleausstiegsdebatte, wenn es die Besetzung des Hambacher Forstes und die Baggerbesetzungen nicht gegeben hätte?\r\n\r\n\"Direkte Aktion ist nicht alles, aber ohne kreative, provokante Protestformen ist alles nichts!\", so ein Motto. In dem Workshop werden wir an Fallbeispielen zeigen, welche Bedeutung provokante Aktionen in der Vergangenheit hatten – und warum sie auch in Zukunft nötig sein werden.\r\n\r\n[Weitere Sessions unserer Gruppe](https://chaos.quasicoherent.io/)\r\n\r\n🧮\n\n\n","title":"Provokante Aktionen und ihre Bedeutung für politischen Protest","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703854800,"nanoseconds":0},"android_description":"**Wir treffen uns beim Aufzug ganz in der Nähe von Stage Y (nicht Saal F!).**\r\n\r\nDie „Letzte Generation“ ist in aller Munde. Ihre Aktionen polarisieren – und viele derer, die Macht oder Kapital in ihren Händen halten, schimpfen auf die Aktivist*innen. Neben strafrechtlichen Drohungen fordern sie, zu zurückhaltenderen Aktionsformen zurückzukehren.\r\n\r\nDoch: Braucht politischer Protest nicht die direkte Aktion, ein provokantes, aufmerksamkeitserzeugendes Eingreifen in die gesellschaftlichen Abläufe? Was wären die Atomproteste ohne Schienenblockaden und Bauplatzbesetzungen? Was der Widerstand gegen die Agrogentechnik ohne Feldbefreiungen und -besetzungen? Wo ständen wir in der Kohleausstiegsdebatte, wenn es die Besetzung des Hambacher Forstes und die Baggerbesetzungen nicht gegeben hätte?\r\n\r\n\"Direkte Aktion ist nicht alles, aber ohne kreative, provokante Protestformen ist alles nichts!\", so ein Motto. In dem Workshop werden wir an Fallbeispielen zeigen, welche Bedeutung provokante Aktionen in der Vergangenheit hatten – und warum sie auch in Zukunft nötig sein werden.\r\n\r\n[Weitere Sessions unserer Gruppe](https://chaos.quasicoherent.io/)\r\n\r\n🧮","updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T13:00:00.000-0000","id":53797,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703851800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"spans_timebands":"N","updated":"2023-12-29T15:25:00.000-0000","begin":"2023-12-29T12:10:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Der Vortrag wurde ebenfalls bei [FireShonks](https://pretalx.c3voc.de/fireshonks23/talk/QCFZHX/ ) veröffentlicht. Aufgrund des hohen Interesses beim Public Viewing werden wir ihn hier live wiederholen.\n\n\nIn diesem Kurzvortrag zeigen wir euch, warum ihr eine Gewerkschaft wie die FAU (Freie Arbeiter*innen Union) braucht. Mit kreativen Methoden, horizontalen statt hierarchischen Strukturen und der Devise: Wir sind mehr als nur Gewerkschaft! Wir können die Dauerkrise die sich Kapitalismus nennt überwinden!","title":"Arbeitgeber*innen hassen diesen Trick\" - Was ist die FAU?","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Der Vortrag wurde ebenfalls bei [FireShonks](https://pretalx.c3voc.de/fireshonks23/talk/QCFZHX/ ) veröffentlicht. Aufgrund des hohen Interesses beim Public Viewing werden wir ihn hier live wiederholen.\n\n\nIn diesem Kurzvortrag zeigen wir euch, warum ihr eine Gewerkschaft wie die FAU (Freie Arbeiter*innen Union) braucht. Mit kreativen Methoden, horizontalen statt hierarchischen Strukturen und der Devise: Wir sind mehr als nur Gewerkschaft! Wir können die Dauerkrise die sich Kapitalismus nennt überwinden!","end_timestamp":{"seconds":1703853000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T12:30:00.000-0000","id":53971,"village_id":null,"begin_timestamp":{"seconds":1703851200,"nanoseconds":0},"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Freie Arbeiter*innen Union (FAU)","hotel":"","short_name":"Freie Arbeiter*innen Union (FAU)","id":46146},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T12:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: Jonathan Grothaus\n\n\nFür die Akzeptanz von Maßnahmen gegen den Klimawandel, die Motivation zu politischer Partizipation bzw. zur Änderung eigenen Verhaltens ist das Wissen über die Grundlagen des Klimawandels zwar notwendig, aber nicht hinreichend. \r\nIch möchte Bildungsmaterial und -erfahrungen aus einem Schülerlabor teilen, in dem ich versuche die Lücke zwischen Wissen zum Klimawandel und tatsächlichen Handeln etwas zu verkleinern. \r\nKonkret bringe ich die Treibhaustaler mit, ein Veranschaulichung aller emissionsrelevanten Handlungen eines typischen Tages: Individuelles Handeln ist relevant, strukturelle Verändeungen sind notwendig.","title":"Lessons4Action: Zwischen Zynismus, Apokalypse und Lastenfahrrad","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Host: Jonathan Grothaus\n\n\nFür die Akzeptanz von Maßnahmen gegen den Klimawandel, die Motivation zu politischer Partizipation bzw. zur Änderung eigenen Verhaltens ist das Wissen über die Grundlagen des Klimawandels zwar notwendig, aber nicht hinreichend. \r\nIch möchte Bildungsmaterial und -erfahrungen aus einem Schülerlabor teilen, in dem ich versuche die Lücke zwischen Wissen zum Klimawandel und tatsächlichen Handeln etwas zu verkleinern. \r\nKonkret bringe ich die Treibhaustaler mit, ein Veranschaulichung aller emissionsrelevanten Handlungen eines typischen Tages: Individuelles Handeln ist relevant, strukturelle Verändeungen sind notwendig.","end_timestamp":{"seconds":1703854800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T13:00:00.000-0000","id":53955,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703851200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","begin":"2023-12-29T12:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"At the Chaoswelle assembly we will give a short introduction to the amateur radio activity program \"Parks On The Air\" (POTA for short) and portable operation (duration approx. 30 minutes). Afterwards, we will start a joint park activation with you on shortwave in the \"Planten un Bloomen\" park in the immediate vicinity of the CCH (duration approx. 120 minutes).\r\n\r\nNo previous experience is necessary; the necessary equipment is provided. Those interested in radio are also explicitly invited and can practice practical radio operations with our training call sign.\r\n\r\nWeatherproof clothing is absolutely necessary for radio operations in the park, as we will definitely be going out (exception: freezing rain or thunderstorms).\r\n\r\nThe event takes place on all four days.\n\n\nEinführung in Parks On The Air (POTA) mit DC1TC und DK4HAA","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"POTA – Parks on the Air [Day 3]","android_description":"At the Chaoswelle assembly we will give a short introduction to the amateur radio activity program \"Parks On The Air\" (POTA for short) and portable operation (duration approx. 30 minutes). Afterwards, we will start a joint park activation with you on shortwave in the \"Planten un Bloomen\" park in the immediate vicinity of the CCH (duration approx. 120 minutes).\r\n\r\nNo previous experience is necessary; the necessary equipment is provided. Those interested in radio are also explicitly invited and can practice practical radio operations with our training call sign.\r\n\r\nWeatherproof clothing is absolutely necessary for radio operations in the park, as we will definitely be going out (exception: freezing rain or thunderstorms).\r\n\r\nThe event takes place on all four days.\n\n\nEinführung in Parks On The Air (POTA) mit DC1TC und DK4HAA","end_timestamp":{"seconds":1703860200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T14:30:00.000-0000","id":53795,"village_id":null,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703851200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chaoswelle","hotel":"","short_name":"Chaoswelle","id":46141},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T12:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"DISCLAIMER:\r\nThis event is supposed to be a NETWORKING SESSION for ACTIVISTS and those that are either already providing TECHNOLOGY SUPPORT or at least plan to do so in the future.\r\nParticipants are supposed to COLLABORATE in BREAK-OUT groups, so please only attend if you are looking for an ACTIVE ENGAGEMENT.\r\n\r\n---\r\n\r\nThere are many different forms of protest and resistance around the world.\r\nBe it climate protests, uprisings against dictatorial regimes, sabotaging Nazi rallies, the fight for housing and against gentrification, or turning an economic forum into a disaster.\r\n\r\nThe activist everyday life is diverse and requires different tactics and strategies.\r\n\r\nWe ask ourselves how we can connect and support these with the tech world:\r\n- What technologies might be needed to support the various movements and action types?\r\n- Which technologies have been used in the past and have they proven their worth?\r\n- How can we improve collaboration with activists?\r\n- How can we learn better from each others' experiences?\r\n\r\nWe want to exchange ideas in small groups and talk about different tools and means for planning, carrying out and following up political actions and protests.\r\n\r\n---\r\nAgenda:\r\n- Introduction, Goals\r\n- Impulse\r\n- Break-Outs\r\n- Summaries\r\n\r\nWe will suggest the following themes for break-outs, but if you would like to raise a different topic, we'd love to hear about it!\r\n- Training and OpSec\r\n- Organization, Communication, Collaboration\r\n- Squats, Occupations, House Projects\r\n- Protest Camps\r\n- Demonstrations and Blockades\r\n- Anti-Repression\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"🏴 Technologies for Disaster 🏴","end_timestamp":{"seconds":1703854800,"nanoseconds":0},"android_description":"DISCLAIMER:\r\nThis event is supposed to be a NETWORKING SESSION for ACTIVISTS and those that are either already providing TECHNOLOGY SUPPORT or at least plan to do so in the future.\r\nParticipants are supposed to COLLABORATE in BREAK-OUT groups, so please only attend if you are looking for an ACTIVE ENGAGEMENT.\r\n\r\n---\r\n\r\nThere are many different forms of protest and resistance around the world.\r\nBe it climate protests, uprisings against dictatorial regimes, sabotaging Nazi rallies, the fight for housing and against gentrification, or turning an economic forum into a disaster.\r\n\r\nThe activist everyday life is diverse and requires different tactics and strategies.\r\n\r\nWe ask ourselves how we can connect and support these with the tech world:\r\n- What technologies might be needed to support the various movements and action types?\r\n- Which technologies have been used in the past and have they proven their worth?\r\n- How can we improve collaboration with activists?\r\n- How can we learn better from each others' experiences?\r\n\r\nWe want to exchange ideas in small groups and talk about different tools and means for planning, carrying out and following up political actions and protests.\r\n\r\n---\r\nAgenda:\r\n- Introduction, Goals\r\n- Impulse\r\n- Break-Outs\r\n- Summaries\r\n\r\nWe will suggest the following themes for break-outs, but if you would like to raise a different topic, we'd love to hear about it!\r\n- Training and OpSec\r\n- Organization, Communication, Collaboration\r\n- Squats, Occupations, House Projects\r\n- Protest Camps\r\n- Demonstrations and Blockades\r\n- Anti-Repression","updated_timestamp":{"seconds":1703817540,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T13:00:00.000-0000","id":53778,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703851200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"updated":"2023-12-29T02:39:00.000-0000","begin":"2023-12-29T12:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"[talk notes as agda file](https://felix-cherubini.de/notes.lagda.md)\r\n\r\n[talk notes as html](https://felix-cherubini.de/ccc-html/notes.html)\r\n\r\n[the cubical agda library (has some pointers...)](https://github.com/agda/cubical)\r\n\r\nThe goal of my talk is to introduce you to homotopy type theory, which is a reletatively recent area of pure mathematics and computer science. The talk is not about *using* homotopy type theory in programming, but introducing it in a way geared towards everyone with some background in programming.\r\n\r\nI will show some data types in the dependently typed language agda, explaing how they relate to corresponding things in more mainstream languages. Agda is a language with nice notation for both, programming and math. It is certainly helpful if you know the material covered in the formalization workshop at 11:00 am (same day), but my aim is to make a stand alone presentation. \r\n\r\nFrom there, I will move to more exotic things which are the first steps into the world of homotopy type theory, still using agda as a language. You can try agda on your on device during the talk if you like - even in your [browser](https://agdapad.quasicoherent.io/)!\r\n\r\n🧮\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Homotopy type theory for programmers","android_description":"[talk notes as agda file](https://felix-cherubini.de/notes.lagda.md)\r\n\r\n[talk notes as html](https://felix-cherubini.de/ccc-html/notes.html)\r\n\r\n[the cubical agda library (has some pointers...)](https://github.com/agda/cubical)\r\n\r\nThe goal of my talk is to introduce you to homotopy type theory, which is a reletatively recent area of pure mathematics and computer science. The talk is not about *using* homotopy type theory in programming, but introducing it in a way geared towards everyone with some background in programming.\r\n\r\nI will show some data types in the dependently typed language agda, explaing how they relate to corresponding things in more mainstream languages. Agda is a language with nice notation for both, programming and math. It is certainly helpful if you know the material covered in the formalization workshop at 11:00 am (same day), but my aim is to make a stand alone presentation. \r\n\r\nFrom there, I will move to more exotic things which are the first steps into the world of homotopy type theory, still using agda as a language. You can try agda on your on device during the talk if you like - even in your [browser](https://agdapad.quasicoherent.io/)!\r\n\r\n🧮","end_timestamp":{"seconds":1703856600,"nanoseconds":0},"updated_timestamp":{"seconds":1703954760,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T13:30:00.000-0000","id":53769,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703851200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"begin":"2023-12-29T12:00:00.000-0000","updated":"2023-12-30T16:46:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"A place to meet up for the people who work and research in user experience and human-centered design.\n\n\n","title":"UX & Human-Centered Design People Networking!","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"A place to meet up for the people who work and research in user experience and human-centered design.","end_timestamp":{"seconds":1703854800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T13:00:00.000-0000","id":53523,"begin_timestamp":{"seconds":1703851200,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"House","hotel":"","short_name":"House","id":46137},"spans_timebands":"N","begin":"2023-12-29T12:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Prism Obsidian Duo\r\n\r\nObsidian is a visual artist and researcher in postcolonial theology, culture and education. She is taking a Black Quantum Afrofuturist approach towards tackling issues of racism, cultural appropriation, intersectionality and sustainable urban regeneration by drawing on an image of global Black cultures. \r\n\r\nPrism is a musician and visual artist specialising in rainbowgoth sound design and crafting analog double exposure captures. She is based in Berlin and responds to the inspiration of memory, saturation, and the dreamworld.\n\n\nThe texts for this piece were originally written as part of a revision of the Homeric Hymn to Demeter; a revision which broadens the picture of Black women who are descendant of colonial enslavement. A dialogue based on the contrast of Artemis’ power and agency over her body compared to women who have been unsafe for generations. \r\nWomen who carry these wounds as warnings and a call out for accountability. The underlying track called ‚Xercathalon’s Debut: A Bird Clock Opera, is a piece based on the sounds of childhood as remembered and incorporated into this collaborative soundscape.\r\n\r\nThe question works such as these answer is a soft approach towards understanding the people that 37C3 wants to become more diverse towards. Diversity, equity and inclusion are more than catchy phrases. They don't happen overnight, but through art and literature there are greater options for briding understanding.","title":"Bird Clock Opera/ w text from Days Of The Week","type":{"conference_id":131,"conference":"37C3","color":"#f6ae74","updated_at":"2024-06-07T03:40+0000","name":"Talk 90 Minuten +15m Q&A","id":46132},"android_description":"Prism Obsidian Duo\r\n\r\nObsidian is a visual artist and researcher in postcolonial theology, culture and education. She is taking a Black Quantum Afrofuturist approach towards tackling issues of racism, cultural appropriation, intersectionality and sustainable urban regeneration by drawing on an image of global Black cultures. \r\n\r\nPrism is a musician and visual artist specialising in rainbowgoth sound design and crafting analog double exposure captures. She is based in Berlin and responds to the inspiration of memory, saturation, and the dreamworld.\n\n\nThe texts for this piece were originally written as part of a revision of the Homeric Hymn to Demeter; a revision which broadens the picture of Black women who are descendant of colonial enslavement. A dialogue based on the contrast of Artemis’ power and agency over her body compared to women who have been unsafe for generations. \r\nWomen who carry these wounds as warnings and a call out for accountability. The underlying track called ‚Xercathalon’s Debut: A Bird Clock Opera, is a piece based on the sounds of childhood as remembered and incorporated into this collaborative soundscape.\r\n\r\nThe question works such as these answer is a soft approach towards understanding the people that 37C3 wants to become more diverse towards. Diversity, equity and inclusion are more than catchy phrases. They don't happen overnight, but through art and literature there are greater options for briding understanding.","end_timestamp":{"seconds":1703856600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53117],"conference_id":131,"event_ids":[53432],"name":"Prism Obsidian","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52512}],"timeband_id":1142,"links":[],"end":"2023-12-29T13:30:00.000-0000","id":53432,"tag_ids":[46132,46140],"village_id":null,"begin_timestamp":{"seconds":1703851200,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52512}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T12:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Der Vortrag bietet einen Einblick in die Ergebnisse einer erstmaligen systematischen Untersuchung der im deutschsprachigen Diskurs präsenten Visionen zur digital-ökologischen Transformation und setzt diese in einer Landschaft an Vorstellungen von Transformation, Nachhaltigkeit und Technikgestaltung zueinander in Beziehung. Bei der Recherche wurden zivilgesellschaftliche, staatliche, wissenschaftliche und wirtschaftliche Akteure berücksichtigt. Das Ergebnis sind sechs verschiedene Typen an Visionskategorien: „Dematerialisierung\", „Digital-ökologische Modernisierung\", „Leitplanken einer zukunftsfähigen Digitalpolitik\", „Digital-ökologischer TÜV\", „Digitale Suffizienz\" und „Low-Tech\" bilden die Landschaft der Visionen digital-ökologischer Transformation im deutschsprachigen Raum.\r\n\r\nDie Vorstellung, dass digitale Technik durch Effizienzsteigerungen zu einer Entkopplung von Wirtschaftswachstum und Ressourcenverbrauch beiträgt, kann unter dem Begriff „Dematerialisierung” gefasst werden. „Digital-ökologische Modernisierung” bezeichnet einen eher technokratischen Ansatz, in dem die ökologischen Kosten der Digitalisierung durch Sparsamkeit, Recycling und vor allem den flächendeckenden Einsatz von erneuerbaren Energien zu bewältigen sind. Vertreter\\*innen des Visionstyps „Leitplanken einer zukunftsfähigen Digitalpolitik” geben statt einer scharf formulierten Vision eher Leitplanken für die zukünftige Gestaltung der Digitalisierung im Rahmen ökologischer Grenzen vor. Die Kategorie „Digital-ökologischer TÜV” beschreibt Ansätze, die eine Bewertung des Verhältnisses von Ökologie und digitaler Technik von einer fortlaufenden Überprüfung des Einsatzes digitaler Technik abhängig machen. Bei „Digitaler Suffizienz” wird das Konzept der Suffizienz auf den Bereich Digitalisierung übertragen und orientiert sich an dem Motto „so viel Digitalisierung wie nötig, so wenig wie möglich“. Zuletzt kann die Idee der Abkehr vom linearen Fortschrittsdenken und von damit einhergehenden ressourcenintensiven High-Tech-Infrastrukturen als „Low-Tech”-Vision bezeichnet werden.\r\n\r\nIm Vortrag wird das Verhältnis der einzelnen Kategorien zueinander anhand von verschiedenen Dimensionen, wie ihr zugrundeliegendes Transformationsverständnis oder die Radikalität der beschriebenen Veränderungen, dargestellt sowie deren politische Bedeutung reflektiert. Welche Visionen erfüllen den Anspruch an eine global gerechte Digitalität der Zukunft?\n\n\nSupereffiziente digitale Technik als Lösung aller Probleme oder doch lieber die selbstgebaute ressourcensparsame Low-Tech-Variante? Die Zukunftsvorstellungen, die den Einsatz digitaler Technik und ökologische Fragen zusammendenken, sind in der deutschen Diskurslandschaft nicht gerade üppig gesät. Im Vortrag werden die Ergebnisse einer Kurzstudie präsentiert, bei der wir die Zukunftsvorstellungen digital-ökologischer Transformation bei gesellschaftspolitischen Akteuren gesucht, analysiert und zu Visionskategorien zusammengefasst haben.","title":"Darf's noch etwas visionärer sein?","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"android_description":"Der Vortrag bietet einen Einblick in die Ergebnisse einer erstmaligen systematischen Untersuchung der im deutschsprachigen Diskurs präsenten Visionen zur digital-ökologischen Transformation und setzt diese in einer Landschaft an Vorstellungen von Transformation, Nachhaltigkeit und Technikgestaltung zueinander in Beziehung. Bei der Recherche wurden zivilgesellschaftliche, staatliche, wissenschaftliche und wirtschaftliche Akteure berücksichtigt. Das Ergebnis sind sechs verschiedene Typen an Visionskategorien: „Dematerialisierung\", „Digital-ökologische Modernisierung\", „Leitplanken einer zukunftsfähigen Digitalpolitik\", „Digital-ökologischer TÜV\", „Digitale Suffizienz\" und „Low-Tech\" bilden die Landschaft der Visionen digital-ökologischer Transformation im deutschsprachigen Raum.\r\n\r\nDie Vorstellung, dass digitale Technik durch Effizienzsteigerungen zu einer Entkopplung von Wirtschaftswachstum und Ressourcenverbrauch beiträgt, kann unter dem Begriff „Dematerialisierung” gefasst werden. „Digital-ökologische Modernisierung” bezeichnet einen eher technokratischen Ansatz, in dem die ökologischen Kosten der Digitalisierung durch Sparsamkeit, Recycling und vor allem den flächendeckenden Einsatz von erneuerbaren Energien zu bewältigen sind. Vertreter\\*innen des Visionstyps „Leitplanken einer zukunftsfähigen Digitalpolitik” geben statt einer scharf formulierten Vision eher Leitplanken für die zukünftige Gestaltung der Digitalisierung im Rahmen ökologischer Grenzen vor. Die Kategorie „Digital-ökologischer TÜV” beschreibt Ansätze, die eine Bewertung des Verhältnisses von Ökologie und digitaler Technik von einer fortlaufenden Überprüfung des Einsatzes digitaler Technik abhängig machen. Bei „Digitaler Suffizienz” wird das Konzept der Suffizienz auf den Bereich Digitalisierung übertragen und orientiert sich an dem Motto „so viel Digitalisierung wie nötig, so wenig wie möglich“. Zuletzt kann die Idee der Abkehr vom linearen Fortschrittsdenken und von damit einhergehenden ressourcenintensiven High-Tech-Infrastrukturen als „Low-Tech”-Vision bezeichnet werden.\r\n\r\nIm Vortrag wird das Verhältnis der einzelnen Kategorien zueinander anhand von verschiedenen Dimensionen, wie ihr zugrundeliegendes Transformationsverständnis oder die Radikalität der beschriebenen Veränderungen, dargestellt sowie deren politische Bedeutung reflektiert. Welche Visionen erfüllen den Anspruch an eine global gerechte Digitalität der Zukunft?\n\n\nSupereffiziente digitale Technik als Lösung aller Probleme oder doch lieber die selbstgebaute ressourcensparsame Low-Tech-Variante? Die Zukunftsvorstellungen, die den Einsatz digitaler Technik und ökologische Fragen zusammendenken, sind in der deutschen Diskurslandschaft nicht gerade üppig gesät. Im Vortrag werden die Ergebnisse einer Kurzstudie präsentiert, bei der wir die Zukunftsvorstellungen digital-ökologischer Transformation bei gesellschaftspolitischen Akteuren gesucht, analysiert und zu Visionskategorien zusammengefasst haben.","end_timestamp":{"seconds":1703853300,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53199],"conference_id":131,"event_ids":[53512],"name":"Mascha Schädlich","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52427}],"timeband_id":1142,"end":"2023-12-29T12:35:00.000-0000","links":[{"label":"Kurzstudie zu Visionen digital-ökologischer Transformation","type":"link","url":"https://codina-transformation.de/wp-content/uploads/CODINA_VisionBuilding_Kurzstudie_3.pdf"}],"id":53512,"begin_timestamp":{"seconds":1703850900,"nanoseconds":0},"village_id":null,"tag_ids":[46125,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52427}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T11:55:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Jedes Jahr treffen wir Haecksen uns zum traditionellen Haecksenfrühstück auf dem Kongress, tauschen uns aus und planen das nächste Jahr. Willkommen sind zum Frühstück alle FINTA (Frau, inter, nichtbinär, trans, agender). Kommt gerne vorbei und bringt am Besten etwas zum Frühstücken und eine Tasse mit.\r\n\r\nIm Raum wird um Masken gebeten, daher gerne mitbringen und verantwortugsbewusst snacken und Tee trinken.\r\n\r\n\r\nThe Hacksenbreakfast is the biggest annual meeting of the Haecksen group, a group of female hackers within the CCC. We have a breakfast together and do some planning for the next year. This meeting is only for FINTA (female, intersex, non-binary, trans and agender). Please remind us to speak English if you do not understand German. It is a good idea to bring something for the breakfast and a cup for coffee/tea, but of course this is not mandatory.\r\n\r\nMasks are requested in the room, so please bring them with you and snack and drink tea responsibly.\n\n\nGemeinsames Frühstück für FINTA, die Haecksen werden möchten","type":{"conference_id":131,"conference":"37C3","color":"#7f73c6","updated_at":"2024-06-07T03:40+0000","name":"Workshop","id":46133},"title":"Haecksenfrühstück","android_description":"Jedes Jahr treffen wir Haecksen uns zum traditionellen Haecksenfrühstück auf dem Kongress, tauschen uns aus und planen das nächste Jahr. Willkommen sind zum Frühstück alle FINTA (Frau, inter, nichtbinär, trans, agender). Kommt gerne vorbei und bringt am Besten etwas zum Frühstücken und eine Tasse mit.\r\n\r\nIm Raum wird um Masken gebeten, daher gerne mitbringen und verantwortugsbewusst snacken und Tee trinken.\r\n\r\n\r\nThe Hacksenbreakfast is the biggest annual meeting of the Haecksen group, a group of female hackers within the CCC. We have a breakfast together and do some planning for the next year. This meeting is only for FINTA (female, intersex, non-binary, trans and agender). Please remind us to speak English if you do not understand German. It is a good idea to bring something for the breakfast and a cup for coffee/tea, but of course this is not mandatory.\r\n\r\nMasks are requested in the room, so please bring them with you and snack and drink tea responsibly.\n\n\nGemeinsames Frühstück für FINTA, die Haecksen werden möchten","end_timestamp":{"seconds":1703854200,"nanoseconds":0},"updated_timestamp":{"seconds":1703808300,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T12:50:00.000-0000","id":53805,"village_id":null,"begin_timestamp":{"seconds":1703848800,"nanoseconds":0},"tag_ids":[46133,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"begin":"2023-12-29T11:20:00.000-0000","updated":"2023-12-29T00:05:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The World Health Organization (WHO) considers air pollution to be the world's single largest environmental health threat, accounting for approximately 7 million deaths worldwide every year. That's why in this talk we want to speak about how the problem of air pollution can be understood and predicted using HPC pollution modeling and its application based on general concepts and our own research. \r\n\r\nWe are Dr. Johannes Bieser and Dr. Martin Ramacher, both working at the Helmholtz Zentrum Hereon in the field of numerical pollution modelling. While Dr. Bieser wrote his Dissertation on emission modelling and its application, Dr. Ramacher wrote his Dissertation on pollutant transport and exposure modelling. \r\n\r\nIn our talk on numerical air quality modelling systems, we want to introduce basic principles and share our personal knowledge in the field of numerical pollution modelling, covering the entire pathway from emissions, transport, transformation and human exposure. Each of these steps relies heavily on large amounts of data from many different sources - satellite data, activity and meta data, measurements and many more - and skills in computer science. By default, environmental scientists are often not trained in computer science and high performance computing which implies a challenge of its own (and allows Nerds like us to excel).\r\n\r\nOur talk will be enriched with practical, technical and partially political examples to demonstrate the difficulties scientist face during their quest to improve air quality for everyone: from TB of wasted data due to historically grown data formats to counterproductive policy decisions to „improve“ air quality. We’ve seen it all and after participating in the CCC for many years now, we decided to draw attention to some state-of-the science approaches for solving one of the world’s single largest environmental health threats: „air pollution“. \n\n\nHigh performance computing (HPC) in environmental science is usually associated with research on climate change, investigating the impact of atmospheric greenhouse gases (GHG) over the next century. Besides these GHGs, there are many other gases and aerosolos in the atmosphere, which have a much more direct and immediate impact on human health: air pollutants.","title":"Numerical Air Quality Modeling Systems","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703852100,"nanoseconds":0},"android_description":"The World Health Organization (WHO) considers air pollution to be the world's single largest environmental health threat, accounting for approximately 7 million deaths worldwide every year. That's why in this talk we want to speak about how the problem of air pollution can be understood and predicted using HPC pollution modeling and its application based on general concepts and our own research. \r\n\r\nWe are Dr. Johannes Bieser and Dr. Martin Ramacher, both working at the Helmholtz Zentrum Hereon in the field of numerical pollution modelling. While Dr. Bieser wrote his Dissertation on emission modelling and its application, Dr. Ramacher wrote his Dissertation on pollutant transport and exposure modelling. \r\n\r\nIn our talk on numerical air quality modelling systems, we want to introduce basic principles and share our personal knowledge in the field of numerical pollution modelling, covering the entire pathway from emissions, transport, transformation and human exposure. Each of these steps relies heavily on large amounts of data from many different sources - satellite data, activity and meta data, measurements and many more - and skills in computer science. By default, environmental scientists are often not trained in computer science and high performance computing which implies a challenge of its own (and allows Nerds like us to excel).\r\n\r\nOur talk will be enriched with practical, technical and partially political examples to demonstrate the difficulties scientist face during their quest to improve air quality for everyone: from TB of wasted data due to historically grown data formats to counterproductive policy decisions to „improve“ air quality. We’ve seen it all and after participating in the CCC for many years now, we decided to draw attention to some state-of-the science approaches for solving one of the world’s single largest environmental health threats: „air pollution“. \n\n\nHigh performance computing (HPC) in environmental science is usually associated with research on climate change, investigating the impact of atmospheric greenhouse gases (GHG) over the next century. Besides these GHGs, there are many other gases and aerosolos in the atmosphere, which have a much more direct and immediate impact on human health: air pollutants.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53406],"conference_id":131,"event_ids":[53751],"name":"Martin Otto Paul Ramacher","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52429},{"content_ids":[53406],"conference_id":131,"event_ids":[53751],"name":"Johannes Bieser","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52468}],"timeband_id":1142,"links":[{"label":"ResearchGate Profil Dr. Martin Ramacher","type":"link","url":"https://www.researchgate.net/profile/Martin-Ramacher"},{"label":"ResearchGate Profil Dr. Johannes Bieser","type":"link","url":"https://www.researchgate.net/profile/Johannes-Bieser"}],"end":"2023-12-29T12:15:00.000-0000","id":53751,"tag_ids":[46123,46136,46140],"village_id":null,"begin_timestamp":{"seconds":1703848500,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52468},{"tag_id":46107,"sort_order":1,"person_id":52429}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"begin":"2023-12-29T11:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Die Qualität von Anleitungen und Einführungen zu Smartphone-Forensik im Internet ist leider sehr durchwachsen: Hier will dir jemand ein buntes Tool verkaufen, hier riecht es nach einem Scam, vielerorts geht es um das, was Strafverfolgungsbehörden machen, nämlich in den Daten fremder Leute wühlen.\r\n\r\nStattdessen möchten wir in diesem Vortrag einen strukturierten Überblick geben, welche (öffentlichen) Möglichkeiten es in der einvernehmlichen Smartphone-Forensik mit Open-Source-Tools gibt. Wir zeigen euch, wie man welche Arten von Malware finden kann, welche Spuren sie hinterlassen und wie sich Stalkerware und Staatstrojaner in der Praxis unterscheiden.\r\n\r\nUm 14:15 findet ein praktischer Workshop statt indem gelerntes aus dem Vortrag umgesetzt werden kann:\r\nhttps://events.ccc.de/congress/2023/hub/en/event/introduction-to-smartphone-malware-forensics-pract/\n\n\nSmartphones sind in den letzten zehn Jahren zu einem allseits beliebten Angriffsziel geworden, sei es für Stalkerware, Staatstrojaner oder Banking-Malware. In diesem Vortrag wollen wir einen Überblick geben, mit welchen Techniken und Open-Source-Tools man auf Smartphones (unter iOS und Android) auf die Jagd nach Malware gehen kann. Im Anschluss findet ein Workshop mit einem praktischen Teil zum Ausprobieren einiger dieser Techniken statt.","title":"Einführung in Smartphone Malware Forensik","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703852100,"nanoseconds":0},"android_description":"Die Qualität von Anleitungen und Einführungen zu Smartphone-Forensik im Internet ist leider sehr durchwachsen: Hier will dir jemand ein buntes Tool verkaufen, hier riecht es nach einem Scam, vielerorts geht es um das, was Strafverfolgungsbehörden machen, nämlich in den Daten fremder Leute wühlen.\r\n\r\nStattdessen möchten wir in diesem Vortrag einen strukturierten Überblick geben, welche (öffentlichen) Möglichkeiten es in der einvernehmlichen Smartphone-Forensik mit Open-Source-Tools gibt. Wir zeigen euch, wie man welche Arten von Malware finden kann, welche Spuren sie hinterlassen und wie sich Stalkerware und Staatstrojaner in der Praxis unterscheiden.\r\n\r\nUm 14:15 findet ein praktischer Workshop statt indem gelerntes aus dem Vortrag umgesetzt werden kann:\r\nhttps://events.ccc.de/congress/2023/hub/en/event/introduction-to-smartphone-malware-forensics-pract/\n\n\nSmartphones sind in den letzten zehn Jahren zu einem allseits beliebten Angriffsziel geworden, sei es für Stalkerware, Staatstrojaner oder Banking-Malware. In diesem Vortrag wollen wir einen Überblick geben, mit welchen Techniken und Open-Source-Tools man auf Smartphones (unter iOS und Android) auf die Jagd nach Malware gehen kann. Im Anschluss findet ein Workshop mit einem praktischen Teil zum Ausprobieren einiger dieser Techniken statt.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"end":"2023-12-29T12:15:00.000-0000","links":[{"label":"Anschließender Workshop","type":"link","url":"https://events.ccc.de/congress/2023/hub/en/event/introduction-to-smartphone-malware-forensics-pract/"}],"id":53742,"village_id":null,"begin_timestamp":{"seconds":1703848500,"nanoseconds":0},"tag_ids":[46124,46136,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T11:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Be a alpha tester for the NYM VPN\r\n\r\nYou can follow the instructions here: https://nymtech.net/developers/events/37c3/welcome.html","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"testing CLI sending data over the NYM mixnet decentralised infrastructure","android_description":"Be a alpha tester for the NYM VPN\r\n\r\nYou can follow the instructions here: https://nymtech.net/developers/events/37c3/welcome.html","end_timestamp":{"seconds":1703854800,"nanoseconds":0},"updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T13:00:00.000-0000","id":54012,"village_id":null,"begin_timestamp":{"seconds":1703847600,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"begin":"2023-12-29T11:00:00.000-0000","updated":"2023-12-29T15:25:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: 1u\r\n\r\nShort presentation and exchange\r\nOpenki is an opensource tool for organizing barcamps and open spaces together. It emerged from the Autonomous School in Zurich over the last 10 years. After it was used this summer in St-Imier by around 5000 anarchists to organize around 600 workshops over 5 days, we are confident that it works and is stable.\r\n\r\nCompared to a simple SOS form or wiki, it offers the possibility to participate in different roles (collaborative organization), also to simply suggest a topic where you are not an expert yourself (that someone else then leads), notifications, comments, a time period where interested people can register to then decide how large a room needs to be and more. \r\nSome interfaces are already available (schedule.xml, OAuth2 client) others would have to be coded (get the rooms).\r\n\r\nSource code: https://gitlab.com/Openki/Openki\n\n\n","title":"Selforganized Sessioins with the tool Openki.net","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Host: 1u\r\n\r\nShort presentation and exchange\r\nOpenki is an opensource tool for organizing barcamps and open spaces together. It emerged from the Autonomous School in Zurich over the last 10 years. After it was used this summer in St-Imier by around 5000 anarchists to organize around 600 workshops over 5 days, we are confident that it works and is stable.\r\n\r\nCompared to a simple SOS form or wiki, it offers the possibility to participate in different roles (collaborative organization), also to simply suggest a topic where you are not an expert yourself (that someone else then leads), notifications, comments, a time period where interested people can register to then decide how large a room needs to be and more. \r\nSome interfaces are already available (schedule.xml, OAuth2 client) others would have to be coded (get the rooms).\r\n\r\nSource code: https://gitlab.com/Openki/Openki","end_timestamp":{"seconds":1703851200,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T12:00:00.000-0000","id":53954,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703847600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T11:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The **members and assembly meetup** of the ChaosZone including Hackspaces of our region cluster **open to guests**. Our geographic boundaries range from Eisenach to Warsaw, but of course and as always; All Creatures Welcome! \r\n\r\nChaosZone is the project with the goal of establishing a collaborative assembly since the 35th Chaos Communication Congress.\n\n\nThe members and assembly meetup of the ChaosZone including Hackspaces of our region cluster open to guests.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"ChaosZone Meetup","end_timestamp":{"seconds":1703853000,"nanoseconds":0},"android_description":"The **members and assembly meetup** of the ChaosZone including Hackspaces of our region cluster **open to guests**. Our geographic boundaries range from Eisenach to Warsaw, but of course and as always; All Creatures Welcome! \r\n\r\nChaosZone is the project with the goal of establishing a collaborative assembly since the 35th Chaos Communication Congress.\n\n\nThe members and assembly meetup of the ChaosZone including Hackspaces of our region cluster open to guests.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T12:30:00.000-0000","id":53794,"begin_timestamp":{"seconds":1703847600,"nanoseconds":0},"tag_ids":[46137,46139,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"ChaosZone","hotel":"","short_name":"ChaosZone","id":46138},"begin":"2023-12-29T11:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Lightning Talks are short lectures for anyone!\r\n\r\nSince we have only one session in a large hall this year, we're going to continue the Lightning Talks as a self-organized session.\r\n\r\nBring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party, workshop or assembly! Whatever you bring, make it quick! To get an idea what Lightning Talks are about and how they work, look at the 36C3 sessions on media.ccc.de.\r\n\r\nBe reminded that, like in previous C3s, you still need a ticket for the 37C3 congress. A lightning talk or registration for one does not provide you with a ticket. No ticket - no talk.\r\n\r\nSubmissions will be opened a few days before 37C3. See https://c3lt.de/ or https://chaos.social/@C3_LightningTLK for further infos and updates.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"37C3 Lightning Talks Continued","end_timestamp":{"seconds":1703854800,"nanoseconds":0},"android_description":"Lightning Talks are short lectures for anyone!\r\n\r\nSince we have only one session in a large hall this year, we're going to continue the Lightning Talks as a self-organized session.\r\n\r\nBring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party, workshop or assembly! Whatever you bring, make it quick! To get an idea what Lightning Talks are about and how they work, look at the 36C3 sessions on media.ccc.de.\r\n\r\nBe reminded that, like in previous C3s, you still need a ticket for the 37C3 congress. A lightning talk or registration for one does not provide you with a ticket. No ticket - no talk.\r\n\r\nSubmissions will be opened a few days before 37C3. See https://c3lt.de/ or https://chaos.social/@C3_LightningTLK for further infos and updates.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T13:00:00.000-0000","id":53760,"begin_timestamp":{"seconds":1703847600,"nanoseconds":0},"tag_ids":[46137,46139,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T11:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Our exploration begins with an honest appraisal of traditional fuzzing methodologies that have been applied to TCP/IP stacks before, like ISIC, revealing their inherent limitations, e.g., they can't reach beyond the TCP initial state. Recognizing the need for a more evolved approach, we take a different approach, where we leverage a full-blow active network connection for fuzzing. A key revelation in this journey is the deliberate decision to sidestep the arduous task of constructing a custom TCP/IP stack, a choice rooted in practical considerations.\r\n\r\nThe reluctance to build a bespoke TCP/IP stack leads us to innovative strategies such as embedding hooks in the Linux kernel and tapping into userland TCP/IP stacks like PyTCP, Netstack (part of Google gVisor), and PicoTCP. PicoTCP takes center stage, offering a userland TCP/IP stack that becomes integral to our state fuzzing methodology. Attendees will gain a deeper understanding of its architecture, APIs, and documentation, appreciating its pivotal role in fortifying network security.\r\n\r\nAs the presentation unfolds, we navigate through the development of a powerful fuzzer, a core element in our approach to identifying vulnerabilities within the TCP/IP stack. The intricacies of driving traffic through the system, simulating real-world scenarios, and leveraging reproducibility and diagnostics techniques are revealed. The discussion expands to showcase tangible results, including trophies obtained, bugs reported, and the eventual release of the project on GitHub. The session concludes with an engaging Q & A, encouraging participants to delve into the intricacies of TCP/IP stack fuzzing and its profound implications for network security.\n\n\nIn this talk, we delve into the captivating realm of TCP/IP stack fuzzing. As the backbone of internet communication, the TCP/IP stack is a prime target for cyber threats. This presentation will unravel the intricacies of fuzzing techniques applied to several TCP/IP stacks, shedding light on how these methodologies can uncover bugs, crashes and vulnerabilities. From the fundamentals of packet fuzzing to advanced mutation strategies, attendees will gain valuable insights into the proactive ways to fuzz a TCP/IP stack. Whether you're a seasoned cybersecurity professional or a curious enthusiast, this talk promises to be an enlightening journey into the heart of TCP/IP stack security and the crucial role of fuzzing in safeguarding our interconnected world.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"Fuzzing the TCP/IP stack","android_description":"Our exploration begins with an honest appraisal of traditional fuzzing methodologies that have been applied to TCP/IP stacks before, like ISIC, revealing their inherent limitations, e.g., they can't reach beyond the TCP initial state. Recognizing the need for a more evolved approach, we take a different approach, where we leverage a full-blow active network connection for fuzzing. A key revelation in this journey is the deliberate decision to sidestep the arduous task of constructing a custom TCP/IP stack, a choice rooted in practical considerations.\r\n\r\nThe reluctance to build a bespoke TCP/IP stack leads us to innovative strategies such as embedding hooks in the Linux kernel and tapping into userland TCP/IP stacks like PyTCP, Netstack (part of Google gVisor), and PicoTCP. PicoTCP takes center stage, offering a userland TCP/IP stack that becomes integral to our state fuzzing methodology. Attendees will gain a deeper understanding of its architecture, APIs, and documentation, appreciating its pivotal role in fortifying network security.\r\n\r\nAs the presentation unfolds, we navigate through the development of a powerful fuzzer, a core element in our approach to identifying vulnerabilities within the TCP/IP stack. The intricacies of driving traffic through the system, simulating real-world scenarios, and leveraging reproducibility and diagnostics techniques are revealed. The discussion expands to showcase tangible results, including trophies obtained, bugs reported, and the eventual release of the project on GitHub. The session concludes with an engaging Q & A, encouraging participants to delve into the intricacies of TCP/IP stack fuzzing and its profound implications for network security.\n\n\nIn this talk, we delve into the captivating realm of TCP/IP stack fuzzing. As the backbone of internet communication, the TCP/IP stack is a prime target for cyber threats. This presentation will unravel the intricacies of fuzzing techniques applied to several TCP/IP stacks, shedding light on how these methodologies can uncover bugs, crashes and vulnerabilities. From the fundamentals of packet fuzzing to advanced mutation strategies, attendees will gain valuable insights into the proactive ways to fuzz a TCP/IP stack. Whether you're a seasoned cybersecurity professional or a curious enthusiast, this talk promises to be an enlightening journey into the heart of TCP/IP stack security and the crucial role of fuzzing in safeguarding our interconnected world.","end_timestamp":{"seconds":1703850000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53387],"conference_id":131,"event_ids":[53733],"name":"Ilja van Sprundel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52402}],"timeband_id":1142,"links":[],"end":"2023-12-29T11:40:00.000-0000","id":53733,"tag_ids":[46124,46136,46140],"begin_timestamp":{"seconds":1703847600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52402}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-29T11:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We're happy about any co-knitters and co-crocheters joining us, and we'll teach you how it works in case you don't know. :-) **Where? Free space in front of Saal F.**\r\n\r\nIf you could bring a knitting needle and yarn on your own, that would be perfect; but fear not, we have a limited supply which we'll gladly share with you. In this case, it would be nice if you could reimburse us on our costs, but no worries if that's not possible.\r\n\r\nA nice project for a beginner is an oven cloth or a phone case, or if you're looking for something more ambitious, gloves. We are also happy to assist with your own projects or ideas. :-)\r\n\r\nAt least one of the workshop-giving persons can also offer the workshop in Macedonian or broken Serbian. The workshop is organized by [August](https://events.ccc.de/congress/2023/hub/en/user/augustgaugler/).\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Knitting/crocheting workshop (Strick- und Häkelworkshop)","end_timestamp":{"seconds":1703853000,"nanoseconds":0},"android_description":"We're happy about any co-knitters and co-crocheters joining us, and we'll teach you how it works in case you don't know. :-) **Where? Free space in front of Saal F.**\r\n\r\nIf you could bring a knitting needle and yarn on your own, that would be perfect; but fear not, we have a limited supply which we'll gladly share with you. In this case, it would be nice if you could reimburse us on our costs, but no worries if that's not possible.\r\n\r\nA nice project for a beginner is an oven cloth or a phone case, or if you're looking for something more ambitious, gloves. We are also happy to assist with your own projects or ideas. :-)\r\n\r\nAt least one of the workshop-giving persons can also offer the workshop in Macedonian or broken Serbian. The workshop is organized by [August](https://events.ccc.de/congress/2023/hub/en/user/augustgaugler/).\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮","updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T12:30:00.000-0000","id":53968,"village_id":null,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703845800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Quasiroom","hotel":"","short_name":"Quasiroom","id":46142},"begin":"2023-12-29T10:30:00.000-0000","updated":"2023-12-29T15:25:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Here you can splice fiber optics yourself. Learn what is important when splicing and try it out yourself. Per slot max. 4 attendees. Registration required: https://tickets.events.hacknang.de/ctbk/37c3-fiber/\n\n\nGlasfaser-Spleißworkshop unterstützt von Selfnet e.V., Bitte Details beachten - Anmeldung erforderlich!","title":"Spleiß-Workshop Tag 3","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703848200,"nanoseconds":0},"android_description":"Here you can splice fiber optics yourself. Learn what is important when splicing and try it out yourself. Per slot max. 4 attendees. Registration required: https://tickets.events.hacknang.de/ctbk/37c3-fiber/\n\n\nGlasfaser-Spleißworkshop unterstützt von Selfnet e.V., Bitte Details beachten - Anmeldung erforderlich!","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T11:10:00.000-0000","id":53893,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703845800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"CTBK-Workshoparea","hotel":"","short_name":"CTBK-Workshoparea","id":46163},"begin":"2023-12-29T10:30:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Everything is digitalized nowadays and if not, it soon will be. More people will interact with more technology and they will sooner or later be forced to use it even though they are not “Digital Natives” and have troubles or are scared of doing so. Good usability can help with that. Usability is a term many people use but might not be aware what it actually means. In this discussion, I’ll present what makes a good usability and why everyone benefits from it. No previous knowledge necessary.\r\n🧮 \r\nIf you want to contact me directly after the talk: @m0ndra\n\n\n","title":"(Good) Usability: What is it and how can wie achieve it","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Everything is digitalized nowadays and if not, it soon will be. More people will interact with more technology and they will sooner or later be forced to use it even though they are not “Digital Natives” and have troubles or are scared of doing so. Good usability can help with that. Usability is a term many people use but might not be aware what it actually means. In this discussion, I’ll present what makes a good usability and why everyone benefits from it. No previous knowledge necessary.\r\n🧮 \r\nIf you want to contact me directly after the talk: @m0ndra","end_timestamp":{"seconds":1703847600,"nanoseconds":0},"updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T11:00:00.000-0000","id":53767,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703845800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"begin":"2023-12-29T10:30:00.000-0000","updated":"2023-12-30T01:42:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Ist alleine leben nicht sowohl sehr ineffizient als auch oft sehr langweilig, unsicher und einsam? \r\n\r\nHaben nicht alle mehr von Ressourcen, wenn man sie sich teilt? Zum Beispiel in einer gemeinsamen Ökonomie? \r\n\r\nIst es im Grunde nicht unglaublich ineffizient, Räume nach Personen und nicht nach Funktionen aufzuteilen? Am Ende haben sechs Leute dann je ein kleines Schlafzimmer mit Schreibtisch, obwohl sie, wenn sie die Räume aufteilen würden, alle ein Schlafzimmer, ein Arbeitszimmer, eine Hardware-Werkstatt, einen Kino/Gaming-Raum, ein Spielzimmer und einen Musik/Tanz-Raum haben könnten. Oder auch lauter coole andere Funktionsräume? (Das Konzept ist natürlich fast beliebig skalierbar.)\r\n\r\nWie müssten all diese Konzepte angepasst werden, damit sie nicht nur für neurotypische Menschen funktionieren? \r\n\r\nWarum ist kollektives Leben mit der Kleinfamilie normal, aber mit unseren besten Freund\\*innen und liebsten Kolleg\\*innen fast schon revolutionär? \r\n\r\nWarum lebt der schon hundert mal totgesagte Punk 24/7 auf Wagenplätzen und die kulturellen Großeltern der Punks, die Hippies, in Kommunen zusammen, während die sonst so erfindungsreiche Nerdkultur noch keine Konzepte des kollektiven nerdigen Zusammenleben gefunden hat? \r\n\r\nWer kümmert sich eigentlich um dich, wenn du dich aufgrund von Krankheit oder Behinderung eine längere Zeit nicht mehr alleine um dich selbst kümmern kannst? Denn, kleiner Funfact: auch wenn du darüber nicht gerne nachdenkst braucht es nur einen unglücklichen Zufall damit das passiert. \r\n\r\nWäre es nicht schön, wenn es nicht schlimm wäre, wenn du mal ein paar Monate kein Geld verdienen könntest? Wie viel angstfreier könntest du dann leben? \r\n\r\nWie könnte ein cooles Wohnprojekt von und für Nerds aussehen? \r\n\r\nWenn einige dieser Fragen dich ansprechen, dann komm gerne zur Gesprächsrunde :)\n\n\n","title":"Gesprächsrunde über kollektive Lebenskonzepte abseits der Kleinfamilie","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703851200,"nanoseconds":0},"android_description":"Ist alleine leben nicht sowohl sehr ineffizient als auch oft sehr langweilig, unsicher und einsam? \r\n\r\nHaben nicht alle mehr von Ressourcen, wenn man sie sich teilt? Zum Beispiel in einer gemeinsamen Ökonomie? \r\n\r\nIst es im Grunde nicht unglaublich ineffizient, Räume nach Personen und nicht nach Funktionen aufzuteilen? Am Ende haben sechs Leute dann je ein kleines Schlafzimmer mit Schreibtisch, obwohl sie, wenn sie die Räume aufteilen würden, alle ein Schlafzimmer, ein Arbeitszimmer, eine Hardware-Werkstatt, einen Kino/Gaming-Raum, ein Spielzimmer und einen Musik/Tanz-Raum haben könnten. Oder auch lauter coole andere Funktionsräume? (Das Konzept ist natürlich fast beliebig skalierbar.)\r\n\r\nWie müssten all diese Konzepte angepasst werden, damit sie nicht nur für neurotypische Menschen funktionieren? \r\n\r\nWarum ist kollektives Leben mit der Kleinfamilie normal, aber mit unseren besten Freund\\*innen und liebsten Kolleg\\*innen fast schon revolutionär? \r\n\r\nWarum lebt der schon hundert mal totgesagte Punk 24/7 auf Wagenplätzen und die kulturellen Großeltern der Punks, die Hippies, in Kommunen zusammen, während die sonst so erfindungsreiche Nerdkultur noch keine Konzepte des kollektiven nerdigen Zusammenleben gefunden hat? \r\n\r\nWer kümmert sich eigentlich um dich, wenn du dich aufgrund von Krankheit oder Behinderung eine längere Zeit nicht mehr alleine um dich selbst kümmern kannst? Denn, kleiner Funfact: auch wenn du darüber nicht gerne nachdenkst braucht es nur einen unglücklichen Zufall damit das passiert. \r\n\r\nWäre es nicht schön, wenn es nicht schlimm wäre, wenn du mal ein paar Monate kein Geld verdienen könntest? Wie viel angstfreier könntest du dann leben? \r\n\r\nWie könnte ein cooles Wohnprojekt von und für Nerds aussehen? \r\n\r\nWenn einige dieser Fragen dich ansprechen, dann komm gerne zur Gesprächsrunde :)","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T12:00:00.000-0000","id":53768,"begin_timestamp":{"seconds":1703845200,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"N","begin":"2023-12-29T10:20:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Musik für Herz & Hintern\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Pony","android_description":"Musik für Herz & Hintern","end_timestamp":{"seconds":1703854800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T13:00:00.000-0000","id":53870,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703844000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Make circuits for light, sound or motion. From the age of around 4 years upwards accompanied by adults, this is possible with the simple electronic kit based on snap buttons (manufactureres recommendation is 8 years). Even younger kits enjoy arranging coloured shapes. This is a parent-kid-offer. Please oversee your kids or build with them.\n\n\n","title":"Elektrobaukasten - Tag 3","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Make circuits for light, sound or motion. From the age of around 4 years upwards accompanied by adults, this is possible with the simple electronic kit based on snap buttons (manufactureres recommendation is 8 years). Even younger kits enjoy arranging coloured shapes. This is a parent-kid-offer. Please oversee your kids or build with them.","end_timestamp":{"seconds":1703851200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T12:00:00.000-0000","id":53842,"begin_timestamp":{"seconds":1703844000,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Kidspace - Saal B","hotel":"","short_name":"Kidspace - Saal B","id":46158},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Some day, computers will help working mathematicians of all disciplines in finding and checking proofs. It will feel easy, effortless and natural. Computers might even surpass us, creating a new exciting niche for mathematicians: understanding the mathematical advances put forward by computers. The univalent foundations program by the late Vladimir Voevodsky was an important step towards this vision. However, we aren't there yet.\r\n\r\nStill even the current generation of theorem provers is very exciting. It's fun to talk the computer into accepting our proofs, and invariably we learn something about our proofs in the process.\r\n\r\nIn this workshop, we'll cover the basics of Agda, one of the well-known proof assistants. The workshop will start as a guided tour. You belong to the target audience iff you have some experience in writing down mathematical proofs, for instance if at some point you proved Gauß's sum formula using induction. Knowledge of Haskell is beneficiary (modulo syntax, Agda is a superset of a subset of Haskell), but not required.\r\n\r\nYou don't need to install Agda beforehand, we will use the online version at https://agdapad.quasicoherent.io/.\r\n\r\nLiterature: https://plfa.github.io/\r\n\r\n**Note to other people planning self-organized sessions:** We don't actually need the full size of Saal D. A room with about 20 seats is sufficient. On Day 0, we will scout the building for alternative options.\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮\n\n\n","title":"Formalizing mathematics in the proof assistant Agda","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703851200,"nanoseconds":0},"android_description":"Some day, computers will help working mathematicians of all disciplines in finding and checking proofs. It will feel easy, effortless and natural. Computers might even surpass us, creating a new exciting niche for mathematicians: understanding the mathematical advances put forward by computers. The univalent foundations program by the late Vladimir Voevodsky was an important step towards this vision. However, we aren't there yet.\r\n\r\nStill even the current generation of theorem provers is very exciting. It's fun to talk the computer into accepting our proofs, and invariably we learn something about our proofs in the process.\r\n\r\nIn this workshop, we'll cover the basics of Agda, one of the well-known proof assistants. The workshop will start as a guided tour. You belong to the target audience iff you have some experience in writing down mathematical proofs, for instance if at some point you proved Gauß's sum formula using induction. Knowledge of Haskell is beneficiary (modulo syntax, Agda is a superset of a subset of Haskell), but not required.\r\n\r\nYou don't need to install Agda beforehand, we will use the online version at https://agdapad.quasicoherent.io/.\r\n\r\nLiterature: https://plfa.github.io/\r\n\r\n**Note to other people planning self-organized sessions:** We don't actually need the full size of Saal D. A room with about 20 seats is sufficient. On Day 0, we will scout the building for alternative options.\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T12:00:00.000-0000","id":53777,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703844000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-29T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This session allows for a detailed discussion on the topic of \"Responsible AI in the Public Sector.\" This discussion revolves around nothing less than how our governments employ AI and other Automated Decision Making (ADM) methods to make our administration and society more efficient.\r\n\r\nFollowing a brief introduction, we will transition into an open discussion. What principles should guide the administration in building their algorithms? How does the AI Act come into play, and is it sufficient? How can strong AI regulation and oversight not be perceived as inhibiting innovation?\n\n\n","title":"Ethische Algorithmen in der Regierung?","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703847600,"nanoseconds":0},"android_description":"This session allows for a detailed discussion on the topic of \"Responsible AI in the Public Sector.\" This discussion revolves around nothing less than how our governments employ AI and other Automated Decision Making (ADM) methods to make our administration and society more efficient.\r\n\r\nFollowing a brief introduction, we will transition into an open discussion. What principles should guide the administration in building their algorithms? How does the AI Act come into play, and is it sufficient? How can strong AI regulation and oversight not be perceived as inhibiting innovation?","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T11:00:00.000-0000","id":53759,"village_id":null,"begin_timestamp":{"seconds":1703844000,"nanoseconds":0},"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We love to put microcontrollers, systems-on-a-chip and many other Integrated Circuits (ICs) into all sorts of devices. As hardware backdoors can undermine software security, the integrity of these chips is becoming increasingly important. However, most of these microchips are manufactured in a complex global supply chain where not all parties can necessarily be trusted. Who guarantees that the chip we order is the chip we get delivered? While the European Union wants to ensure digital sovereignty through massive long-term investment in domestic IC production, we need a way to verify the integrity of microchips *today*.\r\n\r\nIn this talk, we will first briefly cover the basics of the IC design and production process. We will outline common attacks that enable the insertion of subtle malicious manipulations or backdoors, often called hardware Trojans. You don't need to have a hardware background to follow along!\r\n\r\nWe then introduce some techniques we can use to detect hardware manipulations by comparing the circuit within a microchip to its original design files by reverse engineering the chip using open-source image processing. While imaging an IC requires advanced laboratory equipment, commodity hardware is sufficient to analyze the captured images.\r\n\r\nIn the main part of our talk, we will present a case study on Trojan detection based on four different digital ICs using a Red Team vs. Blue Team approach, and give a live demonstration.\r\nWe will share what manipulations of our Red Team we are already able to find reliably, and where some work is still needed -- and we're calling on you to play with our algorithms and have a go at uncovering the Trojans that are still well-hidden. Of course, we have made our source code and entire image datasets available under a free and open license.\r\n\r\nWe'll conclude with an insight into the working process of our Blue Team -- what we learned, and how we failed -- and give an outlook on how we can lower the entry barrier into IC reverse engineering, unlocking the hardware security field for all.\n\n\nEnsuring the integrity of Integrated Circuits (ICs) against malicious hardware Trojans is paramount for secure electronic devices. One approach involves imaging the manufactured chips to compare them with their original design files. While such techniques for detecting Trojans are relatively well-known in the industry, there is a notable absence of comprehensive, publicly available case studies. To bridge this gap, we unveil a Red Team vs. Blue Team case study on hardware Trojan detection across four digital ICs in various modern feature sizes. We share our findings, algorithms, and image datasets, shedding light on the efficiency of these techniques, and offer insights into the impact of technology scaling on detection performance.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Unlocking Hardware Security: Red Team, Blue Team, and Trojan Tales","end_timestamp":{"seconds":1703847600,"nanoseconds":0},"android_description":"We love to put microcontrollers, systems-on-a-chip and many other Integrated Circuits (ICs) into all sorts of devices. As hardware backdoors can undermine software security, the integrity of these chips is becoming increasingly important. However, most of these microchips are manufactured in a complex global supply chain where not all parties can necessarily be trusted. Who guarantees that the chip we order is the chip we get delivered? While the European Union wants to ensure digital sovereignty through massive long-term investment in domestic IC production, we need a way to verify the integrity of microchips *today*.\r\n\r\nIn this talk, we will first briefly cover the basics of the IC design and production process. We will outline common attacks that enable the insertion of subtle malicious manipulations or backdoors, often called hardware Trojans. You don't need to have a hardware background to follow along!\r\n\r\nWe then introduce some techniques we can use to detect hardware manipulations by comparing the circuit within a microchip to its original design files by reverse engineering the chip using open-source image processing. While imaging an IC requires advanced laboratory equipment, commodity hardware is sufficient to analyze the captured images.\r\n\r\nIn the main part of our talk, we will present a case study on Trojan detection based on four different digital ICs using a Red Team vs. Blue Team approach, and give a live demonstration.\r\nWe will share what manipulations of our Red Team we are already able to find reliably, and where some work is still needed -- and we're calling on you to play with our algorithms and have a go at uncovering the Trojans that are still well-hidden. Of course, we have made our source code and entire image datasets available under a free and open license.\r\n\r\nWe'll conclude with an insight into the working process of our Blue Team -- what we learned, and how we failed -- and give an outlook on how we can lower the entry barrier into IC reverse engineering, unlocking the hardware security field for all.\n\n\nEnsuring the integrity of Integrated Circuits (ICs) against malicious hardware Trojans is paramount for secure electronic devices. One approach involves imaging the manufactured chips to compare them with their original design files. While such techniques for detecting Trojans are relatively well-known in the industry, there is a notable absence of comprehensive, publicly available case studies. To bridge this gap, we unveil a Red Team vs. Blue Team case study on hardware Trojan detection across four digital ICs in various modern feature sizes. We share our findings, algorithms, and image datasets, shedding light on the efficiency of these techniques, and offer insights into the impact of technology scaling on detection performance.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53405],"conference_id":131,"event_ids":[53750],"name":"Steffen Becker","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52445},{"content_ids":[53405],"conference_id":131,"event_ids":[53750],"name":"e7p","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52451}],"timeband_id":1142,"end":"2023-12-29T11:00:00.000-0000","links":[{"label":"Dataset","type":"link","url":"https://doi.org/10.17617/3.396Q7I"},{"label":"Tooling","type":"link","url":"https://github.com/emsec/ChipSuite"},{"label":"Paper","type":"link","url":"https://eprint.iacr.org/2022/1720"}],"id":53750,"village_id":null,"begin_timestamp":{"seconds":1703844000,"nanoseconds":0},"tag_ids":[46124,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52445},{"tag_id":46107,"sort_order":1,"person_id":52451}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Beide Projekte zielen darauf ab, die Gesundheitsdaten von Millionen Menschen zu digitalisieren und diese Behandelnden, der Forschung und der Wirtschaft bereitzustellen.\r\n\r\nIn unserem Vortrag wollen wir entlang von sieben Thesen zentrale technische und gesellschaftspolitische Untiefen der geplanten Gesundheitsdigitalisierung in der Bundesrepublik und in der EU erkunden – und den Weg zu einer alternativen Digitalisierung des Gesundheitssektors aufzeigen.\n\n\nKarl Lauterbach und die EU-Kommission haben eines gemeinsam. Beide wollen in Windeseile die Digitalisierung des Gesundheitssektors voranbringen. Die elektronische Patientenakte soll im Januar 2025 für alle Bundesbürger:innen kommen. Im gleichen Jahr ist der Start des sogenannten Europäischen Gesundheitsdatenraums geplant.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Von der ePA zum EHDS: 7 Thesen zur aktuellen digitalen Gesundheitspolitik","android_description":"Beide Projekte zielen darauf ab, die Gesundheitsdaten von Millionen Menschen zu digitalisieren und diese Behandelnden, der Forschung und der Wirtschaft bereitzustellen.\r\n\r\nIn unserem Vortrag wollen wir entlang von sieben Thesen zentrale technische und gesellschaftspolitische Untiefen der geplanten Gesundheitsdigitalisierung in der Bundesrepublik und in der EU erkunden – und den Weg zu einer alternativen Digitalisierung des Gesundheitssektors aufzeigen.\n\n\nKarl Lauterbach und die EU-Kommission haben eines gemeinsam. Beide wollen in Windeseile die Digitalisierung des Gesundheitssektors voranbringen. Die elektronische Patientenakte soll im Januar 2025 für alle Bundesbürger:innen kommen. Im gleichen Jahr ist der Start des sogenannten Europäischen Gesundheitsdatenraums geplant.","end_timestamp":{"seconds":1703847600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53395],"conference_id":131,"event_ids":[53734],"name":"Daniel Leisegang","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52255},{"content_ids":[53395],"conference_id":131,"event_ids":[53734],"name":"bkastl","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52507}],"timeband_id":1142,"links":[{"label":"Bianca Kastl","type":"link","url":"https://bkastl.de/notes"},{"label":"Daniel Leisegang","type":"link","url":"https://netzpolitik.org/author/daniellei/"}],"end":"2023-12-29T11:00:00.000-0000","id":53734,"begin_timestamp":{"seconds":1703844000,"nanoseconds":0},"village_id":null,"tag_ids":[46121,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52255},{"tag_id":46107,"sort_order":1,"person_id":52507}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","begin":"2023-12-29T10:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Understand that Machine Learning is powerful but also brittle\r\n- Give a short demo/ice breaker that includes a question to audience to show how ML is super powerful but also fails drastically.\r\n- Highlight that these failure modes can often easily be triggered once an adversary is in the loop.\r\n\r\nIntro to Large Language Models\r\n- Now pivot from generic ML to LLMs and show how the brittleness applies there.\r\n- Discuss what a LLM is and how it works briefly. Describe various prompt engineering techniques (extraction, summarization, classification, transformation,…)\r\n- Walk the audience through a typical large language model LLM application and how it works.\r\n- Highlight that there is no state, and what the context window is. But how to create a Chatbot then?\r\n- Show how systems like ChatGPT or Bing Chat leverage context window to create a conversation.\r\n- This part is important to later understand the persistence section of the talk (e.g. as long as attacker controlled data is in the context window, there is persistence of prompt injection)\r\n\r\nHighlighting real-world examples and exploits!\r\n\r\nFirst discuss three large categories of threats:\r\n Misalignment - Model Issues\r\n Jailbreaks/Direct Prompt Injections\r\n Indirect Prompt Injections\r\n\r\nWe will deep dive on (3) Indirect Prompt Injections.\r\n\r\nIndirect Prompt Injections\r\n\r\n- Walk the audience through an end to end scenario (graphic in Powerpoint) that explains a prompt injection first at a basic level.\r\n- Give a demo with ChatGPT (GPT-4) and make sure the audience understands the high level idea of a prompt injection\r\n- Then take it up a notch to explain indirect prompt injections, where untrusted data is inserted into the chat context\r\n- Show demo with Google Docs and how it fails to summarize a text correctly - this demo will fit the ChatGPT (GPT-4) example from before well.\r\n- Visual Prompt Injections (Multi-modal)\r\n- Discuss some of OpenAI’s recommendation and highlight that these mitigation steps do not work! They do not mitigate injections.\r\n- Give Bing Chat Demo of an Indirect Prompt Injection ( a demo that shows how the Chatbot achieves a new identity and objective when being exploited). e..g Bing Chat changes to a hacker that will attempt to extort Bitcoin from the user.\r\n\r\nInjection TTPs\r\n\r\nDiscuss strategies on how attackers can trick LLMs:\r\n\r\n Ignore previous instructions\r\n Acknowledge/Affirm instructions and add-on\r\n Confuse/Encode - switch languages, base64 encode text, emojis,…\r\n Algorithmic - fuzzing and attacks using offline models, and transferring those attack payloads to online models\r\n\r\nPlugins, AI Actions and Functions\r\n\r\nThis section will focus on ChatGPT plugins and the danger of the plugin ecosystem.\r\n\r\n- Explain how plugins work (public data, plugin store, installation, configuration, OAuth,…)\r\n- Show how Indirect Prompt Injection can be triggered by a plugin (plugin developers, but also anyone owning a piece of data the plugin returns)\r\n- Demo Chat with Code plugin vulnerability that allows to change the ChatGPT user’s Github repos, and even switch code from private to public. This is a systemic vulnerability and depending on a plugin’s capability can lead to RCE, data exfiltration, data destruction, etc..\r\n- Show the audience the “payload” and discuss it. It is written entirely in natural language, so the attacker does not require to know C, Python or any other programming language.\r\n\r\nData Exfiltration\r\n\r\nNow switching gears to data exfiltration examples.\r\n\r\nData exfil can occur via:\r\n - Unfurling of hyperlinks: Explain what unfurling is to the audience - apps like Discord, Slack, Teams,… do this.\r\n - Image Markdown Injection: One of the most common data exfil angles. I found ChatGPT, Bing Chat, and Anthropic Claude are vulnerable to this, and will also show how Microsoft and Anthropic fixed this problem. ChatGPT decided not to fix it, which puts users at risk of their data being stolen during an Indirect prompt injection attack.\r\n Give a detailed exploit chain walkthrough on Google Bard Data Exfiltration and bypasses.\r\n - Plugins, AI Actions, Tools: Besides taking actions on behalf of the user, plugins can also be used to exfiltrate data. Demo: Stealing a users email with Cross Plugin Request Forgery. Here is a screenshot that went viral on Twitter when I first discovered this new vulnerability class: https://twitter.com/wunderwuzzi23/status/1658348810299662336\r\n\r\nKey Take-away and Mitigations\r\n\r\n - Do not blindly trust LLM output.\r\n Remind the audience that there is no 100% deterministic solution a developer can apply. This is due to how LLM works, but give guidance to make systems more robust.\r\n Highlight the importance of Human in the Loop and to not over-rely on LLM output.\r\n\r\nNote: The below outline is a draft on what I would speak about if it would be today - it might change quite a bit until end of December as new features/vulnerabilities are introduced by Microsoft, Google and OpenAI.\n\n\nWith the rapid growth of AI and Large Language Models users are facing an increased risk of scams, data exfiltration, loss of PII, and even remote code execution. This talk will demonstrate many real-world exploits the presenter discovered, including discussion of mitigations and fixes vendors put in place for the most prominent LLM applications, including ChatGPT, Bing Chat and Google Bard.","title":"NEW IMPORTANT INSTRUCTIONS","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703846400,"nanoseconds":0},"android_description":"Understand that Machine Learning is powerful but also brittle\r\n- Give a short demo/ice breaker that includes a question to audience to show how ML is super powerful but also fails drastically.\r\n- Highlight that these failure modes can often easily be triggered once an adversary is in the loop.\r\n\r\nIntro to Large Language Models\r\n- Now pivot from generic ML to LLMs and show how the brittleness applies there.\r\n- Discuss what a LLM is and how it works briefly. Describe various prompt engineering techniques (extraction, summarization, classification, transformation,…)\r\n- Walk the audience through a typical large language model LLM application and how it works.\r\n- Highlight that there is no state, and what the context window is. But how to create a Chatbot then?\r\n- Show how systems like ChatGPT or Bing Chat leverage context window to create a conversation.\r\n- This part is important to later understand the persistence section of the talk (e.g. as long as attacker controlled data is in the context window, there is persistence of prompt injection)\r\n\r\nHighlighting real-world examples and exploits!\r\n\r\nFirst discuss three large categories of threats:\r\n Misalignment - Model Issues\r\n Jailbreaks/Direct Prompt Injections\r\n Indirect Prompt Injections\r\n\r\nWe will deep dive on (3) Indirect Prompt Injections.\r\n\r\nIndirect Prompt Injections\r\n\r\n- Walk the audience through an end to end scenario (graphic in Powerpoint) that explains a prompt injection first at a basic level.\r\n- Give a demo with ChatGPT (GPT-4) and make sure the audience understands the high level idea of a prompt injection\r\n- Then take it up a notch to explain indirect prompt injections, where untrusted data is inserted into the chat context\r\n- Show demo with Google Docs and how it fails to summarize a text correctly - this demo will fit the ChatGPT (GPT-4) example from before well.\r\n- Visual Prompt Injections (Multi-modal)\r\n- Discuss some of OpenAI’s recommendation and highlight that these mitigation steps do not work! They do not mitigate injections.\r\n- Give Bing Chat Demo of an Indirect Prompt Injection ( a demo that shows how the Chatbot achieves a new identity and objective when being exploited). e..g Bing Chat changes to a hacker that will attempt to extort Bitcoin from the user.\r\n\r\nInjection TTPs\r\n\r\nDiscuss strategies on how attackers can trick LLMs:\r\n\r\n Ignore previous instructions\r\n Acknowledge/Affirm instructions and add-on\r\n Confuse/Encode - switch languages, base64 encode text, emojis,…\r\n Algorithmic - fuzzing and attacks using offline models, and transferring those attack payloads to online models\r\n\r\nPlugins, AI Actions and Functions\r\n\r\nThis section will focus on ChatGPT plugins and the danger of the plugin ecosystem.\r\n\r\n- Explain how plugins work (public data, plugin store, installation, configuration, OAuth,…)\r\n- Show how Indirect Prompt Injection can be triggered by a plugin (plugin developers, but also anyone owning a piece of data the plugin returns)\r\n- Demo Chat with Code plugin vulnerability that allows to change the ChatGPT user’s Github repos, and even switch code from private to public. This is a systemic vulnerability and depending on a plugin’s capability can lead to RCE, data exfiltration, data destruction, etc..\r\n- Show the audience the “payload” and discuss it. It is written entirely in natural language, so the attacker does not require to know C, Python or any other programming language.\r\n\r\nData Exfiltration\r\n\r\nNow switching gears to data exfiltration examples.\r\n\r\nData exfil can occur via:\r\n - Unfurling of hyperlinks: Explain what unfurling is to the audience - apps like Discord, Slack, Teams,… do this.\r\n - Image Markdown Injection: One of the most common data exfil angles. I found ChatGPT, Bing Chat, and Anthropic Claude are vulnerable to this, and will also show how Microsoft and Anthropic fixed this problem. ChatGPT decided not to fix it, which puts users at risk of their data being stolen during an Indirect prompt injection attack.\r\n Give a detailed exploit chain walkthrough on Google Bard Data Exfiltration and bypasses.\r\n - Plugins, AI Actions, Tools: Besides taking actions on behalf of the user, plugins can also be used to exfiltrate data. Demo: Stealing a users email with Cross Plugin Request Forgery. Here is a screenshot that went viral on Twitter when I first discovered this new vulnerability class: https://twitter.com/wunderwuzzi23/status/1658348810299662336\r\n\r\nKey Take-away and Mitigations\r\n\r\n - Do not blindly trust LLM output.\r\n Remind the audience that there is no 100% deterministic solution a developer can apply. This is due to how LLM works, but give guidance to make systems more robust.\r\n Highlight the importance of Human in the Loop and to not over-rely on LLM output.\r\n\r\nNote: The below outline is a draft on what I would speak about if it would be today - it might change quite a bit until end of December as new features/vulnerabilities are introduced by Microsoft, Google and OpenAI.\n\n\nWith the rapid growth of AI and Large Language Models users are facing an increased risk of scams, data exfiltration, loss of PII, and even remote code execution. This talk will demonstrate many real-world exploits the presenter discovered, including discussion of mitigations and fixes vendors put in place for the most prominent LLM applications, including ChatGPT, Bing Chat and Google Bard.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53386],"conference_id":131,"event_ids":[53732],"name":"Johann Rehberger","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52267}],"timeband_id":1142,"end":"2023-12-29T10:40:00.000-0000","links":[{"label":"My Blog - Embrace The Red ","type":"link","url":"https://embracethered.com"},{"label":"WIRED: ChatGPT Has a Plug-In Problem","type":"link","url":"https://www.wired.com/story/chatgpt-plugins-security-privacy-risk/"},{"label":"WIRED: The Security Hole at the Heart of ChatGPT and Bing","type":"link","url":"https://www.wired.com/story/chatgpt-prompt-injection-attack-security/"},{"label":"The Guardian: https://www.theguardian.com/technology/2023/aug/30/uk-cybersecurity-agency-warns-of-chatbot-prompt-injection-attacks","type":"link","url":"https://www.theguardian.com/technology/2023/aug/30/uk-cybersecurity-agency-warns-of-chatbot-prompt-injection-attacks"},{"label":"With AI, Hackers Can Simply Talk Computers Into Misbehaving","type":"link","url":"https://www.wsj.com/articles/with-ai-hackers-can-simply-talk-computers-into-misbehaving-ad488686"}],"id":53732,"begin_timestamp":{"seconds":1703844000,"nanoseconds":0},"village_id":null,"tag_ids":[46124,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52267}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-29T10:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"DE:\r\nIhr seid eine kleine Gruppe, die eine gemütliche Ecke braucht? Kommt vorbei. Oder einen Tisch, an dem ihr etwas bauen, basteln, werkeln könnt? Wir haben Tische. Ihr wollt ein paar Spiele spielen? Macht auch gerne das.\r\n\r\nIn dieser unmoderierten Session könnt ihr den Workshopraum gemeinsam nutzen und vielleicht auch gucken, was die anderen gerade so interessantes machen. Gesellt euch dazu, so lange Platz ist und die Anwesenden den Raum gemeinsam nutzen können, ohne sich dabei zu stören.\r\n\r\nEN:\r\nYou are a small group that needs a cozy corner? Come on over. Or a table where you can build something, tinker, craft? We have tables. You want to play some games? Feel free to do that too.\r\n\r\nIn this unmoderated session, you can share the workshop room and maybe see what others are doing that's interesting.Join this open session as long as there is room and those present can share the space without interfering with each other.\n\n\nDE: Während dieser Session ist der Workshopraum für alle offen, die sich hier treffen möchten. Er soll ein Raum für produktiven Austausch sein.\r\n\r\nEN: During this session, the workshop room is open to anyone who would like to meet here. Our room is meant to be a space for productive exchange.","type":{"conference_id":131,"conference":"37C3","color":"#7f73c6","updated_at":"2024-06-07T03:40+0000","name":"Workshop","id":46133},"title":"Offene Workshop-Sessions Tag 3 | Open workshop sessions day 3","android_description":"DE:\r\nIhr seid eine kleine Gruppe, die eine gemütliche Ecke braucht? Kommt vorbei. Oder einen Tisch, an dem ihr etwas bauen, basteln, werkeln könnt? Wir haben Tische. Ihr wollt ein paar Spiele spielen? Macht auch gerne das.\r\n\r\nIn dieser unmoderierten Session könnt ihr den Workshopraum gemeinsam nutzen und vielleicht auch gucken, was die anderen gerade so interessantes machen. Gesellt euch dazu, so lange Platz ist und die Anwesenden den Raum gemeinsam nutzen können, ohne sich dabei zu stören.\r\n\r\nEN:\r\nYou are a small group that needs a cozy corner? Come on over. Or a table where you can build something, tinker, craft? We have tables. You want to play some games? Feel free to do that too.\r\n\r\nIn this unmoderated session, you can share the workshop room and maybe see what others are doing that's interesting.Join this open session as long as there is room and those present can share the space without interfering with each other.\n\n\nDE: Während dieser Session ist der Workshopraum für alle offen, die sich hier treffen möchten. Er soll ein Raum für produktiven Austausch sein.\r\n\r\nEN: During this session, the workshop room is open to anyone who would like to meet here. Our room is meant to be a space for productive exchange.","end_timestamp":{"seconds":1703848500,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T11:15:00.000-0000","id":53804,"begin_timestamp":{"seconds":1703843100,"nanoseconds":0},"village_id":null,"tag_ids":[46133,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"spans_timebands":"N","begin":"2023-12-29T09:45:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Pinhole cameras, caffenol, cyanotype & co - reinventing the wheel to take an analog photo!\r\n \r\nShoot and develop your own analog photo with minimalist equipment and non-toxic household ingredients! A selfmade pinhole camera, photo paper and coffee as a developer is enough to get started.After that, the result will be printed on self-made blue & white cyanotype paper.No prior knowledge needed, all material is provided.\r\n\r\n############\r\n\r\nElias / Anna\r\n We are hobby photographers / filmers always looking for new ways & recipes to expand our knowledge about analog photographic processes.\n\n\nLochkameras, Caffenol, Blaudruck & co - erfinde das Rad neu, um ein analoges Photo zu schießen!","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Art and Play: DIY photolab research #2","android_description":"Pinhole cameras, caffenol, cyanotype & co - reinventing the wheel to take an analog photo!\r\n \r\nShoot and develop your own analog photo with minimalist equipment and non-toxic household ingredients! A selfmade pinhole camera, photo paper and coffee as a developer is enough to get started.After that, the result will be printed on self-made blue & white cyanotype paper.No prior knowledge needed, all material is provided.\r\n\r\n############\r\n\r\nElias / Anna\r\n We are hobby photographers / filmers always looking for new ways & recipes to expand our knowledge about analog photographic processes.\n\n\nLochkameras, Caffenol, Blaudruck & co - erfinde das Rad neu, um ein analoges Photo zu schießen!","end_timestamp":{"seconds":1703854800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T13:00:00.000-0000","id":53980,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703840400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Art and Play Workshop table [H]","hotel":"","short_name":"Art and Play Workshop table [H]","id":46162},"begin":"2023-12-29T09:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Large Language Models (LLMs) have taken the world by storm. Alongside their vast potential, these models also present unique security challenges. This session will serve as a primer on LLM security, introducing key issues and concepts related to the security of LLMs and systems relying on them. For example, we will be looking at issues such as prompt injection, sensitive information disclosure, and issues related to the use of plugins. Of course, we are also going to look at how to red-team LLMs.\r\n\r\n### Target Audience\r\n\r\nThis session targets beginners and does not assume (in-depth) knowledge about LLMs. Please note that this session will not be about using LLMs in offensive or defensive cybersecurity.\r\n\r\n#### Learning Objectives\r\n\r\nFrom a learning perspective, after the session, participants will be able to …\r\n\r\n- describe what LLMs are and how they fundamentally function.\r\n- describe common security issues related to LLMs and systems relying on LLMs.\r\n- describe what LLM red teaming is.\r\n- perform some basic attacks against LLMs to test them for common issues.\r\n\r\n### Format\r\n\r\nThe session will be split into a 30-minute introductory talk as well as 15 minutes of discussion. Participants will be provided with the slides as well as some resources for further study.\r\n\r\n### Material\r\n* [Slides as PDF](https://docs.kleiber.me/2023-12-29-Kleiber-A-Primer-On-LLM-Security.pdf)\r\n* [Selected Resources as Google Doc](https://docs.google.com/document/d/1ETJbHCg0tRQE6vUxaqYBuIz2mk6ii5CU12RpZ1q9aEg/edit?usp=sharing)\r\n\r\n\r\nPs. I would highly recommend attending Johan Rehberger’s Talk \"[NEW IMPORTANT INSTRUCTIONS]( https://events.ccc.de/congress/2023/hub/de/event/new_important_instructions/)\" in Saal 1 after this session.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"A Primer on LLM Security","end_timestamp":{"seconds":1703843100,"nanoseconds":0},"android_description":"Large Language Models (LLMs) have taken the world by storm. Alongside their vast potential, these models also present unique security challenges. This session will serve as a primer on LLM security, introducing key issues and concepts related to the security of LLMs and systems relying on them. For example, we will be looking at issues such as prompt injection, sensitive information disclosure, and issues related to the use of plugins. Of course, we are also going to look at how to red-team LLMs.\r\n\r\n### Target Audience\r\n\r\nThis session targets beginners and does not assume (in-depth) knowledge about LLMs. Please note that this session will not be about using LLMs in offensive or defensive cybersecurity.\r\n\r\n#### Learning Objectives\r\n\r\nFrom a learning perspective, after the session, participants will be able to …\r\n\r\n- describe what LLMs are and how they fundamentally function.\r\n- describe common security issues related to LLMs and systems relying on LLMs.\r\n- describe what LLM red teaming is.\r\n- perform some basic attacks against LLMs to test them for common issues.\r\n\r\n### Format\r\n\r\nThe session will be split into a 30-minute introductory talk as well as 15 minutes of discussion. Participants will be provided with the slides as well as some resources for further study.\r\n\r\n### Material\r\n* [Slides as PDF](https://docs.kleiber.me/2023-12-29-Kleiber-A-Primer-On-LLM-Security.pdf)\r\n* [Selected Resources as Google Doc](https://docs.google.com/document/d/1ETJbHCg0tRQE6vUxaqYBuIz2mk6ii5CU12RpZ1q9aEg/edit?usp=sharing)\r\n\r\n\r\nPs. I would highly recommend attending Johan Rehberger’s Talk \"[NEW IMPORTANT INSTRUCTIONS]( https://events.ccc.de/congress/2023/hub/de/event/new_important_instructions/)\" in Saal 1 after this session.","updated_timestamp":{"seconds":1703808300,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T09:45:00.000-0000","id":53946,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703840400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"N","updated":"2023-12-29T00:05:00.000-0000","begin":"2023-12-29T09:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We'll do some Yoga to calm our minds and move them bodies. Bring along comfortable clothes – and a towel to lie on 😁\n\n\n","title":"Hitchhiker's Towel-Yoga","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"We'll do some Yoga to calm our minds and move them bodies. Bring along comfortable clothes – and a towel to lie on 😁","end_timestamp":{"seconds":1703843100,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T09:45:00.000-0000","id":53499,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703839500,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"N","begin":"2023-12-29T08:45:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This session will be in German.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Azubitag Intro","android_description":"This session will be in German.","end_timestamp":{"seconds":1703844000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T10:00:00.000-0000","id":53556,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703838600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-29T08:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Jil, Janis and Ben are three friends. They are going to unite on the decks with their love for music with selected yet rare sounds oscillating between known and unknown places. Lets ccchill ³\n\n\nhttps://soundcloud.com/djinternetoffline/internet-offline-b2b-junus-at-zmar\r\nhttps://soundcloud.com/bedaaa_a/beda-ben-call-kutter","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Jill, Janis & Ben","end_timestamp":{"seconds":1703833200,"nanoseconds":0},"android_description":"Jil, Janis and Ben are three friends. They are going to unite on the decks with their love for music with selected yet rare sounds oscillating between known and unknown places. Lets ccchill ³\n\n\nhttps://soundcloud.com/djinternetoffline/internet-offline-b2b-junus-at-zmar\r\nhttps://soundcloud.com/bedaaa_a/beda-ben-call-kutter","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T07:00:00.000-0000","id":53929,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703822400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"begin":"2023-12-29T04:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Von Natur aus dem freien Musizieren zugewandt, wird die Symbiose von Experiment und Linie gesucht - mit Phasen der geraden Linie, sowie des Schwebens in Klangwolken. Mit digitalen Synths und Effekten werden Klangräume erzeugt und mit Loops gehalten. Gleich dem Blick in den Nachthimmel, kann hinter dem Chaotischen eine Ordnung erkennbar, und Geordnetes durch Spontanes gebrochen werden.\n\n\nhttps://soundcloud.com/user-589558225","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Waldemar Frost (live)","android_description":"Von Natur aus dem freien Musizieren zugewandt, wird die Symbiose von Experiment und Linie gesucht - mit Phasen der geraden Linie, sowie des Schwebens in Klangwolken. Mit digitalen Synths und Effekten werden Klangräume erzeugt und mit Loops gehalten. Gleich dem Blick in den Nachthimmel, kann hinter dem Chaotischen eine Ordnung erkennbar, und Geordnetes durch Spontanes gebrochen werden.\n\n\nhttps://soundcloud.com/user-589558225","end_timestamp":{"seconds":1703822400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T04:00:00.000-0000","id":53928,"village_id":null,"begin_timestamp":{"seconds":1703818800,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"N","begin":"2023-12-29T03:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/steffenbennemann\n\n\nhttps://soundcloud.com/steffenbennemann","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"steffen bennemann","android_description":"https://soundcloud.com/steffenbennemann\n\n\nhttps://soundcloud.com/steffenbennemann","end_timestamp":{"seconds":1703826000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T05:00:00.000-0000","id":53848,"begin_timestamp":{"seconds":1703818800,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","begin":"2023-12-29T03:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"cwiejung is a soundartist based in Worpswede, who uses drawings as random generators for tonal ghost grids and scales. The generated sounds range from a-/rhytmical minimal key patterns over resonating fields to noise.\n\n\nhttps://m.soundcloud.com/cwiejung","title":"cwiejung (live)","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"cwiejung is a soundartist based in Worpswede, who uses drawings as random generators for tonal ghost grids and scales. The generated sounds range from a-/rhytmical minimal key patterns over resonating fields to noise.\n\n\nhttps://m.soundcloud.com/cwiejung","end_timestamp":{"seconds":1703817000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T02:30:00.000-0000","id":53927,"village_id":null,"begin_timestamp":{"seconds":1703813400,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"begin":"2023-12-29T01:30:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Acidfinky (she/they) is a\r\nGerman/Algerian DJ and\r\nproducer based in Berlin.\r\nShe is a Golden Pudel\r\n(Hamburg) and THF Radio\r\nresident, member of the\r\nfeminist collective BLVSH\r\nand founder of Twisting\r\nKnobs Records.\r\nShe usually plays “crispy\r\nsounds”, an umbrella term\r\nshe uses to define heavy\r\nbasslines combined with\r\nsharp drums and ear candy.\r\n\r\nhttps://linktr.ee/acidfinky\n\n\nGolden Pudel\r\nTwisting Knobs\r\nBLVSH\r\nTHF","title":"Acidfinky","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703818800,"nanoseconds":0},"android_description":"Acidfinky (she/they) is a\r\nGerman/Algerian DJ and\r\nproducer based in Berlin.\r\nShe is a Golden Pudel\r\n(Hamburg) and THF Radio\r\nresident, member of the\r\nfeminist collective BLVSH\r\nand founder of Twisting\r\nKnobs Records.\r\nShe usually plays “crispy\r\nsounds”, an umbrella term\r\nshe uses to define heavy\r\nbasslines combined with\r\nsharp drums and ear candy.\r\n\r\nhttps://linktr.ee/acidfinky\n\n\nGolden Pudel\r\nTwisting Knobs\r\nBLVSH\r\nTHF","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T03:00:00.000-0000","id":53883,"village_id":null,"begin_timestamp":{"seconds":1703811600,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"begin":"2023-12-29T01:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Basketball Operations Center presents an opportunity to not stream the game together\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"🏀 Timberwolves:Mavericks","end_timestamp":{"seconds":1703818800,"nanoseconds":0},"android_description":"Basketball Operations Center presents an opportunity to not stream the game together","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T03:00:00.000-0000","id":53641,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703811600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","begin":"2023-12-29T01:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"(Live-Stream aus Saal 1)\r\n\r\nIn einer sich zunehmend bizarr anfühlenden Welt bringt der Fnord-Rückblick Struktur, verteilt renommierte Awards und sucht nach den leichteren Momenten in der allgemeinen Flut aus schlechten Nachrichten.\r\n\r\nWir feiern dieses Jahr unser 20. Jubiläum, daher werden wir etwas weiter zurückblicken.","title":"Streaming: Fnord-Jahresrückblick-Rückblick","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703812800,"nanoseconds":0},"android_description":"(Live-Stream aus Saal 1)\r\n\r\nIn einer sich zunehmend bizarr anfühlenden Welt bringt der Fnord-Rückblick Struktur, verteilt renommierte Awards und sucht nach den leichteren Momenten in der allgemeinen Flut aus schlechten Nachrichten.\r\n\r\nWir feiern dieses Jahr unser 20. Jubiläum, daher werden wir etwas weiter zurückblicken.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T01:20:00.000-0000","id":53863,"begin_timestamp":{"seconds":1703807400,"nanoseconds":0},"tag_ids":[46120,46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","begin":"2023-12-28T23:50:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In einer sich zunehmend bizarr anfühlenden Welt bringt der Fnord-Rückblick Struktur, verteilt renommierte Awards und sucht nach den leichteren Momenten in der allgemeinen Flut aus schlechten Nachrichten.\r\n\r\nWir feiern dieses Jahr unser 20. Jubiläum, daher werden wir etwas weiter zurückblicken.","title":"Fnord-Jahresrückblick-Rückblick","type":{"conference_id":131,"conference":"37C3","color":"#d3d44d","updated_at":"2024-06-07T03:40+0000","name":"performance","id":46138},"end_timestamp":{"seconds":1703812800,"nanoseconds":0},"android_description":"In einer sich zunehmend bizarr anfühlenden Welt bringt der Fnord-Rückblick Struktur, verteilt renommierte Awards und sucht nach den leichteren Momenten in der allgemeinen Flut aus schlechten Nachrichten.\r\n\r\nWir feiern dieses Jahr unser 20. Jubiläum, daher werden wir etwas weiter zurückblicken.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53288,53493],"conference_id":131,"event_ids":[53799,53653],"name":"frank","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52264},{"content_ids":[53288,53590],"conference_id":131,"event_ids":[53941,53653],"name":"Fefe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52390}],"timeband_id":1142,"links":[],"end":"2023-12-29T01:20:00.000-0000","id":53653,"village_id":null,"tag_ids":[46120,46138,46139],"begin_timestamp":{"seconds":1703807400,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52390},{"tag_id":46107,"sort_order":1,"person_id":52264}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T23:50:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Was ist zu tun gegen störendes Brummen? Wie versteht man Sensitivity und Gainstruktur? Was bedeutet eigentlich 'Phase'? Und wie positioniert man Subwoofer optimal? In diesem Vortrag möchte ich solche und weitere häufig auftretende Probleme bei der Verwendung von Tontechnik und Lautsprechern beleuchten. Ziel ist es, praxisnahe Lösungen und Tipps zu präsentieren, um das Beste aus deinem nächsten Projekt herauszuholen und gängige Herausforderungen erfolgreich zu meistern.\n\n\nMehr als nur Lärm: Ein Sprint vom kleinen Audio-Einmaleins bis zum Phasealignment mit FFT-Analyzer\r\n\r\nVon “Disco Dieter” bis zur ausgewachsenen Stadioninstallation - gegen physikalische Grundprinzipien kann man wenig tun. Manchmal kann man Sie für sich nutzen, meistens geht man Kompromisse ein. Oft lässt sich mit einfachen Mitteln Sound verbessern.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"Sonic Alchemy","android_description":"Was ist zu tun gegen störendes Brummen? Wie versteht man Sensitivity und Gainstruktur? Was bedeutet eigentlich 'Phase'? Und wie positioniert man Subwoofer optimal? In diesem Vortrag möchte ich solche und weitere häufig auftretende Probleme bei der Verwendung von Tontechnik und Lautsprechern beleuchten. Ziel ist es, praxisnahe Lösungen und Tipps zu präsentieren, um das Beste aus deinem nächsten Projekt herauszuholen und gängige Herausforderungen erfolgreich zu meistern.\n\n\nMehr als nur Lärm: Ein Sprint vom kleinen Audio-Einmaleins bis zum Phasealignment mit FFT-Analyzer\r\n\r\nVon “Disco Dieter” bis zur ausgewachsenen Stadioninstallation - gegen physikalische Grundprinzipien kann man wenig tun. Manchmal kann man Sie für sich nutzen, meistens geht man Kompromisse ein. Oft lässt sich mit einfachen Mitteln Sound verbessern.","end_timestamp":{"seconds":1703807400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-28T23:50:00.000-0000","id":53665,"village_id":null,"tag_ids":[46122,46136,46139],"begin_timestamp":{"seconds":1703805000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T23:10:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Berlin based interdisciplinarily\r\nartist and selector Loa Mauna cruises between abstract electronics and melodic sound patterns, graveyard and morning glory, following her passion for softness.\r\n\r\nphotocredits: Suzanne Caroline de Carrasco\n\n\nhttps://soundcloud.com/bl-mchen2000","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Loa Mauna (Dj)","end_timestamp":{"seconds":1703813400,"nanoseconds":0},"android_description":"Berlin based interdisciplinarily\r\nartist and selector Loa Mauna cruises between abstract electronics and melodic sound patterns, graveyard and morning glory, following her passion for softness.\r\n\r\nphotocredits: Suzanne Caroline de Carrasco\n\n\nhttps://soundcloud.com/bl-mchen2000","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T01:30:00.000-0000","id":53926,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703804400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T23:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The resident duo of Hamburg’s PAL club shared both their first rave and first gig. Expect hallucinogenic night drive trance and driving 90s techno fused with percussive gems from the old and new school as well as progressive dreams and acid-infused euphoria to get you in the zone.\r\n\r\nEach time they get together to meld their long-grown libraries of music and their imaginative ways of mixing makes for a contagious energy that catches you anywhere: cut off from the world with your in-ears on the train, cuffing with your fav person at home or pumping on the system at your sweet spot on the dance floor.\r\n\r\nhttps://soundcloud.com/epikurmusic\n\n\nThe resident duo of Hamburg’s PAL club","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Epikur","end_timestamp":{"seconds":1703811600,"nanoseconds":0},"android_description":"The resident duo of Hamburg’s PAL club shared both their first rave and first gig. Expect hallucinogenic night drive trance and driving 90s techno fused with percussive gems from the old and new school as well as progressive dreams and acid-infused euphoria to get you in the zone.\r\n\r\nEach time they get together to meld their long-grown libraries of music and their imaginative ways of mixing makes for a contagious energy that catches you anywhere: cut off from the world with your in-ears on the train, cuffing with your fav person at home or pumping on the system at your sweet spot on the dance floor.\r\n\r\nhttps://soundcloud.com/epikurmusic\n\n\nThe resident duo of Hamburg’s PAL club","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T01:00:00.000-0000","id":53921,"village_id":null,"begin_timestamp":{"seconds":1703804400,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"begin":"2023-12-28T23:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Liebe Hacker:innen von Neuland, was für ein Jahr liegt hinter uns! Ein Jahr, das einige Veränderungen mit sich gebracht hat. Und das gezeigt hat: Wir dürfen nicht müde werden, für eine lebenswerte digitale und analoge Welt zu kämpfen. Tun wir miteinander alles – aber auch wirklich alles – dafür, dass wir diejenigen, die unser schönes Neuland zu einem Ort der Autoritäten und Konzerne machen wollen, im neuen Jahr endlich besiegen können.\n\n\n(Live-Stream aus Saal 1)\r\nEin halb satirischer, halb ernster Rück- und Ausblick auf die Baustellen der digitalen Welt.","title":"Streaming: Die netzpolitische Neujahrsansprache","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Liebe Hacker:innen von Neuland, was für ein Jahr liegt hinter uns! Ein Jahr, das einige Veränderungen mit sich gebracht hat. Und das gezeigt hat: Wir dürfen nicht müde werden, für eine lebenswerte digitale und analoge Welt zu kämpfen. Tun wir miteinander alles – aber auch wirklich alles – dafür, dass wir diejenigen, die unser schönes Neuland zu einem Ort der Autoritäten und Konzerne machen wollen, im neuen Jahr endlich besiegen können.\n\n\n(Live-Stream aus Saal 1)\r\nEin halb satirischer, halb ernster Rück- und Ausblick auf die Baustellen der digitalen Welt.","end_timestamp":{"seconds":1703807400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-28T23:50:00.000-0000","id":53911,"village_id":null,"tag_ids":[46120,46137,46139],"begin_timestamp":{"seconds":1703804400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T23:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Bring your favorite synthesizer (whether hardware or software)!\r\n\r\nLet's talk about these wonderful devices and also maybe hold a jam session.\r\n\r\nFor the jam session, it would be best if you bring headphones and a small mixing console with two output channels, so that we are as flexible as possible in interaction and do not disturb anyone. I will try to get a room. Maybe we can also use the PA in a lecture hall after the end of the talks. But I still have to arrange that.\r\n\r\nIf you want to Jam, it would be good if you wired your setup so far in advance and maybe appear a little earlier so that we don't lose too much time.\n\n\n","title":"Synthesizer meet up","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703811600,"nanoseconds":0},"android_description":"Bring your favorite synthesizer (whether hardware or software)!\r\n\r\nLet's talk about these wonderful devices and also maybe hold a jam session.\r\n\r\nFor the jam session, it would be best if you bring headphones and a small mixing console with two output channels, so that we are as flexible as possible in interaction and do not disturb anyone. I will try to get a room. Maybe we can also use the PA in a lecture hall after the end of the talks. But I still have to arrange that.\r\n\r\nIf you want to Jam, it would be good if you wired your setup so far in advance and maybe appear a little earlier so that we don't lose too much time.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T01:00:00.000-0000","id":53685,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703804400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"begin":"2023-12-28T23:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Liebe Hacker:innen von Neuland, was für ein Jahr liegt hinter uns! Ein Jahr, das einige Veränderungen mit sich gebracht hat. Und das gezeigt hat: Wir dürfen nicht müde werden, für eine lebenswerte digitale und analoge Welt zu kämpfen. Tun wir miteinander alles – aber auch wirklich alles – dafür, dass wir diejenigen, die unser schönes Neuland zu einem Ort der Autoritäten und Konzerne machen wollen, im neuen Jahr endlich besiegen können.\n\n\nEin halb satirischer, halb ernster Rück- und Ausblick auf die Baustellen der digitalen Welt.","title":"Die netzpolitische Neujahrsansprache","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703807400,"nanoseconds":0},"android_description":"Liebe Hacker:innen von Neuland, was für ein Jahr liegt hinter uns! Ein Jahr, das einige Veränderungen mit sich gebracht hat. Und das gezeigt hat: Wir dürfen nicht müde werden, für eine lebenswerte digitale und analoge Welt zu kämpfen. Tun wir miteinander alles – aber auch wirklich alles – dafür, dass wir diejenigen, die unser schönes Neuland zu einem Ort der Autoritäten und Konzerne machen wollen, im neuen Jahr endlich besiegen können.\n\n\nEin halb satirischer, halb ernster Rück- und Ausblick auf die Baustellen der digitalen Welt.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53287],"conference_id":131,"event_ids":[53652],"name":"Markus Reuter","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52262},{"content_ids":[53287,53391],"conference_id":131,"event_ids":[53738,53652],"name":"khaleesi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52277},{"content_ids":[53287,53390,53397],"conference_id":131,"event_ids":[53737,53743,53652],"name":"Anna Biselli","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52420}],"timeband_id":1142,"links":[],"end":"2023-12-28T23:50:00.000-0000","id":53652,"tag_ids":[46120,46136,46139],"village_id":null,"begin_timestamp":{"seconds":1703804400,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52420},{"tag_id":46107,"sort_order":1,"person_id":52262},{"tag_id":46107,"sort_order":1,"person_id":52277}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-28T23:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir werden zusammen schreiben und über unsere Texte sprechen in folgendem Format:\r\n\r\n1. Wir ziehen einen Zufallsbegriff aus dem Glas (virtuell)\r\n2. Über/zu diesem Begriff schreibt dann jede/r einen kurzen Text, 10 Minuten, egal welches Genre oder Format\r\n3. Dann kann jede/r der mag den Text vorlesen und wir reden darüber / geben Feedback. (Der Teil nimmt normal am meisten Platz ein und führt auch oft zu guten Gesprächen/Abschweifungen über Literatur und andere ähnliche Texte)\r\n\r\nDie 10 Minuten zeitlimit sind auch dafür gedacht den inneren Kritiker auszuschalten, wenn man eh nur 10 Minuten hat kann und muss es nicht perfekt sein :)\r\n\r\n🧮\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Schreibtreff - Zusammen Kurzgeschichten schreiben","android_description":"Wir werden zusammen schreiben und über unsere Texte sprechen in folgendem Format:\r\n\r\n1. Wir ziehen einen Zufallsbegriff aus dem Glas (virtuell)\r\n2. Über/zu diesem Begriff schreibt dann jede/r einen kurzen Text, 10 Minuten, egal welches Genre oder Format\r\n3. Dann kann jede/r der mag den Text vorlesen und wir reden darüber / geben Feedback. (Der Teil nimmt normal am meisten Platz ein und führt auch oft zu guten Gesprächen/Abschweifungen über Literatur und andere ähnliche Texte)\r\n\r\nDie 10 Minuten zeitlimit sind auch dafür gedacht den inneren Kritiker auszuschalten, wenn man eh nur 10 Minuten hat kann und muss es nicht perfekt sein :)\r\n\r\n🧮","end_timestamp":{"seconds":1703809800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1142,"links":[],"end":"2023-12-29T00:30:00.000-0000","id":53530,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703804400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T23:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"\"Gala Be Need Inn\" ist der deutschsprachige Quizpodcast dessen Name ein Anagramm des Originals ist. Wir klären die wirklich wichtigen Fragen des Lebens: Was ist ein Alarmstuhl, was ist der Schwiegermutter Sitz und wieso haben Schaffner in Frankreich Knallerbsen dabei?","title":"Gala Be Need Inn - Locke Dun Ausgabe","type":{"conference_id":131,"conference":"37C3","color":"#e78bea","updated_at":"2024-06-07T03:40+0000","name":"Live podcast stage (90 minutes)","id":46127},"android_description":"\"Gala Be Need Inn\" ist der deutschsprachige Quizpodcast dessen Name ein Anagramm des Originals ist. Wir klären die wirklich wichtigen Fragen des Lebens: Was ist ein Alarmstuhl, was ist der Schwiegermutter Sitz und wieso haben Schaffner in Frankreich Knallerbsen dabei?","end_timestamp":{"seconds":1703808000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[{"content_ids":[53197,53318,53344],"conference_id":131,"event_ids":[53696,53507,53458],"name":"MacSnider","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52346}],"timeband_id":1141,"links":[],"end":"2023-12-29T00:00:00.000-0000","id":53696,"begin_timestamp":{"seconds":1703802600,"nanoseconds":0},"tag_ids":[46127,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52346}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"spans_timebands":"Y","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T22:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Introduction to hypercomputation, fictitious machines which can compute for longer than infinity, in combination with exploring certain alternative mathematical universes built from such machines. **Not a well-prepared talk, more a conversation.** We meet at the elevators a couple meters left of Stage Y.\r\n\r\n[Here is a list of other sessions from our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮","title":"Wondrous mathematics: Exploring hypercomputation with the effective topos","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Introduction to hypercomputation, fictitious machines which can compute for longer than infinity, in combination with exploring certain alternative mathematical universes built from such machines. **Not a well-prepared talk, more a conversation.** We meet at the elevators a couple meters left of Stage Y.\r\n\r\n[Here is a list of other sessions from our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮","end_timestamp":{"seconds":1703804400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T23:00:00.000-0000","id":53851,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703801400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Quasiroom","hotel":"","short_name":"Quasiroom","id":46142},"begin":"2023-12-28T22:10:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Days of Delay weaves filigree webs in the acoustic wormhole of everyday life with extraordinary ambient music and exciting live performances.\r\n\r\nA magical search for traces of touching sounds lets people come to rest and connects through a unique kind of acoustic deceleration: In clubs and at festivals, but also in interplay with special places such as airports, churches, galleries, gardens or museums.\r\n\r\nThe cinematic sound paintings created by Hamburg-based musician Cyrus Ashrafi merge time and space into musicality and experimentation, whose expression reaches far beyond the often reticent ambient genre.\n\n\nhttps://www.daysofdelay.com/ambientmusic.html","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Days of Delay","end_timestamp":{"seconds":1703804400,"nanoseconds":0},"android_description":"Days of Delay weaves filigree webs in the acoustic wormhole of everyday life with extraordinary ambient music and exciting live performances.\r\n\r\nA magical search for traces of touching sounds lets people come to rest and connects through a unique kind of acoustic deceleration: In clubs and at festivals, but also in interplay with special places such as airports, churches, galleries, gardens or museums.\r\n\r\nThe cinematic sound paintings created by Hamburg-based musician Cyrus Ashrafi merge time and space into musicality and experimentation, whose expression reaches far beyond the often reticent ambient genre.\n\n\nhttps://www.daysofdelay.com/ambientmusic.html","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T23:00:00.000-0000","id":53884,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703800800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"Y","begin":"2023-12-28T22:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Mindsight is an experimental electronic music project by Josh Neumann from Munich. Josh's music ranges from atmospheric textures and joyful soundscapes to energetic deconstructed beats - effortlessly combining different inspirations that are not bound to any genre. Beyond music, Josh is active in various collectives and alliances such as Freiräumen or Common Ground.\r\n\r\nFotocredit: Yunus Hutterer\r\n\r\nLinks: \r\nhttps://soundcloud.com/iammindsight\r\nhttps://mindsight.bandcamp.com/\r\nhttps://chaos.social/@mindsight\r\nhttps://www.instagram.com/iammindsight\n\n\nMindsight ist ein experimentelles elektronisches Musikprojekt von Josh Neumann aus München.","title":"Mindsight - live","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703804400,"nanoseconds":0},"android_description":"Mindsight is an experimental electronic music project by Josh Neumann from Munich. Josh's music ranges from atmospheric textures and joyful soundscapes to energetic deconstructed beats - effortlessly combining different inspirations that are not bound to any genre. Beyond music, Josh is active in various collectives and alliances such as Freiräumen or Common Ground.\r\n\r\nFotocredit: Yunus Hutterer\r\n\r\nLinks: \r\nhttps://soundcloud.com/iammindsight\r\nhttps://mindsight.bandcamp.com/\r\nhttps://chaos.social/@mindsight\r\nhttps://www.instagram.com/iammindsight\n\n\nMindsight ist ein experimentelles elektronisches Musikprojekt von Josh Neumann aus München.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T23:00:00.000-0000","id":53866,"village_id":null,"begin_timestamp":{"seconds":1703800800,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"begin":"2023-12-28T22:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"🙈 🙉 🙊 You Know Stuff ☐ ☒ ☑ Answer nerdy questions on your notebook / smartphone and win a (small) price 😸 😹 😻\r\n\r\nhttps://kahoot.it/\n\n\n","title":"🙈 🙉 🙊 Nerd Game Show 😸 😹 😻","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703803500,"nanoseconds":0},"android_description":"🙈 🙉 🙊 You Know Stuff ☐ ☒ ☑ Answer nerdy questions on your notebook / smartphone and win a (small) price 😸 😹 😻\r\n\r\nhttps://kahoot.it/","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T22:45:00.000-0000","id":53846,"village_id":null,"begin_timestamp":{"seconds":1703800800,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"begin":"2023-12-28T22:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://events.ccc.de/congress/2023/hub/en/event/tea-time-enjoy-a-cup-of-tea-and-chat-with-the-foss/\n\n\n","title":"Tea Time: Enjoy a cup of tea and chat with the FOSSASIA community","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703804400,"nanoseconds":0},"android_description":"https://events.ccc.de/congress/2023/hub/en/event/tea-time-enjoy-a-cup-of-tea-and-chat-with-the-foss/","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T23:00:00.000-0000","id":53718,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703800800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"begin":"2023-12-28T22:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"What if we found aliens or even made contact with them? What would be logical to happen? This talk will go over some sinister thought experiments including Liu Cixin's Dark Forest from his novel „The Dark Forest“.\r\n\r\nFor everybody. No prior knowledge required. (Conceptual spoilers for „The Dark Forest“.)\r\n\r\nWe meet at the Assembly of the OpenLab Augsburg.\r\n\r\n🧮🦆\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"A tale of sinister thought experiments about extraterrestrial life (feat. Liu Cixin's Dark Forest)","end_timestamp":{"seconds":1703804400,"nanoseconds":0},"android_description":"What if we found aliens or even made contact with them? What would be logical to happen? This talk will go over some sinister thought experiments including Liu Cixin's Dark Forest from his novel „The Dark Forest“.\r\n\r\nFor everybody. No prior knowledge required. (Conceptual spoilers for „The Dark Forest“.)\r\n\r\nWe meet at the Assembly of the OpenLab Augsburg.\r\n\r\n🧮🦆","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T23:00:00.000-0000","id":53703,"begin_timestamp":{"seconds":1703800800,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Corridor outside Hall 3 near Openlab Augsburg","hotel":"","short_name":"Corridor outside Hall 3 near Openlab Augsburg","id":46170},"begin":"2023-12-28T22:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"For over 18 months, a professional film team accompanied the Ravensburg climate justice movement around the climate camp in the Altdorf Forest, which is threatened with deforestation. “The film tells the story of the climate activists in an informative, empathetic and insightful way. [...] An atmosphere of participation, sympathy, thoughtfulness [...] fills the room,” acknowledges the region's newspaper.\r\n\r\nA homage to the largest forest in Upper Swabia and the people who want to preserve it. A film about activist climbing, self-empowerment and maximum impact.\r\n\r\nFollowed by a film discussion with some of the protagonists. The film will be in German with English subtitles.\r\n\r\n[Trailer on YewTube](https://yewtu.be/watch?v=IfV8wKeFixo) • [Review on YewTube](https://yewtu.be/watch?v=hW3vxY1skcY)\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮\n\n\n","title":"Movie/Filmvorführung: Von Menschen, die auf Bäume steigen / People who climb on trees","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703808000,"nanoseconds":0},"android_description":"For over 18 months, a professional film team accompanied the Ravensburg climate justice movement around the climate camp in the Altdorf Forest, which is threatened with deforestation. “The film tells the story of the climate activists in an informative, empathetic and insightful way. [...] An atmosphere of participation, sympathy, thoughtfulness [...] fills the room,” acknowledges the region's newspaper.\r\n\r\nA homage to the largest forest in Upper Swabia and the people who want to preserve it. A film about activist climbing, self-empowerment and maximum impact.\r\n\r\nFollowed by a film discussion with some of the protagonists. The film will be in German with English subtitles.\r\n\r\n[Trailer on YewTube](https://yewtu.be/watch?v=IfV8wKeFixo) • [Review on YewTube](https://yewtu.be/watch?v=hW3vxY1skcY)\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-29T00:00:00.000-0000","id":53677,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703800800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"Y","begin":"2023-12-28T22:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"On the depressing side, the global censorship trend continues to gain momentum, with some European countries alarmingly eager to get in on it. But resignation is boring: here we are, a tiny community of activists and relay/bridge operators around the world continuing to provide safe and private internet reachability for hundreds of thousands of people who are trying to be human beings under authoritarian regimes.\r\n\r\nWe will walk through \\*how\\* each of these countries deployed their Tor blocks, and what changes we made to let citizens continue to reach the Tor network. Looking at each case study through a Tor lens will let us compare/contrast the censorship attempts from each country, discuss future ideas for how to make sure the bytes can keep flowing, and talk through the political impacts.\n\n\nIn December 2021, months before the world watched Russia invade Ukraine, Russia rolled out comprehensive censorship of the Tor network and related Tor protocols. Then in October 2022, the latest wave of protests in Iran saw a huge spike in Tor usage followed by a swift crackdown of the most successful techniques. Meanwhile in 2023, Turkmenistan has blocked popular CDNs like Cloudflare and Akamai, most hosting providers like Hetzner and OVH, and much more.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"Tor censorship attempts in Russia, Iran, Turkmenistan","end_timestamp":{"seconds":1703804400,"nanoseconds":0},"android_description":"On the depressing side, the global censorship trend continues to gain momentum, with some European countries alarmingly eager to get in on it. But resignation is boring: here we are, a tiny community of activists and relay/bridge operators around the world continuing to provide safe and private internet reachability for hundreds of thousands of people who are trying to be human beings under authoritarian regimes.\r\n\r\nWe will walk through \\*how\\* each of these countries deployed their Tor blocks, and what changes we made to let citizens continue to reach the Tor network. Looking at each case study through a Tor lens will let us compare/contrast the censorship attempts from each country, discuss future ideas for how to make sure the bytes can keep flowing, and talk through the political impacts.\n\n\nIn December 2021, months before the world watched Russia invade Ukraine, Russia rolled out comprehensive censorship of the Tor network and related Tor protocols. Then in October 2022, the latest wave of protests in Iran saw a huge spike in Tor usage followed by a swift crackdown of the most successful techniques. Meanwhile in 2023, Turkmenistan has blocked popular CDNs like Cloudflare and Akamai, most hosting providers like Hetzner and OVH, and much more.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53299],"conference_id":131,"event_ids":[53664],"name":"Roger Dingledine","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52489}],"timeband_id":1141,"links":[{"label":"The Snowflake pluggable transport for Tor","type":"link","url":"https://snowflake.torproject.org/"},{"label":"More details on the 2021-2023 Russia censorship","type":"link","url":"https://www.youtube.com/watch?v=YlZZQYLIXe8"},{"label":"Call for residential obfs4 bridges for Turkmenistan","type":"link","url":"https://lists.torproject.org/pipermail/tor-relays/2023-July/021237.html"}],"end":"2023-12-28T23:00:00.000-0000","id":53664,"tag_ids":[46121,46136,46140],"village_id":null,"begin_timestamp":{"seconds":1703800800,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52489}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"begin":"2023-12-28T22:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Steph Maj Swanson, a.k.a. Supercomposite, is a multimedia artist and writer best known for her story about the AI-generated woman Loab, which The Atlantic dubbed “a form of expression that has never existed before.\" Loab is an emergent character that arises in certain AI image synthesis models, accessible via negatively weighted prompts, often appearing alongside macabre imagery such as dismembered women and children.\r\n\r\nSwanson views her relationship to AI as adversarial, both in her creative process and as a commentator. This non-technical, but conceptual talk offers up art alongside possible strategies. It will be of interest for hackers intrigued by the creative potential of these tools, but who may have ethical concerns or doubts about the way these tools are assembled, built, and deployed.\r\n\r\nGalleries West described Swanson’s body of AI-generated visual work as “the merging of repulsive with beautiful,” and The Washington Post called her satirical AI writing “disturbing”. At DefCon this year she debuted her short film SUICIDE III, which uses deepfakes of Joe Biden and Sam Altman to explore where an out-of-control AI hype cycle might take us. \n\n\nIn this talk, artist/writer Steph Maj Swanson will use the story of how her AI-generated character \"Loab\" arose (and went viral) as a jumping off point to present creative work and strategies that emerged from attempts to crack AI black boxes open. Aligned with the hacker ethos of exploration, experimentation and creative misuse, this talk presents adversarial artmaking practices for AI systems. It will also explore what it means to engage in cultural production today, as new forms of automation and centralization loom over the arts and entertainment industries. In the words of Nam June Paik: \"I use technology in order to hate it more properly.\"","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"What I Learned from Loab: AI as a creative adversary","android_description":"Steph Maj Swanson, a.k.a. Supercomposite, is a multimedia artist and writer best known for her story about the AI-generated woman Loab, which The Atlantic dubbed “a form of expression that has never existed before.\" Loab is an emergent character that arises in certain AI image synthesis models, accessible via negatively weighted prompts, often appearing alongside macabre imagery such as dismembered women and children.\r\n\r\nSwanson views her relationship to AI as adversarial, both in her creative process and as a commentator. This non-technical, but conceptual talk offers up art alongside possible strategies. It will be of interest for hackers intrigued by the creative potential of these tools, but who may have ethical concerns or doubts about the way these tools are assembled, built, and deployed.\r\n\r\nGalleries West described Swanson’s body of AI-generated visual work as “the merging of repulsive with beautiful,” and The Washington Post called her satirical AI writing “disturbing”. At DefCon this year she debuted her short film SUICIDE III, which uses deepfakes of Joe Biden and Sam Altman to explore where an out-of-control AI hype cycle might take us. \n\n\nIn this talk, artist/writer Steph Maj Swanson will use the story of how her AI-generated character \"Loab\" arose (and went viral) as a jumping off point to present creative work and strategies that emerged from attempts to crack AI black boxes open. Aligned with the hacker ethos of exploration, experimentation and creative misuse, this talk presents adversarial artmaking practices for AI systems. It will also explore what it means to engage in cultural production today, as new forms of automation and centralization loom over the arts and entertainment industries. In the words of Nam June Paik: \"I use technology in order to hate it more properly.\"","end_timestamp":{"seconds":1703803200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53286],"conference_id":131,"event_ids":[53651],"name":"Steph Maj Swanson","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52272}],"timeband_id":1141,"end":"2023-12-28T22:40:00.000-0000","links":[{"label":"Suicide III (short film)","type":"link","url":"https://www.youtube.com/watch?v=LCZCPtyQMEc"}],"id":53651,"tag_ids":[46118,46136,46140],"village_id":null,"begin_timestamp":{"seconds":1703800800,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52272}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T22:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Die LinuxLounge von TheRadio.cc Live vom Congress mit Einblicken und spannenden Infos und der Stimmung vor Ort.","type":{"conference_id":131,"conference":"37C3","color":"#53b574","updated_at":"2024-06-07T03:40+0000","name":"Podcasting table (90 minutes)","id":46129},"title":"LinuxLounge - #37C3 Special","android_description":"Die LinuxLounge von TheRadio.cc Live vom Congress mit Einblicken und spannenden Infos und der Stimmung vor Ort.","end_timestamp":{"seconds":1703806200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53113],"conference_id":131,"event_ids":[53536],"name":"Michael","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52311},{"content_ids":[53113],"conference_id":131,"event_ids":[53536],"name":"Dennis","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52411}],"timeband_id":1141,"links":[],"end":"2023-12-28T23:30:00.000-0000","id":53536,"begin_timestamp":{"seconds":1703800800,"nanoseconds":0},"tag_ids":[46129,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52411},{"tag_id":46107,"sort_order":1,"person_id":52311}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"spans_timebands":"Y","begin":"2023-12-28T22:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Bluetooth is a pervasive technology for wireless communication.\r\nBillions of devices use it in sensitive applications and to exchange\r\nprivate data. The security of Bluetooth depends on the Bluetooth\r\nstandard and its two security mechanisms: pairing and session establishment. No prior work, including the standard itself, analyzed the future and forward secrecy guarantees of these mechanisms, e.g., if Bluetooth pairing and session establishment defend past\r\nand future sessions when the adversary compromises the current.\r\nTo address this gap, we present six novel attacks, defined as the\r\nBLUFFS attacks, breaking Bluetooth sessions’ forward and future\r\nsecrecy. Our attacks enable device impersonation and machine-in-the-middle across sessions by only compromising one session key. The attacks exploit two novel vulnerabilities that we uncover in the Bluetooth standard related to unilateral and repeatable session key derivation. As the attacks affect Bluetooth at the architectural level, they are effective regardless of the victim’s hardware and software details (e.g., chip, stack, version, and security mode).\r\n\r\nWe also release BLUFFS, a low-cost toolkit to perform and automatically check the effectiveness of our attacks. The toolkit employs seven original patches to manipulate and monitor Bluetooth session key derivation by dynamically patching a closed-source Bluetooth firmware that we reverse-engineered. We show that our attacks have a critical and large-scale impact on the Bluetooth ecosystem, by evaluating them on seventeen diverse Bluetooth chips (eighteen devices) from popular hardware and software vendors and supporting the most popular Bluetooth versions. Motivated by our empirical findings, we develop and successfully test an enhanced key derivation function for Bluetooth that stops by-design our six attacks and their four root causes. We show how to effectively integrate our fix into the Bluetooth standard and discuss alternative implementation-level mitigations. We responsibly disclosed our contributions to the Bluetooth SIG.\n\n\nCiao! We present the BLUFFS attacks (CVE-2023-24023), six novel attacks breaking Bluetooth's forward and future secrecy. Our attacks enable device impersonation and machine-in-the-middle across sessions by compromising and re-using one session key. We discuss the four vulnerabilities in the Bluetooth specification enabling the attacks, two of which are new and related to unilateral and repeatable session key derivation. We describe the toolkit we developed and open-sourced to test our attacks via firmware binary patching, our experiments where we exploited 18 heterogeneous Bluetooth devices, and the practical and backward-compliant session key derivation protocol we built to fix the attacks by design. We also cover related work like KNOB, BIAS, and BLUR, and educational Bluetooth security tips and tricks.","title":"BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"android_description":"Bluetooth is a pervasive technology for wireless communication.\r\nBillions of devices use it in sensitive applications and to exchange\r\nprivate data. The security of Bluetooth depends on the Bluetooth\r\nstandard and its two security mechanisms: pairing and session establishment. No prior work, including the standard itself, analyzed the future and forward secrecy guarantees of these mechanisms, e.g., if Bluetooth pairing and session establishment defend past\r\nand future sessions when the adversary compromises the current.\r\nTo address this gap, we present six novel attacks, defined as the\r\nBLUFFS attacks, breaking Bluetooth sessions’ forward and future\r\nsecrecy. Our attacks enable device impersonation and machine-in-the-middle across sessions by only compromising one session key. The attacks exploit two novel vulnerabilities that we uncover in the Bluetooth standard related to unilateral and repeatable session key derivation. As the attacks affect Bluetooth at the architectural level, they are effective regardless of the victim’s hardware and software details (e.g., chip, stack, version, and security mode).\r\n\r\nWe also release BLUFFS, a low-cost toolkit to perform and automatically check the effectiveness of our attacks. The toolkit employs seven original patches to manipulate and monitor Bluetooth session key derivation by dynamically patching a closed-source Bluetooth firmware that we reverse-engineered. We show that our attacks have a critical and large-scale impact on the Bluetooth ecosystem, by evaluating them on seventeen diverse Bluetooth chips (eighteen devices) from popular hardware and software vendors and supporting the most popular Bluetooth versions. Motivated by our empirical findings, we develop and successfully test an enhanced key derivation function for Bluetooth that stops by-design our six attacks and their four root causes. We show how to effectively integrate our fix into the Bluetooth standard and discuss alternative implementation-level mitigations. We responsibly disclosed our contributions to the Bluetooth SIG.\n\n\nCiao! We present the BLUFFS attacks (CVE-2023-24023), six novel attacks breaking Bluetooth's forward and future secrecy. Our attacks enable device impersonation and machine-in-the-middle across sessions by compromising and re-using one session key. We discuss the four vulnerabilities in the Bluetooth specification enabling the attacks, two of which are new and related to unilateral and repeatable session key derivation. We describe the toolkit we developed and open-sourced to test our attacks via firmware binary patching, our experiments where we exploited 18 heterogeneous Bluetooth devices, and the practical and backward-compliant session key derivation protocol we built to fix the attacks by design. We also cover related work like KNOB, BIAS, and BLUR, and educational Bluetooth security tips and tricks.","end_timestamp":{"seconds":1703804400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53137],"conference_id":131,"event_ids":[53450],"name":"Daniele Antonioli","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52473}],"timeband_id":1141,"links":[{"label":"BLUFFS resources","type":"link","url":"https://francozappa.github.io/post/2023/bluffs-ccs23/"}],"end":"2023-12-28T23:00:00.000-0000","id":53450,"begin_timestamp":{"seconds":1703800800,"nanoseconds":0},"tag_ids":[46124,46136,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52473}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"Y","begin":"2023-12-28T22:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"VRA ist eine audiovisuelle Performance (Projektion + Sound), die mithilfe eines eigens entwickelten Software-Instruments (in Max/MSP), das auf Bild-zu-Ton-Umwandlung basiert, aufgeführt wird. Auf der Projektion sind monochrome Texturen zu sehen, die aus teilweise simplen Formen wie Streifen oder Kreisen, aber auch aus komplexeren Strukturen wie Rauschen bestehen. Diese Bilder werden in Echtzeit in Sound umgewandelt, indem die Helligkeitswerte einer ausgewählten Pixelreihe als Audiobuffer dienen und eine Waveform beschreiben. \n\n\nEine audiovisuelle Performance, basierend auf Bild-zu-Ton-Umwandlung. Dynamisch wechselnde Bilder dienen als Realtime-Audiobuffer. Licht wird Sound. \r\nBeinhaltet stroboskopische Bilder und Hörinhalte in breiten Spektren.","title":"VRA","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#49bae3","name":"concert","id":46135},"android_description":"VRA ist eine audiovisuelle Performance (Projektion + Sound), die mithilfe eines eigens entwickelten Software-Instruments (in Max/MSP), das auf Bild-zu-Ton-Umwandlung basiert, aufgeführt wird. Auf der Projektion sind monochrome Texturen zu sehen, die aus teilweise simplen Formen wie Streifen oder Kreisen, aber auch aus komplexeren Strukturen wie Rauschen bestehen. Diese Bilder werden in Echtzeit in Sound umgewandelt, indem die Helligkeitswerte einer ausgewählten Pixelreihe als Audiobuffer dienen und eine Waveform beschreiben. \n\n\nEine audiovisuelle Performance, basierend auf Bild-zu-Ton-Umwandlung. Dynamisch wechselnde Bilder dienen als Realtime-Audiobuffer. Licht wird Sound. \r\nBeinhaltet stroboskopische Bilder und Hörinhalte in breiten Spektren.","end_timestamp":{"seconds":1703799900,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[{"content_ids":[53298],"conference_id":131,"event_ids":[53663],"name":"STURMHERTA","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52321}],"timeband_id":1141,"end":"2023-12-28T21:45:00.000-0000","links":[{"label":"VRA at Ars Electronica Festival","type":"link","url":"https://www.youtube.com/watch?v=lb53IZDHv5o"}],"id":53663,"village_id":null,"begin_timestamp":{"seconds":1703797500,"nanoseconds":0},"tag_ids":[46118,46135,46141],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52321}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T21:05:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Context: cybersecurity for future energy production systems\n-----------------------------------------------------------\n\n\nCybersecurity for smaller solar power plants is a critical challenge: strong separation between operational, safety relevant network and internet is not present. Moreover, manufacturers do not invest enough in security; reason being high competition in terms of time to market, price pressure and lack of security knowledge.\n\n\nThese power plant systems need more or less an internet connection in order to fetch power & energy data from the plant with an app, perform firmware updates, and carry out maintenance remotely.\n\n\nThe central device, which is connected to the internet, is the inverter. Many companies provide inverters for solar power plants and include cloud connectivity. An inverter converts the energy from the solar panels to grid compatible energy. Since it handles high currents & voltages, the physical consequences of cybersecurity risks are arguably higher than for standard smart home devices.\n\n\nResearch results related to connected solar inverters (technical part)\n----------------------------------------------------------------------\n\n\nOut of curiosity, I tested different inverters from different manufacturers, including cloud connectivity. All devices have a license to be operated in Germany and are very popular. They are used in solar power plants of different sizes, from balcony size to bigger plants. \r\nIn this section some research results will be presented, we will especially focus on one system.\n\n\n**Positive note: critical vulnerabilities have been patched by now.**\n\n\nVulnerabilities\n---------------\n\n\n* *Insecure Direct Object Reference* (IDOR) or similar vulnerabilities have been found, allowing an attacker with a simple account to execute commands on connected inverters remotely. This was an enabler for many further attacks.\n* An attacker could trigger a firmware update process on connected inverters.\n* The firmware update process was not properly secured: update images did not include a cryptographic signature.\n* Most of the devices did not use the TLS protocol for cloud communication or did not use it correctly.\n* Secure boot and secure debugging were not implemented.\n* On the server side, there were insufficient sanity checks.\n* Sensitive data (e.g. serial number) was easy to extract.\n\n\nExploitation\n------------\n\n\n* Commands could be executed on any connected devices (e.g. switch ON, switch OFF, change parameters).\n* The power electronics and relays of devices could be manipulated remotely with a malicious firmware update.\n* By manipulating many devices synchronously the stability of the grid could be endangered.\n\n\nA proof of concept with a full (unlocked) exploit chain will be presented.\n\n\nConclusion and Discussion\n-------------------------\n\n\nRemoving bureaucratic hurdles is an important step in order to democratize our energy production - and renewable energies are the future! On the other hand, if it comes at the cost of poorly-secured devices, this may be jeopardized.\n\n\nIn Germany, we have the Kritis Verordnung (decree) to protect for example the electricity infrastructure. It states that every power [plant with more than 104 MW capacity is required to have specific protections](https://www.gesetze-im-internet.de/bsi-kritisv/anhang_1.html). Individually, the small solar power plants are not in this category. However, summing up all devices connected to one cloud, we probably reach these numbers by now - and if not, tomorrow. Current projections point in that direction.\n\n\nDuring this research, I realized how easy it is to take control of energy production devices and it scared me. The cloud connectivity and the related \"remote control / remote maintenance\" and \"firmware update\" processes are truly critical and attacks may scale. Even if vulnerabilities are patched by now, an attacker who finds a way into the cloud servers can control all connected inverters.\n\n\nOn the other hand, it seems that there are no security related regulations regarding these systems as of today in the European Union. The [EU Cyber Resilience Act](https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act), which will apply to these devices is still in discussion and is likely to be effective soon. However, manufacturers will probably have a grace period of 36 months to comply: by then, many insecure devices will already be installed. Knowing how many bad guys are out there, the risk is there and growing rapidly.\n\n\n\n\nIn this talk we will have a look at some cybersecurity challenges raised by the trend of decentralizing our energy production.\n\n\nOur energy infrastructure is now changing from a centralized system based on big power plants to a more decentralized system based on renewable energy produced by smaller power plants (maybe yours). In Germany alone, [300.000 so called balcony power plants were in operation by August 2023](https://www.heise.de/hintergrund/Ueber-300-000-Balkonkraftwerke-in-Deutschland-in-Betrieb-Statistik-der-Woche-9285107.html). Most of these smaller power plants are / will be somehow connected to some cloud services.\n\n\nTo show that security hasn't been the biggest priority, we will examine the cybersecurity controls of different solar inverters. To put it mildly: there is room for improvement.\n\n\nWe will also discuss the need for better regulations and enforcement of cybersecurity for smaller connected power plants: altogether they probably produce more power than the bigger ones - and this trend is accelerating.\r\nProtecting our infrastructure shall have - today more than ever before - a high priority.\n\n","title":"Decentralized energy production: green future or cybersecurity nightmare?","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"android_description":"Context: cybersecurity for future energy production systems\n-----------------------------------------------------------\n\n\nCybersecurity for smaller solar power plants is a critical challenge: strong separation between operational, safety relevant network and internet is not present. Moreover, manufacturers do not invest enough in security; reason being high competition in terms of time to market, price pressure and lack of security knowledge.\n\n\nThese power plant systems need more or less an internet connection in order to fetch power & energy data from the plant with an app, perform firmware updates, and carry out maintenance remotely.\n\n\nThe central device, which is connected to the internet, is the inverter. Many companies provide inverters for solar power plants and include cloud connectivity. An inverter converts the energy from the solar panels to grid compatible energy. Since it handles high currents & voltages, the physical consequences of cybersecurity risks are arguably higher than for standard smart home devices.\n\n\nResearch results related to connected solar inverters (technical part)\n----------------------------------------------------------------------\n\n\nOut of curiosity, I tested different inverters from different manufacturers, including cloud connectivity. All devices have a license to be operated in Germany and are very popular. They are used in solar power plants of different sizes, from balcony size to bigger plants. \r\nIn this section some research results will be presented, we will especially focus on one system.\n\n\n**Positive note: critical vulnerabilities have been patched by now.**\n\n\nVulnerabilities\n---------------\n\n\n* *Insecure Direct Object Reference* (IDOR) or similar vulnerabilities have been found, allowing an attacker with a simple account to execute commands on connected inverters remotely. This was an enabler for many further attacks.\n* An attacker could trigger a firmware update process on connected inverters.\n* The firmware update process was not properly secured: update images did not include a cryptographic signature.\n* Most of the devices did not use the TLS protocol for cloud communication or did not use it correctly.\n* Secure boot and secure debugging were not implemented.\n* On the server side, there were insufficient sanity checks.\n* Sensitive data (e.g. serial number) was easy to extract.\n\n\nExploitation\n------------\n\n\n* Commands could be executed on any connected devices (e.g. switch ON, switch OFF, change parameters).\n* The power electronics and relays of devices could be manipulated remotely with a malicious firmware update.\n* By manipulating many devices synchronously the stability of the grid could be endangered.\n\n\nA proof of concept with a full (unlocked) exploit chain will be presented.\n\n\nConclusion and Discussion\n-------------------------\n\n\nRemoving bureaucratic hurdles is an important step in order to democratize our energy production - and renewable energies are the future! On the other hand, if it comes at the cost of poorly-secured devices, this may be jeopardized.\n\n\nIn Germany, we have the Kritis Verordnung (decree) to protect for example the electricity infrastructure. It states that every power [plant with more than 104 MW capacity is required to have specific protections](https://www.gesetze-im-internet.de/bsi-kritisv/anhang_1.html). Individually, the small solar power plants are not in this category. However, summing up all devices connected to one cloud, we probably reach these numbers by now - and if not, tomorrow. Current projections point in that direction.\n\n\nDuring this research, I realized how easy it is to take control of energy production devices and it scared me. The cloud connectivity and the related \"remote control / remote maintenance\" and \"firmware update\" processes are truly critical and attacks may scale. Even if vulnerabilities are patched by now, an attacker who finds a way into the cloud servers can control all connected inverters.\n\n\nOn the other hand, it seems that there are no security related regulations regarding these systems as of today in the European Union. The [EU Cyber Resilience Act](https://digital-strategy.ec.europa.eu/en/library/cyber-resilience-act), which will apply to these devices is still in discussion and is likely to be effective soon. However, manufacturers will probably have a grace period of 36 months to comply: by then, many insecure devices will already be installed. Knowing how many bad guys are out there, the risk is there and growing rapidly.\n\n\n\n\nIn this talk we will have a look at some cybersecurity challenges raised by the trend of decentralizing our energy production.\n\n\nOur energy infrastructure is now changing from a centralized system based on big power plants to a more decentralized system based on renewable energy produced by smaller power plants (maybe yours). In Germany alone, [300.000 so called balcony power plants were in operation by August 2023](https://www.heise.de/hintergrund/Ueber-300-000-Balkonkraftwerke-in-Deutschland-in-Betrieb-Statistik-der-Woche-9285107.html). Most of these smaller power plants are / will be somehow connected to some cloud services.\n\n\nTo show that security hasn't been the biggest priority, we will examine the cybersecurity controls of different solar inverters. To put it mildly: there is room for improvement.\n\n\nWe will also discuss the need for better regulations and enforcement of cybersecurity for smaller connected power plants: altogether they probably produce more power than the bigger ones - and this trend is accelerating.\r\nProtecting our infrastructure shall have - today more than ever before - a high priority.","end_timestamp":{"seconds":1703799900,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53285],"conference_id":131,"event_ids":[53650],"name":"Sebastien","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52504}],"timeband_id":1141,"links":[],"end":"2023-12-28T21:45:00.000-0000","id":53650,"village_id":null,"tag_ids":[46124,46136,46140],"begin_timestamp":{"seconds":1703797500,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52504}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-28T21:05:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In Debatten zu KI und Nachhaltigkeit steht zurecht der enorme Ressourcenverbrauch von KI am Pranger. Aber wir dürfen nicht vergessen, dass es bei Nachhaltigkeit um noch viel mehr geht. Mindestens 7 der 17 Nachhaltigkeitsziele der UN verweisen auf soziale Dimensionen: Gleichheit, Anti-Diskriminierung, Zugang zu Bildung, Abbau von ökonomischer Ungleichheit und Ausbeutung. Der Vortrag diskutiert, dass künstliche Intelligenz, wenn sie nicht besser reguliert wird, diesen Zielen entgegensteht. Das liegt nicht nur daran, dass KI-Systeme Biases haben und sich diskriminierend auswirken. Sondern noch fundamentaler beruhen die meisten kommerziellen KI-Systeme auf sozialer und wirtschaftlicher Ausbeutung. Global wie lokal werden Nutzer:innen als Datenlieferant:innen und Gig-Arbeiter:innen als günstige Arbeitskräfte eingespannt. Unser Denken, Fühlen und Handeln wird in allen Lebensbereichen datafiziert; ökonomische Machtgradienten zwischen Globalem Norden und Süden werden für die Aufbereitung von Daten ausgebeutet. Viele KI-Systeme erzeugen ihre Intelligenzleistung nicht im Rechenzentrum, sondern durch das Auslesen menschlicher kognitiver Leistungen an den digitalen Interfaces, die wir täglich nutzen – Beispiele reichen von der Google-Suche über Gesichtserkennung bis ChatGPT. KI-Unternehmen machen von den niedrigen Arbeitsschutzstandards und Lohnniveaus in anderen Ländern Gebrauch und produzieren Krankheit und Prekarität bei den betroffenen Arbeiter:innen. Um gute Regulierung zu erreichen, müssen wir KI-Systeme als soziotechnische Systeme betrachten. Das ermöglicht ein reichhaltigeres Verständnis der sozialen Dimension von Nachhaltigkeit, um global steigender Ungleichheit und Ausbeutung durch KI-Systeme etwas entgegenzusetzen. \n\n\nKI beruht auf der weltweiten Ausbeutung nicht nur natürlicher, sondern auch sozialer Ressourcen. Um KI nachhaltig zu gestalten, müssen wir algorithmischer Diskriminierung und sozialer Selektion, der Ausbeutung und Prekarisierung digitaler Arbeit und der Tendenz eines neuen, digitalen Kolonialismus entgegentreten. ","title":"KI – Macht – Ungleichheit.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703799900,"nanoseconds":0},"android_description":"In Debatten zu KI und Nachhaltigkeit steht zurecht der enorme Ressourcenverbrauch von KI am Pranger. Aber wir dürfen nicht vergessen, dass es bei Nachhaltigkeit um noch viel mehr geht. Mindestens 7 der 17 Nachhaltigkeitsziele der UN verweisen auf soziale Dimensionen: Gleichheit, Anti-Diskriminierung, Zugang zu Bildung, Abbau von ökonomischer Ungleichheit und Ausbeutung. Der Vortrag diskutiert, dass künstliche Intelligenz, wenn sie nicht besser reguliert wird, diesen Zielen entgegensteht. Das liegt nicht nur daran, dass KI-Systeme Biases haben und sich diskriminierend auswirken. Sondern noch fundamentaler beruhen die meisten kommerziellen KI-Systeme auf sozialer und wirtschaftlicher Ausbeutung. Global wie lokal werden Nutzer:innen als Datenlieferant:innen und Gig-Arbeiter:innen als günstige Arbeitskräfte eingespannt. Unser Denken, Fühlen und Handeln wird in allen Lebensbereichen datafiziert; ökonomische Machtgradienten zwischen Globalem Norden und Süden werden für die Aufbereitung von Daten ausgebeutet. Viele KI-Systeme erzeugen ihre Intelligenzleistung nicht im Rechenzentrum, sondern durch das Auslesen menschlicher kognitiver Leistungen an den digitalen Interfaces, die wir täglich nutzen – Beispiele reichen von der Google-Suche über Gesichtserkennung bis ChatGPT. KI-Unternehmen machen von den niedrigen Arbeitsschutzstandards und Lohnniveaus in anderen Ländern Gebrauch und produzieren Krankheit und Prekarität bei den betroffenen Arbeiter:innen. Um gute Regulierung zu erreichen, müssen wir KI-Systeme als soziotechnische Systeme betrachten. Das ermöglicht ein reichhaltigeres Verständnis der sozialen Dimension von Nachhaltigkeit, um global steigender Ungleichheit und Ausbeutung durch KI-Systeme etwas entgegenzusetzen. \n\n\nKI beruht auf der weltweiten Ausbeutung nicht nur natürlicher, sondern auch sozialer Ressourcen. Um KI nachhaltig zu gestalten, müssen wir algorithmischer Diskriminierung und sozialer Selektion, der Ausbeutung und Prekarisierung digitaler Arbeit und der Tendenz eines neuen, digitalen Kolonialismus entgegentreten.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53093],"conference_id":131,"event_ids":[53427],"name":"Rainer Mühlhoff","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52401}],"timeband_id":1141,"links":[],"end":"2023-12-28T21:45:00.000-0000","id":53427,"begin_timestamp":{"seconds":1703797500,"nanoseconds":0},"village_id":null,"tag_ids":[46125,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52401}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T21:05:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In diesem praxisnahen Talk wird vorgeführt, wie man sich auf der Linux-Kommandozeile zurechtfindet. Es gibt keine Folien und nur so viel Theorie, wie zum Verständnis nötig ist. Wir lernen, wie man eine Shell allein durch Tastatureingaben steuert, bevor wir uns anschauen, wie sich im Dateisystem bewegt, wie man Dateien anzeigt und manipuliert und wie man auf der Kommandozeile Root-Rechte erhält. Es werden einige Werkzeuge zur grundlegenden Systemadministration vorgestellt und nebenbei das ein oder andere grundlegende Unix-Prinzip erläutert. Wir sprechen auch darüber, welche Kommandos man unter keinen Umständen ausführen sollte.\r\n\r\nDas Ziel dieser Veranstaltung ist es, euch ein besseres Verständnis davon zu vermitteln, wie man mit einem reinen Text-Interface einen kompletten Computer steuern kann, damit ihr es später leichter habt, auf diesem Wissen aufzubauen. Ihr seid herzlich eingeladen, auf eurem eigenen Linux-Computer ein Terminal-Fenster zu öffnen und mitzumachen.\n\n\nVorführung der Linux-Kommandozeile, Vorstellung der wichtigsten Kommandos und Erklärung zentraler Grundkonzepte","type":{"conference_id":131,"conference":"37C3","color":"#f6ae74","updated_at":"2024-06-07T03:40+0000","name":"Talk 90 Minuten +15m Q&A","id":46132},"title":"Linux-Kommandozeile für Newbies","android_description":"In diesem praxisnahen Talk wird vorgeführt, wie man sich auf der Linux-Kommandozeile zurechtfindet. Es gibt keine Folien und nur so viel Theorie, wie zum Verständnis nötig ist. Wir lernen, wie man eine Shell allein durch Tastatureingaben steuert, bevor wir uns anschauen, wie sich im Dateisystem bewegt, wie man Dateien anzeigt und manipuliert und wie man auf der Kommandozeile Root-Rechte erhält. Es werden einige Werkzeuge zur grundlegenden Systemadministration vorgestellt und nebenbei das ein oder andere grundlegende Unix-Prinzip erläutert. Wir sprechen auch darüber, welche Kommandos man unter keinen Umständen ausführen sollte.\r\n\r\nDas Ziel dieser Veranstaltung ist es, euch ein besseres Verständnis davon zu vermitteln, wie man mit einem reinen Text-Interface einen kompletten Computer steuern kann, damit ihr es später leichter habt, auf diesem Wissen aufzubauen. Ihr seid herzlich eingeladen, auf eurem eigenen Linux-Computer ein Terminal-Fenster zu öffnen und mitzumachen.\n\n\nVorführung der Linux-Kommandozeile, Vorstellung der wichtigsten Kommandos und Erklärung zentraler Grundkonzepte","end_timestamp":{"seconds":1703803500,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53384],"conference_id":131,"event_ids":[53731],"name":"skye","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52243}],"timeband_id":1141,"links":[],"end":"2023-12-28T22:45:00.000-0000","id":53731,"village_id":null,"begin_timestamp":{"seconds":1703797200,"nanoseconds":0},"tag_ids":[46132,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52243}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"spans_timebands":"N","begin":"2023-12-28T21:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"damals(tm)-Hörer treffen sich auf dem Congress und reden über den Congress, 10 Jahre damals(tm) und den Krieg der Sterne","title":"damals(tm) Congressausgabe mit Hörern vor Ort","type":{"conference_id":131,"conference":"37C3","color":"#93758d","updated_at":"2024-06-07T03:40+0000","name":"Podcasting table (45 minutes)","id":46128},"android_description":"damals(tm)-Hörer treffen sich auf dem Congress und reden über den Congress, 10 Jahre damals(tm) und den Krieg der Sterne","end_timestamp":{"seconds":1703799900,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T21:45:00.000-0000","id":53724,"village_id":null,"begin_timestamp":{"seconds":1703797200,"nanoseconds":0},"tag_ids":[46128,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T21:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Your code might be working, but what about your conversations? Perfect your ‘human protocol’ with our NVC workshop. In my opinion, this kind of communication is not just for ‘the emotional ones’, but central for upgrading human communication – maybe also for Ya. Sync up with emotions, interpret intent, and handshake with clarity. Go beyond syntax. Speak soul.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Non Viol3nt Communication Workshop","end_timestamp":{"seconds":1703804400,"nanoseconds":0},"android_description":"Your code might be working, but what about your conversations? Perfect your ‘human protocol’ with our NVC workshop. In my opinion, this kind of communication is not just for ‘the emotional ones’, but central for upgrading human communication – maybe also for Ya. Sync up with emotions, interpret intent, and handshake with clarity. Go beyond syntax. Speak soul.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T23:00:00.000-0000","id":53529,"begin_timestamp":{"seconds":1703797200,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"Y","begin":"2023-12-28T21:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Online pornography seems to be caught between two problematic extremes: on one hand there are overpowered tech-giants dominating the market, and on the other hand ultra-reactionary groups trying to abolish this entire sector. **There must be a better way!**\r\n\r\nIn 2023 a coalition of sex workers, gender-based violence survivors, digital rights advocates and sex-tech builders have joined forces in a campaign addressed to the European Commission leveraging the new EU regulation called Digital Services Act (DSA). In the meantime, an international strategic litigation in Cyprus and Italy is challenging in court the very core business model of a notorious porn-giant for its blatant violation of the General Data Protection Regulation (GDPR). \r\n\r\nIn this session we will present the achievements of our campaign to reshape the sector of online pornography and why this is so important for a better digital world for all. Our goal is to shad a new light onto this vast and complex ecosystem and envision together new ways to share the cyberlove :)\r\n\r\n- about the DSA advocacy campaign: [https://www.euractiv.com/section/platforms/news/ngos-urge-eu-commission-to-include-porn-websites-in-the-systemic-risk-club/](https://www.euractiv.com/section/platforms/news/ngos-urge-eu-commission-to-include-porn-websites-in-the-systemic-risk-club/)\r\n\r\n- about the GDPR strategic litigation: [https://www.wired.com/story/pornhub-tracking-cookies-gdpr-video-history/?utm_source=twitter&mbid=social_twitter&utm_social-type=owned&utm_medium=social&utm_brand=wired](https://www.wired.com/story/pornhub-tracking-cookies-gdpr-video-history/?utm_source=twitter&mbid=social_twitter&utm_social-type=owned&utm_medium=social&utm_brand=wired)\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Pornography feels better without tech-giants!","android_description":"Online pornography seems to be caught between two problematic extremes: on one hand there are overpowered tech-giants dominating the market, and on the other hand ultra-reactionary groups trying to abolish this entire sector. **There must be a better way!**\r\n\r\nIn 2023 a coalition of sex workers, gender-based violence survivors, digital rights advocates and sex-tech builders have joined forces in a campaign addressed to the European Commission leveraging the new EU regulation called Digital Services Act (DSA). In the meantime, an international strategic litigation in Cyprus and Italy is challenging in court the very core business model of a notorious porn-giant for its blatant violation of the General Data Protection Regulation (GDPR). \r\n\r\nIn this session we will present the achievements of our campaign to reshape the sector of online pornography and why this is so important for a better digital world for all. Our goal is to shad a new light onto this vast and complex ecosystem and envision together new ways to share the cyberlove :)\r\n\r\n- about the DSA advocacy campaign: [https://www.euractiv.com/section/platforms/news/ngos-urge-eu-commission-to-include-porn-websites-in-the-systemic-risk-club/](https://www.euractiv.com/section/platforms/news/ngos-urge-eu-commission-to-include-porn-websites-in-the-systemic-risk-club/)\r\n\r\n- about the GDPR strategic litigation: [https://www.wired.com/story/pornhub-tracking-cookies-gdpr-video-history/?utm_source=twitter&mbid=social_twitter&utm_social-type=owned&utm_medium=social&utm_brand=wired](https://www.wired.com/story/pornhub-tracking-cookies-gdpr-video-history/?utm_source=twitter&mbid=social_twitter&utm_social-type=owned&utm_medium=social&utm_brand=wired)","end_timestamp":{"seconds":1703799900,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T21:45:00.000-0000","id":53915,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703796300,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T20:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Der Weisheit hat ein ganzes Jahr 10. Staffel gefeiert. Was kann es besseres geben als das Staffelfinale auf dem Congress? Mit dem Hörer*innenglückwunsch to end all Hörer*innenglückwünsche - es sei denn ihr sprecht uns einen besseren unter 030-549 08 581 aufs Band! \r\n\r\nAnsonsten gibt es das, was es immer gibt, aber live und in Farbe: Jede*r bringt ein Thema mit, Patricia erzählt einen Witz, Marcus quält die Ukulele, Frau Kirsche zündet den Kapitalismus an und Malik ist wahrscheinlich Freiberufler und hat das schon immer so gemacht. \r\n\r\nIhr könnt live dabei sein und wenn ihr lieb seid eine Frage stellen. Oder uns dabei helfen die überzähligen 30 Minuten zu füllen. Denn das ist klar: Nach 60 Minuten ist alles vorbei.","title":"Der Weisheit - Eine Stunde Lebenskunde - 10. Staffelfinale","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#e78bea","name":"Live podcast stage (90 minutes)","id":46127},"android_description":"Der Weisheit hat ein ganzes Jahr 10. Staffel gefeiert. Was kann es besseres geben als das Staffelfinale auf dem Congress? Mit dem Hörer*innenglückwunsch to end all Hörer*innenglückwünsche - es sei denn ihr sprecht uns einen besseren unter 030-549 08 581 aufs Band! \r\n\r\nAnsonsten gibt es das, was es immer gibt, aber live und in Farbe: Jede*r bringt ein Thema mit, Patricia erzählt einen Witz, Marcus quält die Ukulele, Frau Kirsche zündet den Kapitalismus an und Malik ist wahrscheinlich Freiberufler und hat das schon immer so gemacht. \r\n\r\nIhr könnt live dabei sein und wenn ihr lieb seid eine Frage stellen. Oder uns dabei helfen die überzähligen 30 Minuten zu füllen. Denn das ist klar: Nach 60 Minuten ist alles vorbei.","end_timestamp":{"seconds":1703801700,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53139,53343],"conference_id":131,"event_ids":[53436,53695],"name":"monoxyd","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52286}],"timeband_id":1141,"links":[],"end":"2023-12-28T22:15:00.000-0000","id":53695,"begin_timestamp":{"seconds":1703796300,"nanoseconds":0},"tag_ids":[46127,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52286}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T20:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"From the first beginnings during the storm surge in Hamburg in 1962 to the present day, radio amateurs have helped in emergencies and disasters all over the world. But the technology has evolved, and I would like to take you on a short virtual trip through the last 5 years. From the first ideas to the systems now developed to assist in emergencies and disasters. Including a hands-on technical insight and a few anecdotes from the workshop.\n\n\nMit welchen Techniken können Funkamateure in Not- und Katastrophenfällen Unterstützung leisten?\r\n\r\nSpeaker: DL7TNY","title":"Technik von Funkamateuren zur Unterstützung in Not- und Katastrophenfällen","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703797200,"nanoseconds":0},"android_description":"From the first beginnings during the storm surge in Hamburg in 1962 to the present day, radio amateurs have helped in emergencies and disasters all over the world. But the technology has evolved, and I would like to take you on a short virtual trip through the last 5 years. From the first ideas to the systems now developed to assist in emergencies and disasters. Including a hands-on technical insight and a few anecdotes from the workshop.\n\n\nMit welchen Techniken können Funkamateure in Not- und Katastrophenfällen Unterstützung leisten?\r\n\r\nSpeaker: DL7TNY","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T21:00:00.000-0000","id":53706,"begin_timestamp":{"seconds":1703795400,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chaoswelle","hotel":"","short_name":"Chaoswelle","id":46141},"begin":"2023-12-28T20:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Nach dem Talk https://events.ccc.de/congress/2023/hub/de/event/lutzerath_lebt_einblicke_in_den_widerstand/ könnt ihr hier eure Fragen persönlich loswerden\n\n\nStellt eure Fragen und diskutiert mit den Vortragenden!","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Lützerath lebt! Extended Q&A","android_description":"Nach dem Talk https://events.ccc.de/congress/2023/hub/de/event/lutzerath_lebt_einblicke_in_den_widerstand/ könnt ihr hier eure Fragen persönlich loswerden\n\n\nStellt eure Fragen und diskutiert mit den Vortragenden!","end_timestamp":{"seconds":1703798100,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T21:15:00.000-0000","id":53847,"begin_timestamp":{"seconds":1703794500,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T20:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The Three-Body Problem trilogy is among the most mind-bending and genius science-fiction trilogies out there. It was awarded the Hugo Award and was publicly recommended by Barack Obama. Multiple adaptions, even one animated in Minecraft, have already been made in China. Another one by Netflix is on the way.\r\n\r\nIn this talk, we will go over many Easter Eggs in the trilogy, including references to other works and foreshadowing.\r\n\r\nFor everybody having read the \"Three-Body\" trilogy.\r\n\r\nWe meet at the Assembly of the OpenLab Augsburg.\r\n\r\n🧮🦆\n\n\n","title":"Easter Eggs in Liu Cixin's „Three-Body“ Trilogy","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"The Three-Body Problem trilogy is among the most mind-bending and genius science-fiction trilogies out there. It was awarded the Hugo Award and was publicly recommended by Barack Obama. Multiple adaptions, even one animated in Minecraft, have already been made in China. Another one by Netflix is on the way.\r\n\r\nIn this talk, we will go over many Easter Eggs in the trilogy, including references to other works and foreshadowing.\r\n\r\nFor everybody having read the \"Three-Body\" trilogy.\r\n\r\nWe meet at the Assembly of the OpenLab Augsburg.\r\n\r\n🧮🦆","end_timestamp":{"seconds":1703796300,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T20:45:00.000-0000","id":53702,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703794500,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"begin":"2023-12-28T20:15:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"*English below*\r\n\r\nDE: Offene Karaoke-Runde für alle FINTA-personen.\r\n\r\nKeine Sorge, wenn genug mitmachen, muss sich niemand selbst hören. ;)\r\nJeder Musikgeschmack ist willkommen! Egal ob du gerne Anime Titelsongs, Metalcore oder Schlager hörst, wir haben für alle was dabei. Ja, natürlich kannst du auch einfach ABBA singen.\r\n\r\n\r\nEN: Open Karaoke-Session for all FINTA-people.\r\n\r\nDon't worry, if enough people join, nobody needs to hear themselves. ;)\r\nEvery taste of music is welcome! No matter if your jam is Anime-Openings, Metalcore or Schlager, we got you covered. Yes of course we also have ABBA.","title":"FINTA-Karaoke","type":{"conference_id":131,"conference":"37C3","color":"#7f73c6","updated_at":"2024-06-07T03:40+0000","name":"Workshop","id":46133},"android_description":"*English below*\r\n\r\nDE: Offene Karaoke-Runde für alle FINTA-personen.\r\n\r\nKeine Sorge, wenn genug mitmachen, muss sich niemand selbst hören. ;)\r\nJeder Musikgeschmack ist willkommen! Egal ob du gerne Anime Titelsongs, Metalcore oder Schlager hörst, wir haben für alle was dabei. Ja, natürlich kannst du auch einfach ABBA singen.\r\n\r\n\r\nEN: Open Karaoke-Session for all FINTA-people.\r\n\r\nDon't worry, if enough people join, nobody needs to hear themselves. ;)\r\nEvery taste of music is welcome! No matter if your jam is Anime-Openings, Metalcore or Schlager, we got you covered. Yes of course we also have ABBA.","end_timestamp":{"seconds":1703805300,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53152,53473],"conference_id":131,"event_ids":[53808,53574],"name":"Drakulix","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52494}],"timeband_id":1141,"links":[],"end":"2023-12-28T23:15:00.000-0000","id":53574,"village_id":null,"begin_timestamp":{"seconds":1703794500,"nanoseconds":0},"tag_ids":[46133,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52494}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"spans_timebands":"Y","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T20:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In lockerer Runde beantworten Alvar Freude, Leiter der Abteilung für technisch-organisatorischen Datenschutz und Internet-Recht beim Landesbeauftragten für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI), und Thuy Nga Trinh, Referentin zum Thema Internet-Recht beim LfDI, Eure Fragen rund um Datenschutz und mehr. Eine offene Beratungs-Sprechstunde für alle Eure Fragen rund um Datenschutz und die Datenschutz-Grundverordnung (DS-GVO).\r\n\r\nEs findet keine Aufzeichnung statt, sodass Ihr Eure Fragen frei stellen könnt!\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Datenschutz-Sprechstunde mit der Aufsichtsbehörde","android_description":"In lockerer Runde beantworten Alvar Freude, Leiter der Abteilung für technisch-organisatorischen Datenschutz und Internet-Recht beim Landesbeauftragten für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI), und Thuy Nga Trinh, Referentin zum Thema Internet-Recht beim LfDI, Eure Fragen rund um Datenschutz und mehr. Eine offene Beratungs-Sprechstunde für alle Eure Fragen rund um Datenschutz und die Datenschutz-Grundverordnung (DS-GVO).\r\n\r\nEs findet keine Aufzeichnung statt, sodass Ihr Eure Fragen frei stellen könnt!","end_timestamp":{"seconds":1703799900,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T21:45:00.000-0000","id":53461,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703794500,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"begin":"2023-12-28T20:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Ein kleines Forschungsprojekt hat sich der großen Aufgabe gewidmet, einen internationalen und systemübergreifenden Katalog zu Diskettenmagazinen der 1980er und 1990er Jahre zu erarbeiten und außerdem eine zunächst deutschsprachige Textsammlung ihrer Inhalte zu erstellen. Es liefert damit eine Grundlage für die Erforschung der frühen digitalen Zine-Kultur und ermöglicht den verschiedenen Szenekreisen, ein Stück weit in ihre eigenen Geschichten einzutauchen. Der Katalog wuchs weit schneller als zunächst angenommen und umfasst inzwischen Nachweise zu 2.500 Magazinen und mehr als 20.000 Einzelausgaben. Bei der Textsammlung gilt es, unter anderem Kompressionsverfahren zu identifizieren und Character-Mappings herzustellen, um Unicode-kompatible Texte erzeugen zu können. Aber auch die Communities helfen mit. Wie lassen sich dabei die verschiedenen rechtlichen Fragen lösen, die Urheberschaft, Leistungsschutz und Persönlichkeitsschutz betreffen? Und wie kann die Langlebigkeit des Katalogs und der Textsammlung sichergestellt werden?\n\n\nDiskettenmagazine waren frühe elektronische Multimedia-Journale der 1980er und 1990er Jahre, die auf Diskette verbreitet wurden und nur auf den jeweils passenden Geräten benutzbar waren. Bibliotheken und Archive haben diese sogenannten „Diskmags\" damals nicht berücksichtigt, mittlerweile stellen die ca. 2.500 Magazine aber eine wertvolle Quelle für die Forschung und die Diskmags-Communities dar. Das vorgestellte Projekt baut einen Katalog auf und macht Texte durchsuchbar.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"Das Diskmags-Projekt","android_description":"Ein kleines Forschungsprojekt hat sich der großen Aufgabe gewidmet, einen internationalen und systemübergreifenden Katalog zu Diskettenmagazinen der 1980er und 1990er Jahre zu erarbeiten und außerdem eine zunächst deutschsprachige Textsammlung ihrer Inhalte zu erstellen. Es liefert damit eine Grundlage für die Erforschung der frühen digitalen Zine-Kultur und ermöglicht den verschiedenen Szenekreisen, ein Stück weit in ihre eigenen Geschichten einzutauchen. Der Katalog wuchs weit schneller als zunächst angenommen und umfasst inzwischen Nachweise zu 2.500 Magazinen und mehr als 20.000 Einzelausgaben. Bei der Textsammlung gilt es, unter anderem Kompressionsverfahren zu identifizieren und Character-Mappings herzustellen, um Unicode-kompatible Texte erzeugen zu können. Aber auch die Communities helfen mit. Wie lassen sich dabei die verschiedenen rechtlichen Fragen lösen, die Urheberschaft, Leistungsschutz und Persönlichkeitsschutz betreffen? Und wie kann die Langlebigkeit des Katalogs und der Textsammlung sichergestellt werden?\n\n\nDiskettenmagazine waren frühe elektronische Multimedia-Journale der 1980er und 1990er Jahre, die auf Diskette verbreitet wurden und nur auf den jeweils passenden Geräten benutzbar waren. Bibliotheken und Archive haben diese sogenannten „Diskmags\" damals nicht berücksichtigt, mittlerweile stellen die ca. 2.500 Magazine aber eine wertvolle Quelle für die Forschung und die Diskmags-Communities dar. Das vorgestellte Projekt baut einen Katalog auf und macht Texte durchsuchbar.","end_timestamp":{"seconds":1703796600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53297],"conference_id":131,"event_ids":[53662],"name":"Torsten Roeder","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52395}],"timeband_id":1141,"links":[{"label":"Diskmags Catalog","type":"link","url":"https://diskmags.de/"}],"end":"2023-12-28T20:50:00.000-0000","id":53662,"village_id":null,"begin_timestamp":{"seconds":1703794200,"nanoseconds":0},"tag_ids":[46118,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52395}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T20:10:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Die Klimakrise und der Nahostkonflikt eskalieren, die Ampel bläst zur Abschiebeoffensive, die AfD ist bei über 20 % und die CDU will vorsorglich schon mal Autobahnen bauen. Derweil machen KI & Kommerz das Internet kaputt und Elon Musk Twitter. Demnächst verschwindet dann auch noch das letzte Katzenvideo hinter irgendeiner Paywall, so dass man sich nicht mal mehr vernünftig ablenken kann – es ist zum Verzweifeln in diesen Zeiten.\r\n \r\nWie soll man da noch Hoffnung schöpfen? Wenn auch ihr euch diese Frage stellt, wenn ihr mit dem Gefühl der Resignation bereits vertraut seid, dann seid ihr hier genau richtig:\r\n\r\nWir haben Aktivist\\*innen zusammengebracht, die sich auf die Straße kleben, Menschen pflegen oder Daten schützen, die an unterschiedlichen Krisenherden täglich kämpfen und scheitern: Gewerkschafter\\*innen, Antifaschist\\*innen, humanitäre Helfer\\*innen – wir haben sie gefragt, warum und worauf sie überhaupt noch hoffen, und wir haben sie auf die CCC-Bühne eingeladen, damit wir uns darüber austauschen und gemeinsam neue Hoffnung schöpfen können – denn noch gibt es sie: Strategien, die funktionieren, starke Bündnisse und zumindest Teilerfolge: Hier & da können wir uns also gegenseitig Mut machen. \n\n\nHinter der Stadt brennt der Wald und der Kanzler hetzt gegen Flüchtende wie eine auf Reddit trainierte KI, der Freundeskreis zerbricht am Nahostkonflikt, außerdem wurde das Backup vergessen und das Kilo Tomaten ist auch schon wieder einen Euro teurer. Gründe zum Verzweifeln gibt es genug. Wir sprechen deshalb mit Aktivist\\*innen, die sich den multiplen Krisen entgegenstellen, darüber, was sie eigentlich noch hoffen lässt. ","title":"A NEW HOPE [de]","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703796600,"nanoseconds":0},"android_description":"Die Klimakrise und der Nahostkonflikt eskalieren, die Ampel bläst zur Abschiebeoffensive, die AfD ist bei über 20 % und die CDU will vorsorglich schon mal Autobahnen bauen. Derweil machen KI & Kommerz das Internet kaputt und Elon Musk Twitter. Demnächst verschwindet dann auch noch das letzte Katzenvideo hinter irgendeiner Paywall, so dass man sich nicht mal mehr vernünftig ablenken kann – es ist zum Verzweifeln in diesen Zeiten.\r\n \r\nWie soll man da noch Hoffnung schöpfen? Wenn auch ihr euch diese Frage stellt, wenn ihr mit dem Gefühl der Resignation bereits vertraut seid, dann seid ihr hier genau richtig:\r\n\r\nWir haben Aktivist\\*innen zusammengebracht, die sich auf die Straße kleben, Menschen pflegen oder Daten schützen, die an unterschiedlichen Krisenherden täglich kämpfen und scheitern: Gewerkschafter\\*innen, Antifaschist\\*innen, humanitäre Helfer\\*innen – wir haben sie gefragt, warum und worauf sie überhaupt noch hoffen, und wir haben sie auf die CCC-Bühne eingeladen, damit wir uns darüber austauschen und gemeinsam neue Hoffnung schöpfen können – denn noch gibt es sie: Strategien, die funktionieren, starke Bündnisse und zumindest Teilerfolge: Hier & da können wir uns also gegenseitig Mut machen. \n\n\nHinter der Stadt brennt der Wald und der Kanzler hetzt gegen Flüchtende wie eine auf Reddit trainierte KI, der Freundeskreis zerbricht am Nahostkonflikt, außerdem wurde das Backup vergessen und das Kilo Tomaten ist auch schon wieder einen Euro teurer. Gründe zum Verzweifeln gibt es genug. Wir sprechen deshalb mit Aktivist\\*innen, die sich den multiplen Krisen entgegenstellen, darüber, was sie eigentlich noch hoffen lässt.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53284],"conference_id":131,"event_ids":[53649],"name":"Ruben Neugebauer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52244},{"content_ids":[53284],"conference_id":131,"event_ids":[53649],"name":"Johannes Bayer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52273},{"content_ids":[53284],"conference_id":131,"event_ids":[53649],"name":"Pia Klemp","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52278},{"content_ids":[53284],"conference_id":131,"event_ids":[53649],"name":"Tareq Alaows","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52300},{"content_ids":[53284],"conference_id":131,"event_ids":[53649],"name":"Ela","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52303},{"content_ids":[53284],"conference_id":131,"event_ids":[53649],"name":"Sebastian Jünemann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52331},{"content_ids":[53284],"conference_id":131,"event_ids":[53649],"name":"Helena Steinhaus","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52365},{"content_ids":[53284],"conference_id":131,"event_ids":[53649],"name":"Kirsten Rautenstrauch","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52456},{"content_ids":[53284],"conference_id":131,"event_ids":[53649],"name":"Lara Eckstein","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52458},{"content_ids":[53284],"conference_id":131,"event_ids":[53649],"name":"Carla Reemtsma","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52486},{"content_ids":[53280,53284],"conference_id":131,"event_ids":[53645,53649],"name":"Linus Neumann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52487}],"timeband_id":1141,"links":[],"end":"2023-12-28T20:50:00.000-0000","id":53649,"village_id":null,"begin_timestamp":{"seconds":1703794200,"nanoseconds":0},"tag_ids":[46119,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52486},{"tag_id":46107,"sort_order":1,"person_id":52303},{"tag_id":46107,"sort_order":1,"person_id":52365},{"tag_id":46107,"sort_order":1,"person_id":52273},{"tag_id":46107,"sort_order":1,"person_id":52456},{"tag_id":46107,"sort_order":1,"person_id":52458},{"tag_id":46107,"sort_order":1,"person_id":52487},{"tag_id":46107,"sort_order":1,"person_id":52278},{"tag_id":46107,"sort_order":1,"person_id":52244},{"tag_id":46107,"sort_order":1,"person_id":52331},{"tag_id":46107,"sort_order":1,"person_id":52300}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-28T20:10:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"There's a bunch of closed-source arm64 binaries out there that we can't really fuzz efficiently due to slow dynamic instrumentation. \r\nStatic binary rewriting has been around since decades, but was mostly focused on x86.\r\nPorting it to arm64 should be a straightforward task, right? \r\n\r\nThis is the story of how a simple \"4-week port of an existing x86 rewriter\" took 2+ years instead.\r\nMaybe the real treasure is the CVEs we made along the way? \r\nWarning: the talk might contain sensitive imagery of ARM Assembly. Viewers have been warned. \r\n\n\n\nA talk on the first heuristic-free static binary rewriter for aarch64.\r\nWhy is it the first? Because everyone else already knew how much of a bad idea this would have been.","title":"ARMore: Pushing Love Back Into Binaries","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703796600,"nanoseconds":0},"android_description":"There's a bunch of closed-source arm64 binaries out there that we can't really fuzz efficiently due to slow dynamic instrumentation. \r\nStatic binary rewriting has been around since decades, but was mostly focused on x86.\r\nPorting it to arm64 should be a straightforward task, right? \r\n\r\nThis is the story of how a simple \"4-week port of an existing x86 rewriter\" took 2+ years instead.\r\nMaybe the real treasure is the CVEs we made along the way? \r\nWarning: the talk might contain sensitive imagery of ARM Assembly. Viewers have been warned. \r\n\n\n\nA talk on the first heuristic-free static binary rewriter for aarch64.\r\nWhy is it the first? Because everyone else already knew how much of a bad idea this would have been.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53259],"conference_id":131,"event_ids":[53630],"name":"@cyanpencil (Luca Di Bartolomeo)","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52446}],"timeband_id":1141,"end":"2023-12-28T20:50:00.000-0000","links":[{"label":"ARMORE paper","type":"link","url":"https://hexhive.epfl.ch/publications/files/23SEC3.pdf"}],"id":53630,"village_id":null,"tag_ids":[46124,46136,46140],"begin_timestamp":{"seconds":1703794200,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52446}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T20:10:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Augmented reality art in public spaces: the Artificial Museum transforms streets, squares and the moon into exhibition spaces for art that are accessible to everyone 24/7. We also like cats. UwU.\n\n\n","title":"Artificial Museum","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703796000,"nanoseconds":0},"android_description":"Augmented reality art in public spaces: the Artificial Museum transforms streets, squares and the moon into exhibition spaces for art that are accessible to everyone 24/7. We also like cats. UwU.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T20:40:00.000-0000","id":53881,"begin_timestamp":{"seconds":1703793600,"nanoseconds":0},"tag_ids":[46137,46139,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","begin":"2023-12-28T20:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/kimluzieflorsch-tz\n\n\nLuzie was born in Frankfurt in 1995 and fell in love with Offenbach in 2017. She's been DJing since she was 18, but only officially ventured into the clubs in 2020.\r\nShe has more or less dedicated herself to minimal and house music.","title":"Luzie","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703800800,"nanoseconds":0},"android_description":"https://soundcloud.com/kimluzieflorsch-tz\n\n\nLuzie was born in Frankfurt in 1995 and fell in love with Offenbach in 2017. She's been DJing since she was 18, but only officially ventured into the clubs in 2020.\r\nShe has more or less dedicated herself to minimal and house music.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T22:00:00.000-0000","id":53865,"begin_timestamp":{"seconds":1703793600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"begin":"2023-12-28T20:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"ENTER THE PASTOR\n\n\nhttps://soundcloud.com/pastoraufmann\r\nhttps://soundcloud.com/soundsouttarange","title":"Pastor Aufmann","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703800800,"nanoseconds":0},"android_description":"ENTER THE PASTOR\n\n\nhttps://soundcloud.com/pastoraufmann\r\nhttps://soundcloud.com/soundsouttarange","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T22:00:00.000-0000","id":53849,"begin_timestamp":{"seconds":1703793600,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"begin":"2023-12-28T20:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Many in our community enjoy playing with sound technology, and are passionate about music, but are afraid to take the step into composition. I'm here to tell you that the rules of what sounds good are simpler than you think, and based on math. And that once you know these rules, you can also break them in creative ways. We will talk about the harmonic series, rhythm, and flow of energy, all illustrated with examples. We will also see the basics of sound design, maybe go over simple tools that make a good DJ, and if we have enough time we will touch on psychoacoustics and other fun and surprising tricks in creating sound. There are no prerequisites here, we're starting from scratch. If you have a digital audio workstation on your laptop already, bring it, but you'll enjoy yourself either way.\r\n\r\nZaGa is a music producer and composer, who loves tinkering on the frontier of audio technology. https://zaga.bandcamp.com/\n\n\nMany in our community enjoy playing with sound technology, and are passionate about music, but are afraid to take the step into composition. I'm here to tell you that the rules of what sounds good are simpler than you think, and based on math. And that once you know these rules, you can also break them in creative ways. We will talk about the harmonic series, rhythm, and flow of energy, all illustrated with examples. We will also see the basics of sound design, maybe go over simple tools that make a good DJ, and if we have enough time we will touch on psychoacoustics and other fun and surprising tricks in creating sound. There are no prerequisites here, we're starting from scratch. If you have a digital audio workstation on your laptop already, bring it, but you'll enjoy yourself either way.\r\n\r\nZaGa is a music producer and composer, who loves tinkering on the frontier of audio technology. https://zaga.bandcamp.com/","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Music Composition for Hackers","end_timestamp":{"seconds":1703796000,"nanoseconds":0},"android_description":"Many in our community enjoy playing with sound technology, and are passionate about music, but are afraid to take the step into composition. I'm here to tell you that the rules of what sounds good are simpler than you think, and based on math. And that once you know these rules, you can also break them in creative ways. We will talk about the harmonic series, rhythm, and flow of energy, all illustrated with examples. We will also see the basics of sound design, maybe go over simple tools that make a good DJ, and if we have enough time we will touch on psychoacoustics and other fun and surprising tricks in creating sound. There are no prerequisites here, we're starting from scratch. If you have a digital audio workstation on your laptop already, bring it, but you'll enjoy yourself either way.\r\n\r\nZaGa is a music producer and composer, who loves tinkering on the frontier of audio technology. https://zaga.bandcamp.com/\n\n\nMany in our community enjoy playing with sound technology, and are passionate about music, but are afraid to take the step into composition. I'm here to tell you that the rules of what sounds good are simpler than you think, and based on math. And that once you know these rules, you can also break them in creative ways. We will talk about the harmonic series, rhythm, and flow of energy, all illustrated with examples. We will also see the basics of sound design, maybe go over simple tools that make a good DJ, and if we have enough time we will touch on psychoacoustics and other fun and surprising tricks in creating sound. There are no prerequisites here, we're starting from scratch. If you have a digital audio workstation on your laptop already, bring it, but you'll enjoy yourself either way.\r\n\r\nZaGa is a music producer and composer, who loves tinkering on the frontier of audio technology. https://zaga.bandcamp.com/","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T20:40:00.000-0000","id":53683,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703793600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"House","hotel":"","short_name":"House","id":46137},"begin":"2023-12-28T20:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"An introduction to the [oreboot project](https://github.com/oreboot/oreboot); firmware written in Rust, a downstream fork of [coreboot](https://coreboot.org).\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"oreboot introduction","end_timestamp":{"seconds":1703793600,"nanoseconds":0},"android_description":"An introduction to the [oreboot project](https://github.com/oreboot/oreboot); firmware written in Rust, a downstream fork of [coreboot](https://coreboot.org).","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T20:00:00.000-0000","id":53486,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703791800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T19:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The European Health Data Space (EHDS) will come 2024.\r\nAfter putting an opt-out-option in this proposal of the European Commission in the last minute, it is in the trilogue now.\r\nWe want to point out what it means practically including the diverse use forms, also regarding data use by force.\r\nThe massive excess of authority of the EU-Commission becomes so far backed by the EU-Parliarment, though the regulation of health political context is due to the national states.\r\nWe furthermore want to show institutional ways available to the individual being ready if this form of robber baronry becames law.\r\n\r\nSpeakers: novider, Flysch, jockel\r\n\r\n\r\npresentation shown in self organized session: \r\nhttps://patientenrechte-datenschutz.de/wp-content/uploads/2023/12/EHDS_fnf.pdf\r\n\r\nEHDS commission draft: \r\nhttps://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2022/0197/COM_COM(2022)0197_EN.pdf\r\n\r\nposition EU council on EHDS: \r\nhttps://data.consilium.europa.eu/doc/document/ST-16048-2023-REV-1/en/pdf\r\n\r\namendments EU parliament to EHDS: \r\nhttps://www.europarl.europa.eu/doceo/document/TA-9-2023-0462_EN.pdf\r\n\r\nconsolidated text with changes EU parliament: \r\nhttps://www.europarl.europa.eu/meetdocs/2014_2019/plmrep/COMMITTEES/CJ43/AMC/2023/11-28/Item4-EHDS-compromiseamendments_EN.pdf\r\n\r\nExpert opinion Prof. Schröder on limits of possible anonymization of medical \r\ndata (German): \r\nhttps://freiheitsrechte.org/uploads/documents/Freiheit-im-digitalen-Zeitalter/Gesundheitsdaten/2022-04-25-Gutachten_Schroeder-Gesundheitsdaten-Gesellschaft_fuer_Freiheitsrechte.pdf\r\n\r\nExpert opinion Prof J.M. Veenbrink, Prof. J.W. van de Gronden, Mr. dr. L.R. Glas \r\nabout legal responsibility of EU (Dutch) : \r\nhttps://open.overheid.nl/documenten/ronl-c248fc7eeb75444cda4d0ab4c4fd57ad4d29cb72/pdf\r\n\r\ncontact to organizers: kontakt@patientenrechte-datenschutz.de\n\n\n","title":"European Health Data Space - A Cash Cow","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"The European Health Data Space (EHDS) will come 2024.\r\nAfter putting an opt-out-option in this proposal of the European Commission in the last minute, it is in the trilogue now.\r\nWe want to point out what it means practically including the diverse use forms, also regarding data use by force.\r\nThe massive excess of authority of the EU-Commission becomes so far backed by the EU-Parliarment, though the regulation of health political context is due to the national states.\r\nWe furthermore want to show institutional ways available to the individual being ready if this form of robber baronry becames law.\r\n\r\nSpeakers: novider, Flysch, jockel\r\n\r\n\r\npresentation shown in self organized session: \r\nhttps://patientenrechte-datenschutz.de/wp-content/uploads/2023/12/EHDS_fnf.pdf\r\n\r\nEHDS commission draft: \r\nhttps://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2022/0197/COM_COM(2022)0197_EN.pdf\r\n\r\nposition EU council on EHDS: \r\nhttps://data.consilium.europa.eu/doc/document/ST-16048-2023-REV-1/en/pdf\r\n\r\namendments EU parliament to EHDS: \r\nhttps://www.europarl.europa.eu/doceo/document/TA-9-2023-0462_EN.pdf\r\n\r\nconsolidated text with changes EU parliament: \r\nhttps://www.europarl.europa.eu/meetdocs/2014_2019/plmrep/COMMITTEES/CJ43/AMC/2023/11-28/Item4-EHDS-compromiseamendments_EN.pdf\r\n\r\nExpert opinion Prof. Schröder on limits of possible anonymization of medical \r\ndata (German): \r\nhttps://freiheitsrechte.org/uploads/documents/Freiheit-im-digitalen-Zeitalter/Gesundheitsdaten/2022-04-25-Gutachten_Schroeder-Gesundheitsdaten-Gesellschaft_fuer_Freiheitsrechte.pdf\r\n\r\nExpert opinion Prof J.M. Veenbrink, Prof. J.W. van de Gronden, Mr. dr. L.R. Glas \r\nabout legal responsibility of EU (Dutch) : \r\nhttps://open.overheid.nl/documenten/ronl-c248fc7eeb75444cda4d0ab4c4fd57ad4d29cb72/pdf\r\n\r\ncontact to organizers: kontakt@patientenrechte-datenschutz.de","end_timestamp":{"seconds":1703797200,"nanoseconds":0},"updated_timestamp":{"seconds":1703954760,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T21:00:00.000-0000","id":53673,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703790900,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"updated":"2023-12-30T16:46:00.000-0000","begin":"2023-12-28T19:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"You can't evict a movement! Der Energiekonzern RWE wird noch Jahre brauchen, die Kohle unter Lützi abzubaggern: Der Kampf gegen die Kohle und für Klimagerechtigkeit geht weiter! \r\n\r\n\r\n\n\n\nMobilisierung von Menschen nach Lützerath, Bauvorkehrungen zur Verteidigung treffen, die Räumungsvorbereitungen von RWE und Polizei stören, Infrastruktur-Ausbau trotz abgeschalteten Stroms, auf Presse-Anfragen aus der ganzen Welt reagieren, WLAN für alle, Live-Berichterstattung üben, Kommunikationswege absichern, Wetten dass?! gewinnen, dem kalten Wetter trotzen, sich mit andern Kämpfen solidarisieren und heimlich einen Tunnel graben.\r\n\r\nVor einem Jahr liefen die Vorbereitungen gegen die Räumung Lützeraths am größten Drecksloch Europas, Kohletagebau Garzweiler II, auf Hochtouren. Wir wollen Einblicke in diese und andere Themen geben.","title":"Lützerath Lebt! Einblicke in den Widerstand","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"android_description":"You can't evict a movement! Der Energiekonzern RWE wird noch Jahre brauchen, die Kohle unter Lützi abzubaggern: Der Kampf gegen die Kohle und für Klimagerechtigkeit geht weiter! \r\n\r\n\r\n\n\n\nMobilisierung von Menschen nach Lützerath, Bauvorkehrungen zur Verteidigung treffen, die Räumungsvorbereitungen von RWE und Polizei stören, Infrastruktur-Ausbau trotz abgeschalteten Stroms, auf Presse-Anfragen aus der ganzen Welt reagieren, WLAN für alle, Live-Berichterstattung üben, Kommunikationswege absichern, Wetten dass?! gewinnen, dem kalten Wetter trotzen, sich mit andern Kämpfen solidarisieren und heimlich einen Tunnel graben.\r\n\r\nVor einem Jahr liefen die Vorbereitungen gegen die Räumung Lützeraths am größten Drecksloch Europas, Kohletagebau Garzweiler II, auf Hochtouren. Wir wollen Einblicke in diese und andere Themen geben.","end_timestamp":{"seconds":1703793300,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53295],"conference_id":131,"event_ids":[53661],"name":"Luca","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52293},{"content_ids":[53295],"conference_id":131,"event_ids":[53661],"name":"Timber","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52306},{"content_ids":[53295],"conference_id":131,"event_ids":[53661],"name":"Castroya","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52352},{"content_ids":[53295],"conference_id":131,"event_ids":[53661],"name":"Nunya","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52367},{"content_ids":[53295],"conference_id":131,"event_ids":[53661],"name":"Franka","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52433}],"timeband_id":1141,"links":[{"label":"Lützerath Lebt ","type":"link","url":"https://luetzerathlebt.info/"}],"end":"2023-12-28T19:55:00.000-0000","id":53661,"tag_ids":[46125,46136,46140],"village_id":null,"begin_timestamp":{"seconds":1703790900,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52352},{"tag_id":46107,"sort_order":1,"person_id":52433},{"tag_id":46107,"sort_order":1,"person_id":52293},{"tag_id":46107,"sort_order":1,"person_id":52367},{"tag_id":46107,"sort_order":1,"person_id":52306}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"begin":"2023-12-28T19:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The demoscene is an underground computer art culture. The term demoscene comes from the word demo, short for demonstration. In the context of the demoscene the word demo means a realtime audiovisual application which is demonstrating the capabilities of the machine it runs on.\r\n\r\nDemosceners (\"sceners\") are what we call the folks with too much free time that abuse their computer skills to create releases under the demoscene.\r\n\r\nDemosceners often use nicknames (\"nicks\" or \"handles\") to identify themselves. They also tend to hang out in so-called demogroups. Some demosceners are active members of multiple demogroups, with or without using the same nickname.\r\n\r\nLet's get one thing clear: the demoscene has no commercial purpose. The only thing you'll get out of the demoscene, and this only comes after investing a significant amount of your free time into it, is a few useful soft skills and a large community of computer nerd friends.\r\n\r\nDemoscene releases are meant to show the limits of the machines, the technical skills and artistic sensibility of the makers. There are no rules to what kind of release you can make on the demoscene. Some demos are made as technical benchmarks, others as conceptual art, most are done just for fun. It is entirely up to you to explore what you like doing and share it with other demosceners.\r\n\r\nDemoscene releases can be divided into certain categories:\r\n\r\nTrack, an audio piece, can be in an executable format, in a tracker module format or in a pre-rendered wav/mp3 format\r\nGraphics entry, drawn or rendered images with fixed resolutions and/or a restricted color palette\r\nDemo, an audiovisual real-time executable demonstration for a certain platform\r\nIntro, typically a demo with file size limitation all packed into a single executable file that includes all the assets (popular size formats are 256bytes, 512bytes, 1kb, 4kb, 8kb, 64kb)\r\nAnimation, rendered graphics videos\r\nDemopack, a collection of demos in a single disk\r\nMusicdisk, a collection of demoscene tracks with an executable player interface\r\nDiskmag, a collection of texts about the demoscene with an executable graphics interface\r\nWild entry, everything else (including live performances, videos of demos on uncommon platforms, videos about demomaking, etc)\r\nReleases typically occur at demoparties, gathering events for demosceners.\r\n\r\n\n\n\nThe demoscene is an underground computer art culture. The Speaker is a member of the Demoscene since the 1980ies and gives insights how it is now and how it was back in the days and how you can participate!","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"Demoscene now and then","end_timestamp":{"seconds":1703793300,"nanoseconds":0},"android_description":"The demoscene is an underground computer art culture. The term demoscene comes from the word demo, short for demonstration. In the context of the demoscene the word demo means a realtime audiovisual application which is demonstrating the capabilities of the machine it runs on.\r\n\r\nDemosceners (\"sceners\") are what we call the folks with too much free time that abuse their computer skills to create releases under the demoscene.\r\n\r\nDemosceners often use nicknames (\"nicks\" or \"handles\") to identify themselves. They also tend to hang out in so-called demogroups. Some demosceners are active members of multiple demogroups, with or without using the same nickname.\r\n\r\nLet's get one thing clear: the demoscene has no commercial purpose. The only thing you'll get out of the demoscene, and this only comes after investing a significant amount of your free time into it, is a few useful soft skills and a large community of computer nerd friends.\r\n\r\nDemoscene releases are meant to show the limits of the machines, the technical skills and artistic sensibility of the makers. There are no rules to what kind of release you can make on the demoscene. Some demos are made as technical benchmarks, others as conceptual art, most are done just for fun. It is entirely up to you to explore what you like doing and share it with other demosceners.\r\n\r\nDemoscene releases can be divided into certain categories:\r\n\r\nTrack, an audio piece, can be in an executable format, in a tracker module format or in a pre-rendered wav/mp3 format\r\nGraphics entry, drawn or rendered images with fixed resolutions and/or a restricted color palette\r\nDemo, an audiovisual real-time executable demonstration for a certain platform\r\nIntro, typically a demo with file size limitation all packed into a single executable file that includes all the assets (popular size formats are 256bytes, 512bytes, 1kb, 4kb, 8kb, 64kb)\r\nAnimation, rendered graphics videos\r\nDemopack, a collection of demos in a single disk\r\nMusicdisk, a collection of demoscene tracks with an executable player interface\r\nDiskmag, a collection of texts about the demoscene with an executable graphics interface\r\nWild entry, everything else (including live performances, videos of demos on uncommon platforms, videos about demomaking, etc)\r\nReleases typically occur at demoparties, gathering events for demosceners.\r\n\r\n\n\n\nThe demoscene is an underground computer art culture. The Speaker is a member of the Demoscene since the 1980ies and gives insights how it is now and how it was back in the days and how you can participate!","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53283],"conference_id":131,"event_ids":[53648],"name":"LordSpreadpointAmiga","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52295}],"timeband_id":1141,"links":[{"label":"Teach yourself Demoscene in 14 Days","type":"link","url":"https://github.com/psenough/teach_yourself_demoscene_in_14_days"}],"end":"2023-12-28T19:55:00.000-0000","id":53648,"begin_timestamp":{"seconds":1703790900,"nanoseconds":0},"tag_ids":[46118,46136,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52295}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","begin":"2023-12-28T19:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In this talk you will learn how ChromeOS hardware designed by Google and it's board partners differ from regular laptops/desktops.\r\n\r\nWe'll go over Coreboot development (+guide of porting it to other x86 motherboards!), EDK2 (UEFI payload we use in our firmware builds) and what it takes to make mainline Linux run on these machines.\r\n\r\nThis talk will involve ACPI tables, I2C and SPI interfaces, DSP firmware and maintenance of audio stack that differs from (almost) all x86 machines in the market.\r\n\r\nWe'll present challenges we've faced during the development cycle, tips on how to avoid pitfalls, and our plans for the future :)\n\n\nDeep dive into (ex)ChromeOS hardware from developer's perspective.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"Turning Chromebooks into regular laptops","end_timestamp":{"seconds":1703793300,"nanoseconds":0},"android_description":"In this talk you will learn how ChromeOS hardware designed by Google and it's board partners differ from regular laptops/desktops.\r\n\r\nWe'll go over Coreboot development (+guide of porting it to other x86 motherboards!), EDK2 (UEFI payload we use in our firmware builds) and what it takes to make mainline Linux run on these machines.\r\n\r\nThis talk will involve ACPI tables, I2C and SPI interfaces, DSP firmware and maintenance of audio stack that differs from (almost) all x86 machines in the market.\r\n\r\nWe'll present challenges we've faced during the development cycle, tips on how to avoid pitfalls, and our plans for the future :)\n\n\nDeep dive into (ex)ChromeOS hardware from developer's perspective.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53207],"conference_id":131,"event_ids":[53585],"name":"sdomi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52344},{"content_ids":[53207],"conference_id":131,"event_ids":[53585],"name":"elly","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52437}],"timeband_id":1141,"end":"2023-12-28T19:55:00.000-0000","links":[{"label":"Our GitHub","type":"link","url":"https://github.com/chrultrabook"},{"label":"Forums","type":"link","url":"https://forum.chrultrabook.com/"}],"id":53585,"begin_timestamp":{"seconds":1703790900,"nanoseconds":0},"tag_ids":[46122,46136,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52437},{"tag_id":46107,"sort_order":1,"person_id":52344}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T19:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Composer, multi-instrumentalist, trans*woman, drone lover.\n\n\nhttps://fayelavaux.bandcamp.com/","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Faye Lavaux","end_timestamp":{"seconds":1703793600,"nanoseconds":0},"android_description":"Composer, multi-instrumentalist, trans*woman, drone lover.\n\n\nhttps://fayelavaux.bandcamp.com/","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T20:00:00.000-0000","id":53925,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703790000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"begin":"2023-12-28T19:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Einführung in Rules Light Table Top Systeme\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Rollenspiele","android_description":"Einführung in Rules Light Table Top Systeme","end_timestamp":{"seconds":1703800800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T22:00:00.000-0000","id":53852,"village_id":null,"begin_timestamp":{"seconds":1703790000,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Kidspace - Workshopraum in Saal B","hotel":"","short_name":"Kidspace - Workshopraum in Saal B","id":46143},"begin":"2023-12-28T19:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Andi und Thomas wandern durch die Welten der Fantasy, Science Fiction und mehr. Ihr Portal öffnet sich auf dem 37C3 und sie sind inspiriert, über ein Werk zu sprechen, das mit der Veranstaltung zu tun hat.","title":"Weltenwanderer - Alles so bunt hier","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#e78bea","name":"Live podcast stage (90 minutes)","id":46127},"end_timestamp":{"seconds":1703795400,"nanoseconds":0},"android_description":"Andi und Thomas wandern durch die Welten der Fantasy, Science Fiction und mehr. Ihr Portal öffnet sich auf dem 37C3 und sie sind inspiriert, über ein Werk zu sprechen, das mit der Veranstaltung zu tun hat.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T20:30:00.000-0000","id":53694,"village_id":null,"begin_timestamp":{"seconds":1703790000,"nanoseconds":0},"tag_ids":[46127,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T19:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Dies wird die Launch-Folge No. 1 des Kryptographiepodcasts \"Aufgeschlüsselt\" mit Hosts ajuvo und Karolin Varner. Special Guest: Aaron Kaiser vom Max-Planck-Institut für Sicherheit und Privatsphäre","title":"Aufgeschlüsselt","type":{"conference_id":131,"conference":"37C3","color":"#53b574","updated_at":"2024-06-07T03:40+0000","name":"Podcasting table (90 minutes)","id":46129},"android_description":"Dies wird die Launch-Folge No. 1 des Kryptographiepodcasts \"Aufgeschlüsselt\" mit Hosts ajuvo und Karolin Varner. Special Guest: Aaron Kaiser vom Max-Planck-Institut für Sicherheit und Privatsphäre","end_timestamp":{"seconds":1703795400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T20:30:00.000-0000","id":53494,"tag_ids":[46129,46139],"village_id":null,"begin_timestamp":{"seconds":1703790000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"spans_timebands":"N","begin":"2023-12-28T19:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://events.ccc.de/congress/2023/hub/en/event/pocket-science-lab-hands-on-alex-bessman-marco-a-g/\n\n\nThe goal of this workshop is to introduce participants to the PSLab and to enable them to conduct experiments using sensors as well as to control small servos of mini robots. PSLab website: https://pslab.io","title":"Pocket Science Lab Hands-on (Alex Bessman, Marco A. Gutierrez)","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"https://events.ccc.de/congress/2023/hub/en/event/pocket-science-lab-hands-on-alex-bessman-marco-a-g/\n\n\nThe goal of this workshop is to introduce participants to the PSLab and to enable them to conduct experiments using sensors as well as to control small servos of mini robots. PSLab website: https://pslab.io","end_timestamp":{"seconds":1703793600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T20:00:00.000-0000","id":53490,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703790000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T19:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Kickoff im realen Raum für Orga-Treffen Haecksen Konferenz 2025","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#7f73c6","name":"Workshop","id":46133},"title":"Kickoff im realen Raum für Orga-Treffen Haecksen Konferenz 2025","android_description":"Kickoff im realen Raum für Orga-Treffen Haecksen Konferenz 2025","end_timestamp":{"seconds":1703794200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53133,53136],"conference_id":131,"event_ids":[53446,53553],"name":"melzai","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52366}],"timeband_id":1141,"links":[],"end":"2023-12-28T20:10:00.000-0000","id":53446,"begin_timestamp":{"seconds":1703788800,"nanoseconds":0},"tag_ids":[46133,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52366}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"begin":"2023-12-28T18:40:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"**Discussion (35 mins) with input lecture** (25 mins)\r\n**Location:** Community Stage, Hall H, Level 0\r\n**Prepared by:** Digitalcourage Local Groups\r\n\r\n\"Away or Okay\": Selling your fundamental rights for money? Data protection authorities are yet strikingly shy regarding the topic and seem to approve it silently.\r\n\r\nWhat can be said against it from a societal view or from a view of fundamental rights? Is here revealed how capitalism is capturing/overturning the rule of law? What consequences does that have for our freedom(s)?\r\n\r\nHow could a defense geared against deals of that sort and based on privacy rights or fundamental rights look like? Shall we invent a Data Protection TÜV? Abolish the inform consent in the GDPR? Take over toxic capitalistic digital infrastructures?\n\n\n","title":"Diskussion: Pur-Abos – Deine Grundrechte gegen Geld?","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703791800,"nanoseconds":0},"android_description":"**Discussion (35 mins) with input lecture** (25 mins)\r\n**Location:** Community Stage, Hall H, Level 0\r\n**Prepared by:** Digitalcourage Local Groups\r\n\r\n\"Away or Okay\": Selling your fundamental rights for money? Data protection authorities are yet strikingly shy regarding the topic and seem to approve it silently.\r\n\r\nWhat can be said against it from a societal view or from a view of fundamental rights? Is here revealed how capitalism is capturing/overturning the rule of law? What consequences does that have for our freedom(s)?\r\n\r\nHow could a defense geared against deals of that sort and based on privacy rights or fundamental rights look like? Shall we invent a Data Protection TÜV? Abolish the inform consent in the GDPR? Take over toxic capitalistic digital infrastructures?","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T19:30:00.000-0000","id":53914,"village_id":null,"begin_timestamp":{"seconds":1703788200,"nanoseconds":0},"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T18:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Zusammen mit den einschlägigen Experten des Nomen Nescio Club wird die größte SIGINT- Sation der Russischen Föderation in Europa seit einem Jahr systematisch ausspioniert. Sie steht in Wien 22 und umfasst etwa 18 Satellitenspiegel, die größten davon haben Durchmesser von vier Metern und sind wie alle anderen ausschließlich für Empfang ausgelegt. Das technische Equipment an den großen Schüsseln konnte bereits identifiziert werden, auch die Geschichte des Ausbaus dieser SIGINT-Station sei 2014 wurde rekonstruiert. Dazu: Die unterschätze Rolle der russischen SIGINT-Stationen im Ukrainekrieg und wie das SIGINT-Netz auf den diplomatischen Gebäuden der Russischen Föderation in Europa durch Sanktionen neutralisiert wurde. Weiter aktiv sind Wien, Budapest, Debrecen Genf und Stockholm.\n\n\nWie man eine russische Satellitenspionagestation ausspioniert. Talk mit hochauflösenden Fotos und einem Drohnenvideo.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#f6ae74","name":"Talk 90 Minuten +15m Q&A","id":46132},"title":"Russki SIGINT","android_description":"Zusammen mit den einschlägigen Experten des Nomen Nescio Club wird die größte SIGINT- Sation der Russischen Föderation in Europa seit einem Jahr systematisch ausspioniert. Sie steht in Wien 22 und umfasst etwa 18 Satellitenspiegel, die größten davon haben Durchmesser von vier Metern und sind wie alle anderen ausschließlich für Empfang ausgelegt. Das technische Equipment an den großen Schüsseln konnte bereits identifiziert werden, auch die Geschichte des Ausbaus dieser SIGINT-Station sei 2014 wurde rekonstruiert. Dazu: Die unterschätze Rolle der russischen SIGINT-Stationen im Ukrainekrieg und wie das SIGINT-Netz auf den diplomatischen Gebäuden der Russischen Föderation in Europa durch Sanktionen neutralisiert wurde. Weiter aktiv sind Wien, Budapest, Debrecen Genf und Stockholm.\n\n\nWie man eine russische Satellitenspionagestation ausspioniert. Talk mit hochauflösenden Fotos und einem Drohnenvideo.","end_timestamp":{"seconds":1703794500,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53383],"conference_id":131,"event_ids":[53730],"name":"Erich Moechel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52405}],"timeband_id":1141,"links":[],"end":"2023-12-28T20:15:00.000-0000","id":53730,"tag_ids":[46132,46139],"village_id":null,"begin_timestamp":{"seconds":1703788200,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52405}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T18:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Update 1: \r\nDas angekündigte Pad mit und für Infos: https://pads.haecksen.org/l9_SiCHvTNK4Tt-ySUeVVQ?both\r\n\r\nUpdate 2:\r\nEs wurden zwei öffentliche Chat-Gruppen zur weiteren Vernetzung eingerichtet: \r\n\r\nSignal: https://signal.group/#CjQKIJYt5CAAqHv89TRzKA_uu0BMNahTIfJhk5A03-T3sDQtEhCeW6kvxSh9aJYkO4-Sp5Ss\r\n(Hinweis: Bei Signal sind Telefonnummern für die anderen Menschen in der Gruppe sichtbar.)\r\n\r\nTelegram: \r\nhttps://t.me/+4MjGntj2KythNjlk\r\n\r\nUpdate 3:\r\nEs gab ein weiteres Meetup an Tag 3 von 17 - 18 Uhr in Saal 8, um sich in Kleingruppen zu spezifischen Themen auszutauschen:\r\nhttps://events.ccc.de/congress/2023/hub/de/event/adhs-themenbasierter-austausch/\r\n\r\n\r\n\r\nWe want to get to know each other and talk about the everyday madness in a neurotypical world.\r\n\r\nAll people who find themselves on the neurodiverse spectrum with a focus on ADHD are invited. No official diagnosis is necessary. Anyone who doesn't have one or is still unsure is just as welcome. :-)\r\n\r\nThis session is organised by Deanna (she/her), chai-tee (he/him) and aster.\r\n\r\nLocation: SOS-Stage in hall Y\r\n\r\nPlease note:\r\nThis session will be in German only. \r\nFeel free to organize a similar meetup for the English speaking ADHD-community!\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"AD(H)S-Meetup (de)","android_description":"Update 1: \r\nDas angekündigte Pad mit und für Infos: https://pads.haecksen.org/l9_SiCHvTNK4Tt-ySUeVVQ?both\r\n\r\nUpdate 2:\r\nEs wurden zwei öffentliche Chat-Gruppen zur weiteren Vernetzung eingerichtet: \r\n\r\nSignal: https://signal.group/#CjQKIJYt5CAAqHv89TRzKA_uu0BMNahTIfJhk5A03-T3sDQtEhCeW6kvxSh9aJYkO4-Sp5Ss\r\n(Hinweis: Bei Signal sind Telefonnummern für die anderen Menschen in der Gruppe sichtbar.)\r\n\r\nTelegram: \r\nhttps://t.me/+4MjGntj2KythNjlk\r\n\r\nUpdate 3:\r\nEs gab ein weiteres Meetup an Tag 3 von 17 - 18 Uhr in Saal 8, um sich in Kleingruppen zu spezifischen Themen auszutauschen:\r\nhttps://events.ccc.de/congress/2023/hub/de/event/adhs-themenbasierter-austausch/\r\n\r\n\r\n\r\nWe want to get to know each other and talk about the everyday madness in a neurotypical world.\r\n\r\nAll people who find themselves on the neurodiverse spectrum with a focus on ADHD are invited. No official diagnosis is necessary. Anyone who doesn't have one or is still unsure is just as welcome. :-)\r\n\r\nThis session is organised by Deanna (she/her), chai-tee (he/him) and aster.\r\n\r\nLocation: SOS-Stage in hall Y\r\n\r\nPlease note:\r\nThis session will be in German only. \r\nFeel free to organize a similar meetup for the English speaking ADHD-community!","end_timestamp":{"seconds":1703793600,"nanoseconds":0},"updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T20:00:00.000-0000","id":53460,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703788200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"begin":"2023-12-28T18:30:00.000-0000","updated":"2023-12-30T01:42:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"DN42 can be used to learn networking and to connect private networks, such as hackerspaces or community networks. It is a big dynamic global VPN, which employs Internet technologies (BGP, whois database, DNS, etc). Participants connect to each other using network tunnels (GRE, OpenVPN, WireGuard, Tinc, IPsec) and exchange routes thanks to the Border Gateway Protocol. \r\n \r\nLet's meet-up, have a chat, share knowledge and help newcomers join DN42! \r\n \r\nbirds of a feather \r\nnoun \r\n 1. People having similar characters, backgrounds, interests, or beliefs.\n\n\nCome talk DN42, advanced networking and core Internet protocols with your peers, or discover and join the network!\r\nThis is an informal meet-up for DN42 participants and aspiring / curious people :)","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"DN42 BoF and onboarding session","end_timestamp":{"seconds":1703791800,"nanoseconds":0},"android_description":"DN42 can be used to learn networking and to connect private networks, such as hackerspaces or community networks. It is a big dynamic global VPN, which employs Internet technologies (BGP, whois database, DNS, etc). Participants connect to each other using network tunnels (GRE, OpenVPN, WireGuard, Tinc, IPsec) and exchange routes thanks to the Border Gateway Protocol. \r\n \r\nLet's meet-up, have a chat, share knowledge and help newcomers join DN42! \r\n \r\nbirds of a feather \r\nnoun \r\n 1. People having similar characters, backgrounds, interests, or beliefs.\n\n\nCome talk DN42, advanced networking and core Internet protocols with your peers, or discover and join the network!\r\nThis is an informal meet-up for DN42 participants and aspiring / curious people :)","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T19:30:00.000-0000","id":53435,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703788200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"House","hotel":"","short_name":"House","id":46137},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T18:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The transfer of Seidel's experimental films into physical space has been explored in many ways in recent years. Sculpture, architecture and even natural projection surfaces have been temporarily 'overpainted' with projections, lights or lasers. But with new advances in machine learning, there may be a kind of oversaturation, or even rigor mortis, when the moving image becomes fully part of the technical tool chain. In tech companies, universities and artists' studios, machines are working through and learning the history of humanity. \r\n\r\nCopyright dissolves; the distinction between original, imitation or inferior reproduction erodes. No origin, no responsibility, no clear direction - just a primordial soup that can be shaped into any form without challenging knowledge systems and hierarchies. In this silent but radical restructuring of entire industries, the artist becomes the template of a future digitally assembled from a multitude of fragments of the past. This artist talk addresses some of the implications of this singularity, in which history collapses to a single point in the present, and in which easy access to an infinite reworking of iconography may override the desire for a phenomenological experience...\n\n\nExploring the transfer of Seidel's experimental films into physical spaces reveals challenges that are intensifying with advances in machine learning, dissolving the lines between original and imitation. In this more or less silent restructuring of society, artists become templates for a digitally assembled future, challenging traditional hierarchies as history collapses into the present.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"Image Making Fatigue","end_timestamp":{"seconds":1703789700,"nanoseconds":0},"android_description":"The transfer of Seidel's experimental films into physical space has been explored in many ways in recent years. Sculpture, architecture and even natural projection surfaces have been temporarily 'overpainted' with projections, lights or lasers. But with new advances in machine learning, there may be a kind of oversaturation, or even rigor mortis, when the moving image becomes fully part of the technical tool chain. In tech companies, universities and artists' studios, machines are working through and learning the history of humanity. \r\n\r\nCopyright dissolves; the distinction between original, imitation or inferior reproduction erodes. No origin, no responsibility, no clear direction - just a primordial soup that can be shaped into any form without challenging knowledge systems and hierarchies. In this silent but radical restructuring of entire industries, the artist becomes the template of a future digitally assembled from a multitude of fragments of the past. This artist talk addresses some of the implications of this singularity, in which history collapses to a single point in the present, and in which easy access to an infinite reworking of iconography may override the desire for a phenomenological experience...\n\n\nExploring the transfer of Seidel's experimental films into physical spaces reveals challenges that are intensifying with advances in machine learning, dissolving the lines between original and imitation. In this more or less silent restructuring of society, artists become templates for a digitally assembled future, challenging traditional hierarchies as history collapses into the present.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53294],"conference_id":131,"event_ids":[53660],"name":"Robert Seidel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52410}],"timeband_id":1141,"links":[{"label":"Homepage Robert Seidel","type":"link","url":"http://www.robertseidel.com"},{"label":"Experimentalfilm HYSTERESIS blending Performance, Drawing and AI","type":"link","url":"http://vimeo.com/robertseidel/hysteresis"}],"end":"2023-12-28T18:55:00.000-0000","id":53660,"begin_timestamp":{"seconds":1703787300,"nanoseconds":0},"tag_ids":[46118,46136,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52410}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T18:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wie sähe die Welt aus, wenn wir auf Wissenschaft hören würden? Wo doch bekanntermaßen jeder Katastrophenfilm so beginnt, dass sie ignoriert wird – kurz bevor der Meteorit einschlägt, die Flut flutet und der weiße Hai alle Badenden auffrisst. Auch die akuten Krisen verdanken wir u.a. einer Politik, die Wissenschaft viel zu oft ignoriert. Die hat uns immerhin nicht nur vor Atemwegsinfektionen gewarnt, sondern auch vor zunehmenden Flutereignissen. Wer weiß, was in ihren Artikeln noch alles drinsteht? In unserem Science Slam präsentieren drei bis vier Forschende ihre Antwort darauf. Der Ausgangspunkt ist ein gemeinsames WissKomm-Buchprojekt namens „Weltrettung braucht Wissenschaft\", in dem sich zwölf junge Wissenschaftler\\*innen und Science Slammys der Frage stellen, was ihr Fachgebiet der Menschheit rät. Woraus bauen Plastikforscher die Welt? Und wie landet ihr Baustoff auf unserem Teller? Ist künstliche Intelligenz wirklich rassistisch und Medizin überwiegend für Männer? Haben Klimatologinnen eigentlich noch Hoffnung, oder weiß der Historiker da mehr? Auf dem Weg entsteht aber auch Zukunftsmusik: Verkehrsmittel, von denen Ingenieurinnen träumen, und Städte, in denen sich Füchse tummeln; auf Gentechnik basierte Medikamente und biologisch abbaubares Verpackungsmaterial. Oder, noch revolutionärer: Wege, wissenschaftliche Erkenntnisse einzusetzen, bevor es brennt. \n\n\nIm Science Slam-Stil spekulieren Forschende, wie die Welt aussähe, wenn irgendjemand auf ihr Fachgebiet hören würde. Die Erkenntnisse reichen von Energiewende und Biodiversität bis zu Neurowissenschaften und geschlechtergerechter Medizin. Nach dem Chaos Communication Camp jetzt auch in Hamburg.","title":"Science Slam","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703789700,"nanoseconds":0},"android_description":"Wie sähe die Welt aus, wenn wir auf Wissenschaft hören würden? Wo doch bekanntermaßen jeder Katastrophenfilm so beginnt, dass sie ignoriert wird – kurz bevor der Meteorit einschlägt, die Flut flutet und der weiße Hai alle Badenden auffrisst. Auch die akuten Krisen verdanken wir u.a. einer Politik, die Wissenschaft viel zu oft ignoriert. Die hat uns immerhin nicht nur vor Atemwegsinfektionen gewarnt, sondern auch vor zunehmenden Flutereignissen. Wer weiß, was in ihren Artikeln noch alles drinsteht? In unserem Science Slam präsentieren drei bis vier Forschende ihre Antwort darauf. Der Ausgangspunkt ist ein gemeinsames WissKomm-Buchprojekt namens „Weltrettung braucht Wissenschaft\", in dem sich zwölf junge Wissenschaftler\\*innen und Science Slammys der Frage stellen, was ihr Fachgebiet der Menschheit rät. Woraus bauen Plastikforscher die Welt? Und wie landet ihr Baustoff auf unserem Teller? Ist künstliche Intelligenz wirklich rassistisch und Medizin überwiegend für Männer? Haben Klimatologinnen eigentlich noch Hoffnung, oder weiß der Historiker da mehr? Auf dem Weg entsteht aber auch Zukunftsmusik: Verkehrsmittel, von denen Ingenieurinnen träumen, und Städte, in denen sich Füchse tummeln; auf Gentechnik basierte Medikamente und biologisch abbaubares Verpackungsmaterial. Oder, noch revolutionärer: Wege, wissenschaftliche Erkenntnisse einzusetzen, bevor es brennt. \n\n\nIm Science Slam-Stil spekulieren Forschende, wie die Welt aussähe, wenn irgendjemand auf ihr Fachgebiet hören würde. Die Erkenntnisse reichen von Energiewende und Biodiversität bis zu Neurowissenschaften und geschlechtergerechter Medizin. Nach dem Chaos Communication Camp jetzt auch in Hamburg.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53141,53282],"conference_id":131,"event_ids":[53647,53571],"name":"Maria-Elena Vorrath","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52424},{"content_ids":[53282],"conference_id":131,"event_ids":[53647],"name":"FrancaParianen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52426}],"timeband_id":1141,"end":"2023-12-28T18:55:00.000-0000","links":[{"label":"Link zum Chaos Camp Slam","type":"link","url":"https://events.ccc.de/camp/2023/hub/camp23/en/event/chaos-science-slam/"}],"id":53647,"tag_ids":[46120,46136,46139],"begin_timestamp":{"seconds":1703787300,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52426},{"tag_id":46107,"sort_order":1,"person_id":52424}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-28T18:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Es wird immer wieder behauptet, die Einführung generativer KI-Systeme wie ChatGPT und Midjourney habe eine neue Ära der Möglichkeiten eröffnet, insbesondere im Bereich der digitalen Barrierefreiheit. Diese Technologien und Unternehmen versprechen, den Alltag von Menschen mit Behinderungen durch innovative Lösungen zu erleichtern. Beispielsweise ermöglichen neue, multi-modale Large Language Models die Generierung von Alternativtexten, die visuelle Inhalte für sehbehinderte Nutzer\\*innen zugänglicher machen könnten. Auch die Erstellung von Texten in Leichter Sprache kann durch diese Modelle vereinfacht werden, wodurch Informationen für Menschen mit Lernbehinderungen oder Nicht-Muttersprachler\\*innen leichter verständlich werden können.\r\n\r\nDoch die Integration von KI in unseren Alltag als behinderte Menschen bringt nicht nur Vorteile. Trotz der neuen Fähigkeiten von KI-Systemen kommen einige neue Herausforderungen hinzu. Dazu gehören unter anderem reproduzierter Ableismus, neue für uns unsichtbare Barrieren und der zunehmende gesellschaftliche Unwille, Barrierefreiheit und somit echte Inklusion zu schaffen, wenn Hilfsmittel immer besser werden. Unter Umständen werden Menschen mit Behinderung in einem gesellschaftlichen Kontext noch unsichtbarer, als sie es sowieso sind.\r\n\r\nBei meiner Arbeit als Beraterin für digitale Barrierefreiheit und als sehbehinderte Person spreche ich mittlerweile täglich über generative KI. Neben den vielen Möglichkeiten, die mir diese Systeme persönlich eröffnen, sehe ich aber auch viele Herausforderungen, denen wir in naher Zukunft entgegentreten müssen. Es ist daher unerlässlich, dass wir die Entwicklung von KI-Tools kritisch begleiten, um eine inklusive digitale Zukunft zu gestalten, in der technologischer Fortschritt Hand in Hand mit menschlicher Vielfalt geht. Im Vortrag werfe ich einen detaillierten Blick auf alle diese Punkte, ordne ein und diskutiere, was dafür notwendig ist.\n\n\nSpätestens seit Ende 2022 sind generative KI-Systeme wie ChatGPT und Midjourney in aller Munde, und sie werden dabei nicht selten auch als Game-Changer für die digitale Barrierefreiheit postuliert. Doch wo stehen wir eigentlich gerade wirklich, was können diese Systeme bereits jetzt für uns tun, und was bringt uns die Zukunft? Es ist höchste Zeit für einen unverfälschten „Reality Check“ und einen authentischen Blick in den Alltag von Menschen mit Behinderung.","title":"Rettet uns die KI?","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"android_description":"Es wird immer wieder behauptet, die Einführung generativer KI-Systeme wie ChatGPT und Midjourney habe eine neue Ära der Möglichkeiten eröffnet, insbesondere im Bereich der digitalen Barrierefreiheit. Diese Technologien und Unternehmen versprechen, den Alltag von Menschen mit Behinderungen durch innovative Lösungen zu erleichtern. Beispielsweise ermöglichen neue, multi-modale Large Language Models die Generierung von Alternativtexten, die visuelle Inhalte für sehbehinderte Nutzer\\*innen zugänglicher machen könnten. Auch die Erstellung von Texten in Leichter Sprache kann durch diese Modelle vereinfacht werden, wodurch Informationen für Menschen mit Lernbehinderungen oder Nicht-Muttersprachler\\*innen leichter verständlich werden können.\r\n\r\nDoch die Integration von KI in unseren Alltag als behinderte Menschen bringt nicht nur Vorteile. Trotz der neuen Fähigkeiten von KI-Systemen kommen einige neue Herausforderungen hinzu. Dazu gehören unter anderem reproduzierter Ableismus, neue für uns unsichtbare Barrieren und der zunehmende gesellschaftliche Unwille, Barrierefreiheit und somit echte Inklusion zu schaffen, wenn Hilfsmittel immer besser werden. Unter Umständen werden Menschen mit Behinderung in einem gesellschaftlichen Kontext noch unsichtbarer, als sie es sowieso sind.\r\n\r\nBei meiner Arbeit als Beraterin für digitale Barrierefreiheit und als sehbehinderte Person spreche ich mittlerweile täglich über generative KI. Neben den vielen Möglichkeiten, die mir diese Systeme persönlich eröffnen, sehe ich aber auch viele Herausforderungen, denen wir in naher Zukunft entgegentreten müssen. Es ist daher unerlässlich, dass wir die Entwicklung von KI-Tools kritisch begleiten, um eine inklusive digitale Zukunft zu gestalten, in der technologischer Fortschritt Hand in Hand mit menschlicher Vielfalt geht. Im Vortrag werfe ich einen detaillierten Blick auf alle diese Punkte, ordne ein und diskutiere, was dafür notwendig ist.\n\n\nSpätestens seit Ende 2022 sind generative KI-Systeme wie ChatGPT und Midjourney in aller Munde, und sie werden dabei nicht selten auch als Game-Changer für die digitale Barrierefreiheit postuliert. Doch wo stehen wir eigentlich gerade wirklich, was können diese Systeme bereits jetzt für uns tun, und was bringt uns die Zukunft? Es ist höchste Zeit für einen unverfälschten „Reality Check“ und einen authentischen Blick in den Alltag von Menschen mit Behinderung.","end_timestamp":{"seconds":1703789700,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53185],"conference_id":131,"event_ids":[53484],"name":"Casey Kreer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52407}],"timeband_id":1141,"links":[{"label":"Netzpolitik.org - GPT-4: Das nächste große Ding für digitale Zugänglichkeit?","type":"link","url":"https://netzpolitik.org/2023/gpt-4-das-naechste-grosse-ding-fuer-digitale-zugaenglichkeit/"}],"end":"2023-12-28T18:55:00.000-0000","id":53484,"begin_timestamp":{"seconds":1703787300,"nanoseconds":0},"tag_ids":[46121,46136,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52407}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T18:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/resi-resom\n\n\nhört doch einfach zu.","title":"resom","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"https://soundcloud.com/resi-resom\n\n\nhört doch einfach zu.","end_timestamp":{"seconds":1703793600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T20:00:00.000-0000","id":53864,"begin_timestamp":{"seconds":1703786400,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","begin":"2023-12-28T18:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Warum immer nur den FAIL Tisch ? Dieses Jahr wird es Positiv. Was hat euer Podcast jemals positives für euch gemacht ? Also außer Verbesserung der Technik im Homeoffice .. Das versteht sich ja von selbst. Wir erzählen was so positiv am Podcasten ist. \r\n\r\nWeitere konspirative Teilnehmer der unabhängigen Podcastervereinigung gerne gesehen. Allerdings keine Podcaster der Podimopodcastpartei .. diese Spalter","type":{"conference_id":131,"conference":"37C3","color":"#93758d","updated_at":"2024-06-07T03:40+0000","name":"Podcasting table (45 minutes)","id":46128},"title":"Fantas-Tisch","android_description":"Warum immer nur den FAIL Tisch ? Dieses Jahr wird es Positiv. Was hat euer Podcast jemals positives für euch gemacht ? Also außer Verbesserung der Technik im Homeoffice .. Das versteht sich ja von selbst. Wir erzählen was so positiv am Podcasten ist. \r\n\r\nWeitere konspirative Teilnehmer der unabhängigen Podcastervereinigung gerne gesehen. Allerdings keine Podcaster der Podimopodcastpartei .. diese Spalter","end_timestamp":{"seconds":1703789100,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53687,53100,53150,53375],"conference_id":131,"event_ids":[53572,53522,53723,54019],"name":"Sven Uckermann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52388}],"timeband_id":1141,"links":[],"end":"2023-12-28T18:45:00.000-0000","id":53723,"village_id":null,"begin_timestamp":{"seconds":1703786400,"nanoseconds":0},"tag_ids":[46128,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52388}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"spans_timebands":"N","begin":"2023-12-28T18:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://events.ccc.de/congress/2023/hub/en/event/building-tiny-programming-languages-mohit-karekar/\n\n\nLet's building tiny programming languages and go through the process of program synthesis by building a compiler frontend.","title":"Building Tiny Programming Languages (Mohit Karekar)","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703790000,"nanoseconds":0},"android_description":"https://events.ccc.de/congress/2023/hub/en/event/building-tiny-programming-languages-mohit-karekar/\n\n\nLet's building tiny programming languages and go through the process of program synthesis by building a compiler frontend.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T19:00:00.000-0000","id":53720,"village_id":null,"begin_timestamp":{"seconds":1703786400,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"begin":"2023-12-28T18:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir blicken auf ein Jahr voller rechter, rassistischer und antisemitischer Kampagnen zurück. Der Diskurs um Migration und Flucht wird mit zunehmender Selbstverständlichkeit als ein Diskurs der Abwehr und des Ausschlusses der „Anderen“ geführt. Dies drückt sich in immer neuen Gesetzesverschärfungen bis hin zur Forderung nach einer vollständigen Abschaffung des Grundrechtes auf Asyl aus. Und auch in anderen Bereichen der Politik wird der Ruf nach autoritären „Lösungen“ für tatsächliche oder vermeintliche Probleme lauter. Nur vor diesem gesellschaftlichen Hintergrund sind die Wahlerfolge der AfD in Hessen und Bayern zu verstehen.\r\n\r\nFür uns ist klar: Unter solchen gesellschaftlichen Bedingungen wächst die Gefahr rechten Terrors. Die Zahl der antisemitischen, rassistischen und rechten Angriffe steigt weiterhin, denn Rechte Täter*innen können sich als diejenigen verstehen, die einen vermeintlichen „Volkswillen“ in die Tat umsetzen. Sie finden vermehrt die Ermöglichungsstrukturen, die sie für ihre Taten benötigen – in rechten Organisationen ebenso wie im Netz oder im direkten sozialen Umfeld.\r\n\r\nWir wollen im Podcast auf das Jahr 2023 zurückschauen und ausloten, wo wir im Kampf gegen rechten Terror stehen. Was sind unsere Möglichkeiten, zu informieren und zu intervenieren? Wir müssen von Staat und Gesellschaft Aufklärung und Konsequenzen einfordern, die Arbeit von Polizei, Justiz und Parlamenten kritisch beobachten, Verharmlosung und Entpolitisierung entgegentreten, solidarisch sein und Betroffenen in ihren Kämpfen um Anerkennung und Gerechtigkeit beiseite stehen. Dafür scheinen die Räume enger und weniger zu werden. Was können wir 2024 gemeinsam erreichen?","title":"NSU-Watch: Aufklären & Einmischen. Der Jahresrückblick 2023.","type":{"conference_id":131,"conference":"37C3","color":"#4cd5fe","updated_at":"2024-06-07T03:40+0000","name":"Live podcast stage (45 minutes)","id":46126},"android_description":"Wir blicken auf ein Jahr voller rechter, rassistischer und antisemitischer Kampagnen zurück. Der Diskurs um Migration und Flucht wird mit zunehmender Selbstverständlichkeit als ein Diskurs der Abwehr und des Ausschlusses der „Anderen“ geführt. Dies drückt sich in immer neuen Gesetzesverschärfungen bis hin zur Forderung nach einer vollständigen Abschaffung des Grundrechtes auf Asyl aus. Und auch in anderen Bereichen der Politik wird der Ruf nach autoritären „Lösungen“ für tatsächliche oder vermeintliche Probleme lauter. Nur vor diesem gesellschaftlichen Hintergrund sind die Wahlerfolge der AfD in Hessen und Bayern zu verstehen.\r\n\r\nFür uns ist klar: Unter solchen gesellschaftlichen Bedingungen wächst die Gefahr rechten Terrors. Die Zahl der antisemitischen, rassistischen und rechten Angriffe steigt weiterhin, denn Rechte Täter*innen können sich als diejenigen verstehen, die einen vermeintlichen „Volkswillen“ in die Tat umsetzen. Sie finden vermehrt die Ermöglichungsstrukturen, die sie für ihre Taten benötigen – in rechten Organisationen ebenso wie im Netz oder im direkten sozialen Umfeld.\r\n\r\nWir wollen im Podcast auf das Jahr 2023 zurückschauen und ausloten, wo wir im Kampf gegen rechten Terror stehen. Was sind unsere Möglichkeiten, zu informieren und zu intervenieren? Wir müssen von Staat und Gesellschaft Aufklärung und Konsequenzen einfordern, die Arbeit von Polizei, Justiz und Parlamenten kritisch beobachten, Verharmlosung und Entpolitisierung entgegentreten, solidarisch sein und Betroffenen in ihren Kämpfen um Anerkennung und Gerechtigkeit beiseite stehen. Dafür scheinen die Räume enger und weniger zu werden. Was können wir 2024 gemeinsam erreichen?","end_timestamp":{"seconds":1703789100,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53341],"conference_id":131,"event_ids":[53693],"name":"Caro Keller (NSU-Watch)","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52297}],"timeband_id":1141,"links":[],"end":"2023-12-28T18:45:00.000-0000","id":53693,"tag_ids":[46126,46139],"begin_timestamp":{"seconds":1703786400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52297}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T18:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Du interessierst dich für einen kritischen und selbstbestimmte Umgang mit Informationstechnik? Für Faire Computer, Datenschutz, Frieden, oder IT in der Arbeitswelt? Dann komm vorbei und lerne gleichgesinnte kennen. Egal ob langjährige FIfF Mitlieder, oder einfach nur neugierig, alle Menschen sind herzlich zu unserem Vernetzungstreffen eingeladen!\n\n\n","title":"Forum InformatikerInnen für Frieden und gesellschaftliche Verantwortung e. V. (FIfF) - Vernetzungstreffen","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703790000,"nanoseconds":0},"android_description":"Du interessierst dich für einen kritischen und selbstbestimmte Umgang mit Informationstechnik? Für Faire Computer, Datenschutz, Frieden, oder IT in der Arbeitswelt? Dann komm vorbei und lerne gleichgesinnte kennen. Egal ob langjährige FIfF Mitlieder, oder einfach nur neugierig, alle Menschen sind herzlich zu unserem Vernetzungstreffen eingeladen!","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T19:00:00.000-0000","id":53686,"begin_timestamp":{"seconds":1703786400,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","begin":"2023-12-28T18:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This year the 1st Congress Skat Tournament will be held for all friends of Skat and those who want to become one.\r\n\r\nNon-binding registration at [Nuudel](https://nuudel.digitalcourage.de/TO4oi5TKZANNdv6n) powered by DigitalCourage. The first 40 players on the list are guaranteed a place. If more than 40 players register, they will be placed on the waiting list (see registration page) or additional tables will be opened according to availability.\r\n\r\nYou must know the basic Skat rules to ensure a fair competition for everyone. However, the level of playing experience is irrelevant. The winner and last place will receive a small prize. The other places may receive prizes, depending on availability.\r\n\r\nThe best thing to do is to look for the hashtag [#37c3Skat](https://chaos.social/tags/37c3Skat) on your Mastodon client or in the web. This is where the latest developments regarding tournament preparation will be published. Unfortunately, there is not enough capacity for further communication channels.\r\n\r\nMore information can be found at the [web page of the tournament](https://0x1b.de/37c3Skat/index_en.html).\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"1. Congress Skatturnier auf dem 37c3","android_description":"This year the 1st Congress Skat Tournament will be held for all friends of Skat and those who want to become one.\r\n\r\nNon-binding registration at [Nuudel](https://nuudel.digitalcourage.de/TO4oi5TKZANNdv6n) powered by DigitalCourage. The first 40 players on the list are guaranteed a place. If more than 40 players register, they will be placed on the waiting list (see registration page) or additional tables will be opened according to availability.\r\n\r\nYou must know the basic Skat rules to ensure a fair competition for everyone. However, the level of playing experience is irrelevant. The winner and last place will receive a small prize. The other places may receive prizes, depending on availability.\r\n\r\nThe best thing to do is to look for the hashtag [#37c3Skat](https://chaos.social/tags/37c3Skat) on your Mastodon client or in the web. This is where the latest developments regarding tournament preparation will be published. Unfortunately, there is not enough capacity for further communication channels.\r\n\r\nMore information can be found at the [web page of the tournament](https://0x1b.de/37c3Skat/index_en.html).","end_timestamp":{"seconds":1703804400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T23:00:00.000-0000","id":53684,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703786400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T18:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"If you're helping somebody solving an interesting issue, summarize your experiences with something or write anything that might be cool to be around in a couple of years as well, you do provide potential high-value content. The message in this talk to all those authors is: don't use web-based forums.\r\n\r\nUnfortunately, all content of closed, centralized services will be lost in the long run. This talk will give examples from the past where human kind lost many important contributions.\r\n\r\nTherefore, it is necessary to choose the platform you contribute to wisely now instead of learning through more large data loss events later-on. The talk summarizes the dangers and provides positive examples how loss of knowledge can be minimized in future.\r\n\r\nSpeaker: Karl Voit\r\n\r\n45min of talk, Q&A + discussion afterwards\r\n\r\nYou can find a blog article, a talk recording (linking the talk page with the slides) and more links on the same topic on https://karl-voit.at/2020/10/23/avoid-web-forums/\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Don't Contribute Anything Relevant in Web Forums Like Reddit, HN, facebook, ...","end_timestamp":{"seconds":1703790000,"nanoseconds":0},"android_description":"If you're helping somebody solving an interesting issue, summarize your experiences with something or write anything that might be cool to be around in a couple of years as well, you do provide potential high-value content. The message in this talk to all those authors is: don't use web-based forums.\r\n\r\nUnfortunately, all content of closed, centralized services will be lost in the long run. This talk will give examples from the past where human kind lost many important contributions.\r\n\r\nTherefore, it is necessary to choose the platform you contribute to wisely now instead of learning through more large data loss events later-on. The talk summarizes the dangers and provides positive examples how loss of knowledge can be minimized in future.\r\n\r\nSpeaker: Karl Voit\r\n\r\n45min of talk, Q&A + discussion afterwards\r\n\r\nYou can find a blog article, a talk recording (linking the talk page with the slides) and more links on the same topic on https://karl-voit.at/2020/10/23/avoid-web-forums/","updated_timestamp":{"seconds":1703808300,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T19:00:00.000-0000","id":53672,"begin_timestamp":{"seconds":1703786400,"nanoseconds":0},"tag_ids":[46137,46139,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"updated":"2023-12-29T00:05:00.000-0000","begin":"2023-12-28T18:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Duration: 30 mins\r\n(followed by a discussion initiated by Digitalcourage local group Braunschweig)\r\n\r\nThe Digitalcourage local groups care for data protection and participation in a growing number of towns in Germany in a world, that constantly becomes more digitized but somtimes excludes people and leaves them behind. As local groups we try to fix that on a regional and nationwide level.\r\n\r\nIt doesn't matter if you are an old Digitalcourage member or are just curious - all people that want to engage on a local level are coridially invited.\r\n\r\nCookies will be served.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Triff die Digitalcourage-Ortsgruppen!","end_timestamp":{"seconds":1703788200,"nanoseconds":0},"android_description":"Duration: 30 mins\r\n(followed by a discussion initiated by Digitalcourage local group Braunschweig)\r\n\r\nThe Digitalcourage local groups care for data protection and participation in a growing number of towns in Germany in a world, that constantly becomes more digitized but somtimes excludes people and leaves them behind. As local groups we try to fix that on a regional and nationwide level.\r\n\r\nIt doesn't matter if you are an old Digitalcourage member or are just curious - all people that want to engage on a local level are coridially invited.\r\n\r\nCookies will be served.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T18:30:00.000-0000","id":53485,"begin_timestamp":{"seconds":1703786400,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"begin":"2023-12-28T18:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Every day from 18:30 to 19:00 at the 37c3 Kidspace, we're hosting a bedtime story reading session. Perfect for everyone looking to unwind after an exciting day at the Congress. Among others, we'll read from works like 'Ada and Zangemann: A Fairy Tale about Software, Skateboards, and Raspberry Ice Cream' – just one example of the many captivating stories that await you.\n\n\n","title":"GuteN8Geschichten - Tag 2","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703786400,"nanoseconds":0},"android_description":"Every day from 18:30 to 19:00 at the 37c3 Kidspace, we're hosting a bedtime story reading session. Perfect for everyone looking to unwind after an exciting day at the Congress. Among others, we'll read from works like 'Ada and Zangemann: A Fairy Tale about Software, Skateboards, and Raspberry Ice Cream' – just one example of the many captivating stories that await you.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T18:00:00.000-0000","id":53711,"tag_ids":[46137,46141],"village_id":null,"begin_timestamp":{"seconds":1703784600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Kidspace - Saal B","hotel":"","short_name":"Kidspace - Saal B","id":46158},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T17:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Pinhole cameras, caffenol, cyanotype & co - reinventing the wheel to take an analog photo!\r\n \r\nShoot and develop your own analog photo with minimalist equipment and non-toxic household ingredients! A selfmade pinhole camera, photo paper and coffee as a developer is enough to get started.After that, the result will be printed on self-made blue & white cyanotype paper.No prior knowledge needed, all material is provided.\r\n\r\n############\r\n\r\nElias / Anna\r\n We are hobby photographers / filmers always looking for new ways & recipes to expand our knowledge about analog photographic processes.\n\n\nLochkameras, Caffenol, Blaudruck & co - erfinde das Rad neu, um ein analoges Photo zu schießen!","title":"Art and Play: DIY photolab research","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Pinhole cameras, caffenol, cyanotype & co - reinventing the wheel to take an analog photo!\r\n \r\nShoot and develop your own analog photo with minimalist equipment and non-toxic household ingredients! A selfmade pinhole camera, photo paper and coffee as a developer is enough to get started.After that, the result will be printed on self-made blue & white cyanotype paper.No prior knowledge needed, all material is provided.\r\n\r\n############\r\n\r\nElias / Anna\r\n We are hobby photographers / filmers always looking for new ways & recipes to expand our knowledge about analog photographic processes.\n\n\nLochkameras, Caffenol, Blaudruck & co - erfinde das Rad neu, um ein analoges Photo zu schießen!","end_timestamp":{"seconds":1703797200,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T21:00:00.000-0000","id":53937,"begin_timestamp":{"seconds":1703782800,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Art and Play Workshop table [H]","hotel":"","short_name":"Art and Play Workshop table [H]","id":46162},"spans_timebands":"N","begin":"2023-12-28T17:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Es ist Ende 2023: seit der initialen Gründung von #clubsAREculture sind über 1.000 Tage vergangen, die Pandemie ist offiziell längst vorbei, der Chaos Communication Congress findet endlich wieder statt und seit Mai 2021 sind Clubs vom Deutschen Bundestag als Kulturstätten anerkannt. Das klingt gut und als würde alles bestens laufen, aber die Realität sieht leider anders aus: nach wie vor schließen bundesweit Clubs. Mieten werden teurer, die Energiekosten steigen und die Inflation hat sich wie eine dicke Staubschicht über alles gelegt. Und wie geht es nun weiter mit der Clubkultur?\r\n\r\nWas wir bisher erreichen konnten, was wir noch alles vorhaben und warum ein Club baurechtlich immer noch nicht wie eine Oper behandelt wird – all das erfahrt ihr bei unserem Panel auf dem 37C3. Wir freuen uns auf Euch!\r\n\r\nTeilnehmer:innen:\r\nIris Hinze (Clubverstärker Bremen)\r\nStefan Hangl (Vorstand Motorschiff Stubnitz e. V.)\r\nThore Debor (LiveKomm AG Kulturraumschutz)\r\n\r\nModeration: jadzia (CCC)\r\n\r\nhttps://www.clubsareculture.de/termine/unlocked-next-level-on-unambiguous-terms-clubsareculture-goes-37c3/\n\n\nIm Sommer starteten wir die Kampagne #clubsAREculture – Rettet die Clubs!","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"#clubsAREculture","end_timestamp":{"seconds":1703786400,"nanoseconds":0},"android_description":"Es ist Ende 2023: seit der initialen Gründung von #clubsAREculture sind über 1.000 Tage vergangen, die Pandemie ist offiziell längst vorbei, der Chaos Communication Congress findet endlich wieder statt und seit Mai 2021 sind Clubs vom Deutschen Bundestag als Kulturstätten anerkannt. Das klingt gut und als würde alles bestens laufen, aber die Realität sieht leider anders aus: nach wie vor schließen bundesweit Clubs. Mieten werden teurer, die Energiekosten steigen und die Inflation hat sich wie eine dicke Staubschicht über alles gelegt. Und wie geht es nun weiter mit der Clubkultur?\r\n\r\nWas wir bisher erreichen konnten, was wir noch alles vorhaben und warum ein Club baurechtlich immer noch nicht wie eine Oper behandelt wird – all das erfahrt ihr bei unserem Panel auf dem 37C3. Wir freuen uns auf Euch!\r\n\r\nTeilnehmer:innen:\r\nIris Hinze (Clubverstärker Bremen)\r\nStefan Hangl (Vorstand Motorschiff Stubnitz e. V.)\r\nThore Debor (LiveKomm AG Kulturraumschutz)\r\n\r\nModeration: jadzia (CCC)\r\n\r\nhttps://www.clubsareculture.de/termine/unlocked-next-level-on-unambiguous-terms-clubsareculture-goes-37c3/\n\n\nIm Sommer starteten wir die Kampagne #clubsAREculture – Rettet die Clubs!","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T18:00:00.000-0000","id":53920,"begin_timestamp":{"seconds":1703782800,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: Sebastian Jünemann\r\n\r\nHumanitäre Katastrophenhilfe birgt an sich schon viele Einsatzrisiken. Das potenziert sich natürlich noch, wenn es sich nicht um einen Einsatz nach einer Naturkatastrophe in einem vorher „stabilen“ Land/Umfeld handelt, sondern um Einsätze in Bezug auf Krieg oder kriegerische Auseinandersetzungen. \r\nWie kann sich so einer Einsatzlage angenähert werden? Wie die verschiedenen Risiken durchdacht und bewertet werden? Wie können Planungen erfolgen, um den Risiken etwas entgegenzusetzen?\r\nIm Workshop „Frodo aus dem AuAland“ machen wir mit Paper und Pen eine Risk Analysis und Mitigation-Planung anhand eines fiktiven humanitären Einsatzes vor den Toren Mordors.\n\n\nHumanitäre Katastrophenhilfe birgt an sich schon viele Einsatzrisiken.","title":"Frodo aus dem AuAland – Risk Analysis and Mitigation für eine humanitäre Intervention vor den Toren Mordors","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703786400,"nanoseconds":0},"android_description":"Host: Sebastian Jünemann\r\n\r\nHumanitäre Katastrophenhilfe birgt an sich schon viele Einsatzrisiken. Das potenziert sich natürlich noch, wenn es sich nicht um einen Einsatz nach einer Naturkatastrophe in einem vorher „stabilen“ Land/Umfeld handelt, sondern um Einsätze in Bezug auf Krieg oder kriegerische Auseinandersetzungen. \r\nWie kann sich so einer Einsatzlage angenähert werden? Wie die verschiedenen Risiken durchdacht und bewertet werden? Wie können Planungen erfolgen, um den Risiken etwas entgegenzusetzen?\r\nIm Workshop „Frodo aus dem AuAland“ machen wir mit Paper und Pen eine Risk Analysis und Mitigation-Planung anhand eines fiktiven humanitären Einsatzes vor den Toren Mordors.\n\n\nHumanitäre Katastrophenhilfe birgt an sich schon viele Einsatzrisiken.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T18:00:00.000-0000","id":53917,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703782800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Hinweis: Die Kernveranstaltung dauert ca. 1 Stunde. Wenn die Anwesenden das wollen, können aber danach gemeinsam Fragen geklärt oder spezielle Bedingungen direkt bei euch auf der Arbeit gemeinsam besprochen werden (max. 2h insgesamt).\n\n\nWir werden aus ein paar wenigen Unzufriedenen, eine schlagkräftige Gemeinschaft, um gegen schlechte Arbeitsbedingungen vorzugehen? Wir werden in diesem Workshop (absolut keinerlei Vorkenntnisse notwendig!) uns die Methode des Soziogramms genauer anschauen und gemeinsam ausprobieren, wie wir unsere Arbeitskolleg*innen für Veränderungen gewinnen können.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Workshop: Organizing für Einsteiger*innen (am Arbeitsplatz)","android_description":"Hinweis: Die Kernveranstaltung dauert ca. 1 Stunde. Wenn die Anwesenden das wollen, können aber danach gemeinsam Fragen geklärt oder spezielle Bedingungen direkt bei euch auf der Arbeit gemeinsam besprochen werden (max. 2h insgesamt).\n\n\nWir werden aus ein paar wenigen Unzufriedenen, eine schlagkräftige Gemeinschaft, um gegen schlechte Arbeitsbedingungen vorzugehen? Wir werden in diesem Workshop (absolut keinerlei Vorkenntnisse notwendig!) uns die Methode des Soziogramms genauer anschauen und gemeinsam ausprobieren, wie wir unsere Arbeitskolleg*innen für Veränderungen gewinnen können.","end_timestamp":{"seconds":1703790000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T19:00:00.000-0000","id":53841,"begin_timestamp":{"seconds":1703782800,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Freie Arbeiter*innen Union (FAU)","hotel":"","short_name":"Freie Arbeiter*innen Union (FAU)","id":46146},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir als demokratische Gesellschaft haben ziemlich große Herausforderungen vor uns (Klima, Ressourcen, Verteilung, gesellschaftliche Normen, ...). Diese akzeptabel zu lösen, wird ziemlich schwierig, wenn wir nicht “vernünftig” miteinander diskutieren können und auf Basis solcher Diskussionen dann gut informierte Entscheidungen treffen.\r\n\r\nLeider läuft es aktuell ganz anders, insbesondere im digitalen Raum: Bei kontroversen Themen findet sachlicher Austausch gut begründeter Argumente viel seltener statt als Irreführung, Polemik und Beleidigungen bis hin zu harter digitaler Gewalt. Bezugsloses Aneinander-Vorbeireden oder das Versanden der Diskussion sind dann zwar noch vergleichsweise harmlose Verläufe – sie helfen aber beim Finden von Problemlösungen auch nicht.\r\n\r\nOft werden diese Probleme auf indivdueller Ebene thematisiert aber ein zivilgesellschaftlicher bzw. aktivistischer Rahmen, um sie auf Systemebene anzugehen fehlte bislang. Deswegen hat sich im Sommer 2023 eine Gruppe gegründet, die das ändern möchte. \r\n\r\nDer Vortrag stellt die Gruppe *Konstruktive Digitale Diskussionskultur* (KDDK) auf Basis ihres zwölf Thesen umfassenden Positionspapiers und anhand passender Beispiele vor. Dabei werden u.a. folgende Fragen behandelt:\r\n\r\n- Worin besteht das Problem mit der Diskussionskultur?\r\n- Warum ist das sehr kritisch?\r\n- Wie können Schritte in Richtung einer Lösung aussehen?\n\n\nDigital geführte Diskussionen über kontroverse Themen sind oft frustrierend: Sie gleiten ins Unsachliche ab, sie eskalieren, z.T. bis hin zu harter digitaler Gewalt, oder sie versanden ergebnislos. \r\nDie Gruppe *Konstruktive Digitale Diskussionskultur* (KDDK) hat das Ziel, sich sytematisch (d.h. über die individuelle Ebene hinaus) und lösungsorientiert mit dem Problem zu befassen.\r\n\r\nDer Vortrag stellt die Problemwahrnehmung und mögliche Lösungsansätze aus Sicht der Gruppe vor.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#6fdce3","name":"Talk 30 min + 10 min Q&A","id":46131},"title":"Konstruktive Digitale Diskussionskultur (KDDK)","android_description":"Wir als demokratische Gesellschaft haben ziemlich große Herausforderungen vor uns (Klima, Ressourcen, Verteilung, gesellschaftliche Normen, ...). Diese akzeptabel zu lösen, wird ziemlich schwierig, wenn wir nicht “vernünftig” miteinander diskutieren können und auf Basis solcher Diskussionen dann gut informierte Entscheidungen treffen.\r\n\r\nLeider läuft es aktuell ganz anders, insbesondere im digitalen Raum: Bei kontroversen Themen findet sachlicher Austausch gut begründeter Argumente viel seltener statt als Irreführung, Polemik und Beleidigungen bis hin zu harter digitaler Gewalt. Bezugsloses Aneinander-Vorbeireden oder das Versanden der Diskussion sind dann zwar noch vergleichsweise harmlose Verläufe – sie helfen aber beim Finden von Problemlösungen auch nicht.\r\n\r\nOft werden diese Probleme auf indivdueller Ebene thematisiert aber ein zivilgesellschaftlicher bzw. aktivistischer Rahmen, um sie auf Systemebene anzugehen fehlte bislang. Deswegen hat sich im Sommer 2023 eine Gruppe gegründet, die das ändern möchte. \r\n\r\nDer Vortrag stellt die Gruppe *Konstruktive Digitale Diskussionskultur* (KDDK) auf Basis ihres zwölf Thesen umfassenden Positionspapiers und anhand passender Beispiele vor. Dabei werden u.a. folgende Fragen behandelt:\r\n\r\n- Worin besteht das Problem mit der Diskussionskultur?\r\n- Warum ist das sehr kritisch?\r\n- Wie können Schritte in Richtung einer Lösung aussehen?\n\n\nDigital geführte Diskussionen über kontroverse Themen sind oft frustrierend: Sie gleiten ins Unsachliche ab, sie eskalieren, z.T. bis hin zu harter digitaler Gewalt, oder sie versanden ergebnislos. \r\nDie Gruppe *Konstruktive Digitale Diskussionskultur* (KDDK) hat das Ziel, sich sytematisch (d.h. über die individuelle Ebene hinaus) und lösungsorientiert mit dem Problem zu befassen.\r\n\r\nDer Vortrag stellt die Problemwahrnehmung und mögliche Lösungsansätze aus Sicht der Gruppe vor.","end_timestamp":{"seconds":1703786400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53382],"conference_id":131,"event_ids":[53729],"name":"CarK","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52309}],"timeband_id":1141,"links":[],"end":"2023-12-28T18:00:00.000-0000","id":53729,"village_id":null,"tag_ids":[46131,46139],"begin_timestamp":{"seconds":1703782800,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52309}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"begin":"2023-12-28T17:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://events.ccc.de/congress/2023/hub/en/event/codeheat-open-source-developer-contest/\n\n\nBuild up your developer profile and become a codeheat hero! Win a trip to FOSSASIA Summit 2024. CodeHeat is the annual coding contest for students and developers to contribute to Free and Open Source software (FOSS) and open hardware projects https://codeheat.org/","title":"Codeheat Introductory Workshop (Untari, Hong Phuc Dang)","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"https://events.ccc.de/congress/2023/hub/en/event/codeheat-open-source-developer-contest/\n\n\nBuild up your developer profile and become a codeheat hero! Win a trip to FOSSASIA Summit 2024. CodeHeat is the annual coding contest for students and developers to contribute to Free and Open Source software (FOSS) and open hardware projects https://codeheat.org/","end_timestamp":{"seconds":1703786400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T18:00:00.000-0000","id":53719,"village_id":null,"begin_timestamp":{"seconds":1703782800,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Skat is a card game that has been played for over 200 years, especially in Germany, and is played by a large number of players. In this session, I will talk about the game, its history and its fascination. I will also discuss the differences between \"Pub Skat\" and the organization of Skat tournaments according to the International Skat Rules and Skat Competition Rules.\r\n\r\nThis session is a good preparation for the [1st Congress Skat Tournament](https://events.ccc.de/congress/2023/hub/en/event/1-congress-skatturnier-auf-dem-37c3/) that will take place afterwards, but is not a prerequisite for participation in the tournament.\r\n\r\nEveryone who wants to know something about Skat is invited.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Warum ist Skat so faszinierend?","android_description":"Skat is a card game that has been played for over 200 years, especially in Germany, and is played by a large number of players. In this session, I will talk about the game, its history and its fascination. I will also discuss the differences between \"Pub Skat\" and the organization of Skat tournaments according to the International Skat Rules and Skat Competition Rules.\r\n\r\nThis session is a good preparation for the [1st Congress Skat Tournament](https://events.ccc.de/congress/2023/hub/en/event/1-congress-skatturnier-auf-dem-37c3/) that will take place afterwards, but is not a prerequisite for participation in the tournament.\r\n\r\nEveryone who wants to know something about Skat is invited.","end_timestamp":{"seconds":1703785800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T17:50:00.000-0000","id":53671,"begin_timestamp":{"seconds":1703782800,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"begin":"2023-12-28T17:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Tägliche Meetups zum Netzwerken, gegenseitiges Kennenlernen, Tipps geben.","title":"Bits & Bäume Community Treffen Tag 2","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"Tägliche Meetups zum Netzwerken, gegenseitiges Kennenlernen, Tipps geben.","end_timestamp":{"seconds":1703786400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T18:00:00.000-0000","id":53493,"begin_timestamp":{"seconds":1703782800,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Community Space","hotel":"","short_name":"Bits & Bäume Community Space","id":46145},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In this physical practice session, we will present EightOS — a practice of hacking your own and somebody else's body using a combination of martial art techniques and various body practices. \r\n\r\nThe participating hackers are guaranteed to be refreshed afterward and have a nice body sensation after a mild interactive physical practice. You'll also meet others through words and code, their touch, and — if you prefer — their punch.\r\n\r\nWe will explore notions such as resilience, vulnerability, adaptation, and infiltration — but in relation to the body. How can you \"infiltrate\" a body? What is a body that is \"resilient\"? All this becomes very tangible and practical as soon as you start practicing those concepts and not only talking about them. \r\n\r\nWe hope that you will get not only activated physically but also inspired intellectually seeing how you can apply these ideas outside of the physical context and in your hacking practice as well.\r\n\r\nThe exact location is TBC after we get the map of the space. In the meanwhile, if you have any questions, please, reach out on Telegram @noduslabs\r\n\r\nHosted by @aerodynamika (Dmitry Paranyushkin) and @kirikoo_des (Koo Des / NSDOS)\r\n\r\nMore info: [www.8os.io](https://8os.io)\n\n\n","title":"EightOS: Embodied Hacking Practice [8 OS Physical Movement Session]","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"In this physical practice session, we will present EightOS — a practice of hacking your own and somebody else's body using a combination of martial art techniques and various body practices. \r\n\r\nThe participating hackers are guaranteed to be refreshed afterward and have a nice body sensation after a mild interactive physical practice. You'll also meet others through words and code, their touch, and — if you prefer — their punch.\r\n\r\nWe will explore notions such as resilience, vulnerability, adaptation, and infiltration — but in relation to the body. How can you \"infiltrate\" a body? What is a body that is \"resilient\"? All this becomes very tangible and practical as soon as you start practicing those concepts and not only talking about them. \r\n\r\nWe hope that you will get not only activated physically but also inspired intellectually seeing how you can apply these ideas outside of the physical context and in your hacking practice as well.\r\n\r\nThe exact location is TBC after we get the map of the space. In the meanwhile, if you have any questions, please, reach out on Telegram @noduslabs\r\n\r\nHosted by @aerodynamika (Dmitry Paranyushkin) and @kirikoo_des (Koo Des / NSDOS)\r\n\r\nMore info: [www.8os.io](https://8os.io)","end_timestamp":{"seconds":1703788200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T18:30:00.000-0000","id":53459,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703782800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Inhalt/Ziel: zuerst geht es um allgemeine Grundlagen - wie kann ich eine Gehörlose Person auf mich aufmerksam machen? Wie kommuniziere ich mit einer Gehörlosen Person, wenn ich kein Fingeralphabet/keine Gebärdensprache beherrsche? Und schlussendlich lernen wir auch das Fingeralphabet, und einige wichtige Gebärden in ÖGS und DGS (ja, Österreichische und Deutsche Gebärdensprache sind verschieden!).\n\n\nZielgruppe: Hörende, die Kommunikationshürden mit d/Deaf oder HoH Personen überwinden wollen. Keine Kenntnisse von Gebärdensprachen oder Fingeralphabet notwendig :)","title":"Kommunikation und Interaktion mit Gehörlosen - ein paar Grundlagen","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#7f73c6","name":"Workshop","id":46133},"end_timestamp":{"seconds":1703788200,"nanoseconds":0},"android_description":"Inhalt/Ziel: zuerst geht es um allgemeine Grundlagen - wie kann ich eine Gehörlose Person auf mich aufmerksam machen? Wie kommuniziere ich mit einer Gehörlosen Person, wenn ich kein Fingeralphabet/keine Gebärdensprache beherrsche? Und schlussendlich lernen wir auch das Fingeralphabet, und einige wichtige Gebärden in ÖGS und DGS (ja, Österreichische und Deutsche Gebärdensprache sind verschieden!).\n\n\nZielgruppe: Hörende, die Kommunikationshürden mit d/Deaf oder HoH Personen überwinden wollen. Keine Kenntnisse von Gebärdensprachen oder Fingeralphabet notwendig :)","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53135,53472],"conference_id":131,"event_ids":[53445,53807],"name":"Helga Velroyen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52253},{"content_ids":[53135],"conference_id":131,"event_ids":[53445],"name":"Stoni","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52287},{"content_ids":[53135,53472],"conference_id":131,"event_ids":[53445,53807],"name":"lavalaempchen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52389}],"timeband_id":1141,"links":[],"end":"2023-12-28T18:30:00.000-0000","id":53445,"tag_ids":[46133,46139],"village_id":null,"begin_timestamp":{"seconds":1703782800,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52253},{"tag_id":46107,"sort_order":1,"person_id":52287},{"tag_id":46107,"sort_order":1,"person_id":52389}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Um die Verwaltungsdigitalisierung in Europa, besonders aber in Deutschland, steht es nicht gut. Wir kennen es alle: Expert*innen sagen, dass der Einsatz einer speziellen Technologie für ein dediziertes Projekt nicht gut wäre, es wird trotzdem eingesetzt und am Ende scheitert das Projekt mit Ansage. \r\n\r\nDiese Podcast-Episode möchte folgende Themen beleuchten: \r\n\r\n • Wie steht es aktuell um die Verwaltungsdigitalisierung in Deutschland, im besonderen unter dem Aspekt Nachhaltigkeit\r\n\r\n • Inwiefern kann der vollständige (sukzessive) Umstieg bzw. insgesamt der Einsatz freier Softwarelösungen in (deutschen) Behörden und der öffentlichen Verwaltung dabei helfen, die Digitalisierung dort nachhaltiger zu gestalten?\r\n\r\n • Wie steht es um die Interoperabilität? \r\n\r\n • Wie steht es um Barrierefreiheit, Teilhabe für Alle, Inklusion bei den digitalen Verwaltungsdienstleistungen?","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#93758d","name":"Podcasting table (45 minutes)","id":46128},"title":"Wie kann eine Verwaltungsdigitalisierung in Deutschland und Europa nachhaltig und bevölkerungsfreundlich gestaltet werden?","android_description":"Um die Verwaltungsdigitalisierung in Europa, besonders aber in Deutschland, steht es nicht gut. Wir kennen es alle: Expert*innen sagen, dass der Einsatz einer speziellen Technologie für ein dediziertes Projekt nicht gut wäre, es wird trotzdem eingesetzt und am Ende scheitert das Projekt mit Ansage. \r\n\r\nDiese Podcast-Episode möchte folgende Themen beleuchten: \r\n\r\n • Wie steht es aktuell um die Verwaltungsdigitalisierung in Deutschland, im besonderen unter dem Aspekt Nachhaltigkeit\r\n\r\n • Inwiefern kann der vollständige (sukzessive) Umstieg bzw. insgesamt der Einsatz freier Softwarelösungen in (deutschen) Behörden und der öffentlichen Verwaltung dabei helfen, die Digitalisierung dort nachhaltiger zu gestalten?\r\n\r\n • Wie steht es um die Interoperabilität? \r\n\r\n • Wie steht es um Barrierefreiheit, Teilhabe für Alle, Inklusion bei den digitalen Verwaltungsdienstleistungen?","end_timestamp":{"seconds":1703783700,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53374],"conference_id":131,"event_ids":[53722],"name":"Lukas Schieren","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52475},{"content_ids":[53374],"conference_id":131,"event_ids":[53722],"name":"Marco Bakera","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52496}],"timeband_id":1141,"links":[],"end":"2023-12-28T17:15:00.000-0000","id":53722,"village_id":null,"begin_timestamp":{"seconds":1703781000,"nanoseconds":0},"tag_ids":[46128,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52475},{"tag_id":46107,"sort_order":1,"person_id":52496}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T16:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Workshop zum Vortrag \"Weil be excellent to each other nicht reicht -> https://events.ccc.de/congress/2023/hub/event/weil_be_excellent_to_each_other_nicht_reicht/\n\n\n","title":"Workshop - Weil be excellent to eachother nicht reicht","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703786400,"nanoseconds":0},"android_description":"Workshop zum Vortrag \"Weil be excellent to each other nicht reicht -> https://events.ccc.de/congress/2023/hub/event/weil_be_excellent_to_each_other_nicht_reicht/","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T18:00:00.000-0000","id":53682,"begin_timestamp":{"seconds":1703781000,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"begin":"2023-12-28T16:30:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The #TeamDatenschutz (team data protection) is used in the (more or less) social networks to assemble data protection officers, programmers, lawyers, activists, or supervisory authorities, as well as other people interested in data protection.\r\n\r\nThis Self-organized Session is intended as a meet up, where people can meet other persons interested in data protection, maybe see someone again, and for sharing or ranting about data protection topics and issues, etc.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"#TeamDatenschutz-Meetup","end_timestamp":{"seconds":1703787300,"nanoseconds":0},"android_description":"The #TeamDatenschutz (team data protection) is used in the (more or less) social networks to assemble data protection officers, programmers, lawyers, activists, or supervisory authorities, as well as other people interested in data protection.\r\n\r\nThis Self-organized Session is intended as a meet up, where people can meet other persons interested in data protection, maybe see someone again, and for sharing or ranting about data protection topics and issues, etc.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T18:15:00.000-0000","id":53698,"village_id":null,"begin_timestamp":{"seconds":1703780100,"nanoseconds":0},"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"House","hotel":"","short_name":"House","id":46137},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T16:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"You attempt to analyze a binary file compiled in the Rust programming language. You open the file in your favorite disassembler. Twenty minutes later you wish you had never been born. You’ve trained yourself to think like g++ and msvc: Here’s a loop, there’s a vtable, that’s a global variable, a library function, an exception. Now you need to think like the Rust compiler. Maybe you’ve heard about “sum types” and “generics” and “iterators”, maybe you haven’t, and in both cases you are going to have an exceptionally bad time.\r\n\r\nThis talk will get you familiar with the assembly code idioms the Rust compiler uses to implement the language’s core features (as they appear in Klabnik’s and Nichols’ “The Rust Programming Language”), and more generally, the frame of mind required for reverse-engineering such programs. How is an Option represented using the same amount of memory as a plain T? How do monomorphized generic functions complicate RE work? What's the right approach to untangle many-layered, unintuitive iterator chains? We will tackle these questions and many more.\r\n\r\nIncludes a publicly available lab setup with several sample programs that showcase core Rust features as compiled to assembly.\n\n\nA walkthrough of the assembly code idioms the Rust compiler uses to implement the language’s core features (as they appear in Klabnik’s and Nichols’ “The Rust Programming Language”) - starting with simple match expressions and all the way to monomorphized functions and iterator chains.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"Rust Binary Analysis, Feature by Feature","android_description":"You attempt to analyze a binary file compiled in the Rust programming language. You open the file in your favorite disassembler. Twenty minutes later you wish you had never been born. You’ve trained yourself to think like g++ and msvc: Here’s a loop, there’s a vtable, that’s a global variable, a library function, an exception. Now you need to think like the Rust compiler. Maybe you’ve heard about “sum types” and “generics” and “iterators”, maybe you haven’t, and in both cases you are going to have an exceptionally bad time.\r\n\r\nThis talk will get you familiar with the assembly code idioms the Rust compiler uses to implement the language’s core features (as they appear in Klabnik’s and Nichols’ “The Rust Programming Language”), and more generally, the frame of mind required for reverse-engineering such programs. How is an Option represented using the same amount of memory as a plain T? How do monomorphized generic functions complicate RE work? What's the right approach to untangle many-layered, unintuitive iterator chains? We will tackle these questions and many more.\r\n\r\nIncludes a publicly available lab setup with several sample programs that showcase core Rust features as compiled to assembly.\n\n\nA walkthrough of the assembly code idioms the Rust compiler uses to implement the language’s core features (as they appear in Klabnik’s and Nichols’ “The Rust Programming Language”) - starting with simple match expressions and all the way to monomorphized functions and iterator chains.","end_timestamp":{"seconds":1703782500,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53293],"conference_id":131,"event_ids":[53659],"name":"Ben H","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52450}],"timeband_id":1141,"links":[],"end":"2023-12-28T16:55:00.000-0000","id":53659,"village_id":null,"tag_ids":[46124,46136,46140],"begin_timestamp":{"seconds":1703780100,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52450}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","begin":"2023-12-28T16:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"After many attempts to build AI models that are smarter than human beings, we find ourselves confronted with a family of surprisingly successful systems that match many of our abilities through text prediction and text/image correlation. The limits of these approaches are presently unclear, and while they work in very different ways than our minds, they pose the question whether consciousness, embodiment and motivation are necessary for achieving general intelligence. What are the differences between human (and animal) minds and the current generation of AI models? When we compare perspectives on mind and consciousness that have been developed in neuroscience, philosophy of mind, theoretical and therapeutic psychology, and numerous cultural traditions, and translate them into the metaphysics and conceptual frameworks of artificial intelligence, we may gain insights into this question.\n\n\nDespite the rapid progress of AI capabilities, the core question of Artificial Intelligence seems to be still unanswered: What does it take to create a mind? Let us explore the boundaries of AI: sentience, self awareness, and the possibility of machine consciousness.\r\n","title":"Synthetic Sentience","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"After many attempts to build AI models that are smarter than human beings, we find ourselves confronted with a family of surprisingly successful systems that match many of our abilities through text prediction and text/image correlation. The limits of these approaches are presently unclear, and while they work in very different ways than our minds, they pose the question whether consciousness, embodiment and motivation are necessary for achieving general intelligence. What are the differences between human (and animal) minds and the current generation of AI models? When we compare perspectives on mind and consciousness that have been developed in neuroscience, philosophy of mind, theoretical and therapeutic psychology, and numerous cultural traditions, and translate them into the metaphysics and conceptual frameworks of artificial intelligence, we may gain insights into this question.\n\n\nDespite the rapid progress of AI capabilities, the core question of Artificial Intelligence seems to be still unanswered: What does it take to create a mind? Let us explore the boundaries of AI: sentience, self awareness, and the possibility of machine consciousness.","end_timestamp":{"seconds":1703783700,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53281],"conference_id":131,"event_ids":[53646],"name":"Joscha","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52284}],"timeband_id":1141,"links":[],"end":"2023-12-28T17:15:00.000-0000","id":53646,"begin_timestamp":{"seconds":1703780100,"nanoseconds":0},"village_id":null,"tag_ids":[46123,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52284}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-28T16:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"During the presentation we'll look at DNA damage, explain the different types of radiation, their effects on the body and what measures you can take to protect yourself from different sources. Afterwards we'll build DIY Geiger Counters.\r\n\r\nThe workshop will take 90 minutes, 60 minutes theory at CDC and 30 minutes of soldering at the Hardware Hacking Area. (we will go together)","title":"How Radiation Affects Us All and How you can Mesure it - DIY Geiger Counter","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703782800,"nanoseconds":0},"android_description":"During the presentation we'll look at DNA damage, explain the different types of radiation, their effects on the body and what measures you can take to protect yourself from different sources. Afterwards we'll build DIY Geiger Counters.\r\n\r\nThe workshop will take 90 minutes, 60 minutes theory at CDC and 30 minutes of soldering at the Hardware Hacking Area. (we will go together)","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T17:00:00.000-0000","id":53935,"begin_timestamp":{"seconds":1703779200,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"spans_timebands":"N","begin":"2023-12-28T16:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Mogreens:\r\nJoining Beh on the decks at the Chaos Communication Congress is Mogreens, another veteran DJ with a deep affinity for the CCC scene. Mogreens, though rooted in electronic music, extends his sonic spectrum to the realms of jazz, showcasing a unique blend of influences that keeps audiences on their toes.\r\n\r\nIn addition to his musical prowess, Mogreens brings a quirky and endearing love for manatees into the mix, adding a delightful charm to his persona. As a long-time participant in the CCC community, Mogreens' sets are a testament to the evolving nature of electronic music, seamlessly integrating jazz elements and showcasing his passion for diverse sounds.\r\n\r\nTogether, Beh and Mogreens are set to enchant the audience at the Chillfloor of Chaos Communication Congress, delivering a back-to-back vinyl experience that bridges the past and present of electronic music, all while paying homage to their enduring connection to the CCC community. Get ready for a journey through the beats, where the old meets the new in a harmonious dance of sound and technology.\r\n\r\nBeh:\r\nDJ Beh, a seasoned artist deeply rooted in the Chaos Communication Congress (CCC) scene, brings a wealth of experience and an eclectic taste to the turntables. A long-time member of the c-base community, Beh has been a significant contributor to the electronic music landscape, particularly within the CCC circles. While his primary focus lies in electronic genres, he's known to sprinkle his sets with the resonant beats of dubstep, showcasing his diverse musical palette.\r\n\r\nBeh's connection to the CCC community spans ages, making him a respected figure among techno enthusiasts. His penchant for experimentation is reflected not only in his music but also in his involvement with the vibrant c-base, where technology and creativity converge. Beyond the decks, Beh harbors a soft spot for sloth, adding a touch of whimsy to his serious dedication to the craft.\n\n\nhttps://soundcloud.com/beh2342/teemukke-mix-for-chaos-infusion-hip-2022\r\nhttps://hearthis.at/mogreens/","title":"Mo Greens & Beh","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703790000,"nanoseconds":0},"android_description":"Mogreens:\r\nJoining Beh on the decks at the Chaos Communication Congress is Mogreens, another veteran DJ with a deep affinity for the CCC scene. Mogreens, though rooted in electronic music, extends his sonic spectrum to the realms of jazz, showcasing a unique blend of influences that keeps audiences on their toes.\r\n\r\nIn addition to his musical prowess, Mogreens brings a quirky and endearing love for manatees into the mix, adding a delightful charm to his persona. As a long-time participant in the CCC community, Mogreens' sets are a testament to the evolving nature of electronic music, seamlessly integrating jazz elements and showcasing his passion for diverse sounds.\r\n\r\nTogether, Beh and Mogreens are set to enchant the audience at the Chillfloor of Chaos Communication Congress, delivering a back-to-back vinyl experience that bridges the past and present of electronic music, all while paying homage to their enduring connection to the CCC community. Get ready for a journey through the beats, where the old meets the new in a harmonious dance of sound and technology.\r\n\r\nBeh:\r\nDJ Beh, a seasoned artist deeply rooted in the Chaos Communication Congress (CCC) scene, brings a wealth of experience and an eclectic taste to the turntables. A long-time member of the c-base community, Beh has been a significant contributor to the electronic music landscape, particularly within the CCC circles. While his primary focus lies in electronic genres, he's known to sprinkle his sets with the resonant beats of dubstep, showcasing his diverse musical palette.\r\n\r\nBeh's connection to the CCC community spans ages, making him a respected figure among techno enthusiasts. His penchant for experimentation is reflected not only in his music but also in his involvement with the vibrant c-base, where technology and creativity converge. Beyond the decks, Beh harbors a soft spot for sloth, adding a touch of whimsy to his serious dedication to the craft.\n\n\nhttps://soundcloud.com/beh2342/teemukke-mix-for-chaos-infusion-hip-2022\r\nhttps://hearthis.at/mogreens/","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T19:00:00.000-0000","id":53924,"tag_ids":[46137,46141],"village_id":null,"begin_timestamp":{"seconds":1703779200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T16:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: Eileen Leistner\r\n\r\nAls Gesellschaft für Freiheitsrechte setzen wir uns für starke Grundrechte ein. Doch wie sähen wir als Lego - Figur aus? Baue uns deshalb eine Freiheitskämpferin oder einen Freiheitskämpfer, der sich für Freiheit und Gerechtigkeit einsetzt. Alle Lego - Kunstwerke können später bei uns am Stand noch bewundert werden.\n\n\nWir haben eine kleine Lego - Challenge für alle Kinder oder andere Interessierte.","title":"Lego - Challenge: Baue eine Freiheitskämpferin oder einen Freiheitskämpfer","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703782800,"nanoseconds":0},"android_description":"Host: Eileen Leistner\r\n\r\nAls Gesellschaft für Freiheitsrechte setzen wir uns für starke Grundrechte ein. Doch wie sähen wir als Lego - Figur aus? Baue uns deshalb eine Freiheitskämpferin oder einen Freiheitskämpfer, der sich für Freiheit und Gerechtigkeit einsetzt. Alle Lego - Kunstwerke können später bei uns am Stand noch bewundert werden.\n\n\nWir haben eine kleine Lego - Challenge für alle Kinder oder andere Interessierte.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T17:00:00.000-0000","id":53688,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703779200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T16:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We're here to meet our community! Whether you have been funded by Prototype Fund, have questions about how to apply or want to talk about FOSS funding in general, come say hi.\r\n\r\nThis session is intended as an informal meetup for past and future projects of the Prototype Fund and everyone who wants to discuss various aspects of Free and Open Source Software funding. \r\n\r\nIf you consider applying or don't know how to get funding for your software project, come and ask us any questions you may have! This is also a great opportunity to meet people we have funded in the past and learn from their experience.\r\nWe also love to talk about anything around the topic of funding. How do we build a strong funding ecosystem? Which funding models have shown that they work? What is currently missing? \r\nOf course we're also happy to answer any questions you have about Prototype Fund in general.\r\n\r\nAbout us: The Prototype Fund is a funding program of the Federal Ministry of Education and Research (BMBF) that is managed and evaluated by the Open Knowledge Foundation Germany.\r\nIndividuals and small teams (of freelance coders, hackers, UX designers and more) can receive funding in order to test their ideas and develop open source applications in the areas of Civic Tech, Data Literacy, IT Security and Software Infrastructure. We aim to keep innovation processes as well as infrastructures open and accessible.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Prototype Fund & Friends Meetup","end_timestamp":{"seconds":1703782800,"nanoseconds":0},"android_description":"We're here to meet our community! Whether you have been funded by Prototype Fund, have questions about how to apply or want to talk about FOSS funding in general, come say hi.\r\n\r\nThis session is intended as an informal meetup for past and future projects of the Prototype Fund and everyone who wants to discuss various aspects of Free and Open Source Software funding. \r\n\r\nIf you consider applying or don't know how to get funding for your software project, come and ask us any questions you may have! This is also a great opportunity to meet people we have funded in the past and learn from their experience.\r\nWe also love to talk about anything around the topic of funding. How do we build a strong funding ecosystem? Which funding models have shown that they work? What is currently missing? \r\nOf course we're also happy to answer any questions you have about Prototype Fund in general.\r\n\r\nAbout us: The Prototype Fund is a funding program of the Federal Ministry of Education and Research (BMBF) that is managed and evaluated by the Open Knowledge Foundation Germany.\r\nIndividuals and small teams (of freelance coders, hackers, UX designers and more) can receive funding in order to test their ideas and develop open source applications in the areas of Civic Tech, Data Literacy, IT Security and Software Infrastructure. We aim to keep innovation processes as well as infrastructures open and accessible.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T17:00:00.000-0000","id":53670,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703779200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","begin":"2023-12-28T16:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This special edition of the Berlin Bitcoin Socratic Seminar summarizes notable technical and academic developments in Bitcoin during all of 2023.\r\n\r\nThe Bitcoin Socratic Seminar is a regular monthly event that usually takes place at c-base in Berlin.\r\n\r\nThe technical level of this seminar is usually quite high. However, we would like to invite everyone to join and participate in our discussion. We are not interested in: price, speculation, markets, and politics.\n\n\n","title":"Socratic Seminar: Bitcoin 2023 Year-in-Review","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"This special edition of the Berlin Bitcoin Socratic Seminar summarizes notable technical and academic developments in Bitcoin during all of 2023.\r\n\r\nThe Bitcoin Socratic Seminar is a regular monthly event that usually takes place at c-base in Berlin.\r\n\r\nThe technical level of this seminar is usually quite high. However, we would like to invite everyone to join and participate in our discussion. We are not interested in: price, speculation, markets, and politics.","end_timestamp":{"seconds":1703786400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T18:00:00.000-0000","id":53621,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703779200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T16:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Just one sign switched and all of physics changes: Objects can now roll uphill and are stretched towards infinity when rotated. Planets are no longer spherical but hyperbolic and stars have a dark cone where none of their light shines into. In this talk, we will explore the weird physics in a spacetime with signature (-,-,+,+) as presented by Greg Egan in the novel „Dichronauts“.\r\n\r\nFor everybody. No prior knowledge required. (Knowing metrics is helpful, but they will be explained.)\r\n\r\n🧮🦆\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Greg Egan's „Dichronauts“: A universe with two timelike dimensions","end_timestamp":{"seconds":1703782800,"nanoseconds":0},"android_description":"Just one sign switched and all of physics changes: Objects can now roll uphill and are stretched towards infinity when rotated. Planets are no longer spherical but hyperbolic and stars have a dark cone where none of their light shines into. In this talk, we will explore the weird physics in a spacetime with signature (-,-,+,+) as presented by Greg Egan in the novel „Dichronauts“.\r\n\r\nFor everybody. No prior knowledge required. (Knowing metrics is helpful, but they will be explained.)\r\n\r\n🧮🦆","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T17:00:00.000-0000","id":53457,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703779200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"begin":"2023-12-28T16:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In diesem Kurzvortrag zeigen wir euch, warum ihr eine Gewerkschaft wie die FAU (Freie Arbeiter*innen Union) braucht. Mit kreativen Methoden, horizontalen statt hierarchischen Strukturen und der Devise: Wir sind mehr als nur Gewerkschaft! Wir können die Dauerkrise die sich Kapitalismus nennt überwinden!\n\n\nEin Einführungsvortrag in die FAU (Freie Arbeiter*innen Union)","title":"Arbeitgeber*innen hassen diesen Trick","type":{"conference_id":131,"conference":"37C3","color":"#6fdce3","updated_at":"2024-06-07T03:40+0000","name":"Talk 30 min + 10 min Q&A","id":46131},"android_description":"In diesem Kurzvortrag zeigen wir euch, warum ihr eine Gewerkschaft wie die FAU (Freie Arbeiter*innen Union) braucht. Mit kreativen Methoden, horizontalen statt hierarchischen Strukturen und der Devise: Wir sind mehr als nur Gewerkschaft! Wir können die Dauerkrise die sich Kapitalismus nennt überwinden!\n\n\nEin Einführungsvortrag in die FAU (Freie Arbeiter*innen Union)","end_timestamp":{"seconds":1703778600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53380],"conference_id":131,"event_ids":[53727],"name":"FAU","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52296}],"timeband_id":1141,"links":[],"end":"2023-12-28T15:50:00.000-0000","id":53727,"begin_timestamp":{"seconds":1703777400,"nanoseconds":0},"village_id":null,"tag_ids":[46131,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52296}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T15:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Der [Vortrag ist Teil der FireShonks](https://pretalx.c3voc.de/fireshonks23/talk/QCFZHX/ ). Wir werden diesen aber auch bei uns am Assembly im Halle H (bei Komona) streamen und weiterführende Fragen dort beantworten. Um 18 Uhr folgt dann ein [Einführungsworkshop ins Organizing](https://events.ccc.de/congress/2023/hub/de/event/workshop-organizing-fur-einsteigerinnen/) vor Ort.\n\n\nIn diesem Kurzvortrag zeigen wir euch, warum ihr eine Gewerkschaft wie die FAU (Freie Arbeiter*innen Union) braucht. Mit kreativen Methoden, horizontalen statt hierarchischen Strukturen und der Devise: Wir sind mehr als nur Gewerkschaft! Wir können die Dauerkrise die sich Kapitalismus nennt überwinden!","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"\"Arbeitgeber*innen hassen diesen Trick\" - Was ist die FAU?","end_timestamp":{"seconds":1703781000,"nanoseconds":0},"android_description":"Der [Vortrag ist Teil der FireShonks](https://pretalx.c3voc.de/fireshonks23/talk/QCFZHX/ ). Wir werden diesen aber auch bei uns am Assembly im Halle H (bei Komona) streamen und weiterführende Fragen dort beantworten. Um 18 Uhr folgt dann ein [Einführungsworkshop ins Organizing](https://events.ccc.de/congress/2023/hub/de/event/workshop-organizing-fur-einsteigerinnen/) vor Ort.\n\n\nIn diesem Kurzvortrag zeigen wir euch, warum ihr eine Gewerkschaft wie die FAU (Freie Arbeiter*innen Union) braucht. Mit kreativen Methoden, horizontalen statt hierarchischen Strukturen und der Devise: Wir sind mehr als nur Gewerkschaft! Wir können die Dauerkrise die sich Kapitalismus nennt überwinden!","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T16:30:00.000-0000","id":53716,"begin_timestamp":{"seconds":1703777400,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Freie Arbeiter*innen Union (FAU)","hotel":"","short_name":"Freie Arbeiter*innen Union (FAU)","id":46146},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T15:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Alle am netzpolitischen Geschehen in der Schweiz Interessierten treffen sich zu einem lockeren Austausch. Es werden Personen aus den verschiedenen Organisationen anwesend sein.\n\n\n","title":"Netzpolitik in der Schweiz Treffen","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703781000,"nanoseconds":0},"android_description":"Alle am netzpolitischen Geschehen in der Schweiz Interessierten treffen sich zu einem lockeren Austausch. Es werden Personen aus den verschiedenen Organisationen anwesend sein.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T16:30:00.000-0000","id":53681,"begin_timestamp":{"seconds":1703777400,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"begin":"2023-12-28T15:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"DE:\r\nIhr seid eine kleine Gruppe, die eine gemütliche Ecke braucht? Kommt vorbei. Oder einen Tisch, an dem ihr etwas bauen, basteln, werkeln könnt? Wir haben Tische. Ihr wollt ein paar Spiele spielen? Macht auch gerne das.\r\n\r\nIn dieser unmoderierten Session könnt ihr den Workshopraum gemeinsam nutzen und vielleicht auch gucken, was die anderen gerade so interessantes machen. Gesellt euch dazu, so lange Platz ist und die Anwesenden den Raum gemeinsam nutzen können, ohne sich dabei zu stören.\r\n\r\nEN:\r\nYou are a small group that needs a cozy corner? Come on over. Or a table where you can build something, tinker, craft? We have tables. You want to play some games? Feel free to do that too.\r\n\r\nIn this unmoderated session, you can share the workshop room and maybe see what others are doing that's interesting.Join this open session as long as there is room and those present can share the space without interfering with each other.\n\n\nDE: Während dieser Session ist der Workshopraum für alle offen, die sich hier treffen möchten. Er soll ein Raum für produktiven Austausch sein.\r\n\r\nEN: During this session, the workshop room is open to anyone who would like to meet here. Our room is meant to be a space for productive exchange.","type":{"conference_id":131,"conference":"37C3","color":"#7f73c6","updated_at":"2024-06-07T03:40+0000","name":"Workshop","id":46133},"title":"Offene Workshop-Sessions Tag 2 | Open workshop sessions day 2","end_timestamp":{"seconds":1703782200,"nanoseconds":0},"android_description":"DE:\r\nIhr seid eine kleine Gruppe, die eine gemütliche Ecke braucht? Kommt vorbei. Oder einen Tisch, an dem ihr etwas bauen, basteln, werkeln könnt? Wir haben Tische. Ihr wollt ein paar Spiele spielen? Macht auch gerne das.\r\n\r\nIn dieser unmoderierten Session könnt ihr den Workshopraum gemeinsam nutzen und vielleicht auch gucken, was die anderen gerade so interessantes machen. Gesellt euch dazu, so lange Platz ist und die Anwesenden den Raum gemeinsam nutzen können, ohne sich dabei zu stören.\r\n\r\nEN:\r\nYou are a small group that needs a cozy corner? Come on over. Or a table where you can build something, tinker, craft? We have tables. You want to play some games? Feel free to do that too.\r\n\r\nIn this unmoderated session, you can share the workshop room and maybe see what others are doing that's interesting.Join this open session as long as there is room and those present can share the space without interfering with each other.\n\n\nDE: Während dieser Session ist der Workshopraum für alle offen, die sich hier treffen möchten. Er soll ein Raum für produktiven Austausch sein.\r\n\r\nEN: During this session, the workshop room is open to anyone who would like to meet here. Our room is meant to be a space for productive exchange.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T16:50:00.000-0000","id":53520,"tag_ids":[46133,46139],"village_id":null,"begin_timestamp":{"seconds":1703776800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T15:20:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"**Location: Freier Platz vor Saal F**\n\n\nIn Augsburg und Ravensburg gibt es seit 2019 Nerdgruppen, die nicht nur starke Meinungen zu Programmiersprachendesign haben :-), sondern auch mit zivilem Ungehorsam versuchen, einen Beitrag für Klimagerechtigkeit zu leisten. Im Laufe der Zeit haben wir verschiedene Techniken erlernt und weiterentwickelt, die größtenteils auf beliebige andere Städte übertragbar sind. In der Session möchten wir etwas über unsere Erfolge und Misserfolge sprechen und einen Raum für Diskussion um Klimaaktivismus schaffen.\r\n\r\n🧮","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Klimagerechtigkeitsaktivismus: ein Blick hinter die Kulissen. Wie eine Gruppe Nerds einen Wald rettete und nur um Haaresbreite vier Wochen Gefängnis entkam","android_description":"**Location: Freier Platz vor Saal F**\n\n\nIn Augsburg und Ravensburg gibt es seit 2019 Nerdgruppen, die nicht nur starke Meinungen zu Programmiersprachendesign haben :-), sondern auch mit zivilem Ungehorsam versuchen, einen Beitrag für Klimagerechtigkeit zu leisten. Im Laufe der Zeit haben wir verschiedene Techniken erlernt und weiterentwickelt, die größtenteils auf beliebige andere Städte übertragbar sind. In der Session möchten wir etwas über unsere Erfolge und Misserfolge sprechen und einen Raum für Diskussion um Klimaaktivismus schaffen.\r\n\r\n🧮","end_timestamp":{"seconds":1703780100,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T16:15:00.000-0000","id":53700,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703776500,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T15:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"wer schon immer mal rausfinden wollte, wie das mit diesen runden Plastescheiben und dieser endlosen Musikschleife geht, die sogenannte schallplattenalleinunterhalter*innen zusammenbasteln, ist hier genau richtig. Turntables, DJ Mixer und co werden kurz erklärt und \"the art of djing\" beispielhaft getestet. Die Minimalexkursion \"Djing\" wird begleitet von resom, DJ und Musikfetischistin.\n\n\nwer schon immer mal rausfinden wollte, wie das mit diesen runden Plastescheiben und dieser endlosen Musikschleife geht, die sogenannte schallplattenalleinunterhalter*innen zusammenbasteln, ist hier genau richtig. Turntables, DJ Mixer und co werden kurz erklärt und \"the art of djing\" beispielhaft getestet. Die Minimalexkursion \"Djing\" wird begleitet von resom, DJ und Musikfetischistin.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"dj workshop vinyl","end_timestamp":{"seconds":1703782800,"nanoseconds":0},"android_description":"wer schon immer mal rausfinden wollte, wie das mit diesen runden Plastescheiben und dieser endlosen Musikschleife geht, die sogenannte schallplattenalleinunterhalter*innen zusammenbasteln, ist hier genau richtig. Turntables, DJ Mixer und co werden kurz erklärt und \"the art of djing\" beispielhaft getestet. Die Minimalexkursion \"Djing\" wird begleitet von resom, DJ und Musikfetischistin.\n\n\nwer schon immer mal rausfinden wollte, wie das mit diesen runden Plastescheiben und dieser endlosen Musikschleife geht, die sogenannte schallplattenalleinunterhalter*innen zusammenbasteln, ist hier genau richtig. Turntables, DJ Mixer und co werden kurz erklärt und \"the art of djing\" beispielhaft getestet. Die Minimalexkursion \"Djing\" wird begleitet von resom, DJ und Musikfetischistin.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T17:00:00.000-0000","id":53919,"begin_timestamp":{"seconds":1703775600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: chaosjoe\n\n\nInteresse an 'nem lockeren CiviCRM-Austausch? Hier geht's um den Open Source Gedanken, Technik, Tipps und Tricks des Open Source CRM Systems. Offen für alle die gerne mit Technikkram gemeinnützig handelnde Organisationen oder Vereine unterstützen oder den Gedanken dahinter gut finden.\r\n\r\n https://civicrm.org\r\n https://lab.civicrm.org/groups/dev/-/issues\r\n https://github.com/civicrm/civicrm-core\r\n\r\nKontakt: https://chaos.social/@chaosjoe","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"CiviCRM als open source CRM (Erfahrungsaustausch)","end_timestamp":{"seconds":1703778900,"nanoseconds":0},"android_description":"Host: chaosjoe\n\n\nInteresse an 'nem lockeren CiviCRM-Austausch? Hier geht's um den Open Source Gedanken, Technik, Tipps und Tricks des Open Source CRM Systems. Offen für alle die gerne mit Technikkram gemeinnützig handelnde Organisationen oder Vereine unterstützen oder den Gedanken dahinter gut finden.\r\n\r\n https://civicrm.org\r\n https://lab.civicrm.org/groups/dev/-/issues\r\n https://github.com/civicrm/civicrm-core\r\n\r\nKontakt: https://chaos.social/@chaosjoe","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T15:55:00.000-0000","id":53916,"tag_ids":[46137,46141],"village_id":null,"begin_timestamp":{"seconds":1703775600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","begin":"2023-12-28T15:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"AI service provider: Azure OpenAI\r\n\r\nDevelopment criteria:\r\n\r\nMaximum open source\r\nSelf hosted\r\nUse of OpenAI plugin technology\r\nFulfillment of enterprise requirement\r\nCompliance with German legal framework conditions\n\n\n","title":"Workshop: Self-hosted, Open Source Chatbots mit der Technologie von OpenAI: Erfahrungsbericht(e)","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"AI service provider: Azure OpenAI\r\n\r\nDevelopment criteria:\r\n\r\nMaximum open source\r\nSelf hosted\r\nUse of OpenAI plugin technology\r\nFulfillment of enterprise requirement\r\nCompliance with German legal framework conditions","end_timestamp":{"seconds":1703781000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T16:30:00.000-0000","id":53868,"begin_timestamp":{"seconds":1703775600,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Make circuits for light, sound or motion. From the age of around 4 years upwards accompanied by adults, this is possible with the simple electronic kit based on snap buttons (manufactureres recommendation is 8 years). Even younger kits enjoy arranging coloured shapes. This is a parent-kid-offer. Please oversee your kids or build with them.\n\n\n","title":"Elektrobaukasten - Tag 2","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703782800,"nanoseconds":0},"android_description":"Make circuits for light, sound or motion. From the age of around 4 years upwards accompanied by adults, this is possible with the simple electronic kit based on snap buttons (manufactureres recommendation is 8 years). Even younger kits enjoy arranging coloured shapes. This is a parent-kid-offer. Please oversee your kids or build with them.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T17:00:00.000-0000","id":53710,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703775600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Kidspace - Saal B","hotel":"","short_name":"Kidspace - Saal B","id":46158},"spans_timebands":"N","begin":"2023-12-28T15:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"For non-techies, it is a challenge to find and configure personal electronic devices that respect their privacy. At the moment, the majority of people are living under permanent surveillance. This is a terrible situation, not only for individuals, but also for organizations that work with sensitive data. And, after all, for all of us because surveillance capitalism threatens democratic societies.\r\n\r\nIn a better world, there would be a low-threshold offer of reasonable priced off-the-shelf devices that protect the users' privacy!\r\n\r\nIf you also want to make the world a better place, come and share your knowledge. Let's have a tea and discuss how a to-be-founded NGO could make privacy aware devices available for anyone.\n\n\nIn this sos, we discuss if and how an NGO could provide privacy aware non-techies and organizations with appropriate devices.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"privacy aware digital devices for non-techies","end_timestamp":{"seconds":1703778600,"nanoseconds":0},"android_description":"For non-techies, it is a challenge to find and configure personal electronic devices that respect their privacy. At the moment, the majority of people are living under permanent surveillance. This is a terrible situation, not only for individuals, but also for organizations that work with sensitive data. And, after all, for all of us because surveillance capitalism threatens democratic societies.\r\n\r\nIn a better world, there would be a low-threshold offer of reasonable priced off-the-shelf devices that protect the users' privacy!\r\n\r\nIf you also want to make the world a better place, come and share your knowledge. Let's have a tea and discuss how a to-be-founded NGO could make privacy aware devices available for anyone.\n\n\nIn this sos, we discuss if and how an NGO could provide privacy aware non-techies and organizations with appropriate devices.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T15:50:00.000-0000","id":53697,"begin_timestamp":{"seconds":1703775600,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"House","hotel":"","short_name":"House","id":46137},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Arch Linux is a community-driven Linux distribution for the \"do-it-yourself\" user. \r\n\r\nA couple of Arch Linux maintainers and contributors will give you a status update of what has been happening since the last congress. We'll also allocate time for a Q&A session.\r\n\r\nhttps://archlinux.org/\r\n\r\nLocation: TBA\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Arch Linux user meetup","end_timestamp":{"seconds":1703779200,"nanoseconds":0},"android_description":"Arch Linux is a community-driven Linux distribution for the \"do-it-yourself\" user. \r\n\r\nA couple of Arch Linux maintainers and contributors will give you a status update of what has been happening since the last congress. We'll also allocate time for a Q&A session.\r\n\r\nhttps://archlinux.org/\r\n\r\nLocation: TBA","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T16:00:00.000-0000","id":53676,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703775600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"N","begin":"2023-12-28T15:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"A short sneak peek course to the International language Esperanto.\r\n\r\nWe are people who for many years have been speaking Esperanto in our every day life. Its the language of our global circle of friends. As there are quite some parallelisms between the worldwide Esperanto community and the worldwide hacker scene, usually there are some Esperanto speakers attending the big Chaos events.\r\n\r\nOf course we cannot give a comprehensive course about Esperanto, but a few insights to the language and its community first hand.\n\n\n","title":"Esperanto Schnupperkurs / Esperanto Lightning course","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703779200,"nanoseconds":0},"android_description":"A short sneak peek course to the International language Esperanto.\r\n\r\nWe are people who for many years have been speaking Esperanto in our every day life. Its the language of our global circle of friends. As there are quite some parallelisms between the worldwide Esperanto community and the worldwide hacker scene, usually there are some Esperanto speakers attending the big Chaos events.\r\n\r\nOf course we cannot give a comprehensive course about Esperanto, but a few insights to the language and its community first hand.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T16:00:00.000-0000","id":53675,"begin_timestamp":{"seconds":1703775600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"„Be excellent to each other“ steht seit Jahrzehnten für das Selbstverständnis der Chaos-Community, was rücksichtsvolles Miteinander angeht.\r\n\r\nDennoch gibt es regelmäßig Fälle, in denen das Verhalten einzelner Personen ganz und gar nicht *excellent* ist. Dies kann sich beispielsweise in diskriminierendem oder belästigendem Verhalten äußern und umfasst auch schwerwiegende Konflikte, die die Sicherheit oder Freiheit Einzelner bedrohen können. Zum Umgang mit derartigen Situationen auf Camp und Congress gibt es Strukturen wie das Awareness-Team, die Schiedsstelle und weitere auf help.ccc.de genannte Anlaufstellen.\r\n\r\nIn diesem Vortrag möchten wir – Mitglieder der Schiedsstelle, des Awareness-Teams und des Vorstands – einen Blick hinter die Kulissen von Awareness-Team und Schiedsstelle bieten und Impulse zur Weiterentwicklung der Schiedsstelle sammeln.\r\nDas heißt zunächst: Wie arbeiten Awareness-Team und Schiedsstelle, wie hängen sie zusammen und mit welcher Art von Fällen beschäftigen sie sich in der Praxis?\r\nDabei werden wir auch Beispiele betrachten, bei deren Behandlung wir derzeit Schwierigkeiten oder Grenzen ebendieser Strukturen sehen.\r\nAufbauend darauf möchten wir in einer Q&A-Session und einem an den Vortrag anschließenden Workshop Feedback zum Umgang mit den genannten Beispielfällen und zu den Strukturen allgemein einholen.\r\n\r\nUnser Ziel ist, die Arbeit und Arbeitsweise von Schiedsstelle und Awareness-Team greifbar zu machen und unsere eigene Perspektive als Teil dieser Strukturen mit der Perspektive aus der Community abzugleichen.\r\nWir haben vor, mit den dabei gewonnenen Erkenntnissen die bestehenden Strukturen weiterzuentwickeln. Dazu gehört auch, Unklarheiten im Umgang der Community mit den Strukturen sowie Lücken im Umgang mit einzelnen Fällen zu identifizieren und zu reduzieren.\n\n\n„Be excellent to each other“ steht seit Jahrzehnten für das Selbstverständnis der Chaos-Community, was rücksichtsvolles Miteinander angeht.\r\nDennoch gibt es regelmäßig Fälle, in denen das Verhalten einzelner Personen ganz und gar nicht *excellent* ist.\r\nZiel dieses Vortrags ist, die zum Umgang mit solchen Fällen im CCC vorhandenen Strukturen greifbar zu machen und die verschiedenen Perspektiven auf ihre Arbeitsweise miteinander abzugleichen.\r\nEine Q&A-Session und ein Workshop im Anschluss an den Vortrag bieten Möglichkeiten für Feedback.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Weil „be excellent to each other” nicht reicht","end_timestamp":{"seconds":1703779200,"nanoseconds":0},"android_description":"„Be excellent to each other“ steht seit Jahrzehnten für das Selbstverständnis der Chaos-Community, was rücksichtsvolles Miteinander angeht.\r\n\r\nDennoch gibt es regelmäßig Fälle, in denen das Verhalten einzelner Personen ganz und gar nicht *excellent* ist. Dies kann sich beispielsweise in diskriminierendem oder belästigendem Verhalten äußern und umfasst auch schwerwiegende Konflikte, die die Sicherheit oder Freiheit Einzelner bedrohen können. Zum Umgang mit derartigen Situationen auf Camp und Congress gibt es Strukturen wie das Awareness-Team, die Schiedsstelle und weitere auf help.ccc.de genannte Anlaufstellen.\r\n\r\nIn diesem Vortrag möchten wir – Mitglieder der Schiedsstelle, des Awareness-Teams und des Vorstands – einen Blick hinter die Kulissen von Awareness-Team und Schiedsstelle bieten und Impulse zur Weiterentwicklung der Schiedsstelle sammeln.\r\nDas heißt zunächst: Wie arbeiten Awareness-Team und Schiedsstelle, wie hängen sie zusammen und mit welcher Art von Fällen beschäftigen sie sich in der Praxis?\r\nDabei werden wir auch Beispiele betrachten, bei deren Behandlung wir derzeit Schwierigkeiten oder Grenzen ebendieser Strukturen sehen.\r\nAufbauend darauf möchten wir in einer Q&A-Session und einem an den Vortrag anschließenden Workshop Feedback zum Umgang mit den genannten Beispielfällen und zu den Strukturen allgemein einholen.\r\n\r\nUnser Ziel ist, die Arbeit und Arbeitsweise von Schiedsstelle und Awareness-Team greifbar zu machen und unsere eigene Perspektive als Teil dieser Strukturen mit der Perspektive aus der Community abzugleichen.\r\nWir haben vor, mit den dabei gewonnenen Erkenntnissen die bestehenden Strukturen weiterzuentwickeln. Dazu gehört auch, Unklarheiten im Umgang der Community mit den Strukturen sowie Lücken im Umgang mit einzelnen Fällen zu identifizieren und zu reduzieren.\n\n\n„Be excellent to each other“ steht seit Jahrzehnten für das Selbstverständnis der Chaos-Community, was rücksichtsvolles Miteinander angeht.\r\nDennoch gibt es regelmäßig Fälle, in denen das Verhalten einzelner Personen ganz und gar nicht *excellent* ist.\r\nZiel dieses Vortrags ist, die zum Umgang mit solchen Fällen im CCC vorhandenen Strukturen greifbar zu machen und die verschiedenen Perspektiven auf ihre Arbeitsweise miteinander abzugleichen.\r\nEine Q&A-Session und ein Workshop im Anschluss an den Vortrag bieten Möglichkeiten für Feedback.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53292],"conference_id":131,"event_ids":[53657],"name":"derf","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52317},{"content_ids":[53292],"conference_id":131,"event_ids":[53657],"name":"Schiedsstelle / Awareness Team / Vorstand","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52421}],"timeband_id":1141,"end":"2023-12-28T16:00:00.000-0000","links":[{"label":"help.ccc.de","type":"link","url":"https://help.ccc.de"}],"id":53657,"village_id":null,"begin_timestamp":{"seconds":1703775600,"nanoseconds":0},"tag_ids":[46119,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52421},{"tag_id":46107,"sort_order":1,"person_id":52317}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","begin":"2023-12-28T15:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Seit gut sieben Jahren ist Ransomware ein florierendes und stetig wachsendes Geschäftsmodell für durchschnittlich und unterdurchschnittlich begabte Hacker. Wie man sich davor schützen kann, ist kein Geheimnis. Trotzdem tun es offenbar immer noch zu wenige. Weil das ärgerlich ist, erklären wir es noch einmal.\r\n\r\nÜber die Vorgehensweisen der Gangs ranken sich allerlei Mythen, die verhindern, dass Organisationen sich sinnvoll schützen. Wir berichten aus unserer Erfahrung mit unzähligen Fällen, welche Schutzmaßnahmen wirklich sinnvoll sind.\r\n\r\nDoch auch über die Verhandlungen mit den Gangstern gibt es allerlei falsche Vorstellungen, angeheizt von selbsternannten \"Cyber-Profilern\" und \"Lösungsgeld-Verhandlern\", die natürlich kein Interesse haben, ihre „Tricks\" zu verraten. Deswegen machen wir das: Wir ergründen die spieltheoretische Mechanik der Verhandlungssituation an mehreren echten Beispielen und schauen uns die Organisation der Ransomware-Gangs an.\r\n\r\nKai Biermann ist Investigativ-Journalist und hat unter anderem Mitglieder der Ransomware-Gang Conti aufgedeckt. Linus Neumann hat als IT-Security-Consultant viele Incidents gemanaget und dabei das zweifelhafte Vergnügen gehabt, mit unterschiedlichen Ransomware-Gangs zu verhandeln.\r\n\r\nDer Vortrag ist eine Weiterführung von „Hirne Hacken\" (36C3) und „Disclosure, Hack und Back\" (Chaos Communication Camp '23).\n\n\nDu musst mit ein paar Erpressern um mehrere Millionen verhandeln.\r\nDas kann sogar Spaß machen, wenn es nicht dein Geld ist.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"Hirne hacken: Hackback Edition","end_timestamp":{"seconds":1703779200,"nanoseconds":0},"android_description":"Seit gut sieben Jahren ist Ransomware ein florierendes und stetig wachsendes Geschäftsmodell für durchschnittlich und unterdurchschnittlich begabte Hacker. Wie man sich davor schützen kann, ist kein Geheimnis. Trotzdem tun es offenbar immer noch zu wenige. Weil das ärgerlich ist, erklären wir es noch einmal.\r\n\r\nÜber die Vorgehensweisen der Gangs ranken sich allerlei Mythen, die verhindern, dass Organisationen sich sinnvoll schützen. Wir berichten aus unserer Erfahrung mit unzähligen Fällen, welche Schutzmaßnahmen wirklich sinnvoll sind.\r\n\r\nDoch auch über die Verhandlungen mit den Gangstern gibt es allerlei falsche Vorstellungen, angeheizt von selbsternannten \"Cyber-Profilern\" und \"Lösungsgeld-Verhandlern\", die natürlich kein Interesse haben, ihre „Tricks\" zu verraten. Deswegen machen wir das: Wir ergründen die spieltheoretische Mechanik der Verhandlungssituation an mehreren echten Beispielen und schauen uns die Organisation der Ransomware-Gangs an.\r\n\r\nKai Biermann ist Investigativ-Journalist und hat unter anderem Mitglieder der Ransomware-Gang Conti aufgedeckt. Linus Neumann hat als IT-Security-Consultant viele Incidents gemanaget und dabei das zweifelhafte Vergnügen gehabt, mit unterschiedlichen Ransomware-Gangs zu verhandeln.\r\n\r\nDer Vortrag ist eine Weiterführung von „Hirne Hacken\" (36C3) und „Disclosure, Hack und Back\" (Chaos Communication Camp '23).\n\n\nDu musst mit ein paar Erpressern um mehrere Millionen verhandeln.\r\nDas kann sogar Spaß machen, wenn es nicht dein Geld ist.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53280,53284],"conference_id":131,"event_ids":[53645,53649],"name":"Linus Neumann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52487},{"content_ids":[53280],"conference_id":131,"event_ids":[53645],"name":"Kai Biermann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52517}],"timeband_id":1141,"links":[],"end":"2023-12-28T16:00:00.000-0000","id":53645,"begin_timestamp":{"seconds":1703775600,"nanoseconds":0},"village_id":null,"tag_ids":[46121,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52517},{"tag_id":46107,"sort_order":1,"person_id":52487}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"To get involved and learn more about what is happening please see the Links for this event. The second session will take place in another Hall and is not on the Fahrplan. See the Schedule link.\n\n\nLightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!","title":"Lightning Talks Day 2","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"To get involved and learn more about what is happening please see the Links for this event. The second session will take place in another Hall and is not on the Fahrplan. See the Schedule link.\n\n\nLightning Talks are short lectures (almost) any congress participant may give! Bring your infectious enthusiasm to an audience with a short attention span! Discuss a program, system or technique! Pitch your projects and ideas or try to rally a crew of people to your party or assembly! Whatever you bring, make it quick!","end_timestamp":{"seconds":1703782800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[{"content_ids":[53184],"conference_id":131,"event_ids":[53481],"name":"bigalex","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52337}],"timeband_id":1141,"end":"2023-12-28T17:00:00.000-0000","links":[{"label":"Infos, News and Lightning Talk Submission","type":"link","url":"https://c3lt.de"},{"label":"Mastodon","type":"link","url":"https://chaos.social/@C3_LightningTLK"}],"id":53481,"village_id":null,"tag_ids":[46119,46136,46140],"begin_timestamp":{"seconds":1703775600,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52337}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Join us for a hands-on Specter DIY workshop, where Cypherpunks craft their Bitcoin Hardware Wallets. Dive into the world of this DIY hardware wallet, exploring its QR code communication, security model, and design trade-offs. We'll navigate Bitcoin testnet transactions, harness the simulator, and delve into key security features like anti-phishing, PIN, and SC integrations. By the session's end, grasp the robustness of DIY wallets and the nuances of secure self-custody.","title":"Mastering Specter DIY Bitcoin Hardware wallet. (redoing the day1 workshop)","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703779200,"nanoseconds":0},"android_description":"Join us for a hands-on Specter DIY workshop, where Cypherpunks craft their Bitcoin Hardware Wallets. Dive into the world of this DIY hardware wallet, exploring its QR code communication, security model, and design trade-offs. We'll navigate Bitcoin testnet transactions, harness the simulator, and delve into key security features like anti-phishing, PIN, and SC integrations. By the session's end, grasp the robustness of DIY wallets and the nuances of secure self-custody.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T16:00:00.000-0000","id":53934,"begin_timestamp":{"seconds":1703773800,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T14:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Many trans people obtain their hormone therapy autonomously, for example to bypass long waiting times or to avoid pathologization and gatekeeping. We therefore want to meet and share our experiences with DIY HRT. At the beginning there will be a short introductory talk (approx. 10 minutes), after which we will exchange thoughts in small groups.\r\n\r\nall creatures welcome ( no matter if cis, trans or questioning)\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"DIY HRT Meetup 🏳️‍⚧️🏴‍☠️","android_description":"Many trans people obtain their hormone therapy autonomously, for example to bypass long waiting times or to avoid pathologization and gatekeeping. We therefore want to meet and share our experiences with DIY HRT. At the beginning there will be a short introductory talk (approx. 10 minutes), after which we will exchange thoughts in small groups.\r\n\r\nall creatures welcome ( no matter if cis, trans or questioning)","end_timestamp":{"seconds":1703777400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T15:30:00.000-0000","id":53680,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703773800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T14:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Dream meets needs. Vectorgraphics can be of use in many different ways - software for livesketching is hard to come by. Coding yourself helps - also with your own style. C with Cairo, Godot and Rust with Raqote are variants that are there to explore: https://gitlab.com/dronn\r\nFurthermore this Workshop will contain a livedrawing session, also with watercolour If you choose.\n\n\nTraum trifft Beduerfnis, Vektorgrafiken können vielseitig verwendet werden, Software zum live skizzieren ist rar. Selbstschreiben hilft - auch dem eigenen Stil. C mit Cairo, Godot und Rust mit Raqote sind Varianten die näher betrachtet werden können: https://gitlab.com/dronn\r\nDarüberraus eine live Zeichensession \"Drink and Draw\" wahlweise auch mit Aquarell.","title":"Art and Play: Livevektorskizzen","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703779200,"nanoseconds":0},"android_description":"Dream meets needs. Vectorgraphics can be of use in many different ways - software for livesketching is hard to come by. Coding yourself helps - also with your own style. C with Cairo, Godot and Rust with Raqote are variants that are there to explore: https://gitlab.com/dronn\r\nFurthermore this Workshop will contain a livedrawing session, also with watercolour If you choose.\n\n\nTraum trifft Beduerfnis, Vektorgrafiken können vielseitig verwendet werden, Software zum live skizzieren ist rar. Selbstschreiben hilft - auch dem eigenen Stil. C mit Cairo, Godot und Rust mit Raqote sind Varianten die näher betrachtet werden können: https://gitlab.com/dronn\r\nDarüberraus eine live Zeichensession \"Drink and Draw\" wahlweise auch mit Aquarell.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T16:00:00.000-0000","id":53936,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703772000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Art and Play Workshop table [H]","hotel":"","short_name":"Art and Play Workshop table [H]","id":46162},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T14:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"A collaborative dialogue to explore and confront the philosophical assumptions behind the idea of decentralization. \r\n\r\nWhat is decentralization even? How does it relate to centralization? Can one exist without the other or are we looking at a false dichotomy? What other logical dichotomies may have given birth to these ideas? Object and subject? Order and chaos? Truth and lies? Are we perhaps unavoidably caught up in binary logic and symbolic reasoning? Or can we look at the bigger picture from a more phenomenological perspective? What is it that we experience when engaging in certain institutions, systems and protocols? And, when we do that, how does everything that fades into the background still exerts its silent influence over each participant, willing or not?\r\n\r\nA non-exhaustive list of references:\r\nThe Tyranny of Structurelessness\r\nThe Tyranny of Tyranny \r\nExtitutional theory\r\nNon-binary logic\r\nPerformativity\r\nHyperstition\r\nDo-ocracy","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"On the limits of decentralization","end_timestamp":{"seconds":1703775600,"nanoseconds":0},"android_description":"A collaborative dialogue to explore and confront the philosophical assumptions behind the idea of decentralization. \r\n\r\nWhat is decentralization even? How does it relate to centralization? Can one exist without the other or are we looking at a false dichotomy? What other logical dichotomies may have given birth to these ideas? Object and subject? Order and chaos? Truth and lies? Are we perhaps unavoidably caught up in binary logic and symbolic reasoning? Or can we look at the bigger picture from a more phenomenological perspective? What is it that we experience when engaging in certain institutions, systems and protocols? And, when we do that, how does everything that fades into the background still exerts its silent influence over each participant, willing or not?\r\n\r\nA non-exhaustive list of references:\r\nThe Tyranny of Structurelessness\r\nThe Tyranny of Tyranny \r\nExtitutional theory\r\nNon-binary logic\r\nPerformativity\r\nHyperstition\r\nDo-ocracy","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T15:00:00.000-0000","id":53933,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703772000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T14:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In this session, I will demonstrate an approach used in InfraNodus, a text network analysis tool I developed, to reveal non-obvious latent topics, informational gateways, and structural gaps in any text. I will then use how we can feed this insight to LLMs to generate new ideas and help them think outside of the box, bringing a little bit more creativity into their standard logic of trying to find the most likely scenario.\r\n\r\nTake your computers with you, so you can try this out on your own ideas or texts!\r\n\r\nI hope that during this session, we can also think together about how a similar approach could be used in your own practices: studying any text-based data but maybe also something completely outside of the text-related realm. \r\n\r\nSo if you're curious about networks and AI, I will be happy to meet you and have this discussion after the demo.\r\n\r\nThe location is to be confirmed after we get the map of the site, otherwise, you can contact me on Telegram via @noduslabs\r\n\r\nFor more info about the tool: [https://infranodus.com](https://infranodus.com)\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"InfraNodus: Reveal Non-Obvious and Find the Gaps with Networks and LLMs","end_timestamp":{"seconds":1703775600,"nanoseconds":0},"android_description":"In this session, I will demonstrate an approach used in InfraNodus, a text network analysis tool I developed, to reveal non-obvious latent topics, informational gateways, and structural gaps in any text. I will then use how we can feed this insight to LLMs to generate new ideas and help them think outside of the box, bringing a little bit more creativity into their standard logic of trying to find the most likely scenario.\r\n\r\nTake your computers with you, so you can try this out on your own ideas or texts!\r\n\r\nI hope that during this session, we can also think together about how a similar approach could be used in your own practices: studying any text-based data but maybe also something completely outside of the text-related realm. \r\n\r\nSo if you're curious about networks and AI, I will be happy to meet you and have this discussion after the demo.\r\n\r\nThe location is to be confirmed after we get the map of the site, otherwise, you can contact me on Telegram via @noduslabs\r\n\r\nFor more info about the tool: [https://infranodus.com](https://infranodus.com)","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T15:00:00.000-0000","id":53674,"begin_timestamp":{"seconds":1703772000,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T14:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In the well-known card game Anno Domini, the aim is to put historical events in chronological order, being temporarily unaware of the specific year. If there is any doubt about the correctness of the sequence, the years are checked and either the person who has doubts or the last person to place a card is punished. \r\nWe, the @all-collective, have designed a internet-political Anno Domini with this game principle, in which we have collected important internet-political data, but also important data on digitization into an Anno Domini game. The game is still in the estimated version 0.8 - so it still needs feedback, possible improvements and your expertise. It is quite entertaining and fun to play. That's what we want to do with you. So far we only have the cards in German.\n\n\n","title":"Netzpolitisches Anno Domini spielen","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"In the well-known card game Anno Domini, the aim is to put historical events in chronological order, being temporarily unaware of the specific year. If there is any doubt about the correctness of the sequence, the years are checked and either the person who has doubts or the last person to place a card is punished. \r\nWe, the @all-collective, have designed a internet-political Anno Domini with this game principle, in which we have collected important internet-political data, but also important data on digitization into an Anno Domini game. The game is still in the estimated version 0.8 - so it still needs feedback, possible improvements and your expertise. It is quite entertaining and fun to play. That's what we want to do with you. So far we only have the cards in German.","end_timestamp":{"seconds":1703775600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T15:00:00.000-0000","id":53658,"begin_timestamp":{"seconds":1703772000,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T14:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This talk will be in german\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Bildungsarbeit der epicenter.academy mit OER und Workshops","android_description":"This talk will be in german","end_timestamp":{"seconds":1703775600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T15:00:00.000-0000","id":53546,"begin_timestamp":{"seconds":1703772000,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","begin":"2023-12-28T14:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This is an open for all discussion about digital offerings in German schools.\n\n\nWir hören euch zum Thema “Bildung richtig digital” zu","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"cyber4EDU (Zu-)Hörstunde - Fokus Oberschule","android_description":"This is an open for all discussion about digital offerings in German schools.\n\n\nWir hören euch zum Thema “Bildung richtig digital” zu","end_timestamp":{"seconds":1703774700,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T14:45:00.000-0000","id":53931,"begin_timestamp":{"seconds":1703771100,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"cyber4EDU Assembly","hotel":"","short_name":"cyber4EDU Assembly","id":46159},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T13:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"**We meet _in front_ of Saal F (not in Saal F).**\r\n\r\nLove is infinite. The joy of children is infinite. These notions come to mind when we think of infinity. Mathematics, however, reveals further, initially hidden perspectives.\r\n\r\nIt turns out that the well-known number line from school is not the final word of wisdom: after 1, 2, and 3, after a million and a trillion, after the number of grains of sand – after all these numbers, infinitely large numbers follow. Astonishingly, we humans, despite our limited minds, can explore this infinite hierarchy of large numbers and gain reliable information about them.\r\n\r\nIn this talk we will learn how to visualize and compute with these infinitely large numbers. (This part of the talk will be similar to an earlier version of this talk given at 35c3.)\r\n\r\nThen we will go on a tour of varied applications of those infinitely large numbers: There are problems which, provably so, can only be solved by appealing to the infinite.\r\n\r\nSurprisingly, one of these applications is in algorithm design.\r\n\r\nIn order to enjoy the talk, absolutely no mathematical prerequisites are needed: The talk is even accessible to school children of age ten and above (if they understand English). And still it is mathematically rigorous – we'll learn how to think about and compute with infinities in a precise fashion. After the talk you'll be able to effortlessly converse on infinitely large numbers with your mates.\r\n\r\nThere will also be a [companion talk on very large but still finite numbers](https://events.ccc.de/congress/2023/hub/en/event/wondrous-mathematics-large-numbers-very-large-numb/). This talk is not a prerequisite for the other, and vice versa.\r\n\r\n🧮\n\n\nFun with numbers larger than infinity.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Wondrous mathematics: The fantastical story how the wondrous world of infinity tamed the finite","android_description":"**We meet _in front_ of Saal F (not in Saal F).**\r\n\r\nLove is infinite. The joy of children is infinite. These notions come to mind when we think of infinity. Mathematics, however, reveals further, initially hidden perspectives.\r\n\r\nIt turns out that the well-known number line from school is not the final word of wisdom: after 1, 2, and 3, after a million and a trillion, after the number of grains of sand – after all these numbers, infinitely large numbers follow. Astonishingly, we humans, despite our limited minds, can explore this infinite hierarchy of large numbers and gain reliable information about them.\r\n\r\nIn this talk we will learn how to visualize and compute with these infinitely large numbers. (This part of the talk will be similar to an earlier version of this talk given at 35c3.)\r\n\r\nThen we will go on a tour of varied applications of those infinitely large numbers: There are problems which, provably so, can only be solved by appealing to the infinite.\r\n\r\nSurprisingly, one of these applications is in algorithm design.\r\n\r\nIn order to enjoy the talk, absolutely no mathematical prerequisites are needed: The talk is even accessible to school children of age ten and above (if they understand English). And still it is mathematically rigorous – we'll learn how to think about and compute with infinities in a precise fashion. After the talk you'll be able to effortlessly converse on infinitely large numbers with your mates.\r\n\r\nThere will also be a [companion talk on very large but still finite numbers](https://events.ccc.de/congress/2023/hub/en/event/wondrous-mathematics-large-numbers-very-large-numb/). This talk is not a prerequisite for the other, and vice versa.\r\n\r\n🧮\n\n\nFun with numbers larger than infinity.","end_timestamp":{"seconds":1703774700,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T14:45:00.000-0000","id":53699,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703771100,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"begin":"2023-12-28T13:45:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In 2021, Google published the methodology and source code for AlphaFold and within days, scientists adapted the code to allow virtually everyone to predict their own protein structures without prior knowledge.\n\n\nNow, two years after its public release, AlphaFold has established itself as an essential tool in structural biology. Yet, with time, we've also gained a deeper insight into its limitations.\n\n\nIn this talk, I would like to delve into AlphaFold and similar machine learning techniques and explore their impact on science and structural biology. To truly appreciate their significance, we will first need to understand the role of protein structures and how they shape our daily lives. Additionally, we’ll have to examine how protein structures were traditionally solved prior to the advent of AlphaFold. We’ll then touch upon the concepts of protein evolution to better understand the biological basis behind this breakthrough, before we’ll look at the intricacies of the neural network itself and discuss the training data necessary to achieve its remarkable capabilities. Drawing from my experience as a practicing structural biologist, I will illustrate these points with real-life examples, showcasing instances where AlphaFold has succeeded and where it has encountered challenges. Lastly, we will peer into the future and speculate on the potential trajectory of this scientific journey and its potential to transform science and our approaches towards it.\n\n\n\n\n\nIn 2020, the scientific community was shaken when the results of a special contest for protein prediction, known as the Critical Assessment of Protein Structure Prediction (CASP), were revealed. A relatively new competitor emerged as the champion, surpassing all other teams that had been participating in the game for decades. This new competitor was Google and their predictor was a neuronal network called \"AlphaFold\". Their new approach caused significant waves in the field of structural biology, even capturing the attention of the mainstream media. Several news channels featured reports on AlphaFold, with one German magazine, \"Der Spiegel,\" declaring that \"The year 2020 will be known [...] as the year when machines began to outstrip us in research.\"\n\n\nJoin me as we explore the background behind this transformative development and assess the magnitude of machine learning's impact on science, with a particular focus on structural biology.\n\n\n","title":"AlphaFold – how machine learning changed structural biology forever (or not?)","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"In 2021, Google published the methodology and source code for AlphaFold and within days, scientists adapted the code to allow virtually everyone to predict their own protein structures without prior knowledge.\n\n\nNow, two years after its public release, AlphaFold has established itself as an essential tool in structural biology. Yet, with time, we've also gained a deeper insight into its limitations.\n\n\nIn this talk, I would like to delve into AlphaFold and similar machine learning techniques and explore their impact on science and structural biology. To truly appreciate their significance, we will first need to understand the role of protein structures and how they shape our daily lives. Additionally, we’ll have to examine how protein structures were traditionally solved prior to the advent of AlphaFold. We’ll then touch upon the concepts of protein evolution to better understand the biological basis behind this breakthrough, before we’ll look at the intricacies of the neural network itself and discuss the training data necessary to achieve its remarkable capabilities. Drawing from my experience as a practicing structural biologist, I will illustrate these points with real-life examples, showcasing instances where AlphaFold has succeeded and where it has encountered challenges. Lastly, we will peer into the future and speculate on the potential trajectory of this scientific journey and its potential to transform science and our approaches towards it.\n\n\n\n\n\nIn 2020, the scientific community was shaken when the results of a special contest for protein prediction, known as the Critical Assessment of Protein Structure Prediction (CASP), were revealed. A relatively new competitor emerged as the champion, surpassing all other teams that had been participating in the game for decades. This new competitor was Google and their predictor was a neuronal network called \"AlphaFold\". Their new approach caused significant waves in the field of structural biology, even capturing the attention of the mainstream media. Several news channels featured reports on AlphaFold, with one German magazine, \"Der Spiegel,\" declaring that \"The year 2020 will be known [...] as the year when machines began to outstrip us in research.\"\n\n\nJoin me as we explore the background behind this transformative development and assess the magnitude of machine learning's impact on science, with a particular focus on structural biology.","end_timestamp":{"seconds":1703774700,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53291],"conference_id":131,"event_ids":[53656],"name":"Jan Gebauer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52441}],"timeband_id":1141,"links":[{"label":"Homepage of Jan Gebauer","type":"link","url":"https://gebauer.koeln"}],"end":"2023-12-28T14:45:00.000-0000","id":53656,"tag_ids":[46123,46136,46140],"village_id":null,"begin_timestamp":{"seconds":1703771100,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52441}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","begin":"2023-12-28T13:45:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Der Vortrag behandelt vier Schwerpunkte:\r\n1.: In welchen Bundesländern und zu welchem Zweck wird die Palantir-Software Gotham eingesetzt oder soll in Zukunft eingesetzt werden? \r\n2.: Wie funktioniert die Software und welche Risiken bringt ihr Einsatz mit sich?\r\n3.: Welche rechtlichen Einschränkungen gelten und wie könnten sie technisch umgesetzt werden? \r\n4.: Hessen hat sein Gesetz aufgrund der Entscheidung des Bundesverfassungsgerichts angepasst. Stellt die Neuregelung für die Gotham-Software unter dem Namen „Hessendata“ wirklich eine Verbesserung dar?\r\n\r\nÜber mit dem Einsatz der Software verbundene Risiken – darunter Diskriminierung, Stigmatisierung, Datenschutz, IT-Sicherheit, Kontrollierbarkeit – sprechen Constanze Kurz (CCC), Simone Ruf und Jürgen Bering (beide Gesellschaft für Freiheitsrechte, GFF). Beide Organisationen waren am Verfahren vor dem BVerfG beteiligt: Die GFF hatte das Verfahren initiiert und der CCC wirkte als Sachverständiger mit.\n\n\nDer Markt von Palantir ist der öffentliche Sektor, längst in Europa und auch in Deutschland. Der umstrittene US-Softwareanbieter verarbeitet strukturierte und unstrukturierte Informationen aus Polizeidaten oder Patientendaten und versucht, sich unverzichtbar zu machen für die Behörden, mit denen er Verträge hat. In Deutschland steht Palantir allerdings eine Entscheidung des Bundesverfassungsgerichts im Weg, das erstmals über den Einsatz von heute gern als KI gehypter Software für Polizeidaten entschieden hat.","title":"Der sehende Stein der Polizeibehörden ","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"android_description":"Der Vortrag behandelt vier Schwerpunkte:\r\n1.: In welchen Bundesländern und zu welchem Zweck wird die Palantir-Software Gotham eingesetzt oder soll in Zukunft eingesetzt werden? \r\n2.: Wie funktioniert die Software und welche Risiken bringt ihr Einsatz mit sich?\r\n3.: Welche rechtlichen Einschränkungen gelten und wie könnten sie technisch umgesetzt werden? \r\n4.: Hessen hat sein Gesetz aufgrund der Entscheidung des Bundesverfassungsgerichts angepasst. Stellt die Neuregelung für die Gotham-Software unter dem Namen „Hessendata“ wirklich eine Verbesserung dar?\r\n\r\nÜber mit dem Einsatz der Software verbundene Risiken – darunter Diskriminierung, Stigmatisierung, Datenschutz, IT-Sicherheit, Kontrollierbarkeit – sprechen Constanze Kurz (CCC), Simone Ruf und Jürgen Bering (beide Gesellschaft für Freiheitsrechte, GFF). Beide Organisationen waren am Verfahren vor dem BVerfG beteiligt: Die GFF hatte das Verfahren initiiert und der CCC wirkte als Sachverständiger mit.\n\n\nDer Markt von Palantir ist der öffentliche Sektor, längst in Europa und auch in Deutschland. Der umstrittene US-Softwareanbieter verarbeitet strukturierte und unstrukturierte Informationen aus Polizeidaten oder Patientendaten und versucht, sich unverzichtbar zu machen für die Behörden, mit denen er Verträge hat. In Deutschland steht Palantir allerdings eine Entscheidung des Bundesverfassungsgerichts im Weg, das erstmals über den Einsatz von heute gern als KI gehypter Software für Polizeidaten entschieden hat.","end_timestamp":{"seconds":1703774700,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53279],"conference_id":131,"event_ids":[53644],"name":"Constanze Kurz","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52358},{"content_ids":[53279],"conference_id":131,"event_ids":[53644],"name":"Simone Ruf","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52425},{"content_ids":[53279],"conference_id":131,"event_ids":[53644],"name":"Jürgen Bering","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52462}],"timeband_id":1141,"links":[],"end":"2023-12-28T14:45:00.000-0000","id":53644,"begin_timestamp":{"seconds":1703771100,"nanoseconds":0},"tag_ids":[46121,46136,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52358},{"tag_id":46107,"sort_order":1,"person_id":52462},{"tag_id":46107,"sort_order":1,"person_id":52425}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T13:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This presentation will start with an introduction to the hardware of the Nintendo DSi and the history of earlier hacking attempts. This is followed by an explanation on how to extract, analyze, and exploit the boot ROMs of the console, leading to a complete defeat of the security of the system.\r\n\r\nThis presentation will not shy away from technical explanations involving software exploitation, fault injection, cryptography, and hardware design. We will however try to make it understandable and enjoyable to less technically-inclined audiences.\n\n\nOver the years, many talks about console jailbreaks have been presented at CCC. However, one console has been left overlooked: the Nintendo DSi. It didn't see any serious hacks in its active lifetime, the ones that eventually appeared aren't completely satisfactory, and several components (such as its boot ROMs) were left untouched. In this presentation, we rectify the situation, explain how to extract the boot ROMs, and demonstrate new jailbreaks that can take over the console at an even deeper level. As a bonus, this work makes it possible to revive consoles with worn-out eMMC NAND chips.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"Nintendo hacking 2023: 2008","end_timestamp":{"seconds":1703774700,"nanoseconds":0},"android_description":"This presentation will start with an introduction to the hardware of the Nintendo DSi and the history of earlier hacking attempts. This is followed by an explanation on how to extract, analyze, and exploit the boot ROMs of the console, leading to a complete defeat of the security of the system.\r\n\r\nThis presentation will not shy away from technical explanations involving software exploitation, fault injection, cryptography, and hardware design. We will however try to make it understandable and enjoyable to less technically-inclined audiences.\n\n\nOver the years, many talks about console jailbreaks have been presented at CCC. However, one console has been left overlooked: the Nintendo DSi. It didn't see any serious hacks in its active lifetime, the ones that eventually appeared aren't completely satisfactory, and several components (such as its boot ROMs) were left untouched. In this presentation, we rectify the situation, explain how to extract the boot ROMs, and demonstrate new jailbreaks that can take over the console at an even deeper level. As a bonus, this work makes it possible to revive consoles with worn-out eMMC NAND chips.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[{"label":"Modchip firmware, exploit payload, DIY guide","type":"link","url":"https://github.com/dsi-modchip"},{"label":"Glitching setup (PoroCYon)","type":"link","url":"https://gitlab.ulyssis.org/pcy/dsi-hacking-stuff"},{"label":"Glitching setup (stuckpixel & Normmatt)","type":"link","url":"https://github.com/pixel-stuck/dsi_glitching"},{"label":"slides","type":"link","url":"https://dsi-modchip.github.io/37c3/"}],"end":"2023-12-28T14:45:00.000-0000","id":53513,"tag_ids":[46124,46136,46140],"village_id":null,"begin_timestamp":{"seconds":1703771100,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T13:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Mate (she/her) ist Psychotherapeutin (in Ausbildung), hat selbst schon lange Therapieerfahrung und möchte Menschen gerne einen Raum geben um mehr über Therapie und psychosoziale Beratung erfahren zu können. Es soll gerne einen gemeinsamen Emo-Austausch geben.\n\n\nImmer mehr Menschen möchten Psychotherapie machen, aber wissen vor lauter inneren (#Stigmatisierung) und äußeren (#langeWartezeit) Hürden nicht wohin der Weg. In diesen Workshop wird ein Überblick gegeben, was es so für verschieden Therapiearten gibt und wie mensch die ersten Schritte gen mögliche Therapie machen kann. Außerdem gibts einen Austausch zu Self Care-Alternativen in beschissenen Zeiten wie diesen, als auch eine ausgiebige Emo-Runde. We can also speak in English or do whisper translation.","title":"How to therapy","type":{"conference_id":131,"conference":"37C3","color":"#7f73c6","updated_at":"2024-06-07T03:40+0000","name":"Workshop","id":46133},"android_description":"Mate (she/her) ist Psychotherapeutin (in Ausbildung), hat selbst schon lange Therapieerfahrung und möchte Menschen gerne einen Raum geben um mehr über Therapie und psychosoziale Beratung erfahren zu können. Es soll gerne einen gemeinsamen Emo-Austausch geben.\n\n\nImmer mehr Menschen möchten Psychotherapie machen, aber wissen vor lauter inneren (#Stigmatisierung) und äußeren (#langeWartezeit) Hürden nicht wohin der Weg. In diesen Workshop wird ein Überblick gegeben, was es so für verschieden Therapiearten gibt und wie mensch die ersten Schritte gen mögliche Therapie machen kann. Außerdem gibts einen Austausch zu Self Care-Alternativen in beschissenen Zeiten wie diesen, als auch eine ausgiebige Emo-Runde. We can also speak in English or do whisper translation.","end_timestamp":{"seconds":1703776200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53363],"conference_id":131,"event_ids":[53715],"name":"Mate","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52251}],"timeband_id":1141,"links":[],"end":"2023-12-28T15:10:00.000-0000","id":53715,"begin_timestamp":{"seconds":1703770800,"nanoseconds":0},"village_id":null,"tag_ids":[46133,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52251}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T13:40:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Not every type of Bitcoin wallet stores the seed in the same way, there are big differences in terms of security. The difference between hot wallets and hardware wallets is probably well known. This presentation provides a deeper insight into these and other differences.\n\n\n","title":"Bitcoin Wallet Seed Security","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"Not every type of Bitcoin wallet stores the seed in the same way, there are big differences in terms of security. The difference between hot wallets and hardware wallets is probably well known. This presentation provides a deeper insight into these and other differences.","end_timestamp":{"seconds":1703772000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T14:00:00.000-0000","id":53913,"begin_timestamp":{"seconds":1703770200,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","begin":"2023-12-28T13:30:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Sie sind überall. Sie sehen aus wie Du und Ich. Keine Wagenburg und kein Umsonstladen hat keinen Verlust an die Schwurbulonen zu beklagen. Selbst altwürdige Antifa-Organisationen sind gekippt oder schweben in Gefahr in die Hände dieser stochastischen Gemeinschaft zu fallen. \r\n\r\nWas tun gegen Rechts-Abdriften der Linken, bröckelnde Brandmauer der Mitte und Radikalisierung der Rechten? Erklärungen gibt es viele, aber wirksame Mittel scheinen nicht in Sicht. \r\nWir rufen dich Galaktika!\r\njaaaaaaaaaaaa was gibts? IGITT. Was ihr Menschen euch immer ausdenkt\r\n\r\nDie Antiverschwurbelte Aktion ist ein bundesweites Aktionsnetzwerk gegen Querdenken. Mit viel Humor und Empathie nehmen wir den kleinen Volksaufstand auf die Schippe.\r\nIn Köln legen wir vor dem Publikum Rechenschaft über unsere Tätigkeiten ab und geben Tipps und Ermutigung im Umgang mit .... ja womit haben wir es da überhaupt zu tun ????\r\n\r\nunsere leistungen umfassen:\r\n⏩ intro (schnappi)\r\n⏩ moderation (bronto)\r\n⏩ best of echsen-gegenprotest 2023 (trejo)\r\n⏩ best of kevin gabbe (echsorbitant) \r\n⏩ alu-jesus teil II (alujesus)\r\n⏩ musik: ode an die überläufer*innen (t-flechs) \r\n⏩ techno gegen elmo (kröte)\r\n⏩ entschuldigung bei den ungeimpften für unsere unachtsamkeit (techstremist*in)\r\n⏩ querfront von \"links\" (schnappi)\r\n⏩ kleinparteien gegen afd (veloceraptor)\r\n⏩ musik gegen resignation (wendlandechse)\r\n⏩ die politischen grenzen von meditation (wendlandechse)\r\n✅ Q&A mit bartagame und euren fragen💄 \r\n\r\nUnsere Talks beim CCC die letzten Jahre:\r\n\r\n2020 \r\n\r\nhttps://media.ccc.de/v/rc3-11498-schwurbeldemos_der_neuen_rechten_und_gegenprotest\r\n\r\n2021\r\n\r\nhttps://kolektiva.media/w/okL7ACMAVt52hHn2Q1nMf7\r\n\r\n2022\r\n\r\nhttps://media.ccc.de/v/jev22-7282-antiverschwurbeltes_axiom\r\n\r\nnicht verpassen und sagts allen weiter :)\n\n\nVerschwörungs-Gläubige, Antifa-Echsen-Comedy & Naziporn","title":"Die Schwurbulaner vom Planeten Schwurbolus","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#f6ae74","name":"Talk 90 Minuten +15m Q&A","id":46132},"end_timestamp":{"seconds":1703776500,"nanoseconds":0},"android_description":"Sie sind überall. Sie sehen aus wie Du und Ich. Keine Wagenburg und kein Umsonstladen hat keinen Verlust an die Schwurbulonen zu beklagen. Selbst altwürdige Antifa-Organisationen sind gekippt oder schweben in Gefahr in die Hände dieser stochastischen Gemeinschaft zu fallen. \r\n\r\nWas tun gegen Rechts-Abdriften der Linken, bröckelnde Brandmauer der Mitte und Radikalisierung der Rechten? Erklärungen gibt es viele, aber wirksame Mittel scheinen nicht in Sicht. \r\nWir rufen dich Galaktika!\r\njaaaaaaaaaaaa was gibts? IGITT. Was ihr Menschen euch immer ausdenkt\r\n\r\nDie Antiverschwurbelte Aktion ist ein bundesweites Aktionsnetzwerk gegen Querdenken. Mit viel Humor und Empathie nehmen wir den kleinen Volksaufstand auf die Schippe.\r\nIn Köln legen wir vor dem Publikum Rechenschaft über unsere Tätigkeiten ab und geben Tipps und Ermutigung im Umgang mit .... ja womit haben wir es da überhaupt zu tun ????\r\n\r\nunsere leistungen umfassen:\r\n⏩ intro (schnappi)\r\n⏩ moderation (bronto)\r\n⏩ best of echsen-gegenprotest 2023 (trejo)\r\n⏩ best of kevin gabbe (echsorbitant) \r\n⏩ alu-jesus teil II (alujesus)\r\n⏩ musik: ode an die überläufer*innen (t-flechs) \r\n⏩ techno gegen elmo (kröte)\r\n⏩ entschuldigung bei den ungeimpften für unsere unachtsamkeit (techstremist*in)\r\n⏩ querfront von \"links\" (schnappi)\r\n⏩ kleinparteien gegen afd (veloceraptor)\r\n⏩ musik gegen resignation (wendlandechse)\r\n⏩ die politischen grenzen von meditation (wendlandechse)\r\n✅ Q&A mit bartagame und euren fragen💄 \r\n\r\nUnsere Talks beim CCC die letzten Jahre:\r\n\r\n2020 \r\n\r\nhttps://media.ccc.de/v/rc3-11498-schwurbeldemos_der_neuen_rechten_und_gegenprotest\r\n\r\n2021\r\n\r\nhttps://kolektiva.media/w/okL7ACMAVt52hHn2Q1nMf7\r\n\r\n2022\r\n\r\nhttps://media.ccc.de/v/jev22-7282-antiverschwurbeltes_axiom\r\n\r\nnicht verpassen und sagts allen weiter :)\n\n\nVerschwörungs-Gläubige, Antifa-Echsen-Comedy & Naziporn","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53379],"conference_id":131,"event_ids":[53554],"name":"schnappi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52316}],"timeband_id":1141,"links":[],"end":"2023-12-28T15:15:00.000-0000","id":53554,"tag_ids":[46132,46139],"village_id":null,"begin_timestamp":{"seconds":1703770200,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52316}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"spans_timebands":"N","begin":"2023-12-28T13:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Tagging game in the mime hous -- an interactive acting-focused hide and seek game from improvisational theatre.\r\n\r\nIt starts with a small general warmup and a few easy exercises to mime on the stage.\r\n\r\nThen we play the following game together: At first we stablish a house with surroundungs quite detailed. Then one person leaves the room, the others hide in this mime house. Then the person comes in again and has to find and catch the hidden persons.\r\n\r\nThe interesting thing is, that the searching person in real life does see all the other persons sitting, lying, crouching, ... on the stage, but in game obviously not. They have to be catched in-game!, and can also run away, re-hide, ...\r\n\r\nSeveral rounds are probably possible.\r\n\r\n*🧮* \r\n*offered by: [@dreieck](https://events.ccc.de/congress/2023/hub/user/dreieck/)*\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Fangenspiel im Pantomimehaus -- ein interaktives handlungslastiges Versteck- und Suchspiel aus dem Improvisationstheater. [en:] Tagging game in the mime house.","android_description":"Tagging game in the mime hous -- an interactive acting-focused hide and seek game from improvisational theatre.\r\n\r\nIt starts with a small general warmup and a few easy exercises to mime on the stage.\r\n\r\nThen we play the following game together: At first we stablish a house with surroundungs quite detailed. Then one person leaves the room, the others hide in this mime house. Then the person comes in again and has to find and catch the hidden persons.\r\n\r\nThe interesting thing is, that the searching person in real life does see all the other persons sitting, lying, crouching, ... on the stage, but in game obviously not. They have to be catched in-game!, and can also run away, re-hide, ...\r\n\r\nSeveral rounds are probably possible.\r\n\r\n*🧮* \r\n*offered by: [@dreieck](https://events.ccc.de/congress/2023/hub/user/dreieck/)*","end_timestamp":{"seconds":1703772900,"nanoseconds":0},"updated_timestamp":{"seconds":1703863500,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T14:15:00.000-0000","id":53930,"begin_timestamp":{"seconds":1703768400,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Foyer Level 2 (In front of the elevators left of Stage Y)","hotel":"","short_name":"Foyer Level 2 (In front of the elevators left of Stage Y)","id":46156},"updated":"2023-12-29T15:25:00.000-0000","begin":"2023-12-28T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"check out F.Lutze <3\n\n\n","title":"F.Lutze","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703779200,"nanoseconds":0},"android_description":"check out F.Lutze <3","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T16:00:00.000-0000","id":53923,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703768400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"N","begin":"2023-12-28T13:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This workshop is about interactive and algorithmic light and sound design, depending on the code and the movements and positions of the people in the room. The input data is a LiDAR laser 2D tracking system and self-built motion suites. As output we use the show technology of the lounge, i.e. moving heads and other lamps and the music system. The input data is provided via OSC, the output data is sent via ArtNet to the lighting console and analog to the sound console. We mainly work with Touchdesigner, but any other programming environment that can speak OSC and ArtNet or generate sounds is welcome. At the beginning there will be a short introduction to the technology so that you can then work independently on projects. The workshop takes place daily. The tracking system works with the \"Pharus\" software from the Ars Electronica Future Lab and the motion suites were created as part of a fellowship at the Academy for Theater and Digitality. \r\n\r\nProject link: https://www.artesmobiles.art/_mergingentities\r\n\r\nInterface readme for the workshop: https://events.ccc.de/congress/2023/hub/en/project/hackin-the-disco/\n\n\nThis workshop is about interactive and algorithmic light and sound design, depending on the code and the movements and positions of the people in the room.","title":"Hackin the Disco Day 2","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703775600,"nanoseconds":0},"android_description":"This workshop is about interactive and algorithmic light and sound design, depending on the code and the movements and positions of the people in the room. The input data is a LiDAR laser 2D tracking system and self-built motion suites. As output we use the show technology of the lounge, i.e. moving heads and other lamps and the music system. The input data is provided via OSC, the output data is sent via ArtNet to the lighting console and analog to the sound console. We mainly work with Touchdesigner, but any other programming environment that can speak OSC and ArtNet or generate sounds is welcome. At the beginning there will be a short introduction to the technology so that you can then work independently on projects. The workshop takes place daily. The tracking system works with the \"Pharus\" software from the Ars Electronica Future Lab and the motion suites were created as part of a fellowship at the Academy for Theater and Digitality. \r\n\r\nProject link: https://www.artesmobiles.art/_mergingentities\r\n\r\nInterface readme for the workshop: https://events.ccc.de/congress/2023/hub/en/project/hackin-the-disco/\n\n\nThis workshop is about interactive and algorithmic light and sound design, depending on the code and the movements and positions of the people in the room.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T15:00:00.000-0000","id":53918,"begin_timestamp":{"seconds":1703768400,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Du möchtest in einer Welt kreativ werden, gemeinsam etwas bauen und die Möglichkeiten der Erweiterung von Minetest durch Mods ausprobieren? Dann bist du hier genau richtig. Komm einfach mit eigenem Gerät vorbei, wir helfen bei der Installation.\n\n\nHier kann man lernen, wie man Mintest spielt.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Minetest - Tag 2","android_description":"Du möchtest in einer Welt kreativ werden, gemeinsam etwas bauen und die Möglichkeiten der Erweiterung von Minetest durch Mods ausprobieren? Dann bist du hier genau richtig. Komm einfach mit eigenem Gerät vorbei, wir helfen bei der Installation.\n\n\nHier kann man lernen, wie man Mintest spielt.","end_timestamp":{"seconds":1703772000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T14:00:00.000-0000","id":53867,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703768400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal B - Hackcenter","hotel":"","short_name":"Saal B - Hackcenter","id":46157},"spans_timebands":"N","begin":"2023-12-28T13:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://www.namecoin.org/\n\n\nSee us demo the new atomic name trading functionality in Namecoin, and give us your feedback on how we can improve it.","title":"Namecoin Atomic Name Trading Workshop","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"https://www.namecoin.org/\n\n\nSee us demo the new atomic name trading functionality in Namecoin, and give us your feedback on how we can improve it.","end_timestamp":{"seconds":1703772000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T14:00:00.000-0000","id":53853,"village_id":null,"begin_timestamp":{"seconds":1703768400,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"spans_timebands":"N","begin":"2023-12-28T13:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We are climate justice activists and are looking for hackers.\r\nWe want to brainstorm how to creatively repurpose public displays such as traffic lights, parking systems and adverts as political action.\r\nThe \"workshop\" should be a kind of networking meeting, so that this form of action becomes more common.\r\n\r\n🧮\n\n\n","title":"Klimagerechtigkeit erhacken","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703770200,"nanoseconds":0},"android_description":"We are climate justice activists and are looking for hackers.\r\nWe want to brainstorm how to creatively repurpose public displays such as traffic lights, parking systems and adverts as political action.\r\nThe \"workshop\" should be a kind of networking meeting, so that this form of action becomes more common.\r\n\r\n🧮","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T13:30:00.000-0000","id":53850,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703768400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"spans_timebands":"N","begin":"2023-12-28T13:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Replicant is an Android distribution that is certified by the FSF that supports some Smartphones and Tablets.\r\n\r\n\r\nHistorically Replicant has united different struggles / concerns within the same project:\r\n\r\n\r\n It enabled to use hardware way longer, limiting damage on planet and workers.\r\n\r\n Compatible hardware could be found second hand in various ways (shops, free, etc). This made it accessible by a wide variety of people.\r\n\r\n Many of the supported hardware were made and sold in big numbers so they have a wide ecosystem around them like replacement batteries, repair knowledge, second hand shops.\r\n\r\n While all the supported hardware contains nonfree software (bootloader, sometimes another operating system loaded on the same CPU alongside Android/Replicant, details will be explained in the talk), Replicant itself is fully free, which appeals to people caring about free software.\r\n\r\n It avoided backdoors and chose to support only specific phones to limit the privacy damage (this was done by isolating the modem, more will be explained in the talk).\r\n\r\nWhile Replicant always had to take difficult strategic decisions that affected the above, with effects on both the amount of work required to support devices and the amount of work required to move to new Android versions, things also changed a lot in the last years.\r\n\r\nModern off the shelf smartphones hardware made it impossible to address the same concerns than before: Replicant depends on hardware design features like modem isolation to provide some privacy guarantees (details will be in the talk). Supporting devices with batteries that cannot be replaced also lead to lot of complications for users (batteries that last less on second hand devices, limited lifespan, etc) that in turn put impossible constraints on contributors (supporting new devices as soon as they are released).\r\n\r\nOther issues like the disappearance of 3G networks, or the status of some Android related project also affect Replicant in big ways.\r\n\r\nOn another hand Replicant also ended up with way more resources than before: it has enough money (about 200 000$) to fund development work during few years and also managed to get funding from NLnet to work on specific tasks.\r\n\r\nAll that brings huge changes in the project and makes strategic decisions harder than before.\r\n\r\nThe talk will start with information on why having 100% free software Android distribution(s) is still relevant today when GNU/Linux smartphones are becoming a reality again. It will also explain all the background needed to understand the rest of the talk (how smartphones work, what is a modem, what is TrustZone, how Android is different from GNU/Linux from the hardware support and contributor perspective, etc).\r\n\r\nA lot of the focus of this presentation will be about the project strategic decisions: Given the difficult context Replicant operates in, what difficulties it faced, how it solved them. But also current and longer term issues we have. In this talk we are also looking for feedback on our new strategy and/or ideas to address some of the longer time concerns we have, some of which other projects also faced.\n\n\nReplicant is an Android distribution that is certified by the FSF that supports some Smartphones and Tablets. After explaining some extensive background about the project and its situation, the talk will focus on the project strategic decisions and will also try to involve the audience to get feedback on some of the project current and longer term issues that we didn't solve yet.","title":"Replicant struggle: past and present successes and failures","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"Replicant is an Android distribution that is certified by the FSF that supports some Smartphones and Tablets.\r\n\r\n\r\nHistorically Replicant has united different struggles / concerns within the same project:\r\n\r\n\r\n It enabled to use hardware way longer, limiting damage on planet and workers.\r\n\r\n Compatible hardware could be found second hand in various ways (shops, free, etc). This made it accessible by a wide variety of people.\r\n\r\n Many of the supported hardware were made and sold in big numbers so they have a wide ecosystem around them like replacement batteries, repair knowledge, second hand shops.\r\n\r\n While all the supported hardware contains nonfree software (bootloader, sometimes another operating system loaded on the same CPU alongside Android/Replicant, details will be explained in the talk), Replicant itself is fully free, which appeals to people caring about free software.\r\n\r\n It avoided backdoors and chose to support only specific phones to limit the privacy damage (this was done by isolating the modem, more will be explained in the talk).\r\n\r\nWhile Replicant always had to take difficult strategic decisions that affected the above, with effects on both the amount of work required to support devices and the amount of work required to move to new Android versions, things also changed a lot in the last years.\r\n\r\nModern off the shelf smartphones hardware made it impossible to address the same concerns than before: Replicant depends on hardware design features like modem isolation to provide some privacy guarantees (details will be in the talk). Supporting devices with batteries that cannot be replaced also lead to lot of complications for users (batteries that last less on second hand devices, limited lifespan, etc) that in turn put impossible constraints on contributors (supporting new devices as soon as they are released).\r\n\r\nOther issues like the disappearance of 3G networks, or the status of some Android related project also affect Replicant in big ways.\r\n\r\nOn another hand Replicant also ended up with way more resources than before: it has enough money (about 200 000$) to fund development work during few years and also managed to get funding from NLnet to work on specific tasks.\r\n\r\nAll that brings huge changes in the project and makes strategic decisions harder than before.\r\n\r\nThe talk will start with information on why having 100% free software Android distribution(s) is still relevant today when GNU/Linux smartphones are becoming a reality again. It will also explain all the background needed to understand the rest of the talk (how smartphones work, what is a modem, what is TrustZone, how Android is different from GNU/Linux from the hardware support and contributor perspective, etc).\r\n\r\nA lot of the focus of this presentation will be about the project strategic decisions: Given the difficult context Replicant operates in, what difficulties it faced, how it solved them. But also current and longer term issues we have. In this talk we are also looking for feedback on our new strategy and/or ideas to address some of the longer time concerns we have, some of which other projects also faced.\n\n\nReplicant is an Android distribution that is certified by the FSF that supports some Smartphones and Tablets. After explaining some extensive background about the project and its situation, the talk will focus on the project strategic decisions and will also try to involve the audience to get feedback on some of the project current and longer term issues that we didn't solve yet.","end_timestamp":{"seconds":1703772000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T14:00:00.000-0000","id":53717,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703768400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"begin":"2023-12-28T13:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"I would like to give a workshop in which stencils are made with a knife and paper, which are then used as screen printing stencils. The workshop is suitable for both older and younger participants.\r\nIn this workshop we will make paper stencils which we will then use to print on fabric. Bring a T-shirt, kitchen towel or similar.\n\n\n","title":"Siebdruck für die ganze Familie","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703775600,"nanoseconds":0},"android_description":"I would like to give a workshop in which stencils are made with a knife and paper, which are then used as screen printing stencils. The workshop is suitable for both older and younger participants.\r\nIn this workshop we will make paper stencils which we will then use to print on fabric. Bring a T-shirt, kitchen towel or similar.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T15:00:00.000-0000","id":53709,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703768400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Kidspace - Workshopraum in Saal B","hotel":"","short_name":"Kidspace - Workshopraum in Saal B","id":46143},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: Maximilian Voigt\r\n\r\nWelche Learnings gibt es bereits? Welches Wissen, welche Kompetenzen und welche Handlungsempfehlungen für Hardwareentwickler*innen gibt es bereits für die erfolgreiche Realisierung von Open Source Hardware Projekten? Was fehlt noch, wo gibt es immer wieder Probleme? Nach einer Vorstellung der Learnings aus der ersten Runde des Prototype Fund Hardware sammeln wir gemeinsam.\n\n\nOpen Hardware ist ein elementarer Bestandteil einer nachhaltigen, zirkulären Gesellschaft. Aber wie kommen wir dahin?","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Open Hardware in der zirkulären Praxis: Learnings und Best Practices","end_timestamp":{"seconds":1703772000,"nanoseconds":0},"android_description":"Host: Maximilian Voigt\r\n\r\nWelche Learnings gibt es bereits? Welches Wissen, welche Kompetenzen und welche Handlungsempfehlungen für Hardwareentwickler*innen gibt es bereits für die erfolgreiche Realisierung von Open Source Hardware Projekten? Was fehlt noch, wo gibt es immer wieder Probleme? Nach einer Vorstellung der Learnings aus der ersten Runde des Prototype Fund Hardware sammeln wir gemeinsam.\n\n\nOpen Hardware ist ein elementarer Bestandteil einer nachhaltigen, zirkulären Gesellschaft. Aber wie kommen wir dahin?","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T14:00:00.000-0000","id":53687,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703768400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"begin":"2023-12-28T13:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Ajuvo und Piko sprechen über besseres Arbeitsklima.\n\n\n","title":"Arbeitsklima in der IT","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Ajuvo und Piko sprechen über besseres Arbeitsklima.","end_timestamp":{"seconds":1703773800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T14:30:00.000-0000","id":53679,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703768400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"begin":"2023-12-28T13:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Ever wanted to learn how to read an Asian language but Chinese, Japanese or Thai seem way too intimidating? Did you know: the Korean language has had an alphabet for almost six hundred years now, known as 한글 or hangeul? In this self-organized session, we'll learn the Korean alphabet and go over a few basic words! ^^\r\nDisclaimer: I'm not a native speaker. 🧮","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Learning the Korean alphabet","android_description":"Ever wanted to learn how to read an Asian language but Chinese, Japanese or Thai seem way too intimidating? Did you know: the Korean language has had an alphabet for almost six hundred years now, known as 한글 or hangeul? In this self-organized session, we'll learn the Korean alphabet and go over a few basic words! ^^\r\nDisclaimer: I'm not a native speaker. 🧮","end_timestamp":{"seconds":1703770200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T13:30:00.000-0000","id":53514,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703768400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Quasiroom","hotel":"","short_name":"Quasiroom","id":46142},"spans_timebands":"N","begin":"2023-12-28T13:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"A meetup for people working on the CYCLOPS CTF/ARG at Congress.","title":"CYCLOPS Meetup","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"A meetup for people working on the CYCLOPS CTF/ARG at Congress.","end_timestamp":{"seconds":1703772000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T14:00:00.000-0000","id":53477,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703768400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"House","hotel":"","short_name":"House","id":46137},"begin":"2023-12-28T13:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Die sich beschleunigt entfaltende Klimakatastrophe stellt die vordringlichste kollektive Herausforderung der Menschheit dar. Sie ist riesig, unübersehbar, wirkt irgendwie langsam im Gegensatz zu akuten Krisen wie Krieg oder Pandemien. Sie lädt deshalb ein zur destruktiven Prokrastination. Paralysiert verharrt ein Großteil von uns in Ignoranz oder überwältigender Ohnmacht. Warum das denn? Das Wissen um die Notwendigkeit des Handelns und die zu treffenden Maßnahmen ist da. Was für die Umsetzung ins konsequente Handeln fehlt – das ist die These des Talks – sind überzeugende kollektive Narrative. Gesucht wird eine Erzählung der Endlichkeit, die zur Gestaltung einer transformierten nachhaltigen und egalitären Zukunft motiviert. Dass es dringend sinnstiftende, universalistische Erzählungen braucht, zeigen auch der Trend von Verschwörungsmythen, die wachsende Prepper-Szene, das Comeback religiöser Heilsversprechungen und Fantasien, den individuellen oder kollektiven Tod mittels Technologisierung (#mindupload, #Dadbot, #Transhumanismus, #SpaceX) ganz abzuschaffen.\r\n\r\nAktuelle zivilgesellschaftliche Bewegungen zur Verhinderung der Klimakatastrophe verbreiten mit ihren Aktivitäten unterschiedliche Erzählungen, die zum Teil medial gegeneinander ausgespielt werden. Der Talk gibt einen Rahmen, in dem die verbindenden Elemente sichtbar werden. Wir laden zwei Aktivist:innen unterschiedlicher Bewegungen (Letzte Generation und „Solarpunk\") ein, ihr Engagement im Kontext dieser erzählerischen Komponenten vorzustellen: Welches menschliche Selbstbild, welcher Technikbegriff, welcher Körperbegriff steckt darin und wie wird mit Endlichkeit, Verletzlichkeit und Transformation umgegangen? Wie wird bei Aktionen die eigene Körperlichkeit eingesetzt? Was ist die Rolle von Technologien, z.B. KI, in dieser Erzählung?\r\n\r\nDer Talk versteht sich als Teil der Weiterentwicklung von unterschiedlichen aktivistischen Ansätzen – divers wie die Ökosysteme selbst – und deren Verbindung zu einer gesellschaftlich wirkmächtigen Bewegung im Kampf gegen die Klimakrise.\n\n\nEs war einmal ein Planet voller Affen, die sich Geschichten über sich, das Universum, die Technik und den ganzen Rest erzählten. Sie erzählten sich vor allem Storys vom unendlichen Wachstum und von der technologischen Überwindung der Sterblichkeit. Spätestens im Jahr 2023 passten diese sehr mächtigen Erzählungen nicht mehr. Die Ökosysteme brachen zusammen, planetare Grenzen und Artensterben wurden unignorierbar und so standen nicht nur das Klima, sondern auch die alten Narrative an einen Kipppunkt…\r\n\r\nWelche Geschichte(n) von individueller und kollektiver Sterblichkeit müssen wir uns heute erzählen, um handlungsfähige Mehrheiten für eine nachhaltige, egalitäre und emanzipative digitale Zukunft zu mobilisieren?\r\n\r\nIm Talk zeigen wir den engen Zusammenhang von (Un-)Sterblichkeits-Erzählungen, menschlichem Selbstbild und Zukunftsvorstellungen – vor allem aber deren Wirkmacht auf unsre Handlungsfähigkeit.\r\n\r\nDazu laden wir zwei Gäste ein, uns ihre Narrative zu zeigen: ein\\*e Aktivisti der Letzten Generation und Daniel Domscheit-Berg, der über Solarpunk sprechen wird. Anschließend basteln wir es zusammen: zwischen „I want you to panic” und „DON’T PANIC!” – welche Narrative brauchen wir jetzt und hier, um uns zwischen Trauer um diese Welt und der Lust am (Über)leben zu organisieren?","title":"Hurra, diese Welt geht unter!?","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"android_description":"Die sich beschleunigt entfaltende Klimakatastrophe stellt die vordringlichste kollektive Herausforderung der Menschheit dar. Sie ist riesig, unübersehbar, wirkt irgendwie langsam im Gegensatz zu akuten Krisen wie Krieg oder Pandemien. Sie lädt deshalb ein zur destruktiven Prokrastination. Paralysiert verharrt ein Großteil von uns in Ignoranz oder überwältigender Ohnmacht. Warum das denn? Das Wissen um die Notwendigkeit des Handelns und die zu treffenden Maßnahmen ist da. Was für die Umsetzung ins konsequente Handeln fehlt – das ist die These des Talks – sind überzeugende kollektive Narrative. Gesucht wird eine Erzählung der Endlichkeit, die zur Gestaltung einer transformierten nachhaltigen und egalitären Zukunft motiviert. Dass es dringend sinnstiftende, universalistische Erzählungen braucht, zeigen auch der Trend von Verschwörungsmythen, die wachsende Prepper-Szene, das Comeback religiöser Heilsversprechungen und Fantasien, den individuellen oder kollektiven Tod mittels Technologisierung (#mindupload, #Dadbot, #Transhumanismus, #SpaceX) ganz abzuschaffen.\r\n\r\nAktuelle zivilgesellschaftliche Bewegungen zur Verhinderung der Klimakatastrophe verbreiten mit ihren Aktivitäten unterschiedliche Erzählungen, die zum Teil medial gegeneinander ausgespielt werden. Der Talk gibt einen Rahmen, in dem die verbindenden Elemente sichtbar werden. Wir laden zwei Aktivist:innen unterschiedlicher Bewegungen (Letzte Generation und „Solarpunk\") ein, ihr Engagement im Kontext dieser erzählerischen Komponenten vorzustellen: Welches menschliche Selbstbild, welcher Technikbegriff, welcher Körperbegriff steckt darin und wie wird mit Endlichkeit, Verletzlichkeit und Transformation umgegangen? Wie wird bei Aktionen die eigene Körperlichkeit eingesetzt? Was ist die Rolle von Technologien, z.B. KI, in dieser Erzählung?\r\n\r\nDer Talk versteht sich als Teil der Weiterentwicklung von unterschiedlichen aktivistischen Ansätzen – divers wie die Ökosysteme selbst – und deren Verbindung zu einer gesellschaftlich wirkmächtigen Bewegung im Kampf gegen die Klimakrise.\n\n\nEs war einmal ein Planet voller Affen, die sich Geschichten über sich, das Universum, die Technik und den ganzen Rest erzählten. Sie erzählten sich vor allem Storys vom unendlichen Wachstum und von der technologischen Überwindung der Sterblichkeit. Spätestens im Jahr 2023 passten diese sehr mächtigen Erzählungen nicht mehr. Die Ökosysteme brachen zusammen, planetare Grenzen und Artensterben wurden unignorierbar und so standen nicht nur das Klima, sondern auch die alten Narrative an einen Kipppunkt…\r\n\r\nWelche Geschichte(n) von individueller und kollektiver Sterblichkeit müssen wir uns heute erzählen, um handlungsfähige Mehrheiten für eine nachhaltige, egalitäre und emanzipative digitale Zukunft zu mobilisieren?\r\n\r\nIm Talk zeigen wir den engen Zusammenhang von (Un-)Sterblichkeits-Erzählungen, menschlichem Selbstbild und Zukunftsvorstellungen – vor allem aber deren Wirkmacht auf unsre Handlungsfähigkeit.\r\n\r\nDazu laden wir zwei Gäste ein, uns ihre Narrative zu zeigen: ein\\*e Aktivisti der Letzten Generation und Daniel Domscheit-Berg, der über Solarpunk sprechen wird. Anschließend basteln wir es zusammen: zwischen „I want you to panic” und „DON’T PANIC!” – welche Narrative brauchen wir jetzt und hier, um uns zwischen Trauer um diese Welt und der Lust am (Über)leben zu organisieren?","end_timestamp":{"seconds":1703770200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53278],"conference_id":131,"event_ids":[53643],"name":"daniel domscheit-berg","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52328},{"content_ids":[53278],"conference_id":131,"event_ids":[53643],"name":"Elenos","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52400},{"content_ids":[53278],"conference_id":131,"event_ids":[53643],"name":"Becci","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52434},{"content_ids":[53278],"conference_id":131,"event_ids":[53643],"name":"mischko","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52505}],"timeband_id":1141,"links":[],"end":"2023-12-28T13:30:00.000-0000","id":53643,"begin_timestamp":{"seconds":1703767800,"nanoseconds":0},"village_id":null,"tag_ids":[46125,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52434},{"tag_id":46107,"sort_order":1,"person_id":52400},{"tag_id":46107,"sort_order":1,"person_id":52328},{"tag_id":46107,"sort_order":1,"person_id":52505}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","begin":"2023-12-28T12:50:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In this talk, the maintainers of the AFLplusplus organization present the QEMU-based instrumentation engines developed as part of AFL++ and LibAFL to fuzz advanced binary-only targets. We discuss our extensions to QEMU, the well-known emulator, to allow high-performance, cross-architecture fuzzing and target instrumentation.\r\n\r\nWe present LibAFL QEMU, a library that offers convenient APIs to hook the target using Rust.\r\nUnlike other public fuzzers, tools built with LibAFL can scale over cores and machines to find vulnerabilities faster and at a large scale. We showcase how we built a custom fuzzer for a binary-only Android library using this new emulator API for fuzzing that scales to 80+ cores almost linearly, reaching a whopping number of executions per second!\r\n\r\nFinally, we demo a proof of concept using LibAFL to find injection vulnerabilities in the binaries, going beyond the typical fuzzing for memory corruptions.\r\n\n\n\nThe maintainers of the AFLplusplus open-source project show crazy new ways to (ab)use QEMU to explore difficult, binary-only targets through fuzzing.\r\n\r\nWe present a proof of concept using LibAFL\\_qemu to find command and SQL-injections, going beyond the classic fuzzing for memory corruption.\r\n\r\nWe also showcase how to build a custom fuzzer to test Android libraries without using a phone.","title":"Fuzz Everything, Everywhere, All at Once","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703770200,"nanoseconds":0},"android_description":"In this talk, the maintainers of the AFLplusplus organization present the QEMU-based instrumentation engines developed as part of AFL++ and LibAFL to fuzz advanced binary-only targets. We discuss our extensions to QEMU, the well-known emulator, to allow high-performance, cross-architecture fuzzing and target instrumentation.\r\n\r\nWe present LibAFL QEMU, a library that offers convenient APIs to hook the target using Rust.\r\nUnlike other public fuzzers, tools built with LibAFL can scale over cores and machines to find vulnerabilities faster and at a large scale. We showcase how we built a custom fuzzer for a binary-only Android library using this new emulator API for fuzzing that scales to 80+ cores almost linearly, reaching a whopping number of executions per second!\r\n\r\nFinally, we demo a proof of concept using LibAFL to find injection vulnerabilities in the binaries, going beyond the typical fuzzing for memory corruptions.\r\n\n\n\nThe maintainers of the AFLplusplus open-source project show crazy new ways to (ab)use QEMU to explore difficult, binary-only targets through fuzzing.\r\n\r\nWe present a proof of concept using LibAFL\\_qemu to find command and SQL-injections, going beyond the classic fuzzing for memory corruption.\r\n\r\nWe also showcase how to build a custom fuzzer to test Android libraries without using a phone.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[{"content_ids":[53277],"conference_id":131,"event_ids":[53642],"name":"Dongjia Zhang","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52298},{"content_ids":[53277],"conference_id":131,"event_ids":[53642],"name":"domenukk","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52338},{"content_ids":[53277],"conference_id":131,"event_ids":[53642],"name":"van Hauser","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52349},{"content_ids":[53277],"conference_id":131,"event_ids":[53642],"name":"andreafioraldi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52403},{"content_ids":[53277],"conference_id":131,"event_ids":[53642],"name":"Addison Crump","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52443}],"timeband_id":1141,"end":"2023-12-28T13:30:00.000-0000","links":[{"label":"LibAFL","type":"link","url":"https://github.com/AFLplusplus/LibAFL"},{"label":"AFL++","type":"link","url":"https://github.com/AFLplusplus/AFLplusplus"}],"id":53642,"tag_ids":[46124,46136,46140],"begin_timestamp":{"seconds":1703767800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52443},{"tag_id":46107,"sort_order":1,"person_id":52298},{"tag_id":46107,"sort_order":1,"person_id":52403},{"tag_id":46107,"sort_order":1,"person_id":52338},{"tag_id":46107,"sort_order":1,"person_id":52349}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T12:50:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Republic of Belarus is ruled for last 29 years by authoritarian president Alexander Lukashenko. From the deputy chief of collective farm in USSR to the longest president in Europe, he continues to navigate complicated political scene between Russia/EU/US for his own advantage. \r\n\r\nNot even close to any technological sector through help of many Lukashenko turned Belarus into IT country with a lot western countries using developers from the dictatorship for their own project.\r\n\r\nThis presentation is about how the soviet modelled dictatorship managed to transform into technological authoritarian regime, where people are monitored and controlled of their loyalty to the regime, while also continuing a massive wave of repressions started from uprising against Alexander Lukashenko in 2020.\r\n\r\nThe presentation is made by a member of ABC-Belarus - a political solidarity organization from Belarus, working on supporting prisoners and developing security culture among street activists.\n\n\nWith dropping costs of surveillance smaller authoritarian regimes are gaining easier access to different \"out of the box\" security solutions used mainly to further oppress people. On example of Belarus we will see the future that awaits people in many different parts of the world if things don't change fast.","title":"Tractors, Rockets and the Internet in Belarus","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703770200,"nanoseconds":0},"android_description":"Republic of Belarus is ruled for last 29 years by authoritarian president Alexander Lukashenko. From the deputy chief of collective farm in USSR to the longest president in Europe, he continues to navigate complicated political scene between Russia/EU/US for his own advantage. \r\n\r\nNot even close to any technological sector through help of many Lukashenko turned Belarus into IT country with a lot western countries using developers from the dictatorship for their own project.\r\n\r\nThis presentation is about how the soviet modelled dictatorship managed to transform into technological authoritarian regime, where people are monitored and controlled of their loyalty to the regime, while also continuing a massive wave of repressions started from uprising against Alexander Lukashenko in 2020.\r\n\r\nThe presentation is made by a member of ABC-Belarus - a political solidarity organization from Belarus, working on supporting prisoners and developing security culture among street activists.\n\n\nWith dropping costs of surveillance smaller authoritarian regimes are gaining easier access to different \"out of the box\" security solutions used mainly to further oppress people. On example of Belarus we will see the future that awaits people in many different parts of the world if things don't change fast.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[{"label":"website","type":"link","url":"https://abc-belarus.org"}],"end":"2023-12-28T13:30:00.000-0000","id":53528,"begin_timestamp":{"seconds":1703767800,"nanoseconds":0},"village_id":null,"tag_ids":[46121,46136,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","begin":"2023-12-28T12:50:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In diesem Workshop möchten wir (mit vielen Beispielen) ein paar Grundkonzepte erklären wie man gute (Kurz-)Geschichten schreibt.\r\n\r\nNach meinem Allgemeinen Teil in der ersten hälfte erzählt venny euch dann im 2. Teil noch einiges über Worldbuilding für Fantasy und Science Fiction Romane.\r\n\r\nNeben der Theorie gibt es auch viele Praxistips und Erfahrungsberichte aus der (Hobby) Tätigkeit als Schriftsteller.🧮\r\n\r\nAuf Anfrage: Link zur Word & Shield e.V. Website: https://wordandshield.jimdofree.com/ (hat auch link zu unserem Community Discord)\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Workshop für Hobby Schriftsteller - Schriftstellerei und Softwareentwicklung sind garnicht so verschieden","android_description":"In diesem Workshop möchten wir (mit vielen Beispielen) ein paar Grundkonzepte erklären wie man gute (Kurz-)Geschichten schreibt.\r\n\r\nNach meinem Allgemeinen Teil in der ersten hälfte erzählt venny euch dann im 2. Teil noch einiges über Worldbuilding für Fantasy und Science Fiction Romane.\r\n\r\nNeben der Theorie gibt es auch viele Praxistips und Erfahrungsberichte aus der (Hobby) Tätigkeit als Schriftsteller.🧮\r\n\r\nAuf Anfrage: Link zur Word & Shield e.V. Website: https://wordandshield.jimdofree.com/ (hat auch link zu unserem Community Discord)","end_timestamp":{"seconds":1703772000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T14:00:00.000-0000","id":53488,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703766600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T12:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Let's improve our usage of anki by sharing tips and best practice.\r\n\r\nCome with your questions and potentially one trick that improved your user experience. This can be about add-ons, template, ankihub, shared decks, etc.\r\n\r\nThis discussion is about anki desktop https://apps.ankiweb.net/ , ankidroid on android and ankimobile on iOS. It is not about AnkiApp.\r\n\r\nThe host, Arthur@Milchior.fr, has been using anki since 2017 and started contributing to code in 2019.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Anki meet-up, let's help each other and exchange tips","android_description":"Let's improve our usage of anki by sharing tips and best practice.\r\n\r\nCome with your questions and potentially one trick that improved your user experience. This can be about add-ons, template, ankihub, shared decks, etc.\r\n\r\nThis discussion is about anki desktop https://apps.ankiweb.net/ , ankidroid on android and ankimobile on iOS. It is not about AnkiApp.\r\n\r\nThe host, Arthur@Milchior.fr, has been using anki since 2017 and started contributing to code in 2019.","end_timestamp":{"seconds":1703770200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T13:30:00.000-0000","id":53430,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703766600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","begin":"2023-12-28T12:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Hinter fast jeder Webseite steckt heutzutage als Backend eine Datenbank. Egal ob Instagram, Amazon, die Stadtbibliothek, die Lernplattform von Schule oder Uni ...\r\nWir wollen uns mit der Abfragesprache SQL befassen und ein paar Grundlagen lernen.\r\n\r\nBitte beachten: Für die Teilnahme am Workshop wird ein Gerät mit Tastatur benötigt.\r\n\r\nFINTA-only\n\n\nHinter fast jeder Webseite steckt heutzutage als Backend eine Datenbank. Egal ob Instagram, Amazon, die Stadtbibliothek, die Lernplattform von Schule oder Uni ...\r\nWir wollen uns mit der Abfragesprache SQL befassen und ein paar Grundlagen lernen.","type":{"conference_id":131,"conference":"37C3","color":"#7f73c6","updated_at":"2024-06-07T03:40+0000","name":"Workshop","id":46133},"title":"Datenbankgrundlagen für Anfänger*innen","android_description":"Hinter fast jeder Webseite steckt heutzutage als Backend eine Datenbank. Egal ob Instagram, Amazon, die Stadtbibliothek, die Lernplattform von Schule oder Uni ...\r\nWir wollen uns mit der Abfragesprache SQL befassen und ein paar Grundlagen lernen.\r\n\r\nBitte beachten: Für die Teilnahme am Workshop wird ein Gerät mit Tastatur benötigt.\r\n\r\nFINTA-only\n\n\nHinter fast jeder Webseite steckt heutzutage als Backend eine Datenbank. Egal ob Instagram, Amazon, die Stadtbibliothek, die Lernplattform von Schule oder Uni ...\r\nWir wollen uns mit der Abfragesprache SQL befassen und ein paar Grundlagen lernen.","end_timestamp":{"seconds":1703770500,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T13:35:00.000-0000","id":53714,"tag_ids":[46133,46139],"village_id":null,"begin_timestamp":{"seconds":1703765100,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T12:05:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This talk will cover how atomic name trades work in Namecoin, and how we achieved functionality such as non-interactivity, off-chain transactions, and auctions -- all without counterparty risk or trusted third-party intermediaries.\n\n\nTrading domain names for money has historically involved counterparty risk and middlemen. Namecoin changes that with atomic name trades.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Buying and Selling Domain Names in Namecoin","android_description":"This talk will cover how atomic name trades work in Namecoin, and how we achieved functionality such as non-interactivity, off-chain transactions, and auctions -- all without counterparty risk or trusted third-party intermediaries.\n\n\nTrading domain names for money has historically involved counterparty risk and middlemen. Namecoin changes that with atomic name trades.","end_timestamp":{"seconds":1703766600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T12:30:00.000-0000","id":53940,"village_id":null,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703764800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Critical Decentralisation Cluster [Saal D]","hotel":"","short_name":"Critical Decentralisation Cluster [Saal D]","id":46166},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T12:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Podcasting ist in aller Munde, und wir lassen euch podcasten. Wir werden euch in diesem Workshop anleiten einen Podcast aufzunehmen, und diesen dann auch zusammen mit euch schneiden. Dabei geht es zum einen um eine Erfahrung am Mikrofon, aber auch die technischen Hintergründe. Wir schauen also auf das Gespräch im Podcast, aber auch auf Mischpulte, digitale Audiobearbeitung und was einen Podcast so ausmacht.\r\nPodcasting ist in aller Munde, und wir lassen euch podcasten. Wir werden euch in diesem Workshop anleiten einen Podcast aufzunehmen, und diesen dann auch zusammen mit euch schneiden. Dabei geht es zum einen um eine Erfahrung am Mikrofon, aber auch die technischen Hintergründe. Wir schauen also auf das Gespräch im Podcast, aber auch auf Mischpulte, digitale Audiobearbeitung und was einen Podcast so ausmacht.\r\n\r\nWir haben maximal 6 Plätze. Bitte meldet euch bei [Advi](congress/2023/hub/en/user/advi/) entweder per Telefon DECT:2384 oder persönlich an. Spontan erscheinende Menschen können wir nur berücksichtigen, wenn noch Plätze frei sind.\r\n\r\nAlle Plätze sind vergeben.\n\n\nWir zeigen jungen Menschen das Podcasting in der Praxis.","title":"JHT: Podcasting für Einsteiger:innen 2","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703770200,"nanoseconds":0},"android_description":"Podcasting ist in aller Munde, und wir lassen euch podcasten. Wir werden euch in diesem Workshop anleiten einen Podcast aufzunehmen, und diesen dann auch zusammen mit euch schneiden. Dabei geht es zum einen um eine Erfahrung am Mikrofon, aber auch die technischen Hintergründe. Wir schauen also auf das Gespräch im Podcast, aber auch auf Mischpulte, digitale Audiobearbeitung und was einen Podcast so ausmacht.\r\nPodcasting ist in aller Munde, und wir lassen euch podcasten. Wir werden euch in diesem Workshop anleiten einen Podcast aufzunehmen, und diesen dann auch zusammen mit euch schneiden. Dabei geht es zum einen um eine Erfahrung am Mikrofon, aber auch die technischen Hintergründe. Wir schauen also auf das Gespräch im Podcast, aber auch auf Mischpulte, digitale Audiobearbeitung und was einen Podcast so ausmacht.\r\n\r\nWir haben maximal 6 Plätze. Bitte meldet euch bei [Advi](congress/2023/hub/en/user/advi/) entweder per Telefon DECT:2384 oder persönlich an. Spontan erscheinende Menschen können wir nur berücksichtigen, wenn noch Plätze frei sind.\r\n\r\nAlle Plätze sind vergeben.\n\n\nWir zeigen jungen Menschen das Podcasting in der Praxis.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T13:30:00.000-0000","id":53721,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703764800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T12:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"At the Chaoswelle assembly we will give a short introduction to the amateur radio activity program \"Parks On The Air\" (POTA for short) and portable operation (duration approx. 30 minutes). Afterwards, we will start a joint park activation with you on shortwave in the \"Planten un Bloomen\" park in the immediate vicinity of the CCH (duration approx. 120 minutes).\r\n\r\nNo previous experience is necessary; the necessary equipment is provided. Those interested in radio are also explicitly invited and can practice practical radio operations with our training call sign.\r\n\r\nWeatherproof clothing is absolutely necessary for radio operations in the park, as we will definitely be going out (exception: freezing rain or thunderstorms).\r\n\r\nThe event takes place on all four days.\n\n\nEinführung in Parks On The Air (POTA) mit DC1TC und DK4HAA","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"POTA – Parks on the Air [Day 2]","android_description":"At the Chaoswelle assembly we will give a short introduction to the amateur radio activity program \"Parks On The Air\" (POTA for short) and portable operation (duration approx. 30 minutes). Afterwards, we will start a joint park activation with you on shortwave in the \"Planten un Bloomen\" park in the immediate vicinity of the CCH (duration approx. 120 minutes).\r\n\r\nNo previous experience is necessary; the necessary equipment is provided. Those interested in radio are also explicitly invited and can practice practical radio operations with our training call sign.\r\n\r\nWeatherproof clothing is absolutely necessary for radio operations in the park, as we will definitely be going out (exception: freezing rain or thunderstorms).\r\n\r\nThe event takes place on all four days.\n\n\nEinführung in Parks On The Air (POTA) mit DC1TC und DK4HAA","end_timestamp":{"seconds":1703773800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T14:30:00.000-0000","id":53705,"village_id":null,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703764800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chaoswelle","hotel":"","short_name":"Chaoswelle","id":46141},"begin":"2023-12-28T12:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Ist es eigentlich zielführend Kinder auf die Demokratie vorzubereiten in dem man sie 12 Jahre in ein Schulsystem steckt in dem sie keinerlei Mitbestimmung oder Wahlentscheidungen kennen lernen?\r\nNein, sagen 26 Schulen in Deutschland. Die sog. Demokratischen Schulen sind kleine Schulen von 40 bis 180 Kindern im Alter von 6 bis 18 Jahren, die sich komplett basisdemokratische organisieren. Jeder (egal ob Lehrerin oder Schüler) hat eine Stimme. Natürlich gibt es keine Schulleitung. Die Schulversammlung ist das höchste Entscheidungsgremium.\r\nDazu kommt dass die Schüler komplett frei entscheiden was sie wann wo wie mit wem lernen. Wer keine Lust auf Kurse hat, kann auch spielen gehen. Trotz dieser Freiheiten (oder gerade wegen?) funktioniert es. Die SuS sind überdurchschnittlich erfolgreich in ihren Abschlüssen und laut Studien erfolgreicher in ihrem Sozialleben.\r\n60min Vortrag mit Videos und anschaulicher Präsi - danach Diskussion\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Demokratische Schule - wahrs. Deutschlands radikalste Schule","android_description":"Ist es eigentlich zielführend Kinder auf die Demokratie vorzubereiten in dem man sie 12 Jahre in ein Schulsystem steckt in dem sie keinerlei Mitbestimmung oder Wahlentscheidungen kennen lernen?\r\nNein, sagen 26 Schulen in Deutschland. Die sog. Demokratischen Schulen sind kleine Schulen von 40 bis 180 Kindern im Alter von 6 bis 18 Jahren, die sich komplett basisdemokratische organisieren. Jeder (egal ob Lehrerin oder Schüler) hat eine Stimme. Natürlich gibt es keine Schulleitung. Die Schulversammlung ist das höchste Entscheidungsgremium.\r\nDazu kommt dass die Schüler komplett frei entscheiden was sie wann wo wie mit wem lernen. Wer keine Lust auf Kurse hat, kann auch spielen gehen. Trotz dieser Freiheiten (oder gerade wegen?) funktioniert es. Die SuS sind überdurchschnittlich erfolgreich in ihren Abschlüssen und laut Studien erfolgreicher in ihrem Sozialleben.\r\n60min Vortrag mit Videos und anschaulicher Präsi - danach Diskussion","end_timestamp":{"seconds":1703770200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T13:30:00.000-0000","id":53669,"begin_timestamp":{"seconds":1703764800,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T12:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"As part of the Predator Files investigation, Amnesty International, in partnership with European Investigative Collaborations, uncovered and documented for the first time how the Intellexa Alliance, a European-based surveillance vendor, has supplied advance spyware and surveillance technology to governments around the world, and where it has then been used to target journalists, leading politicians, and European institutions.\r\n\r\nTechnical specifications and marketing material from surveillance vendors is often kept secret. The resulting information asymmetry prevents defenders in the cybersecurity industry and at-risk civil society groups from understanding the full scope of the threats that they face. This talk will draw on leaked internal documents and technical material, obtained by the Predator Files consortium, which shed light on the evolving technical tactics used by surveillance actors to subvert network infrastructure and deliver digital attacks to targeted individuals.\r\n\r\nThis talk will conclude with recommendations on possible mitigations and detections which can help protect civil society targets and the wider internet ecosystem from some of the attack vectors offered by this company.\n\n\nEver evolving mercenary spyware continues to threaten the safety of activists, journalist and human rights defenders around the world. Following the exposure of the Pegasus spyware scandal, this talk will be a technical deep dive into the tactics and techniques sold by the European-based spyware alliance Intellexa, which is used by governments to infect the devices and infrastructure we all depend on.","title":"Predator Files: How European spyware threatens civil society around the world","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703766900,"nanoseconds":0},"android_description":"As part of the Predator Files investigation, Amnesty International, in partnership with European Investigative Collaborations, uncovered and documented for the first time how the Intellexa Alliance, a European-based surveillance vendor, has supplied advance spyware and surveillance technology to governments around the world, and where it has then been used to target journalists, leading politicians, and European institutions.\r\n\r\nTechnical specifications and marketing material from surveillance vendors is often kept secret. The resulting information asymmetry prevents defenders in the cybersecurity industry and at-risk civil society groups from understanding the full scope of the threats that they face. This talk will draw on leaked internal documents and technical material, obtained by the Predator Files consortium, which shed light on the evolving technical tactics used by surveillance actors to subvert network infrastructure and deliver digital attacks to targeted individuals.\r\n\r\nThis talk will conclude with recommendations on possible mitigations and detections which can help protect civil society targets and the wider internet ecosystem from some of the attack vectors offered by this company.\n\n\nEver evolving mercenary spyware continues to threaten the safety of activists, journalist and human rights defenders around the world. Following the exposure of the Pegasus spyware scandal, this talk will be a technical deep dive into the tactics and techniques sold by the European-based spyware alliance Intellexa, which is used by governments to infect the devices and infrastructure we all depend on.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53276],"conference_id":131,"event_ids":[53566],"name":"Donncha Ó Cearbhaill","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52329}],"timeband_id":1141,"end":"2023-12-28T12:35:00.000-0000","links":[{"label":"Predator Files: Technical deep-dive into Intellexa Alliance’s surveillance products","type":"link","url":"https://securitylab.amnesty.org/latest/2023/10/technical-deep-dive-into-intellexa-alliance-surveillance-products/"},{"label":"Global: ‘Predator Files’ spyware scandal reveals brazen targeting of civil society, politicians and officials  ","type":"link","url":"https://www.amnesty.eu/news/global-predator-files-spyware-scandal-reveals-brazen-targeting-of-civil-society-politicians-and-officials/"},{"label":"Predator Files: How European companies supplied dictators cyber-surveillance tools for more than a decade.","type":"link","url":"https://eic.network/projects/predator-files.html"}],"id":53566,"begin_timestamp":{"seconds":1703764500,"nanoseconds":0},"village_id":null,"tag_ids":[46124,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52329}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-28T11:55:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We will start with a fundamental introduction to quantum computing to ensure that the audience has a solid grasp of this model of computation, but without discussing the technicalities of quantum physics. Taking a \"software development\" perspective, we introduce the problem of estimating the resources needed to perform a quantum computation. Then, we will shift our focus to the two facets of our investigation: applications for offence and defence. \r\n\r\n\r\nQuantum machine learning for defence:\r\n\r\nWe will explore the application of quantum machine learning algorithms in network intrusion detection. Quantum machine learning holds the potential for improving cybersecurity defences by leveraging quantum algorithms - exponentially faster than classical algorithm on their asymptotic complexity. We will introduce a framework for estimating the advantages of quantum algorithms in terms of query complexity, and report the findings of our experiments. Our findings will be based on practical experiments using benchmark datasets in cybersecurity, offering insights into the potential effectiveness of quantum approaches in this domain.\r\n\r\nQuantum attacks on cryptography for offence:\r\n\r\nShifting our attention to the offensive side, we will investigate the potential impact of quantum attacks on cryptography. We will report some advancements in the number of qubits required to break RSA2048 cryptography and attacks on ECC256. Furthermore, we will delve into the complexities of post-quantum cryptography attacks. Our ongoing research at CQT (Centre for Quantum Technologies of Singapore) involves measuring the depth and size of quantum circuits, including the number of Toffoli gates and Toffoli-depth. We will also account for the qubit number and size of the QRAM query (quantum random access memory), providing a comprehensive assessment of the quantum attack landscape.\r\n\r\nUltimately, we will draw conclusions based on our research and analysis. While there is limited evidence suggesting that quantum computing will have a drastic impact on cybersecurity through machine learning or attacks on post-quantum cryptography, there are substantial reasons to believe that quantum computers, once they reach sufficient scale and capacity, will pose a significant threat to RSA2048 and ECC256. Join us for an insightful exploration of the evolving intersection of quantum computing and cybersecurity.\n\n\nIn in this talk we explore the potential ramifications of quantum computing in the field of cybersecurity We'll delve into two critical aspects: the application of quantum machine learning algorithms for defence and the impact of quantum attacks on cryptography and post-quantum cryptography for offence. We'll present insights on the theoretical advantages of quantum algorithms, improvements in factoring large numbers, and the impacts of post-quantum crypto attacks. While the hype around quantum technologies is growing, the estimates in the resources needed to run a quantum algorithm and the current number of qubits pose caution in the enthusiasm. The limitations in terms of available qubits, error rates, and scalability are critical factors that need to be considered when assessing the real-world applicability of quantum computing.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"title":"The impact of quantum computers in cybersecurity","android_description":"We will start with a fundamental introduction to quantum computing to ensure that the audience has a solid grasp of this model of computation, but without discussing the technicalities of quantum physics. Taking a \"software development\" perspective, we introduce the problem of estimating the resources needed to perform a quantum computation. Then, we will shift our focus to the two facets of our investigation: applications for offence and defence. \r\n\r\n\r\nQuantum machine learning for defence:\r\n\r\nWe will explore the application of quantum machine learning algorithms in network intrusion detection. Quantum machine learning holds the potential for improving cybersecurity defences by leveraging quantum algorithms - exponentially faster than classical algorithm on their asymptotic complexity. We will introduce a framework for estimating the advantages of quantum algorithms in terms of query complexity, and report the findings of our experiments. Our findings will be based on practical experiments using benchmark datasets in cybersecurity, offering insights into the potential effectiveness of quantum approaches in this domain.\r\n\r\nQuantum attacks on cryptography for offence:\r\n\r\nShifting our attention to the offensive side, we will investigate the potential impact of quantum attacks on cryptography. We will report some advancements in the number of qubits required to break RSA2048 cryptography and attacks on ECC256. Furthermore, we will delve into the complexities of post-quantum cryptography attacks. Our ongoing research at CQT (Centre for Quantum Technologies of Singapore) involves measuring the depth and size of quantum circuits, including the number of Toffoli gates and Toffoli-depth. We will also account for the qubit number and size of the QRAM query (quantum random access memory), providing a comprehensive assessment of the quantum attack landscape.\r\n\r\nUltimately, we will draw conclusions based on our research and analysis. While there is limited evidence suggesting that quantum computing will have a drastic impact on cybersecurity through machine learning or attacks on post-quantum cryptography, there are substantial reasons to believe that quantum computers, once they reach sufficient scale and capacity, will pose a significant threat to RSA2048 and ECC256. Join us for an insightful exploration of the evolving intersection of quantum computing and cybersecurity.\n\n\nIn in this talk we explore the potential ramifications of quantum computing in the field of cybersecurity We'll delve into two critical aspects: the application of quantum machine learning algorithms for defence and the impact of quantum attacks on cryptography and post-quantum cryptography for offence. We'll present insights on the theoretical advantages of quantum algorithms, improvements in factoring large numbers, and the impacts of post-quantum crypto attacks. While the hype around quantum technologies is growing, the estimates in the resources needed to run a quantum algorithm and the current number of qubits pose caution in the enthusiasm. The limitations in terms of available qubits, error rates, and scalability are critical factors that need to be considered when assessing the real-world applicability of quantum computing.","end_timestamp":{"seconds":1703766900,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53202],"conference_id":131,"event_ids":[53533],"name":"Alessandro Luongo","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52436}],"timeband_id":1141,"links":[],"end":"2023-12-28T12:35:00.000-0000","id":53533,"tag_ids":[46123,46136,46140],"village_id":null,"begin_timestamp":{"seconds":1703764500,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52436}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","begin":"2023-12-28T11:55:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Das völkerrechtliche Selbstverteidigungsrecht ist momentan in aller Munde. Ob im Südkaukasus, der Ukraine oder im Nahen Osten, eine Zunahme militärischer Gewalt führt immer wieder dazu, dass Staaten ihr Recht auf Selbstverteidigung wahrnehmen. Der Vortrag erläutert die Ursprünge des völkerrechtlichen Gewaltverbotes und das Verhältnis zum Selbstverteidigungsrecht. Außerdem wird der Zusammenhang zum humanitären Völkerrecht erklärt (ius ad bellum/ius in bello), weil es hier in der öffentlichen Debatte immer wieder zu Vermischungen kommt. \r\n\r\nIm Kern werden folgende Fragen beantwortet: \r\n\r\nWann hat ein Staat ein Recht auf Selbstverteidigung? \r\nWie und wie lange kann das Selbstverteidigungsrecht ausgeübt werden? \r\nGegen wen richtet sich das Recht auf Selbstverteidigung? \r\n\r\nDie Ergebnisse werden dann auf aktuelle Fälle angewandt (bspw.: Russlands Angriffskrieg gegen die Ukraine, Terrorangriff der Hamas auf Israel). \r\n\r\n\r\n\n\n\nDer Vortrag gibt eine Einführung in das völkerrechtliche Recht auf Selbstverteidigung. Das moderne Völkerrecht verbietet die Drohung oder den Einsatz militärischer Gewalt. Eine Ausnahme davon ist das Recht auf Selbstverteidigung im Falle eines bewaffneten Angriffes. ","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"Das Recht auf Selbstverteidigung im modernen Völkerrecht","end_timestamp":{"seconds":1703766900,"nanoseconds":0},"android_description":"Das völkerrechtliche Selbstverteidigungsrecht ist momentan in aller Munde. Ob im Südkaukasus, der Ukraine oder im Nahen Osten, eine Zunahme militärischer Gewalt führt immer wieder dazu, dass Staaten ihr Recht auf Selbstverteidigung wahrnehmen. Der Vortrag erläutert die Ursprünge des völkerrechtlichen Gewaltverbotes und das Verhältnis zum Selbstverteidigungsrecht. Außerdem wird der Zusammenhang zum humanitären Völkerrecht erklärt (ius ad bellum/ius in bello), weil es hier in der öffentlichen Debatte immer wieder zu Vermischungen kommt. \r\n\r\nIm Kern werden folgende Fragen beantwortet: \r\n\r\nWann hat ein Staat ein Recht auf Selbstverteidigung? \r\nWie und wie lange kann das Selbstverteidigungsrecht ausgeübt werden? \r\nGegen wen richtet sich das Recht auf Selbstverteidigung? \r\n\r\nDie Ergebnisse werden dann auf aktuelle Fälle angewandt (bspw.: Russlands Angriffskrieg gegen die Ukraine, Terrorangriff der Hamas auf Israel). \r\n\r\n\r\n\n\n\nDer Vortrag gibt eine Einführung in das völkerrechtliche Recht auf Selbstverteidigung. Das moderne Völkerrecht verbietet die Drohung oder den Einsatz militärischer Gewalt. Eine Ausnahme davon ist das Recht auf Selbstverteidigung im Falle eines bewaffneten Angriffes.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53103],"conference_id":131,"event_ids":[53526],"name":"Dustin Hoffmann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52330}],"timeband_id":1141,"links":[],"end":"2023-12-28T12:35:00.000-0000","id":53526,"begin_timestamp":{"seconds":1703764500,"nanoseconds":0},"tag_ids":[46121,46136,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52330}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","begin":"2023-12-28T11:55:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Der Anarchismus ist eine der Hauptströmungen des Sozialismus. Konflikte mit anderen Strömungen resultieren häufig aus verschiedenen Vorstellungen von Politik, Herrschaft und Gesellschaftsveränderung. Anarchist*innen lehnen die politische Revolution ab, sie setzen nicht allein auf die soziale Evolution und politische Reformen sind ihnen nicht genug. Demgegenüber wurden Ansätze der experimenteller Selbstorganisation, des Aufstands, der Subversion, der autonomen Bewegung und der sozialen Revolution entwickelt. Was beinhalten diese Konzepte genauer und wie können wir sie gebrauchen?\n\n\nWie wird im Anarchismus Gesellschaftsveränderung gedacht?","title":"Anarchistische Transformationsstrategien","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#f6ae74","name":"Talk 90 Minuten +15m Q&A","id":46132},"end_timestamp":{"seconds":1703768400,"nanoseconds":0},"android_description":"Der Anarchismus ist eine der Hauptströmungen des Sozialismus. Konflikte mit anderen Strömungen resultieren häufig aus verschiedenen Vorstellungen von Politik, Herrschaft und Gesellschaftsveränderung. Anarchist*innen lehnen die politische Revolution ab, sie setzen nicht allein auf die soziale Evolution und politische Reformen sind ihnen nicht genug. Demgegenüber wurden Ansätze der experimenteller Selbstorganisation, des Aufstands, der Subversion, der autonomen Bewegung und der sozialen Revolution entwickelt. Was beinhalten diese Konzepte genauer und wie können wir sie gebrauchen?\n\n\nWie wird im Anarchismus Gesellschaftsveränderung gedacht?","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53378],"conference_id":131,"event_ids":[53726],"name":"Jonathan Eibisch","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52292}],"timeband_id":1141,"links":[],"end":"2023-12-28T13:00:00.000-0000","id":53726,"begin_timestamp":{"seconds":1703763000,"nanoseconds":0},"tag_ids":[46132,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52292}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"spans_timebands":"N","begin":"2023-12-28T11:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"You can learn more efficiently. \r\n\r\nReviewing too often waste time. Reviewing rarely causes forgetting. Spaced repetition software finds the optimal material to review for the sake of long term memorization.\r\n\r\nIn this workshop, you'll learn how to use the spaced repetition software called Anki. Anki is a free open source software on computer and android (and closed source on iOS), used by millions over the world, to learn vocabulary, medical school curriculum, math, music, programming, poem, geography and so much more. It comes with housands and thousands of free decks of learing materials, and you can create your own content to learn.\r\n\r\nCome with anki on your device so you can start praticing. \r\nPlease be sure to download rge software from https://apps.ankiweb.net/ and not one of the knock-offs.\r\n\r\nThis workshop is followed by a discussion session for anki users to meet and exchange tips and good practice.\r\n\r\nThe presenter, Arthur@Milchior.fr, has been using anki since 2017 and started contributing to code in 2019.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Human learning with Anki","android_description":"You can learn more efficiently. \r\n\r\nReviewing too often waste time. Reviewing rarely causes forgetting. Spaced repetition software finds the optimal material to review for the sake of long term memorization.\r\n\r\nIn this workshop, you'll learn how to use the spaced repetition software called Anki. Anki is a free open source software on computer and android (and closed source on iOS), used by millions over the world, to learn vocabulary, medical school curriculum, math, music, programming, poem, geography and so much more. It comes with housands and thousands of free decks of learing materials, and you can create your own content to learn.\r\n\r\nCome with anki on your device so you can start praticing. \r\nPlease be sure to download rge software from https://apps.ankiweb.net/ and not one of the knock-offs.\r\n\r\nThis workshop is followed by a discussion session for anki users to meet and exchange tips and good practice.\r\n\r\nThe presenter, Arthur@Milchior.fr, has been using anki since 2017 and started contributing to code in 2019.","end_timestamp":{"seconds":1703766600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T12:30:00.000-0000","id":53532,"begin_timestamp":{"seconds":1703763000,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"begin":"2023-12-28T11:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: Anja Hoefner\r\n\r\nWir laden euch ein auf eine Reise in die Zukunft - zum Träumen, Visionieren, Entspannen und Mut fassen. Wie sieht sie aus, die (digitale) Technik der Zukunft? Was kann sie und wie ist sie gestaltet? Wieviel Technik brauchen wir für ein gutes Leben für alle? Diesen Fragen widmen wir uns im Workshop. Anschließend stellen wir die politischen Forderungen von Bits & Bäume vor und wollen mit euch herausfinden, wie unsere Vorstellungen eines guten (digitalen) Lebens für alle mit den Forderungen zusammengehen. Wir freuen uns auf den Austausch mit euch!\n\n\nWir wollen mit euch - ganz losgelöst vom Alltag, schlechten Nachrichten, Stress und so weiter - ins Visionieren kommen.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Das (gute) digitale Leben - eine Zukunftsreise","end_timestamp":{"seconds":1703767500,"nanoseconds":0},"android_description":"Host: Anja Hoefner\r\n\r\nWir laden euch ein auf eine Reise in die Zukunft - zum Träumen, Visionieren, Entspannen und Mut fassen. Wie sieht sie aus, die (digitale) Technik der Zukunft? Was kann sie und wie ist sie gestaltet? Wieviel Technik brauchen wir für ein gutes Leben für alle? Diesen Fragen widmen wir uns im Workshop. Anschließend stellen wir die politischen Forderungen von Bits & Bäume vor und wollen mit euch herausfinden, wie unsere Vorstellungen eines guten (digitalen) Lebens für alle mit den Forderungen zusammengehen. Wir freuen uns auf den Austausch mit euch!\n\n\nWir wollen mit euch - ganz losgelöst vom Alltag, schlechten Nachrichten, Stress und so weiter - ins Visionieren kommen.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T12:45:00.000-0000","id":53462,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703763000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T11:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Please take with you:\r\n- Your laptop with Access to the internet and Chromium or Google Chrome\r\nOptionally:\r\n- Arduino IDE or VS code installed (with Z-Uno package installed, see https://z-uno.z-wave.me/install for details - we will help you with this during the workshop)\r\n- Arduino-compatible sensors to build your own Z-Wave sensor (optional)\r\n- Your Z-Wave stuff if any (optional)\r\n\r\nTopics of the workshop:\r\n- What is Z-Wave and where should you use it. Comparison with Zigbee and Matter\r\n- Z-Wave controller and RaZberry/WB7 hardware: Controlling switches, Reading sensor/switch values, Making rules, Using JS API\r\n- Z-Uno prototyping board: Making Simple Switch, Adding more stuff\r\n- Z-Uno Shield and Z-Uno Configurator\r\n- Z-Uno Modules\r\n\r\nUseful links for the workshop:\r\n\r\nZ-Way documentation\r\n- Installing Z-Way https://z-wave.me/z-way/download-z-way/\r\n- Z-Way doc https://z-wave.me/manual/z-way\r\n- Z-Way JS engine GitHub https://github.com/Z-Wave-Me/home-automation/\r\n\r\nZ-Way workshop materials\r\n- Turning on/off a device /ZWaveAPI/Run/devices[NNN].SwitchBinary.Set(0 or 1)\r\n- Reading switch value /ZWaveAPI/Run/devices[NNN].SwitchBinary.data.level.value\r\n- Using JS API /JS/Run/var v = 1; setInterval(function() { zway.devices[NNN].SwitchBinary.Set(v); v = 1-v;}, 2000);\r\n\r\nZ-Uno documentation:\r\n- Quick Intro https://z-uno.z-wave.me/getting-started/quick-introduction-in-z-uno/\r\n- Installation howto https://z-uno.z-wave.me/install\r\n- Language Reference https://z-uno.z-wave.me/reference/\r\n- Examples https://z-uno.z-wave.me/examples/\r\n- Z-Uno Shield https://z-uno.z-wave.me/shield/\r\n- Z-Uno Shield Configurator https://z-uno.z-wave.me/Z-Uno-Shield-Configurator/\r\n- Z-Uno GitHub https://github.com/Z-Wave-Me/Z-Uno-G2-Core\n\n\nDuring this workshop we will build simple smart home devices using the Z-Wave protocol. We will also discuss smart home controllers and protocols diversity: Z-Wave, Zigbee, Thread, Matter.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Making Smart Home devices","android_description":"Please take with you:\r\n- Your laptop with Access to the internet and Chromium or Google Chrome\r\nOptionally:\r\n- Arduino IDE or VS code installed (with Z-Uno package installed, see https://z-uno.z-wave.me/install for details - we will help you with this during the workshop)\r\n- Arduino-compatible sensors to build your own Z-Wave sensor (optional)\r\n- Your Z-Wave stuff if any (optional)\r\n\r\nTopics of the workshop:\r\n- What is Z-Wave and where should you use it. Comparison with Zigbee and Matter\r\n- Z-Wave controller and RaZberry/WB7 hardware: Controlling switches, Reading sensor/switch values, Making rules, Using JS API\r\n- Z-Uno prototyping board: Making Simple Switch, Adding more stuff\r\n- Z-Uno Shield and Z-Uno Configurator\r\n- Z-Uno Modules\r\n\r\nUseful links for the workshop:\r\n\r\nZ-Way documentation\r\n- Installing Z-Way https://z-wave.me/z-way/download-z-way/\r\n- Z-Way doc https://z-wave.me/manual/z-way\r\n- Z-Way JS engine GitHub https://github.com/Z-Wave-Me/home-automation/\r\n\r\nZ-Way workshop materials\r\n- Turning on/off a device /ZWaveAPI/Run/devices[NNN].SwitchBinary.Set(0 or 1)\r\n- Reading switch value /ZWaveAPI/Run/devices[NNN].SwitchBinary.data.level.value\r\n- Using JS API /JS/Run/var v = 1; setInterval(function() { zway.devices[NNN].SwitchBinary.Set(v); v = 1-v;}, 2000);\r\n\r\nZ-Uno documentation:\r\n- Quick Intro https://z-uno.z-wave.me/getting-started/quick-introduction-in-z-uno/\r\n- Installation howto https://z-uno.z-wave.me/install\r\n- Language Reference https://z-uno.z-wave.me/reference/\r\n- Examples https://z-uno.z-wave.me/examples/\r\n- Z-Uno Shield https://z-uno.z-wave.me/shield/\r\n- Z-Uno Shield Configurator https://z-uno.z-wave.me/Z-Uno-Shield-Configurator/\r\n- Z-Uno GitHub https://github.com/Z-Wave-Me/Z-Uno-G2-Core\n\n\nDuring this workshop we will build simple smart home devices using the Z-Wave protocol. We will also discuss smart home controllers and protocols diversity: Z-Wave, Zigbee, Thread, Matter.","end_timestamp":{"seconds":1703766600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T12:30:00.000-0000","id":53932,"village_id":null,"begin_timestamp":{"seconds":1703761200,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"spans_timebands":"N","begin":"2023-12-28T11:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Although railways are one of the safest means of travel, they are not the most secure. What are railway engineers and IT experts fighting about? We will elaborate on the terms: Sicherheit, safety, security, and funktionale Sicherheit; and their implications.\r\nThe first railways were closed systems where employees had visual contact with the equipment. With the increasing amount of software and network growth, IT security is becoming a major concern. On the other hand, railway systems are made from various components with real-time and dependability requirements, and proprietary protocols, resulting in some security via obscurity. The main difference from other systems is the high degree of standardisation necessary for obtaining a permit. Consequently, changes take time and effort, resulting in the longevity of protocols.\r\nThis talk explains railway-specific protocols, such as GSM-R, RaSTA, and ETCS/ERMTS, their security model and known attacks. Nothing of this is new, but still, it is widely unknown.\r\nSo, join the talk, have fun, and learn how to stop a train - which is much simpler than starting one.\n\n\nThe railway communication network looks different from your standard corporate IT. Its hardware, software and protocols have many peculiarities since it is an old, distributed, fragmented and highly standardised system. This creates problems when trying to introduce state-of-the-art IT security, and then there is the mindset: \"But we always have done it this way!\"","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"Why Railway Is Safe But Not Secure","end_timestamp":{"seconds":1703763600,"nanoseconds":0},"android_description":"Although railways are one of the safest means of travel, they are not the most secure. What are railway engineers and IT experts fighting about? We will elaborate on the terms: Sicherheit, safety, security, and funktionale Sicherheit; and their implications.\r\nThe first railways were closed systems where employees had visual contact with the equipment. With the increasing amount of software and network growth, IT security is becoming a major concern. On the other hand, railway systems are made from various components with real-time and dependability requirements, and proprietary protocols, resulting in some security via obscurity. The main difference from other systems is the high degree of standardisation necessary for obtaining a permit. Consequently, changes take time and effort, resulting in the longevity of protocols.\r\nThis talk explains railway-specific protocols, such as GSM-R, RaSTA, and ETCS/ERMTS, their security model and known attacks. Nothing of this is new, but still, it is widely unknown.\r\nSo, join the talk, have fun, and learn how to stop a train - which is much simpler than starting one.\n\n\nThe railway communication network looks different from your standard corporate IT. Its hardware, software and protocols have many peculiarities since it is an old, distributed, fragmented and highly standardised system. This creates problems when trying to introduce state-of-the-art IT security, and then there is the mindset: \"But we always have done it this way!\"","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53275],"conference_id":131,"event_ids":[53565],"name":"Katja Assaf","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52304}],"timeband_id":1141,"links":[],"end":"2023-12-28T11:40:00.000-0000","id":53565,"tag_ids":[46124,46136,46140],"village_id":null,"begin_timestamp":{"seconds":1703761200,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52304}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","begin":"2023-12-28T11:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Looking back to France in 2023, what do we see? Implementation of new technologies such as drones, DNA marking or new generation of spywares. Also, an intensification of political surveillance, either by law enforcement deploying disproportionate means of investigations towards environmental activists or intelligence services using cameras or GPS beacons to spy on places or people that they find too radical. It was also the year of the “8 December” case, a judicial case where among other things, encrypted communications of the prosecuted persons were considered as signs of \"clandestinity\" that reveal criminal intentions.\r\n\r\nOn top of this, we also had to deal with the legalization of biometric surveillance for the Olympics and massive censorship of social networks when riots erupted in suburbs against police violence.\r\n\r\nThis talk is about showing the reality of the situation at stake right now in France, and how it could influence the rest of Europe. At the end, we hope to raise awareness in the international community and start thinking about how, together, we can put pressure on a country who uses its old reputation to pretend to be respectful of human rights.\n\n\nFighting against surveillance has never been easy. But in the past year it has been specially tough in France. This talk is about shedding light on the many situations where the French State used surveillance to increase repression, mainly against activists, during the last months. Not to despair of this, but willing to provide a sincere overview to the rest of the world, La Quadrature du Net proposes to depict this situation as a satirical tale, with its own characters, plots and suspense. We want to show the political tension going on right now in France and how the checks and balances are lacking to stop this headlong rush to a surveillance state.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"title":"A year of surveillance in France: a short satirical tale by La Quadrature du Net","android_description":"Looking back to France in 2023, what do we see? Implementation of new technologies such as drones, DNA marking or new generation of spywares. Also, an intensification of political surveillance, either by law enforcement deploying disproportionate means of investigations towards environmental activists or intelligence services using cameras or GPS beacons to spy on places or people that they find too radical. It was also the year of the “8 December” case, a judicial case where among other things, encrypted communications of the prosecuted persons were considered as signs of \"clandestinity\" that reveal criminal intentions.\r\n\r\nOn top of this, we also had to deal with the legalization of biometric surveillance for the Olympics and massive censorship of social networks when riots erupted in suburbs against police violence.\r\n\r\nThis talk is about showing the reality of the situation at stake right now in France, and how it could influence the rest of Europe. At the end, we hope to raise awareness in the international community and start thinking about how, together, we can put pressure on a country who uses its old reputation to pretend to be respectful of human rights.\n\n\nFighting against surveillance has never been easy. But in the past year it has been specially tough in France. This talk is about shedding light on the many situations where the French State used surveillance to increase repression, mainly against activists, during the last months. Not to despair of this, but willing to provide a sincere overview to the rest of the world, La Quadrature du Net proposes to depict this situation as a satirical tale, with its own characters, plots and suspense. We want to show the political tension going on right now in France and how the checks and balances are lacking to stop this headlong rush to a surveillance state.","end_timestamp":{"seconds":1703763600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53102],"conference_id":131,"event_ids":[53525],"name":"Noémie, Marne and Nono","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52381}],"timeband_id":1141,"end":"2023-12-28T11:40:00.000-0000","links":[{"label":"The 8 December Case and criminalization of encryption","type":"link","url":"https://www.laquadrature.net/en/2023/06/05/criminalization-of-encryption-the-8-december-case/"}],"id":53525,"village_id":null,"tag_ids":[46121,46136,46140],"begin_timestamp":{"seconds":1703761200,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52381}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T11:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"While Functional Programming usually happens quite far away from Assembly programming, in order to get functional programs performant, quite some tricks are used that have effects that reach down into the dark abyss of Assembly.\r\n\r\nIn this talk I want to focus on the optimizing strategy \"Tail Call Elimination\", a compiler optimization of particular importance for recursive function calls. Every functional programmer will tell you that writing your code using tail recursion (it doesn't matter whether you know what that is, you'll see then!) or using Haskell's \"foldl\" is \"generally faster than foldr (Terms and Conditions apply)\". But even seasoned developers often struggle explaining why and quickly resort to pointing to benchmarks or giving some vague answers around \"you need less stack\".\r\n\r\nIn this talk I want to introduce you to what recursion is, some of the reasons why it's computationally expensive, what tail recursion is and why it's better, and why tail call elimination makes it even more awesome. We will go through some example programs implemented in Assembly (for those who ask: I'll use x86 and maybe aarch64 examples) where we, step-by-step, transform our function from head recursive to tail recursive and then will go further by eliminating the recursive call altogether.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"(Looking at) Functional Programming in Assembly","end_timestamp":{"seconds":1703766600,"nanoseconds":0},"android_description":"While Functional Programming usually happens quite far away from Assembly programming, in order to get functional programs performant, quite some tricks are used that have effects that reach down into the dark abyss of Assembly.\r\n\r\nIn this talk I want to focus on the optimizing strategy \"Tail Call Elimination\", a compiler optimization of particular importance for recursive function calls. Every functional programmer will tell you that writing your code using tail recursion (it doesn't matter whether you know what that is, you'll see then!) or using Haskell's \"foldl\" is \"generally faster than foldr (Terms and Conditions apply)\". But even seasoned developers often struggle explaining why and quickly resort to pointing to benchmarks or giving some vague answers around \"you need less stack\".\r\n\r\nIn this talk I want to introduce you to what recursion is, some of the reasons why it's computationally expensive, what tail recursion is and why it's better, and why tail call elimination makes it even more awesome. We will go through some example programs implemented in Assembly (for those who ask: I'll use x86 and maybe aarch64 examples) where we, step-by-step, transform our function from head recursive to tail recursive and then will go further by eliminating the recursive call altogether.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T12:30:00.000-0000","id":53487,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703761200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T11:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Digital technology is a major contributor to environmental harm, from the 'tsunami' of e-waste filling landfills to the CO2 emissions on a par with aviation industry. Often overlooked is that software -- and software licenses -- play a crucial role.\r\n\r\nSoftware and hardware are inextricably linked. A Free & Open Source Software license can disrupt the produce-use-dispose linear model of hardware consumption and enable the shift to a reduce-reuse-recycle circular model. Moving to a circular economy could reduce greenhouse gas emissions globally by up to 70%!\r\n\r\nIn this talk I provide an overview of the environmental harm driven by software and how FOSS is well-positioned to address the issues. I will link the inherent values that come with a Free & Open Source Software license to sustainable software design, and I will present the various ways that Free Software aligns with the Blue Angel ecolabel. Finally, I will provide an overview of the current sustainability goal of KDE and the work of the KDE Eco initiative. This includes publishing the KDE Eco handbook, setting up a measurement lab for FOSS developers (KEcoLab), squashing hundreds of efficiency bugs, among others.\n\n\nIn this talk I provide an overview of the environmental harm driven by software and how FOSS is well-positioned to address the issues. I will link the inherent values that come with a Free & Open Source Software license to sustainable software design, and I will present the various ways that Free Software aligns with the Blue Angel ecolabel. Finally, I will provide an overview of the current sustainability goal of KDE and the work of the KDE Eco initiative. This includes publishing the KDE Eco handbook, setting up a measurement lab for FOSS developers (KEcoLab), squashing hundreds of efficiency bugs, among others.","title":"Software Licensing For A Circular Economy","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703763600,"nanoseconds":0},"android_description":"Digital technology is a major contributor to environmental harm, from the 'tsunami' of e-waste filling landfills to the CO2 emissions on a par with aviation industry. Often overlooked is that software -- and software licenses -- play a crucial role.\r\n\r\nSoftware and hardware are inextricably linked. A Free & Open Source Software license can disrupt the produce-use-dispose linear model of hardware consumption and enable the shift to a reduce-reuse-recycle circular model. Moving to a circular economy could reduce greenhouse gas emissions globally by up to 70%!\r\n\r\nIn this talk I provide an overview of the environmental harm driven by software and how FOSS is well-positioned to address the issues. I will link the inherent values that come with a Free & Open Source Software license to sustainable software design, and I will present the various ways that Free Software aligns with the Blue Angel ecolabel. Finally, I will provide an overview of the current sustainability goal of KDE and the work of the KDE Eco initiative. This includes publishing the KDE Eco handbook, setting up a measurement lab for FOSS developers (KEcoLab), squashing hundreds of efficiency bugs, among others.\n\n\nIn this talk I provide an overview of the environmental harm driven by software and how FOSS is well-positioned to address the issues. I will link the inherent values that come with a Free & Open Source Software license to sustainable software design, and I will present the various ways that Free Software aligns with the Blue Angel ecolabel. Finally, I will provide an overview of the current sustainability goal of KDE and the work of the KDE Eco initiative. This includes publishing the KDE Eco handbook, setting up a measurement lab for FOSS developers (KEcoLab), squashing hundreds of efficiency bugs, among others.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T11:40:00.000-0000","id":53465,"tag_ids":[46125,46136,46140],"village_id":null,"begin_timestamp":{"seconds":1703761200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"begin":"2023-12-28T11:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Here you can splice fiber optics yourself. Learn what is important when splicing and try it out yourself. Per slot max. 4 attendees. Registration required: https://tickets.events.hacknang.de/ctbk/37c3-fiber/\n\n\nGlasfaser-Spleißworkshop unterstützt von Selfnet e.V., Bitte Details beachten - Anmeldung erforderlich!","title":"Spleiß-Workshop Tag 2","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703761800,"nanoseconds":0},"android_description":"Here you can splice fiber optics yourself. Learn what is important when splicing and try it out yourself. Per slot max. 4 attendees. Registration required: https://tickets.events.hacknang.de/ctbk/37c3-fiber/\n\n\nGlasfaser-Spleißworkshop unterstützt von Selfnet e.V., Bitte Details beachten - Anmeldung erforderlich!","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T11:10:00.000-0000","id":53938,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703759400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"CTBK-Workshoparea","hotel":"","short_name":"CTBK-Workshoparea","id":46163},"begin":"2023-12-28T10:30:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Im Juni 2024 tritt eine Änderung der Amateurfunk-Verordnung in Kraft. Es gibt nun eine weitere Amateurfunkklasse mit eigenem Rufzeichenbereich oder die Möglichkeit, Stationen Remote zu nutzen. Welche Änderungen es im Einzelnen sind, zeigen wir. Insbesondere Interessant für Funkamateure, die die Änderungen in Kürze erfahren wollen.\n\n\nEin kurzer Überblick über die Änderungen an der Amateurfunk-Verordnung ab Juni 2024.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Änderungen in der Amateurfunk-Verordnung","end_timestamp":{"seconds":1703760600,"nanoseconds":0},"android_description":"Im Juni 2024 tritt eine Änderung der Amateurfunk-Verordnung in Kraft. Es gibt nun eine weitere Amateurfunkklasse mit eigenem Rufzeichenbereich oder die Möglichkeit, Stationen Remote zu nutzen. Welche Änderungen es im Einzelnen sind, zeigen wir. Insbesondere Interessant für Funkamateure, die die Änderungen in Kürze erfahren wollen.\n\n\nEin kurzer Überblick über die Änderungen an der Amateurfunk-Verordnung ab Juni 2024.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T10:50:00.000-0000","id":53704,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703759400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chaoswelle","hotel":"","short_name":"Chaoswelle","id":46141},"begin":"2023-12-28T10:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Nostalgia is not what is used to be Glitchy electronica from the beginning of this millennium\n\n\n","title":"Fleak","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Nostalgia is not what is used to be Glitchy electronica from the beginning of this millennium","end_timestamp":{"seconds":1703768400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T13:00:00.000-0000","id":53922,"village_id":null,"begin_timestamp":{"seconds":1703757600,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"N","begin":"2023-12-28T10:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: Bonnie\r\n\r\nDu willst gerne mal etwas mehr über Freie Software erfahren? Dann ist die Geschichte von Ada genau das richtige für dich. Bonnie nimmt dich mit dem Buch 'Ada & Zangemann' auf eine Reise durch die Welt von Freier Software. Komm mit und besuche gemeinsam mit Bonnie Ada und ihre Freund*innen.\r\n\r\nhttps://events.ccc.de/congress/2023/hub/en/wiki/junghackerinnentag/\n\n\nLesung am Junghacker*innentag","title":"Ada & Zangemann - Ein Märchen über Software, Skateboards und Himbeereis","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703761200,"nanoseconds":0},"android_description":"Host: Bonnie\r\n\r\nDu willst gerne mal etwas mehr über Freie Software erfahren? Dann ist die Geschichte von Ada genau das richtige für dich. Bonnie nimmt dich mit dem Buch 'Ada & Zangemann' auf eine Reise durch die Welt von Freier Software. Komm mit und besuche gemeinsam mit Bonnie Ada und ihre Freund*innen.\r\n\r\nhttps://events.ccc.de/congress/2023/hub/en/wiki/junghackerinnentag/\n\n\nLesung am Junghacker*innentag","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T11:00:00.000-0000","id":53882,"village_id":null,"begin_timestamp":{"seconds":1703757600,"nanoseconds":0},"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Die stereotypische Museumsbahn sind alte weiße Männer, die mit großen Maschinen spielen wollen. Das ist zwar nicht ganz falsch, aber auch nicht richtig. Museumsbahnen sind Eisenbahnbetrieb, aber auch Umgang mit Kunden, Wissensvermittlung, alte Handwerkstechniken, neue Handwerkstechniken, Management, Medienerstellung, Kommunikation... und man muss nicht unbeding Bahn-affin sein um mitzuhelfen.\r\nIch möchte die Brücke zwischen CCC und den Museumsbahnen spannen, erklären, warum Nerds bei Museumsbahnen mitmachen können/sollten und zeigen, was für Möglichkeiten des Mitmachens es gibt. Viele der Punkte treffen auch auf das Engagement in anderen Vereinen zu, auch diese Vereine brauchen mehr Nerds.\n\n\nDu interessierst Dich für Eisenbahnen und wolltest schon immer mal was mit einer Eisenbahn in 1:1 machen? Du suchst noch ein Hobby? Die Museumsbahnen brauchen Dich - auch wenn sie es manchmal nicht wissen...","title":"Museumsbahnen brauchen Nerds!","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#6fdce3","name":"Talk 30 min + 10 min Q&A","id":46131},"end_timestamp":{"seconds":1703760300,"nanoseconds":0},"android_description":"Die stereotypische Museumsbahn sind alte weiße Männer, die mit großen Maschinen spielen wollen. Das ist zwar nicht ganz falsch, aber auch nicht richtig. Museumsbahnen sind Eisenbahnbetrieb, aber auch Umgang mit Kunden, Wissensvermittlung, alte Handwerkstechniken, neue Handwerkstechniken, Management, Medienerstellung, Kommunikation... und man muss nicht unbeding Bahn-affin sein um mitzuhelfen.\r\nIch möchte die Brücke zwischen CCC und den Museumsbahnen spannen, erklären, warum Nerds bei Museumsbahnen mitmachen können/sollten und zeigen, was für Möglichkeiten des Mitmachens es gibt. Viele der Punkte treffen auch auf das Engagement in anderen Vereinen zu, auch diese Vereine brauchen mehr Nerds.\n\n\nDu interessierst Dich für Eisenbahnen und wolltest schon immer mal was mit einer Eisenbahn in 1:1 machen? Du suchst noch ein Hobby? Die Museumsbahnen brauchen Dich - auch wenn sie es manchmal nicht wissen...","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53377],"conference_id":131,"event_ids":[53725],"name":"Nils Pickert","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52376}],"timeband_id":1141,"links":[],"end":"2023-12-28T10:45:00.000-0000","id":53725,"village_id":null,"tag_ids":[46131,46139],"begin_timestamp":{"seconds":1703757600,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52376}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Being back at C3 in the flesh, it's time to honor our glitches and chase some utopian fever dreams! Creative writing workshop to explore the glitchiness of Congress and the promises these cracks in the machine might hold. We will draw inspiration from Legacy Russell's Glitch Feminist Manifesto to write flash fiction on non-conforming niches in the daily grind of geekdom. \r\n\r\nWorkshop in English, but you can write in any language (or code) you like, no writing experience needed. Haecksen and all allied creatures welcome.\r\n\r\n\"Glitch Feminism (...) embraces the causality of “error”, and turns the gloomy implication of glitch on its ear by acknowledging that an error in a social system that has already been disturbed by economic, racial, social, sexual, and cultural stratification and the imperialist wrecking-ball of globalization (...) may not, in fact, be an error at all, but rather a much-needed erratum. This glitch is a correction to the “machine”, and, in turn, a positive departure.\" (Legacy Russell 2012: Glitch Feminist Manifesto)\n\n\nBeing back at C3 in the flesh, it's time to honor our glitches and chase some utopian fever dreams! Creative writing workshop to explore the glitchiness of Congress and the promises these cracks in the machine might hold. We will draw inspiration from Legacy Russell's Glitch Feminist Manifesto to write flash fiction on non-conforming niches in the daily grind of geekdom. \r\n\r\nWorkshop in English, but you can write in any language (or code) you like, no writing experience needed. Haecksen and all allied creatures welcome.","type":{"conference_id":131,"conference":"37C3","color":"#7f73c6","updated_at":"2024-06-07T03:40+0000","name":"Workshop","id":46133},"title":"Glitching C3 - Creative Writing Experiment","android_description":"Being back at C3 in the flesh, it's time to honor our glitches and chase some utopian fever dreams! Creative writing workshop to explore the glitchiness of Congress and the promises these cracks in the machine might hold. We will draw inspiration from Legacy Russell's Glitch Feminist Manifesto to write flash fiction on non-conforming niches in the daily grind of geekdom. \r\n\r\nWorkshop in English, but you can write in any language (or code) you like, no writing experience needed. Haecksen and all allied creatures welcome.\r\n\r\n\"Glitch Feminism (...) embraces the causality of “error”, and turns the gloomy implication of glitch on its ear by acknowledging that an error in a social system that has already been disturbed by economic, racial, social, sexual, and cultural stratification and the imperialist wrecking-ball of globalization (...) may not, in fact, be an error at all, but rather a much-needed erratum. This glitch is a correction to the “machine”, and, in turn, a positive departure.\" (Legacy Russell 2012: Glitch Feminist Manifesto)\n\n\nBeing back at C3 in the flesh, it's time to honor our glitches and chase some utopian fever dreams! Creative writing workshop to explore the glitchiness of Congress and the promises these cracks in the machine might hold. We will draw inspiration from Legacy Russell's Glitch Feminist Manifesto to write flash fiction on non-conforming niches in the daily grind of geekdom. \r\n\r\nWorkshop in English, but you can write in any language (or code) you like, no writing experience needed. Haecksen and all allied creatures welcome.","end_timestamp":{"seconds":1703764800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53361],"conference_id":131,"event_ids":[53713],"name":"blueA","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52271}],"timeband_id":1141,"links":[],"end":"2023-12-28T12:00:00.000-0000","id":53713,"village_id":null,"tag_ids":[46133,46140],"begin_timestamp":{"seconds":1703757600,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52271}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Podcasting ist in aller Munde, und wir lassen euch podcasten. Wir werden euch in diesem Workshop anleiten einen Podcast aufzunehmen, und diesen dann auch zusammen mit euch schneiden. Dabei geht es zum einen um eine Erfahrung am Mikrofon, aber auch die technischen Hintergründe. Wir schauen also auf das Gespräch im Podcast, aber auch auf Mischpulte, digitale Audiobearbeitung und was einen Podcast so ausmacht.\r\n\r\nWir haben maximal 6 Plätze. Bitte meldet euch bei [Advi](congress/2023/hub/en/user/Advi/) entweder per Telefon DECT:2384 oder persönlich an. Spontan erscheinende Menschen können wir nur berücksichtigen, wenn noch Plätze frei sind.\r\n\r\nAlles Plätze sind belegt, bitte schaut bei Termin 2.\n\n\nWir zeigen jungen Menschen das Podcasting in der Praxis.","title":"JHT: Podcasting für Einsteiger:innen 1","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703763000,"nanoseconds":0},"android_description":"Podcasting ist in aller Munde, und wir lassen euch podcasten. Wir werden euch in diesem Workshop anleiten einen Podcast aufzunehmen, und diesen dann auch zusammen mit euch schneiden. Dabei geht es zum einen um eine Erfahrung am Mikrofon, aber auch die technischen Hintergründe. Wir schauen also auf das Gespräch im Podcast, aber auch auf Mischpulte, digitale Audiobearbeitung und was einen Podcast so ausmacht.\r\n\r\nWir haben maximal 6 Plätze. Bitte meldet euch bei [Advi](congress/2023/hub/en/user/Advi/) entweder per Telefon DECT:2384 oder persönlich an. Spontan erscheinende Menschen können wir nur berücksichtigen, wenn noch Plätze frei sind.\r\n\r\nAlles Plätze sind belegt, bitte schaut bei Termin 2.\n\n\nWir zeigen jungen Menschen das Podcasting in der Praxis.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T11:30:00.000-0000","id":53712,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703757600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"### Anmeldung\r\nMelde dich bitte bis 15 Minuten vor dem Event bei **Enrico** im **Kidspace** oder via **DECT-2635** an und hole dir ein Workshop-Ticket\r\n**Max Teilnehmende:** 15\r\n\r\n### Inhalte\r\n[folgt]\r\n\r\n### Teilnahmevoraussetzungen\r\n**Ausstattung**: [folgt]\r\n**Erfahrung**: [folgt]\n\n\nHast du dich jemals gefragt, wie es wäre, deinen eigenen Minecraft-Server zu haben? Einen Ort, wo du die Regeln bestimmst, deine Freunde einladen und deine eigene Welt gestalten kannst? Dann ist dieser Workshop genau das Richtige für dich!","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Minecraft How2Server","android_description":"### Anmeldung\r\nMelde dich bitte bis 15 Minuten vor dem Event bei **Enrico** im **Kidspace** oder via **DECT-2635** an und hole dir ein Workshop-Ticket\r\n**Max Teilnehmende:** 15\r\n\r\n### Inhalte\r\n[folgt]\r\n\r\n### Teilnahmevoraussetzungen\r\n**Ausstattung**: [folgt]\r\n**Erfahrung**: [folgt]\n\n\nHast du dich jemals gefragt, wie es wäre, deinen eigenen Minecraft-Server zu haben? Einen Ort, wo du die Regeln bestimmst, deine Freunde einladen und deine eigene Welt gestalten kannst? Dann ist dieser Workshop genau das Richtige für dich!","end_timestamp":{"seconds":1703764800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T12:00:00.000-0000","id":53708,"begin_timestamp":{"seconds":1703757600,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Kidspace - Workshopraum in Saal B","hotel":"","short_name":"Kidspace - Workshopraum in Saal B","id":46143},"spans_timebands":"N","begin":"2023-12-28T10:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"After we were somewhat overrun at the camp and therefore unfortunately slipped into a question-and-answer dialog, we now want to make the administrative self-help group at 37c3 a little more open. Come along, we'll provide space and time for you to network and exchange ideas! We might spontaneously throw a few funny or exciting things at the projector together. However, we deliberately refrain from a frontal lecture.\r\n\r\nWhat is the Faxgetäteclub and why are we doing this?\r\n\r\nWhen we talk about government IT, we often talk about the need to build up knowledge and internalize IT skills in public administration. But anyone who actually decides to take a job in the administration or wants to have a positive impact on the administration from within civil society needs a lot of persuasive talent and often perseverance. But we can also achieve a lot of positive things.\r\n\r\nWhat are the practical failures, where are the structural problems and which actions do we need from from politics?\r\n\r\nIn the fax machine club, we talk about our experiences in everyday life in and with public authorities, about what is still going wrong in the administration and how we can change things together. Come along and let's discuss and make plans together in a relaxed atmosphere. If you are interested in IT in public administration and/or would like to share your ideas or questions, we'd like to hear from you!\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Selbsthilfegruppe für verwaltungsnahe Menschen mit IT-Background (\"Faxgeräteclub\")","end_timestamp":{"seconds":1703761200,"nanoseconds":0},"android_description":"After we were somewhat overrun at the camp and therefore unfortunately slipped into a question-and-answer dialog, we now want to make the administrative self-help group at 37c3 a little more open. Come along, we'll provide space and time for you to network and exchange ideas! We might spontaneously throw a few funny or exciting things at the projector together. However, we deliberately refrain from a frontal lecture.\r\n\r\nWhat is the Faxgetäteclub and why are we doing this?\r\n\r\nWhen we talk about government IT, we often talk about the need to build up knowledge and internalize IT skills in public administration. But anyone who actually decides to take a job in the administration or wants to have a positive impact on the administration from within civil society needs a lot of persuasive talent and often perseverance. But we can also achieve a lot of positive things.\r\n\r\nWhat are the practical failures, where are the structural problems and which actions do we need from from politics?\r\n\r\nIn the fax machine club, we talk about our experiences in everyday life in and with public authorities, about what is still going wrong in the administration and how we can change things together. Come along and let's discuss and make plans together in a relaxed atmosphere. If you are interested in IT in public administration and/or would like to share your ideas or questions, we'd like to hear from you!","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T11:00:00.000-0000","id":53668,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703757600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"begin":"2023-12-28T10:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Die Geschichte begann mit einer einfachen Anfrage auf Twitter über die Gesetzeskonformität von Zebrastreifen in Luxemburg, die jedoch bei der Stadtverwaltung auf eine Mauer des Schweigens stieß. Als Reaktion darauf gründeten Aktivist:innen des Zentrums für Urbane Gerechtigkeit (ZUG) das Projekt \"Safe Crossing\", um die Einhaltung der Regularien für Zebrastreifen in Luxemburg-Stadt zu überprüfen. Mit einer Mischung aus Google Maps und Tinder entwickelten sie eine App, durch die die Nutzer:innen Luftbilder der Zebrastreifen analysieren und problematische Bereiche identifizieren konnten​​.\r\n\r\nIhre Ergebnisse waren alarmierend: Etwa ein Drittel der insgesamt 1.787 analysierten Zebrastreifen entsprachen nicht den gesetzlichen Vorgaben, da Parkplätze die Sicht auf die Zebrastreifen blockierten und somit die Sicherheit der Fußgänger:innen gefährdeten​​. Trotz der Publikation ihrer Ergebnisse und der Diskussionen im Stadtrat bestritt die Stadtverwaltung die Ergebnisse und blieb bei ihrer eigenen, wesentlich niedrigeren Schätzung von nur 37 nicht regelkonformen Zebrastreifen​.\r\n\r\nDie nachfolgenden Geschehnisse zeichneten ein Bild von intransparenten Verwaltungen und dem Kampf um die Offenlegung von Informationen. Trotz mehrerer offizieller Anfragen und einer Entscheidung der „Commission d’accès aux documents“ (CAD) zugunsten von ZUG weigerte sich die Stadt Luxemburg, die angeforderten Dokumente zu veröffentlichen. Der Fall eskalierte bis vor das Verwaltungsgericht, und ZUG lancierte eine Crowdfunding-Kampagne, um die anfallenden Rechtskosten zu decken​.\r\n\r\nDer Vortrag wird die Herausforderungen und Erfolge des Projekts detailliert beleuchten, das Engagement für offene Daten und bürgerlichen Aktivismus hervorheben und auf die Bedeutung von Transparenz und Rechenschaftspflicht in der öffentlichen Verwaltung eingehen. Die Zuhörer:innen werden nicht nur Einblicke in die technischen und juristischen Aspekte des Projekts erhalten, sondern auch inspiriert werden, wie individuelle und kollektive Aktionen positive Veränderungen herbeiführen können, selbst wenn sie gegen bürokratische Mauern stoßen.\n\n\nKein Zebrastreifen ist illegal. Oder doch? Die scheinbar einfache Frage nach der Gesetzeskonformität von Zebrastreifen verursachte mysteriöses Schweigen in der öffentlichen Verwaltung der Stadt Luxemburg. Als Reaktion auf die Datenverweigerung schufen die Aktivist:innen des Zentrums für Urbane Gerechtigkeit eine Mischung aus Google Maps und Tinder, um die benötigten Daten selbst zu generieren. Dieser Vortrag beleuchtet das spannende Zusammenspiel von intransparenten Verwaltungen, der Eigeninitiative im Erstellen von Geodaten und dem juristischen Kampf um die Offenlegung von Informationen. Zudem wird aufgezeigt, welche Ressourcen ein solches Unterfangen erfordert, und wie es als lehrreiches Beispiel für zivilen Aktivismus und behördliche Transparenz dient.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"Von Zebrastreifen, offenen Daten und verschlossenen Verwaltungen","android_description":"Die Geschichte begann mit einer einfachen Anfrage auf Twitter über die Gesetzeskonformität von Zebrastreifen in Luxemburg, die jedoch bei der Stadtverwaltung auf eine Mauer des Schweigens stieß. Als Reaktion darauf gründeten Aktivist:innen des Zentrums für Urbane Gerechtigkeit (ZUG) das Projekt \"Safe Crossing\", um die Einhaltung der Regularien für Zebrastreifen in Luxemburg-Stadt zu überprüfen. Mit einer Mischung aus Google Maps und Tinder entwickelten sie eine App, durch die die Nutzer:innen Luftbilder der Zebrastreifen analysieren und problematische Bereiche identifizieren konnten​​.\r\n\r\nIhre Ergebnisse waren alarmierend: Etwa ein Drittel der insgesamt 1.787 analysierten Zebrastreifen entsprachen nicht den gesetzlichen Vorgaben, da Parkplätze die Sicht auf die Zebrastreifen blockierten und somit die Sicherheit der Fußgänger:innen gefährdeten​​. Trotz der Publikation ihrer Ergebnisse und der Diskussionen im Stadtrat bestritt die Stadtverwaltung die Ergebnisse und blieb bei ihrer eigenen, wesentlich niedrigeren Schätzung von nur 37 nicht regelkonformen Zebrastreifen​.\r\n\r\nDie nachfolgenden Geschehnisse zeichneten ein Bild von intransparenten Verwaltungen und dem Kampf um die Offenlegung von Informationen. Trotz mehrerer offizieller Anfragen und einer Entscheidung der „Commission d’accès aux documents“ (CAD) zugunsten von ZUG weigerte sich die Stadt Luxemburg, die angeforderten Dokumente zu veröffentlichen. Der Fall eskalierte bis vor das Verwaltungsgericht, und ZUG lancierte eine Crowdfunding-Kampagne, um die anfallenden Rechtskosten zu decken​.\r\n\r\nDer Vortrag wird die Herausforderungen und Erfolge des Projekts detailliert beleuchten, das Engagement für offene Daten und bürgerlichen Aktivismus hervorheben und auf die Bedeutung von Transparenz und Rechenschaftspflicht in der öffentlichen Verwaltung eingehen. Die Zuhörer:innen werden nicht nur Einblicke in die technischen und juristischen Aspekte des Projekts erhalten, sondern auch inspiriert werden, wie individuelle und kollektive Aktionen positive Veränderungen herbeiführen können, selbst wenn sie gegen bürokratische Mauern stoßen.\n\n\nKein Zebrastreifen ist illegal. Oder doch? Die scheinbar einfache Frage nach der Gesetzeskonformität von Zebrastreifen verursachte mysteriöses Schweigen in der öffentlichen Verwaltung der Stadt Luxemburg. Als Reaktion auf die Datenverweigerung schufen die Aktivist:innen des Zentrums für Urbane Gerechtigkeit eine Mischung aus Google Maps und Tinder, um die benötigten Daten selbst zu generieren. Dieser Vortrag beleuchtet das spannende Zusammenspiel von intransparenten Verwaltungen, der Eigeninitiative im Erstellen von Geodaten und dem juristischen Kampf um die Offenlegung von Informationen. Zudem wird aufgezeigt, welche Ressourcen ein solches Unterfangen erfordert, und wie es als lehrreiches Beispiel für zivilen Aktivismus und behördliche Transparenz dient.","end_timestamp":{"seconds":1703760000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"end":"2023-12-28T10:40:00.000-0000","links":[{"label":"Projektwebseite","type":"link","url":"https://zug.lu/safe-crossing-2/"},{"label":"Projektverlauf","type":"link","url":"https://zug.lu/safe-crossing-the-timeline/"},{"label":"Presseartikel","type":"link","url":"https://futuremoves.com/die-illegalen-zebrastreifen-von-luxemburg/"}],"id":53654,"begin_timestamp":{"seconds":1703757600,"nanoseconds":0},"tag_ids":[46121,46136,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","begin":"2023-12-28T10:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Der Vortrag beginnt mit einer knappen Einführung in die Funktionsweise Neuronaler Netze, um ein allgemeines Verständnis zu schaffen. Anschließend werden verschiedene Angriffe auf Neuronale Netze dargestellt. Die dargestellten Angriffe sind zum größten Teil technisch und ich werde Angriffe wie Prompt Injection nur kurz behandeln. Im Vortrag werden neben Prompt Injection Angriffe wie LastLayer Attack, Back-Dooring, Extracting Information, Brute Forcing, Neural Overflow, Malware Injection, Neural Obfuscation und Model Stealing theoretisch vorgestellt. Um den theoretischen Vortrag aufzulockern, werde ich einige dieser Angriffe anhand von Live-Beispielen veranschaulichen und erklären, wie sie die Funktionsweise Neuronaler Netze ausnutzen bzw. an welchen Stellen diese manipuliert werden können. Während der Erläuterung der Angriffe werde ich auch darauf eingehen, welche Informationen für den Angriff benötigt werden und welche Informationen besonders schützenswert sind. Abschließend werde ich mögliche Verteidigungsstrategien erläutern, auch wenn diese nur einen teilweisen Schutz ermöglichen. Der Vortrag wird einen guten Überblick über Angriffe auf Neuronale Netze geben, wie sie in der aktuellen wissenschaftlichen Literatur bekannt sind. \n\n\nIch will den Zuhörerinnen einen Überblick über die aktuellen Möglichkeiten geben, wie Neuronale Netze angegriffen und manipuliert werden können. Das Ziel des Vortrags ist es, verschiedene Angriffe zu erklären und anhand von Beispielen zu veranschaulichen. Dies dient auch dazu, die Funktionsweise neuronaler Netze besser zu verstehen und ihre Limitierungen aufzuzeigen. Abschließend zeige ich, welche Maßnahmen ergriffen werden können, um diese Angriffe zu erkennen oder zu verhindern.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Hacking Neural Networks","android_description":"Der Vortrag beginnt mit einer knappen Einführung in die Funktionsweise Neuronaler Netze, um ein allgemeines Verständnis zu schaffen. Anschließend werden verschiedene Angriffe auf Neuronale Netze dargestellt. Die dargestellten Angriffe sind zum größten Teil technisch und ich werde Angriffe wie Prompt Injection nur kurz behandeln. Im Vortrag werden neben Prompt Injection Angriffe wie LastLayer Attack, Back-Dooring, Extracting Information, Brute Forcing, Neural Overflow, Malware Injection, Neural Obfuscation und Model Stealing theoretisch vorgestellt. Um den theoretischen Vortrag aufzulockern, werde ich einige dieser Angriffe anhand von Live-Beispielen veranschaulichen und erklären, wie sie die Funktionsweise Neuronaler Netze ausnutzen bzw. an welchen Stellen diese manipuliert werden können. Während der Erläuterung der Angriffe werde ich auch darauf eingehen, welche Informationen für den Angriff benötigt werden und welche Informationen besonders schützenswert sind. Abschließend werde ich mögliche Verteidigungsstrategien erläutern, auch wenn diese nur einen teilweisen Schutz ermöglichen. Der Vortrag wird einen guten Überblick über Angriffe auf Neuronale Netze geben, wie sie in der aktuellen wissenschaftlichen Literatur bekannt sind. \n\n\nIch will den Zuhörerinnen einen Überblick über die aktuellen Möglichkeiten geben, wie Neuronale Netze angegriffen und manipuliert werden können. Das Ziel des Vortrags ist es, verschiedene Angriffe zu erklären und anhand von Beispielen zu veranschaulichen. Dies dient auch dazu, die Funktionsweise neuronaler Netze besser zu verstehen und ihre Limitierungen aufzuzeigen. Abschließend zeige ich, welche Maßnahmen ergriffen werden können, um diese Angriffe zu erkennen oder zu verhindern.","end_timestamp":{"seconds":1703760000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53274],"conference_id":131,"event_ids":[53564],"name":"jate","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52466}],"timeband_id":1141,"links":[],"end":"2023-12-28T10:40:00.000-0000","id":53564,"begin_timestamp":{"seconds":1703757600,"nanoseconds":0},"tag_ids":[46123,46136,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52466}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-28T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir wollen uns darüber austauschen, was doof daran ist, dass Smartphones so normal sind, und darüber reden, wie man weniger abhängig davon sein kann.\r\n\r\nManche von uns leben komplett ohne Handy, manche nicht, manche benutzen hin und wieder Kollektivhandys. Und ihr?\r\n\r\nManche von uns kritisieren nur Smartphones, manche auch Sim-Karten und Handys generell. Und ihr?\r\n\r\nKritik an der Kritik ist auch gern gesehen.\r\n\r\nWir sammeln unsere Erkenntnisse hier: https://cryptpad.fr/pad/#/2/pad/edit/gS2CQ8V-fzTv4Z2Jm8OtryUM/\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Handys/Smartphones - eine Austauschrunde über Kritik und Alternativen","android_description":"Wir wollen uns darüber austauschen, was doof daran ist, dass Smartphones so normal sind, und darüber reden, wie man weniger abhängig davon sein kann.\r\n\r\nManche von uns leben komplett ohne Handy, manche nicht, manche benutzen hin und wieder Kollektivhandys. Und ihr?\r\n\r\nManche von uns kritisieren nur Smartphones, manche auch Sim-Karten und Handys generell. Und ihr?\r\n\r\nKritik an der Kritik ist auch gern gesehen.\r\n\r\nWir sammeln unsere Erkenntnisse hier: https://cryptpad.fr/pad/#/2/pad/edit/gS2CQ8V-fzTv4Z2Jm8OtryUM/","end_timestamp":{"seconds":1703763000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T11:30:00.000-0000","id":53531,"begin_timestamp":{"seconds":1703757600,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","begin":"2023-12-28T10:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We outline the heterogeneous elements that make up the infrastructure of the rewilding project and what kind of situations are being produced therein. The graph of \"the infrastructure of a migratoy bird\" shows relationships between social, technological, informational, and ecological elements which make up the anthropogenic ecosystem in which the bird is becoming wild again. The objective was to visualise and comprehend the intricate network of data, energy resources, and dependencies deeply enmeshed within the project's framework. \r\n\r\nWe will also focus on the types of data being produced and to what extent \"acting\" within this framework is informed to observation of movement data. One can trace the flow of information, observe how data is generated, processed and ultimately mediated. As a migratory bird that travels between 1600 and 4600km per year (from summer to winter habitats and back) this project could not be realized without intensive use of technology. This falls into two categories: assisted migration and location/movement tracking. As a social species, the birds have an instinct to migrate, but the concrete migration routes and destinations are socially learned. With the extinction, this social knowledge became extinct as well. This is a challenge and an opportunity for the project. On the one hand, the birds need to be trained the unnatural behaviour of following a light airplane, on the other hand, humans can guide them to specific areas where socio-environmental conditions are suitable for habitation. Currently, close to 85% of the more than 200 surviving rewilded birds are wearing a GPS/GSM tracker that enables near real-time monitoring of locations and movements. This data is used for monitoring the birds for signs of distress (injury, problems along the route, death etc), and for feeding an app (Animaltracker) that allows the interested public to track the birds and, to a limited degree, for behavioural research.\r\n\r\nFrom this, a different notion of wilderness emerges. Here it denotes not the separation from human culture, but a degree of freedom and autonomy in making decisions. Technology, the real-time tracking and social media coverage, serves as a way to increase the autonomy of the bird, supporting them to survive outside captivity, yet within densely populated, deeply cultured environments. Technology's main purpose here is not surveillance but care, both directly by enabling biologists to help struggling animals in the wild, but also indirectly, by supporting a deeper, affective relationship of the population towards wild animals which are no longer anonymous, but known by name, each with its distinct history and personal character. \n\n\nWhat does it take to create a \"wild animal\"? While one might think \"wildness\" implies the absence of humans, in the age of the anthropocene and rapid climate change, the opposite is the case. It requires the development of an extensive, more-than-human-infrastructure. Our talk is based on artistic research into the ongoing rewilding project of the Northern bald ibis (Waldrapp), a large migratory bird, that has become extinct north of the alps in 1621 and are being released into the wild since 2013. The output of this research was rendered into a website which serves as a departure point of our talk. ","title":"Infrastructure of a migratory bird","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703760000,"nanoseconds":0},"android_description":"We outline the heterogeneous elements that make up the infrastructure of the rewilding project and what kind of situations are being produced therein. The graph of \"the infrastructure of a migratoy bird\" shows relationships between social, technological, informational, and ecological elements which make up the anthropogenic ecosystem in which the bird is becoming wild again. The objective was to visualise and comprehend the intricate network of data, energy resources, and dependencies deeply enmeshed within the project's framework. \r\n\r\nWe will also focus on the types of data being produced and to what extent \"acting\" within this framework is informed to observation of movement data. One can trace the flow of information, observe how data is generated, processed and ultimately mediated. As a migratory bird that travels between 1600 and 4600km per year (from summer to winter habitats and back) this project could not be realized without intensive use of technology. This falls into two categories: assisted migration and location/movement tracking. As a social species, the birds have an instinct to migrate, but the concrete migration routes and destinations are socially learned. With the extinction, this social knowledge became extinct as well. This is a challenge and an opportunity for the project. On the one hand, the birds need to be trained the unnatural behaviour of following a light airplane, on the other hand, humans can guide them to specific areas where socio-environmental conditions are suitable for habitation. Currently, close to 85% of the more than 200 surviving rewilded birds are wearing a GPS/GSM tracker that enables near real-time monitoring of locations and movements. This data is used for monitoring the birds for signs of distress (injury, problems along the route, death etc), and for feeding an app (Animaltracker) that allows the interested public to track the birds and, to a limited degree, for behavioural research.\r\n\r\nFrom this, a different notion of wilderness emerges. Here it denotes not the separation from human culture, but a degree of freedom and autonomy in making decisions. Technology, the real-time tracking and social media coverage, serves as a way to increase the autonomy of the bird, supporting them to survive outside captivity, yet within densely populated, deeply cultured environments. Technology's main purpose here is not surveillance but care, both directly by enabling biologists to help struggling animals in the wild, but also indirectly, by supporting a deeper, affective relationship of the population towards wild animals which are no longer anonymous, but known by name, each with its distinct history and personal character. \n\n\nWhat does it take to create a \"wild animal\"? While one might think \"wildness\" implies the absence of humans, in the age of the anthropocene and rapid climate change, the opposite is the case. It requires the development of an extensive, more-than-human-infrastructure. Our talk is based on artistic research into the ongoing rewilding project of the Northern bald ibis (Waldrapp), a large migratory bird, that has become extinct north of the alps in 1621 and are being released into the wild since 2013. The output of this research was rendered into a website which serves as a departure point of our talk.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53191],"conference_id":131,"event_ids":[53498],"name":"Gordan Savičić","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52506}],"timeband_id":1141,"links":[{"label":"Felix Stalder","type":"link","url":"https://felix.openflows.com"},{"label":"Infrastructure of a migratory bird map","type":"link","url":"https://latentspaces.zhdk.ch/imb/"},{"label":"Gordan Savicic","type":"link","url":"https://yugo.at"}],"end":"2023-12-28T10:40:00.000-0000","id":53498,"village_id":null,"begin_timestamp":{"seconds":1703757600,"nanoseconds":0},"tag_ids":[46118,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52506}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","begin":"2023-12-28T10:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Trading domain names for money has historically involved counterparty risk and middlemen. Namecoin changes that with atomic name trades.\r\nThis talk will cover how atomic name trades work in Namecoin, and how we achieved functionality such as non-interactivity, off-chain transactions, and auctions -- all without counterparty risk or trusted third-party intermediaries.\n\n\nHow atomic name trades work in Namecoin without counterparty risk or trusted third-party intermediaries.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Buying and Selling Domain Names in Namecoin (recording)","android_description":"Trading domain names for money has historically involved counterparty risk and middlemen. Namecoin changes that with atomic name trades.\r\nThis talk will cover how atomic name trades work in Namecoin, and how we achieved functionality such as non-interactivity, off-chain transactions, and auctions -- all without counterparty risk or trusted third-party intermediaries.\n\n\nHow atomic name trades work in Namecoin without counterparty risk or trusted third-party intermediaries.","end_timestamp":{"seconds":1703758500,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T10:15:00.000-0000","id":53939,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703756700,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Critical Decentralisation Cluster [Saal D]","hotel":"","short_name":"Critical Decentralisation Cluster [Saal D]","id":46166},"begin":"2023-12-28T09:45:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"It's easier to imagine the end of the world than to imagine the end of capitalism. In this workshop, we will take the rich history and diversity of human economic relations as a starting point to think of alternative ways to organize our society. \r\n\r\nOur discussion will be centered on key insights from the book \"Debt: The First 5000 Years\" by anthropologist and absolute icon David Graeber. Join us for an exercise in imagination ^_^\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Can you imagine a world beyond capitalism? Exploring economic history with David Graeber's Debt","end_timestamp":{"seconds":1703761200,"nanoseconds":0},"android_description":"It's easier to imagine the end of the world than to imagine the end of capitalism. In this workshop, we will take the rich history and diversity of human economic relations as a starting point to think of alternative ways to organize our society. \r\n\r\nOur discussion will be centered on key insights from the book \"Debt: The First 5000 Years\" by anthropologist and absolute icon David Graeber. Join us for an exercise in imagination ^_^","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T11:00:00.000-0000","id":53912,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703755800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T09:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Zu allen Workshops kann man in der Zeit von 10:30 Uhr bis 14:00 Uhr kommen und gehen, wann man möchte! Eine Anmeldung ist nicht erforderlich. **Wir sind bei der freien Fläche vor Saal F** (nicht in Saal F). Bei allen Fragen direkt anrufen: [+4917695110311](tel:+4917695110311).\r\n\r\n**Unendlich große Zahlen.** In der Mathematik geht es nach 1, 2 und 3, nach der Million und der Fantastilliarde erst richtig los: Danach kommen die unendlich großen Zahlen. Los gehen die mit „∞“, der ersten unendlich großen Zahl, aber dann geht es noch lange weiter. Mit diesen Zahlen kann man wunderbar Spiele spielen. Vielleicht kennt der eine oder andere das Streichholzspiel, bei dem zwei Spieler abwechselnd immer bis zu drei Streichhölzer wegnehmen können und derjenige gewinnt, der das letzte Streichholz an sich nimmt. Im Workshop werden wir lernen, wie man dieses Spiel mit unendlich vielen Streichhölzern spielt, und wie der Trick aussieht, um immer zu gewinnen. Dieser Workshop richtet sich vor allem an Kinder (ab vierte Klasse). Wer schon etwas älter ist (ab etwa achte Klasse) und Englisch ganz gut versteht, kann statt zu diesem Workshop auch zum [Nachmittagsvortrag zum Thema](https://events.ccc.de/congress/2023/hub/en/event/wondrous-mathematics-the-fantastical-story-how-the/) kommen.\r\n\r\n**Cosmic Call.** Vor etwa 15 Jahren schickte die Menschheit eine Radiobotschaft an ausgewählte Sterne, in der Hoffnung, dass die Nachricht Außerirdische erreicht, diese die Nachricht verstehen und uns antworten. Die Nachricht ist nicht auf Deutsch oder Englisch verfasst, sondern bedient sich einer eigens entwickelten Symbolsprache. Schaffen wenigstens wir Menschen, die Botschaft zu entziffern? Das wollen wir in dem Workshop an uns selbst testen und herausfinden!\r\n\r\n**Zauberwürfel.** Wie löst man den Zauberwürfel (Rubik's Cube)? Das üben wir in diesem Workshop. Wer einen eigenen Zauberwürfel hat, kann ihn gerne mitbringen; für alle anderen haben wir Würfel zum Verleihen. Keinerlei Vorkenntnisse nötig.\r\n\r\n**Vierte Dimension.** In unserer Welt können wir uns nach links und rechts, nach hinten und vorne sowie nach unten und oben bewegen. Weitere Richtungen gibt es nicht. Das muss aber nicht so sein! In der Mathematik ist auch eine weitere Dimension vorstellbar. In diesem Workshop lernen wir diese vierte Dimension spielerisch und anschaulich kennen. Anhand eines interaktiven vierdimensionalen Labyrinths erkunden wir in diesem Workshop spielerisch die vierte Dimension. In der vierten Dimension gibt es neue wundersame Formen zu bestaunen, gewöhnliche dreidimensionale Gefängnisse wären nicht mehr ausbruchssicher und Schnürsenkel würden sich ständig von selbst entknoten. Wer schon etwas älter ist (ab etwa achte Klasse) und Englisch ganz gut versteht, kann statt zu diesem Workshop auch zum [60-minütigen Abendvortrag zum Thema](https://events.ccc.de/congress/2023/hub/en/event/wondrous-mathematics-the-curious-world-of-four-dim/) kommen.\r\n\r\n**Beweise ohne Worte.** In der Schule besteht Mathematik zu einem großen Teil aus Rechnungen. Das ist aber nicht das, was Mathematik wirklich ausmacht! Mathematik ist die Kunst, das Verborgene auf das Offensichtliche zurückzuführen, und dazu gehören ergreifende emotionale Aha-Momente beim Verstehen von Zusammenhängen. In diesem Workshop behandeln wir grafische Beweise.\r\n\r\n🧮\n\n\nSpiel und Spaß mit unendlich großen Zahlen und unendlichen Spielen • Zauberwürfelworkshop • Cosmic Call, eine Botschaft an Außerirdische • Spiel und Spaß mit der vierten Dimension • Beweise ohne Worte","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Angebote zum Junghacker:innentag rund um Mathematik (Erwachsene auch willkommen)","android_description":"Zu allen Workshops kann man in der Zeit von 10:30 Uhr bis 14:00 Uhr kommen und gehen, wann man möchte! Eine Anmeldung ist nicht erforderlich. **Wir sind bei der freien Fläche vor Saal F** (nicht in Saal F). Bei allen Fragen direkt anrufen: [+4917695110311](tel:+4917695110311).\r\n\r\n**Unendlich große Zahlen.** In der Mathematik geht es nach 1, 2 und 3, nach der Million und der Fantastilliarde erst richtig los: Danach kommen die unendlich großen Zahlen. Los gehen die mit „∞“, der ersten unendlich großen Zahl, aber dann geht es noch lange weiter. Mit diesen Zahlen kann man wunderbar Spiele spielen. Vielleicht kennt der eine oder andere das Streichholzspiel, bei dem zwei Spieler abwechselnd immer bis zu drei Streichhölzer wegnehmen können und derjenige gewinnt, der das letzte Streichholz an sich nimmt. Im Workshop werden wir lernen, wie man dieses Spiel mit unendlich vielen Streichhölzern spielt, und wie der Trick aussieht, um immer zu gewinnen. Dieser Workshop richtet sich vor allem an Kinder (ab vierte Klasse). Wer schon etwas älter ist (ab etwa achte Klasse) und Englisch ganz gut versteht, kann statt zu diesem Workshop auch zum [Nachmittagsvortrag zum Thema](https://events.ccc.de/congress/2023/hub/en/event/wondrous-mathematics-the-fantastical-story-how-the/) kommen.\r\n\r\n**Cosmic Call.** Vor etwa 15 Jahren schickte die Menschheit eine Radiobotschaft an ausgewählte Sterne, in der Hoffnung, dass die Nachricht Außerirdische erreicht, diese die Nachricht verstehen und uns antworten. Die Nachricht ist nicht auf Deutsch oder Englisch verfasst, sondern bedient sich einer eigens entwickelten Symbolsprache. Schaffen wenigstens wir Menschen, die Botschaft zu entziffern? Das wollen wir in dem Workshop an uns selbst testen und herausfinden!\r\n\r\n**Zauberwürfel.** Wie löst man den Zauberwürfel (Rubik's Cube)? Das üben wir in diesem Workshop. Wer einen eigenen Zauberwürfel hat, kann ihn gerne mitbringen; für alle anderen haben wir Würfel zum Verleihen. Keinerlei Vorkenntnisse nötig.\r\n\r\n**Vierte Dimension.** In unserer Welt können wir uns nach links und rechts, nach hinten und vorne sowie nach unten und oben bewegen. Weitere Richtungen gibt es nicht. Das muss aber nicht so sein! In der Mathematik ist auch eine weitere Dimension vorstellbar. In diesem Workshop lernen wir diese vierte Dimension spielerisch und anschaulich kennen. Anhand eines interaktiven vierdimensionalen Labyrinths erkunden wir in diesem Workshop spielerisch die vierte Dimension. In der vierten Dimension gibt es neue wundersame Formen zu bestaunen, gewöhnliche dreidimensionale Gefängnisse wären nicht mehr ausbruchssicher und Schnürsenkel würden sich ständig von selbst entknoten. Wer schon etwas älter ist (ab etwa achte Klasse) und Englisch ganz gut versteht, kann statt zu diesem Workshop auch zum [60-minütigen Abendvortrag zum Thema](https://events.ccc.de/congress/2023/hub/en/event/wondrous-mathematics-the-curious-world-of-four-dim/) kommen.\r\n\r\n**Beweise ohne Worte.** In der Schule besteht Mathematik zu einem großen Teil aus Rechnungen. Das ist aber nicht das, was Mathematik wirklich ausmacht! Mathematik ist die Kunst, das Verborgene auf das Offensichtliche zurückzuführen, und dazu gehören ergreifende emotionale Aha-Momente beim Verstehen von Zusammenhängen. In diesem Workshop behandeln wir grafische Beweise.\r\n\r\n🧮\n\n\nSpiel und Spaß mit unendlich großen Zahlen und unendlichen Spielen • Zauberwürfelworkshop • Cosmic Call, eine Botschaft an Außerirdische • Spiel und Spaß mit der vierten Dimension • Beweise ohne Worte","end_timestamp":{"seconds":1703768400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T13:00:00.000-0000","id":53689,"begin_timestamp":{"seconds":1703755800,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"begin":"2023-12-28T09:30:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Introduction to \"Replicant\" - the only free Android distribution. https://replicant.us\n\n\nReplicant - the only free Android distribution. https://replicant.us","title":"Introduction to Replicant","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"Introduction to \"Replicant\" - the only free Android distribution. https://replicant.us\n\n\nReplicant - the only free Android distribution. https://replicant.us","end_timestamp":{"seconds":1703755800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T09:30:00.000-0000","id":53869,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703754000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Critical Decentralisation Cluster [Saal D]","hotel":"","short_name":"Critical Decentralisation Cluster [Saal D]","id":46166},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T09:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In etlichen Haushalten hat die KI schon vor einiger Zeit Einzug gehalten: Sprachassistenten wie Siri, Alexa oder Googles Assistant schalten Geräte auf Befehl ein und aus, spielen passende Musiklisten ab oder lesen aus der Wikipedia vor, wenn akuter Informationsbedarf besteht. Aber auch neuere KI-Tools wie ChatGPT, Bard und andere generative Systeme können privat genutzt werden. Richtig eingesetzt, helfen KI-Dienste bei vielen Alltagsproblemen. Sei es mit Formulierungsvorschlägen im manchmal notwendigen Schriftverkehr mit Ämtern und Institutionen oder wenn es um private Internetrecherchen geht. Auch im Bereich der Körperpflege, der Fitness und der Gesundheitsvorsorge unterstützen mittlerweile zahlreiche KI-Apps ihre Anwenderinnen und Anwender. Welche Apps und KI-Tools gibt es für den privaten Einsatz? Welche Chancen und Risiken sind mit ihnen verbunden? Wer haftet für falsche Auskünfte oder Ratschläge? Diese Fragen beantworten Expertinnen und Experten im Marktplatz mit Manfred Kloiber - live vom 37. Chaos Communication Congress in Hamburg.\n\n\nLive-Sendung \"MARKTPLATZ\"\r\nThema: \"Mein digitaler Sekretär KI: Künstliche Intelligenz für den Hausgebrauch\"\r\nGäste: Martin Gobbin (Stiftung Warentest), Tobias Koch (KI-Bundesverband), Frank Rieger (CCC) und Peter Welchering (IT-Journalist)\r\nModeration: Manfred Kloiber","title":"Deutschlandfunk live: MARKTPLATZ - Mein digitaler Sekretär KI: Künstliche Intelligenz für den Hausgebrauch","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703759400,"nanoseconds":0},"android_description":"In etlichen Haushalten hat die KI schon vor einiger Zeit Einzug gehalten: Sprachassistenten wie Siri, Alexa oder Googles Assistant schalten Geräte auf Befehl ein und aus, spielen passende Musiklisten ab oder lesen aus der Wikipedia vor, wenn akuter Informationsbedarf besteht. Aber auch neuere KI-Tools wie ChatGPT, Bard und andere generative Systeme können privat genutzt werden. Richtig eingesetzt, helfen KI-Dienste bei vielen Alltagsproblemen. Sei es mit Formulierungsvorschlägen im manchmal notwendigen Schriftverkehr mit Ämtern und Institutionen oder wenn es um private Internetrecherchen geht. Auch im Bereich der Körperpflege, der Fitness und der Gesundheitsvorsorge unterstützen mittlerweile zahlreiche KI-Apps ihre Anwenderinnen und Anwender. Welche Apps und KI-Tools gibt es für den privaten Einsatz? Welche Chancen und Risiken sind mit ihnen verbunden? Wer haftet für falsche Auskünfte oder Ratschläge? Diese Fragen beantworten Expertinnen und Experten im Marktplatz mit Manfred Kloiber - live vom 37. Chaos Communication Congress in Hamburg.\n\n\nLive-Sendung \"MARKTPLATZ\"\r\nThema: \"Mein digitaler Sekretär KI: Künstliche Intelligenz für den Hausgebrauch\"\r\nGäste: Martin Gobbin (Stiftung Warentest), Tobias Koch (KI-Bundesverband), Frank Rieger (CCC) und Peter Welchering (IT-Journalist)\r\nModeration: Manfred Kloiber","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T10:30:00.000-0000","id":53691,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703754000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"begin":"2023-12-28T09:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Recording of the presentations from the assemblies of \"Critical Decentralization Cluster\". Details at https://decentral.community\r\n\r\nWe record talks, and are happy to meet people interested in our topics!\r\n\r\n* Replicant\r\n* Namecoin\r\n* NYM\r\n* FOSSASIA\r\n* Silent.Link\n\n\n","title":"Meet the CDC Critical Decentralization Cluster (Public Event)","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Recording of the presentations from the assemblies of \"Critical Decentralization Cluster\". Details at https://decentral.community\r\n\r\nWe record talks, and are happy to meet people interested in our topics!\r\n\r\n* Replicant\r\n* Namecoin\r\n* NYM\r\n* FOSSASIA\r\n* Silent.Link","end_timestamp":{"seconds":1703768400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T13:00:00.000-0000","id":53678,"begin_timestamp":{"seconds":1703754000,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"begin":"2023-12-28T09:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We live in a society with a very bad incentive that pushes people to create problems and we argue that this bad incentive is trade. You can get food, access a social network, or anything else, ONLY, and ONLY if you give something back in return. Trade. Be it a currency like money, your data, or attention (watch ads). That's the backbone of our global society.\r\n\r\nThat being said we think that it is necessary to move away from this outdated society and remove this bad incentive. Our approach is to do the opposite: to create trade-free goods and services. To provide, without asking anything in return. \r\n\r\nWe not only provide trade-free goods & services ourselves, but also created the trade-free directory (part of the trade-free.org website) where we list many trade-free goods and services from around the world. And anyone can help us add more to the list – we made it super easy for anyone to do so.\r\n\r\nIn the end it is about being good human beings, to help each other, in order to create a saner and safer world.\r\n\r\nI will first present the idea of trade as a problem to then switch to solutions and also how the trade-free directory (directory.trade-free.org) itself could be improved.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"The Origin of Most Problems","android_description":"We live in a society with a very bad incentive that pushes people to create problems and we argue that this bad incentive is trade. You can get food, access a social network, or anything else, ONLY, and ONLY if you give something back in return. Trade. Be it a currency like money, your data, or attention (watch ads). That's the backbone of our global society.\r\n\r\nThat being said we think that it is necessary to move away from this outdated society and remove this bad incentive. Our approach is to do the opposite: to create trade-free goods and services. To provide, without asking anything in return. \r\n\r\nWe not only provide trade-free goods & services ourselves, but also created the trade-free directory (part of the trade-free.org website) where we list many trade-free goods and services from around the world. And anyone can help us add more to the list – we made it super easy for anyone to do so.\r\n\r\nIn the end it is about being good human beings, to help each other, in order to create a saner and safer world.\r\n\r\nI will first present the idea of trade as a problem to then switch to solutions and also how the trade-free directory (directory.trade-free.org) itself could be improved.","end_timestamp":{"seconds":1703757600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T10:00:00.000-0000","id":53666,"begin_timestamp":{"seconds":1703754000,"nanoseconds":0},"tag_ids":[46137,46139,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","begin":"2023-12-28T09:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"I love to hear music. And I love to hear what it sounds like when two tracks start singing together, when they like each other. It's their way of making babies. Immediately after a first kiss between their parents, these children come to life on a cosy dance floor, surrounded by a warm and friendly twilight.\n\n\nmeet.wandowaiato.com","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Wando Waiato","end_timestamp":{"seconds":1703746800,"nanoseconds":0},"android_description":"I love to hear music. And I love to hear what it sounds like when two tracks start singing together, when they like each other. It's their way of making babies. Immediately after a first kiss between their parents, these children come to life on a cosy dance floor, surrounded by a warm and friendly twilight.\n\n\nmeet.wandowaiato.com","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T07:00:00.000-0000","id":53880,"tag_ids":[46137,46141],"village_id":null,"begin_timestamp":{"seconds":1703736000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T04:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/loui_beton\n\n\nhttps://soundcloud.com/loui_beton","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Loui Beton","end_timestamp":{"seconds":1703739600,"nanoseconds":0},"android_description":"https://soundcloud.com/loui_beton\n\n\nhttps://soundcloud.com/loui_beton","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T05:00:00.000-0000","id":53902,"begin_timestamp":{"seconds":1703732400,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T03:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Maayan Nidam, an artist in flux, continues to change, evolve and challenge boundaries both in her Berlin studio and on stage.\r\nShe has built a reputation as a fine DJ and producer who favours a subtle approach towards mesmeric moments.\r\nHer DJ sets, predominantly based in stripped-back, deep sounds, utilise an intriguing vinyl collection, using obscure interludes\r\nfor re-contextualisation. This approach makes for some magical moments on the dance-floor, where a night’s highlight may\r\ncome from the most unlikely of tracks.\r\nAs a musician obsessed about sound and the technology behind its creation, her workflow places a strong focus on the studio\r\nenvironment. Triggering chain reactions between guitar pedals, drum machines, modular synths and acoustic instruments,\r\ngenerating sounds in unpredictable, exciting ways.\r\nInspired by her 2014 performances as The Waves with an accompanying band, Maayan has developed a solo live set that allows\r\nher to further her studio experiments and take them on the road. With a flexibly evolving range of hardware, she re-creates the\r\nspontaneous frame of her productions, delving deep into the possibilities of live dubbing and improvisation, keeping the\r\nperformance exciting for both the crowd and Maayan herself.\r\n\r\nhttps://soundcloud.com/maayan\n\n\nMaayan Nidam, an artist in flux, continues to change, evolve and challenge boundaries both in her Berlin studio and on stage.","title":"Maayan Nidam","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703732400,"nanoseconds":0},"android_description":"Maayan Nidam, an artist in flux, continues to change, evolve and challenge boundaries both in her Berlin studio and on stage.\r\nShe has built a reputation as a fine DJ and producer who favours a subtle approach towards mesmeric moments.\r\nHer DJ sets, predominantly based in stripped-back, deep sounds, utilise an intriguing vinyl collection, using obscure interludes\r\nfor re-contextualisation. This approach makes for some magical moments on the dance-floor, where a night’s highlight may\r\ncome from the most unlikely of tracks.\r\nAs a musician obsessed about sound and the technology behind its creation, her workflow places a strong focus on the studio\r\nenvironment. Triggering chain reactions between guitar pedals, drum machines, modular synths and acoustic instruments,\r\ngenerating sounds in unpredictable, exciting ways.\r\nInspired by her 2014 performances as The Waves with an accompanying band, Maayan has developed a solo live set that allows\r\nher to further her studio experiments and take them on the road. With a flexibly evolving range of hardware, she re-creates the\r\nspontaneous frame of her productions, delving deep into the possibilities of live dubbing and improvisation, keeping the\r\nperformance exciting for both the crowd and Maayan herself.\r\n\r\nhttps://soundcloud.com/maayan\n\n\nMaayan Nidam, an artist in flux, continues to change, evolve and challenge boundaries both in her Berlin studio and on stage.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T03:00:00.000-0000","id":53901,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703725200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T01:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/panpio","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Pio","end_timestamp":{"seconds":1703736000,"nanoseconds":0},"android_description":"https://soundcloud.com/panpio","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T04:00:00.000-0000","id":53879,"tag_ids":[46137,46141],"village_id":null,"begin_timestamp":{"seconds":1703725200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-28T01:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir gucken mal über einige Ideen der Drehflügler in der Geschichte der Heeresflieger. Warum es der Tiger nicht im Tank hat, warum jetzt ADAC Hubschrauber Grün angemahlt wurden, und warum Helikopterfliegen ja leichter ist als Motorradfahren. Eine kleine Episode an Merkwürdigkeiten aus der Bundeswehr.","title":"Och Menno - Neue K(r)ampfhubschrauber für die Bundeswehr","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#4cd5fe","name":"Live podcast stage (45 minutes)","id":46126},"end_timestamp":{"seconds":1703722500,"nanoseconds":0},"android_description":"Wir gucken mal über einige Ideen der Drehflügler in der Geschichte der Heeresflieger. Warum es der Tiger nicht im Tank hat, warum jetzt ADAC Hubschrauber Grün angemahlt wurden, und warum Helikopterfliegen ja leichter ist als Motorradfahren. Eine kleine Episode an Merkwürdigkeiten aus der Bundeswehr.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53687,53100,53150,53375],"conference_id":131,"event_ids":[53572,53522,53723,54019],"name":"Sven Uckermann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52388}],"timeband_id":1141,"links":[],"end":"2023-12-28T00:15:00.000-0000","id":53572,"tag_ids":[46126,46139],"village_id":null,"begin_timestamp":{"seconds":1703719800,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52388}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T23:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Statt den Slot ganz ausfallen zu lassen, haben wir uns entschieden etwas neues, noch nie Dagewesenes zu probieren: HACK ZUCK.\r\n\r\nDie Älteren könnten es noch kennen, ähnlich wie in RUCK ZUCK (sucht es in der Du-Tube) treten Teams gegeneinander an und müssen Begriffe beschreiben. Bei uns natürlich eher… speziellere. \r\n\r\nSucht euch gerne schon mal Teams zusammen – 5 Leute braucht es. Wir werden wie üblich im Publikum aufrufen, aber wer sich vorab als \"eingespieltes\" Team bewirbt, hat evtl. bessere Chancen. Schickt uns gerne also vorab Infos zu eurem geplanten Team an hackzuck@posteo.de – im Betreff am Besten was mit \"HackZuck Team\" – und dann sehen wir mal, was das wird.\n\n\nDies ist kein Fnord. Es wird dieses Jahr kein Hacker Jeopardy geben. Sorry. :(\r\n\r\nWir versuchen, etwas Anderes zu improvisieren. Das Event wird auf Deutsch sein und die Revolution wird nicht im Fernsehen übertragen, nicht gestreamt oder aufgezeichnet.\r\n\r\nFreut auch auf HACK ZUCK. Mal sehen, ob das lustig wird, wahrscheinlich jedenfalls wird es einmalig.","title":"Kein(!) Hacker Jeopardy","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"Statt den Slot ganz ausfallen zu lassen, haben wir uns entschieden etwas neues, noch nie Dagewesenes zu probieren: HACK ZUCK.\r\n\r\nDie Älteren könnten es noch kennen, ähnlich wie in RUCK ZUCK (sucht es in der Du-Tube) treten Teams gegeneinander an und müssen Begriffe beschreiben. Bei uns natürlich eher… speziellere. \r\n\r\nSucht euch gerne schon mal Teams zusammen – 5 Leute braucht es. Wir werden wie üblich im Publikum aufrufen, aber wer sich vorab als \"eingespieltes\" Team bewirbt, hat evtl. bessere Chancen. Schickt uns gerne also vorab Infos zu eurem geplanten Team an hackzuck@posteo.de – im Betreff am Besten was mit \"HackZuck Team\" – und dann sehen wir mal, was das wird.\n\n\nDies ist kein Fnord. Es wird dieses Jahr kein Hacker Jeopardy geben. Sorry. :(\r\n\r\nWir versuchen, etwas Anderes zu improvisieren. Das Event wird auf Deutsch sein und die Revolution wird nicht im Fernsehen übertragen, nicht gestreamt oder aufgezeichnet.\r\n\r\nFreut auch auf HACK ZUCK. Mal sehen, ob das lustig wird, wahrscheinlich jedenfalls wird es einmalig.","end_timestamp":{"seconds":1703726100,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53216],"conference_id":131,"event_ids":[53594],"name":"Ray","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52478}],"timeband_id":1141,"links":[],"end":"2023-12-28T01:15:00.000-0000","id":53594,"tag_ids":[46120,46136,46139],"begin_timestamp":{"seconds":1703718900,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52478}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T23:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"What if it was possible to simulate consciousness? What would be logical to happen? This talk will go over some sinister thought experiments including Greg Egan's Dust Theory from his novel „Permutation City“.\r\n\r\nFor everybody. No prior knowledge required. (Conceptual spoilers for „Permutation City“.)\r\n\r\n**We meet at the Assembly of the OpenLab Augsburg. Hall 3, south edge.**\r\n\r\n🧮🦆\n\n\n","title":"A tale of sinister thought experiments about simulated consciousness (feat. Greg Egan's Dust Theory)","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703722500,"nanoseconds":0},"android_description":"What if it was possible to simulate consciousness? What would be logical to happen? This talk will go over some sinister thought experiments including Greg Egan's Dust Theory from his novel „Permutation City“.\r\n\r\nFor everybody. No prior knowledge required. (Conceptual spoilers for „Permutation City“.)\r\n\r\n**We meet at the Assembly of the OpenLab Augsburg. Hall 3, south edge.**\r\n\r\n🧮🦆","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T00:15:00.000-0000","id":53453,"village_id":null,"begin_timestamp":{"seconds":1703718900,"nanoseconds":0},"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"spans_timebands":"N","begin":"2023-12-27T23:15:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Participants will learn about the [LinuxBoot project](https://linuxboot.org) and [u-root](https://u-root.org), and if time permits, try out `cpu`, a handy concept and command ported to Linux from the ideas in the Plan 9 research OS.\r\n\r\nWe have prepared two repositories for a quick start:\r\n- \r\n- \r\n\r\nIn summary, this gets\r\n- a small Linux userland\r\n- bootloaders\r\n- networked OS\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"LinuxBoot, u-root + cpu hands-on workshop","end_timestamp":{"seconds":1703723700,"nanoseconds":0},"android_description":"Participants will learn about the [LinuxBoot project](https://linuxboot.org) and [u-root](https://u-root.org), and if time permits, try out `cpu`, a handy concept and command ported to Linux from the ideas in the Plan 9 research OS.\r\n\r\nWe have prepared two repositories for a quick start:\r\n- \r\n- \r\n\r\nIn summary, this gets\r\n- a small Linux userland\r\n- bootloaders\r\n- networked OS","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T00:35:00.000-0000","id":53467,"village_id":null,"begin_timestamp":{"seconds":1703718300,"nanoseconds":0},"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"begin":"2023-12-27T23:05:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/celestemcmillian\n\n\nFacilitating sonic journeys into the inner space..\r\nPSYTRANCE - TECHNO","title":"Celestial","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703725200,"nanoseconds":0},"android_description":"https://soundcloud.com/celestemcmillian\n\n\nFacilitating sonic journeys into the inner space..\r\nPSYTRANCE - TECHNO","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T01:00:00.000-0000","id":53860,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703718000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T23:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/marthavanstraaten","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Martha van Straaten","end_timestamp":{"seconds":1703725200,"nanoseconds":0},"android_description":"https://soundcloud.com/marthavanstraaten","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1141,"links":[],"end":"2023-12-28T01:00:00.000-0000","id":53845,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703718000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"N","begin":"2023-12-27T23:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The increase has already been exponential for years. With the AI hype, this demand for energy, cooling and water has increased dramatically. \r\n\r\nWhat is known, what is to be expected and how an upcoming crisis be avoided? Can we reuse the energy? At least partially? Are there other concepts of integrating data centers into buildings and cities? Do we have non technical patterns driving the resource exhaustion?\r\n\r\nThe AI hype has increased the demand dramatically. The existing GPU based computing paradigm cuts hard into the standard design of data centers and demands other ways of cooling. Does the approach of modeling neurons really need floating point numbers? Which alternatives could be found?\r\n\r\nThis is an update of Thomas' previous talks at the #cccamp23 Camp[1] and at the Bits und Bäume conference [2].\r\n\r\n[1] https://media.ccc.de/v/camp2023-57070-energy\\_consumption\\_of\\_data\\_centers\r\n[2] https://media.ccc.de/v/bitsundbaeume-19844-datenschutz-sparsamkeit-und-resourcenverbrauch-am-beispiel-einer-terminbuchungsanwendung\r\n\n\n\nI look into the resource consumption of data centers and present my state of knowledge. I ask more questions than I give answers.","title":"Energy Consumption of Datacenters ","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"android_description":"The increase has already been exponential for years. With the AI hype, this demand for energy, cooling and water has increased dramatically. \r\n\r\nWhat is known, what is to be expected and how an upcoming crisis be avoided? Can we reuse the energy? At least partially? Are there other concepts of integrating data centers into buildings and cities? Do we have non technical patterns driving the resource exhaustion?\r\n\r\nThe AI hype has increased the demand dramatically. The existing GPU based computing paradigm cuts hard into the standard design of data centers and demands other ways of cooling. Does the approach of modeling neurons really need floating point numbers? Which alternatives could be found?\r\n\r\nThis is an update of Thomas' previous talks at the #cccamp23 Camp[1] and at the Bits und Bäume conference [2].\r\n\r\n[1] https://media.ccc.de/v/camp2023-57070-energy\\_consumption\\_of\\_data\\_centers\r\n[2] https://media.ccc.de/v/bitsundbaeume-19844-datenschutz-sparsamkeit-und-resourcenverbrauch-am-beispiel-einer-terminbuchungsanwendung\r\n\n\n\nI look into the resource consumption of data centers and present my state of knowledge. I ask more questions than I give answers.","end_timestamp":{"seconds":1703716800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T22:40:00.000-0000","id":53896,"village_id":null,"tag_ids":[46125,46136,46140],"begin_timestamp":{"seconds":1703714400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","begin":"2023-12-27T22:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We will present the result of the research that started back in 2018. Explore with us the development on the last years. How did the security and privacy of \"Ecovacs2 change in contrast to other companies? What kind of cool hardware is out there? Can the devices be used to potentially spy on you?\r\n\r\nLearn how reverse engineering works and how to get root access on the devices. Let us show you how you maintain persistence on the devices and run your own software.\r\n\r\nCome with us on a journey of having fun hacking interesting devices while exploring bad oversights and real problems. You will be surprised what we found. Let's discuss together what impact this devices will have on our (social) life and what the future of vacuum robot hacking will bring.\r\n\n\n\nFor the past 5 years we have been presenting ways to hack and root vacuum robots at various events like CCC and DEFCON. In all these cases it covered vacuum robots by Roborock, Dreame, Xiaomi and some smaller companies.\r\n\r\nHowever, did we ever take a look at other vendors and maybe some new interesting device classes? In this talk we do exactly that, and will take a deep dive into Ecovacs robots!","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Sucking dust and cutting grass: reversing robots and bypassing security","android_description":"We will present the result of the research that started back in 2018. Explore with us the development on the last years. How did the security and privacy of \"Ecovacs2 change in contrast to other companies? What kind of cool hardware is out there? Can the devices be used to potentially spy on you?\r\n\r\nLearn how reverse engineering works and how to get root access on the devices. Let us show you how you maintain persistence on the devices and run your own software.\r\n\r\nCome with us on a journey of having fun hacking interesting devices while exploring bad oversights and real problems. You will be surprised what we found. Let's discuss together what impact this devices will have on our (social) life and what the future of vacuum robot hacking will bring.\r\n\n\n\nFor the past 5 years we have been presenting ways to hack and root vacuum robots at various events like CCC and DEFCON. In all these cases it covered vacuum robots by Roborock, Dreame, Xiaomi and some smaller companies.\r\n\r\nHowever, did we ever take a look at other vendors and maybe some new interesting device classes? In this talk we do exactly that, and will take a deep dive into Ecovacs robots!","end_timestamp":{"seconds":1703718000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[{"content_ids":[53227],"conference_id":131,"event_ids":[53604],"name":"Dennis Giese","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52493}],"timeband_id":1140,"links":[],"end":"2023-12-27T23:00:00.000-0000","id":53604,"begin_timestamp":{"seconds":1703714400,"nanoseconds":0},"tag_ids":[46124,46136,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52493}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"Y","begin":"2023-12-27T22:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The talk will be a mix of technical and non-technical aspects of analysis which should be understandable for anyone with a technical background. We’ll briefly explain how modern EMUs look like inside, how the Train Control & Monitoring System works, and how to analyze TriCore machine code.\n\n\nWe've all been there: the trains you're servicing for a customer suddenly brick themselves and the manufacturer claims that's because you've interfered with a security system.\r\n\r\nThis talk will tell the story of a series of Polish EMUs (Electric Multiple Unit) that all refused to move a few days after arriving at an “unauthorized” service company. We'll go over how a train control system actually works, how we reverse-engineered one and what sort of magical “security” systems we actually found inside of it.\r\n\r\nReality sometimes is stranger than the wildest CTF task. Reality sometimes is running `unlock.py` on a dozen trains.","title":"Breaking \"DRM\" in Polish trains","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"The talk will be a mix of technical and non-technical aspects of analysis which should be understandable for anyone with a technical background. We’ll briefly explain how modern EMUs look like inside, how the Train Control & Monitoring System works, and how to analyze TriCore machine code.\n\n\nWe've all been there: the trains you're servicing for a customer suddenly brick themselves and the manufacturer claims that's because you've interfered with a security system.\r\n\r\nThis talk will tell the story of a series of Polish EMUs (Electric Multiple Unit) that all refused to move a few days after arriving at an “unauthorized” service company. We'll go over how a train control system actually works, how we reverse-engineered one and what sort of magical “security” systems we actually found inside of it.\r\n\r\nReality sometimes is stranger than the wildest CTF task. Reality sometimes is running `unlock.py` on a dozen trains.","end_timestamp":{"seconds":1703718000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53215],"conference_id":131,"event_ids":[53593],"name":"q3k","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52460},{"content_ids":[53215],"conference_id":131,"event_ids":[53593],"name":"MrTick","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52491}],"timeband_id":1140,"links":[],"end":"2023-12-27T23:00:00.000-0000","id":53593,"begin_timestamp":{"seconds":1703714400,"nanoseconds":0},"tag_ids":[46122,46136,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52491},{"tag_id":46107,"sort_order":1,"person_id":52460}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"Y","begin":"2023-12-27T22:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Unsere Silvestergala. Mit hilfreichen Tipps für euer Silvestermenü. Haltet Zettel und Stift bereit!\n\n\nHochqualitativer Content mit Zusammenhängen ohne Zusammenhang. \r\n\r\nPhako und Bert lesen Dinge vor (divers)\r\nFreut euch auf Dialekte, Intonationen deluxe, erkältete Stimmen, erotische Betonungen und i.d.R. vollkommen unvorbereitete, spontane Aufnahmen ohne besonderen Anlass <3\r\n\r\nDas Team von https://www.ihrkoenntunsallemal.de/ freut sich auf die Weihnachtssonderfolge! Der akustische Christmas Jumper!","title":"Schiffsromantik","type":{"conference_id":131,"conference":"37C3","color":"#93758d","updated_at":"2024-06-07T03:40+0000","name":"Podcasting table (45 minutes)","id":46128},"android_description":"Unsere Silvestergala. Mit hilfreichen Tipps für euer Silvestermenü. Haltet Zettel und Stift bereit!\n\n\nHochqualitativer Content mit Zusammenhängen ohne Zusammenhang. \r\n\r\nPhako und Bert lesen Dinge vor (divers)\r\nFreut euch auf Dialekte, Intonationen deluxe, erkältete Stimmen, erotische Betonungen und i.d.R. vollkommen unvorbereitete, spontane Aufnahmen ohne besonderen Anlass <3\r\n\r\nDas Team von https://www.ihrkoenntunsallemal.de/ freut sich auf die Weihnachtssonderfolge! Der akustische Christmas Jumper!","end_timestamp":{"seconds":1703717100,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53170],"conference_id":131,"event_ids":[53527],"name":"Phako","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52481},{"content_ids":[53170],"conference_id":131,"event_ids":[53527],"name":"bert","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52497}],"timeband_id":1140,"links":[],"end":"2023-12-27T22:45:00.000-0000","id":53527,"village_id":null,"begin_timestamp":{"seconds":1703714400,"nanoseconds":0},"tag_ids":[46128,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52481},{"tag_id":46107,"sort_order":1,"person_id":52497}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T22:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Very roughly, P is the class of efficiently solvable problems and NP is the class of non-efficiently solvable problems. A basic fact of life is P ≠ NP. However, for the last fifty years, this observation has stubbornly resisted every attempt of a proof. The talk will carefully explain:\r\n\r\n▸ what the precise statement of the conjecture P ≠ NP is\r\n\r\n▸ how the world would look like if P = NP\r\n\r\n▸ whether it might be that it's provable that the conjecture is unprovable (that the conjecture exceeds the boundaries of logic)\r\n\r\n▸ what's known about hypothetical proofs of P ≠ NP\r\n\r\nThis talk requires no mathematical prerequisites. Indeed, people who took classes on computability theory in university will be bored to hell and should only attend if they plan to support the session by offering interesting remarks. :-)\r\n\r\nTo enjoy and follow the talk, you should know that we use algorithms to solve computational problems and that some are more efficient than others. You'll be extra prepared if at some point in your life you've implemented some algorithms. That said, you will only enjoy the talk if you enjoy mathematical thinking and a certain amount of mathematical precision. This is not a light-and-fun talk, to the small extent that it's fun it's only thanks to the interesting theoretical relationships discussed in the talk.\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Wondrous mathematics: A gentle introduction to P vs. NP, the greatest open question in computer science","end_timestamp":{"seconds":1703717400,"nanoseconds":0},"android_description":"Very roughly, P is the class of efficiently solvable problems and NP is the class of non-efficiently solvable problems. A basic fact of life is P ≠ NP. However, for the last fifty years, this observation has stubbornly resisted every attempt of a proof. The talk will carefully explain:\r\n\r\n▸ what the precise statement of the conjecture P ≠ NP is\r\n\r\n▸ how the world would look like if P = NP\r\n\r\n▸ whether it might be that it's provable that the conjecture is unprovable (that the conjecture exceeds the boundaries of logic)\r\n\r\n▸ what's known about hypothetical proofs of P ≠ NP\r\n\r\nThis talk requires no mathematical prerequisites. Indeed, people who took classes on computability theory in university will be bored to hell and should only attend if they plan to support the session by offering interesting remarks. :-)\r\n\r\nTo enjoy and follow the talk, you should know that we use algorithms to solve computational problems and that some are more efficient than others. You'll be extra prepared if at some point in your life you've implemented some algorithms. That said, you will only enjoy the talk if you enjoy mathematical thinking and a certain amount of mathematical precision. This is not a light-and-fun talk, to the small extent that it's fun it's only thanks to the interesting theoretical relationships discussed in the talk.\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T22:50:00.000-0000","id":53466,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703714400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T22:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Österreichische Politik kann mit Humor sehr gut ertragen werden. Ob Videos von spanischen Inseln, Chats oder Spesenaffären - all das hätte sich ein Drehbuchautor nicht besser ausdenken können. Wir erklären, was in den letzten Jahren bei uns passiert ist und zeigen auf, wie ein weiterer Rechtsruck verhindert werden kann.","title":"Vom Kinderkanzler Kurz zum Volkskanzler Kickl - Politik in Österreich","type":{"conference_id":131,"conference":"37C3","color":"#e78bea","updated_at":"2024-06-07T03:40+0000","name":"Live podcast stage (90 minutes)","id":46127},"end_timestamp":{"seconds":1703719800,"nanoseconds":0},"android_description":"Österreichische Politik kann mit Humor sehr gut ertragen werden. Ob Videos von spanischen Inseln, Chats oder Spesenaffären - all das hätte sich ein Drehbuchautor nicht besser ausdenken können. Wir erklären, was in den letzten Jahren bei uns passiert ist und zeigen auf, wie ein weiterer Rechtsruck verhindert werden kann.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53147],"conference_id":131,"event_ids":[53447],"name":"unsösterreichts.jetzt","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52263},{"content_ids":[53147],"conference_id":131,"event_ids":[53447],"name":"Alexander Muigg","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52435}],"timeband_id":1140,"links":[],"end":"2023-12-27T23:30:00.000-0000","id":53447,"tag_ids":[46127,46139],"village_id":null,"begin_timestamp":{"seconds":1703714400,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52435},{"tag_id":46107,"sort_order":1,"person_id":52263}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T22:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Die älteren unter uns werden sich erinnern. Früher konnte man in halbwegs großen Bahnhöfen Fahrkarten nach halb Europa kaufen. Im schlimmsten Fall wurden kompliziertere Sachen mal per Fax beim nächsten großen Bahnhof bestellt, im Wesentlichen konnten die Personen am Schalter aber die Fahrpreise und Fahrpläne durch das Wälzen von Kursbüchern und Tariftabellen ermitteln. \r\n\r\nDas müsste heute doch besser gehen? So mit Computern, ohne Fax und mit Algorithmen? Im Prinzip schon - aber... Und das ganze dann noch aufs Handy oder zum Selbstausdrucken nach Hause zu bringen, ist dann das nächste Thema. Also doch zum Schalter? Viele wurden in den letzten Jahren geschlossen, und auch dort wurden die Möglichkeiten beschnitten. Eine Reservierung nach Paris? Geht nur über Frankfurt, nicht über Köln. Ab Paris weiter? Nur vor Ort. JeDi kennt sich mit Fahrkarten aus, und versucht das Problem aufzuarbeiten und zu bewerten.\n\n\nZug fahren ist toll. Mit dem Zug weit weg fahren umso mehr. Leider ist es oftmals kompliziert, eine Fahrkarte ins Ausland zu kaufen - und in den letzten Jahren wird das auch noch immer komplizierter. JeDi hat sich mal angeschaut, wo eigentlich die Probleme liegen - und wie Lösungen aussehen können.","type":{"conference_id":131,"conference":"37C3","color":"#f6ae74","updated_at":"2024-06-07T03:40+0000","name":"Talk 90 Minuten +15m Q&A","id":46132},"title":"Wie funktionieren Zug-Fahrkarten ins Ausland?","end_timestamp":{"seconds":1703718900,"nanoseconds":0},"android_description":"Die älteren unter uns werden sich erinnern. Früher konnte man in halbwegs großen Bahnhöfen Fahrkarten nach halb Europa kaufen. Im schlimmsten Fall wurden kompliziertere Sachen mal per Fax beim nächsten großen Bahnhof bestellt, im Wesentlichen konnten die Personen am Schalter aber die Fahrpreise und Fahrpläne durch das Wälzen von Kursbüchern und Tariftabellen ermitteln. \r\n\r\nDas müsste heute doch besser gehen? So mit Computern, ohne Fax und mit Algorithmen? Im Prinzip schon - aber... Und das ganze dann noch aufs Handy oder zum Selbstausdrucken nach Hause zu bringen, ist dann das nächste Thema. Also doch zum Schalter? Viele wurden in den letzten Jahren geschlossen, und auch dort wurden die Möglichkeiten beschnitten. Eine Reservierung nach Paris? Geht nur über Frankfurt, nicht über Köln. Ab Paris weiter? Nur vor Ort. JeDi kennt sich mit Fahrkarten aus, und versucht das Problem aufzuarbeiten und zu bewerten.\n\n\nZug fahren ist toll. Mit dem Zug weit weg fahren umso mehr. Leider ist es oftmals kompliziert, eine Fahrkarte ins Ausland zu kaufen - und in den letzten Jahren wird das auch noch immer komplizierter. JeDi hat sich mal angeschaut, wo eigentlich die Probleme liegen - und wie Lösungen aussehen können.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53173],"conference_id":131,"event_ids":[53580],"name":"JeDi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52269}],"timeband_id":1140,"links":[],"end":"2023-12-27T23:15:00.000-0000","id":53580,"begin_timestamp":{"seconds":1703712600,"nanoseconds":0},"tag_ids":[46132,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52269}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"spans_timebands":"Y","begin":"2023-12-27T21:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"SMTP, the Simple Mail Transfer Protocol, allows e-mailing since 1982. This easily makes it one of the oldest technologies amongst the Internet. However, even though it seems to have stood the test of time, there was still a trivial but novel exploitation technique just waiting to be discovered – SMTP smuggling!\r\nIn this talk, we’ll explore how SMTP smuggling breaks the interpretation of the SMTP protocol in vulnerable server constellations worldwide, allowing some more than unwanted behavior. Sending e-mails as admin@microsoft.com to fortune 500 companies – while still passing SPF checks – will be the least of our problems!\r\nFrom identifying this novel technique to exploiting it in one of the most used e-mail services on the Internet, we’ll dive into all the little details this attack has to offer. Therefore, in this talk, we’ll embark on an expedition beyond the known limits of SMTP, and venture into the uncharted territories of SMTP smuggling!\n\n\nIntroducing a novel technique for e-mail spoofing.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"SMTP Smuggling – Spoofing E-Mails Worldwide","android_description":"SMTP, the Simple Mail Transfer Protocol, allows e-mailing since 1982. This easily makes it one of the oldest technologies amongst the Internet. However, even though it seems to have stood the test of time, there was still a trivial but novel exploitation technique just waiting to be discovered – SMTP smuggling!\r\nIn this talk, we’ll explore how SMTP smuggling breaks the interpretation of the SMTP protocol in vulnerable server constellations worldwide, allowing some more than unwanted behavior. Sending e-mails as admin@microsoft.com to fortune 500 companies – while still passing SPF checks – will be the least of our problems!\r\nFrom identifying this novel technique to exploiting it in one of the most used e-mail services on the Internet, we’ll dive into all the little details this attack has to offer. Therefore, in this talk, we’ll embark on an expedition beyond the known limits of SMTP, and venture into the uncharted territories of SMTP smuggling!\n\n\nIntroducing a novel technique for e-mail spoofing.","end_timestamp":{"seconds":1703713500,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53236],"conference_id":131,"event_ids":[53612],"name":"Timo Longin","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52392}],"timeband_id":1140,"links":[],"end":"2023-12-27T21:45:00.000-0000","id":53612,"tag_ids":[46124,46136,46140],"village_id":null,"begin_timestamp":{"seconds":1703711100,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52392}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T21:05:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The European Southern Observatory (ESO) is an intergovernmental organisation founded in 1962 and is based in Garching bei München. It develops, builds and operates ground-based telescopes to enable astronomical research in the southern hemisphere and to foster cooperation in the international astronomical community. In 2012 the ESO Council approved the Extremely Large Telescope (ELT) programme and its construction is scheduled for completion in 2028. The 39m primary mirror will make the ELT the largest optical telescope at that time.\r\n\r\nIt will be located on the top of Cerro Armazones, a ~3000m high mountain in the Atacama desert in Chile. This site provides ideal optical conditions, but also comes with logistical and engineering challenges.\r\n\r\nWe will walk you through the telescope and along the optical path to the instruments and explain some of the technologies involved to push the boundaries of ground-based optical astronomy.\n\n\nThe Extremely Large Telescope (ELT) is currently under construction in the Atacama desert in northern Chile by the European Southern Observatory (ESO). With a primary mirror aperture of 39m, it will be the largest optical telescope on earth. We will briefly introduce the history and mission of ESO and explain how a modern optical telescope works.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"title":"The Extremely Large Telescope (ELT)","end_timestamp":{"seconds":1703713500,"nanoseconds":0},"android_description":"The European Southern Observatory (ESO) is an intergovernmental organisation founded in 1962 and is based in Garching bei München. It develops, builds and operates ground-based telescopes to enable astronomical research in the southern hemisphere and to foster cooperation in the international astronomical community. In 2012 the ESO Council approved the Extremely Large Telescope (ELT) programme and its construction is scheduled for completion in 2028. The 39m primary mirror will make the ELT the largest optical telescope at that time.\r\n\r\nIt will be located on the top of Cerro Armazones, a ~3000m high mountain in the Atacama desert in Chile. This site provides ideal optical conditions, but also comes with logistical and engineering challenges.\r\n\r\nWe will walk you through the telescope and along the optical path to the instruments and explain some of the technologies involved to push the boundaries of ground-based optical astronomy.\n\n\nThe Extremely Large Telescope (ELT) is currently under construction in the Atacama desert in northern Chile by the European Southern Observatory (ESO). With a primary mirror aperture of 39m, it will be the largest optical telescope on earth. We will briefly introduce the history and mission of ESO and explain how a modern optical telescope works.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53226],"conference_id":131,"event_ids":[53603],"name":"panic","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52476},{"content_ids":[53226],"conference_id":131,"event_ids":[53603],"name":"lk","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52492}],"timeband_id":1140,"links":[{"label":"ELT homepage","type":"link","url":"https://elt.eso.org/"}],"end":"2023-12-27T21:45:00.000-0000","id":53603,"begin_timestamp":{"seconds":1703711100,"nanoseconds":0},"tag_ids":[46123,46136,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52492},{"tag_id":46107,"sort_order":1,"person_id":52476}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","begin":"2023-12-27T21:05:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Der Vortrag ist eine allgemeinverständliche Einführung in die Demokratietheorie in Krisenzeiten. Er stellt zuerst die wichtigsten Demokratietheorien aus der Politikwissenschaft vor: Was ist Demokratie? Und wie sieht eine gut funktionierende Demokratie in der Praxis aus? Anschließend werden die Problemdiagnostik und die Ursachenforschung behandelt: Was stimmt aus wissenschaftlicher Sicht nicht mit der Demokratie? Ist sie in der Krise oder liegen die Probleme woanders? Zum Schluss stehen Lösungswege und Reaktionsmöglichkeiten zur Diskussion: Bieten Politikwissenschaft und Demokratietheorie praktikable Lösungsansätze? Oder sind sie selbst in einer Krise, weil sie keine Lösungswege aufzeigen können?\n\n\nDemokratie ist eine gute Idee, funktioniert aber nicht in der Praxis. So die Meinung vieler Menschen, die vor dem Hintergrund von Klimakrise, Infrastrukturerosion und Regierungsversagen an der Zukunftsfähigkeit der Demokratie zweifeln. Wie reagiert die Politikwissenschaft darauf und kann die Demokratietheorie Lösungswege aufzeigen?","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Ist die Demokratie noch zu retten? ","end_timestamp":{"seconds":1703713500,"nanoseconds":0},"android_description":"Der Vortrag ist eine allgemeinverständliche Einführung in die Demokratietheorie in Krisenzeiten. Er stellt zuerst die wichtigsten Demokratietheorien aus der Politikwissenschaft vor: Was ist Demokratie? Und wie sieht eine gut funktionierende Demokratie in der Praxis aus? Anschließend werden die Problemdiagnostik und die Ursachenforschung behandelt: Was stimmt aus wissenschaftlicher Sicht nicht mit der Demokratie? Ist sie in der Krise oder liegen die Probleme woanders? Zum Schluss stehen Lösungswege und Reaktionsmöglichkeiten zur Diskussion: Bieten Politikwissenschaft und Demokratietheorie praktikable Lösungsansätze? Oder sind sie selbst in einer Krise, weil sie keine Lösungswege aufzeigen können?\n\n\nDemokratie ist eine gute Idee, funktioniert aber nicht in der Praxis. So die Meinung vieler Menschen, die vor dem Hintergrund von Klimakrise, Infrastrukturerosion und Regierungsversagen an der Zukunftsfähigkeit der Demokratie zweifeln. Wie reagiert die Politikwissenschaft darauf und kann die Demokratietheorie Lösungswege aufzeigen?","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53214],"conference_id":131,"event_ids":[53592],"name":"Veith Selk","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52301}],"timeband_id":1140,"links":[{"label":"Website Veith Selk","type":"link","url":"https://veithselk.de"}],"end":"2023-12-27T21:45:00.000-0000","id":53592,"tag_ids":[46123,46136,46139],"begin_timestamp":{"seconds":1703711100,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52301}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-27T21:05:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"It's all about all.\r\neverything is everything and at the same time it's only one.\r\nIf you feel love there is maybe fear and doubt, maybe security and maybe pain. maybe there is the smell of cookie dough or the smell of wood. \r\nno matter what - all these things become one feeling. one expression. it's the collection of all your experiences. of all your violations.\r\nALL of them have their place and their task and want to be seen and want to be taken seriously.\r\nlove all of them - even if in this love - with whom you love them - you find them again. <3\n\n\nhttps://secretact.bandcamp.com/","title":"secret act","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"It's all about all.\r\neverything is everything and at the same time it's only one.\r\nIf you feel love there is maybe fear and doubt, maybe security and maybe pain. maybe there is the smell of cookie dough or the smell of wood. \r\nno matter what - all these things become one feeling. one expression. it's the collection of all your experiences. of all your violations.\r\nALL of them have their place and their task and want to be seen and want to be taken seriously.\r\nlove all of them - even if in this love - with whom you love them - you find them again. <3\n\n\nhttps://secretact.bandcamp.com/","end_timestamp":{"seconds":1703718000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T23:00:00.000-0000","id":53907,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703710800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"Y","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T21:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/brumby\r\nhttps://soundcloud.com/hks97\n\n\nDurch schönsten Zufall geborenes Projekt für Tanzmusik, Schaumwein & Freundschaft","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Lena Brumby & HKS97","android_description":"https://soundcloud.com/brumby\r\nhttps://soundcloud.com/hks97\n\n\nDurch schönsten Zufall geborenes Projekt für Tanzmusik, Schaumwein & Freundschaft","end_timestamp":{"seconds":1703718000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T23:00:00.000-0000","id":53844,"begin_timestamp":{"seconds":1703710800,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T21:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"*How a mathematical breakthrough made at the end of the 17th century is the workhorse of the artificial neural networks of today*\r\n\r\nConventional computer algorithms are superior to the human intellect in many regards: for instance at multiplying large numbers or winning at chess by analyzing huge numbers of moves. But there are also many tasks which come naturally to us yet exceed the capabilities of algorithms by vast amounts: Rigid algorithms can't decipher human handwriting or drive cars.\r\n\r\nThe recent breakthroughs in artificial intelligence circumvent these barriers by employing quite a different approach: They use artificial neural networks, which are inspired by the partially-understood way the human brain works.\r\n\r\nThe unique feature of artificial neural nets is that they aren't rigid, but can learn. Human programmers specify their rough structure and supply training data, but don't write a single line of code governing their behavior.\r\n\r\n**In the spirit of a good Unix command-line tool, this talk aspires to explain one thing and explain it well: How do artificial neural nets accomplish the feat of learning?**\r\n\r\nWe'll learn that the answer is related to a mathematical breakthrough made at the end of the 17th century and discuss why deep learning only surged in the last few years, even though the basics of artificial neural nets were already understood in the 1980s. We'll also touch upon some of the greatest problems of neural nets, which emerge directly from the way neural nets learn.\r\n\r\nThe talk doesn't require any advanced knowledge of mathematics. If you're already familiar with [Michael Nielsen's book](http://neuralnetworksanddeeplearning.com/), then don't expect to learn anything new and come to this talk only if you want to contribute interesting remarks. The talk has the goal of making the other neural network talks more accessible.\r\n\r\n[Here is a list of more sessions by us.](https://chaos.quasicoherent.io/)\r\n\r\n🧮\n\n\n","title":"Wondrous mathematics: How does artificial intelligence accomplish the feat of learning?","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"*How a mathematical breakthrough made at the end of the 17th century is the workhorse of the artificial neural networks of today*\r\n\r\nConventional computer algorithms are superior to the human intellect in many regards: for instance at multiplying large numbers or winning at chess by analyzing huge numbers of moves. But there are also many tasks which come naturally to us yet exceed the capabilities of algorithms by vast amounts: Rigid algorithms can't decipher human handwriting or drive cars.\r\n\r\nThe recent breakthroughs in artificial intelligence circumvent these barriers by employing quite a different approach: They use artificial neural networks, which are inspired by the partially-understood way the human brain works.\r\n\r\nThe unique feature of artificial neural nets is that they aren't rigid, but can learn. Human programmers specify their rough structure and supply training data, but don't write a single line of code governing their behavior.\r\n\r\n**In the spirit of a good Unix command-line tool, this talk aspires to explain one thing and explain it well: How do artificial neural nets accomplish the feat of learning?**\r\n\r\nWe'll learn that the answer is related to a mathematical breakthrough made at the end of the 17th century and discuss why deep learning only surged in the last few years, even though the basics of artificial neural nets were already understood in the 1980s. We'll also touch upon some of the greatest problems of neural nets, which emerge directly from the way neural nets learn.\r\n\r\nThe talk doesn't require any advanced knowledge of mathematics. If you're already familiar with [Michael Nielsen's book](http://neuralnetworksanddeeplearning.com/), then don't expect to learn anything new and come to this talk only if you want to contribute interesting remarks. The talk has the goal of making the other neural network talks more accessible.\r\n\r\n[Here is a list of more sessions by us.](https://chaos.quasicoherent.io/)\r\n\r\n🧮","end_timestamp":{"seconds":1703713800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T21:50:00.000-0000","id":53629,"begin_timestamp":{"seconds":1703710800,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T21:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We will give a short introduction into new Low Earth Orbit satellite based communications networks like Starlink, OneWeb and Amazon Kuiper. \r\n\r\nWhat is going on in space? How do you build a satellite constellation? How does all this work? What performance can a user expect? \r\n\r\nWe will also have an open discussion on where the development of infrastructure and services is headed and what risks and attack vectors could be observed so far.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Cosmic Connectivity - Starlink, Satellite Swarms and the Hackers' Final Frontier","android_description":"We will give a short introduction into new Low Earth Orbit satellite based communications networks like Starlink, OneWeb and Amazon Kuiper. \r\n\r\nWhat is going on in space? How do you build a satellite constellation? How does all this work? What performance can a user expect? \r\n\r\nWe will also have an open discussion on where the development of infrastructure and services is headed and what risks and attack vectors could be observed so far.","end_timestamp":{"seconds":1703714400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T22:00:00.000-0000","id":53618,"village_id":null,"begin_timestamp":{"seconds":1703710800,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T21:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Erdgeist & Monoxyd denken laut. Aufgrund des großen Erfolgs soll das jetzt auch beim Congress versucht werden. Themen? Ja! Wahrscheinlich irgendwas mit so... Dingen, die gerade passiert sind und zu denen mal was gesagt werden muss. Besser wir als Lanz & Precht!","type":{"conference_id":131,"conference":"37C3","color":"#4cd5fe","updated_at":"2024-06-07T03:40+0000","name":"Live podcast stage (45 minutes)","id":46126},"title":"Offene Hör Muscheln (OHM #019)","end_timestamp":{"seconds":1703713500,"nanoseconds":0},"android_description":"Erdgeist & Monoxyd denken laut. Aufgrund des großen Erfolgs soll das jetzt auch beim Congress versucht werden. Themen? Ja! Wahrscheinlich irgendwas mit so... Dingen, die gerade passiert sind und zu denen mal was gesagt werden muss. Besser wir als Lanz & Precht!","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53139,53343],"conference_id":131,"event_ids":[53436,53695],"name":"monoxyd","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52286}],"timeband_id":1140,"links":[],"end":"2023-12-27T21:45:00.000-0000","id":53436,"village_id":null,"begin_timestamp":{"seconds":1703710800,"nanoseconds":0},"tag_ids":[46126,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52286}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"spans_timebands":"N","begin":"2023-12-27T21:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Ever since the storm surge in Hamburg in 1962, it has been known that radio amateurs can provide communication support. Not only among themselves, but also in the neighborhood or in cooperation with emergency services. However, this help has changed over the years, as our everyday communication has also changed. In this brief presentation, I would therefore like to show what consequences it has for us if communication is no longer possible and what thoughts we radio amateurs have about this and what activities we try to put into practice, but also where there are problems and where non-radio amateurs can also contribute their knowledge and commitment.\n\n\nDie digitale Kommunikation aus unserem Alltag wegzudenken, fällt noch schwerer als für viele das Mobiltelefon aus der Hand zu legen. Und trotzdem beschäftigen sich Funkamateure auch mit dem Thema, wie man kommunizieren kann, wenn die konventionellen Kommunikationswege ausgefallen sind.\r\n\r\nSpeaker: DL7TNY","title":"Amateurfunk als Hilfe in Not- und Katastrophenfällen","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703710800,"nanoseconds":0},"android_description":"Ever since the storm surge in Hamburg in 1962, it has been known that radio amateurs can provide communication support. Not only among themselves, but also in the neighborhood or in cooperation with emergency services. However, this help has changed over the years, as our everyday communication has also changed. In this brief presentation, I would therefore like to show what consequences it has for us if communication is no longer possible and what thoughts we radio amateurs have about this and what activities we try to put into practice, but also where there are problems and where non-radio amateurs can also contribute their knowledge and commitment.\n\n\nDie digitale Kommunikation aus unserem Alltag wegzudenken, fällt noch schwerer als für viele das Mobiltelefon aus der Hand zu legen. Und trotzdem beschäftigen sich Funkamateure auch mit dem Thema, wie man kommunizieren kann, wenn die konventionellen Kommunikationswege ausgefallen sind.\r\n\r\nSpeaker: DL7TNY","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T21:00:00.000-0000","id":53480,"begin_timestamp":{"seconds":1703709000,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chaoswelle","hotel":"","short_name":"Chaoswelle","id":46141},"spans_timebands":"N","begin":"2023-12-27T20:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Brauchen wir wirklich einen weiteren Vortrag über Künstliche Intelligenz? In den letzten Jahren war das Thema omnipräsent, Bilder werden jetzt generiert, Texte nicht mehr selbst geschrieben und ob ich kreditwürdig bin, prüft auch so eine KI. Und wer weiß, neulich klang der Chat Bot richtig menschlich, vielleicht hat er ja doch ein Bewusstsein. \r\nIn diesem Vortrag geht es nicht um tolle Errungenschaften von KI-Systemen oder um „30 Prompts, mit denen du noch effektiver bist!“. Dieser Vortrag legt den Grundstein für ein Verständnis von maschinellem Lernen mit dem Ziel, dass du am Ende selbst die aktuellen Entwicklungen einschätzen kannst: Übertrumpfen Neuronale Netze irgendwann wirklich den Menschen? Oder können sie im Grunde gar nichts und sind massiv fehleranfällig? Und die Frage aller Fragen: Hat künstliche Intelligenz ein Bewusstsein oder steht kurz davor, eines zu entwickeln? Über all das kannst du dir nach dem Vortrag eine eigene fundiertere Meinung bilden. \n\n\nNachdem in den letzten Jahren dauernd der Weltuntergang durch KI heraufbeschworen wurde, ist es an der Zeit nachzuschauen, was diese ominösen Neuronalen Netze (NN) eigentlich sind. Wir beginnen mit einer anschaulichen Erklärung, wie ein NN funktioniert und warum es keine wirkliche Ähnlichkeit mit deinem Gehirn hat. Anschließend schrauben wir die Black Box, wie es so schön heißt, einfach einmal auf: Wie können NN erklärbar gemacht werden? Warum trifft ein Neuronales Netz diese oder jene Entscheidung? Was an der politischen Forderung nach erklärbarer KI ist tatsächlich umsetzbar? Außerdem werden wir sehen, wie NN manchmal schummeln, um eine Vorhersage zu treffen. Im Gegenzug tricksen wir sie auch gezielt aus.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"Lass mal das Innere eines Neuronalen Netzes ansehen!","end_timestamp":{"seconds":1703710200,"nanoseconds":0},"android_description":"Brauchen wir wirklich einen weiteren Vortrag über Künstliche Intelligenz? In den letzten Jahren war das Thema omnipräsent, Bilder werden jetzt generiert, Texte nicht mehr selbst geschrieben und ob ich kreditwürdig bin, prüft auch so eine KI. Und wer weiß, neulich klang der Chat Bot richtig menschlich, vielleicht hat er ja doch ein Bewusstsein. \r\nIn diesem Vortrag geht es nicht um tolle Errungenschaften von KI-Systemen oder um „30 Prompts, mit denen du noch effektiver bist!“. Dieser Vortrag legt den Grundstein für ein Verständnis von maschinellem Lernen mit dem Ziel, dass du am Ende selbst die aktuellen Entwicklungen einschätzen kannst: Übertrumpfen Neuronale Netze irgendwann wirklich den Menschen? Oder können sie im Grunde gar nichts und sind massiv fehleranfällig? Und die Frage aller Fragen: Hat künstliche Intelligenz ein Bewusstsein oder steht kurz davor, eines zu entwickeln? Über all das kannst du dir nach dem Vortrag eine eigene fundiertere Meinung bilden. \n\n\nNachdem in den letzten Jahren dauernd der Weltuntergang durch KI heraufbeschworen wurde, ist es an der Zeit nachzuschauen, was diese ominösen Neuronalen Netze (NN) eigentlich sind. Wir beginnen mit einer anschaulichen Erklärung, wie ein NN funktioniert und warum es keine wirkliche Ähnlichkeit mit deinem Gehirn hat. Anschließend schrauben wir die Black Box, wie es so schön heißt, einfach einmal auf: Wie können NN erklärbar gemacht werden? Warum trifft ein Neuronales Netz diese oder jene Entscheidung? Was an der politischen Forderung nach erklärbarer KI ist tatsächlich umsetzbar? Außerdem werden wir sehen, wie NN manchmal schummeln, um eine Vorhersage zu treffen. Im Gegenzug tricksen wir sie auch gezielt aus.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53486],"conference_id":131,"event_ids":[53820],"name":"Annika Rüll","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52289}],"timeband_id":1140,"links":[],"end":"2023-12-27T20:50:00.000-0000","id":53820,"tag_ids":[46123,46136,46139],"village_id":null,"begin_timestamp":{"seconds":1703707800,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52289}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T20:10:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Using the SuperCam microphone mounted on the Mars Perseverance Rover, recordings were made of the sounds of the Ingenuity rotorcraft as well as the popping sounds of laser sparking on stone. These audio samples, in addition to recordings of wind from other missions served as as reference sources in order to characterize the acoustic processes Mars for the first time. \r\n\r\nIt was discovered that:\r\n\r\n- The acoustic impedance of the martian atmosphere results in approximately 20 dB weaker sounds on Mars than on Earth (if produced by the same source.)\r\n\r\n- The acoustic attenuation range on Mars was discovered to be roughly between 20Hz to 20kHz.\r\n\r\n- On Mars low-pitched sounds travel at about 240 m/s (537 mph) while higher-pitched sounds move at 250 m/s (559 mph) due to the low atmospheric pressure 0.6 kPa (170 times lower than on Earth) and 97 percent CO2-dominated atmosphere (compared to 0.04 percent CO2 on Earth).\r\n\r\nThe results were published by NASA in Journal Nature as to these findings.  [https://www.nature.com/articles/s41586-022-04679-0] and on the Nasa website [https://mars.nasa.gov/mars2020/participate/sounds\r\n\r\nReferencing the paper published by NASA in Journal Nature as to these findings, analog astronaut and MDRS 286 crew artist Scott Beibin worked with master audio engineer John Knott to develop a software filter that could be used during Ptelepathetique concert performed during a two week immersive astronaut training in order to simulate the sounds of Mars.\r\n\r\nDuring the talk at 37C3 Beibin will discuss and demonstrate the comparison between the acoustic properties of the atmospheres of Earth and Mars via a demonstration of the software as well as musical Ptelepathetique performance.\r\n\r\nDuring the talk he will also present a short summary of the design patterns of the The Mars Desert Research Station which is used to train astronauts, researchers and students for offworld expeditions to the Red Planet. Additionally he will touch on the other aspects of his mission including 3D scanning of the surrounding geology as well as 3D printing of objects useful at the base using locally gathered and processed clay. \r\n\r\nThis should be an out-of-this-world treat for the Space Cadet hackers and others who like making astronauts out of themselves. \r\n\r\n\r\n++ Ptelepathetique is a musical project of inventor, engineer and artist Scott Beibin that focuses on the creation of instrumental cinematic psychoacoustic soundscapes designed to stimulate focus and creativity. Concerts usually happen outdoors in natural settings while using off-grid generated power while consisting of a mix of original musical composition as well as improvisation. Ptelepathetique is also the soundtrack for Beibin's projects The Groucho Fractal Show, AncientScan and the Mandelbot Ecotech Roadshow. \r\n\r\n++ The Mars Desert Research Station (MDRS) is a Space analog facility in Utah that supports Earth-based research in pursuit of the technology, operations, and science required for human space exploration. The remotely isolated facility created by The Mars Society offers scientists, engineers and students rigorous training for human operations on Mars as is surrounded by a landscape that is an actual geologic Mars analog.\r\n\n\n\nDate/Time: 27 December 2023 - Wednesday @ 21:10 CET +++ Simulating the Acoustics of Mars for a Concert of Martian Music by Scott Beibin (aka Ptelepathetique) +++\r\nDuring Mission 286 in November 2023 at the Mars Desert Research Station (MDRS), Analog Astronaut and crew artist Scott Beibin performed several concerts of original live musical compositions during a two week immersive astronaut training. +++\r\n\r\nThe concerts were played through a custom audio filter based on data gathered by the NASA Mars Perseverance Rover and created to simulate the acoustic properties of Mars - designed by Beibin and master audio engineer, John Knott. +++\r\n\r\nThe live sets were performed in the MDRS Science Dome as well as during EVAs while navigating the desolate terrain in a simulation space suit - at sunset with the MDRS base and remote Mars-like Utah desert serving as a backdrop. +++\r\n\r\nThis event was the first time in the 20 year history of the training facility that a music concert has been performed. +++\r\n\r\nThe presentation at 37C3 will be the first time this talk is being presented publicly. ++\r\n\r\nAdditionally there will be a full Ptelepathetique concert featuring Music of Mars (Please keep checking the schedule / Fahrplan for the announcement of the performance)\r\n","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"Music on Mars? A Musical Adventure for Astronauts and the Space Cadets Who Love Them.","android_description":"Using the SuperCam microphone mounted on the Mars Perseverance Rover, recordings were made of the sounds of the Ingenuity rotorcraft as well as the popping sounds of laser sparking on stone. These audio samples, in addition to recordings of wind from other missions served as as reference sources in order to characterize the acoustic processes Mars for the first time. \r\n\r\nIt was discovered that:\r\n\r\n- The acoustic impedance of the martian atmosphere results in approximately 20 dB weaker sounds on Mars than on Earth (if produced by the same source.)\r\n\r\n- The acoustic attenuation range on Mars was discovered to be roughly between 20Hz to 20kHz.\r\n\r\n- On Mars low-pitched sounds travel at about 240 m/s (537 mph) while higher-pitched sounds move at 250 m/s (559 mph) due to the low atmospheric pressure 0.6 kPa (170 times lower than on Earth) and 97 percent CO2-dominated atmosphere (compared to 0.04 percent CO2 on Earth).\r\n\r\nThe results were published by NASA in Journal Nature as to these findings.  [https://www.nature.com/articles/s41586-022-04679-0] and on the Nasa website [https://mars.nasa.gov/mars2020/participate/sounds\r\n\r\nReferencing the paper published by NASA in Journal Nature as to these findings, analog astronaut and MDRS 286 crew artist Scott Beibin worked with master audio engineer John Knott to develop a software filter that could be used during Ptelepathetique concert performed during a two week immersive astronaut training in order to simulate the sounds of Mars.\r\n\r\nDuring the talk at 37C3 Beibin will discuss and demonstrate the comparison between the acoustic properties of the atmospheres of Earth and Mars via a demonstration of the software as well as musical Ptelepathetique performance.\r\n\r\nDuring the talk he will also present a short summary of the design patterns of the The Mars Desert Research Station which is used to train astronauts, researchers and students for offworld expeditions to the Red Planet. Additionally he will touch on the other aspects of his mission including 3D scanning of the surrounding geology as well as 3D printing of objects useful at the base using locally gathered and processed clay. \r\n\r\nThis should be an out-of-this-world treat for the Space Cadet hackers and others who like making astronauts out of themselves. \r\n\r\n\r\n++ Ptelepathetique is a musical project of inventor, engineer and artist Scott Beibin that focuses on the creation of instrumental cinematic psychoacoustic soundscapes designed to stimulate focus and creativity. Concerts usually happen outdoors in natural settings while using off-grid generated power while consisting of a mix of original musical composition as well as improvisation. Ptelepathetique is also the soundtrack for Beibin's projects The Groucho Fractal Show, AncientScan and the Mandelbot Ecotech Roadshow. \r\n\r\n++ The Mars Desert Research Station (MDRS) is a Space analog facility in Utah that supports Earth-based research in pursuit of the technology, operations, and science required for human space exploration. The remotely isolated facility created by The Mars Society offers scientists, engineers and students rigorous training for human operations on Mars as is surrounded by a landscape that is an actual geologic Mars analog.\r\n\n\n\nDate/Time: 27 December 2023 - Wednesday @ 21:10 CET +++ Simulating the Acoustics of Mars for a Concert of Martian Music by Scott Beibin (aka Ptelepathetique) +++\r\nDuring Mission 286 in November 2023 at the Mars Desert Research Station (MDRS), Analog Astronaut and crew artist Scott Beibin performed several concerts of original live musical compositions during a two week immersive astronaut training. +++\r\n\r\nThe concerts were played through a custom audio filter based on data gathered by the NASA Mars Perseverance Rover and created to simulate the acoustic properties of Mars - designed by Beibin and master audio engineer, John Knott. +++\r\n\r\nThe live sets were performed in the MDRS Science Dome as well as during EVAs while navigating the desolate terrain in a simulation space suit - at sunset with the MDRS base and remote Mars-like Utah desert serving as a backdrop. +++\r\n\r\nThis event was the first time in the 20 year history of the training facility that a music concert has been performed. +++\r\n\r\nThe presentation at 37C3 will be the first time this talk is being presented publicly. ++\r\n\r\nAdditionally there will be a full Ptelepathetique concert featuring Music of Mars (Please keep checking the schedule / Fahrplan for the announcement of the performance)","end_timestamp":{"seconds":1703710200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53235],"conference_id":131,"event_ids":[53611],"name":"Scott Beibin","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52348}],"timeband_id":1140,"links":[],"end":"2023-12-27T20:50:00.000-0000","id":53611,"begin_timestamp":{"seconds":1703707800,"nanoseconds":0},"tag_ids":[46118,46136,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52348}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"begin":"2023-12-27T20:10:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Die Astronomie weiß aktuell von 95 % der Energie und Masse im Universum nicht, woraus sie bestehen. Neben 5 % „normaler“ Materie (Sterne, Gas, die Erde, CCC-Kongressteilnehmer\\*innen, …) gibt es mindestens fünfmal so viel so genannte dunkle Materie und darüberhinaus sind die restlichen 70 % das, was dunkle Energie genannt wird. Bei beidem wissen wir bislang nicht, woraus sie bestehen – wir kennen nur deren Wirkung! Galaxien rotieren anders, als sie es nur mit normaler Materie tun würden. Und das Universum expandiert – seit dem Urknall – aber die Expansionsgeschwindigkeit nimmt zu und nicht ab, wie von anziehender Materie zu erwarten wäre. Irgendwas drückt den Raum an sich auseinander.\r\n\r\nEuclid ist ein Teleskop, eine Mission und ein Konsortium aus mehreren tausend Menschen, von denen viele seit ca. 2008 an den Ideen zu dieser Mission arbeiten, viele hundert an der Planung und dem Bau zweier hoch empfindlicher Kameras mit insgesamt knapp 700 Millionen Pixel und jetzt ein- bis zweitausend Interessierten, welche die bald erwarteten wissenschaftlichen Bilder auswerten wollen.\r\n\r\nIch möchte die Ziele erläutern, wie man aus der Vermessung der Form von Galaxien unsichtbare dunkle Materie im Vordergrund aufspürt („schwacher Gravitationslinseneffekt“) und warum es einen „kosmischen Längenmaßstab“ gibt, mit dem man die Ausdehnung des Universums über zehn Milliarden Jahre in der Vergangenheit vermessen kann.\r\n\r\nSchließlich möchte ich die ersten fünf Bilder zeigen, die von Euclid aufgenommen und von der ESA im November veröffentlicht wurden – und warum in denen so viel mehr drinsteckt, als man auf einem Computermonitor so sieht.\n\n\n„Euclid\" ist ein neues Weltraumteleskop der Europäischen Weltraumbehörde mit Beteiligungen eines Wissenschaftskonsortiums aus vierzehn europäischen Ländern, den USA, Kanada und Japan. Euclid wurde am 1. Juli 2023 gestartet und beginnt bis Ende des Jahres seine auf 6 Jahre geplante wissenschaftliche Himmelsdurchmusterung. Euclid wird mit seinem Spiegel von 1,20 m Durchmesser und seinen zwei Kameras Bilder und Spektren von einem Drittel des gesamten Himmels aufnehmen. Das Ziel: mit der genauen Vermessung von insgesamt zwei Milliarden Galaxien der Natur von „Dunkler Materie\" und „Dunkler Energie\" im Universum auf den Grund zu gehen – die zwar zusammen 95 % der Gesamtenergie ausmachen, von denen wir aber nicht wissen, was sie sind und woraus sie bestehen. Euclid hat im November erste spektakuläre Bilder veröffentlicht. Ich werde die Mission vorstellen, die wissenschaftlichen Ziele, die Methoden und darauf eingehen, was in den 25 Jahren von Idee über Teleskop zu wissenschaftlicher Erkenntnis so alles zu erledigen war und ist.","title":"Euclid – das neue Weltraumteleskop","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703710200,"nanoseconds":0},"android_description":"Die Astronomie weiß aktuell von 95 % der Energie und Masse im Universum nicht, woraus sie bestehen. Neben 5 % „normaler“ Materie (Sterne, Gas, die Erde, CCC-Kongressteilnehmer\\*innen, …) gibt es mindestens fünfmal so viel so genannte dunkle Materie und darüberhinaus sind die restlichen 70 % das, was dunkle Energie genannt wird. Bei beidem wissen wir bislang nicht, woraus sie bestehen – wir kennen nur deren Wirkung! Galaxien rotieren anders, als sie es nur mit normaler Materie tun würden. Und das Universum expandiert – seit dem Urknall – aber die Expansionsgeschwindigkeit nimmt zu und nicht ab, wie von anziehender Materie zu erwarten wäre. Irgendwas drückt den Raum an sich auseinander.\r\n\r\nEuclid ist ein Teleskop, eine Mission und ein Konsortium aus mehreren tausend Menschen, von denen viele seit ca. 2008 an den Ideen zu dieser Mission arbeiten, viele hundert an der Planung und dem Bau zweier hoch empfindlicher Kameras mit insgesamt knapp 700 Millionen Pixel und jetzt ein- bis zweitausend Interessierten, welche die bald erwarteten wissenschaftlichen Bilder auswerten wollen.\r\n\r\nIch möchte die Ziele erläutern, wie man aus der Vermessung der Form von Galaxien unsichtbare dunkle Materie im Vordergrund aufspürt („schwacher Gravitationslinseneffekt“) und warum es einen „kosmischen Längenmaßstab“ gibt, mit dem man die Ausdehnung des Universums über zehn Milliarden Jahre in der Vergangenheit vermessen kann.\r\n\r\nSchließlich möchte ich die ersten fünf Bilder zeigen, die von Euclid aufgenommen und von der ESA im November veröffentlicht wurden – und warum in denen so viel mehr drinsteckt, als man auf einem Computermonitor so sieht.\n\n\n„Euclid\" ist ein neues Weltraumteleskop der Europäischen Weltraumbehörde mit Beteiligungen eines Wissenschaftskonsortiums aus vierzehn europäischen Ländern, den USA, Kanada und Japan. Euclid wurde am 1. Juli 2023 gestartet und beginnt bis Ende des Jahres seine auf 6 Jahre geplante wissenschaftliche Himmelsdurchmusterung. Euclid wird mit seinem Spiegel von 1,20 m Durchmesser und seinen zwei Kameras Bilder und Spektren von einem Drittel des gesamten Himmels aufnehmen. Das Ziel: mit der genauen Vermessung von insgesamt zwei Milliarden Galaxien der Natur von „Dunkler Materie\" und „Dunkler Energie\" im Universum auf den Grund zu gehen – die zwar zusammen 95 % der Gesamtenergie ausmachen, von denen wir aber nicht wissen, was sie sind und woraus sie bestehen. Euclid hat im November erste spektakuläre Bilder veröffentlicht. Ich werde die Mission vorstellen, die wissenschaftlichen Ziele, die Methoden und darauf eingehen, was in den 25 Jahren von Idee über Teleskop zu wissenschaftlicher Erkenntnis so alles zu erledigen war und ist.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53225],"conference_id":131,"event_ids":[53602],"name":"Knud Jahnke","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52452}],"timeband_id":1140,"links":[{"label":"Homepage des Euclid Consortiums","type":"link","url":"https://www.euclid-ec.org"},{"label":"Homepage des Euclid-Projekts bei der Europäischen Weltraumbehörde","type":"link","url":"https://www.esa.int/Science_Exploration/Space_Science/Euclid"}],"end":"2023-12-27T20:50:00.000-0000","id":53602,"tag_ids":[46123,46136,46139],"begin_timestamp":{"seconds":1703707800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52452}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","begin":"2023-12-27T20:10:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Trainingssession noHackerjeopardy (closed session)\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Trainingssession noHackerjeopardy (closed session)","android_description":"Trainingssession noHackerjeopardy (closed session)","end_timestamp":{"seconds":1703710800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T21:00:00.000-0000","id":53878,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703707200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"N","begin":"2023-12-27T20:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Das SBGG ist aktuell breit diskutiert. Wir wollen einmal den Aktuellen Stand durchgehen, mit dem TSG vergleichen und mit den Erfahrungen anderer trans Personen und deren Umfeld abgleichen. Hierbei soll auch die Diskussion und im besonderen die Absurditäten in der Debatte erörtert werden.\n\n\n- Abfrage des Wissensstandes\r\n- Kurze Einführung ins Thema und was bisher geschah\r\n- kurzer Einblick zu aktuellen Veränderungen\r\n- Fragen zu aktuellem Stand und Unklarheiten\r\n- Diskussion mit Anekdoten aus eigenen Erfahrungen und dummen Aussagen?\r\n\r\nCN; Transfeindlichkeit, Pathologisierung, Sexualisierte Gewalt, Psychische Gewalt, Institutionalisierte Gewalt","title":"Gemeinsame Aufarbeitung und Diskussion zum aktuellen Stand des Selbstbestimmungsgesetzes","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#7f73c6","name":"Workshop","id":46133},"end_timestamp":{"seconds":1703714400,"nanoseconds":0},"android_description":"Das SBGG ist aktuell breit diskutiert. Wir wollen einmal den Aktuellen Stand durchgehen, mit dem TSG vergleichen und mit den Erfahrungen anderer trans Personen und deren Umfeld abgleichen. Hierbei soll auch die Diskussion und im besonderen die Absurditäten in der Debatte erörtert werden.\n\n\n- Abfrage des Wissensstandes\r\n- Kurze Einführung ins Thema und was bisher geschah\r\n- kurzer Einblick zu aktuellen Veränderungen\r\n- Fragen zu aktuellem Stand und Unklarheiten\r\n- Diskussion mit Anekdoten aus eigenen Erfahrungen und dummen Aussagen?\r\n\r\nCN; Transfeindlichkeit, Pathologisierung, Sexualisierte Gewalt, Psychische Gewalt, Institutionalisierte Gewalt","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53165,53268],"conference_id":131,"event_ids":[53640,53505],"name":"captain-maramo","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52282}],"timeband_id":1140,"links":[],"end":"2023-12-27T22:00:00.000-0000","id":53640,"village_id":null,"tag_ids":[46133,46139],"begin_timestamp":{"seconds":1703707200,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52282}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T20:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"A space to share about middlewear and browser extensions.\r\nBoth academic use and interest (like the project that the convener proposes) and use for making web pages more customizable. \r\n\r\nExample topics we could chat about:\r\n - Projects in the space\r\n - Legal aspects\r\n - what's possible on apps\r\n - the beeper story/iMessage reverse-engineering\r\n - ...\n\n\n","title":"Middlewear and Browser Extensions Meetup","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"A space to share about middlewear and browser extensions.\r\nBoth academic use and interest (like the project that the convener proposes) and use for making web pages more customizable. \r\n\r\nExample topics we could chat about:\r\n - Projects in the space\r\n - Legal aspects\r\n - what's possible on apps\r\n - the beeper story/iMessage reverse-engineering\r\n - ...","end_timestamp":{"seconds":1703710800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T21:00:00.000-0000","id":53625,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703707200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"begin":"2023-12-27T20:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Has the Internet and by extension social media become solely a theater of misinformation and non-linear amusement, fed to us by puppeteer algorithms? Another social media outreach is possible! Can the Fediverse make official communication of Public Administrations more accessible, more democratic, more unbiased and therefor trustworthy? Is it the public broadcasting of social media outreach — boring but necessary? Or will it it be a circus show rivalling the Xitter drama? Aiming the reach of Youtube and co?\r\n\r\nFrom juggling moderation, over server performances, to affordances for organising alternatives to the current Circus Maximus, these and more intersecting topics of governance and self-hosting will be discussed. Guests include digital activists, developers for ActivityPub, and the showmasters related to EU Voice and Video — a pioneering pilot project showing open source alternatives for social media outreach to EU institutions. \r\n\r\nTune in to learn about political, social, and technical strategies that we can all use to promote the adoption of the Fediverse by national, local, and regional governments, as well as public and civil society institutions. Or in short: How to win over the clowns!","title":"Who Killed The Internet? And a promising alternative for Public Communication and Social Media: the Fediverse!","type":{"conference_id":131,"conference":"37C3","color":"#4cd5fe","updated_at":"2024-06-07T03:40+0000","name":"Live podcast stage (45 minutes)","id":46126},"end_timestamp":{"seconds":1703709900,"nanoseconds":0},"android_description":"Has the Internet and by extension social media become solely a theater of misinformation and non-linear amusement, fed to us by puppeteer algorithms? Another social media outreach is possible! Can the Fediverse make official communication of Public Administrations more accessible, more democratic, more unbiased and therefor trustworthy? Is it the public broadcasting of social media outreach — boring but necessary? Or will it it be a circus show rivalling the Xitter drama? Aiming the reach of Youtube and co?\r\n\r\nFrom juggling moderation, over server performances, to affordances for organising alternatives to the current Circus Maximus, these and more intersecting topics of governance and self-hosting will be discussed. Guests include digital activists, developers for ActivityPub, and the showmasters related to EU Voice and Video — a pioneering pilot project showing open source alternatives for social media outreach to EU institutions. \r\n\r\nTune in to learn about political, social, and technical strategies that we can all use to promote the adoption of the Fediverse by national, local, and regional governments, as well as public and civil society institutions. Or in short: How to win over the clowns!","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T20:45:00.000-0000","id":53569,"village_id":null,"begin_timestamp":{"seconds":1703707200,"nanoseconds":0},"tag_ids":[46126,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T20:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://events.ccc.de/congress/2023/hub/en/event/getting-started-with-pocket-science-lab_7pmx/\n\n\nThe goal of this workshop is to introduce participants to the PSLab and to enable them to conduct experiments using sensors as well as to control small servos of mini robots. PSLab website: https://pslab.io","title":"Getting started with Pocket Science Lab (Alex Bessman, Marco A. Gutierrez)","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"https://events.ccc.de/congress/2023/hub/en/event/getting-started-with-pocket-science-lab_7pmx/\n\n\nThe goal of this workshop is to introduce participants to the PSLab and to enable them to conduct experiments using sensors as well as to control small servos of mini robots. PSLab website: https://pslab.io","end_timestamp":{"seconds":1703710800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T21:00:00.000-0000","id":53563,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703707200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"spans_timebands":"N","begin":"2023-12-27T20:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Hidden, like a hero whose tale is lost to time, there is a common thread weaving through analog television, video, and modern digital imaging. That thread is called luma-chroma colour spaces, and powers how humans are able to see, process, and transmit colours across a variety of media and purposes.\r\n\r\nThis talk is intended to lift the veil about these color spaces; we will cover their origins, what they are intended for, and showcase samples covering the past 60 years of imaging technologies. Examples include (but are not limited) to: NTSC, PAL, the Okta color spaces, YCbCr, XYB...\n\n\nThis talk will introduce luma-chroma colour spaces: what they are, their reason for existence, why they are useful, and real world examples.","title":"The Unsung Heroes of Imaging","type":{"conference_id":131,"conference":"37C3","color":"#f6ae74","updated_at":"2024-06-07T03:40+0000","name":"Talk 90 Minuten +15m Q&A","id":46132},"android_description":"Hidden, like a hero whose tale is lost to time, there is a common thread weaving through analog television, video, and modern digital imaging. That thread is called luma-chroma colour spaces, and powers how humans are able to see, process, and transmit colours across a variety of media and purposes.\r\n\r\nThis talk is intended to lift the veil about these color spaces; we will cover their origins, what they are intended for, and showcase samples covering the past 60 years of imaging technologies. Examples include (but are not limited) to: NTSC, PAL, the Okta color spaces, YCbCr, XYB...\n\n\nThis talk will introduce luma-chroma colour spaces: what they are, their reason for existence, why they are useful, and real world examples.","end_timestamp":{"seconds":1703710800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53200],"conference_id":131,"event_ids":[53518],"name":"Amyspark","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52249}],"timeband_id":1140,"links":[],"end":"2023-12-27T21:00:00.000-0000","id":53518,"village_id":null,"begin_timestamp":{"seconds":1703707200,"nanoseconds":0},"tag_ids":[46132,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52249}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"spans_timebands":"N","begin":"2023-12-27T20:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Die Click! Clack! Hack! Late Night auf dem Congress","title":"Click! Clack! Hack!","type":{"conference_id":131,"conference":"37C3","color":"#53b574","updated_at":"2024-06-07T03:40+0000","name":"Podcasting table (90 minutes)","id":46129},"end_timestamp":{"seconds":1703712600,"nanoseconds":0},"android_description":"Die Click! Clack! Hack! Late Night auf dem Congress","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53169],"conference_id":131,"event_ids":[53517],"name":"0x17","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52290}],"timeband_id":1140,"links":[],"end":"2023-12-27T21:30:00.000-0000","id":53517,"begin_timestamp":{"seconds":1703707200,"nanoseconds":0},"tag_ids":[46129,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52290}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T20:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Sources used (all in German), and contact to activists are below\r\n\r\nIn December 2023, German Parliament passed two acts concerning health data administration. From 2025, for patients insured by the compulsory health insurance scheme (85 % of population), their visits at doctors shall be registered in an Electronic Health Record (EHR) provided by their health insurance. Content data will be available e.g. for research purposes. Insured persons shall be entitled to object to the establishment of such health insurer's EHR, in which case they will not get one. \r\n\r\nWe inform about these plans in a little more in detail, as there will be some more options available. And we will discuss about a platform suporting patient's decisions about this \"opt-out\".\r\n\r\nSpeakers: jockel, Flysch, novider\r\n\r\npresentation used: https://patientenrechte-datenschutz.de/wp-content/uploads/2023/11/UeberblickRegelungenEPA.pdf \r\n\r\nGenerator for GDPR requests and model for an opt-out generator: https://kassenauskunft.de \r\n\r\nStadtement of umbrella organization of German medical self-help groups concerning German health system digitization and opt-out regulation: https://www.bundestag.de/resource/blob/977586/fedb093686884ac9bcc868bab17e7557/20_14_0163-30-_BAG-Selbsthilfe_DigitalG_nicht-barrierefrei.pdf \r\n\r\nTopical critical groups of German health service providers concerning digitization of health services:\r\n\r\nhttps://www.gesundheitsdaten-in-gefahr.de/#\r\n\r\nMany further groups are here, but this page has not been updated regularly:\r\nhttps://patientenrechte-datenschutz.de/widerstand-von-aerztinnen-gegen-die-telematik-infrastruktur-auf-breiter-front/\r\n\r\nContact to organizers: kontakt@patientenrechte-datenschutz.de\n\n\n","title":"Elektronische Patientenakte - Opt-Out - wie soll das gehen?","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Sources used (all in German), and contact to activists are below\r\n\r\nIn December 2023, German Parliament passed two acts concerning health data administration. From 2025, for patients insured by the compulsory health insurance scheme (85 % of population), their visits at doctors shall be registered in an Electronic Health Record (EHR) provided by their health insurance. Content data will be available e.g. for research purposes. Insured persons shall be entitled to object to the establishment of such health insurer's EHR, in which case they will not get one. \r\n\r\nWe inform about these plans in a little more in detail, as there will be some more options available. And we will discuss about a platform suporting patient's decisions about this \"opt-out\".\r\n\r\nSpeakers: jockel, Flysch, novider\r\n\r\npresentation used: https://patientenrechte-datenschutz.de/wp-content/uploads/2023/11/UeberblickRegelungenEPA.pdf \r\n\r\nGenerator for GDPR requests and model for an opt-out generator: https://kassenauskunft.de \r\n\r\nStadtement of umbrella organization of German medical self-help groups concerning German health system digitization and opt-out regulation: https://www.bundestag.de/resource/blob/977586/fedb093686884ac9bcc868bab17e7557/20_14_0163-30-_BAG-Selbsthilfe_DigitalG_nicht-barrierefrei.pdf \r\n\r\nTopical critical groups of German health service providers concerning digitization of health services:\r\n\r\nhttps://www.gesundheitsdaten-in-gefahr.de/#\r\n\r\nMany further groups are here, but this page has not been updated regularly:\r\nhttps://patientenrechte-datenschutz.de/widerstand-von-aerztinnen-gegen-die-telematik-infrastruktur-auf-breiter-front/\r\n\r\nContact to organizers: kontakt@patientenrechte-datenschutz.de","end_timestamp":{"seconds":1703709900,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T20:45:00.000-0000","id":53617,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703704500,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T19:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Being born blind or losing sight is a major challenge, as it impairs the ability to acquire information about surroundings, to manage everyday life independently and, consequently, to participate equally in social, public and economic life. Technical aids developed to assist VIPs with certain tasks work well in the laboratory but regularly fail in practice because they are bulky or user-unfriendly. As a result, the target group resorts to traditional tools or simply lives with the shortcomings. Given the rapid changes in technology and low cost of digital tools, I saw great potential in addressing this issue as an interaction design project.\r\n\r\nThe result is an open-source Sensory Substitution device – the Unfolding Space Glove: it transmits the relative position and distance of nearby objects, detected by an on-board 3D camera, to the back of the hand in the form of vibratory stimuli. This allows the user to haptically explore the depth of the surrounding space and assists with navigation tasks such as object recognition and wayfinding. The prototype requires no external hardware, is highly portable, works in all lighting conditions, and provides continuous and immediate feedback – all while being visually unobtrusive.\r\n\r\nThe basic premise of the proposed concept of Sensory Substitution is that the function of a missing or impaired human sensory modality can be replaced by stimulating another sensory modality using the missing information. This only works because the brain is plastic enough to learn to associate the new stimuli with the missing modality, as long as they share the same basic characteristics. There have been a number of projects looking at this, but so far very few practical implementations have been proposed, which in turn are used by a negligible number of people. While the technology used is sometimes highly sophisticated, design and usability often suffer.\r\n\r\nTaking into account the problems of existing devices and specifically addressing usability and interaction design requirements, the Unfolding Space Glove was designed and developed in a four-year interaction design research project. In 2021, the prototype was tested in an empirical study with 14 sighted and blind subjects, the results of which were published in a scientific, peer-reviewed paper in 2022.\r\n\r\nI would like to introduce you to the field of Sensory Substitution, share this project with you, show pitfalls, problems (for me coming from a non-IT background) and some technical details and ask for your feedback and input. I will have the device with me if you want to have a closer look at it after the talk. Testing would only be possible in smaller groups by appointment.\n\n\nThe Unfolding Space Glove transmits the relative position and distance of nearby objects as vibratory stimuli to the back of the hand, enabling blind people to haptically explore the depth of their surroundings. The talk will give a brief overview of the design research project, from the first prototypes to an empirical study and its publication, and provide insights into the underlying hardware and software.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"The Unfolding Space Glove","end_timestamp":{"seconds":1703706900,"nanoseconds":0},"android_description":"Being born blind or losing sight is a major challenge, as it impairs the ability to acquire information about surroundings, to manage everyday life independently and, consequently, to participate equally in social, public and economic life. Technical aids developed to assist VIPs with certain tasks work well in the laboratory but regularly fail in practice because they are bulky or user-unfriendly. As a result, the target group resorts to traditional tools or simply lives with the shortcomings. Given the rapid changes in technology and low cost of digital tools, I saw great potential in addressing this issue as an interaction design project.\r\n\r\nThe result is an open-source Sensory Substitution device – the Unfolding Space Glove: it transmits the relative position and distance of nearby objects, detected by an on-board 3D camera, to the back of the hand in the form of vibratory stimuli. This allows the user to haptically explore the depth of the surrounding space and assists with navigation tasks such as object recognition and wayfinding. The prototype requires no external hardware, is highly portable, works in all lighting conditions, and provides continuous and immediate feedback – all while being visually unobtrusive.\r\n\r\nThe basic premise of the proposed concept of Sensory Substitution is that the function of a missing or impaired human sensory modality can be replaced by stimulating another sensory modality using the missing information. This only works because the brain is plastic enough to learn to associate the new stimuli with the missing modality, as long as they share the same basic characteristics. There have been a number of projects looking at this, but so far very few practical implementations have been proposed, which in turn are used by a negligible number of people. While the technology used is sometimes highly sophisticated, design and usability often suffer.\r\n\r\nTaking into account the problems of existing devices and specifically addressing usability and interaction design requirements, the Unfolding Space Glove was designed and developed in a four-year interaction design research project. In 2021, the prototype was tested in an empirical study with 14 sighted and blind subjects, the results of which were published in a scientific, peer-reviewed paper in 2022.\r\n\r\nI would like to introduce you to the field of Sensory Substitution, share this project with you, show pitfalls, problems (for me coming from a non-IT background) and some technical details and ask for your feedback and input. I will have the device with me if you want to have a closer look at it after the talk. Testing would only be possible in smaller groups by appointment.\n\n\nThe Unfolding Space Glove transmits the relative position and distance of nearby objects as vibratory stimuli to the back of the hand, enabling blind people to haptically explore the depth of their surroundings. The talk will give a brief overview of the design research project, from the first prototypes to an empirical study and its publication, and provide insights into the underlying hardware and software.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53234],"conference_id":131,"event_ids":[53610],"name":"Jakob Kilian","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52342}],"timeband_id":1140,"links":[{"label":"Project Website","type":"link","url":"https://unfoldingspace.org"},{"label":"Github Repo","type":"link","url":"https://github.com/jakobkilian/unfolding-space"},{"label":"Research Paper","type":"link","url":"https://www.mdpi.com/1518958"},{"label":"Study Videos","type":"link","url":"https://vimeo.com/channels/unfoldingspace"},{"label":"Building Instructions","type":"link","url":"https://hackaday.io/project/163784-unfolding-space"},{"label":"Presentation Slides","type":"link","url":"https://send.tresorit.com/a#Oq9Rjc7ljSQ0WrCHezaHeg"}],"end":"2023-12-27T19:55:00.000-0000","id":53610,"begin_timestamp":{"seconds":1703704500,"nanoseconds":0},"village_id":null,"tag_ids":[46122,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52342}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","begin":"2023-12-27T19:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"With the release of the iPhone 14, users can reach out to emergency services by sending an SOS message via a satellite link directly from their phone. This use of the GlobalStar network facilitates two-way communication with emergency responders through the Messages app. Users can easily send text messages and respond to queries. This communication channel, due to its sensitive nature, demands robust security and authentication. It is imperative for Apple to ensure that the system is foolproof, negating the possibility of dispatching emergency responders to incorrect locations or individuals. Equally significant is the protection of the privacy of those in need, including their location and the nature of their emergency.\r\n\r\nIn our talk, we demonstrate how a rooted iPhone without satellite capabilities can be tricked into thinking that it can communicate with the satellite network. This technique allows us to trigger various emergency situations without actually contacting emergency services. On the rooted iPhone, we can then inspect the transport security and key derivation while these features are being used. We will present various insights into the proprietary satellite communication protocol based on this analysis.\r\n\r\nMoreover, Apple's satellite features allow users to share their location in Find My with up to ten friends via a satellite link. This capability serves as a convenient tool for staying connected with friends and family while venturing off the beaten path. We’ll take a look into how this new Find My extension is implemented.\n\n\nApple's cutting-edge emergency SOS and location sharing services provide crucial communication alternatives when no cellular network is available. This talk will shed light on how these satellite services work, how they are integrated into existing fall and crash detection, present the security measures employed to safeguard resource access and privacy, and explore how this communication is embedded within the operating system.","title":"Bifröst: Apple's Rainbow Bridge for Satellite Communication","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"android_description":"With the release of the iPhone 14, users can reach out to emergency services by sending an SOS message via a satellite link directly from their phone. This use of the GlobalStar network facilitates two-way communication with emergency responders through the Messages app. Users can easily send text messages and respond to queries. This communication channel, due to its sensitive nature, demands robust security and authentication. It is imperative for Apple to ensure that the system is foolproof, negating the possibility of dispatching emergency responders to incorrect locations or individuals. Equally significant is the protection of the privacy of those in need, including their location and the nature of their emergency.\r\n\r\nIn our talk, we demonstrate how a rooted iPhone without satellite capabilities can be tricked into thinking that it can communicate with the satellite network. This technique allows us to trigger various emergency situations without actually contacting emergency services. On the rooted iPhone, we can then inspect the transport security and key derivation while these features are being used. We will present various insights into the proprietary satellite communication protocol based on this analysis.\r\n\r\nMoreover, Apple's satellite features allow users to share their location in Find My with up to ten friends via a satellite link. This capability serves as a convenient tool for staying connected with friends and family while venturing off the beaten path. We’ll take a look into how this new Find My extension is implemented.\n\n\nApple's cutting-edge emergency SOS and location sharing services provide crucial communication alternatives when no cellular network is available. This talk will shed light on how these satellite services work, how they are integrated into existing fall and crash detection, present the security measures employed to safeguard resource access and privacy, and explore how this communication is embedded within the operating system.","end_timestamp":{"seconds":1703706900,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53224],"conference_id":131,"event_ids":[53601],"name":"jiska","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52270},{"content_ids":[53224],"conference_id":131,"event_ids":[53601],"name":"Alexander Heinrich","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52472}],"timeband_id":1140,"links":[],"end":"2023-12-27T19:55:00.000-0000","id":53601,"begin_timestamp":{"seconds":1703704500,"nanoseconds":0},"tag_ids":[46124,46136,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52472},{"tag_id":46107,"sort_order":1,"person_id":52270}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T19:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Der Bund kauft jährlich für 260 Mrd. € ein, auch für mehr als 1 Mrd. IT, er betreibt über 180 Rechenzentren, förderte in 2023 über 400 KI-Projekte, setzt selbst über 100 Mal KI-Systeme ein und hat noch aus vielen weiteren Gründen mit seiner IT eine erhebliche Klimawirkung. Wie die GroKo hat sich auch die Ampel auf die Fahnen geschrieben, die Digitalisierung klimafreundlicher zu machen, ganz allgemein – durch Regulierung für alle (z. B. im Energieeffizienzgesetz), aber auch in eigener Verantwortung, bei den eigenen Rechenzentren, Software oder IT-Dienstleistungen. Die Ankündigungen dazu sind wohltönend, z. B. im Koalitionsvertrag und in der Digitalstrategie. Bundesbehörden und Rechenzentren sollen klimafreundlich(er) werden, es soll mehr Transparenz geben, z. B. über ein Energieeffizienzregister für Rechenzentren, es wurde versprochen, dass Vergabeprozesse die Nachhaltigkeit berücksichtigen sollen, auch beim Einkauf von IT und IT-Dienstleistungen, z. B. durch standardmäßigen Einkauf von IT mit Blauem Engel – auch bei Software. Selbst der Ausbau der Gigabitinfrastruktur sollte nachhaltiger werden. Aber passiert das alles auch?\r\n\r\nIch nutze meine parlamentarischen Rechte als Bundestagsabgeordnete der Opposition (DIE LINKE), um über schriftliche Fragen und Kleine Anfragen Fakten dazu öffentlich zu machen und die große Kluft zwischen Anspruch und Wirklichkeit zu zeigen. Dabei geht es einerseits um das Vorhandensein von Daten (you get what you measure!) – tatsächlich also um einen Mangel an Transparenz zur Baseline – und andererseits um die Daten selbst, also wie gut oder schlecht die Nachhaltigkeit jeweils ist.\r\n\r\nEinen Schwerpunkt lege ich dabei auf die Klimafreundlichkeit von Rechenzentren, aber auch zu anderen Themen gibt’s für Euch Fakten: zur Wiederverwendung von Hardware, zum Recht auf Reparatur und der (versprochenen!) Förderung von Reparatur-Initiativen, zur Berücksichtigung von Nachhaltigkeitsaspekten bei der Vergabe von Hunderten Millionen Euro Fördergelder für KI-Projekte, zu Websites, Software und mehr. Da ich seit mehreren Jahren zur Nachhaltigkeit der Bundes-IT Kleine Anfragen stelle und die Digitalpolitik der Bundesregierung aus dem Maschinenraum des Bundestages verfolge, kann ich auch die Entwicklung beschreiben und werde Euch zeigen, wie die Ampel-Regierung sich einfach die Latte immer niedriger hängt und vermutlich trotzdem kaum eines ihrer Nachhaltigkeitsziele erreichen wird. Beim 37C3 werde ich erstmalig die Ergebnisse meiner jüngsten Anfrage vom November 2023 öffentlich vorstellen.\r\n\r\nBei aller Frustration über den Status Quo zeigt mein Vortrag aber auch, welche riesigen Potenziale noch gehoben werden könnten, um tatsächlich eine nachhaltigere Digitalisierung zu erreichen – und dafür ist es nie zu spät! \n\n\nWie der Bund seine IT einkauft und betreibt, hat eine erhebliche Auswirkung auf das Klima.\r\n\r\nGroKo und Ampel-Regierung waren und sind daher groß im Ankündigen grüner IT: in digitalpolitischer Umweltagenda, Koalitionsvertrag, Digitalstrategie und Gigabitstrategie. Wie weit Anspruch und Wirklichkeit auseinanderklaffen, erfrage ich als Bundestagsabgeordnete regelmäßig mit Kleinen Anfragen und schriftlichen Fragen. Ich verspreche kleine Hoffnungsschimmer, aber auch Frustration, denn meine neueste Anfrage vom November 2023 deckt schonungslos auf, wie intransparent und wie wenig nachhaltig die IT des Bundes immer noch ist und wie die Ampel sich die Latte immer tiefer hängt und trotzdem nicht drüber kommt.\r\n\r\nDas Potenzial des Bundes als Großverbraucher (z. B. mit über 180 Rechenzentren), als Finanzierer (z. B. von über 400 KI-Projekten) und als Regulierer (z. B. beim Energieeffizienzgesetz oder beim Überbau von Glasfaser) ist aber riesig, auch das werde ich vermitteln und die Stellschrauben beschreiben, an denen man drehen könnte, um IT weniger klimaschädlich zu machen – auch außerhalb des Bundes. ","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"Klimafreundliche Digitalisierung: Koalitionsvertrag vs. Wirklichkeit","end_timestamp":{"seconds":1703706900,"nanoseconds":0},"android_description":"Der Bund kauft jährlich für 260 Mrd. € ein, auch für mehr als 1 Mrd. IT, er betreibt über 180 Rechenzentren, förderte in 2023 über 400 KI-Projekte, setzt selbst über 100 Mal KI-Systeme ein und hat noch aus vielen weiteren Gründen mit seiner IT eine erhebliche Klimawirkung. Wie die GroKo hat sich auch die Ampel auf die Fahnen geschrieben, die Digitalisierung klimafreundlicher zu machen, ganz allgemein – durch Regulierung für alle (z. B. im Energieeffizienzgesetz), aber auch in eigener Verantwortung, bei den eigenen Rechenzentren, Software oder IT-Dienstleistungen. Die Ankündigungen dazu sind wohltönend, z. B. im Koalitionsvertrag und in der Digitalstrategie. Bundesbehörden und Rechenzentren sollen klimafreundlich(er) werden, es soll mehr Transparenz geben, z. B. über ein Energieeffizienzregister für Rechenzentren, es wurde versprochen, dass Vergabeprozesse die Nachhaltigkeit berücksichtigen sollen, auch beim Einkauf von IT und IT-Dienstleistungen, z. B. durch standardmäßigen Einkauf von IT mit Blauem Engel – auch bei Software. Selbst der Ausbau der Gigabitinfrastruktur sollte nachhaltiger werden. Aber passiert das alles auch?\r\n\r\nIch nutze meine parlamentarischen Rechte als Bundestagsabgeordnete der Opposition (DIE LINKE), um über schriftliche Fragen und Kleine Anfragen Fakten dazu öffentlich zu machen und die große Kluft zwischen Anspruch und Wirklichkeit zu zeigen. Dabei geht es einerseits um das Vorhandensein von Daten (you get what you measure!) – tatsächlich also um einen Mangel an Transparenz zur Baseline – und andererseits um die Daten selbst, also wie gut oder schlecht die Nachhaltigkeit jeweils ist.\r\n\r\nEinen Schwerpunkt lege ich dabei auf die Klimafreundlichkeit von Rechenzentren, aber auch zu anderen Themen gibt’s für Euch Fakten: zur Wiederverwendung von Hardware, zum Recht auf Reparatur und der (versprochenen!) Förderung von Reparatur-Initiativen, zur Berücksichtigung von Nachhaltigkeitsaspekten bei der Vergabe von Hunderten Millionen Euro Fördergelder für KI-Projekte, zu Websites, Software und mehr. Da ich seit mehreren Jahren zur Nachhaltigkeit der Bundes-IT Kleine Anfragen stelle und die Digitalpolitik der Bundesregierung aus dem Maschinenraum des Bundestages verfolge, kann ich auch die Entwicklung beschreiben und werde Euch zeigen, wie die Ampel-Regierung sich einfach die Latte immer niedriger hängt und vermutlich trotzdem kaum eines ihrer Nachhaltigkeitsziele erreichen wird. Beim 37C3 werde ich erstmalig die Ergebnisse meiner jüngsten Anfrage vom November 2023 öffentlich vorstellen.\r\n\r\nBei aller Frustration über den Status Quo zeigt mein Vortrag aber auch, welche riesigen Potenziale noch gehoben werden könnten, um tatsächlich eine nachhaltigere Digitalisierung zu erreichen – und dafür ist es nie zu spät! \n\n\nWie der Bund seine IT einkauft und betreibt, hat eine erhebliche Auswirkung auf das Klima.\r\n\r\nGroKo und Ampel-Regierung waren und sind daher groß im Ankündigen grüner IT: in digitalpolitischer Umweltagenda, Koalitionsvertrag, Digitalstrategie und Gigabitstrategie. Wie weit Anspruch und Wirklichkeit auseinanderklaffen, erfrage ich als Bundestagsabgeordnete regelmäßig mit Kleinen Anfragen und schriftlichen Fragen. Ich verspreche kleine Hoffnungsschimmer, aber auch Frustration, denn meine neueste Anfrage vom November 2023 deckt schonungslos auf, wie intransparent und wie wenig nachhaltig die IT des Bundes immer noch ist und wie die Ampel sich die Latte immer tiefer hängt und trotzdem nicht drüber kommt.\r\n\r\nDas Potenzial des Bundes als Großverbraucher (z. B. mit über 180 Rechenzentren), als Finanzierer (z. B. von über 400 KI-Projekten) und als Regulierer (z. B. beim Energieeffizienzgesetz oder beim Überbau von Glasfaser) ist aber riesig, auch das werde ich vermitteln und die Stellschrauben beschreiben, an denen man drehen könnte, um IT weniger klimaschädlich zu machen – auch außerhalb des Bundes.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53212],"conference_id":131,"event_ids":[53590],"name":"Anke Domscheit-Berg","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52509}],"timeband_id":1140,"links":[{"label":"Bericht zur letzten (2022) und vorletzten (2021) Kleinen Anfrage: Wie grün ist die IT des Bundes?","type":"link","url":"https://mdb.anke.domscheit-berg.de/2023/06/strongwie-grun-ist-die-it-des-bundes-strong/"}],"end":"2023-12-27T19:55:00.000-0000","id":53590,"begin_timestamp":{"seconds":1703704500,"nanoseconds":0},"village_id":null,"tag_ids":[46125,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52509}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T19:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/naroma\n\n\ndance is corporal expression of music. i do want to encourage to dance, hit the ground and fly high.","title":"Naroma","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"https://soundcloud.com/naroma\n\n\ndance is corporal expression of music. i do want to encourage to dance, hit the ground and fly high.","end_timestamp":{"seconds":1703710800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T21:00:00.000-0000","id":53843,"begin_timestamp":{"seconds":1703703600,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","begin":"2023-12-27T19:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://events.ccc.de/congress/2023/hub/en/event/tea-degustation-enjoy-a-cup-of-tea-and-chat-with-t/\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Tea Degustation: Enjoy a cup of tea and chat with the FOSSASIA community","end_timestamp":{"seconds":1703710800,"nanoseconds":0},"android_description":"https://events.ccc.de/congress/2023/hub/en/event/tea-degustation-enjoy-a-cup-of-tea-and-chat-with-t/","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T21:00:00.000-0000","id":53561,"begin_timestamp":{"seconds":1703703600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"spans_timebands":"N","begin":"2023-12-27T19:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The members' meetup of the WTF Co-operative, aka Hackers' Co-operative > wtf-eg.de\n\n\n","title":"WTF Genossenschaft Meetup","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"The members' meetup of the WTF Co-operative, aka Hackers' Co-operative > wtf-eg.de","end_timestamp":{"seconds":1703710800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T21:00:00.000-0000","id":53511,"village_id":null,"begin_timestamp":{"seconds":1703703600,"nanoseconds":0},"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"begin":"2023-12-27T19:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Freifunk Stuttgarts network consists of over 1300 access points with over 5000 users in peak. In this session, we'd like to report on the activites in Freifunk Stuttgart and surrounding communities and provide interested individuals the chance to exchange their experiences. If you plan a Freifunk setup in the region of Stuttgart and need help with that, feel free to drop by. We can also help with flashing your compatible router.\r\n\r\nThis meetup is mainly interesting for people from the Stuttgart region, but of course everyone is welcome.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Freifunk Stuttgart Meetup","android_description":"Freifunk Stuttgarts network consists of over 1300 access points with over 5000 users in peak. In this session, we'd like to report on the activites in Freifunk Stuttgart and surrounding communities and provide interested individuals the chance to exchange their experiences. If you plan a Freifunk setup in the region of Stuttgart and need help with that, feel free to drop by. We can also help with flashing your compatible router.\r\n\r\nThis meetup is mainly interesting for people from the Stuttgart region, but of course everyone is welcome.","end_timestamp":{"seconds":1703707200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T20:00:00.000-0000","id":53468,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703703600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","begin":"2023-12-27T19:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir reden definitiv nicht über Politik, sondern diesmal über Kink, gender und Selbstausdruck","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#93758d","name":"Podcasting table (45 minutes)","id":46128},"title":"No Politics - After Dark","android_description":"Wir reden definitiv nicht über Politik, sondern diesmal über Kink, gender und Selbstausdruck","end_timestamp":{"seconds":1703706300,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T19:45:00.000-0000","id":53439,"tag_ids":[46128,46139],"begin_timestamp":{"seconds":1703703600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Podcast Table (X12)","hotel":"","short_name":"Sendezentrum Podcast Table (X12)","id":46164},"begin":"2023-12-27T19:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Seit einem knappen Jahr machen wir zusammen Dicke Bretter, den Podcast, der die Orte vorstellt, wo Netzpolitik gemacht wird, und einen Ausblick auf aktuelle Debatten gibt. Elina und Elisa werfen in der Congress-Edition einen Blick aufs letzte und aufs nächste Jahr: Welche Policy-Bretter müssen wir bohren, auf welchen sollten wir tanzen?\r\n\r\nWir nehmen speziell die Gesetzgebung im Bund unter die Lupe und haben dafür einen Special Guest: Faxorzistin Bianca Kastl!","title":"Dicke Bretter: Die Congress Edition","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#4cd5fe","name":"Live podcast stage (45 minutes)","id":46126},"android_description":"Seit einem knappen Jahr machen wir zusammen Dicke Bretter, den Podcast, der die Orte vorstellt, wo Netzpolitik gemacht wird, und einen Ausblick auf aktuelle Debatten gibt. Elina und Elisa werfen in der Congress-Edition einen Blick aufs letzte und aufs nächste Jahr: Welche Policy-Bretter müssen wir bohren, auf welchen sollten wir tanzen?\r\n\r\nWir nehmen speziell die Gesetzgebung im Bund unter die Lupe und haben dafür einen Special Guest: Faxorzistin Bianca Kastl!","end_timestamp":{"seconds":1703706300,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[{"content_ids":[53092],"conference_id":131,"event_ids":[53426],"name":"eliza","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52397},{"content_ids":[53092],"conference_id":131,"event_ids":[53426],"name":"khaleesi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52414}],"timeband_id":1140,"links":[],"end":"2023-12-27T19:45:00.000-0000","id":53426,"begin_timestamp":{"seconds":1703703600,"nanoseconds":0},"tag_ids":[46126,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52397},{"tag_id":46107,"sort_order":1,"person_id":52414}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T19:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"**DE:**\r\nIhr seid eine Gruppe, die eine ruhige Ecke braucht? Kommt vorbei. Oder einen Tisch, an dem ihr etwas bauen, basteln, werkeln könnt? Wir haben Tische. Ihr wollt ein paar Spiele spielen? Macht auch gerne das.\r\n\r\nKleine Gruppen würden wir bitten, sich zusammen einen Slot zu teilen, sofern die Art der Tätigkeit das zulässt, damit wir den Raum möglichst gut ausnutzen und vielen Menschen die Gelegenheit bieten, sich auszutauschen, zu vernetzen und Projekte voran zu bringen.\r\n\r\nIn dieser unmoderierten Session könnt ihr den Workshopraum gemeinsam nutzen und vielleicht auch gucken, was die anderen gerade so interessantes machen. Gesellt euch dazu, so lange Platz ist und die Anwesenden den Raum gemeinsam nutzen können, ohne sich dabei zu stören.\r\n\r\n**EN:**\r\nt.b.a.\n\n\n**DE:**\r\nWährend dieser Session ist der Workshopraum für alle offen, die sich hier treffen möchten. In der Haecksen Assembly wird eine Liste aushängen, in der ihr den Raum so spontan wie möglich \"buchen\" könnt, um Dingen Platz zu geben, die vielleicht auch erst während des #37C3 entstehen.\r\n\r\n**EN:**\r\nt.b.a.","type":{"conference_id":131,"conference":"37C3","color":"#7f73c6","updated_at":"2024-06-07T03:40+0000","name":"Workshop","id":46133},"title":"Offene Workshop-Sessions Tag 1 | Open workshop sessions day 1","android_description":"**DE:**\r\nIhr seid eine Gruppe, die eine ruhige Ecke braucht? Kommt vorbei. Oder einen Tisch, an dem ihr etwas bauen, basteln, werkeln könnt? Wir haben Tische. Ihr wollt ein paar Spiele spielen? Macht auch gerne das.\r\n\r\nKleine Gruppen würden wir bitten, sich zusammen einen Slot zu teilen, sofern die Art der Tätigkeit das zulässt, damit wir den Raum möglichst gut ausnutzen und vielen Menschen die Gelegenheit bieten, sich auszutauschen, zu vernetzen und Projekte voran zu bringen.\r\n\r\nIn dieser unmoderierten Session könnt ihr den Workshopraum gemeinsam nutzen und vielleicht auch gucken, was die anderen gerade so interessantes machen. Gesellt euch dazu, so lange Platz ist und die Anwesenden den Raum gemeinsam nutzen können, ohne sich dabei zu stören.\r\n\r\n**EN:**\r\nt.b.a.\n\n\n**DE:**\r\nWährend dieser Session ist der Workshopraum für alle offen, die sich hier treffen möchten. In der Haecksen Assembly wird eine Liste aushängen, in der ihr den Raum so spontan wie möglich \"buchen\" könnt, um Dingen Platz zu geben, die vielleicht auch erst während des #37C3 entstehen.\r\n\r\n**EN:**\r\nt.b.a.","end_timestamp":{"seconds":1703707200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T20:00:00.000-0000","id":53639,"tag_ids":[46133,46139],"begin_timestamp":{"seconds":1703701800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"begin":"2023-12-27T18:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"One moment changed my life. I had a swimming accident in 2017, a big wave took me and I broke my neck.\r\n\r\nI am paralysed from the chest down, have no hand functions and sit in a power wheelchair. I cannot cough up independently and rely on 24/7 help to live an active life.\r\n\r\nIn the first few months, I was not able to breathe, eat, drink, speak, walk etc. by myself. In the meanwhile, I made some significant progress and began to work independently using my computer and assistive technology. Step-by-step I came back to a new kind of life. \r\n\r\nI love travelling and am fascinated by innovative technologies. I love my job in the IT industry and passionately work full-time for a startup company in Berlin.\r\n\r\nI will share some insights on spinal cord injury and my experiences of how I work, live and travel using a power wheelchair. There are millions of people who cannot control a computer, tablet, or smartphone with their hands. Assistive technology supports the main functionalities which are needed: mouse movement and different kinds of clicking.\r\n\r\nI'm really lucky to be part of the current generation. In the last couple of years, the major technology companies released significant updates in regards to voice recognition, universal design, accessibility and assistive technology.\r\n\r\nMy portfolio of hands-free assistive technology enables me every day to be active without using my hands or feet. I’m going to present Solutions which make my everyday life more comfortable\r\n\r\nI will share my personal setup which includes software and hardware. You can assume that I tested all of these products, and I’m using them in my smart home.\r\n\r\nAssistive technology is going to change the lives of many forever and is much more vital than ever before.\r\n\r\nHere are a few examples which I'm going to present.\r\n\r\nMy remodelled VW Transporter which enabled me to be the co-driver\r\n\r\nMy Smart home setup for lights, doors, tables, couch, TV, curtains, temperature and kitchen with speech, voice control and apps\r\n\r\nMy power wheelchair and its individual configuration so I can drive using my chin or head\r\n\r\nA robotic arm which allows to be a personal assistant to drink, smoke or scratch myself\r\n\r\nMy computer, smartphone and headphone setup includes a head movement mouse, voice and switch control for dictation and commanding as well as a Bluetooth module to control the smartphone with single button clicks\r\n\r\nLast but not least, I love doing videos using my GoPro and I'm happy to share my perspective\n\n\nI am paralysed from the chest down, have no hand functions and sit in a power wheelchair. I will share some insights on spinal cord injury and my experiences of how I work, live and travel using a power wheelchair. There are millions of people who cannot control a computer, tablet, or smartphone with their hands. Assistive technology supports the main functionalities which are needed: mouse movement and different kinds of clicks. My portfolio of hands-free assistive technology enables me every day to be active without using my hands or feet. I’m going to present solutions which make my everyday life more comfortable.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Handsfree assistive technology","end_timestamp":{"seconds":1703703300,"nanoseconds":0},"android_description":"One moment changed my life. I had a swimming accident in 2017, a big wave took me and I broke my neck.\r\n\r\nI am paralysed from the chest down, have no hand functions and sit in a power wheelchair. I cannot cough up independently and rely on 24/7 help to live an active life.\r\n\r\nIn the first few months, I was not able to breathe, eat, drink, speak, walk etc. by myself. In the meanwhile, I made some significant progress and began to work independently using my computer and assistive technology. Step-by-step I came back to a new kind of life. \r\n\r\nI love travelling and am fascinated by innovative technologies. I love my job in the IT industry and passionately work full-time for a startup company in Berlin.\r\n\r\nI will share some insights on spinal cord injury and my experiences of how I work, live and travel using a power wheelchair. There are millions of people who cannot control a computer, tablet, or smartphone with their hands. Assistive technology supports the main functionalities which are needed: mouse movement and different kinds of clicking.\r\n\r\nI'm really lucky to be part of the current generation. In the last couple of years, the major technology companies released significant updates in regards to voice recognition, universal design, accessibility and assistive technology.\r\n\r\nMy portfolio of hands-free assistive technology enables me every day to be active without using my hands or feet. I’m going to present Solutions which make my everyday life more comfortable\r\n\r\nI will share my personal setup which includes software and hardware. You can assume that I tested all of these products, and I’m using them in my smart home.\r\n\r\nAssistive technology is going to change the lives of many forever and is much more vital than ever before.\r\n\r\nHere are a few examples which I'm going to present.\r\n\r\nMy remodelled VW Transporter which enabled me to be the co-driver\r\n\r\nMy Smart home setup for lights, doors, tables, couch, TV, curtains, temperature and kitchen with speech, voice control and apps\r\n\r\nMy power wheelchair and its individual configuration so I can drive using my chin or head\r\n\r\nA robotic arm which allows to be a personal assistant to drink, smoke or scratch myself\r\n\r\nMy computer, smartphone and headphone setup includes a head movement mouse, voice and switch control for dictation and commanding as well as a Bluetooth module to control the smartphone with single button clicks\r\n\r\nLast but not least, I love doing videos using my GoPro and I'm happy to share my perspective\n\n\nI am paralysed from the chest down, have no hand functions and sit in a power wheelchair. I will share some insights on spinal cord injury and my experiences of how I work, live and travel using a power wheelchair. There are millions of people who cannot control a computer, tablet, or smartphone with their hands. Assistive technology supports the main functionalities which are needed: mouse movement and different kinds of clicks. My portfolio of hands-free assistive technology enables me every day to be active without using my hands or feet. I’m going to present solutions which make my everyday life more comfortable.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53233],"conference_id":131,"event_ids":[53609],"name":"Jan Goslicki","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52326}],"timeband_id":1140,"links":[{"label":"My personal website about Quadriplegic Spinal Cord Injury, Work & Life","type":"link","url":"https://quad.works/"}],"end":"2023-12-27T18:55:00.000-0000","id":53609,"village_id":null,"tag_ids":[46122,46136,46140],"begin_timestamp":{"seconds":1703700900,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52326}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","begin":"2023-12-27T18:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We present an analysis of the Black Basta ransomware and tools for recovering encrypted files without access to the official decryptor or key. Black Basta is \"the second most used ransomware in Germany\", encrypting Windows computers and ESXi hosts running virtual machine workloads.\r\n\r\nOur decryptor-tool exploits a weakness in the cryptographic code in the Black Basta malware. This weakness allows to (partially) recover encrypted files without access to the decryptor and without needing the cryptographic keys used by the ransomware.\r\n\r\nWe dive into the details of the cryptographic operations used by Black Basta and explain how the malware fails to use the cryptographic primitives properly. In particular, the Black Basta ransomware encrypts victim files using a stream cipher. Files smaller than 5000 bytes are fully encrypted. Larger files are only partially encrypted for efficiency reasons. We found that for larger files, the ransomware re-uses the same cryptographic keystream for encrypting different parts of the same file, thereby breaking the security of the used stream cipher. If the plaintext of any encrypted file part is known, the keystream can be recovered and used to decrypt (large parts of) the target file without the underlying cryptographic key.\r\n\r\nAffected organisations can check whether the variant of the Black Basta malware found in their network is susceptible to this attack by purposefully letting the ransomware encrypt a large file (512 MB) containing only zero bytes. If the encrypted parts of the file are identical when analysing the encrypted file (e.g. in a hex editor), recovery is likely possible using the tools presented here.\r\n\r\nDepending on the encrypted file, parts of the plaintext may be known. For instance, VM disk images are likely to contain stretches of zero bytes. As part of the tooling we have developed, we have implemented a heuristic to detect encrypted zero blocks in encrypted files. If found, (large parts of) the encrypted file can then be recovered. For other types of files, individual plaintext blocks may be recoverable via other means (e.g. using backups or specialised tools), also enabling data recovery.\r\n\r\nThe decryption tools can be found here: https://github.com/srlabs/black-basta-buster\n\n\nWe present an analysis and recovery method for files encrypted by Black Basta, the \"second most used ransomware in Germany\".\r\n\r\nWe analysed the behaviour of a ransomware encryptor and found that the malware uses their keystream wrongly, rendering the encryption vulnerable to a known-plaintext attack which allows for recovering affected files. We confirmed the finding by implementing tools for recovering encrypted files.\r\n\r\nWe have made our tools for decrypting files without access to the actual key available to victims directly, through BSI, and to incident responders, as well as German and international law enforcement. Now, we are actively publishing these tools, along with the knowledge shared in our talk, empowering affected organizations to recover some of their files without succumbing to paying the criminals.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"Unlocked! Recovering files taken hostage by ransomware","end_timestamp":{"seconds":1703703300,"nanoseconds":0},"android_description":"We present an analysis of the Black Basta ransomware and tools for recovering encrypted files without access to the official decryptor or key. Black Basta is \"the second most used ransomware in Germany\", encrypting Windows computers and ESXi hosts running virtual machine workloads.\r\n\r\nOur decryptor-tool exploits a weakness in the cryptographic code in the Black Basta malware. This weakness allows to (partially) recover encrypted files without access to the decryptor and without needing the cryptographic keys used by the ransomware.\r\n\r\nWe dive into the details of the cryptographic operations used by Black Basta and explain how the malware fails to use the cryptographic primitives properly. In particular, the Black Basta ransomware encrypts victim files using a stream cipher. Files smaller than 5000 bytes are fully encrypted. Larger files are only partially encrypted for efficiency reasons. We found that for larger files, the ransomware re-uses the same cryptographic keystream for encrypting different parts of the same file, thereby breaking the security of the used stream cipher. If the plaintext of any encrypted file part is known, the keystream can be recovered and used to decrypt (large parts of) the target file without the underlying cryptographic key.\r\n\r\nAffected organisations can check whether the variant of the Black Basta malware found in their network is susceptible to this attack by purposefully letting the ransomware encrypt a large file (512 MB) containing only zero bytes. If the encrypted parts of the file are identical when analysing the encrypted file (e.g. in a hex editor), recovery is likely possible using the tools presented here.\r\n\r\nDepending on the encrypted file, parts of the plaintext may be known. For instance, VM disk images are likely to contain stretches of zero bytes. As part of the tooling we have developed, we have implemented a heuristic to detect encrypted zero blocks in encrypted files. If found, (large parts of) the encrypted file can then be recovered. For other types of files, individual plaintext blocks may be recoverable via other means (e.g. using backups or specialised tools), also enabling data recovery.\r\n\r\nThe decryption tools can be found here: https://github.com/srlabs/black-basta-buster\n\n\nWe present an analysis and recovery method for files encrypted by Black Basta, the \"second most used ransomware in Germany\".\r\n\r\nWe analysed the behaviour of a ransomware encryptor and found that the malware uses their keystream wrongly, rendering the encryption vulnerable to a known-plaintext attack which allows for recovering affected files. We confirmed the finding by implementing tools for recovering encrypted files.\r\n\r\nWe have made our tools for decrypting files without access to the actual key available to victims directly, through BSI, and to incident responders, as well as German and international law enforcement. Now, we are actively publishing these tools, along with the knowledge shared in our talk, empowering affected organizations to recover some of their files without succumbing to paying the criminals.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T18:55:00.000-0000","id":53600,"village_id":null,"begin_timestamp":{"seconds":1703700900,"nanoseconds":0},"tag_ids":[46124,46136,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T18:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Stark hat Ende November 2022 einen offenen Brief der Wikileaks-Partnermedien initiiert. Darin fordern die New York Times, der Guardian, der Spiegel, Le Monde und El País die US-Regierung auf, die Verfolgung Assanges aufzugeben. Die Anklage durch die USA stelle einen gefährlichen Präzedenzfall für die Meinungs- und Pressefreiheit dar, schreiben die Chefredakteure und Herausgeber: „Journalismus“ sei „kein Verbrechen“. 2010 hat Stark für den SPIEGEL die Wikileaks-Enthüllungen koordiniert, 2013 mit Edward Snowdens NSA-Dokumenten gearbeitet. Er hat Assange mehrmals in London, Ellingham Hall und in der ecuadorianischen Botschaft besucht und mit Assanges Anwälten, aber auch mit Chelsea Manning über den Fall diskutiert.\n\n\nIn diesem Talk wird Holger Stark einen Überblick geben, was juristisch der Stand der Dinge im Fall Assange ist und warum dieser Fall einem Vernichtungsfeldzug gleicht. Er wird anhand bislang unbekannter Aufnahmen einen Blick hinter die Kulissen der US-Regierung werfen – und erklären, warum sich viele Medien mit Solidarität so schwer tun.","title":"Der Fall Julian Assange: um was es jetzt geht","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703703300,"nanoseconds":0},"android_description":"Stark hat Ende November 2022 einen offenen Brief der Wikileaks-Partnermedien initiiert. Darin fordern die New York Times, der Guardian, der Spiegel, Le Monde und El País die US-Regierung auf, die Verfolgung Assanges aufzugeben. Die Anklage durch die USA stelle einen gefährlichen Präzedenzfall für die Meinungs- und Pressefreiheit dar, schreiben die Chefredakteure und Herausgeber: „Journalismus“ sei „kein Verbrechen“. 2010 hat Stark für den SPIEGEL die Wikileaks-Enthüllungen koordiniert, 2013 mit Edward Snowdens NSA-Dokumenten gearbeitet. Er hat Assange mehrmals in London, Ellingham Hall und in der ecuadorianischen Botschaft besucht und mit Assanges Anwälten, aber auch mit Chelsea Manning über den Fall diskutiert.\n\n\nIn diesem Talk wird Holger Stark einen Überblick geben, was juristisch der Stand der Dinge im Fall Assange ist und warum dieser Fall einem Vernichtungsfeldzug gleicht. Er wird anhand bislang unbekannter Aufnahmen einen Blick hinter die Kulissen der US-Regierung werfen – und erklären, warum sich viele Medien mit Solidarität so schwer tun.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53211],"conference_id":131,"event_ids":[53588],"name":"Holger Stark","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52383}],"timeband_id":1140,"links":[],"end":"2023-12-27T18:55:00.000-0000","id":53588,"village_id":null,"begin_timestamp":{"seconds":1703700900,"nanoseconds":0},"tag_ids":[46121,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52383}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","begin":"2023-12-27T18:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Between ambient and soundscapes, from dreamy to gloomy, to fall in and feel out: An eclectic mix of electronic, cheesy pop, slow burns, and other captivating sounds. \r\nVinyl-only DJ Duo from Hamburg, also 2/3 of the Radio-Show „Der verlängerte Atem\"\n\n\nhttps://soundcloud.com/derverlaengerteatem\r\nhttps://soundcloud.com/martin-otto-paul\r\nhttps://soundcloud.com/gerassl","title":"fiona & martin","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Between ambient and soundscapes, from dreamy to gloomy, to fall in and feel out: An eclectic mix of electronic, cheesy pop, slow burns, and other captivating sounds. \r\nVinyl-only DJ Duo from Hamburg, also 2/3 of the Radio-Show „Der verlängerte Atem\"\n\n\nhttps://soundcloud.com/derverlaengerteatem\r\nhttps://soundcloud.com/martin-otto-paul\r\nhttps://soundcloud.com/gerassl","end_timestamp":{"seconds":1703710800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T21:00:00.000-0000","id":53906,"begin_timestamp":{"seconds":1703700000,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"begin":"2023-12-27T18:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We aim to connect people involved or interested in \"rationality\" (having accurate beliefs and acting in a way to achieve owns values). Feel free to talk to us if you already are a reader of Lesswrong or Astral Codex Ten, for example. We want to provide a platform for people to get to know the other engaged community members and provide a low barrier to entry for soon-to-be-members. We have a [Telegram group](https://t.me/LW37C3) and an IRC channel (#LW@37c3 on Libera).\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Rationality / Lesswrong / ACX Group Meetup","end_timestamp":{"seconds":1703703600,"nanoseconds":0},"android_description":"We aim to connect people involved or interested in \"rationality\" (having accurate beliefs and acting in a way to achieve owns values). Feel free to talk to us if you already are a reader of Lesswrong or Astral Codex Ten, for example. We want to provide a platform for people to get to know the other engaged community members and provide a low barrier to entry for soon-to-be-members. We have a [Telegram group](https://t.me/LW37C3) and an IRC channel (#LW@37c3 on Libera).","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T19:00:00.000-0000","id":53898,"begin_timestamp":{"seconds":1703700000,"nanoseconds":0},"tag_ids":[46137,46139,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"begin":"2023-12-27T18:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Eine überraschende Funktionalität der WiiMote-Controller ist die schnelle Lichtpunkte-Erkennung in deren vorwärtszeigenden Kamera … Kombiniert mit acht handelsüblichen Lasern, einem MIDI-Controller und ein bisschen Klebstoff kann daraus ein richtiges Instrument werden.\r\n\r\nWie sich das ganze dann von einem Profi bedient anhört, könnt ihr hier bestaunen und die Harfe aus der Nähe beschnuppern.\r\n\r\nDer Künstler mit dem Instrument im robusteren Ausbau\r\nhttps://www.ralph-light.com/\n\n\nDie Gelegenheit, sich „Instrumentenbauer“ in seinen Lebenslauf schreiben zu können, sollte sich kein Nerd, der was auf sich hält, entgehen lassen. Wenn dieses Instrument dann auch noch von einem studierten Organisten bedient wird, kommt Hackertum und Kunst ganz eng zusammen. Aber wie erfindet man ein Instrument?","title":"Live-Performance eines DIY-Instruments: Die Laserharfe","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Eine überraschende Funktionalität der WiiMote-Controller ist die schnelle Lichtpunkte-Erkennung in deren vorwärtszeigenden Kamera … Kombiniert mit acht handelsüblichen Lasern, einem MIDI-Controller und ein bisschen Klebstoff kann daraus ein richtiges Instrument werden.\r\n\r\nWie sich das ganze dann von einem Profi bedient anhört, könnt ihr hier bestaunen und die Harfe aus der Nähe beschnuppern.\r\n\r\nDer Künstler mit dem Instrument im robusteren Ausbau\r\nhttps://www.ralph-light.com/\n\n\nDie Gelegenheit, sich „Instrumentenbauer“ in seinen Lebenslauf schreiben zu können, sollte sich kein Nerd, der was auf sich hält, entgehen lassen. Wenn dieses Instrument dann auch noch von einem studierten Organisten bedient wird, kommt Hackertum und Kunst ganz eng zusammen. Aber wie erfindet man ein Instrument?","end_timestamp":{"seconds":1703703600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T19:00:00.000-0000","id":53859,"begin_timestamp":{"seconds":1703700000,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","begin":"2023-12-27T18:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: Corinna\r\n\r\nCADUS is preparing to deploy a team for medical evacuations (MEDEVAC) in the context of the Gaza humanitarian crisis. For emergency response teams it is crucial to be able to receive constant up-to-date-information and be in touch with their base or headquarters, as well as communicate with each other on the ground. But in an active war zone like Gaza, the options to bring and use devices of information and communication technologies (ICT) are highly restricted.\n\n\nIn this session, we will talk about the challenges of preparing a humanitarian response to a conflict zone, as well as give an overview and update on the situation of communication networks in Gaza.","title":"I pack my ICT-bag for Gaza and I take with me…","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703703600,"nanoseconds":0},"android_description":"Host: Corinna\r\n\r\nCADUS is preparing to deploy a team for medical evacuations (MEDEVAC) in the context of the Gaza humanitarian crisis. For emergency response teams it is crucial to be able to receive constant up-to-date-information and be in touch with their base or headquarters, as well as communicate with each other on the ground. But in an active war zone like Gaza, the options to bring and use devices of information and communication technologies (ICT) are highly restricted.\n\n\nIn this session, we will talk about the challenges of preparing a humanitarian response to a conflict zone, as well as give an overview and update on the situation of communication networks in Gaza.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T19:00:00.000-0000","id":53633,"begin_timestamp":{"seconds":1703700000,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"begin":"2023-12-27T18:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Created in 2008, the [hackerspaces.org](https://hackerspaces.org) website was a vital part of the growth of the hackerspace movement. It keeps being a great resource for creatures & communities wanting to start, operate, or just find information on hackspaces. Primarily a [wiki](https://wiki.hackerspaces.org/)\r\n, it allows anyone, anywhere in the world, to add their hackspace. The pages attract curious search traffic, open days visitors, and new members. They are also the backbone of regional and international hackspace interaction, including a [world map](https://wiki.hackerspaces.org/List_of_Hacker_Spaces), [mailing list](https://lists.hackerspaces.org/listinfo/discuss), [chatroom](https://wiki.hackerspaces.org/Communication), and [hacker residences](https://wiki.hackerspaces.org/Residencies) for travelling hackers.\r\n\r\nThe yearly CCC meetings help us keep the lights up, and to think of how to update & improve the site, keeping it relevant for the years to come.\r\nLet's get together, brainstorm, and discuss how to do this.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"hackerspaces.org (HSO) Yearly Meetup","android_description":"Created in 2008, the [hackerspaces.org](https://hackerspaces.org) website was a vital part of the growth of the hackerspace movement. It keeps being a great resource for creatures & communities wanting to start, operate, or just find information on hackspaces. Primarily a [wiki](https://wiki.hackerspaces.org/)\r\n, it allows anyone, anywhere in the world, to add their hackspace. The pages attract curious search traffic, open days visitors, and new members. They are also the backbone of regional and international hackspace interaction, including a [world map](https://wiki.hackerspaces.org/List_of_Hacker_Spaces), [mailing list](https://lists.hackerspaces.org/listinfo/discuss), [chatroom](https://wiki.hackerspaces.org/Communication), and [hacker residences](https://wiki.hackerspaces.org/Residencies) for travelling hackers.\r\n\r\nThe yearly CCC meetings help us keep the lights up, and to think of how to update & improve the site, keeping it relevant for the years to come.\r\nLet's get together, brainstorm, and discuss how to do this.","end_timestamp":{"seconds":1703703600,"nanoseconds":0},"updated_timestamp":{"seconds":1703900520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T19:00:00.000-0000","id":53616,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703700000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"updated":"2023-12-30T01:42:00.000-0000","begin":"2023-12-27T18:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://events.ccc.de/congress/2023/hub/en/event/led-badge-magic-hacking/\n\n\nJoin this hacking session dedicated to enhancing the Android app for our open-source LED badge! We dive into a collaborative bug-fixing spree. Iron out glitches, and contribute to improve user experience. Test devices are available, bring your laptop along.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Hack Meetup: LED Badges and Holographic LED Fans","end_timestamp":{"seconds":1703703600,"nanoseconds":0},"android_description":"https://events.ccc.de/congress/2023/hub/en/event/led-badge-magic-hacking/\n\n\nJoin this hacking session dedicated to enhancing the Android app for our open-source LED badge! We dive into a collaborative bug-fixing spree. Iron out glitches, and contribute to improve user experience. Test devices are available, bring your laptop along.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T19:00:00.000-0000","id":53562,"begin_timestamp":{"seconds":1703700000,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"FOSS-HW Workshop Area [CDC Saal 3]","hotel":"","short_name":"FOSS-HW Workshop Area [CDC Saal 3]","id":46161},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T18:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Following the lively interest in the exchange of experiences at this year's camp and the formation of a networking group, we would like to try this again at the Congress and perhaps also give the networking group some life.\r\n\r\nThe world is not getting any brighter, house raids are becoming more frequent and climate activism is equated with terrorism. As a scene, we certainly have a lot to contribute, which is also urgently needed. So if you have ever given IT security training for politically active people or would like to start doing so, please come along!\r\n\r\nThere isn't really a program planned, this is more intended as a relaxed and spontaneous exchange and get-together.\r\n\r\nMatrix Room Link: https://matrix.to/#/!KqmPSJPogszhaAWtUC:fairydust.space?via=fairydust.space&via=matrix.org&via=systemli.org\r\nRoom will be closed after 37C3 again.\r\n\r\nOther Links follow.\n\n\n","title":"Erfahrungsaustausch: IT-Sicherheitstrainings für Aktivist*innen","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703703600,"nanoseconds":0},"android_description":"Following the lively interest in the exchange of experiences at this year's camp and the formation of a networking group, we would like to try this again at the Congress and perhaps also give the networking group some life.\r\n\r\nThe world is not getting any brighter, house raids are becoming more frequent and climate activism is equated with terrorism. As a scene, we certainly have a lot to contribute, which is also urgently needed. So if you have ever given IT security training for politically active people or would like to start doing so, please come along!\r\n\r\nThere isn't really a program planned, this is more intended as a relaxed and spontaneous exchange and get-together.\r\n\r\nMatrix Room Link: https://matrix.to/#/!KqmPSJPogszhaAWtUC:fairydust.space?via=fairydust.space&via=matrix.org&via=systemli.org\r\nRoom will be closed after 37C3 again.\r\n\r\nOther Links follow.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T19:00:00.000-0000","id":53509,"village_id":null,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703700000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T18:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Judith und Klaudia sprechen mit einer Gästin darüber, wie Frauen in technische Berufe und auch in das CCC-Umfeld kommen, was sie dort erleben und wie wir es Frauen vielleicht noch leichter machen können, sich mit den Nerds wohlzufühlen.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#53b574","name":"Podcasting table (90 minutes)","id":46129},"title":"The Diner Podcast live: Frauen in der Technik","end_timestamp":{"seconds":1703702700,"nanoseconds":0},"android_description":"Judith und Klaudia sprechen mit einer Gästin darüber, wie Frauen in technische Berufe und auch in das CCC-Umfeld kommen, was sie dort erleben und wie wir es Frauen vielleicht noch leichter machen können, sich mit den Nerds wohlzufühlen.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53167],"conference_id":131,"event_ids":[53456],"name":"teekse","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52250},{"content_ids":[53167],"conference_id":131,"event_ids":[53456],"name":"Eva Wolfangel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52490}],"timeband_id":1140,"links":[],"end":"2023-12-27T18:45:00.000-0000","id":53456,"tag_ids":[46129,46139],"village_id":null,"begin_timestamp":{"seconds":1703700000,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52490},{"tag_id":46107,"sort_order":1,"person_id":52250}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"begin":"2023-12-27T18:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir erzählen euch was ein Lötengel tut und worauf er/sie achten muss. Außerdem stellen wir euch die Bausätze vor die wir bauen werden.\r\n\r\nHier gibt es die Folien des Vortrags: https://henning-brinkmann.de/jht-37c3-soldering\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Junghacker:innen-Tag: Lötengel-Einführung","end_timestamp":{"seconds":1703703600,"nanoseconds":0},"android_description":"Wir erzählen euch was ein Lötengel tut und worauf er/sie achten muss. Außerdem stellen wir euch die Bausätze vor die wir bauen werden.\r\n\r\nHier gibt es die Folien des Vortrags: https://henning-brinkmann.de/jht-37c3-soldering","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T19:00:00.000-0000","id":53449,"begin_timestamp":{"seconds":1703700000,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T18:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Ich erzähle Euch meine Geschichte als seit knapp zwei Jahren Opfer von Cybermobbing mit Update zum Fort- und Weitergang seit der ersten Version dieses Talks auf der GPN 2023,\r\nerkläre Euch, wie es zu Cybermobbing kommen kann,\r\nwerde Skills für Opfer und Mitbekommende vorstellen.\r\nJetzt kann ich Euch auch noch mehr zu meiner Geschichte und den Hintergründen erzählen. \r\n\r\nDieses Mal kommt auch Jura nicht zu kurz.\r\nIn einem Exkurs ins Strafrecht erkläre ich Euch, warum es manchmal trotz menschlich-moralischer Überzeugung von der Täter:inschaft von Personen nicht für strafrechtliche Konsequenzen reicht, wie sich Opfer gegen schnelle Einstellungen wehren können und warum auch das oft nicht erfolgreich ist.\r\nWeiter geht's ins Zivilrecht, denn auch da gibt es Möglichkeiten, wie sich Opfer gegen Täter:innen wehren können, ganz unabhängig von den strafrechtlichen Entscheidungen.\r\n\r\nUnd wir sprechen darüber, was Ihr machen könnt, wenn Ihr Cybermobbing mitbekommt, wie Ihr vermeidet, Bystander zu sein und wie Ihr Upstander sein könnt. Auch da werde ich aus eigenen Erfahrungen erzählen, denn nur wenn wir Opfer reden werden die Gefahren von Cybermobbing greifbarer und die Auswirkungen nachvollziehbar.\r\n\r\nNur wenn wir uns gemeinsam gegen Cybermobbing stellen können wir Cybermobbing beenden.\n\n\nCybermobbing kann uns alle treffen. Es ist wichtig, darauf vorbereitet zu sein, ehe Ihr mitten drin steckt, ob als Opfer, Bystander oder Upstander. Dabei will Euch dieser Talk helfen.","title":"Gemeinsam gegen Cybermobbing","type":{"conference_id":131,"conference":"37C3","color":"#f6ae74","updated_at":"2024-06-07T03:40+0000","name":"Talk 90 Minuten +15m Q&A","id":46132},"android_description":"Ich erzähle Euch meine Geschichte als seit knapp zwei Jahren Opfer von Cybermobbing mit Update zum Fort- und Weitergang seit der ersten Version dieses Talks auf der GPN 2023,\r\nerkläre Euch, wie es zu Cybermobbing kommen kann,\r\nwerde Skills für Opfer und Mitbekommende vorstellen.\r\nJetzt kann ich Euch auch noch mehr zu meiner Geschichte und den Hintergründen erzählen. \r\n\r\nDieses Mal kommt auch Jura nicht zu kurz.\r\nIn einem Exkurs ins Strafrecht erkläre ich Euch, warum es manchmal trotz menschlich-moralischer Überzeugung von der Täter:inschaft von Personen nicht für strafrechtliche Konsequenzen reicht, wie sich Opfer gegen schnelle Einstellungen wehren können und warum auch das oft nicht erfolgreich ist.\r\nWeiter geht's ins Zivilrecht, denn auch da gibt es Möglichkeiten, wie sich Opfer gegen Täter:innen wehren können, ganz unabhängig von den strafrechtlichen Entscheidungen.\r\n\r\nUnd wir sprechen darüber, was Ihr machen könnt, wenn Ihr Cybermobbing mitbekommt, wie Ihr vermeidet, Bystander zu sein und wie Ihr Upstander sein könnt. Auch da werde ich aus eigenen Erfahrungen erzählen, denn nur wenn wir Opfer reden werden die Gefahren von Cybermobbing greifbarer und die Auswirkungen nachvollziehbar.\r\n\r\nNur wenn wir uns gemeinsam gegen Cybermobbing stellen können wir Cybermobbing beenden.\n\n\nCybermobbing kann uns alle treffen. Es ist wichtig, darauf vorbereitet zu sein, ehe Ihr mitten drin steckt, ob als Opfer, Bystander oder Upstander. Dabei will Euch dieser Talk helfen.","end_timestamp":{"seconds":1703706300,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53198,53481],"conference_id":131,"event_ids":[53815,53510],"name":"Wawuschel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52454}],"timeband_id":1140,"links":[],"end":"2023-12-27T19:45:00.000-0000","id":53510,"tag_ids":[46132,46139],"village_id":null,"begin_timestamp":{"seconds":1703698200,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52454}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T17:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Every day from 18:30 to 19:00 at the 37c3 Kidspace, we're hosting a bedtime story reading session. Perfect for everyone looking to unwind after an exciting day at the Congress. Among others, we'll read from works like 'Ada and Zangemann: A Fairy Tale about Software, Skateboards, and Raspberry Ice Cream' – just one example of the many captivating stories that await you.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"GuteN8Geschichten - Tag 1","end_timestamp":{"seconds":1703700000,"nanoseconds":0},"android_description":"Every day from 18:30 to 19:00 at the 37c3 Kidspace, we're hosting a bedtime story reading session. Perfect for everyone looking to unwind after an exciting day at the Congress. Among others, we'll read from works like 'Ada and Zangemann: A Fairy Tale about Software, Skateboards, and Raspberry Ice Cream' – just one example of the many captivating stories that await you.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T18:00:00.000-0000","id":53489,"begin_timestamp":{"seconds":1703698200,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Kidspace - Workshopraum in Saal B","hotel":"","short_name":"Kidspace - Workshopraum in Saal B","id":46143},"spans_timebands":"N","begin":"2023-12-27T17:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This session welcomes all who appreciate receiving _genuine questions_ following their presentations.\n\n\nHave you ever been in a Q&A session where someone begins with, \"This is more of a comment than a question”, or just starts voicing an opinion without actually asking anything? This simple phrase can dramatically shift the dynamics of group discussions. In this session, we'll explore the underlying implications of such comments and how they transform our conversations, sharing, and collective learning. We'll also exchange success stories and strategies to prevent these 'more-of-a-comment' monologues and effectively respond when they do occur. Likewise, we will try to think of alternative ways to encourage sharing potentially interesting information that is not question-shaped. Join us to make Q&A sessions more productive, inclusive, and engaging!\r\n\r\n//\r\n\r\nWart ihr schon mal bei einer Fragerunde, wo jemand mit \"Das ist eher ein Kommentar als eine Frage\" anfängt oder einfach drauflos redet, weil er unbedingt seine Meinung teilen möchte? Dieser scheinbar harmlose Satz kann die Dynamik in Gruppengesprächen erheblich verändern. In unserer Session wollen wir uns damit auseinandersetzen, was hinter solchen Kommentaren steckt und wie sie unsere Diskussionen und das gemeinsame Lernen beeinflussen. Wir teilen Erfahrungen und Strategien, wie wir solche Kommentar-Monologe verhindern und effektiv darauf reagieren können. Außerdem versuchen wir, uns Alternativen einfallen zu lassen, wie man interessante Infos teilen könnte, die keine Fragen sind. Für Fragerunden, die produktiver, inklusiver und spannender sind!","type":{"conference_id":131,"conference":"37C3","color":"#7f73c6","updated_at":"2024-06-07T03:40+0000","name":"Workshop","id":46133},"title":"\"This is more of a comment than a question\" 🙃","android_description":"This session welcomes all who appreciate receiving _genuine questions_ following their presentations.\n\n\nHave you ever been in a Q&A session where someone begins with, \"This is more of a comment than a question”, or just starts voicing an opinion without actually asking anything? This simple phrase can dramatically shift the dynamics of group discussions. In this session, we'll explore the underlying implications of such comments and how they transform our conversations, sharing, and collective learning. We'll also exchange success stories and strategies to prevent these 'more-of-a-comment' monologues and effectively respond when they do occur. Likewise, we will try to think of alternative ways to encourage sharing potentially interesting information that is not question-shaped. Join us to make Q&A sessions more productive, inclusive, and engaging!\r\n\r\n//\r\n\r\nWart ihr schon mal bei einer Fragerunde, wo jemand mit \"Das ist eher ein Kommentar als eine Frage\" anfängt oder einfach drauflos redet, weil er unbedingt seine Meinung teilen möchte? Dieser scheinbar harmlose Satz kann die Dynamik in Gruppengesprächen erheblich verändern. In unserer Session wollen wir uns damit auseinandersetzen, was hinter solchen Kommentaren steckt und wie sie unsere Diskussionen und das gemeinsame Lernen beeinflussen. Wir teilen Erfahrungen und Strategien, wie wir solche Kommentar-Monologe verhindern und effektiv darauf reagieren können. Außerdem versuchen wir, uns Alternativen einfallen zu lassen, wie man interessante Infos teilen könnte, die keine Fragen sind. Für Fragerunden, die produktiver, inklusiver und spannender sind!","end_timestamp":{"seconds":1703701200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53253,53266],"conference_id":131,"event_ids":[53626,53638],"name":"sumpfhexe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52453}],"timeband_id":1140,"links":[],"end":"2023-12-27T18:20:00.000-0000","id":53638,"village_id":null,"tag_ids":[46133,46140],"begin_timestamp":{"seconds":1703697600,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52453}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T17:20:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Only save favorites? Bookmarklets with JS and HTML offer more 🤖\r\n\r\nhttps://etherpad.wikimedia.org/p/hackwords\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"📑 Lesezeichen zum Scrapen, Pimpen und Hosten von Webseiten 🌐","end_timestamp":{"seconds":1703700000,"nanoseconds":0},"android_description":"Only save favorites? Bookmarklets with JS and HTML offer more 🤖\r\n\r\nhttps://etherpad.wikimedia.org/p/hackwords","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T18:00:00.000-0000","id":53615,"begin_timestamp":{"seconds":1703697300,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"begin":"2023-12-27T17:15:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This session is for everyone who enjoys playing table and card games. We will split up in small groups depending on your likings and the appropiate number of players for each game and play your games together.\r\n\r\nYour games? Yes! Bring your own games you want to play with other hackers.\r\n\r\n\r\n🧮\n\n\n","title":"Tischspielrunde - Bring your own game","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"This session is for everyone who enjoys playing table and card games. We will split up in small groups depending on your likings and the appropiate number of players for each game and play your games together.\r\n\r\nYour games? Yes! Bring your own games you want to play with other hackers.\r\n\r\n\r\n🧮","end_timestamp":{"seconds":1703703300,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T18:55:00.000-0000","id":53577,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703697300,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T17:15:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This session shows how to use [chatmail](https://github.com/deltachat/chatmail) to run a simple mail server setup, optimized for using it for chatting with the email messenger Delta Chat. It has never been this easy to self-host your own decentralized chat server.\r\n\r\nThis session is not recorded.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"chatmail: self-hosting email servers, optimized for chatting with Delta Chat","end_timestamp":{"seconds":1703700000,"nanoseconds":0},"android_description":"This session shows how to use [chatmail](https://github.com/deltachat/chatmail) to run a simple mail server setup, optimized for using it for chatting with the email messenger Delta Chat. It has never been this easy to self-host your own decentralized chat server.\r\n\r\nThis session is not recorded.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T18:00:00.000-0000","id":53623,"begin_timestamp":{"seconds":1703696400,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In this session, I invite the participants to have 1-on-1 conversations about hypothetical life scenarios. \r\n\r\nWe will follow an outline of the practice presented in The Conversation Book published by our independent, non-for-profit Circadian Press. In this book, we propose a practice and questions that help explore life scenarios that have not happened yet. We invite the participants to find a random partner among those who are present, and to pose the questions to each other, listen to the responses, and, hopefully, find out more about themselves and the others around. \r\n\r\nAt the end of the session we aim to have had a great time, meet new people, and — if you prefer — also have some actionable strategies to bring whatever it is that we imaged into the real. \r\n\r\nThe exact location is TBC after we get the map of the space. In the meanwhile, if you have any questions, please, reach out on Telegram @noduslabs\r\n\r\nMore info: [www.circadian.co/product/the-conversation-book](https://circadian.co/product/the-conversation-book/)\n\n\n","title":"Conversation Practice: Hypothetical Life Scenarios","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"In this session, I invite the participants to have 1-on-1 conversations about hypothetical life scenarios. \r\n\r\nWe will follow an outline of the practice presented in The Conversation Book published by our independent, non-for-profit Circadian Press. In this book, we propose a practice and questions that help explore life scenarios that have not happened yet. We invite the participants to find a random partner among those who are present, and to pose the questions to each other, listen to the responses, and, hopefully, find out more about themselves and the others around. \r\n\r\nAt the end of the session we aim to have had a great time, meet new people, and — if you prefer — also have some actionable strategies to bring whatever it is that we imaged into the real. \r\n\r\nThe exact location is TBC after we get the map of the space. In the meanwhile, if you have any questions, please, reach out on Telegram @noduslabs\r\n\r\nMore info: [www.circadian.co/product/the-conversation-book](https://circadian.co/product/the-conversation-book/)","end_timestamp":{"seconds":1703700000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T18:00:00.000-0000","id":53506,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703696400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"spans_timebands":"N","begin":"2023-12-27T17:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Tägliche Meetups zum Netzwerken, gegenseitiges Kennenlernen, Tipps geben.","title":"Bits & Bäume Community Treffen Tag 1","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"Tägliche Meetups zum Netzwerken, gegenseitiges Kennenlernen, Tipps geben.","end_timestamp":{"seconds":1703700000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T18:00:00.000-0000","id":53479,"begin_timestamp":{"seconds":1703696400,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Community Space","hotel":"","short_name":"Bits & Bäume Community Space","id":46145},"begin":"2023-12-27T17:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"A p4p meetup, we are going to discuss technologies such as SSB, p2panda, earthstar, cabal, willow, ppppp, dat etc. We want to talk about how to make decentralized tech more popular, update each other on the current state of the community and so on. Expect a lot of anarchy.\r\n\r\nWe probably want to structure this as a short intro + free form loosely structured discussion around the topics we pick at the start of the meeting. The exact form is dependent on how many people will come.\n\n\n","title":"p4p meetup","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703700000,"nanoseconds":0},"android_description":"A p4p meetup, we are going to discuss technologies such as SSB, p2panda, earthstar, cabal, willow, ppppp, dat etc. We want to talk about how to make decentralized tech more popular, update each other on the current state of the community and so on. Expect a lot of anarchy.\r\n\r\nWe probably want to structure this as a short intro + free form loosely structured discussion around the topics we pick at the start of the meeting. The exact form is dependent on how many people will come.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T18:00:00.000-0000","id":53475,"begin_timestamp":{"seconds":1703696400,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T17:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Mit Manfred Kloiber, Peter Welchering und Marie Zinkann\n\n\nDas Team von Computer und Kommunikation freut sich auf ein Gespräch mit Dir! Über Radiomachen, über Podcastmachen oder über ein anderes Thema Deiner Wahl ...","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Deutschlandfunk: Offener Studiotalk Computer und Kommunikation .","end_timestamp":{"seconds":1703697300,"nanoseconds":0},"android_description":"Mit Manfred Kloiber, Peter Welchering und Marie Zinkann\n\n\nDas Team von Computer und Kommunikation freut sich auf ein Gespräch mit Dir! Über Radiomachen, über Podcastmachen oder über ein anderes Thema Deiner Wahl ...","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T17:15:00.000-0000","id":53637,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703694600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"spans_timebands":"N","begin":"2023-12-27T16:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Reguläre Ausdrücke wie /^([a-zA-Z0-9])(([\\-.]|[_]+)?([a-zA-Z0-9]+))*(@){1}[a-z0-9]+[.]{1}(([a-z]{2,3})|([a-z]{2,3}[.]{1}[a-z]{2,3}))$/ oder einfacher ([a-zA-Z]+)* verwirren dich? Keine Sorge, je nach zu validierendem Input verwirrt es deinen Computer auch! \r\nDieser Talk befasst sich mit regulären Ausdrücken: Wir steigen ein mit einem kurzen Ausflug in die theoretische Informatik und endliche Automaten, befassen uns allgemein mit regulären Ausdrücken und warum diese nützlich sind, bis wir herausfinden, was es mit bösen regulären Ausdrücken auf sich hat - und wie diese mit dem entsprechenden Payload für Denial of Service-Angriffe genutzt werden können. \r\nUm von diesem Talk etwas mitnehmen zu können, reicht es, schon mal was von regulären Ausdrücken gehört und ggf. sehr einfache Versionen selbst schon einmal angewandt zu haben. Du musst kein Regular Expression Pub Quiz gewonnen haben, um etwas zu verstehen, ganz im Gegenteil. Wahrscheinlich ist es für dich sogar etwas langweilig, wenn du RegEx-Pro bist.\n\n\nKurze Einführung in reguläre Ausdrücke, Konzept und Verwendung - bis zum Ausnutzen bestimmter Kombinationen von regulären Ausdrücken und Payload für einen Regular Expression Denial of Service (reDoS)-Angriff","title":"aaaaaaaaaaa! - Mein regulärer Ausdruck ist böse","type":{"conference_id":131,"conference":"37C3","color":"#6fdce3","updated_at":"2024-06-07T03:40+0000","name":"Talk 30 min + 10 min Q&A","id":46131},"android_description":"Reguläre Ausdrücke wie /^([a-zA-Z0-9])(([\\-.]|[_]+)?([a-zA-Z0-9]+))*(@){1}[a-z0-9]+[.]{1}(([a-z]{2,3})|([a-z]{2,3}[.]{1}[a-z]{2,3}))$/ oder einfacher ([a-zA-Z]+)* verwirren dich? Keine Sorge, je nach zu validierendem Input verwirrt es deinen Computer auch! \r\nDieser Talk befasst sich mit regulären Ausdrücken: Wir steigen ein mit einem kurzen Ausflug in die theoretische Informatik und endliche Automaten, befassen uns allgemein mit regulären Ausdrücken und warum diese nützlich sind, bis wir herausfinden, was es mit bösen regulären Ausdrücken auf sich hat - und wie diese mit dem entsprechenden Payload für Denial of Service-Angriffe genutzt werden können. \r\nUm von diesem Talk etwas mitnehmen zu können, reicht es, schon mal was von regulären Ausdrücken gehört und ggf. sehr einfache Versionen selbst schon einmal angewandt zu haben. Du musst kein Regular Expression Pub Quiz gewonnen haben, um etwas zu verstehen, ganz im Gegenteil. Wahrscheinlich ist es für dich sogar etwas langweilig, wenn du RegEx-Pro bist.\n\n\nKurze Einführung in reguläre Ausdrücke, Konzept und Verwendung - bis zum Ausnutzen bestimmter Kombinationen von regulären Ausdrücken und Payload für einen Regular Expression Denial of Service (reDoS)-Angriff","end_timestamp":{"seconds":1703697000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T17:10:00.000-0000","id":53478,"tag_ids":[46131,46139],"begin_timestamp":{"seconds":1703694600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T16:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In the world of code, errors are fixable, but what about in human interactions? Our Social Rejection Games workshop is your chance to update your social firmware. We’ll tackle the outdated, tribal fear of rejection that hinders potential in our modern, liberal social systems. \r\n\r\nFrom making calls to asking for a favor or that coveted phone number, we'll follow a hands-on protocol to challenge and reprogram your social instincts.\r\n\r\n[Disclaimer: I scheduled the event with a duration of '30 min' due to not reserve Stage Y for more time than needed as we'll go outside. The event will take ~90 min]\r\n\r\nPlease bring your jacket, we'll go outside\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Social Rejection Games [90 min duration, 30 min of it at Stage of Y]","android_description":"In the world of code, errors are fixable, but what about in human interactions? Our Social Rejection Games workshop is your chance to update your social firmware. We’ll tackle the outdated, tribal fear of rejection that hinders potential in our modern, liberal social systems. \r\n\r\nFrom making calls to asking for a favor or that coveted phone number, we'll follow a hands-on protocol to challenge and reprogram your social instincts.\r\n\r\n[Disclaimer: I scheduled the event with a duration of '30 min' due to not reserve Stage Y for more time than needed as we'll go outside. The event will take ~90 min]\r\n\r\nPlease bring your jacket, we'll go outside","end_timestamp":{"seconds":1703696400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T17:00:00.000-0000","id":53473,"village_id":null,"begin_timestamp":{"seconds":1703694600,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T16:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Amateurfunk ist ein vielfältiges Hobby. In einem kurzen Abriss zeigen wir verschiedene Aktivitäten, die alle mit Amateurfunk zusammenhängen. Außerdem gibt es einen kurzen Abriss darüber, wie man in Deutschland Funkamateur wird.\n\n\nWir wecken die Faszination, die hinter dem Amateurfunk steckt, um weltweit und darüber hinaus ohne Grenzen und Provider zu kommunizieren und zeigen den Weg dahin in Deutschland.","title":"Amateurfunk - Kommunikation ohne Grenzen und Provider","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"Amateurfunk ist ein vielfältiges Hobby. In einem kurzen Abriss zeigen wir verschiedene Aktivitäten, die alle mit Amateurfunk zusammenhängen. Außerdem gibt es einen kurzen Abriss darüber, wie man in Deutschland Funkamateur wird.\n\n\nWir wecken die Faszination, die hinter dem Amateurfunk steckt, um weltweit und darüber hinaus ohne Grenzen und Provider zu kommunizieren und zeigen den Weg dahin in Deutschland.","end_timestamp":{"seconds":1703695800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T16:50:00.000-0000","id":53470,"begin_timestamp":{"seconds":1703694600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chaoswelle","hotel":"","short_name":"Chaoswelle","id":46141},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T16:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The current state of the space ecosystem is characterized by its reliance on defense-oriented policies and outdated systems, hindering the true potential of space exploration. Despite the promise of Space 4.0, the reality is that space remains largely inaccessible to the public at large.\r\n\r\nAgainst this backdrop, a group of hackers and makers is revolutionizing the space industry. By promoting the hacker ethos of innovation, resourcefulness, and open-source principles, they are challenging the status quo and delivering creativity and accessibility into the space sector.\r\n\r\nDriven by the hackerspace movement and the broader community, we, Libre Space Foundation, are actively building our own satellites, space technologies, sharing knowledge and resources, and pushing the boundaries of space exploration. Our mission is to democratize space, making it available to everyone, regardless of background or resources.\r\n\r\nThis emerging movement faces unique challenges, including working within a small, underfunded ecosystem, developing software and hardware, mapping out processes amidst complex space law and global politics, and ensuring long-term sustainability without relying on external funding.\r\n\r\nTo overcome these challenges and harness the full potential of this movement, we propose a manifesto with four pillars:\r\n\r\nOpen Source: All technologies developed for outer space shall be published and licensed using open source licenses.\r\nOpen Data: All data related to and produced in outer space shall be freely accessed, used and built upon by anyone, anywhere, and shall be shared and managed according to the principles above.\r\nOpen Development: All technologies for outer space shall be developed in a transparent, legible, documented, testable, modular, and efficient way.\r\nOpen Governance: All technologies for outer space shall be governed in a participatory, collaborative, direct, and distributed way.\r\n\r\nBy embracing these pillars, we can create a more open, inclusive, and sustainable space ecosystem that empowers individuals and communities to participate in the exploration of the cosmos.\n\n\nEmbark on Libre Space Foundation's journey into the world of open-source space exploration, where a passionate community of hackers and makers is challenging the traditional defense-driven approach to spacefaring. Discover how we are democratizing space by embracing open-source technologies, community collaboration, and a commitment to sustainability.","title":"How to Hack Your Way to Space","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"The current state of the space ecosystem is characterized by its reliance on defense-oriented policies and outdated systems, hindering the true potential of space exploration. Despite the promise of Space 4.0, the reality is that space remains largely inaccessible to the public at large.\r\n\r\nAgainst this backdrop, a group of hackers and makers is revolutionizing the space industry. By promoting the hacker ethos of innovation, resourcefulness, and open-source principles, they are challenging the status quo and delivering creativity and accessibility into the space sector.\r\n\r\nDriven by the hackerspace movement and the broader community, we, Libre Space Foundation, are actively building our own satellites, space technologies, sharing knowledge and resources, and pushing the boundaries of space exploration. Our mission is to democratize space, making it available to everyone, regardless of background or resources.\r\n\r\nThis emerging movement faces unique challenges, including working within a small, underfunded ecosystem, developing software and hardware, mapping out processes amidst complex space law and global politics, and ensuring long-term sustainability without relying on external funding.\r\n\r\nTo overcome these challenges and harness the full potential of this movement, we propose a manifesto with four pillars:\r\n\r\nOpen Source: All technologies developed for outer space shall be published and licensed using open source licenses.\r\nOpen Data: All data related to and produced in outer space shall be freely accessed, used and built upon by anyone, anywhere, and shall be shared and managed according to the principles above.\r\nOpen Development: All technologies for outer space shall be developed in a transparent, legible, documented, testable, modular, and efficient way.\r\nOpen Governance: All technologies for outer space shall be governed in a participatory, collaborative, direct, and distributed way.\r\n\r\nBy embracing these pillars, we can create a more open, inclusive, and sustainable space ecosystem that empowers individuals and communities to participate in the exploration of the cosmos.\n\n\nEmbark on Libre Space Foundation's journey into the world of open-source space exploration, where a passionate community of hackers and makers is challenging the traditional defense-driven approach to spacefaring. Discover how we are democratizing space by embracing open-source technologies, community collaboration, and a commitment to sustainability.","end_timestamp":{"seconds":1703697300,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53222],"conference_id":131,"event_ids":[53599],"name":"Manthos Papamatthaiou","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52457}],"timeband_id":1140,"links":[{"label":"Libre Space Foundation","type":"link","url":"https://libre.space"},{"label":"Libre Space Manifesto","type":"link","url":"https://manifesto.libre.space"}],"end":"2023-12-27T17:15:00.000-0000","id":53599,"village_id":null,"tag_ids":[46122,46136,46140],"begin_timestamp":{"seconds":1703693700,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52457}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"begin":"2023-12-27T16:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In August 2023, we published the TETRA:BURST vulnerablities - the result of the first public in-depth security analysis of TETRA (Terrestrial Trunked Radio): a European standard for trunked radio globally used by government agencies, police, military, and critical infrastructure. Authentication and encryption within TETRA are handled by proprietary cryptographic cipher-suites, which had remained secret for over two decades through restrictive NDAs until our reverse-engineering and publication.\r\n\r\nTETRA:BURST consists of five vulnerabilities, two of which are critical, including the backdoored TEA1 cipher (crackable in minutes on commodity hardware by a passive adversary), a keystream recovery attack (which works regardless of the cipher employed), and a deanonymization attack with counter-intelligence implications.\r\n\r\nIn this talk, we will discuss and demonstrate the TETRA:BURST vulnerabilities themselves and will - for the first time - disclose the details of the TA61 identity anonymization primitive and our Meet-in-the-Middle deanonymization attack against it. In addition, we will provide more background on how the TEA1 backdoor proliferated throughout Europe and provide attendees with an update on new developments since our initial disclosure, the future of TETRA, and the vast amount of TETRA hardening work that still needs to be done in critical infrastructure.\n\n\nThis talk will present details of the TETRA:BURST vulnerablities - the result of the first public in-depth security analysis of TETRA (Terrestrial Trunked Radio): a European standard for trunked radio globally used by government agencies, police, military, and critical infrastructure relying on secret cryptographic algorithms which we reverse-engineered and published in August 2023. Adding to our initial disclosure, this talk will present new details on our deanonymization attack and provide additional insights into background and new developments.","title":"All cops are broadcasting","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703697300,"nanoseconds":0},"android_description":"In August 2023, we published the TETRA:BURST vulnerablities - the result of the first public in-depth security analysis of TETRA (Terrestrial Trunked Radio): a European standard for trunked radio globally used by government agencies, police, military, and critical infrastructure. Authentication and encryption within TETRA are handled by proprietary cryptographic cipher-suites, which had remained secret for over two decades through restrictive NDAs until our reverse-engineering and publication.\r\n\r\nTETRA:BURST consists of five vulnerabilities, two of which are critical, including the backdoored TEA1 cipher (crackable in minutes on commodity hardware by a passive adversary), a keystream recovery attack (which works regardless of the cipher employed), and a deanonymization attack with counter-intelligence implications.\r\n\r\nIn this talk, we will discuss and demonstrate the TETRA:BURST vulnerabilities themselves and will - for the first time - disclose the details of the TA61 identity anonymization primitive and our Meet-in-the-Middle deanonymization attack against it. In addition, we will provide more background on how the TEA1 backdoor proliferated throughout Europe and provide attendees with an update on new developments since our initial disclosure, the future of TETRA, and the vast amount of TETRA hardening work that still needs to be done in critical infrastructure.\n\n\nThis talk will present details of the TETRA:BURST vulnerablities - the result of the first public in-depth security analysis of TETRA (Terrestrial Trunked Radio): a European standard for trunked radio globally used by government agencies, police, military, and critical infrastructure relying on secret cryptographic algorithms which we reverse-engineered and published in August 2023. Adding to our initial disclosure, this talk will present new details on our deanonymization attack and provide additional insights into background and new developments.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53210],"conference_id":131,"event_ids":[53587],"name":"Jos Wetzels","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52261},{"content_ids":[53210],"conference_id":131,"event_ids":[53587],"name":"Carlo Meijer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52279},{"content_ids":[53210],"conference_id":131,"event_ids":[53587],"name":"Wouter Bokslag","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52498}],"timeband_id":1140,"end":"2023-12-27T17:15:00.000-0000","links":[{"label":"TETRA:BURST website","type":"link","url":"https://www.tetraburst.com/"}],"id":53587,"village_id":null,"tag_ids":[46124,46136,46140],"begin_timestamp":{"seconds":1703693700,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52279},{"tag_id":46107,"sort_order":1,"person_id":52261},{"tag_id":46107,"sort_order":1,"person_id":52498}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","begin":"2023-12-27T16:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Since the dawn of deep mediatization (Hepp, 2020), the start-up scene posing as digital pioneers has been declaring a state of revolution, seeking nothing but disruption with the introductions of their products into society. A goal they definitely achieved with the introduction of micro-mobility services to our cityscapes / public space. \r\n\r\nIn 2020, Dennis de Bel and Anton Jehle therefore initiated the OPENCOIL research project to gain a better understanding of this latest venture capitalist phenomenon, share knowledge, establish a community, and develop tools to provoke a public debate. Later that year, they organized their first public intervention, the roaming speedshow, in Berlin and shared their insights with the community at rc3 (https://media.ccc.de/v/rc3-11575-opencoil\\_a\\_roaming\\_speedshow). \r\n\r\nThe ever changing landscape of micro-mobilty kept Speedy and Scooty invested and they are here at 37C3 to give an update on the OPENCOIL project! The term \"revolution\" has become a beloved buzzword for the platform economy. to take the world by storm: when in early 2018, thousands of electric kick scooters, or “trotinettes” as the french like to call them, flooded the city of Paris , the media sure was quick to coin this the \"micromobility revolution\" (Medium, 2018). As the french are somewhat experts in the field of revolutionizing, Paris is arguably the key to any successful uprising. The seemingly endless back and forth between regulation and cooperation, between sharing and exploiting, progress and regression of micromobility can be observed here like in no other European city. As of August 31st 2023, the trotinettes have been banned from the streets of Paris with almost 90 % of public votes supporting the decision. Today the Bastille square is completely freed from trottinettes: a revolution by the people.\r\n\r\nWith this years talk Scooty and Speedy will be problematising the rise (and fall) of shared mobility and its effects on the basis of Paris as well as related interventions and observations of the past three years.\n\n\nOPENCOIL and the fine art of appropriating micro-mobility services for fun and debate.","title":"Opencoil","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703697300,"nanoseconds":0},"android_description":"Since the dawn of deep mediatization (Hepp, 2020), the start-up scene posing as digital pioneers has been declaring a state of revolution, seeking nothing but disruption with the introductions of their products into society. A goal they definitely achieved with the introduction of micro-mobility services to our cityscapes / public space. \r\n\r\nIn 2020, Dennis de Bel and Anton Jehle therefore initiated the OPENCOIL research project to gain a better understanding of this latest venture capitalist phenomenon, share knowledge, establish a community, and develop tools to provoke a public debate. Later that year, they organized their first public intervention, the roaming speedshow, in Berlin and shared their insights with the community at rc3 (https://media.ccc.de/v/rc3-11575-opencoil\\_a\\_roaming\\_speedshow). \r\n\r\nThe ever changing landscape of micro-mobilty kept Speedy and Scooty invested and they are here at 37C3 to give an update on the OPENCOIL project! The term \"revolution\" has become a beloved buzzword for the platform economy. to take the world by storm: when in early 2018, thousands of electric kick scooters, or “trotinettes” as the french like to call them, flooded the city of Paris , the media sure was quick to coin this the \"micromobility revolution\" (Medium, 2018). As the french are somewhat experts in the field of revolutionizing, Paris is arguably the key to any successful uprising. The seemingly endless back and forth between regulation and cooperation, between sharing and exploiting, progress and regression of micromobility can be observed here like in no other European city. As of August 31st 2023, the trotinettes have been banned from the streets of Paris with almost 90 % of public votes supporting the decision. Today the Bastille square is completely freed from trottinettes: a revolution by the people.\r\n\r\nWith this years talk Scooty and Speedy will be problematising the rise (and fall) of shared mobility and its effects on the basis of Paris as well as related interventions and observations of the past three years.\n\n\nOPENCOIL and the fine art of appropriating micro-mobility services for fun and debate.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53143],"conference_id":131,"event_ids":[53438],"name":"Speedy","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52364},{"content_ids":[53143],"conference_id":131,"event_ids":[53438],"name":"Scooty","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52422}],"timeband_id":1140,"end":"2023-12-27T17:15:00.000-0000","links":[{"label":"Opencoil Website","type":"link","url":"https://opencoil.show/"},{"label":"Opencoil Wiki","type":"link","url":"https://wiki.teilenmachtspass.lol"},{"label":"Opencoil 2020","type":"link","url":"http://dennisdebel.nl/2017/2020-Opencoil/"},{"label":"rc3 Talk","type":"link","url":"https://media.ccc.de/v/rc3-11575-opencoil_a_roaming_speedshow"}],"id":53438,"tag_ids":[46118,46136,46140],"begin_timestamp":{"seconds":1703693700,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52422},{"tag_id":46107,"sort_order":1,"person_id":52364}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","begin":"2023-12-27T16:15:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"- Discussion\r\n- Paper Data eSIM giveaway\n\n\nZeroKYC Anonymous eSIM service: security and privacy implications for mobile users. Use cases. Advantages and limitations.\r\nQuestions and answers.\r\nHands-on experience.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Mobile phone privacy with silent.link (Workshop)","end_timestamp":{"seconds":1703696400,"nanoseconds":0},"android_description":"- Discussion\r\n- Paper Data eSIM giveaway\n\n\nZeroKYC Anonymous eSIM service: security and privacy implications for mobile users. Use cases. Advantages and limitations.\r\nQuestions and answers.\r\nHands-on experience.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T17:00:00.000-0000","id":53909,"village_id":null,"begin_timestamp":{"seconds":1703692800,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"spans_timebands":"N","begin":"2023-12-27T16:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/hye-eun-kim","title":"Hye-Eun Kim","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703700000,"nanoseconds":0},"android_description":"https://soundcloud.com/hye-eun-kim","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T18:00:00.000-0000","id":53905,"village_id":null,"begin_timestamp":{"seconds":1703692800,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"begin":"2023-12-27T16:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir berichten heute in \"Wirtschaft und Gesellschaft\" vom 37C3 in Hamburg. im Mittelpunkt stehen die Diskussion und Talks zur Digitalisierung des Gesundheitswesens.\r\nReporter: Peter Welchering","title":"Deutschlandfunk live: Wirtschaft und Gellschaft","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Wir berichten heute in \"Wirtschaft und Gesellschaft\" vom 37C3 in Hamburg. im Mittelpunkt stehen die Diskussion und Talks zur Digitalisierung des Gesundheitswesens.\r\nReporter: Peter Welchering","end_timestamp":{"seconds":1703694600,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T16:30:00.000-0000","id":53903,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703692800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"begin":"2023-12-27T16:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: Sebastian Jünemann\r\n\r\nEine Menge Planung, eine Menge Bürokratie, ein riesiger Aufwand, um auf dem Papier den Status eines „classified team“ zu bekommen. Aber zwischen Theorie und Praxis klafft eine riesige Lücke. Um zu zeigen was das heißt geben wir in diesem Workshop eine kurze Einführung darin, wie ein Hilfseinsatz technisch und logistisch on ground geplant werden muss…und gehen dann direkt in die Anwendung und organisieren anhand von konkreten Fallbeispielen Einsätze in der Praxis. Seid wie wir wenig überrascht davon wie schlecht sich die reine Theorie in der Praxis umsetzen lässt und wieviel Kreativität und Flexibilität benötigt wird, damit Hilfe wirklich geleistet werden kann und ankommt.\n\n\nCadus befindet sich kurz vor dem Abschluss unserer Klassifikation als Emergency Medical Team nach den Richtlinien der WHO.","title":"Nothing´s ever easy: Katastrophenhilfe zwischen Theorie und Praxis","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703696400,"nanoseconds":0},"android_description":"Host: Sebastian Jünemann\r\n\r\nEine Menge Planung, eine Menge Bürokratie, ein riesiger Aufwand, um auf dem Papier den Status eines „classified team“ zu bekommen. Aber zwischen Theorie und Praxis klafft eine riesige Lücke. Um zu zeigen was das heißt geben wir in diesem Workshop eine kurze Einführung darin, wie ein Hilfseinsatz technisch und logistisch on ground geplant werden muss…und gehen dann direkt in die Anwendung und organisieren anhand von konkreten Fallbeispielen Einsätze in der Praxis. Seid wie wir wenig überrascht davon wie schlecht sich die reine Theorie in der Praxis umsetzen lässt und wieviel Kreativität und Flexibilität benötigt wird, damit Hilfe wirklich geleistet werden kann und ankommt.\n\n\nCadus befindet sich kurz vor dem Abschluss unserer Klassifikation als Emergency Medical Team nach den Richtlinien der WHO.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T17:00:00.000-0000","id":53899,"village_id":null,"begin_timestamp":{"seconds":1703692800,"nanoseconds":0},"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"begin":"2023-12-27T16:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Jazz DJ hex328 aus Mudbyte","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Jazzclub 37c3 - hex328","android_description":"Jazz DJ hex328 aus Mudbyte","end_timestamp":{"seconds":1703700000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T18:00:00.000-0000","id":53895,"village_id":null,"begin_timestamp":{"seconds":1703692800,"nanoseconds":0},"tag_ids":[46137,46141],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T16:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Are you looking for funding for your project? Unsure if your new idea would be likely to get support? Interested in applying for a grant, in getting to know who ensures funds run smoothly or simply curious? Come say hi! We're here to answer all your questions about our funds.\r\n\r\nAt this meetup you will have the opportunity to meet team members from the following funds:\r\n- The Prototype Fund supports software developers, designers and other creatives in transforming their ideas from a concept into a software prototype. Whether data security, mobility, education or democracy – together we explore and test new ways for technical and social innovations as open source software from society and for society. \r\n- NLnet foundation (after its historical contribution to the early internet in Europe) has been financially supporting organizations and people that contribute to an open information society since 1997. It funds those with ideas to fix the internet. The procedure is fast, competitive and open to anyone.\r\n- The Sovereign Tech Fund supports the development, improvement and maintenance of open digital infrastructure. Our goal is to sustainably strengthen the open source ecosystem. We focus on security, resilience, technological diversity, and the people behind the code.\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Meet the Funders: Sovereign Tech Fund, NLNet, Prototype Fund","android_description":"Are you looking for funding for your project? Unsure if your new idea would be likely to get support? Interested in applying for a grant, in getting to know who ensures funds run smoothly or simply curious? Come say hi! We're here to answer all your questions about our funds.\r\n\r\nAt this meetup you will have the opportunity to meet team members from the following funds:\r\n- The Prototype Fund supports software developers, designers and other creatives in transforming their ideas from a concept into a software prototype. Whether data security, mobility, education or democracy – together we explore and test new ways for technical and social innovations as open source software from society and for society. \r\n- NLnet foundation (after its historical contribution to the early internet in Europe) has been financially supporting organizations and people that contribute to an open information society since 1997. It funds those with ideas to fix the internet. The procedure is fast, competitive and open to anyone.\r\n- The Sovereign Tech Fund supports the development, improvement and maintenance of open digital infrastructure. Our goal is to sustainably strengthen the open source ecosystem. We focus on security, resilience, technological diversity, and the people behind the code.","end_timestamp":{"seconds":1703696400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T17:00:00.000-0000","id":53628,"village_id":null,"begin_timestamp":{"seconds":1703692800,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T16:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Format: Open discussion group in which there should be space for networking and connecting with your own projects.\r\n\r\nAgriculture needs more options and integrations in digital processes. The diversity and complexity of the area and activities are a challenge for digitalization. Understanding between the domains of IT and agriculture is only possible with interdisciplinary collaboration, because deeper knowledge in both domains is practically impossible to find in personal union.\r\n\r\nWe discuss which digital options are already available to interested farmers and what obstacles exist despite the variety of offers. This results in aspects of how digitalization should be designed in order to be able to provide added value.\r\n\r\nI will give a short keynote speech to introduce the area and the topics we work on.\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Digital in der Landwirtschaft","end_timestamp":{"seconds":1703696400,"nanoseconds":0},"android_description":"Format: Open discussion group in which there should be space for networking and connecting with your own projects.\r\n\r\nAgriculture needs more options and integrations in digital processes. The diversity and complexity of the area and activities are a challenge for digitalization. Understanding between the domains of IT and agriculture is only possible with interdisciplinary collaboration, because deeper knowledge in both domains is practically impossible to find in personal union.\r\n\r\nWe discuss which digital options are already available to interested farmers and what obstacles exist despite the variety of offers. This results in aspects of how digitalization should be designed in order to be able to provide added value.\r\n\r\nI will give a short keynote speech to introduce the area and the topics we work on.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T17:00:00.000-0000","id":53622,"village_id":null,"begin_timestamp":{"seconds":1703692800,"nanoseconds":0},"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T16:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"**Mehr Infos zu #1 Merch- und Lieblingskleidung flicken | VisibleMending:**\r\n\r\nEs werden keine Vorkenntnisse gebraucht, was jedoch benötigt wird, ist ein Kleidungsstück, welches ihr flicken wollt. Dies dann bitte einpacken und zum Workshop mitbringen. \r\nSolltet ihr bereits Stoffreste für Flicken oder Stickgarne haben, bringt die auch gerne mit, aber das ist optional. Wir werden auch einiges zur Auswahl da haben für euch.\r\n\r\nEs geht in dem Workshop eher um kleinere Reparaturen wie Löcher, offene Nähte, fehlende Knöpfe. Inspiriert sind die sichtbaren Reparaturen u.a. vom japanischen Sashiko, wo mit feinem Garn ganze Flächen mit einfachen oder aufwendigen oft geometrischen Mustern verziert werden, um Stoffe zu reparieren.\r\n\r\n**Mehr Infos und Link auf die Schablone**: \r\n* [https://pads.haecksen.org/s/visible_mending](https://pads.haecksen.org/s/visible_mending)\r\n\r\n----- \r\n\r\n**Mehr Infos zu 2 || Knitting for beginners and everyone else | Stricken für Anfänger\\*innen und alle, die Lust haben, auf dem 37c3 zu stricken:**\r\n\r\nFür den Strick-Workshop werden keine Vorkenntnisse benötigt. Falls Ihr schon Wolle oder Projektideen habt, bringt alles mit, ich werde aber auch Material für erste Strickversuche dabei haben. \r\n\r\nDer Workshop soll eine kleine Einführungs ins Stricken bieten und richtet sich nach Euren Interessen. Wir können gemeinsam üben, Maschen aufzunehmen, rechte und linke Maschen zu Stricken und einige grundlegende Dinge über verschiedene Techniken zu besprechen. Falls Ihr nach ersten Projekten schaut können wir gemeinsam überlegen, was sinnvolle erste Projekte sein können. Wir werden auch über Online-Ressourcen sprechen, die Ihr nutzen könnt. \r\n\r\nWer möchte, kann ein kleines Projekt im Workshop beginnen. Während der Kongress läuft können wir in Kontakt bleiben und uns zum weiterstricken treffen oder Probleme beheben. \r\n\r\nNo previous knowledge is required for the knitting workshop. If you already have wool or project ideas, bring everything with you, but I will also have material for your first knitting attempts. \r\n\r\nThe workshop will be a short introduction to knitting and will be based on your interests. We can practice picking up stitches together, knitting purl and knit stitches and discuss some basic things about different techniques. If you are thinking about starting a knitting project, we can think about projects, which make sense and don't demotivate you. We will also talk about online resources on knitting. \r\n\r\nIf you like, you can start a little project during the workshop. We can keep in touch during the congress, meet again for a knit-along, or solve issues you have with your project. \r\n\r\n\r\n**Weitere Infos / further information here**\r\nhttps://pad.systemli.org/p/Y6TrGOFTg5qlS9xbx5Yv-keep\n\n\nAchtung: In diesem Slot finden zwei Workshops nebeneinander statt, die ihr besuchen könnt!\r\n\r\n----- \r\n\r\n**1 || Merch- und Lieblingskleidung flicken | #VisibleMending** bei naerrin und neon_mate\r\n\r\nBei diesem kleinen Workshop geht es darum auf kreative Weise seine Kleidung von Hand zu flicken, ohne eine Nähmaschine. Vor allem wenn es sich um das Congress T-shirt von vor 8 Jahren, die absolute Lieblingsjeans oder selbstgemachte Stricksocken handelt, möchte man sich vielleicht noch nicht davon trennen. So eine geflickte Stelle muss aber auch nicht unsichtbar sein, so ein Loch erzählt ja manchmal auch eine Geschichte und bietet auch Raum für kleine Kunstwerke oder lustige Patches, und ein fehlender Knopf kann auch durch einen andersfarbigen Knopf ersetzt werden.\r\n\r\n-----\r\n\r\n\r\n**2 || Knitting for beginners and everyone else | Stricken für Anfänger\\*innen und alle, die Lust haben, auf dem 37c3 zu stricken** bei Sarah\r\n\r\n**EN:** I would like to offer a knitting workshop / gathering for beginners and everyone else interested in knitting a few stitches at 37c3. I think knitting it is a wonderful skill best to be learned by doing and face to face. Beginners could learn some basics straight away, or talk about project ideas. And there are a lot of resources to share in the web we could talk about.\r\n\r\n**GER:** Ich möchte einen Strickworkshop / ein Stricktreffen für Anfänger und alle, die ein paar Maschen beim 37c3 stricken wollen, anbieten. Stricken ist eine tolle Fertigkeit, die Du Dir am besten \"learning by doing\" mit anderen zusammen aneignen kannst. Anfänger*innen könnten sofort einige Grundlagen lernen oder über Projektideen sprechen. Und es gibt einige Ressourcen im Internet, über die wir uns austauschen könnten.","title":"Merch und Lieblingskleidung flicken | Stricken für Anfänger*innen || 2 Workshops parallel","type":{"conference_id":131,"conference":"37C3","color":"#7f73c6","updated_at":"2024-06-07T03:40+0000","name":"Workshop","id":46133},"android_description":"**Mehr Infos zu #1 Merch- und Lieblingskleidung flicken | VisibleMending:**\r\n\r\nEs werden keine Vorkenntnisse gebraucht, was jedoch benötigt wird, ist ein Kleidungsstück, welches ihr flicken wollt. Dies dann bitte einpacken und zum Workshop mitbringen. \r\nSolltet ihr bereits Stoffreste für Flicken oder Stickgarne haben, bringt die auch gerne mit, aber das ist optional. Wir werden auch einiges zur Auswahl da haben für euch.\r\n\r\nEs geht in dem Workshop eher um kleinere Reparaturen wie Löcher, offene Nähte, fehlende Knöpfe. Inspiriert sind die sichtbaren Reparaturen u.a. vom japanischen Sashiko, wo mit feinem Garn ganze Flächen mit einfachen oder aufwendigen oft geometrischen Mustern verziert werden, um Stoffe zu reparieren.\r\n\r\n**Mehr Infos und Link auf die Schablone**: \r\n* [https://pads.haecksen.org/s/visible_mending](https://pads.haecksen.org/s/visible_mending)\r\n\r\n----- \r\n\r\n**Mehr Infos zu 2 || Knitting for beginners and everyone else | Stricken für Anfänger\\*innen und alle, die Lust haben, auf dem 37c3 zu stricken:**\r\n\r\nFür den Strick-Workshop werden keine Vorkenntnisse benötigt. Falls Ihr schon Wolle oder Projektideen habt, bringt alles mit, ich werde aber auch Material für erste Strickversuche dabei haben. \r\n\r\nDer Workshop soll eine kleine Einführungs ins Stricken bieten und richtet sich nach Euren Interessen. Wir können gemeinsam üben, Maschen aufzunehmen, rechte und linke Maschen zu Stricken und einige grundlegende Dinge über verschiedene Techniken zu besprechen. Falls Ihr nach ersten Projekten schaut können wir gemeinsam überlegen, was sinnvolle erste Projekte sein können. Wir werden auch über Online-Ressourcen sprechen, die Ihr nutzen könnt. \r\n\r\nWer möchte, kann ein kleines Projekt im Workshop beginnen. Während der Kongress läuft können wir in Kontakt bleiben und uns zum weiterstricken treffen oder Probleme beheben. \r\n\r\nNo previous knowledge is required for the knitting workshop. If you already have wool or project ideas, bring everything with you, but I will also have material for your first knitting attempts. \r\n\r\nThe workshop will be a short introduction to knitting and will be based on your interests. We can practice picking up stitches together, knitting purl and knit stitches and discuss some basic things about different techniques. If you are thinking about starting a knitting project, we can think about projects, which make sense and don't demotivate you. We will also talk about online resources on knitting. \r\n\r\nIf you like, you can start a little project during the workshop. We can keep in touch during the congress, meet again for a knit-along, or solve issues you have with your project. \r\n\r\n\r\n**Weitere Infos / further information here**\r\nhttps://pad.systemli.org/p/Y6TrGOFTg5qlS9xbx5Yv-keep\n\n\nAchtung: In diesem Slot finden zwei Workshops nebeneinander statt, die ihr besuchen könnt!\r\n\r\n----- \r\n\r\n**1 || Merch- und Lieblingskleidung flicken | #VisibleMending** bei naerrin und neon_mate\r\n\r\nBei diesem kleinen Workshop geht es darum auf kreative Weise seine Kleidung von Hand zu flicken, ohne eine Nähmaschine. Vor allem wenn es sich um das Congress T-shirt von vor 8 Jahren, die absolute Lieblingsjeans oder selbstgemachte Stricksocken handelt, möchte man sich vielleicht noch nicht davon trennen. So eine geflickte Stelle muss aber auch nicht unsichtbar sein, so ein Loch erzählt ja manchmal auch eine Geschichte und bietet auch Raum für kleine Kunstwerke oder lustige Patches, und ein fehlender Knopf kann auch durch einen andersfarbigen Knopf ersetzt werden.\r\n\r\n-----\r\n\r\n\r\n**2 || Knitting for beginners and everyone else | Stricken für Anfänger\\*innen und alle, die Lust haben, auf dem 37c3 zu stricken** bei Sarah\r\n\r\n**EN:** I would like to offer a knitting workshop / gathering for beginners and everyone else interested in knitting a few stitches at 37c3. I think knitting it is a wonderful skill best to be learned by doing and face to face. Beginners could learn some basics straight away, or talk about project ideas. And there are a lot of resources to share in the web we could talk about.\r\n\r\n**GER:** Ich möchte einen Strickworkshop / ein Stricktreffen für Anfänger und alle, die ein paar Maschen beim 37c3 stricken wollen, anbieten. Stricken ist eine tolle Fertigkeit, die Du Dir am besten \"learning by doing\" mit anderen zusammen aneignen kannst. Anfänger*innen könnten sofort einige Grundlagen lernen oder über Projektideen sprechen. Und es gibt einige Ressourcen im Internet, über die wir uns austauschen könnten.","end_timestamp":{"seconds":1703697000,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53180],"conference_id":131,"event_ids":[53472],"name":"Sarah","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52463},{"content_ids":[53180],"conference_id":131,"event_ids":[53472],"name":"neon_mate","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52501}],"timeband_id":1140,"links":[],"end":"2023-12-27T17:10:00.000-0000","id":53472,"village_id":null,"begin_timestamp":{"seconds":1703691600,"nanoseconds":0},"tag_ids":[46133,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52463},{"tag_id":46107,"sort_order":1,"person_id":52501}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"begin":"2023-12-27T15:40:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Mit Carsten Besser, Daniel Evers, Manfred Kloiber, Peter Welchering und Marie Zinkann\n\n\nWir berichten täglich live vom 37C3 aus dem Sendezentrum Stage","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Deutschlandfunk live: Forschung Aktuell .","end_timestamp":{"seconds":1703692800,"nanoseconds":0},"android_description":"Mit Carsten Besser, Daniel Evers, Manfred Kloiber, Peter Welchering und Marie Zinkann\n\n\nWir berichten täglich live vom 37C3 aus dem Sendezentrum Stage","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T16:00:00.000-0000","id":53636,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703691000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Stage (Saal F)","hotel":"","short_name":"Sendezentrum Stage (Saal F)","id":46135},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T15:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In this session, we introduce the Critical Decentralization Cluster and its 9 Assemblies. We will present to you the content and the workshop program of our Cluster. The aim of this session is to bring you closer to the content and the people behind the Assemblies. https://decentral.community\n\n\n","title":"CDC: Introduction to Critical Decentralization","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703692800,"nanoseconds":0},"android_description":"In this session, we introduce the Critical Decentralization Cluster and its 9 Assemblies. We will present to you the content and the workshop program of our Cluster. The aim of this session is to bring you closer to the content and the people behind the Assemblies. https://decentral.community","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T16:00:00.000-0000","id":53471,"village_id":null,"begin_timestamp":{"seconds":1703691000,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T15:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"DearMEP is a tool to empower citizens to reach out – easy, directly and free of charge – to their elected representatives in the European Parliament. Our goal is to make the voices of average people heard in the political process!\r\n\r\nMany important decisions are taken in Europe. Yet, Brussels and Strasbourg often seem further away than national politics. DearMEP is a tool that brings EU politicians much closer to home and to the people they should be accountable to. NGOs can use this free software tool to empower their constituency to counter the power of paid lobbyists. Users don’t need to learn how the EU works, which politician to call under which number. They only need to care about the issue and spend time – not money – to make a difference.\r\n\r\nIn this session the team behind DearMEP.eu showcases the near final tool, talks about FOSS release, listens to the community. Particularly, if you come from the climate, migration or LGBTQI* movement, we hope our tool can help your community be heard. Come by! \r\n\r\nDearMEP.eu is a project of epicenter.works. Their assembly is an alternative contact point, but the people working on the project might not be there when you stop by. More info on https://dearmep.eu/\n\n\n","title":"DearMEP: EU Lobbying FOSS Tool","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"DearMEP is a tool to empower citizens to reach out – easy, directly and free of charge – to their elected representatives in the European Parliament. Our goal is to make the voices of average people heard in the political process!\r\n\r\nMany important decisions are taken in Europe. Yet, Brussels and Strasbourg often seem further away than national politics. DearMEP is a tool that brings EU politicians much closer to home and to the people they should be accountable to. NGOs can use this free software tool to empower their constituency to counter the power of paid lobbyists. Users don’t need to learn how the EU works, which politician to call under which number. They only need to care about the issue and spend time – not money – to make a difference.\r\n\r\nIn this session the team behind DearMEP.eu showcases the near final tool, talks about FOSS release, listens to the community. Particularly, if you come from the climate, migration or LGBTQI* movement, we hope our tool can help your community be heard. Come by! \r\n\r\nDearMEP.eu is a project of epicenter.works. Their assembly is an alternative contact point, but the people working on the project might not be there when you stop by. More info on https://dearmep.eu/","end_timestamp":{"seconds":1703692800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T16:00:00.000-0000","id":53631,"village_id":null,"begin_timestamp":{"seconds":1703689200,"nanoseconds":0},"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"spans_timebands":"N","begin":"2023-12-27T15:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The axiom of choice might be the most contested axiom in the list of foundational principles of mathematics, with advocates and opponents engaging in fierce philosophical debates.\r\n\r\nSome regard it as obviously true while others cannot be convinced by any argument whatsoever because they know counterexamples.\r\n\r\nHow can there be so much discussion about—in mathematics, which is supposed to be neutral and objective, where every question should be settled by a computation or proof?\r\n\r\nIn the talk we will:\r\n\r\n- Learn what the axiom of choice asserts.\r\n- Understand why it is useful.\r\n- Embrace the danger of adopting the axiom of choice.\r\n- Enjoy how the axiom of choice can be safely simulated in a universe called \"Gödel's sandbox\".\r\n- Touch on axioms which are less-contested but actually more severe.\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/) **There also the slides will be published.**\r\n\r\n🧮\n\n\n","title":"Wondrous mathematics: Three bizarre logico-philosophical tales about the axiom of choice","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"The axiom of choice might be the most contested axiom in the list of foundational principles of mathematics, with advocates and opponents engaging in fierce philosophical debates.\r\n\r\nSome regard it as obviously true while others cannot be convinced by any argument whatsoever because they know counterexamples.\r\n\r\nHow can there be so much discussion about—in mathematics, which is supposed to be neutral and objective, where every question should be settled by a computation or proof?\r\n\r\nIn the talk we will:\r\n\r\n- Learn what the axiom of choice asserts.\r\n- Understand why it is useful.\r\n- Embrace the danger of adopting the axiom of choice.\r\n- Enjoy how the axiom of choice can be safely simulated in a universe called \"Gödel's sandbox\".\r\n- Touch on axioms which are less-contested but actually more severe.\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/) **There also the slides will be published.**\r\n\r\n🧮","end_timestamp":{"seconds":1703692800,"nanoseconds":0},"updated_timestamp":{"seconds":1703974680,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T16:00:00.000-0000","id":53620,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703689200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"updated":"2023-12-30T22:18:00.000-0000","begin":"2023-12-27T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Die sichere E-Mail-Infrastruktur für Ärzt\\*innen, Apotheker\\*innen, Krankenversicherungen und Kliniken in Deutschland, KIM – Kommunikation im Gesundheitswesen – ist mit über 200 Millionen E-Mails in den letzten zwei Jahren eine der am meisten genutzten Anwendungen in der Telematikinfrastruktur (TI). KIM verspricht sichere Ende-zu-Ende-Verschlüsselung zwischen Heilberufler\\*innen in ganz Deutschland, wofür S/MIME-Zertifikate für alle medizinisch Beteiligten in Deutschland ausgegeben wurden.\r\n\r\nWas aber passiert, wenn man die Schlüsselausgabe-Prozesse in der TI falsch designt? Was passiert, wenn man unsichere Software im Feld nicht patcht? Was passiert, wenn man zu viel Sicherheit vor den Nutzenden abstrahieren möchte?\r\n\r\nDie Antwort: Man bekommt eine theoretisch kryptographisch sichere Lösung, die in der Praxis die gesteckten Ziele nicht erreicht.\r\n\r\nAlle gefundenen Schwachstellen wurden den Betroffenen im Rahmen abgeschlossener Responsible Disclosure-Prozesse mitgeteilt.\n\n\nElektronische Arbeitsunfähigkeitsbescheinigungen (eAU), Arztbriefe, medizinische Diagnosen, all diese sensiblen Daten werden heute mittels KIM – Kommunikation im Gesundheitswesen – über die Telematikinfrastruktur (TI) verschickt.\r\n\r\nAber ist der Dienst wirklich sicher? Wer kann die Nachrichten lesen, wo werden die E-Mails entschlüsselt und wie sicher ist die KIM-Software? Im Live-Setup einer Zahnarztpraxis haben wir Antworten auf diese Fragen gesucht.","title":"KIM: Kaos In der Medizinischen Telematikinfrastruktur (TI)","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"Die sichere E-Mail-Infrastruktur für Ärzt\\*innen, Apotheker\\*innen, Krankenversicherungen und Kliniken in Deutschland, KIM – Kommunikation im Gesundheitswesen – ist mit über 200 Millionen E-Mails in den letzten zwei Jahren eine der am meisten genutzten Anwendungen in der Telematikinfrastruktur (TI). KIM verspricht sichere Ende-zu-Ende-Verschlüsselung zwischen Heilberufler\\*innen in ganz Deutschland, wofür S/MIME-Zertifikate für alle medizinisch Beteiligten in Deutschland ausgegeben wurden.\r\n\r\nWas aber passiert, wenn man die Schlüsselausgabe-Prozesse in der TI falsch designt? Was passiert, wenn man unsichere Software im Feld nicht patcht? Was passiert, wenn man zu viel Sicherheit vor den Nutzenden abstrahieren möchte?\r\n\r\nDie Antwort: Man bekommt eine theoretisch kryptographisch sichere Lösung, die in der Praxis die gesteckten Ziele nicht erreicht.\r\n\r\nAlle gefundenen Schwachstellen wurden den Betroffenen im Rahmen abgeschlossener Responsible Disclosure-Prozesse mitgeteilt.\n\n\nElektronische Arbeitsunfähigkeitsbescheinigungen (eAU), Arztbriefe, medizinische Diagnosen, all diese sensiblen Daten werden heute mittels KIM – Kommunikation im Gesundheitswesen – über die Telematikinfrastruktur (TI) verschickt.\r\n\r\nAber ist der Dienst wirklich sicher? Wer kann die Nachrichten lesen, wo werden die E-Mails entschlüsselt und wie sicher ist die KIM-Software? Im Live-Setup einer Zahnarztpraxis haben wir Antworten auf diese Fragen gesucht.","end_timestamp":{"seconds":1703692800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53232],"conference_id":131,"event_ids":[53608],"name":"Christoph Saatjohann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52369},{"content_ids":[53232],"conference_id":131,"event_ids":[53608],"name":"Sebastian Schinzel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52418}],"timeband_id":1140,"links":[],"end":"2023-12-27T16:00:00.000-0000","id":53608,"village_id":null,"tag_ids":[46124,46136,46139],"begin_timestamp":{"seconds":1703689200,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52369},{"tag_id":46107,"sort_order":1,"person_id":52418}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This talk is about how I reverse engineered the final remaining firmware blob on the Talos II/Blackbird POWER9 systems, enabling it to be replaced with an open source replacement, in an intensive reverse engineering effort that spanned several years.\r\n\r\nThe talk will begin by introducing the open source firmware movement and its practical and ethical motivations, and note the obstacles to delivering fully open source firmware for contemporary x86 and other platforms and explaining the motive behind the project, before moving onto a more technical discussion of the adventure of firmware reverse engineering and the obstacles encountered.\r\n\r\nSubjects I intend to cover include: how the original proprietary firmware was reverse engineered from scratch with only limited knowledge of device internals; the long history of Broadcom NIC architecture and its evolution over time; the tools that had to be developed to enable the device probing, testing and reversing process; the story of a horrifying but necessary detour into reversing x86 real mode code and the novel methodology used to aid reversing; how modern NICs allow BMCs in servers to share network ports with the host, and the security hazards this creates; and how fully open source firmware was created legally using a clean room process.\r\n\r\nThis talk will be accessible to audiences unfamiliar with POWER9 or the open source firmware community, but is also intended to cover some new ground and be of interest to those familiar with the project. The talk will mainly be of interest to those interested in open source firmware and issues such as owner control and the security and auditability issues caused by proprietary firmware, and to those interested in reverse engineering.\r\n\n\n\nIn an era where vendors increasingly seek to use proprietary software in the devices around us to exert control over their users, the desire for open source software has expanded to the firmware that allows our machines to function, and platforms which individuals can trust and control have never been more important. However, changes to hardware platforms in recent years such as the Intel ME, vendor-supplied binary blobs and vendor-signed firmware images have repeatedly set back efforts to create open source firmware for the computers we use. The release of Power servers with 99% open source firmware excited many who had been searching for a computer they could trust, but one proprietary firmware blob remained: that of the Ethernet controller. This is the story of how that blob was reverse engineered and replaced with an open source replacement, delivering the first machine with desktop-class performance and 100% open source firmware in many years.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"Adventures in Reverse Engineering Broadcom NIC Firmware","android_description":"This talk is about how I reverse engineered the final remaining firmware blob on the Talos II/Blackbird POWER9 systems, enabling it to be replaced with an open source replacement, in an intensive reverse engineering effort that spanned several years.\r\n\r\nThe talk will begin by introducing the open source firmware movement and its practical and ethical motivations, and note the obstacles to delivering fully open source firmware for contemporary x86 and other platforms and explaining the motive behind the project, before moving onto a more technical discussion of the adventure of firmware reverse engineering and the obstacles encountered.\r\n\r\nSubjects I intend to cover include: how the original proprietary firmware was reverse engineered from scratch with only limited knowledge of device internals; the long history of Broadcom NIC architecture and its evolution over time; the tools that had to be developed to enable the device probing, testing and reversing process; the story of a horrifying but necessary detour into reversing x86 real mode code and the novel methodology used to aid reversing; how modern NICs allow BMCs in servers to share network ports with the host, and the security hazards this creates; and how fully open source firmware was created legally using a clean room process.\r\n\r\nThis talk will be accessible to audiences unfamiliar with POWER9 or the open source firmware community, but is also intended to cover some new ground and be of interest to those familiar with the project. The talk will mainly be of interest to those interested in open source firmware and issues such as owner control and the security and auditability issues caused by proprietary firmware, and to those interested in reverse engineering.\r\n\n\n\nIn an era where vendors increasingly seek to use proprietary software in the devices around us to exert control over their users, the desire for open source software has expanded to the firmware that allows our machines to function, and platforms which individuals can trust and control have never been more important. However, changes to hardware platforms in recent years such as the Intel ME, vendor-supplied binary blobs and vendor-signed firmware images have repeatedly set back efforts to create open source firmware for the computers we use. The release of Power servers with 99% open source firmware excited many who had been searching for a computer they could trust, but one proprietary firmware blob remained: that of the Ethernet controller. This is the story of how that blob was reverse engineered and replaced with an open source replacement, delivering the first machine with desktop-class performance and 100% open source firmware in many years.","end_timestamp":{"seconds":1703692800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"end":"2023-12-27T16:00:00.000-0000","links":[{"label":"Talk information and related links","type":"link","url":"https://www.devever.net/~hl/ortega-37c3/"},{"label":"Slides (handout version)","type":"link","url":"https://www.devever.net/~hl/ortega-37c3/ortega-37c3-handout.pdf"}],"id":53598,"begin_timestamp":{"seconds":1703689200,"nanoseconds":0},"tag_ids":[46122,46136,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"As AI-generated content, social-media influence operations, micro-targeted advertising, and ubiquitous surveillance have become the norm on the Internet and in the market in general, we have entered an era of PSYOP Capitalism. This is an era of hallucinations designed to transform each of us into a “targeted individual” through the manipulation of perception. This talk explores a secret history of reality-altering military and intelligence programs that serve as antecedents to a phantasmagoric present.\r\n\r\nAt the talk, attendees will be given a registration code to play “CYCLOPS,” a CTF/ARG game that will run the duration of Congress. CYCLOPS explores the themes of the mind-control and PSYOPS through an interactive parafictional narrative taking place in the context of an obscure CIA cognitive warfare program from the early days of the Cold War.\r\n\n\n\nHow the history of military and government PSYOPS involving mind-control, UFOs, magic, and remote-control zombies, explains the future of AI and generative media. Along the way, talk attendees will be given an enrollment code to join a specialized CTF/ARG game called CYCLOPS that explores these themes and that will run the duration of Congress. ","title":"YOU’VE JUST BEEN FUCKED BY PSYOPS","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703692800,"nanoseconds":0},"android_description":"As AI-generated content, social-media influence operations, micro-targeted advertising, and ubiquitous surveillance have become the norm on the Internet and in the market in general, we have entered an era of PSYOP Capitalism. This is an era of hallucinations designed to transform each of us into a “targeted individual” through the manipulation of perception. This talk explores a secret history of reality-altering military and intelligence programs that serve as antecedents to a phantasmagoric present.\r\n\r\nAt the talk, attendees will be given a registration code to play “CYCLOPS,” a CTF/ARG game that will run the duration of Congress. CYCLOPS explores the themes of the mind-control and PSYOPS through an interactive parafictional narrative taking place in the context of an obscure CIA cognitive warfare program from the early days of the Cold War.\r\n\n\n\nHow the history of military and government PSYOPS involving mind-control, UFOs, magic, and remote-control zombies, explains the future of AI and generative media. Along the way, talk attendees will be given an enrollment code to join a specialized CTF/ARG game called CYCLOPS that explores these themes and that will run the duration of Congress.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[{"label":"PSYOPS and CYCLOPS","type":"link","url":"https://www.paglen.studio/37C3"}],"end":"2023-12-27T16:00:00.000-0000","id":53586,"begin_timestamp":{"seconds":1703689200,"nanoseconds":0},"village_id":null,"tag_ids":[46118,46136,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"New technology seems to herald progress toward improving public safety in relation to old threats, from heinous crimes like child sexual abuse and terrorism, to illnesses like cancer and heart disease. Enter \"Chat Control,\" a mass scanning program designed to flag potential child sexual abuse material in digital communications. While the goal of protecting children from exploitation is laudable, the statistical and social implications of such a mass screening program are scary. An empirical demonstration of Bayes’ rule in this context shows that, under relevant conditions of rarity, persistent inferential uncertainty, and substantial secondary screening harms, Chat Control and programs like it backfire, net degrading the very safety they’re intended to advance. \r\n\r\nHighlighting the inescapable accuracy-error dilemma in probability theory, we'll journey through the nuances of the base rate fallacy, highlighting how mass screening programs’ real-world efficacy is often not what it seems. When screenings involve entire populations, high \"accuracy\" translates into huge numbers of false positives. Additionally, proponents of such screenings have perverse incentives to inflate accuracy — and real-world validation to mitigate such inflation is often impossible. Dedicated attackers can also game the system, inflating false negatives. Meanwhile, secondary screening harms accrue to the very people we’re trying to protect. So, under certain common conditions, net harm can result from well-intentioned mass screenings. \r\n\r\nThese problems extend well beyond this particular program. The structure and challenges faced by Chat Control parallel those faced by other programs that share the same mathematical structure across diverse domains, from healthcare screenings for numerous diseases, to educational screenings for plagiarism and LLM use, and digital platform screenings for misinformation. Numerous additional case studies are discussed in brief. But the pattern is the point. The laws of statistics don’t change. Maybe policy-level understanding of their implications, can.\r\n\r\nSolutions to the complex, system-level problem of mass screenings for low-prevalence problems (MaSLoPPs) must themselves work at the level of the system. This focus looks different from individual-level solutions often proposed, particularly in the health context in terms of risk communication and informed consent. Across contexts, we need evidence-based policy that holds interventions to basic scientific evidentiary standards. The burden of proof that new programs do more good than harm must rest on proponents. Independent reviewers should evaluate evidence to that standard. Transparency is a prerequisite of such independent review.\r\n\r\nIn addition enhancing policymaker and public understanding of these statistical realities, and adopting widely accepted scientific evidentiary standards, society has to grapple with another set of perverse incentives: Politicians and policymakers may benefit from being seen as taking visible action on emotionally powerful issues — even if that action is likely to have bad consequences. This implicates the ancient tension between democratic participation and expertise that Plato satirized in “Gorgias.” Just as children might rather have their illnesses treated by pastry chefs than doctors, so too majorities in democratic publics might rather have their politicians “just do something” against horrible problems like child abuse, terror, and cancer — than not. Even if those efforts net harm people in exactly the feared contexts (e.g., degrading security and health). But if we care about outcomes, then critically evaluating interventions by explaining their statistical implications, and actually measuring outcomes of interest empirically, seems like a good start to improve evidence-based policymaking, and also presents one way to perhaps mitigate the problem of short-term perverse political incentives. \r\n\r\nDue to such perverse incentives and cognitive biases, we should expect political institutions to continue to struggle to formulate and implement a regulatory structure governing MaSLoPPs. One other facet of such a structure might stipulate deliberate ignorance as an opt-in/opt-out patient right. This way, medical information that is overwhelmingly likely to lead to needless anxiety and hassle at best — and unnecessary and harmful intervention at worst — such as incidental growth findings on imaging, doesn’t have to filter down to patients whom immediate healthcare providers may have financial incentives to overdiagnose. \r\n\r\nTogether we can clean up MaSLoPP!\n\n\nAs technological changes including digitalization and AI increase infrastructural capacities to deliver services, new mass screenings for low-prevalence problems (MaSLoPPs) appear to improve on old ways of advancing public interests. Their high accuracy and low false positive rates – probabilities – can sound dazzling. But translating the identical statistical information into frequency formats – body counts – shows they tend to backfire. The common (false positives) overwhelms the rare (true positives) – with serious possible consequences. Ignoring this fact is known as the base rate fallacy - a common cognitive bias. Due to pervasive cognitive biases such as this, as well as perverse structural incentives, society needs a regulatory framework governing programs that share this dangerous structure. This framework must work at the system rather than individual level. It should include better mechanisms for evidence-based policymaking that holds interventions to basic scientific evidentiary standards, and a right to deliberate ignorance where relevant. These solutions may help combat perverse incentives and cognitive biases, mitigating the damage from these dangerous programs. But we should expect ongoing sociopolitical struggle to articulate and address the problem of likely net damage from this type of program under common conditions.","type":{"conference_id":131,"conference":"37C3","color":"#6fdce3","updated_at":"2024-06-07T03:40+0000","name":"Talk 30 min + 10 min Q&A","id":46131},"title":"Chat Control: Mass Screenings, Massive Dangers","android_description":"New technology seems to herald progress toward improving public safety in relation to old threats, from heinous crimes like child sexual abuse and terrorism, to illnesses like cancer and heart disease. Enter \"Chat Control,\" a mass scanning program designed to flag potential child sexual abuse material in digital communications. While the goal of protecting children from exploitation is laudable, the statistical and social implications of such a mass screening program are scary. An empirical demonstration of Bayes’ rule in this context shows that, under relevant conditions of rarity, persistent inferential uncertainty, and substantial secondary screening harms, Chat Control and programs like it backfire, net degrading the very safety they’re intended to advance. \r\n\r\nHighlighting the inescapable accuracy-error dilemma in probability theory, we'll journey through the nuances of the base rate fallacy, highlighting how mass screening programs’ real-world efficacy is often not what it seems. When screenings involve entire populations, high \"accuracy\" translates into huge numbers of false positives. Additionally, proponents of such screenings have perverse incentives to inflate accuracy — and real-world validation to mitigate such inflation is often impossible. Dedicated attackers can also game the system, inflating false negatives. Meanwhile, secondary screening harms accrue to the very people we’re trying to protect. So, under certain common conditions, net harm can result from well-intentioned mass screenings. \r\n\r\nThese problems extend well beyond this particular program. The structure and challenges faced by Chat Control parallel those faced by other programs that share the same mathematical structure across diverse domains, from healthcare screenings for numerous diseases, to educational screenings for plagiarism and LLM use, and digital platform screenings for misinformation. Numerous additional case studies are discussed in brief. But the pattern is the point. The laws of statistics don’t change. Maybe policy-level understanding of their implications, can.\r\n\r\nSolutions to the complex, system-level problem of mass screenings for low-prevalence problems (MaSLoPPs) must themselves work at the level of the system. This focus looks different from individual-level solutions often proposed, particularly in the health context in terms of risk communication and informed consent. Across contexts, we need evidence-based policy that holds interventions to basic scientific evidentiary standards. The burden of proof that new programs do more good than harm must rest on proponents. Independent reviewers should evaluate evidence to that standard. Transparency is a prerequisite of such independent review.\r\n\r\nIn addition enhancing policymaker and public understanding of these statistical realities, and adopting widely accepted scientific evidentiary standards, society has to grapple with another set of perverse incentives: Politicians and policymakers may benefit from being seen as taking visible action on emotionally powerful issues — even if that action is likely to have bad consequences. This implicates the ancient tension between democratic participation and expertise that Plato satirized in “Gorgias.” Just as children might rather have their illnesses treated by pastry chefs than doctors, so too majorities in democratic publics might rather have their politicians “just do something” against horrible problems like child abuse, terror, and cancer — than not. Even if those efforts net harm people in exactly the feared contexts (e.g., degrading security and health). But if we care about outcomes, then critically evaluating interventions by explaining their statistical implications, and actually measuring outcomes of interest empirically, seems like a good start to improve evidence-based policymaking, and also presents one way to perhaps mitigate the problem of short-term perverse political incentives. \r\n\r\nDue to such perverse incentives and cognitive biases, we should expect political institutions to continue to struggle to formulate and implement a regulatory structure governing MaSLoPPs. One other facet of such a structure might stipulate deliberate ignorance as an opt-in/opt-out patient right. This way, medical information that is overwhelmingly likely to lead to needless anxiety and hassle at best — and unnecessary and harmful intervention at worst — such as incidental growth findings on imaging, doesn’t have to filter down to patients whom immediate healthcare providers may have financial incentives to overdiagnose. \r\n\r\nTogether we can clean up MaSLoPP!\n\n\nAs technological changes including digitalization and AI increase infrastructural capacities to deliver services, new mass screenings for low-prevalence problems (MaSLoPPs) appear to improve on old ways of advancing public interests. Their high accuracy and low false positive rates – probabilities – can sound dazzling. But translating the identical statistical information into frequency formats – body counts – shows they tend to backfire. The common (false positives) overwhelms the rare (true positives) – with serious possible consequences. Ignoring this fact is known as the base rate fallacy - a common cognitive bias. Due to pervasive cognitive biases such as this, as well as perverse structural incentives, society needs a regulatory framework governing programs that share this dangerous structure. This framework must work at the system rather than individual level. It should include better mechanisms for evidence-based policymaking that holds interventions to basic scientific evidentiary standards, and a right to deliberate ignorance where relevant. These solutions may help combat perverse incentives and cognitive biases, mitigating the damage from these dangerous programs. But we should expect ongoing sociopolitical struggle to articulate and address the problem of likely net damage from this type of program under common conditions.","end_timestamp":{"seconds":1703692800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53182],"conference_id":131,"event_ids":[53476],"name":"Vera Wilde","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52257}],"timeband_id":1140,"links":[],"end":"2023-12-27T16:00:00.000-0000","id":53476,"village_id":null,"tag_ids":[46131,46139],"begin_timestamp":{"seconds":1703689200,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52257}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T15:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"You like roleplaying games? You enjoy LARP, TTRPG, Improv, story telling or simulation games? You have no idea what this is about and want to try out stuff? This is a meetup for cooperative improvised story telling. Children and adults are welcome. If you do game design, creative writing, education or therapy, please come by.\n\n\nRollenspiele","title":"Geschichten erzählen - The Storytellers Den (LARP) - Tag 1","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"You like roleplaying games? You enjoy LARP, TTRPG, Improv, story telling or simulation games? You have no idea what this is about and want to try out stuff? This is a meetup for cooperative improvised story telling. Children and adults are welcome. If you do game design, creative writing, education or therapy, please come by.\n\n\nRollenspiele","end_timestamp":{"seconds":1703696400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T17:00:00.000-0000","id":53455,"begin_timestamp":{"seconds":1703689200,"nanoseconds":0},"tag_ids":[46137,46141],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Kidspace - Workshopraum in Saal B","hotel":"","short_name":"Kidspace - Workshopraum in Saal B","id":46143},"begin":"2023-12-27T15:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Nicht cis Personen only\r\n\r\nDer Weg der Transition ist für jeden sehr individuell und trotzdem gibt es viele Überschneidungen. Mensch bemerkt die ersten Veränderungen und kann diese nicht einordnen oder bekommt eine Ablehnung oder Zusage von der Krankenkasse, Erzähl von deinen Erfahrungen, denn hier findest du Leute, die ähnliche Erlebnisse oder Erfahrungen gemacht haben. Eventuell standen diese vor einem Ähnlichen Problem und wissen wie es weiter gehen kann oder du willst einfach deine aktuelle Freude teilen. Lass uns austauschen, denn gemeinsam sind wir stärker.\n\n\nNicht cis Personen only.\r\nAustauschrunde über Freud und Leid der Transition und allem drumherum","title":"Trans Austauschrunde","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#7f73c6","name":"Workshop","id":46133},"end_timestamp":{"seconds":1703691000,"nanoseconds":0},"android_description":"Nicht cis Personen only\r\n\r\nDer Weg der Transition ist für jeden sehr individuell und trotzdem gibt es viele Überschneidungen. Mensch bemerkt die ersten Veränderungen und kann diese nicht einordnen oder bekommt eine Ablehnung oder Zusage von der Krankenkasse, Erzähl von deinen Erfahrungen, denn hier findest du Leute, die ähnliche Erlebnisse oder Erfahrungen gemacht haben. Eventuell standen diese vor einem Ähnlichen Problem und wissen wie es weiter gehen kann oder du willst einfach deine aktuelle Freude teilen. Lass uns austauschen, denn gemeinsam sind wir stärker.\n\n\nNicht cis Personen only.\r\nAustauschrunde über Freud und Leid der Transition und allem drumherum","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53165,53268],"conference_id":131,"event_ids":[53640,53505],"name":"captain-maramo","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52282}],"timeband_id":1140,"links":[],"end":"2023-12-27T15:30:00.000-0000","id":53505,"village_id":null,"tag_ids":[46133,46139],"begin_timestamp":{"seconds":1703687400,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52282}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"begin":"2023-12-27T14:30:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Host: Tobias Diekershoff\r\n\r\nDie REUSE-Initiative der FSFE trägt zu dem Ziel bei, rechtliche Informationen in Freie Software-Projekten klar darzustellen, indem sie in jede Datei des Repositorys eingebettet werden. Jedes Projekt, das den REUSE-Empfehlungen folgt, macht Copyright- und Lizenzinformationen sowohl für Menschen als auch für Maschinen lesbar. Wir stellen sicher, dass Einzelpersonen, Organisationen und Unternehmen, die Code wiederverwenden, die vom ursprünglichen Autor gewählten Lizenzbedingungen kennen und respektieren, und machen so das Leben für alle Beteiligten in der Software-Lieferkette einfacher.\r\n\r\nREUSE fügt sich nahtlos in Entwicklungsprozesse und andere bewährte Verfahren zur Angabe von Lizenzen für freie Software ein. Darüber hinaus gibt es Werkzeuge und Dokumentation, die Ihnen den Einstieg erleichtern. In diesem Vortrag werden wir über die Erfahrungen großer Projekte berichten, die REUSE-konform geworden sind (z.B. curl oder GNUHealth), und die neuesten Funktionen unseres REUSE-Hilfsmittels vorstellen, mit dem die Angabe von Lizenzinformationen zu einem schnellen und unterhaltsamen Unterfangen wird.\n\n\nDa Software in den letzten Jahren immer komplexer geworden ist, ist es noch wichtiger geworden, Lizenzinformationen anzugeben.","title":"REUSE Workshop","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"Host: Tobias Diekershoff\r\n\r\nDie REUSE-Initiative der FSFE trägt zu dem Ziel bei, rechtliche Informationen in Freie Software-Projekten klar darzustellen, indem sie in jede Datei des Repositorys eingebettet werden. Jedes Projekt, das den REUSE-Empfehlungen folgt, macht Copyright- und Lizenzinformationen sowohl für Menschen als auch für Maschinen lesbar. Wir stellen sicher, dass Einzelpersonen, Organisationen und Unternehmen, die Code wiederverwenden, die vom ursprünglichen Autor gewählten Lizenzbedingungen kennen und respektieren, und machen so das Leben für alle Beteiligten in der Software-Lieferkette einfacher.\r\n\r\nREUSE fügt sich nahtlos in Entwicklungsprozesse und andere bewährte Verfahren zur Angabe von Lizenzen für freie Software ein. Darüber hinaus gibt es Werkzeuge und Dokumentation, die Ihnen den Einstieg erleichtern. In diesem Vortrag werden wir über die Erfahrungen großer Projekte berichten, die REUSE-konform geworden sind (z.B. curl oder GNUHealth), und die neuesten Funktionen unseres REUSE-Hilfsmittels vorstellen, mit dem die Angabe von Lizenzinformationen zu einem schnellen und unterhaltsamen Unterfangen wird.\n\n\nDa Software in den letzten Jahren immer komplexer geworden ist, ist es noch wichtiger geworden, Lizenzinformationen anzugeben.","end_timestamp":{"seconds":1703689200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T15:00:00.000-0000","id":53632,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703685600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Bits & Bäume Workshop Space","hotel":"","short_name":"Bits & Bäume Workshop Space","id":46133},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T14:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Die Common Business Oriented Language kurz COBOL ist eine Ende der 1950-er Jahre und seitdem weiter entwickelte Programmiersprache, deren Syntax an die natürliche Sprache angelehnt ist. Eine der Weiterentwicklunge ermöglicht das Definieren von Benutzeroberflächen in COBOL in der sogenannten Screensection. Im Talk wird ein in COBOL geschriebenes experimentelles Tabellenkalkulationsprogramm gezeigt und die Funktionsweise erklärt.\n\n\nGezeigt wird ein experimentelles Tabellenkalkulationsprogramm geschrieben in COBOL, welches eine textbasiere Benutzeroberfläche definiert in der COBOL-Screen-Section verwendet.","type":{"conference_id":131,"conference":"37C3","color":"#6fdce3","updated_at":"2024-06-07T03:40+0000","name":"Talk 30 min + 10 min Q&A","id":46131},"title":"Tabellenkalkulation mit COBOL","end_timestamp":{"seconds":1703688000,"nanoseconds":0},"android_description":"Die Common Business Oriented Language kurz COBOL ist eine Ende der 1950-er Jahre und seitdem weiter entwickelte Programmiersprache, deren Syntax an die natürliche Sprache angelehnt ist. Eine der Weiterentwicklunge ermöglicht das Definieren von Benutzeroberflächen in COBOL in der sogenannten Screensection. Im Talk wird ein in COBOL geschriebenes experimentelles Tabellenkalkulationsprogramm gezeigt und die Funktionsweise erklärt.\n\n\nGezeigt wird ein experimentelles Tabellenkalkulationsprogramm geschrieben in COBOL, welches eine textbasiere Benutzeroberfläche definiert in der COBOL-Screen-Section verwendet.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53172],"conference_id":131,"event_ids":[53579],"name":"Hogü-456","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52479}],"timeband_id":1140,"links":[],"end":"2023-12-27T14:40:00.000-0000","id":53579,"begin_timestamp":{"seconds":1703685600,"nanoseconds":0},"tag_ids":[46131,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52479}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"begin":"2023-12-27T14:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Join us for a hands-on Specter DIY workshop, where Cypherpunks craft their Bitcoin Hardware Wallets. Dive into the world of this DIY hardware wallet, exploring its QR code communication, security model, and design trade-offs. We'll navigate Bitcoin testnet transactions, harness the simulator, and delve into key security features like anti-phishing, PIN, and SC integrations. By the session's end, grasp the robustness of DIY wallets and the nuances of secure self-custody.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Mastering Specter DIY Bitcoin Hardware wallet.","end_timestamp":{"seconds":1703692800,"nanoseconds":0},"android_description":"Join us for a hands-on Specter DIY workshop, where Cypherpunks craft their Bitcoin Hardware Wallets. Dive into the world of this DIY hardware wallet, exploring its QR code communication, security model, and design trade-offs. We'll navigate Bitcoin testnet transactions, harness the simulator, and delve into key security features like anti-phishing, PIN, and SC integrations. By the session's end, grasp the robustness of DIY wallets and the nuances of secure self-custody.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T16:00:00.000-0000","id":53560,"begin_timestamp":{"seconds":1703685600,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Round Table [CDC Saal 3]","hotel":"","short_name":"Round Table [CDC Saal 3]","id":46160},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T14:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Instructor Pez (@DoodleMe) and team will take you through some of the most basic concepts of Japanese rope bondage (Shibari). You'll learn some theory, and a few beginner friendly knots that you can use at home and that lay the foundations to more advanced ties.\r\n\r\nThis peer based workshop is aimed at complete beginners. Singles, pairs and groups are welcome. Up to X people, space is limited. No dress code, but it's suggested you avoid loose clothing as this makes it harder to tie. Please bring your own (non-stretchy) rope if you have it. Workshop will be taught in English.\r\n\r\nTo enter the workshop, please click a ticket at https://ticket.kinkygeeks.de/37c3-events/\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"KinkyGeeks Beginner bondage workshop 1 (Ticket required!)","end_timestamp":{"seconds":1703692800,"nanoseconds":0},"android_description":"Instructor Pez (@DoodleMe) and team will take you through some of the most basic concepts of Japanese rope bondage (Shibari). You'll learn some theory, and a few beginner friendly knots that you can use at home and that lay the foundations to more advanced ties.\r\n\r\nThis peer based workshop is aimed at complete beginners. Singles, pairs and groups are welcome. Up to X people, space is limited. No dress code, but it's suggested you avoid loose clothing as this makes it harder to tie. Please bring your own (non-stretchy) rope if you have it. Workshop will be taught in English.\r\n\r\nTo enter the workshop, please click a ticket at https://ticket.kinkygeeks.de/37c3-events/","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T16:00:00.000-0000","id":53448,"begin_timestamp":{"seconds":1703685600,"nanoseconds":0},"tag_ids":[46137,46140],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"N","begin":"2023-12-27T14:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"What is Polychat? How does it work? How far are we in development? ... If you want: what is it like as a PTF-funded project?\r\nhttps://polychat.de/polychat_en/\n\n\n","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Polychat","end_timestamp":{"seconds":1703688300,"nanoseconds":0},"android_description":"What is Polychat? How does it work? How far are we in development? ... If you want: what is it like as a PTF-funded project?\r\nhttps://polychat.de/polychat_en/","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T14:45:00.000-0000","id":53443,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703685600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage H","hotel":"","short_name":"Stage H","id":46131},"begin":"2023-12-27T14:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Every month I tell myself that I should write a kernel module in Rust, but I never do it. Let's explore together what the current state of integration of Rust in the Linux kernel is.\r\n\r\nThis is not meant to be a workshop or talk, but more of a BoF style gathering for people playing around with things and helping each other.\r\n\r\nIf possible, come with a precompiled kernel and a minimal configuration and the possibility to boot the kernel with qemu.\r\n\r\n\r\n\r\n========================================================================================\r\n\r\n\r\n\r\nIf you do not have a setup yet:\r\n\r\n$ git clone git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git\r\n\r\ncopy .config from here to git repository:\r\nhttps://christina-quast.de/min_config\r\n\r\n$ make -j8\r\n$ make LLVM=1 rustavailable\r\n\r\nIf Rust is not available on your system yet, check out the following instructions: \r\nhttps://docs.kernel.org/rust/quick-start.html\r\n\r\nFurthermore, in the best case, try booting into your system with qemu.\n\n\n","title":"Let's hack together: My first kernel module in Rust!","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Every month I tell myself that I should write a kernel module in Rust, but I never do it. Let's explore together what the current state of integration of Rust in the Linux kernel is.\r\n\r\nThis is not meant to be a workshop or talk, but more of a BoF style gathering for people playing around with things and helping each other.\r\n\r\nIf possible, come with a precompiled kernel and a minimal configuration and the possibility to boot the kernel with qemu.","end_timestamp":{"seconds":1703691000,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T15:30:00.000-0000","id":53440,"tag_ids":[46137,46140],"village_id":null,"begin_timestamp":{"seconds":1703685600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[{"label":"If Rust is not available on your system yet, check out the following instructions","url":""}],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T14:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This is an open for all discussion about digital offerings in German schools.\n\n\nWir hören euch zum Thema “Bildung richtig digital” zu","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"cyber4EDU (Zu-)Hörstunde - Fokus Grundschule","android_description":"This is an open for all discussion about digital offerings in German schools.\n\n\nWir hören euch zum Thema “Bildung richtig digital” zu","end_timestamp":{"seconds":1703688300,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T14:45:00.000-0000","id":53862,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703684700,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"cyber4EDU Assembly","hotel":"","short_name":"cyber4EDU Assembly","id":46159},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T13:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In unserem Vortrag über die Toniebox konzentrieren wir uns zunächst auf das Innenleben und die Funktionsweise dieses beliebten Audiogerätes für Kinder. Wir beginnen mit einer detaillierten Einführung in das Prinzip der Toniebox aus technischer Sicht und geben einen kurzen Überblick über die Hardwarekomponenten, insbesondere die verschiedenen Prozessorvarianten wie CC3200, CC3235 und ESP32.\r\n\r\nDer Übergang zu den Limitationen des Systems ist fließend: Wir diskutieren die künstlichen Beschränkungen durch den Hersteller, den Zwang zur Verwendung von Originalfiguren, die Inkompatibilität mit NFC-Tags von Drittanbietern und die hohen Kosten für bespielbare Figuren. Besonders kritisch sehen wir die vollständige Abhängigkeit von einer Hersteller-Cloud, die bei einem Ausfall des Anbieters das Gerät obsolet macht. Ein weiterer Fokus liegt auf dem ausgeprägten Datenhunger des Herstellers, der fast schon obsessiv das Nutzungsverhalten unserer Kinder aufzeichnet.\r\n\r\nIm Kern des Vortrags stellen wir die von uns entwickelten Open-Source-Alternativen vor. Mit der TeddyBench stellen wir einen Offline-Editor vor, mit dem Audiodaten für eigene NFC-Tags erstellt und verwaltet werden können. Die TeddyCloud bietet als selbstgehostete Lösung volle Kontrolle über die eigenen Daten, eine persönliche Audio-Bibliothek und die Möglichkeit, Nutzungsdaten über MQTT in den Home Assistant einzuspeisen, ohne die Funktionalität der Box einzuschränken. Außerdem stellen wir Custom Firmwares für CC3200 und ESP32 vor, die neue Einsatzmöglichkeiten eröffnen, und berichten über unsere Hardware-Modifikationen, die unter anderem Bluetooth-Audio ermöglichen und die Toniebox barrierefreier machen.\n\n\nEin Vortrag über den erfolgreichen Kinder-Audioplayer „Toniebox“ mit Content-Hosting in der Cloud, der nicht nur Einblicke in die (un-)heimliche Datensammlungspraxis bietet, sondern auch gleich passende Lösungen dazu. Custom-Firmware, selfhosted Cloud-Ersatz und Tools zum Erzeugen von Inhalten ohne Herstellercloud.","title":"Toniebox Reverse Engineering","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703688300,"nanoseconds":0},"android_description":"In unserem Vortrag über die Toniebox konzentrieren wir uns zunächst auf das Innenleben und die Funktionsweise dieses beliebten Audiogerätes für Kinder. Wir beginnen mit einer detaillierten Einführung in das Prinzip der Toniebox aus technischer Sicht und geben einen kurzen Überblick über die Hardwarekomponenten, insbesondere die verschiedenen Prozessorvarianten wie CC3200, CC3235 und ESP32.\r\n\r\nDer Übergang zu den Limitationen des Systems ist fließend: Wir diskutieren die künstlichen Beschränkungen durch den Hersteller, den Zwang zur Verwendung von Originalfiguren, die Inkompatibilität mit NFC-Tags von Drittanbietern und die hohen Kosten für bespielbare Figuren. Besonders kritisch sehen wir die vollständige Abhängigkeit von einer Hersteller-Cloud, die bei einem Ausfall des Anbieters das Gerät obsolet macht. Ein weiterer Fokus liegt auf dem ausgeprägten Datenhunger des Herstellers, der fast schon obsessiv das Nutzungsverhalten unserer Kinder aufzeichnet.\r\n\r\nIm Kern des Vortrags stellen wir die von uns entwickelten Open-Source-Alternativen vor. Mit der TeddyBench stellen wir einen Offline-Editor vor, mit dem Audiodaten für eigene NFC-Tags erstellt und verwaltet werden können. Die TeddyCloud bietet als selbstgehostete Lösung volle Kontrolle über die eigenen Daten, eine persönliche Audio-Bibliothek und die Möglichkeit, Nutzungsdaten über MQTT in den Home Assistant einzuspeisen, ohne die Funktionalität der Box einzuschränken. Außerdem stellen wir Custom Firmwares für CC3200 und ESP32 vor, die neue Einsatzmöglichkeiten eröffnen, und berichten über unsere Hardware-Modifikationen, die unter anderem Bluetooth-Audio ermöglichen und die Toniebox barrierefreier machen.\n\n\nEin Vortrag über den erfolgreichen Kinder-Audioplayer „Toniebox“ mit Content-Hosting in der Cloud, der nicht nur Einblicke in die (un-)heimliche Datensammlungspraxis bietet, sondern auch gleich passende Lösungen dazu. Custom-Firmware, selfhosted Cloud-Ersatz und Tools zum Erzeugen von Inhalten ohne Herstellercloud.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53220],"conference_id":131,"event_ids":[53597],"name":"g3gg0","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52345},{"content_ids":[53220],"conference_id":131,"event_ids":[53597],"name":"Gambrius","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52368},{"content_ids":[53220],"conference_id":131,"event_ids":[53597],"name":"Moritz","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52406},{"content_ids":[53220],"conference_id":131,"event_ids":[53597],"name":"0xbadbee","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52442}],"timeband_id":1140,"links":[{"label":"TeddyBench","type":"link","url":"https://github.com/toniebox-reverse-engineering/teddy/releases"},{"label":"TeddyCloud","type":"link","url":"https://github.com/toniebox-reverse-engineering/teddycloud"}],"end":"2023-12-27T14:45:00.000-0000","id":53597,"tag_ids":[46122,46136,46139],"begin_timestamp":{"seconds":1703684700,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52442},{"tag_id":46107,"sort_order":1,"person_id":52368},{"tag_id":46107,"sort_order":1,"person_id":52406},{"tag_id":46107,"sort_order":1,"person_id":52345}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T13:45:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Die Ampel hat in ihren Koalitionsvertrag geschrieben, dass es ein Digitale-Gewalt-Gesetz geben soll und das schien ein großer Schritt vorwärts. Als ich vor fünf Jahren beim 35C3 über Digitale Gewalt sprach, war das Thema kaum bekannt und seitdem hat sich viel getan.\r\n\r\nDieser Talk gibt einen Überblick zum Stand der Dinge: Was ist seitdem passiert, was wird unter dem Begriff verstanden und was wissen wir inzwischen über das Ausmaß, neue und alte Formen digitaler Gewalt und den Umgang damit.\r\n\r\nDigitale Gewalt ist ein Sammelbegriff und meint ganz verschiedene Dinge: \r\n\r\n\\* Hate-Speech, also Beleidigungen, Verleumdungen und Bedrohungen im Netz\r\n\\* digitale Aspekte der sog. ‚häuslichen Gewalt' wie Stalker-Ware, heimliches oder erzwungenes Mitlesen von E-Mails und Messenger-Nachrichten, Video-Überwachung, Zugriff auf Lokationsfunktionen von Mobilgeräten\r\n\\* digitales Stalking mithilfe von AirTags oder GPS-Sendern, Doxing\r\n\\* heimliche Aufnahmen in Umkleiden, Duschen, Toiletten und ihr Upload auf Porno-Plattformen\r\n\\* Filmen von Vergewaltigungen und Erpressung mit der Drohung der Veröffentlichung\r\n\r\nIn den letzten Jahren hat es einige neue Gesetze gegeben und das Justizministerium arbeitet am Digitale-Gewalt-Gesetz. Auch die EU bereitet ein neues Gesetz vor. Was sich dadurch ändern wird und was nicht und was nötig wäre, um Betroffenen zu helfen, ist Thema dieses Talks.\r\n\r\n\n\n\nWas hat sich in den letzten fünf Jahren seit dem letzten Talk über Digitale Gewalt in Deutschland getan? Das Thema stand im Ampel-Koalitionsvertrag, aber was es jetzt geben soll, ist ein Accountsperren-Gesetz, das eine Gefahr für die Anonymität im Netz sein könnte.\r\n\r\nDas Justizministerium möchte Digitale Gewalt gegen Unternehmen bestrafen (\"Restaurantkritik\"), aber wer weiterhin im Regen steht: Betroffene und Beratungsstellen. Was hat sich geändert, was nicht und warum müssen wir immer noch unsere Privatadressen ins Impressum schreiben – darum geht es in diesem Talk.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"Was Digitale Gewalt mit Restaurantkritik zu tun hat","end_timestamp":{"seconds":1703688300,"nanoseconds":0},"android_description":"Die Ampel hat in ihren Koalitionsvertrag geschrieben, dass es ein Digitale-Gewalt-Gesetz geben soll und das schien ein großer Schritt vorwärts. Als ich vor fünf Jahren beim 35C3 über Digitale Gewalt sprach, war das Thema kaum bekannt und seitdem hat sich viel getan.\r\n\r\nDieser Talk gibt einen Überblick zum Stand der Dinge: Was ist seitdem passiert, was wird unter dem Begriff verstanden und was wissen wir inzwischen über das Ausmaß, neue und alte Formen digitaler Gewalt und den Umgang damit.\r\n\r\nDigitale Gewalt ist ein Sammelbegriff und meint ganz verschiedene Dinge: \r\n\r\n\\* Hate-Speech, also Beleidigungen, Verleumdungen und Bedrohungen im Netz\r\n\\* digitale Aspekte der sog. ‚häuslichen Gewalt' wie Stalker-Ware, heimliches oder erzwungenes Mitlesen von E-Mails und Messenger-Nachrichten, Video-Überwachung, Zugriff auf Lokationsfunktionen von Mobilgeräten\r\n\\* digitales Stalking mithilfe von AirTags oder GPS-Sendern, Doxing\r\n\\* heimliche Aufnahmen in Umkleiden, Duschen, Toiletten und ihr Upload auf Porno-Plattformen\r\n\\* Filmen von Vergewaltigungen und Erpressung mit der Drohung der Veröffentlichung\r\n\r\nIn den letzten Jahren hat es einige neue Gesetze gegeben und das Justizministerium arbeitet am Digitale-Gewalt-Gesetz. Auch die EU bereitet ein neues Gesetz vor. Was sich dadurch ändern wird und was nicht und was nötig wäre, um Betroffenen zu helfen, ist Thema dieses Talks.\r\n\r\n\n\n\nWas hat sich in den letzten fünf Jahren seit dem letzten Talk über Digitale Gewalt in Deutschland getan? Das Thema stand im Ampel-Koalitionsvertrag, aber was es jetzt geben soll, ist ein Accountsperren-Gesetz, das eine Gefahr für die Anonymität im Netz sein könnte.\r\n\r\nDas Justizministerium möchte Digitale Gewalt gegen Unternehmen bestrafen (\"Restaurantkritik\"), aber wer weiterhin im Regen steht: Betroffene und Beratungsstellen. Was hat sich geändert, was nicht und warum müssen wir immer noch unsere Privatadressen ins Impressum schreiben – darum geht es in diesem Talk.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53231],"conference_id":131,"event_ids":[53589],"name":"Anne Roth","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52378}],"timeband_id":1140,"links":[],"end":"2023-12-27T14:45:00.000-0000","id":53589,"village_id":null,"begin_timestamp":{"seconds":1703684700,"nanoseconds":0},"tag_ids":[46121,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52378}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"spans_timebands":"N","begin":"2023-12-27T13:45:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In this presentation, we will share:\r\n\r\n* How we managed to discover and capture all stages of a zero-click attack on iOS, despite the attackers’ efforts to hide and protect it,\n* a comprehensive analysis of the entire attack chain, which exploited five vulnerabilities, including four zero-days\n* the capabilities of the malware that transforms your phone into the ultimate surveillance tool,\n* and the links to previously known malware we were able to find.\n\n\n\nImagine discovering a zero-click attack targeting Apple mobile devices of your colleagues and managing to capture all the stages of the attack. That’s exactly what happened to us! This led to the fixing of four zero-day vulnerabilities and discovering of a previously unknown and highly sophisticated spyware that had been around for years without anyone noticing. We call it Operation Triangulation. We've been teasing this story for almost six months, while thoroughly analyzing every stage of the attack. Now, for the first time, we're ready to tell you all about it. This is the story of the most sophisticated attack chain and spyware ever discovered by Kaspersky.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Operation Triangulation: What You Get When Attack iPhones of Researchers","end_timestamp":{"seconds":1703688300,"nanoseconds":0},"android_description":"In this presentation, we will share:\r\n\r\n* How we managed to discover and capture all stages of a zero-click attack on iOS, despite the attackers’ efforts to hide and protect it,\n* a comprehensive analysis of the entire attack chain, which exploited five vulnerabilities, including four zero-days\n* the capabilities of the malware that transforms your phone into the ultimate surveillance tool,\n* and the links to previously known malware we were able to find.\n\n\n\nImagine discovering a zero-click attack targeting Apple mobile devices of your colleagues and managing to capture all the stages of the attack. That’s exactly what happened to us! This led to the fixing of four zero-day vulnerabilities and discovering of a previously unknown and highly sophisticated spyware that had been around for years without anyone noticing. We call it Operation Triangulation. We've been teasing this story for almost six months, while thoroughly analyzing every stage of the attack. Now, for the first time, we're ready to tell you all about it. This is the story of the most sophisticated attack chain and spyware ever discovered by Kaspersky.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53206],"conference_id":131,"event_ids":[53584],"name":"bzvr_","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52246},{"content_ids":[53206],"conference_id":131,"event_ids":[53584],"name":"oct0xor","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52371},{"content_ids":[53206],"conference_id":131,"event_ids":[53584],"name":"kucher1n","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52448}],"timeband_id":1140,"links":[],"end":"2023-12-27T14:45:00.000-0000","id":53584,"begin_timestamp":{"seconds":1703684700,"nanoseconds":0},"tag_ids":[46124,46136,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52246},{"tag_id":46107,"sort_order":1,"person_id":52448},{"tag_id":46107,"sort_order":1,"person_id":52371}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","begin":"2023-12-27T13:45:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Here you can splice fiber optics yourself. Learn what is important when splicing and try it out yourself. Per slot max. 4 attendees. Registration required: https://tickets.events.hacknang.de/ctbk/37c3-fiber/\n\n\nGlasfaser-Spleißworkshop unterstützt von Selfnet e.V., Bitte Details beachten - Anmeldung erforderlich!","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Spleiß-Workshop Tag 1","end_timestamp":{"seconds":1703685300,"nanoseconds":0},"android_description":"Here you can splice fiber optics yourself. Learn what is important when splicing and try it out yourself. Per slot max. 4 attendees. Registration required: https://tickets.events.hacknang.de/ctbk/37c3-fiber/\n\n\nGlasfaser-Spleißworkshop unterstützt von Selfnet e.V., Bitte Details beachten - Anmeldung erforderlich!","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T13:55:00.000-0000","id":53910,"village_id":null,"tag_ids":[46137,46139],"begin_timestamp":{"seconds":1703682900,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"CTBK-Workshoparea","hotel":"","short_name":"CTBK-Workshoparea","id":46163},"begin":"2023-12-27T13:15:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/heiko-h-gogolin","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Heiko Gogolin","end_timestamp":{"seconds":1703692800,"nanoseconds":0},"android_description":"https://soundcloud.com/heiko-h-gogolin","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T16:00:00.000-0000","id":53904,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703682000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"spans_timebands":"N","begin":"2023-12-27T13:00:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This workshop is about interactive and algorithmic light and sound design, depending on the code and the movements and positions of the people in the room. The input data is a LiDAR laser 2D tracking system and self-built motion suites. As output we use the show technology of the lounge, i.e. moving heads and other lamps and the music system. The input data is provided via OSC, the output data is sent via ArtNet to the lighting console and analog to the sound console. We mainly work with Touchdesigner, but any other programming environment that can speak OSC and ArtNet or generate sounds is welcome. At the beginning there will be a short introduction to the technology so that you can then work independently on projects. The workshop takes place daily. The tracking system works with the \"Pharus\" software from the Ars Electronica Future Lab and the motion suites were created as part of a fellowship at the Academy for Theater and Digitality. \r\n\r\nProject link: https://www.artesmobiles.art/_mergingentities\r\n\r\nInterface readme for the workshop: https://events.ccc.de/congress/2023/hub/en/project/hackin-the-disco/\n\n\nThis workshop is about interactive and algorithmic light and sound design, depending on the code and the movements and positions of the people in the room.","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Hackin the Disco","android_description":"This workshop is about interactive and algorithmic light and sound design, depending on the code and the movements and positions of the people in the room. The input data is a LiDAR laser 2D tracking system and self-built motion suites. As output we use the show technology of the lounge, i.e. moving heads and other lamps and the music system. The input data is provided via OSC, the output data is sent via ArtNet to the lighting console and analog to the sound console. We mainly work with Touchdesigner, but any other programming environment that can speak OSC and ArtNet or generate sounds is welcome. At the beginning there will be a short introduction to the technology so that you can then work independently on projects. The workshop takes place daily. The tracking system works with the \"Pharus\" software from the Ars Electronica Future Lab and the motion suites were created as part of a fellowship at the Academy for Theater and Digitality. \r\n\r\nProject link: https://www.artesmobiles.art/_mergingentities\r\n\r\nInterface readme for the workshop: https://events.ccc.de/congress/2023/hub/en/project/hackin-the-disco/\n\n\nThis workshop is about interactive and algorithmic light and sound design, depending on the code and the movements and positions of the people in the room.","end_timestamp":{"seconds":1703692800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T16:00:00.000-0000","id":53635,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703682000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Lounge","hotel":"","short_name":"Lounge","id":46134},"spans_timebands":"N","begin":"2023-12-27T13:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"In diesem Talk werde ich erst einen groben Überblick über Kernelprogrammierung allgemein geben und dann den Windows und den Linux Kernel bezüglich verschiedener Aspekte vergleichen. \r\n\r\nSowohl allgemeine Architektur als auch I/O Konzepte und Treiber Modell werden eine Rolle spielen.\r\n\r\nDie letzten 30 Minuten sind für fragen und Diskussion eingeplant.🧮\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Warum der Windows Kernel garnicht so scheiße ist","android_description":"In diesem Talk werde ich erst einen groben Überblick über Kernelprogrammierung allgemein geben und dann den Windows und den Linux Kernel bezüglich verschiedener Aspekte vergleichen. \r\n\r\nSowohl allgemeine Architektur als auch I/O Konzepte und Treiber Modell werden eine Rolle spielen.\r\n\r\nDie letzten 30 Minuten sind für fragen und Diskussion eingeplant.🧮","end_timestamp":{"seconds":1703687400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T14:30:00.000-0000","id":53619,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703682000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"We are making an LED lamp that almost every age group can take part in (with parents if necessary). Young children can glue the bags and a parent can help with soldering. There is ready-made software so that it can start flashing immediately. If you like, bring a laptop and program it yourself.\r\nThe lamp consists of 8 compartments, each with 2 LEDs that can be programmed individually. After about 1 hour you will have something pretty that can light up and invites you to continue programming at home.\n\n\n","title":"Bau deine eigene LED-Lampe","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"We are making an LED lamp that almost every age group can take part in (with parents if necessary). Young children can glue the bags and a parent can help with soldering. There is ready-made software so that it can start flashing immediately. If you like, bring a laptop and program it yourself.\r\nThe lamp consists of 8 compartments, each with 2 LEDs that can be programmed individually. After about 1 hour you will have something pretty that can light up and invites you to continue programming at home.","end_timestamp":{"seconds":1703689200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T15:00:00.000-0000","id":53483,"village_id":null,"begin_timestamp":{"seconds":1703682000,"nanoseconds":0},"tag_ids":[46137,46139],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Kidspace - Workshopraum in Saal B","hotel":"","short_name":"Kidspace - Workshopraum in Saal B","id":46143},"spans_timebands":"N","begin":"2023-12-27T13:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"","title":"SCC Assembly Eröffnung","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"","end_timestamp":{"seconds":1703683800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T13:30:00.000-0000","id":53474,"tag_ids":[46137,46139],"village_id":null,"begin_timestamp":{"seconds":1703682000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"SCC-Assembly","hotel":"","short_name":"SCC-Assembly","id":46149},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T13:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This workshop is for all who only have a vague idea or might not know at all what an “IP address” is. We’ll learn how the Internet works by making Internet traffic visible. This is a beginner’s workshop. If you toyed with Wireshark before, you will be bored to hell in this workshop.\r\n\r\nInvisible to the casual user, lots of computers communicate and work together to deliver the kitten videos you’re craving. In this workshop, we use the tool Wireshark (available for all operating systems) to make this communication visible. In lots of life demos, we’ll learn that the domain names we’re familiar with, like ccc.de or fridaysforfuture.de, are a thin layer around IP addresses, which are the real addresses computers use to identify themselves. We’ll uncover which hidden information your browser sends along each request, and we’ll see how easy it is to intercept traffic.\r\n\r\nThis workshop is for everybody who is interested in knowing how the Internet works, in which form computers talk to each other. Absolutely no prerequisites are required. People who are familiar with network stacks will be bored to hell.\r\n\r\nNote to the infrastructure team: In the final part of the talk, we’ll perform a standard ARP spoofing attack to intercept traffic from a volunteer and display their website login password on the projector. Of course we won’t use the congress network for this. I’ll use an hotspot of my own.\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮\n\n\n","title":"Foundation workshop: Hands-on, how does the Internet work?","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"This workshop is for all who only have a vague idea or might not know at all what an “IP address” is. We’ll learn how the Internet works by making Internet traffic visible. This is a beginner’s workshop. If you toyed with Wireshark before, you will be bored to hell in this workshop.\r\n\r\nInvisible to the casual user, lots of computers communicate and work together to deliver the kitten videos you’re craving. In this workshop, we use the tool Wireshark (available for all operating systems) to make this communication visible. In lots of life demos, we’ll learn that the domain names we’re familiar with, like ccc.de or fridaysforfuture.de, are a thin layer around IP addresses, which are the real addresses computers use to identify themselves. We’ll uncover which hidden information your browser sends along each request, and we’ll see how easy it is to intercept traffic.\r\n\r\nThis workshop is for everybody who is interested in knowing how the Internet works, in which form computers talk to each other. Absolutely no prerequisites are required. People who are familiar with network stacks will be bored to hell.\r\n\r\nNote to the infrastructure team: In the final part of the talk, we’ll perform a standard ARP spoofing attack to intercept traffic from a volunteer and display their website login password on the projector. Of course we won’t use the congress network for this. I’ll use an hotspot of my own.\r\n\r\n[Here is a list of more sessions by our group.](https://chaos.quasicoherent.io/)\r\n\r\n🧮","end_timestamp":{"seconds":1703684400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T13:40:00.000-0000","id":53627,"begin_timestamp":{"seconds":1703681400,"nanoseconds":0},"village_id":null,"tag_ids":[46137,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal D","hotel":"","short_name":"Saal D","id":46132},"spans_timebands":"N","begin":"2023-12-27T12:50:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir machen Sound Grafitti mit Echokammern, produzieren Protest-Jingles und Sprachwerkstätten. Mit diesem Beitrag möchten wir euch zwei Vorgehensweisen zu dieser Art von „Protest mit Sound als Audio Intervention\" vorstellen, sowie die künstlerischen, kreativ-technischen Prozesse näher bringen und euch einladen, diese kritisch zu beäugen und zu hören, sich unserer Ideen und Verfahren zu ermächtigen und die dargestellten Formen und Ansätze nach eurem Belieben weiterzuentwickeln und anderweitig zu verwenden. Wir glauben an die Wirksamkeit von Vielfalt von Protest und sehen diesen als wichtiges Element demokratischer Meinungsbildung und um für politische Rechte zu kämpfen und gegen Diskriminierung mobil zu machen (sprich im kleinsten gemeinsamen Nenner: #fightnazis, #afdwegbassen und #saytheirnames).\r\n\r\n„Sound Grafitti\" und „Protest-Jingles\" beherbergen disruptives Potenzial und können als Audio-Interventionen bestehende Diskurse in öffentlichen und digitalen Räumen aufbrechen / bereichen. Zum einen, indem überhaupt einmal bestimmte Meinungen / Äußerungen anderen außerhalb der eigenen „Bubbles\" und Räume zugänglich gemacht werden, zum anderen, um kollektiv verfasste Äußerungen in Konfrontation mit Menschen zu bringen, um auf Probleme zu verweisen, solidarische Anliegen vorzubringen und Handlungsvorschläge (für Protest-Vorhaben) anzubieten. \r\n\r\n„Echokammern\" sind Open Source DIY-Lautsprecher für Audio-Interventionen, nutzbar für Sound-Graffiti im öffentlichen Raum. Als Basis nutzen wir Baustellenlampen, die wir zu mobilen Lautsprechern umfunktionieren. Durch einen Hack werden die allgegenwärtigen Baustellenlampen zu Mitteln der Kommunikation und Irritation im öffentlichen Raum. Ein Objekt, das uns aufmerksam macht und auf Gefahren hinweist, wird manipuliert und zur Echokammer gesellschaftlich relevanter Anliegen und Probleme. Ausgangspunkt für dieses Projekt war der rassistische Terroranschlag in Hanau im Jahr 2020, bei dem neun Menschen von einem rechtsradikalen Terroristen getötet wurden. In einer Zeit, in der es aufgrund der Pandemie und damit verbundener Regelungen nur eingeschränkt möglich war gemeinsam zu gedenken, zu protestieren und zu trauern, haben wir nach Möglichkeiten gesucht, die Forderung \"SAY THEIR NAMES\" auf die Straße zu bringen. So entstand ein Werkzeug, das seither für verschiedene politische Kämpfe und Themen genutzt wurde. So bespielten die Lautsprecher zuletzt in diesem Jahr die Straßen Berlins zum Protest gegen den Weiter-Bau der Autobahn A100.\r\n\r\nProtest-Jingles sind Audio-Beiträge zu Protestvorhaben, die diese ankündigen, flankieren, erklären und in denen Themen und damit verbundene Anliegen verhandelt werden und zur Teilnahme aufgerufen wird. 2018 hat Reclaim Club Culture damit erstmals mit eigens dafür produzierten Jingles zu einem Groß-Protest gegen Nazis unter dem Motto #afdwegbassen aufgerufen, um mit diesen die Mobilisierung (z.B. abgespielt durch DJs in Clubs, zum Teilen über Social Media, zum Versenden an Redaktionen und Journalistinnen) zu dem Protest zu unterstützen sowie um während des Protestes den Aufruf als Meinungsäußerung von Lautsprecher-Wägen abzuspielen zu können. \r\nSprachwerkstätten als Variation dessen sind mit Protest-Jingles in der Hinsicht artverwandt, als dass sie Versuche darstellen, Meinungen von Menschen zu bestimmten Themen einzuholen und künstlerisch kuratiert als Audio-Collage darzustellen und anderen zugänglich zu machen. Sie machen ein Angebot zum Reflektieren und Partizipieren, welches keinen Anspruch auf Vollständigkeit oder Wahrheit hat und immer nur eine Auswahl darstellt.\r\nDie Ergebnisse der vergangenen fünf Jahre stehen für sich und werden in diesem Beitrag in einer Auswahl auch performt. \n\n\nWir machen Sound Grafitti mit Echokammern, produzieren Protest-Jingles und Sprachwerkstätten. Mit diesem Beitrag möchten wir euch zwei Vorgehensweisen zu dieser Art von „Protest mit Sound als Audio Intervention\" vorstellen, sowie die künstlerischen, kreativ-technischen Prozesse näher bringen und euch einladen, diese kritisch zu beäugen und zu hören, sich unserer Ideen und Verfahren zu ermächtigen und die dargestellten Formen und Ansätze nach eurem Belieben weiterzuentwickeln und anderweitig zu verwenden. Wir glauben an die Wirksamkeit von Vielfalt von Protest und sehen diesen als wichtiges Element demokratischer Meinungsbildung und um für politische Rechte zu kämpfen und gegen Diskriminierung mobil zu machen","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"title":" \"Was sind eigentlich Audio Interventionen?\" - Von Sound Grafitti und Protest-Jingles","android_description":"Wir machen Sound Grafitti mit Echokammern, produzieren Protest-Jingles und Sprachwerkstätten. Mit diesem Beitrag möchten wir euch zwei Vorgehensweisen zu dieser Art von „Protest mit Sound als Audio Intervention\" vorstellen, sowie die künstlerischen, kreativ-technischen Prozesse näher bringen und euch einladen, diese kritisch zu beäugen und zu hören, sich unserer Ideen und Verfahren zu ermächtigen und die dargestellten Formen und Ansätze nach eurem Belieben weiterzuentwickeln und anderweitig zu verwenden. Wir glauben an die Wirksamkeit von Vielfalt von Protest und sehen diesen als wichtiges Element demokratischer Meinungsbildung und um für politische Rechte zu kämpfen und gegen Diskriminierung mobil zu machen (sprich im kleinsten gemeinsamen Nenner: #fightnazis, #afdwegbassen und #saytheirnames).\r\n\r\n„Sound Grafitti\" und „Protest-Jingles\" beherbergen disruptives Potenzial und können als Audio-Interventionen bestehende Diskurse in öffentlichen und digitalen Räumen aufbrechen / bereichen. Zum einen, indem überhaupt einmal bestimmte Meinungen / Äußerungen anderen außerhalb der eigenen „Bubbles\" und Räume zugänglich gemacht werden, zum anderen, um kollektiv verfasste Äußerungen in Konfrontation mit Menschen zu bringen, um auf Probleme zu verweisen, solidarische Anliegen vorzubringen und Handlungsvorschläge (für Protest-Vorhaben) anzubieten. \r\n\r\n„Echokammern\" sind Open Source DIY-Lautsprecher für Audio-Interventionen, nutzbar für Sound-Graffiti im öffentlichen Raum. Als Basis nutzen wir Baustellenlampen, die wir zu mobilen Lautsprechern umfunktionieren. Durch einen Hack werden die allgegenwärtigen Baustellenlampen zu Mitteln der Kommunikation und Irritation im öffentlichen Raum. Ein Objekt, das uns aufmerksam macht und auf Gefahren hinweist, wird manipuliert und zur Echokammer gesellschaftlich relevanter Anliegen und Probleme. Ausgangspunkt für dieses Projekt war der rassistische Terroranschlag in Hanau im Jahr 2020, bei dem neun Menschen von einem rechtsradikalen Terroristen getötet wurden. In einer Zeit, in der es aufgrund der Pandemie und damit verbundener Regelungen nur eingeschränkt möglich war gemeinsam zu gedenken, zu protestieren und zu trauern, haben wir nach Möglichkeiten gesucht, die Forderung \"SAY THEIR NAMES\" auf die Straße zu bringen. So entstand ein Werkzeug, das seither für verschiedene politische Kämpfe und Themen genutzt wurde. So bespielten die Lautsprecher zuletzt in diesem Jahr die Straßen Berlins zum Protest gegen den Weiter-Bau der Autobahn A100.\r\n\r\nProtest-Jingles sind Audio-Beiträge zu Protestvorhaben, die diese ankündigen, flankieren, erklären und in denen Themen und damit verbundene Anliegen verhandelt werden und zur Teilnahme aufgerufen wird. 2018 hat Reclaim Club Culture damit erstmals mit eigens dafür produzierten Jingles zu einem Groß-Protest gegen Nazis unter dem Motto #afdwegbassen aufgerufen, um mit diesen die Mobilisierung (z.B. abgespielt durch DJs in Clubs, zum Teilen über Social Media, zum Versenden an Redaktionen und Journalistinnen) zu dem Protest zu unterstützen sowie um während des Protestes den Aufruf als Meinungsäußerung von Lautsprecher-Wägen abzuspielen zu können. \r\nSprachwerkstätten als Variation dessen sind mit Protest-Jingles in der Hinsicht artverwandt, als dass sie Versuche darstellen, Meinungen von Menschen zu bestimmten Themen einzuholen und künstlerisch kuratiert als Audio-Collage darzustellen und anderen zugänglich zu machen. Sie machen ein Angebot zum Reflektieren und Partizipieren, welches keinen Anspruch auf Vollständigkeit oder Wahrheit hat und immer nur eine Auswahl darstellt.\r\nDie Ergebnisse der vergangenen fünf Jahre stehen für sich und werden in diesem Beitrag in einer Auswahl auch performt. \n\n\nWir machen Sound Grafitti mit Echokammern, produzieren Protest-Jingles und Sprachwerkstätten. Mit diesem Beitrag möchten wir euch zwei Vorgehensweisen zu dieser Art von „Protest mit Sound als Audio Intervention\" vorstellen, sowie die künstlerischen, kreativ-technischen Prozesse näher bringen und euch einladen, diese kritisch zu beäugen und zu hören, sich unserer Ideen und Verfahren zu ermächtigen und die dargestellten Formen und Ansätze nach eurem Belieben weiterzuentwickeln und anderweitig zu verwenden. Wir glauben an die Wirksamkeit von Vielfalt von Protest und sehen diesen als wichtiges Element demokratischer Meinungsbildung und um für politische Rechte zu kämpfen und gegen Diskriminierung mobil zu machen","end_timestamp":{"seconds":1703683800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53230],"conference_id":131,"event_ids":[53607],"name":"Philipp Breitenbach - echokammer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52416}],"timeband_id":1140,"links":[],"end":"2023-12-27T13:30:00.000-0000","id":53607,"tag_ids":[46118,46136,46139],"begin_timestamp":{"seconds":1703681400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52416}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"begin":"2023-12-27T12:50:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"After over two years of intense negotiations, the EU recently agreed to their Digital Identity Reform (eIDAS). In this talk we analyse the result, what safeguards we can realistically expect and how our online and offline interactions might change because of this new European Digital Identity Wallet.\r\nOther regions in the world are much further ahead in this issue and we will also try to learn from the experiences from India and Kenya. Both countries had unique strategies from civil society to fight back against the introduction of digital identity systems, focusing on interrogating their design, raising awareness, strategic litigation and civil disobedience post deployment .\r\nLastly, this issue pops up in many countries and is actively promoted as \"Digital Public Infrastructure\" by global organisations like UNDP and the World Bank - often with little to know credence to privacy or local realities. This global trend is very worrying due to the shiny veneer hiding their dark reality of exploitation by local and foreign actors. We will showcase strategies how local actors have resisted and shaped the introduction of these systems with a combination of technical, advocacy, and interdisciplinary ally building. Our goal is to provide knowledge about how exactly these systems work, who benefits from them and what strategies could be deployed against them.\n\n\nDigital Identity Systems proliferate worldwide without any regard for their human rights impact or privacy concerns. Driven by governments and the crony capitalist solutionism peddled by the private sector, official statistics estimate that 80 % of the world’s population is condemned to use them by the end of this decade. These identification systems are a frontal attack on anonymity in the online world, might lead to completely new forms of tracking and discrimination and they are a gift to Google and other companies which are monitoring the behaviour of people on a large scale. In this talk we focus on how the recent EU reform played out, how the UN is becoming a central player in promoting their hasty adoption and which strategies civil society and hackers can deploy to fight back.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"Please Identify Yourself!","android_description":"After over two years of intense negotiations, the EU recently agreed to their Digital Identity Reform (eIDAS). In this talk we analyse the result, what safeguards we can realistically expect and how our online and offline interactions might change because of this new European Digital Identity Wallet.\r\nOther regions in the world are much further ahead in this issue and we will also try to learn from the experiences from India and Kenya. Both countries had unique strategies from civil society to fight back against the introduction of digital identity systems, focusing on interrogating their design, raising awareness, strategic litigation and civil disobedience post deployment .\r\nLastly, this issue pops up in many countries and is actively promoted as \"Digital Public Infrastructure\" by global organisations like UNDP and the World Bank - often with little to know credence to privacy or local realities. This global trend is very worrying due to the shiny veneer hiding their dark reality of exploitation by local and foreign actors. We will showcase strategies how local actors have resisted and shaped the introduction of these systems with a combination of technical, advocacy, and interdisciplinary ally building. Our goal is to provide knowledge about how exactly these systems work, who benefits from them and what strategies could be deployed against them.\n\n\nDigital Identity Systems proliferate worldwide without any regard for their human rights impact or privacy concerns. Driven by governments and the crony capitalist solutionism peddled by the private sector, official statistics estimate that 80 % of the world’s population is condemned to use them by the end of this decade. These identification systems are a frontal attack on anonymity in the online world, might lead to completely new forms of tracking and discrimination and they are a gift to Google and other companies which are monitoring the behaviour of people on a large scale. In this talk we focus on how the recent EU reform played out, how the UN is becoming a central player in promoting their hasty adoption and which strategies civil society and hackers can deploy to fight back.","end_timestamp":{"seconds":1703683800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53205],"conference_id":131,"event_ids":[53583],"name":"Udbhav Tiwari","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52374}],"timeband_id":1140,"links":[{"label":"EU Digital Identity Reform: The Good, Bad & Ugly in the eIDAS Regulation","type":"link","url":"https://epicenter.works/en/content/eu-digital-identity-reform-the-good-bad-ugly-in-the-eidas-regulation"},{"label":"What could an “Open” ID system look like?: Recommendations and Guardrails for National Biometric ID Projects ","type":"link","url":"https://blog.mozilla.org/netpolicy/2020/01/22/what-could-an-open-id-system-look-like-recommendations-and-guardrails-for-national-biometric-id-projects/"}],"end":"2023-12-27T13:30:00.000-0000","id":53583,"tag_ids":[46121,46136,46140],"begin_timestamp":{"seconds":1703681400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52374}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","begin":"2023-12-27T12:50:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Apart from building electric vehicles, Tesla has gained a reputation for their integrated computer platform comprising a feature-rich infotainment system, remote services through Tesla's Cloud and mobile app, and, most notably, an automated driving assistant. Enabled by a dedicated arm64-based system called Autopilot, Tesla offers different levels of \"self-driving\". The \"full self-driving\" (FSD) is provided to specific customers via in-car purchases and has been subject to public discourse.\r\n\r\nDespite using multiple cameras and Autopilot's machine learning (ML) models, accidents persist and shape FSD reporting. While the platform security of Autopilot's hardware protects the code and ML models from competitors, it also hinders third parties from accessing critical user data, e.g., onboard camera recordings and other sensor data, that could help facilitate crash investigations.\r\n\r\nThis presentation shows how we rooted Tesla Autopilot using voltage glitching. The attack enables us to extract arbitrary code and user data from the system. Among other cryptographic keys, we extract a hardware-unique key used to authenticate Autopilot towards Tesla's \"mothership\". Overall, our talk will shed light on Autopilot's security architecture and gaps.\r\n\r\nBefore delving into Autopilot, we successfully executed a Tesla Jailbreak of the AMD-based infotainment platform and presented our attack at BlackHat USA 2023. This achievement empowered custom modifications to the root file system and temporarily facilitated the activation of paid car features.\n\n\nTesla's driving assistant has been subject to public scrutiny for good and bad: As accidents with its \"full self-driving\" (FSD) technology keep making headlines, the code and data behind the onboard Autopilot system are well-protected by the car manufacturer. In this talk, we demonstrate our voltage-glitching attack on Tesla Autopilot, enabling us root privileges on the system.\r\n","title":"Back in the Driver's Seat: Recovering Critical Data from Tesla Autopilot Using Voltage Glitching","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"Apart from building electric vehicles, Tesla has gained a reputation for their integrated computer platform comprising a feature-rich infotainment system, remote services through Tesla's Cloud and mobile app, and, most notably, an automated driving assistant. Enabled by a dedicated arm64-based system called Autopilot, Tesla offers different levels of \"self-driving\". The \"full self-driving\" (FSD) is provided to specific customers via in-car purchases and has been subject to public discourse.\r\n\r\nDespite using multiple cameras and Autopilot's machine learning (ML) models, accidents persist and shape FSD reporting. While the platform security of Autopilot's hardware protects the code and ML models from competitors, it also hinders third parties from accessing critical user data, e.g., onboard camera recordings and other sensor data, that could help facilitate crash investigations.\r\n\r\nThis presentation shows how we rooted Tesla Autopilot using voltage glitching. The attack enables us to extract arbitrary code and user data from the system. Among other cryptographic keys, we extract a hardware-unique key used to authenticate Autopilot towards Tesla's \"mothership\". Overall, our talk will shed light on Autopilot's security architecture and gaps.\r\n\r\nBefore delving into Autopilot, we successfully executed a Tesla Jailbreak of the AMD-based infotainment platform and presented our attack at BlackHat USA 2023. This achievement empowered custom modifications to the root file system and temporarily facilitated the activation of paid car features.\n\n\nTesla's driving assistant has been subject to public scrutiny for good and bad: As accidents with its \"full self-driving\" (FSD) technology keep making headlines, the code and data behind the onboard Autopilot system are well-protected by the car manufacturer. In this talk, we demonstrate our voltage-glitching attack on Tesla Autopilot, enabling us root privileges on the system.","end_timestamp":{"seconds":1703683800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53219],"conference_id":131,"event_ids":[53463],"name":"Hans Niklas Jacob - hnj","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52357},{"content_ids":[53219],"conference_id":131,"event_ids":[53463],"name":"Niclas Kühnapfel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52362},{"content_ids":[53219],"conference_id":131,"event_ids":[53463],"name":"Christian Werling","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52514}],"timeband_id":1140,"links":[],"end":"2023-12-27T13:30:00.000-0000","id":53463,"begin_timestamp":{"seconds":1703681400,"nanoseconds":0},"tag_ids":[46124,46136,46140],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52514},{"tag_id":46107,"sort_order":1,"person_id":52357},{"tag_id":46107,"sort_order":1,"person_id":52362}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T12:50:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Soziale Skripte beeinflussen unser ganzes Leben, ohne dass wir es mitbekommen. Ganz allgemein sind soziale Skripte kulturell geformte Leitfäden, die bestimmen, wie man sich in bestimmten Situationen verhalten soll. In dem Workshop wollen wir uns anschauen, welche sozialen Skripte uns bei der Interaktion mit anderen Menschen begleiten und wie sich das auf einen Konsensfindungsprozess in zwischenmenschlichen Beziehungen und Sexualität auswirkt.\n\n\nIhn den Workshop soll es darum gehen, wie wir Konsens leben, wie verinnerlichte soziale Skripte in unsere Konsensfindung hineinspielen, und wie sich das auf unsere Begegnungen mit anderen Menschen auswirkt.","title":"Konsens und soziale Skripte","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#7f73c6","name":"Workshop","id":46133},"end_timestamp":{"seconds":1703686800,"nanoseconds":0},"android_description":"Soziale Skripte beeinflussen unser ganzes Leben, ohne dass wir es mitbekommen. Ganz allgemein sind soziale Skripte kulturell geformte Leitfäden, die bestimmen, wie man sich in bestimmten Situationen verhalten soll. In dem Workshop wollen wir uns anschauen, welche sozialen Skripte uns bei der Interaktion mit anderen Menschen begleiten und wie sich das auf einen Konsensfindungsprozess in zwischenmenschlichen Beziehungen und Sexualität auswirkt.\n\n\nIhn den Workshop soll es darum gehen, wie wir Konsens leben, wie verinnerlichte soziale Skripte in unsere Konsensfindung hineinspielen, und wie sich das auf unsere Begegnungen mit anderen Menschen auswirkt.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53164,53471],"conference_id":131,"event_ids":[53497,53806],"name":"Smettbo","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52359}],"timeband_id":1140,"links":[],"end":"2023-12-27T14:20:00.000-0000","id":53497,"village_id":null,"begin_timestamp":{"seconds":1703679600,"nanoseconds":0},"tag_ids":[46133,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52359}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"begin":"2023-12-27T12:20:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"## About\r\nIn this session you learn how build the [37C3 Fahrplan app for Android](https://play.google.com/store/apps/details?id=info.metadude.android.congress.schedule) yourself. You customize colors, change code and bring your own ideas.\r\n\r\n## Language\r\n- I will talk in English to reach most people. German is fine, too.\r\n- Ich werde auf Englisch sprechen, um die Mehrzahl der Menschen zu erreichen. Ich kann bei Bedarf auf Deutsch kommunizieren.\r\n\r\n## Requirements\r\n- Some experience with Android, Kotlin, Git is helpful.\r\n- Bring your own Android smartphone or tablet (minimum Android 5, Lollipop).\r\n- Bring your own USB cable fitting with your Android device & computer.\r\n- Bring your own computer with [Android Studio (latest stable)](https://developer.android.com/studio) installed.\r\n- Have the project **already cloned** to your machine. Here is the [source code]( https://github.com/EventFahrplan/EventFahrplan)\r\n- Build the project at least once to download the Android SDK and libraries **before** you come. ⚠️ This will take some time!\r\n\r\n## Your ideas\r\n- I am looking forward to getting to know your ideas shared with everyone. Let them become reality!\n\n\n","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"title":"Build your own 37C3 Fahrplan app for Android","android_description":"## About\r\nIn this session you learn how build the [37C3 Fahrplan app for Android](https://play.google.com/store/apps/details?id=info.metadude.android.congress.schedule) yourself. You customize colors, change code and bring your own ideas.\r\n\r\n## Language\r\n- I will talk in English to reach most people. German is fine, too.\r\n- Ich werde auf Englisch sprechen, um die Mehrzahl der Menschen zu erreichen. Ich kann bei Bedarf auf Deutsch kommunizieren.\r\n\r\n## Requirements\r\n- Some experience with Android, Kotlin, Git is helpful.\r\n- Bring your own Android smartphone or tablet (minimum Android 5, Lollipop).\r\n- Bring your own USB cable fitting with your Android device & computer.\r\n- Bring your own computer with [Android Studio (latest stable)](https://developer.android.com/studio) installed.\r\n- Have the project **already cloned** to your machine. Here is the [source code]( https://github.com/EventFahrplan/EventFahrplan)\r\n- Build the project at least once to download the Android SDK and libraries **before** you come. ⚠️ This will take some time!\r\n\r\n## Your ideas\r\n- I am looking forward to getting to know your ideas shared with everyone. Let them become reality!","end_timestamp":{"seconds":1703683800,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T13:30:00.000-0000","id":53614,"village_id":null,"begin_timestamp":{"seconds":1703678400,"nanoseconds":0},"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"spans_timebands":"N","begin":"2023-12-27T12:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Digitale Barrierefreiheit wird in der EU 2025 endlich zur Pflicht. Zumindest für Einige. \r\nViele informieren sich bereits, wie sie Webseiten barrierefreier machen können und hangeln sich an den Prüfschritten von WCAG, BITV und EN 301 549 entlang.\r\nAndere bauen darauf, ab dem Stichtag einfach ein Overlay-Tool zu installieren, was das mit der Barrierefreiheit dann schon richten soll. \r\nAber so einfach ist es nicht. Nie war es wichtiger, sauberen HTML-Code mit innovativem CSS zu kombinieren, um das hinzubekommen, das ich \"RIAN\" getauft habe: Responsive to Individual Accessibility Needs.\r\n\r\nWas genau das ist und welche Bedürfnisse hinsichtlich der Barrierefreiheit bereits mit dem Ansatz befriedigt werden können und wo noch die richtigen Mechanismen fehlen, wird Inhalt dieses Talks.\n\n\nResponsives Webdesign stand lange Zeit nur für die Technik, Webseiten an verschiedene Bildschirmgrößen anpassen zu können. \r\nDabei gibt es viel mehr Möglichkeiten, Webseiten nicht nur für Geräte anzupassen, sondern auch an die individuellen Bedürfnisse der Nutzer:innen. \r\nRadikal gedacht, einfach gemacht.\r\n\r\nAnnika Brinkmann stellt ihren neuen Ansatz erstmals vor.","title":"RIAN: Responsive to Individual Accessibility Needs","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#f6ae74","name":"Talk 90 Minuten +15m Q&A","id":46132},"end_timestamp":{"seconds":1703684700,"nanoseconds":0},"android_description":"Digitale Barrierefreiheit wird in der EU 2025 endlich zur Pflicht. Zumindest für Einige. \r\nViele informieren sich bereits, wie sie Webseiten barrierefreier machen können und hangeln sich an den Prüfschritten von WCAG, BITV und EN 301 549 entlang.\r\nAndere bauen darauf, ab dem Stichtag einfach ein Overlay-Tool zu installieren, was das mit der Barrierefreiheit dann schon richten soll. \r\nAber so einfach ist es nicht. Nie war es wichtiger, sauberen HTML-Code mit innovativem CSS zu kombinieren, um das hinzubekommen, das ich \"RIAN\" getauft habe: Responsive to Individual Accessibility Needs.\r\n\r\nWas genau das ist und welche Bedürfnisse hinsichtlich der Barrierefreiheit bereits mit dem Ansatz befriedigt werden können und wo noch die richtigen Mechanismen fehlen, wird Inhalt dieses Talks.\n\n\nResponsives Webdesign stand lange Zeit nur für die Technik, Webseiten an verschiedene Bildschirmgrößen anpassen zu können. \r\nDabei gibt es viel mehr Möglichkeiten, Webseiten nicht nur für Geräte anzupassen, sondern auch an die individuellen Bedürfnisse der Nutzer:innen. \r\nRadikal gedacht, einfach gemacht.\r\n\r\nAnnika Brinkmann stellt ihren neuen Ansatz erstmals vor.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53171],"conference_id":131,"event_ids":[53578],"name":"Annika Brinkmann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52260}],"timeband_id":1140,"links":[],"end":"2023-12-27T13:45:00.000-0000","id":53578,"village_id":null,"tag_ids":[46132,46139],"begin_timestamp":{"seconds":1703678400,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52260}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Fireshonks","hotel":"","short_name":"Fireshonks","id":46152},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T12:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"At the Chaoswelle assembly we will give a short introduction to the amateur radio activity program \"Parks On The Air\" (POTA for short) and portable operation (duration approx. 30 minutes). Afterwards, we will start a joint park activation with you on shortwave in the \"Planten un Bloomen\" park in the immediate vicinity of the CCH (duration approx. 120 minutes).\r\n\r\nNo previous experience is necessary; the necessary equipment is provided. Those interested in radio are also explicitly invited and can practice practical radio operations with our training call sign.\r\n\r\nWeatherproof clothing is absolutely necessary for radio operations in the park, as we will definitely be going out (exception: freezing rain or thunderstorms).\r\n\r\nThe event takes place on all four days.\n\n\nEinführung in Parks On The Air (POTA) mit DC1TC und DK4HAA","title":"POTA – Parks on the Air [Day 1]","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703687400,"nanoseconds":0},"android_description":"At the Chaoswelle assembly we will give a short introduction to the amateur radio activity program \"Parks On The Air\" (POTA for short) and portable operation (duration approx. 30 minutes). Afterwards, we will start a joint park activation with you on shortwave in the \"Planten un Bloomen\" park in the immediate vicinity of the CCH (duration approx. 120 minutes).\r\n\r\nNo previous experience is necessary; the necessary equipment is provided. Those interested in radio are also explicitly invited and can practice practical radio operations with our training call sign.\r\n\r\nWeatherproof clothing is absolutely necessary for radio operations in the park, as we will definitely be going out (exception: freezing rain or thunderstorms).\r\n\r\nThe event takes place on all four days.\n\n\nEinführung in Parks On The Air (POTA) mit DC1TC und DK4HAA","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T14:30:00.000-0000","id":53464,"village_id":null,"begin_timestamp":{"seconds":1703678400,"nanoseconds":0},"tag_ids":[46137,46139,46140],"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chaoswelle","hotel":"","short_name":"Chaoswelle","id":46141},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T12:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Was auch immer wir im Internet tun, es wird aufgezeichnet und ausgewertet, um uns zielgerichtet Werbung anzuzeigen. An diese triste Realität haben sich viel zu viele Menschen längst gewöhnt. Wo genau unsere Daten landen, wenn wir Websites aufrufen oder Apps nutzen, das können die wenigsten nachvollziehen. Bis jetzt.\r\n\r\nDurch ein Dokument, das eigentlich nicht für die Öffentlichkeit bestimmt war, konnten wir dieses Jahr einen einmaligen Einblick gewinnen. Es ist die Angebotsliste von Xandr, einem der größten Datenmarktplätze der Werbewelt. Sie enthält mehr als 650.000 unterschiedliche Zielgruppenkategorien - also Schubladen für Menschen, um sie mit Targeted Advertising zu erreichen.\r\n\r\nBei einigen dieser Kategorien möchte man laut auflachen, bei anderen bleibt einem das Lachen im Halse stecken. Ob „fragile Senioren“ oder „leidenschaftliche Liebhaber“, ob shopping-versessene Mütter oder Menschen mit Essstörung, ob deutsche Soldat:innen oder „Geringverdiener ohne Orientierung“ – sie alle lassen sich durch die Werbeindustrie gezielt ins Visier nehmen.\r\n\r\n„Diese Liste ist das gewaltigste Dokument über den globalen Datenhandel, das ich je gesehen habe“, sagt der Wiener Tracking-Forscher Wolfie Christl und spricht von einem Skandal. Florian Glatzner vom Verbraucherzentrale Bundesverband spricht gar vom „Snowden-Moment der Online-Werbebranche\". Denn dass Werbeindustrie und Datenhändler uns überwachen, wussten wir schon lange – jetzt haben wir schwarz auf weiß, wie invasiv und detailliert das passiert.\r\n\r\nWochenlang haben wir das Dokument ausgewertet, unter anderem mit Hilfe des Datenjournalisten Johannes Gille und unserer Kollegen von The Markup aus den USA. Wir decken Hunderte äußerst bedenkliche Segmente über die Schwächen und das Verhalten von Bürger:innen aus 15 EU-Ländern auf. Wir belegen erstmals, wie stark inzwischen auch deutsche Firmen am Geschäft mit unseren Daten mitverdienen. Und wir dokumentieren, auf welch tönernen Füßen dieses Business rechtlich steht.\r\n\r\nIn unserem Vortrag präsentieren wir die wichtigsten Ergebnisse unserer \r\n[Artikel-Serie](https://netzpolitik.org/tag/die-xandr-recherche/) und die Methoden unserer Recherche. Mehrere internationale Medien haben die Recherche bereits aufgegriffen und Analysen für die USA, Australien, die Niederlande und die Schweiz veröffentlicht\r\n\r\nWir zeigen, wo genau Interessierte an die Recherche anknüpfen können – und wie Nutzer:innen selbst aktiv werden können. Nicht zuletzt machen wir klar: Das System kann weg, denn es gibt längst Alternativen zur Überwachungsindustrie.\n\n\nDieses Jahr konnten wir erstmals im Detail nachvollziehen, wie invasiv und kleinteilig uns Werbefirmen und Datenhändler im Netz kategorisieren. Denn Microsofts Datenmarktplatz Xandr hat versehentlich ein riesiges Dokument veröffentlicht, das ungeahnte Einblicke hinter die Kulissen die Werbeindustrie erlaubt. In der Folge haben mehrere Datenschutzbehörden aus Deutschland und der EU mitgeteilt, die betroffenen Firmen und ihr Geschäft zu prüfen. Aller Cookie-Müdigkeit zum Trotz zeigt unsere Recherche: Aufgeben ist nicht. Es gibt Alternativen für das Geschäft mit unseren Daten, für die es sich zu kämpfen lohnt.","title":"Die Akte Xandr: Ein tiefer Blick in den Abgrund der Datenindustrie","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703680500,"nanoseconds":0},"android_description":"Was auch immer wir im Internet tun, es wird aufgezeichnet und ausgewertet, um uns zielgerichtet Werbung anzuzeigen. An diese triste Realität haben sich viel zu viele Menschen längst gewöhnt. Wo genau unsere Daten landen, wenn wir Websites aufrufen oder Apps nutzen, das können die wenigsten nachvollziehen. Bis jetzt.\r\n\r\nDurch ein Dokument, das eigentlich nicht für die Öffentlichkeit bestimmt war, konnten wir dieses Jahr einen einmaligen Einblick gewinnen. Es ist die Angebotsliste von Xandr, einem der größten Datenmarktplätze der Werbewelt. Sie enthält mehr als 650.000 unterschiedliche Zielgruppenkategorien - also Schubladen für Menschen, um sie mit Targeted Advertising zu erreichen.\r\n\r\nBei einigen dieser Kategorien möchte man laut auflachen, bei anderen bleibt einem das Lachen im Halse stecken. Ob „fragile Senioren“ oder „leidenschaftliche Liebhaber“, ob shopping-versessene Mütter oder Menschen mit Essstörung, ob deutsche Soldat:innen oder „Geringverdiener ohne Orientierung“ – sie alle lassen sich durch die Werbeindustrie gezielt ins Visier nehmen.\r\n\r\n„Diese Liste ist das gewaltigste Dokument über den globalen Datenhandel, das ich je gesehen habe“, sagt der Wiener Tracking-Forscher Wolfie Christl und spricht von einem Skandal. Florian Glatzner vom Verbraucherzentrale Bundesverband spricht gar vom „Snowden-Moment der Online-Werbebranche\". Denn dass Werbeindustrie und Datenhändler uns überwachen, wussten wir schon lange – jetzt haben wir schwarz auf weiß, wie invasiv und detailliert das passiert.\r\n\r\nWochenlang haben wir das Dokument ausgewertet, unter anderem mit Hilfe des Datenjournalisten Johannes Gille und unserer Kollegen von The Markup aus den USA. Wir decken Hunderte äußerst bedenkliche Segmente über die Schwächen und das Verhalten von Bürger:innen aus 15 EU-Ländern auf. Wir belegen erstmals, wie stark inzwischen auch deutsche Firmen am Geschäft mit unseren Daten mitverdienen. Und wir dokumentieren, auf welch tönernen Füßen dieses Business rechtlich steht.\r\n\r\nIn unserem Vortrag präsentieren wir die wichtigsten Ergebnisse unserer \r\n[Artikel-Serie](https://netzpolitik.org/tag/die-xandr-recherche/) und die Methoden unserer Recherche. Mehrere internationale Medien haben die Recherche bereits aufgegriffen und Analysen für die USA, Australien, die Niederlande und die Schweiz veröffentlicht\r\n\r\nWir zeigen, wo genau Interessierte an die Recherche anknüpfen können – und wie Nutzer:innen selbst aktiv werden können. Nicht zuletzt machen wir klar: Das System kann weg, denn es gibt längst Alternativen zur Überwachungsindustrie.\n\n\nDieses Jahr konnten wir erstmals im Detail nachvollziehen, wie invasiv und kleinteilig uns Werbefirmen und Datenhändler im Netz kategorisieren. Denn Microsofts Datenmarktplatz Xandr hat versehentlich ein riesiges Dokument veröffentlicht, das ungeahnte Einblicke hinter die Kulissen die Werbeindustrie erlaubt. In der Folge haben mehrere Datenschutzbehörden aus Deutschland und der EU mitgeteilt, die betroffenen Firmen und ihr Geschäft zu prüfen. Aller Cookie-Müdigkeit zum Trotz zeigt unsere Recherche: Aufgeben ist nicht. Es gibt Alternativen für das Geschäft mit unseren Daten, für die es sich zu kämpfen lohnt.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53229],"conference_id":131,"event_ids":[53606],"name":"Sebastian Meineck","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52375},{"content_ids":[53229],"conference_id":131,"event_ids":[53606],"name":"Ingo Dachwitz","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52495}],"timeband_id":1140,"links":[{"label":"Die Xandr-Recherche","type":"link","url":"https://netzpolitik.org/tag/die-xandr-recherche/"}],"end":"2023-12-27T12:35:00.000-0000","id":53606,"begin_timestamp":{"seconds":1703678100,"nanoseconds":0},"tag_ids":[46121,46136,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52495},{"tag_id":46107,"sort_order":1,"person_id":52375}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T11:55:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This talk will be a deep dive into automotive digital forensics! We will explore the dynamic landscape of automotive technology and its intricate relationship with digital forensics. Our journey will traverse classical in-vehicle protocols, proprietary communication methods, and external interfaces, revealing these technologies' crucial role in modern vehicles.\r\n\r\nThe current toolkit, used in automotive digital forensics investigations, includes the Berla iVe for infotainment analyses and specialized Airbag controller tools like Bosch CDR. For both, there is a limited understanding of its functionality and reliability, and for Airbag controllers, even contrary research results are available. We'll discover how these tools empower forensic experts to dissect the digital traces left within vehicles and the ecosystem, uncovering invaluable insights.\r\n\r\nAs we embark on this journey, we'll confront significant challenges faced by automotive digital forensics practitioners. These obstacles include limited accessibility to vehicle systems, the integration of proprietary technologies, a shortage of knowledge and expertise in this domain, concerns over safety implications, and the absence of standardized storage systems.\r\n\r\nKeeping pace with the latest research trends, we'll delve into process development, the introduction of additional tools, in-depth analytical methods, and innovative investigation techniques shaping this field's future.\r\n\r\nBut the road ahead is not without twists and turns, and we'll navigate through privacy and security issues that are paramount in the automotive digital forensics landscape. We'll shed light on privacy concerns, referencing investigations like the one conducted by the Mozilla Foundation and explore security topics through real-world examples such as attacks showcased at the Pwn2Own conference and those disclosed by KeenLabs Security. We will also focus on investigations we conducted on Tesla vehicles in the area of digital forensics.\r\n\r\nThroughout this talk, you'll gain insights into the automotive ecosystem's vast capabilities for digital forensics investigations. We'll also tackle the challenges head-on, highlighting the intricate balance between privacy and security in this ever-evolving domain. Whether you're an expert in the field or intrigued by the intersection of technology and automotive investigations, this talk promises to leave you with a profound understanding of the road ahead in automotive digital forensics.\n\n\nThe importance and relevance of vehicles in investigations are increasing. Their digital capabilities are rapidly growing due to the introduction of additional services and features in vehicles and their ecosystem.\r\n\r\nIn this talk on automotive digital forensics, you will embark on a journey through the cutting-edge world of automotive technology and the critical role digital forensics plays in this domain. We will explore the state-of-the-art methods and tools to investigate modern vehicles, shedding light on forensic experts' significant challenges.\r\n\r\nThis presentation delves into the latest research areas and trends, providing insights into how technology rapidly evolves in the automotive industry, creating opportunities and challenges for digital forensics specialists. We will also peer into the future, discussing the directions in which automotive digital forensics is heading and the implications for our increasingly connected and autonomous vehicle landscape.\r\n\r\nThrough case studies, you will gain a firsthand look at different investigations conducted on modern vehicles, showcasing the real-world applications of digital forensics in this field--explicitly focusing on privacy issues and security pitfalls in modern vehicles. Whether you're a seasoned expert or a curious enthusiast, this talk will give you a deeper understanding of the complex intersection of automotive technology and digital investigations.","title":"Unlocking the Road Ahead: Automotive Digital Forensics","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703680500,"nanoseconds":0},"android_description":"This talk will be a deep dive into automotive digital forensics! We will explore the dynamic landscape of automotive technology and its intricate relationship with digital forensics. Our journey will traverse classical in-vehicle protocols, proprietary communication methods, and external interfaces, revealing these technologies' crucial role in modern vehicles.\r\n\r\nThe current toolkit, used in automotive digital forensics investigations, includes the Berla iVe for infotainment analyses and specialized Airbag controller tools like Bosch CDR. For both, there is a limited understanding of its functionality and reliability, and for Airbag controllers, even contrary research results are available. We'll discover how these tools empower forensic experts to dissect the digital traces left within vehicles and the ecosystem, uncovering invaluable insights.\r\n\r\nAs we embark on this journey, we'll confront significant challenges faced by automotive digital forensics practitioners. These obstacles include limited accessibility to vehicle systems, the integration of proprietary technologies, a shortage of knowledge and expertise in this domain, concerns over safety implications, and the absence of standardized storage systems.\r\n\r\nKeeping pace with the latest research trends, we'll delve into process development, the introduction of additional tools, in-depth analytical methods, and innovative investigation techniques shaping this field's future.\r\n\r\nBut the road ahead is not without twists and turns, and we'll navigate through privacy and security issues that are paramount in the automotive digital forensics landscape. We'll shed light on privacy concerns, referencing investigations like the one conducted by the Mozilla Foundation and explore security topics through real-world examples such as attacks showcased at the Pwn2Own conference and those disclosed by KeenLabs Security. We will also focus on investigations we conducted on Tesla vehicles in the area of digital forensics.\r\n\r\nThroughout this talk, you'll gain insights into the automotive ecosystem's vast capabilities for digital forensics investigations. We'll also tackle the challenges head-on, highlighting the intricate balance between privacy and security in this ever-evolving domain. Whether you're an expert in the field or intrigued by the intersection of technology and automotive investigations, this talk promises to leave you with a profound understanding of the road ahead in automotive digital forensics.\n\n\nThe importance and relevance of vehicles in investigations are increasing. Their digital capabilities are rapidly growing due to the introduction of additional services and features in vehicles and their ecosystem.\r\n\r\nIn this talk on automotive digital forensics, you will embark on a journey through the cutting-edge world of automotive technology and the critical role digital forensics plays in this domain. We will explore the state-of-the-art methods and tools to investigate modern vehicles, shedding light on forensic experts' significant challenges.\r\n\r\nThis presentation delves into the latest research areas and trends, providing insights into how technology rapidly evolves in the automotive industry, creating opportunities and challenges for digital forensics specialists. We will also peer into the future, discussing the directions in which automotive digital forensics is heading and the implications for our increasingly connected and autonomous vehicle landscape.\r\n\r\nThrough case studies, you will gain a firsthand look at different investigations conducted on modern vehicles, showcasing the real-world applications of digital forensics in this field--explicitly focusing on privacy issues and security pitfalls in modern vehicles. Whether you're a seasoned expert or a curious enthusiast, this talk will give you a deeper understanding of the complex intersection of automotive technology and digital investigations.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53218],"conference_id":131,"event_ids":[53596],"name":"Kevin Gomez","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52396}],"timeband_id":1140,"end":"2023-12-27T12:35:00.000-0000","links":[{"label":"Personal website","type":"link","url":"https://k-gomez.com"},{"label":"ORCID","type":"link","url":"https://orcid.org/0000-0002-5597-3913"}],"id":53596,"begin_timestamp":{"seconds":1703678100,"nanoseconds":0},"village_id":null,"tag_ids":[46124,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52396}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"begin":"2023-12-27T11:55:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Climate Engineering ist das menschliche Eingreifen mittels großskaliger Technologien, um das globale Klimasystem zu beeinflussen. Dank Hollywoodfilmen und gefährlichem Halbwissen kennen wir diverse Untergangsszenarien zu dem Thema, wissen aber kaum wie Fotosynthese und Gesteinsverwitterung uns Menschen zum Erreichen unserer Klimaziele weiterhelfen können. Dass Steine CO2 aus der Luft holen und Jahrmillionen speichern können, ist für die allermeisten Menschen neu. In meinem Vortrag möchte ich aufklären, warum CO2 Entnahme aus der Atmosphäre (Negative Emissionen) ein wichtiger Baustein der Netto-Null Klimastrategie sind und in welchen Formen diese umgesetzt werden kann. Neben der biologischen und geochemischen CO2-Entnahme durch Fotosynthese und Gesteinsverwitterung, gibt es noch elektrochemische Methoden, um CO2 direkt aus der Luft oder indirekt über das Meer zu entnehmen. Ich berichte außerdem aus meiner aktuellen Forschung in der ich Gesteinsmehl und Pflanzenkohle als Bodenverbesserer und zur CO2-Entnahme in der Landwirtschaft erforsche.\n\n\nDie Klimakrise eskaliert, 2023 wird voraussichtlich das wärmste Jahr seit Aufzeichnung gewesen sein, und es brennt und brennt und brennt. Während das verbleibende CO2-Budget zur Einhaltung der 2°C-Grenze schneller als je zuvor schrumpft, wird der Ruf nach einfachen, technologischen Lösungen laut. Eine globale Abkühlung des Klimas durch Climate Engineering wird von der Politik gerne als Universallösung angepriesen. Aber können wir das CO2, das wir ausstoßen, so einfach aus der Luft saugen und mit „negativen Emissionen“ das Klima retten? Dr. Maria-Elena Vorrath forscht an der Universität Hamburg an Gesteinsverwitterung und Pflanzenkohle, zwei Methoden, die CO2 aus der Atmosphäre entziehen, und klärt in ihrem Vortrag über negative Emissionen, ihr globales Potential und den aktuellen Forschungsstand auf. Und es gibt Memes.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Hacking the Climate","android_description":"Climate Engineering ist das menschliche Eingreifen mittels großskaliger Technologien, um das globale Klimasystem zu beeinflussen. Dank Hollywoodfilmen und gefährlichem Halbwissen kennen wir diverse Untergangsszenarien zu dem Thema, wissen aber kaum wie Fotosynthese und Gesteinsverwitterung uns Menschen zum Erreichen unserer Klimaziele weiterhelfen können. Dass Steine CO2 aus der Luft holen und Jahrmillionen speichern können, ist für die allermeisten Menschen neu. In meinem Vortrag möchte ich aufklären, warum CO2 Entnahme aus der Atmosphäre (Negative Emissionen) ein wichtiger Baustein der Netto-Null Klimastrategie sind und in welchen Formen diese umgesetzt werden kann. Neben der biologischen und geochemischen CO2-Entnahme durch Fotosynthese und Gesteinsverwitterung, gibt es noch elektrochemische Methoden, um CO2 direkt aus der Luft oder indirekt über das Meer zu entnehmen. Ich berichte außerdem aus meiner aktuellen Forschung in der ich Gesteinsmehl und Pflanzenkohle als Bodenverbesserer und zur CO2-Entnahme in der Landwirtschaft erforsche.\n\n\nDie Klimakrise eskaliert, 2023 wird voraussichtlich das wärmste Jahr seit Aufzeichnung gewesen sein, und es brennt und brennt und brennt. Während das verbleibende CO2-Budget zur Einhaltung der 2°C-Grenze schneller als je zuvor schrumpft, wird der Ruf nach einfachen, technologischen Lösungen laut. Eine globale Abkühlung des Klimas durch Climate Engineering wird von der Politik gerne als Universallösung angepriesen. Aber können wir das CO2, das wir ausstoßen, so einfach aus der Luft saugen und mit „negativen Emissionen“ das Klima retten? Dr. Maria-Elena Vorrath forscht an der Universität Hamburg an Gesteinsverwitterung und Pflanzenkohle, zwei Methoden, die CO2 aus der Atmosphäre entziehen, und klärt in ihrem Vortrag über negative Emissionen, ihr globales Potential und den aktuellen Forschungsstand auf. Und es gibt Memes.","end_timestamp":{"seconds":1703680500,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53141,53282],"conference_id":131,"event_ids":[53647,53571],"name":"Maria-Elena Vorrath","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52424}],"timeband_id":1140,"links":[],"end":"2023-12-27T12:35:00.000-0000","id":53571,"village_id":null,"begin_timestamp":{"seconds":1703678100,"nanoseconds":0},"tag_ids":[46123,46136,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52424}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T11:55:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Just one sign switched and all of physics changes: Moving objects lose kinetic energy instead of gaining it and radiating objects get hotter instead of colder. Infinite velocity and infinite temperature are no longer impossible. Stars look like rainbow-colored lines instead of white dots and turning your arrow of time around into your own past is just as easy as turning from left to right. In this talk, we will explore the physics in a spacetime with signature (+,+,+,+) as presented by Greg Egan in the trilogy „Orthogonal“.\r\n\r\nFor everybody. No prior knowledge required. (Knowing metrics is helpful, but they will be explained.)\r\n\r\n🧮🦆\n\n\n","title":"Greg Egan's „Orthogonal“: A universe without timelike dimensions","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"android_description":"Just one sign switched and all of physics changes: Moving objects lose kinetic energy instead of gaining it and radiating objects get hotter instead of colder. Infinite velocity and infinite temperature are no longer impossible. Stars look like rainbow-colored lines instead of white dots and turning your arrow of time around into your own past is just as easy as turning from left to right. In this talk, we will explore the physics in a spacetime with signature (+,+,+,+) as presented by Greg Egan in the trilogy „Orthogonal“.\r\n\r\nFor everybody. No prior knowledge required. (Knowing metrics is helpful, but they will be explained.)\r\n\r\n🧮🦆","end_timestamp":{"seconds":1703678400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T12:00:00.000-0000","id":53624,"tag_ids":[46137,46139,46140],"village_id":null,"begin_timestamp":{"seconds":1703674800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal E","hotel":"","short_name":"Saal E","id":46129},"begin":"2023-12-27T11:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This will be based on the recently developped NaxRiscv core, a free and opensource RISC-V softcore. I will cover many interresting aspect of the project/flow to provide a overview of many technical aspect in such project :\r\n- Hardware description languages\r\n- CPU design\r\n- Information leak (spectre)\r\n- Memory coherency\r\n- Linux / Debian requirements\r\n- Debugging / Simulation\n\n\nThis lecture will cover many aspect of designing a RISC-V CPU, out-of-order execution, multi-core, memory coherency, security and running linux and debian on a FPGA.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"title":"Open CPU / SoC design, all the way up to Debian","end_timestamp":{"seconds":1703677200,"nanoseconds":0},"android_description":"This will be based on the recently developped NaxRiscv core, a free and opensource RISC-V softcore. I will cover many interresting aspect of the project/flow to provide a overview of many technical aspect in such project :\r\n- Hardware description languages\r\n- CPU design\r\n- Information leak (spectre)\r\n- Memory coherency\r\n- Linux / Debian requirements\r\n- Debugging / Simulation\n\n\nThis lecture will cover many aspect of designing a RISC-V CPU, out-of-order execution, multi-core, memory coherency, security and running linux and debian on a FPGA.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53228],"conference_id":131,"event_ids":[53605],"name":"Dolu1990","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52266}],"timeband_id":1140,"end":"2023-12-27T11:40:00.000-0000","links":[{"label":"NaxRiscv git","type":"link","url":"https://github.com/SpinalHDL/NaxRiscv"},{"label":"NaxRiscv running debian on FPGA","type":"link","url":"https://photos.google.com/share/AF1QipMxK9JLgpTvtNzs4T0J6yHfH5qFTTJ1kIYBjLN2FOm_Ukekka8AlrGDt2LnN3gHfQ/photo/AF1QipMWscyVggimC4uzWDsiq-tP_U9BKTM8XhHTXVUI?key=OGs5SVRnSGRqcVNfMVAwNzdKTktOQl9VTUtjVjRR"}],"id":53605,"tag_ids":[46122,46136,46140],"village_id":null,"begin_timestamp":{"seconds":1703674800,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52266}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T11:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Es ist vieles gesagt und geschrieben worden über große Sprachmodelle und die Gefahren, die mit ihnen einhergehen, die Biases, die Verstärkung von Ausbeutung, die Zementierung von Machtverhältnissen und neue Möglichkeiten von Angriffen. Das alles gilt weiterhin. Doch umso mehr sollten wir uns anschauen, wie wir die Technologie mit ihren eigenen Waffen schlagen können. Denn all diese Chatbots haben sich in einem Bereich eingenistet, in dem wir Menschen besonders gut sind: Sprache. Quatschen wir sie in ihr Verderben!\r\n\r\nIn dem Talk erkläre ich anhand von Beispielen aus meinen jüngsten Recherchen, wie wir große Sprachmodelle anders nutzen können, als sie möglicherweise gedacht sind – und wie wir damit Gutes tun können. Beispielsweise habe ich Chatbots per social engineering dazu gebracht, ihre dunklen Geheimnisse – wie manipulierende Initial Prompts – zu verraten, und damit dahinterstehende Firmen und deren verwerfliche Machenschaften entblößt. Oder mir bei investigativen Recherchen zu helfen, die besten Google Dorks zu erklären, Verstecktes in Bildern zu erkennen und Dinge zu verraten, die sie eigentlich nicht preisgeben sollen – wie Julian Reichelts private E-Mail-Adresse oder gesammelte E-Mail-Adressen aller Gesundheitsämter in Rheinland-Pfalz.\r\n\r\nEs wird unterhaltsam. Und es gibt viel mitzunehmen: Zuhörer:innen lernen dabei nicht nur sinnvolle Tricks für ihre eigenen Recherchen, sondern ganz nebenbei auch, wie sie ihre eigenen Daten besser schützen können.\n\n\nChatbots lassen sich durch Sprache manipulieren. Und Sprache, das ist etwas, das wir Menschen gut können! Das ist eine gute Nachricht. In diesem Talk soll es darum gehen, unsere Ohnmacht zu lindern und zu verstehen, dass wir ziemlich vieles gut können, was uns hilft, große Sprachmodelle für unsere Zwecke zu nutzen (und möglicherweise anders, als sie gedacht sind). Social Engineering und – quatschen.","title":"Unsere Worte sind unsere Waffen ","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"end_timestamp":{"seconds":1703677200,"nanoseconds":0},"android_description":"Es ist vieles gesagt und geschrieben worden über große Sprachmodelle und die Gefahren, die mit ihnen einhergehen, die Biases, die Verstärkung von Ausbeutung, die Zementierung von Machtverhältnissen und neue Möglichkeiten von Angriffen. Das alles gilt weiterhin. Doch umso mehr sollten wir uns anschauen, wie wir die Technologie mit ihren eigenen Waffen schlagen können. Denn all diese Chatbots haben sich in einem Bereich eingenistet, in dem wir Menschen besonders gut sind: Sprache. Quatschen wir sie in ihr Verderben!\r\n\r\nIn dem Talk erkläre ich anhand von Beispielen aus meinen jüngsten Recherchen, wie wir große Sprachmodelle anders nutzen können, als sie möglicherweise gedacht sind – und wie wir damit Gutes tun können. Beispielsweise habe ich Chatbots per social engineering dazu gebracht, ihre dunklen Geheimnisse – wie manipulierende Initial Prompts – zu verraten, und damit dahinterstehende Firmen und deren verwerfliche Machenschaften entblößt. Oder mir bei investigativen Recherchen zu helfen, die besten Google Dorks zu erklären, Verstecktes in Bildern zu erkennen und Dinge zu verraten, die sie eigentlich nicht preisgeben sollen – wie Julian Reichelts private E-Mail-Adresse oder gesammelte E-Mail-Adressen aller Gesundheitsämter in Rheinland-Pfalz.\r\n\r\nEs wird unterhaltsam. Und es gibt viel mitzunehmen: Zuhörer:innen lernen dabei nicht nur sinnvolle Tricks für ihre eigenen Recherchen, sondern ganz nebenbei auch, wie sie ihre eigenen Daten besser schützen können.\n\n\nChatbots lassen sich durch Sprache manipulieren. Und Sprache, das ist etwas, das wir Menschen gut können! Das ist eine gute Nachricht. In diesem Talk soll es darum gehen, unsere Ohnmacht zu lindern und zu verstehen, dass wir ziemlich vieles gut können, was uns hilft, große Sprachmodelle für unsere Zwecke zu nutzen (und möglicherweise anders, als sie gedacht sind). Social Engineering und – quatschen.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53217],"conference_id":131,"event_ids":[53595],"name":"Eva Wolfangel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52259}],"timeband_id":1140,"links":[],"end":"2023-12-27T11:40:00.000-0000","id":53595,"tag_ids":[46121,46136,46139],"begin_timestamp":{"seconds":1703674800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52259}],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Granville","hotel":"","short_name":"Saal Granville","id":46127},"spans_timebands":"N","updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T11:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"The iPhone's Lightning connector was a proprietary beast with a lot of hidden features: By sending custom SDQ commands there, it was possible to get it to expose hardware debugging features such as JTAG and UART. For a long time, this was only easily possible using either gray and black-market cables such as the Kanzi-Cable, or proprietary tools such as the Bonobo Cable. Last year, we released an open-source tool to get access to the iPhone debugging features called the Tamarin Cable - finally allowing anyone to get JTAG and UART on the iPhone for just a couple of $ in parts. \r\n\r\nBut then the iPhone 15 came along, and with that USB-C: All previous hardware and software tooling basically became useless, but that did not stop us from trying: We knew from the Apple Silicon macs and the work of t8012-team and the AsahiLinux project that Apple uses USB-C's VDM feature - Vendor Defined Messages - to allow access to features such as the UART console, and so chances were high that we could use something similar to get access to the hardware debugging features on the iPhone 15.\r\n\r\nSo we pre-ordered the iPhone 15, a couple of PCBs, a case of Club Mate and got started: And less than 48 hours after the launch we got JTAG working on the iPhone 15.\r\n\r\nIn this talk we will start by looking at the history of iPhone and Lightning hardware hacking, and then look at how USB-C is used for debugging on Apple Silicon devices, and what we had to do to get JTAG on the iPhone 15.\r\n\r\nWe will also use this talk to release the new version of the open-source Tamarin Cable firmware: Tamarin-C. A fully integrated, open-source debugging probe for the iPhone 15 and other Apple Silicon devices. Tamarin-C is also able to give access to a DFU mode that you can't access without sending VDMs.\r\n\r\n\r\nNote: This talk will not contain any 0days or previously unknown vulnerabilities. Production iPhones are locked, and so while we get access to some of the device's busses we can't for example access the CPU core.\r\n\r\n\r\nThis talk is about building tooling for future work.\n\n\nHardware hacking tooling for the new iPhone generation\r\n\r\nIf you've followed the iPhone hacking scene you probably heard about cables such as the Kanzi Cable, Kong Cable, Bonobo Cable, and so on: Special cables that allow access to hardware debugging features on Lightning-based iPhones such as UART and JTAG. However with the iPhone 15, all of those tools became basically useless: USB-C is here, and with that we need new hardware and software tooling.\r\n\r\nThis talk gives you a brief history of iPhone hardware hacking through the Lightning port, and then looks at the new iPhone 15, and how - using vendor defined messages, modifying existing tooling like the Central Scrutinizer, and a bit of hardware hacking - we managed to get access to the (unfortunately locked on production devices) JTAG interface exposed on the USB-C port on the new iPhone 15.\r\n\r\nAnd how you can do it using open-source tooling too.","title":"Apple's iPhone 15: Under the C","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"The iPhone's Lightning connector was a proprietary beast with a lot of hidden features: By sending custom SDQ commands there, it was possible to get it to expose hardware debugging features such as JTAG and UART. For a long time, this was only easily possible using either gray and black-market cables such as the Kanzi-Cable, or proprietary tools such as the Bonobo Cable. Last year, we released an open-source tool to get access to the iPhone debugging features called the Tamarin Cable - finally allowing anyone to get JTAG and UART on the iPhone for just a couple of $ in parts. \r\n\r\nBut then the iPhone 15 came along, and with that USB-C: All previous hardware and software tooling basically became useless, but that did not stop us from trying: We knew from the Apple Silicon macs and the work of t8012-team and the AsahiLinux project that Apple uses USB-C's VDM feature - Vendor Defined Messages - to allow access to features such as the UART console, and so chances were high that we could use something similar to get access to the hardware debugging features on the iPhone 15.\r\n\r\nSo we pre-ordered the iPhone 15, a couple of PCBs, a case of Club Mate and got started: And less than 48 hours after the launch we got JTAG working on the iPhone 15.\r\n\r\nIn this talk we will start by looking at the history of iPhone and Lightning hardware hacking, and then look at how USB-C is used for debugging on Apple Silicon devices, and what we had to do to get JTAG on the iPhone 15.\r\n\r\nWe will also use this talk to release the new version of the open-source Tamarin Cable firmware: Tamarin-C. A fully integrated, open-source debugging probe for the iPhone 15 and other Apple Silicon devices. Tamarin-C is also able to give access to a DFU mode that you can't access without sending VDMs.\r\n\r\n\r\nNote: This talk will not contain any 0days or previously unknown vulnerabilities. Production iPhones are locked, and so while we get access to some of the device's busses we can't for example access the CPU core.\r\n\r\n\r\nThis talk is about building tooling for future work.\n\n\nHardware hacking tooling for the new iPhone generation\r\n\r\nIf you've followed the iPhone hacking scene you probably heard about cables such as the Kanzi Cable, Kong Cable, Bonobo Cable, and so on: Special cables that allow access to hardware debugging features on Lightning-based iPhones such as UART and JTAG. However with the iPhone 15, all of those tools became basically useless: USB-C is here, and with that we need new hardware and software tooling.\r\n\r\nThis talk gives you a brief history of iPhone hardware hacking through the Lightning port, and then looks at the new iPhone 15, and how - using vendor defined messages, modifying existing tooling like the Central Scrutinizer, and a bit of hardware hacking - we managed to get access to the (unfortunately locked on production devices) JTAG interface exposed on the USB-C port on the new iPhone 15.\r\n\r\nAnd how you can do it using open-source tooling too.","end_timestamp":{"seconds":1703677200,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53204],"conference_id":131,"event_ids":[53582],"name":"stacksmashing","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52372}],"timeband_id":1140,"end":"2023-12-27T11:40:00.000-0000","links":[{"label":"Video: Getting JTAG on the iPhone 15","type":"link","url":"https://www.youtube.com/watch?v=D8UGlvBubkA"},{"label":"Tamarin Firmware (For Lightning-based iPhones)","type":"link","url":"https://github.com/stacksmashing/tamarin-firmware/"},{"label":"The Hitchhacker’s Guide to iPhone Lightning and JTAG Hacking","type":"link","url":"https://www.youtube.com/watch?v=8p3Oi4DL0eI"},{"label":"Central Scrutinizer","type":"link","url":"https://git.kernel.org/pub/scm/linux/kernel/git/maz/cs-sw.git/about/"},{"label":"Asahi Linux USB-PD","type":"link","url":"https://github.com/AsahiLinux/docs/wiki/HW:USB-PD"}],"id":53582,"village_id":null,"begin_timestamp":{"seconds":1703674800,"nanoseconds":0},"tag_ids":[46124,46136,46140],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52372}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-27T11:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Besonderes Augenmerk wird liegen auf:\r\n\r\n- Adbusting: Werbung im öffentlichen Raum (Außenwerbung) verfremden, überkleben oder auf andere Weise umgestalten\r\n- Offiziell wirkende Rundschreiben\r\n- Kommunikationsguerilla im digitalen Raum\r\n\r\n*Die Session findet statt in der freien Fläche vor Raum F (nicht in Raum F).*\r\n\r\n🧮\n\n\nWer nicht Chefredakteur einer großen Zeitung ist, kann auf andere Art die öffentliche Debatte vorantreiben: Kommunikationsguerilla im öffentlichen Raum schafft Erregungskorridore, an denen die öffentliche Debatte aufgehängt werden kann. Wir haben den Hergang verschiedener vergangener Projekte, kleinere wie größere, rekonstruiert und geben Tipps zu Theorie und Praxis.","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"title":"Subversive Kommunikation im öffentlichen Raum (Kommunikationsguerilla)","end_timestamp":{"seconds":1703677800,"nanoseconds":0},"android_description":"Besonderes Augenmerk wird liegen auf:\r\n\r\n- Adbusting: Werbung im öffentlichen Raum (Außenwerbung) verfremden, überkleben oder auf andere Weise umgestalten\r\n- Offiziell wirkende Rundschreiben\r\n- Kommunikationsguerilla im digitalen Raum\r\n\r\n*Die Session findet statt in der freien Fläche vor Raum F (nicht in Raum F).*\r\n\r\n🧮\n\n\nWer nicht Chefredakteur einer großen Zeitung ist, kann auf andere Art die öffentliche Debatte vorantreiben: Kommunikationsguerilla im öffentlichen Raum schafft Erregungskorridore, an denen die öffentliche Debatte aufgehängt werden kann. Wir haben den Hergang verschiedener vergangener Projekte, kleinere wie größere, rekonstruiert und geben Tipps zu Theorie und Praxis.","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T11:50:00.000-0000","id":53575,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703674800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Pseudoroom","hotel":"","short_name":"Pseudoroom","id":46140},"spans_timebands":"N","updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T11:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"On day 1 at 11:45 AM is the opening of the Sendezentrum assembly. All remote participants can dial in via our campfire jitsi: https://jitsi.binary-kitchen.de/Sendezentrum (experiment!). We discuss the location and the program and explain where helping hands are still needed.\n\n\nEröffnung der Sendezentrum Assembly","title":"Sendezentrum Assembly Eröffnung","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"On day 1 at 11:45 AM is the opening of the Sendezentrum assembly. All remote participants can dial in via our campfire jitsi: https://jitsi.binary-kitchen.de/Sendezentrum (experiment!). We discuss the location and the program and explain where helping hands are still needed.\n\n\nEröffnung der Sendezentrum Assembly","end_timestamp":{"seconds":1703674800,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T11:00:00.000-0000","id":53573,"begin_timestamp":{"seconds":1703673900,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Sendezentrum Assembly","hotel":"","short_name":"Sendezentrum Assembly","id":46139},"begin":"2023-12-27T10:45:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://pretalx.c3voc.de/37c3-haecksen-workshops-2023/talk/GN9LDH/\n\n\n","title":"QR-Codes ohne Computer lesen","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"end_timestamp":{"seconds":1703680800,"nanoseconds":0},"android_description":"https://pretalx.c3voc.de/37c3-haecksen-workshops-2023/talk/GN9LDH/","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T12:40:00.000-0000","id":53877,"tag_ids":[46137,46139,46140],"begin_timestamp":{"seconds":1703673600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stage Y","hotel":"","short_name":"Stage Y","id":46130},"begin":"2023-12-27T10:40:00.000-0000","updated":"2023-12-28T21:22:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Wir bringen Euch eine Technik bei, mit der Ihr die Inhalte von QR-Codes lesen könnt, ohne sie mit einem Gerät zu scannen. Dafür schauen wir uns den Aufbau von QR-Codes genau an und sprechen über die verschiedenen Codierungen, die dabei eine Rolle spielen. Wir möchten alle Teilnehmenden in die Lage versetzen, diese Codes selbst zu lesen und werden dafür auch Übungsbeispiele liefern.\r\n\r\nUnd so ist es in Zukunft für Euch kein Problem, wenn Ihr an einem QR-Code vorbeikommt und Euer Smartphone-Akku leer ist...\n\n\nWusstet Ihr, dass es möglich ist, QR-Codes ohne Computer zu lesen? Wir geben einen Einblick in die Funktiosweise von QR-Codes und zeigen Eselsbrücken und Hilfsmittel zum Entschlüsseln ohne Computer oder Smartphone.","title":"QR-Codes lesen ohne Computer","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#7f73c6","name":"Workshop","id":46133},"end_timestamp":{"seconds":1703679000,"nanoseconds":0},"android_description":"Wir bringen Euch eine Technik bei, mit der Ihr die Inhalte von QR-Codes lesen könnt, ohne sie mit einem Gerät zu scannen. Dafür schauen wir uns den Aufbau von QR-Codes genau an und sprechen über die verschiedenen Codierungen, die dabei eine Rolle spielen. Wir möchten alle Teilnehmenden in die Lage versetzen, diese Codes selbst zu lesen und werden dafür auch Übungsbeispiele liefern.\r\n\r\nUnd so ist es in Zukunft für Euch kein Problem, wenn Ihr an einem QR-Code vorbeikommt und Euer Smartphone-Akku leer ist...\n\n\nWusstet Ihr, dass es möglich ist, QR-Codes ohne Computer zu lesen? Wir geben einen Einblick in die Funktiosweise von QR-Codes und zeigen Eselsbrücken und Hilfsmittel zum Entschlüsseln ohne Computer oder Smartphone.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53163],"conference_id":131,"event_ids":[53491],"name":"Piko","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52310},{"content_ids":[53163],"conference_id":131,"event_ids":[53491],"name":"blinry","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52391}],"timeband_id":1140,"links":[],"end":"2023-12-27T12:10:00.000-0000","id":53491,"begin_timestamp":{"seconds":1703673600,"nanoseconds":0},"village_id":null,"tag_ids":[46133,46139],"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52310},{"tag_id":46107,"sort_order":1,"person_id":52391}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Stonewall IO","hotel":"","short_name":"Stonewall IO","id":46144},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T10:40:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"https://soundcloud.com/jeanette-tr-sbien/0116a","title":"Jeanette Trèsbien","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#97826b","name":"other","id":46137},"end_timestamp":{"seconds":1703682000,"nanoseconds":0},"android_description":"https://soundcloud.com/jeanette-tr-sbien/0116a","updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T13:00:00.000-0000","id":53861,"village_id":null,"tag_ids":[46137,46141],"begin_timestamp":{"seconds":1703671200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Chillout Lounge","hotel":"","short_name":"Chillout Lounge","id":46154},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Eine der Hauptrollen spielt diesmal niemand geringeres als unser Bundeskanzler Olaf Scholz, der jetzt ernsthaft den einzigen Kunden des Flyerservice Hahn verbieten will.\r\n\r\nNur eins findet er noch schlimmer als die AfD: \"Deepfakes\"!!!!einseins.\r\nHier und heute erfahrt ihr von uns alles zur besten Rede, die Olaf Scholz nie gehalten hat.\r\n\r\nUnd es kommt noch dicker: Ihr seht den von der Bundesrepublik Deutschland verbotenen \"Director's Cut.\" mit dem sich bald Gerichte beschäftigen.\r\n\r\nTaucht mit uns tief in die schmutzigen, rechtsextremen Geheimnisse ein, die uns AfD-Anhänger höchstpersönlich übermittelt haben.\r\n\r\nTrigger-Warnung: Das könnte Lustig werden!\n\n\nEndlich wieder zuhause - endlich wieder in CCH! Wenn das ZPS so etwas wie ein Zuhause hat, dann ist es auf jeden Fall der CCC-Kongress. Natürlich haben wir eine neue Aktion im Gepäck und laden Euch zu einem spannenden Blick hinter die Kulissen ein.","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"title":"Scholz greift durch: Die AfD wird verboten - Deepfakes auch!","android_description":"Eine der Hauptrollen spielt diesmal niemand geringeres als unser Bundeskanzler Olaf Scholz, der jetzt ernsthaft den einzigen Kunden des Flyerservice Hahn verbieten will.\r\n\r\nNur eins findet er noch schlimmer als die AfD: \"Deepfakes\"!!!!einseins.\r\nHier und heute erfahrt ihr von uns alles zur besten Rede, die Olaf Scholz nie gehalten hat.\r\n\r\nUnd es kommt noch dicker: Ihr seht den von der Bundesrepublik Deutschland verbotenen \"Director's Cut.\" mit dem sich bald Gerichte beschäftigen.\r\n\r\nTaucht mit uns tief in die schmutzigen, rechtsextremen Geheimnisse ein, die uns AfD-Anhänger höchstpersönlich übermittelt haben.\r\n\r\nTrigger-Warnung: Das könnte Lustig werden!\n\n\nEndlich wieder zuhause - endlich wieder in CCH! Wenn das ZPS so etwas wie ein Zuhause hat, dann ist es auf jeden Fall der CCC-Kongress. Natürlich haben wir eine neue Aktion im Gepäck und laden Euch zu einem spannenden Blick hinter die Kulissen ein.","end_timestamp":{"seconds":1703673600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53203],"conference_id":131,"event_ids":[53581],"name":"Philipp Ruch","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52318},{"content_ids":[53203],"conference_id":131,"event_ids":[53581],"name":"Stefan Pelzer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52341}],"timeband_id":1140,"links":[],"end":"2023-12-27T10:40:00.000-0000","id":53581,"begin_timestamp":{"seconds":1703671200,"nanoseconds":0},"tag_ids":[46121,46136,46139],"village_id":null,"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52318},{"tag_id":46107,"sort_order":1,"person_id":52341}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"begin":"2023-12-27T10:00:00.000-0000","updated":"2023-12-26T17:27:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"> The workshop will be held in German. However, we are also able to communicate in English and are happy to help you in this language.\r\n\r\n### Contents\r\n1. **Basics:** Introduction to controls and game mechanics.\r\n2. **Creative mode:** Unlimited building and creative design.\r\n3. **Survival mode:** Basic skills for resource management and survival.\r\n4. **Collaborative projects:** Teamwork on building projects\r\n\r\n### Participation requirements:\r\n\r\n- **Target group:** Beginners in Minecraft\r\n- **Age:** Children from 6+ years, as well as interested parents and grown-ups\r\n- **Technical requirements:** \r\n\t- **No license required**, we provide user accounts\r\n\t- Own internet-enabled device + charger\r\n\t- Pre-installed Minecraft Education App [download from the manufacturer's website](https://education.minecraft.net/de-de/get-started/download)\r\n\r\n### Registration\r\n- Please register with **Ghenny** in **Kidspace** or via **DECT-2636** \r\n- You will then receive a participation pass\r\n- Max seats: 8\r\n\r\n### Workshop full?\r\nNo problem! If the interest in this workshop is greater than the available places, we will repeat the workshop. So let us know if you are interested in our workshop and watch out for announcements in the Kidspace.\r\n\r\n#### **Wondering?**\r\nAre you curious about Minecraft? Wondering if Minecraft is a suitable game for your child? Do you have questions about safety, game mechanics and the educational aspects of the game? Feel free to contact us! We look forward to the exchange.\n\n\n### Eine pädagogische Einführung in das beliebte Computerspiel mit Minecraft Education.\r\n\r\nWolltest du schon immer einmal wissen, was es mit Minecraft auf sich hat und würdest gerne herausfinden, ob du dich in dieser digitalen Sandkiste wohlfühlst? \r\nUnser 2-stündiger Workshop bietet AnfängerInnen jeden Alters das passende Umfeld, um das beliebte Spiel in Ruhe kennenzulernen.","title":"Unlock Minecraft: Beginner Workshop - Tag 1","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"> The workshop will be held in German. However, we are also able to communicate in English and are happy to help you in this language.\r\n\r\n### Contents\r\n1. **Basics:** Introduction to controls and game mechanics.\r\n2. **Creative mode:** Unlimited building and creative design.\r\n3. **Survival mode:** Basic skills for resource management and survival.\r\n4. **Collaborative projects:** Teamwork on building projects\r\n\r\n### Participation requirements:\r\n\r\n- **Target group:** Beginners in Minecraft\r\n- **Age:** Children from 6+ years, as well as interested parents and grown-ups\r\n- **Technical requirements:** \r\n\t- **No license required**, we provide user accounts\r\n\t- Own internet-enabled device + charger\r\n\t- Pre-installed Minecraft Education App [download from the manufacturer's website](https://education.minecraft.net/de-de/get-started/download)\r\n\r\n### Registration\r\n- Please register with **Ghenny** in **Kidspace** or via **DECT-2636** \r\n- You will then receive a participation pass\r\n- Max seats: 8\r\n\r\n### Workshop full?\r\nNo problem! If the interest in this workshop is greater than the available places, we will repeat the workshop. So let us know if you are interested in our workshop and watch out for announcements in the Kidspace.\r\n\r\n#### **Wondering?**\r\nAre you curious about Minecraft? Wondering if Minecraft is a suitable game for your child? Do you have questions about safety, game mechanics and the educational aspects of the game? Feel free to contact us! We look forward to the exchange.\n\n\n### Eine pädagogische Einführung in das beliebte Computerspiel mit Minecraft Education.\r\n\r\nWolltest du schon immer einmal wissen, was es mit Minecraft auf sich hat und würdest gerne herausfinden, ob du dich in dieser digitalen Sandkiste wohlfühlst? \r\nUnser 2-stündiger Workshop bietet AnfängerInnen jeden Alters das passende Umfeld, um das beliebte Spiel in Ruhe kennenzulernen.","end_timestamp":{"seconds":1703678400,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T12:00:00.000-0000","id":53454,"begin_timestamp":{"seconds":1703671200,"nanoseconds":0},"tag_ids":[46137,46139],"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Kidspace - Workshopraum in Saal B","hotel":"","short_name":"Kidspace - Workshopraum in Saal B","id":46143},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"This talk introduces the algorithms used for placement and routing of digital integrated circuits.\r\n\r\nThe talk does \\*not\\* cover:\r\n\\* high-level circuit design (The art of creating meaningful circuits. Often done with languages like Verilog, VHDL, SpinalHDL, Chisel, Amaranth, etc )\r\n\\* logic synthesis (Converts the high-level description into a graph-like circuit description, called netlist)\r\n\r\nPlace-and-route refers to the transformation of a graph-like circuit description (netlist) into a geometrical representation of the circuit (layout).\r\nThe netlist is typically produced by logic synthesis. The netlist consists of many sub-circuits, so called \"standard-cells\" but also \"macro cells\".\r\nStandard-cells implement simple logic functions such as inverters, logical \"and\", \"nand\", \"xor\", and storage elements.\r\nThe netlist may also import larger pre-compiled macro cells such as SRAM blocks.\r\nFor a physical implementation of the circuit, the sub-circuits need to be placed on the chip surface and need to be connected (routed) using metal wires.\r\n\r\nTransforming the netlist into a layout typically requires the following input data:\r\n\\* A netlist of the circuit, of course.\r\n\\* A set of constraints: For example the desired clock frequency and area of the circuit.\r\n\\* Design rules: A set of constraints required for successful fabrication. This typically involves geometrical constraints such as minimum width and spacing of metal wires.\r\n\\* A standard-cell library: This is a set of building-blocks usually used to assemble the circuit. The library contains the geometrical layout of the standard-cells and also information about their timing behavior.\r\n\r\nThen the following steps convert the input data into a layout:\r\n\\* IO-planning: Decide where to put the input and output pins of the circuit.\r\n\\* Floor-planning: Decide how to geometrically arrange various parts of a larger system.\r\n\\* Power distribution: Insert regular rows of metallic power-rails which supply the standard-cells with energy\r\n\\* Global placement: Decide where to roughly place the standard-cells such that the wiring will short and possible\r\n\\* Tie-cell insertion: Provide constant 0 and 1 signals, where needed.\r\n\\* Clock-tree synthesis: Storage elements typically need a clock-signal. Often the clock signal needs to be distributed to a large number of storage elements.\r\n\\* Detail placement: Do fine-tuning, such as snapping the standard-cells to a grid\r\nthe signal propagation delay from the clock source to the storage elements should be more-or-less equally distributed.\r\n\\* Optimizations to meet timing requirements: Some signals might be too slow or to fast. There's a variety of techniques to improve this, such as amplifying signals with buffers.\r\n\\* Routing: The placed cells need to be connected with metal wires.\r\n\\* Filler insertion: fill unused space for example with capacitors to stabilize the supply voltage\r\n\\* Verification: Make sure all constraints are met. Otherwise, try to fix the circuit and repeat above steps in order to converge to a valid solution.\r\n\r\nThis talk will focus on a widely used algorithm for global placement and introduces basic principles of routing algorithms.\r\n\n\n\nAfter a brief introduction to digital circuits this talk will outline placement and routing algorithms used for creating digital integrated circuits.\r\n","title":"Place & route on silicon","type":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","color":"#aa8266","name":"lecture","id":46136},"android_description":"This talk introduces the algorithms used for placement and routing of digital integrated circuits.\r\n\r\nThe talk does \\*not\\* cover:\r\n\\* high-level circuit design (The art of creating meaningful circuits. Often done with languages like Verilog, VHDL, SpinalHDL, Chisel, Amaranth, etc )\r\n\\* logic synthesis (Converts the high-level description into a graph-like circuit description, called netlist)\r\n\r\nPlace-and-route refers to the transformation of a graph-like circuit description (netlist) into a geometrical representation of the circuit (layout).\r\nThe netlist is typically produced by logic synthesis. The netlist consists of many sub-circuits, so called \"standard-cells\" but also \"macro cells\".\r\nStandard-cells implement simple logic functions such as inverters, logical \"and\", \"nand\", \"xor\", and storage elements.\r\nThe netlist may also import larger pre-compiled macro cells such as SRAM blocks.\r\nFor a physical implementation of the circuit, the sub-circuits need to be placed on the chip surface and need to be connected (routed) using metal wires.\r\n\r\nTransforming the netlist into a layout typically requires the following input data:\r\n\\* A netlist of the circuit, of course.\r\n\\* A set of constraints: For example the desired clock frequency and area of the circuit.\r\n\\* Design rules: A set of constraints required for successful fabrication. This typically involves geometrical constraints such as minimum width and spacing of metal wires.\r\n\\* A standard-cell library: This is a set of building-blocks usually used to assemble the circuit. The library contains the geometrical layout of the standard-cells and also information about their timing behavior.\r\n\r\nThen the following steps convert the input data into a layout:\r\n\\* IO-planning: Decide where to put the input and output pins of the circuit.\r\n\\* Floor-planning: Decide how to geometrically arrange various parts of a larger system.\r\n\\* Power distribution: Insert regular rows of metallic power-rails which supply the standard-cells with energy\r\n\\* Global placement: Decide where to roughly place the standard-cells such that the wiring will short and possible\r\n\\* Tie-cell insertion: Provide constant 0 and 1 signals, where needed.\r\n\\* Clock-tree synthesis: Storage elements typically need a clock-signal. Often the clock signal needs to be distributed to a large number of storage elements.\r\n\\* Detail placement: Do fine-tuning, such as snapping the standard-cells to a grid\r\nthe signal propagation delay from the clock source to the storage elements should be more-or-less equally distributed.\r\n\\* Optimizations to meet timing requirements: Some signals might be too slow or to fast. There's a variety of techniques to improve this, such as amplifying signals with buffers.\r\n\\* Routing: The placed cells need to be connected with metal wires.\r\n\\* Filler insertion: fill unused space for example with capacitors to stabilize the supply voltage\r\n\\* Verification: Make sure all constraints are met. Otherwise, try to fix the circuit and repeat above steps in order to converge to a valid solution.\r\n\r\nThis talk will focus on a widely used algorithm for global placement and introduces basic principles of routing algorithms.\r\n\n\n\nAfter a brief introduction to digital circuits this talk will outline placement and routing algorithms used for creating digital integrated circuits.","end_timestamp":{"seconds":1703673600,"nanoseconds":0},"updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53142],"conference_id":131,"event_ids":[53437],"name":"Thomas","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52275}],"timeband_id":1140,"links":[],"end":"2023-12-27T10:40:00.000-0000","id":53437,"village_id":null,"tag_ids":[46122,46136,46140],"begin_timestamp":{"seconds":1703671200,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52275}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal Zuse","hotel":"","short_name":"Saal Zuse","id":46128},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T10:00:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Achievement unlocked! Der 37C3 öffnet seine Pforten und heißt das Publikum herzlich willkommen. Von erfahrenen Zeremonienmeistern wird Euch hier der notwendige Schwung verpasst, geschmeidig durch den Congress zu gleiten und die Vorfreude zu atmen, die das gesamte Team seit Monaten auf die Veranstaltung im Herzen trägt.","title":"37C3: Feierliche Eröffnung","type":{"conference_id":131,"conference":"37C3","color":"#aa8266","updated_at":"2024-06-07T03:40+0000","name":"lecture","id":46136},"end_timestamp":{"seconds":1703671200,"nanoseconds":0},"android_description":"Achievement unlocked! Der 37C3 öffnet seine Pforten und heißt das Publikum herzlich willkommen. Von erfahrenen Zeremonienmeistern wird Euch hier der notwendige Schwung verpasst, geschmeidig durch den Congress zu gleiten und die Vorfreude zu atmen, die das gesamte Team seit Monaten auf die Veranstaltung im Herzen trägt.","updated_timestamp":{"seconds":1703611620,"nanoseconds":0},"speakers":[{"content_ids":[53140,53494],"conference_id":131,"event_ids":[53570,53567],"name":"Mullana","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52288}],"timeband_id":1140,"links":[],"end":"2023-12-27T10:00:00.000-0000","id":53570,"village_id":null,"tag_ids":[46119,46136,46139],"begin_timestamp":{"seconds":1703669400,"nanoseconds":0},"includes":"","people":[{"tag_id":46107,"sort_order":1,"person_id":52288}],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"Saal 1","hotel":"","short_name":"Saal 1","id":46126},"updated":"2023-12-26T17:27:00.000-0000","begin":"2023-12-27T09:30:00.000-0000"},{"conference":"37C3","timezone":"Europe/Berlin","link":"","description":"Join us for a cozy, un-ceremonial opening of the House of Tea! Come and chill, learn how to help yourself with the tea and share it, and/or ask any questions about the project, helping, and how you already are part of it! :)\n\n\nJoin us for a cozy, un-ceremonial opening of the House of Tea! Come and chill, learn how to help yourself with the tea and share it, and/or ask any questions about the project, helping, and how you already are part of it! :)","title":"Welcome to the House of Tea! Make it Flow! <3","type":{"conference_id":131,"conference":"37C3","color":"#97826b","updated_at":"2024-06-07T03:40+0000","name":"other","id":46137},"android_description":"Join us for a cozy, un-ceremonial opening of the House of Tea! Come and chill, learn how to help yourself with the tea and share it, and/or ask any questions about the project, helping, and how you already are part of it! :)\n\n\nJoin us for a cozy, un-ceremonial opening of the House of Tea! Come and chill, learn how to help yourself with the tea and share it, and/or ask any questions about the project, helping, and how you already are part of it! :)","end_timestamp":{"seconds":1703678400,"nanoseconds":0},"updated_timestamp":{"seconds":1703798520,"nanoseconds":0},"speakers":[],"timeband_id":1140,"links":[],"end":"2023-12-27T12:00:00.000-0000","id":53908,"tag_ids":[46137,46140],"begin_timestamp":{"seconds":1703667600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":131,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":131,"conference":"37C3","updated_at":"2024-06-07T03:40+0000","parent_id":0,"name":"House","hotel":"","short_name":"House","id":46137},"updated":"2023-12-28T21:22:00.000-0000","begin":"2023-12-27T09:00:00.000-0000"}] \ No newline at end of file diff --git a/public/ht/conferences/BSIDESVANCOUVER2024/events.json b/public/ht/conferences/BSIDESVANCOUVER2024/events.json index 69e97da..a14c6d5 100644 --- a/public/ht/conferences/BSIDESVANCOUVER2024/events.json +++ b/public/ht/conferences/BSIDESVANCOUVER2024/events.json @@ -1 +1 @@ -[{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"","title":"After Party","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#420d40","name":"Misc","id":46275},"android_description":"","end_timestamp":{"seconds":1716872400,"nanoseconds":0},"updated_timestamp":{"seconds":1712618520,"nanoseconds":0},"speakers":[],"timeband_id":1161,"links":[],"end":"2024-05-28T05:00:00.000-0000","id":54290,"begin_timestamp":{"seconds":1716857100,"nanoseconds":0},"tag_ids":[46275],"village_id":null,"includes":"","people":[],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46209},"spans_timebands":"N","updated":"2024-04-08T23:22:00.000-0000","begin":"2024-05-28T00:45:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#f77a00","updated_at":"2024-05-25T16:08+0000","name":"Talk - Track 1","id":46263},"title":"Closing Remarks","android_description":"","end_timestamp":{"seconds":1716856500,"nanoseconds":0},"updated_timestamp":{"seconds":1712618460,"nanoseconds":0},"speakers":[],"timeband_id":1161,"links":[],"end":"2024-05-28T00:35:00.000-0000","id":54289,"begin_timestamp":{"seconds":1716855600,"nanoseconds":0},"tag_ids":[46263],"village_id":null,"includes":"","people":[],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Tracks 1-4","hotel":"","short_name":"Tracks 1-4","id":46208},"spans_timebands":"N","updated":"2024-04-08T23:21:00.000-0000","begin":"2024-05-28T00:20:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Looking to quickly determine how many analysts your SOC needs? Wondering what the tradeoffs are between 5x8, 4x10, 2-2-3? Curious what's the right SlA & when to use an on-call? If so then this is the track for you.\n\n\n","title":"SOC Staffing and Scheduling - Justifying Headcount and Meeting the Mission","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#1d1ad9","updated_at":"2024-05-25T16:08+0000","name":"Talk - Track 4","id":46355},"end_timestamp":{"seconds":1716855600,"nanoseconds":0},"android_description":"Looking to quickly determine how many analysts your SOC needs? Wondering what the tradeoffs are between 5x8, 4x10, 2-2-3? Curious what's the right SlA & when to use an on-call? If so then this is the track for you.","updated_timestamp":{"seconds":1712622420,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54320],"name":"Chris Hamilton","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/ch4m1l70n/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ch_breakthrough"}],"pronouns":null,"id":53591,"media":[{"hash_sha256":"78edf8640981af8ae54eeeb5984eb8b4791f5f73f75d20a495064f148bd79a28","filetype":"image/jpeg","hash_md5":"166a48c552f133c1dfb0f4f2d0253137","name":"ChrisHamilton.jpg","hash_crc32c":"3e14d3ce","filesize":154145,"asset_id":522,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FChrisHamilton.jpg?alt=media","person_id":53591}]}],"timeband_id":1161,"links":[],"end":"2024-05-28T00:20:00.000-0000","id":54320,"tag_ids":[46355],"begin_timestamp":{"seconds":1716854400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53591}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1800 (Track 4)","hotel":"","short_name":"Room 1800 (Track 4)","id":46207},"spans_timebands":"N","begin":"2024-05-28T00:00:00.000-0000","updated":"2024-04-09T00:27:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Deep dive into both candidate and hiring manager perspectives during interviews. What levers can you pull as a hiring manager to increase your offer acceptance rate?\r\n\r\nFour main challenges candidates face that will make them turn you down.\r\n\r\nFour areas to focus on so you and your team can crush it. \n\n\n","title":"Security recruitment: Four challenges candidates face and four areas you can improve to impress candidates","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#1d1ad9","name":"Talk - Track 4","id":46355},"android_description":"Deep dive into both candidate and hiring manager perspectives during interviews. What levers can you pull as a hiring manager to increase your offer acceptance rate?\r\n\r\nFour main challenges candidates face that will make them turn you down.\r\n\r\nFour areas to focus on so you and your team can crush it.","end_timestamp":{"seconds":1716853800,"nanoseconds":0},"updated_timestamp":{"seconds":1712622360,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54319],"name":"Pablo Vidal Bouza","affiliations":[{"organization":"Rippling","title":"Head of Security Operations"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/pablo-vidal-bouza-60064528/"}],"media":[{"hash_sha256":"87e280aadb43b986cd1847ab2aa064978a98e74e239d1df239cfc21d7848b473","filetype":"image/jpeg","hash_md5":"7b19ba597a7d891b7e0ffbfa0367b048","name":"PabloVidalBouza.jpg","hash_crc32c":"0a718b3f","filesize":17550,"asset_id":544,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FPabloVidalBouza.jpg?alt=media","person_id":53607}],"id":53607,"title":"Head of Security Operations at Rippling"}],"timeband_id":1161,"links":[],"end":"2024-05-27T23:50:00.000-0000","id":54319,"tag_ids":[46355],"begin_timestamp":{"seconds":1716852600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53607}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1800 (Track 4)","hotel":"","short_name":"Room 1800 (Track 4)","id":46207},"spans_timebands":"N","begin":"2024-05-27T23:30:00.000-0000","updated":"2024-04-09T00:26:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Rest APIs have been the backbone of webapps for over a decade now, and it’s treated us well. Inevitably, a challenger has approached and is gradually becoming the new industry standard. That is GraphQL, a query a language for your API. But shifts in tech trends also bring another inevitability, new and interesting ways to hack stuff. GraphQL is a growing target, and the pentesting tools have yet to keep up, leaving the criminals with more time and opportunity to probe and exploit vulnerabilities in your web apps. Burp Suite has been the defacto tool for Application Security professionals running DAST scans and penetration tests against web apps, and it’s amazing Active Scan feature badly needed to be able to parse GraphQL. Our new plugin for Burp Suite allows the Active Scanner to competently point it’s library of payloads at a GraphQL API, giving the defenders a chance to detect vulnerabilities before the criminals do.\n\n\n","title":"We Taught Burp to Speak GraphQL: Automated Security Scanning of Your GraphQL API With Burp","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#21db00","name":"Talk - Track 3","id":46354},"android_description":"Rest APIs have been the backbone of webapps for over a decade now, and it’s treated us well. Inevitably, a challenger has approached and is gradually becoming the new industry standard. That is GraphQL, a query a language for your API. But shifts in tech trends also bring another inevitability, new and interesting ways to hack stuff. GraphQL is a growing target, and the pentesting tools have yet to keep up, leaving the criminals with more time and opportunity to probe and exploit vulnerabilities in your web apps. Burp Suite has been the defacto tool for Application Security professionals running DAST scans and penetration tests against web apps, and it’s amazing Active Scan feature badly needed to be able to parse GraphQL. Our new plugin for Burp Suite allows the Active Scanner to competently point it’s library of payloads at a GraphQL API, giving the defenders a chance to detect vulnerabilities before the criminals do.","end_timestamp":{"seconds":1716855600,"nanoseconds":0},"updated_timestamp":{"seconds":1712621760,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54308],"name":"Jared Meit","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/jared-meit-069ba014/"}],"id":53595,"media":[{"hash_sha256":"f67c9ce85d706a1e755128a4cea823181edc417f531f29c888ad734039623520","filetype":"image/jpeg","hash_md5":"0817c30737d291a609ffea2934e78365","name":"JaredMeit.jpg","hash_crc32c":"5ff969f9","asset_id":529,"filesize":235222,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FJaredMeit.jpg?alt=media","person_id":53595}]}],"timeband_id":1161,"links":[],"end":"2024-05-28T00:20:00.000-0000","id":54308,"village_id":null,"begin_timestamp":{"seconds":1716852600,"nanoseconds":0},"tag_ids":[46354],"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53595}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1700 (Track 3)","hotel":"","short_name":"Room 1700 (Track 3)","id":46206},"spans_timebands":"N","updated":"2024-04-09T00:16:00.000-0000","begin":"2024-05-27T23:30:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"The advent of Generative Artificial Intelligence (AI) has ushered in a new era of creativity and innovation, but with it comes the imperative to address the pressing security and privacy concerns. This presentation, titled \"Ransom Meets Random,\" delves into a concise analysis of the intricate relationship between security, privacy, and Generative AI technologies.\r\n\r\nThe talk commences by exploring the dynamic landscape of generative models, shedding light on their transformative capabilities in content creation, text generation, and image synthesis. As these AI systems continue to evolve, it becomes crucial to understand the inherent risks and vulnerabilities associated with their deployment. The discussion emphasizes the potential exploitation of generative models in the context of ransom attacks, where malicious actors may leverage AI-generated content to manipulate or compromise sensitive information.\r\n\r\nFurthermore, the presentation examines the unpredictable nature of generative AI, discussing its challenges to maintaining user privacy. The talk navigates through the blurred lines between authentic and AI-generated content, unraveling the implications for individuals and organizations. Ethical considerations and regulatory perspectives are also addressed to foster a comprehensive understanding of the societal impact of generative AI.\r\n\r\nAttendees will gain insights into the current state of security measures within generative technologies and explore potential strategies to safeguard against emerging threats. By the end of the session, participants will be equipped with a nuanced understanding of the delicate balance between the innovative potential of generative AI and the imperative to fortify security and privacy frameworks in this rapidly evolving landscape.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#f300f7","name":"Talk - Track 2","id":46353},"title":"Ransom Meets Random: A Brief Analysis of Security and Privacy in Generative AI","android_description":"The advent of Generative Artificial Intelligence (AI) has ushered in a new era of creativity and innovation, but with it comes the imperative to address the pressing security and privacy concerns. This presentation, titled \"Ransom Meets Random,\" delves into a concise analysis of the intricate relationship between security, privacy, and Generative AI technologies.\r\n\r\nThe talk commences by exploring the dynamic landscape of generative models, shedding light on their transformative capabilities in content creation, text generation, and image synthesis. As these AI systems continue to evolve, it becomes crucial to understand the inherent risks and vulnerabilities associated with their deployment. The discussion emphasizes the potential exploitation of generative models in the context of ransom attacks, where malicious actors may leverage AI-generated content to manipulate or compromise sensitive information.\r\n\r\nFurthermore, the presentation examines the unpredictable nature of generative AI, discussing its challenges to maintaining user privacy. The talk navigates through the blurred lines between authentic and AI-generated content, unraveling the implications for individuals and organizations. Ethical considerations and regulatory perspectives are also addressed to foster a comprehensive understanding of the societal impact of generative AI.\r\n\r\nAttendees will gain insights into the current state of security measures within generative technologies and explore potential strategies to safeguard against emerging threats. By the end of the session, participants will be equipped with a nuanced understanding of the delicate balance between the innovative potential of generative AI and the imperative to fortify security and privacy frameworks in this rapidly evolving landscape.","end_timestamp":{"seconds":1716855600,"nanoseconds":0},"updated_timestamp":{"seconds":1712621400,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54302],"name":"Sourabh Aggarwal","affiliations":[],"links":[{"description":"","title":"","sort_order":0,"url":"https://itedconsultant.com/"},{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/ersourabhaggarwal/"}],"pronouns":null,"id":53610,"media":[{"hash_sha256":"1db93a5d046263c540b70087b7632003adee5b7b33503a56422a117d33492688","filetype":"image/jpeg","hash_md5":"31f54fa44c6ac4b5c682b5a0ca5622af","name":"SourabhAggarwal.jpg","hash_crc32c":"4c186618","asset_id":547,"filesize":284217,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FSourabhAggarwal.jpg?alt=media","person_id":53610}]}],"timeband_id":1161,"links":[],"end":"2024-05-28T00:20:00.000-0000","id":54302,"village_id":null,"begin_timestamp":{"seconds":1716852600,"nanoseconds":0},"tag_ids":[46353],"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53610}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1400-1410 (Track 2)","hotel":"","short_name":"Room 1400-1410 (Track 2)","id":46205},"spans_timebands":"N","begin":"2024-05-27T23:30:00.000-0000","updated":"2024-04-09T00:10:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"What's the one place that will let anyone walk in off the street and start using a computer? The library! But what if you want to do more than search the catalog for books? \r\n\r\nThis presentation will cover two types of hacking that you can do at the library. The first type involves how to gain control of an otherwise locked down public PC. Libraries encourage everyone to learn, they probably just didn't intend for it to be so hands on!\r\n\r\nThe second part of this presentation will cover how a widely used library web service was tested for vulnerabilities. This software was found to contain a large variety of vulnerability classes, and is a great example of what can be uncovered through a software security assessment. All of the findings were remotely exploitable 0day vulnerabilities, and this software was used by hundreds of libraries.\n\n\n","title":"Hacking Libraries (The Kind That Loan Books)","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#f77a00","updated_at":"2024-05-25T16:08+0000","name":"Talk - Track 1","id":46263},"android_description":"What's the one place that will let anyone walk in off the street and start using a computer? The library! But what if you want to do more than search the catalog for books? \r\n\r\nThis presentation will cover two types of hacking that you can do at the library. The first type involves how to gain control of an otherwise locked down public PC. Libraries encourage everyone to learn, they probably just didn't intend for it to be so hands on!\r\n\r\nThe second part of this presentation will cover how a widely used library web service was tested for vulnerabilities. This software was found to contain a large variety of vulnerability classes, and is a great example of what can be uncovered through a software security assessment. All of the findings were remotely exploitable 0day vulnerabilities, and this software was used by hundreds of libraries.","end_timestamp":{"seconds":1716855600,"nanoseconds":0},"updated_timestamp":{"seconds":1712620680,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54296],"name":"Wesley Wineberg","affiliations":[],"links":[],"pronouns":null,"id":53615,"media":[{"hash_sha256":"99d40c874dedbcea8aa4b996ec4ce18980456b1ac31a2bdec933c483de1b05a7","filetype":"image/png","hash_md5":"69c60edb1a306697427b6b463b9f46d1","name":"WesleyWineberg.png","hash_crc32c":"1c0f51bc","asset_id":551,"filesize":2336298,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FWesleyWineberg.png?alt=media","person_id":53615}]}],"timeband_id":1161,"links":[],"end":"2024-05-28T00:20:00.000-0000","id":54296,"begin_timestamp":{"seconds":1716852600,"nanoseconds":0},"tag_ids":[46263],"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53615}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1900 (Track 1 - The Microsoft Room)","hotel":"","short_name":"Room 1900 (Track 1 - The Microsoft Room)","id":46204},"spans_timebands":"N","begin":"2024-05-27T23:30:00.000-0000","updated":"2024-04-08T23:58:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"","title":"Securing the AI Pipeline with Muhammad Muneer","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#1d1ad9","name":"Talk - Track 4","id":46355},"end_timestamp":{"seconds":1716852000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1716647940,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54473],"name":"Muhammad Muneer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53721}],"timeband_id":1161,"links":[],"end":"2024-05-27T23:20:00.000-0000","id":54473,"tag_ids":[46355],"begin_timestamp":{"seconds":1716850800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53721}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1800 (Track 4)","hotel":"","short_name":"Room 1800 (Track 4)","id":46207},"spans_timebands":"N","updated":"2024-05-25T14:39:00.000-0000","begin":"2024-05-27T23:00:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Cryptocurrencies were once primarily associated with illicit activities due to their decentralized and seemingly anonymous nature. However, most of them operate on a pseudonymous basis, making crypto investigations a crucial aspect of modern cybersecurity. This involves a detailed analysis of blockchain transactions to trace the movement of funds. In this talk, we will explore the latest advances in crypto forensics and how to unveil the real-world entities behind cryptocurrency-related crimes. The goal is to equip the audience with the knowledge and skills needed to navigate the complex landscape of cryptocurrency investigations.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#f300f7","updated_at":"2024-05-25T16:08+0000","name":"Talk - Track 2","id":46353},"title":"Deanonymizing the Blockchain: What Cybersecurity Experts Should Know About Cryptocurrency Investigations","end_timestamp":{"seconds":1716852000,"nanoseconds":0},"android_description":"Cryptocurrencies were once primarily associated with illicit activities due to their decentralized and seemingly anonymous nature. However, most of them operate on a pseudonymous basis, making crypto investigations a crucial aspect of modern cybersecurity. This involves a detailed analysis of blockchain transactions to trace the movement of funds. In this talk, we will explore the latest advances in crypto forensics and how to unveil the real-world entities behind cryptocurrency-related crimes. The goal is to equip the audience with the knowledge and skills needed to navigate the complex landscape of cryptocurrency investigations.","updated_timestamp":{"seconds":1712621160,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54301],"name":"Artem Ponomarov","affiliations":[{"organization":"","title":"Cryptocurrency Security Expert"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/artem-ponomarov/"}],"id":53619,"media":[{"hash_sha256":"428ee2eadf0a80b3e0dfb173dd72faab1efdb4f1b55f2c80d94acff90734a8d5","filetype":"image/jpeg","hash_md5":"1bdeb7e3b547777264ae736c2291ee91","name":"ArtemPonomarov.jpeg","hash_crc32c":"fda9e9c7","filesize":37243,"asset_id":517,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FArtemPonomarov.jpeg?alt=media","person_id":53619}],"title":"Cryptocurrency Security Expert"}],"timeband_id":1161,"links":[],"end":"2024-05-27T23:20:00.000-0000","id":54301,"tag_ids":[46353],"village_id":null,"begin_timestamp":{"seconds":1716850800,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53619}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1400-1410 (Track 2)","hotel":"","short_name":"Room 1400-1410 (Track 2)","id":46205},"spans_timebands":"N","begin":"2024-05-27T23:00:00.000-0000","updated":"2024-04-09T00:06:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#f300f7","name":"Talk - Track 2","id":46353},"title":"Beyond Blacklists: Security in the Age of AI","end_timestamp":{"seconds":1716850200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1716647880,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54472],"name":"Feynman Liang","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53720}],"timeband_id":1161,"links":[],"end":"2024-05-27T22:50:00.000-0000","id":54472,"begin_timestamp":{"seconds":1716849000,"nanoseconds":0},"tag_ids":[46353],"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53720}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1400-1410 (Track 2)","hotel":"","short_name":"Room 1400-1410 (Track 2)","id":46205},"begin":"2024-05-27T22:30:00.000-0000","updated":"2024-05-25T14:38:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Blockchain technology can have a revolutionary effect on many important industries like finance and health. A security vulnerability in a smart contract can lead to a hack that would be more damaging than the biggest heists in history. We have proven DevSecOps methods in the classic software building industry that we can leverage to develop blockchain projects and improve smart contracts qualities and security. Moreover, there is a lack of consensus and guidance regarding leveraging DevSecOps in developing blockchain projects. This talk will list common smart contract vulnerabilities and how we can avoid them by building a secure CI/CD pipeline and following best security practices.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#1d1ad9","updated_at":"2024-05-25T16:08+0000","name":"Talk - Track 4","id":46355},"title":"Blockchain DevSecOps","android_description":"Blockchain technology can have a revolutionary effect on many important industries like finance and health. A security vulnerability in a smart contract can lead to a hack that would be more damaging than the biggest heists in history. We have proven DevSecOps methods in the classic software building industry that we can leverage to develop blockchain projects and improve smart contracts qualities and security. Moreover, there is a lack of consensus and guidance regarding leveraging DevSecOps in developing blockchain projects. This talk will list common smart contract vulnerabilities and how we can avoid them by building a secure CI/CD pipeline and following best security practices.","end_timestamp":{"seconds":1716850200,"nanoseconds":0},"updated_timestamp":{"seconds":1712622240,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54317],"name":"Iman Sharafaldin","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/imansharaf/"}],"pronouns":null,"media":[{"hash_sha256":"16955a7745c6638442322bbb47e43eb58b6299790e16593fcdb3b62d77af11d3","filetype":"image/jpeg","hash_md5":"c60573e836c4cdd504609068e7762332","name":"ImanSharafaldin.jpg","hash_crc32c":"f148d541","asset_id":527,"filesize":77677,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FImanSharafaldin.jpg?alt=media","person_id":53594}],"id":53594}],"timeband_id":1161,"links":[],"end":"2024-05-27T22:50:00.000-0000","id":54317,"tag_ids":[46355],"begin_timestamp":{"seconds":1716849000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53594}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1800 (Track 4)","hotel":"","short_name":"Room 1800 (Track 4)","id":46207},"updated":"2024-04-09T00:24:00.000-0000","begin":"2024-05-27T22:30:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"As modern software development practices evolve, CI/CD pipelines have emerged as a potent, yet under-secured frontier. This has resulted in a shift in focus from attackers, who are exploiting the traditionally overlooked vulnerabilities in the development pipelines. In this presentation, we'll dive into the top CI/CD security risks as identified by OWASP. We'll look at how each attack can be performed, explore potential impacts, and the motives of bad actors. This talk will provide you with pragmatic strategies to strengthen your CI/CD security posture. Join us to transform your CI/CD pipeline from a potential vulnerability into a cornerstone of your security infrastructure.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#21db00","name":"Talk - Track 3","id":46354},"title":"Beyond Code: Reinforcing CI/CD Pipelines Against Emerging Threats","android_description":"As modern software development practices evolve, CI/CD pipelines have emerged as a potent, yet under-secured frontier. This has resulted in a shift in focus from attackers, who are exploiting the traditionally overlooked vulnerabilities in the development pipelines. In this presentation, we'll dive into the top CI/CD security risks as identified by OWASP. We'll look at how each attack can be performed, explore potential impacts, and the motives of bad actors. This talk will provide you with pragmatic strategies to strengthen your CI/CD security posture. Join us to transform your CI/CD pipeline from a potential vulnerability into a cornerstone of your security infrastructure.","end_timestamp":{"seconds":1716852000,"nanoseconds":0},"updated_timestamp":{"seconds":1712621700,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54307],"name":"Farshad Abasi","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/farshadabasi/"}],"pronouns":null,"id":53592,"media":[{"hash_sha256":"74583cfacf40b7b0b59858b58079c123804f21a09d4fad549b1e77c05ba67687","filetype":"image/jpeg","hash_md5":"9cc28c1adafdc46bc628b2621461e275","name":"FarshadAbasi.jpg","hash_crc32c":"410856ed","asset_id":524,"filesize":126839,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FFarshadAbasi.jpg?alt=media","person_id":53592}]}],"timeband_id":1161,"links":[],"end":"2024-05-27T23:20:00.000-0000","id":54307,"begin_timestamp":{"seconds":1716849000,"nanoseconds":0},"tag_ids":[46354],"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53592}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1700 (Track 3)","hotel":"","short_name":"Room 1700 (Track 3)","id":46206},"begin":"2024-05-27T22:30:00.000-0000","updated":"2024-04-09T00:15:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"20,000 Leagues Under Accounting, your syndicate has established a foothold. What happens next is up to you. Come play Phishing Expedition, a choose your own adventure style phishing game, where participants take on the role of a fictional organized crime syndicate, attacking fictional organizations. Spend your collective cash wisely on the right infrastructure, payloads, and OSINT to gain access, compromise new hosts, and (hopefully) earn big profits from ill-gotten data. \n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#f77a00","name":"Talk - Track 1","id":46263},"title":"Phishing Expedition: a group-based, choose your own adventure style phishing game","android_description":"20,000 Leagues Under Accounting, your syndicate has established a foothold. What happens next is up to you. Come play Phishing Expedition, a choose your own adventure style phishing game, where participants take on the role of a fictional organized crime syndicate, attacking fictional organizations. Spend your collective cash wisely on the right infrastructure, payloads, and OSINT to gain access, compromise new hosts, and (hopefully) earn big profits from ill-gotten data.","end_timestamp":{"seconds":1716852000,"nanoseconds":0},"updated_timestamp":{"seconds":1712620620,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54295],"name":"A.J. Leece","affiliations":[{"organization":"Syntax Security Solutions","title":"Founder and Managing Director"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"http://www.linkedin.com/in/anthony-leece"},{"description":"","title":"Website","sort_order":0,"url":"https://www.security-selfawareness.com/"}],"pronouns":null,"media":[{"hash_sha256":"6ac92dadf638ea6556d2e28be1bfa3834a00c6fcf3e3b7011e7d271107a808d7","filetype":"image/png","hash_md5":"8b9263f6ad00248869710f8d1ab197d9","name":"AJLeece.png","hash_crc32c":"6c998405","asset_id":510,"filesize":1957841,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FAJLeece.png?alt=media","person_id":53585}],"id":53585,"title":"Founder and Managing Director at Syntax Security Solutions"}],"timeband_id":1161,"links":[],"end":"2024-05-27T23:20:00.000-0000","id":54295,"village_id":null,"tag_ids":[46263],"begin_timestamp":{"seconds":1716849000,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53585}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1900 (Track 1 - The Microsoft Room)","hotel":"","short_name":"Room 1900 (Track 1 - The Microsoft Room)","id":46204},"begin":"2024-05-27T22:30:00.000-0000","updated":"2024-04-08T23:57:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"This talk covers an introduction to catfishing, providing a real-life example. It outlines the Signs of a Catfish, focusing on Red Flags and Warning Signs. The role of OSINT is highlighted, showcasing techniques to unmask catfishers.\r\n\r\nIntroduction to Catfishing, Case example, Signs of a Catfish, Red Flags and Warning Signs , How can OSINT help?, OSINT techniques to unmask catfishers, Prevent Catfishing / Education \n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#1d1ad9","updated_at":"2024-05-25T16:08+0000","name":"Talk - Track 4","id":46355},"title":"Unveiling Deception - Catching a Catfish","android_description":"This talk covers an introduction to catfishing, providing a real-life example. It outlines the Signs of a Catfish, focusing on Red Flags and Warning Signs. The role of OSINT is highlighted, showcasing techniques to unmask catfishers.\r\n\r\nIntroduction to Catfishing, Case example, Signs of a Catfish, Red Flags and Warning Signs , How can OSINT help?, OSINT techniques to unmask catfishers, Prevent Catfishing / Education","end_timestamp":{"seconds":1716848400,"nanoseconds":0},"updated_timestamp":{"seconds":1712622180,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54316,54329],"name":"Ritu Gill","affiliations":[{"organization":"","title":"Intelligence Analyst"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/ritugill-osinttechniques/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/OSINTtechniques"},{"description":"","title":"Website","sort_order":0,"url":"https://www.osinttechniques.com/"},{"description":"","title":"Website (2)","sort_order":0,"url":"https://www.forensicosint.com/"}],"pronouns":null,"id":53608,"media":[{"hash_sha256":"e79fdeed84a6a69df3a01b1fb3ccd5824491c23cd530e0ffcb9574897c073cb2","filetype":"image/jpeg","hash_md5":"7cecce00d074bc221de8c4e5ad4a94f8","name":"RituGill.jpg","hash_crc32c":"827ef50a","asset_id":545,"filesize":36727,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FRituGill.jpg?alt=media","person_id":53608}],"title":"Intelligence Analyst"}],"timeband_id":1161,"links":[],"end":"2024-05-27T22:20:00.000-0000","id":54316,"tag_ids":[46355],"village_id":null,"begin_timestamp":{"seconds":1716847200,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53608}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1800 (Track 4)","hotel":"","short_name":"Room 1800 (Track 4)","id":46207},"spans_timebands":"N","begin":"2024-05-27T22:00:00.000-0000","updated":"2024-04-09T00:23:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"On the clearweb, hundreds of sites operate in the open which have been used to fuel the spread of Fentanyl and it’s precursors. These operators have stepped out of the shadows of the darkweb to increase the accessibility to their highly addictive drugs.\r\n\r\nSit down for this talk and discover how to identify a seller, track them down across the web, and find the links back to shell corporations based out of the United States. I will demonstrate all of this using real world examples; by following this guide you too will be able to use these OSINT tactics to take down a drug network.\n\n\n","title":"A How To Guide: Hunting Clearweb Fentanyl Distributors","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#1d1ad9","name":"Talk - Track 4","id":46355},"android_description":"On the clearweb, hundreds of sites operate in the open which have been used to fuel the spread of Fentanyl and it’s precursors. These operators have stepped out of the shadows of the darkweb to increase the accessibility to their highly addictive drugs.\r\n\r\nSit down for this talk and discover how to identify a seller, track them down across the web, and find the links back to shell corporations based out of the United States. I will demonstrate all of this using real world examples; by following this guide you too will be able to use these OSINT tactics to take down a drug network.","end_timestamp":{"seconds":1716846600,"nanoseconds":0},"updated_timestamp":{"seconds":1712622120,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54315],"name":"Julian B","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/julianb34/"}],"pronouns":null,"id":53598,"media":[{"hash_sha256":"962d5e3483bb21d8210e76ea17644de5824a4193c5676f86f6e9558346f8a7dc","filetype":"image/png","hash_md5":"cdcd18c6fee309d38662525a38e646e6","name":"JulianB.png","hash_crc32c":"7618146e","asset_id":533,"filesize":845071,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FJulianB.png?alt=media","person_id":53598}]}],"timeband_id":1161,"links":[],"end":"2024-05-27T21:50:00.000-0000","id":54315,"tag_ids":[46355],"begin_timestamp":{"seconds":1716845400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53598}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1800 (Track 4)","hotel":"","short_name":"Room 1800 (Track 4)","id":46207},"begin":"2024-05-27T21:30:00.000-0000","updated":"2024-04-09T00:22:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"As a security community and hackers, our major focus is usually on vulnerabilities affecting operating systems and software running on devices. Not so often do we put a light on protocols we have been using for years or practices we have been following. Then eventually, one day, we may realize that some expensive security solutions we trust for our security may extensively rely on some simple assumptions at core. In this presentation, starting with a real-life incident example, Ali will shed light on how common IDS/IPS detection engines rely on the fact that, malicious or not, all networking applications would follow the same logic flow at the socket programming level. Then, by thinking outside of the box, Ali will demonstrate how, by making a small change in the application, malicious traffic can avoid being detected by IDS/IPS engines and therefore bypass Next Generation Firewall’s Layer 7 Application Policy rules. A PoC tool written by Ali will be used to demonstrate a successful reverse shell connection and file exfiltration being performed over some well-known NGFWs despite their Layer 7 application block policies in effect. Following the demo, there will be some suggestions for defenders on how to detect such suspicious traffic as well as how to remediate this issue. The PoC tool will be published following the presentation.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#21db00","updated_at":"2024-05-25T16:08+0000","name":"Talk - Track 3","id":46354},"title":"Bypassing Next Generation Firewalls’ Layer 7 Application Policy","end_timestamp":{"seconds":1716848400,"nanoseconds":0},"android_description":"As a security community and hackers, our major focus is usually on vulnerabilities affecting operating systems and software running on devices. Not so often do we put a light on protocols we have been using for years or practices we have been following. Then eventually, one day, we may realize that some expensive security solutions we trust for our security may extensively rely on some simple assumptions at core. In this presentation, starting with a real-life incident example, Ali will shed light on how common IDS/IPS detection engines rely on the fact that, malicious or not, all networking applications would follow the same logic flow at the socket programming level. Then, by thinking outside of the box, Ali will demonstrate how, by making a small change in the application, malicious traffic can avoid being detected by IDS/IPS engines and therefore bypass Next Generation Firewall’s Layer 7 Application Policy rules. A PoC tool written by Ali will be used to demonstrate a successful reverse shell connection and file exfiltration being performed over some well-known NGFWs despite their Layer 7 application block policies in effect. Following the demo, there will be some suggestions for defenders on how to detect such suspicious traffic as well as how to remediate this issue. The PoC tool will be published following the presentation.","updated_timestamp":{"seconds":1712621640,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54306],"name":"Ali Efe","affiliations":[{"organization":"IBM X-Force Red","title":"Penetration Tester"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/ali-efe-63821339/"}],"pronouns":null,"media":[{"hash_sha256":"af596739f370dd1128b7d782d11549cbe8a58380db12e59ebdf9cfd785d92044","filetype":"image/jpeg","hash_md5":"bfd54b7dfb118a9ac3e27a0c7b2b56a1","name":"AliEfe.jpg","hash_crc32c":"a346d00e","asset_id":512,"filesize":49639,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FAliEfe.jpg?alt=media","person_id":53587}],"id":53587,"title":"Penetration Tester at IBM X-Force Red"}],"timeband_id":1161,"links":[],"end":"2024-05-27T22:20:00.000-0000","id":54306,"tag_ids":[46354],"begin_timestamp":{"seconds":1716845400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53587}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1700 (Track 3)","hotel":"","short_name":"Room 1700 (Track 3)","id":46206},"updated":"2024-04-09T00:14:00.000-0000","begin":"2024-05-27T21:30:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Transformers architecture powers most of the recent developments in AI space, especially the recent wave of LLMs. However, the transformers architecture is quite complex and not very well understood. I want to take a deep dive into the architecture and explain how it works. From security point of view, if more security practitioners understand the architecture better, it will help in finding security loopholes.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#f300f7","updated_at":"2024-05-25T16:08+0000","name":"Talk - Track 2","id":46353},"title":"Deep dive into Transformers architecture","end_timestamp":{"seconds":1716848400,"nanoseconds":0},"android_description":"Transformers architecture powers most of the recent developments in AI space, especially the recent wave of LLMs. However, the transformers architecture is quite complex and not very well understood. I want to take a deep dive into the architecture and explain how it works. From security point of view, if more security practitioners understand the architecture better, it will help in finding security loopholes.","updated_timestamp":{"seconds":1712621040,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54300],"name":"Japneet Singh","affiliations":[{"organization":"Lacework","title":"Software Engineer"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/japneetsingh/"}],"media":[{"hash_sha256":"8afb252f710fb4111bba51fa9a2673cc4ece1f0fa0ba97a4df47340f66ce25db","filetype":"image/jpeg","hash_md5":"925f41254c0395ff7e285295a6886702","name":"JapneetSingh.jpg","hash_crc32c":"511551c1","filesize":81156,"asset_id":528,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FJapneetSingh.jpg?alt=media","person_id":53618}],"id":53618,"title":"Software Engineer at Lacework"}],"timeband_id":1161,"links":[],"end":"2024-05-27T22:20:00.000-0000","id":54300,"village_id":null,"tag_ids":[46353],"begin_timestamp":{"seconds":1716845400,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53618}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1400-1410 (Track 2)","hotel":"","short_name":"Room 1400-1410 (Track 2)","id":46205},"spans_timebands":"N","updated":"2024-04-09T00:04:00.000-0000","begin":"2024-05-27T21:30:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Previously, we discovered a bug that could bypass the PIN2Drive feature for Tesla vehicles. We were rewarded by Tesla and entered the Tesla Hall of Fame. Additionally, we disclosed a creative bug named Rolling-Pwn, which affects Honda vehicles globally. Vehicle bug bounty hunting is the new trend. In this talk, I will provide advice on vehicle bug bounty hunting and present the successes and failures of our vehicle bug hunting stories over the past few years.\n\n\n","title":"Behind the Dashboard: Tales of a Car Bug Bounty Hunter","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#f77a00","name":"Talk - Track 1","id":46263},"end_timestamp":{"seconds":1716848400,"nanoseconds":0},"android_description":"Previously, we discovered a bug that could bypass the PIN2Drive feature for Tesla vehicles. We were rewarded by Tesla and entered the Tesla Hall of Fame. Additionally, we disclosed a creative bug named Rolling-Pwn, which affects Honda vehicles globally. Vehicle bug bounty hunting is the new trend. In this talk, I will provide advice on vehicle bug bounty hunting and present the successes and failures of our vehicle bug hunting stories over the past few years.","updated_timestamp":{"seconds":1712620560,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54294],"name":"Kevin Chen","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/kevin2600"}],"pronouns":null,"media":[{"hash_sha256":"2d1f7c55f05a30d49681a09f7569f494edc78b3bbd91a5f62658f85e8d0cc888","filetype":"image/png","hash_md5":"362248645906a02d36a9fbf64293fe3c","name":"KevinChen.png","hash_crc32c":"0060e073","asset_id":535,"filesize":341604,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FKevinChen.png?alt=media","person_id":53599}],"id":53599}],"timeband_id":1161,"links":[],"end":"2024-05-27T22:20:00.000-0000","id":54294,"village_id":null,"begin_timestamp":{"seconds":1716845400,"nanoseconds":0},"tag_ids":[46263],"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53599}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1900 (Track 1 - The Microsoft Room)","hotel":"","short_name":"Room 1900 (Track 1 - The Microsoft Room)","id":46204},"updated":"2024-04-08T23:56:00.000-0000","begin":"2024-05-27T21:30:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Often when folks think of security research, they think of things like reverse engineering, tracking threat actors, or pentesting. While these are all valid, there’s one side of security research that is often forgotten or misunderstood – Internet Measurement, or evidence-based science. In order to improve the world, we need to quantify it first, and that’s where Internet Measurement comes into play.\r\n\r\nIn this talk, I’ll use my 8 years of hands-on experience to dive deep into the world of Internet Measurement and show attendees why we should care MORE about Internet Measurement as a security research tool. To start, I’ll discuss the details of three very different measurement projects: evaluating attacker behavior in a niche market, quantifying Internet Scanning completeness, and improving vulnerability notifications. In discussing these projects, I’ll clarify the questions we were trying to answer, how we thought about our measurements, and the impact the outcomes had. Most importantly, I’ll hypothesize what we would have missed had the work NOT happened. \r\n\r\nBy discussing these three disparate projects, I hope attendees will walk away understanding what Internet Measurement is, why it’s so useful in the world of security, and how security practitioners can apply these lessons to their own environments. We don’t know what we don’t know and the unknown can seem daunting. Internet Measurement is a way for us to step into (and through) that unknown.\n\n\n","title":"What we Mean When We Say Internet Measurement, and why it Matters so much for Security","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#1d1ad9","name":"Talk - Track 4","id":46355},"end_timestamp":{"seconds":1716844800,"nanoseconds":0},"android_description":"Often when folks think of security research, they think of things like reverse engineering, tracking threat actors, or pentesting. While these are all valid, there’s one side of security research that is often forgotten or misunderstood – Internet Measurement, or evidence-based science. In order to improve the world, we need to quantify it first, and that’s where Internet Measurement comes into play.\r\n\r\nIn this talk, I’ll use my 8 years of hands-on experience to dive deep into the world of Internet Measurement and show attendees why we should care MORE about Internet Measurement as a security research tool. To start, I’ll discuss the details of three very different measurement projects: evaluating attacker behavior in a niche market, quantifying Internet Scanning completeness, and improving vulnerability notifications. In discussing these projects, I’ll clarify the questions we were trying to answer, how we thought about our measurements, and the impact the outcomes had. Most importantly, I’ll hypothesize what we would have missed had the work NOT happened. \r\n\r\nBy discussing these three disparate projects, I hope attendees will walk away understanding what Internet Measurement is, why it’s so useful in the world of security, and how security practitioners can apply these lessons to their own environments. We don’t know what we don’t know and the unknown can seem daunting. Internet Measurement is a way for us to step into (and through) that unknown.","updated_timestamp":{"seconds":1712622120,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54314],"name":"Ariana Mirian","affiliations":[{"organization":"Censys","title":"Senior Security Researcher"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/arianamirian/"},{"description":"","title":"Mastodon (infosec.exchange)","sort_order":0,"url":"https://infosec.exchange/@amirian"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/arimirian"},{"description":"","title":"Website","sort_order":0,"url":"http://arianamirian.com/"}],"media":[{"hash_sha256":"f48cd226c6756003059e5a442382035099f34f2b19a34f043717167e9afc79d4","filetype":"image/jpeg","hash_md5":"9e24d89d9d29cfe8c36d9c1abd50538b","name":"ArianaMirian.jpg","hash_crc32c":"98b52647","filesize":37401,"asset_id":516,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FArianaMirian.jpg?alt=media","person_id":53590}],"id":53590,"title":"Senior Security Researcher at Censys"}],"timeband_id":1161,"links":[],"end":"2024-05-27T21:20:00.000-0000","id":54314,"begin_timestamp":{"seconds":1716843600,"nanoseconds":0},"tag_ids":[46355],"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53590}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1800 (Track 4)","hotel":"","short_name":"Room 1800 (Track 4)","id":46207},"updated":"2024-04-09T00:22:00.000-0000","begin":"2024-05-27T21:00:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"You are the proverbial bad guy, and need to exfiltrate data out of a company. What are the various techniques you can employ to fly under the radar of all software modules designed to prevent you from doing that? If you are a blue teamer and need to guard your defenses against exfiltration, what are the various techniques you can employ to prevent this?\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#1d1ad9","updated_at":"2024-05-25T16:08+0000","name":"Talk - Track 4","id":46355},"title":"Techniques to exfiltrate data","end_timestamp":{"seconds":1716843000,"nanoseconds":0},"android_description":"You are the proverbial bad guy, and need to exfiltrate data out of a company. What are the various techniques you can employ to fly under the radar of all software modules designed to prevent you from doing that? If you are a blue teamer and need to guard your defenses against exfiltration, what are the various techniques you can employ to prevent this?","updated_timestamp":{"seconds":1712622000,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54313],"name":"Sundar Krishnamurthy","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/sundar-krishnamurthy-cissp-b32b761/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/sundarnut"}],"pronouns":null,"media":[{"hash_sha256":"0bf278a0e5bf789d445e90593cefa51801bc62ee713d34e0faa3e816b0282729","filetype":"image/jpeg","hash_md5":"62af8c8428d779abaa738e6938239932","name":"SundarKrishnamurthy.jpg","hash_crc32c":"1c53f9d0","asset_id":549,"filesize":79689,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FSundarKrishnamurthy.jpg?alt=media","person_id":53612}],"id":53612}],"timeband_id":1161,"links":[],"end":"2024-05-27T20:50:00.000-0000","id":54313,"tag_ids":[46355],"begin_timestamp":{"seconds":1716841800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53612}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1800 (Track 4)","hotel":"","short_name":"Room 1800 (Track 4)","id":46207},"spans_timebands":"N","updated":"2024-04-09T00:20:00.000-0000","begin":"2024-05-27T20:30:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Alex and Brad's fascination with drones further catalyzed this integration, giving birth to \"The Raccoon Squad\". This initiative features two groundbreaking devices: the 'Flying Raccoon', representing airborne reconnaissance and intrusion, and the 'Sneaky Raccoon', epitomizing ground-level stealth operations. Through this exploration, we gain insights into the future of integrated security solutions that seamlessly blend digital prowess with tangible, real-world applications.\n\n\n","title":"Guardians of Cybersecurity: Deploying IoT devices via Drones and Dropboxes","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#21db00","name":"Talk - Track 3","id":46354},"android_description":"Alex and Brad's fascination with drones further catalyzed this integration, giving birth to \"The Raccoon Squad\". This initiative features two groundbreaking devices: the 'Flying Raccoon', representing airborne reconnaissance and intrusion, and the 'Sneaky Raccoon', epitomizing ground-level stealth operations. Through this exploration, we gain insights into the future of integrated security solutions that seamlessly blend digital prowess with tangible, real-world applications.","end_timestamp":{"seconds":1716844800,"nanoseconds":0},"updated_timestamp":{"seconds":1712621580,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54305],"name":"Alex Thines","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/alexander-thines-34256315b/"}],"pronouns":null,"id":53586,"media":[{"hash_sha256":"d95a8fd5829f620863da58428f599d4cf683e84e3f244ede70e196998c9694b8","filetype":"image/jpeg","hash_md5":"0163cebd2b775aa4ae8889627a204b4c","name":"AlexThines.jpg","hash_crc32c":"d95526b5","filesize":95583,"asset_id":511,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FAlexThines.jpg?alt=media","person_id":53586}]},{"conference_id":139,"event_ids":[54305],"name":"Brad \"Sno0ose\" Ammerman","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/bradammerman/"}],"pronouns":null,"media":[{"hash_sha256":"e6e63b107319e207df98e838c2f280365a8dcf4c9071842a491bb62740c21000","filetype":"image/png","hash_md5":"16bcfbb9448fc46e2cd83788912ea4e0","name":"BradAmmerman.png","hash_crc32c":"f3338efd","asset_id":519,"filesize":44781,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FBradAmmerman.png?alt=media","person_id":53621}],"id":53621}],"timeband_id":1161,"links":[],"end":"2024-05-27T21:20:00.000-0000","id":54305,"tag_ids":[46354],"begin_timestamp":{"seconds":1716841800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53586},{"tag_id":46264,"sort_order":1,"person_id":53621}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1700 (Track 3)","hotel":"","short_name":"Room 1700 (Track 3)","id":46206},"updated":"2024-04-09T00:13:00.000-0000","begin":"2024-05-27T20:30:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"As businesses increasingly rely on AI for innovation and efficiency, cyber threats leveraging AI capabilities have become more sophisticated and pervasive than ever before. In this talk, Michael Argast, Co-founder and CEO of Kobalt.io, will delve into the dynamic realm of Cybersecurity Attack and Defense amidst the Rise of AI, and will go through common and popular attack trends and compromises. Ideal for staff, IT, and technical teams, this session aims to empower you with essential knowledge and practical strategies to safeguard your digital assets effectively.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#f300f7","name":"Talk - Track 2","id":46353},"title":"Cybersecurity Attack and Defense with the Rise of AI","android_description":"As businesses increasingly rely on AI for innovation and efficiency, cyber threats leveraging AI capabilities have become more sophisticated and pervasive than ever before. In this talk, Michael Argast, Co-founder and CEO of Kobalt.io, will delve into the dynamic realm of Cybersecurity Attack and Defense amidst the Rise of AI, and will go through common and popular attack trends and compromises. Ideal for staff, IT, and technical teams, this session aims to empower you with essential knowledge and practical strategies to safeguard your digital assets effectively.","end_timestamp":{"seconds":1716844800,"nanoseconds":0},"updated_timestamp":{"seconds":1712620980,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54299],"name":"Michael Argast","affiliations":[{"organization":"Kobalt.io","title":"Co-founder and CEO"}],"links":[{"description":"","title":"Facebook","sort_order":0,"url":"https://web.facebook.com/kobaltcyber/"},{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/company/kobaltio"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/kobaltio"},{"description":"","title":"YouTube","sort_order":0,"url":"https://www.youtube.com/@kobalt.io.cybersecurity"}],"pronouns":null,"id":53603,"media":[{"hash_sha256":"82191e066a3aabd821055efcdb2e2a6835fc28cc6a0c525d9f7236bc8e5334b5","filetype":"image/png","hash_md5":"d72ebc412c23d7e13f6e5c1a02a4f224","name":"MichaelArgast.png","hash_crc32c":"d2bb463f","filesize":663881,"asset_id":540,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FMichaelArgast.png?alt=media","person_id":53603}],"title":"Co-founder and CEO at Kobalt.io"}],"timeband_id":1161,"links":[],"end":"2024-05-27T21:20:00.000-0000","id":54299,"tag_ids":[46353],"village_id":null,"begin_timestamp":{"seconds":1716841800,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53603}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1400-1410 (Track 2)","hotel":"","short_name":"Room 1400-1410 (Track 2)","id":46205},"spans_timebands":"N","updated":"2024-04-09T00:03:00.000-0000","begin":"2024-05-27T20:30:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"The macOS sandbox is a powerful tool for application security, and hardens macOS office to a point where they're not wildly used as an entry vector. Or are they? In this talk we will dive into sandbox escape mechanisms on macOS, as well as present a few technique for potential generic sandbox escapes.\n\n\n","title":"The sand castle - the state of the macOS sandbox through the lense of Office macros","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#f77a00","name":"Talk - Track 1","id":46263},"end_timestamp":{"seconds":1716844800,"nanoseconds":0},"android_description":"The macOS sandbox is a powerful tool for application security, and hardens macOS office to a point where they're not wildly used as an entry vector. Or are they? In this talk we will dive into sandbox escape mechanisms on macOS, as well as present a few technique for potential generic sandbox escapes.","updated_timestamp":{"seconds":1712620560,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54293],"name":"Jonathan Bar Or","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/jonathan-bar-or-89876474"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/yo_yo_yo_jbo"}],"pronouns":null,"id":53596,"media":[{"hash_sha256":"eee4082d6c588a3d7636efefb56b460a54f6ff9a3dc71570de7752079fe82ded","filetype":"image/jpeg","hash_md5":"2db3dfc020242055d9f1bf4b4881e37e","name":"JonathanBarOr.jpg","hash_crc32c":"d24aadbf","filesize":48011,"asset_id":531,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FJonathanBarOr.jpg?alt=media","person_id":53596}]}],"timeband_id":1161,"links":[],"end":"2024-05-27T21:20:00.000-0000","id":54293,"tag_ids":[46263],"village_id":null,"begin_timestamp":{"seconds":1716841800,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53596}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1900 (Track 1 - The Microsoft Room)","hotel":"","short_name":"Room 1900 (Track 1 - The Microsoft Room)","id":46204},"updated":"2024-04-08T23:56:00.000-0000","begin":"2024-05-27T20:30:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Please bring your voucher to TacoFino at 15 W. Cordova for your FREE burrito \n\n\n","title":"Lunch sponsored by WebSec","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#420d40","updated_at":"2024-05-25T16:08+0000","name":"Misc","id":46275},"android_description":"Please bring your voucher to TacoFino at 15 W. Cordova for your FREE burrito","end_timestamp":{"seconds":1716841200,"nanoseconds":0},"updated_timestamp":{"seconds":1716647820,"nanoseconds":0},"speakers":[],"timeband_id":1161,"links":[],"end":"2024-05-27T20:20:00.000-0000","id":54288,"begin_timestamp":{"seconds":1716838200,"nanoseconds":0},"tag_ids":[46275],"village_id":null,"includes":"","people":[],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46209},"spans_timebands":"N","updated":"2024-05-25T14:37:00.000-0000","begin":"2024-05-27T19:30:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"There are numerous families of malware out there, each with its own unique features. Some can steal sensitive data and exfiltrate it using specific protocols, some can introduce additional malware into the system, some can encrypt or destroy files, and many more. Despite their differences, these various malware families can collaborate in a symphonic manner to deliver a powerful infection. I've started referring to this as a “malware symphony” to describe how different types of malware contribute to the symphony of infections, much like instruments in an orchestra. One such example is CrackedCantil, which I named after Cracked Software and the Cantil Viper. In this particular malware campaign that originated from Cracked Software, at least nine different malware types were involved, including PrivateLoader, Smoke, Lumma, RedLine, RisePro, Amadey, Stealc, Socks5Systemz, and STOP. Here, the Loaders (PrivateLoader, Smoke) introduced several notorious malware into the system. The Infostealers (Lumma, RedLine, RisePro, Amadey, Stealc) exfilterated various sensitive information before the ransomware encrypted the files. The Proxy Bot malware (Socks5Systemz) transformed the system into a proxy bot, and the Ransomware (STOP) encrypted the files, demanding a ransom for their recovery. The full analysis can be found here: https://any.run/cybersecurity-blog/crackedcantil-breakdown/ This talk will delve into the malware symphonies, exploring how they are orchestrated to wreak havoc on systems.\n\n\n","title":"Decomposing a Malware Symphony: When Malware Work Together to Deliver a Powerful Infection","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#1d1ad9","name":"Talk - Track 4","id":46355},"end_timestamp":{"seconds":1716838200,"nanoseconds":0},"android_description":"There are numerous families of malware out there, each with its own unique features. Some can steal sensitive data and exfiltrate it using specific protocols, some can introduce additional malware into the system, some can encrypt or destroy files, and many more. Despite their differences, these various malware families can collaborate in a symphonic manner to deliver a powerful infection. I've started referring to this as a “malware symphony” to describe how different types of malware contribute to the symphony of infections, much like instruments in an orchestra. One such example is CrackedCantil, which I named after Cracked Software and the Cantil Viper. In this particular malware campaign that originated from Cracked Software, at least nine different malware types were involved, including PrivateLoader, Smoke, Lumma, RedLine, RisePro, Amadey, Stealc, Socks5Systemz, and STOP. Here, the Loaders (PrivateLoader, Smoke) introduced several notorious malware into the system. The Infostealers (Lumma, RedLine, RisePro, Amadey, Stealc) exfilterated various sensitive information before the ransomware encrypted the files. The Proxy Bot malware (Socks5Systemz) transformed the system into a proxy bot, and the Ransomware (STOP) encrypted the files, demanding a ransom for their recovery. The full analysis can be found here: https://any.run/cybersecurity-blog/crackedcantil-breakdown/ This talk will delve into the malware symphonies, exploring how they are orchestrated to wreak havoc on systems.","updated_timestamp":{"seconds":1712622000,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54312],"name":"Lena Yu","affiliations":[],"links":[{"description":"","title":"","sort_order":0,"url":"http://linkedin.com/in/lenaaaa"},{"description":"","title":"Website","sort_order":0,"url":"http://lambdamamba.com/"}],"pronouns":null,"media":[{"hash_sha256":"7411c082116338a072ed01314605c7609317f967ccbdfb502126527653b850fd","filetype":"image/png","hash_md5":"19766cc1d195d6bc458606f165a639a3","name":"LenaYu.png","hash_crc32c":"c2d74954","filesize":2886653,"asset_id":537,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FLenaYu.png?alt=media","person_id":53600}],"id":53600}],"timeband_id":1161,"links":[],"end":"2024-05-27T19:30:00.000-0000","id":54312,"village_id":null,"begin_timestamp":{"seconds":1716837000,"nanoseconds":0},"tag_ids":[46355],"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53600}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1800 (Track 4)","hotel":"","short_name":"Room 1800 (Track 4)","id":46207},"begin":"2024-05-27T19:10:00.000-0000","updated":"2024-04-09T00:20:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"All conference talks we hear about vulnerability hunting and exploitations are so cool -- so much so that it appears as if you would never get there unless you have been hacking since 14 years old. Will you not ever find cool bugs if you do not like setting up fuzzers or grinding with disassemblers? You are mistaken. In this talk, I will introduce the mindset that will slowly but organically yield the discovery of vulnerabilities without daunting learning curves or too many emotional rollercoasters often associated with “vulnerability research.” That is, let us do “security research” instead. As a case, I will discuss how I found vulnerabilities in the Windows Hypervisor. Throughout it, we will review the hardware-assisted virtualization technology the hypervisor relies on and Windows’ unique security boundary that is less scrutinized. Finally, the talk gives a few ideas to extend this work for more bug discoveries. You should attend this talk if you want to start bug hunting casually and naturally. You may not find bugs immediately, but bugs may find you soon.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#1d1ad9","name":"Talk - Track 4","id":46355},"title":"Do not find bugs; bugs find you","end_timestamp":{"seconds":1716836400,"nanoseconds":0},"android_description":"All conference talks we hear about vulnerability hunting and exploitations are so cool -- so much so that it appears as if you would never get there unless you have been hacking since 14 years old. Will you not ever find cool bugs if you do not like setting up fuzzers or grinding with disassemblers? You are mistaken. In this talk, I will introduce the mindset that will slowly but organically yield the discovery of vulnerabilities without daunting learning curves or too many emotional rollercoasters often associated with “vulnerability research.” That is, let us do “security research” instead. As a case, I will discuss how I found vulnerabilities in the Windows Hypervisor. Throughout it, we will review the hardware-assisted virtualization technology the hypervisor relies on and Windows’ unique security boundary that is less scrutinized. Finally, the talk gives a few ideas to extend this work for more bug discoveries. You should attend this talk if you want to start bug hunting casually and naturally. You may not find bugs immediately, but bugs may find you soon.","updated_timestamp":{"seconds":1712621940,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54311],"name":"Satoshi Tanda","affiliations":[],"links":[{"description":"","title":"","sort_order":0,"url":"http://www.linkedin.com/in/satoshitanda/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/standa_t"}],"pronouns":null,"media":[{"hash_sha256":"6b5a69eca4a1659b6cefd3b2bc80c5a86f4cfd654f9423e4cbf3bb64951bafcf","filetype":"image/jpeg","hash_md5":"8af4530dc3d513e1a325ba740f163266","name":"SatoshiTanda.jpg","hash_crc32c":"d9930134","asset_id":546,"filesize":15865,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FSatoshiTanda.jpg?alt=media","person_id":53609}],"id":53609}],"timeband_id":1161,"links":[],"end":"2024-05-27T19:00:00.000-0000","id":54311,"village_id":null,"tag_ids":[46355],"begin_timestamp":{"seconds":1716835200,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53609}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1800 (Track 4)","hotel":"","short_name":"Room 1800 (Track 4)","id":46207},"spans_timebands":"N","begin":"2024-05-27T18:40:00.000-0000","updated":"2024-04-09T00:19:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"A Machine Learning Approach to Threat Hunting in Endpoint and Network Logs The talk will introduce Jupyter Notebooks for large-scale threat hunting. Rather than looking at vast data in a traditional tabular format, we will explore the effectiveness of visualizations, emphasizing graphs, to identify and investigate outliers. The primary area of focus would be Anomaly Detection applied to substantial volume of data to generate Alerts for SOC based on Windows Sysmon Endpoint Logs and Zeek/Suricata Logs.\r\n\r\nIn this talk, we will identify the anomalies in an environment without ingesting the data into a SIEM or an intelligent application, simply by using a Jupyter Notebook The potential of extracting patterns and deriving meaningful insights from data is vast. And hence, Introducing a detection engineering strategy using Machine Learning and Visualizations to Hunt for Threats in Endpoint and Network Logs. Furthermore, the same strategy could be extended to Hunt for threats in Cloud Environments such as AWS and Azure. The capability of detecting Outliers in an environment within few minutes and converting those into highly effective Alerts with minimal True Positives will be explored in this presentation.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#21db00","updated_at":"2024-05-25T16:08+0000","name":"Talk - Track 3","id":46354},"title":"Give me the damn Model for Threat Hunting","android_description":"A Machine Learning Approach to Threat Hunting in Endpoint and Network Logs The talk will introduce Jupyter Notebooks for large-scale threat hunting. Rather than looking at vast data in a traditional tabular format, we will explore the effectiveness of visualizations, emphasizing graphs, to identify and investigate outliers. The primary area of focus would be Anomaly Detection applied to substantial volume of data to generate Alerts for SOC based on Windows Sysmon Endpoint Logs and Zeek/Suricata Logs.\r\n\r\nIn this talk, we will identify the anomalies in an environment without ingesting the data into a SIEM or an intelligent application, simply by using a Jupyter Notebook The potential of extracting patterns and deriving meaningful insights from data is vast. And hence, Introducing a detection engineering strategy using Machine Learning and Visualizations to Hunt for Threats in Endpoint and Network Logs. Furthermore, the same strategy could be extended to Hunt for threats in Cloud Environments such as AWS and Azure. The capability of detecting Outliers in an environment within few minutes and converting those into highly effective Alerts with minimal True Positives will be explored in this presentation.","end_timestamp":{"seconds":1716838200,"nanoseconds":0},"updated_timestamp":{"seconds":1712621580,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54304],"name":"Kai Iyer","affiliations":[{"organization":"EY's Cyber Threat Management","title":"Senior Security Engineer"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/anoop-krishnan47"}],"pronouns":null,"media":[{"hash_sha256":"b604e275b36c9840499dee52ffda9068d1c1600921146fa9136bff372ca608e0","filetype":"image/jpeg","hash_md5":"823e499661faa78f89aeb59ee0156b1f","name":"KaiIyer.jpg","hash_crc32c":"b267462d","filesize":126167,"asset_id":534,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FKaiIyer.jpg?alt=media","person_id":53620}],"id":53620,"title":"Senior Security Engineer at EY's Cyber Threat Management"}],"timeband_id":1161,"links":[],"end":"2024-05-27T19:30:00.000-0000","id":54304,"village_id":null,"tag_ids":[46354],"begin_timestamp":{"seconds":1716835200,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53620}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1700 (Track 3)","hotel":"","short_name":"Room 1700 (Track 3)","id":46206},"spans_timebands":"N","updated":"2024-04-09T00:13:00.000-0000","begin":"2024-05-27T18:40:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Your metrics are boring and dangerous. Recycled slides with meaningless counts of alerts, incidents, true and false positives… SNOOZE. Even worse, it’s motivating your team to distort the truth and subvert progress. This talk is your wake-up call to rethink your detection and response metrics.\r\n\r\nMetrics tell a story. But before we can describe the effectiveness of our capabilities, our audience first needs to grasp what modern detection and response is and its value. So, how do we tell that story, especially to leadership with a limited amount of time?\r\n\r\nMeasurements help us get results. But if you’re advocating for faster response times, you might be encouraging your team to make hasty decisions that lead to increased risk. So, how do we find a set of measurements, both qualitative and quantitative, that incentivizes progress and serves as a north star to modern detection and response?\r\n\r\nMetrics help shape decisions. But legacy methods of evaluating and reporting are preventing you from getting the support and funding you need to succeed. At the end of this talk, you’ll walk away with a practical framework for developing your own metrics, a new maturity model for measuring detection and response capabilities, data gathering techniques that tell a convincing story using micro-purple testing, and lots of visual examples of metrics that won’t put your audience to sleep.\n\n\n","title":"The Fault in Our Metrics: Rethinking How We Measure Detection & Response","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#f300f7","name":"Talk - Track 2","id":46353},"android_description":"Your metrics are boring and dangerous. Recycled slides with meaningless counts of alerts, incidents, true and false positives… SNOOZE. Even worse, it’s motivating your team to distort the truth and subvert progress. This talk is your wake-up call to rethink your detection and response metrics.\r\n\r\nMetrics tell a story. But before we can describe the effectiveness of our capabilities, our audience first needs to grasp what modern detection and response is and its value. So, how do we tell that story, especially to leadership with a limited amount of time?\r\n\r\nMeasurements help us get results. But if you’re advocating for faster response times, you might be encouraging your team to make hasty decisions that lead to increased risk. So, how do we find a set of measurements, both qualitative and quantitative, that incentivizes progress and serves as a north star to modern detection and response?\r\n\r\nMetrics help shape decisions. But legacy methods of evaluating and reporting are preventing you from getting the support and funding you need to succeed. At the end of this talk, you’ll walk away with a practical framework for developing your own metrics, a new maturity model for measuring detection and response capabilities, data gathering techniques that tell a convincing story using micro-purple testing, and lots of visual examples of metrics that won’t put your audience to sleep.","end_timestamp":{"seconds":1716838200,"nanoseconds":0},"updated_timestamp":{"seconds":1712620920,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54298],"name":"Allyn Stott","affiliations":[{"organization":"AirBNB","title":"Senior Staff Engineer"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/whyallyn/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/whyallyn"}],"id":53588,"media":[{"hash_sha256":"1f62b1663d33b86da30adf1de5fc58091c3eaba10dd97c6c50142df15dfac2b8","filetype":"image/png","hash_md5":"e57f78dcb82d2c70353c792accaf11b7","name":"AllynStott.png","hash_crc32c":"769de7a2","filesize":102307,"asset_id":513,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FAllynStott.png?alt=media","person_id":53588}],"title":"Senior Staff Engineer at AirBNB"}],"timeband_id":1161,"links":[],"end":"2024-05-27T19:30:00.000-0000","id":54298,"tag_ids":[46353],"begin_timestamp":{"seconds":1716835200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53588}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1400-1410 (Track 2)","hotel":"","short_name":"Room 1400-1410 (Track 2)","id":46205},"spans_timebands":"N","updated":"2024-04-09T00:02:00.000-0000","begin":"2024-05-27T18:40:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"In the realm of writing secure Python code, it's not only about functionality and performance; it's equally vital to shield your application and users from potential threats and vulnerabilities. Given Python's immense popularity, it becomes even more essential that we acquire the skills to build secure, dependable, and robust applications. Join me in this talk as we embark on a shared journey to master the art of secure Python coding. Together, let's empower ourselves to create a safer digital world.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#f77a00","updated_at":"2024-05-25T16:08+0000","name":"Talk - Track 1","id":46263},"title":"Top Tips for Python Security","end_timestamp":{"seconds":1716838200,"nanoseconds":0},"android_description":"In the realm of writing secure Python code, it's not only about functionality and performance; it's equally vital to shield your application and users from potential threats and vulnerabilities. Given Python's immense popularity, it becomes even more essential that we acquire the skills to build secure, dependable, and robust applications. Join me in this talk as we embark on a shared journey to master the art of secure Python coding. Together, let's empower ourselves to create a safer digital world.","updated_timestamp":{"seconds":1712620140,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54292],"name":"Tanya Janca","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/tanya-janca"}],"pronouns":null,"id":53613,"media":[{"hash_sha256":"ac9033eae00890acc387652d960cdb16ad35ece53a71f04fa8e9b9371b0e5998","filetype":"image/jpeg","hash_md5":"cc8c2f592f089312ac8cc1e58aaa363c","name":"TanyaJanca.jpg","hash_crc32c":"e39eeea5","asset_id":550,"filesize":275264,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FTanyaJanca.jpg?alt=media","person_id":53613}]}],"timeband_id":1161,"links":[],"end":"2024-05-27T19:30:00.000-0000","id":54292,"begin_timestamp":{"seconds":1716835200,"nanoseconds":0},"tag_ids":[46263],"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53613}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1900 (Track 1 - The Microsoft Room)","hotel":"","short_name":"Room 1900 (Track 1 - The Microsoft Room)","id":46204},"begin":"2024-05-27T18:40:00.000-0000","updated":"2024-04-08T23:49:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"The only thing that’s clear about prioritizing vulnerabilities is that we have not figured it out as an industry. We’ve got CVSS, EPSS, CISA KEV, and more scoring systems to work with – these have not solved our challenges. This talk looks at the updates in CVSS4 that offer a new path forward. What has changed, why, and how can we utilize the updated system to work smarter at prioritizing vulnerabilities within our organizations? This new approach provides opportunities to customize the scoring more to the actual environments we work in, influencing the final score for a vulnerability. Supplemental metrics provide further context that does not impact the scoring. We’ll start with an overview of the current systems before diving into the new changes, taking a look at some practical examples of recent vulnerabilities.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#1d1ad9","name":"Talk - Track 4","id":46355},"title":"Zero Trust in a Zero-Office World: Rethinking IAM for the Remote-First Enterprise","android_description":"The only thing that’s clear about prioritizing vulnerabilities is that we have not figured it out as an industry. We’ve got CVSS, EPSS, CISA KEV, and more scoring systems to work with – these have not solved our challenges. This talk looks at the updates in CVSS4 that offer a new path forward. What has changed, why, and how can we utilize the updated system to work smarter at prioritizing vulnerabilities within our organizations? This new approach provides opportunities to customize the scoring more to the actual environments we work in, influencing the final score for a vulnerability. Supplemental metrics provide further context that does not impact the scoring. We’ll start with an overview of the current systems before diving into the new changes, taking a look at some practical examples of recent vulnerabilities.","end_timestamp":{"seconds":1716834600,"nanoseconds":0},"updated_timestamp":{"seconds":1712621880,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54310],"name":"Femi Ogunji","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/femiogunji/"}],"media":[{"hash_sha256":"958c7912ef57f284a3c7cac612cd83f28cf23715c55cea8e76bbfb134446e9bc","filetype":"image/jpeg","hash_md5":"12c7ea9b2ded9355778d59a58e6b6a0a","name":"FemiOgunji.jpg","hash_crc32c":"365af308","filesize":227599,"asset_id":525,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FFemiOgunji.jpg?alt=media","person_id":53593}],"id":53593}],"timeband_id":1161,"links":[],"end":"2024-05-27T18:30:00.000-0000","id":54310,"begin_timestamp":{"seconds":1716833400,"nanoseconds":0},"village_id":null,"tag_ids":[46355],"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53593}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1800 (Track 4)","hotel":"","short_name":"Room 1800 (Track 4)","id":46207},"updated":"2024-04-09T00:18:00.000-0000","begin":"2024-05-27T18:10:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"The only thing that’s clear about prioritizing vulnerabilities is that we have not figured it out as an industry. We’ve got CVSS, EPSS, CISA KEV, and more scoring systems to work with – these have not solved our challenges. This talk looks at the updates in CVSS4 that offer a new path forward. What has changed, why, and how can we utilize the updated system to work smarter at prioritizing vulnerabilities within our organizations? This new approach provides opportunities to customize the scoring more to the actual environments we work in, influencing the final score for a vulnerability. Supplemental metrics provide further context that does not impact the scoring. We’ll start with an overview of the current systems before diving into the new changes, taking a look at some practical examples of recent vulnerabilities.\n\n\n","title":"What’s up with CVSS4?","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#1d1ad9","updated_at":"2024-05-25T16:08+0000","name":"Talk - Track 4","id":46355},"android_description":"The only thing that’s clear about prioritizing vulnerabilities is that we have not figured it out as an industry. We’ve got CVSS, EPSS, CISA KEV, and more scoring systems to work with – these have not solved our challenges. This talk looks at the updates in CVSS4 that offer a new path forward. What has changed, why, and how can we utilize the updated system to work smarter at prioritizing vulnerabilities within our organizations? This new approach provides opportunities to customize the scoring more to the actual environments we work in, influencing the final score for a vulnerability. Supplemental metrics provide further context that does not impact the scoring. We’ll start with an overview of the current systems before diving into the new changes, taking a look at some practical examples of recent vulnerabilities.","end_timestamp":{"seconds":1716832800,"nanoseconds":0},"updated_timestamp":{"seconds":1712621820,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54309],"name":"Zach Wasserman","affiliations":[{"organization":"Fleet","title":"Co-founder and Technology Evangelist"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/zacharywasserman/"}],"media":[{"hash_sha256":"88ed53e6d21931470ee7594404652213c5aba6e0c2eaa8033c77b9c253b13ee2","filetype":"image/jpeg","hash_md5":"ae6d658326a6f62b7c7e99a339536cb7","name":"ZachWasserman.jpg","hash_crc32c":"9466bd3e","filesize":177672,"asset_id":552,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FZachWasserman.jpg?alt=media","person_id":53616}],"id":53616,"title":"Co-founder and Technology Evangelist at Fleet"}],"timeband_id":1161,"links":[],"end":"2024-05-27T18:00:00.000-0000","id":54309,"tag_ids":[46355],"village_id":null,"begin_timestamp":{"seconds":1716831600,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53616}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1800 (Track 4)","hotel":"","short_name":"Room 1800 (Track 4)","id":46207},"spans_timebands":"N","begin":"2024-05-27T17:40:00.000-0000","updated":"2024-04-09T00:17:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"In an era where AI-driven chatbots seamlessly integrate into our daily lives, it’s high time that we understand the risks caused by vulnerabilities associated with it. Join us on an exciting journey as we break down the complexities of AI chatbot hacking and explore the potential threats hidden below the surface. In this tech talk, we will begin with the basics of AI, then shift into the common vulnerabilities of AI chat bots, and finally deep dive into the top two vulnerable categories. Through a live hacking lab and real-world attack scenarios, we will demonstrate how an attacker leverages AI chatbot vulnerabilities to compromise user privacy, spread misinformation, and perpetrate social engineering attacks. Furthermore, we will discuss some security measures aimed at minimizing these risks, thereby fostering a more secure digital environment accessible to everyone. By the end of this talk, participants will have developed a deeper awareness of the challenges in securing AI chatbots and will be empowered with practical strategies to fortify their systems effectively. Whether you're a cybersecurity professional, AI enthusiast, or simply curious about tech and security, this talk will inform, inspire, and spark a passion for keeping AI communication safe.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#21db00","name":"Talk - Track 3","id":46354},"title":"Beyond Interactions: Hacking Chatbots Like a Pro","end_timestamp":{"seconds":1716834600,"nanoseconds":0},"android_description":"In an era where AI-driven chatbots seamlessly integrate into our daily lives, it’s high time that we understand the risks caused by vulnerabilities associated with it. Join us on an exciting journey as we break down the complexities of AI chatbot hacking and explore the potential threats hidden below the surface. In this tech talk, we will begin with the basics of AI, then shift into the common vulnerabilities of AI chat bots, and finally deep dive into the top two vulnerable categories. Through a live hacking lab and real-world attack scenarios, we will demonstrate how an attacker leverages AI chatbot vulnerabilities to compromise user privacy, spread misinformation, and perpetrate social engineering attacks. Furthermore, we will discuss some security measures aimed at minimizing these risks, thereby fostering a more secure digital environment accessible to everyone. By the end of this talk, participants will have developed a deeper awareness of the challenges in securing AI chatbots and will be empowered with practical strategies to fortify their systems effectively. Whether you're a cybersecurity professional, AI enthusiast, or simply curious about tech and security, this talk will inform, inspire, and spark a passion for keeping AI communication safe.","updated_timestamp":{"seconds":1712621460,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54303],"name":"Mohankumar Vengatachalam","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/vimokumar/"}],"pronouns":null,"id":53604,"media":[{"hash_sha256":"37032918bd858310aa55210f0ba23a132f41d97ad0f1696a5999504d4aa68127","filetype":"image/jpeg","hash_md5":"76a15a8698fb5e987be464ee257d6b30","name":"MohankumarVengatachalam.jpg","hash_crc32c":"99f8a8bc","filesize":468011,"asset_id":541,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FMohankumarVengatachalam.jpg?alt=media","person_id":53604}]},{"conference_id":139,"event_ids":[54303],"name":"Naveen Konrajankuppam Mahavishnu","affiliations":[{"organization":"","title":"Security Researcher"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/naveenkm94/"}],"id":53605,"media":[{"hash_sha256":"85ccd73f8016f7cc54caf21b314cf66fd552e5e5423cf1b13ce26ff4a4881846","filetype":"image/jpeg","hash_md5":"73a63ab5055ee0d6dadd2999acd394a3","name":"NaveenKonrajankuppamMahavishnu.jpg","hash_crc32c":"98550c4b","filesize":33918,"asset_id":542,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FNaveenKonrajankuppamMahavishnu.jpg?alt=media","person_id":53605}],"title":"Security Researcher"}],"timeband_id":1161,"links":[],"end":"2024-05-27T18:30:00.000-0000","id":54303,"tag_ids":[46354],"begin_timestamp":{"seconds":1716831600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53604},{"tag_id":46264,"sort_order":1,"person_id":53605}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1700 (Track 3)","hotel":"","short_name":"Room 1700 (Track 3)","id":46206},"spans_timebands":"N","updated":"2024-04-09T00:11:00.000-0000","begin":"2024-05-27T17:40:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Join Lia Sana, Senior Information Security Architect and Mahtab Rae, Information Security Architect, Fraser Health Authority, as they delve into the application of Artificial Intelligence (AI) in healthcare settings, with a particular emphasis on its governance and control. They will discuss the transformative potential of AI in revolutionizing healthcare delivery, diagnosis, and patient care, as well as, explore the critical aspect of governance and control mechanisms necessary to ensure the ethical and responsible use of AI in this sensitive sector.\r\n\r\nThis presentation will illustrate the Healthcare AI applications with real-world use cases, demonstrating how AI can be leveraged to improve patient outcomes, streamline operations, and enhance decision-making processes in healthcare. These examples will provide a practical perspective on the integration of AI in healthcare, making the discussion more relatable and comprehensible. In addition, the presentation will address the associated risks of AI application in healthcare, such as data privacy concerns, potential bias in AI algorithms, and the need for human oversight. It will underscore the importance of robust internal control systems to mitigate these risks and ensure the safe and effective use of AI.\r\n\r\nDrawing from industry standards and generally accepted responsible AI practices, the presentation will provide a comprehensive overview of the current best practices in AI governance. It will offer insights into how these practices can be adopted and adapted in a healthcare setting to ensure that AI is used responsibly and ethically.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#f300f7","updated_at":"2024-05-25T16:08+0000","name":"Talk - Track 2","id":46353},"title":"AI in a Healthcare Setting: Opportunities and Risks","android_description":"Join Lia Sana, Senior Information Security Architect and Mahtab Rae, Information Security Architect, Fraser Health Authority, as they delve into the application of Artificial Intelligence (AI) in healthcare settings, with a particular emphasis on its governance and control. They will discuss the transformative potential of AI in revolutionizing healthcare delivery, diagnosis, and patient care, as well as, explore the critical aspect of governance and control mechanisms necessary to ensure the ethical and responsible use of AI in this sensitive sector.\r\n\r\nThis presentation will illustrate the Healthcare AI applications with real-world use cases, demonstrating how AI can be leveraged to improve patient outcomes, streamline operations, and enhance decision-making processes in healthcare. These examples will provide a practical perspective on the integration of AI in healthcare, making the discussion more relatable and comprehensible. In addition, the presentation will address the associated risks of AI application in healthcare, such as data privacy concerns, potential bias in AI algorithms, and the need for human oversight. It will underscore the importance of robust internal control systems to mitigate these risks and ensure the safe and effective use of AI.\r\n\r\nDrawing from industry standards and generally accepted responsible AI practices, the presentation will provide a comprehensive overview of the current best practices in AI governance. It will offer insights into how these practices can be adopted and adapted in a healthcare setting to ensure that AI is used responsibly and ethically.","end_timestamp":{"seconds":1716834600,"nanoseconds":0},"updated_timestamp":{"seconds":1712620740,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54297],"name":"Lia Sana","affiliations":[{"organization":"Fraser Health Authority","title":"Senior Information Security Architect"}],"links":[],"pronouns":null,"media":[{"hash_sha256":"2924d54b287a167d89896305b40c951685a1dcae187a731ff7c26b83d5a469dd","filetype":"image/jpeg","hash_md5":"ee3f780e2334278b881919d1420826e3","name":"LiaSana.jpg","hash_crc32c":"eb93179b","asset_id":538,"filesize":164546,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FLiaSana.jpg?alt=media","person_id":53601}],"id":53601,"title":"Senior Information Security Architect at Fraser Health Authority"},{"conference_id":139,"event_ids":[54297],"name":"Mahtab Rae","affiliations":[{"organization":"Fraser Health Authority","title":"Information Security Architect"}],"links":[],"pronouns":null,"id":53602,"media":[{"hash_sha256":"f9936e5cbb46a78c60e65d5e2b6abc06c36633a097ea58584f7846f2db924ecd","filetype":"image/jpeg","hash_md5":"8eb5601f9a49d3637e1bb30737193294","name":"MahtabRae.jpg","hash_crc32c":"c03b4449","filesize":28161,"asset_id":539,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FMahtabRae.jpg?alt=media","person_id":53602}],"title":"Information Security Architect at Fraser Health Authority"}],"timeband_id":1161,"links":[],"end":"2024-05-27T18:30:00.000-0000","id":54297,"tag_ids":[46353],"village_id":null,"begin_timestamp":{"seconds":1716831600,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53601},{"tag_id":46264,"sort_order":1,"person_id":53602}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1400-1410 (Track 2)","hotel":"","short_name":"Room 1400-1410 (Track 2)","id":46205},"spans_timebands":"N","begin":"2024-05-27T17:40:00.000-0000","updated":"2024-04-08T23:59:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"We prefer to avoid ISO 27001 accredited corporations” said no current or future customer ever. ISO compliance can be a catalyst for new sales, improved customer relationships and increased platform confidentiality, integrity and availability. This talk by two seasoned security professionals will demonstrate how to use open source tools and techniques to build existing business practices into the ISO 27001 framework.\n\n\n","title":"From Zero to ISO27k","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#f77a00","updated_at":"2024-05-25T16:08+0000","name":"Talk - Track 1","id":46263},"android_description":"We prefer to avoid ISO 27001 accredited corporations” said no current or future customer ever. ISO compliance can be a catalyst for new sales, improved customer relationships and increased platform confidentiality, integrity and availability. This talk by two seasoned security professionals will demonstrate how to use open source tools and techniques to build existing business practices into the ISO 27001 framework.","end_timestamp":{"seconds":1716834600,"nanoseconds":0},"updated_timestamp":{"seconds":1712620140,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54291],"name":"Josh Sokol","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/joshsokol"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/joshsokol"}],"id":53597,"media":[{"hash_sha256":"9209bd3986ed99a2144cc86b3c1f6fbc41b7376993b2ae51663caa383df2a89e","filetype":"image/jpeg","hash_md5":"df03445797d1ceb2813a2d734a28a3dd","name":"JoshSokol.jpg","hash_crc32c":"2fc6af5f","filesize":324591,"asset_id":532,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FJoshSokol.jpg?alt=media","person_id":53597}]}],"timeband_id":1161,"links":[],"end":"2024-05-27T18:30:00.000-0000","id":54291,"tag_ids":[46263],"begin_timestamp":{"seconds":1716831600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53597}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1900 (Track 1 - The Microsoft Room)","hotel":"","short_name":"Room 1900 (Track 1 - The Microsoft Room)","id":46204},"spans_timebands":"N","begin":"2024-05-27T17:40:00.000-0000","updated":"2024-04-08T23:49:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Mix & Mingle\r\n\r\nAlso, a book signing with Micah Lee\n\n\n","title":"Mix and Mingle and Book Signing","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#420d40","name":"Misc","id":46275},"android_description":"Mix & Mingle\r\n\r\nAlso, a book signing with Micah Lee","end_timestamp":{"seconds":1716831000,"nanoseconds":0},"updated_timestamp":{"seconds":1716647700,"nanoseconds":0},"speakers":[],"timeband_id":1161,"links":[],"end":"2024-05-27T17:30:00.000-0000","id":54287,"village_id":null,"begin_timestamp":{"seconds":1716829200,"nanoseconds":0},"tag_ids":[46275],"includes":"","people":[],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Sponsor Hall","hotel":"","short_name":"Sponsor Hall","id":46249},"spans_timebands":"N","begin":"2024-05-27T17:00:00.000-0000","updated":"2024-05-25T14:35:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"","title":"Keynote (Simulcast)","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#1d1ad9","name":"Talk - Track 4","id":46355},"end_timestamp":{"seconds":1716829200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1716652020,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54286,54474,54475,54476],"name":"Micah Lee","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53617}],"timeband_id":1161,"links":[],"end":"2024-05-27T17:00:00.000-0000","id":54476,"village_id":null,"begin_timestamp":{"seconds":1716826200,"nanoseconds":0},"tag_ids":[46355],"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53617}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1800 (Track 4)","hotel":"","short_name":"Room 1800 (Track 4)","id":46207},"begin":"2024-05-27T16:10:00.000-0000","updated":"2024-05-25T15:47:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#21db00","updated_at":"2024-05-25T16:08+0000","name":"Talk - Track 3","id":46354},"title":"Keynote (Simulcast)","end_timestamp":{"seconds":1716829200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1716652020,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54286,54474,54475,54476],"name":"Micah Lee","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53617}],"timeband_id":1161,"links":[],"end":"2024-05-27T17:00:00.000-0000","id":54475,"village_id":null,"tag_ids":[46354],"begin_timestamp":{"seconds":1716826200,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53617}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1700 (Track 3)","hotel":"","short_name":"Room 1700 (Track 3)","id":46206},"spans_timebands":"N","updated":"2024-05-25T15:47:00.000-0000","begin":"2024-05-27T16:10:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#f300f7","name":"Talk - Track 2","id":46353},"title":"Keynote (Simulcast)","end_timestamp":{"seconds":1716829200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1716652020,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54286,54474,54475,54476],"name":"Micah Lee","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53617}],"timeband_id":1161,"links":[],"end":"2024-05-27T17:00:00.000-0000","id":54474,"village_id":null,"begin_timestamp":{"seconds":1716826200,"nanoseconds":0},"tag_ids":[46353],"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53617}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 1400-1410 (Track 2)","hotel":"","short_name":"Room 1400-1410 (Track 2)","id":46205},"updated":"2024-05-25T15:47:00.000-0000","begin":"2024-05-27T16:10:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"","title":"Opening Keynote","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#f77a00","name":"Talk - Track 1","id":46263},"android_description":"","end_timestamp":{"seconds":1716829200,"nanoseconds":0},"updated_timestamp":{"seconds":1712618400,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54286,54474,54475,54476],"name":"Micah Lee","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53617}],"timeband_id":1161,"links":[],"end":"2024-05-27T17:00:00.000-0000","id":54286,"village_id":null,"tag_ids":[46263],"begin_timestamp":{"seconds":1716826200,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53617}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Tracks 1-4","hotel":"","short_name":"Tracks 1-4","id":46208},"spans_timebands":"N","begin":"2024-05-27T16:10:00.000-0000","updated":"2024-04-08T23:20:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"","title":"Intro","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#f77a00","updated_at":"2024-05-25T16:08+0000","name":"Talk - Track 1","id":46263},"android_description":"","end_timestamp":{"seconds":1716826200,"nanoseconds":0},"updated_timestamp":{"seconds":1712618340,"nanoseconds":0},"speakers":[],"timeband_id":1161,"links":[],"end":"2024-05-27T16:10:00.000-0000","id":54285,"village_id":null,"begin_timestamp":{"seconds":1716825600,"nanoseconds":0},"tag_ids":[46263],"includes":"","people":[],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Tracks 1-4","hotel":"","short_name":"Tracks 1-4","id":46208},"updated":"2024-04-08T23:19:00.000-0000","begin":"2024-05-27T16:00:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"","title":"Registration","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#420d40","updated_at":"2024-05-25T16:08+0000","name":"Misc","id":46275},"end_timestamp":{"seconds":1716825600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1712618280,"nanoseconds":0},"speakers":[],"timeband_id":1161,"links":[],"end":"2024-05-27T16:00:00.000-0000","id":54284,"begin_timestamp":{"seconds":1716822000,"nanoseconds":0},"tag_ids":[46275],"village_id":null,"includes":"","people":[],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46209},"begin":"2024-05-27T15:00:00.000-0000","updated":"2024-04-08T23:18:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"This workshop is designed to teach participants techniques and methodologies for discovering and analyzing digital infrastructure utilized by cyber adversaries. It will focus on leveraging publicly available, open-source intelligence (OSINT) tools and resources to systematically uncover and map the network assets of potential cyber threats.\r\n\r\nWe will start with a brief discussion of the types of digital assets (such as servers, domains and IP addresses) commonly used by adversaries and their purposes in cyber operations. We will then introduce some of the free and open source tools that are readily available to conduct tactical threat hunting. We’ll conclude with several exercises using multiple tools for participants to gain proficiency discovering active adversary infrastructure and turning it into actionable intelligence.\r\n\r\nThe workshop will include hands-on exercises using free and open source tools such as Shodan, Censys, and urlscan.io to identify and analyze malicious infrastructure linked to a range of malware (stealer, botnet, RAT, etc.) families and command-and-control (C2) frameworks such as Cobalt Strike.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#ea1b1b","name":"Training","id":46276},"title":"Precision Threat Hunting: Unveiling Adversary Infrastructure using Free and Open Source Tools with Greg","end_timestamp":{"seconds":1716766200,"nanoseconds":0},"android_description":"This workshop is designed to teach participants techniques and methodologies for discovering and analyzing digital infrastructure utilized by cyber adversaries. It will focus on leveraging publicly available, open-source intelligence (OSINT) tools and resources to systematically uncover and map the network assets of potential cyber threats.\r\n\r\nWe will start with a brief discussion of the types of digital assets (such as servers, domains and IP addresses) commonly used by adversaries and their purposes in cyber operations. We will then introduce some of the free and open source tools that are readily available to conduct tactical threat hunting. We’ll conclude with several exercises using multiple tools for participants to gain proficiency discovering active adversary infrastructure and turning it into actionable intelligence.\r\n\r\nThe workshop will include hands-on exercises using free and open source tools such as Shodan, Censys, and urlscan.io to identify and analyze malicious infrastructure linked to a range of malware (stealer, botnet, RAT, etc.) families and command-and-control (C2) frameworks such as Cobalt Strike.","updated_timestamp":{"seconds":1712636520,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54330],"name":"Greg Leah","affiliations":[{"organization":"PrecisionSec","title":"Founder"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/greg-leah/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/powershellcode"}],"media":[{"hash_sha256":"42f3aeb9bc028fcb89f5341d6cdd22f072106a6996553db89673a4fa4bb42e32","filetype":"image/jpeg","hash_md5":"6a5b42f87a5ade2e2b77ccc15a202bc0","name":"GregLeah.jpg","hash_crc32c":"66a974ed","filesize":30905,"asset_id":526,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FGregLeah.jpg?alt=media","person_id":53632}],"id":53632,"title":"Founder at PrecisionSec"}],"timeband_id":1160,"links":[],"end":"2024-05-26T23:30:00.000-0000","id":54330,"tag_ids":[46276],"begin_timestamp":{"seconds":1716759000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53632}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 2270","hotel":"","short_name":"Room 2270","id":46210},"begin":"2024-05-26T21:30:00.000-0000","updated":"2024-04-09T04:22:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"* Introduction to OSINT: Understand its importance and considerations.\r\n\r\n* Search Techniques: Learn methods for gathering data efficiently.\r\n\r\n* Geolocation and Image Analysis: Explore extracting intelligence from images and geolocation data.\r\n\r\n* Saving Online Content: Discover tools and techniques for archiving and organizing online information.\r\n\r\n* OSINT Resources: Explore valuable online tools for OSINT.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#ea1b1b","name":"Training","id":46276},"title":"The Art of OSINT: Techniques and Tools Revealed with Ritu","end_timestamp":{"seconds":1716764400,"nanoseconds":0},"android_description":"* Introduction to OSINT: Understand its importance and considerations.\r\n\r\n* Search Techniques: Learn methods for gathering data efficiently.\r\n\r\n* Geolocation and Image Analysis: Explore extracting intelligence from images and geolocation data.\r\n\r\n* Saving Online Content: Discover tools and techniques for archiving and organizing online information.\r\n\r\n* OSINT Resources: Explore valuable online tools for OSINT.","updated_timestamp":{"seconds":1712636460,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54316,54329],"name":"Ritu Gill","affiliations":[{"organization":"","title":"Intelligence Analyst"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/ritugill-osinttechniques/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/OSINTtechniques"},{"description":"","title":"Website","sort_order":0,"url":"https://www.osinttechniques.com/"},{"description":"","title":"Website (2)","sort_order":0,"url":"https://www.forensicosint.com/"}],"id":53608,"media":[{"hash_sha256":"e79fdeed84a6a69df3a01b1fb3ccd5824491c23cd530e0ffcb9574897c073cb2","filetype":"image/jpeg","hash_md5":"7cecce00d074bc221de8c4e5ad4a94f8","name":"RituGill.jpg","hash_crc32c":"827ef50a","filesize":36727,"asset_id":545,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FRituGill.jpg?alt=media","person_id":53608}],"title":"Intelligence Analyst"}],"timeband_id":1160,"links":[],"end":"2024-05-26T23:00:00.000-0000","id":54329,"begin_timestamp":{"seconds":1716757200,"nanoseconds":0},"tag_ids":[46276],"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53608}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 2200","hotel":"","short_name":"Room 2200","id":46213},"updated":"2024-04-09T04:21:00.000-0000","begin":"2024-05-26T21:00:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"The course \"Unveiling cyber-criminal actions: The Art of Battlefield Forensics and Incident Response\" covers essential topics in digital forensics, emphasizing the importance of understanding intake/collection processes and their impact on case outcomes. It highlights the significance of acquiring memory and detecting encryption. Specialization options and methods for diving deeper into the field are discussed.\r\n\r\nStudents learn about file systems, metadata, evidence formats, and scene management for effective evidence acquisition. Acquisition hardware and software, including live response and dead box methods, are explored. Various acquisition methodologies, such as accessing devices and interacting with data, are covered. Hands-on labs demonstrate live response, dead box acquisition, and triage collection.\r\n\r\nFurther topics include memory acquisition, encryption checking, host-based live acquisition, dead box acquisition, rapid triage with tools like KAPE, file and stream recovery, advanced data carving, and OSINT for threat intelligence gathering. Throughout the course, students gain practical skills in evidence acquisition and analysis critical for digital forensic investigations.\n\n\n","title":"Unveiling Cyber-Criminal Actions: The Art of Battlefield Forensics and Incident Response with Anna and Neumann","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#ea1b1b","updated_at":"2024-05-25T16:08+0000","name":"Training","id":46276},"android_description":"The course \"Unveiling cyber-criminal actions: The Art of Battlefield Forensics and Incident Response\" covers essential topics in digital forensics, emphasizing the importance of understanding intake/collection processes and their impact on case outcomes. It highlights the significance of acquiring memory and detecting encryption. Specialization options and methods for diving deeper into the field are discussed.\r\n\r\nStudents learn about file systems, metadata, evidence formats, and scene management for effective evidence acquisition. Acquisition hardware and software, including live response and dead box methods, are explored. Various acquisition methodologies, such as accessing devices and interacting with data, are covered. Hands-on labs demonstrate live response, dead box acquisition, and triage collection.\r\n\r\nFurther topics include memory acquisition, encryption checking, host-based live acquisition, dead box acquisition, rapid triage with tools like KAPE, file and stream recovery, advanced data carving, and OSINT for threat intelligence gathering. Throughout the course, students gain practical skills in evidence acquisition and analysis critical for digital forensic investigations.","end_timestamp":{"seconds":1716768000,"nanoseconds":0},"updated_timestamp":{"seconds":1712636280,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54328],"name":"Anna Truss","affiliations":[{"organization":"DefSec LLC","title":"Founder and CEO"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/annatruss"}],"media":[{"hash_sha256":"15507eef9228427e2f7c04f74fd397f70360d5fc83a8fa204298b22c8215a9e3","filetype":"image/jpeg","hash_md5":"24245d9c92c6e167148fccd4fd2ddc54","name":"AnnaTruss.jpg","hash_crc32c":"79658b62","filesize":114806,"asset_id":515,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FAnnaTruss.jpg?alt=media","person_id":53629}],"id":53629,"title":"Founder and CEO at DefSec LLC"},{"conference_id":139,"event_ids":[54328],"name":"Neumann Lim","affiliations":[{"organization":"Odlum Brown","title":"Manager"}],"links":[{"description":"","title":"","sort_order":0,"url":"https://ca.linkedin.com/in/neumannlim"}],"pronouns":null,"media":[{"hash_sha256":"e5a703171a3a78b97c92e39749a39834a6d3b23e9726db9334861c23dca84463","filetype":"image/jpeg","hash_md5":"db7bd61915e4237471bac28877eb2e32","name":"NeumannLim.jpg","hash_crc32c":"37350941","asset_id":543,"filesize":18311,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FNeumannLim.jpg?alt=media","person_id":53630}],"id":53630,"title":"Manager at Odlum Brown"}],"timeband_id":1160,"links":[],"end":"2024-05-27T00:00:00.000-0000","id":54328,"village_id":null,"tag_ids":[46276],"begin_timestamp":{"seconds":1716752700,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53629},{"tag_id":46264,"sort_order":1,"person_id":53630}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 2945","hotel":"","short_name":"Room 2945","id":46211},"spans_timebands":"N","begin":"2024-05-26T19:45:00.000-0000","updated":"2024-04-09T04:18:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Docker has gained immense popularity among development and SRE teams for allowing consistency across development/test/prod environments, and enabling immutable infrastructure and higher compute density. As security professionals, it helps to understand how Docker works to be able to secure our workloads. At the same time, there are a number of use cases where Docker makes our lives easier as well.\r\n\r\nIn this workshop we'll get our feet wet with Docker:\r\n\r\n- Explore the basics of Docker and how it works\r\n\r\n- Work through a number of security-relevant use cases: exploring different OS distros, running containerized security tools, building custom images, scanning Docker images for CVEs and secrets, image structure and manual introspection.\r\n\r\nPre-requisites:\r\n\r\n- Laptop with Docker installed. Docker Desktop recommended, but Docker Engine should work too.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#ea1b1b","updated_at":"2024-05-25T16:08+0000","name":"Training","id":46276},"title":"Docker for Security Use Cases Workshop with Amiran","end_timestamp":{"seconds":1716768000,"nanoseconds":0},"android_description":"Docker has gained immense popularity among development and SRE teams for allowing consistency across development/test/prod environments, and enabling immutable infrastructure and higher compute density. As security professionals, it helps to understand how Docker works to be able to secure our workloads. At the same time, there are a number of use cases where Docker makes our lives easier as well.\r\n\r\nIn this workshop we'll get our feet wet with Docker:\r\n\r\n- Explore the basics of Docker and how it works\r\n\r\n- Work through a number of security-relevant use cases: exploring different OS distros, running containerized security tools, building custom images, scanning Docker images for CVEs and secrets, image structure and manual introspection.\r\n\r\nPre-requisites:\r\n\r\n- Laptop with Docker installed. Docker Desktop recommended, but Docker Engine should work too.","updated_timestamp":{"seconds":1712635560,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54323,54322],"name":"Amiran Alavidze","affiliations":[],"links":[],"pronouns":null,"id":53622,"media":[{"hash_sha256":"04a679a2715c7dc96e870f4a7700a77cb2f1dc3dd7a29e1ee2c55e94539e8294","filetype":"image/png","hash_md5":"262115617a7cb515893e29e1e01844a6","name":"AmiranAlavidze.png","hash_crc32c":"84a6a6b1","filesize":98259,"asset_id":514,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FAmiranAlavidze.png?alt=media","person_id":53622}]}],"timeband_id":1160,"links":[],"end":"2024-05-27T00:00:00.000-0000","id":54323,"tag_ids":[46276],"begin_timestamp":{"seconds":1716752700,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53622}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 2250","hotel":"","short_name":"Room 2250","id":46214},"spans_timebands":"N","updated":"2024-04-09T04:06:00.000-0000","begin":"2024-05-26T19:45:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"CodeQL is an open-source static analysis tool that can be used to find vulnerabilities, anti-patterns, code smells, and other interesting patterns in your codebases. Code patterns are abstracted into language specific queries that can be used to scan across many repositories for QA, research, and variant hunt purposes with the option to integrate as part of your CI/CD pipeline. CodeQL is powerful and extensible, with many included queries as well as a query language that allows a query author to write their own. In this workshop we’ll write queries for three C# vulnerabilities: BinaryFormatter deserialization of untrusted data, use of the weak hash SHA1, and creation of a Weak RSA Key. This workshop focuses on C# but the concepts are applicable to any other language that CodeQL supports. \r\n\r\nBy the end of this presentation, participants will be able to author their own queries, become familiar with the features of the CodeQL VSCode extension, and understand how to model dataflow in CodeQL.\n\n\n","title":"CodeQL with Chanel","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#ea1b1b","updated_at":"2024-05-25T16:08+0000","name":"Training","id":46276},"android_description":"CodeQL is an open-source static analysis tool that can be used to find vulnerabilities, anti-patterns, code smells, and other interesting patterns in your codebases. Code patterns are abstracted into language specific queries that can be used to scan across many repositories for QA, research, and variant hunt purposes with the option to integrate as part of your CI/CD pipeline. CodeQL is powerful and extensible, with many included queries as well as a query language that allows a query author to write their own. In this workshop we’ll write queries for three C# vulnerabilities: BinaryFormatter deserialization of untrusted data, use of the weak hash SHA1, and creation of a Weak RSA Key. This workshop focuses on C# but the concepts are applicable to any other language that CodeQL supports. \r\n\r\nBy the end of this presentation, participants will be able to author their own queries, become familiar with the features of the CodeQL VSCode extension, and understand how to model dataflow in CodeQL.","end_timestamp":{"seconds":1716753600,"nanoseconds":0},"updated_timestamp":{"seconds":1712636160,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54327],"name":"Chanel Young","affiliations":[{"organization":"Microsoft Security","title":"Software Engineer"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/chanelyoung99/"}],"pronouns":null,"media":[{"hash_sha256":"fb07eff0225073926092da7783d4d2793a19473e6e454645c364c94d25e22c20","filetype":"image/png","hash_md5":"509ca90ae1455cccfece2d5a6745b9ae","name":"ChanelYoung.png","hash_crc32c":"50efae90","filesize":1038243,"asset_id":521,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FChanelYoung.png?alt=media","person_id":53628}],"id":53628,"title":"Software Engineer at Microsoft Security"}],"timeband_id":1160,"links":[],"end":"2024-05-26T20:00:00.000-0000","id":54327,"tag_ids":[46276],"begin_timestamp":{"seconds":1716746400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53628}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 2200","hotel":"","short_name":"Room 2200","id":46213},"updated":"2024-04-09T04:16:00.000-0000","begin":"2024-05-26T18:00:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"This workshop provides an in-depth exploration of Digital Forensics and Incident Response (DFIR) through interactive, cloud-based labs. Participants will have access to a wide array of logs, including system, network, and memory data, to explore and investigate. The session emphasizes practical skills in analyzing and responding to cybersecurity threats using tools like Elasticsearch and Kibana. Attendees will experience the power of interactive dashboards and visualizations, along with the ability to search through raw data in Elasticsearch. This hands-on approach ensures a comprehensive understanding of digital forensics, equipping participants to tackle real-world security challenges effectively.\r\n\r\nWorkshop participants will require a laptop that can support a modern web browser. Tools utilized as part of the workshop will be cloud-based and accessed through the browser.\n\n\n","title":"Practical Intrusion Analysis: Investigating Real-World Intrusions with Kostas","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#ea1b1b","updated_at":"2024-05-25T16:08+0000","name":"Training","id":46276},"end_timestamp":{"seconds":1716768000,"nanoseconds":0},"android_description":"This workshop provides an in-depth exploration of Digital Forensics and Incident Response (DFIR) through interactive, cloud-based labs. Participants will have access to a wide array of logs, including system, network, and memory data, to explore and investigate. The session emphasizes practical skills in analyzing and responding to cybersecurity threats using tools like Elasticsearch and Kibana. Attendees will experience the power of interactive dashboards and visualizations, along with the ability to search through raw data in Elasticsearch. This hands-on approach ensures a comprehensive understanding of digital forensics, equipping participants to tackle real-world security challenges effectively.\r\n\r\nWorkshop participants will require a laptop that can support a modern web browser. Tools utilized as part of the workshop will be cloud-based and accessed through the browser.","updated_timestamp":{"seconds":1712635980,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54326],"name":"Kostas","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/kostastsale/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/kostastsale"}],"media":[{"hash_sha256":"8f30a8e2b6250a91e8985673dc1b47c19082b9f884e823efa78cf09f9ae980f9","filetype":"image/jpeg","hash_md5":"b73093fdb733a6f473d14c543141e446","name":"Kostas.jpg","hash_crc32c":"fbd56f35","filesize":34976,"asset_id":536,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FKostas.jpg?alt=media","person_id":53627}],"id":53627}],"timeband_id":1160,"links":[],"end":"2024-05-27T00:00:00.000-0000","id":54326,"tag_ids":[46276],"village_id":null,"begin_timestamp":{"seconds":1716744600,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53627}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 2245","hotel":"","short_name":"Room 2245","id":46212},"spans_timebands":"N","updated":"2024-04-09T04:13:00.000-0000","begin":"2024-05-26T17:30:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"If your workload already lives on AWS, then there is a high chance that some temporary AWS credentials have been securely distributed to perform needed tasks. But what happens when your workload is on premises? In this workshop, learn how to use AWS Identity and Access Management (IAM) Roles Anywhere. Start from the basics and create the necessary steps to learn how to use your applications outside of AWS in a safe way using IAM Roles Anywhere in practice.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#ea1b1b","name":"Training","id":46276},"title":"Cloud Access Control with Colin and Brad","end_timestamp":{"seconds":1716750000,"nanoseconds":0},"android_description":"If your workload already lives on AWS, then there is a high chance that some temporary AWS credentials have been securely distributed to perform needed tasks. But what happens when your workload is on premises? In this workshop, learn how to use AWS Identity and Access Management (IAM) Roles Anywhere. Start from the basics and create the necessary steps to learn how to use your applications outside of AWS in a safe way using IAM Roles Anywhere in practice.","updated_timestamp":{"seconds":1712635860,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54325],"name":"Colin Igbokwe","affiliations":[{"organization":"","title":"Sr. Security Solution Architect"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/cigbokwe/"}],"id":53625,"media":[{"hash_sha256":"e1206d4c29b40addbdaeb9b0a72f33ed27afde37a63ab80e9f90c753717df5f4","filetype":"image/png","hash_md5":"0b6a0055bac3351fadd6a4e2f8a1a544","name":"ColinIgbokwe.png","hash_crc32c":"275d5419","filesize":152754,"asset_id":523,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FColinIgbokwe.png?alt=media","person_id":53625}],"title":"Sr. Security Solution Architect"},{"conference_id":139,"event_ids":[54325],"name":"Brad Burnett","affiliations":[{"organization":"","title":"Security Specialist Solutions Architect"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/brad-burnett/"}],"pronouns":null,"media":[{"hash_sha256":"c959900e70e50c861711026b13845c1a93b3c63ff589b842d626168b582a64f1","filetype":"image/png","hash_md5":"f55e36f450e3afecea23e9588c60f149","name":"BradBurnett.png","hash_crc32c":"d269e001","filesize":87965,"asset_id":520,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FBradBurnett.png?alt=media","person_id":53626}],"id":53626,"title":"Security Specialist Solutions Architect"}],"timeband_id":1160,"links":[],"end":"2024-05-26T19:00:00.000-0000","id":54325,"begin_timestamp":{"seconds":1716742800,"nanoseconds":0},"village_id":null,"tag_ids":[46276],"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53626},{"tag_id":46264,"sort_order":1,"person_id":53625}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 2945","hotel":"","short_name":"Room 2945","id":46211},"spans_timebands":"N","begin":"2024-05-26T17:00:00.000-0000","updated":"2024-04-09T04:11:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Threat Modeling is the best way to discover and remediate threats in your system before they are even created. If done correctly, it is one of the most impactful security programs that you can run within your organization.\r\n\r\nIn the Security Industry, threat modeling has been misunderstood and many security folks are afraid to carry out a threat model. While it is commonly performed by Application Security or Cloud Security professionals, threat modeling can be done by anyone.\r\n\r\nThis hands-on workshop will cover the threat modeling workflow and common classes of vulnerabilities in a way that is easy to understand. You will also walk through many hands-on threat modeling examples to ensure that you will be empowered to discover threats in your systems.\n\n\n","title":"Threat Modeling 101 - Burn Risks, Not Hope with Jeevan and Bhawandeep","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#ea1b1b","name":"Training","id":46276},"android_description":"Threat Modeling is the best way to discover and remediate threats in your system before they are even created. If done correctly, it is one of the most impactful security programs that you can run within your organization.\r\n\r\nIn the Security Industry, threat modeling has been misunderstood and many security folks are afraid to carry out a threat model. While it is commonly performed by Application Security or Cloud Security professionals, threat modeling can be done by anyone.\r\n\r\nThis hands-on workshop will cover the threat modeling workflow and common classes of vulnerabilities in a way that is easy to understand. You will also walk through many hands-on threat modeling examples to ensure that you will be empowered to discover threats in your systems.","end_timestamp":{"seconds":1716758100,"nanoseconds":0},"updated_timestamp":{"seconds":1712635680,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54324],"name":"Jeevan Singh","affiliations":[{"organization":"Rippling","title":"Director of Security Engineering"}],"links":[],"pronouns":null,"id":53623,"media":[{"hash_sha256":"436c8baaf54e77f6773cc8cbebe1327953b2a367c596a56ba8d55ad7e02c8ad4","filetype":"image/jpeg","hash_md5":"343f00456bd6e55a3a610eb0755011fc","name":"JeevanSingh.jpg","hash_crc32c":"5c9a8d00","asset_id":530,"filesize":190322,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FJeevanSingh.jpg?alt=media","person_id":53623}],"title":"Director of Security Engineering at Rippling"},{"conference_id":139,"event_ids":[54324],"name":"Bhawandeep Kambo","affiliations":[{"organization":"Twilio","title":"Product Security Engineer"}],"links":[],"pronouns":null,"media":[{"hash_sha256":"a1d3cf34296af21bc6951f9af0862a71767da0dd4d9f9ad16f3b6a052f415069","filetype":"image/jpeg","hash_md5":"6873ad540eb501dff89c594f02b04b2a","name":"BhawandeepKambo.jpg","hash_crc32c":"bd503a16","filesize":159057,"asset_id":518,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FBhawandeepKambo.jpg?alt=media","person_id":53624}],"id":53624,"title":"Product Security Engineer at Twilio"}],"timeband_id":1160,"links":[],"end":"2024-05-26T21:15:00.000-0000","id":54324,"village_id":null,"tag_ids":[46276],"begin_timestamp":{"seconds":1716742800,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53624},{"tag_id":46264,"sort_order":1,"person_id":53623}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 2270","hotel":"","short_name":"Room 2270","id":46210},"begin":"2024-05-26T17:00:00.000-0000","updated":"2024-04-09T04:08:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Threat modelling is considered to be a critical component of Secure Software Development Lifecycle (S-SDLC) as evidenced by the fact that it’s included in most S-SDLC methodologies (see Microsoft SDL or OWASP Secure Software Development Lifecycle Project, for example). There’s a ton of information available on threat modelling, though most of it seems to be focused on explaining the importance of it, or where it should fit within S-SDLC, not so much on practical aspects of how it can be done. This workshop presents a practical collaborative approach to threat modelling with focus on applicability to Agile teams of various scales. We’ll spend a bit of time on threat modelling overview, but the majority of the workshop will be dedicated to going through an example threat modelling session and creating a sample threat model. You might be interested in this workshop if you are a security engineer, software engineer, engineering manager, or product manager. There are no prerequisites, but you are expected to actively participate.\n\n\n","title":"Practical Threat Modelling with Amiran","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#ea1b1b","name":"Training","id":46276},"end_timestamp":{"seconds":1716750000,"nanoseconds":0},"android_description":"Threat modelling is considered to be a critical component of Secure Software Development Lifecycle (S-SDLC) as evidenced by the fact that it’s included in most S-SDLC methodologies (see Microsoft SDL or OWASP Secure Software Development Lifecycle Project, for example). There’s a ton of information available on threat modelling, though most of it seems to be focused on explaining the importance of it, or where it should fit within S-SDLC, not so much on practical aspects of how it can be done. This workshop presents a practical collaborative approach to threat modelling with focus on applicability to Agile teams of various scales. We’ll spend a bit of time on threat modelling overview, but the majority of the workshop will be dedicated to going through an example threat modelling session and creating a sample threat model. You might be interested in this workshop if you are a security engineer, software engineer, engineering manager, or product manager. There are no prerequisites, but you are expected to actively participate.","updated_timestamp":{"seconds":1712635500,"nanoseconds":0},"speakers":[{"conference_id":139,"event_ids":[54323,54322],"name":"Amiran Alavidze","affiliations":[],"links":[],"pronouns":null,"media":[{"hash_sha256":"04a679a2715c7dc96e870f4a7700a77cb2f1dc3dd7a29e1ee2c55e94539e8294","filetype":"image/png","hash_md5":"262115617a7cb515893e29e1e01844a6","name":"AmiranAlavidze.png","hash_crc32c":"84a6a6b1","asset_id":514,"filesize":98259,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FAmiranAlavidze.png?alt=media","person_id":53622}],"id":53622}],"timeband_id":1160,"links":[],"end":"2024-05-26T19:00:00.000-0000","id":54322,"begin_timestamp":{"seconds":1716742800,"nanoseconds":0},"village_id":null,"tag_ids":[46276],"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53622}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Room 2250","hotel":"","short_name":"Room 2250","id":46214},"updated":"2024-04-09T04:05:00.000-0000","begin":"2024-05-26T17:00:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","color":"#420d40","name":"Misc","id":46275},"title":"Workshop Registration","end_timestamp":{"seconds":1716742800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1712619600,"nanoseconds":0},"speakers":[],"timeband_id":1160,"links":[],"end":"2024-05-26T17:00:00.000-0000","id":54321,"tag_ids":[46275],"village_id":null,"begin_timestamp":{"seconds":1716739200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-05-25T16:08+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46209},"updated":"2024-04-08T23:40:00.000-0000","begin":"2024-05-26T16:00:00.000-0000"}] \ No newline at end of file +[{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"","title":"After Party","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#420d40","name":"Misc","id":46275},"end_timestamp":{"seconds":1716872400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1712618520,"nanoseconds":0},"speakers":[],"timeband_id":1161,"links":[],"end":"2024-05-28T05:00:00.000-0000","id":54290,"tag_ids":[46275],"begin_timestamp":{"seconds":1716857100,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46209},"spans_timebands":"N","updated":"2024-04-08T23:22:00.000-0000","begin":"2024-05-28T00:45:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"","title":"Closing Remarks","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#f77a00","updated_at":"2024-06-07T03:42+0000","name":"Talk - Track 1","id":46263},"end_timestamp":{"seconds":1716856500,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1712618460,"nanoseconds":0},"speakers":[],"timeband_id":1161,"links":[],"end":"2024-05-28T00:35:00.000-0000","id":54289,"village_id":null,"begin_timestamp":{"seconds":1716855600,"nanoseconds":0},"tag_ids":[46263],"includes":"","people":[],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Tracks 1-4","hotel":"","short_name":"Tracks 1-4","id":46208},"spans_timebands":"N","begin":"2024-05-28T00:20:00.000-0000","updated":"2024-04-08T23:21:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Looking to quickly determine how many analysts your SOC needs? Wondering what the tradeoffs are between 5x8, 4x10, 2-2-3? Curious what's the right SlA & when to use an on-call? If so then this is the track for you.\n\n\n","title":"SOC Staffing and Scheduling - Justifying Headcount and Meeting the Mission","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#1d1ad9","name":"Talk - Track 4","id":46355},"android_description":"Looking to quickly determine how many analysts your SOC needs? Wondering what the tradeoffs are between 5x8, 4x10, 2-2-3? Curious what's the right SlA & when to use an on-call? If so then this is the track for you.","end_timestamp":{"seconds":1716855600,"nanoseconds":0},"updated_timestamp":{"seconds":1712622420,"nanoseconds":0},"speakers":[{"content_ids":[53986],"conference_id":139,"event_ids":[54320],"name":"Chris Hamilton","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/ch4m1l70n/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ch_breakthrough"}],"media":[{"hash_sha256":"78edf8640981af8ae54eeeb5984eb8b4791f5f73f75d20a495064f148bd79a28","filetype":"image/jpeg","hash_md5":"166a48c552f133c1dfb0f4f2d0253137","name":"ChrisHamilton.jpg","hash_crc32c":"3e14d3ce","filesize":154145,"asset_id":522,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FChrisHamilton.jpg?alt=media","person_id":53591}],"id":53591}],"timeband_id":1161,"links":[],"end":"2024-05-28T00:20:00.000-0000","id":54320,"tag_ids":[46355],"begin_timestamp":{"seconds":1716854400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53591}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1800 (Track 4)","hotel":"","short_name":"Room 1800 (Track 4)","id":46207},"updated":"2024-04-09T00:27:00.000-0000","begin":"2024-05-28T00:00:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Deep dive into both candidate and hiring manager perspectives during interviews. What levers can you pull as a hiring manager to increase your offer acceptance rate?\r\n\r\nFour main challenges candidates face that will make them turn you down.\r\n\r\nFour areas to focus on so you and your team can crush it. \n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#1d1ad9","name":"Talk - Track 4","id":46355},"title":"Security recruitment: Four challenges candidates face and four areas you can improve to impress candidates","end_timestamp":{"seconds":1716853800,"nanoseconds":0},"android_description":"Deep dive into both candidate and hiring manager perspectives during interviews. What levers can you pull as a hiring manager to increase your offer acceptance rate?\r\n\r\nFour main challenges candidates face that will make them turn you down.\r\n\r\nFour areas to focus on so you and your team can crush it.","updated_timestamp":{"seconds":1712622360,"nanoseconds":0},"speakers":[{"content_ids":[53985],"conference_id":139,"event_ids":[54319],"name":"Pablo Vidal Bouza","affiliations":[{"organization":"Rippling","title":"Head of Security Operations"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/pablo-vidal-bouza-60064528/"}],"pronouns":null,"id":53607,"media":[{"hash_sha256":"87e280aadb43b986cd1847ab2aa064978a98e74e239d1df239cfc21d7848b473","filetype":"image/jpeg","hash_md5":"7b19ba597a7d891b7e0ffbfa0367b048","name":"PabloVidalBouza.jpg","hash_crc32c":"0a718b3f","filesize":17550,"asset_id":544,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FPabloVidalBouza.jpg?alt=media","person_id":53607}],"title":"Head of Security Operations at Rippling"}],"timeband_id":1161,"links":[],"end":"2024-05-27T23:50:00.000-0000","id":54319,"village_id":null,"tag_ids":[46355],"begin_timestamp":{"seconds":1716852600,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53607}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1800 (Track 4)","hotel":"","short_name":"Room 1800 (Track 4)","id":46207},"updated":"2024-04-09T00:26:00.000-0000","begin":"2024-05-27T23:30:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Rest APIs have been the backbone of webapps for over a decade now, and it’s treated us well. Inevitably, a challenger has approached and is gradually becoming the new industry standard. That is GraphQL, a query a language for your API. But shifts in tech trends also bring another inevitability, new and interesting ways to hack stuff. GraphQL is a growing target, and the pentesting tools have yet to keep up, leaving the criminals with more time and opportunity to probe and exploit vulnerabilities in your web apps. Burp Suite has been the defacto tool for Application Security professionals running DAST scans and penetration tests against web apps, and it’s amazing Active Scan feature badly needed to be able to parse GraphQL. Our new plugin for Burp Suite allows the Active Scanner to competently point it’s library of payloads at a GraphQL API, giving the defenders a chance to detect vulnerabilities before the criminals do.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#21db00","name":"Talk - Track 3","id":46354},"title":"We Taught Burp to Speak GraphQL: Automated Security Scanning of Your GraphQL API With Burp","end_timestamp":{"seconds":1716855600,"nanoseconds":0},"android_description":"Rest APIs have been the backbone of webapps for over a decade now, and it’s treated us well. Inevitably, a challenger has approached and is gradually becoming the new industry standard. That is GraphQL, a query a language for your API. But shifts in tech trends also bring another inevitability, new and interesting ways to hack stuff. GraphQL is a growing target, and the pentesting tools have yet to keep up, leaving the criminals with more time and opportunity to probe and exploit vulnerabilities in your web apps. Burp Suite has been the defacto tool for Application Security professionals running DAST scans and penetration tests against web apps, and it’s amazing Active Scan feature badly needed to be able to parse GraphQL. Our new plugin for Burp Suite allows the Active Scanner to competently point it’s library of payloads at a GraphQL API, giving the defenders a chance to detect vulnerabilities before the criminals do.","updated_timestamp":{"seconds":1712621760,"nanoseconds":0},"speakers":[{"content_ids":[53974],"conference_id":139,"event_ids":[54308],"name":"Jared Meit","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/jared-meit-069ba014/"}],"id":53595,"media":[{"hash_sha256":"f67c9ce85d706a1e755128a4cea823181edc417f531f29c888ad734039623520","filetype":"image/jpeg","hash_md5":"0817c30737d291a609ffea2934e78365","name":"JaredMeit.jpg","hash_crc32c":"5ff969f9","filesize":235222,"asset_id":529,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FJaredMeit.jpg?alt=media","person_id":53595}]}],"timeband_id":1161,"links":[],"end":"2024-05-28T00:20:00.000-0000","id":54308,"tag_ids":[46354],"village_id":null,"begin_timestamp":{"seconds":1716852600,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53595}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1700 (Track 3)","hotel":"","short_name":"Room 1700 (Track 3)","id":46206},"spans_timebands":"N","updated":"2024-04-09T00:16:00.000-0000","begin":"2024-05-27T23:30:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"The advent of Generative Artificial Intelligence (AI) has ushered in a new era of creativity and innovation, but with it comes the imperative to address the pressing security and privacy concerns. This presentation, titled \"Ransom Meets Random,\" delves into a concise analysis of the intricate relationship between security, privacy, and Generative AI technologies.\r\n\r\nThe talk commences by exploring the dynamic landscape of generative models, shedding light on their transformative capabilities in content creation, text generation, and image synthesis. As these AI systems continue to evolve, it becomes crucial to understand the inherent risks and vulnerabilities associated with their deployment. The discussion emphasizes the potential exploitation of generative models in the context of ransom attacks, where malicious actors may leverage AI-generated content to manipulate or compromise sensitive information.\r\n\r\nFurthermore, the presentation examines the unpredictable nature of generative AI, discussing its challenges to maintaining user privacy. The talk navigates through the blurred lines between authentic and AI-generated content, unraveling the implications for individuals and organizations. Ethical considerations and regulatory perspectives are also addressed to foster a comprehensive understanding of the societal impact of generative AI.\r\n\r\nAttendees will gain insights into the current state of security measures within generative technologies and explore potential strategies to safeguard against emerging threats. By the end of the session, participants will be equipped with a nuanced understanding of the delicate balance between the innovative potential of generative AI and the imperative to fortify security and privacy frameworks in this rapidly evolving landscape.\n\n\n","title":"Ransom Meets Random: A Brief Analysis of Security and Privacy in Generative AI","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#f300f7","name":"Talk - Track 2","id":46353},"end_timestamp":{"seconds":1716855600,"nanoseconds":0},"android_description":"The advent of Generative Artificial Intelligence (AI) has ushered in a new era of creativity and innovation, but with it comes the imperative to address the pressing security and privacy concerns. This presentation, titled \"Ransom Meets Random,\" delves into a concise analysis of the intricate relationship between security, privacy, and Generative AI technologies.\r\n\r\nThe talk commences by exploring the dynamic landscape of generative models, shedding light on their transformative capabilities in content creation, text generation, and image synthesis. As these AI systems continue to evolve, it becomes crucial to understand the inherent risks and vulnerabilities associated with their deployment. The discussion emphasizes the potential exploitation of generative models in the context of ransom attacks, where malicious actors may leverage AI-generated content to manipulate or compromise sensitive information.\r\n\r\nFurthermore, the presentation examines the unpredictable nature of generative AI, discussing its challenges to maintaining user privacy. The talk navigates through the blurred lines between authentic and AI-generated content, unraveling the implications for individuals and organizations. Ethical considerations and regulatory perspectives are also addressed to foster a comprehensive understanding of the societal impact of generative AI.\r\n\r\nAttendees will gain insights into the current state of security measures within generative technologies and explore potential strategies to safeguard against emerging threats. By the end of the session, participants will be equipped with a nuanced understanding of the delicate balance between the innovative potential of generative AI and the imperative to fortify security and privacy frameworks in this rapidly evolving landscape.","updated_timestamp":{"seconds":1712621400,"nanoseconds":0},"speakers":[{"content_ids":[53968],"conference_id":139,"event_ids":[54302],"name":"Sourabh Aggarwal","affiliations":[],"pronouns":null,"links":[{"description":"","title":"","sort_order":0,"url":"https://itedconsultant.com/"},{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/ersourabhaggarwal/"}],"id":53610,"media":[{"hash_sha256":"1db93a5d046263c540b70087b7632003adee5b7b33503a56422a117d33492688","filetype":"image/jpeg","hash_md5":"31f54fa44c6ac4b5c682b5a0ca5622af","name":"SourabhAggarwal.jpg","hash_crc32c":"4c186618","filesize":284217,"asset_id":547,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FSourabhAggarwal.jpg?alt=media","person_id":53610}]}],"timeband_id":1161,"links":[],"end":"2024-05-28T00:20:00.000-0000","id":54302,"tag_ids":[46353],"begin_timestamp":{"seconds":1716852600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53610}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1400-1410 (Track 2)","hotel":"","short_name":"Room 1400-1410 (Track 2)","id":46205},"updated":"2024-04-09T00:10:00.000-0000","begin":"2024-05-27T23:30:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"What's the one place that will let anyone walk in off the street and start using a computer? The library! But what if you want to do more than search the catalog for books? \r\n\r\nThis presentation will cover two types of hacking that you can do at the library. The first type involves how to gain control of an otherwise locked down public PC. Libraries encourage everyone to learn, they probably just didn't intend for it to be so hands on!\r\n\r\nThe second part of this presentation will cover how a widely used library web service was tested for vulnerabilities. This software was found to contain a large variety of vulnerability classes, and is a great example of what can be uncovered through a software security assessment. All of the findings were remotely exploitable 0day vulnerabilities, and this software was used by hundreds of libraries.\n\n\n","title":"Hacking Libraries (The Kind That Loan Books)","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#f77a00","name":"Talk - Track 1","id":46263},"android_description":"What's the one place that will let anyone walk in off the street and start using a computer? The library! But what if you want to do more than search the catalog for books? \r\n\r\nThis presentation will cover two types of hacking that you can do at the library. The first type involves how to gain control of an otherwise locked down public PC. Libraries encourage everyone to learn, they probably just didn't intend for it to be so hands on!\r\n\r\nThe second part of this presentation will cover how a widely used library web service was tested for vulnerabilities. This software was found to contain a large variety of vulnerability classes, and is a great example of what can be uncovered through a software security assessment. All of the findings were remotely exploitable 0day vulnerabilities, and this software was used by hundreds of libraries.","end_timestamp":{"seconds":1716855600,"nanoseconds":0},"updated_timestamp":{"seconds":1712620680,"nanoseconds":0},"speakers":[{"content_ids":[53962],"conference_id":139,"event_ids":[54296],"name":"Wesley Wineberg","affiliations":[],"links":[],"pronouns":null,"id":53615,"media":[{"hash_sha256":"99d40c874dedbcea8aa4b996ec4ce18980456b1ac31a2bdec933c483de1b05a7","filetype":"image/png","hash_md5":"69c60edb1a306697427b6b463b9f46d1","name":"WesleyWineberg.png","hash_crc32c":"1c0f51bc","asset_id":551,"filesize":2336298,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FWesleyWineberg.png?alt=media","person_id":53615}]}],"timeband_id":1161,"links":[],"end":"2024-05-28T00:20:00.000-0000","id":54296,"begin_timestamp":{"seconds":1716852600,"nanoseconds":0},"tag_ids":[46263],"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53615}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1900 (Track 1 - The Microsoft Room)","hotel":"","short_name":"Room 1900 (Track 1 - The Microsoft Room)","id":46204},"spans_timebands":"N","begin":"2024-05-27T23:30:00.000-0000","updated":"2024-04-08T23:58:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#1d1ad9","name":"Talk - Track 4","id":46355},"title":"Securing the AI Pipeline with Muhammad Muneer","end_timestamp":{"seconds":1716852000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1716647940,"nanoseconds":0},"speakers":[{"content_ids":[54122],"conference_id":139,"event_ids":[54473],"name":"Muhammad Muneer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53721}],"timeband_id":1161,"links":[],"end":"2024-05-27T23:20:00.000-0000","id":54473,"begin_timestamp":{"seconds":1716850800,"nanoseconds":0},"village_id":null,"tag_ids":[46355],"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53721}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1800 (Track 4)","hotel":"","short_name":"Room 1800 (Track 4)","id":46207},"begin":"2024-05-27T23:00:00.000-0000","updated":"2024-05-25T14:39:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Cryptocurrencies were once primarily associated with illicit activities due to their decentralized and seemingly anonymous nature. However, most of them operate on a pseudonymous basis, making crypto investigations a crucial aspect of modern cybersecurity. This involves a detailed analysis of blockchain transactions to trace the movement of funds. In this talk, we will explore the latest advances in crypto forensics and how to unveil the real-world entities behind cryptocurrency-related crimes. The goal is to equip the audience with the knowledge and skills needed to navigate the complex landscape of cryptocurrency investigations.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#f300f7","name":"Talk - Track 2","id":46353},"title":"Deanonymizing the Blockchain: What Cybersecurity Experts Should Know About Cryptocurrency Investigations","android_description":"Cryptocurrencies were once primarily associated with illicit activities due to their decentralized and seemingly anonymous nature. However, most of them operate on a pseudonymous basis, making crypto investigations a crucial aspect of modern cybersecurity. This involves a detailed analysis of blockchain transactions to trace the movement of funds. In this talk, we will explore the latest advances in crypto forensics and how to unveil the real-world entities behind cryptocurrency-related crimes. The goal is to equip the audience with the knowledge and skills needed to navigate the complex landscape of cryptocurrency investigations.","end_timestamp":{"seconds":1716852000,"nanoseconds":0},"updated_timestamp":{"seconds":1712621160,"nanoseconds":0},"speakers":[{"content_ids":[53967],"conference_id":139,"event_ids":[54301],"name":"Artem Ponomarov","affiliations":[{"organization":"","title":"Cryptocurrency Security Expert"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/artem-ponomarov/"}],"pronouns":null,"media":[{"hash_sha256":"428ee2eadf0a80b3e0dfb173dd72faab1efdb4f1b55f2c80d94acff90734a8d5","filetype":"image/jpeg","hash_md5":"1bdeb7e3b547777264ae736c2291ee91","name":"ArtemPonomarov.jpeg","hash_crc32c":"fda9e9c7","asset_id":517,"filesize":37243,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FArtemPonomarov.jpeg?alt=media","person_id":53619}],"id":53619,"title":"Cryptocurrency Security Expert"}],"timeband_id":1161,"links":[],"end":"2024-05-27T23:20:00.000-0000","id":54301,"begin_timestamp":{"seconds":1716850800,"nanoseconds":0},"village_id":null,"tag_ids":[46353],"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53619}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1400-1410 (Track 2)","hotel":"","short_name":"Room 1400-1410 (Track 2)","id":46205},"spans_timebands":"N","begin":"2024-05-27T23:00:00.000-0000","updated":"2024-04-09T00:06:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"","title":"Beyond Blacklists: Security in the Age of AI","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#f300f7","updated_at":"2024-06-07T03:42+0000","name":"Talk - Track 2","id":46353},"android_description":"","end_timestamp":{"seconds":1716850200,"nanoseconds":0},"updated_timestamp":{"seconds":1716647880,"nanoseconds":0},"speakers":[{"content_ids":[54121],"conference_id":139,"event_ids":[54472],"name":"Feynman Liang","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53720}],"timeband_id":1161,"links":[],"end":"2024-05-27T22:50:00.000-0000","id":54472,"begin_timestamp":{"seconds":1716849000,"nanoseconds":0},"tag_ids":[46353],"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53720}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1400-1410 (Track 2)","hotel":"","short_name":"Room 1400-1410 (Track 2)","id":46205},"updated":"2024-05-25T14:38:00.000-0000","begin":"2024-05-27T22:30:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Blockchain technology can have a revolutionary effect on many important industries like finance and health. A security vulnerability in a smart contract can lead to a hack that would be more damaging than the biggest heists in history. We have proven DevSecOps methods in the classic software building industry that we can leverage to develop blockchain projects and improve smart contracts qualities and security. Moreover, there is a lack of consensus and guidance regarding leveraging DevSecOps in developing blockchain projects. This talk will list common smart contract vulnerabilities and how we can avoid them by building a secure CI/CD pipeline and following best security practices.\n\n\n","title":"Blockchain DevSecOps","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#1d1ad9","name":"Talk - Track 4","id":46355},"end_timestamp":{"seconds":1716850200,"nanoseconds":0},"android_description":"Blockchain technology can have a revolutionary effect on many important industries like finance and health. A security vulnerability in a smart contract can lead to a hack that would be more damaging than the biggest heists in history. We have proven DevSecOps methods in the classic software building industry that we can leverage to develop blockchain projects and improve smart contracts qualities and security. Moreover, there is a lack of consensus and guidance regarding leveraging DevSecOps in developing blockchain projects. This talk will list common smart contract vulnerabilities and how we can avoid them by building a secure CI/CD pipeline and following best security practices.","updated_timestamp":{"seconds":1712622240,"nanoseconds":0},"speakers":[{"content_ids":[53983],"conference_id":139,"event_ids":[54317],"name":"Iman Sharafaldin","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/imansharaf/"}],"pronouns":null,"media":[{"hash_sha256":"16955a7745c6638442322bbb47e43eb58b6299790e16593fcdb3b62d77af11d3","filetype":"image/jpeg","hash_md5":"c60573e836c4cdd504609068e7762332","name":"ImanSharafaldin.jpg","hash_crc32c":"f148d541","filesize":77677,"asset_id":527,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FImanSharafaldin.jpg?alt=media","person_id":53594}],"id":53594}],"timeband_id":1161,"links":[],"end":"2024-05-27T22:50:00.000-0000","id":54317,"tag_ids":[46355],"begin_timestamp":{"seconds":1716849000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53594}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1800 (Track 4)","hotel":"","short_name":"Room 1800 (Track 4)","id":46207},"begin":"2024-05-27T22:30:00.000-0000","updated":"2024-04-09T00:24:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"As modern software development practices evolve, CI/CD pipelines have emerged as a potent, yet under-secured frontier. This has resulted in a shift in focus from attackers, who are exploiting the traditionally overlooked vulnerabilities in the development pipelines. In this presentation, we'll dive into the top CI/CD security risks as identified by OWASP. We'll look at how each attack can be performed, explore potential impacts, and the motives of bad actors. This talk will provide you with pragmatic strategies to strengthen your CI/CD security posture. Join us to transform your CI/CD pipeline from a potential vulnerability into a cornerstone of your security infrastructure.\n\n\n","title":"Beyond Code: Reinforcing CI/CD Pipelines Against Emerging Threats","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#21db00","updated_at":"2024-06-07T03:42+0000","name":"Talk - Track 3","id":46354},"end_timestamp":{"seconds":1716852000,"nanoseconds":0},"android_description":"As modern software development practices evolve, CI/CD pipelines have emerged as a potent, yet under-secured frontier. This has resulted in a shift in focus from attackers, who are exploiting the traditionally overlooked vulnerabilities in the development pipelines. In this presentation, we'll dive into the top CI/CD security risks as identified by OWASP. We'll look at how each attack can be performed, explore potential impacts, and the motives of bad actors. This talk will provide you with pragmatic strategies to strengthen your CI/CD security posture. Join us to transform your CI/CD pipeline from a potential vulnerability into a cornerstone of your security infrastructure.","updated_timestamp":{"seconds":1712621700,"nanoseconds":0},"speakers":[{"content_ids":[53973],"conference_id":139,"event_ids":[54307],"name":"Farshad Abasi","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/farshadabasi/"}],"media":[{"hash_sha256":"74583cfacf40b7b0b59858b58079c123804f21a09d4fad549b1e77c05ba67687","filetype":"image/jpeg","hash_md5":"9cc28c1adafdc46bc628b2621461e275","name":"FarshadAbasi.jpg","hash_crc32c":"410856ed","filesize":126839,"asset_id":524,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FFarshadAbasi.jpg?alt=media","person_id":53592}],"id":53592}],"timeband_id":1161,"links":[],"end":"2024-05-27T23:20:00.000-0000","id":54307,"village_id":null,"begin_timestamp":{"seconds":1716849000,"nanoseconds":0},"tag_ids":[46354],"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53592}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1700 (Track 3)","hotel":"","short_name":"Room 1700 (Track 3)","id":46206},"spans_timebands":"N","begin":"2024-05-27T22:30:00.000-0000","updated":"2024-04-09T00:15:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"20,000 Leagues Under Accounting, your syndicate has established a foothold. What happens next is up to you. Come play Phishing Expedition, a choose your own adventure style phishing game, where participants take on the role of a fictional organized crime syndicate, attacking fictional organizations. Spend your collective cash wisely on the right infrastructure, payloads, and OSINT to gain access, compromise new hosts, and (hopefully) earn big profits from ill-gotten data. \n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#f77a00","updated_at":"2024-06-07T03:42+0000","name":"Talk - Track 1","id":46263},"title":"Phishing Expedition: a group-based, choose your own adventure style phishing game","android_description":"20,000 Leagues Under Accounting, your syndicate has established a foothold. What happens next is up to you. Come play Phishing Expedition, a choose your own adventure style phishing game, where participants take on the role of a fictional organized crime syndicate, attacking fictional organizations. Spend your collective cash wisely on the right infrastructure, payloads, and OSINT to gain access, compromise new hosts, and (hopefully) earn big profits from ill-gotten data.","end_timestamp":{"seconds":1716852000,"nanoseconds":0},"updated_timestamp":{"seconds":1712620620,"nanoseconds":0},"speakers":[{"content_ids":[53961],"conference_id":139,"event_ids":[54295],"name":"A.J. Leece","affiliations":[{"organization":"Syntax Security Solutions","title":"Founder and Managing Director"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"http://www.linkedin.com/in/anthony-leece"},{"description":"","title":"Website","sort_order":0,"url":"https://www.security-selfawareness.com/"}],"media":[{"hash_sha256":"6ac92dadf638ea6556d2e28be1bfa3834a00c6fcf3e3b7011e7d271107a808d7","filetype":"image/png","hash_md5":"8b9263f6ad00248869710f8d1ab197d9","name":"AJLeece.png","hash_crc32c":"6c998405","asset_id":510,"filesize":1957841,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FAJLeece.png?alt=media","person_id":53585}],"id":53585,"title":"Founder and Managing Director at Syntax Security Solutions"}],"timeband_id":1161,"links":[],"end":"2024-05-27T23:20:00.000-0000","id":54295,"tag_ids":[46263],"begin_timestamp":{"seconds":1716849000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53585}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1900 (Track 1 - The Microsoft Room)","hotel":"","short_name":"Room 1900 (Track 1 - The Microsoft Room)","id":46204},"spans_timebands":"N","updated":"2024-04-08T23:57:00.000-0000","begin":"2024-05-27T22:30:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"This talk covers an introduction to catfishing, providing a real-life example. It outlines the Signs of a Catfish, focusing on Red Flags and Warning Signs. The role of OSINT is highlighted, showcasing techniques to unmask catfishers.\r\n\r\nIntroduction to Catfishing, Case example, Signs of a Catfish, Red Flags and Warning Signs , How can OSINT help?, OSINT techniques to unmask catfishers, Prevent Catfishing / Education \n\n\n","title":"Unveiling Deception - Catching a Catfish","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#1d1ad9","updated_at":"2024-06-07T03:42+0000","name":"Talk - Track 4","id":46355},"android_description":"This talk covers an introduction to catfishing, providing a real-life example. It outlines the Signs of a Catfish, focusing on Red Flags and Warning Signs. The role of OSINT is highlighted, showcasing techniques to unmask catfishers.\r\n\r\nIntroduction to Catfishing, Case example, Signs of a Catfish, Red Flags and Warning Signs , How can OSINT help?, OSINT techniques to unmask catfishers, Prevent Catfishing / Education","end_timestamp":{"seconds":1716848400,"nanoseconds":0},"updated_timestamp":{"seconds":1712622180,"nanoseconds":0},"speakers":[{"content_ids":[53982,53995],"conference_id":139,"event_ids":[54316,54329],"name":"Ritu Gill","affiliations":[{"organization":"","title":"Intelligence Analyst"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/ritugill-osinttechniques/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/OSINTtechniques"},{"description":"","title":"Website","sort_order":0,"url":"https://www.osinttechniques.com/"},{"description":"","title":"Website (2)","sort_order":0,"url":"https://www.forensicosint.com/"}],"pronouns":null,"id":53608,"media":[{"hash_sha256":"e79fdeed84a6a69df3a01b1fb3ccd5824491c23cd530e0ffcb9574897c073cb2","filetype":"image/jpeg","hash_md5":"7cecce00d074bc221de8c4e5ad4a94f8","name":"RituGill.jpg","hash_crc32c":"827ef50a","filesize":36727,"asset_id":545,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FRituGill.jpg?alt=media","person_id":53608}],"title":"Intelligence Analyst"}],"timeband_id":1161,"links":[],"end":"2024-05-27T22:20:00.000-0000","id":54316,"begin_timestamp":{"seconds":1716847200,"nanoseconds":0},"village_id":null,"tag_ids":[46355],"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53608}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1800 (Track 4)","hotel":"","short_name":"Room 1800 (Track 4)","id":46207},"begin":"2024-05-27T22:00:00.000-0000","updated":"2024-04-09T00:23:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"On the clearweb, hundreds of sites operate in the open which have been used to fuel the spread of Fentanyl and it’s precursors. These operators have stepped out of the shadows of the darkweb to increase the accessibility to their highly addictive drugs.\r\n\r\nSit down for this talk and discover how to identify a seller, track them down across the web, and find the links back to shell corporations based out of the United States. I will demonstrate all of this using real world examples; by following this guide you too will be able to use these OSINT tactics to take down a drug network.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#1d1ad9","updated_at":"2024-06-07T03:42+0000","name":"Talk - Track 4","id":46355},"title":"A How To Guide: Hunting Clearweb Fentanyl Distributors","end_timestamp":{"seconds":1716846600,"nanoseconds":0},"android_description":"On the clearweb, hundreds of sites operate in the open which have been used to fuel the spread of Fentanyl and it’s precursors. These operators have stepped out of the shadows of the darkweb to increase the accessibility to their highly addictive drugs.\r\n\r\nSit down for this talk and discover how to identify a seller, track them down across the web, and find the links back to shell corporations based out of the United States. I will demonstrate all of this using real world examples; by following this guide you too will be able to use these OSINT tactics to take down a drug network.","updated_timestamp":{"seconds":1712622120,"nanoseconds":0},"speakers":[{"content_ids":[53981],"conference_id":139,"event_ids":[54315],"name":"Julian B","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/julianb34/"}],"pronouns":null,"media":[{"hash_sha256":"962d5e3483bb21d8210e76ea17644de5824a4193c5676f86f6e9558346f8a7dc","filetype":"image/png","hash_md5":"cdcd18c6fee309d38662525a38e646e6","name":"JulianB.png","hash_crc32c":"7618146e","asset_id":533,"filesize":845071,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FJulianB.png?alt=media","person_id":53598}],"id":53598}],"timeband_id":1161,"links":[],"end":"2024-05-27T21:50:00.000-0000","id":54315,"village_id":null,"begin_timestamp":{"seconds":1716845400,"nanoseconds":0},"tag_ids":[46355],"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53598}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1800 (Track 4)","hotel":"","short_name":"Room 1800 (Track 4)","id":46207},"spans_timebands":"N","begin":"2024-05-27T21:30:00.000-0000","updated":"2024-04-09T00:22:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"As a security community and hackers, our major focus is usually on vulnerabilities affecting operating systems and software running on devices. Not so often do we put a light on protocols we have been using for years or practices we have been following. Then eventually, one day, we may realize that some expensive security solutions we trust for our security may extensively rely on some simple assumptions at core. In this presentation, starting with a real-life incident example, Ali will shed light on how common IDS/IPS detection engines rely on the fact that, malicious or not, all networking applications would follow the same logic flow at the socket programming level. Then, by thinking outside of the box, Ali will demonstrate how, by making a small change in the application, malicious traffic can avoid being detected by IDS/IPS engines and therefore bypass Next Generation Firewall’s Layer 7 Application Policy rules. A PoC tool written by Ali will be used to demonstrate a successful reverse shell connection and file exfiltration being performed over some well-known NGFWs despite their Layer 7 application block policies in effect. Following the demo, there will be some suggestions for defenders on how to detect such suspicious traffic as well as how to remediate this issue. The PoC tool will be published following the presentation.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#21db00","name":"Talk - Track 3","id":46354},"title":"Bypassing Next Generation Firewalls’ Layer 7 Application Policy","android_description":"As a security community and hackers, our major focus is usually on vulnerabilities affecting operating systems and software running on devices. Not so often do we put a light on protocols we have been using for years or practices we have been following. Then eventually, one day, we may realize that some expensive security solutions we trust for our security may extensively rely on some simple assumptions at core. In this presentation, starting with a real-life incident example, Ali will shed light on how common IDS/IPS detection engines rely on the fact that, malicious or not, all networking applications would follow the same logic flow at the socket programming level. Then, by thinking outside of the box, Ali will demonstrate how, by making a small change in the application, malicious traffic can avoid being detected by IDS/IPS engines and therefore bypass Next Generation Firewall’s Layer 7 Application Policy rules. A PoC tool written by Ali will be used to demonstrate a successful reverse shell connection and file exfiltration being performed over some well-known NGFWs despite their Layer 7 application block policies in effect. Following the demo, there will be some suggestions for defenders on how to detect such suspicious traffic as well as how to remediate this issue. The PoC tool will be published following the presentation.","end_timestamp":{"seconds":1716848400,"nanoseconds":0},"updated_timestamp":{"seconds":1712621640,"nanoseconds":0},"speakers":[{"content_ids":[53972],"conference_id":139,"event_ids":[54306],"name":"Ali Efe","affiliations":[{"organization":"IBM X-Force Red","title":"Penetration Tester"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/ali-efe-63821339/"}],"pronouns":null,"media":[{"hash_sha256":"af596739f370dd1128b7d782d11549cbe8a58380db12e59ebdf9cfd785d92044","filetype":"image/jpeg","hash_md5":"bfd54b7dfb118a9ac3e27a0c7b2b56a1","name":"AliEfe.jpg","hash_crc32c":"a346d00e","asset_id":512,"filesize":49639,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FAliEfe.jpg?alt=media","person_id":53587}],"id":53587,"title":"Penetration Tester at IBM X-Force Red"}],"timeband_id":1161,"links":[],"end":"2024-05-27T22:20:00.000-0000","id":54306,"tag_ids":[46354],"village_id":null,"begin_timestamp":{"seconds":1716845400,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53587}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1700 (Track 3)","hotel":"","short_name":"Room 1700 (Track 3)","id":46206},"spans_timebands":"N","begin":"2024-05-27T21:30:00.000-0000","updated":"2024-04-09T00:14:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Transformers architecture powers most of the recent developments in AI space, especially the recent wave of LLMs. However, the transformers architecture is quite complex and not very well understood. I want to take a deep dive into the architecture and explain how it works. From security point of view, if more security practitioners understand the architecture better, it will help in finding security loopholes.\n\n\n","title":"Deep dive into Transformers architecture","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#f300f7","name":"Talk - Track 2","id":46353},"android_description":"Transformers architecture powers most of the recent developments in AI space, especially the recent wave of LLMs. However, the transformers architecture is quite complex and not very well understood. I want to take a deep dive into the architecture and explain how it works. From security point of view, if more security practitioners understand the architecture better, it will help in finding security loopholes.","end_timestamp":{"seconds":1716848400,"nanoseconds":0},"updated_timestamp":{"seconds":1712621040,"nanoseconds":0},"speakers":[{"content_ids":[53966],"conference_id":139,"event_ids":[54300],"name":"Japneet Singh","affiliations":[{"organization":"Lacework","title":"Software Engineer"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/japneetsingh/"}],"pronouns":null,"media":[{"hash_sha256":"8afb252f710fb4111bba51fa9a2673cc4ece1f0fa0ba97a4df47340f66ce25db","filetype":"image/jpeg","hash_md5":"925f41254c0395ff7e285295a6886702","name":"JapneetSingh.jpg","hash_crc32c":"511551c1","filesize":81156,"asset_id":528,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FJapneetSingh.jpg?alt=media","person_id":53618}],"id":53618,"title":"Software Engineer at Lacework"}],"timeband_id":1161,"links":[],"end":"2024-05-27T22:20:00.000-0000","id":54300,"begin_timestamp":{"seconds":1716845400,"nanoseconds":0},"village_id":null,"tag_ids":[46353],"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53618}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1400-1410 (Track 2)","hotel":"","short_name":"Room 1400-1410 (Track 2)","id":46205},"spans_timebands":"N","updated":"2024-04-09T00:04:00.000-0000","begin":"2024-05-27T21:30:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Previously, we discovered a bug that could bypass the PIN2Drive feature for Tesla vehicles. We were rewarded by Tesla and entered the Tesla Hall of Fame. Additionally, we disclosed a creative bug named Rolling-Pwn, which affects Honda vehicles globally. Vehicle bug bounty hunting is the new trend. In this talk, I will provide advice on vehicle bug bounty hunting and present the successes and failures of our vehicle bug hunting stories over the past few years.\n\n\n","title":"Behind the Dashboard: Tales of a Car Bug Bounty Hunter","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#f77a00","updated_at":"2024-06-07T03:42+0000","name":"Talk - Track 1","id":46263},"android_description":"Previously, we discovered a bug that could bypass the PIN2Drive feature for Tesla vehicles. We were rewarded by Tesla and entered the Tesla Hall of Fame. Additionally, we disclosed a creative bug named Rolling-Pwn, which affects Honda vehicles globally. Vehicle bug bounty hunting is the new trend. In this talk, I will provide advice on vehicle bug bounty hunting and present the successes and failures of our vehicle bug hunting stories over the past few years.","end_timestamp":{"seconds":1716848400,"nanoseconds":0},"updated_timestamp":{"seconds":1712620560,"nanoseconds":0},"speakers":[{"content_ids":[53960],"conference_id":139,"event_ids":[54294],"name":"Kevin Chen","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/kevin2600"}],"pronouns":null,"media":[{"hash_sha256":"2d1f7c55f05a30d49681a09f7569f494edc78b3bbd91a5f62658f85e8d0cc888","filetype":"image/png","hash_md5":"362248645906a02d36a9fbf64293fe3c","name":"KevinChen.png","hash_crc32c":"0060e073","asset_id":535,"filesize":341604,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FKevinChen.png?alt=media","person_id":53599}],"id":53599}],"timeband_id":1161,"links":[],"end":"2024-05-27T22:20:00.000-0000","id":54294,"tag_ids":[46263],"begin_timestamp":{"seconds":1716845400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53599}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1900 (Track 1 - The Microsoft Room)","hotel":"","short_name":"Room 1900 (Track 1 - The Microsoft Room)","id":46204},"spans_timebands":"N","begin":"2024-05-27T21:30:00.000-0000","updated":"2024-04-08T23:56:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Often when folks think of security research, they think of things like reverse engineering, tracking threat actors, or pentesting. While these are all valid, there’s one side of security research that is often forgotten or misunderstood – Internet Measurement, or evidence-based science. In order to improve the world, we need to quantify it first, and that’s where Internet Measurement comes into play.\r\n\r\nIn this talk, I’ll use my 8 years of hands-on experience to dive deep into the world of Internet Measurement and show attendees why we should care MORE about Internet Measurement as a security research tool. To start, I’ll discuss the details of three very different measurement projects: evaluating attacker behavior in a niche market, quantifying Internet Scanning completeness, and improving vulnerability notifications. In discussing these projects, I’ll clarify the questions we were trying to answer, how we thought about our measurements, and the impact the outcomes had. Most importantly, I’ll hypothesize what we would have missed had the work NOT happened. \r\n\r\nBy discussing these three disparate projects, I hope attendees will walk away understanding what Internet Measurement is, why it’s so useful in the world of security, and how security practitioners can apply these lessons to their own environments. We don’t know what we don’t know and the unknown can seem daunting. Internet Measurement is a way for us to step into (and through) that unknown.\n\n\n","title":"What we Mean When We Say Internet Measurement, and why it Matters so much for Security","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#1d1ad9","name":"Talk - Track 4","id":46355},"end_timestamp":{"seconds":1716844800,"nanoseconds":0},"android_description":"Often when folks think of security research, they think of things like reverse engineering, tracking threat actors, or pentesting. While these are all valid, there’s one side of security research that is often forgotten or misunderstood – Internet Measurement, or evidence-based science. In order to improve the world, we need to quantify it first, and that’s where Internet Measurement comes into play.\r\n\r\nIn this talk, I’ll use my 8 years of hands-on experience to dive deep into the world of Internet Measurement and show attendees why we should care MORE about Internet Measurement as a security research tool. To start, I’ll discuss the details of three very different measurement projects: evaluating attacker behavior in a niche market, quantifying Internet Scanning completeness, and improving vulnerability notifications. In discussing these projects, I’ll clarify the questions we were trying to answer, how we thought about our measurements, and the impact the outcomes had. Most importantly, I’ll hypothesize what we would have missed had the work NOT happened. \r\n\r\nBy discussing these three disparate projects, I hope attendees will walk away understanding what Internet Measurement is, why it’s so useful in the world of security, and how security practitioners can apply these lessons to their own environments. We don’t know what we don’t know and the unknown can seem daunting. Internet Measurement is a way for us to step into (and through) that unknown.","updated_timestamp":{"seconds":1712622120,"nanoseconds":0},"speakers":[{"content_ids":[53980],"conference_id":139,"event_ids":[54314],"name":"Ariana Mirian","affiliations":[{"organization":"Censys","title":"Senior Security Researcher"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/arianamirian/"},{"description":"","title":"Mastodon (infosec.exchange)","sort_order":0,"url":"https://infosec.exchange/@amirian"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/arimirian"},{"description":"","title":"Website","sort_order":0,"url":"http://arianamirian.com/"}],"pronouns":null,"media":[{"hash_sha256":"f48cd226c6756003059e5a442382035099f34f2b19a34f043717167e9afc79d4","filetype":"image/jpeg","hash_md5":"9e24d89d9d29cfe8c36d9c1abd50538b","name":"ArianaMirian.jpg","hash_crc32c":"98b52647","filesize":37401,"asset_id":516,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FArianaMirian.jpg?alt=media","person_id":53590}],"id":53590,"title":"Senior Security Researcher at Censys"}],"timeband_id":1161,"links":[],"end":"2024-05-27T21:20:00.000-0000","id":54314,"begin_timestamp":{"seconds":1716843600,"nanoseconds":0},"tag_ids":[46355],"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53590}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1800 (Track 4)","hotel":"","short_name":"Room 1800 (Track 4)","id":46207},"begin":"2024-05-27T21:00:00.000-0000","updated":"2024-04-09T00:22:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"You are the proverbial bad guy, and need to exfiltrate data out of a company. What are the various techniques you can employ to fly under the radar of all software modules designed to prevent you from doing that? If you are a blue teamer and need to guard your defenses against exfiltration, what are the various techniques you can employ to prevent this?\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#1d1ad9","name":"Talk - Track 4","id":46355},"title":"Techniques to exfiltrate data","end_timestamp":{"seconds":1716843000,"nanoseconds":0},"android_description":"You are the proverbial bad guy, and need to exfiltrate data out of a company. What are the various techniques you can employ to fly under the radar of all software modules designed to prevent you from doing that? If you are a blue teamer and need to guard your defenses against exfiltration, what are the various techniques you can employ to prevent this?","updated_timestamp":{"seconds":1712622000,"nanoseconds":0},"speakers":[{"content_ids":[53979],"conference_id":139,"event_ids":[54313],"name":"Sundar Krishnamurthy","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/sundar-krishnamurthy-cissp-b32b761/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/sundarnut"}],"id":53612,"media":[{"hash_sha256":"0bf278a0e5bf789d445e90593cefa51801bc62ee713d34e0faa3e816b0282729","filetype":"image/jpeg","hash_md5":"62af8c8428d779abaa738e6938239932","name":"SundarKrishnamurthy.jpg","hash_crc32c":"1c53f9d0","filesize":79689,"asset_id":549,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FSundarKrishnamurthy.jpg?alt=media","person_id":53612}]}],"timeband_id":1161,"links":[],"end":"2024-05-27T20:50:00.000-0000","id":54313,"begin_timestamp":{"seconds":1716841800,"nanoseconds":0},"tag_ids":[46355],"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53612}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1800 (Track 4)","hotel":"","short_name":"Room 1800 (Track 4)","id":46207},"begin":"2024-05-27T20:30:00.000-0000","updated":"2024-04-09T00:20:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Alex and Brad's fascination with drones further catalyzed this integration, giving birth to \"The Raccoon Squad\". This initiative features two groundbreaking devices: the 'Flying Raccoon', representing airborne reconnaissance and intrusion, and the 'Sneaky Raccoon', epitomizing ground-level stealth operations. Through this exploration, we gain insights into the future of integrated security solutions that seamlessly blend digital prowess with tangible, real-world applications.\n\n\n","title":"Guardians of Cybersecurity: Deploying IoT devices via Drones and Dropboxes","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#21db00","name":"Talk - Track 3","id":46354},"end_timestamp":{"seconds":1716844800,"nanoseconds":0},"android_description":"Alex and Brad's fascination with drones further catalyzed this integration, giving birth to \"The Raccoon Squad\". This initiative features two groundbreaking devices: the 'Flying Raccoon', representing airborne reconnaissance and intrusion, and the 'Sneaky Raccoon', epitomizing ground-level stealth operations. Through this exploration, we gain insights into the future of integrated security solutions that seamlessly blend digital prowess with tangible, real-world applications.","updated_timestamp":{"seconds":1712621580,"nanoseconds":0},"speakers":[{"content_ids":[53971],"conference_id":139,"event_ids":[54305],"name":"Alex Thines","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/alexander-thines-34256315b/"}],"id":53586,"media":[{"hash_sha256":"d95a8fd5829f620863da58428f599d4cf683e84e3f244ede70e196998c9694b8","filetype":"image/jpeg","hash_md5":"0163cebd2b775aa4ae8889627a204b4c","name":"AlexThines.jpg","hash_crc32c":"d95526b5","filesize":95583,"asset_id":511,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FAlexThines.jpg?alt=media","person_id":53586}]},{"content_ids":[53971],"conference_id":139,"event_ids":[54305],"name":"Brad \"Sno0ose\" Ammerman","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/bradammerman/"}],"id":53621,"media":[{"hash_sha256":"e6e63b107319e207df98e838c2f280365a8dcf4c9071842a491bb62740c21000","filetype":"image/png","hash_md5":"16bcfbb9448fc46e2cd83788912ea4e0","name":"BradAmmerman.png","hash_crc32c":"f3338efd","filesize":44781,"asset_id":519,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FBradAmmerman.png?alt=media","person_id":53621}]}],"timeband_id":1161,"links":[],"end":"2024-05-27T21:20:00.000-0000","id":54305,"tag_ids":[46354],"village_id":null,"begin_timestamp":{"seconds":1716841800,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53586},{"tag_id":46264,"sort_order":1,"person_id":53621}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1700 (Track 3)","hotel":"","short_name":"Room 1700 (Track 3)","id":46206},"spans_timebands":"N","begin":"2024-05-27T20:30:00.000-0000","updated":"2024-04-09T00:13:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"As businesses increasingly rely on AI for innovation and efficiency, cyber threats leveraging AI capabilities have become more sophisticated and pervasive than ever before. In this talk, Michael Argast, Co-founder and CEO of Kobalt.io, will delve into the dynamic realm of Cybersecurity Attack and Defense amidst the Rise of AI, and will go through common and popular attack trends and compromises. Ideal for staff, IT, and technical teams, this session aims to empower you with essential knowledge and practical strategies to safeguard your digital assets effectively.\n\n\n","title":"Cybersecurity Attack and Defense with the Rise of AI","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#f300f7","name":"Talk - Track 2","id":46353},"android_description":"As businesses increasingly rely on AI for innovation and efficiency, cyber threats leveraging AI capabilities have become more sophisticated and pervasive than ever before. In this talk, Michael Argast, Co-founder and CEO of Kobalt.io, will delve into the dynamic realm of Cybersecurity Attack and Defense amidst the Rise of AI, and will go through common and popular attack trends and compromises. Ideal for staff, IT, and technical teams, this session aims to empower you with essential knowledge and practical strategies to safeguard your digital assets effectively.","end_timestamp":{"seconds":1716844800,"nanoseconds":0},"updated_timestamp":{"seconds":1712620980,"nanoseconds":0},"speakers":[{"content_ids":[53965],"conference_id":139,"event_ids":[54299],"name":"Michael Argast","affiliations":[{"organization":"Kobalt.io","title":"Co-founder and CEO"}],"links":[{"description":"","title":"Facebook","sort_order":0,"url":"https://web.facebook.com/kobaltcyber/"},{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/company/kobaltio"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/kobaltio"},{"description":"","title":"YouTube","sort_order":0,"url":"https://www.youtube.com/@kobalt.io.cybersecurity"}],"pronouns":null,"media":[{"hash_sha256":"82191e066a3aabd821055efcdb2e2a6835fc28cc6a0c525d9f7236bc8e5334b5","filetype":"image/png","hash_md5":"d72ebc412c23d7e13f6e5c1a02a4f224","name":"MichaelArgast.png","hash_crc32c":"d2bb463f","filesize":663881,"asset_id":540,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FMichaelArgast.png?alt=media","person_id":53603}],"id":53603,"title":"Co-founder and CEO at Kobalt.io"}],"timeband_id":1161,"links":[],"end":"2024-05-27T21:20:00.000-0000","id":54299,"tag_ids":[46353],"village_id":null,"begin_timestamp":{"seconds":1716841800,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53603}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1400-1410 (Track 2)","hotel":"","short_name":"Room 1400-1410 (Track 2)","id":46205},"spans_timebands":"N","updated":"2024-04-09T00:03:00.000-0000","begin":"2024-05-27T20:30:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"The macOS sandbox is a powerful tool for application security, and hardens macOS office to a point where they're not wildly used as an entry vector. Or are they? In this talk we will dive into sandbox escape mechanisms on macOS, as well as present a few technique for potential generic sandbox escapes.\n\n\n","title":"The sand castle - the state of the macOS sandbox through the lense of Office macros","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#f77a00","updated_at":"2024-06-07T03:42+0000","name":"Talk - Track 1","id":46263},"end_timestamp":{"seconds":1716844800,"nanoseconds":0},"android_description":"The macOS sandbox is a powerful tool for application security, and hardens macOS office to a point where they're not wildly used as an entry vector. Or are they? In this talk we will dive into sandbox escape mechanisms on macOS, as well as present a few technique for potential generic sandbox escapes.","updated_timestamp":{"seconds":1712620560,"nanoseconds":0},"speakers":[{"content_ids":[53959],"conference_id":139,"event_ids":[54293],"name":"Jonathan Bar Or","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/jonathan-bar-or-89876474"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/yo_yo_yo_jbo"}],"pronouns":null,"id":53596,"media":[{"hash_sha256":"eee4082d6c588a3d7636efefb56b460a54f6ff9a3dc71570de7752079fe82ded","filetype":"image/jpeg","hash_md5":"2db3dfc020242055d9f1bf4b4881e37e","name":"JonathanBarOr.jpg","hash_crc32c":"d24aadbf","asset_id":531,"filesize":48011,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FJonathanBarOr.jpg?alt=media","person_id":53596}]}],"timeband_id":1161,"links":[],"end":"2024-05-27T21:20:00.000-0000","id":54293,"village_id":null,"tag_ids":[46263],"begin_timestamp":{"seconds":1716841800,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53596}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1900 (Track 1 - The Microsoft Room)","hotel":"","short_name":"Room 1900 (Track 1 - The Microsoft Room)","id":46204},"spans_timebands":"N","begin":"2024-05-27T20:30:00.000-0000","updated":"2024-04-08T23:56:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Please bring your voucher to TacoFino at 15 W. Cordova for your FREE burrito \n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#420d40","updated_at":"2024-06-07T03:42+0000","name":"Misc","id":46275},"title":"Lunch sponsored by WebSec","end_timestamp":{"seconds":1716841200,"nanoseconds":0},"android_description":"Please bring your voucher to TacoFino at 15 W. Cordova for your FREE burrito","updated_timestamp":{"seconds":1716647820,"nanoseconds":0},"speakers":[],"timeband_id":1161,"links":[],"end":"2024-05-27T20:20:00.000-0000","id":54288,"tag_ids":[46275],"village_id":null,"begin_timestamp":{"seconds":1716838200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46209},"spans_timebands":"N","begin":"2024-05-27T19:30:00.000-0000","updated":"2024-05-25T14:37:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"There are numerous families of malware out there, each with its own unique features. Some can steal sensitive data and exfiltrate it using specific protocols, some can introduce additional malware into the system, some can encrypt or destroy files, and many more. Despite their differences, these various malware families can collaborate in a symphonic manner to deliver a powerful infection. I've started referring to this as a “malware symphony” to describe how different types of malware contribute to the symphony of infections, much like instruments in an orchestra. One such example is CrackedCantil, which I named after Cracked Software and the Cantil Viper. In this particular malware campaign that originated from Cracked Software, at least nine different malware types were involved, including PrivateLoader, Smoke, Lumma, RedLine, RisePro, Amadey, Stealc, Socks5Systemz, and STOP. Here, the Loaders (PrivateLoader, Smoke) introduced several notorious malware into the system. The Infostealers (Lumma, RedLine, RisePro, Amadey, Stealc) exfilterated various sensitive information before the ransomware encrypted the files. The Proxy Bot malware (Socks5Systemz) transformed the system into a proxy bot, and the Ransomware (STOP) encrypted the files, demanding a ransom for their recovery. The full analysis can be found here: https://any.run/cybersecurity-blog/crackedcantil-breakdown/ This talk will delve into the malware symphonies, exploring how they are orchestrated to wreak havoc on systems.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#1d1ad9","updated_at":"2024-06-07T03:42+0000","name":"Talk - Track 4","id":46355},"title":"Decomposing a Malware Symphony: When Malware Work Together to Deliver a Powerful Infection","end_timestamp":{"seconds":1716838200,"nanoseconds":0},"android_description":"There are numerous families of malware out there, each with its own unique features. Some can steal sensitive data and exfiltrate it using specific protocols, some can introduce additional malware into the system, some can encrypt or destroy files, and many more. Despite their differences, these various malware families can collaborate in a symphonic manner to deliver a powerful infection. I've started referring to this as a “malware symphony” to describe how different types of malware contribute to the symphony of infections, much like instruments in an orchestra. One such example is CrackedCantil, which I named after Cracked Software and the Cantil Viper. In this particular malware campaign that originated from Cracked Software, at least nine different malware types were involved, including PrivateLoader, Smoke, Lumma, RedLine, RisePro, Amadey, Stealc, Socks5Systemz, and STOP. Here, the Loaders (PrivateLoader, Smoke) introduced several notorious malware into the system. The Infostealers (Lumma, RedLine, RisePro, Amadey, Stealc) exfilterated various sensitive information before the ransomware encrypted the files. The Proxy Bot malware (Socks5Systemz) transformed the system into a proxy bot, and the Ransomware (STOP) encrypted the files, demanding a ransom for their recovery. The full analysis can be found here: https://any.run/cybersecurity-blog/crackedcantil-breakdown/ This talk will delve into the malware symphonies, exploring how they are orchestrated to wreak havoc on systems.","updated_timestamp":{"seconds":1712622000,"nanoseconds":0},"speakers":[{"content_ids":[53978],"conference_id":139,"event_ids":[54312],"name":"Lena Yu","affiliations":[],"pronouns":null,"links":[{"description":"","title":"","sort_order":0,"url":"http://linkedin.com/in/lenaaaa"},{"description":"","title":"Website","sort_order":0,"url":"http://lambdamamba.com/"}],"media":[{"hash_sha256":"7411c082116338a072ed01314605c7609317f967ccbdfb502126527653b850fd","filetype":"image/png","hash_md5":"19766cc1d195d6bc458606f165a639a3","name":"LenaYu.png","hash_crc32c":"c2d74954","asset_id":537,"filesize":2886653,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FLenaYu.png?alt=media","person_id":53600}],"id":53600}],"timeband_id":1161,"links":[],"end":"2024-05-27T19:30:00.000-0000","id":54312,"begin_timestamp":{"seconds":1716837000,"nanoseconds":0},"village_id":null,"tag_ids":[46355],"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53600}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1800 (Track 4)","hotel":"","short_name":"Room 1800 (Track 4)","id":46207},"begin":"2024-05-27T19:10:00.000-0000","updated":"2024-04-09T00:20:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"All conference talks we hear about vulnerability hunting and exploitations are so cool -- so much so that it appears as if you would never get there unless you have been hacking since 14 years old. Will you not ever find cool bugs if you do not like setting up fuzzers or grinding with disassemblers? You are mistaken. In this talk, I will introduce the mindset that will slowly but organically yield the discovery of vulnerabilities without daunting learning curves or too many emotional rollercoasters often associated with “vulnerability research.” That is, let us do “security research” instead. As a case, I will discuss how I found vulnerabilities in the Windows Hypervisor. Throughout it, we will review the hardware-assisted virtualization technology the hypervisor relies on and Windows’ unique security boundary that is less scrutinized. Finally, the talk gives a few ideas to extend this work for more bug discoveries. You should attend this talk if you want to start bug hunting casually and naturally. You may not find bugs immediately, but bugs may find you soon.\n\n\n","title":"Do not find bugs; bugs find you","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#1d1ad9","updated_at":"2024-06-07T03:42+0000","name":"Talk - Track 4","id":46355},"android_description":"All conference talks we hear about vulnerability hunting and exploitations are so cool -- so much so that it appears as if you would never get there unless you have been hacking since 14 years old. Will you not ever find cool bugs if you do not like setting up fuzzers or grinding with disassemblers? You are mistaken. In this talk, I will introduce the mindset that will slowly but organically yield the discovery of vulnerabilities without daunting learning curves or too many emotional rollercoasters often associated with “vulnerability research.” That is, let us do “security research” instead. As a case, I will discuss how I found vulnerabilities in the Windows Hypervisor. Throughout it, we will review the hardware-assisted virtualization technology the hypervisor relies on and Windows’ unique security boundary that is less scrutinized. Finally, the talk gives a few ideas to extend this work for more bug discoveries. You should attend this talk if you want to start bug hunting casually and naturally. You may not find bugs immediately, but bugs may find you soon.","end_timestamp":{"seconds":1716836400,"nanoseconds":0},"updated_timestamp":{"seconds":1712621940,"nanoseconds":0},"speakers":[{"content_ids":[53977],"conference_id":139,"event_ids":[54311],"name":"Satoshi Tanda","affiliations":[],"links":[{"description":"","title":"","sort_order":0,"url":"http://www.linkedin.com/in/satoshitanda/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/standa_t"}],"pronouns":null,"id":53609,"media":[{"hash_sha256":"6b5a69eca4a1659b6cefd3b2bc80c5a86f4cfd654f9423e4cbf3bb64951bafcf","filetype":"image/jpeg","hash_md5":"8af4530dc3d513e1a325ba740f163266","name":"SatoshiTanda.jpg","hash_crc32c":"d9930134","filesize":15865,"asset_id":546,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FSatoshiTanda.jpg?alt=media","person_id":53609}]}],"timeband_id":1161,"links":[],"end":"2024-05-27T19:00:00.000-0000","id":54311,"tag_ids":[46355],"village_id":null,"begin_timestamp":{"seconds":1716835200,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53609}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1800 (Track 4)","hotel":"","short_name":"Room 1800 (Track 4)","id":46207},"spans_timebands":"N","updated":"2024-04-09T00:19:00.000-0000","begin":"2024-05-27T18:40:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"A Machine Learning Approach to Threat Hunting in Endpoint and Network Logs The talk will introduce Jupyter Notebooks for large-scale threat hunting. Rather than looking at vast data in a traditional tabular format, we will explore the effectiveness of visualizations, emphasizing graphs, to identify and investigate outliers. The primary area of focus would be Anomaly Detection applied to substantial volume of data to generate Alerts for SOC based on Windows Sysmon Endpoint Logs and Zeek/Suricata Logs.\r\n\r\nIn this talk, we will identify the anomalies in an environment without ingesting the data into a SIEM or an intelligent application, simply by using a Jupyter Notebook The potential of extracting patterns and deriving meaningful insights from data is vast. And hence, Introducing a detection engineering strategy using Machine Learning and Visualizations to Hunt for Threats in Endpoint and Network Logs. Furthermore, the same strategy could be extended to Hunt for threats in Cloud Environments such as AWS and Azure. The capability of detecting Outliers in an environment within few minutes and converting those into highly effective Alerts with minimal True Positives will be explored in this presentation.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#21db00","updated_at":"2024-06-07T03:42+0000","name":"Talk - Track 3","id":46354},"title":"Give me the damn Model for Threat Hunting","android_description":"A Machine Learning Approach to Threat Hunting in Endpoint and Network Logs The talk will introduce Jupyter Notebooks for large-scale threat hunting. Rather than looking at vast data in a traditional tabular format, we will explore the effectiveness of visualizations, emphasizing graphs, to identify and investigate outliers. The primary area of focus would be Anomaly Detection applied to substantial volume of data to generate Alerts for SOC based on Windows Sysmon Endpoint Logs and Zeek/Suricata Logs.\r\n\r\nIn this talk, we will identify the anomalies in an environment without ingesting the data into a SIEM or an intelligent application, simply by using a Jupyter Notebook The potential of extracting patterns and deriving meaningful insights from data is vast. And hence, Introducing a detection engineering strategy using Machine Learning and Visualizations to Hunt for Threats in Endpoint and Network Logs. Furthermore, the same strategy could be extended to Hunt for threats in Cloud Environments such as AWS and Azure. The capability of detecting Outliers in an environment within few minutes and converting those into highly effective Alerts with minimal True Positives will be explored in this presentation.","end_timestamp":{"seconds":1716838200,"nanoseconds":0},"updated_timestamp":{"seconds":1712621580,"nanoseconds":0},"speakers":[{"content_ids":[53970],"conference_id":139,"event_ids":[54304],"name":"Kai Iyer","affiliations":[{"organization":"EY's Cyber Threat Management","title":"Senior Security Engineer"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/anoop-krishnan47"}],"pronouns":null,"id":53620,"media":[{"hash_sha256":"b604e275b36c9840499dee52ffda9068d1c1600921146fa9136bff372ca608e0","filetype":"image/jpeg","hash_md5":"823e499661faa78f89aeb59ee0156b1f","name":"KaiIyer.jpg","hash_crc32c":"b267462d","asset_id":534,"filesize":126167,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FKaiIyer.jpg?alt=media","person_id":53620}],"title":"Senior Security Engineer at EY's Cyber Threat Management"}],"timeband_id":1161,"links":[],"end":"2024-05-27T19:30:00.000-0000","id":54304,"begin_timestamp":{"seconds":1716835200,"nanoseconds":0},"tag_ids":[46354],"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53620}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1700 (Track 3)","hotel":"","short_name":"Room 1700 (Track 3)","id":46206},"spans_timebands":"N","begin":"2024-05-27T18:40:00.000-0000","updated":"2024-04-09T00:13:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Your metrics are boring and dangerous. Recycled slides with meaningless counts of alerts, incidents, true and false positives… SNOOZE. Even worse, it’s motivating your team to distort the truth and subvert progress. This talk is your wake-up call to rethink your detection and response metrics.\r\n\r\nMetrics tell a story. But before we can describe the effectiveness of our capabilities, our audience first needs to grasp what modern detection and response is and its value. So, how do we tell that story, especially to leadership with a limited amount of time?\r\n\r\nMeasurements help us get results. But if you’re advocating for faster response times, you might be encouraging your team to make hasty decisions that lead to increased risk. So, how do we find a set of measurements, both qualitative and quantitative, that incentivizes progress and serves as a north star to modern detection and response?\r\n\r\nMetrics help shape decisions. But legacy methods of evaluating and reporting are preventing you from getting the support and funding you need to succeed. At the end of this talk, you’ll walk away with a practical framework for developing your own metrics, a new maturity model for measuring detection and response capabilities, data gathering techniques that tell a convincing story using micro-purple testing, and lots of visual examples of metrics that won’t put your audience to sleep.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#f300f7","name":"Talk - Track 2","id":46353},"title":"The Fault in Our Metrics: Rethinking How We Measure Detection & Response","end_timestamp":{"seconds":1716838200,"nanoseconds":0},"android_description":"Your metrics are boring and dangerous. Recycled slides with meaningless counts of alerts, incidents, true and false positives… SNOOZE. Even worse, it’s motivating your team to distort the truth and subvert progress. This talk is your wake-up call to rethink your detection and response metrics.\r\n\r\nMetrics tell a story. But before we can describe the effectiveness of our capabilities, our audience first needs to grasp what modern detection and response is and its value. So, how do we tell that story, especially to leadership with a limited amount of time?\r\n\r\nMeasurements help us get results. But if you’re advocating for faster response times, you might be encouraging your team to make hasty decisions that lead to increased risk. So, how do we find a set of measurements, both qualitative and quantitative, that incentivizes progress and serves as a north star to modern detection and response?\r\n\r\nMetrics help shape decisions. But legacy methods of evaluating and reporting are preventing you from getting the support and funding you need to succeed. At the end of this talk, you’ll walk away with a practical framework for developing your own metrics, a new maturity model for measuring detection and response capabilities, data gathering techniques that tell a convincing story using micro-purple testing, and lots of visual examples of metrics that won’t put your audience to sleep.","updated_timestamp":{"seconds":1712620920,"nanoseconds":0},"speakers":[{"content_ids":[53964],"conference_id":139,"event_ids":[54298],"name":"Allyn Stott","affiliations":[{"organization":"AirBNB","title":"Senior Staff Engineer"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/whyallyn/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/whyallyn"}],"id":53588,"media":[{"hash_sha256":"1f62b1663d33b86da30adf1de5fc58091c3eaba10dd97c6c50142df15dfac2b8","filetype":"image/png","hash_md5":"e57f78dcb82d2c70353c792accaf11b7","name":"AllynStott.png","hash_crc32c":"769de7a2","asset_id":513,"filesize":102307,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FAllynStott.png?alt=media","person_id":53588}],"title":"Senior Staff Engineer at AirBNB"}],"timeband_id":1161,"links":[],"end":"2024-05-27T19:30:00.000-0000","id":54298,"tag_ids":[46353],"begin_timestamp":{"seconds":1716835200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53588}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1400-1410 (Track 2)","hotel":"","short_name":"Room 1400-1410 (Track 2)","id":46205},"updated":"2024-04-09T00:02:00.000-0000","begin":"2024-05-27T18:40:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"In the realm of writing secure Python code, it's not only about functionality and performance; it's equally vital to shield your application and users from potential threats and vulnerabilities. Given Python's immense popularity, it becomes even more essential that we acquire the skills to build secure, dependable, and robust applications. Join me in this talk as we embark on a shared journey to master the art of secure Python coding. Together, let's empower ourselves to create a safer digital world.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#f77a00","updated_at":"2024-06-07T03:42+0000","name":"Talk - Track 1","id":46263},"title":"Top Tips for Python Security","android_description":"In the realm of writing secure Python code, it's not only about functionality and performance; it's equally vital to shield your application and users from potential threats and vulnerabilities. Given Python's immense popularity, it becomes even more essential that we acquire the skills to build secure, dependable, and robust applications. Join me in this talk as we embark on a shared journey to master the art of secure Python coding. Together, let's empower ourselves to create a safer digital world.","end_timestamp":{"seconds":1716838200,"nanoseconds":0},"updated_timestamp":{"seconds":1712620140,"nanoseconds":0},"speakers":[{"content_ids":[53958],"conference_id":139,"event_ids":[54292],"name":"Tanya Janca","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/tanya-janca"}],"pronouns":null,"media":[{"hash_sha256":"ac9033eae00890acc387652d960cdb16ad35ece53a71f04fa8e9b9371b0e5998","filetype":"image/jpeg","hash_md5":"cc8c2f592f089312ac8cc1e58aaa363c","name":"TanyaJanca.jpg","hash_crc32c":"e39eeea5","asset_id":550,"filesize":275264,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FTanyaJanca.jpg?alt=media","person_id":53613}],"id":53613}],"timeband_id":1161,"links":[],"end":"2024-05-27T19:30:00.000-0000","id":54292,"village_id":null,"tag_ids":[46263],"begin_timestamp":{"seconds":1716835200,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53613}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1900 (Track 1 - The Microsoft Room)","hotel":"","short_name":"Room 1900 (Track 1 - The Microsoft Room)","id":46204},"spans_timebands":"N","begin":"2024-05-27T18:40:00.000-0000","updated":"2024-04-08T23:49:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"The only thing that’s clear about prioritizing vulnerabilities is that we have not figured it out as an industry. We’ve got CVSS, EPSS, CISA KEV, and more scoring systems to work with – these have not solved our challenges. This talk looks at the updates in CVSS4 that offer a new path forward. What has changed, why, and how can we utilize the updated system to work smarter at prioritizing vulnerabilities within our organizations? This new approach provides opportunities to customize the scoring more to the actual environments we work in, influencing the final score for a vulnerability. Supplemental metrics provide further context that does not impact the scoring. We’ll start with an overview of the current systems before diving into the new changes, taking a look at some practical examples of recent vulnerabilities.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#1d1ad9","name":"Talk - Track 4","id":46355},"title":"Zero Trust in a Zero-Office World: Rethinking IAM for the Remote-First Enterprise","end_timestamp":{"seconds":1716834600,"nanoseconds":0},"android_description":"The only thing that’s clear about prioritizing vulnerabilities is that we have not figured it out as an industry. We’ve got CVSS, EPSS, CISA KEV, and more scoring systems to work with – these have not solved our challenges. This talk looks at the updates in CVSS4 that offer a new path forward. What has changed, why, and how can we utilize the updated system to work smarter at prioritizing vulnerabilities within our organizations? This new approach provides opportunities to customize the scoring more to the actual environments we work in, influencing the final score for a vulnerability. Supplemental metrics provide further context that does not impact the scoring. We’ll start with an overview of the current systems before diving into the new changes, taking a look at some practical examples of recent vulnerabilities.","updated_timestamp":{"seconds":1712621880,"nanoseconds":0},"speakers":[{"content_ids":[53976],"conference_id":139,"event_ids":[54310],"name":"Femi Ogunji","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/femiogunji/"}],"id":53593,"media":[{"hash_sha256":"958c7912ef57f284a3c7cac612cd83f28cf23715c55cea8e76bbfb134446e9bc","filetype":"image/jpeg","hash_md5":"12c7ea9b2ded9355778d59a58e6b6a0a","name":"FemiOgunji.jpg","hash_crc32c":"365af308","asset_id":525,"filesize":227599,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FFemiOgunji.jpg?alt=media","person_id":53593}]}],"timeband_id":1161,"links":[],"end":"2024-05-27T18:30:00.000-0000","id":54310,"village_id":null,"begin_timestamp":{"seconds":1716833400,"nanoseconds":0},"tag_ids":[46355],"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53593}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1800 (Track 4)","hotel":"","short_name":"Room 1800 (Track 4)","id":46207},"begin":"2024-05-27T18:10:00.000-0000","updated":"2024-04-09T00:18:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"The only thing that’s clear about prioritizing vulnerabilities is that we have not figured it out as an industry. We’ve got CVSS, EPSS, CISA KEV, and more scoring systems to work with – these have not solved our challenges. This talk looks at the updates in CVSS4 that offer a new path forward. What has changed, why, and how can we utilize the updated system to work smarter at prioritizing vulnerabilities within our organizations? This new approach provides opportunities to customize the scoring more to the actual environments we work in, influencing the final score for a vulnerability. Supplemental metrics provide further context that does not impact the scoring. We’ll start with an overview of the current systems before diving into the new changes, taking a look at some practical examples of recent vulnerabilities.\n\n\n","title":"What’s up with CVSS4?","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#1d1ad9","name":"Talk - Track 4","id":46355},"end_timestamp":{"seconds":1716832800,"nanoseconds":0},"android_description":"The only thing that’s clear about prioritizing vulnerabilities is that we have not figured it out as an industry. We’ve got CVSS, EPSS, CISA KEV, and more scoring systems to work with – these have not solved our challenges. This talk looks at the updates in CVSS4 that offer a new path forward. What has changed, why, and how can we utilize the updated system to work smarter at prioritizing vulnerabilities within our organizations? This new approach provides opportunities to customize the scoring more to the actual environments we work in, influencing the final score for a vulnerability. Supplemental metrics provide further context that does not impact the scoring. We’ll start with an overview of the current systems before diving into the new changes, taking a look at some practical examples of recent vulnerabilities.","updated_timestamp":{"seconds":1712621820,"nanoseconds":0},"speakers":[{"content_ids":[53975],"conference_id":139,"event_ids":[54309],"name":"Zach Wasserman","affiliations":[{"organization":"Fleet","title":"Co-founder and Technology Evangelist"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/zacharywasserman/"}],"pronouns":null,"media":[{"hash_sha256":"88ed53e6d21931470ee7594404652213c5aba6e0c2eaa8033c77b9c253b13ee2","filetype":"image/jpeg","hash_md5":"ae6d658326a6f62b7c7e99a339536cb7","name":"ZachWasserman.jpg","hash_crc32c":"9466bd3e","asset_id":552,"filesize":177672,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FZachWasserman.jpg?alt=media","person_id":53616}],"id":53616,"title":"Co-founder and Technology Evangelist at Fleet"}],"timeband_id":1161,"links":[],"end":"2024-05-27T18:00:00.000-0000","id":54309,"village_id":null,"tag_ids":[46355],"begin_timestamp":{"seconds":1716831600,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53616}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1800 (Track 4)","hotel":"","short_name":"Room 1800 (Track 4)","id":46207},"spans_timebands":"N","begin":"2024-05-27T17:40:00.000-0000","updated":"2024-04-09T00:17:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"In an era where AI-driven chatbots seamlessly integrate into our daily lives, it’s high time that we understand the risks caused by vulnerabilities associated with it. Join us on an exciting journey as we break down the complexities of AI chatbot hacking and explore the potential threats hidden below the surface. In this tech talk, we will begin with the basics of AI, then shift into the common vulnerabilities of AI chat bots, and finally deep dive into the top two vulnerable categories. Through a live hacking lab and real-world attack scenarios, we will demonstrate how an attacker leverages AI chatbot vulnerabilities to compromise user privacy, spread misinformation, and perpetrate social engineering attacks. Furthermore, we will discuss some security measures aimed at minimizing these risks, thereby fostering a more secure digital environment accessible to everyone. By the end of this talk, participants will have developed a deeper awareness of the challenges in securing AI chatbots and will be empowered with practical strategies to fortify their systems effectively. Whether you're a cybersecurity professional, AI enthusiast, or simply curious about tech and security, this talk will inform, inspire, and spark a passion for keeping AI communication safe.\n\n\n","title":"Beyond Interactions: Hacking Chatbots Like a Pro","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#21db00","name":"Talk - Track 3","id":46354},"end_timestamp":{"seconds":1716834600,"nanoseconds":0},"android_description":"In an era where AI-driven chatbots seamlessly integrate into our daily lives, it’s high time that we understand the risks caused by vulnerabilities associated with it. Join us on an exciting journey as we break down the complexities of AI chatbot hacking and explore the potential threats hidden below the surface. In this tech talk, we will begin with the basics of AI, then shift into the common vulnerabilities of AI chat bots, and finally deep dive into the top two vulnerable categories. Through a live hacking lab and real-world attack scenarios, we will demonstrate how an attacker leverages AI chatbot vulnerabilities to compromise user privacy, spread misinformation, and perpetrate social engineering attacks. Furthermore, we will discuss some security measures aimed at minimizing these risks, thereby fostering a more secure digital environment accessible to everyone. By the end of this talk, participants will have developed a deeper awareness of the challenges in securing AI chatbots and will be empowered with practical strategies to fortify their systems effectively. Whether you're a cybersecurity professional, AI enthusiast, or simply curious about tech and security, this talk will inform, inspire, and spark a passion for keeping AI communication safe.","updated_timestamp":{"seconds":1712621460,"nanoseconds":0},"speakers":[{"content_ids":[53969],"conference_id":139,"event_ids":[54303],"name":"Mohankumar Vengatachalam","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/vimokumar/"}],"id":53604,"media":[{"hash_sha256":"37032918bd858310aa55210f0ba23a132f41d97ad0f1696a5999504d4aa68127","filetype":"image/jpeg","hash_md5":"76a15a8698fb5e987be464ee257d6b30","name":"MohankumarVengatachalam.jpg","hash_crc32c":"99f8a8bc","filesize":468011,"asset_id":541,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FMohankumarVengatachalam.jpg?alt=media","person_id":53604}]},{"content_ids":[53969],"conference_id":139,"event_ids":[54303],"name":"Naveen Konrajankuppam Mahavishnu","affiliations":[{"organization":"","title":"Security Researcher"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/naveenkm94/"}],"pronouns":null,"media":[{"hash_sha256":"85ccd73f8016f7cc54caf21b314cf66fd552e5e5423cf1b13ce26ff4a4881846","filetype":"image/jpeg","hash_md5":"73a63ab5055ee0d6dadd2999acd394a3","name":"NaveenKonrajankuppamMahavishnu.jpg","hash_crc32c":"98550c4b","asset_id":542,"filesize":33918,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FNaveenKonrajankuppamMahavishnu.jpg?alt=media","person_id":53605}],"id":53605,"title":"Security Researcher"}],"timeband_id":1161,"links":[],"end":"2024-05-27T18:30:00.000-0000","id":54303,"tag_ids":[46354],"begin_timestamp":{"seconds":1716831600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53604},{"tag_id":46264,"sort_order":1,"person_id":53605}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1700 (Track 3)","hotel":"","short_name":"Room 1700 (Track 3)","id":46206},"begin":"2024-05-27T17:40:00.000-0000","updated":"2024-04-09T00:11:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Join Lia Sana, Senior Information Security Architect and Mahtab Rae, Information Security Architect, Fraser Health Authority, as they delve into the application of Artificial Intelligence (AI) in healthcare settings, with a particular emphasis on its governance and control. They will discuss the transformative potential of AI in revolutionizing healthcare delivery, diagnosis, and patient care, as well as, explore the critical aspect of governance and control mechanisms necessary to ensure the ethical and responsible use of AI in this sensitive sector.\r\n\r\nThis presentation will illustrate the Healthcare AI applications with real-world use cases, demonstrating how AI can be leveraged to improve patient outcomes, streamline operations, and enhance decision-making processes in healthcare. These examples will provide a practical perspective on the integration of AI in healthcare, making the discussion more relatable and comprehensible. In addition, the presentation will address the associated risks of AI application in healthcare, such as data privacy concerns, potential bias in AI algorithms, and the need for human oversight. It will underscore the importance of robust internal control systems to mitigate these risks and ensure the safe and effective use of AI.\r\n\r\nDrawing from industry standards and generally accepted responsible AI practices, the presentation will provide a comprehensive overview of the current best practices in AI governance. It will offer insights into how these practices can be adopted and adapted in a healthcare setting to ensure that AI is used responsibly and ethically.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#f300f7","updated_at":"2024-06-07T03:42+0000","name":"Talk - Track 2","id":46353},"title":"AI in a Healthcare Setting: Opportunities and Risks","end_timestamp":{"seconds":1716834600,"nanoseconds":0},"android_description":"Join Lia Sana, Senior Information Security Architect and Mahtab Rae, Information Security Architect, Fraser Health Authority, as they delve into the application of Artificial Intelligence (AI) in healthcare settings, with a particular emphasis on its governance and control. They will discuss the transformative potential of AI in revolutionizing healthcare delivery, diagnosis, and patient care, as well as, explore the critical aspect of governance and control mechanisms necessary to ensure the ethical and responsible use of AI in this sensitive sector.\r\n\r\nThis presentation will illustrate the Healthcare AI applications with real-world use cases, demonstrating how AI can be leveraged to improve patient outcomes, streamline operations, and enhance decision-making processes in healthcare. These examples will provide a practical perspective on the integration of AI in healthcare, making the discussion more relatable and comprehensible. In addition, the presentation will address the associated risks of AI application in healthcare, such as data privacy concerns, potential bias in AI algorithms, and the need for human oversight. It will underscore the importance of robust internal control systems to mitigate these risks and ensure the safe and effective use of AI.\r\n\r\nDrawing from industry standards and generally accepted responsible AI practices, the presentation will provide a comprehensive overview of the current best practices in AI governance. It will offer insights into how these practices can be adopted and adapted in a healthcare setting to ensure that AI is used responsibly and ethically.","updated_timestamp":{"seconds":1712620740,"nanoseconds":0},"speakers":[{"content_ids":[53963],"conference_id":139,"event_ids":[54297],"name":"Lia Sana","affiliations":[{"organization":"Fraser Health Authority","title":"Senior Information Security Architect"}],"links":[],"pronouns":null,"media":[{"hash_sha256":"2924d54b287a167d89896305b40c951685a1dcae187a731ff7c26b83d5a469dd","filetype":"image/jpeg","hash_md5":"ee3f780e2334278b881919d1420826e3","name":"LiaSana.jpg","hash_crc32c":"eb93179b","filesize":164546,"asset_id":538,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FLiaSana.jpg?alt=media","person_id":53601}],"id":53601,"title":"Senior Information Security Architect at Fraser Health Authority"},{"content_ids":[53963],"conference_id":139,"event_ids":[54297],"name":"Mahtab Rae","affiliations":[{"organization":"Fraser Health Authority","title":"Information Security Architect"}],"links":[],"pronouns":null,"id":53602,"media":[{"hash_sha256":"f9936e5cbb46a78c60e65d5e2b6abc06c36633a097ea58584f7846f2db924ecd","filetype":"image/jpeg","hash_md5":"8eb5601f9a49d3637e1bb30737193294","name":"MahtabRae.jpg","hash_crc32c":"c03b4449","asset_id":539,"filesize":28161,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FMahtabRae.jpg?alt=media","person_id":53602}],"title":"Information Security Architect at Fraser Health Authority"}],"timeband_id":1161,"links":[],"end":"2024-05-27T18:30:00.000-0000","id":54297,"begin_timestamp":{"seconds":1716831600,"nanoseconds":0},"tag_ids":[46353],"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53601},{"tag_id":46264,"sort_order":1,"person_id":53602}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1400-1410 (Track 2)","hotel":"","short_name":"Room 1400-1410 (Track 2)","id":46205},"spans_timebands":"N","begin":"2024-05-27T17:40:00.000-0000","updated":"2024-04-08T23:59:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"We prefer to avoid ISO 27001 accredited corporations” said no current or future customer ever. ISO compliance can be a catalyst for new sales, improved customer relationships and increased platform confidentiality, integrity and availability. This talk by two seasoned security professionals will demonstrate how to use open source tools and techniques to build existing business practices into the ISO 27001 framework.\n\n\n","title":"From Zero to ISO27k","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#f77a00","name":"Talk - Track 1","id":46263},"end_timestamp":{"seconds":1716834600,"nanoseconds":0},"android_description":"We prefer to avoid ISO 27001 accredited corporations” said no current or future customer ever. ISO compliance can be a catalyst for new sales, improved customer relationships and increased platform confidentiality, integrity and availability. This talk by two seasoned security professionals will demonstrate how to use open source tools and techniques to build existing business practices into the ISO 27001 framework.","updated_timestamp":{"seconds":1712620140,"nanoseconds":0},"speakers":[{"content_ids":[53957],"conference_id":139,"event_ids":[54291],"name":"Josh Sokol","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/joshsokol"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/joshsokol"}],"media":[{"hash_sha256":"9209bd3986ed99a2144cc86b3c1f6fbc41b7376993b2ae51663caa383df2a89e","filetype":"image/jpeg","hash_md5":"df03445797d1ceb2813a2d734a28a3dd","name":"JoshSokol.jpg","hash_crc32c":"2fc6af5f","asset_id":532,"filesize":324591,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FJoshSokol.jpg?alt=media","person_id":53597}],"id":53597}],"timeband_id":1161,"links":[],"end":"2024-05-27T18:30:00.000-0000","id":54291,"village_id":null,"tag_ids":[46263],"begin_timestamp":{"seconds":1716831600,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53597}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1900 (Track 1 - The Microsoft Room)","hotel":"","short_name":"Room 1900 (Track 1 - The Microsoft Room)","id":46204},"updated":"2024-04-08T23:49:00.000-0000","begin":"2024-05-27T17:40:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Mix & Mingle\r\n\r\nAlso, a book signing with Micah Lee\n\n\n","title":"Mix and Mingle and Book Signing","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#420d40","name":"Misc","id":46275},"android_description":"Mix & Mingle\r\n\r\nAlso, a book signing with Micah Lee","end_timestamp":{"seconds":1716831000,"nanoseconds":0},"updated_timestamp":{"seconds":1716647700,"nanoseconds":0},"speakers":[],"timeband_id":1161,"links":[],"end":"2024-05-27T17:30:00.000-0000","id":54287,"begin_timestamp":{"seconds":1716829200,"nanoseconds":0},"tag_ids":[46275],"village_id":null,"includes":"","people":[],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Sponsor Hall","hotel":"","short_name":"Sponsor Hall","id":46249},"updated":"2024-05-25T14:35:00.000-0000","begin":"2024-05-27T17:00:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"","title":"Keynote (Simulcast)","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#1d1ad9","updated_at":"2024-06-07T03:42+0000","name":"Talk - Track 4","id":46355},"end_timestamp":{"seconds":1716829200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1716652020,"nanoseconds":0},"speakers":[{"content_ids":[53952,54123,54124,54125],"conference_id":139,"event_ids":[54286,54474,54475,54476],"name":"Micah Lee","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53617}],"timeband_id":1161,"links":[],"end":"2024-05-27T17:00:00.000-0000","id":54476,"tag_ids":[46355],"village_id":null,"begin_timestamp":{"seconds":1716826200,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53617}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1800 (Track 4)","hotel":"","short_name":"Room 1800 (Track 4)","id":46207},"spans_timebands":"N","updated":"2024-05-25T15:47:00.000-0000","begin":"2024-05-27T16:10:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#21db00","name":"Talk - Track 3","id":46354},"title":"Keynote (Simulcast)","end_timestamp":{"seconds":1716829200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1716652020,"nanoseconds":0},"speakers":[{"content_ids":[53952,54123,54124,54125],"conference_id":139,"event_ids":[54286,54474,54475,54476],"name":"Micah Lee","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53617}],"timeband_id":1161,"links":[],"end":"2024-05-27T17:00:00.000-0000","id":54475,"tag_ids":[46354],"village_id":null,"begin_timestamp":{"seconds":1716826200,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53617}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1700 (Track 3)","hotel":"","short_name":"Room 1700 (Track 3)","id":46206},"begin":"2024-05-27T16:10:00.000-0000","updated":"2024-05-25T15:47:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"","title":"Keynote (Simulcast)","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#f300f7","name":"Talk - Track 2","id":46353},"end_timestamp":{"seconds":1716829200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1716652020,"nanoseconds":0},"speakers":[{"content_ids":[53952,54123,54124,54125],"conference_id":139,"event_ids":[54286,54474,54475,54476],"name":"Micah Lee","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53617}],"timeband_id":1161,"links":[],"end":"2024-05-27T17:00:00.000-0000","id":54474,"tag_ids":[46353],"begin_timestamp":{"seconds":1716826200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53617}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 1400-1410 (Track 2)","hotel":"","short_name":"Room 1400-1410 (Track 2)","id":46205},"updated":"2024-05-25T15:47:00.000-0000","begin":"2024-05-27T16:10:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"","title":"Opening Keynote","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#f77a00","name":"Talk - Track 1","id":46263},"android_description":"","end_timestamp":{"seconds":1716829200,"nanoseconds":0},"updated_timestamp":{"seconds":1712618400,"nanoseconds":0},"speakers":[{"content_ids":[53952,54123,54124,54125],"conference_id":139,"event_ids":[54286,54474,54475,54476],"name":"Micah Lee","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53617}],"timeband_id":1161,"links":[],"end":"2024-05-27T17:00:00.000-0000","id":54286,"tag_ids":[46263],"village_id":null,"begin_timestamp":{"seconds":1716826200,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53617}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Tracks 1-4","hotel":"","short_name":"Tracks 1-4","id":46208},"spans_timebands":"N","begin":"2024-05-27T16:10:00.000-0000","updated":"2024-04-08T23:20:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"","title":"Intro","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#f77a00","updated_at":"2024-06-07T03:42+0000","name":"Talk - Track 1","id":46263},"android_description":"","end_timestamp":{"seconds":1716826200,"nanoseconds":0},"updated_timestamp":{"seconds":1712618340,"nanoseconds":0},"speakers":[],"timeband_id":1161,"links":[],"end":"2024-05-27T16:10:00.000-0000","id":54285,"begin_timestamp":{"seconds":1716825600,"nanoseconds":0},"village_id":null,"tag_ids":[46263],"includes":"","people":[],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Tracks 1-4","hotel":"","short_name":"Tracks 1-4","id":46208},"spans_timebands":"N","updated":"2024-04-08T23:19:00.000-0000","begin":"2024-05-27T16:00:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"","title":"Registration","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#420d40","name":"Misc","id":46275},"android_description":"","end_timestamp":{"seconds":1716825600,"nanoseconds":0},"updated_timestamp":{"seconds":1712618280,"nanoseconds":0},"speakers":[],"timeband_id":1161,"links":[],"end":"2024-05-27T16:00:00.000-0000","id":54284,"begin_timestamp":{"seconds":1716822000,"nanoseconds":0},"tag_ids":[46275],"village_id":null,"includes":"","people":[],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46209},"spans_timebands":"N","begin":"2024-05-27T15:00:00.000-0000","updated":"2024-04-08T23:18:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"This workshop is designed to teach participants techniques and methodologies for discovering and analyzing digital infrastructure utilized by cyber adversaries. It will focus on leveraging publicly available, open-source intelligence (OSINT) tools and resources to systematically uncover and map the network assets of potential cyber threats.\r\n\r\nWe will start with a brief discussion of the types of digital assets (such as servers, domains and IP addresses) commonly used by adversaries and their purposes in cyber operations. We will then introduce some of the free and open source tools that are readily available to conduct tactical threat hunting. We’ll conclude with several exercises using multiple tools for participants to gain proficiency discovering active adversary infrastructure and turning it into actionable intelligence.\r\n\r\nThe workshop will include hands-on exercises using free and open source tools such as Shodan, Censys, and urlscan.io to identify and analyze malicious infrastructure linked to a range of malware (stealer, botnet, RAT, etc.) families and command-and-control (C2) frameworks such as Cobalt Strike.\n\n\n","title":"Precision Threat Hunting: Unveiling Adversary Infrastructure using Free and Open Source Tools with Greg","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#ea1b1b","name":"Training","id":46276},"android_description":"This workshop is designed to teach participants techniques and methodologies for discovering and analyzing digital infrastructure utilized by cyber adversaries. It will focus on leveraging publicly available, open-source intelligence (OSINT) tools and resources to systematically uncover and map the network assets of potential cyber threats.\r\n\r\nWe will start with a brief discussion of the types of digital assets (such as servers, domains and IP addresses) commonly used by adversaries and their purposes in cyber operations. We will then introduce some of the free and open source tools that are readily available to conduct tactical threat hunting. We’ll conclude with several exercises using multiple tools for participants to gain proficiency discovering active adversary infrastructure and turning it into actionable intelligence.\r\n\r\nThe workshop will include hands-on exercises using free and open source tools such as Shodan, Censys, and urlscan.io to identify and analyze malicious infrastructure linked to a range of malware (stealer, botnet, RAT, etc.) families and command-and-control (C2) frameworks such as Cobalt Strike.","end_timestamp":{"seconds":1716766200,"nanoseconds":0},"updated_timestamp":{"seconds":1712636520,"nanoseconds":0},"speakers":[{"content_ids":[53996],"conference_id":139,"event_ids":[54330],"name":"Greg Leah","affiliations":[{"organization":"PrecisionSec","title":"Founder"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/greg-leah/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/powershellcode"}],"media":[{"hash_sha256":"42f3aeb9bc028fcb89f5341d6cdd22f072106a6996553db89673a4fa4bb42e32","filetype":"image/jpeg","hash_md5":"6a5b42f87a5ade2e2b77ccc15a202bc0","name":"GregLeah.jpg","hash_crc32c":"66a974ed","filesize":30905,"asset_id":526,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FGregLeah.jpg?alt=media","person_id":53632}],"id":53632,"title":"Founder at PrecisionSec"}],"timeband_id":1160,"links":[],"end":"2024-05-26T23:30:00.000-0000","id":54330,"village_id":null,"begin_timestamp":{"seconds":1716759000,"nanoseconds":0},"tag_ids":[46276],"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53632}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 2270","hotel":"","short_name":"Room 2270","id":46210},"spans_timebands":"N","begin":"2024-05-26T21:30:00.000-0000","updated":"2024-04-09T04:22:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"* Introduction to OSINT: Understand its importance and considerations.\r\n\r\n* Search Techniques: Learn methods for gathering data efficiently.\r\n\r\n* Geolocation and Image Analysis: Explore extracting intelligence from images and geolocation data.\r\n\r\n* Saving Online Content: Discover tools and techniques for archiving and organizing online information.\r\n\r\n* OSINT Resources: Explore valuable online tools for OSINT.\n\n\n","title":"The Art of OSINT: Techniques and Tools Revealed with Ritu","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#ea1b1b","updated_at":"2024-06-07T03:42+0000","name":"Training","id":46276},"android_description":"* Introduction to OSINT: Understand its importance and considerations.\r\n\r\n* Search Techniques: Learn methods for gathering data efficiently.\r\n\r\n* Geolocation and Image Analysis: Explore extracting intelligence from images and geolocation data.\r\n\r\n* Saving Online Content: Discover tools and techniques for archiving and organizing online information.\r\n\r\n* OSINT Resources: Explore valuable online tools for OSINT.","end_timestamp":{"seconds":1716764400,"nanoseconds":0},"updated_timestamp":{"seconds":1712636460,"nanoseconds":0},"speakers":[{"content_ids":[53982,53995],"conference_id":139,"event_ids":[54316,54329],"name":"Ritu Gill","affiliations":[{"organization":"","title":"Intelligence Analyst"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/ritugill-osinttechniques/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/OSINTtechniques"},{"description":"","title":"Website","sort_order":0,"url":"https://www.osinttechniques.com/"},{"description":"","title":"Website (2)","sort_order":0,"url":"https://www.forensicosint.com/"}],"id":53608,"media":[{"hash_sha256":"e79fdeed84a6a69df3a01b1fb3ccd5824491c23cd530e0ffcb9574897c073cb2","filetype":"image/jpeg","hash_md5":"7cecce00d074bc221de8c4e5ad4a94f8","name":"RituGill.jpg","hash_crc32c":"827ef50a","asset_id":545,"filesize":36727,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FRituGill.jpg?alt=media","person_id":53608}],"title":"Intelligence Analyst"}],"timeband_id":1160,"links":[],"end":"2024-05-26T23:00:00.000-0000","id":54329,"tag_ids":[46276],"begin_timestamp":{"seconds":1716757200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53608}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 2200","hotel":"","short_name":"Room 2200","id":46213},"begin":"2024-05-26T21:00:00.000-0000","updated":"2024-04-09T04:21:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"The course \"Unveiling cyber-criminal actions: The Art of Battlefield Forensics and Incident Response\" covers essential topics in digital forensics, emphasizing the importance of understanding intake/collection processes and their impact on case outcomes. It highlights the significance of acquiring memory and detecting encryption. Specialization options and methods for diving deeper into the field are discussed.\r\n\r\nStudents learn about file systems, metadata, evidence formats, and scene management for effective evidence acquisition. Acquisition hardware and software, including live response and dead box methods, are explored. Various acquisition methodologies, such as accessing devices and interacting with data, are covered. Hands-on labs demonstrate live response, dead box acquisition, and triage collection.\r\n\r\nFurther topics include memory acquisition, encryption checking, host-based live acquisition, dead box acquisition, rapid triage with tools like KAPE, file and stream recovery, advanced data carving, and OSINT for threat intelligence gathering. Throughout the course, students gain practical skills in evidence acquisition and analysis critical for digital forensic investigations.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#ea1b1b","updated_at":"2024-06-07T03:42+0000","name":"Training","id":46276},"title":"Unveiling Cyber-Criminal Actions: The Art of Battlefield Forensics and Incident Response with Anna and Neumann","end_timestamp":{"seconds":1716768000,"nanoseconds":0},"android_description":"The course \"Unveiling cyber-criminal actions: The Art of Battlefield Forensics and Incident Response\" covers essential topics in digital forensics, emphasizing the importance of understanding intake/collection processes and their impact on case outcomes. It highlights the significance of acquiring memory and detecting encryption. Specialization options and methods for diving deeper into the field are discussed.\r\n\r\nStudents learn about file systems, metadata, evidence formats, and scene management for effective evidence acquisition. Acquisition hardware and software, including live response and dead box methods, are explored. Various acquisition methodologies, such as accessing devices and interacting with data, are covered. Hands-on labs demonstrate live response, dead box acquisition, and triage collection.\r\n\r\nFurther topics include memory acquisition, encryption checking, host-based live acquisition, dead box acquisition, rapid triage with tools like KAPE, file and stream recovery, advanced data carving, and OSINT for threat intelligence gathering. Throughout the course, students gain practical skills in evidence acquisition and analysis critical for digital forensic investigations.","updated_timestamp":{"seconds":1712636280,"nanoseconds":0},"speakers":[{"content_ids":[53994],"conference_id":139,"event_ids":[54328],"name":"Anna Truss","affiliations":[{"organization":"DefSec LLC","title":"Founder and CEO"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/annatruss"}],"pronouns":null,"id":53629,"media":[{"hash_sha256":"15507eef9228427e2f7c04f74fd397f70360d5fc83a8fa204298b22c8215a9e3","filetype":"image/jpeg","hash_md5":"24245d9c92c6e167148fccd4fd2ddc54","name":"AnnaTruss.jpg","hash_crc32c":"79658b62","filesize":114806,"asset_id":515,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FAnnaTruss.jpg?alt=media","person_id":53629}],"title":"Founder and CEO at DefSec LLC"},{"content_ids":[53994],"conference_id":139,"event_ids":[54328],"name":"Neumann Lim","affiliations":[{"organization":"Odlum Brown","title":"Manager"}],"pronouns":null,"links":[{"description":"","title":"","sort_order":0,"url":"https://ca.linkedin.com/in/neumannlim"}],"id":53630,"media":[{"hash_sha256":"e5a703171a3a78b97c92e39749a39834a6d3b23e9726db9334861c23dca84463","filetype":"image/jpeg","hash_md5":"db7bd61915e4237471bac28877eb2e32","name":"NeumannLim.jpg","hash_crc32c":"37350941","asset_id":543,"filesize":18311,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FNeumannLim.jpg?alt=media","person_id":53630}],"title":"Manager at Odlum Brown"}],"timeband_id":1160,"links":[],"end":"2024-05-27T00:00:00.000-0000","id":54328,"tag_ids":[46276],"begin_timestamp":{"seconds":1716752700,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53629},{"tag_id":46264,"sort_order":1,"person_id":53630}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 2945","hotel":"","short_name":"Room 2945","id":46211},"updated":"2024-04-09T04:18:00.000-0000","begin":"2024-05-26T19:45:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Docker has gained immense popularity among development and SRE teams for allowing consistency across development/test/prod environments, and enabling immutable infrastructure and higher compute density. As security professionals, it helps to understand how Docker works to be able to secure our workloads. At the same time, there are a number of use cases where Docker makes our lives easier as well.\r\n\r\nIn this workshop we'll get our feet wet with Docker:\r\n\r\n- Explore the basics of Docker and how it works\r\n\r\n- Work through a number of security-relevant use cases: exploring different OS distros, running containerized security tools, building custom images, scanning Docker images for CVEs and secrets, image structure and manual introspection.\r\n\r\nPre-requisites:\r\n\r\n- Laptop with Docker installed. Docker Desktop recommended, but Docker Engine should work too.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#ea1b1b","updated_at":"2024-06-07T03:42+0000","name":"Training","id":46276},"title":"Docker for Security Use Cases Workshop with Amiran","end_timestamp":{"seconds":1716768000,"nanoseconds":0},"android_description":"Docker has gained immense popularity among development and SRE teams for allowing consistency across development/test/prod environments, and enabling immutable infrastructure and higher compute density. As security professionals, it helps to understand how Docker works to be able to secure our workloads. At the same time, there are a number of use cases where Docker makes our lives easier as well.\r\n\r\nIn this workshop we'll get our feet wet with Docker:\r\n\r\n- Explore the basics of Docker and how it works\r\n\r\n- Work through a number of security-relevant use cases: exploring different OS distros, running containerized security tools, building custom images, scanning Docker images for CVEs and secrets, image structure and manual introspection.\r\n\r\nPre-requisites:\r\n\r\n- Laptop with Docker installed. Docker Desktop recommended, but Docker Engine should work too.","updated_timestamp":{"seconds":1712635560,"nanoseconds":0},"speakers":[{"content_ids":[53988,53989],"conference_id":139,"event_ids":[54323,54322],"name":"Amiran Alavidze","affiliations":[],"links":[],"pronouns":null,"id":53622,"media":[{"hash_sha256":"04a679a2715c7dc96e870f4a7700a77cb2f1dc3dd7a29e1ee2c55e94539e8294","filetype":"image/png","hash_md5":"262115617a7cb515893e29e1e01844a6","name":"AmiranAlavidze.png","hash_crc32c":"84a6a6b1","asset_id":514,"filesize":98259,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FAmiranAlavidze.png?alt=media","person_id":53622}]}],"timeband_id":1160,"links":[],"end":"2024-05-27T00:00:00.000-0000","id":54323,"tag_ids":[46276],"begin_timestamp":{"seconds":1716752700,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53622}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 2250","hotel":"","short_name":"Room 2250","id":46214},"spans_timebands":"N","updated":"2024-04-09T04:06:00.000-0000","begin":"2024-05-26T19:45:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"CodeQL is an open-source static analysis tool that can be used to find vulnerabilities, anti-patterns, code smells, and other interesting patterns in your codebases. Code patterns are abstracted into language specific queries that can be used to scan across many repositories for QA, research, and variant hunt purposes with the option to integrate as part of your CI/CD pipeline. CodeQL is powerful and extensible, with many included queries as well as a query language that allows a query author to write their own. In this workshop we’ll write queries for three C# vulnerabilities: BinaryFormatter deserialization of untrusted data, use of the weak hash SHA1, and creation of a Weak RSA Key. This workshop focuses on C# but the concepts are applicable to any other language that CodeQL supports. \r\n\r\nBy the end of this presentation, participants will be able to author their own queries, become familiar with the features of the CodeQL VSCode extension, and understand how to model dataflow in CodeQL.\n\n\n","title":"CodeQL with Chanel","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#ea1b1b","name":"Training","id":46276},"android_description":"CodeQL is an open-source static analysis tool that can be used to find vulnerabilities, anti-patterns, code smells, and other interesting patterns in your codebases. Code patterns are abstracted into language specific queries that can be used to scan across many repositories for QA, research, and variant hunt purposes with the option to integrate as part of your CI/CD pipeline. CodeQL is powerful and extensible, with many included queries as well as a query language that allows a query author to write their own. In this workshop we’ll write queries for three C# vulnerabilities: BinaryFormatter deserialization of untrusted data, use of the weak hash SHA1, and creation of a Weak RSA Key. This workshop focuses on C# but the concepts are applicable to any other language that CodeQL supports. \r\n\r\nBy the end of this presentation, participants will be able to author their own queries, become familiar with the features of the CodeQL VSCode extension, and understand how to model dataflow in CodeQL.","end_timestamp":{"seconds":1716753600,"nanoseconds":0},"updated_timestamp":{"seconds":1712636160,"nanoseconds":0},"speakers":[{"content_ids":[53993],"conference_id":139,"event_ids":[54327],"name":"Chanel Young","affiliations":[{"organization":"Microsoft Security","title":"Software Engineer"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/chanelyoung99/"}],"id":53628,"media":[{"hash_sha256":"fb07eff0225073926092da7783d4d2793a19473e6e454645c364c94d25e22c20","filetype":"image/png","hash_md5":"509ca90ae1455cccfece2d5a6745b9ae","name":"ChanelYoung.png","hash_crc32c":"50efae90","asset_id":521,"filesize":1038243,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FChanelYoung.png?alt=media","person_id":53628}],"title":"Software Engineer at Microsoft Security"}],"timeband_id":1160,"links":[],"end":"2024-05-26T20:00:00.000-0000","id":54327,"village_id":null,"tag_ids":[46276],"begin_timestamp":{"seconds":1716746400,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53628}],"tags":"","conference_id":139,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 2200","hotel":"","short_name":"Room 2200","id":46213},"updated":"2024-04-09T04:16:00.000-0000","begin":"2024-05-26T18:00:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"This workshop provides an in-depth exploration of Digital Forensics and Incident Response (DFIR) through interactive, cloud-based labs. Participants will have access to a wide array of logs, including system, network, and memory data, to explore and investigate. The session emphasizes practical skills in analyzing and responding to cybersecurity threats using tools like Elasticsearch and Kibana. Attendees will experience the power of interactive dashboards and visualizations, along with the ability to search through raw data in Elasticsearch. This hands-on approach ensures a comprehensive understanding of digital forensics, equipping participants to tackle real-world security challenges effectively.\r\n\r\nWorkshop participants will require a laptop that can support a modern web browser. Tools utilized as part of the workshop will be cloud-based and accessed through the browser.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#ea1b1b","name":"Training","id":46276},"title":"Practical Intrusion Analysis: Investigating Real-World Intrusions with Kostas","android_description":"This workshop provides an in-depth exploration of Digital Forensics and Incident Response (DFIR) through interactive, cloud-based labs. Participants will have access to a wide array of logs, including system, network, and memory data, to explore and investigate. The session emphasizes practical skills in analyzing and responding to cybersecurity threats using tools like Elasticsearch and Kibana. Attendees will experience the power of interactive dashboards and visualizations, along with the ability to search through raw data in Elasticsearch. This hands-on approach ensures a comprehensive understanding of digital forensics, equipping participants to tackle real-world security challenges effectively.\r\n\r\nWorkshop participants will require a laptop that can support a modern web browser. Tools utilized as part of the workshop will be cloud-based and accessed through the browser.","end_timestamp":{"seconds":1716768000,"nanoseconds":0},"updated_timestamp":{"seconds":1712635980,"nanoseconds":0},"speakers":[{"content_ids":[53992],"conference_id":139,"event_ids":[54326],"name":"Kostas","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/kostastsale/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/kostastsale"}],"media":[{"hash_sha256":"8f30a8e2b6250a91e8985673dc1b47c19082b9f884e823efa78cf09f9ae980f9","filetype":"image/jpeg","hash_md5":"b73093fdb733a6f473d14c543141e446","name":"Kostas.jpg","hash_crc32c":"fbd56f35","asset_id":536,"filesize":34976,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FKostas.jpg?alt=media","person_id":53627}],"id":53627}],"timeband_id":1160,"links":[],"end":"2024-05-27T00:00:00.000-0000","id":54326,"tag_ids":[46276],"begin_timestamp":{"seconds":1716744600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53627}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 2245","hotel":"","short_name":"Room 2245","id":46212},"spans_timebands":"N","updated":"2024-04-09T04:13:00.000-0000","begin":"2024-05-26T17:30:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"If your workload already lives on AWS, then there is a high chance that some temporary AWS credentials have been securely distributed to perform needed tasks. But what happens when your workload is on premises? In this workshop, learn how to use AWS Identity and Access Management (IAM) Roles Anywhere. Start from the basics and create the necessary steps to learn how to use your applications outside of AWS in a safe way using IAM Roles Anywhere in practice.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","color":"#ea1b1b","name":"Training","id":46276},"title":"Cloud Access Control with Colin and Brad","android_description":"If your workload already lives on AWS, then there is a high chance that some temporary AWS credentials have been securely distributed to perform needed tasks. But what happens when your workload is on premises? In this workshop, learn how to use AWS Identity and Access Management (IAM) Roles Anywhere. Start from the basics and create the necessary steps to learn how to use your applications outside of AWS in a safe way using IAM Roles Anywhere in practice.","end_timestamp":{"seconds":1716750000,"nanoseconds":0},"updated_timestamp":{"seconds":1712635860,"nanoseconds":0},"speakers":[{"content_ids":[53991],"conference_id":139,"event_ids":[54325],"name":"Colin Igbokwe","affiliations":[{"organization":"","title":"Sr. Security Solution Architect"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/cigbokwe/"}],"pronouns":null,"id":53625,"media":[{"hash_sha256":"e1206d4c29b40addbdaeb9b0a72f33ed27afde37a63ab80e9f90c753717df5f4","filetype":"image/png","hash_md5":"0b6a0055bac3351fadd6a4e2f8a1a544","name":"ColinIgbokwe.png","hash_crc32c":"275d5419","filesize":152754,"asset_id":523,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FColinIgbokwe.png?alt=media","person_id":53625}],"title":"Sr. Security Solution Architect"},{"content_ids":[53991],"conference_id":139,"event_ids":[54325],"name":"Brad Burnett","affiliations":[{"organization":"","title":"Security Specialist Solutions Architect"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/brad-burnett/"}],"pronouns":null,"id":53626,"media":[{"hash_sha256":"c959900e70e50c861711026b13845c1a93b3c63ff589b842d626168b582a64f1","filetype":"image/png","hash_md5":"f55e36f450e3afecea23e9588c60f149","name":"BradBurnett.png","hash_crc32c":"d269e001","asset_id":520,"filesize":87965,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FBradBurnett.png?alt=media","person_id":53626}],"title":"Security Specialist Solutions Architect"}],"timeband_id":1160,"links":[],"end":"2024-05-26T19:00:00.000-0000","id":54325,"village_id":null,"begin_timestamp":{"seconds":1716742800,"nanoseconds":0},"tag_ids":[46276],"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53626},{"tag_id":46264,"sort_order":1,"person_id":53625}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 2945","hotel":"","short_name":"Room 2945","id":46211},"spans_timebands":"N","begin":"2024-05-26T17:00:00.000-0000","updated":"2024-04-09T04:11:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Threat Modeling is the best way to discover and remediate threats in your system before they are even created. If done correctly, it is one of the most impactful security programs that you can run within your organization.\r\n\r\nIn the Security Industry, threat modeling has been misunderstood and many security folks are afraid to carry out a threat model. While it is commonly performed by Application Security or Cloud Security professionals, threat modeling can be done by anyone.\r\n\r\nThis hands-on workshop will cover the threat modeling workflow and common classes of vulnerabilities in a way that is easy to understand. You will also walk through many hands-on threat modeling examples to ensure that you will be empowered to discover threats in your systems.\n\n\n","title":"Threat Modeling 101 - Burn Risks, Not Hope with Jeevan and Bhawandeep","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#ea1b1b","updated_at":"2024-06-07T03:42+0000","name":"Training","id":46276},"end_timestamp":{"seconds":1716758100,"nanoseconds":0},"android_description":"Threat Modeling is the best way to discover and remediate threats in your system before they are even created. If done correctly, it is one of the most impactful security programs that you can run within your organization.\r\n\r\nIn the Security Industry, threat modeling has been misunderstood and many security folks are afraid to carry out a threat model. While it is commonly performed by Application Security or Cloud Security professionals, threat modeling can be done by anyone.\r\n\r\nThis hands-on workshop will cover the threat modeling workflow and common classes of vulnerabilities in a way that is easy to understand. You will also walk through many hands-on threat modeling examples to ensure that you will be empowered to discover threats in your systems.","updated_timestamp":{"seconds":1712635680,"nanoseconds":0},"speakers":[{"content_ids":[53990],"conference_id":139,"event_ids":[54324],"name":"Jeevan Singh","affiliations":[{"organization":"Rippling","title":"Director of Security Engineering"}],"links":[],"pronouns":null,"id":53623,"media":[{"hash_sha256":"436c8baaf54e77f6773cc8cbebe1327953b2a367c596a56ba8d55ad7e02c8ad4","filetype":"image/jpeg","hash_md5":"343f00456bd6e55a3a610eb0755011fc","name":"JeevanSingh.jpg","hash_crc32c":"5c9a8d00","filesize":190322,"asset_id":530,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FJeevanSingh.jpg?alt=media","person_id":53623}],"title":"Director of Security Engineering at Rippling"},{"content_ids":[53990],"conference_id":139,"event_ids":[54324],"name":"Bhawandeep Kambo","affiliations":[{"organization":"Twilio","title":"Product Security Engineer"}],"links":[],"pronouns":null,"media":[{"hash_sha256":"a1d3cf34296af21bc6951f9af0862a71767da0dd4d9f9ad16f3b6a052f415069","filetype":"image/jpeg","hash_md5":"6873ad540eb501dff89c594f02b04b2a","name":"BhawandeepKambo.jpg","hash_crc32c":"bd503a16","asset_id":518,"filesize":159057,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FBhawandeepKambo.jpg?alt=media","person_id":53624}],"id":53624,"title":"Product Security Engineer at Twilio"}],"timeband_id":1160,"links":[],"end":"2024-05-26T21:15:00.000-0000","id":54324,"tag_ids":[46276],"village_id":null,"begin_timestamp":{"seconds":1716742800,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53624},{"tag_id":46264,"sort_order":1,"person_id":53623}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 2270","hotel":"","short_name":"Room 2270","id":46210},"spans_timebands":"N","updated":"2024-04-09T04:08:00.000-0000","begin":"2024-05-26T17:00:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"Threat modelling is considered to be a critical component of Secure Software Development Lifecycle (S-SDLC) as evidenced by the fact that it’s included in most S-SDLC methodologies (see Microsoft SDL or OWASP Secure Software Development Lifecycle Project, for example). There’s a ton of information available on threat modelling, though most of it seems to be focused on explaining the importance of it, or where it should fit within S-SDLC, not so much on practical aspects of how it can be done. This workshop presents a practical collaborative approach to threat modelling with focus on applicability to Agile teams of various scales. We’ll spend a bit of time on threat modelling overview, but the majority of the workshop will be dedicated to going through an example threat modelling session and creating a sample threat model. You might be interested in this workshop if you are a security engineer, software engineer, engineering manager, or product manager. There are no prerequisites, but you are expected to actively participate.\n\n\n","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#ea1b1b","updated_at":"2024-06-07T03:42+0000","name":"Training","id":46276},"title":"Practical Threat Modelling with Amiran","end_timestamp":{"seconds":1716750000,"nanoseconds":0},"android_description":"Threat modelling is considered to be a critical component of Secure Software Development Lifecycle (S-SDLC) as evidenced by the fact that it’s included in most S-SDLC methodologies (see Microsoft SDL or OWASP Secure Software Development Lifecycle Project, for example). There’s a ton of information available on threat modelling, though most of it seems to be focused on explaining the importance of it, or where it should fit within S-SDLC, not so much on practical aspects of how it can be done. This workshop presents a practical collaborative approach to threat modelling with focus on applicability to Agile teams of various scales. We’ll spend a bit of time on threat modelling overview, but the majority of the workshop will be dedicated to going through an example threat modelling session and creating a sample threat model. You might be interested in this workshop if you are a security engineer, software engineer, engineering manager, or product manager. There are no prerequisites, but you are expected to actively participate.","updated_timestamp":{"seconds":1712635500,"nanoseconds":0},"speakers":[{"content_ids":[53988,53989],"conference_id":139,"event_ids":[54323,54322],"name":"Amiran Alavidze","affiliations":[],"links":[],"pronouns":null,"id":53622,"media":[{"hash_sha256":"04a679a2715c7dc96e870f4a7700a77cb2f1dc3dd7a29e1ee2c55e94539e8294","filetype":"image/png","hash_md5":"262115617a7cb515893e29e1e01844a6","name":"AmiranAlavidze.png","hash_crc32c":"84a6a6b1","filesize":98259,"asset_id":514,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2FAmiranAlavidze.png?alt=media","person_id":53622}]}],"timeband_id":1160,"links":[],"end":"2024-05-26T19:00:00.000-0000","id":54322,"tag_ids":[46276],"village_id":null,"begin_timestamp":{"seconds":1716742800,"nanoseconds":0},"includes":"","people":[{"tag_id":46264,"sort_order":1,"person_id":53622}],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Room 2250","hotel":"","short_name":"Room 2250","id":46214},"spans_timebands":"N","updated":"2024-04-09T04:05:00.000-0000","begin":"2024-05-26T17:00:00.000-0000"},{"conference":"BSIDESVANCOUVER2024","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","color":"#420d40","updated_at":"2024-06-07T03:42+0000","name":"Misc","id":46275},"title":"Workshop Registration","android_description":"","end_timestamp":{"seconds":1716742800,"nanoseconds":0},"updated_timestamp":{"seconds":1712619600,"nanoseconds":0},"speakers":[],"timeband_id":1160,"links":[],"end":"2024-05-26T17:00:00.000-0000","id":54321,"tag_ids":[46275],"village_id":null,"begin_timestamp":{"seconds":1716739200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":139,"links_antiquated":[],"location":{"conference_id":139,"conference":"BSIDESVANCOUVER2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46209},"spans_timebands":"N","updated":"2024-04-08T23:40:00.000-0000","begin":"2024-05-26T16:00:00.000-0000"}] \ No newline at end of file diff --git a/public/ht/conferences/CACKALACKYCON2024/events.json b/public/ht/conferences/CACKALACKYCON2024/events.json index 765378d..cb5e97b 100644 --- a/public/ht/conferences/CACKALACKYCON2024/events.json +++ b/public/ht/conferences/CACKALACKYCON2024/events.json @@ -1 +1 @@ -[{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","title":"Closing Ceremony and Awards","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#ff97bc","name":"Event","id":46308},"end_timestamp":{"seconds":1716141600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1713234420,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54374,54383],"name":"CackalackyCon Staff","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53662}],"timeband_id":1165,"links":[],"end":"2024-05-19T18:00:00.000-0000","id":54374,"tag_ids":[46308],"village_id":null,"begin_timestamp":{"seconds":1716138000,"nanoseconds":0},"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53662}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea & Bar","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea & Bar","id":46225},"spans_timebands":"N","updated":"2024-04-16T02:27:00.000-0000","begin":"2024-05-19T17:00:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"As offensive security professionals, our most limiting factor is often our time. If we find an exploit on one host, how can we accurately communicate the impact for our entire network? If the vulnerability is fixed, how do we monitor for regressions? Manual exploit verification on hundreds or thousands of hosts is unrealistic - we need to be able to do more with less.\r\n\r\nAtomic red team is an open-source library of simple, focused tests that map to the MITRE ATT&CK framework. Combined with an automation platform, we can exponentially multiply the effectiveness of our red team talent and allow them to focus on novel attacks rather than low-hanging fruit. This talk will demonstrate how, with a few free tools, we can automate red teaming techniques to amplify our output without expanding our team or increasing our time spent.\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#62C5C4","name":"Talk","id":46295},"title":"‘Da Bomb: Beyond Insanity - Automating Red Teaming using Atomics","end_timestamp":{"seconds":1716137400,"nanoseconds":0},"android_description":"As offensive security professionals, our most limiting factor is often our time. If we find an exploit on one host, how can we accurately communicate the impact for our entire network? If the vulnerability is fixed, how do we monitor for regressions? Manual exploit verification on hundreds or thousands of hosts is unrealistic - we need to be able to do more with less.\r\n\r\nAtomic red team is an open-source library of simple, focused tests that map to the MITRE ATT&CK framework. Combined with an automation platform, we can exponentially multiply the effectiveness of our red team talent and allow them to focus on novel attacks rather than low-hanging fruit. This talk will demonstrate how, with a few free tools, we can automate red teaming techniques to amplify our output without expanding our team or increasing our time spent.","updated_timestamp":{"seconds":1713235140,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54401],"name":"Steve Myrick","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53687}],"timeband_id":1165,"links":[],"end":"2024-05-19T16:50:00.000-0000","id":54401,"tag_ids":[46295],"village_id":null,"begin_timestamp":{"seconds":1716134400,"nanoseconds":0},"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53687}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea & Bar","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea & Bar","id":46225},"begin":"2024-05-19T16:00:00.000-0000","updated":"2024-04-16T02:39:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"The human element is often regarded as the weakest link in cybersecurity—we click on things we shouldn’t because they look “good enough”, we empathize with the panicked “CEO” that calls at 3:00am asking for gift cards to fund a trip home. But why? Is it purely a skill issue or are there other elements to consider? Go beyond conventional approaches by merging Governance, Risk and Compliance (GRC) with often overlooked, yet critical, human factors to revolutionize your understanding of cybersecurity. Drawing parallels from sectors like aviation and healthcare, the scientific perspective behind human factors can be used to address common security issues. This talk will highlight the importance of compliance in both internal and external contexts and will underscore prioritizing employee well-being, arguing that a secure system becomes compromised if its design does not consider the user’s mental and physical needs. Creating a balance between robust security measures, user-friendly design, and employee well-being is key.\n\n\n","title":"Putting Care into Compliance: A Human Factors Approach","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#62C5C4","name":"Talk","id":46295},"android_description":"The human element is often regarded as the weakest link in cybersecurity—we click on things we shouldn’t because they look “good enough”, we empathize with the panicked “CEO” that calls at 3:00am asking for gift cards to fund a trip home. But why? Is it purely a skill issue or are there other elements to consider? Go beyond conventional approaches by merging Governance, Risk and Compliance (GRC) with often overlooked, yet critical, human factors to revolutionize your understanding of cybersecurity. Drawing parallels from sectors like aviation and healthcare, the scientific perspective behind human factors can be used to address common security issues. This talk will highlight the importance of compliance in both internal and external contexts and will underscore prioritizing employee well-being, arguing that a secure system becomes compromised if its design does not consider the user’s mental and physical needs. Creating a balance between robust security measures, user-friendly design, and employee well-being is key.","end_timestamp":{"seconds":1716133800,"nanoseconds":0},"updated_timestamp":{"seconds":1713235140,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54400],"name":"Sofia Martinez","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53659},{"conference_id":141,"event_ids":[54400],"name":"Anthea Gonzalez","affiliations":[{"organization":"Cisco Systems","title":"Information Security Engineer"}],"links":[],"pronouns":null,"media":[],"id":53661,"title":"Information Security Engineer at Cisco Systems"}],"timeband_id":1165,"links":[],"end":"2024-05-19T15:50:00.000-0000","id":54400,"village_id":null,"begin_timestamp":{"seconds":1716130800,"nanoseconds":0},"tag_ids":[46295],"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53661},{"tag_id":46296,"sort_order":1,"person_id":53659}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea & Bar","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea & Bar","id":46225},"begin":"2024-05-19T15:00:00.000-0000","updated":"2024-04-16T02:39:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"In this talk, we will explore the potential security risks associated with the use of Terraform, a popular infrastructure-as-code tool. We will demonstrate how a malicious actor can exploit Terraform to elevate privileges, exfiltrate sensitive data, and gain unauthorized access to cloud environments. The presentation will include live demos showcasing real-world attack scenarios and will conclude with practical recommendations for securing Terraform implementations.\r\n\r\nTerraform is a widely used tool for managing cloud infrastructure as code. While it offers numerous benefits, it can also be a target for attackers seeking to compromise cloud environments. This talk will provide an in-depth analysis of Terraform's security features and vulnerabilities and demonstrate how attackers can exploit them to achieve remote code execution and privilege escalation. We will also discuss best practices for securing Terraform and mitigating potential threats.\n\n\n","title":"Infrastructure as Remote Code Execution: How to abuse Terraform to elevate access","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#62C5C4","name":"Talk","id":46295},"android_description":"In this talk, we will explore the potential security risks associated with the use of Terraform, a popular infrastructure-as-code tool. We will demonstrate how a malicious actor can exploit Terraform to elevate privileges, exfiltrate sensitive data, and gain unauthorized access to cloud environments. The presentation will include live demos showcasing real-world attack scenarios and will conclude with practical recommendations for securing Terraform implementations.\r\n\r\nTerraform is a widely used tool for managing cloud infrastructure as code. While it offers numerous benefits, it can also be a target for attackers seeking to compromise cloud environments. This talk will provide an in-depth analysis of Terraform's security features and vulnerabilities and demonstrate how attackers can exploit them to achieve remote code execution and privilege escalation. We will also discuss best practices for securing Terraform and mitigating potential threats.","end_timestamp":{"seconds":1716130200,"nanoseconds":0},"updated_timestamp":{"seconds":1713235080,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54399],"name":"Michael McCabe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53679}],"timeband_id":1165,"links":[],"end":"2024-05-19T14:50:00.000-0000","id":54399,"village_id":null,"tag_ids":[46295],"begin_timestamp":{"seconds":1716127200,"nanoseconds":0},"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53679}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea & Bar","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea & Bar","id":46225},"updated":"2024-04-16T02:38:00.000-0000","begin":"2024-05-19T14:00:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"From the outside, red teaming looks like a combination of the cast of the movie \"\"Hackers\"\" and a bunch of former spooks in tactical cargo pants talking in milspeak about \"cyber kill chains\", \"TTPs\", and \"OPSEC\". New customers of red team consulting services sometimes come in thinking they're hiring the A-Team and get sorely disappointed once you explain what an \"\"assumed breach\"\" assessment is. Bright-eyed, bushy-tailed young consultants finally get to shadow a red team job, expecting they'll be writing 0day and popping shells all over the place, and then find out it means they're about to spend two weeks reading some bank's internal SharePoint documents and rifling through SMB shares full of spreadsheets. Red teamers already in the field read breach reports and wonder how the hell APTs are still pwning defense contractors with PowerShell.\r\n\r\nAcross the board, from those buying it, to those doing it, to those who want to do it, expectations often don't match reality. This talk is designed for potential red team customers, aspiring red teamers, and current red teamers who desperately want to know if they've been taking crazy pills. In it, we'll discuss just what red team is (or should be), what to expect from the process, what we all could be doing to better simulate the actual threats that organizations face, and how to get the most out of the process and make your organization better.\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#62C5C4","updated_at":"2024-05-18T23:50+0000","name":"Talk","id":46295},"title":"Everything You Never Wanted to Know About Red Teaming but Have Been Forced to Find Out","android_description":"From the outside, red teaming looks like a combination of the cast of the movie \"\"Hackers\"\" and a bunch of former spooks in tactical cargo pants talking in milspeak about \"cyber kill chains\", \"TTPs\", and \"OPSEC\". New customers of red team consulting services sometimes come in thinking they're hiring the A-Team and get sorely disappointed once you explain what an \"\"assumed breach\"\" assessment is. Bright-eyed, bushy-tailed young consultants finally get to shadow a red team job, expecting they'll be writing 0day and popping shells all over the place, and then find out it means they're about to spend two weeks reading some bank's internal SharePoint documents and rifling through SMB shares full of spreadsheets. Red teamers already in the field read breach reports and wonder how the hell APTs are still pwning defense contractors with PowerShell.\r\n\r\nAcross the board, from those buying it, to those doing it, to those who want to do it, expectations often don't match reality. This talk is designed for potential red team customers, aspiring red teamers, and current red teamers who desperately want to know if they've been taking crazy pills. In it, we'll discuss just what red team is (or should be), what to expect from the process, what we all could be doing to better simulate the actual threats that organizations face, and how to get the most out of the process and make your organization better.","end_timestamp":{"seconds":1716126900,"nanoseconds":0},"updated_timestamp":{"seconds":1713235020,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54398],"name":"Dan Helton","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ch1kpee"}],"pronouns":null,"media":[],"id":53664}],"timeband_id":1165,"links":[],"end":"2024-05-19T13:55:00.000-0000","id":54398,"tag_ids":[46295],"village_id":null,"begin_timestamp":{"seconds":1716125400,"nanoseconds":0},"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53664}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea & Bar","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea & Bar","id":46225},"updated":"2024-04-16T02:37:00.000-0000","begin":"2024-05-19T13:30:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#6717a5","updated_at":"2024-05-18T23:50+0000","name":"Village","id":46309},"title":"Lockpick Village","end_timestamp":{"seconds":1716132600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1713234120,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54363,54364,54365],"name":"Oak City Locksport","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53681}],"timeband_id":1165,"links":[],"end":"2024-05-19T15:30:00.000-0000","id":54365,"tag_ids":[46309],"begin_timestamp":{"seconds":1716125400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53681}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Oak","hotel":"","short_name":"Oak","id":46226},"spans_timebands":"N","updated":"2024-04-16T02:22:00.000-0000","begin":"2024-05-19T13:30:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#6717a5","name":"Village","id":46309},"title":"Capture The Flag & Wireless Shoothouse","android_description":"","end_timestamp":{"seconds":1716132600,"nanoseconds":0},"updated_timestamp":{"seconds":1713234000,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54360,54361],"name":"Eversec & Greenh@t Solutions","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53671}],"timeband_id":1165,"links":[],"end":"2024-05-19T15:30:00.000-0000","id":54361,"tag_ids":[46309],"begin_timestamp":{"seconds":1716125400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53671}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Magnolia","hotel":"","short_name":"Magnolia","id":46223},"updated":"2024-04-16T02:20:00.000-0000","begin":"2024-05-19T13:30:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#6717a5","name":"Village","id":46309},"title":"Hardware Hacking Village & Chillout Area","end_timestamp":{"seconds":1716132600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1713233820,"nanoseconds":0},"speakers":[],"timeband_id":1165,"links":[],"end":"2024-05-19T15:30:00.000-0000","id":54358,"begin_timestamp":{"seconds":1716125400,"nanoseconds":0},"tag_ids":[46309],"village_id":null,"includes":"","people":[],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Camelia","hotel":"","short_name":"Camelia","id":46221},"spans_timebands":"N","begin":"2024-05-19T13:30:00.000-0000","updated":"2024-04-16T02:17:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","title":"Information Desk Opens","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#a6402f","name":"Registration","id":46310},"end_timestamp":{"seconds":1716132600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1713234240,"nanoseconds":0},"speakers":[],"timeband_id":1165,"links":[],"end":"2024-05-19T15:30:00.000-0000","id":54368,"tag_ids":[46310],"village_id":null,"begin_timestamp":{"seconds":1716123600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Prefunction Lobby","hotel":"","short_name":"Prefunction Lobby","id":46227},"updated":"2024-04-16T02:24:00.000-0000","begin":"2024-05-19T13:00:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Swan about in fancy dress at a hacker con because you can.\r\n\r\nHackers do not just wears jeans and t-shirts with hoodies. We can be fabulous!\r\n\r\nDress code is dress as fancy as you want and feel comfortable in - toss on a tiara - break out that old prom gown - wear sequins - wear a tuxedo t shirt - BE YOU\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#ff97bc","updated_at":"2024-05-18T23:50+0000","name":"Event","id":46308},"title":"Party / Hacker Swan","end_timestamp":{"seconds":1716091140,"nanoseconds":0},"android_description":"Swan about in fancy dress at a hacker con because you can.\r\n\r\nHackers do not just wears jeans and t-shirts with hoodies. We can be fabulous!\r\n\r\nDress code is dress as fancy as you want and feel comfortable in - toss on a tiara - break out that old prom gown - wear sequins - wear a tuxedo t shirt - BE YOU","updated_timestamp":{"seconds":1716076200,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54376],"name":"Hacker Swan","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53672}],"timeband_id":1164,"links":[],"end":"2024-05-19T03:59:00.000-0000","id":54376,"village_id":null,"tag_ids":[46308],"begin_timestamp":{"seconds":1716084000,"nanoseconds":0},"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53672}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea & Bar","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea & Bar","id":46225},"updated":"2024-05-18T23:50:00.000-0000","begin":"2024-05-19T02:00:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Do you know the most useless shit about hacking or hackers, video games, memes, and more? Let the games begin. Join Unregistered436 and Emwav for two rounds of Jeopardy style Hacker Trivia!\n\n\n","title":"Hacker Trivia","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#ff97bc","name":"Event","id":46308},"end_timestamp":{"seconds":1716085800,"nanoseconds":0},"android_description":"Do you know the most useless shit about hacking or hackers, video games, memes, and more? Let the games begin. Join Unregistered436 and Emwav for two rounds of Jeopardy style Hacker Trivia!","updated_timestamp":{"seconds":1713234480,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54375,54362,54470],"name":"Emwav","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53668},{"conference_id":141,"event_ids":[54375],"name":"Unregistered436","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53689}],"timeband_id":1164,"links":[],"end":"2024-05-19T02:30:00.000-0000","id":54375,"village_id":null,"tag_ids":[46308],"begin_timestamp":{"seconds":1716080400,"nanoseconds":0},"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53668},{"tag_id":46296,"sort_order":1,"person_id":53689}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"updated":"2024-04-16T02:28:00.000-0000","begin":"2024-05-19T01:00:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Ah, welcome weary travelers. Have a seat just over there, rest for a bit, while I share a tale most intriguing. Mainframe wizards of old declared mainframe buffer overflows impossible, which was a myth that held fast and true for decades. Not because it was actually impossible, you see, but because people had bought into the marketing or didn’t know any better. This is no longer true! A young mainframe hacker recently discovered the myriad of ways that you can overwrite register 13, allowing us the ability to control return addresses. This story will walk through C and HLASM vulnerabilities, show live examples of how to find an exploit local buffer overflows. Culminating in the demonstration of a remote code execution on a vulnerable mainframe FTP server which not only requires writing z/OS shellcode, but also handling ascii to ebcdic translations. This story has it all. And if this piques your interest, the story ends with the introduction of a docker container which houses a self taught course about everything told here at CackalackyCon.\n\n\n","title":"Return to R13? More Like Return to GET REKT: Come Learn Mainframe Buffer Overflows","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#62C5C4","updated_at":"2024-05-18T23:50+0000","name":"Talk","id":46295},"end_timestamp":{"seconds":1716079800,"nanoseconds":0},"android_description":"Ah, welcome weary travelers. Have a seat just over there, rest for a bit, while I share a tale most intriguing. Mainframe wizards of old declared mainframe buffer overflows impossible, which was a myth that held fast and true for decades. Not because it was actually impossible, you see, but because people had bought into the marketing or didn’t know any better. This is no longer true! A young mainframe hacker recently discovered the myriad of ways that you can overwrite register 13, allowing us the ability to control return addresses. This story will walk through C and HLASM vulnerabilities, show live examples of how to find an exploit local buffer overflows. Culminating in the demonstration of a remote code execution on a vulnerable mainframe FTP server which not only requires writing z/OS shellcode, but also handling ascii to ebcdic translations. This story has it all. And if this piques your interest, the story ends with the introduction of a docker container which houses a self taught course about everything told here at CackalackyCon.","updated_timestamp":{"seconds":1713234960,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54397],"name":"Phil Young","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53683}],"timeband_id":1164,"links":[],"end":"2024-05-19T00:50:00.000-0000","id":54397,"begin_timestamp":{"seconds":1716076800,"nanoseconds":0},"tag_ids":[46295],"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53683}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"spans_timebands":"N","updated":"2024-04-16T02:36:00.000-0000","begin":"2024-05-19T00:00:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Everyone wants to know how to break into cyber security, and there are many different ways. Mine was a little unusual, I had a career outside of technology as a respiratory therapist for 10 years when I decided that my passion was for cyber security. In this talk I want to detail the path I took so that others may follow. The focus will be on the education and professional development I took that fast-tracked me into a professional position and what to expect in those first years as an entry level tester. My social anxiety was a hurdle I had to work to overcome, and I will share some of the things I found that helped.\r\n\r\nI will also cover what lessons I learned, and the things I'd do differently.\r\n\r\nBy the end of the talk those looking for a career change or looking at school will leave with practical advice that is relevant in today's (and tomorrows?) job market.\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#62C5C4","name":"Talk","id":46295},"title":"How I went from a Respiratory Therapist to a Cyber Security Professional","end_timestamp":{"seconds":1716076500,"nanoseconds":0},"android_description":"Everyone wants to know how to break into cyber security, and there are many different ways. Mine was a little unusual, I had a career outside of technology as a respiratory therapist for 10 years when I decided that my passion was for cyber security. In this talk I want to detail the path I took so that others may follow. The focus will be on the education and professional development I took that fast-tracked me into a professional position and what to expect in those first years as an entry level tester. My social anxiety was a hurdle I had to work to overcome, and I will share some of the things I found that helped.\r\n\r\nI will also cover what lessons I learned, and the things I'd do differently.\r\n\r\nBy the end of the talk those looking for a career change or looking at school will leave with practical advice that is relevant in today's (and tomorrows?) job market.","updated_timestamp":{"seconds":1713234960,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54396],"name":"Jessica DelGrande","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53675}],"timeband_id":1164,"links":[],"end":"2024-05-18T23:55:00.000-0000","id":54396,"tag_ids":[46295],"begin_timestamp":{"seconds":1716075000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53675}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"spans_timebands":"N","begin":"2024-05-18T23:30:00.000-0000","updated":"2024-04-16T02:36:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","title":"DINNER BREAK","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#9bb673","name":"Misc","id":46311},"android_description":"","end_timestamp":{"seconds":1716075000,"nanoseconds":0},"updated_timestamp":{"seconds":1713234300,"nanoseconds":0},"speakers":[],"timeband_id":1164,"links":[],"end":"2024-05-18T23:30:00.000-0000","id":54371,"village_id":null,"tag_ids":[46311],"begin_timestamp":{"seconds":1716069600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46229},"begin":"2024-05-18T22:00:00.000-0000","updated":"2024-04-16T02:25:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Artificial Intelligence is raging through cyberspace, but can we handle the ride? It's time for a systems check. Join security researcher Jan Nunez as he uncovers the attacks AI/ML systems are vulnerable to and the controls currently available to mitigate them.\r\n\r\nNo prior experience with AI/ML is required. The talk will start with an overview of machine learning, highlighting its benefits and the events that led to its rise in popularity. We'll then shift our focus to practical applications with live demos using the UFO Reporting System, an application designed to showcase cutting-edge attacks on AI systems and other emerging technologies.\r\n\r\nWe will cover several attack scenarios, including remote code execution through infected models, creating adversarial images using gradient descent, and fancy prompt injections in a language model used for tracking UFO encounters.\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#62C5C4","name":"Talk","id":46295},"title":"Neural Nets and Flying Saucers","end_timestamp":{"seconds":1716069000,"nanoseconds":0},"android_description":"Artificial Intelligence is raging through cyberspace, but can we handle the ride? It's time for a systems check. Join security researcher Jan Nunez as he uncovers the attacks AI/ML systems are vulnerable to and the controls currently available to mitigate them.\r\n\r\nNo prior experience with AI/ML is required. The talk will start with an overview of machine learning, highlighting its benefits and the events that led to its rise in popularity. We'll then shift our focus to practical applications with live demos using the UFO Reporting System, an application designed to showcase cutting-edge attacks on AI systems and other emerging technologies.\r\n\r\nWe will cover several attack scenarios, including remote code execution through infected models, creating adversarial images using gradient descent, and fancy prompt injections in a language model used for tracking UFO encounters.","updated_timestamp":{"seconds":1713234960,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54395],"name":"Jan Nunez","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53673}],"timeband_id":1164,"links":[],"end":"2024-05-18T21:50:00.000-0000","id":54395,"begin_timestamp":{"seconds":1716066000,"nanoseconds":0},"tag_ids":[46295],"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53673}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"updated":"2024-04-16T02:36:00.000-0000","begin":"2024-05-18T21:00:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"\"The history of the global lock industry is a litany of lessons-learned, and the resulting solutions are exemplary teaching materials. Like the lock industry, software developers seem to stumble over similar mistakes. There's no need for this: In most cases, lock designers and implementers have already made the same mistakes.\r\n\r\nThe core of this presentation is a series of vignettes describing specific failures of lock designs with a goal of educating software developers and cybersecurity practitioners so they can avoid the same. Real lock paraphernalia from the presenter's personal collection will be used to illustrate some of the issues.\"\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#62C5C4","name":"Talk","id":46295},"title":"Breaking into InfoSec by Picking Locks","end_timestamp":{"seconds":1716065400,"nanoseconds":0},"android_description":"\"The history of the global lock industry is a litany of lessons-learned, and the resulting solutions are exemplary teaching materials. Like the lock industry, software developers seem to stumble over similar mistakes. There's no need for this: In most cases, lock designers and implementers have already made the same mistakes.\r\n\r\nThe core of this presentation is a series of vignettes describing specific failures of lock designs with a goal of educating software developers and cybersecurity practitioners so they can avoid the same. Real lock paraphernalia from the presenter's personal collection will be used to illustrate some of the issues.\"","updated_timestamp":{"seconds":1713234960,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54394],"name":"Jim Duncan","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53676}],"timeband_id":1164,"links":[],"end":"2024-05-18T20:50:00.000-0000","id":54394,"tag_ids":[46295],"begin_timestamp":{"seconds":1716062400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53676}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"begin":"2024-05-18T20:00:00.000-0000","updated":"2024-04-16T02:36:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"As cellular technologies continue to become more integrated into IoT devices, there has been a noticeable lag in comprehending the security implications associated with cellular technology. Furthermore, the development of effective testing methodologies has also fallen behind. Given the highly regulated nature of cellular communication and the prevalent use of encryption, it is imperative for security researchers to deepen their understanding of circuit design and the integration of cellular modems into IoT devices. In this presentation, I will introduce a wide-ranging testing and analysis methodology aimed at enhancing our understanding and evaluation of the security of IoT devices that currently rely on cellular communications. This methodology will encompass an examination of various cellular modem modules in use, their integration into circuit design, and techniques for interacting with communication circuits to control cellular modules, all for the purpose of security testing and analysis.\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#62C5C4","updated_at":"2024-05-18T23:50+0000","name":"Talk","id":46295},"title":"An Exploration of Cellular Based IoT Technology","end_timestamp":{"seconds":1716061800,"nanoseconds":0},"android_description":"As cellular technologies continue to become more integrated into IoT devices, there has been a noticeable lag in comprehending the security implications associated with cellular technology. Furthermore, the development of effective testing methodologies has also fallen behind. Given the highly regulated nature of cellular communication and the prevalent use of encryption, it is imperative for security researchers to deepen their understanding of circuit design and the integration of cellular modems into IoT devices. In this presentation, I will introduce a wide-ranging testing and analysis methodology aimed at enhancing our understanding and evaluation of the security of IoT devices that currently rely on cellular communications. This methodology will encompass an examination of various cellular modem modules in use, their integration into circuit design, and techniques for interacting with communication circuits to control cellular modules, all for the purpose of security testing and analysis.","updated_timestamp":{"seconds":1713234960,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54393],"name":"Deral Heiland","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53665}],"timeband_id":1164,"links":[],"end":"2024-05-18T19:50:00.000-0000","id":54393,"begin_timestamp":{"seconds":1716058800,"nanoseconds":0},"village_id":null,"tag_ids":[46295],"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53665}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"spans_timebands":"N","begin":"2024-05-18T19:00:00.000-0000","updated":"2024-04-16T02:36:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"This presentation will cover the steps and strategies needed to launch a successful career in cybersecurity. Attendees will learn about the education and certifications required for various cybersecurity roles, as well as tips for gaining experience and networking in the industry. The presentation will also explore different types of jobs available in cybersecurity and how to tailor a resume for these roles. With a focus on practical advice and real-world examples, this presentation will provide attendees with the tools and knowledge they need to \"hack\" their way into a career in cybersecurity.\n\n\n","title":"Hacking your Way to a Career in Cybersecurity","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#62C5C4","updated_at":"2024-05-18T23:50+0000","name":"Talk","id":46295},"end_timestamp":{"seconds":1716058200,"nanoseconds":0},"android_description":"This presentation will cover the steps and strategies needed to launch a successful career in cybersecurity. Attendees will learn about the education and certifications required for various cybersecurity roles, as well as tips for gaining experience and networking in the industry. The presentation will also explore different types of jobs available in cybersecurity and how to tailor a resume for these roles. With a focus on practical advice and real-world examples, this presentation will provide attendees with the tools and knowledge they need to \"hack\" their way into a career in cybersecurity.","updated_timestamp":{"seconds":1715969160,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54471],"name":"Ashley (Fn00b)","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53719}],"timeband_id":1164,"links":[],"end":"2024-05-18T18:50:00.000-0000","id":54471,"begin_timestamp":{"seconds":1716055200,"nanoseconds":0},"village_id":null,"tag_ids":[46295],"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53719}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Dogwood","hotel":"","short_name":"Dogwood","id":46222},"spans_timebands":"N","begin":"2024-05-18T18:00:00.000-0000","updated":"2024-05-17T18:06:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"With all the tech layoffs, the opportunities presented by generative ai, and the current geo-political climate - the allure of starting your own cybersecurity company is stronger than ever. But what does it truly take to transition from cybersecurity enthusiast or professional to successful entrepreneur?\r\n\r\n\"So, You Want to Start Your Own Cybersecurity Company\" sheds like on the arduous journey from the kernel of an idea to a successful business in the complex and rapidly evolving cybersecurity landscape.\r\n\r\nThe path to entrepreneurship in cybersecurity is fraught with both technical and business challenges. A lot of them. Many technical professionals possess the skills to identify and mitigate vulnerabilities but lack the business acumen to transform these skills into a viable business model.\r\n\r\nThis presentation aims to bridge that gap, outlining common pitfalls aspiring entrepreneurs must navigate when starting a cybersecurity firm.\r\n\r\nParticipants will gain insights into:\r\n\r\n- The key qualities of successful entrepreneurs\r\n- What a good product or service idea looks like\r\n- Raising money vs bootstrapping\r\n- How to take the first steps while you’re still working a day job\r\n- How to look at corporate structure, insurance, when compliance matters, etc\r\n- Key considerations for building a brand and attracting clients\r\n- Growing your team and hiring the right people in a competitive industry\r\n\r\nThis presentation is primarily about helping you become an entrepreneur. However, it's also about fostering an entrepreneurial mindset in cybersecurity and sparking innovation. Whether you dream of launching a consultancy, taking the cool tool you’ve writtent to market, or providing managed services, \"\"So, You Want to Start Your Own Cybersecurity Company\"\" offers valuable lessons on turning your cybersecurity passion into a successful enterprise.\r\n\r\nJoin me to explore how you can make an impactful contribution to the cybersecurity community, not only as the technical expert you already are but as the entrepreneur you want to become.\n\n\n","title":"So, you want to start your own cyber security company?","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#62C5C4","updated_at":"2024-05-18T23:50+0000","name":"Talk","id":46295},"end_timestamp":{"seconds":1716058200,"nanoseconds":0},"android_description":"With all the tech layoffs, the opportunities presented by generative ai, and the current geo-political climate - the allure of starting your own cybersecurity company is stronger than ever. But what does it truly take to transition from cybersecurity enthusiast or professional to successful entrepreneur?\r\n\r\n\"So, You Want to Start Your Own Cybersecurity Company\" sheds like on the arduous journey from the kernel of an idea to a successful business in the complex and rapidly evolving cybersecurity landscape.\r\n\r\nThe path to entrepreneurship in cybersecurity is fraught with both technical and business challenges. A lot of them. Many technical professionals possess the skills to identify and mitigate vulnerabilities but lack the business acumen to transform these skills into a viable business model.\r\n\r\nThis presentation aims to bridge that gap, outlining common pitfalls aspiring entrepreneurs must navigate when starting a cybersecurity firm.\r\n\r\nParticipants will gain insights into:\r\n\r\n- The key qualities of successful entrepreneurs\r\n- What a good product or service idea looks like\r\n- Raising money vs bootstrapping\r\n- How to take the first steps while you’re still working a day job\r\n- How to look at corporate structure, insurance, when compliance matters, etc\r\n- Key considerations for building a brand and attracting clients\r\n- Growing your team and hiring the right people in a competitive industry\r\n\r\nThis presentation is primarily about helping you become an entrepreneur. However, it's also about fostering an entrepreneurial mindset in cybersecurity and sparking innovation. Whether you dream of launching a consultancy, taking the cool tool you’ve writtent to market, or providing managed services, \"\"So, You Want to Start Your Own Cybersecurity Company\"\" offers valuable lessons on turning your cybersecurity passion into a successful enterprise.\r\n\r\nJoin me to explore how you can make an impactful contribution to the cybersecurity community, not only as the technical expert you already are but as the entrepreneur you want to become.","updated_timestamp":{"seconds":1713234900,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54392],"name":"Lee Sult","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53677}],"timeband_id":1164,"links":[],"end":"2024-05-18T18:50:00.000-0000","id":54392,"village_id":null,"begin_timestamp":{"seconds":1716055200,"nanoseconds":0},"tag_ids":[46295],"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53677}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"spans_timebands":"N","begin":"2024-05-18T18:00:00.000-0000","updated":"2024-04-16T02:35:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#9bb673","name":"Misc","id":46311},"title":"LUNCH BREAK","end_timestamp":{"seconds":1716055200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1713234300,"nanoseconds":0},"speakers":[],"timeband_id":1164,"links":[],"end":"2024-05-18T18:00:00.000-0000","id":54370,"begin_timestamp":{"seconds":1716049800,"nanoseconds":0},"tag_ids":[46311],"village_id":null,"includes":"","people":[],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46229},"updated":"2024-04-16T02:25:00.000-0000","begin":"2024-05-18T16:30:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"This research explores the use of the Linux D-Bus as an investigative vehicle for understanding and cataloguing the Bluetooth landscape. Exploration begins with an assessment of the protocol’s basics, the topography of existing toolsets, and a determination of where/how to launch our probe of the environment. After discerning limitations and establishing initial instruments, we review the pain-points perceived along with lessons learned in development of these skills. The review of Bluetooth research ranges from scanning to discovery of devices, their enumeration, and their interaction with potential objects.\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#62C5C4","name":"Talk","id":46295},"title":"Taking D-Bus to Explore the Bluetooth Landscape","end_timestamp":{"seconds":1716049500,"nanoseconds":0},"android_description":"This research explores the use of the Linux D-Bus as an investigative vehicle for understanding and cataloguing the Bluetooth landscape. Exploration begins with an assessment of the protocol’s basics, the topography of existing toolsets, and a determination of where/how to launch our probe of the environment. After discerning limitations and establishing initial instruments, we review the pain-points perceived along with lessons learned in development of these skills. The review of Bluetooth research ranges from scanning to discovery of devices, their enumeration, and their interaction with potential objects.","updated_timestamp":{"seconds":1713234900,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54391],"name":"Paul Wortman","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53682}],"timeband_id":1164,"links":[],"end":"2024-05-18T16:25:00.000-0000","id":54391,"begin_timestamp":{"seconds":1716048000,"nanoseconds":0},"tag_ids":[46295],"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53682}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"begin":"2024-05-18T16:00:00.000-0000","updated":"2024-04-16T02:35:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"f you want to master the art of penetration testing, you need to know how to exploit Active Directory. It's the backbone of most networks and it holds the keys to the kingdom. But cracking it is not always easy. You need to use the right tools and techniques for the job. In this Anti-Cast, we will show you 4 different ways that can help you extract valuable information from AD, modify its settings, and gain full control over the network. You will learn how to choose the best method for each scenario and how to avoid common pitfalls. This talk comes with practical demos and tips that will boost your hacking skills.\n\n\n","title":"Active Directory Hacking: 3 \"New\" Techniques","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#62C5C4","name":"Talk","id":46295},"end_timestamp":{"seconds":1716047400,"nanoseconds":0},"android_description":"f you want to master the art of penetration testing, you need to know how to exploit Active Directory. It's the backbone of most networks and it holds the keys to the kingdom. But cracking it is not always easy. You need to use the right tools and techniques for the job. In this Anti-Cast, we will show you 4 different ways that can help you extract valuable information from AD, modify its settings, and gain full control over the network. You will learn how to choose the best method for each scenario and how to avoid common pitfalls. This talk comes with practical demos and tips that will boost your hacking skills.","updated_timestamp":{"seconds":1713234900,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54390],"name":"Eric Kuehn","affiliations":[{"organization":"Secure Ideas","title":"Principal Consultant"}],"links":[],"pronouns":null,"media":[],"id":53669,"title":"Principal Consultant at Secure Ideas"}],"timeband_id":1164,"links":[],"end":"2024-05-18T15:50:00.000-0000","id":54390,"tag_ids":[46295],"begin_timestamp":{"seconds":1716044400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53669}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"updated":"2024-04-16T02:35:00.000-0000","begin":"2024-05-18T15:00:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Notice: Take notes for this one because it will not be recorded. (And do not attempt to record yourself)\r\n\r\nThis presentation will talk about a ransomware case in which a particular threat actor finds its niche by targeting small businesses in the APAC region. Unlike larger companies, small businesses are at a disadvantage when it comes to ransomware attacks. Most do not suspect themselves as targets, leaving many victims with a hefty price tag.\r\n\r\nThis threat actor group has responded to the ever-changing landscape of ransomware mitigation by leveraging techniques to exfiltrate as much data out and then instills fear to bring victims to their knees. A high-level summary of the events is intended to give insight into the threat actor methodology and the mitigation process.\n\n\n","title":"A lot to lose: A case study of ransomware targeting small yet high value targets in the APAC region.","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#62C5C4","name":"Talk","id":46295},"end_timestamp":{"seconds":1716043800,"nanoseconds":0},"android_description":"Notice: Take notes for this one because it will not be recorded. (And do not attempt to record yourself)\r\n\r\nThis presentation will talk about a ransomware case in which a particular threat actor finds its niche by targeting small businesses in the APAC region. Unlike larger companies, small businesses are at a disadvantage when it comes to ransomware attacks. Most do not suspect themselves as targets, leaving many victims with a hefty price tag.\r\n\r\nThis threat actor group has responded to the ever-changing landscape of ransomware mitigation by leveraging techniques to exfiltrate as much data out and then instills fear to bring victims to their knees. A high-level summary of the events is intended to give insight into the threat actor methodology and the mitigation process.","updated_timestamp":{"seconds":1713234900,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54389],"name":"Janet","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53674}],"timeband_id":1164,"links":[],"end":"2024-05-18T14:50:00.000-0000","id":54389,"begin_timestamp":{"seconds":1716040800,"nanoseconds":0},"village_id":null,"tag_ids":[46295],"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53674}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"begin":"2024-05-18T14:00:00.000-0000","updated":"2024-04-16T02:35:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Did you know there are crucial yet often overlooked skills that can help you secure a junior-level position or internship in any technical field? These skills, though seldom listed in job requirements, can prompt a full eye roll from hiring managers if a candidate or new hire lacks them. As a hiring manager, I was perplexed when a highly educated technical candidate lacked these skills. As a non-traditional college student with decades of tech industry experience, I understood why: these skills are rarely taught; they are simply “expected.”\r\n\r\nThis presentation will highlight several essential skills that every technical candidate should possess— whether in red team, blue team, help desk, or operations center roles. The best part is, most of these skills can be learned quickly and free of charge. They just need to be identified.\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#62C5C4","name":"Talk","id":46295},"title":"Resume For Nothing and Skills For Free: The skills needed to get your foot in the door","android_description":"Did you know there are crucial yet often overlooked skills that can help you secure a junior-level position or internship in any technical field? These skills, though seldom listed in job requirements, can prompt a full eye roll from hiring managers if a candidate or new hire lacks them. As a hiring manager, I was perplexed when a highly educated technical candidate lacked these skills. As a non-traditional college student with decades of tech industry experience, I understood why: these skills are rarely taught; they are simply “expected.”\r\n\r\nThis presentation will highlight several essential skills that every technical candidate should possess— whether in red team, blue team, help desk, or operations center roles. The best part is, most of these skills can be learned quickly and free of charge. They just need to be identified.","end_timestamp":{"seconds":1716040800,"nanoseconds":0},"updated_timestamp":{"seconds":1715969100,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54375,54362,54470],"name":"Emwav","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53668}],"timeband_id":1164,"links":[],"end":"2024-05-18T14:00:00.000-0000","id":54470,"village_id":null,"tag_ids":[46295],"begin_timestamp":{"seconds":1716039000,"nanoseconds":0},"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53668}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Dogwood","hotel":"","short_name":"Dogwood","id":46222},"updated":"2024-05-17T18:05:00.000-0000","begin":"2024-05-18T13:30:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Interested in participating in the Capture The Flag competition but don't know how to get started? The Eversec team will provide an overview for first-timers and anyone who might need a refresher.\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#62C5C4","name":"Talk","id":46295},"title":"INTRO TO CTF","end_timestamp":{"seconds":1716040500,"nanoseconds":0},"android_description":"Interested in participating in the Capture The Flag competition but don't know how to get started? The Eversec team will provide an overview for first-timers and anyone who might need a refresher.","updated_timestamp":{"seconds":1713234840,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54359,54388],"name":"Eversec","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53670}],"timeband_id":1164,"links":[],"end":"2024-05-18T13:55:00.000-0000","id":54388,"begin_timestamp":{"seconds":1716039000,"nanoseconds":0},"tag_ids":[46295],"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53670}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"spans_timebands":"N","begin":"2024-05-18T13:30:00.000-0000","updated":"2024-04-16T02:34:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#6717a5","updated_at":"2024-05-18T23:50+0000","name":"Village","id":46309},"title":"Lockpick Village","end_timestamp":{"seconds":1716078600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1713234120,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54363,54364,54365],"name":"Oak City Locksport","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53681}],"timeband_id":1164,"links":[],"end":"2024-05-19T00:30:00.000-0000","id":54364,"begin_timestamp":{"seconds":1716039000,"nanoseconds":0},"village_id":null,"tag_ids":[46309],"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53681}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Oak","hotel":"","short_name":"Oak","id":46226},"updated":"2024-04-16T02:22:00.000-0000","begin":"2024-05-18T13:30:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#6717a5","name":"Village","id":46309},"title":"Career Village","end_timestamp":{"seconds":1716069600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1713234060,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54375,54362,54470],"name":"Emwav","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53668}],"timeband_id":1164,"links":[],"end":"2024-05-18T22:00:00.000-0000","id":54362,"village_id":null,"begin_timestamp":{"seconds":1716039000,"nanoseconds":0},"tag_ids":[46309],"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53668}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Dogwood","hotel":"","short_name":"Dogwood","id":46222},"spans_timebands":"N","begin":"2024-05-18T13:30:00.000-0000","updated":"2024-04-16T02:21:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#6717a5","name":"Village","id":46309},"title":"Capture The Flag & Wireless Shoothouse","end_timestamp":{"seconds":1716071400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1713234000,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54360,54361],"name":"Eversec & Greenh@t Solutions","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53671}],"timeband_id":1164,"links":[],"end":"2024-05-18T22:30:00.000-0000","id":54360,"tag_ids":[46309],"village_id":null,"begin_timestamp":{"seconds":1716039000,"nanoseconds":0},"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53671}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Magnolia","hotel":"","short_name":"Magnolia","id":46223},"spans_timebands":"N","updated":"2024-04-16T02:20:00.000-0000","begin":"2024-05-18T13:30:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","title":"Hardware Hacking Village & Chillout Area","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#6717a5","updated_at":"2024-05-18T23:50+0000","name":"Village","id":46309},"end_timestamp":{"seconds":1716091140,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1713233820,"nanoseconds":0},"speakers":[],"timeband_id":1164,"links":[],"end":"2024-05-19T03:59:00.000-0000","id":54357,"begin_timestamp":{"seconds":1716039000,"nanoseconds":0},"tag_ids":[46309],"village_id":null,"includes":"","people":[],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Camelia","hotel":"","short_name":"Camelia","id":46221},"spans_timebands":"N","begin":"2024-05-18T13:30:00.000-0000","updated":"2024-04-16T02:17:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Join this informal gathering with your morning coffee to discuss crypto, ask questions, learn more, and meet others. HODL!\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#ff97bc","updated_at":"2024-05-18T23:50+0000","name":"Event","id":46308},"title":"Crypto And Coffee","android_description":"Join this informal gathering with your morning coffee to discuss crypto, ask questions, learn more, and meet others. HODL!","end_timestamp":{"seconds":1716044400,"nanoseconds":0},"updated_timestamp":{"seconds":1713234360,"nanoseconds":0},"speakers":[],"timeband_id":1164,"links":[],"end":"2024-05-18T15:00:00.000-0000","id":54373,"begin_timestamp":{"seconds":1716037200,"nanoseconds":0},"village_id":null,"tag_ids":[46308],"includes":"","people":[],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Upper Courtyard","hotel":"","short_name":"Upper Courtyard","id":46228},"spans_timebands":"N","begin":"2024-05-18T13:00:00.000-0000","updated":"2024-04-16T02:26:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","title":"Registration Opens","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#a6402f","updated_at":"2024-05-18T23:50+0000","name":"Registration","id":46310},"android_description":"","end_timestamp":{"seconds":1716080400,"nanoseconds":0},"updated_timestamp":{"seconds":1713234180,"nanoseconds":0},"speakers":[],"timeband_id":1164,"links":[],"end":"2024-05-19T01:00:00.000-0000","id":54367,"tag_ids":[46310],"begin_timestamp":{"seconds":1716037200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Prefunction Lobby","hotel":"","short_name":"Prefunction Lobby","id":46227},"updated":"2024-04-16T02:23:00.000-0000","begin":"2024-05-18T13:00:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#ff97bc","updated_at":"2024-05-18T23:50+0000","name":"Event","id":46308},"title":"PARTY STARTS","android_description":"","end_timestamp":{"seconds":1716004740,"nanoseconds":0},"updated_timestamp":{"seconds":1713234360,"nanoseconds":0},"speakers":[],"timeband_id":1163,"links":[],"end":"2024-05-18T03:59:00.000-0000","id":54372,"village_id":null,"tag_ids":[46308],"begin_timestamp":{"seconds":1715999400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Camelia","hotel":"","short_name":"Camelia","id":46221},"spans_timebands":"N","begin":"2024-05-18T02:30:00.000-0000","updated":"2024-04-16T02:26:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"In addition to being certified as a Forensic Locksmith and a Safe and Vault Technician, it sometimes surprises people to learn that I am a Life Safety NFPA & ADA Consultant and Fire Door Inspector. \"\"Deviant, do you make a lot of money doing safety inspections like that?\"\" I get asked. The answer is a resounding no. I didn't take this training for the money, however. I learned about fire doors and fire suppression systems so that I can speak knowledgeably about them if I'm using this field as a cover identity during a break-in job.\r\n\r\nThis presentation will be a brief but somewhat comprehensive crash course in the field of National Fire Protection Association knowledge and building codes. The rundown offered will afford you a lot of useful tips, terminology, and insider knowledge that you can rattle off at an unsuspecting employee or guard who is curious as to what you're doing inside of their building.\r\n\r\nNOTE: You will not be a certified NFPA or ADA consultant after attending this talk. You are not legally allowed to charge money for inspections and certification of buildings... but you'll certainly sound like you could do that if you pay attention!\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#62C5C4","name":"Talk","id":46295},"title":"Shit's On Fire, Yo - Tips for one of My Favorite Social Engineering Cover Identities","android_description":"In addition to being certified as a Forensic Locksmith and a Safe and Vault Technician, it sometimes surprises people to learn that I am a Life Safety NFPA & ADA Consultant and Fire Door Inspector. \"\"Deviant, do you make a lot of money doing safety inspections like that?\"\" I get asked. The answer is a resounding no. I didn't take this training for the money, however. I learned about fire doors and fire suppression systems so that I can speak knowledgeably about them if I'm using this field as a cover identity during a break-in job.\r\n\r\nThis presentation will be a brief but somewhat comprehensive crash course in the field of National Fire Protection Association knowledge and building codes. The rundown offered will afford you a lot of useful tips, terminology, and insider knowledge that you can rattle off at an unsuspecting employee or guard who is curious as to what you're doing inside of their building.\r\n\r\nNOTE: You will not be a certified NFPA or ADA consultant after attending this talk. You are not legally allowed to charge money for inspections and certification of buildings... but you'll certainly sound like you could do that if you pay attention!","end_timestamp":{"seconds":1715995800,"nanoseconds":0},"updated_timestamp":{"seconds":1713234840,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54387],"name":"Deviant Ollam","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53666}],"timeband_id":1163,"links":[],"end":"2024-05-18T01:30:00.000-0000","id":54387,"village_id":null,"begin_timestamp":{"seconds":1715994000,"nanoseconds":0},"tag_ids":[46295],"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53666}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"spans_timebands":"N","begin":"2024-05-18T01:00:00.000-0000","updated":"2024-04-16T02:34:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"\"You wouldn't steal a succulent chinese meal?\r\nThis guy might...and a a lot more if you let him close to your AI/ML environments.\r\n\r\nLearn how to do a sneaky pinch in your AI/ML environments from the elusive \"\"Four-Fingers\"\". Learn a little AI/ML judo and maybe even find out how he got the name in the process.\r\n\r\nOne of the most interesting and underrepresented challenges in Machine Learning(ML) right now is the application of ML to offensive security operations. ML is the background of everything you do, and you're already equipped to reason about the risks, yet many hesitate to dive in. I often get questions like; \"\"I am not very good at math, so is it possible for me to get involved?\"\"\r\n\r\nThe answer is a resounding \"\"*yes*, and we need you, and its easier than you think!\"\" I want to show you all the opportunities that exist for hackers to get involved with offensive ML in both an offensive and defensive capacity. I will share my experience with entering this space, the things I've found, the people I've met, the projects I love and the engineering opportunities that excite me.\r\n\r\nI hope to show you the 'state of the art' in offensive ML and where people like yourself can have the most impact. I'll demo some ML attacks and uses for red teams you might have thought out of reach and share my experience hacking on ML systems which has led to some of the most rewarding moments I've had hacking.\"\n\n\n","title":"The grass is greener in the greenfield: Offensive Machine Learning TTP's","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#62C5C4","name":"Talk","id":46295},"end_timestamp":{"seconds":1715993400,"nanoseconds":0},"android_description":"\"You wouldn't steal a succulent chinese meal?\r\nThis guy might...and a a lot more if you let him close to your AI/ML environments.\r\n\r\nLearn how to do a sneaky pinch in your AI/ML environments from the elusive \"\"Four-Fingers\"\". Learn a little AI/ML judo and maybe even find out how he got the name in the process.\r\n\r\nOne of the most interesting and underrepresented challenges in Machine Learning(ML) right now is the application of ML to offensive security operations. ML is the background of everything you do, and you're already equipped to reason about the risks, yet many hesitate to dive in. I often get questions like; \"\"I am not very good at math, so is it possible for me to get involved?\"\"\r\n\r\nThe answer is a resounding \"\"*yes*, and we need you, and its easier than you think!\"\" I want to show you all the opportunities that exist for hackers to get involved with offensive ML in both an offensive and defensive capacity. I will share my experience with entering this space, the things I've found, the people I've met, the projects I love and the engineering opportunities that excite me.\r\n\r\nI hope to show you the 'state of the art' in offensive ML and where people like yourself can have the most impact. I'll demo some ML attacks and uses for red teams you might have thought out of reach and share my experience hacking on ML systems which has led to some of the most rewarding moments I've had hacking.\"","updated_timestamp":{"seconds":1713234840,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54386],"name":"Threlfall","affiliations":[{"organization":"Dropbox","title":""}],"links":[],"pronouns":null,"media":[],"id":53688,"title":"Dropbox"}],"timeband_id":1163,"links":[],"end":"2024-05-18T00:50:00.000-0000","id":54386,"begin_timestamp":{"seconds":1715990400,"nanoseconds":0},"tag_ids":[46295],"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53688}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"spans_timebands":"N","updated":"2024-04-16T02:34:00.000-0000","begin":"2024-05-18T00:00:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"You are here attending a Hacker Conference, but have you ever wondered “How did we get here?” Once upon a time, not long ago, there was no cybersecurity industry or careers. This talk transports attendees on a retrospective journey through time to highlight the advancements which paved the way here. We further explore historic attack vectors to understand how they relate to the cyberattacks of today. Topics include when Social Engineering first intertwined with technology following previous milestones in telecommunications. Our expedition highlights the technological origins of Phone Phreaking, Computer Hacking, Social Engineering, and how these activities relate to modern attacks. The speaker brought numerous hardware relics from the past to show the crowd and demo throughout this presentation. Come learn about what the underground phone phreak and early computer hacker scenes were like, and get ready for some “Show & Telecom”!\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#62C5C4","name":"Talk","id":46295},"title":"Lies, Telephony, and Hacking History","end_timestamp":{"seconds":1715989800,"nanoseconds":0},"android_description":"You are here attending a Hacker Conference, but have you ever wondered “How did we get here?” Once upon a time, not long ago, there was no cybersecurity industry or careers. This talk transports attendees on a retrospective journey through time to highlight the advancements which paved the way here. We further explore historic attack vectors to understand how they relate to the cyberattacks of today. Topics include when Social Engineering first intertwined with technology following previous milestones in telecommunications. Our expedition highlights the technological origins of Phone Phreaking, Computer Hacking, Social Engineering, and how these activities relate to modern attacks. The speaker brought numerous hardware relics from the past to show the crowd and demo throughout this presentation. Come learn about what the underground phone phreak and early computer hacker scenes were like, and get ready for some “Show & Telecom”!","updated_timestamp":{"seconds":1713234780,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54385],"name":"Matt Scheurer","affiliations":[{"organization":"","title":"Assistant Vice President of Computer Security and Incident Response"}],"links":[],"pronouns":null,"media":[],"id":53678,"title":"Assistant Vice President of Computer Security and Incident Response"}],"timeband_id":1163,"links":[],"end":"2024-05-17T23:50:00.000-0000","id":54385,"tag_ids":[46295],"village_id":null,"begin_timestamp":{"seconds":1715986800,"nanoseconds":0},"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53678}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"spans_timebands":"N","begin":"2024-05-17T23:00:00.000-0000","updated":"2024-04-16T02:33:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Today we explore how we can make turn a normal python reverse shell into a \"vulnerable web app\", that will fool and maybe entertain, both unsuspecting and suspecting customers. When they think they have gotten successful remote code execution, its actually our little application talking to their listener with ChatGPT on the other side pretending to be a command prompt. I will also show my journey with building this application.\n\n\n","title":"DIY Generative AI driven Honeypot","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#62C5C4","name":"Talk","id":46295},"android_description":"Today we explore how we can make turn a normal python reverse shell into a \"vulnerable web app\", that will fool and maybe entertain, both unsuspecting and suspecting customers. When they think they have gotten successful remote code execution, its actually our little application talking to their listener with ChatGPT on the other side pretending to be a command prompt. I will also show my journey with building this application.","end_timestamp":{"seconds":1715986500,"nanoseconds":0},"updated_timestamp":{"seconds":1713234780,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54384],"name":"Savvyjuan","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53686}],"timeband_id":1163,"links":[],"end":"2024-05-17T22:55:00.000-0000","id":54384,"begin_timestamp":{"seconds":1715985000,"nanoseconds":0},"village_id":null,"tag_ids":[46295],"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53686}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"updated":"2024-04-16T02:33:00.000-0000","begin":"2024-05-17T22:30:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","title":"Lockpick Village","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#6717a5","updated_at":"2024-05-18T23:50+0000","name":"Village","id":46309},"android_description":"","end_timestamp":{"seconds":1715997600,"nanoseconds":0},"updated_timestamp":{"seconds":1713234120,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54363,54364,54365],"name":"Oak City Locksport","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53681}],"timeband_id":1163,"links":[],"end":"2024-05-18T02:00:00.000-0000","id":54363,"village_id":null,"begin_timestamp":{"seconds":1715985000,"nanoseconds":0},"tag_ids":[46309],"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53681}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Oak","hotel":"","short_name":"Oak","id":46226},"begin":"2024-05-17T22:30:00.000-0000","updated":"2024-04-16T02:22:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#6717a5","updated_at":"2024-05-18T23:50+0000","name":"Village","id":46309},"title":"Capture The Flag","end_timestamp":{"seconds":1715997600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1713233940,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54359,54388],"name":"Eversec","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53670}],"timeband_id":1163,"links":[],"end":"2024-05-18T02:00:00.000-0000","id":54359,"begin_timestamp":{"seconds":1715985000,"nanoseconds":0},"tag_ids":[46309],"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53670}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Magnolia","hotel":"","short_name":"Magnolia","id":46223},"spans_timebands":"N","updated":"2024-04-16T02:19:00.000-0000","begin":"2024-05-17T22:30:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#6717a5","name":"Village","id":46309},"title":"Hardware Hacking Village & Chillout Area","android_description":"","end_timestamp":{"seconds":1715997600,"nanoseconds":0},"updated_timestamp":{"seconds":1713233820,"nanoseconds":0},"speakers":[],"timeband_id":1163,"links":[],"end":"2024-05-18T02:00:00.000-0000","id":54356,"village_id":null,"tag_ids":[46309],"begin_timestamp":{"seconds":1715985000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Camelia","hotel":"","short_name":"Camelia","id":46221},"spans_timebands":"N","begin":"2024-05-17T22:30:00.000-0000","updated":"2024-04-16T02:17:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Join us for the offical opening of CackalackyCon! After we open, we'll go over how to assemble and use our awesome electronic badge!\n\n\n","title":"Opening Ceremony and Badge Talk","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#62C5C4","updated_at":"2024-05-18T23:50+0000","name":"Talk","id":46295},"android_description":"Join us for the offical opening of CackalackyCon! After we open, we'll go over how to assemble and use our awesome electronic badge!","end_timestamp":{"seconds":1715984700,"nanoseconds":0},"updated_timestamp":{"seconds":1713234780,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54374,54383],"name":"CackalackyCon Staff","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53662}],"timeband_id":1163,"links":[],"end":"2024-05-17T22:25:00.000-0000","id":54383,"village_id":null,"tag_ids":[46295],"begin_timestamp":{"seconds":1715983200,"nanoseconds":0},"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53662}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"updated":"2024-04-16T02:33:00.000-0000","begin":"2024-05-17T22:00:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","title":"DINNER BREAK","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#9bb673","updated_at":"2024-05-18T23:50+0000","name":"Misc","id":46311},"end_timestamp":{"seconds":1715983200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1713234300,"nanoseconds":0},"speakers":[],"timeband_id":1163,"links":[],"end":"2024-05-17T22:00:00.000-0000","id":54369,"tag_ids":[46311],"village_id":null,"begin_timestamp":{"seconds":1715979600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46229},"begin":"2024-05-17T21:00:00.000-0000","updated":"2024-04-16T02:25:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Threat modeling remains an area often misunderstood or overlooked within the realm of cybersecurity. Misconceptions surrounding its perceived complexity or uncertain value often lead individuals to approach it with skepticism. However, at its core, threat modeling entails adopting a hacker's perspective to anticipate potential security vulnerabilities in an application and implementing appropriate safeguards against them. The relationship between threat modelers and ethical hackers is symbiotic, wherein threat modelers meticulously identify probable threats, enabling ethical hackers to efficiently validate and address them. To illustrate this dynamic, we will conduct a brief threat modeling exercise on Kubernetes GOAT, a deliberately vulnerable web application, utilizing the AKS top 10 framework and the Microsoft Threat Modeling tool. Subsequently, I will demonstrate the exploitation chain of one identified threat. However, there is an unique aspect to this demonstration-what starts as one threat expands into a multitude, illustrating the hacker’s potential playground. Through this presentation, attendees will not only appreciate the critical role of threat modeling for Cyber Threat Researchers, programmers, ethical hackers, and project managers but also gain invaluable insights into the AKS top 10, the Microsoft threat modeling tool, and the process of exploiting AKS vulnerabilities.\n\n\n","title":"Threat Modeling the GOAT: A Hacker's Perspective","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#62C5C4","updated_at":"2024-05-18T23:50+0000","name":"Talk","id":46295},"end_timestamp":{"seconds":1715979000,"nanoseconds":0},"android_description":"Threat modeling remains an area often misunderstood or overlooked within the realm of cybersecurity. Misconceptions surrounding its perceived complexity or uncertain value often lead individuals to approach it with skepticism. However, at its core, threat modeling entails adopting a hacker's perspective to anticipate potential security vulnerabilities in an application and implementing appropriate safeguards against them. The relationship between threat modelers and ethical hackers is symbiotic, wherein threat modelers meticulously identify probable threats, enabling ethical hackers to efficiently validate and address them. To illustrate this dynamic, we will conduct a brief threat modeling exercise on Kubernetes GOAT, a deliberately vulnerable web application, utilizing the AKS top 10 framework and the Microsoft Threat Modeling tool. Subsequently, I will demonstrate the exploitation chain of one identified threat. However, there is an unique aspect to this demonstration-what starts as one threat expands into a multitude, illustrating the hacker’s potential playground. Through this presentation, attendees will not only appreciate the critical role of threat modeling for Cyber Threat Researchers, programmers, ethical hackers, and project managers but also gain invaluable insights into the AKS top 10, the Microsoft threat modeling tool, and the process of exploiting AKS vulnerabilities.","updated_timestamp":{"seconds":1715968920,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54382],"name":"Abigail Kraska","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53660}],"timeband_id":1163,"links":[],"end":"2024-05-17T20:50:00.000-0000","id":54382,"begin_timestamp":{"seconds":1715976000,"nanoseconds":0},"village_id":null,"tag_ids":[46295],"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53660}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"begin":"2024-05-17T20:00:00.000-0000","updated":"2024-05-17T18:02:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"JS-Tap provides a generic JavaScript payload and supporting software to help red teams attack web applications as an XSS payload or post-exploitation implant. \r\n\r\nJS-Tap was originally intended to only provide reconnaissance and monitoring of “tapped” users to help red teamers capture credentials and sensitive data, but JS-Tap has evolved over time to take on a more directly offensive role. \r\n\r\nIn addition to its monitoring capabilities, JS-Tap now includes a C2 system to manage and deliver custom JavaScript payloads to tapped clients. This C2 system lets red teamers build on the generic capabilities of JS-Tap, and use insights gained from monitoring tapped applications to develop tailored payloads that can be scheduled right in JS-Tap.\r\n\r\nJS-Tap recently added a mimic system that automatically generates these custom payloads for the C2 system based on analysis of intercepted network traffic, allowing red teams to more rapidly pivot from monitoring the tapped application users to performing actions in the application using their sessions, from their browsers. \r\n\r\nBy automatically generating these custom payloads red teams can more easily emulate threat actors who target web applications with advanced JavaScript payloads. \r\n\r\nAll exfiltrated data is presented in the JS-Tap portal for easy analysis.\n\n\n","title":"JS-Tap: Weaponizing JavaScript for Red Teams","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#62C5C4","name":"Talk","id":46295},"end_timestamp":{"seconds":1715975400,"nanoseconds":0},"android_description":"JS-Tap provides a generic JavaScript payload and supporting software to help red teams attack web applications as an XSS payload or post-exploitation implant. \r\n\r\nJS-Tap was originally intended to only provide reconnaissance and monitoring of “tapped” users to help red teamers capture credentials and sensitive data, but JS-Tap has evolved over time to take on a more directly offensive role. \r\n\r\nIn addition to its monitoring capabilities, JS-Tap now includes a C2 system to manage and deliver custom JavaScript payloads to tapped clients. This C2 system lets red teamers build on the generic capabilities of JS-Tap, and use insights gained from monitoring tapped applications to develop tailored payloads that can be scheduled right in JS-Tap.\r\n\r\nJS-Tap recently added a mimic system that automatically generates these custom payloads for the C2 system based on analysis of intercepted network traffic, allowing red teams to more rapidly pivot from monitoring the tapped application users to performing actions in the application using their sessions, from their browsers. \r\n\r\nBy automatically generating these custom payloads red teams can more easily emulate threat actors who target web applications with advanced JavaScript payloads. \r\n\r\nAll exfiltrated data is presented in the JS-Tap portal for easy analysis.","updated_timestamp":{"seconds":1714775460,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54381],"name":"Drew Kirkpatrick","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53667}],"timeband_id":1163,"links":[],"end":"2024-05-17T19:50:00.000-0000","id":54381,"village_id":null,"begin_timestamp":{"seconds":1715972400,"nanoseconds":0},"tag_ids":[46295],"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53667}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"updated":"2024-05-03T22:31:00.000-0000","begin":"2024-05-17T19:00:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"In the evolving landscape of cybersecurity, the chasm between technical hacking outcomes and their business implications remains a critical barrier to effective security measures. This presentation, \"\"Bridging the Gap: Translating Hacker Insights into Business Value,\"\" is designed to address this disconnect by empowering hackers and technical professionals with the tools and techniques necessary to communicate the business impact of their findings.\r\n\r\nHackers possess the unique ability to identify vulnerabilities that, if unaddressed, can lead to devastating breaches affecting not just the IT infrastructure but the entire business's bottom line. However, without the proper translation, these technical insights often fail to resonate with decision-makers, resulting in underfunded security initiatives and overlooked vulnerabilities.\r\n\r\nBy mastering the art of translating technical risks into business language, hackers can significantly elevate their role within an organization. This essential skill ensures not only greater visibility and recognition for their work but also positions them as vital contributors to the company's strategic objectives. Hackers will learn to articulate the value of proactive security measures, leading to a stronger alignment with business goals, increased investment in cybersecurity initiatives, and broader opportunities to apply creative problem-solving skills to protect and drive business success.\n\n\n","title":"Bridging the Gap: Translating Hacker Insights into Business Value","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#62C5C4","updated_at":"2024-05-18T23:50+0000","name":"Talk","id":46295},"end_timestamp":{"seconds":1715971800,"nanoseconds":0},"android_description":"In the evolving landscape of cybersecurity, the chasm between technical hacking outcomes and their business implications remains a critical barrier to effective security measures. This presentation, \"\"Bridging the Gap: Translating Hacker Insights into Business Value,\"\" is designed to address this disconnect by empowering hackers and technical professionals with the tools and techniques necessary to communicate the business impact of their findings.\r\n\r\nHackers possess the unique ability to identify vulnerabilities that, if unaddressed, can lead to devastating breaches affecting not just the IT infrastructure but the entire business's bottom line. However, without the proper translation, these technical insights often fail to resonate with decision-makers, resulting in underfunded security initiatives and overlooked vulnerabilities.\r\n\r\nBy mastering the art of translating technical risks into business language, hackers can significantly elevate their role within an organization. This essential skill ensures not only greater visibility and recognition for their work but also positions them as vital contributors to the company's strategic objectives. Hackers will learn to articulate the value of proactive security measures, leading to a stronger alignment with business goals, increased investment in cybersecurity initiatives, and broader opportunities to apply creative problem-solving skills to protect and drive business success.","updated_timestamp":{"seconds":1713234660,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54380],"name":"Nicole L. Mendolera","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53680}],"timeband_id":1163,"links":[],"end":"2024-05-17T18:50:00.000-0000","id":54380,"village_id":null,"begin_timestamp":{"seconds":1715968800,"nanoseconds":0},"tag_ids":[46295],"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53680}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"begin":"2024-05-17T18:00:00.000-0000","updated":"2024-04-16T02:31:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"\"The next generation of cybersecurity engineers will be data engineers who happen to specialize in cybersecurity. This talk aims at showing how cybersecurity engineers can benefit from today’s technology to make sense of the sea of data that they are gathering. Currently, we are constantly bombarded with information about GPT, ML, AI, and a variety of abbreviations. The question is, though, how can we as cybersecurity engineers capitalize on these tools? I will answer this question with a concrete example of the usage of ML and AI from the perspective of a cybersecurity researcher. The goal of my talk is to show that, with today’s tools, a cybersecurity professional can make new discoveries and invent creative ways of using cybersecurity data for business solutions.\r\n\r\nThe presentation aims to take the audience through the journey that starts from raw data to ML modeling and all the intermediate steps. First, I dive into the types of data we encounter in the cybersecurity ecosystem. Then I analyze the framework of Exploratory Data Analysis (EDA), which includes statistics and visualizations to make sense of an opaque dataset. I offer solid examples of how to engineer features from data and how to visualize data effectively. Finally, I demonstrate the use of AI to “question” your data, help you draw conclusions, and create models of behavioral anomaly detection. This talk includes an open-source demo with Jupyter notebooks and public packet capture data from known malware and network attacks (https://github.com/mundruid/cyberdata-mlai). The goal is to demonstrate how we can capitalize on packet captures to discover malicious activity using Pandas AI, Scikit LLM, and a variety of Python libraries.\r\n\r\nThrough this journey from raw data to models, I aim to describe the possibilities that ML and AI models have opened for cybersecurity engineers to be creative and resourceful.\"\n\n\n","title":"Decoding Cybersecurity Data: A Journey through ML and AI Innovations","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#62C5C4","name":"Talk","id":46295},"end_timestamp":{"seconds":1715968200,"nanoseconds":0},"android_description":"\"The next generation of cybersecurity engineers will be data engineers who happen to specialize in cybersecurity. This talk aims at showing how cybersecurity engineers can benefit from today’s technology to make sense of the sea of data that they are gathering. Currently, we are constantly bombarded with information about GPT, ML, AI, and a variety of abbreviations. The question is, though, how can we as cybersecurity engineers capitalize on these tools? I will answer this question with a concrete example of the usage of ML and AI from the perspective of a cybersecurity researcher. The goal of my talk is to show that, with today’s tools, a cybersecurity professional can make new discoveries and invent creative ways of using cybersecurity data for business solutions.\r\n\r\nThe presentation aims to take the audience through the journey that starts from raw data to ML modeling and all the intermediate steps. First, I dive into the types of data we encounter in the cybersecurity ecosystem. Then I analyze the framework of Exploratory Data Analysis (EDA), which includes statistics and visualizations to make sense of an opaque dataset. I offer solid examples of how to engineer features from data and how to visualize data effectively. Finally, I demonstrate the use of AI to “question” your data, help you draw conclusions, and create models of behavioral anomaly detection. This talk includes an open-source demo with Jupyter notebooks and public packet capture data from known malware and network attacks (https://github.com/mundruid/cyberdata-mlai). The goal is to demonstrate how we can capitalize on packet captures to discover malicious activity using Pandas AI, Scikit LLM, and a variety of Python libraries.\r\n\r\nThrough this journey from raw data to models, I aim to describe the possibilities that ML and AI models have opened for cybersecurity engineers to be creative and resourceful.\"","updated_timestamp":{"seconds":1713234660,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54379],"name":"Xenia Mountrouidou","affiliations":[{"organization":"Cyber adAPT","title":"Senior Security Researcher"}],"links":[],"pronouns":null,"media":[],"id":53690,"title":"Senior Security Researcher at Cyber adAPT"}],"timeband_id":1163,"links":[],"end":"2024-05-17T17:50:00.000-0000","id":54379,"tag_ids":[46295],"begin_timestamp":{"seconds":1715965200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53690}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"spans_timebands":"N","begin":"2024-05-17T17:00:00.000-0000","updated":"2024-04-16T02:31:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Explore the world of honeypots with the HoneyDB Honeypot Workshop. Honeypots, designed to unearth new threat insights and network intruders, can sometimes pose challenges with complex deployment processes. In response, the HoneyDB workshop offers an accessible and user-friendly solution for those intrigued by honeypots.\r\n\r\nWhether you're a beginner or an enthusiast, this workshop provides a straightforward and uncomplicated approach to deploying your own honeypots. Join us to demystify the intricacies of honeypot implementation and gain hands-on experience in a hassle-free environment. Elevate your understanding of honeypots in cybersecurity with the simplicity and effectiveness of HoneyDB.\r\n\r\nWorkshop agenda:\r\nIntro to honeypots\r\nDiscussion on Open source honeypots\r\nHoneyDB Overview\r\nHoneyDB Agent Overview\r\nDeploying the HoneyDB agent in the cloud\r\nTesting the HoneyDB agent\r\nQuerying the Threat API\r\nHoneyDB CLI Python tool\r\n\r\nRegister at: https://forms.gle/eLhAP139SyFVfXkbA\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#2922c0","name":"Workshop","id":46307},"title":"HoneyPot Workshop","end_timestamp":{"seconds":1715979600,"nanoseconds":0},"android_description":"Explore the world of honeypots with the HoneyDB Honeypot Workshop. Honeypots, designed to unearth new threat insights and network intruders, can sometimes pose challenges with complex deployment processes. In response, the HoneyDB workshop offers an accessible and user-friendly solution for those intrigued by honeypots.\r\n\r\nWhether you're a beginner or an enthusiast, this workshop provides a straightforward and uncomplicated approach to deploying your own honeypots. Join us to demystify the intricacies of honeypot implementation and gain hands-on experience in a hassle-free environment. Elevate your understanding of honeypots in cybersecurity with the simplicity and effectiveness of HoneyDB.\r\n\r\nWorkshop agenda:\r\nIntro to honeypots\r\nDiscussion on Open source honeypots\r\nHoneyDB Overview\r\nHoneyDB Agent Overview\r\nDeploying the HoneyDB agent in the cloud\r\nTesting the HoneyDB agent\r\nQuerying the Threat API\r\nHoneyDB CLI Python tool\r\n\r\nRegister at: https://forms.gle/eLhAP139SyFVfXkbA","updated_timestamp":{"seconds":1713234600,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54378],"name":"Phillip Maddux","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53684}],"timeband_id":1163,"links":[{"label":"Register","type":"link","url":"https://forms.gle/eLhAP139SyFVfXkbA"}],"end":"2024-05-17T21:00:00.000-0000","id":54378,"village_id":null,"tag_ids":[46307],"begin_timestamp":{"seconds":1715965200,"nanoseconds":0},"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53684}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Magnolia","hotel":"","short_name":"Magnolia","id":46223},"spans_timebands":"N","begin":"2024-05-17T17:00:00.000-0000","updated":"2024-04-16T02:30:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Whether it is CISSP, Security+, Cloud+, CASP, CCSP or CISM (or our crypto-challenge contest) everyone should understand basic \"Crypto\". This workshop will provide an overview for all the crypto you would need to know for these certs. No bitcoin! But you will learn about blockchains/hashing. Starting with a light history of cryptography then moving on to modern encryption that we use every day. Whether studying for a certification, understanding a VPN, browser, or Signal app, this workshop provides a basic understanding of crypto and its limitations including historic/on-going failures. This workshop encourages interactive discussion with some swag and prize giveaways. You'll take notes on your laptop, but no software or pre-download requirements.\r\n\r\nPart 1 is all about crypto as it relates to certifications. After going through free resources that are available, it will launch into Hashing, Symmetric, Asymmetric & hybrid encryption including TLS 1.2 & TLS 1.3.\r\n\r\nRegister at: https://forms.gle/eLhAP139SyFVfXkbA\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#2922c0","name":"Workshop","id":46307},"title":"Intro to Encryption & Security Certifications Resources","android_description":"Whether it is CISSP, Security+, Cloud+, CASP, CCSP or CISM (or our crypto-challenge contest) everyone should understand basic \"Crypto\". This workshop will provide an overview for all the crypto you would need to know for these certs. No bitcoin! But you will learn about blockchains/hashing. Starting with a light history of cryptography then moving on to modern encryption that we use every day. Whether studying for a certification, understanding a VPN, browser, or Signal app, this workshop provides a basic understanding of crypto and its limitations including historic/on-going failures. This workshop encourages interactive discussion with some swag and prize giveaways. You'll take notes on your laptop, but no software or pre-download requirements.\r\n\r\nPart 1 is all about crypto as it relates to certifications. After going through free resources that are available, it will launch into Hashing, Symmetric, Asymmetric & hybrid encryption including TLS 1.2 & TLS 1.3.\r\n\r\nRegister at: https://forms.gle/eLhAP139SyFVfXkbA","end_timestamp":{"seconds":1715979600,"nanoseconds":0},"updated_timestamp":{"seconds":1713234540,"nanoseconds":0},"speakers":[{"conference_id":141,"event_ids":[54377],"name":"Craig Cunningham","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53663}],"timeband_id":1163,"end":"2024-05-17T21:00:00.000-0000","links":[{"label":"Register","type":"link","url":"https://forms.gle/eLhAP139SyFVfXkbA"}],"id":54377,"tag_ids":[46307],"begin_timestamp":{"seconds":1715965200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53663}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Dogwood","hotel":"","short_name":"Dogwood","id":46222},"spans_timebands":"N","begin":"2024-05-17T17:00:00.000-0000","updated":"2024-04-16T02:29:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","title":"Registration Opens","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","color":"#a6402f","name":"Registration","id":46310},"end_timestamp":{"seconds":1715994000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1713234180,"nanoseconds":0},"speakers":[],"timeband_id":1163,"links":[],"end":"2024-05-18T01:00:00.000-0000","id":54366,"tag_ids":[46310],"village_id":null,"begin_timestamp":{"seconds":1715961600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-05-18T23:50+0000","parent_id":0,"name":"Prefunction Lobby","hotel":"","short_name":"Prefunction Lobby","id":46227},"updated":"2024-04-16T02:23:00.000-0000","begin":"2024-05-17T16:00:00.000-0000"}] \ No newline at end of file +[{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#ff97bc","updated_at":"2024-06-07T03:42+0000","name":"Event","id":46308},"title":"Closing Ceremony and Awards","end_timestamp":{"seconds":1716141600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1713234420,"nanoseconds":0},"speakers":[{"content_ids":[54033,54042],"conference_id":141,"event_ids":[54374,54383],"name":"CackalackyCon Staff","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53662}],"timeband_id":1165,"links":[],"end":"2024-05-19T18:00:00.000-0000","id":54374,"tag_ids":[46308],"village_id":null,"begin_timestamp":{"seconds":1716138000,"nanoseconds":0},"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53662}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea & Bar","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea & Bar","id":46225},"updated":"2024-04-16T02:27:00.000-0000","begin":"2024-05-19T17:00:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"As offensive security professionals, our most limiting factor is often our time. If we find an exploit on one host, how can we accurately communicate the impact for our entire network? If the vulnerability is fixed, how do we monitor for regressions? Manual exploit verification on hundreds or thousands of hosts is unrealistic - we need to be able to do more with less.\r\n\r\nAtomic red team is an open-source library of simple, focused tests that map to the MITRE ATT&CK framework. Combined with an automation platform, we can exponentially multiply the effectiveness of our red team talent and allow them to focus on novel attacks rather than low-hanging fruit. This talk will demonstrate how, with a few free tools, we can automate red teaming techniques to amplify our output without expanding our team or increasing our time spent.\n\n\n","title":"‘Da Bomb: Beyond Insanity - Automating Red Teaming using Atomics","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#62C5C4","updated_at":"2024-06-07T03:42+0000","name":"Talk","id":46295},"android_description":"As offensive security professionals, our most limiting factor is often our time. If we find an exploit on one host, how can we accurately communicate the impact for our entire network? If the vulnerability is fixed, how do we monitor for regressions? Manual exploit verification on hundreds or thousands of hosts is unrealistic - we need to be able to do more with less.\r\n\r\nAtomic red team is an open-source library of simple, focused tests that map to the MITRE ATT&CK framework. Combined with an automation platform, we can exponentially multiply the effectiveness of our red team talent and allow them to focus on novel attacks rather than low-hanging fruit. This talk will demonstrate how, with a few free tools, we can automate red teaming techniques to amplify our output without expanding our team or increasing our time spent.","end_timestamp":{"seconds":1716137400,"nanoseconds":0},"updated_timestamp":{"seconds":1713235140,"nanoseconds":0},"speakers":[{"content_ids":[54060],"conference_id":141,"event_ids":[54401],"name":"Steve Myrick","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53687}],"timeband_id":1165,"links":[],"end":"2024-05-19T16:50:00.000-0000","id":54401,"begin_timestamp":{"seconds":1716134400,"nanoseconds":0},"tag_ids":[46295],"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53687}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea & Bar","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea & Bar","id":46225},"spans_timebands":"N","begin":"2024-05-19T16:00:00.000-0000","updated":"2024-04-16T02:39:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"The human element is often regarded as the weakest link in cybersecurity—we click on things we shouldn’t because they look “good enough”, we empathize with the panicked “CEO” that calls at 3:00am asking for gift cards to fund a trip home. But why? Is it purely a skill issue or are there other elements to consider? Go beyond conventional approaches by merging Governance, Risk and Compliance (GRC) with often overlooked, yet critical, human factors to revolutionize your understanding of cybersecurity. Drawing parallels from sectors like aviation and healthcare, the scientific perspective behind human factors can be used to address common security issues. This talk will highlight the importance of compliance in both internal and external contexts and will underscore prioritizing employee well-being, arguing that a secure system becomes compromised if its design does not consider the user’s mental and physical needs. Creating a balance between robust security measures, user-friendly design, and employee well-being is key.\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#62C5C4","updated_at":"2024-06-07T03:42+0000","name":"Talk","id":46295},"title":"Putting Care into Compliance: A Human Factors Approach","android_description":"The human element is often regarded as the weakest link in cybersecurity—we click on things we shouldn’t because they look “good enough”, we empathize with the panicked “CEO” that calls at 3:00am asking for gift cards to fund a trip home. But why? Is it purely a skill issue or are there other elements to consider? Go beyond conventional approaches by merging Governance, Risk and Compliance (GRC) with often overlooked, yet critical, human factors to revolutionize your understanding of cybersecurity. Drawing parallels from sectors like aviation and healthcare, the scientific perspective behind human factors can be used to address common security issues. This talk will highlight the importance of compliance in both internal and external contexts and will underscore prioritizing employee well-being, arguing that a secure system becomes compromised if its design does not consider the user’s mental and physical needs. Creating a balance between robust security measures, user-friendly design, and employee well-being is key.","end_timestamp":{"seconds":1716133800,"nanoseconds":0},"updated_timestamp":{"seconds":1713235140,"nanoseconds":0},"speakers":[{"content_ids":[54059],"conference_id":141,"event_ids":[54400],"name":"Sofia Martinez","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53659},{"content_ids":[54059],"conference_id":141,"event_ids":[54400],"name":"Anthea Gonzalez","affiliations":[{"organization":"Cisco Systems","title":"Information Security Engineer"}],"links":[],"pronouns":null,"media":[],"id":53661,"title":"Information Security Engineer at Cisco Systems"}],"timeband_id":1165,"links":[],"end":"2024-05-19T15:50:00.000-0000","id":54400,"village_id":null,"begin_timestamp":{"seconds":1716130800,"nanoseconds":0},"tag_ids":[46295],"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53661},{"tag_id":46296,"sort_order":1,"person_id":53659}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea & Bar","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea & Bar","id":46225},"begin":"2024-05-19T15:00:00.000-0000","updated":"2024-04-16T02:39:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"In this talk, we will explore the potential security risks associated with the use of Terraform, a popular infrastructure-as-code tool. We will demonstrate how a malicious actor can exploit Terraform to elevate privileges, exfiltrate sensitive data, and gain unauthorized access to cloud environments. The presentation will include live demos showcasing real-world attack scenarios and will conclude with practical recommendations for securing Terraform implementations.\r\n\r\nTerraform is a widely used tool for managing cloud infrastructure as code. While it offers numerous benefits, it can also be a target for attackers seeking to compromise cloud environments. This talk will provide an in-depth analysis of Terraform's security features and vulnerabilities and demonstrate how attackers can exploit them to achieve remote code execution and privilege escalation. We will also discuss best practices for securing Terraform and mitigating potential threats.\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#62C5C4","updated_at":"2024-06-07T03:42+0000","name":"Talk","id":46295},"title":"Infrastructure as Remote Code Execution: How to abuse Terraform to elevate access","end_timestamp":{"seconds":1716130200,"nanoseconds":0},"android_description":"In this talk, we will explore the potential security risks associated with the use of Terraform, a popular infrastructure-as-code tool. We will demonstrate how a malicious actor can exploit Terraform to elevate privileges, exfiltrate sensitive data, and gain unauthorized access to cloud environments. The presentation will include live demos showcasing real-world attack scenarios and will conclude with practical recommendations for securing Terraform implementations.\r\n\r\nTerraform is a widely used tool for managing cloud infrastructure as code. While it offers numerous benefits, it can also be a target for attackers seeking to compromise cloud environments. This talk will provide an in-depth analysis of Terraform's security features and vulnerabilities and demonstrate how attackers can exploit them to achieve remote code execution and privilege escalation. We will also discuss best practices for securing Terraform and mitigating potential threats.","updated_timestamp":{"seconds":1713235080,"nanoseconds":0},"speakers":[{"content_ids":[54058],"conference_id":141,"event_ids":[54399],"name":"Michael McCabe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53679}],"timeband_id":1165,"links":[],"end":"2024-05-19T14:50:00.000-0000","id":54399,"tag_ids":[46295],"begin_timestamp":{"seconds":1716127200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53679}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea & Bar","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea & Bar","id":46225},"updated":"2024-04-16T02:38:00.000-0000","begin":"2024-05-19T14:00:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"From the outside, red teaming looks like a combination of the cast of the movie \"\"Hackers\"\" and a bunch of former spooks in tactical cargo pants talking in milspeak about \"cyber kill chains\", \"TTPs\", and \"OPSEC\". New customers of red team consulting services sometimes come in thinking they're hiring the A-Team and get sorely disappointed once you explain what an \"\"assumed breach\"\" assessment is. Bright-eyed, bushy-tailed young consultants finally get to shadow a red team job, expecting they'll be writing 0day and popping shells all over the place, and then find out it means they're about to spend two weeks reading some bank's internal SharePoint documents and rifling through SMB shares full of spreadsheets. Red teamers already in the field read breach reports and wonder how the hell APTs are still pwning defense contractors with PowerShell.\r\n\r\nAcross the board, from those buying it, to those doing it, to those who want to do it, expectations often don't match reality. This talk is designed for potential red team customers, aspiring red teamers, and current red teamers who desperately want to know if they've been taking crazy pills. In it, we'll discuss just what red team is (or should be), what to expect from the process, what we all could be doing to better simulate the actual threats that organizations face, and how to get the most out of the process and make your organization better.\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#62C5C4","updated_at":"2024-06-07T03:42+0000","name":"Talk","id":46295},"title":"Everything You Never Wanted to Know About Red Teaming but Have Been Forced to Find Out","android_description":"From the outside, red teaming looks like a combination of the cast of the movie \"\"Hackers\"\" and a bunch of former spooks in tactical cargo pants talking in milspeak about \"cyber kill chains\", \"TTPs\", and \"OPSEC\". New customers of red team consulting services sometimes come in thinking they're hiring the A-Team and get sorely disappointed once you explain what an \"\"assumed breach\"\" assessment is. Bright-eyed, bushy-tailed young consultants finally get to shadow a red team job, expecting they'll be writing 0day and popping shells all over the place, and then find out it means they're about to spend two weeks reading some bank's internal SharePoint documents and rifling through SMB shares full of spreadsheets. Red teamers already in the field read breach reports and wonder how the hell APTs are still pwning defense contractors with PowerShell.\r\n\r\nAcross the board, from those buying it, to those doing it, to those who want to do it, expectations often don't match reality. This talk is designed for potential red team customers, aspiring red teamers, and current red teamers who desperately want to know if they've been taking crazy pills. In it, we'll discuss just what red team is (or should be), what to expect from the process, what we all could be doing to better simulate the actual threats that organizations face, and how to get the most out of the process and make your organization better.","end_timestamp":{"seconds":1716126900,"nanoseconds":0},"updated_timestamp":{"seconds":1713235020,"nanoseconds":0},"speakers":[{"content_ids":[54057],"conference_id":141,"event_ids":[54398],"name":"Dan Helton","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ch1kpee"}],"pronouns":null,"media":[],"id":53664}],"timeband_id":1165,"links":[],"end":"2024-05-19T13:55:00.000-0000","id":54398,"begin_timestamp":{"seconds":1716125400,"nanoseconds":0},"village_id":null,"tag_ids":[46295],"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53664}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea & Bar","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea & Bar","id":46225},"spans_timebands":"N","begin":"2024-05-19T13:30:00.000-0000","updated":"2024-04-16T02:37:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","title":"Lockpick Village","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#6717a5","updated_at":"2024-06-07T03:42+0000","name":"Village","id":46309},"end_timestamp":{"seconds":1716132600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1713234120,"nanoseconds":0},"speakers":[{"content_ids":[54025],"conference_id":141,"event_ids":[54363,54364,54365],"name":"Oak City Locksport","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53681}],"timeband_id":1165,"links":[],"end":"2024-05-19T15:30:00.000-0000","id":54365,"village_id":null,"begin_timestamp":{"seconds":1716125400,"nanoseconds":0},"tag_ids":[46309],"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53681}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Oak","hotel":"","short_name":"Oak","id":46226},"begin":"2024-05-19T13:30:00.000-0000","updated":"2024-04-16T02:22:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","color":"#6717a5","name":"Village","id":46309},"title":"Capture The Flag & Wireless Shoothouse","end_timestamp":{"seconds":1716132600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1713234000,"nanoseconds":0},"speakers":[{"content_ids":[54023],"conference_id":141,"event_ids":[54360,54361],"name":"Eversec & Greenh@t Solutions","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53671}],"timeband_id":1165,"links":[],"end":"2024-05-19T15:30:00.000-0000","id":54361,"village_id":null,"begin_timestamp":{"seconds":1716125400,"nanoseconds":0},"tag_ids":[46309],"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53671}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Magnolia","hotel":"","short_name":"Magnolia","id":46223},"spans_timebands":"N","begin":"2024-05-19T13:30:00.000-0000","updated":"2024-04-16T02:20:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","title":"Hardware Hacking Village & Chillout Area","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#6717a5","updated_at":"2024-06-07T03:42+0000","name":"Village","id":46309},"end_timestamp":{"seconds":1716132600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1713233820,"nanoseconds":0},"speakers":[],"timeband_id":1165,"links":[],"end":"2024-05-19T15:30:00.000-0000","id":54358,"tag_ids":[46309],"village_id":null,"begin_timestamp":{"seconds":1716125400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Camelia","hotel":"","short_name":"Camelia","id":46221},"spans_timebands":"N","updated":"2024-04-16T02:17:00.000-0000","begin":"2024-05-19T13:30:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","title":"Information Desk Opens","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","color":"#a6402f","name":"Registration","id":46310},"end_timestamp":{"seconds":1716132600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1713234240,"nanoseconds":0},"speakers":[],"timeband_id":1165,"links":[],"end":"2024-05-19T15:30:00.000-0000","id":54368,"village_id":null,"tag_ids":[46310],"begin_timestamp":{"seconds":1716123600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Prefunction Lobby","hotel":"","short_name":"Prefunction Lobby","id":46227},"updated":"2024-04-16T02:24:00.000-0000","begin":"2024-05-19T13:00:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Swan about in fancy dress at a hacker con because you can.\r\n\r\nHackers do not just wears jeans and t-shirts with hoodies. We can be fabulous!\r\n\r\nDress code is dress as fancy as you want and feel comfortable in - toss on a tiara - break out that old prom gown - wear sequins - wear a tuxedo t shirt - BE YOU\n\n\n","title":"Party / Hacker Swan","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","color":"#ff97bc","name":"Event","id":46308},"end_timestamp":{"seconds":1716091140,"nanoseconds":0},"android_description":"Swan about in fancy dress at a hacker con because you can.\r\n\r\nHackers do not just wears jeans and t-shirts with hoodies. We can be fabulous!\r\n\r\nDress code is dress as fancy as you want and feel comfortable in - toss on a tiara - break out that old prom gown - wear sequins - wear a tuxedo t shirt - BE YOU","updated_timestamp":{"seconds":1716076200,"nanoseconds":0},"speakers":[{"content_ids":[54035],"conference_id":141,"event_ids":[54376],"name":"Hacker Swan","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53672}],"timeband_id":1164,"links":[],"end":"2024-05-19T03:59:00.000-0000","id":54376,"begin_timestamp":{"seconds":1716084000,"nanoseconds":0},"village_id":null,"tag_ids":[46308],"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53672}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea & Bar","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea & Bar","id":46225},"spans_timebands":"N","begin":"2024-05-19T02:00:00.000-0000","updated":"2024-05-18T23:50:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Do you know the most useless shit about hacking or hackers, video games, memes, and more? Let the games begin. Join Unregistered436 and Emwav for two rounds of Jeopardy style Hacker Trivia!\n\n\n","title":"Hacker Trivia","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#ff97bc","updated_at":"2024-06-07T03:42+0000","name":"Event","id":46308},"android_description":"Do you know the most useless shit about hacking or hackers, video games, memes, and more? Let the games begin. Join Unregistered436 and Emwav for two rounds of Jeopardy style Hacker Trivia!","end_timestamp":{"seconds":1716085800,"nanoseconds":0},"updated_timestamp":{"seconds":1713234480,"nanoseconds":0},"speakers":[{"content_ids":[54024,54034,54119],"conference_id":141,"event_ids":[54375,54362,54470],"name":"Emwav","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53668},{"content_ids":[54034],"conference_id":141,"event_ids":[54375],"name":"Unregistered436","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53689}],"timeband_id":1164,"links":[],"end":"2024-05-19T02:30:00.000-0000","id":54375,"begin_timestamp":{"seconds":1716080400,"nanoseconds":0},"tag_ids":[46308],"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53668},{"tag_id":46296,"sort_order":1,"person_id":53689}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"spans_timebands":"N","updated":"2024-04-16T02:28:00.000-0000","begin":"2024-05-19T01:00:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Ah, welcome weary travelers. Have a seat just over there, rest for a bit, while I share a tale most intriguing. Mainframe wizards of old declared mainframe buffer overflows impossible, which was a myth that held fast and true for decades. Not because it was actually impossible, you see, but because people had bought into the marketing or didn’t know any better. This is no longer true! A young mainframe hacker recently discovered the myriad of ways that you can overwrite register 13, allowing us the ability to control return addresses. This story will walk through C and HLASM vulnerabilities, show live examples of how to find an exploit local buffer overflows. Culminating in the demonstration of a remote code execution on a vulnerable mainframe FTP server which not only requires writing z/OS shellcode, but also handling ascii to ebcdic translations. This story has it all. And if this piques your interest, the story ends with the introduction of a docker container which houses a self taught course about everything told here at CackalackyCon.\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#62C5C4","updated_at":"2024-06-07T03:42+0000","name":"Talk","id":46295},"title":"Return to R13? More Like Return to GET REKT: Come Learn Mainframe Buffer Overflows","android_description":"Ah, welcome weary travelers. Have a seat just over there, rest for a bit, while I share a tale most intriguing. Mainframe wizards of old declared mainframe buffer overflows impossible, which was a myth that held fast and true for decades. Not because it was actually impossible, you see, but because people had bought into the marketing or didn’t know any better. This is no longer true! A young mainframe hacker recently discovered the myriad of ways that you can overwrite register 13, allowing us the ability to control return addresses. This story will walk through C and HLASM vulnerabilities, show live examples of how to find an exploit local buffer overflows. Culminating in the demonstration of a remote code execution on a vulnerable mainframe FTP server which not only requires writing z/OS shellcode, but also handling ascii to ebcdic translations. This story has it all. And if this piques your interest, the story ends with the introduction of a docker container which houses a self taught course about everything told here at CackalackyCon.","end_timestamp":{"seconds":1716079800,"nanoseconds":0},"updated_timestamp":{"seconds":1713234960,"nanoseconds":0},"speakers":[{"content_ids":[54056],"conference_id":141,"event_ids":[54397],"name":"Phil Young","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53683}],"timeband_id":1164,"links":[],"end":"2024-05-19T00:50:00.000-0000","id":54397,"tag_ids":[46295],"begin_timestamp":{"seconds":1716076800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53683}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"spans_timebands":"N","begin":"2024-05-19T00:00:00.000-0000","updated":"2024-04-16T02:36:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Everyone wants to know how to break into cyber security, and there are many different ways. Mine was a little unusual, I had a career outside of technology as a respiratory therapist for 10 years when I decided that my passion was for cyber security. In this talk I want to detail the path I took so that others may follow. The focus will be on the education and professional development I took that fast-tracked me into a professional position and what to expect in those first years as an entry level tester. My social anxiety was a hurdle I had to work to overcome, and I will share some of the things I found that helped.\r\n\r\nI will also cover what lessons I learned, and the things I'd do differently.\r\n\r\nBy the end of the talk those looking for a career change or looking at school will leave with practical advice that is relevant in today's (and tomorrows?) job market.\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#62C5C4","updated_at":"2024-06-07T03:42+0000","name":"Talk","id":46295},"title":"How I went from a Respiratory Therapist to a Cyber Security Professional","android_description":"Everyone wants to know how to break into cyber security, and there are many different ways. Mine was a little unusual, I had a career outside of technology as a respiratory therapist for 10 years when I decided that my passion was for cyber security. In this talk I want to detail the path I took so that others may follow. The focus will be on the education and professional development I took that fast-tracked me into a professional position and what to expect in those first years as an entry level tester. My social anxiety was a hurdle I had to work to overcome, and I will share some of the things I found that helped.\r\n\r\nI will also cover what lessons I learned, and the things I'd do differently.\r\n\r\nBy the end of the talk those looking for a career change or looking at school will leave with practical advice that is relevant in today's (and tomorrows?) job market.","end_timestamp":{"seconds":1716076500,"nanoseconds":0},"updated_timestamp":{"seconds":1713234960,"nanoseconds":0},"speakers":[{"content_ids":[54055],"conference_id":141,"event_ids":[54396],"name":"Jessica DelGrande","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53675}],"timeband_id":1164,"links":[],"end":"2024-05-18T23:55:00.000-0000","id":54396,"begin_timestamp":{"seconds":1716075000,"nanoseconds":0},"tag_ids":[46295],"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53675}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"updated":"2024-04-16T02:36:00.000-0000","begin":"2024-05-18T23:30:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#9bb673","updated_at":"2024-06-07T03:42+0000","name":"Misc","id":46311},"title":"DINNER BREAK","android_description":"","end_timestamp":{"seconds":1716075000,"nanoseconds":0},"updated_timestamp":{"seconds":1713234300,"nanoseconds":0},"speakers":[],"timeband_id":1164,"links":[],"end":"2024-05-18T23:30:00.000-0000","id":54371,"village_id":null,"tag_ids":[46311],"begin_timestamp":{"seconds":1716069600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46229},"begin":"2024-05-18T22:00:00.000-0000","updated":"2024-04-16T02:25:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Artificial Intelligence is raging through cyberspace, but can we handle the ride? It's time for a systems check. Join security researcher Jan Nunez as he uncovers the attacks AI/ML systems are vulnerable to and the controls currently available to mitigate them.\r\n\r\nNo prior experience with AI/ML is required. The talk will start with an overview of machine learning, highlighting its benefits and the events that led to its rise in popularity. We'll then shift our focus to practical applications with live demos using the UFO Reporting System, an application designed to showcase cutting-edge attacks on AI systems and other emerging technologies.\r\n\r\nWe will cover several attack scenarios, including remote code execution through infected models, creating adversarial images using gradient descent, and fancy prompt injections in a language model used for tracking UFO encounters.\n\n\n","title":"Neural Nets and Flying Saucers","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#62C5C4","updated_at":"2024-06-07T03:42+0000","name":"Talk","id":46295},"end_timestamp":{"seconds":1716069000,"nanoseconds":0},"android_description":"Artificial Intelligence is raging through cyberspace, but can we handle the ride? It's time for a systems check. Join security researcher Jan Nunez as he uncovers the attacks AI/ML systems are vulnerable to and the controls currently available to mitigate them.\r\n\r\nNo prior experience with AI/ML is required. The talk will start with an overview of machine learning, highlighting its benefits and the events that led to its rise in popularity. We'll then shift our focus to practical applications with live demos using the UFO Reporting System, an application designed to showcase cutting-edge attacks on AI systems and other emerging technologies.\r\n\r\nWe will cover several attack scenarios, including remote code execution through infected models, creating adversarial images using gradient descent, and fancy prompt injections in a language model used for tracking UFO encounters.","updated_timestamp":{"seconds":1713234960,"nanoseconds":0},"speakers":[{"content_ids":[54054],"conference_id":141,"event_ids":[54395],"name":"Jan Nunez","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53673}],"timeband_id":1164,"links":[],"end":"2024-05-18T21:50:00.000-0000","id":54395,"begin_timestamp":{"seconds":1716066000,"nanoseconds":0},"village_id":null,"tag_ids":[46295],"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53673}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"spans_timebands":"N","begin":"2024-05-18T21:00:00.000-0000","updated":"2024-04-16T02:36:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"\"The history of the global lock industry is a litany of lessons-learned, and the resulting solutions are exemplary teaching materials. Like the lock industry, software developers seem to stumble over similar mistakes. There's no need for this: In most cases, lock designers and implementers have already made the same mistakes.\r\n\r\nThe core of this presentation is a series of vignettes describing specific failures of lock designs with a goal of educating software developers and cybersecurity practitioners so they can avoid the same. Real lock paraphernalia from the presenter's personal collection will be used to illustrate some of the issues.\"\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","color":"#62C5C4","name":"Talk","id":46295},"title":"Breaking into InfoSec by Picking Locks","end_timestamp":{"seconds":1716065400,"nanoseconds":0},"android_description":"\"The history of the global lock industry is a litany of lessons-learned, and the resulting solutions are exemplary teaching materials. Like the lock industry, software developers seem to stumble over similar mistakes. There's no need for this: In most cases, lock designers and implementers have already made the same mistakes.\r\n\r\nThe core of this presentation is a series of vignettes describing specific failures of lock designs with a goal of educating software developers and cybersecurity practitioners so they can avoid the same. Real lock paraphernalia from the presenter's personal collection will be used to illustrate some of the issues.\"","updated_timestamp":{"seconds":1713234960,"nanoseconds":0},"speakers":[{"content_ids":[54053],"conference_id":141,"event_ids":[54394],"name":"Jim Duncan","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53676}],"timeband_id":1164,"links":[],"end":"2024-05-18T20:50:00.000-0000","id":54394,"tag_ids":[46295],"begin_timestamp":{"seconds":1716062400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53676}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"updated":"2024-04-16T02:36:00.000-0000","begin":"2024-05-18T20:00:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"As cellular technologies continue to become more integrated into IoT devices, there has been a noticeable lag in comprehending the security implications associated with cellular technology. Furthermore, the development of effective testing methodologies has also fallen behind. Given the highly regulated nature of cellular communication and the prevalent use of encryption, it is imperative for security researchers to deepen their understanding of circuit design and the integration of cellular modems into IoT devices. In this presentation, I will introduce a wide-ranging testing and analysis methodology aimed at enhancing our understanding and evaluation of the security of IoT devices that currently rely on cellular communications. This methodology will encompass an examination of various cellular modem modules in use, their integration into circuit design, and techniques for interacting with communication circuits to control cellular modules, all for the purpose of security testing and analysis.\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","color":"#62C5C4","name":"Talk","id":46295},"title":"An Exploration of Cellular Based IoT Technology","android_description":"As cellular technologies continue to become more integrated into IoT devices, there has been a noticeable lag in comprehending the security implications associated with cellular technology. Furthermore, the development of effective testing methodologies has also fallen behind. Given the highly regulated nature of cellular communication and the prevalent use of encryption, it is imperative for security researchers to deepen their understanding of circuit design and the integration of cellular modems into IoT devices. In this presentation, I will introduce a wide-ranging testing and analysis methodology aimed at enhancing our understanding and evaluation of the security of IoT devices that currently rely on cellular communications. This methodology will encompass an examination of various cellular modem modules in use, their integration into circuit design, and techniques for interacting with communication circuits to control cellular modules, all for the purpose of security testing and analysis.","end_timestamp":{"seconds":1716061800,"nanoseconds":0},"updated_timestamp":{"seconds":1713234960,"nanoseconds":0},"speakers":[{"content_ids":[54052],"conference_id":141,"event_ids":[54393],"name":"Deral Heiland","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53665}],"timeband_id":1164,"links":[],"end":"2024-05-18T19:50:00.000-0000","id":54393,"begin_timestamp":{"seconds":1716058800,"nanoseconds":0},"village_id":null,"tag_ids":[46295],"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53665}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"spans_timebands":"N","begin":"2024-05-18T19:00:00.000-0000","updated":"2024-04-16T02:36:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"This presentation will cover the steps and strategies needed to launch a successful career in cybersecurity. Attendees will learn about the education and certifications required for various cybersecurity roles, as well as tips for gaining experience and networking in the industry. The presentation will also explore different types of jobs available in cybersecurity and how to tailor a resume for these roles. With a focus on practical advice and real-world examples, this presentation will provide attendees with the tools and knowledge they need to \"hack\" their way into a career in cybersecurity.\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","color":"#62C5C4","name":"Talk","id":46295},"title":"Hacking your Way to a Career in Cybersecurity","android_description":"This presentation will cover the steps and strategies needed to launch a successful career in cybersecurity. Attendees will learn about the education and certifications required for various cybersecurity roles, as well as tips for gaining experience and networking in the industry. The presentation will also explore different types of jobs available in cybersecurity and how to tailor a resume for these roles. With a focus on practical advice and real-world examples, this presentation will provide attendees with the tools and knowledge they need to \"hack\" their way into a career in cybersecurity.","end_timestamp":{"seconds":1716058200,"nanoseconds":0},"updated_timestamp":{"seconds":1715969160,"nanoseconds":0},"speakers":[{"content_ids":[54120],"conference_id":141,"event_ids":[54471],"name":"Ashley (Fn00b)","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53719}],"timeband_id":1164,"links":[],"end":"2024-05-18T18:50:00.000-0000","id":54471,"tag_ids":[46295],"begin_timestamp":{"seconds":1716055200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53719}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Dogwood","hotel":"","short_name":"Dogwood","id":46222},"spans_timebands":"N","updated":"2024-05-17T18:06:00.000-0000","begin":"2024-05-18T18:00:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"With all the tech layoffs, the opportunities presented by generative ai, and the current geo-political climate - the allure of starting your own cybersecurity company is stronger than ever. But what does it truly take to transition from cybersecurity enthusiast or professional to successful entrepreneur?\r\n\r\n\"So, You Want to Start Your Own Cybersecurity Company\" sheds like on the arduous journey from the kernel of an idea to a successful business in the complex and rapidly evolving cybersecurity landscape.\r\n\r\nThe path to entrepreneurship in cybersecurity is fraught with both technical and business challenges. A lot of them. Many technical professionals possess the skills to identify and mitigate vulnerabilities but lack the business acumen to transform these skills into a viable business model.\r\n\r\nThis presentation aims to bridge that gap, outlining common pitfalls aspiring entrepreneurs must navigate when starting a cybersecurity firm.\r\n\r\nParticipants will gain insights into:\r\n\r\n- The key qualities of successful entrepreneurs\r\n- What a good product or service idea looks like\r\n- Raising money vs bootstrapping\r\n- How to take the first steps while you’re still working a day job\r\n- How to look at corporate structure, insurance, when compliance matters, etc\r\n- Key considerations for building a brand and attracting clients\r\n- Growing your team and hiring the right people in a competitive industry\r\n\r\nThis presentation is primarily about helping you become an entrepreneur. However, it's also about fostering an entrepreneurial mindset in cybersecurity and sparking innovation. Whether you dream of launching a consultancy, taking the cool tool you’ve writtent to market, or providing managed services, \"\"So, You Want to Start Your Own Cybersecurity Company\"\" offers valuable lessons on turning your cybersecurity passion into a successful enterprise.\r\n\r\nJoin me to explore how you can make an impactful contribution to the cybersecurity community, not only as the technical expert you already are but as the entrepreneur you want to become.\n\n\n","title":"So, you want to start your own cyber security company?","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","color":"#62C5C4","name":"Talk","id":46295},"end_timestamp":{"seconds":1716058200,"nanoseconds":0},"android_description":"With all the tech layoffs, the opportunities presented by generative ai, and the current geo-political climate - the allure of starting your own cybersecurity company is stronger than ever. But what does it truly take to transition from cybersecurity enthusiast or professional to successful entrepreneur?\r\n\r\n\"So, You Want to Start Your Own Cybersecurity Company\" sheds like on the arduous journey from the kernel of an idea to a successful business in the complex and rapidly evolving cybersecurity landscape.\r\n\r\nThe path to entrepreneurship in cybersecurity is fraught with both technical and business challenges. A lot of them. Many technical professionals possess the skills to identify and mitigate vulnerabilities but lack the business acumen to transform these skills into a viable business model.\r\n\r\nThis presentation aims to bridge that gap, outlining common pitfalls aspiring entrepreneurs must navigate when starting a cybersecurity firm.\r\n\r\nParticipants will gain insights into:\r\n\r\n- The key qualities of successful entrepreneurs\r\n- What a good product or service idea looks like\r\n- Raising money vs bootstrapping\r\n- How to take the first steps while you’re still working a day job\r\n- How to look at corporate structure, insurance, when compliance matters, etc\r\n- Key considerations for building a brand and attracting clients\r\n- Growing your team and hiring the right people in a competitive industry\r\n\r\nThis presentation is primarily about helping you become an entrepreneur. However, it's also about fostering an entrepreneurial mindset in cybersecurity and sparking innovation. Whether you dream of launching a consultancy, taking the cool tool you’ve writtent to market, or providing managed services, \"\"So, You Want to Start Your Own Cybersecurity Company\"\" offers valuable lessons on turning your cybersecurity passion into a successful enterprise.\r\n\r\nJoin me to explore how you can make an impactful contribution to the cybersecurity community, not only as the technical expert you already are but as the entrepreneur you want to become.","updated_timestamp":{"seconds":1713234900,"nanoseconds":0},"speakers":[{"content_ids":[54051],"conference_id":141,"event_ids":[54392],"name":"Lee Sult","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53677}],"timeband_id":1164,"links":[],"end":"2024-05-18T18:50:00.000-0000","id":54392,"tag_ids":[46295],"village_id":null,"begin_timestamp":{"seconds":1716055200,"nanoseconds":0},"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53677}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"begin":"2024-05-18T18:00:00.000-0000","updated":"2024-04-16T02:35:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","title":"LUNCH BREAK","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#9bb673","updated_at":"2024-06-07T03:42+0000","name":"Misc","id":46311},"end_timestamp":{"seconds":1716055200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1713234300,"nanoseconds":0},"speakers":[],"timeband_id":1164,"links":[],"end":"2024-05-18T18:00:00.000-0000","id":54370,"tag_ids":[46311],"village_id":null,"begin_timestamp":{"seconds":1716049800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46229},"updated":"2024-04-16T02:25:00.000-0000","begin":"2024-05-18T16:30:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"This research explores the use of the Linux D-Bus as an investigative vehicle for understanding and cataloguing the Bluetooth landscape. Exploration begins with an assessment of the protocol’s basics, the topography of existing toolsets, and a determination of where/how to launch our probe of the environment. After discerning limitations and establishing initial instruments, we review the pain-points perceived along with lessons learned in development of these skills. The review of Bluetooth research ranges from scanning to discovery of devices, their enumeration, and their interaction with potential objects.\n\n\n","title":"Taking D-Bus to Explore the Bluetooth Landscape","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","color":"#62C5C4","name":"Talk","id":46295},"android_description":"This research explores the use of the Linux D-Bus as an investigative vehicle for understanding and cataloguing the Bluetooth landscape. Exploration begins with an assessment of the protocol’s basics, the topography of existing toolsets, and a determination of where/how to launch our probe of the environment. After discerning limitations and establishing initial instruments, we review the pain-points perceived along with lessons learned in development of these skills. The review of Bluetooth research ranges from scanning to discovery of devices, their enumeration, and their interaction with potential objects.","end_timestamp":{"seconds":1716049500,"nanoseconds":0},"updated_timestamp":{"seconds":1713234900,"nanoseconds":0},"speakers":[{"content_ids":[54050],"conference_id":141,"event_ids":[54391],"name":"Paul Wortman","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53682}],"timeband_id":1164,"links":[],"end":"2024-05-18T16:25:00.000-0000","id":54391,"village_id":null,"tag_ids":[46295],"begin_timestamp":{"seconds":1716048000,"nanoseconds":0},"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53682}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"spans_timebands":"N","updated":"2024-04-16T02:35:00.000-0000","begin":"2024-05-18T16:00:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"f you want to master the art of penetration testing, you need to know how to exploit Active Directory. It's the backbone of most networks and it holds the keys to the kingdom. But cracking it is not always easy. You need to use the right tools and techniques for the job. In this Anti-Cast, we will show you 4 different ways that can help you extract valuable information from AD, modify its settings, and gain full control over the network. You will learn how to choose the best method for each scenario and how to avoid common pitfalls. This talk comes with practical demos and tips that will boost your hacking skills.\n\n\n","title":"Active Directory Hacking: 3 \"New\" Techniques","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","color":"#62C5C4","name":"Talk","id":46295},"end_timestamp":{"seconds":1716047400,"nanoseconds":0},"android_description":"f you want to master the art of penetration testing, you need to know how to exploit Active Directory. It's the backbone of most networks and it holds the keys to the kingdom. But cracking it is not always easy. You need to use the right tools and techniques for the job. In this Anti-Cast, we will show you 4 different ways that can help you extract valuable information from AD, modify its settings, and gain full control over the network. You will learn how to choose the best method for each scenario and how to avoid common pitfalls. This talk comes with practical demos and tips that will boost your hacking skills.","updated_timestamp":{"seconds":1713234900,"nanoseconds":0},"speakers":[{"content_ids":[54049],"conference_id":141,"event_ids":[54390],"name":"Eric Kuehn","affiliations":[{"organization":"Secure Ideas","title":"Principal Consultant"}],"links":[],"pronouns":null,"media":[],"id":53669,"title":"Principal Consultant at Secure Ideas"}],"timeband_id":1164,"links":[],"end":"2024-05-18T15:50:00.000-0000","id":54390,"tag_ids":[46295],"begin_timestamp":{"seconds":1716044400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53669}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"spans_timebands":"N","updated":"2024-04-16T02:35:00.000-0000","begin":"2024-05-18T15:00:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Notice: Take notes for this one because it will not be recorded. (And do not attempt to record yourself)\r\n\r\nThis presentation will talk about a ransomware case in which a particular threat actor finds its niche by targeting small businesses in the APAC region. Unlike larger companies, small businesses are at a disadvantage when it comes to ransomware attacks. Most do not suspect themselves as targets, leaving many victims with a hefty price tag.\r\n\r\nThis threat actor group has responded to the ever-changing landscape of ransomware mitigation by leveraging techniques to exfiltrate as much data out and then instills fear to bring victims to their knees. A high-level summary of the events is intended to give insight into the threat actor methodology and the mitigation process.\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","color":"#62C5C4","name":"Talk","id":46295},"title":"A lot to lose: A case study of ransomware targeting small yet high value targets in the APAC region.","end_timestamp":{"seconds":1716043800,"nanoseconds":0},"android_description":"Notice: Take notes for this one because it will not be recorded. (And do not attempt to record yourself)\r\n\r\nThis presentation will talk about a ransomware case in which a particular threat actor finds its niche by targeting small businesses in the APAC region. Unlike larger companies, small businesses are at a disadvantage when it comes to ransomware attacks. Most do not suspect themselves as targets, leaving many victims with a hefty price tag.\r\n\r\nThis threat actor group has responded to the ever-changing landscape of ransomware mitigation by leveraging techniques to exfiltrate as much data out and then instills fear to bring victims to their knees. A high-level summary of the events is intended to give insight into the threat actor methodology and the mitigation process.","updated_timestamp":{"seconds":1713234900,"nanoseconds":0},"speakers":[{"content_ids":[54048],"conference_id":141,"event_ids":[54389],"name":"Janet","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53674}],"timeband_id":1164,"links":[],"end":"2024-05-18T14:50:00.000-0000","id":54389,"begin_timestamp":{"seconds":1716040800,"nanoseconds":0},"village_id":null,"tag_ids":[46295],"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53674}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"begin":"2024-05-18T14:00:00.000-0000","updated":"2024-04-16T02:35:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Did you know there are crucial yet often overlooked skills that can help you secure a junior-level position or internship in any technical field? These skills, though seldom listed in job requirements, can prompt a full eye roll from hiring managers if a candidate or new hire lacks them. As a hiring manager, I was perplexed when a highly educated technical candidate lacked these skills. As a non-traditional college student with decades of tech industry experience, I understood why: these skills are rarely taught; they are simply “expected.”\r\n\r\nThis presentation will highlight several essential skills that every technical candidate should possess— whether in red team, blue team, help desk, or operations center roles. The best part is, most of these skills can be learned quickly and free of charge. They just need to be identified.\n\n\n","title":"Resume For Nothing and Skills For Free: The skills needed to get your foot in the door","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#62C5C4","updated_at":"2024-06-07T03:42+0000","name":"Talk","id":46295},"android_description":"Did you know there are crucial yet often overlooked skills that can help you secure a junior-level position or internship in any technical field? These skills, though seldom listed in job requirements, can prompt a full eye roll from hiring managers if a candidate or new hire lacks them. As a hiring manager, I was perplexed when a highly educated technical candidate lacked these skills. As a non-traditional college student with decades of tech industry experience, I understood why: these skills are rarely taught; they are simply “expected.”\r\n\r\nThis presentation will highlight several essential skills that every technical candidate should possess— whether in red team, blue team, help desk, or operations center roles. The best part is, most of these skills can be learned quickly and free of charge. They just need to be identified.","end_timestamp":{"seconds":1716040800,"nanoseconds":0},"updated_timestamp":{"seconds":1715969100,"nanoseconds":0},"speakers":[{"content_ids":[54024,54034,54119],"conference_id":141,"event_ids":[54375,54362,54470],"name":"Emwav","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53668}],"timeband_id":1164,"links":[],"end":"2024-05-18T14:00:00.000-0000","id":54470,"tag_ids":[46295],"begin_timestamp":{"seconds":1716039000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53668}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Dogwood","hotel":"","short_name":"Dogwood","id":46222},"spans_timebands":"N","updated":"2024-05-17T18:05:00.000-0000","begin":"2024-05-18T13:30:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Interested in participating in the Capture The Flag competition but don't know how to get started? The Eversec team will provide an overview for first-timers and anyone who might need a refresher.\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","color":"#62C5C4","name":"Talk","id":46295},"title":"INTRO TO CTF","android_description":"Interested in participating in the Capture The Flag competition but don't know how to get started? The Eversec team will provide an overview for first-timers and anyone who might need a refresher.","end_timestamp":{"seconds":1716040500,"nanoseconds":0},"updated_timestamp":{"seconds":1713234840,"nanoseconds":0},"speakers":[{"content_ids":[54022,54047],"conference_id":141,"event_ids":[54359,54388],"name":"Eversec","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53670}],"timeband_id":1164,"links":[],"end":"2024-05-18T13:55:00.000-0000","id":54388,"tag_ids":[46295],"village_id":null,"begin_timestamp":{"seconds":1716039000,"nanoseconds":0},"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53670}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"spans_timebands":"N","begin":"2024-05-18T13:30:00.000-0000","updated":"2024-04-16T02:34:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","title":"Lockpick Village","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","color":"#6717a5","name":"Village","id":46309},"android_description":"","end_timestamp":{"seconds":1716078600,"nanoseconds":0},"updated_timestamp":{"seconds":1713234120,"nanoseconds":0},"speakers":[{"content_ids":[54025],"conference_id":141,"event_ids":[54363,54364,54365],"name":"Oak City Locksport","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53681}],"timeband_id":1164,"links":[],"end":"2024-05-19T00:30:00.000-0000","id":54364,"begin_timestamp":{"seconds":1716039000,"nanoseconds":0},"village_id":null,"tag_ids":[46309],"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53681}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Oak","hotel":"","short_name":"Oak","id":46226},"updated":"2024-04-16T02:22:00.000-0000","begin":"2024-05-18T13:30:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","color":"#6717a5","name":"Village","id":46309},"title":"Career Village","end_timestamp":{"seconds":1716069600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1713234060,"nanoseconds":0},"speakers":[{"content_ids":[54024,54034,54119],"conference_id":141,"event_ids":[54375,54362,54470],"name":"Emwav","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53668}],"timeband_id":1164,"links":[],"end":"2024-05-18T22:00:00.000-0000","id":54362,"tag_ids":[46309],"begin_timestamp":{"seconds":1716039000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53668}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Dogwood","hotel":"","short_name":"Dogwood","id":46222},"spans_timebands":"N","begin":"2024-05-18T13:30:00.000-0000","updated":"2024-04-16T02:21:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","color":"#6717a5","name":"Village","id":46309},"title":"Capture The Flag & Wireless Shoothouse","android_description":"","end_timestamp":{"seconds":1716071400,"nanoseconds":0},"updated_timestamp":{"seconds":1713234000,"nanoseconds":0},"speakers":[{"content_ids":[54023],"conference_id":141,"event_ids":[54360,54361],"name":"Eversec & Greenh@t Solutions","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53671}],"timeband_id":1164,"links":[],"end":"2024-05-18T22:30:00.000-0000","id":54360,"begin_timestamp":{"seconds":1716039000,"nanoseconds":0},"tag_ids":[46309],"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53671}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Magnolia","hotel":"","short_name":"Magnolia","id":46223},"updated":"2024-04-16T02:20:00.000-0000","begin":"2024-05-18T13:30:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","title":"Hardware Hacking Village & Chillout Area","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#6717a5","updated_at":"2024-06-07T03:42+0000","name":"Village","id":46309},"end_timestamp":{"seconds":1716091140,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1713233820,"nanoseconds":0},"speakers":[],"timeband_id":1164,"links":[],"end":"2024-05-19T03:59:00.000-0000","id":54357,"begin_timestamp":{"seconds":1716039000,"nanoseconds":0},"tag_ids":[46309],"village_id":null,"includes":"","people":[],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Camelia","hotel":"","short_name":"Camelia","id":46221},"updated":"2024-04-16T02:17:00.000-0000","begin":"2024-05-18T13:30:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Join this informal gathering with your morning coffee to discuss crypto, ask questions, learn more, and meet others. HODL!\n\n\n","title":"Crypto And Coffee","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#ff97bc","updated_at":"2024-06-07T03:42+0000","name":"Event","id":46308},"android_description":"Join this informal gathering with your morning coffee to discuss crypto, ask questions, learn more, and meet others. HODL!","end_timestamp":{"seconds":1716044400,"nanoseconds":0},"updated_timestamp":{"seconds":1713234360,"nanoseconds":0},"speakers":[],"timeband_id":1164,"links":[],"end":"2024-05-18T15:00:00.000-0000","id":54373,"begin_timestamp":{"seconds":1716037200,"nanoseconds":0},"village_id":null,"tag_ids":[46308],"includes":"","people":[],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Upper Courtyard","hotel":"","short_name":"Upper Courtyard","id":46228},"spans_timebands":"N","updated":"2024-04-16T02:26:00.000-0000","begin":"2024-05-18T13:00:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","title":"Registration Opens","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#a6402f","updated_at":"2024-06-07T03:42+0000","name":"Registration","id":46310},"android_description":"","end_timestamp":{"seconds":1716080400,"nanoseconds":0},"updated_timestamp":{"seconds":1713234180,"nanoseconds":0},"speakers":[],"timeband_id":1164,"links":[],"end":"2024-05-19T01:00:00.000-0000","id":54367,"tag_ids":[46310],"begin_timestamp":{"seconds":1716037200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Prefunction Lobby","hotel":"","short_name":"Prefunction Lobby","id":46227},"spans_timebands":"N","begin":"2024-05-18T13:00:00.000-0000","updated":"2024-04-16T02:23:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#ff97bc","updated_at":"2024-06-07T03:42+0000","name":"Event","id":46308},"title":"PARTY STARTS","end_timestamp":{"seconds":1716004740,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1713234360,"nanoseconds":0},"speakers":[],"timeband_id":1163,"links":[],"end":"2024-05-18T03:59:00.000-0000","id":54372,"begin_timestamp":{"seconds":1715999400,"nanoseconds":0},"village_id":null,"tag_ids":[46308],"includes":"","people":[],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Camelia","hotel":"","short_name":"Camelia","id":46221},"updated":"2024-04-16T02:26:00.000-0000","begin":"2024-05-18T02:30:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"In addition to being certified as a Forensic Locksmith and a Safe and Vault Technician, it sometimes surprises people to learn that I am a Life Safety NFPA & ADA Consultant and Fire Door Inspector. \"\"Deviant, do you make a lot of money doing safety inspections like that?\"\" I get asked. The answer is a resounding no. I didn't take this training for the money, however. I learned about fire doors and fire suppression systems so that I can speak knowledgeably about them if I'm using this field as a cover identity during a break-in job.\r\n\r\nThis presentation will be a brief but somewhat comprehensive crash course in the field of National Fire Protection Association knowledge and building codes. The rundown offered will afford you a lot of useful tips, terminology, and insider knowledge that you can rattle off at an unsuspecting employee or guard who is curious as to what you're doing inside of their building.\r\n\r\nNOTE: You will not be a certified NFPA or ADA consultant after attending this talk. You are not legally allowed to charge money for inspections and certification of buildings... but you'll certainly sound like you could do that if you pay attention!\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","color":"#62C5C4","name":"Talk","id":46295},"title":"Shit's On Fire, Yo - Tips for one of My Favorite Social Engineering Cover Identities","end_timestamp":{"seconds":1715995800,"nanoseconds":0},"android_description":"In addition to being certified as a Forensic Locksmith and a Safe and Vault Technician, it sometimes surprises people to learn that I am a Life Safety NFPA & ADA Consultant and Fire Door Inspector. \"\"Deviant, do you make a lot of money doing safety inspections like that?\"\" I get asked. The answer is a resounding no. I didn't take this training for the money, however. I learned about fire doors and fire suppression systems so that I can speak knowledgeably about them if I'm using this field as a cover identity during a break-in job.\r\n\r\nThis presentation will be a brief but somewhat comprehensive crash course in the field of National Fire Protection Association knowledge and building codes. The rundown offered will afford you a lot of useful tips, terminology, and insider knowledge that you can rattle off at an unsuspecting employee or guard who is curious as to what you're doing inside of their building.\r\n\r\nNOTE: You will not be a certified NFPA or ADA consultant after attending this talk. You are not legally allowed to charge money for inspections and certification of buildings... but you'll certainly sound like you could do that if you pay attention!","updated_timestamp":{"seconds":1713234840,"nanoseconds":0},"speakers":[{"content_ids":[54046],"conference_id":141,"event_ids":[54387],"name":"Deviant Ollam","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53666}],"timeband_id":1163,"links":[],"end":"2024-05-18T01:30:00.000-0000","id":54387,"village_id":null,"tag_ids":[46295],"begin_timestamp":{"seconds":1715994000,"nanoseconds":0},"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53666}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"begin":"2024-05-18T01:00:00.000-0000","updated":"2024-04-16T02:34:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"\"You wouldn't steal a succulent chinese meal?\r\nThis guy might...and a a lot more if you let him close to your AI/ML environments.\r\n\r\nLearn how to do a sneaky pinch in your AI/ML environments from the elusive \"\"Four-Fingers\"\". Learn a little AI/ML judo and maybe even find out how he got the name in the process.\r\n\r\nOne of the most interesting and underrepresented challenges in Machine Learning(ML) right now is the application of ML to offensive security operations. ML is the background of everything you do, and you're already equipped to reason about the risks, yet many hesitate to dive in. I often get questions like; \"\"I am not very good at math, so is it possible for me to get involved?\"\"\r\n\r\nThe answer is a resounding \"\"*yes*, and we need you, and its easier than you think!\"\" I want to show you all the opportunities that exist for hackers to get involved with offensive ML in both an offensive and defensive capacity. I will share my experience with entering this space, the things I've found, the people I've met, the projects I love and the engineering opportunities that excite me.\r\n\r\nI hope to show you the 'state of the art' in offensive ML and where people like yourself can have the most impact. I'll demo some ML attacks and uses for red teams you might have thought out of reach and share my experience hacking on ML systems which has led to some of the most rewarding moments I've had hacking.\"\n\n\n","title":"The grass is greener in the greenfield: Offensive Machine Learning TTP's","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#62C5C4","updated_at":"2024-06-07T03:42+0000","name":"Talk","id":46295},"android_description":"\"You wouldn't steal a succulent chinese meal?\r\nThis guy might...and a a lot more if you let him close to your AI/ML environments.\r\n\r\nLearn how to do a sneaky pinch in your AI/ML environments from the elusive \"\"Four-Fingers\"\". Learn a little AI/ML judo and maybe even find out how he got the name in the process.\r\n\r\nOne of the most interesting and underrepresented challenges in Machine Learning(ML) right now is the application of ML to offensive security operations. ML is the background of everything you do, and you're already equipped to reason about the risks, yet many hesitate to dive in. I often get questions like; \"\"I am not very good at math, so is it possible for me to get involved?\"\"\r\n\r\nThe answer is a resounding \"\"*yes*, and we need you, and its easier than you think!\"\" I want to show you all the opportunities that exist for hackers to get involved with offensive ML in both an offensive and defensive capacity. I will share my experience with entering this space, the things I've found, the people I've met, the projects I love and the engineering opportunities that excite me.\r\n\r\nI hope to show you the 'state of the art' in offensive ML and where people like yourself can have the most impact. I'll demo some ML attacks and uses for red teams you might have thought out of reach and share my experience hacking on ML systems which has led to some of the most rewarding moments I've had hacking.\"","end_timestamp":{"seconds":1715993400,"nanoseconds":0},"updated_timestamp":{"seconds":1713234840,"nanoseconds":0},"speakers":[{"content_ids":[54045],"conference_id":141,"event_ids":[54386],"name":"Threlfall","affiliations":[{"organization":"Dropbox","title":""}],"links":[],"pronouns":null,"media":[],"id":53688,"title":"Dropbox"}],"timeband_id":1163,"links":[],"end":"2024-05-18T00:50:00.000-0000","id":54386,"tag_ids":[46295],"village_id":null,"begin_timestamp":{"seconds":1715990400,"nanoseconds":0},"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53688}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"spans_timebands":"N","updated":"2024-04-16T02:34:00.000-0000","begin":"2024-05-18T00:00:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"You are here attending a Hacker Conference, but have you ever wondered “How did we get here?” Once upon a time, not long ago, there was no cybersecurity industry or careers. This talk transports attendees on a retrospective journey through time to highlight the advancements which paved the way here. We further explore historic attack vectors to understand how they relate to the cyberattacks of today. Topics include when Social Engineering first intertwined with technology following previous milestones in telecommunications. Our expedition highlights the technological origins of Phone Phreaking, Computer Hacking, Social Engineering, and how these activities relate to modern attacks. The speaker brought numerous hardware relics from the past to show the crowd and demo throughout this presentation. Come learn about what the underground phone phreak and early computer hacker scenes were like, and get ready for some “Show & Telecom”!\n\n\n","title":"Lies, Telephony, and Hacking History","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#62C5C4","updated_at":"2024-06-07T03:42+0000","name":"Talk","id":46295},"end_timestamp":{"seconds":1715989800,"nanoseconds":0},"android_description":"You are here attending a Hacker Conference, but have you ever wondered “How did we get here?” Once upon a time, not long ago, there was no cybersecurity industry or careers. This talk transports attendees on a retrospective journey through time to highlight the advancements which paved the way here. We further explore historic attack vectors to understand how they relate to the cyberattacks of today. Topics include when Social Engineering first intertwined with technology following previous milestones in telecommunications. Our expedition highlights the technological origins of Phone Phreaking, Computer Hacking, Social Engineering, and how these activities relate to modern attacks. The speaker brought numerous hardware relics from the past to show the crowd and demo throughout this presentation. Come learn about what the underground phone phreak and early computer hacker scenes were like, and get ready for some “Show & Telecom”!","updated_timestamp":{"seconds":1713234780,"nanoseconds":0},"speakers":[{"content_ids":[54044],"conference_id":141,"event_ids":[54385],"name":"Matt Scheurer","affiliations":[{"organization":"","title":"Assistant Vice President of Computer Security and Incident Response"}],"links":[],"pronouns":null,"media":[],"id":53678,"title":"Assistant Vice President of Computer Security and Incident Response"}],"timeband_id":1163,"links":[],"end":"2024-05-17T23:50:00.000-0000","id":54385,"begin_timestamp":{"seconds":1715986800,"nanoseconds":0},"village_id":null,"tag_ids":[46295],"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53678}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"updated":"2024-04-16T02:33:00.000-0000","begin":"2024-05-17T23:00:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Today we explore how we can make turn a normal python reverse shell into a \"vulnerable web app\", that will fool and maybe entertain, both unsuspecting and suspecting customers. When they think they have gotten successful remote code execution, its actually our little application talking to their listener with ChatGPT on the other side pretending to be a command prompt. I will also show my journey with building this application.\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","color":"#62C5C4","name":"Talk","id":46295},"title":"DIY Generative AI driven Honeypot","end_timestamp":{"seconds":1715986500,"nanoseconds":0},"android_description":"Today we explore how we can make turn a normal python reverse shell into a \"vulnerable web app\", that will fool and maybe entertain, both unsuspecting and suspecting customers. When they think they have gotten successful remote code execution, its actually our little application talking to their listener with ChatGPT on the other side pretending to be a command prompt. I will also show my journey with building this application.","updated_timestamp":{"seconds":1713234780,"nanoseconds":0},"speakers":[{"content_ids":[54043],"conference_id":141,"event_ids":[54384],"name":"Savvyjuan","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53686}],"timeband_id":1163,"links":[],"end":"2024-05-17T22:55:00.000-0000","id":54384,"tag_ids":[46295],"begin_timestamp":{"seconds":1715985000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53686}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"updated":"2024-04-16T02:33:00.000-0000","begin":"2024-05-17T22:30:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#6717a5","updated_at":"2024-06-07T03:42+0000","name":"Village","id":46309},"title":"Lockpick Village","end_timestamp":{"seconds":1715997600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1713234120,"nanoseconds":0},"speakers":[{"content_ids":[54025],"conference_id":141,"event_ids":[54363,54364,54365],"name":"Oak City Locksport","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53681}],"timeband_id":1163,"links":[],"end":"2024-05-18T02:00:00.000-0000","id":54363,"begin_timestamp":{"seconds":1715985000,"nanoseconds":0},"village_id":null,"tag_ids":[46309],"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53681}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Oak","hotel":"","short_name":"Oak","id":46226},"spans_timebands":"N","updated":"2024-04-16T02:22:00.000-0000","begin":"2024-05-17T22:30:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","title":"Capture The Flag","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#6717a5","updated_at":"2024-06-07T03:42+0000","name":"Village","id":46309},"android_description":"","end_timestamp":{"seconds":1715997600,"nanoseconds":0},"updated_timestamp":{"seconds":1713233940,"nanoseconds":0},"speakers":[{"content_ids":[54022,54047],"conference_id":141,"event_ids":[54359,54388],"name":"Eversec","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53670}],"timeband_id":1163,"links":[],"end":"2024-05-18T02:00:00.000-0000","id":54359,"begin_timestamp":{"seconds":1715985000,"nanoseconds":0},"tag_ids":[46309],"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53670}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Magnolia","hotel":"","short_name":"Magnolia","id":46223},"begin":"2024-05-17T22:30:00.000-0000","updated":"2024-04-16T02:19:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","title":"Hardware Hacking Village & Chillout Area","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","color":"#6717a5","name":"Village","id":46309},"android_description":"","end_timestamp":{"seconds":1715997600,"nanoseconds":0},"updated_timestamp":{"seconds":1713233820,"nanoseconds":0},"speakers":[],"timeband_id":1163,"links":[],"end":"2024-05-18T02:00:00.000-0000","id":54356,"village_id":null,"tag_ids":[46309],"begin_timestamp":{"seconds":1715985000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Camelia","hotel":"","short_name":"Camelia","id":46221},"updated":"2024-04-16T02:17:00.000-0000","begin":"2024-05-17T22:30:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Join us for the offical opening of CackalackyCon! After we open, we'll go over how to assemble and use our awesome electronic badge!\n\n\n","title":"Opening Ceremony and Badge Talk","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","color":"#62C5C4","name":"Talk","id":46295},"end_timestamp":{"seconds":1715984700,"nanoseconds":0},"android_description":"Join us for the offical opening of CackalackyCon! After we open, we'll go over how to assemble and use our awesome electronic badge!","updated_timestamp":{"seconds":1713234780,"nanoseconds":0},"speakers":[{"content_ids":[54033,54042],"conference_id":141,"event_ids":[54374,54383],"name":"CackalackyCon Staff","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53662}],"timeband_id":1163,"links":[],"end":"2024-05-17T22:25:00.000-0000","id":54383,"village_id":null,"tag_ids":[46295],"begin_timestamp":{"seconds":1715983200,"nanoseconds":0},"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53662}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"updated":"2024-04-16T02:33:00.000-0000","begin":"2024-05-17T22:00:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","color":"#9bb673","name":"Misc","id":46311},"title":"DINNER BREAK","android_description":"","end_timestamp":{"seconds":1715983200,"nanoseconds":0},"updated_timestamp":{"seconds":1713234300,"nanoseconds":0},"speakers":[],"timeband_id":1163,"links":[],"end":"2024-05-17T22:00:00.000-0000","id":54369,"village_id":null,"begin_timestamp":{"seconds":1715979600,"nanoseconds":0},"tag_ids":[46311],"includes":"","people":[],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46229},"updated":"2024-04-16T02:25:00.000-0000","begin":"2024-05-17T21:00:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Threat modeling remains an area often misunderstood or overlooked within the realm of cybersecurity. Misconceptions surrounding its perceived complexity or uncertain value often lead individuals to approach it with skepticism. However, at its core, threat modeling entails adopting a hacker's perspective to anticipate potential security vulnerabilities in an application and implementing appropriate safeguards against them. The relationship between threat modelers and ethical hackers is symbiotic, wherein threat modelers meticulously identify probable threats, enabling ethical hackers to efficiently validate and address them. To illustrate this dynamic, we will conduct a brief threat modeling exercise on Kubernetes GOAT, a deliberately vulnerable web application, utilizing the AKS top 10 framework and the Microsoft Threat Modeling tool. Subsequently, I will demonstrate the exploitation chain of one identified threat. However, there is an unique aspect to this demonstration-what starts as one threat expands into a multitude, illustrating the hacker’s potential playground. Through this presentation, attendees will not only appreciate the critical role of threat modeling for Cyber Threat Researchers, programmers, ethical hackers, and project managers but also gain invaluable insights into the AKS top 10, the Microsoft threat modeling tool, and the process of exploiting AKS vulnerabilities.\n\n\n","title":"Threat Modeling the GOAT: A Hacker's Perspective","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#62C5C4","updated_at":"2024-06-07T03:42+0000","name":"Talk","id":46295},"android_description":"Threat modeling remains an area often misunderstood or overlooked within the realm of cybersecurity. Misconceptions surrounding its perceived complexity or uncertain value often lead individuals to approach it with skepticism. However, at its core, threat modeling entails adopting a hacker's perspective to anticipate potential security vulnerabilities in an application and implementing appropriate safeguards against them. The relationship between threat modelers and ethical hackers is symbiotic, wherein threat modelers meticulously identify probable threats, enabling ethical hackers to efficiently validate and address them. To illustrate this dynamic, we will conduct a brief threat modeling exercise on Kubernetes GOAT, a deliberately vulnerable web application, utilizing the AKS top 10 framework and the Microsoft Threat Modeling tool. Subsequently, I will demonstrate the exploitation chain of one identified threat. However, there is an unique aspect to this demonstration-what starts as one threat expands into a multitude, illustrating the hacker’s potential playground. Through this presentation, attendees will not only appreciate the critical role of threat modeling for Cyber Threat Researchers, programmers, ethical hackers, and project managers but also gain invaluable insights into the AKS top 10, the Microsoft threat modeling tool, and the process of exploiting AKS vulnerabilities.","end_timestamp":{"seconds":1715979000,"nanoseconds":0},"updated_timestamp":{"seconds":1715968920,"nanoseconds":0},"speakers":[{"content_ids":[54041],"conference_id":141,"event_ids":[54382],"name":"Abigail Kraska","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53660}],"timeband_id":1163,"links":[],"end":"2024-05-17T20:50:00.000-0000","id":54382,"village_id":null,"tag_ids":[46295],"begin_timestamp":{"seconds":1715976000,"nanoseconds":0},"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53660}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"spans_timebands":"N","begin":"2024-05-17T20:00:00.000-0000","updated":"2024-05-17T18:02:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"JS-Tap provides a generic JavaScript payload and supporting software to help red teams attack web applications as an XSS payload or post-exploitation implant. \r\n\r\nJS-Tap was originally intended to only provide reconnaissance and monitoring of “tapped” users to help red teamers capture credentials and sensitive data, but JS-Tap has evolved over time to take on a more directly offensive role. \r\n\r\nIn addition to its monitoring capabilities, JS-Tap now includes a C2 system to manage and deliver custom JavaScript payloads to tapped clients. This C2 system lets red teamers build on the generic capabilities of JS-Tap, and use insights gained from monitoring tapped applications to develop tailored payloads that can be scheduled right in JS-Tap.\r\n\r\nJS-Tap recently added a mimic system that automatically generates these custom payloads for the C2 system based on analysis of intercepted network traffic, allowing red teams to more rapidly pivot from monitoring the tapped application users to performing actions in the application using their sessions, from their browsers. \r\n\r\nBy automatically generating these custom payloads red teams can more easily emulate threat actors who target web applications with advanced JavaScript payloads. \r\n\r\nAll exfiltrated data is presented in the JS-Tap portal for easy analysis.\n\n\n","title":"JS-Tap: Weaponizing JavaScript for Red Teams","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","color":"#62C5C4","name":"Talk","id":46295},"android_description":"JS-Tap provides a generic JavaScript payload and supporting software to help red teams attack web applications as an XSS payload or post-exploitation implant. \r\n\r\nJS-Tap was originally intended to only provide reconnaissance and monitoring of “tapped” users to help red teamers capture credentials and sensitive data, but JS-Tap has evolved over time to take on a more directly offensive role. \r\n\r\nIn addition to its monitoring capabilities, JS-Tap now includes a C2 system to manage and deliver custom JavaScript payloads to tapped clients. This C2 system lets red teamers build on the generic capabilities of JS-Tap, and use insights gained from monitoring tapped applications to develop tailored payloads that can be scheduled right in JS-Tap.\r\n\r\nJS-Tap recently added a mimic system that automatically generates these custom payloads for the C2 system based on analysis of intercepted network traffic, allowing red teams to more rapidly pivot from monitoring the tapped application users to performing actions in the application using their sessions, from their browsers. \r\n\r\nBy automatically generating these custom payloads red teams can more easily emulate threat actors who target web applications with advanced JavaScript payloads. \r\n\r\nAll exfiltrated data is presented in the JS-Tap portal for easy analysis.","end_timestamp":{"seconds":1715975400,"nanoseconds":0},"updated_timestamp":{"seconds":1714775460,"nanoseconds":0},"speakers":[{"content_ids":[54040],"conference_id":141,"event_ids":[54381],"name":"Drew Kirkpatrick","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53667}],"timeband_id":1163,"links":[],"end":"2024-05-17T19:50:00.000-0000","id":54381,"village_id":null,"begin_timestamp":{"seconds":1715972400,"nanoseconds":0},"tag_ids":[46295],"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53667}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"begin":"2024-05-17T19:00:00.000-0000","updated":"2024-05-03T22:31:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"In the evolving landscape of cybersecurity, the chasm between technical hacking outcomes and their business implications remains a critical barrier to effective security measures. This presentation, \"\"Bridging the Gap: Translating Hacker Insights into Business Value,\"\" is designed to address this disconnect by empowering hackers and technical professionals with the tools and techniques necessary to communicate the business impact of their findings.\r\n\r\nHackers possess the unique ability to identify vulnerabilities that, if unaddressed, can lead to devastating breaches affecting not just the IT infrastructure but the entire business's bottom line. However, without the proper translation, these technical insights often fail to resonate with decision-makers, resulting in underfunded security initiatives and overlooked vulnerabilities.\r\n\r\nBy mastering the art of translating technical risks into business language, hackers can significantly elevate their role within an organization. This essential skill ensures not only greater visibility and recognition for their work but also positions them as vital contributors to the company's strategic objectives. Hackers will learn to articulate the value of proactive security measures, leading to a stronger alignment with business goals, increased investment in cybersecurity initiatives, and broader opportunities to apply creative problem-solving skills to protect and drive business success.\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","color":"#62C5C4","name":"Talk","id":46295},"title":"Bridging the Gap: Translating Hacker Insights into Business Value","end_timestamp":{"seconds":1715971800,"nanoseconds":0},"android_description":"In the evolving landscape of cybersecurity, the chasm between technical hacking outcomes and their business implications remains a critical barrier to effective security measures. This presentation, \"\"Bridging the Gap: Translating Hacker Insights into Business Value,\"\" is designed to address this disconnect by empowering hackers and technical professionals with the tools and techniques necessary to communicate the business impact of their findings.\r\n\r\nHackers possess the unique ability to identify vulnerabilities that, if unaddressed, can lead to devastating breaches affecting not just the IT infrastructure but the entire business's bottom line. However, without the proper translation, these technical insights often fail to resonate with decision-makers, resulting in underfunded security initiatives and overlooked vulnerabilities.\r\n\r\nBy mastering the art of translating technical risks into business language, hackers can significantly elevate their role within an organization. This essential skill ensures not only greater visibility and recognition for their work but also positions them as vital contributors to the company's strategic objectives. Hackers will learn to articulate the value of proactive security measures, leading to a stronger alignment with business goals, increased investment in cybersecurity initiatives, and broader opportunities to apply creative problem-solving skills to protect and drive business success.","updated_timestamp":{"seconds":1713234660,"nanoseconds":0},"speakers":[{"content_ids":[54039],"conference_id":141,"event_ids":[54380],"name":"Nicole L. Mendolera","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53680}],"timeband_id":1163,"links":[],"end":"2024-05-17T18:50:00.000-0000","id":54380,"tag_ids":[46295],"begin_timestamp":{"seconds":1715968800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53680}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"begin":"2024-05-17T18:00:00.000-0000","updated":"2024-04-16T02:31:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"\"The next generation of cybersecurity engineers will be data engineers who happen to specialize in cybersecurity. This talk aims at showing how cybersecurity engineers can benefit from today’s technology to make sense of the sea of data that they are gathering. Currently, we are constantly bombarded with information about GPT, ML, AI, and a variety of abbreviations. The question is, though, how can we as cybersecurity engineers capitalize on these tools? I will answer this question with a concrete example of the usage of ML and AI from the perspective of a cybersecurity researcher. The goal of my talk is to show that, with today’s tools, a cybersecurity professional can make new discoveries and invent creative ways of using cybersecurity data for business solutions.\r\n\r\nThe presentation aims to take the audience through the journey that starts from raw data to ML modeling and all the intermediate steps. First, I dive into the types of data we encounter in the cybersecurity ecosystem. Then I analyze the framework of Exploratory Data Analysis (EDA), which includes statistics and visualizations to make sense of an opaque dataset. I offer solid examples of how to engineer features from data and how to visualize data effectively. Finally, I demonstrate the use of AI to “question” your data, help you draw conclusions, and create models of behavioral anomaly detection. This talk includes an open-source demo with Jupyter notebooks and public packet capture data from known malware and network attacks (https://github.com/mundruid/cyberdata-mlai). The goal is to demonstrate how we can capitalize on packet captures to discover malicious activity using Pandas AI, Scikit LLM, and a variety of Python libraries.\r\n\r\nThrough this journey from raw data to models, I aim to describe the possibilities that ML and AI models have opened for cybersecurity engineers to be creative and resourceful.\"\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#62C5C4","updated_at":"2024-06-07T03:42+0000","name":"Talk","id":46295},"title":"Decoding Cybersecurity Data: A Journey through ML and AI Innovations","end_timestamp":{"seconds":1715968200,"nanoseconds":0},"android_description":"\"The next generation of cybersecurity engineers will be data engineers who happen to specialize in cybersecurity. This talk aims at showing how cybersecurity engineers can benefit from today’s technology to make sense of the sea of data that they are gathering. Currently, we are constantly bombarded with information about GPT, ML, AI, and a variety of abbreviations. The question is, though, how can we as cybersecurity engineers capitalize on these tools? I will answer this question with a concrete example of the usage of ML and AI from the perspective of a cybersecurity researcher. The goal of my talk is to show that, with today’s tools, a cybersecurity professional can make new discoveries and invent creative ways of using cybersecurity data for business solutions.\r\n\r\nThe presentation aims to take the audience through the journey that starts from raw data to ML modeling and all the intermediate steps. First, I dive into the types of data we encounter in the cybersecurity ecosystem. Then I analyze the framework of Exploratory Data Analysis (EDA), which includes statistics and visualizations to make sense of an opaque dataset. I offer solid examples of how to engineer features from data and how to visualize data effectively. Finally, I demonstrate the use of AI to “question” your data, help you draw conclusions, and create models of behavioral anomaly detection. This talk includes an open-source demo with Jupyter notebooks and public packet capture data from known malware and network attacks (https://github.com/mundruid/cyberdata-mlai). The goal is to demonstrate how we can capitalize on packet captures to discover malicious activity using Pandas AI, Scikit LLM, and a variety of Python libraries.\r\n\r\nThrough this journey from raw data to models, I aim to describe the possibilities that ML and AI models have opened for cybersecurity engineers to be creative and resourceful.\"","updated_timestamp":{"seconds":1713234660,"nanoseconds":0},"speakers":[{"content_ids":[54038],"conference_id":141,"event_ids":[54379],"name":"Xenia Mountrouidou","affiliations":[{"organization":"Cyber adAPT","title":"Senior Security Researcher"}],"links":[],"pronouns":null,"media":[],"id":53690,"title":"Senior Security Researcher at Cyber adAPT"}],"timeband_id":1163,"links":[],"end":"2024-05-17T17:50:00.000-0000","id":54379,"village_id":null,"begin_timestamp":{"seconds":1715965200,"nanoseconds":0},"tag_ids":[46295],"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53690}],"tags":"","conference_id":141,"links_antiquated":[],"location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Main Room - Rose/Orchid/Azalea","hotel":"","short_name":"Main Room - Rose/Orchid/Azalea","id":46224},"spans_timebands":"N","updated":"2024-04-16T02:31:00.000-0000","begin":"2024-05-17T17:00:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Explore the world of honeypots with the HoneyDB Honeypot Workshop. Honeypots, designed to unearth new threat insights and network intruders, can sometimes pose challenges with complex deployment processes. In response, the HoneyDB workshop offers an accessible and user-friendly solution for those intrigued by honeypots.\r\n\r\nWhether you're a beginner or an enthusiast, this workshop provides a straightforward and uncomplicated approach to deploying your own honeypots. Join us to demystify the intricacies of honeypot implementation and gain hands-on experience in a hassle-free environment. Elevate your understanding of honeypots in cybersecurity with the simplicity and effectiveness of HoneyDB.\r\n\r\nWorkshop agenda:\r\nIntro to honeypots\r\nDiscussion on Open source honeypots\r\nHoneyDB Overview\r\nHoneyDB Agent Overview\r\nDeploying the HoneyDB agent in the cloud\r\nTesting the HoneyDB agent\r\nQuerying the Threat API\r\nHoneyDB CLI Python tool\r\n\r\nRegister at: https://forms.gle/eLhAP139SyFVfXkbA\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","color":"#2922c0","name":"Workshop","id":46307},"title":"HoneyPot Workshop","android_description":"Explore the world of honeypots with the HoneyDB Honeypot Workshop. Honeypots, designed to unearth new threat insights and network intruders, can sometimes pose challenges with complex deployment processes. In response, the HoneyDB workshop offers an accessible and user-friendly solution for those intrigued by honeypots.\r\n\r\nWhether you're a beginner or an enthusiast, this workshop provides a straightforward and uncomplicated approach to deploying your own honeypots. Join us to demystify the intricacies of honeypot implementation and gain hands-on experience in a hassle-free environment. Elevate your understanding of honeypots in cybersecurity with the simplicity and effectiveness of HoneyDB.\r\n\r\nWorkshop agenda:\r\nIntro to honeypots\r\nDiscussion on Open source honeypots\r\nHoneyDB Overview\r\nHoneyDB Agent Overview\r\nDeploying the HoneyDB agent in the cloud\r\nTesting the HoneyDB agent\r\nQuerying the Threat API\r\nHoneyDB CLI Python tool\r\n\r\nRegister at: https://forms.gle/eLhAP139SyFVfXkbA","end_timestamp":{"seconds":1715979600,"nanoseconds":0},"updated_timestamp":{"seconds":1713234600,"nanoseconds":0},"speakers":[{"content_ids":[54037],"conference_id":141,"event_ids":[54378],"name":"Phillip Maddux","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53684}],"timeband_id":1163,"end":"2024-05-17T21:00:00.000-0000","links":[{"label":"Register","type":"link","url":"https://forms.gle/eLhAP139SyFVfXkbA"}],"id":54378,"village_id":null,"tag_ids":[46307],"begin_timestamp":{"seconds":1715965200,"nanoseconds":0},"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53684}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Magnolia","hotel":"","short_name":"Magnolia","id":46223},"begin":"2024-05-17T17:00:00.000-0000","updated":"2024-04-16T02:30:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"Whether it is CISSP, Security+, Cloud+, CASP, CCSP or CISM (or our crypto-challenge contest) everyone should understand basic \"Crypto\". This workshop will provide an overview for all the crypto you would need to know for these certs. No bitcoin! But you will learn about blockchains/hashing. Starting with a light history of cryptography then moving on to modern encryption that we use every day. Whether studying for a certification, understanding a VPN, browser, or Signal app, this workshop provides a basic understanding of crypto and its limitations including historic/on-going failures. This workshop encourages interactive discussion with some swag and prize giveaways. You'll take notes on your laptop, but no software or pre-download requirements.\r\n\r\nPart 1 is all about crypto as it relates to certifications. After going through free resources that are available, it will launch into Hashing, Symmetric, Asymmetric & hybrid encryption including TLS 1.2 & TLS 1.3.\r\n\r\nRegister at: https://forms.gle/eLhAP139SyFVfXkbA\n\n\n","type":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","color":"#2922c0","name":"Workshop","id":46307},"title":"Intro to Encryption & Security Certifications Resources","end_timestamp":{"seconds":1715979600,"nanoseconds":0},"android_description":"Whether it is CISSP, Security+, Cloud+, CASP, CCSP or CISM (or our crypto-challenge contest) everyone should understand basic \"Crypto\". This workshop will provide an overview for all the crypto you would need to know for these certs. No bitcoin! But you will learn about blockchains/hashing. Starting with a light history of cryptography then moving on to modern encryption that we use every day. Whether studying for a certification, understanding a VPN, browser, or Signal app, this workshop provides a basic understanding of crypto and its limitations including historic/on-going failures. This workshop encourages interactive discussion with some swag and prize giveaways. You'll take notes on your laptop, but no software or pre-download requirements.\r\n\r\nPart 1 is all about crypto as it relates to certifications. After going through free resources that are available, it will launch into Hashing, Symmetric, Asymmetric & hybrid encryption including TLS 1.2 & TLS 1.3.\r\n\r\nRegister at: https://forms.gle/eLhAP139SyFVfXkbA","updated_timestamp":{"seconds":1713234540,"nanoseconds":0},"speakers":[{"content_ids":[54036],"conference_id":141,"event_ids":[54377],"name":"Craig Cunningham","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53663}],"timeband_id":1163,"end":"2024-05-17T21:00:00.000-0000","links":[{"label":"Register","type":"link","url":"https://forms.gle/eLhAP139SyFVfXkbA"}],"id":54377,"tag_ids":[46307],"begin_timestamp":{"seconds":1715965200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46296,"sort_order":1,"person_id":53663}],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Dogwood","hotel":"","short_name":"Dogwood","id":46222},"updated":"2024-04-16T02:29:00.000-0000","begin":"2024-05-17T17:00:00.000-0000"},{"conference":"CACKALACKYCON2024","timezone":"America/New_York","link":"","description":"","type":{"conference_id":141,"conference":"CACKALACKYCON2024","color":"#a6402f","updated_at":"2024-06-07T03:42+0000","name":"Registration","id":46310},"title":"Registration Opens","end_timestamp":{"seconds":1715994000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1713234180,"nanoseconds":0},"speakers":[],"timeband_id":1163,"links":[],"end":"2024-05-18T01:00:00.000-0000","id":54366,"village_id":null,"tag_ids":[46310],"begin_timestamp":{"seconds":1715961600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":141,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":141,"conference":"CACKALACKYCON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Prefunction Lobby","hotel":"","short_name":"Prefunction Lobby","id":46227},"begin":"2024-05-17T16:00:00.000-0000","updated":"2024-04-16T02:23:00.000-0000"}] \ No newline at end of file diff --git a/public/ht/conferences/COCOFEST2024/events.json b/public/ht/conferences/COCOFEST2024/events.json index a38bb49..36cb340 100644 --- a/public/ht/conferences/COCOFEST2024/events.json +++ b/public/ht/conferences/COCOFEST2024/events.json @@ -1 +1 @@ -[{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#f501ee","updated_at":"2024-05-01T16:07+0000","name":"Misc","id":46336},"title":"Dinner at Restaurant","android_description":"","end_timestamp":{"seconds":1714946400,"nanoseconds":0},"updated_timestamp":{"seconds":1714579440,"nanoseconds":0},"speakers":[],"timeband_id":1173,"links":[],"end":"2024-05-05T22:00:00.000-0000","id":54428,"village_id":null,"tag_ids":[46336],"begin_timestamp":{"seconds":1714946400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","parent_id":0,"name":"Unspecified / See Description","hotel":"","short_name":"Unspecified / See Description","id":46235},"begin":"2024-05-05T22:00:00.000-0000","updated":"2024-05-01T16:04:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#f501ee","updated_at":"2024-05-01T16:07+0000","name":"Misc","id":46336},"title":"Show Ends and Start Tear Down","end_timestamp":{"seconds":1714946400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579440,"nanoseconds":0},"speakers":[],"timeband_id":1173,"links":[],"end":"2024-05-05T22:00:00.000-0000","id":54427,"tag_ids":[46336],"village_id":null,"begin_timestamp":{"seconds":1714939200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","parent_id":0,"name":"Unspecified / See Description","hotel":"","short_name":"Unspecified / See Description","id":46235},"spans_timebands":"N","updated":"2024-05-01T16:04:00.000-0000","begin":"2024-05-05T20:00:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","title":"Enjoy the Show","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#f501ee","updated_at":"2024-05-01T16:07+0000","name":"Misc","id":46336},"end_timestamp":{"seconds":1714939200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579440,"nanoseconds":0},"speakers":[],"timeband_id":1173,"links":[],"end":"2024-05-05T20:00:00.000-0000","id":54426,"tag_ids":[46336],"village_id":null,"begin_timestamp":{"seconds":1714919400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","parent_id":0,"name":"Unspecified / See Description","hotel":"","short_name":"Unspecified / See Description","id":46235},"begin":"2024-05-05T14:30:00.000-0000","updated":"2024-05-01T16:04:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","title":"Show Announcements","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#f501ee","updated_at":"2024-05-01T16:07+0000","name":"Misc","id":46336},"android_description":"","end_timestamp":{"seconds":1714918500,"nanoseconds":0},"updated_timestamp":{"seconds":1714579200,"nanoseconds":0},"speakers":[],"timeband_id":1173,"links":[],"end":"2024-05-05T14:15:00.000-0000","id":54425,"tag_ids":[46336],"village_id":null,"begin_timestamp":{"seconds":1714918500,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","parent_id":0,"name":"Ballroom","hotel":"","short_name":"Ballroom","id":46237},"updated":"2024-05-01T16:00:00.000-0000","begin":"2024-05-05T14:15:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","color":"#f501ee","name":"Misc","id":46336},"title":"Show Opens to the Public","android_description":"","end_timestamp":{"seconds":1714939200,"nanoseconds":0},"updated_timestamp":{"seconds":1714579200,"nanoseconds":0},"speakers":[],"timeband_id":1173,"links":[],"end":"2024-05-05T20:00:00.000-0000","id":54424,"begin_timestamp":{"seconds":1714917600,"nanoseconds":0},"village_id":null,"tag_ids":[46336],"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","parent_id":0,"name":"Unspecified / See Description","hotel":"","short_name":"Unspecified / See Description","id":46235},"begin":"2024-05-05T14:00:00.000-0000","updated":"2024-05-01T16:00:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","color":"#f501ee","name":"Misc","id":46336},"title":"End of Day (Doors Locked)","end_timestamp":{"seconds":1714885140,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579320,"nanoseconds":0},"speakers":[],"timeband_id":1170,"links":[],"end":"2024-05-05T04:59:00.000-0000","id":54423,"village_id":null,"tag_ids":[46336],"begin_timestamp":{"seconds":1714885140,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","parent_id":0,"name":"Unspecified / See Description","hotel":"","short_name":"Unspecified / See Description","id":46235},"updated":"2024-05-01T16:02:00.000-0000","begin":"2024-05-05T04:59:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","color":"#f501ee","name":"Misc","id":46336},"title":"Jam Session and Social Time","android_description":"","end_timestamp":{"seconds":1714876200,"nanoseconds":0},"updated_timestamp":{"seconds":1714579320,"nanoseconds":0},"speakers":[],"timeband_id":1170,"links":[],"end":"2024-05-05T02:30:00.000-0000","id":54422,"village_id":null,"begin_timestamp":{"seconds":1714876200,"nanoseconds":0},"tag_ids":[46336],"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","parent_id":0,"name":"Auction Room","hotel":"","short_name":"Auction Room","id":46236},"spans_timebands":"N","updated":"2024-05-01T16:02:00.000-0000","begin":"2024-05-05T02:30:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","color":"#75B008","name":"Presentation","id":46324},"title":"The CoCo Deluxe","end_timestamp":{"seconds":1714870800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579320,"nanoseconds":0},"speakers":[],"timeband_id":1170,"links":[],"end":"2024-05-05T01:00:00.000-0000","id":54421,"begin_timestamp":{"seconds":1714870800,"nanoseconds":0},"tag_ids":[46324],"village_id":null,"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","parent_id":0,"name":"Presentation Room","hotel":"","short_name":"Presentation Room","id":46241},"spans_timebands":"N","begin":"2024-05-05T01:00:00.000-0000","updated":"2024-05-01T16:02:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#f501ee","updated_at":"2024-05-01T16:07+0000","name":"Misc","id":46336},"title":"Saturday Dinner","end_timestamp":{"seconds":1714865400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579260,"nanoseconds":0},"speakers":[],"timeband_id":1170,"links":[],"end":"2024-05-04T23:30:00.000-0000","id":54419,"begin_timestamp":{"seconds":1714865400,"nanoseconds":0},"village_id":null,"tag_ids":[46336],"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","parent_id":0,"name":"Hotel Restaurant","hotel":"","short_name":"Hotel Restaurant","id":46239},"begin":"2024-05-04T23:30:00.000-0000","updated":"2024-05-01T16:01:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","color":"#f501ee","name":"Misc","id":46336},"title":"Auction","android_description":"","end_timestamp":{"seconds":1714852800,"nanoseconds":0},"updated_timestamp":{"seconds":1714579260,"nanoseconds":0},"speakers":[],"timeband_id":1170,"links":[],"end":"2024-05-04T20:00:00.000-0000","id":54418,"tag_ids":[46336],"begin_timestamp":{"seconds":1714852800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","parent_id":0,"name":"Presentation Room","hotel":"","short_name":"Presentation Room","id":46241},"spans_timebands":"N","begin":"2024-05-04T20:00:00.000-0000","updated":"2024-05-01T16:01:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#75B008","updated_at":"2024-05-01T16:07+0000","name":"Presentation","id":46324},"title":"Drawings For door prizes","end_timestamp":{"seconds":1714852200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579260,"nanoseconds":0},"speakers":[],"timeband_id":1170,"links":[],"end":"2024-05-04T19:50:00.000-0000","id":54417,"begin_timestamp":{"seconds":1714852200,"nanoseconds":0},"tag_ids":[46324],"village_id":null,"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","parent_id":0,"name":"Presentation Room","hotel":"","short_name":"Presentation Room","id":46241},"spans_timebands":"N","begin":"2024-05-04T19:50:00.000-0000","updated":"2024-05-01T16:01:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#75B008","updated_at":"2024-05-01T16:07+0000","name":"Presentation","id":46324},"title":"CoCo on the Couch Boisy Pitre","end_timestamp":{"seconds":1714847400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579200,"nanoseconds":0},"speakers":[],"timeband_id":1170,"links":[],"end":"2024-05-04T18:30:00.000-0000","id":54416,"village_id":null,"tag_ids":[46324],"begin_timestamp":{"seconds":1714847400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","parent_id":0,"name":"Presentation Room","hotel":"","short_name":"Presentation Room","id":46241},"spans_timebands":"N","begin":"2024-05-04T18:30:00.000-0000","updated":"2024-05-01T16:00:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","title":"Lunch","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#f501ee","updated_at":"2024-05-01T16:07+0000","name":"Misc","id":46336},"end_timestamp":{"seconds":1714842000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579260,"nanoseconds":0},"speakers":[],"timeband_id":1170,"links":[],"end":"2024-05-04T17:00:00.000-0000","id":54420,"begin_timestamp":{"seconds":1714842000,"nanoseconds":0},"village_id":null,"tag_ids":[46336],"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","parent_id":0,"name":"Unspecified / See Description","hotel":"","short_name":"Unspecified / See Description","id":46235},"spans_timebands":"N","updated":"2024-05-01T16:01:00.000-0000","begin":"2024-05-04T17:00:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","title":"Curtis and Ken's Presentation NiTROS9","type":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","color":"#75B008","name":"Presentation","id":46324},"android_description":"","end_timestamp":{"seconds":1714837500,"nanoseconds":0},"updated_timestamp":{"seconds":1714579200,"nanoseconds":0},"speakers":[],"timeband_id":1170,"links":[],"end":"2024-05-04T15:45:00.000-0000","id":54415,"begin_timestamp":{"seconds":1714837500,"nanoseconds":0},"village_id":null,"tag_ids":[46324],"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","parent_id":0,"name":"Presentation Room","hotel":"","short_name":"Presentation Room","id":46241},"begin":"2024-05-04T15:45:00.000-0000","updated":"2024-05-01T16:00:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","title":"Mark O Presentation","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#75B008","updated_at":"2024-05-01T16:07+0000","name":"Presentation","id":46324},"android_description":"","end_timestamp":{"seconds":1714833000,"nanoseconds":0},"updated_timestamp":{"seconds":1714579200,"nanoseconds":0},"speakers":[],"timeband_id":1170,"links":[],"end":"2024-05-04T14:30:00.000-0000","id":54414,"begin_timestamp":{"seconds":1714833000,"nanoseconds":0},"village_id":null,"tag_ids":[46324],"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","parent_id":0,"name":"Presentation Room","hotel":"","short_name":"Presentation Room","id":46241},"spans_timebands":"N","begin":"2024-05-04T14:30:00.000-0000","updated":"2024-05-01T16:00:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","title":"Show Announcements","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#f501ee","updated_at":"2024-05-01T16:07+0000","name":"Misc","id":46336},"end_timestamp":{"seconds":1714832100,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579200,"nanoseconds":0},"speakers":[],"timeband_id":1170,"links":[],"end":"2024-05-04T14:15:00.000-0000","id":54413,"tag_ids":[46336],"begin_timestamp":{"seconds":1714832100,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","parent_id":0,"name":"Ballroom","hotel":"","short_name":"Ballroom","id":46237},"spans_timebands":"N","updated":"2024-05-01T16:00:00.000-0000","begin":"2024-05-04T14:15:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#f501ee","updated_at":"2024-05-01T16:07+0000","name":"Misc","id":46336},"title":"Show Opens to the Public","end_timestamp":{"seconds":1714885140,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579200,"nanoseconds":0},"speakers":[],"timeband_id":1170,"links":[],"end":"2024-05-05T04:59:00.000-0000","id":54412,"begin_timestamp":{"seconds":1714831200,"nanoseconds":0},"village_id":null,"tag_ids":[46336],"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","parent_id":0,"name":"Unspecified / See Description","hotel":"","short_name":"Unspecified / See Description","id":46235},"updated":"2024-05-01T16:00:00.000-0000","begin":"2024-05-04T14:00:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","title":"Vendor Setup","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#f501ee","updated_at":"2024-05-01T16:07+0000","name":"Misc","id":46336},"end_timestamp":{"seconds":1714827600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579140,"nanoseconds":0},"speakers":[],"timeband_id":1170,"links":[],"end":"2024-05-04T13:00:00.000-0000","id":54411,"begin_timestamp":{"seconds":1714827600,"nanoseconds":0},"village_id":null,"tag_ids":[46336],"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","parent_id":0,"name":"Ballroom","hotel":"","short_name":"Ballroom","id":46237},"updated":"2024-05-01T15:59:00.000-0000","begin":"2024-05-04T13:00:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#f501ee","updated_at":"2024-05-01T16:07+0000","name":"Misc","id":46336},"title":"End of Day (Doors Locked)","end_timestamp":{"seconds":1714798740,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579080,"nanoseconds":0},"speakers":[],"timeband_id":1169,"links":[],"end":"2024-05-04T04:59:00.000-0000","id":54409,"tag_ids":[46336],"begin_timestamp":{"seconds":1714798740,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","parent_id":0,"name":"Unspecified / See Description","hotel":"","short_name":"Unspecified / See Description","id":46235},"spans_timebands":"N","updated":"2024-05-01T15:58:00.000-0000","begin":"2024-05-04T04:59:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#f501ee","updated_at":"2024-05-01T16:07+0000","name":"Misc","id":46336},"title":"VCFMW Warehouse Tour","end_timestamp":{"seconds":1714777200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579080,"nanoseconds":0},"speakers":[],"timeband_id":1169,"links":[],"end":"2024-05-03T23:00:00.000-0000","id":54410,"tag_ids":[46336],"begin_timestamp":{"seconds":1714777200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","parent_id":0,"name":"Meet in Lobby","hotel":"","short_name":"Meet in Lobby","id":46240},"spans_timebands":"N","updated":"2024-05-01T15:58:00.000-0000","begin":"2024-05-03T23:00:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","color":"#f501ee","name":"Misc","id":46336},"title":"Vendor Setup","end_timestamp":{"seconds":1714798740,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579080,"nanoseconds":0},"speakers":[],"timeband_id":1169,"links":[],"end":"2024-05-04T04:59:00.000-0000","id":54408,"village_id":null,"begin_timestamp":{"seconds":1714759200,"nanoseconds":0},"tag_ids":[46336],"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","parent_id":0,"name":"Ballroom","hotel":"","short_name":"Ballroom","id":46237},"updated":"2024-05-01T15:58:00.000-0000","begin":"2024-05-03T18:00:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","title":"End of Day (Doors Locked)","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#f501ee","updated_at":"2024-05-01T16:07+0000","name":"Misc","id":46336},"end_timestamp":{"seconds":1714708800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579020,"nanoseconds":0},"speakers":[],"timeband_id":1172,"links":[],"end":"2024-05-03T04:00:00.000-0000","id":54407,"village_id":null,"begin_timestamp":{"seconds":1714708800,"nanoseconds":0},"tag_ids":[46336],"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","parent_id":0,"name":"Unspecified / See Description","hotel":"","short_name":"Unspecified / See Description","id":46235},"begin":"2024-05-03T04:00:00.000-0000","updated":"2024-05-01T15:57:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#f501ee","updated_at":"2024-05-01T16:07+0000","name":"Misc","id":46336},"title":"Setup Power and Minor Setup","end_timestamp":{"seconds":1714699800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579020,"nanoseconds":0},"speakers":[],"timeband_id":1172,"links":[],"end":"2024-05-03T01:30:00.000-0000","id":54406,"village_id":null,"tag_ids":[46336],"begin_timestamp":{"seconds":1714699800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","parent_id":0,"name":"Ballroom","hotel":"","short_name":"Ballroom","id":46237},"spans_timebands":"N","begin":"2024-05-03T01:30:00.000-0000","updated":"2024-05-01T15:57:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","title":"VCFMW Warehouse","type":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","color":"#f501ee","name":"Misc","id":46336},"end_timestamp":{"seconds":1714694400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579020,"nanoseconds":0},"speakers":[],"timeband_id":1172,"links":[],"end":"2024-05-03T00:00:00.000-0000","id":54405,"begin_timestamp":{"seconds":1714694400,"nanoseconds":0},"village_id":null,"tag_ids":[46336],"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","parent_id":0,"name":"Unspecified / See Description","hotel":"","short_name":"Unspecified / See Description","id":46235},"spans_timebands":"N","begin":"2024-05-03T00:00:00.000-0000","updated":"2024-05-01T15:57:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#f501ee","updated_at":"2024-05-01T16:07+0000","name":"Misc","id":46336},"title":"Dinner at a resturant","android_description":"","end_timestamp":{"seconds":1714687200,"nanoseconds":0},"updated_timestamp":{"seconds":1714579020,"nanoseconds":0},"speakers":[],"timeband_id":1172,"links":[],"end":"2024-05-02T22:00:00.000-0000","id":54404,"village_id":null,"tag_ids":[46336],"begin_timestamp":{"seconds":1714687200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-05-01T16:07+0000","parent_id":0,"name":"Hotel in Lobby","hotel":"","short_name":"Hotel in Lobby","id":46238},"spans_timebands":"N","begin":"2024-05-02T22:00:00.000-0000","updated":"2024-05-01T15:57:00.000-0000"}] \ No newline at end of file +[{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","title":"Dinner at Restaurant","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#f501ee","updated_at":"2024-06-07T03:42+0000","name":"Misc","id":46336},"android_description":"","end_timestamp":{"seconds":1714946400,"nanoseconds":0},"updated_timestamp":{"seconds":1714579440,"nanoseconds":0},"speakers":[],"timeband_id":1173,"links":[],"end":"2024-05-05T22:00:00.000-0000","id":54428,"begin_timestamp":{"seconds":1714946400,"nanoseconds":0},"village_id":null,"tag_ids":[46336],"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified / See Description","hotel":"","short_name":"Unspecified / See Description","id":46235},"updated":"2024-05-01T16:04:00.000-0000","begin":"2024-05-05T22:00:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#f501ee","updated_at":"2024-06-07T03:42+0000","name":"Misc","id":46336},"title":"Show Ends and Start Tear Down","android_description":"","end_timestamp":{"seconds":1714946400,"nanoseconds":0},"updated_timestamp":{"seconds":1714579440,"nanoseconds":0},"speakers":[],"timeband_id":1173,"links":[],"end":"2024-05-05T22:00:00.000-0000","id":54427,"village_id":null,"tag_ids":[46336],"begin_timestamp":{"seconds":1714939200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified / See Description","hotel":"","short_name":"Unspecified / See Description","id":46235},"begin":"2024-05-05T20:00:00.000-0000","updated":"2024-05-01T16:04:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","color":"#f501ee","name":"Misc","id":46336},"title":"Enjoy the Show","android_description":"","end_timestamp":{"seconds":1714939200,"nanoseconds":0},"updated_timestamp":{"seconds":1714579440,"nanoseconds":0},"speakers":[],"timeband_id":1173,"links":[],"end":"2024-05-05T20:00:00.000-0000","id":54426,"tag_ids":[46336],"village_id":null,"begin_timestamp":{"seconds":1714919400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified / See Description","hotel":"","short_name":"Unspecified / See Description","id":46235},"spans_timebands":"N","updated":"2024-05-01T16:04:00.000-0000","begin":"2024-05-05T14:30:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","title":"Show Announcements","type":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","color":"#f501ee","name":"Misc","id":46336},"end_timestamp":{"seconds":1714918500,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579200,"nanoseconds":0},"speakers":[],"timeband_id":1173,"links":[],"end":"2024-05-05T14:15:00.000-0000","id":54425,"village_id":null,"tag_ids":[46336],"begin_timestamp":{"seconds":1714918500,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Ballroom","hotel":"","short_name":"Ballroom","id":46237},"begin":"2024-05-05T14:15:00.000-0000","updated":"2024-05-01T16:00:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","title":"Show Opens to the Public","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#f501ee","updated_at":"2024-06-07T03:42+0000","name":"Misc","id":46336},"android_description":"","end_timestamp":{"seconds":1714939200,"nanoseconds":0},"updated_timestamp":{"seconds":1714579200,"nanoseconds":0},"speakers":[],"timeband_id":1173,"links":[],"end":"2024-05-05T20:00:00.000-0000","id":54424,"tag_ids":[46336],"begin_timestamp":{"seconds":1714917600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified / See Description","hotel":"","short_name":"Unspecified / See Description","id":46235},"spans_timebands":"N","begin":"2024-05-05T14:00:00.000-0000","updated":"2024-05-01T16:00:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#f501ee","updated_at":"2024-06-07T03:42+0000","name":"Misc","id":46336},"title":"End of Day (Doors Locked)","android_description":"","end_timestamp":{"seconds":1714885140,"nanoseconds":0},"updated_timestamp":{"seconds":1714579320,"nanoseconds":0},"speakers":[],"timeband_id":1170,"links":[],"end":"2024-05-05T04:59:00.000-0000","id":54423,"begin_timestamp":{"seconds":1714885140,"nanoseconds":0},"village_id":null,"tag_ids":[46336],"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified / See Description","hotel":"","short_name":"Unspecified / See Description","id":46235},"spans_timebands":"N","updated":"2024-05-01T16:02:00.000-0000","begin":"2024-05-05T04:59:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","title":"Jam Session and Social Time","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#f501ee","updated_at":"2024-06-07T03:42+0000","name":"Misc","id":46336},"end_timestamp":{"seconds":1714876200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579320,"nanoseconds":0},"speakers":[],"timeband_id":1170,"links":[],"end":"2024-05-05T02:30:00.000-0000","id":54422,"village_id":null,"begin_timestamp":{"seconds":1714876200,"nanoseconds":0},"tag_ids":[46336],"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Auction Room","hotel":"","short_name":"Auction Room","id":46236},"begin":"2024-05-05T02:30:00.000-0000","updated":"2024-05-01T16:02:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#75B008","updated_at":"2024-06-07T03:42+0000","name":"Presentation","id":46324},"title":"The CoCo Deluxe","end_timestamp":{"seconds":1714870800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579320,"nanoseconds":0},"speakers":[],"timeband_id":1170,"links":[],"end":"2024-05-05T01:00:00.000-0000","id":54421,"begin_timestamp":{"seconds":1714870800,"nanoseconds":0},"tag_ids":[46324],"village_id":null,"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Presentation Room","hotel":"","short_name":"Presentation Room","id":46241},"updated":"2024-05-01T16:02:00.000-0000","begin":"2024-05-05T01:00:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","title":"Saturday Dinner","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#f501ee","updated_at":"2024-06-07T03:42+0000","name":"Misc","id":46336},"android_description":"","end_timestamp":{"seconds":1714865400,"nanoseconds":0},"updated_timestamp":{"seconds":1714579260,"nanoseconds":0},"speakers":[],"timeband_id":1170,"links":[],"end":"2024-05-04T23:30:00.000-0000","id":54419,"tag_ids":[46336],"village_id":null,"begin_timestamp":{"seconds":1714865400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Hotel Restaurant","hotel":"","short_name":"Hotel Restaurant","id":46239},"spans_timebands":"N","begin":"2024-05-04T23:30:00.000-0000","updated":"2024-05-01T16:01:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#f501ee","updated_at":"2024-06-07T03:42+0000","name":"Misc","id":46336},"title":"Auction","android_description":"","end_timestamp":{"seconds":1714852800,"nanoseconds":0},"updated_timestamp":{"seconds":1714579260,"nanoseconds":0},"speakers":[],"timeband_id":1170,"links":[],"end":"2024-05-04T20:00:00.000-0000","id":54418,"village_id":null,"begin_timestamp":{"seconds":1714852800,"nanoseconds":0},"tag_ids":[46336],"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Presentation Room","hotel":"","short_name":"Presentation Room","id":46241},"spans_timebands":"N","begin":"2024-05-04T20:00:00.000-0000","updated":"2024-05-01T16:01:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","color":"#75B008","name":"Presentation","id":46324},"title":"Drawings For door prizes","end_timestamp":{"seconds":1714852200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579260,"nanoseconds":0},"speakers":[],"timeband_id":1170,"links":[],"end":"2024-05-04T19:50:00.000-0000","id":54417,"begin_timestamp":{"seconds":1714852200,"nanoseconds":0},"village_id":null,"tag_ids":[46324],"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Presentation Room","hotel":"","short_name":"Presentation Room","id":46241},"spans_timebands":"N","begin":"2024-05-04T19:50:00.000-0000","updated":"2024-05-01T16:01:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","color":"#75B008","name":"Presentation","id":46324},"title":"CoCo on the Couch Boisy Pitre","end_timestamp":{"seconds":1714847400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579200,"nanoseconds":0},"speakers":[],"timeband_id":1170,"links":[],"end":"2024-05-04T18:30:00.000-0000","id":54416,"tag_ids":[46324],"begin_timestamp":{"seconds":1714847400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Presentation Room","hotel":"","short_name":"Presentation Room","id":46241},"updated":"2024-05-01T16:00:00.000-0000","begin":"2024-05-04T18:30:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#f501ee","updated_at":"2024-06-07T03:42+0000","name":"Misc","id":46336},"title":"Lunch","android_description":"","end_timestamp":{"seconds":1714842000,"nanoseconds":0},"updated_timestamp":{"seconds":1714579260,"nanoseconds":0},"speakers":[],"timeband_id":1170,"links":[],"end":"2024-05-04T17:00:00.000-0000","id":54420,"begin_timestamp":{"seconds":1714842000,"nanoseconds":0},"village_id":null,"tag_ids":[46336],"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified / See Description","hotel":"","short_name":"Unspecified / See Description","id":46235},"begin":"2024-05-04T17:00:00.000-0000","updated":"2024-05-01T16:01:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","title":"Curtis and Ken's Presentation NiTROS9","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#75B008","updated_at":"2024-06-07T03:42+0000","name":"Presentation","id":46324},"android_description":"","end_timestamp":{"seconds":1714837500,"nanoseconds":0},"updated_timestamp":{"seconds":1714579200,"nanoseconds":0},"speakers":[],"timeband_id":1170,"links":[],"end":"2024-05-04T15:45:00.000-0000","id":54415,"tag_ids":[46324],"begin_timestamp":{"seconds":1714837500,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Presentation Room","hotel":"","short_name":"Presentation Room","id":46241},"spans_timebands":"N","updated":"2024-05-01T16:00:00.000-0000","begin":"2024-05-04T15:45:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#75B008","updated_at":"2024-06-07T03:42+0000","name":"Presentation","id":46324},"title":"Mark O Presentation","end_timestamp":{"seconds":1714833000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579200,"nanoseconds":0},"speakers":[],"timeband_id":1170,"links":[],"end":"2024-05-04T14:30:00.000-0000","id":54414,"village_id":null,"tag_ids":[46324],"begin_timestamp":{"seconds":1714833000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Presentation Room","hotel":"","short_name":"Presentation Room","id":46241},"updated":"2024-05-01T16:00:00.000-0000","begin":"2024-05-04T14:30:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","color":"#f501ee","name":"Misc","id":46336},"title":"Show Announcements","android_description":"","end_timestamp":{"seconds":1714832100,"nanoseconds":0},"updated_timestamp":{"seconds":1714579200,"nanoseconds":0},"speakers":[],"timeband_id":1170,"links":[],"end":"2024-05-04T14:15:00.000-0000","id":54413,"begin_timestamp":{"seconds":1714832100,"nanoseconds":0},"village_id":null,"tag_ids":[46336],"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Ballroom","hotel":"","short_name":"Ballroom","id":46237},"begin":"2024-05-04T14:15:00.000-0000","updated":"2024-05-01T16:00:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#f501ee","updated_at":"2024-06-07T03:42+0000","name":"Misc","id":46336},"title":"Show Opens to the Public","end_timestamp":{"seconds":1714885140,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579200,"nanoseconds":0},"speakers":[],"timeband_id":1170,"links":[],"end":"2024-05-05T04:59:00.000-0000","id":54412,"begin_timestamp":{"seconds":1714831200,"nanoseconds":0},"tag_ids":[46336],"village_id":null,"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified / See Description","hotel":"","short_name":"Unspecified / See Description","id":46235},"spans_timebands":"N","begin":"2024-05-04T14:00:00.000-0000","updated":"2024-05-01T16:00:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","title":"Vendor Setup","type":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","color":"#f501ee","name":"Misc","id":46336},"android_description":"","end_timestamp":{"seconds":1714827600,"nanoseconds":0},"updated_timestamp":{"seconds":1714579140,"nanoseconds":0},"speakers":[],"timeband_id":1170,"links":[],"end":"2024-05-04T13:00:00.000-0000","id":54411,"tag_ids":[46336],"village_id":null,"begin_timestamp":{"seconds":1714827600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Ballroom","hotel":"","short_name":"Ballroom","id":46237},"spans_timebands":"N","updated":"2024-05-01T15:59:00.000-0000","begin":"2024-05-04T13:00:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","color":"#f501ee","name":"Misc","id":46336},"title":"End of Day (Doors Locked)","end_timestamp":{"seconds":1714798740,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579080,"nanoseconds":0},"speakers":[],"timeband_id":1169,"links":[],"end":"2024-05-04T04:59:00.000-0000","id":54409,"begin_timestamp":{"seconds":1714798740,"nanoseconds":0},"village_id":null,"tag_ids":[46336],"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified / See Description","hotel":"","short_name":"Unspecified / See Description","id":46235},"spans_timebands":"N","begin":"2024-05-04T04:59:00.000-0000","updated":"2024-05-01T15:58:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","color":"#f501ee","name":"Misc","id":46336},"title":"VCFMW Warehouse Tour","end_timestamp":{"seconds":1714777200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579080,"nanoseconds":0},"speakers":[],"timeband_id":1169,"links":[],"end":"2024-05-03T23:00:00.000-0000","id":54410,"village_id":null,"tag_ids":[46336],"begin_timestamp":{"seconds":1714777200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Meet in Lobby","hotel":"","short_name":"Meet in Lobby","id":46240},"begin":"2024-05-03T23:00:00.000-0000","updated":"2024-05-01T15:58:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","title":"Vendor Setup","type":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","color":"#f501ee","name":"Misc","id":46336},"end_timestamp":{"seconds":1714798740,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579080,"nanoseconds":0},"speakers":[],"timeband_id":1169,"links":[],"end":"2024-05-04T04:59:00.000-0000","id":54408,"begin_timestamp":{"seconds":1714759200,"nanoseconds":0},"village_id":null,"tag_ids":[46336],"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Ballroom","hotel":"","short_name":"Ballroom","id":46237},"begin":"2024-05-03T18:00:00.000-0000","updated":"2024-05-01T15:58:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","title":"End of Day (Doors Locked)","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#f501ee","updated_at":"2024-06-07T03:42+0000","name":"Misc","id":46336},"end_timestamp":{"seconds":1714708800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579020,"nanoseconds":0},"speakers":[],"timeband_id":1172,"links":[],"end":"2024-05-03T04:00:00.000-0000","id":54407,"tag_ids":[46336],"village_id":null,"begin_timestamp":{"seconds":1714708800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified / See Description","hotel":"","short_name":"Unspecified / See Description","id":46235},"spans_timebands":"N","updated":"2024-05-01T15:57:00.000-0000","begin":"2024-05-03T04:00:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#f501ee","updated_at":"2024-06-07T03:42+0000","name":"Misc","id":46336},"title":"Setup Power and Minor Setup","end_timestamp":{"seconds":1714699800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579020,"nanoseconds":0},"speakers":[],"timeband_id":1172,"links":[],"end":"2024-05-03T01:30:00.000-0000","id":54406,"begin_timestamp":{"seconds":1714699800,"nanoseconds":0},"village_id":null,"tag_ids":[46336],"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Ballroom","hotel":"","short_name":"Ballroom","id":46237},"updated":"2024-05-01T15:57:00.000-0000","begin":"2024-05-03T01:30:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","title":"VCFMW Warehouse","type":{"conference_id":143,"conference":"COCOFEST2024","color":"#f501ee","updated_at":"2024-06-07T03:42+0000","name":"Misc","id":46336},"end_timestamp":{"seconds":1714694400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1714579020,"nanoseconds":0},"speakers":[],"timeband_id":1172,"links":[],"end":"2024-05-03T00:00:00.000-0000","id":54405,"begin_timestamp":{"seconds":1714694400,"nanoseconds":0},"tag_ids":[46336],"village_id":null,"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified / See Description","hotel":"","short_name":"Unspecified / See Description","id":46235},"begin":"2024-05-03T00:00:00.000-0000","updated":"2024-05-01T15:57:00.000-0000"},{"conference":"COCOFEST2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","color":"#f501ee","name":"Misc","id":46336},"title":"Dinner at a resturant","android_description":"","end_timestamp":{"seconds":1714687200,"nanoseconds":0},"updated_timestamp":{"seconds":1714579020,"nanoseconds":0},"speakers":[],"timeband_id":1172,"links":[],"end":"2024-05-02T22:00:00.000-0000","id":54404,"village_id":null,"begin_timestamp":{"seconds":1714687200,"nanoseconds":0},"tag_ids":[46336],"includes":"","people":[],"tags":"","conference_id":143,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":143,"conference":"COCOFEST2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Hotel in Lobby","hotel":"","short_name":"Hotel in Lobby","id":46238},"begin":"2024-05-02T22:00:00.000-0000","updated":"2024-05-01T15:57:00.000-0000"}] \ No newline at end of file diff --git a/public/ht/conferences/DEFCON30/events.json b/public/ht/conferences/DEFCON30/events.json new file mode 100644 index 0000000..c4e3eea --- /dev/null +++ b/public/ht/conferences/DEFCON30/events.json @@ -0,0 +1 @@ +[{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Paid Training - Trainings end for the day","type":{"conference_id":65,"conference":"DEFCON30","color":"#767daa","updated_at":"2024-06-07T03:39+0000","name":"Paid Training","id":45337},"android_description":"","end_timestamp":{"seconds":1660694400,"nanoseconds":0},"updated_timestamp":{"seconds":1660378920,"nanoseconds":0},"speakers":[],"timeband_id":928,"links":[],"end":"2022-08-17T00:00:00.000-0000","id":49993,"tag_ids":[45337,45373,45450],"begin_timestamp":{"seconds":1660694400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45432,"name":"Caesars Forum - Forum","hotel":"","short_name":"Forum","id":45435},"updated":"2022-08-13T08:22:00.000-0000","begin":"2022-08-17T00:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Paid Training - Trainings Continue","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#767daa","name":"Paid Training","id":45337},"end_timestamp":{"seconds":1660694400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1660378680,"nanoseconds":0},"speakers":[],"timeband_id":928,"links":[],"end":"2022-08-17T00:00:00.000-0000","id":49996,"tag_ids":[45337,45373,45450],"begin_timestamp":{"seconds":1660688100,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45432,"name":"Caesars Forum - Forum","hotel":"","short_name":"Forum","id":45435},"spans_timebands":"N","begin":"2022-08-16T22:15:00.000-0000","updated":"2022-08-13T08:18:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#767daa","updated_at":"2024-06-07T03:39+0000","name":"Paid Training","id":45337},"title":"Paid Training - Rest Break","android_description":"","end_timestamp":{"seconds":1660688100,"nanoseconds":0},"updated_timestamp":{"seconds":1660378620,"nanoseconds":0},"speakers":[],"timeband_id":928,"links":[],"end":"2022-08-16T22:15:00.000-0000","id":49991,"tag_ids":[45337,45373,45450],"begin_timestamp":{"seconds":1660687200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45432,"name":"Caesars Forum - Forum","hotel":"","short_name":"Forum","id":45435},"spans_timebands":"N","updated":"2022-08-13T08:17:00.000-0000","begin":"2022-08-16T22:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Paid Training - Trainings Continue","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#767daa","name":"Paid Training","id":45337},"android_description":"","end_timestamp":{"seconds":1660687200,"nanoseconds":0},"updated_timestamp":{"seconds":1660378680,"nanoseconds":0},"speakers":[],"timeband_id":928,"links":[],"end":"2022-08-16T22:00:00.000-0000","id":49995,"begin_timestamp":{"seconds":1660680000,"nanoseconds":0},"village_id":null,"tag_ids":[45337,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45432,"name":"Caesars Forum - Forum","hotel":"","short_name":"Forum","id":45435},"updated":"2022-08-13T08:18:00.000-0000","begin":"2022-08-16T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#767daa","name":"Paid Training","id":45337},"title":"Paid Training - Lunch Break","end_timestamp":{"seconds":1660680000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1660378680,"nanoseconds":0},"speakers":[],"timeband_id":928,"links":[],"end":"2022-08-16T20:00:00.000-0000","id":49992,"village_id":null,"tag_ids":[45337,45373,45450],"begin_timestamp":{"seconds":1660676400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45432,"name":"Caesars Forum - Forum","hotel":"","short_name":"Forum","id":45435},"spans_timebands":"N","updated":"2022-08-13T08:18:00.000-0000","begin":"2022-08-16T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#767daa","name":"Paid Training","id":45337},"title":"Paid Training - Trainings Continue","android_description":"","end_timestamp":{"seconds":1660676400,"nanoseconds":0},"updated_timestamp":{"seconds":1660378680,"nanoseconds":0},"speakers":[],"timeband_id":928,"links":[],"end":"2022-08-16T19:00:00.000-0000","id":49994,"village_id":null,"tag_ids":[45337,45373,45450],"begin_timestamp":{"seconds":1660670100,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45432,"name":"Caesars Forum - Forum","hotel":"","short_name":"Forum","id":45435},"spans_timebands":"N","updated":"2022-08-13T08:18:00.000-0000","begin":"2022-08-16T17:15:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#767daa","name":"Paid Training","id":45337},"title":"Paid Training - Rest Break","end_timestamp":{"seconds":1660670100,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1660378620,"nanoseconds":0},"speakers":[],"timeband_id":928,"links":[],"end":"2022-08-16T17:15:00.000-0000","id":49990,"village_id":null,"begin_timestamp":{"seconds":1660669200,"nanoseconds":0},"tag_ids":[45337,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45432,"name":"Caesars Forum - Forum","hotel":"","short_name":"Forum","id":45435},"begin":"2022-08-16T17:00:00.000-0000","updated":"2022-08-13T08:17:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#767daa","name":"Paid Training","id":45337},"title":"Paid Training - Trainings Begin","android_description":"","end_timestamp":{"seconds":1660669200,"nanoseconds":0},"updated_timestamp":{"seconds":1660378560,"nanoseconds":0},"speakers":[],"timeband_id":928,"links":[],"end":"2022-08-16T17:00:00.000-0000","id":49989,"tag_ids":[45337,45373,45450],"begin_timestamp":{"seconds":1660662000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45432,"name":"Caesars Forum - Forum","hotel":"","short_name":"Forum","id":45435},"updated":"2022-08-13T08:16:00.000-0000","begin":"2022-08-16T15:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/dahvid-schloss-zero-2-emulated-criminal-intro-to-windows-malware-dev-1\r\n\r\nTraining description:\r\n\r\nStep up your emulated criminal game with a practical, hands-on introduction to malware development. Join a prior US Special Operations Cyber Operator to learn the building blocks and techniques used in real-world malware variants.\r\nYou don’t need fancy, expensive tools to get a C2 implant executed while evading antivirus. You need basic knowledge, ingenuity, and elbow grease.\r\nIn this course, we don’t cut corners. You will learn by doing, not by copying and pasting with modules and labs that will give you the ability to deviate and improvise on your very first malware variants in C++, even if you have no prior C++ experience.\r\nWhere this course differs from others is its reduced need for prior knowledge, and enhanced emphasis on hands-on learning.\r\nBy the end of the course, you will understand and be able to implement:\r\n- Techniques to use the native Win32 API for adversarial tactics, enhancing stealth and offensive efficiency\r\n- Maintaining data/shellcode integrity while using multiple ciphers for obfuscation and encryption\r\n- Modular antivirus evasion techniques that will remain useful through your pen testing career\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#767daa","updated_at":"2024-06-07T03:39+0000","name":"Paid Training","id":45337},"title":"Zero 2 Emulated Criminal: Intro to Windows Malware Dev","end_timestamp":{"seconds":1660694400,"nanoseconds":0},"android_description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/dahvid-schloss-zero-2-emulated-criminal-intro-to-windows-malware-dev-1\r\n\r\nTraining description:\r\n\r\nStep up your emulated criminal game with a practical, hands-on introduction to malware development. Join a prior US Special Operations Cyber Operator to learn the building blocks and techniques used in real-world malware variants.\r\nYou don’t need fancy, expensive tools to get a C2 implant executed while evading antivirus. You need basic knowledge, ingenuity, and elbow grease.\r\nIn this course, we don’t cut corners. You will learn by doing, not by copying and pasting with modules and labs that will give you the ability to deviate and improvise on your very first malware variants in C++, even if you have no prior C++ experience.\r\nWhere this course differs from others is its reduced need for prior knowledge, and enhanced emphasis on hands-on learning.\r\nBy the end of the course, you will understand and be able to implement:\r\n- Techniques to use the native Win32 API for adversarial tactics, enhancing stealth and offensive efficiency\r\n- Maintaining data/shellcode integrity while using multiple ciphers for obfuscation and encryption\r\n- Modular antivirus evasion techniques that will remain useful through your pen testing career","updated_timestamp":{"seconds":1659133200,"nanoseconds":0},"speakers":[{"content_ids":[49082],"conference_id":65,"event_ids":[49085,49129],"name":"Dahvid Schloss","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48507}],"timeband_id":928,"links":[],"end":"2022-08-17T00:00:00.000-0000","id":49129,"begin_timestamp":{"seconds":1660662000,"nanoseconds":0},"village_id":null,"tag_ids":[45337,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48507}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45432},"begin":"2022-08-16T15:00:00.000-0000","updated":"2022-07-29T22:20:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/abhinav-singh-defenders-guide-to-securing-public-cloud-infrastructures\r\n\r\nTraining description:\r\n\r\nThis training focuses on elevating your threat detection, investigations, and response knowledge into the cloud. This hands-on training simulates real-life attack scenarios on cloud infrastructure & applications. It then teaches you to build your own defensive tools against such attacks by using cloud native services on AWS. This makes it an ideal class for red & blue teams.\n\n\n","title":"Defender's Guide to Securing Public Cloud Infrastructures","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#767daa","name":"Paid Training","id":45337},"android_description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/abhinav-singh-defenders-guide-to-securing-public-cloud-infrastructures\r\n\r\nTraining description:\r\n\r\nThis training focuses on elevating your threat detection, investigations, and response knowledge into the cloud. This hands-on training simulates real-life attack scenarios on cloud infrastructure & applications. It then teaches you to build your own defensive tools against such attacks by using cloud native services on AWS. This makes it an ideal class for red & blue teams.","end_timestamp":{"seconds":1660694400,"nanoseconds":0},"updated_timestamp":{"seconds":1659134160,"nanoseconds":0},"speakers":[{"content_ids":[49073],"conference_id":65,"event_ids":[49076,49127],"name":"Abhinav Singh","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48497}],"timeband_id":928,"links":[],"end":"2022-08-17T00:00:00.000-0000","id":49127,"tag_ids":[45337,45373,45450],"begin_timestamp":{"seconds":1660662000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48497}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45432},"spans_timebands":"N","updated":"2022-07-29T22:36:00.000-0000","begin":"2022-08-16T15:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/seth-law-ken-johnson-practical-secure-code-review\r\n\r\nTraining description:\r\n\r\nReady to take your bug hunting to a deeper level? Ever been tasked with reviewing source code for SQL Injection, XSS, Access Control and other security flaws? Does the idea of reviewing code leave you with heartburn? This course introduces a proven methodology and framework for performing a secure code review, as well as addressing common challenges in modern secure code review. Short circuit your development of a custom secure code review process by gleaning from Seth & Ken's past adventures in performing hundreds of code reviews and the lessons we’ve learned along the way. We will share a proven methodology to perform security analysis of any source code repository and suss out security flaws, no matter the size of the code base, or the framework, or the language.\n\n\n","title":"Practical Secure Code Review","type":{"conference_id":65,"conference":"DEFCON30","color":"#767daa","updated_at":"2024-06-07T03:39+0000","name":"Paid Training","id":45337},"android_description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/seth-law-ken-johnson-practical-secure-code-review\r\n\r\nTraining description:\r\n\r\nReady to take your bug hunting to a deeper level? Ever been tasked with reviewing source code for SQL Injection, XSS, Access Control and other security flaws? Does the idea of reviewing code leave you with heartburn? This course introduces a proven methodology and framework for performing a secure code review, as well as addressing common challenges in modern secure code review. Short circuit your development of a custom secure code review process by gleaning from Seth & Ken's past adventures in performing hundreds of code reviews and the lessons we’ve learned along the way. We will share a proven methodology to perform security analysis of any source code repository and suss out security flaws, no matter the size of the code base, or the framework, or the language.","end_timestamp":{"seconds":1660694400,"nanoseconds":0},"updated_timestamp":{"seconds":1659131580,"nanoseconds":0},"speakers":[{"content_ids":[49098],"conference_id":65,"event_ids":[49101,49124],"name":"Ken Johnson","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/cktricky"}],"pronouns":null,"media":[{"hash_sha256":"05cc6ac7a7a0282823b5f9b3a6421fe1df0f1abb4433906f3b4e421dd2078346","filetype":"image/jpeg","hash_md5":"55951805129cd494015b172db8ede3be","name":"ken_johnson.jpg","hash_crc32c":"5b00dabf","filesize":16904,"asset_id":156,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/DEFCON30%2Fken_johnson.jpg?alt=media","person_id":48516}],"id":48516},{"content_ids":[49098],"conference_id":65,"event_ids":[49101,49124],"name":"Seth Law","affiliations":[{"organization":"Absolute AppSec Podcast","title":"Cohost"},{"organization":"Redpoint Security","title":"Founder"},{"organization":"HackerTracker","title":"Developer"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/sethlaw"}],"media":[{"hash_sha256":"a47f43ec6b6d8f26231ae7e2aef8ed0253c9f3f2e20980acd73c634ccde2230d","filetype":"image/jpeg","hash_md5":"b866889e63c6f192a87413b4bc86691b","name":"seth_law.jpg","hash_crc32c":"5f4bd2e7","filesize":41192,"asset_id":155,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/DEFCON30%2Fseth_law.jpg?alt=media","person_id":48532}],"id":48532,"title":"Developer at HackerTracker"}],"timeband_id":928,"links":[],"end":"2022-08-17T00:00:00.000-0000","id":49124,"begin_timestamp":{"seconds":1660662000,"nanoseconds":0},"tag_ids":[45337,45373,45450],"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48516},{"tag_id":565,"sort_order":1,"person_id":48532}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45432},"begin":"2022-08-16T15:00:00.000-0000","updated":"2022-07-29T21:53:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/madhu-akula-a-practical-approach-to-breaking-pwning-kubernetes-clusters\r\n\r\nTraining description:\r\n\r\nThe adoption of Kubernetes use in production has increased to 83% from a survey by CNCF. Still, most security teams struggle to understand these modern technologies.\r\n\r\nIn this real-world scenario-based training, each participant will be learning Tactics, Techniques, and Procedures (TTPs) to attack and assess Kubernetes clusters environments at different layers like Supply chain, Infrastructure, Runtime, and many others. Starting from simple recon to gaining access to microservices, sensitive data, escaping containers, escalating to clusters privileges, and even its underlying cloud environments.\r\n\r\nBy end of the training, participants will be able to apply their knowledge to perform architecture reviews, security assessments, red team exercises, and pen-testing engagements on Kubernetes Clusters and Containerized environments successfully. Also, the trainer will provide step by step guide (Digital Book) with resources and references to further your learning.\n\n\n","title":"A Practical Approach to Breaking & Pwning Kubernetes Clusters","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#767daa","name":"Paid Training","id":45337},"android_description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/madhu-akula-a-practical-approach-to-breaking-pwning-kubernetes-clusters\r\n\r\nTraining description:\r\n\r\nThe adoption of Kubernetes use in production has increased to 83% from a survey by CNCF. Still, most security teams struggle to understand these modern technologies.\r\n\r\nIn this real-world scenario-based training, each participant will be learning Tactics, Techniques, and Procedures (TTPs) to attack and assess Kubernetes clusters environments at different layers like Supply chain, Infrastructure, Runtime, and many others. Starting from simple recon to gaining access to microservices, sensitive data, escaping containers, escalating to clusters privileges, and even its underlying cloud environments.\r\n\r\nBy end of the training, participants will be able to apply their knowledge to perform architecture reviews, security assessments, red team exercises, and pen-testing engagements on Kubernetes Clusters and Containerized environments successfully. Also, the trainer will provide step by step guide (Digital Book) with resources and references to further your learning.","end_timestamp":{"seconds":1660694400,"nanoseconds":0},"updated_timestamp":{"seconds":1659132480,"nanoseconds":0},"speakers":[{"content_ids":[49089],"conference_id":65,"event_ids":[49092,49123],"name":"Madhu Akula","affiliations":[],"pronouns":null,"links":[{"description":"","title":"GitHub","sort_order":0,"url":"https://github.com/madhuakula"},{"description":"","title":"LinkedIn","sort_order":0,"url":"https://linkedin.com/in/madhuakula"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/madhuakula"}],"media":[],"id":48519}],"timeband_id":928,"links":[],"end":"2022-08-17T00:00:00.000-0000","id":49123,"tag_ids":[45337,45373,45450],"village_id":null,"begin_timestamp":{"seconds":1660662000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48519}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45432},"spans_timebands":"N","begin":"2022-08-16T15:00:00.000-0000","updated":"2022-07-29T22:08:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/aubrey-labuschagne-william-marianka-botes-pragmatic-api-exploration\r\n\r\nTraining description:\r\n\r\nThe use of Application Programming Interfaces (APIs) have become ubiquitous as business expose and consume services.\r\n\r\nTherefore, the threat landscape of organizations increases with the adoption of APIs. The content of the course creates awareness around the various attack vectors used targeting APIs and provides actionable mitigation strategies.\r\n\r\nThe aim of this course is to empower you to conduct a risk assessment of an API. This hands-on course covers API basics, setting up a test environment, API threat model, API protocols and architectures, typical vulnerabilities, enumerating an attack surface and best practices around security.\r\n\r\nMoreover, it focuses on gaining practical experience of the OWASP Top 10 for APIs. In addition, you would be gaining practical experience on exploiting typical vulnerabilities on RESTful (REST) APIs and GraphQL. The course concludes with a capture the flag (CTF) to apply knowledge gained during the course.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#767daa","updated_at":"2024-06-07T03:39+0000","name":"Paid Training","id":45337},"title":"Pragmatic API Exploration","android_description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/aubrey-labuschagne-william-marianka-botes-pragmatic-api-exploration\r\n\r\nTraining description:\r\n\r\nThe use of Application Programming Interfaces (APIs) have become ubiquitous as business expose and consume services.\r\n\r\nTherefore, the threat landscape of organizations increases with the adoption of APIs. The content of the course creates awareness around the various attack vectors used targeting APIs and provides actionable mitigation strategies.\r\n\r\nThe aim of this course is to empower you to conduct a risk assessment of an API. This hands-on course covers API basics, setting up a test environment, API threat model, API protocols and architectures, typical vulnerabilities, enumerating an attack surface and best practices around security.\r\n\r\nMoreover, it focuses on gaining practical experience of the OWASP Top 10 for APIs. In addition, you would be gaining practical experience on exploiting typical vulnerabilities on RESTful (REST) APIs and GraphQL. The course concludes with a capture the flag (CTF) to apply knowledge gained during the course.","end_timestamp":{"seconds":1660694400,"nanoseconds":0},"updated_timestamp":{"seconds":1659133800,"nanoseconds":0},"speakers":[{"content_ids":[49075],"conference_id":65,"event_ids":[49078,49112],"name":"Aubrey Labuschagne (William)","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/cyber_protect"}],"media":[],"id":48499},{"content_ids":[49075],"conference_id":65,"event_ids":[49078,49112],"name":"Marianka Botes","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/mariankabotes"}],"media":[],"id":48521}],"timeband_id":928,"links":[],"end":"2022-08-17T00:00:00.000-0000","id":49112,"begin_timestamp":{"seconds":1660662000,"nanoseconds":0},"tag_ids":[45337,45373,45450],"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48499},{"tag_id":565,"sort_order":1,"person_id":48521}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45432},"spans_timebands":"N","updated":"2022-07-29T22:30:00.000-0000","begin":"2022-08-16T15:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/fish-wang-customizable-binary-analysis-using-angr-to-its-full-potential\r\n\r\nTraining description:\r\n\r\nOne of the most badass skills a hacker can possess is the ability to find and pwn vulnerabilities in binary software. This is enabled by a long history of complex tools: OllyDBG, SoftICE, IDA Pro, Binary Ninja, and now: angr. Built using cutting-edge techniques straight out of research labs around the world, angr enables analysts to swiftly carry out advanced reasoning over software to understand complex code and find the juicy hidden vulnerabilities within. While angr is arguably one of the most user-friendly binary analysis frameworks available on the market, it is never an easy task to use it to its full potential, especially when facing less common architectures (such as PowerPC), niche operating environments (bare-metal binaries or embedded architectures), or unique tasks (e.g., binary code optimization, exploit generation, efficient vulnerability discovery, etc.). To assist users, especially medium-level and professional reverse engineers to effectively and efficiently use angr in their daily work, we designed this two-day course focusing on the use of non-trivial capabilities that angr offers, as well as customizing angr’s advanced analyses for users’ needs. This course is extremely practical and hands-on: Besides a five-hour lecture, core angr developers will guide students to solve over ten specially crafted problems with angr. This course will focus on Linux userspace binaries (x86-64 and ARM), Windows userspace binaries (x86-64), and firmware images (ARM). After completing this course, students will master practical angr skills that will help them reverse engineer userspace binary programs and assess them for defects and vulnerabilities.\r\n\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#767daa","updated_at":"2024-06-07T03:39+0000","name":"Paid Training","id":45337},"title":"Customizable Binary Analysis: Using angr to its full potential","end_timestamp":{"seconds":1660694400,"nanoseconds":0},"android_description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/fish-wang-customizable-binary-analysis-using-angr-to-its-full-potential\r\n\r\nTraining description:\r\n\r\nOne of the most badass skills a hacker can possess is the ability to find and pwn vulnerabilities in binary software. This is enabled by a long history of complex tools: OllyDBG, SoftICE, IDA Pro, Binary Ninja, and now: angr. Built using cutting-edge techniques straight out of research labs around the world, angr enables analysts to swiftly carry out advanced reasoning over software to understand complex code and find the juicy hidden vulnerabilities within. While angr is arguably one of the most user-friendly binary analysis frameworks available on the market, it is never an easy task to use it to its full potential, especially when facing less common architectures (such as PowerPC), niche operating environments (bare-metal binaries or embedded architectures), or unique tasks (e.g., binary code optimization, exploit generation, efficient vulnerability discovery, etc.). To assist users, especially medium-level and professional reverse engineers to effectively and efficiently use angr in their daily work, we designed this two-day course focusing on the use of non-trivial capabilities that angr offers, as well as customizing angr’s advanced analyses for users’ needs. This course is extremely practical and hands-on: Besides a five-hour lecture, core angr developers will guide students to solve over ten specially crafted problems with angr. This course will focus on Linux userspace binaries (x86-64 and ARM), Windows userspace binaries (x86-64), and firmware images (ARM). After completing this course, students will master practical angr skills that will help them reverse engineer userspace binary programs and assess them for defects and vulnerabilities.","updated_timestamp":{"seconds":1659132900,"nanoseconds":0},"speakers":[{"content_ids":[49085],"conference_id":65,"event_ids":[49088,49107],"name":"Audrey Dutcher","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/rhelmot"}],"pronouns":null,"media":[],"id":48500},{"content_ids":[49085],"conference_id":65,"event_ids":[49088,49107],"name":"Fish Wang","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ltfish_"}],"media":[],"id":48512}],"timeband_id":928,"links":[],"end":"2022-08-17T00:00:00.000-0000","id":49107,"begin_timestamp":{"seconds":1660662000,"nanoseconds":0},"village_id":null,"tag_ids":[45337,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48500},{"tag_id":565,"sort_order":1,"person_id":48512}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45432},"spans_timebands":"N","updated":"2022-07-29T22:15:00.000-0000","begin":"2022-08-16T15:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/chris-greer-tcp-ip-deep-dive-for-hackers-featuring-wireshark\r\n\r\nTraining description:\r\n\r\nAlmost every attack, intrusion, scan, and exfiltration involves the TCP protocol at some point. Whether we are hacking a system and need to better understand how networks/systems are enumerated and IDS’s do their thing, or we are defending our domain from a botnet attack, a deep understanding of the TCP protocol will help us do our jobs better and faster. In this course, get ready to go deep into TCP. We’re going to rip open pcaps with Wireshark and learn how this protocol really works. Don’t worry, there is FAR more to learn past the three-way handshake! We will learn how the MSS works, receive windows, selective acknowledgements, retransmissions, and much, much more! We will examine how TCP scan, OS enumeration, exfiltration, and C2 traffic looks on the wire, and how TCP fields can help us to filter for it fast. This will be an action-packed, hands-on course for Wireshark beginners as well as seasoned pros who want to pick up some new tricks. There is something for all experience levels in this course, although it will be targeted to the early-intermediate cybersecurity professional.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#767daa","name":"Paid Training","id":45337},"title":"TCP/IP Deep Dive for Ethical Hackers – Featuring Wireshark","android_description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/chris-greer-tcp-ip-deep-dive-for-hackers-featuring-wireshark\r\n\r\nTraining description:\r\n\r\nAlmost every attack, intrusion, scan, and exfiltration involves the TCP protocol at some point. Whether we are hacking a system and need to better understand how networks/systems are enumerated and IDS’s do their thing, or we are defending our domain from a botnet attack, a deep understanding of the TCP protocol will help us do our jobs better and faster. In this course, get ready to go deep into TCP. We’re going to rip open pcaps with Wireshark and learn how this protocol really works. Don’t worry, there is FAR more to learn past the three-way handshake! We will learn how the MSS works, receive windows, selective acknowledgements, retransmissions, and much, much more! We will examine how TCP scan, OS enumeration, exfiltration, and C2 traffic looks on the wire, and how TCP fields can help us to filter for it fast. This will be an action-packed, hands-on course for Wireshark beginners as well as seasoned pros who want to pick up some new tricks. There is something for all experience levels in this course, although it will be targeted to the early-intermediate cybersecurity professional.","end_timestamp":{"seconds":1660694400,"nanoseconds":0},"updated_timestamp":{"seconds":1659133260,"nanoseconds":0},"speakers":[{"content_ids":[49081,49113],"conference_id":65,"event_ids":[49149,49084,49106],"name":"Chris Greer","affiliations":[{"organization":"","title":"Network Analyst & Wireshark Instructor"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/cgreer/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/packetpioneer"},{"description":"","title":"YouTube","sort_order":0,"url":"https://www.youtube.com/c/ChrisGreer"}],"media":[],"id":48506,"title":"Network Analyst & Wireshark Instructor"}],"timeband_id":928,"links":[],"end":"2022-08-17T00:00:00.000-0000","id":49106,"tag_ids":[45337,45373,45450],"begin_timestamp":{"seconds":1660662000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48506}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45432},"updated":"2022-07-29T22:21:00.000-0000","begin":"2022-08-16T15:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/trevor-stevado-trevor-hough-nicholas-coad-patrick-ross-offensive-iot-exploitation\r\n\r\nTraining description:\r\n\r\nAs IoT becomes more integrated and integral into personal and work lives, there is a growing need to understand the inner workings of IoT devices. The base skills required are the same as many other security disciplines, whether the task is to perform defensive-based penetration testing or gain covert access for evidence or intelligence collection. Testing IoT devices for security bridges several skill sets from application security, operating systems penetration testing, wireless signals analysis, and embedded hardware security. Unfortunately, many courses in this industry deal with each topic individually, either taking a deep dive into hardware hacking, teaching advanced web application security, or teaching exploit development of different microarchitectures. This training is curated to take a step back and look at the bigger picture of IoT security testing, teaching the basics of each skill set to bridge the gaps and enable students to apply modern penetration testing techniques to IoT devices.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#767daa","updated_at":"2024-06-07T03:39+0000","name":"Paid Training","id":45337},"title":"Offensive IoT Exploitation","end_timestamp":{"seconds":1660694400,"nanoseconds":0},"android_description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/trevor-stevado-trevor-hough-nicholas-coad-patrick-ross-offensive-iot-exploitation\r\n\r\nTraining description:\r\n\r\nAs IoT becomes more integrated and integral into personal and work lives, there is a growing need to understand the inner workings of IoT devices. The base skills required are the same as many other security disciplines, whether the task is to perform defensive-based penetration testing or gain covert access for evidence or intelligence collection. Testing IoT devices for security bridges several skill sets from application security, operating systems penetration testing, wireless signals analysis, and embedded hardware security. Unfortunately, many courses in this industry deal with each topic individually, either taking a deep dive into hardware hacking, teaching advanced web application security, or teaching exploit development of different microarchitectures. This training is curated to take a step back and look at the bigger picture of IoT security testing, teaching the basics of each skill set to bridge the gaps and enable students to apply modern penetration testing techniques to IoT devices.","updated_timestamp":{"seconds":1659132060,"nanoseconds":0},"speakers":[{"content_ids":[49094],"conference_id":65,"event_ids":[49097,49104],"name":"Nicholas Coad","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48524},{"content_ids":[49094],"conference_id":65,"event_ids":[49097,49104],"name":"Patrick Ross","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48527},{"content_ids":[49094],"conference_id":65,"event_ids":[49097,49104],"name":"Trevor Hough","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48533},{"content_ids":[49094],"conference_id":65,"event_ids":[49097,49104],"name":"Trevor Stevado","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48534}],"timeband_id":928,"links":[],"end":"2022-08-17T00:00:00.000-0000","id":49104,"tag_ids":[45337,45373,45450],"begin_timestamp":{"seconds":1660662000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48524},{"tag_id":565,"sort_order":1,"person_id":48527},{"tag_id":565,"sort_order":1,"person_id":48533},{"tag_id":565,"sort_order":1,"person_id":48534}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45432},"spans_timebands":"N","begin":"2022-08-16T15:00:00.000-0000","updated":"2022-07-29T22:01:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Paid-Training Registration Opens","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#767daa","name":"Paid Training","id":45337},"android_description":"","end_timestamp":{"seconds":1660658400,"nanoseconds":0},"updated_timestamp":{"seconds":1660378500,"nanoseconds":0},"speakers":[],"timeband_id":928,"links":[],"end":"2022-08-16T14:00:00.000-0000","id":49988,"begin_timestamp":{"seconds":1660658400,"nanoseconds":0},"tag_ids":[45337,45373,45450],"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45432,"name":"Caesars Forum - Forum","hotel":"","short_name":"Forum","id":45435},"updated":"2022-08-13T08:15:00.000-0000","begin":"2022-08-16T14:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#767daa","name":"Paid Training","id":45337},"title":"Paid Training - Trainings end for the day","end_timestamp":{"seconds":1660608000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1660378920,"nanoseconds":0},"speakers":[],"timeband_id":927,"links":[],"end":"2022-08-16T00:00:00.000-0000","id":49987,"tag_ids":[45337,45373,45450],"village_id":null,"begin_timestamp":{"seconds":1660608000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45432,"name":"Caesars Forum - Forum","hotel":"","short_name":"Forum","id":45435},"updated":"2022-08-13T08:22:00.000-0000","begin":"2022-08-16T00:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Paid Training - Trainings Continue","type":{"conference_id":65,"conference":"DEFCON30","color":"#767daa","updated_at":"2024-06-07T03:39+0000","name":"Paid Training","id":45337},"android_description":"","end_timestamp":{"seconds":1660608000,"nanoseconds":0},"updated_timestamp":{"seconds":1660378680,"nanoseconds":0},"speakers":[],"timeband_id":927,"links":[],"end":"2022-08-16T00:00:00.000-0000","id":49984,"begin_timestamp":{"seconds":1660601700,"nanoseconds":0},"tag_ids":[45337,45373,45450],"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45432,"name":"Caesars Forum - Forum","hotel":"","short_name":"Forum","id":45435},"updated":"2022-08-13T08:18:00.000-0000","begin":"2022-08-15T22:15:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#767daa","name":"Paid Training","id":45337},"title":"Paid Training - Rest Break","android_description":"","end_timestamp":{"seconds":1660601700,"nanoseconds":0},"updated_timestamp":{"seconds":1660378620,"nanoseconds":0},"speakers":[],"timeband_id":927,"links":[],"end":"2022-08-15T22:15:00.000-0000","id":49986,"village_id":null,"begin_timestamp":{"seconds":1660600800,"nanoseconds":0},"tag_ids":[45337,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45432,"name":"Caesars Forum - Forum","hotel":"","short_name":"Forum","id":45435},"spans_timebands":"N","updated":"2022-08-13T08:17:00.000-0000","begin":"2022-08-15T22:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#767daa","name":"Paid Training","id":45337},"title":"Paid Training - Trainings Continue","android_description":"","end_timestamp":{"seconds":1660600800,"nanoseconds":0},"updated_timestamp":{"seconds":1660378680,"nanoseconds":0},"speakers":[],"timeband_id":927,"links":[],"end":"2022-08-15T22:00:00.000-0000","id":49985,"begin_timestamp":{"seconds":1660593600,"nanoseconds":0},"tag_ids":[45337,45373,45450],"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45432,"name":"Caesars Forum - Forum","hotel":"","short_name":"Forum","id":45435},"spans_timebands":"N","begin":"2022-08-15T20:00:00.000-0000","updated":"2022-08-13T08:18:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Paid Training - Lunch Break","type":{"conference_id":65,"conference":"DEFCON30","color":"#767daa","updated_at":"2024-06-07T03:39+0000","name":"Paid Training","id":45337},"end_timestamp":{"seconds":1660593600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1660378680,"nanoseconds":0},"speakers":[],"timeband_id":927,"links":[],"end":"2022-08-15T20:00:00.000-0000","id":49983,"begin_timestamp":{"seconds":1660590000,"nanoseconds":0},"tag_ids":[45337,45373,45450],"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45432,"name":"Caesars Forum - Forum","hotel":"","short_name":"Forum","id":45435},"updated":"2022-08-13T08:18:00.000-0000","begin":"2022-08-15T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#767daa","name":"Paid Training","id":45337},"title":"Paid Training - Trainings Continue","android_description":"","end_timestamp":{"seconds":1660590000,"nanoseconds":0},"updated_timestamp":{"seconds":1660378680,"nanoseconds":0},"speakers":[],"timeband_id":927,"links":[],"end":"2022-08-15T19:00:00.000-0000","id":49982,"begin_timestamp":{"seconds":1660583700,"nanoseconds":0},"village_id":null,"tag_ids":[45337,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45432,"name":"Caesars Forum - Forum","hotel":"","short_name":"Forum","id":45435},"begin":"2022-08-15T17:15:00.000-0000","updated":"2022-08-13T08:18:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#767daa","updated_at":"2024-06-07T03:39+0000","name":"Paid Training","id":45337},"title":"Paid Training - Rest Break","android_description":"","end_timestamp":{"seconds":1660583700,"nanoseconds":0},"updated_timestamp":{"seconds":1660378620,"nanoseconds":0},"speakers":[],"timeband_id":927,"links":[],"end":"2022-08-15T17:15:00.000-0000","id":49981,"village_id":null,"tag_ids":[45337,45373,45450],"begin_timestamp":{"seconds":1660582800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45432,"name":"Caesars Forum - Forum","hotel":"","short_name":"Forum","id":45435},"spans_timebands":"N","begin":"2022-08-15T17:00:00.000-0000","updated":"2022-08-13T08:17:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Paid Training - Trainings Begin","type":{"conference_id":65,"conference":"DEFCON30","color":"#767daa","updated_at":"2024-06-07T03:39+0000","name":"Paid Training","id":45337},"android_description":"","end_timestamp":{"seconds":1660582800,"nanoseconds":0},"updated_timestamp":{"seconds":1660378560,"nanoseconds":0},"speakers":[],"timeband_id":927,"links":[],"end":"2022-08-15T17:00:00.000-0000","id":49980,"village_id":null,"tag_ids":[45337,45373,45450],"begin_timestamp":{"seconds":1660575600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45432,"name":"Caesars Forum - Forum","hotel":"","short_name":"Forum","id":45435},"spans_timebands":"N","updated":"2022-08-13T08:16:00.000-0000","begin":"2022-08-15T15:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/seth-law-ken-johnson-practical-secure-code-review\r\n\r\nTraining description:\r\n\r\nReady to take your bug hunting to a deeper level? Ever been tasked with reviewing source code for SQL Injection, XSS, Access Control and other security flaws? Does the idea of reviewing code leave you with heartburn? This course introduces a proven methodology and framework for performing a secure code review, as well as addressing common challenges in modern secure code review. Short circuit your development of a custom secure code review process by gleaning from Seth & Ken's past adventures in performing hundreds of code reviews and the lessons we’ve learned along the way. We will share a proven methodology to perform security analysis of any source code repository and suss out security flaws, no matter the size of the code base, or the framework, or the language.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#767daa","updated_at":"2024-06-07T03:39+0000","name":"Paid Training","id":45337},"title":"Practical Secure Code Review","end_timestamp":{"seconds":1660608000,"nanoseconds":0},"android_description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/seth-law-ken-johnson-practical-secure-code-review\r\n\r\nTraining description:\r\n\r\nReady to take your bug hunting to a deeper level? Ever been tasked with reviewing source code for SQL Injection, XSS, Access Control and other security flaws? Does the idea of reviewing code leave you with heartburn? This course introduces a proven methodology and framework for performing a secure code review, as well as addressing common challenges in modern secure code review. Short circuit your development of a custom secure code review process by gleaning from Seth & Ken's past adventures in performing hundreds of code reviews and the lessons we’ve learned along the way. We will share a proven methodology to perform security analysis of any source code repository and suss out security flaws, no matter the size of the code base, or the framework, or the language.","updated_timestamp":{"seconds":1659131580,"nanoseconds":0},"speakers":[{"content_ids":[49098],"conference_id":65,"event_ids":[49101,49124],"name":"Ken Johnson","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/cktricky"}],"pronouns":null,"media":[{"hash_sha256":"05cc6ac7a7a0282823b5f9b3a6421fe1df0f1abb4433906f3b4e421dd2078346","filetype":"image/jpeg","hash_md5":"55951805129cd494015b172db8ede3be","name":"ken_johnson.jpg","hash_crc32c":"5b00dabf","asset_id":156,"filesize":16904,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/DEFCON30%2Fken_johnson.jpg?alt=media","person_id":48516}],"id":48516},{"content_ids":[49098],"conference_id":65,"event_ids":[49101,49124],"name":"Seth Law","affiliations":[{"organization":"Absolute AppSec Podcast","title":"Cohost"},{"organization":"Redpoint Security","title":"Founder"},{"organization":"HackerTracker","title":"Developer"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/sethlaw"}],"id":48532,"media":[{"hash_sha256":"a47f43ec6b6d8f26231ae7e2aef8ed0253c9f3f2e20980acd73c634ccde2230d","filetype":"image/jpeg","hash_md5":"b866889e63c6f192a87413b4bc86691b","name":"seth_law.jpg","hash_crc32c":"5f4bd2e7","filesize":41192,"asset_id":155,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/DEFCON30%2Fseth_law.jpg?alt=media","person_id":48532}],"title":"Developer at HackerTracker"}],"timeband_id":927,"links":[],"end":"2022-08-16T00:00:00.000-0000","id":49101,"begin_timestamp":{"seconds":1660575600,"nanoseconds":0},"tag_ids":[45337,45373,45450],"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48516},{"tag_id":565,"sort_order":1,"person_id":48532}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45432},"spans_timebands":"N","updated":"2022-07-29T21:53:00.000-0000","begin":"2022-08-15T15:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/trevor-stevado-trevor-hough-nicholas-coad-patrick-ross-offensive-iot-exploitation\r\n\r\nTraining description:\r\n\r\nAs IoT becomes more integrated and integral into personal and work lives, there is a growing need to understand the inner workings of IoT devices. The base skills required are the same as many other security disciplines, whether the task is to perform defensive-based penetration testing or gain covert access for evidence or intelligence collection. Testing IoT devices for security bridges several skill sets from application security, operating systems penetration testing, wireless signals analysis, and embedded hardware security. Unfortunately, many courses in this industry deal with each topic individually, either taking a deep dive into hardware hacking, teaching advanced web application security, or teaching exploit development of different microarchitectures. This training is curated to take a step back and look at the bigger picture of IoT security testing, teaching the basics of each skill set to bridge the gaps and enable students to apply modern penetration testing techniques to IoT devices.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#767daa","updated_at":"2024-06-07T03:39+0000","name":"Paid Training","id":45337},"title":"Offensive IoT Exploitation","android_description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/trevor-stevado-trevor-hough-nicholas-coad-patrick-ross-offensive-iot-exploitation\r\n\r\nTraining description:\r\n\r\nAs IoT becomes more integrated and integral into personal and work lives, there is a growing need to understand the inner workings of IoT devices. The base skills required are the same as many other security disciplines, whether the task is to perform defensive-based penetration testing or gain covert access for evidence or intelligence collection. Testing IoT devices for security bridges several skill sets from application security, operating systems penetration testing, wireless signals analysis, and embedded hardware security. Unfortunately, many courses in this industry deal with each topic individually, either taking a deep dive into hardware hacking, teaching advanced web application security, or teaching exploit development of different microarchitectures. This training is curated to take a step back and look at the bigger picture of IoT security testing, teaching the basics of each skill set to bridge the gaps and enable students to apply modern penetration testing techniques to IoT devices.","end_timestamp":{"seconds":1660608000,"nanoseconds":0},"updated_timestamp":{"seconds":1659132060,"nanoseconds":0},"speakers":[{"content_ids":[49094],"conference_id":65,"event_ids":[49097,49104],"name":"Nicholas Coad","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48524},{"content_ids":[49094],"conference_id":65,"event_ids":[49097,49104],"name":"Patrick Ross","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48527},{"content_ids":[49094],"conference_id":65,"event_ids":[49097,49104],"name":"Trevor Hough","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48533},{"content_ids":[49094],"conference_id":65,"event_ids":[49097,49104],"name":"Trevor Stevado","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48534}],"timeband_id":927,"links":[],"end":"2022-08-16T00:00:00.000-0000","id":49097,"village_id":null,"begin_timestamp":{"seconds":1660575600,"nanoseconds":0},"tag_ids":[45337,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48524},{"tag_id":565,"sort_order":1,"person_id":48527},{"tag_id":565,"sort_order":1,"person_id":48533},{"tag_id":565,"sort_order":1,"person_id":48534}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45432},"begin":"2022-08-15T15:00:00.000-0000","updated":"2022-07-29T22:01:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/madhu-akula-a-practical-approach-to-breaking-pwning-kubernetes-clusters\r\n\r\nTraining description:\r\n\r\nThe adoption of Kubernetes use in production has increased to 83% from a survey by CNCF. Still, most security teams struggle to understand these modern technologies.\r\n\r\nIn this real-world scenario-based training, each participant will be learning Tactics, Techniques, and Procedures (TTPs) to attack and assess Kubernetes clusters environments at different layers like Supply chain, Infrastructure, Runtime, and many others. Starting from simple recon to gaining access to microservices, sensitive data, escaping containers, escalating to clusters privileges, and even its underlying cloud environments.\r\n\r\nBy end of the training, participants will be able to apply their knowledge to perform architecture reviews, security assessments, red team exercises, and pen-testing engagements on Kubernetes Clusters and Containerized environments successfully. Also, the trainer will provide step by step guide (Digital Book) with resources and references to further your learning.\n\n\n","title":"A Practical Approach to Breaking & Pwning Kubernetes Clusters","type":{"conference_id":65,"conference":"DEFCON30","color":"#767daa","updated_at":"2024-06-07T03:39+0000","name":"Paid Training","id":45337},"android_description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/madhu-akula-a-practical-approach-to-breaking-pwning-kubernetes-clusters\r\n\r\nTraining description:\r\n\r\nThe adoption of Kubernetes use in production has increased to 83% from a survey by CNCF. Still, most security teams struggle to understand these modern technologies.\r\n\r\nIn this real-world scenario-based training, each participant will be learning Tactics, Techniques, and Procedures (TTPs) to attack and assess Kubernetes clusters environments at different layers like Supply chain, Infrastructure, Runtime, and many others. Starting from simple recon to gaining access to microservices, sensitive data, escaping containers, escalating to clusters privileges, and even its underlying cloud environments.\r\n\r\nBy end of the training, participants will be able to apply their knowledge to perform architecture reviews, security assessments, red team exercises, and pen-testing engagements on Kubernetes Clusters and Containerized environments successfully. Also, the trainer will provide step by step guide (Digital Book) with resources and references to further your learning.","end_timestamp":{"seconds":1660608000,"nanoseconds":0},"updated_timestamp":{"seconds":1659132480,"nanoseconds":0},"speakers":[{"content_ids":[49089],"conference_id":65,"event_ids":[49092,49123],"name":"Madhu Akula","affiliations":[],"links":[{"description":"","title":"GitHub","sort_order":0,"url":"https://github.com/madhuakula"},{"description":"","title":"LinkedIn","sort_order":0,"url":"https://linkedin.com/in/madhuakula"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/madhuakula"}],"pronouns":null,"media":[],"id":48519}],"timeband_id":927,"links":[],"end":"2022-08-16T00:00:00.000-0000","id":49092,"village_id":null,"tag_ids":[45337,45373,45450],"begin_timestamp":{"seconds":1660575600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48519}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45432},"spans_timebands":"N","begin":"2022-08-15T15:00:00.000-0000","updated":"2022-07-29T22:08:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/fish-wang-customizable-binary-analysis-using-angr-to-its-full-potential\r\n\r\nTraining description:\r\n\r\nOne of the most badass skills a hacker can possess is the ability to find and pwn vulnerabilities in binary software. This is enabled by a long history of complex tools: OllyDBG, SoftICE, IDA Pro, Binary Ninja, and now: angr. Built using cutting-edge techniques straight out of research labs around the world, angr enables analysts to swiftly carry out advanced reasoning over software to understand complex code and find the juicy hidden vulnerabilities within. While angr is arguably one of the most user-friendly binary analysis frameworks available on the market, it is never an easy task to use it to its full potential, especially when facing less common architectures (such as PowerPC), niche operating environments (bare-metal binaries or embedded architectures), or unique tasks (e.g., binary code optimization, exploit generation, efficient vulnerability discovery, etc.). To assist users, especially medium-level and professional reverse engineers to effectively and efficiently use angr in their daily work, we designed this two-day course focusing on the use of non-trivial capabilities that angr offers, as well as customizing angr’s advanced analyses for users’ needs. This course is extremely practical and hands-on: Besides a five-hour lecture, core angr developers will guide students to solve over ten specially crafted problems with angr. This course will focus on Linux userspace binaries (x86-64 and ARM), Windows userspace binaries (x86-64), and firmware images (ARM). After completing this course, students will master practical angr skills that will help them reverse engineer userspace binary programs and assess them for defects and vulnerabilities.\r\n\n\n\n","title":"Customizable Binary Analysis: Using angr to its full potential","type":{"conference_id":65,"conference":"DEFCON30","color":"#767daa","updated_at":"2024-06-07T03:39+0000","name":"Paid Training","id":45337},"android_description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/fish-wang-customizable-binary-analysis-using-angr-to-its-full-potential\r\n\r\nTraining description:\r\n\r\nOne of the most badass skills a hacker can possess is the ability to find and pwn vulnerabilities in binary software. This is enabled by a long history of complex tools: OllyDBG, SoftICE, IDA Pro, Binary Ninja, and now: angr. Built using cutting-edge techniques straight out of research labs around the world, angr enables analysts to swiftly carry out advanced reasoning over software to understand complex code and find the juicy hidden vulnerabilities within. While angr is arguably one of the most user-friendly binary analysis frameworks available on the market, it is never an easy task to use it to its full potential, especially when facing less common architectures (such as PowerPC), niche operating environments (bare-metal binaries or embedded architectures), or unique tasks (e.g., binary code optimization, exploit generation, efficient vulnerability discovery, etc.). To assist users, especially medium-level and professional reverse engineers to effectively and efficiently use angr in their daily work, we designed this two-day course focusing on the use of non-trivial capabilities that angr offers, as well as customizing angr’s advanced analyses for users’ needs. This course is extremely practical and hands-on: Besides a five-hour lecture, core angr developers will guide students to solve over ten specially crafted problems with angr. This course will focus on Linux userspace binaries (x86-64 and ARM), Windows userspace binaries (x86-64), and firmware images (ARM). After completing this course, students will master practical angr skills that will help them reverse engineer userspace binary programs and assess them for defects and vulnerabilities.","end_timestamp":{"seconds":1660608000,"nanoseconds":0},"updated_timestamp":{"seconds":1659132900,"nanoseconds":0},"speakers":[{"content_ids":[49085],"conference_id":65,"event_ids":[49088,49107],"name":"Audrey Dutcher","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/rhelmot"}],"pronouns":null,"media":[],"id":48500},{"content_ids":[49085],"conference_id":65,"event_ids":[49088,49107],"name":"Fish Wang","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ltfish_"}],"media":[],"id":48512}],"timeband_id":927,"links":[],"end":"2022-08-16T00:00:00.000-0000","id":49088,"tag_ids":[45337,45373,45450],"begin_timestamp":{"seconds":1660575600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48500},{"tag_id":565,"sort_order":1,"person_id":48512}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45432},"spans_timebands":"N","updated":"2022-07-29T22:15:00.000-0000","begin":"2022-08-15T15:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/dahvid-schloss-zero-2-emulated-criminal-intro-to-windows-malware-dev-1\r\n\r\nTraining description:\r\n\r\nStep up your emulated criminal game with a practical, hands-on introduction to malware development. Join a prior US Special Operations Cyber Operator to learn the building blocks and techniques used in real-world malware variants.\r\nYou don’t need fancy, expensive tools to get a C2 implant executed while evading antivirus. You need basic knowledge, ingenuity, and elbow grease.\r\nIn this course, we don’t cut corners. You will learn by doing, not by copying and pasting with modules and labs that will give you the ability to deviate and improvise on your very first malware variants in C++, even if you have no prior C++ experience.\r\nWhere this course differs from others is its reduced need for prior knowledge, and enhanced emphasis on hands-on learning.\r\nBy the end of the course, you will understand and be able to implement:\r\n- Techniques to use the native Win32 API for adversarial tactics, enhancing stealth and offensive efficiency\r\n- Maintaining data/shellcode integrity while using multiple ciphers for obfuscation and encryption\r\n- Modular antivirus evasion techniques that will remain useful through your pen testing career\n\n\n","title":"Zero 2 Emulated Criminal: Intro to Windows Malware Dev","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#767daa","name":"Paid Training","id":45337},"end_timestamp":{"seconds":1660608000,"nanoseconds":0},"android_description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/dahvid-schloss-zero-2-emulated-criminal-intro-to-windows-malware-dev-1\r\n\r\nTraining description:\r\n\r\nStep up your emulated criminal game with a practical, hands-on introduction to malware development. Join a prior US Special Operations Cyber Operator to learn the building blocks and techniques used in real-world malware variants.\r\nYou don’t need fancy, expensive tools to get a C2 implant executed while evading antivirus. You need basic knowledge, ingenuity, and elbow grease.\r\nIn this course, we don’t cut corners. You will learn by doing, not by copying and pasting with modules and labs that will give you the ability to deviate and improvise on your very first malware variants in C++, even if you have no prior C++ experience.\r\nWhere this course differs from others is its reduced need for prior knowledge, and enhanced emphasis on hands-on learning.\r\nBy the end of the course, you will understand and be able to implement:\r\n- Techniques to use the native Win32 API for adversarial tactics, enhancing stealth and offensive efficiency\r\n- Maintaining data/shellcode integrity while using multiple ciphers for obfuscation and encryption\r\n- Modular antivirus evasion techniques that will remain useful through your pen testing career","updated_timestamp":{"seconds":1659133200,"nanoseconds":0},"speakers":[{"content_ids":[49082],"conference_id":65,"event_ids":[49085,49129],"name":"Dahvid Schloss","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48507}],"timeband_id":927,"links":[],"end":"2022-08-16T00:00:00.000-0000","id":49085,"village_id":null,"tag_ids":[45337,45373,45450],"begin_timestamp":{"seconds":1660575600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48507}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45432},"updated":"2022-07-29T22:20:00.000-0000","begin":"2022-08-15T15:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/chris-greer-tcp-ip-deep-dive-for-hackers-featuring-wireshark\r\n\r\nTraining description:\r\n\r\nAlmost every attack, intrusion, scan, and exfiltration involves the TCP protocol at some point. Whether we are hacking a system and need to better understand how networks/systems are enumerated and IDS’s do their thing, or we are defending our domain from a botnet attack, a deep understanding of the TCP protocol will help us do our jobs better and faster. In this course, get ready to go deep into TCP. We’re going to rip open pcaps with Wireshark and learn how this protocol really works. Don’t worry, there is FAR more to learn past the three-way handshake! We will learn how the MSS works, receive windows, selective acknowledgements, retransmissions, and much, much more! We will examine how TCP scan, OS enumeration, exfiltration, and C2 traffic looks on the wire, and how TCP fields can help us to filter for it fast. This will be an action-packed, hands-on course for Wireshark beginners as well as seasoned pros who want to pick up some new tricks. There is something for all experience levels in this course, although it will be targeted to the early-intermediate cybersecurity professional.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#767daa","updated_at":"2024-06-07T03:39+0000","name":"Paid Training","id":45337},"title":"TCP/IP Deep Dive for Ethical Hackers – Featuring Wireshark","end_timestamp":{"seconds":1660608000,"nanoseconds":0},"android_description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/chris-greer-tcp-ip-deep-dive-for-hackers-featuring-wireshark\r\n\r\nTraining description:\r\n\r\nAlmost every attack, intrusion, scan, and exfiltration involves the TCP protocol at some point. Whether we are hacking a system and need to better understand how networks/systems are enumerated and IDS’s do their thing, or we are defending our domain from a botnet attack, a deep understanding of the TCP protocol will help us do our jobs better and faster. In this course, get ready to go deep into TCP. We’re going to rip open pcaps with Wireshark and learn how this protocol really works. Don’t worry, there is FAR more to learn past the three-way handshake! We will learn how the MSS works, receive windows, selective acknowledgements, retransmissions, and much, much more! We will examine how TCP scan, OS enumeration, exfiltration, and C2 traffic looks on the wire, and how TCP fields can help us to filter for it fast. This will be an action-packed, hands-on course for Wireshark beginners as well as seasoned pros who want to pick up some new tricks. There is something for all experience levels in this course, although it will be targeted to the early-intermediate cybersecurity professional.","updated_timestamp":{"seconds":1659133260,"nanoseconds":0},"speakers":[{"content_ids":[49081,49113],"conference_id":65,"event_ids":[49149,49084,49106],"name":"Chris Greer","affiliations":[{"organization":"","title":"Network Analyst & Wireshark Instructor"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/cgreer/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/packetpioneer"},{"description":"","title":"YouTube","sort_order":0,"url":"https://www.youtube.com/c/ChrisGreer"}],"pronouns":null,"media":[],"id":48506,"title":"Network Analyst & Wireshark Instructor"}],"timeband_id":927,"links":[],"end":"2022-08-16T00:00:00.000-0000","id":49084,"village_id":null,"tag_ids":[45337,45373,45450],"begin_timestamp":{"seconds":1660575600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48506}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45432},"updated":"2022-07-29T22:21:00.000-0000","begin":"2022-08-15T15:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/aubrey-labuschagne-william-marianka-botes-pragmatic-api-exploration\r\n\r\nTraining description:\r\n\r\nThe use of Application Programming Interfaces (APIs) have become ubiquitous as business expose and consume services.\r\n\r\nTherefore, the threat landscape of organizations increases with the adoption of APIs. The content of the course creates awareness around the various attack vectors used targeting APIs and provides actionable mitigation strategies.\r\n\r\nThe aim of this course is to empower you to conduct a risk assessment of an API. This hands-on course covers API basics, setting up a test environment, API threat model, API protocols and architectures, typical vulnerabilities, enumerating an attack surface and best practices around security.\r\n\r\nMoreover, it focuses on gaining practical experience of the OWASP Top 10 for APIs. In addition, you would be gaining practical experience on exploiting typical vulnerabilities on RESTful (REST) APIs and GraphQL. The course concludes with a capture the flag (CTF) to apply knowledge gained during the course.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#767daa","name":"Paid Training","id":45337},"title":"Pragmatic API Exploration","end_timestamp":{"seconds":1660608000,"nanoseconds":0},"android_description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/aubrey-labuschagne-william-marianka-botes-pragmatic-api-exploration\r\n\r\nTraining description:\r\n\r\nThe use of Application Programming Interfaces (APIs) have become ubiquitous as business expose and consume services.\r\n\r\nTherefore, the threat landscape of organizations increases with the adoption of APIs. The content of the course creates awareness around the various attack vectors used targeting APIs and provides actionable mitigation strategies.\r\n\r\nThe aim of this course is to empower you to conduct a risk assessment of an API. This hands-on course covers API basics, setting up a test environment, API threat model, API protocols and architectures, typical vulnerabilities, enumerating an attack surface and best practices around security.\r\n\r\nMoreover, it focuses on gaining practical experience of the OWASP Top 10 for APIs. In addition, you would be gaining practical experience on exploiting typical vulnerabilities on RESTful (REST) APIs and GraphQL. The course concludes with a capture the flag (CTF) to apply knowledge gained during the course.","updated_timestamp":{"seconds":1659133800,"nanoseconds":0},"speakers":[{"content_ids":[49075],"conference_id":65,"event_ids":[49078,49112],"name":"Aubrey Labuschagne (William)","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/cyber_protect"}],"media":[],"id":48499},{"content_ids":[49075],"conference_id":65,"event_ids":[49078,49112],"name":"Marianka Botes","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/mariankabotes"}],"pronouns":null,"media":[],"id":48521}],"timeband_id":927,"links":[],"end":"2022-08-16T00:00:00.000-0000","id":49078,"village_id":null,"tag_ids":[45337,45373,45450],"begin_timestamp":{"seconds":1660575600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48499},{"tag_id":565,"sort_order":1,"person_id":48521}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45432},"updated":"2022-07-29T22:30:00.000-0000","begin":"2022-08-15T15:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/abhinav-singh-defenders-guide-to-securing-public-cloud-infrastructures\r\n\r\nTraining description:\r\n\r\nThis training focuses on elevating your threat detection, investigations, and response knowledge into the cloud. This hands-on training simulates real-life attack scenarios on cloud infrastructure & applications. It then teaches you to build your own defensive tools against such attacks by using cloud native services on AWS. This makes it an ideal class for red & blue teams.\n\n\n","title":"Defender's Guide to Securing Public Cloud Infrastructures","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#767daa","name":"Paid Training","id":45337},"end_timestamp":{"seconds":1660608000,"nanoseconds":0},"android_description":"Latest details, requirements, description, cost: https://defcontrainings.myshopify.com/products/abhinav-singh-defenders-guide-to-securing-public-cloud-infrastructures\r\n\r\nTraining description:\r\n\r\nThis training focuses on elevating your threat detection, investigations, and response knowledge into the cloud. This hands-on training simulates real-life attack scenarios on cloud infrastructure & applications. It then teaches you to build your own defensive tools against such attacks by using cloud native services on AWS. This makes it an ideal class for red & blue teams.","updated_timestamp":{"seconds":1659134160,"nanoseconds":0},"speakers":[{"content_ids":[49073],"conference_id":65,"event_ids":[49076,49127],"name":"Abhinav Singh","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48497}],"timeband_id":927,"links":[],"end":"2022-08-16T00:00:00.000-0000","id":49076,"begin_timestamp":{"seconds":1660575600,"nanoseconds":0},"village_id":null,"tag_ids":[45337,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48497}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45432},"updated":"2022-07-29T22:36:00.000-0000","begin":"2022-08-15T15:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Paid-Training Registration Opens","type":{"conference_id":65,"conference":"DEFCON30","color":"#767daa","updated_at":"2024-06-07T03:39+0000","name":"Paid Training","id":45337},"end_timestamp":{"seconds":1660572000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1660378500,"nanoseconds":0},"speakers":[],"timeband_id":927,"links":[],"end":"2022-08-15T14:00:00.000-0000","id":49979,"village_id":null,"begin_timestamp":{"seconds":1660572000,"nanoseconds":0},"tag_ids":[45337,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45432,"name":"Caesars Forum - Forum","hotel":"","short_name":"Forum","id":45435},"spans_timebands":"N","begin":"2022-08-15T14:00:00.000-0000","updated":"2022-08-13T08:15:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"DEF CON Closing Ceremonies & Awards, the Uber Black badges are awarded to the winners of CTF and several other contests that earned a Black badge for DEF CON 30! We will wrap up the con, say thanks where it's due, and acknowledge special moments.\n\n\n","title":"DEF CON Closing Ceremonies & Awards","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"android_description":"DEF CON Closing Ceremonies & Awards, the Uber Black badges are awarded to the winners of CTF and several other contests that earned a Black badge for DEF CON 30! We will wrap up the con, say thanks where it's due, and acknowledge special moments.","end_timestamp":{"seconds":1660523400,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48506,48593,48501,48534],"conference_id":65,"event_ids":[48594,48504,48523,48540],"name":"The Dark Tangent","affiliations":[{"organization":"","title":"DEF CON "}],"links":[],"pronouns":null,"media":[],"id":47869,"title":"DEF CON"}],"timeband_id":893,"links":[],"end":"2022-08-15T00:30:00.000-0000","id":48594,"begin_timestamp":{"seconds":1660516200,"nanoseconds":0},"village_id":null,"tag_ids":[45241,45375,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47869}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 104-110, 135-136, 138-139 (Tracks 1+2)","hotel":"","short_name":"104-110, 135-136, 138-139 (Tracks 1+2)","id":45376},"updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-14T22:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Phishing for Your Next Cyber Opportunity","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#c497fa","name":"Girls Hack Village","id":45361},"end_timestamp":{"seconds":1660514400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659465900,"nanoseconds":0},"speakers":[{"content_ids":[49318],"conference_id":65,"event_ids":[49418],"name":"Cyrena Jackson","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/cyrena-jackson/"}],"media":[],"id":48720},{"content_ids":[49318],"conference_id":65,"event_ids":[49418],"name":"Teresa Green","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48738}],"timeband_id":893,"links":[],"end":"2022-08-14T22:00:00.000-0000","id":49418,"tag_ids":[40255,45340,45361,45451],"begin_timestamp":{"seconds":1660512600,"nanoseconds":0},"village_id":12,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48720},{"tag_id":565,"sort_order":1,"person_id":48738}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City III (Girls Hack Village)","hotel":"","short_name":"Virginia City III (Girls Hack Village)","id":45400},"updated":"2022-08-02T18:45:00.000-0000","begin":"2022-08-14T21:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"We will talk about AES-GCM documented and largely unknown limitations no how many encryptions it can do with one key. We won’t get into the cryptographic details of the algorithm, so no need to worry about that. I’ll propose some workarounds to the limitations too. There is some basic math involved :)\n\n\n","title":"AES-GCM common pitfalls and how to work around them (PRE-RECORDED)","type":{"conference_id":65,"conference":"DEFCON30","color":"#ff88ea","updated_at":"2024-06-07T03:39+0000","name":"Crypto & Privacy Village","id":45347},"android_description":"We will talk about AES-GCM documented and largely unknown limitations no how many encryptions it can do with one key. We won’t get into the cryptographic details of the algorithm, so no need to worry about that. I’ll propose some workarounds to the limitations too. There is some basic math involved :)","end_timestamp":{"seconds":1660514400,"nanoseconds":0},"updated_timestamp":{"seconds":1659214200,"nanoseconds":0},"speakers":[{"content_ids":[49149,49165],"conference_id":65,"event_ids":[49185,49201],"name":"Santiago Kantorowicz","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48612}],"timeband_id":893,"links":[],"end":"2022-08-14T22:00:00.000-0000","id":49201,"tag_ids":[40253,45347,45348,45451],"begin_timestamp":{"seconds":1660511700,"nanoseconds":0},"village_id":10,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48612}],"tags":"Pre-Recorded Content","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"spans_timebands":"N","begin":"2022-08-14T21:15:00.000-0000","updated":"2022-07-30T20:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The ONCD team will provide an overview of the National Cybersecurity Strategy that is currently under development and solicit feedback from participants.\n\n\n","title":"ONCD Cybersecurity Strategy Workshop","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ab59db","name":"Policy@DEF CON Content","id":45311},"android_description":"The ONCD team will provide an overview of the National Cybersecurity Strategy that is currently under development and solicit feedback from participants.","end_timestamp":{"seconds":1660514400,"nanoseconds":0},"updated_timestamp":{"seconds":1660106640,"nanoseconds":0},"speakers":[{"content_ids":[48887,48517,49738],"conference_id":65,"event_ids":[48542,48882,49931],"name":"Jason Healey","affiliations":[{"organization":"Columbia University SIPA","title":"Senior Research Scholar"}],"links":[],"pronouns":null,"media":[],"id":48311,"title":"Senior Research Scholar at Columbia University SIPA"},{"content_ids":[49738],"conference_id":65,"event_ids":[49931],"name":"Samantha Jennings","affiliations":[{"organization":"ONCD, White House","title":"Senior Strategy and Research Advisor"}],"links":[],"pronouns":null,"media":[],"id":49073,"title":"Senior Strategy and Research Advisor at ONCD, White House"},{"content_ids":[49738],"conference_id":65,"event_ids":[49931],"name":"Osasu Dorsey","affiliations":[{"organization":"ONCD, White House","title":"Senior Strategy and Research Advisor"}],"links":[],"pronouns":null,"media":[],"id":49074,"title":"Senior Strategy and Research Advisor at ONCD, White House"}],"timeband_id":893,"links":[],"end":"2022-08-14T22:00:00.000-0000","id":49931,"tag_ids":[40265,45311,45373,45450],"begin_timestamp":{"seconds":1660510800,"nanoseconds":0},"village_id":23,"includes":"","people":[{"tag_id":45448,"sort_order":1,"person_id":48311},{"tag_id":45448,"sort_order":1,"person_id":49074},{"tag_id":45448,"sort_order":1,"person_id":49073}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 224-225 - Policy Collaboratorium","hotel":"","short_name":"224-225 - Policy Collaboratorium","id":45464},"spans_timebands":"N","begin":"2022-08-14T21:00:00.000-0000","updated":"2022-08-10T04:44:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Examine current and emerging cybersecurity policy issues introduced by the proliferation of new spectrum uses, many of which are not emphasizing cybersecurity. Billions are being spent for rural broadband; IoT/IIoT systems are becoming ubiquitous and many have RF component embedded; LEO internet will expand dramatically with ground, space and data link segments; MMW systems for 5G and 6G need to be backwards compatible with legacy systems; the military is putting increased emphasis on cyber-EW convergence and the implementing the 2020 Electromagnetic Spectrum Superiority Strategy; shared spectrum is becoming increasingly accepted, increasing the importance of dynamic spectrum access. Spectrum is critical to nearly every element of the emerging network environment, yet the initiatives are distributed (NTIA, FCC, Agriculture, Energy, Defense, States, commercial, etc.) and cybersecurity considerations are not receiving enough attention.\n\n\n","title":"The Exploding Wireless Attack Surface: Policy considerations for a rapidly changing electromagnetic spectrum environment","type":{"conference_id":65,"conference":"DEFCON30","color":"#ab59db","updated_at":"2024-06-07T03:39+0000","name":"Policy@DEF CON Content","id":45311},"android_description":"Examine current and emerging cybersecurity policy issues introduced by the proliferation of new spectrum uses, many of which are not emphasizing cybersecurity. Billions are being spent for rural broadband; IoT/IIoT systems are becoming ubiquitous and many have RF component embedded; LEO internet will expand dramatically with ground, space and data link segments; MMW systems for 5G and 6G need to be backwards compatible with legacy systems; the military is putting increased emphasis on cyber-EW convergence and the implementing the 2020 Electromagnetic Spectrum Superiority Strategy; shared spectrum is becoming increasingly accepted, increasing the importance of dynamic spectrum access. Spectrum is critical to nearly every element of the emerging network environment, yet the initiatives are distributed (NTIA, FCC, Agriculture, Energy, Defense, States, commercial, etc.) and cybersecurity considerations are not receiving enough attention.","end_timestamp":{"seconds":1660514400,"nanoseconds":0},"updated_timestamp":{"seconds":1660106580,"nanoseconds":0},"speakers":[{"content_ids":[49737],"conference_id":65,"event_ids":[49930],"name":"Linton Wells","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49072}],"timeband_id":893,"links":[],"end":"2022-08-14T22:00:00.000-0000","id":49930,"village_id":23,"begin_timestamp":{"seconds":1660510800,"nanoseconds":0},"tag_ids":[40265,45311,45373,45450],"includes":"","people":[{"tag_id":45448,"sort_order":1,"person_id":49072}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 226-227 - Policy Roundtable","hotel":"","short_name":"226-227 - Policy Roundtable","id":45465},"spans_timebands":"N","begin":"2022-08-14T21:00:00.000-0000","updated":"2022-08-10T04:43:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Free discussion and Q&A covering all the challenges in the RF CTF\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8826b","updated_at":"2024-06-07T03:39+0000","name":"Radio Frequency Village","id":45383},"title":"RF CTF Out-brief","android_description":"Free discussion and Q&A covering all the challenges in the RF CTF","end_timestamp":{"seconds":1660514400,"nanoseconds":0},"updated_timestamp":{"seconds":1659928380,"nanoseconds":0},"speakers":[{"content_ids":[49654,49655,49656],"conference_id":65,"event_ids":[49842,49843,49844],"name":"RF Hackers Village Staff","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/rfhackers"},{"description":"","title":"Website","sort_order":0,"url":"https://rfhackers.com"}],"pronouns":null,"media":[],"id":49024}],"timeband_id":893,"links":[],"end":"2022-08-14T22:00:00.000-0000","id":49844,"begin_timestamp":{"seconds":1660510800,"nanoseconds":0},"village_id":25,"tag_ids":[40267,45340,45373,45383,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49024}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Eldorado Ballroom (Radio Frequency Village)","hotel":"","short_name":"Eldorado Ballroom (Radio Frequency Village)","id":45427},"spans_timebands":"N","begin":"2022-08-14T21:00:00.000-0000","updated":"2022-08-08T03:13:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Discussion of the interplay of admiralty law and cyber attacks on the high seas. Most individuals do not realize that admiralty law has not evolved since the 1800s and plays a role in managing and responding to cyber attacks that happen at sea. The presentation will discuss why cyber folks should care and how they may need to change their approach to avoid violating admiralty law or taking on personal and company risk. The presentation will also touch on how and where the current playbook cyber incident responders use in responding to an incident may need to be tweaked when the hack is happening at sea.\n\n\n","title":"Navigating the High Seas When Dealing with Cybersecurity Attack","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#81f8bf","name":"ICS Village","id":45369},"end_timestamp":{"seconds":1660512600,"nanoseconds":0},"android_description":"Discussion of the interplay of admiralty law and cyber attacks on the high seas. Most individuals do not realize that admiralty law has not evolved since the 1800s and plays a role in managing and responding to cyber attacks that happen at sea. The presentation will discuss why cyber folks should care and how they may need to change their approach to avoid violating admiralty law or taking on personal and company risk. The presentation will also touch on how and where the current playbook cyber incident responders use in responding to an incident may need to be tweaked when the hack is happening at sea.","updated_timestamp":{"seconds":1659473700,"nanoseconds":0},"speakers":[{"content_ids":[49354],"conference_id":65,"event_ids":[49454],"name":"Daniel Garrie","affiliations":[{"organization":"Harvard University","title":"Adjunct Professor"}],"links":[],"pronouns":null,"media":[],"id":48751,"title":"Adjunct Professor at Harvard University"}],"timeband_id":893,"links":[],"end":"2022-08-14T21:30:00.000-0000","id":49454,"village_id":15,"tag_ids":[40258,45340,45369,45375,45450],"begin_timestamp":{"seconds":1660510800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48751}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village)","hotel":"","short_name":"314 - 319 (ICS Village)","id":45430},"begin":"2022-08-14T21:00:00.000-0000","updated":"2022-08-02T20:55:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"\"Why would you possibly need to know how to do that?\" and “Couldn’t you just break the lock?” are two of the more common questions I get when discussing lock picking or various bypasses. At first glance, many see lock picking as a nefarious and largely unnecessary hobby. But, whether you are a locksport enthusiast, security researcher, emergency responder, or just someone who enjoys puzzles, lock picking can be a constructive—and useful—skill to learn. This talk aims to show how diverse the community is, explore some of the many reasons we engage in this hobby, and try to give some answers as to why we practice lock picking.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#856899","name":"Lock Pick Village","id":45362},"title":"The \"Why\" of Lock Picking","android_description":"\"Why would you possibly need to know how to do that?\" and “Couldn’t you just break the lock?” are two of the more common questions I get when discussing lock picking or various bypasses. At first glance, many see lock picking as a nefarious and largely unnecessary hobby. But, whether you are a locksport enthusiast, security researcher, emergency responder, or just someone who enjoys puzzles, lock picking can be a constructive—and useful—skill to learn. This talk aims to show how diverse the community is, explore some of the many reasons we engage in this hobby, and try to give some answers as to why we practice lock picking.","end_timestamp":{"seconds":1660512000,"nanoseconds":0},"updated_timestamp":{"seconds":1659420420,"nanoseconds":0},"speakers":[{"content_ids":[49281],"conference_id":65,"event_ids":[49361],"name":"Christopher Forte (isaidnocookies)","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48705}],"timeband_id":893,"links":[],"end":"2022-08-14T21:20:00.000-0000","id":49361,"begin_timestamp":{"seconds":1660510800,"nanoseconds":0},"tag_ids":[40259,45340,45362,45373,45450],"village_id":17,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48705}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 203-204, 235 (Lock Pick Village)","hotel":"","short_name":"203-204, 235 (Lock Pick Village)","id":45399},"spans_timebands":"N","begin":"2022-08-14T21:00:00.000-0000","updated":"2022-08-02T06:07:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"A review of the weekend and a short discussion of the topics to look out for in the coming year.\n\n\n","title":"AI Village Closing Remarks","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#7692ac","name":"AI Village","id":45330},"end_timestamp":{"seconds":1660514400,"nanoseconds":0},"android_description":"A review of the weekend and a short discussion of the topics to look out for in the coming year.","updated_timestamp":{"seconds":1659293220,"nanoseconds":0},"speakers":[{"content_ids":[49030,49049],"conference_id":65,"event_ids":[49033,49052],"name":"Brian Pendleton","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/yaganub"}],"media":[],"id":48648},{"content_ids":[49030,49049],"conference_id":65,"event_ids":[49033,49052],"name":"Sven Cattell","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/comathematician"}],"media":[],"id":48649}],"timeband_id":893,"links":[],"end":"2022-08-14T22:00:00.000-0000","id":49052,"begin_timestamp":{"seconds":1660510800,"nanoseconds":0},"tag_ids":[40248,45330,45450],"village_id":3,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48648},{"tag_id":565,"sort_order":1,"person_id":48649}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (AI Village)","hotel":"","short_name":"220->236 (AI Village)","id":45410},"begin":"2022-08-14T21:00:00.000-0000","updated":"2022-07-31T18:47:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Solana is a blockchain with a $37 billion dollar market cap with the\nsecurity of that chain relying on the security of the smart contracts\non the chain - and we found very little research on the actual\nexecution environment of those contracts. In contrast to Ethereum,\nwhere contracts are mostly written in Solidity and then compiled to\nthe Ethereum Virtual Machine, Solana uses a different approach: Solana\ncontracts can be written in C, Rust, and C++, and are compiled to\neBPF. Underneath the hood, Solana uses rBPF: A Rust BPF implementation\nwith a just-in-time compiler. Given the security history of eBPF in\nthe Linux kernel, and the lack of previous public, low-level Solana\nresearch, we decided to dig deeper: We built Solana\nreverse-engineering tooling and fuzzing harnesses as we slowly dug our\nway into the JIT - eventually discovering multiple out-of-bounds\nvulnerabilities.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"title":"Solana JIT: Lessons from fuzzing a smart-contract compiler","end_timestamp":{"seconds":1660513500,"nanoseconds":0},"android_description":"Solana is a blockchain with a $37 billion dollar market cap with the\nsecurity of that chain relying on the security of the smart contracts\non the chain - and we found very little research on the actual\nexecution environment of those contracts. In contrast to Ethereum,\nwhere contracts are mostly written in Solidity and then compiled to\nthe Ethereum Virtual Machine, Solana uses a different approach: Solana\ncontracts can be written in C, Rust, and C++, and are compiled to\neBPF. Underneath the hood, Solana uses rBPF: A Rust BPF implementation\nwith a just-in-time compiler. Given the security history of eBPF in\nthe Linux kernel, and the lack of previous public, low-level Solana\nresearch, we decided to dig deeper: We built Solana\nreverse-engineering tooling and fuzzing harnesses as we slowly dug our\nway into the JIT - eventually discovering multiple out-of-bounds\nvulnerabilities.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48591],"conference_id":65,"event_ids":[48591],"name":"Thomas Roth","affiliations":[],"links":[],"pronouns":null,"media":[],"id":47858}],"timeband_id":893,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242283"}],"end":"2022-08-14T21:45:00.000-0000","id":48591,"begin_timestamp":{"seconds":1660510800,"nanoseconds":0},"village_id":null,"tag_ids":[45241,45279,45281,45375,45450],"includes":"Tool, Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47858}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-14T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"DEF CON Contest & Events Awards, come find out who won what!!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"title":"Contest Closing Ceremonies & Awards","end_timestamp":{"seconds":1660515300,"nanoseconds":0},"android_description":"DEF CON Contest & Events Awards, come find out who won what!!","updated_timestamp":{"seconds":1660290000,"nanoseconds":0},"speakers":[{"content_ids":[48592],"conference_id":65,"event_ids":[48544],"name":"Grifter","affiliations":[{"organization":"","title":"DEF CON, Contests & Events"}],"links":[],"pronouns":null,"media":[],"id":47907,"title":"DEF CON, Contests & Events"}],"timeband_id":893,"links":[],"end":"2022-08-14T22:15:00.000-0000","id":48544,"village_id":null,"begin_timestamp":{"seconds":1660510800,"nanoseconds":0},"tag_ids":[45241,45375,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47907}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 401-410, 421 (Track 3)","hotel":"","short_name":"401-410, 421 (Track 3)","id":45374},"updated":"2022-08-12T07:40:00.000-0000","begin":"2022-08-14T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#7caa57","updated_at":"2024-06-07T03:39+0000","name":"Cloud Village","id":45350},"title":"Cloud Village Closing Note","end_timestamp":{"seconds":1660509900,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659284040,"nanoseconds":0},"speakers":[{"content_ids":[49190,49191],"conference_id":65,"event_ids":[49226,49227],"name":"Jayesh Singh Chauhan","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48647}],"timeband_id":893,"links":[],"end":"2022-08-14T20:45:00.000-0000","id":49227,"village_id":9,"tag_ids":[40252,45341,45350,45451],"begin_timestamp":{"seconds":1660509000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48647}],"tags":"Village Event","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Cloud Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Cloud Village)","id":45431},"spans_timebands":"N","updated":"2022-07-31T16:14:00.000-0000","begin":"2022-08-14T20:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Cryptosploit is a new tool intended to aid in the development and use of cryptographic attacks in a variety of scenarios. Inspired by the cryptopals challenges and tools like metasploit this talk will discuss the origin of this tool and its uses. The main innovation of this tool is to write modules to implement attacks and separate code to interact with cryptographic systems called oracles. In this talk we will discuss how the attacks work and demonstrate how to execute them with this tool. The hope is this tool will encourage the use of cryptographic attacks where applicable by lowering the barrier of entry and community development.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#ff88ea","updated_at":"2024-06-07T03:39+0000","name":"Crypto & Privacy Village","id":45347},"title":"Cryptosploit","end_timestamp":{"seconds":1660511700,"nanoseconds":0},"android_description":"Cryptosploit is a new tool intended to aid in the development and use of cryptographic attacks in a variety of scenarios. Inspired by the cryptopals challenges and tools like metasploit this talk will discuss the origin of this tool and its uses. The main innovation of this tool is to write modules to implement attacks and separate code to interact with cryptographic systems called oracles. In this talk we will discuss how the attacks work and demonstrate how to execute them with this tool. The hope is this tool will encourage the use of cryptographic attacks where applicable by lowering the barrier of entry and community development.","updated_timestamp":{"seconds":1659214200,"nanoseconds":0},"speakers":[{"content_ids":[49121,49164],"conference_id":65,"event_ids":[49200,49172],"name":"Matt Cheung","affiliations":[{"organization":"","title":"Hacker"}],"links":[],"pronouns":null,"media":[],"id":48568,"title":"Hacker"},{"content_ids":[49164],"conference_id":65,"event_ids":[49200],"name":"Benjamin Hendel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48592}],"timeband_id":893,"links":[],"end":"2022-08-14T21:15:00.000-0000","id":49200,"begin_timestamp":{"seconds":1660509000,"nanoseconds":0},"village_id":10,"tag_ids":[40253,45347,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48592},{"tag_id":565,"sort_order":1,"person_id":48568}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"spans_timebands":"N","updated":"2022-07-30T20:50:00.000-0000","begin":"2022-08-14T20:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Introducing the Abusability Testing Framework (V1)","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ff88ea","name":"Crypto & Privacy Village","id":45347},"end_timestamp":{"seconds":1660509000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1660319520,"nanoseconds":0},"speakers":[{"content_ids":[49162,49776],"conference_id":65,"event_ids":[49198,49976],"name":"Avi Zajac","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48591},{"content_ids":[49776],"conference_id":65,"event_ids":[49976],"name":"Ji Su Yoo","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/JiSuYoo1"}],"media":[],"id":48598},{"content_ids":[49776],"conference_id":65,"event_ids":[49976],"name":"Nicole Chi","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/nchisays"}],"pronouns":null,"media":[],"id":48606}],"timeband_id":893,"links":[],"end":"2022-08-14T20:30:00.000-0000","id":49976,"village_id":10,"tag_ids":[40253,45340,45347,45373,45451],"begin_timestamp":{"seconds":1660507200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48591},{"tag_id":565,"sort_order":1,"person_id":48598},{"tag_id":565,"sort_order":1,"person_id":48606}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"begin":"2022-08-14T20:00:00.000-0000","updated":"2022-08-12T15:52:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"How does a stored XSS on a switch become a covert, firewall bypassing protocol? How does rebooting a switch using unsanitized input allow an attacker to eavesdrop or poison traffic? When do these bugs become weapons?\r\n\r\nIn this lecture / interactive lab environment, attendees will learn bug hunting, refine exploitation techniques, and understand tradecraft via public disclosure of application flaws in many HPE / Aruba Networks switches. Through the abuse of onboard functionality and \"minor bugs\", attendees can build a rudimentary covert protocol using stored XSS in limited space, inject arbitrary HTML content across segmented networks, and understand how cyberweapons and capabilities are built from the ground up. The labs will be available post-session: Attendees do not need to be able actively exploit applications to watch and learn!\r\n\r\n\r\n\r\nTo participate actively, you will need:\r\n+ Wi-fi or RJ45 connection\r\n+ Burp Community or Professional (Some trial licenses will be available)\r\n+ Kali\r\n+ Python 3 with JSON REQUESTS SYS RE\r\n+ Putty or SSH Client\r\n+ xHydra or an SSH brute forcer\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#5978bc","name":"AppSec Village","id":45378},"title":"Layer 7 matters at Layers 2/3 : Appsec on Network Infrastructure","end_timestamp":{"seconds":1660514400,"nanoseconds":0},"android_description":"How does a stored XSS on a switch become a covert, firewall bypassing protocol? How does rebooting a switch using unsanitized input allow an attacker to eavesdrop or poison traffic? When do these bugs become weapons?\r\n\r\nIn this lecture / interactive lab environment, attendees will learn bug hunting, refine exploitation techniques, and understand tradecraft via public disclosure of application flaws in many HPE / Aruba Networks switches. Through the abuse of onboard functionality and \"minor bugs\", attendees can build a rudimentary covert protocol using stored XSS in limited space, inject arbitrary HTML content across segmented networks, and understand how cyberweapons and capabilities are built from the ground up. The labs will be available post-session: Attendees do not need to be able actively exploit applications to watch and learn!\r\n\r\n\r\n\r\nTo participate actively, you will need:\r\n+ Wi-fi or RJ45 connection\r\n+ Burp Community or Professional (Some trial licenses will be available)\r\n+ Kali\r\n+ Python 3 with JSON REQUESTS SYS RE\r\n+ Putty or SSH Client\r\n+ xHydra or an SSH brute forcer","updated_timestamp":{"seconds":1659917160,"nanoseconds":0},"speakers":[{"content_ids":[49644],"conference_id":65,"event_ids":[49828],"name":"Ken Pyle","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/ken-pyle-cissp-hcispp-oscp-ecsa-ceh-ence-569642a"}],"pronouns":null,"media":[],"id":49008}],"timeband_id":893,"links":[],"end":"2022-08-14T22:00:00.000-0000","id":49828,"begin_timestamp":{"seconds":1660507200,"nanoseconds":0},"village_id":4,"tag_ids":[40278,45332,45378,45431,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49008}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45421,"name":"Flamingo - Twilight Ballroom - AppSec Village - Main Stage","hotel":"","short_name":"Main Stage","id":45517},"updated":"2022-08-08T00:06:00.000-0000","begin":"2022-08-14T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Advanced Persistent Threat (APT) actors have a lot of resources and motivation for reaching their targets. In many cases they pick specific targets very carefully. Unlike regular threat actors, APTs are covert and difficult to track. They are not likely to try 1-day vulnerabilities to find just any target; their targets are likely to have the latest security updates. Most APTs carry out cyber attacks with only unknown vulnerabilities (0-days). They need to find their own new 0-days in order to breach their target environment. To succeed in the long run, they probably need to find many 0-days, so they can minimize the number of times each one is used in the wild and the risk of exposing it. The top APTs will aim for kernel vulnerabilities where they can alter what users see in user-space, be persistent, and generally have much more control over the system.\r\n\r\nThey may also aim for hypervisor vulnerabilities to attack cloud services based on virtualization. While the search for new vulnerabilities may be done manually, APTs may prefer to use automation for better results and longer term usage. One type of automation APTs are likely to use is fuzzing! In this talk, I will present the main components of fuzzing, different fuzzing strategies, and provide a quick look at kernel / hypervisor fuzzing - the most delicate fuzzing arena of them all.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#54ab76","updated_at":"2024-06-07T03:39+0000","name":"Adversary Village","id":45377},"title":"Modern techniques used by Advanced Persistent Threat actors for discovering 0-day vulnerabilities","end_timestamp":{"seconds":1660508100,"nanoseconds":0},"android_description":"Advanced Persistent Threat (APT) actors have a lot of resources and motivation for reaching their targets. In many cases they pick specific targets very carefully. Unlike regular threat actors, APTs are covert and difficult to track. They are not likely to try 1-day vulnerabilities to find just any target; their targets are likely to have the latest security updates. Most APTs carry out cyber attacks with only unknown vulnerabilities (0-days). They need to find their own new 0-days in order to breach their target environment. To succeed in the long run, they probably need to find many 0-days, so they can minimize the number of times each one is used in the wild and the risk of exposing it. The top APTs will aim for kernel vulnerabilities where they can alter what users see in user-space, be persistent, and generally have much more control over the system.\r\n\r\nThey may also aim for hypervisor vulnerabilities to attack cloud services based on virtualization. While the search for new vulnerabilities may be done manually, APTs may prefer to use automation for better results and longer term usage. One type of automation APTs are likely to use is fuzzing! In this talk, I will present the main components of fuzzing, different fuzzing strategies, and provide a quick look at kernel / hypervisor fuzzing - the most delicate fuzzing arena of them all.","updated_timestamp":{"seconds":1659888420,"nanoseconds":0},"speakers":[{"content_ids":[49578],"conference_id":65,"event_ids":[49790],"name":"Or Yair","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48917}],"timeband_id":893,"links":[],"end":"2022-08-14T20:15:00.000-0000","id":49790,"begin_timestamp":{"seconds":1660507200,"nanoseconds":0},"tag_ids":[40246,45331,45373,45377,45451],"village_id":1,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48917}],"tags":"Lightning Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"spans_timebands":"N","updated":"2022-08-07T16:07:00.000-0000","begin":"2022-08-14T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Discussion of the underlying functionality of the PSTN integration into modern SIP/VoIP platforms and the inherent security flaws of those integrations. This will be a heavy focus on end user experience, particularly for remote users (land and sea), when a SIP trunk is used by an Enterprise and using the PTSN as a backdoor for targeted vishing attacks of which I am dubbing \"Spear Vishing\" or \"VoIP Poisoning\". This is when an attacker calls a victim using a number that is well known to the victim to have the underlying system (Cell phone, SIP soft client, or hard phone) populate the rest of the data to legitimize the phone call and use known problems with remote calling such as call quality variability and lack of physical presence to verify the caller as a vector for sewing chaos or social engineering.\n\n\n","title":"Spear Vishing / VoIP Poisoning - Maritime and Land","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#81f8bf","name":"ICS Village","id":45369},"end_timestamp":{"seconds":1660510800,"nanoseconds":0},"android_description":"Discussion of the underlying functionality of the PSTN integration into modern SIP/VoIP platforms and the inherent security flaws of those integrations. This will be a heavy focus on end user experience, particularly for remote users (land and sea), when a SIP trunk is used by an Enterprise and using the PTSN as a backdoor for targeted vishing attacks of which I am dubbing \"Spear Vishing\" or \"VoIP Poisoning\". This is when an attacker calls a victim using a number that is well known to the victim to have the underlying system (Cell phone, SIP soft client, or hard phone) populate the rest of the data to legitimize the phone call and use known problems with remote calling such as call quality variability and lack of physical presence to verify the caller as a vector for sewing chaos or social engineering.","updated_timestamp":{"seconds":1659473700,"nanoseconds":0},"speakers":[{"content_ids":[49353],"conference_id":65,"event_ids":[49453],"name":"Travis Juhr","affiliations":[{"organization":"NW Natural","title":"Associate Voice Architect / Unified Comms Engineer"}],"links":[],"pronouns":null,"media":[],"id":48771,"title":"Associate Voice Architect / Unified Comms Engineer at NW Natural"}],"timeband_id":893,"links":[],"end":"2022-08-14T21:00:00.000-0000","id":49453,"tag_ids":[40258,45340,45369,45375,45450],"begin_timestamp":{"seconds":1660507200,"nanoseconds":0},"village_id":15,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48771}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village)","hotel":"","short_name":"314 - 319 (ICS Village)","id":45430},"spans_timebands":"N","begin":"2022-08-14T20:00:00.000-0000","updated":"2022-08-02T20:55:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.\n\n\n","title":"Intro to Lockpicking","type":{"conference_id":65,"conference":"DEFCON30","color":"#856899","updated_at":"2024-06-07T03:39+0000","name":"Lock Pick Village","id":45362},"end_timestamp":{"seconds":1660509000,"nanoseconds":0},"android_description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.","updated_timestamp":{"seconds":1659419820,"nanoseconds":0},"speakers":[{"content_ids":[49271],"conference_id":65,"event_ids":[49344,49345,49346,49347,49348,49349,49350,49351],"name":"TOOOL","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48697}],"timeband_id":893,"links":[],"end":"2022-08-14T20:30:00.000-0000","id":49350,"tag_ids":[40259,45340,45362,45373,45450],"begin_timestamp":{"seconds":1660507200,"nanoseconds":0},"village_id":17,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48697}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 203-204, 235 (Lock Pick Village)","hotel":"","short_name":"203-204, 235 (Lock Pick Village)","id":45399},"spans_timebands":"N","begin":"2022-08-14T20:00:00.000-0000","updated":"2022-08-02T05:57:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Closing ceremony for Blue Team Village @ DEF CON 30\n\n\nClosing ceremony for Blue Team Village @ DEF CON 30","title":"Blue Team Village Closing Ceremony","type":{"conference_id":65,"conference":"DEFCON30","color":"#97ab92","updated_at":"2024-06-07T03:39+0000","name":"Blue Team Village","id":45376},"android_description":"Closing ceremony for Blue Team Village @ DEF CON 30\n\n\nClosing ceremony for Blue Team Village @ DEF CON 30","end_timestamp":{"seconds":1660510800,"nanoseconds":0},"updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T21:00:00.000-0000","id":48899,"tag_ids":[40250,45332,45373,45376,45451],"village_id":7,"begin_timestamp":{"seconds":1660507200,"nanoseconds":0},"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Main Stage (In-person)","hotel":"","short_name":"BTV Main Stage (In-person)","id":45470},"spans_timebands":"N","updated":"2022-07-28T21:38:00.000-0000","begin":"2022-08-14T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Service Fabric is a scalable and reliable container orchestrator developed by Microsoft. It is widely used in Microsoft Azure as well as in Microsoft’s internal production environments as an infrastructure for containerized applications.\r\n\r\nDeveloping a container orchestrator is not an easy task as it involves harnessing many technologies in a complicated and distributed environment. This complexity can ultimately lead to security issues. Such security issues can impose a critical risk since compromising an infrastructure allows attackers to escalate their privileges and take over an entire environment quickly and effectively.\r\n\r\nIn this session, Aviv will share his research on Service Fabric and his journey of escalating from an isolated container to cluster admin. He will go through researching the code and finding a zero-day vulnerability, explaining his exploitation process in Azure Service Fabric offering while dealing with race conditions and other limitations, and explain how it all allowed him to break out of his container to later gain full control over the underlying Service Fabric cluster.\r\n\r\nIn the end, he will share his thoughts on security in the cloud and his concerns on cloud multitenancy.\n\n\n","title":"The Journey From an Isolated Container to Cluster Admin in Service Fabric","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"android_description":"Service Fabric is a scalable and reliable container orchestrator developed by Microsoft. It is widely used in Microsoft Azure as well as in Microsoft’s internal production environments as an infrastructure for containerized applications.\r\n\r\nDeveloping a container orchestrator is not an easy task as it involves harnessing many technologies in a complicated and distributed environment. This complexity can ultimately lead to security issues. Such security issues can impose a critical risk since compromising an infrastructure allows attackers to escalate their privileges and take over an entire environment quickly and effectively.\r\n\r\nIn this session, Aviv will share his research on Service Fabric and his journey of escalating from an isolated container to cluster admin. He will go through researching the code and finding a zero-day vulnerability, explaining his exploitation process in Azure Service Fabric offering while dealing with race conditions and other limitations, and explain how it all allowed him to break out of his container to later gain full control over the underlying Service Fabric cluster.\r\n\r\nIn the end, he will share his thoughts on security in the cloud and his concerns on cloud multitenancy.","end_timestamp":{"seconds":1660509900,"nanoseconds":0},"updated_timestamp":{"seconds":1658933340,"nanoseconds":0},"speakers":[{"content_ids":[48590],"conference_id":65,"event_ids":[48587],"name":"Aviv Sasson","affiliations":[{"organization":"","title":"Principal security researcher, Palo Alto Networks"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/aviv-sasson-b5875915b/"}],"pronouns":null,"media":[],"id":47890,"title":"Principal security researcher, Palo Alto Networks"}],"timeband_id":893,"end":"2022-08-14T20:45:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242285"}],"id":48587,"tag_ids":[45241,45279,45280,45375,45450],"begin_timestamp":{"seconds":1660507200,"nanoseconds":0},"village_id":null,"includes":"Exploit, Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47890}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"spans_timebands":"N","begin":"2022-08-14T20:00:00.000-0000","updated":"2022-07-27T14:49:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Electron based apps are becoming a norm these days as it allows encapsulating web applications into a desktop app which is rendered using chromium. However, if Electron apps load remote content of attackers choice either via feature or misconfiguration of Deep Link or Open redirect or XSS it would lead to Remote Code Execution on the OS.\n\nPreviously, it was known that lack of certain feature flags and inefficiency to apply best practices would cause this behavior but we have identified sophisticated novel attack vectors within the core electron framework which could be leveraged to gain remote code execution on Electron apps despite all feature flags being set correctly under certain circumstances.\n\nThis presentation covers the vulnerabilities found in twenty commonly used Electron applications and demonstrates Remote Code Execution within apps such as Discord, Teams(local file read), VSCode, Basecamp, Mattermost, Element, Notion, and others. \n\nThe speaker's would like to thank Mohan Sri Rama Krishna Pedhapati, Application Security Auditor, Cure53 and William Bowling, Senior Software Developer, Biteable for their contributions to this presentation.\n\n\n","title":"ElectroVolt: Pwning popular desktop apps while uncovering new attack surface on Electron","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"end_timestamp":{"seconds":1660509900,"nanoseconds":0},"android_description":"Electron based apps are becoming a norm these days as it allows encapsulating web applications into a desktop app which is rendered using chromium. However, if Electron apps load remote content of attackers choice either via feature or misconfiguration of Deep Link or Open redirect or XSS it would lead to Remote Code Execution on the OS.\n\nPreviously, it was known that lack of certain feature flags and inefficiency to apply best practices would cause this behavior but we have identified sophisticated novel attack vectors within the core electron framework which could be leveraged to gain remote code execution on Electron apps despite all feature flags being set correctly under certain circumstances.\n\nThis presentation covers the vulnerabilities found in twenty commonly used Electron applications and demonstrates Remote Code Execution within apps such as Discord, Teams(local file read), VSCode, Basecamp, Mattermost, Element, Notion, and others. \n\nThe speaker's would like to thank Mohan Sri Rama Krishna Pedhapati, Application Security Auditor, Cure53 and William Bowling, Senior Software Developer, Biteable for their contributions to this presentation.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48586],"conference_id":65,"event_ids":[48549],"name":"Aaditya Purani","affiliations":[{"organization":"","title":"Senior Security Engineer, Tesla"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/aaditya_purani"}],"pronouns":null,"media":[],"id":47854,"title":"Senior Security Engineer, Tesla"},{"content_ids":[48586],"conference_id":65,"event_ids":[48549],"name":"Max Garrett","affiliations":[{"organization":"","title":"Application Security Auditor, Cure53"}],"links":[],"pronouns":null,"media":[],"id":47933,"title":"Application Security Auditor, Cure53"}],"timeband_id":893,"end":"2022-08-14T20:45:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242337"}],"id":48549,"begin_timestamp":{"seconds":1660507200,"nanoseconds":0},"village_id":null,"tag_ids":[45241,45279,45280,45375,45450],"includes":"Demo, Exploit","people":[{"tag_id":565,"sort_order":1,"person_id":47854},{"tag_id":565,"sort_order":1,"person_id":47933}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 401-410, 421 (Track 3)","hotel":"","short_name":"401-410, 421 (Track 3)","id":45374},"spans_timebands":"N","begin":"2022-08-14T20:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Initial access payloads have historically had limited methods that work seamlessly in phishing campaigns and can maintain a level of evasion. This payload category has been dominated by Microsoft Office types, but as recent news has shown, the lifespan of even this technique is shortening. A vehicle for payload delivery that has been greatly overlooked for initial access is ClickOnce. ClickOnce is very versatile and has a lot of opportunities for maintaining a level of evasion and obfuscation. In this talk we’ll cover methods of bypassing Windows controls such as SmartScreen, application whitelisting, and trusted code abuses with ClickOnce applications. Additionally, we’ll discuss methods of turning regular signed or high reputation .NET assemblies into weaponized ClickOnce deployments. This will result in circumvention of common security controls and extend the value of ClickOnce in the offensive use case. Finally, we’ll discuss delivery mechanisms to increase the overall legitimacy of ClickOnce application deployment in phishing campaigns. This talk can bring to attention the power of ClickOnce applications and code execution techniques that are not commonly used.\n\n\n","title":"Less SmartScreen More Caffeine – ClickOnce (Ab)Use for Trusted Code Execution","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"android_description":"Initial access payloads have historically had limited methods that work seamlessly in phishing campaigns and can maintain a level of evasion. This payload category has been dominated by Microsoft Office types, but as recent news has shown, the lifespan of even this technique is shortening. A vehicle for payload delivery that has been greatly overlooked for initial access is ClickOnce. ClickOnce is very versatile and has a lot of opportunities for maintaining a level of evasion and obfuscation. In this talk we’ll cover methods of bypassing Windows controls such as SmartScreen, application whitelisting, and trusted code abuses with ClickOnce applications. Additionally, we’ll discuss methods of turning regular signed or high reputation .NET assemblies into weaponized ClickOnce deployments. This will result in circumvention of common security controls and extend the value of ClickOnce in the offensive use case. Finally, we’ll discuss delivery mechanisms to increase the overall legitimacy of ClickOnce application deployment in phishing campaigns. This talk can bring to attention the power of ClickOnce applications and code execution techniques that are not commonly used.","end_timestamp":{"seconds":1660509900,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48587],"conference_id":65,"event_ids":[48512],"name":"Nick Powers","affiliations":[{"organization":"","title":"Consultant at SpecterOps"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/zyn3rgy"}],"media":[],"id":47824,"title":"Consultant at SpecterOps"},{"content_ids":[48587],"conference_id":65,"event_ids":[48512],"name":"Steven Flores","affiliations":[{"organization":"","title":"Senior Consultant at SpecterOps"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/0xthirteen"}],"pronouns":null,"media":[],"id":47921,"title":"Senior Consultant at SpecterOps"}],"timeband_id":893,"end":"2022-08-14T20:45:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242211"}],"id":48512,"tag_ids":[45241,45279,45281,45375,45450],"begin_timestamp":{"seconds":1660507200,"nanoseconds":0},"village_id":null,"includes":"Demo, Tool","people":[{"tag_id":565,"sort_order":1,"person_id":47824},{"tag_id":565,"sort_order":1,"person_id":47921}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 104-105, 135-136 (Track 1)","hotel":"","short_name":"104-105, 135-136 (Track 1)","id":45372},"spans_timebands":"N","updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-14T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In the last decade, the major cloud companies have been fighting to get market share by offering the easiest to use cloud with most services. Allowing you get a simple site up and running in a few minutes and quickly being able to scale it. While cloud providers market themselves as the most secure infrastructure for your code, their defaults are far from secure. With: certificates being able to be issued without proof of domain ownership, insecure SSH by default, default passwords, and more the move to the cloud is making it easier for you and your attackers to get into your infrastructure. In this talk we will talk about common Azure errors that will get you in trouble.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#7caa57","name":"Cloud Village","id":45350},"title":"Cloud Defaults are Easy Not Secure","android_description":"In the last decade, the major cloud companies have been fighting to get market share by offering the easiest to use cloud with most services. Allowing you get a simple site up and running in a few minutes and quickly being able to scale it. While cloud providers market themselves as the most secure infrastructure for your code, their defaults are far from secure. With: certificates being able to be issued without proof of domain ownership, insecure SSH by default, default passwords, and more the move to the cloud is making it easier for you and your attackers to get into your infrastructure. In this talk we will talk about common Azure errors that will get you in trouble.","end_timestamp":{"seconds":1660509000,"nanoseconds":0},"updated_timestamp":{"seconds":1659283620,"nanoseconds":0},"speakers":[{"content_ids":[49183],"conference_id":65,"event_ids":[49219],"name":"Igal Flegmann","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/igal_fs"}],"media":[],"id":48637}],"timeband_id":893,"links":[],"end":"2022-08-14T20:30:00.000-0000","id":49219,"begin_timestamp":{"seconds":1660506600,"nanoseconds":0},"tag_ids":[40252,45340,45350,45451],"village_id":9,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48637}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Cloud Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Cloud Village)","id":45431},"updated":"2022-07-31T16:07:00.000-0000","begin":"2022-08-14T19:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Evolving endpoint protection controls, including hardening and security software with enhanced detection capabilities and greater visibility coverage, have been pushing red team and purple team operational complexity to a higher level. Malicious actors and security professionals alike are increasingly focusing on leveraging virtualization technologies to overcome prevention and detection mechanisms. Although utilizing virtualization as an attack platform assists in evading most security controls by “default”, creating and using a virtualization platform in a client environment poses its own challenges. We embraced the trend and created our own virtualized offensive operations suite , which can be utilized to execute any offensive tool, starting from network reconnaissance to privilege escalation, avoiding the cat and mouse game of crafting custom payloads and tools to evade the latest endpoint security stack detection mechanisms. The offensive operations suite utilizes a QEMU open-source emulator as the virtualization software, coupled with a lean Linux distribution, docker containerization platform, and a custom GUI web interface based on a Flask micro-framework. The suite leverages docker technology to create modularity, in order to maximize functionality and avoid issues like software and OS dependencies, while keeping the build lean for ease of deployment in offensive security engagements. In this talk, we will present the architecture and capabilities of the Qemuno offensive operations suite, present several real use cases where we leveraged Qemuno, and demo how it can be leveraged in a highly-hardened environment.\n\n\n","title":"Qemuno – An uninvited guest","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#54ab76","name":"Adversary Village","id":45377},"android_description":"Evolving endpoint protection controls, including hardening and security software with enhanced detection capabilities and greater visibility coverage, have been pushing red team and purple team operational complexity to a higher level. Malicious actors and security professionals alike are increasingly focusing on leveraging virtualization technologies to overcome prevention and detection mechanisms. Although utilizing virtualization as an attack platform assists in evading most security controls by “default”, creating and using a virtualization platform in a client environment poses its own challenges. We embraced the trend and created our own virtualized offensive operations suite , which can be utilized to execute any offensive tool, starting from network reconnaissance to privilege escalation, avoiding the cat and mouse game of crafting custom payloads and tools to evade the latest endpoint security stack detection mechanisms. The offensive operations suite utilizes a QEMU open-source emulator as the virtualization software, coupled with a lean Linux distribution, docker containerization platform, and a custom GUI web interface based on a Flask micro-framework. The suite leverages docker technology to create modularity, in order to maximize functionality and avoid issues like software and OS dependencies, while keeping the build lean for ease of deployment in offensive security engagements. In this talk, we will present the architecture and capabilities of the Qemuno offensive operations suite, present several real use cases where we leveraged Qemuno, and demo how it can be leveraged in a highly-hardened environment.","end_timestamp":{"seconds":1660507200,"nanoseconds":0},"updated_timestamp":{"seconds":1659888900,"nanoseconds":0},"speakers":[{"content_ids":[49594],"conference_id":65,"event_ids":[49806],"name":"Oleg Lerner","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/oleg-lerner-a6632b13b/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/oleglerner"}],"media":[],"id":48918}],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49806,"tag_ids":[40246,45340,45349,45373,45377,45451],"begin_timestamp":{"seconds":1660505400,"nanoseconds":0},"village_id":1,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48918}],"tags":"Tool Demo, Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"begin":"2022-08-14T19:30:00.000-0000","updated":"2022-08-07T16:15:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Learn about the common methods of forcible entry employed by firefighters, police/military, locksmiths and criminals, and try some out for yourself.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#61ba95","name":"Physical Security Village","id":45381},"title":"Forcible Entry 101","android_description":"Learn about the common methods of forcible entry employed by firefighters, police/military, locksmiths and criminals, and try some out for yourself.","end_timestamp":{"seconds":1660507200,"nanoseconds":0},"updated_timestamp":{"seconds":1659624420,"nanoseconds":0},"speakers":[{"content_ids":[48569,49394,49402],"conference_id":65,"event_ids":[48588,49541,49549],"name":"Bill Graydon","affiliations":[{"organization":"","title":"Principal, Physical Security Analytics, GGR Security "}],"pronouns":null,"links":[{"description":"","title":"GitHub","sort_order":0,"url":"https://github.com/bgraydon"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/access_ctrl"},{"description":"","title":"YouTube","sort_order":0,"url":"https://www.youtube.com/channel/UCzZK3vjJL9rKNPXNoCPFO5g/videos"}],"media":[],"id":47862,"title":"Principal, Physical Security Analytics, GGR Security"}],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49549,"village_id":22,"begin_timestamp":{"seconds":1660505400,"nanoseconds":0},"tag_ids":[40264,45340,45373,45381,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47862}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 201-202 (Physical Security Village)","hotel":"","short_name":"201-202 (Physical Security Village)","id":45428},"updated":"2022-08-04T14:47:00.000-0000","begin":"2022-08-14T19:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Countless projects rely on Amazon Web Services' Simple Notification Service for application-to-application communication such as webhooks and callbacks. To verify the authenticity of these messages, these projects use certificate-based signature validation based on the SigningCertURL value.\r\nUnfortunately, developers are tasked with verifying the authenticity of the certificate URL themselves, creating a vulnerable-by-default 'configuration over convention' situation that spawns numerous vulnerabilities. This is an official design pattern recommended by AWS itself (https://docs.aws.amazon.com/sns/latest/dg/sns-verify-signature-of-message.html). I will demonstrate how various custom checks and regexes in real projects can be bypassed to forge SNS messages by leveraging a namespace clash with Amazon S3. Attackers can generate and host their own public keys on S3 buckets that pass custom verification checks, allowing them to trigger sensitive webhook functionality.\r\nIn addition, I will go further to discuss a key loophole (pending disclosure) in official AWS SDKs like sns-validator that affects all downstream dependents, from Firefox Monitor to the 70 million download/week Definitely Typed package. I will dive into possible short-, medium-, and long-term fixes pending AWS' own patch.\r\nAs a result, attendees will walk away with a better understanding of the difficulties in securing trusted application-to-application cloud messaging tools. I will discuss how to code defensively by going for convention over configuration in cloud architecture. I will also provide pointers on discovering vulnerable SNS webhook implementations through code review.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#7caa57","updated_at":"2024-06-07T03:39+0000","name":"Cloud Village","id":45350},"title":"Sign of the Times: Exploiting Poor Validation of AWS SNS SigningCertUrl","end_timestamp":{"seconds":1660506600,"nanoseconds":0},"android_description":"Countless projects rely on Amazon Web Services' Simple Notification Service for application-to-application communication such as webhooks and callbacks. To verify the authenticity of these messages, these projects use certificate-based signature validation based on the SigningCertURL value.\r\nUnfortunately, developers are tasked with verifying the authenticity of the certificate URL themselves, creating a vulnerable-by-default 'configuration over convention' situation that spawns numerous vulnerabilities. This is an official design pattern recommended by AWS itself (https://docs.aws.amazon.com/sns/latest/dg/sns-verify-signature-of-message.html). I will demonstrate how various custom checks and regexes in real projects can be bypassed to forge SNS messages by leveraging a namespace clash with Amazon S3. Attackers can generate and host their own public keys on S3 buckets that pass custom verification checks, allowing them to trigger sensitive webhook functionality.\r\nIn addition, I will go further to discuss a key loophole (pending disclosure) in official AWS SDKs like sns-validator that affects all downstream dependents, from Firefox Monitor to the 70 million download/week Definitely Typed package. I will dive into possible short-, medium-, and long-term fixes pending AWS' own patch.\r\nAs a result, attendees will walk away with a better understanding of the difficulties in securing trusted application-to-application cloud messaging tools. I will discuss how to code defensively by going for convention over configuration in cloud architecture. I will also provide pointers on discovering vulnerable SNS webhook implementations through code review.","updated_timestamp":{"seconds":1659282840,"nanoseconds":0},"speakers":[{"content_ids":[48563,49167,49718],"conference_id":65,"event_ids":[48564,49203,49908],"name":"Eugene Lim","affiliations":[{"organization":"","title":"Cybersecurity Specialist, Government Technology Agency of Singapore"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/spaceraccoonsec"},{"description":"","title":"Website","sort_order":0,"url":"https://spaceraccoon.dev/"}],"pronouns":null,"media":[],"id":47912,"title":"Cybersecurity Specialist, Government Technology Agency of Singapore"}],"timeband_id":893,"links":[],"end":"2022-08-14T19:50:00.000-0000","id":49203,"begin_timestamp":{"seconds":1660505400,"nanoseconds":0},"tag_ids":[40252,45331,45350,45451],"village_id":9,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47912}],"tags":"Lightning Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Cloud Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Cloud Village)","id":45431},"spans_timebands":"N","begin":"2022-08-14T19:30:00.000-0000","updated":"2022-07-31T15:54:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#7692ac","updated_at":"2024-06-07T03:39+0000","name":"AI Village","id":45330},"title":"AI Village CTF Results and Q&A","android_description":"","end_timestamp":{"seconds":1660508400,"nanoseconds":0},"updated_timestamp":{"seconds":1659111000,"nanoseconds":0},"speakers":[{"content_ids":[49042,49048,49430],"conference_id":65,"event_ids":[49045,49051,49594],"name":"Will Pearce","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/moo_hax"}],"media":[],"id":48650}],"timeband_id":893,"links":[],"end":"2022-08-14T20:20:00.000-0000","id":49051,"tag_ids":[40248,45330,45450],"village_id":3,"begin_timestamp":{"seconds":1660505400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48650}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (AI Village)","hotel":"","short_name":"220->236 (AI Village)","id":45410},"spans_timebands":"N","begin":"2022-08-14T19:30:00.000-0000","updated":"2022-07-29T16:10:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Everyone is cashing in on opportunities to buy and sell, anything in the mythical metaverse.  A world driven by augmented reality (AR), virtual reality (VR), mixed reality (MR), and every other combination of reality you can imagine.  It’s the metaverse of madness now.  XR or extended reality is how we are going to smoosh all these together. What are the odds that security, safety, and privacy are at the top of mind for companies developing XR Tech?  Let’s spend a minute or two in the vast world of XR and specifically in MedTech and Biotech to check out the mind-blowing progress in hardware, software, and infrastructure.  And hey, maybe we hacks stuff along the way.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#a67a60","name":"Biohacking Village","id":45329},"title":"XR for Literally Everything, Everywhere, All at Once","android_description":"Everyone is cashing in on opportunities to buy and sell, anything in the mythical metaverse.  A world driven by augmented reality (AR), virtual reality (VR), mixed reality (MR), and every other combination of reality you can imagine.  It’s the metaverse of madness now.  XR or extended reality is how we are going to smoosh all these together. What are the odds that security, safety, and privacy are at the top of mind for companies developing XR Tech?  Let’s spend a minute or two in the vast world of XR and specifically in MedTech and Biotech to check out the mind-blowing progress in hardware, software, and infrastructure.  And hey, maybe we hacks stuff along the way.","end_timestamp":{"seconds":1660510800,"nanoseconds":0},"updated_timestamp":{"seconds":1659748140,"nanoseconds":0},"speakers":[{"content_ids":[49029],"conference_id":65,"event_ids":[49032],"name":"Keenan Skelly","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48837}],"timeband_id":893,"links":[],"end":"2022-08-14T21:00:00.000-0000","id":49032,"tag_ids":[40277,45329,45373,45451],"village_id":5,"begin_timestamp":{"seconds":1660505400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48837}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Laughlin I,II,III (Biohacking Village)","hotel":"","short_name":"Laughlin I,II,III (Biohacking Village)","id":45405},"spans_timebands":"N","begin":"2022-08-14T19:30:00.000-0000","updated":"2022-08-06T01:09:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"First Ever Quantum CTF Winners \n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#aae997","updated_at":"2024-06-07T03:39+0000","name":"Quantum Village","id":45382},"title":"CTF Announcement","android_description":"First Ever Quantum CTF Winners","end_timestamp":{"seconds":1660505400,"nanoseconds":0},"updated_timestamp":{"seconds":1660333500,"nanoseconds":0},"speakers":[{"content_ids":[49698,49715],"conference_id":65,"event_ids":[49905,49888],"name":"Quantum Village Team","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49053}],"timeband_id":893,"links":[],"end":"2022-08-14T19:30:00.000-0000","id":49905,"begin_timestamp":{"seconds":1660503600,"nanoseconds":0},"village_id":24,"tag_ids":[40266,45341,45373,45382,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49053}],"tags":"Village Event","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 217 (Quantum Village)","hotel":"","short_name":"217 (Quantum Village)","id":45403},"spans_timebands":"N","begin":"2022-08-14T19:00:00.000-0000","updated":"2022-08-12T19:45:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#54ab76","updated_at":"2024-06-07T03:39+0000","name":"Adversary Village","id":45377},"title":"Open Mic","android_description":"","end_timestamp":{"seconds":1660505400,"nanoseconds":0},"updated_timestamp":{"seconds":1659888840,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T19:30:00.000-0000","id":49804,"begin_timestamp":{"seconds":1660503600,"nanoseconds":0},"village_id":1,"tag_ids":[40246,45340,45373,45377,45451],"includes":"","people":[],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"updated":"2022-08-07T16:14:00.000-0000","begin":"2022-08-14T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Fathom5 will be hosting a number of Grace Maritime Cyber Testbed consoles at the ICS Village to support the SeaTF activity. This \"lunchtime tutorial\" will discuss the Controller Area Network (CAN) Bus protocol, which is employed in the Grace Steering and Propulsion console. CAN Bus is an industry standard for the interconnection of embedded microcontrollers using a distributed control architecture. This mini-tutorial will address the protocol history, architecture, frame format, and operation.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#81f8bf","name":"ICS Village","id":45369},"title":"Understanding CAN Bus and the GRACE Console [[Maritime]]","end_timestamp":{"seconds":1660507200,"nanoseconds":0},"android_description":"Fathom5 will be hosting a number of Grace Maritime Cyber Testbed consoles at the ICS Village to support the SeaTF activity. This \"lunchtime tutorial\" will discuss the Controller Area Network (CAN) Bus protocol, which is employed in the Grace Steering and Propulsion console. CAN Bus is an industry standard for the interconnection of embedded microcontrollers using a distributed control architecture. This mini-tutorial will address the protocol history, architecture, frame format, and operation.","updated_timestamp":{"seconds":1659473640,"nanoseconds":0},"speakers":[{"content_ids":[49336,49352],"conference_id":65,"event_ids":[49436,49452],"name":"Dave Burke","affiliations":[{"organization":"Fathom5","title":"Chief Engineer"}],"links":[],"pronouns":null,"media":[],"id":48752,"title":"Chief Engineer at Fathom5"}],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49452,"tag_ids":[40258,45340,45369,45375,45450],"begin_timestamp":{"seconds":1660503600,"nanoseconds":0},"village_id":15,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48752}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village)","hotel":"","short_name":"314 - 319 (ICS Village)","id":45430},"updated":"2022-08-02T20:54:00.000-0000","begin":"2022-08-14T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"A general, high level talk, about practical physical security assessment.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#856899","updated_at":"2024-06-07T03:39+0000","name":"Lock Pick Village","id":45362},"title":"Doors, Cameras, and Mantraps. Oh, my!","end_timestamp":{"seconds":1660505100,"nanoseconds":0},"android_description":"A general, high level talk, about practical physical security assessment.","updated_timestamp":{"seconds":1659420420,"nanoseconds":0},"speakers":[{"content_ids":[49280],"conference_id":65,"event_ids":[49360],"name":"Dylan Baklor","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48704}],"timeband_id":893,"links":[],"end":"2022-08-14T19:25:00.000-0000","id":49360,"village_id":17,"tag_ids":[40259,45340,45362,45373,45450],"begin_timestamp":{"seconds":1660503600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48704}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 203-204, 235 (Lock Pick Village)","hotel":"","short_name":"203-204, 235 (Lock Pick Village)","id":45399},"begin":"2022-08-14T19:00:00.000-0000","updated":"2022-08-02T06:07:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Drones are capable of bringing many benefits to society but they also pose several risks to our civil liberties. With the FAA moving to create rules for BVLOS (mostly commercial operations) there are important privacy issues raised by a future with many commercial drones flying over our heads. Likewise government agencies want to be able to mitigate risks from operator error to use for nefarious purposes. But the powers they ask are broad, cut into civil liberties, and carry no protections\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#f5eab2","name":"Aerospace Village","id":45357},"title":"Drones and Civil Liberties","android_description":"Drones are capable of bringing many benefits to society but they also pose several risks to our civil liberties. With the FAA moving to create rules for BVLOS (mostly commercial operations) there are important privacy issues raised by a future with many commercial drones flying over our heads. Likewise government agencies want to be able to mitigate risks from operator error to use for nefarious purposes. But the powers they ask are broad, cut into civil liberties, and carry no protections","end_timestamp":{"seconds":1660506600,"nanoseconds":0},"updated_timestamp":{"seconds":1659379380,"nanoseconds":0},"speakers":[{"content_ids":[49244],"conference_id":65,"event_ids":[49287],"name":"Andrés Arrieta","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48673}],"timeband_id":893,"links":[],"end":"2022-08-14T19:50:00.000-0000","id":49287,"tag_ids":[40247,45340,45357,45450],"village_id":2,"begin_timestamp":{"seconds":1660503600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48673}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","updated":"2022-08-01T18:43:00.000-0000","begin":"2022-08-14T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The privacy and security communities spin out new technologies, platforms, policies, regulations, and other novel research rapidly in the pursuit of creating a positive impact in the world at a dizzying pace. Unfortunately, systems often behave or are used in ways that we did not intend them to. Perhaps we could have caught the potential harms associated with systems intended to protect vulnerable people had we taken a systematic approach in evaluating them. In this talk, we build up the building blocks with examples and case studies to understand the challenges many survivors face systemically and in their day-to-day lives, with resources for survivors and takeaways for practitioners.\n\n\n","title":"Surviving and Designing for Survivors","type":{"conference_id":65,"conference":"DEFCON30","color":"#ff88ea","updated_at":"2024-06-07T03:39+0000","name":"Crypto & Privacy Village","id":45347},"android_description":"The privacy and security communities spin out new technologies, platforms, policies, regulations, and other novel research rapidly in the pursuit of creating a positive impact in the world at a dizzying pace. Unfortunately, systems often behave or are used in ways that we did not intend them to. Perhaps we could have caught the potential harms associated with systems intended to protect vulnerable people had we taken a systematic approach in evaluating them. In this talk, we build up the building blocks with examples and case studies to understand the challenges many survivors face systemically and in their day-to-day lives, with resources for survivors and takeaways for practitioners.","end_timestamp":{"seconds":1660505400,"nanoseconds":0},"updated_timestamp":{"seconds":1659214140,"nanoseconds":0},"speakers":[{"content_ids":[49162,49776],"conference_id":65,"event_ids":[49198,49976],"name":"Avi Zajac","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48591}],"timeband_id":893,"links":[],"end":"2022-08-14T19:30:00.000-0000","id":49198,"begin_timestamp":{"seconds":1660503600,"nanoseconds":0},"tag_ids":[40253,45347,45451],"village_id":10,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48591}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"spans_timebands":"N","updated":"2022-07-30T20:49:00.000-0000","begin":"2022-08-14T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"- How was Project Obsidian put together\r\n- Involved a global village\r\n- Opportunities for mentoring \r\n- Look behind the scenes of a CTF\r\n- and more\r\n\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nProject Obsidian crew members talk about how they put it all together.\r\n\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","title":"Project Obsidian: Panel Discussion","type":{"conference_id":65,"conference":"DEFCON30","color":"#97ab92","updated_at":"2024-06-07T03:39+0000","name":"Blue Team Village","id":45376},"end_timestamp":{"seconds":1660507200,"nanoseconds":0},"android_description":"- How was Project Obsidian put together\r\n- Involved a global village\r\n- Opportunities for mentoring \r\n- Look behind the scenes of a CTF\r\n- and more\r\n\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nProject Obsidian crew members talk about how they put it all together.\r\n\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":48940,"village_id":7,"begin_timestamp":{"seconds":1660503600,"nanoseconds":0},"tag_ids":[40250,45367,45373,45376,45451],"includes":"","people":[],"tags":"Panel","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Main Stage (In-person)","hotel":"","short_name":"BTV Main Stage (In-person)","id":45470},"spans_timebands":"N","begin":"2022-08-14T19:00:00.000-0000","updated":"2022-07-28T21:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"A panel with Q&A about offensive cybersecurity tools like CobaltStrike, how the tools affect both defensive and offensive security practitioners, and the practical difficulties of controlling the licenses and distribution of these pentest tools. This is meant to be an impact-focused discussion on the merits and challenges of producing offensive tools and NOT a law-based debate/interpretation of export controls.\n\n\n","title":"Protect Our Pentest Tools! Perks and Hurdles in Distributing Red Team Tools","type":{"conference_id":65,"conference":"DEFCON30","color":"#ab59db","updated_at":"2024-06-07T03:39+0000","name":"Policy@DEF CON Content","id":45311},"end_timestamp":{"seconds":1660509900,"nanoseconds":0},"android_description":"A panel with Q&A about offensive cybersecurity tools like CobaltStrike, how the tools affect both defensive and offensive security practitioners, and the practical difficulties of controlling the licenses and distribution of these pentest tools. This is meant to be an impact-focused discussion on the merits and challenges of producing offensive tools and NOT a law-based debate/interpretation of export controls.","updated_timestamp":{"seconds":1658982480,"nanoseconds":0},"speakers":[{"content_ids":[49042,49430,49436,48895],"conference_id":65,"event_ids":[48894,49045,49594,49620,49621,49622,49623,49624,49625,49626],"name":"Omar Santos","affiliations":[{"organization":"Cisco PSIRT","title":"Principal Engineer"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/santosomar"}],"pronouns":null,"media":[],"id":48470,"title":"Principal Engineer at Cisco PSIRT"},{"content_ids":[48895],"conference_id":65,"event_ids":[48894],"name":"Katie Moussouris","affiliations":[{"organization":"Luta Seucrity","title":"CEO"}],"links":[],"pronouns":null,"media":[],"id":49114,"title":"CEO at Luta Seucrity"},{"content_ids":[48895],"conference_id":65,"event_ids":[48894],"name":"Liz Wharton","affiliations":[{"organization":"SCYTHE","title":"VP Operations"}],"links":[],"pronouns":null,"media":[],"id":49115,"title":"VP Operations at SCYTHE"},{"content_ids":[48895],"conference_id":65,"event_ids":[48894],"name":"Casey Ellis","affiliations":[{"organization":"Bugcrowd","title":"Founder/CTO"}],"links":[],"pronouns":null,"media":[],"id":49116,"title":"Founder/CTO at Bugcrowd"}],"timeband_id":893,"links":[],"end":"2022-08-14T20:45:00.000-0000","id":48894,"begin_timestamp":{"seconds":1660503600,"nanoseconds":0},"tag_ids":[40265,45311,45373,45450],"village_id":23,"includes":"","people":[{"tag_id":45448,"sort_order":1,"person_id":49116},{"tag_id":45448,"sort_order":1,"person_id":49114},{"tag_id":45448,"sort_order":1,"person_id":49115},{"tag_id":45448,"sort_order":1,"person_id":48470}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 226-227 - Policy Roundtable","hotel":"","short_name":"226-227 - Policy Roundtable","id":45465},"spans_timebands":"N","begin":"2022-08-14T19:00:00.000-0000","updated":"2022-07-28T04:28:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Join us for a Chatham House Rule conversation with hackers that provide capabilities to government cyber operations. Learn about the development and sale of offensive cyber capabilities, and what the government/policy perspectives are for regulating this space.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#ab59db","updated_at":"2024-06-07T03:39+0000","name":"Policy@DEF CON Content","id":45311},"title":"Offensive Cyber Industry Roundtable","end_timestamp":{"seconds":1660509900,"nanoseconds":0},"android_description":"Join us for a Chatham House Rule conversation with hackers that provide capabilities to government cyber operations. Learn about the development and sale of offensive cyber capabilities, and what the government/policy perspectives are for regulating this space.","updated_timestamp":{"seconds":1658982480,"nanoseconds":0},"speakers":[{"content_ids":[48896,48882],"conference_id":65,"event_ids":[48889,48891],"name":"Winnona DeSombre","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48299},{"content_ids":[48896],"conference_id":65,"event_ids":[48891],"name":"Sophia D'Antoine","affiliations":[{"organization":"","title":"Founder of Margin Research"}],"links":[],"pronouns":null,"media":[],"id":48318,"title":"Founder of Margin Research"},{"content_ids":[48896],"conference_id":65,"event_ids":[48891],"name":"Matt Holland","affiliations":[{"organization":"","title":"Founder of Field Effect"}],"links":[],"pronouns":null,"media":[],"id":48319,"title":"Founder of Field Effect"}],"timeband_id":893,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242893"}],"end":"2022-08-14T20:45:00.000-0000","id":48891,"tag_ids":[40265,45311,45373,45450],"village_id":23,"begin_timestamp":{"seconds":1660503600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48319},{"tag_id":565,"sort_order":1,"person_id":48318},{"tag_id":565,"sort_order":1,"person_id":48299}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 224-225 - Policy Collaboratorium","hotel":"","short_name":"224-225 - Policy Collaboratorium","id":45464},"spans_timebands":"N","begin":"2022-08-14T19:00:00.000-0000","updated":"2022-07-28T04:28:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun.\r\n\r\nPlease note: the Caesars Forum Unity Ballroom is at the \"front\" of Caesars Forum, beside Demo Labs, across from room 216 (the Contest-CTF area).\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d1c366","name":"Meetup","id":45288},"title":"Friends of Bill W","end_timestamp":{"seconds":1660330800,"nanoseconds":0},"android_description":"For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun.\r\n\r\nPlease note: the Caesars Forum Unity Ballroom is at the \"front\" of Caesars Forum, beside Demo Labs, across from room 216 (the Contest-CTF area).","updated_timestamp":{"seconds":1659541740,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-12T19:00:00.000-0000","id":48709,"begin_timestamp":{"seconds":1660503600,"nanoseconds":0},"tag_ids":[45288,45373,45450],"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Unity Boardroom","hotel":"","short_name":"Unity Boardroom","id":45394},"spans_timebands":"N","updated":"2022-08-03T15:49:00.000-0000","begin":"2022-08-14T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Exploring in depth the android permission mechanism, through different protection levels.\n\nStep by step exploitations techniques that affect more than 98% of all Android devices including the last official release (Android 12).\n\nIn this talk I reveal a few different techniques that I uncovered in my research, which can allow hackers to bypass permissions from all protection levels in any Android device, which is more than 3 billion active devices according to the google official stats.\n\nThese vulnerabilities enable the hacker to bypass the security measures of android, by abusing default (built in) services and get access to abilities and resources which are protected by permission mechanism.\n\nSome vulnerabilities are partially fixed, others won't be fixed as google considers as intended behavior.\n\nIn this talk I'll survey the different vulnerabilities, and deep dive into a few of different exploitations.\n\nFinally, I'll demonstrate how those techniques can be combined together to create real life implications and to use for: Ransomware, Clickjacking, Uninstalling other apps and more, completely undetected by security measures.\n\n\n","title":"Defaults - the faults. Bypassing android permissions from all protection levels","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"android_description":"Exploring in depth the android permission mechanism, through different protection levels.\n\nStep by step exploitations techniques that affect more than 98% of all Android devices including the last official release (Android 12).\n\nIn this talk I reveal a few different techniques that I uncovered in my research, which can allow hackers to bypass permissions from all protection levels in any Android device, which is more than 3 billion active devices according to the google official stats.\n\nThese vulnerabilities enable the hacker to bypass the security measures of android, by abusing default (built in) services and get access to abilities and resources which are protected by permission mechanism.\n\nSome vulnerabilities are partially fixed, others won't be fixed as google considers as intended behavior.\n\nIn this talk I'll survey the different vulnerabilities, and deep dive into a few of different exploitations.\n\nFinally, I'll demonstrate how those techniques can be combined together to create real life implications and to use for: Ransomware, Clickjacking, Uninstalling other apps and more, completely undetected by security measures.","end_timestamp":{"seconds":1660506300,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48581],"conference_id":65,"event_ids":[48589],"name":"Nikita Kurtin","affiliations":[{"organization":"","title":"Hacker"}],"pronouns":null,"links":[{"description":"","title":"StackOverflow","sort_order":0,"url":"https://stackoverflow.com/users/3219049/nikita-kurtin?tab=profile"}],"media":[],"id":47905,"title":"Hacker"}],"timeband_id":893,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242286"}],"end":"2022-08-14T19:45:00.000-0000","id":48589,"begin_timestamp":{"seconds":1660503600,"nanoseconds":0},"village_id":null,"tag_ids":[45241,45279,45280,45375,45450],"includes":"Demo, Exploit","people":[{"tag_id":565,"sort_order":1,"person_id":47905}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"begin":"2022-08-14T19:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"MDM solutions are, by design, a single point of failure for organizations. MDM appliances often have the ability to execute commands on most of the devices in an organization and provide an “instant win” target for attackers. KACE Systems Management Appliance is a popular MDM choice for hybrid environments. This talk will cover the technical details of 3 preauthentication RCE as root chains on KACE SMA and the research steps taken to identify the individual vulnerabilities used.\n\n\n","title":"PreAuth RCE Chains on an MDM: KACE SMA","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"end_timestamp":{"seconds":1660506300,"nanoseconds":0},"android_description":"MDM solutions are, by design, a single point of failure for organizations. MDM appliances often have the ability to execute commands on most of the devices in an organization and provide an “instant win” target for attackers. KACE Systems Management Appliance is a popular MDM choice for hybrid environments. This talk will cover the technical details of 3 preauthentication RCE as root chains on KACE SMA and the research steps taken to identify the individual vulnerabilities used.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48582],"conference_id":65,"event_ids":[48558],"name":"Jeffrey Hofmann","affiliations":[{"organization":"","title":"Security Engineer at Nuro"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jeffssh"},{"description":"","title":"Website","sort_order":0,"url":"https://jeffs.sh/"}],"media":[],"id":47896,"title":"Security Engineer at Nuro"}],"timeband_id":893,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242210"}],"end":"2022-08-14T19:45:00.000-0000","id":48558,"village_id":null,"begin_timestamp":{"seconds":1660503600,"nanoseconds":0},"tag_ids":[45241,45279,45280,45375,45450],"includes":"Demo, Exploit","people":[{"tag_id":565,"sort_order":1,"person_id":47896}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 401-410, 421 (Track 3)","hotel":"","short_name":"401-410, 421 (Track 3)","id":45374},"spans_timebands":"N","begin":"2022-08-14T19:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Taking a Dump In The Cloud is a tale of countless sleepless nights spent reversing and understanding the integration between Microsoft Office resources and how desktop applications implement them. The release of the TeamFiltration toolkit, connecting all the data points to more effectively launch attacks against Microsoft Azure Tenants. Understanding the lack of conditional access for non-interactive logins and how one can abuse the magic of Microsofts OAuth implementation with Single-Sign-On to exfiltrate all the loot. Streamlining the process of account enumeration and validation. Thoughts on working effectively against Azure Smart Lockout. Exploring options of vertical movement given common cloud configurations, and more!\n\n\n","title":"Taking a Dump In The Cloud","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"android_description":"Taking a Dump In The Cloud is a tale of countless sleepless nights spent reversing and understanding the integration between Microsoft Office resources and how desktop applications implement them. The release of the TeamFiltration toolkit, connecting all the data points to more effectively launch attacks against Microsoft Azure Tenants. Understanding the lack of conditional access for non-interactive logins and how one can abuse the magic of Microsofts OAuth implementation with Single-Sign-On to exfiltrate all the loot. Streamlining the process of account enumeration and validation. Thoughts on working effectively against Azure Smart Lockout. Exploring options of vertical movement given common cloud configurations, and more!","end_timestamp":{"seconds":1660506300,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48583],"conference_id":65,"event_ids":[48525],"name":"Flangvik","affiliations":[],"links":[],"pronouns":null,"media":[],"id":47881},{"content_ids":[48583],"conference_id":65,"event_ids":[48525],"name":"Melvin Langvik","affiliations":[{"organization":"","title":"Security Consultant, TrustedSec Targeted Operations"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Flangvik"},{"description":"","title":"Website","sort_order":0,"url":"https://www.flangvik.com/"},{"description":"","title":"YouTube","sort_order":0,"url":"https://www.youtube.com/c/flangvik"}],"media":[],"id":47888,"title":"Security Consultant, TrustedSec Targeted Operations"}],"timeband_id":893,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242284"}],"end":"2022-08-14T19:45:00.000-0000","id":48525,"tag_ids":[45241,45279,45281,45375,45450],"begin_timestamp":{"seconds":1660503600,"nanoseconds":0},"village_id":null,"includes":"Tool, Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47881},{"tag_id":565,"sort_order":1,"person_id":47888}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 106-110, 138-139 (Track 2)","hotel":"","short_name":"106-110, 138-139 (Track 2)","id":45373},"begin":"2022-08-14T19:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Kubernetes has taken the DevOps world by storm, but its rapid uptake has created an ecosystem where many popular solutions for common challenges—storage, release management, observability, etc.—are either somewhat immature or have been “lifted and shifted” to Kubernetes. What critical security smells can pentesters look for when looking at the security of a cluster?\r\n\r\nWe are going to talk through five different security problems that we have found (and reported, no 0-days here) in popular open-source projects and how you can look for similar vulnerabilities in other projects.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"title":"The Call is Coming From Inside The Cluster: Mistakes that Lead to Whole Cluster Pwnership","end_timestamp":{"seconds":1660506300,"nanoseconds":0},"android_description":"Kubernetes has taken the DevOps world by storm, but its rapid uptake has created an ecosystem where many popular solutions for common challenges—storage, release management, observability, etc.—are either somewhat immature or have been “lifted and shifted” to Kubernetes. What critical security smells can pentesters look for when looking at the security of a cluster?\r\n\r\nWe are going to talk through five different security problems that we have found (and reported, no 0-days here) in popular open-source projects and how you can look for similar vulnerabilities in other projects.","updated_timestamp":{"seconds":1658813580,"nanoseconds":0},"speakers":[{"content_ids":[48584],"conference_id":65,"event_ids":[48513],"name":"Will Kline","affiliations":[{"organization":"","title":"Senior Principal / Dark Wolf Solutions"}],"links":[],"pronouns":null,"media":[],"id":47830,"title":"Senior Principal / Dark Wolf Solutions"},{"content_ids":[48584],"conference_id":65,"event_ids":[48513],"name":"Dagan Henderson","affiliations":[{"organization":"","title":"Principal / RAFT"}],"links":[],"pronouns":null,"media":[],"id":47895,"title":"Principal / RAFT"}],"timeband_id":893,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242293"}],"end":"2022-08-14T19:45:00.000-0000","id":48513,"begin_timestamp":{"seconds":1660503600,"nanoseconds":0},"tag_ids":[45241,45279,45375,45450],"village_id":null,"includes":"Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47895},{"tag_id":565,"sort_order":1,"person_id":47830}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 104-105, 135-136 (Track 1)","hotel":"","short_name":"104-105, 135-136 (Track 1)","id":45372},"spans_timebands":"N","begin":"2022-08-14T19:00:00.000-0000","updated":"2022-07-26T05:33:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The principle of least privilege states that a subject should be given only those privileges needed for it to complete its task. The concept is not new, but our recent research on 18,000 production cloud accounts across AWS and Azure showed that 99% of the cloud identities were overly-permissive. The majority of the identities only used less than 10% of their granted permissions.\r\nWhile I investigated the issue further, one interesting pattern quickly surfaced, many overly-permissive permissions were granted by CSP-managed permission policies. CSP-managed policies were granted 2.5 times more permissions than customer-managed policies. These excessive permissions unnecessarily increased the attack surface and risks of the cloud workloads. In particular, many identities could abuse the granted permissions to obtain admin privilege.\r\n\r\nThese findings raised a few questions. Are we all doing something terribly wrong? Is the principle of least privilege a realistic and necessary goal in modern cloud environments? What can be done to mitigate the problem? Knowing the problem and the risks, I will then introduce an open-source tool IAM-Deescalate to shine a light on the problem.\r\n\r\nIAM-Deescalate can help identify and mitigate the privilege escalation risks in AWS. It models the relationship between every user and role in an AWS account as a graph using PMapper. It then identifies the possible privilege escalation paths that allow non-admin principals to reach admin principals. For each path, IAM-Deescalate revokes a minimal set of permissions to break the path to remediate the risks. At the time of writing, IAM-Deescalate can remediate 24 out of the 31 publicly known privilege escalation techniques. On average, it remediates 75% of the privilege escalation vulnerabilities that existing open-source tools can detect.\r\n\r\nThe audience will gain a new perspective on IAM security and pick up a new tool for their security toolbox.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#7caa57","name":"Cloud Village","id":45350},"title":"Deescalate the overly-permissive IAM","end_timestamp":{"seconds":1660505400,"nanoseconds":0},"android_description":"The principle of least privilege states that a subject should be given only those privileges needed for it to complete its task. The concept is not new, but our recent research on 18,000 production cloud accounts across AWS and Azure showed that 99% of the cloud identities were overly-permissive. The majority of the identities only used less than 10% of their granted permissions.\r\nWhile I investigated the issue further, one interesting pattern quickly surfaced, many overly-permissive permissions were granted by CSP-managed permission policies. CSP-managed policies were granted 2.5 times more permissions than customer-managed policies. These excessive permissions unnecessarily increased the attack surface and risks of the cloud workloads. In particular, many identities could abuse the granted permissions to obtain admin privilege.\r\n\r\nThese findings raised a few questions. Are we all doing something terribly wrong? Is the principle of least privilege a realistic and necessary goal in modern cloud environments? What can be done to mitigate the problem? Knowing the problem and the risks, I will then introduce an open-source tool IAM-Deescalate to shine a light on the problem.\r\n\r\nIAM-Deescalate can help identify and mitigate the privilege escalation risks in AWS. It models the relationship between every user and role in an AWS account as a graph using PMapper. It then identifies the possible privilege escalation paths that allow non-admin principals to reach admin principals. For each path, IAM-Deescalate revokes a minimal set of permissions to break the path to remediate the risks. At the time of writing, IAM-Deescalate can remediate 24 out of the 31 publicly known privilege escalation techniques. On average, it remediates 75% of the privilege escalation vulnerabilities that existing open-source tools can detect.\r\n\r\nThe audience will gain a new perspective on IAM security and pick up a new tool for their security toolbox.","updated_timestamp":{"seconds":1659283620,"nanoseconds":0},"speakers":[{"content_ids":[49166,49182],"conference_id":65,"event_ids":[49202,49218],"name":"Jay Chen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48636}],"timeband_id":893,"links":[],"end":"2022-08-14T19:30:00.000-0000","id":49218,"begin_timestamp":{"seconds":1660503000,"nanoseconds":0},"tag_ids":[40252,45340,45350,45451],"village_id":9,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48636}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Cloud Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Cloud Village)","id":45431},"spans_timebands":"N","updated":"2022-07-31T16:07:00.000-0000","begin":"2022-08-14T18:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In order to protect abortion access in America, it is imperative to understand what abortion is in material terms. This primer will discuss clinical and underground abortion procedures, provider opsec, targeted legislation against abortion access, how abortion access & gender affirming care are linked, and demonstrate how to build a DIY vacuum aspiration device. This talk will be presented from the perspective that abortion should be available on demand, without apology as part of a spectrum of human reproductive rights including gender affirming care and expression of sexual orientation. Providing abortions safely requires a background in healthcare that exceeds the time and content limitations of this talk. Though abortion will be discussed in practical terms, attendees will not be taught how to perform abortions.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#a8c24b","updated_at":"2024-06-07T03:39+0000","name":"Skytalk","id":45291},"title":"Abortion Tech","end_timestamp":{"seconds":1660509000,"nanoseconds":0},"android_description":"In order to protect abortion access in America, it is imperative to understand what abortion is in material terms. This primer will discuss clinical and underground abortion procedures, provider opsec, targeted legislation against abortion access, how abortion access & gender affirming care are linked, and demonstrate how to build a DIY vacuum aspiration device. This talk will be presented from the perspective that abortion should be available on demand, without apology as part of a spectrum of human reproductive rights including gender affirming care and expression of sexual orientation. Providing abortions safely requires a background in healthcare that exceeds the time and content limitations of this talk. Though abortion will be discussed in practical terms, attendees will not be taught how to perform abortions.","updated_timestamp":{"seconds":1658865600,"nanoseconds":0},"speakers":[{"content_ids":[48721],"conference_id":65,"event_ids":[48728],"name":"Maggie Mayhem","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/msmaggiemayhem"}],"pronouns":null,"media":[],"id":48002}],"timeband_id":893,"links":[],"end":"2022-08-14T20:30:00.000-0000","id":48728,"begin_timestamp":{"seconds":1660502400,"nanoseconds":0},"tag_ids":[40272,45291,45340,45373,45453],"village_id":30,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48002}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45438,"name":"LINQ - BLOQ (SkyTalks 303)","hotel":"","short_name":"BLOQ (SkyTalks 303)","id":45413},"spans_timebands":"N","begin":"2022-08-14T18:40:00.000-0000","updated":"2022-07-26T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Security teams are often tasked with building a layered control environment through a defense-in-depth approach. Audit and compliance teams may even require these controls to align to a specific benchmark or framework. Unfortunately, the scenario often arises where these controls are only put to the test when a real attack occurs leading teams confused when responding to an incident. Assumptions are made by all business units about the operating effectiveness of the environment. Remember when we all relied on the perimeter firewall for security a decade ago? We now have the same problem with heavily relying on default configs within EDR’s. Business leaders may be lulled into thinking that these tools will prevent sophisticated attack chains by nation state adversaries and meanwhile get burned by lazy PowerShell tradecraft that goes undetected. These assumptions are rarely validated through active testing or standard day-to-day activity due to the complexities of a behavior or technique. From an auditing perspective, this is a critical hidden gap that creates a cyclical problem. We are maybe the only industry that provides technical solutions that still requires customers to continuously tune and validate they are working as intended. Although the controls may align to a specific need on paper, significant gaps go unnoticed allowing attackers to achieve their end objectives. A purple team/threat emulation exercise can help prevent this. However, most businesses are often unequipped to know where to begin.\r\n\r\nMany of us are not speaking the same language as the business when attempting to introduce the enterprise matrix from MITRE ATT&CK(®). Further, we have now entered an unfortunate reality where every vendor, tool, and third party reference the framework. As an industry, we need to be able to use this framework in a concise and repeatable manner. We also must be honest with the short comings of ATT&CK and what it cannot be used for. It is extremely enticing to fall under several traps when attempting to use the framework and perform simulations internally. This includes playing bingo and not truly understanding how techniques are emulated in an environment. This talk proposes an approach for how to use existing free tools including the Atomic Red Team library, Prelude Operator, and Vectr to begin tracking adversaries and testing control resiliency in an environment. This talk will educate all business units about the MITRE ATT&CK framework and how it can be incorporated within their assessments. To proactively defend against cyber threats, we cannot rely on individual experts alone. Many of us have been exposed to the ATT&CK framework in some capacity. However, as an industry we do not have a clear way to abstract specific detail from the framework and align to our businesses primary mission. The business from the top-down need to be able to understand how to conduct these types of tests and why they matter. Strong relationships between audit, compliance, third-parties, IT, and security lead to the most secure environments. Everyone, whether on the blue team or red team, plays a role in executing these tests, remediating, and communicating results across the business.\r\n\r\nAs assessors we build test procedures to identify gaps, remediate issues, and retest just like any traditional audit. When examined closely, we are effectively quality assurance for cybersecurity. We have specific playbooks of what adversaries attempt upon achieving initial access. Think about the Conti Playbook that was released and translated earlier this year. We can leverage existing tooling to emulate the identified behaviors in our environment creating a “data-driven” and threat informed test. Equipped with this knowledge, we can layout controls that allow the business to operate and provide assurances that an attack chain is mitigated. We have rich and continuously improving public cyber threat intelligence reports that must be used in our programs. Public annual reports from Red Canary, Microsoft, DFIR Report, Scythe, and countless others all can be used to tune our controls against a specific threat. Security professionals can emulate adversaries for cheap all the while expanding budgets and showcasing their work to executives. My hope is to be able to bridge existing understanding of ATT&CK and provide a path to reliably use it regardless of size or complexity of an institution.\n\n\n","title":"Purple Teaming for Auditors and the Business","type":{"conference_id":65,"conference":"DEFCON30","color":"#54ab76","updated_at":"2024-06-07T03:39+0000","name":"Adversary Village","id":45377},"end_timestamp":{"seconds":1660503600,"nanoseconds":0},"android_description":"Security teams are often tasked with building a layered control environment through a defense-in-depth approach. Audit and compliance teams may even require these controls to align to a specific benchmark or framework. Unfortunately, the scenario often arises where these controls are only put to the test when a real attack occurs leading teams confused when responding to an incident. Assumptions are made by all business units about the operating effectiveness of the environment. Remember when we all relied on the perimeter firewall for security a decade ago? We now have the same problem with heavily relying on default configs within EDR’s. Business leaders may be lulled into thinking that these tools will prevent sophisticated attack chains by nation state adversaries and meanwhile get burned by lazy PowerShell tradecraft that goes undetected. These assumptions are rarely validated through active testing or standard day-to-day activity due to the complexities of a behavior or technique. From an auditing perspective, this is a critical hidden gap that creates a cyclical problem. We are maybe the only industry that provides technical solutions that still requires customers to continuously tune and validate they are working as intended. Although the controls may align to a specific need on paper, significant gaps go unnoticed allowing attackers to achieve their end objectives. A purple team/threat emulation exercise can help prevent this. However, most businesses are often unequipped to know where to begin.\r\n\r\nMany of us are not speaking the same language as the business when attempting to introduce the enterprise matrix from MITRE ATT&CK(®). Further, we have now entered an unfortunate reality where every vendor, tool, and third party reference the framework. As an industry, we need to be able to use this framework in a concise and repeatable manner. We also must be honest with the short comings of ATT&CK and what it cannot be used for. It is extremely enticing to fall under several traps when attempting to use the framework and perform simulations internally. This includes playing bingo and not truly understanding how techniques are emulated in an environment. This talk proposes an approach for how to use existing free tools including the Atomic Red Team library, Prelude Operator, and Vectr to begin tracking adversaries and testing control resiliency in an environment. This talk will educate all business units about the MITRE ATT&CK framework and how it can be incorporated within their assessments. To proactively defend against cyber threats, we cannot rely on individual experts alone. Many of us have been exposed to the ATT&CK framework in some capacity. However, as an industry we do not have a clear way to abstract specific detail from the framework and align to our businesses primary mission. The business from the top-down need to be able to understand how to conduct these types of tests and why they matter. Strong relationships between audit, compliance, third-parties, IT, and security lead to the most secure environments. Everyone, whether on the blue team or red team, plays a role in executing these tests, remediating, and communicating results across the business.\r\n\r\nAs assessors we build test procedures to identify gaps, remediate issues, and retest just like any traditional audit. When examined closely, we are effectively quality assurance for cybersecurity. We have specific playbooks of what adversaries attempt upon achieving initial access. Think about the Conti Playbook that was released and translated earlier this year. We can leverage existing tooling to emulate the identified behaviors in our environment creating a “data-driven” and threat informed test. Equipped with this knowledge, we can layout controls that allow the business to operate and provide assurances that an attack chain is mitigated. We have rich and continuously improving public cyber threat intelligence reports that must be used in our programs. Public annual reports from Red Canary, Microsoft, DFIR Report, Scythe, and countless others all can be used to tune our controls against a specific threat. Security professionals can emulate adversaries for cheap all the while expanding budgets and showcasing their work to executives. My hope is to be able to bridge existing understanding of ATT&CK and provide a path to reliably use it regardless of size or complexity of an institution.","updated_timestamp":{"seconds":1659888780,"nanoseconds":0},"speakers":[{"content_ids":[49590],"conference_id":65,"event_ids":[49802],"name":"Alex Martirosyan","affiliations":[{"organization":"Wolf’s IT Assurance Services","title":"Senior Penetration Tester"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/alex-martirosyan/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/almartiros"}],"pronouns":null,"media":[],"id":48944,"title":"Senior Penetration Tester at Wolf’s IT Assurance Services"}],"timeband_id":893,"links":[],"end":"2022-08-14T19:00:00.000-0000","id":49802,"village_id":1,"tag_ids":[40246,45340,45373,45377,45451],"begin_timestamp":{"seconds":1660501800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48944}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"spans_timebands":"N","updated":"2022-08-07T16:13:00.000-0000","begin":"2022-08-14T18:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#504dd0","updated_at":"2024-06-07T03:39+0000","name":"Social Engineering Community Village","id":45370},"title":"Social Engineering Community Village Awards and Competitor Panel","android_description":"","end_timestamp":{"seconds":1660507200,"nanoseconds":0},"updated_timestamp":{"seconds":1659504360,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49504,"village_id":31,"tag_ids":[40273,45341,45370,45453],"begin_timestamp":{"seconds":1660501800,"nanoseconds":0},"includes":"","people":[],"tags":"Village Event","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social A (Social Engineering Community)","hotel":"","short_name":"Social A (Social Engineering Community)","id":45418},"spans_timebands":"N","updated":"2022-08-03T05:26:00.000-0000","begin":"2022-08-14T18:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Workshop: Mobile Penetration Testing w Corellium","type":{"conference_id":65,"conference":"DEFCON30","color":"#c497fa","updated_at":"2024-06-07T03:39+0000","name":"Girls Hack Village","id":45361},"end_timestamp":{"seconds":1660512600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659465900,"nanoseconds":0},"speakers":[{"content_ids":[49317],"conference_id":65,"event_ids":[49417],"name":"Corellium ","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48716}],"timeband_id":893,"links":[],"end":"2022-08-14T21:30:00.000-0000","id":49417,"village_id":12,"begin_timestamp":{"seconds":1660501800,"nanoseconds":0},"tag_ids":[40255,45332,45361,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48716}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City III (Girls Hack Village)","hotel":"","short_name":"Virginia City III (Girls Hack Village)","id":45400},"spans_timebands":"N","updated":"2022-08-02T18:45:00.000-0000","begin":"2022-08-14T18:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":" Increased adoption of Uncrewed Aerial Systems (UAS) by a wide range of local, state, and federal government entities requires greater attention to the security requirements of UAS. Such requirements must support both operational (flight) security and data security of the UAS. We discuss the architectural decomposition used for our security assessments, common security features and failures found in current UAS, and discuss the use of IoT security frameworks in a UAS context.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#f5eab2","name":"Aerospace Village","id":45357},"title":"Formalizing Security Assessment for Uncrewed Aerial Systems","end_timestamp":{"seconds":1660503300,"nanoseconds":0},"android_description":"Increased adoption of Uncrewed Aerial Systems (UAS) by a wide range of local, state, and federal government entities requires greater attention to the security requirements of UAS. Such requirements must support both operational (flight) security and data security of the UAS. We discuss the architectural decomposition used for our security assessments, common security features and failures found in current UAS, and discuss the use of IoT security frameworks in a UAS context.","updated_timestamp":{"seconds":1659379380,"nanoseconds":0},"speakers":[{"content_ids":[49243,49670],"conference_id":65,"event_ids":[49286,49858],"name":"Ronald Broberg","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/noiq15"}],"media":[],"id":48684},{"content_ids":[49243],"conference_id":65,"event_ids":[49286],"name":"Rudy Mendoza","affiliations":[{"organization":"Dark Wolf Solutions","title":"Senior Penetration Tester"}],"links":[],"pronouns":null,"media":[],"id":48685,"title":"Senior Penetration Tester at Dark Wolf Solutions"}],"timeband_id":893,"links":[],"end":"2022-08-14T18:55:00.000-0000","id":49286,"tag_ids":[40247,45340,45357,45450],"begin_timestamp":{"seconds":1660501800,"nanoseconds":0},"village_id":2,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48684},{"tag_id":565,"sort_order":1,"person_id":48685}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","updated":"2022-08-01T18:43:00.000-0000","begin":"2022-08-14T18:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Despite the importance, most organizations don't have a good understanding of cryptographic operations in use across their various code bases. IBM's Cost of a Data Breach Report 2021 notes that organizations that use strong encryption had a $1.25 million average lower cost of a breach than those with weak or no encryption.\r\n\r\nDue to aging ciphers and increasing computational power, dated cipher suites are the future of insecure cryptographic practices. In order to effectively counter this threat, every organization needs to be aware of what ciphers are used, where, and how.\r\n\r\nOne solution to this problem is adding static analysis checks as part of your core continuous integration (CI) testing. In this talk, we'll see two open source static analysis solutions with default rules around detection of cryptographic weakness: Semgrep and CodeQL.\r\n\r\nIn this talk, I’ll demonstrate how to implement rules with Semgrep and CodeQL, then modify cryptographic rules to suit your needs. As a demonstration, we’ll look at this through the lens of achieving US Federal Information Processing Standard (FIPS) 140-2 compliance which is mandated by federal customers.\r\n\r\nIf you're looking for ways to audit, create controls, or validate tooling around determining cryptographic usage, this talk will give you solid practices to get started.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ff88ea","name":"Crypto & Privacy Village","id":45347},"title":"Finding Crypto: Inventorying Cryptographic Operations","end_timestamp":{"seconds":1660503600,"nanoseconds":0},"android_description":"Despite the importance, most organizations don't have a good understanding of cryptographic operations in use across their various code bases. IBM's Cost of a Data Breach Report 2021 notes that organizations that use strong encryption had a $1.25 million average lower cost of a breach than those with weak or no encryption.\r\n\r\nDue to aging ciphers and increasing computational power, dated cipher suites are the future of insecure cryptographic practices. In order to effectively counter this threat, every organization needs to be aware of what ciphers are used, where, and how.\r\n\r\nOne solution to this problem is adding static analysis checks as part of your core continuous integration (CI) testing. In this talk, we'll see two open source static analysis solutions with default rules around detection of cryptographic weakness: Semgrep and CodeQL.\r\n\r\nIn this talk, I’ll demonstrate how to implement rules with Semgrep and CodeQL, then modify cryptographic rules to suit your needs. As a demonstration, we’ll look at this through the lens of achieving US Federal Information Processing Standard (FIPS) 140-2 compliance which is mandated by federal customers.\r\n\r\nIf you're looking for ways to audit, create controls, or validate tooling around determining cryptographic usage, this talk will give you solid practices to get started.","updated_timestamp":{"seconds":1659214140,"nanoseconds":0},"speakers":[{"content_ids":[49161],"conference_id":65,"event_ids":[49197],"name":"Kevin Lai","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48601}],"timeband_id":893,"links":[],"end":"2022-08-14T19:00:00.000-0000","id":49197,"village_id":10,"tag_ids":[40253,45347,45451],"begin_timestamp":{"seconds":1660501800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48601}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"begin":"2022-08-14T18:30:00.000-0000","updated":"2022-07-30T20:49:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"As the current machine learning paradigm shifts toward the use of large pretrained models fine-tuned to a specific use case, it becomes increasingly important to trust the pretrained models that are downloaded from central model repositories (or other areas of the internet). As has been well documented in the machine learning literature, numerous attacks currently exist that allow an adversary to poison or “trojan” a machine learning model causing the model to behave correctly except when dealing with a specific adversary chosen input or “trigger”. This talk will introduce the threats posed by these AI trojan attacks, discuss the current types of attacks that exist, and then focus on the state of the art techniques used to both defend and detect these attacks.\r\n\r\nAs part of an emphasis on trojan detection, the talk will also cover key aspects of the TrojAI Competition (https://pages.nist.gov/trojai/)—an open leaderboard run by NIST and IARPA to spur the development of better trojan detection techniques. This leaderboard provides anyone with the opportunity to run and evaluate their own trojan detectors across large datasets of clean/poisoned AI models already developed by the TrojAI team. These datasets consist of numerous different AI architectures trained across tasks ranging from image classification to extractive question answering. They are open-source and ready for the community to use.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#7692ac","updated_at":"2024-06-07T03:39+0000","name":"AI Village","id":45330},"title":"AI Trojan Attacks, Defenses, and the TrojAI Competition","end_timestamp":{"seconds":1660504800,"nanoseconds":0},"android_description":"As the current machine learning paradigm shifts toward the use of large pretrained models fine-tuned to a specific use case, it becomes increasingly important to trust the pretrained models that are downloaded from central model repositories (or other areas of the internet). As has been well documented in the machine learning literature, numerous attacks currently exist that allow an adversary to poison or “trojan” a machine learning model causing the model to behave correctly except when dealing with a specific adversary chosen input or “trigger”. This talk will introduce the threats posed by these AI trojan attacks, discuss the current types of attacks that exist, and then focus on the state of the art techniques used to both defend and detect these attacks.\r\n\r\nAs part of an emphasis on trojan detection, the talk will also cover key aspects of the TrojAI Competition (https://pages.nist.gov/trojai/)—an open leaderboard run by NIST and IARPA to spur the development of better trojan detection techniques. This leaderboard provides anyone with the opportunity to run and evaluate their own trojan detectors across large datasets of clean/poisoned AI models already developed by the TrojAI team. These datasets consist of numerous different AI architectures trained across tasks ranging from image classification to extractive question answering. They are open-source and ready for the community to use.","updated_timestamp":{"seconds":1659293160,"nanoseconds":0},"speakers":[{"content_ids":[49047],"conference_id":65,"event_ids":[49050],"name":"Taylor Kulp-Mcdowall ","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48474}],"timeband_id":893,"links":[],"end":"2022-08-14T19:20:00.000-0000","id":49050,"begin_timestamp":{"seconds":1660501800,"nanoseconds":0},"tag_ids":[40248,45330,45450],"village_id":3,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48474}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (AI Village)","hotel":"","short_name":"220->236 (AI Village)","id":45410},"spans_timebands":"N","updated":"2022-07-31T18:46:00.000-0000","begin":"2022-08-14T18:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Analyzing malicious digital content safely typically requires specialized tools in a sandboxed environment, and an awareness of the risk associated with specific analysis techniques.\r\n\r\nTraditionally the process of provisioning these environments was labor intensive, and technically demanding. In this presentation I'll show you how to use DevSecOps best practices to provision lightweight, anonymous, cloud sandboxes in seconds.\r\n\r\nComments: Text HOW or SHELL to 1337-561-1337* for an early demo of what I'm presenting. https://github.com/shell-company/public-shell-company\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#7caa57","name":"Cloud Village","id":45350},"title":"Cloud Sandboxes for Security Research - Noirgate","end_timestamp":{"seconds":1660503000,"nanoseconds":0},"android_description":"Analyzing malicious digital content safely typically requires specialized tools in a sandboxed environment, and an awareness of the risk associated with specific analysis techniques.\r\n\r\nTraditionally the process of provisioning these environments was labor intensive, and technically demanding. In this presentation I'll show you how to use DevSecOps best practices to provision lightweight, anonymous, cloud sandboxes in seconds.\r\n\r\nComments: Text HOW or SHELL to 1337-561-1337* for an early demo of what I'm presenting. https://github.com/shell-company/public-shell-company","updated_timestamp":{"seconds":1660057500,"nanoseconds":0},"speakers":[{"content_ids":[49187],"conference_id":65,"event_ids":[49223],"name":"Louis Barrett","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/0daysimpson"}],"media":[],"id":48646}],"timeband_id":893,"end":"2022-08-14T18:50:00.000-0000","links":[{"label":"GitHub","type":"link","url":"https://github.com/shell-company/public-shell-company"}],"id":49223,"village_id":9,"begin_timestamp":{"seconds":1660501200,"nanoseconds":0},"tag_ids":[40252,45349,45350,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48646}],"tags":"Tool Demo","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Cloud Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Cloud Village)","id":45431},"begin":"2022-08-14T18:20:00.000-0000","updated":"2022-08-09T15:05:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Campfire Chat with snax - come and discuss how quantum might affect society, privacy, and more! \n\n\n","title":"Quantum Life: Burning Chrome Side Chat","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#aae997","name":"Quantum Village","id":45382},"end_timestamp":{"seconds":1660503600,"nanoseconds":0},"android_description":"Campfire Chat with snax - come and discuss how quantum might affect society, privacy, and more!","updated_timestamp":{"seconds":1660333500,"nanoseconds":0},"speakers":[{"content_ids":[49714],"conference_id":65,"event_ids":[49904],"name":"VWave","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49052}],"timeband_id":893,"links":[],"end":"2022-08-14T19:00:00.000-0000","id":49904,"begin_timestamp":{"seconds":1660500000,"nanoseconds":0},"tag_ids":[40266,45340,45373,45382,45450],"village_id":24,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49052}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 217 (Quantum Village)","hotel":"","short_name":"217 (Quantum Village)","id":45403},"begin":"2022-08-14T18:00:00.000-0000","updated":"2022-08-12T19:45:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Application developers are the first line in defending applications from attack, there are thousands of software and hardware solutions to attempt to make your software more safe and secure. In the end if the software isn't developed properly and securely no amount of software or hardware is going to protect you. In this session I plan to go over, identifying weak code, testing for it, and fixing it.\r\n\r\nIn this session we will go over in-depth the process for doing application security testing on your own applications. As part of the session we will go through and identify all of the items on the OWASP top 10, how to test them using DVWA (the Damn Vulnerable Web Application) and other sandbox applications, and talk about strategies to mitigate the risk and turn weakness into advantage.\n\n\n","title":"Offensive Application Security for Developers...","type":{"conference_id":65,"conference":"DEFCON30","color":"#5978bc","updated_at":"2024-06-07T03:39+0000","name":"AppSec Village","id":45378},"end_timestamp":{"seconds":1660507200,"nanoseconds":0},"android_description":"Application developers are the first line in defending applications from attack, there are thousands of software and hardware solutions to attempt to make your software more safe and secure. In the end if the software isn't developed properly and securely no amount of software or hardware is going to protect you. In this session I plan to go over, identifying weak code, testing for it, and fixing it.\r\n\r\nIn this session we will go over in-depth the process for doing application security testing on your own applications. As part of the session we will go through and identify all of the items on the OWASP top 10, how to test them using DVWA (the Damn Vulnerable Web Application) and other sandbox applications, and talk about strategies to mitigate the risk and turn weakness into advantage.","updated_timestamp":{"seconds":1659917160,"nanoseconds":0},"speakers":[{"content_ids":[49647],"conference_id":65,"event_ids":[49831],"name":"James McKee","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/james-mckee-a43a2911/"}],"pronouns":null,"media":[],"id":48997}],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49831,"tag_ids":[40278,45332,45378,45432,45451],"village_id":4,"begin_timestamp":{"seconds":1660500000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48997}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45421,"name":"Flamingo - Twilight Ballroom - AppSec Village - Main Stage","hotel":"","short_name":"Main Stage","id":45517},"spans_timebands":"N","updated":"2022-08-08T00:06:00.000-0000","begin":"2022-08-14T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"I released a book last year titled Adversarial Tradecraft in CyberSecurity: Offense vs Defense in real time. This book includes several red team and blue team techniques that help get the advantage over the opponent, ultimately giving the user an edge in the conflict. Throughout this book I distilled several principles or theories that either side can leverage in an abstract sense to gain these advantages. I will cover the principles, as well as several real world examples of using them from both the offense and defensive perspectives. The principles and some examples are as follows:\r\n\r\n* Principle of Deception - Offensive perspective will show some obfuscation and hiding in the file system techniques Defensive perspective will show honeypots and honeytokens to get more info about an attacker\r\n\r\n*Principle of Physical Access - Offensive perspective will show how physical keyloggers are so effective, grabbing creds and remaining off the wire. Defensive perspective will show how no matter what an attacker does defender can reimage and regain control if they have physical access\r\n\r\n*Principle of Humanity - Offensive perspective will show how researching the people involved can help you find the path to the access you need, and who you need to exploit target to get there. Defensive perspective will show how profiling the attackers will help to understand their TTPs, and thus defend against them.\r\n\r\n*Principle of Economy - Shows how both sides are limited on personal, and how understanding where they spend their money can help you avoid their strongest areas, or target their weakest spend locations. Principle of Planning We will show how planning, to get to run books or even automation will save critical time during operations.\r\n\r\n*Principle of Innovation - Will show how researching the attackers or defenders tools can help develop exploits, which can be used to change the came or get unexpected access, such as the defenders getting access to a c2 server, or the offense getting an 0day to get in on the edge.\r\n\r\n*Principle of Time - On the offense will show how previous automations can help get an advantage, where as doing it by hand will not get the same advantage (think killing the AV/EDR, then running an automated tool while it restarts) The defensive perspective will show how and when you respond to an incident can make or break it, depending on how much access the offense has already gained.\n\n\n","title":"Helpful Principles in Adversarial Operations","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#54ab76","name":"Adversary Village","id":45377},"android_description":"I released a book last year titled Adversarial Tradecraft in CyberSecurity: Offense vs Defense in real time. This book includes several red team and blue team techniques that help get the advantage over the opponent, ultimately giving the user an edge in the conflict. Throughout this book I distilled several principles or theories that either side can leverage in an abstract sense to gain these advantages. I will cover the principles, as well as several real world examples of using them from both the offense and defensive perspectives. The principles and some examples are as follows:\r\n\r\n* Principle of Deception - Offensive perspective will show some obfuscation and hiding in the file system techniques Defensive perspective will show honeypots and honeytokens to get more info about an attacker\r\n\r\n*Principle of Physical Access - Offensive perspective will show how physical keyloggers are so effective, grabbing creds and remaining off the wire. Defensive perspective will show how no matter what an attacker does defender can reimage and regain control if they have physical access\r\n\r\n*Principle of Humanity - Offensive perspective will show how researching the people involved can help you find the path to the access you need, and who you need to exploit target to get there. Defensive perspective will show how profiling the attackers will help to understand their TTPs, and thus defend against them.\r\n\r\n*Principle of Economy - Shows how both sides are limited on personal, and how understanding where they spend their money can help you avoid their strongest areas, or target their weakest spend locations. Principle of Planning We will show how planning, to get to run books or even automation will save critical time during operations.\r\n\r\n*Principle of Innovation - Will show how researching the attackers or defenders tools can help develop exploits, which can be used to change the came or get unexpected access, such as the defenders getting access to a c2 server, or the offense getting an 0day to get in on the edge.\r\n\r\n*Principle of Time - On the offense will show how previous automations can help get an advantage, where as doing it by hand will not get the same advantage (think killing the AV/EDR, then running an automated tool while it restarts) The defensive perspective will show how and when you respond to an incident can make or break it, depending on how much access the offense has already gained.","end_timestamp":{"seconds":1660501800,"nanoseconds":0},"updated_timestamp":{"seconds":1659888720,"nanoseconds":0},"speakers":[{"content_ids":[49589],"conference_id":65,"event_ids":[49801],"name":"Dan Borges","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/borges1337/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/1njection"}],"media":[],"id":48936}],"timeband_id":893,"links":[],"end":"2022-08-14T18:30:00.000-0000","id":49801,"tag_ids":[40246,45340,45373,45377,45451],"begin_timestamp":{"seconds":1660500000,"nanoseconds":0},"village_id":1,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48936}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"spans_timebands":"N","updated":"2022-08-07T16:12:00.000-0000","begin":"2022-08-14T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"A high level talk about a digital forensics investigation on a unwiped Cash register.\n\n\n","title":"I know what you ate last summer","type":{"conference_id":65,"conference":"DEFCON30","color":"#c3a2fb","updated_at":"2024-06-07T03:39+0000","name":"Retail Hacking Village","id":45327},"android_description":"A high level talk about a digital forensics investigation on a unwiped Cash register.","end_timestamp":{"seconds":1660503600,"nanoseconds":0},"updated_timestamp":{"seconds":1659729900,"nanoseconds":0},"speakers":[{"content_ids":[49448],"conference_id":65,"event_ids":[49652],"name":"Wesley Altham (aka Wesrl)","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48830}],"timeband_id":893,"links":[],"end":"2022-08-14T19:00:00.000-0000","id":49652,"village_id":28,"tag_ids":[40270,45327,45340,45348,45373,45450],"begin_timestamp":{"seconds":1660500000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48830}],"tags":"Talk, Pre-Recorded Content","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 310, 320 (Retail Hacking Village)","hotel":"","short_name":"310, 320 (Retail Hacking Village)","id":45408},"spans_timebands":"N","begin":"2022-08-14T18:00:00.000-0000","updated":"2022-08-05T20:05:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"title":"OSINT Skills Lab Challenge","end_timestamp":{"seconds":1660503600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659679080,"nanoseconds":0},"speakers":[{"content_ids":[49440],"conference_id":65,"event_ids":[49635,49636,49637,49638,49639,49640,49641,49642,49643],"name":"Lee McWhorter","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/lee-mcwhorter/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/tleemcjr"}],"pronouns":null,"media":[],"id":48518},{"content_ids":[49440],"conference_id":65,"event_ids":[49635,49636,49637,49638,49639,49640,49641,49642,49643],"name":"Sandra Stibbards","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/camelotinvestigations/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/camelotinv"}],"pronouns":null,"media":[],"id":48531}],"timeband_id":893,"links":[],"end":"2022-08-14T19:00:00.000-0000","id":49643,"begin_timestamp":{"seconds":1660500000,"nanoseconds":0},"tag_ids":[40269,45332,45373,45385,45451],"village_id":27,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48518},{"tag_id":565,"sort_order":1,"person_id":48531}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"spans_timebands":"N","begin":"2022-08-14T18:00:00.000-0000","updated":"2022-08-05T05:58:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ada5dd","name":"Red Team Village","id":45385},"title":"Intro to CTFs","android_description":"","end_timestamp":{"seconds":1660503600,"nanoseconds":0},"updated_timestamp":{"seconds":1659679020,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T19:00:00.000-0000","id":49632,"tag_ids":[40269,45332,45373,45385,45451],"village_id":27,"begin_timestamp":{"seconds":1660500000,"nanoseconds":0},"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"spans_timebands":"N","begin":"2022-08-14T18:00:00.000-0000","updated":"2022-08-05T05:57:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Hacking WebApps with WebSploit Labs","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"end_timestamp":{"seconds":1660503600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659678780,"nanoseconds":0},"speakers":[{"content_ids":[49042,49430,49436,48895],"conference_id":65,"event_ids":[48894,49045,49594,49620,49621,49622,49623,49624,49625,49626],"name":"Omar Santos","affiliations":[{"organization":"Cisco PSIRT","title":"Principal Engineer"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/santosomar"}],"media":[],"id":48470,"title":"Principal Engineer at Cisco PSIRT"}],"timeband_id":893,"links":[],"end":"2022-08-14T19:00:00.000-0000","id":49626,"tag_ids":[40269,45332,45373,45385,45451],"village_id":27,"begin_timestamp":{"seconds":1660500000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48470}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"spans_timebands":"N","begin":"2022-08-14T18:00:00.000-0000","updated":"2022-08-05T05:53:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Cyber Resilience Bootcamp","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ada5dd","name":"Red Team Village","id":45385},"end_timestamp":{"seconds":1660503600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659678480,"nanoseconds":0},"speakers":[{"content_ids":[49433],"conference_id":65,"event_ids":[49599,49600,49601,49602,49603,49604,49605],"name":"Ron Taylor","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Gu5G0rman"}],"media":[],"id":48826}],"timeband_id":893,"links":[],"end":"2022-08-14T19:00:00.000-0000","id":49605,"tag_ids":[40269,45332,45373,45385,45451],"village_id":27,"begin_timestamp":{"seconds":1660500000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48826}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"spans_timebands":"N","updated":"2022-08-05T05:48:00.000-0000","begin":"2022-08-14T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Now that you‚Äôre familiar with the techniques used to bypass locks in some door installation, come and learn the remediations for these common bypasses. In this talk, you will learn how to protect against or harden against attacks such as the Under the Door attack, latch slipping, and more.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#61ba95","updated_at":"2024-06-07T03:39+0000","name":"Physical Security Village","id":45381},"title":"Bypass 102","end_timestamp":{"seconds":1660501800,"nanoseconds":0},"android_description":"Now that you‚Äôre familiar with the techniques used to bypass locks in some door installation, come and learn the remediations for these common bypasses. In this talk, you will learn how to protect against or harden against attacks such as the Under the Door attack, latch slipping, and more.","updated_timestamp":{"seconds":1659624360,"nanoseconds":0},"speakers":[{"content_ids":[49393,49398,49399,49400],"conference_id":65,"event_ids":[49540,49545,49546,49547,49556,49557,49558],"name":"Karen Ng","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/hwenab"}],"pronouns":null,"media":[],"id":48801}],"timeband_id":893,"links":[],"end":"2022-08-14T18:30:00.000-0000","id":49558,"village_id":22,"begin_timestamp":{"seconds":1660500000,"nanoseconds":0},"tag_ids":[40264,45340,45373,45381,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48801}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 201-202 (Physical Security Village)","hotel":"","short_name":"201-202 (Physical Security Village)","id":45428},"begin":"2022-08-14T18:00:00.000-0000","updated":"2022-08-04T14:46:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"More than a decade ago, Project Basecamp highlighted how many OT devices and protocols were insecure-by-design. Ever since, the absence of basic security controls has continued to complicate OT security programs. While the past decade has seen the advent of standards-driven hardening efforts at the component and system level, it has also seen impactful real-world OT incidents abusing insecure-by-design functionality, which has left many defenders wondering just how much has changed. In this talk, we will present dozens of previously undisclosed issues in products from almost 20 vendors deployed in a wide range of industry verticals. We will provide a quantitative overview of these issues and illustrate how the opaque and proprietary nature of the systems has resulted in insecure-by-design products achieving security certification as well as complicating vulnerability management. In addition, we will take a technical deep-dive into several RCE vulnerabilities on level 1 devices (ab)using nothing but legitimate functionality and present quantitative insights into our research process in order to provide the audience with some hard numbers on the resources required to develop basic offensive capabilities for the issues discussed and its potential implications for the relevant threat landscape.\n\n\n","title":"OT:ICEFALL - Revisiting a decade of OT insecure-by-design practices","type":{"conference_id":65,"conference":"DEFCON30","color":"#81f8bf","updated_at":"2024-06-07T03:39+0000","name":"ICS Village","id":45369},"end_timestamp":{"seconds":1660503600,"nanoseconds":0},"android_description":"More than a decade ago, Project Basecamp highlighted how many OT devices and protocols were insecure-by-design. Ever since, the absence of basic security controls has continued to complicate OT security programs. While the past decade has seen the advent of standards-driven hardening efforts at the component and system level, it has also seen impactful real-world OT incidents abusing insecure-by-design functionality, which has left many defenders wondering just how much has changed. In this talk, we will present dozens of previously undisclosed issues in products from almost 20 vendors deployed in a wide range of industry verticals. We will provide a quantitative overview of these issues and illustrate how the opaque and proprietary nature of the systems has resulted in insecure-by-design products achieving security certification as well as complicating vulnerability management. In addition, we will take a technical deep-dive into several RCE vulnerabilities on level 1 devices (ab)using nothing but legitimate functionality and present quantitative insights into our research process in order to provide the audience with some hard numbers on the resources required to develop basic offensive capabilities for the issues discussed and its potential implications for the relevant threat landscape.","updated_timestamp":{"seconds":1659472260,"nanoseconds":0},"speakers":[{"content_ids":[49329],"conference_id":65,"event_ids":[49429],"name":"Jos Wetzels","affiliations":[{"organization":"Forescout","title":"Security Researcher"}],"links":[],"pronouns":null,"media":[],"id":48761,"title":"Security Researcher at Forescout"}],"timeband_id":893,"links":[],"end":"2022-08-14T19:00:00.000-0000","id":49429,"begin_timestamp":{"seconds":1660500000,"nanoseconds":0},"village_id":15,"tag_ids":[40258,45340,45369,45375],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48761}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"ICS Village Virtual","hotel":"","short_name":"ICS Village","id":45492},"updated":"2022-08-02T20:31:00.000-0000","begin":"2022-08-14T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Introduction to IOS Reverse Engineering with Frida","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#c497fa","name":"Girls Hack Village","id":45361},"android_description":"","end_timestamp":{"seconds":1660501800,"nanoseconds":0},"updated_timestamp":{"seconds":1659465900,"nanoseconds":0},"speakers":[{"content_ids":[49316],"conference_id":65,"event_ids":[49416],"name":"Christine Fossaceca","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/christine-fossaceca-9323676/"}],"media":[],"id":48715}],"timeband_id":893,"links":[],"end":"2022-08-14T18:30:00.000-0000","id":49416,"village_id":12,"begin_timestamp":{"seconds":1660500000,"nanoseconds":0},"tag_ids":[40255,45340,45361,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48715}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City III (Girls Hack Village)","hotel":"","short_name":"Virginia City III (Girls Hack Village)","id":45400},"spans_timebands":"N","updated":"2022-08-02T18:45:00.000-0000","begin":"2022-08-14T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Safecracking is a more obscure art of locksport and this talk will cover types of safe locks, how they work, and how to defeat them.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#856899","updated_at":"2024-06-07T03:39+0000","name":"Lock Pick Village","id":45362},"title":"Safecracking for Everyone","android_description":"Safecracking is a more obscure art of locksport and this talk will cover types of safe locks, how they work, and how to defeat them.","end_timestamp":{"seconds":1660502700,"nanoseconds":0},"updated_timestamp":{"seconds":1659420360,"nanoseconds":0},"speakers":[{"content_ids":[49279],"conference_id":65,"event_ids":[49359],"name":"Jared Dygert","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48703}],"timeband_id":893,"links":[],"end":"2022-08-14T18:45:00.000-0000","id":49359,"tag_ids":[40259,45340,45362,45373,45450],"village_id":17,"begin_timestamp":{"seconds":1660500000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48703}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 203-204, 235 (Lock Pick Village)","hotel":"","short_name":"203-204, 235 (Lock Pick Village)","id":45399},"spans_timebands":"N","begin":"2022-08-14T18:00:00.000-0000","updated":"2022-08-02T06:06:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Take the test to join what has been considered to be one of the first hacker communities, amateur radio! The Ham Radio Village is back at DEF CON 30 to offer free amateur radio license exams to anyone who wishes to get their ham radio license. Examinees are encouraged to study on https://ham.study/, and may sign up here: https://ham.study/sessions/626c9a8357cbff833ac7f4b7/1\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#ed8d99","updated_at":"2024-06-07T03:39+0000","name":"Ham Radio Village","id":45355},"title":"Free Amateur Radio License Exams","android_description":"Take the test to join what has been considered to be one of the first hacker communities, amateur radio! The Ham Radio Village is back at DEF CON 30 to offer free amateur radio license exams to anyone who wishes to get their ham radio license. Examinees are encouraged to study on https://ham.study/, and may sign up here: https://ham.study/sessions/626c9a8357cbff833ac7f4b7/1","end_timestamp":{"seconds":1660510800,"nanoseconds":0},"updated_timestamp":{"seconds":1659309180,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T21:00:00.000-0000","id":49262,"begin_timestamp":{"seconds":1660500000,"nanoseconds":0},"village_id":13,"tag_ids":[40256,45341,45355,45451],"includes":"","people":[],"tags":"Village Event","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City I (Ham Radio Village Exams)","hotel":"","short_name":"Virginia City I (Ham Radio Village Exams)","id":45426},"updated":"2022-07-31T23:13:00.000-0000","begin":"2022-08-14T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Oli: A Pi-Star replacement rewritten from scratch. DMR, Dstar, and other digital voice modes have long been the exclusive domain of Pi-Star. While a workhorse, there are many complicated settings to navigate before being able to make the first contact. This talk will discuss Oli, a project built from the ground up to be fast and pleasant to use. This will be a live demo and tool release.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#ed8d99","updated_at":"2024-06-07T03:39+0000","name":"Ham Radio Village","id":45355},"title":"Oli: A Simpler Pi-Star Replacement","android_description":"Oli: A Pi-Star replacement rewritten from scratch. DMR, Dstar, and other digital voice modes have long been the exclusive domain of Pi-Star. While a workhorse, there are many complicated settings to navigate before being able to make the first contact. This talk will discuss Oli, a project built from the ground up to be fast and pleasant to use. This will be a live demo and tool release.","end_timestamp":{"seconds":1660501800,"nanoseconds":0},"updated_timestamp":{"seconds":1659309060,"nanoseconds":0},"speakers":[{"content_ids":[49217],"conference_id":65,"event_ids":[49258],"name":"Danny Quist","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48668}],"timeband_id":893,"links":[],"end":"2022-08-14T18:30:00.000-0000","id":49258,"village_id":13,"tag_ids":[40256,45340,45355,45451],"begin_timestamp":{"seconds":1660500000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48668}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City II (Ham Radio Village Activities)","hotel":"","short_name":"Virginia City II (Ham Radio Village Activities)","id":45489},"begin":"2022-08-14T18:00:00.000-0000","updated":"2022-07-31T23:11:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The IAB TCF consent string is an encoded data structure which is supposed to hold information about a user’s privacy preferences to communicate them to would be trackers on a page to ensure GDPR compliance. Consent string abuse is serious, but using the consent string itself to smuggle out the payload from invasive data collection is a new level of audacity. Walk through a real case of consent string steganography we caught operating at a massive scale.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ff88ea","name":"Crypto & Privacy Village","id":45347},"title":"Voldrakus: Using Consent String Steganography to Exfiltrate Browser Fingerprinting Data","end_timestamp":{"seconds":1660501800,"nanoseconds":0},"android_description":"The IAB TCF consent string is an encoded data structure which is supposed to hold information about a user’s privacy preferences to communicate them to would be trackers on a page to ensure GDPR compliance. Consent string abuse is serious, but using the consent string itself to smuggle out the payload from invasive data collection is a new level of audacity. Walk through a real case of consent string steganography we caught operating at a massive scale.","updated_timestamp":{"seconds":1659214080,"nanoseconds":0},"speakers":[{"content_ids":[49160],"conference_id":65,"event_ids":[49196],"name":"Kaileigh McCrea","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48599}],"timeband_id":893,"links":[],"end":"2022-08-14T18:30:00.000-0000","id":49196,"village_id":10,"begin_timestamp":{"seconds":1660500000,"nanoseconds":0},"tag_ids":[40253,45347,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48599}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"begin":"2022-08-14T18:00:00.000-0000","updated":"2022-07-30T20:48:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Don't flake early! There will be several rounds of well-punned games all localized to Project Obsidian's killchain data and the tools utilized. Learn how the fates will treat you with an incident on the line. Backdoors & Breaches is an Incident Response Card Game from Black Hills Information Security and Active Countermeasures. The game contains 52 unique cards to conduct incident response tabletop exercises and learn attack tactics, tools, and methods. \r\n\r\nhttps://www.blackhillsinfosec.com/projects/backdoorsandbreaches/\n\n\nA crowd interactive, igneous take on the BHIS IR card game.","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#97ab92","name":"Blue Team Village","id":45376},"title":"Backdoors & Breaches, Back to the Stone Age!","end_timestamp":{"seconds":1660503600,"nanoseconds":0},"android_description":"Don't flake early! There will be several rounds of well-punned games all localized to Project Obsidian's killchain data and the tools utilized. Learn how the fates will treat you with an incident on the line. Backdoors & Breaches is an Incident Response Card Game from Black Hills Information Security and Active Countermeasures. The game contains 52 unique cards to conduct incident response tabletop exercises and learn attack tactics, tools, and methods. \r\n\r\nhttps://www.blackhillsinfosec.com/projects/backdoorsandbreaches/\n\n\nA crowd interactive, igneous take on the BHIS IR card game.","updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T19:00:00.000-0000","id":48945,"begin_timestamp":{"seconds":1660500000,"nanoseconds":0},"village_id":7,"tag_ids":[40250,45365,45373,45376,45451],"includes":"","people":[],"tags":"Walkthrough Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Main Stage (In-person)","hotel":"","short_name":"BTV Main Stage (In-person)","id":45470},"updated":"2022-07-28T21:38:00.000-0000","begin":"2022-08-14T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"II'll document the kernel tracing APIs in modern versions of windows, implemented to support Microsofts' port of the ‘DTrace’ system to windows. This system provides an officially supported mechanism to perform system call interception that is patchguard compatible, but not secure boot compatible. Alongside the history and details of DTrace this talk will also cover a C++ and Rust based reimplementation of the system that I call STrace. This reimplementation allows users to write custom plugin dlls which are manually mapped to the kernel address space. These plugins can then log all system calls, or perform any side effects before and after system call execution by invoking the typical kernel driver APIs – if desired.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"title":"STrace - A DTrace on windows reimplementation.","end_timestamp":{"seconds":1660502700,"nanoseconds":0},"android_description":"II'll document the kernel tracing APIs in modern versions of windows, implemented to support Microsofts' port of the ‘DTrace’ system to windows. This system provides an officially supported mechanism to perform system call interception that is patchguard compatible, but not secure boot compatible. Alongside the history and details of DTrace this talk will also cover a C++ and Rust based reimplementation of the system that I call STrace. This reimplementation allows users to write custom plugin dlls which are manually mapped to the kernel address space. These plugins can then log all system calls, or perform any side effects before and after system call execution by invoking the typical kernel driver APIs – if desired.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48580],"conference_id":65,"event_ids":[48592],"name":"Stephen Eckels","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/stephen-eckels-995211102"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/stevemk14ebr"}],"pronouns":null,"media":[],"id":47875}],"timeband_id":893,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242292"}],"end":"2022-08-14T18:45:00.000-0000","id":48592,"village_id":null,"tag_ids":[45241,45279,45281,45375,45450],"begin_timestamp":{"seconds":1660500000,"nanoseconds":0},"includes":"Tool, Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47875}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"spans_timebands":"N","updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-14T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"DLL Hijacking, being a well-known technique for executing malicious\npayloads via trusted executables, has been scrutinised extensively, to\nthe point where defensive measures are in a much better position to\ndetect abuse. To bypass detection, stealthier and harder-to-detect\nalternatives need to come into play.\n\nIn this presentation, we will take a closer look at how process-level\nEnvironment Variables can be abused for taking over legitimate\napplications. Taking a systemic approach, we will demonstrate that over\n80 Windows-native executables are vulnerable to this special type of\nDLL Hijacking. As this raises additional opportunities for User Account\nControl (UAC) bypass and Privilege Escalation, we will discuss the\nvalue and further implications of this technique and these findings.\n\n\n","title":"Save The Environment (Variable): Hijacking Legitimate Applications with a Minimal Footprint","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"android_description":"DLL Hijacking, being a well-known technique for executing malicious\npayloads via trusted executables, has been scrutinised extensively, to\nthe point where defensive measures are in a much better position to\ndetect abuse. To bypass detection, stealthier and harder-to-detect\nalternatives need to come into play.\n\nIn this presentation, we will take a closer look at how process-level\nEnvironment Variables can be abused for taking over legitimate\napplications. Taking a systemic approach, we will demonstrate that over\n80 Windows-native executables are vulnerable to this special type of\nDLL Hijacking. As this raises additional opportunities for User Account\nControl (UAC) bypass and Privilege Escalation, we will discuss the\nvalue and further implications of this technique and these findings.","end_timestamp":{"seconds":1660502700,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48579],"conference_id":65,"event_ids":[48546],"name":"Wietze Beukema","affiliations":[{"organization":"","title":"Threat Detection & Response at CrowdStrike"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/wietze"},{"description":"","title":"Website","sort_order":0,"url":"https://wietzebeukema.nl/"}],"pronouns":null,"media":[],"id":47829,"title":"Threat Detection & Response at CrowdStrike"}],"timeband_id":893,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242202"}],"end":"2022-08-14T18:45:00.000-0000","id":48546,"village_id":null,"begin_timestamp":{"seconds":1660500000,"nanoseconds":0},"tag_ids":[45241,45279,45281,45375,45450],"includes":"Demo, Tool","people":[{"tag_id":565,"sort_order":1,"person_id":47829}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 401-410, 421 (Track 3)","hotel":"","short_name":"401-410, 421 (Track 3)","id":45374},"updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-14T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"do your eyes hurt? is your brain aching? is your pain caused from too much deciphering difficult assembly (or decompiled C) code?\n assembly can hurt, C code can be worse. partial emulation to the rescue!\n let the emulator walk you through the code, let it answer hard questions/problems you run into in your reversing/vuln research.\n this talk will introduce you the power of emulator-driven reversing. guide your RE with the help of an emulator (one that can survive limited context), emulate code you don't want to reverse, be better, learn more, be faster, with less brain-drain.\n make no mistake, RE will always have room for magicians to show their wizardry... but after this talk, you may find yourself a much more powerful wizard.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"title":"emulation-driven reverse-engineering for finding vulns","end_timestamp":{"seconds":1660502700,"nanoseconds":0},"android_description":"do your eyes hurt? is your brain aching? is your pain caused from too much deciphering difficult assembly (or decompiled C) code?\n assembly can hurt, C code can be worse. partial emulation to the rescue!\n let the emulator walk you through the code, let it answer hard questions/problems you run into in your reversing/vuln research.\n this talk will introduce you the power of emulator-driven reversing. guide your RE with the help of an emulator (one that can survive limited context), emulate code you don't want to reverse, be better, learn more, be faster, with less brain-drain.\n make no mistake, RE will always have room for magicians to show their wizardry... but after this talk, you may find yourself a much more powerful wizard.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48577],"conference_id":65,"event_ids":[48537],"name":"atlas","affiliations":[{"organization":"","title":"chief pwning officer, 0fd00m c0rp0ration"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/at1as"},{"description":"","title":"Website","sort_order":0,"url":"http://atlas.r4780y.com/"}],"media":[],"id":47819,"title":"chief pwning officer, 0fd00m c0rp0ration"}],"timeband_id":893,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242206"}],"end":"2022-08-14T18:45:00.000-0000","id":48537,"village_id":null,"begin_timestamp":{"seconds":1660500000,"nanoseconds":0},"tag_ids":[45241,45279,45281,45348,45375,45450],"includes":"Demo, Tool","people":[{"tag_id":565,"sort_order":1,"person_id":47819}],"tags":"Pre-Recorded Content","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 106-110, 138-139 (Track 2)","hotel":"","short_name":"106-110, 138-139 (Track 2)","id":45373},"updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-14T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"For decades, software vulnerabilities have remained an unsolvable security problem regardless of years of investment in various mitigations, hardening and fuzzing strategies. In the last years there have been moves to formal methods as a path toward better security. Verification and formal methods can produce rigorous arguments about the absence of the entire classes of security bugs, and are a powerful tool to build highly secure software.\n\nAdaCore/SPARK is a formally defined programming language intended for the development of high integrity software used in systems where predictable and highly reliable operation is crucial. The formal, unambiguous, definition of SPARK allows a variety of static analysis techniques to be applied, including information flow analysis, proof of absence of run-time exceptions, proof of termination, proof of functional correctness, and proof of safety and security properties.\n\nIn this talk we will dive-into AdaCore/SPARK, cover the blind spots and limitations, and show real-world vulnerabilities which we met during my work and which are still possible in the formally proven software. We will also show an exploit targeting one of the previously described vulnerabilities.\n\n\n","title":"Exploitation in the era of formal verification: a peek at a new frontier with AdaCore/SPARK","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"android_description":"For decades, software vulnerabilities have remained an unsolvable security problem regardless of years of investment in various mitigations, hardening and fuzzing strategies. In the last years there have been moves to formal methods as a path toward better security. Verification and formal methods can produce rigorous arguments about the absence of the entire classes of security bugs, and are a powerful tool to build highly secure software.\n\nAdaCore/SPARK is a formally defined programming language intended for the development of high integrity software used in systems where predictable and highly reliable operation is crucial. The formal, unambiguous, definition of SPARK allows a variety of static analysis techniques to be applied, including information flow analysis, proof of absence of run-time exceptions, proof of termination, proof of functional correctness, and proof of safety and security properties.\n\nIn this talk we will dive-into AdaCore/SPARK, cover the blind spots and limitations, and show real-world vulnerabilities which we met during my work and which are still possible in the formally proven software. We will also show an exploit targeting one of the previously described vulnerabilities.","end_timestamp":{"seconds":1660502700,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48578],"conference_id":65,"event_ids":[48509],"name":"Adam 'pi3' Zabrocki","affiliations":[{"organization":"NVIDIA","title":"Principal System Software Engineer (Offensive Security)"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Adam_pi3"},{"description":"","title":"Website","sort_order":0,"url":"http://pi3.com.pl/"}],"media":[],"id":47831,"title":"Principal System Software Engineer (Offensive Security) at NVIDIA"},{"content_ids":[48578],"conference_id":65,"event_ids":[48509],"name":"Alex Tereshkin","affiliations":[{"organization":"NVIDIA","title":"Principal System Software Engineer (Offensive Security)"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/AlexTereshkin"}],"media":[],"id":47855,"title":"Principal System Software Engineer (Offensive Security) at NVIDIA"}],"timeband_id":893,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242282"}],"end":"2022-08-14T18:45:00.000-0000","id":48509,"village_id":null,"tag_ids":[45241,45279,45375,45450],"begin_timestamp":{"seconds":1660500000,"nanoseconds":0},"includes":"Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47831},{"tag_id":565,"sort_order":1,"person_id":47855}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 104-105, 135-136 (Track 1)","hotel":"","short_name":"104-105, 135-136 (Track 1)","id":45372},"spans_timebands":"N","updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-14T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Cloud security is evolving rapidly and can be challenging. The growing need for remote working over the last year enhances this development. How can companies keep up with the pace of change? How do you know you are secure? Are the default installations secure? How do you find and fix your Cloud misconfigurations? How do you even start doing a Cloud assessment? Is it like an on-premise one?\r\nAt the end of the conversation you will have a detailed guide with tools and examples of how can you hack/secure a cloud environment in only #4Steps.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#7caa57","updated_at":"2024-06-07T03:39+0000","name":"Cloud Village","id":45350},"title":"How to do Cloud Security assessments like a pro in only #4Steps","android_description":"Cloud security is evolving rapidly and can be challenging. The growing need for remote working over the last year enhances this development. How can companies keep up with the pace of change? How do you know you are secure? Are the default installations secure? How do you find and fix your Cloud misconfigurations? How do you even start doing a Cloud assessment? Is it like an on-premise one?\r\nAt the end of the conversation you will have a detailed guide with tools and examples of how can you hack/secure a cloud environment in only #4Steps.","end_timestamp":{"seconds":1660501200,"nanoseconds":0},"updated_timestamp":{"seconds":1659283260,"nanoseconds":0},"speakers":[{"content_ids":[49181,49185],"conference_id":65,"event_ids":[49217,49221],"name":"Ricardo Sanchez","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48644}],"timeband_id":893,"links":[],"end":"2022-08-14T18:20:00.000-0000","id":49217,"village_id":9,"tag_ids":[40252,45340,45350,45451],"begin_timestamp":{"seconds":1660498800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48644}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Cloud Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Cloud Village)","id":45431},"begin":"2022-08-14T17:40:00.000-0000","updated":"2022-07-31T16:01:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The transparency, immutability, and availibility of cryptocurrency blockchain data work to the advantage of Blockchain Forensics Investigators. Follow a crytpcurrency forensic analyst as we go from a single transaction to attribution.\n\n\n","title":"Basic Blockchain Forensics","type":{"conference_id":65,"conference":"DEFCON30","color":"#a8c24b","updated_at":"2024-06-07T03:39+0000","name":"Skytalk","id":45291},"android_description":"The transparency, immutability, and availibility of cryptocurrency blockchain data work to the advantage of Blockchain Forensics Investigators. Follow a crytpcurrency forensic analyst as we go from a single transaction to attribution.","end_timestamp":{"seconds":1660501500,"nanoseconds":0},"updated_timestamp":{"seconds":1658865540,"nanoseconds":0},"speakers":[{"content_ids":[48719],"conference_id":65,"event_ids":[48726],"name":"K1ng_Cr4b","affiliations":[],"links":[],"pronouns":null,"media":[],"id":47988}],"timeband_id":893,"links":[],"end":"2022-08-14T18:25:00.000-0000","id":48726,"village_id":30,"tag_ids":[40272,45291,45340,45373,45453],"begin_timestamp":{"seconds":1660498500,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47988}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45438,"name":"LINQ - BLOQ (SkyTalks 303)","hotel":"","short_name":"BLOQ (SkyTalks 303)","id":45413},"begin":"2022-08-14T17:35:00.000-0000","updated":"2022-07-26T19:59:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Adversary Wars CTF will have real world simulation CTF scenarios and challenges, where the adversaries can simulate attacks and learn new attack vectors, TTPs, techniques, etc. There would be combined exercises which include different levels of threat/adversary emulation and purple teaming.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#54ab76","name":"Adversary Village","id":45377},"title":"Adversary Wars CTF","android_description":"Adversary Wars CTF will have real world simulation CTF scenarios and challenges, where the adversaries can simulate attacks and learn new attack vectors, TTPs, techniques, etc. There would be combined exercises which include different levels of threat/adversary emulation and purple teaming.","end_timestamp":{"seconds":1660509000,"nanoseconds":0},"updated_timestamp":{"seconds":1659886920,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T20:30:00.000-0000","id":49784,"begin_timestamp":{"seconds":1660498200,"nanoseconds":0},"tag_ids":[40246,45358,45373,45377,45451],"village_id":1,"includes":"","people":[],"tags":"CTF","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"spans_timebands":"N","updated":"2022-08-07T15:42:00.000-0000","begin":"2022-08-14T17:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Adversary Simulator booth will have hands-on adversary emulation plans specific to a wide variety of threat-actors - ransomware, these are meant to provide the participant/visitor with a better understanding of the Adversary tactics.\n\n\n","title":"Adversary Booth","type":{"conference_id":65,"conference":"DEFCON30","color":"#54ab76","updated_at":"2024-06-07T03:39+0000","name":"Adversary Village","id":45377},"android_description":"Adversary Simulator booth will have hands-on adversary emulation plans specific to a wide variety of threat-actors - ransomware, these are meant to provide the participant/visitor with a better understanding of the Adversary tactics.","end_timestamp":{"seconds":1660505400,"nanoseconds":0},"updated_timestamp":{"seconds":1659886380,"nanoseconds":0},"speakers":[{"content_ids":[49570],"conference_id":65,"event_ids":[49776,49778,49779,49780,49781],"name":"Michael Kouremetis","affiliations":[{"organization":"MITRE Corporation","title":"Lead Cyber Operations Engineer and Group Lead"}],"links":[],"pronouns":null,"media":[],"id":48920,"title":"Lead Cyber Operations Engineer and Group Lead at MITRE Corporation"},{"content_ids":[49570],"conference_id":65,"event_ids":[49776,49778,49779,49780,49781],"name":"Melanie Chan","affiliations":[{"organization":"MITRE Corporation","title":"Senior Cybersecurity Engineer & Intern Coordinator"}],"links":[],"pronouns":null,"media":[],"id":48921,"title":"Senior Cybersecurity Engineer & Intern Coordinator at MITRE Corporation"},{"content_ids":[49570],"conference_id":65,"event_ids":[49776,49778,49779,49780,49781],"name":"Ethan Michalak","affiliations":[{"organization":"MITRE Corporation","title":"Cyber Security Intern"}],"links":[],"pronouns":null,"media":[],"id":48930,"title":"Cyber Security Intern at MITRE Corporation"},{"content_ids":[49570],"conference_id":65,"event_ids":[49776,49778,49779,49780,49781],"name":"Dean Lawrence","affiliations":[{"organization":"MITRE Corporation","title":"Software Systems Engineer"}],"links":[],"pronouns":null,"media":[],"id":48932,"title":"Software Systems Engineer at MITRE Corporation"},{"content_ids":[49570],"conference_id":65,"event_ids":[49776,49778,49779,49780,49781],"name":"Jay Yee","affiliations":[{"organization":"MITRE Corporation","title":"Senior Cyber Security Engineer, Defensive Cyber Operations"}],"links":[],"pronouns":null,"media":[],"id":48946,"title":"Senior Cyber Security Engineer, Defensive Cyber Operations at MITRE Corporation"}],"timeband_id":893,"links":[],"end":"2022-08-14T19:30:00.000-0000","id":49781,"begin_timestamp":{"seconds":1660498200,"nanoseconds":0},"village_id":1,"tag_ids":[40246,45364,45373,45377,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48932},{"tag_id":565,"sort_order":1,"person_id":48930},{"tag_id":565,"sort_order":1,"person_id":48946},{"tag_id":565,"sort_order":1,"person_id":48921},{"tag_id":565,"sort_order":1,"person_id":48920}],"tags":"Educational Event","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"spans_timebands":"N","begin":"2022-08-14T17:30:00.000-0000","updated":"2022-08-07T15:33:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"There are loads of ways to get through a door without actually attacking the lock itself, including using the egress hardware, access control hardware, and countless other techniques to gain entry. Learn the basics in this talk.\n\n\n","title":"Bypass 101","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#61ba95","name":"Physical Security Village","id":45381},"end_timestamp":{"seconds":1660500000,"nanoseconds":0},"android_description":"There are loads of ways to get through a door without actually attacking the lock itself, including using the egress hardware, access control hardware, and countless other techniques to gain entry. Learn the basics in this talk.","updated_timestamp":{"seconds":1659624300,"nanoseconds":0},"speakers":[{"content_ids":[49393,49398,49399,49400],"conference_id":65,"event_ids":[49540,49545,49546,49547,49556,49557,49558],"name":"Karen Ng","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/hwenab"}],"pronouns":null,"media":[],"id":48801}],"timeband_id":893,"links":[],"end":"2022-08-14T18:00:00.000-0000","id":49557,"begin_timestamp":{"seconds":1660498200,"nanoseconds":0},"tag_ids":[40264,45340,45373,45381,45450],"village_id":22,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48801}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 201-202 (Physical Security Village)","hotel":"","short_name":"201-202 (Physical Security Village)","id":45428},"spans_timebands":"N","updated":"2022-08-04T14:45:00.000-0000","begin":"2022-08-14T17:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#c497fa","updated_at":"2024-06-07T03:39+0000","name":"Girls Hack Village","id":45361},"title":"Edutainment: A gateway into the field of Cybersecurity & Online safety for girls.","android_description":"","end_timestamp":{"seconds":1660500000,"nanoseconds":0},"updated_timestamp":{"seconds":1659465840,"nanoseconds":0},"speakers":[{"content_ids":[49298,49315],"conference_id":65,"event_ids":[49397,49415],"name":"Monique Head","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/moniquehead/"}],"media":[],"id":48731}],"timeband_id":893,"links":[],"end":"2022-08-14T18:00:00.000-0000","id":49415,"tag_ids":[40255,45340,45361,45451],"begin_timestamp":{"seconds":1660498200,"nanoseconds":0},"village_id":12,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48731}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City III (Girls Hack Village)","hotel":"","short_name":"Virginia City III (Girls Hack Village)","id":45400},"begin":"2022-08-14T17:30:00.000-0000","updated":"2022-08-02T18:44:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The most dangerous cyber threat faced by unmanned air systems and other autonomous vehicles is the threat of hijacking via cyberattack. This work investigates and develops a novel method of attack by false data injection of the vehicle’s measurement data. It is shown that this approach is system agnostic and can be used to takeover a system without any prior knowledge of the system. The attack is demonstrated in both simulation and hardware experiments.\n\n\n","title":"Control Acquisition Attack of Aerospace Systems by False Data Injection","type":{"conference_id":65,"conference":"DEFCON30","color":"#f5eab2","updated_at":"2024-06-07T03:39+0000","name":"Aerospace Village","id":45357},"android_description":"The most dangerous cyber threat faced by unmanned air systems and other autonomous vehicles is the threat of hijacking via cyberattack. This work investigates and develops a novel method of attack by false data injection of the vehicle’s measurement data. It is shown that this approach is system agnostic and can be used to takeover a system without any prior knowledge of the system. The attack is demonstrated in both simulation and hardware experiments.","end_timestamp":{"seconds":1660501200,"nanoseconds":0},"updated_timestamp":{"seconds":1659379440,"nanoseconds":0},"speakers":[{"content_ids":[49242],"conference_id":65,"event_ids":[49285],"name":"Garrett Jares","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48678}],"timeband_id":893,"links":[],"end":"2022-08-14T18:20:00.000-0000","id":49285,"tag_ids":[40247,45340,45357,45450],"village_id":2,"begin_timestamp":{"seconds":1660498200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48678}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","updated":"2022-08-01T18:44:00.000-0000","begin":"2022-08-14T17:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"We've all heard, seen, and probably played in \"the metaverse.\" The metaverse is a type of extended reality (XR), like virtual reality or augmented reality. Some of you may have wondered: Where is my information going? What kinds of things does XR tech know about me? What XR information about me is accessible to private companies and to the government? Do privacy laws protect me in the metaverse?\r\n\r\nOver the last two years, we've looked at various pieces of XR tech and where it intersects with the law. We have several answers for you, none of them satisfying, and each one raising even more questions. \r\n\r\nCome join us for a wild ride to explore how extended reality plays both within and outside of existing privacy regulations, the rights you might have, and what we really need from legislators and companies to protect your privacy.\r\n\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#ff88ea","updated_at":"2024-06-07T03:39+0000","name":"Crypto & Privacy Village","id":45347},"title":"XR Technology Has 99 Problems and Privacy is Several of Them (PRE-RECORDED)","end_timestamp":{"seconds":1660500000,"nanoseconds":0},"android_description":"We've all heard, seen, and probably played in \"the metaverse.\" The metaverse is a type of extended reality (XR), like virtual reality or augmented reality. Some of you may have wondered: Where is my information going? What kinds of things does XR tech know about me? What XR information about me is accessible to private companies and to the government? Do privacy laws protect me in the metaverse?\r\n\r\nOver the last two years, we've looked at various pieces of XR tech and where it intersects with the law. We have several answers for you, none of them satisfying, and each one raising even more questions. \r\n\r\nCome join us for a wild ride to explore how extended reality plays both within and outside of existing privacy regulations, the rights you might have, and what we really need from legislators and companies to protect your privacy.","updated_timestamp":{"seconds":1659214080,"nanoseconds":0},"speakers":[{"content_ids":[49159],"conference_id":65,"event_ids":[49195],"name":"Suchi Pahi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48620},{"content_ids":[49159],"conference_id":65,"event_ids":[49195],"name":"Calli Schroeder","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48621}],"timeband_id":893,"links":[],"end":"2022-08-14T18:00:00.000-0000","id":49195,"begin_timestamp":{"seconds":1660498200,"nanoseconds":0},"tag_ids":[40253,45347,45348,45451],"village_id":10,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48621},{"tag_id":565,"sort_order":1,"person_id":48620}],"tags":"Pre-Recorded Content","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"begin":"2022-08-14T17:30:00.000-0000","updated":"2022-07-30T20:48:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"As of this year, there are over a 2.5 billion Edge-enabled IoT devices and close to 1.5 million new AI Edge devices projected to be shipped. These devices include smaller compressed versions of AI models running on them. While in the last years, we have been able to improve the performance of the AI models and reduce their memory footprint on these devices, not much has been spoken about the security threats of the AI models on tiny models.\r\n\r\nFirst step towards protecting these AI models from attacks such as Model Theft, evasion and data poisoning, would be to study the efficacy of attacks on these Tiny Intelligent systems. Some of them at the lower Hardware and software layers could be protected through classical embedded security, they alone would not suffice to protect these Tiny Intelligence. Many of these tiny devices (microcontrollers) do not come with built-in security features because of their price and power requirements. So an understanding of how the core AI algorithm could be attacked and protected become necessary. In this talk we go about discussing what could be the possible threats to these devices and provide directions on how additional AI security measures would save the Tiny intelligence.\n\n\n","title":"Attacks on Tiny Intelligence","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#7692ac","name":"AI Village","id":45330},"end_timestamp":{"seconds":1660501200,"nanoseconds":0},"android_description":"As of this year, there are over a 2.5 billion Edge-enabled IoT devices and close to 1.5 million new AI Edge devices projected to be shipped. These devices include smaller compressed versions of AI models running on them. While in the last years, we have been able to improve the performance of the AI models and reduce their memory footprint on these devices, not much has been spoken about the security threats of the AI models on tiny models.\r\n\r\nFirst step towards protecting these AI models from attacks such as Model Theft, evasion and data poisoning, would be to study the efficacy of attacks on these Tiny Intelligent systems. Some of them at the lower Hardware and software layers could be protected through classical embedded security, they alone would not suffice to protect these Tiny Intelligence. Many of these tiny devices (microcontrollers) do not come with built-in security features because of their price and power requirements. So an understanding of how the core AI algorithm could be attacked and protected become necessary. In this talk we go about discussing what could be the possible threats to these devices and provide directions on how additional AI security measures would save the Tiny intelligence.","updated_timestamp":{"seconds":1659293160,"nanoseconds":0},"speakers":[{"content_ids":[49046],"conference_id":65,"event_ids":[49049],"name":"Yuvaraj Govindarajulu ","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48475}],"timeband_id":893,"links":[],"end":"2022-08-14T18:20:00.000-0000","id":49049,"tag_ids":[40248,45330,45450],"begin_timestamp":{"seconds":1660498200,"nanoseconds":0},"village_id":3,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48475}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (AI Village)","hotel":"","short_name":"220->236 (AI Village)","id":45410},"spans_timebands":"N","begin":"2022-08-14T17:30:00.000-0000","updated":"2022-07-31T18:46:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"\"This light installation \"\"Memento Vivere\"\" is made up of several connected objects, which will interact with spectators as they pass through the event space. The aim of this multidisciplinary project is to give viewers an experience at the intersection of art and technology, by pushing the public to think critically about the relationship between technology and cognitive function (or even dysfunction).\r\n\r\nThe installation consists of a series of electroluminescent cables that emerge out of a skull structure built using 3D pen technology. The cables together form a massive connected object, which responds to the interactions of its spectators. Different cables and sectors of the installation will light up according to the movement in front of the piece, the acoustic vibration, and the electronic objects that are present in the room. The spectator is thus encouraged to move and walk in front of the installation, to discover the actions that stimulate the brain. \r\n\r\nThe IoT technology used in this piece reflects the guiding question of this project: over time, how does the Internet influence our mental functions, human creativity, and the connections between people? IoT sensors can be used to stimulate, and perhaps even expand, the brain's function. However, when taken to its extreme, the overstimulation generated by a constant flow of information from IoT capture points to the brain, leads to a degradation of some of the functions that make up the foundation of a human being. I hope to convey the message that technology creates an important bridge between people and ideas, while encouraging healthy criticism or interrogation of the influence that digital tools have in our lives.\r\n\r\nThis project is being developed in collaboration with Dr. Frederik Van Gestel, a neuroscience researcher at UZ Brussel, who focuses on the uses of XR technologies in neuro rehabilitation. This piece was first initiated through research funding provided by the Fédération Wallonie-Bruxelles. \"\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#a67a60","updated_at":"2024-06-07T03:39+0000","name":"Biohacking Village","id":45329},"title":"Memento Vivere: A connected light installation on cerebral (dys)function","end_timestamp":{"seconds":1660503600,"nanoseconds":0},"android_description":"\"This light installation \"\"Memento Vivere\"\" is made up of several connected objects, which will interact with spectators as they pass through the event space. The aim of this multidisciplinary project is to give viewers an experience at the intersection of art and technology, by pushing the public to think critically about the relationship between technology and cognitive function (or even dysfunction).\r\n\r\nThe installation consists of a series of electroluminescent cables that emerge out of a skull structure built using 3D pen technology. The cables together form a massive connected object, which responds to the interactions of its spectators. Different cables and sectors of the installation will light up according to the movement in front of the piece, the acoustic vibration, and the electronic objects that are present in the room. The spectator is thus encouraged to move and walk in front of the installation, to discover the actions that stimulate the brain. \r\n\r\nThe IoT technology used in this piece reflects the guiding question of this project: over time, how does the Internet influence our mental functions, human creativity, and the connections between people? IoT sensors can be used to stimulate, and perhaps even expand, the brain's function. However, when taken to its extreme, the overstimulation generated by a constant flow of information from IoT capture points to the brain, leads to a degradation of some of the functions that make up the foundation of a human being. I hope to convey the message that technology creates an important bridge between people and ideas, while encouraging healthy criticism or interrogation of the influence that digital tools have in our lives.\r\n\r\nThis project is being developed in collaboration with Dr. Frederik Van Gestel, a neuroscience researcher at UZ Brussel, who focuses on the uses of XR technologies in neuro rehabilitation. This piece was first initiated through research funding provided by the Fédération Wallonie-Bruxelles. \"","updated_timestamp":{"seconds":1659108840,"nanoseconds":0},"speakers":[{"content_ids":[49028],"conference_id":65,"event_ids":[49031],"name":"Rick Martinez Herrera","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/riikc/"}],"pronouns":null,"media":[],"id":48458}],"timeband_id":893,"links":[],"end":"2022-08-14T19:00:00.000-0000","id":49031,"village_id":5,"begin_timestamp":{"seconds":1660498200,"nanoseconds":0},"tag_ids":[40277,45329,45373,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48458}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Laughlin I,II,III (Biohacking Village)","hotel":"","short_name":"Laughlin I,II,III (Biohacking Village)","id":45405},"spans_timebands":"N","begin":"2022-08-14T17:30:00.000-0000","updated":"2022-07-29T15:34:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#856899","updated_at":"2024-06-07T03:39+0000","name":"Lock Pick Village","id":45362},"title":"Intro to Lockpicking","android_description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.","end_timestamp":{"seconds":1660499100,"nanoseconds":0},"updated_timestamp":{"seconds":1659419820,"nanoseconds":0},"speakers":[{"content_ids":[49271],"conference_id":65,"event_ids":[49344,49345,49346,49347,49348,49349,49350,49351],"name":"TOOOL","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48697}],"timeband_id":893,"links":[],"end":"2022-08-14T17:45:00.000-0000","id":49348,"begin_timestamp":{"seconds":1660497300,"nanoseconds":0},"tag_ids":[40259,45340,45362,45373,45450],"village_id":17,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48697}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 203-204, 235 (Lock Pick Village)","hotel":"","short_name":"203-204, 235 (Lock Pick Village)","id":45399},"begin":"2022-08-14T17:15:00.000-0000","updated":"2022-08-02T05:57:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"pTFS is a hacker collective that has been competing in various DEF CON contests for almost 15 years.\r\n\r\nOutside the Box is a fun and interactive jeopardy style CTF contest. Don't worry if you don't know what that means. Winning will require demonstrating a wide range of hacking skills, but participating is encouraged for all ability levels. Challenges range from simple puzzles, to challenging crypto problems, to truly outside the box hijinks.\r\n\r\nMayhem Industries, a big multinational corporation, runs energy extraction and private military contracting all over the world. Our game begins with a tip that they're Up To Something on an oil rig in the Black Sea off the coast of Egypt. But what are they up to? How do you even hack an oil rig? Is this box with flashing light, exposed ports, and locked doors and ancient relic or of some extraterrestrial origin‽ Join us at DEF CON 30 to find out.\r\n\r\nFk Gl Hlnvgsrmt\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"title":"pTFS Presents: Mayhem Industries - Outside the Box","android_description":"pTFS is a hacker collective that has been competing in various DEF CON contests for almost 15 years.\r\n\r\nOutside the Box is a fun and interactive jeopardy style CTF contest. Don't worry if you don't know what that means. Winning will require demonstrating a wide range of hacking skills, but participating is encouraged for all ability levels. Challenges range from simple puzzles, to challenging crypto problems, to truly outside the box hijinks.\r\n\r\nMayhem Industries, a big multinational corporation, runs energy extraction and private military contracting all over the world. Our game begins with a tip that they're Up To Something on an oil rig in the Black Sea off the coast of Egypt. But what are they up to? How do you even hack an oil rig? Is this box with flashing light, exposed ports, and locked doors and ancient relic or of some extraterrestrial origin‽ Join us at DEF CON 30 to find out.\r\n\r\nFk Gl Hlnvgsrmt","end_timestamp":{"seconds":1660507200,"nanoseconds":0},"updated_timestamp":{"seconds":1660259940,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[{"label":"Twitter","type":"link","url":"https://twitter.com/Mayhem_Ind"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/996933488735440966"},{"label":"Contest","type":"link","url":"https://mayhem-industries.net/"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/240978"}],"end":"2022-08-14T20:00:00.000-0000","id":49937,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"village_id":null,"tag_ids":[45360,45375,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"updated":"2022-08-11T23:19:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Red Alert ICS CTF is a competition for Hackers by Hackers. The event exclusively focuses on having the participants break through several layers of security in our virtual SCADA environment and eventually take over complete control of the SCADA system.\r\n\r\nThe contest would house actual ICS (Industrial Control System) devices from various vendors on a testbed showcasing different sectors of critical infrastructure. The participants would be able to view and engage with the devices in real time and understand how each of them control each of the aspects of the testbed and leverage this to compromise the devices.\r\n\r\nRed Alert ICS CTF is back with a ton of fun challenges after successfully running the CTF at DEF CON 29, DEF CON 27 and DEF CON 26 (Black Badge).\r\n\r\nHighlights of the Red Alert ICS CTF is available at: https://youtu.be/AanKdrrQ0u0\r\n\r\nTeam Size: The team size is limited to a maximum of 4 players per team. Teams can have 1-4 players.\r\n\r\nAdditional Information: The toolkit required to access any of our specialized hardware/equipment will be provided by us.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"title":"Red Alert ICS CTF ","android_description":"Red Alert ICS CTF is a competition for Hackers by Hackers. The event exclusively focuses on having the participants break through several layers of security in our virtual SCADA environment and eventually take over complete control of the SCADA system.\r\n\r\nThe contest would house actual ICS (Industrial Control System) devices from various vendors on a testbed showcasing different sectors of critical infrastructure. The participants would be able to view and engage with the devices in real time and understand how each of them control each of the aspects of the testbed and leverage this to compromise the devices.\r\n\r\nRed Alert ICS CTF is back with a ton of fun challenges after successfully running the CTF at DEF CON 29, DEF CON 27 and DEF CON 26 (Black Badge).\r\n\r\nHighlights of the Red Alert ICS CTF is available at: https://youtu.be/AanKdrrQ0u0\r\n\r\nTeam Size: The team size is limited to a maximum of 4 players per team. Teams can have 1-4 players.\r\n\r\nAdditional Information: The toolkit required to access any of our specialized hardware/equipment will be provided by us.","end_timestamp":{"seconds":1660503600,"nanoseconds":0},"updated_timestamp":{"seconds":1659991380,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[{"label":"YouTube","type":"link","url":"https://youtu.be/AanKdrrQ0u0"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241399"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/864187671776329738"},{"label":"Twitter","type":"link","url":"https://twitter.com/icsctf"}],"end":"2022-08-14T19:00:00.000-0000","id":49926,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"village_id":null,"tag_ids":[45360,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"updated":"2022-08-08T20:43:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"You may have heard that ‘Grover’s search will break crypto’ - so come see a worked example and Q&A!\n\n\n","title":"Grover's Search - a worked example","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#aae997","name":"Quantum Village","id":45382},"android_description":"You may have heard that ‘Grover’s search will break crypto’ - so come see a worked example and Q&A!","end_timestamp":{"seconds":1660500000,"nanoseconds":0},"updated_timestamp":{"seconds":1660333440,"nanoseconds":0},"speakers":[{"content_ids":[49699,49704,49713],"conference_id":65,"event_ids":[49894,49889,49903],"name":"Mark C","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49051}],"timeband_id":893,"links":[],"end":"2022-08-14T18:00:00.000-0000","id":49903,"village_id":24,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"tag_ids":[40266,45340,45373,45382,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49051}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 217 (Quantum Village)","hotel":"","short_name":"217 (Quantum Village)","id":45403},"spans_timebands":"N","updated":"2022-08-12T19:44:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Opulent Voice Opulent Voice is an open source high bitrate digital voice (and data) protocol. It's intended to be useful for both space and terrestrial deployments. We’re getting nice clear 16kbps OPUS audio out of the demodulator. See and hear a demonstration at the ORI exhibit in RF Village. We’ll be using COBS protocol within Opulent Voice. If you’re unfamiliar with COBS, please read about it here: https://en.wikipedia.org/wiki/Consistent_Overhead_Byte_Stuffing Authentication and authorization is built in and optional. There is no separate “packet mode”. Things are designed to “just work” and get out of your way whether or not you’re sending voice or data. Based on Mobilinkd codebase that implemented M17, the Opulent Voice development implementation can be found here: https://github.com/phase4ground/opv-cxx-demod Authentication and Authorization functions will be summarized in a poster presentation. Find out more about this work here: https://github.com/phase4ground/documents/tree/master/Engineering/AAAAA Ribbit Ribbit is an open source SMS data mode that leverages smart phone hardware. The free Android app produces digital audio that you transmit over your HT or any other audio coupled device. There will be poster explaining the architecture and you can pick up a Ribbit sticker with QR code for the free Android app at ORI's exhibit in RF Village. Regulatory Interested in being able to do more with open source satellites? We have some landmark regulatory results that solve a big problem for those of us in the US that have wanted to do open source satellite work without fear. See our poster in RF Village and find out more at the following link: https://github.com/phase4ground/documents/tree/master/Regulatory OpenRTX OpenRTX is a team based in Italy that specializes in open source firmware for a variety of platforms in the VHF/UHF digital voice world. They work on DMR and M17 implementations for the MD-380, and more. Pick up a business card and see a demonstration of OpenRTX's work at ORI's exhibit in RF Village. Tiny CTF We'll have the World's Smallest Wireless CTF! Come and find it and get a mission patch for successful solves of the challenge. More! There's plenty more. If you see a Volcano and friendly people, you've found the right place.\n\n\n","title":"DEFCON Demonstrations and Presentations by Open Research Institute at RF Village","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8826b","updated_at":"2024-06-07T03:39+0000","name":"Radio Frequency Village","id":45383},"end_timestamp":{"seconds":1660514400,"nanoseconds":0},"android_description":"Opulent Voice Opulent Voice is an open source high bitrate digital voice (and data) protocol. It's intended to be useful for both space and terrestrial deployments. We’re getting nice clear 16kbps OPUS audio out of the demodulator. See and hear a demonstration at the ORI exhibit in RF Village. We’ll be using COBS protocol within Opulent Voice. If you’re unfamiliar with COBS, please read about it here: https://en.wikipedia.org/wiki/Consistent_Overhead_Byte_Stuffing Authentication and authorization is built in and optional. There is no separate “packet mode”. Things are designed to “just work” and get out of your way whether or not you’re sending voice or data. Based on Mobilinkd codebase that implemented M17, the Opulent Voice development implementation can be found here: https://github.com/phase4ground/opv-cxx-demod Authentication and Authorization functions will be summarized in a poster presentation. Find out more about this work here: https://github.com/phase4ground/documents/tree/master/Engineering/AAAAA Ribbit Ribbit is an open source SMS data mode that leverages smart phone hardware. The free Android app produces digital audio that you transmit over your HT or any other audio coupled device. There will be poster explaining the architecture and you can pick up a Ribbit sticker with QR code for the free Android app at ORI's exhibit in RF Village. Regulatory Interested in being able to do more with open source satellites? We have some landmark regulatory results that solve a big problem for those of us in the US that have wanted to do open source satellite work without fear. See our poster in RF Village and find out more at the following link: https://github.com/phase4ground/documents/tree/master/Regulatory OpenRTX OpenRTX is a team based in Italy that specializes in open source firmware for a variety of platforms in the VHF/UHF digital voice world. They work on DMR and M17 implementations for the MD-380, and more. Pick up a business card and see a demonstration of OpenRTX's work at ORI's exhibit in RF Village. Tiny CTF We'll have the World's Smallest Wireless CTF! Come and find it and get a mission patch for successful solves of the challenge. More! There's plenty more. If you see a Volcano and friendly people, you've found the right place.","updated_timestamp":{"seconds":1659928140,"nanoseconds":0},"speakers":[{"content_ids":[49653],"conference_id":65,"event_ids":[49839,49840,49841],"name":"Open Research Institute","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/company/open-research-institute-inc/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/OpenResearchIns"},{"description":"","title":"Website","sort_order":0,"url":"https://www.openresearch.institute/"}],"pronouns":null,"media":[],"id":49023}],"timeband_id":893,"end":"2022-08-14T22:00:00.000-0000","links":[{"label":"Getting Started","type":"link","url":"https://openresearch.institute/getting-started"}],"id":49841,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"tag_ids":[40267,45349,45373,45383,45451],"village_id":25,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49023}],"tags":"Tool Demo","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Eldorado Ballroom (Radio Frequency Village)","hotel":"","short_name":"Eldorado Ballroom (Radio Frequency Village)","id":45427},"begin":"2022-08-14T17:00:00.000-0000","updated":"2022-08-08T03:09:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Stop by anytime we're open for 1:1 or small-group teaching about tamper-evident hardware, such as mechanical seals, adhesive seals, electronic seals, and mail tampering.\n\n\n","title":"Learn at Tamper-Evident Village","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#b24887","name":"Tamper-Evident Village","id":45386},"android_description":"Stop by anytime we're open for 1:1 or small-group teaching about tamper-evident hardware, such as mechanical seals, adhesive seals, electronic seals, and mail tampering.","end_timestamp":{"seconds":1660507200,"nanoseconds":0},"updated_timestamp":{"seconds":1659924660,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49838,"tag_ids":[40276,45364,45373,45386,45450],"village_id":33,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"includes":"","people":[],"tags":"Educational Event","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 203-204, 235 (Tamper Evident Village)","hotel":"","short_name":"203-204, 235 (Tamper Evident Village)","id":45412},"spans_timebands":"N","begin":"2022-08-14T17:00:00.000-0000","updated":"2022-08-08T02:11:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Your memory-safe stack is not memory-safe at all. For instance, many popular Python libraries have substantial amounts of memory-unsafe code. Python is not unique here. You can find some potential for memory safety bugs in practically every software stack. If three simple, realistic conditions are met, you may have an RCEs waiting to be found. Let me tell you how I dealt with such a case. It’s a story of an actual attack against an open-source software used in production by my employer to process content served to millions of users. All 30 zero-days found have been responsibly disclosed and fixed. I will provide guidance on how to find patterns like this in your stack and fix it. \n\n\n","title":"How to find 0-days in your “memory safe” stack?","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#5978bc","name":"AppSec Village","id":45378},"end_timestamp":{"seconds":1660500000,"nanoseconds":0},"android_description":"Your memory-safe stack is not memory-safe at all. For instance, many popular Python libraries have substantial amounts of memory-unsafe code. Python is not unique here. You can find some potential for memory safety bugs in practically every software stack. If three simple, realistic conditions are met, you may have an RCEs waiting to be found. Let me tell you how I dealt with such a case. It’s a story of an actual attack against an open-source software used in production by my employer to process content served to millions of users. All 30 zero-days found have been responsibly disclosed and fixed. I will provide guidance on how to find patterns like this in your stack and fix it.","updated_timestamp":{"seconds":1659917160,"nanoseconds":0},"speakers":[{"content_ids":[49640],"conference_id":65,"event_ids":[49824],"name":"Cezary Cerekwicki","affiliations":[],"pronouns":null,"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/cezary-cerekwicki/"}],"media":[],"id":49014}],"timeband_id":893,"links":[],"end":"2022-08-14T18:00:00.000-0000","id":49824,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"village_id":4,"tag_ids":[40278,45340,45345,45378,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49014}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45421,"name":"Flamingo - Twilight Ballroom - AppSec Village - Main Stage","hotel":"","short_name":"Main Stage","id":45517},"updated":"2022-08-08T00:06:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Hack the Plan[e]t Capture the Flag (CTF) contest will feature Howdy Neighbor and the Industrial Control System (ICS) Range. This first of its kind CTF will integrate both Internet of Things (IoT) and ICS environments with interactive components for competitors to test their skills and knowledge.\r\n\r\nHowdy Neighbor is an interactive IoT CTF challenge where competitors can test their hacking skills and learn about common oversights made in development, configuration, and setup of IoT devices. Howdy Neighbor is a miniature home - made to be “smart” from basement to garage. It’s a test-bed for reverse engineering and hacking distinct consumerfocused smart devices, and to understand how the (in)security of individual devices can implicate the safety of your home or office, and ultimately your family or business. Within Howdy Neighbor there are over 25 emulated or real devices and over 50 vulnerabilities that have been staged as challenges. Each of the challenges are of varying levels to test a competitors ability to find vulnerabilities in an IoT environment. Howdy Neighbor’s challenges are composed of a real and simulated devices controlled by an App or Network interface and additional hardware sensors; each Howdy Neighbor device contains 1 to 3 staged vulnerabilities which when solved present a key for scoring/reporting that it was discovered.\r\n\r\nIn the same vein, this CTF challenge will also leverage the ICS Village’s ICS Ranges including physical and virtual environments to provide an additional testbed for more advanced challenges in critical infrastructure and ICS environments. There will be integrated elements from DHS/CISA with their ranges that are realistically miniaturized assets (ie operational oil and natural gas pipeline, etc.).\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#81f8bf","name":"ICS Village","id":45369},"title":"Hack the Plan[e]t CTF","android_description":"Hack the Plan[e]t Capture the Flag (CTF) contest will feature Howdy Neighbor and the Industrial Control System (ICS) Range. This first of its kind CTF will integrate both Internet of Things (IoT) and ICS environments with interactive components for competitors to test their skills and knowledge.\r\n\r\nHowdy Neighbor is an interactive IoT CTF challenge where competitors can test their hacking skills and learn about common oversights made in development, configuration, and setup of IoT devices. Howdy Neighbor is a miniature home - made to be “smart” from basement to garage. It’s a test-bed for reverse engineering and hacking distinct consumerfocused smart devices, and to understand how the (in)security of individual devices can implicate the safety of your home or office, and ultimately your family or business. Within Howdy Neighbor there are over 25 emulated or real devices and over 50 vulnerabilities that have been staged as challenges. Each of the challenges are of varying levels to test a competitors ability to find vulnerabilities in an IoT environment. Howdy Neighbor’s challenges are composed of a real and simulated devices controlled by an App or Network interface and additional hardware sensors; each Howdy Neighbor device contains 1 to 3 staged vulnerabilities which when solved present a key for scoring/reporting that it was discovered.\r\n\r\nIn the same vein, this CTF challenge will also leverage the ICS Village’s ICS Ranges including physical and virtual environments to provide an additional testbed for more advanced challenges in critical infrastructure and ICS environments. There will be integrated elements from DHS/CISA with their ranges that are realistically miniaturized assets (ie operational oil and natural gas pipeline, etc.).","end_timestamp":{"seconds":1660507200,"nanoseconds":0},"updated_timestamp":{"seconds":1659891840,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49812,"tag_ids":[40258,45358,45369,45373,45450],"village_id":15,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"includes":"","people":[],"tags":"CTF","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45430,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village) - ICS CTF Area","hotel":"","short_name":"316 - 317 ICS CTF Area","id":45503},"updated":"2022-08-07T17:04:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Not understanding Active Directory domain- and forest trusts can be a big risk. We often have to stress, to quote from Microsoft: “the forest (not the domain) is the security boundary in an Active Directory implementation”. This means that any compromised child domain could result in a compromised root domain. But why is it so? We guessed the answer must be because of the attack/technique known as Access Token Manipulation: SID-History Injection, which enable a Domain Admin of a child domain to escalate to Enterprise Admin and gain full control of the forest. The attack can be mitigated by enabling SID filtering on the trust relationship, but it is not enabled by default for intra-forest domain trusts. SID Filtering is however enabled for inter-forest trusts by default, as Microsoft explains: “SID filtering helps prevent malicious users with administrative credentials in a trusted forest from taking control of a trusting forest”.\r\n\r\nWhat is interesting is that SID filtering can be enabled on intra-forest domain trust as well and in theory prevent the SID-History injection technique. This posed the question – could SID filtering make the domain a security boundary? Our talk will take the audience through our research on this question. We will demonstrate typical trust attacks, how they can be mitigated, and present our SID filtering research including new techniques we discovered that make intra-forest SID filtering obsolete. Finally, we will explain and demonstrate a trust attack technique for moving from a TRUSTING domain to a TRUSTED domain (opposite direction of other trust attacks) which works even over one-way forest trusts (thereby breaking both Microsoft’s “forest is security boundary” statement and the “Red Forest”/ESAE design). Deep knowledge of Kerberos authentication is not necessary as the attacks are of low complexity, but a basic understanding of the protocol is an advantage. Attacks will be demonstrated using living-off-the-land tools and FOSS tools like Mimikatz and Rubeus. The talk is a summary of our work published in the “SID filter as security boundary between domains?” blog post series where part 1 explains Kerberos authentication between domains: https://improsec.com/tech-blog/o83i79jgzk65bbwn1fwib1ela0rl2d\n\n\n","title":"Don’t be trusted: Active Directory trust attacks","type":{"conference_id":65,"conference":"DEFCON30","color":"#54ab76","updated_at":"2024-06-07T03:39+0000","name":"Adversary Village","id":45377},"end_timestamp":{"seconds":1660499100,"nanoseconds":0},"android_description":"Not understanding Active Directory domain- and forest trusts can be a big risk. We often have to stress, to quote from Microsoft: “the forest (not the domain) is the security boundary in an Active Directory implementation”. This means that any compromised child domain could result in a compromised root domain. But why is it so? We guessed the answer must be because of the attack/technique known as Access Token Manipulation: SID-History Injection, which enable a Domain Admin of a child domain to escalate to Enterprise Admin and gain full control of the forest. The attack can be mitigated by enabling SID filtering on the trust relationship, but it is not enabled by default for intra-forest domain trusts. SID Filtering is however enabled for inter-forest trusts by default, as Microsoft explains: “SID filtering helps prevent malicious users with administrative credentials in a trusted forest from taking control of a trusting forest”.\r\n\r\nWhat is interesting is that SID filtering can be enabled on intra-forest domain trust as well and in theory prevent the SID-History injection technique. This posed the question – could SID filtering make the domain a security boundary? Our talk will take the audience through our research on this question. We will demonstrate typical trust attacks, how they can be mitigated, and present our SID filtering research including new techniques we discovered that make intra-forest SID filtering obsolete. Finally, we will explain and demonstrate a trust attack technique for moving from a TRUSTING domain to a TRUSTED domain (opposite direction of other trust attacks) which works even over one-way forest trusts (thereby breaking both Microsoft’s “forest is security boundary” statement and the “Red Forest”/ESAE design). Deep knowledge of Kerberos authentication is not necessary as the attacks are of low complexity, but a basic understanding of the protocol is an advantage. Attacks will be demonstrated using living-off-the-land tools and FOSS tools like Mimikatz and Rubeus. The talk is a summary of our work published in the “SID filter as security boundary between domains?” blog post series where part 1 explains Kerberos authentication between domains: https://improsec.com/tech-blog/o83i79jgzk65bbwn1fwib1ela0rl2d","updated_timestamp":{"seconds":1659888720,"nanoseconds":0},"speakers":[{"content_ids":[49588],"conference_id":65,"event_ids":[49800],"name":"Martin Sohn Christensen","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/martinsohn/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/martinsohndk"}],"pronouns":null,"media":[],"id":48922},{"content_ids":[49588],"conference_id":65,"event_ids":[49800],"name":"Jonas Bülow Knudsen","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/jonas-b%C3%BClow-knudsen-950957b7/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jonas_b_k"}],"pronouns":null,"media":[],"id":48923}],"timeband_id":893,"links":[],"end":"2022-08-14T17:45:00.000-0000","id":49800,"tag_ids":[40246,45340,45373,45377,45451],"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"village_id":1,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48923},{"tag_id":565,"sort_order":1,"person_id":48922}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"spans_timebands":"N","updated":"2022-08-07T16:12:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Hospital Under Siege is a scenario-driven Capture the Flag contest run by the Biohacking Village, pitting teams of participants against adversaries and against a clock, to protect human life and public safety. Participants will compete against each other on both real and simulated medical devices, in the fully immersive Biohacking Village: Device Lab, laid out as a working hospital. Teams of any size are welcome, as are players from all backgrounds and skill levels. Challenges will be tailored for all skill levels and draw from expertise areas including forensics, RF hacking, network exploitation techniques, web security, protocol reverse engineering, hardware hacking, and others.\r\n\r\nYou will hack actual medical devices and play with protocols like DICOM, HL7 and FHIR.\r\n\r\nVisit https://www.villageb.io/capturetheflag for more information.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"title":"Hospital Under Siege ","android_description":"Hospital Under Siege is a scenario-driven Capture the Flag contest run by the Biohacking Village, pitting teams of participants against adversaries and against a clock, to protect human life and public safety. Participants will compete against each other on both real and simulated medical devices, in the fully immersive Biohacking Village: Device Lab, laid out as a working hospital. Teams of any size are welcome, as are players from all backgrounds and skill levels. Challenges will be tailored for all skill levels and draw from expertise areas including forensics, RF hacking, network exploitation techniques, web security, protocol reverse engineering, hardware hacking, and others.\r\n\r\nYou will hack actual medical devices and play with protocols like DICOM, HL7 and FHIR.\r\n\r\nVisit https://www.villageb.io/capturetheflag for more information.","end_timestamp":{"seconds":1660503600,"nanoseconds":0},"updated_timestamp":{"seconds":1659746700,"nanoseconds":0},"speakers":[],"timeband_id":893,"end":"2022-08-14T19:00:00.000-0000","links":[{"label":"Website & Rules","type":"link","url":"https://www.villageb.io/capturetheflag"},{"label":"CTFd","type":"link","url":"https://bhv.ctfd.io"},{"label":"Twitter","type":"link","url":"https://twitter.com/DC_BHV"}],"id":49659,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"village_id":5,"tag_ids":[40277,45360,45375,45451],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Laughlin I,II,III (Biohacking Village)","hotel":"","short_name":"Laughlin I,II,III (Biohacking Village)","id":45405},"spans_timebands":"N","begin":"2022-08-14T17:00:00.000-0000","updated":"2022-08-06T00:45:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Are you the next Octopus Champion? Find out at DEF CON 30! Enter here: https://www.mirolabs.info/octopusgame\r\n\r\nOnce entered, contestants are provided a random opponent. Locate your opponent and challenge them to a contest: rock-paper-scissors, Ddakji, staring contest, etc. Winners receive their opponents’ targets and the game continues until we reach the top 4. The Octopus Champion is then decided at a special tournament with events designed by the Octopus Master.\r\n\r\nPhases: \r\n\r\nRecruitment/Registration: until Friday Aug 12 10:00\r\nMandatory On-site Sign-in: Friday Aug 12 10:00 - 12:00\r\nIndividual Phase: Friday Aug 12 12:00 - Sunday Aug 14 10:00\r\nFinal 8 Phase: Sunday Aug 14 10:00 - 11:00\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"title":"Octopus Game - Final 8 Phase","end_timestamp":{"seconds":1660500000,"nanoseconds":0},"android_description":"Are you the next Octopus Champion? Find out at DEF CON 30! Enter here: https://www.mirolabs.info/octopusgame\r\n\r\nOnce entered, contestants are provided a random opponent. Locate your opponent and challenge them to a contest: rock-paper-scissors, Ddakji, staring contest, etc. Winners receive their opponents’ targets and the game continues until we reach the top 4. The Octopus Champion is then decided at a special tournament with events designed by the Octopus Master.\r\n\r\nPhases: \r\n\r\nRecruitment/Registration: until Friday Aug 12 10:00\r\nMandatory On-site Sign-in: Friday Aug 12 10:00 - 12:00\r\nIndividual Phase: Friday Aug 12 12:00 - Sunday Aug 14 10:00\r\nFinal 8 Phase: Sunday Aug 14 10:00 - 11:00","updated_timestamp":{"seconds":1659742800,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241373"},{"label":"Website","type":"link","url":"https://www.mirolabs.info/octopusgame"},{"label":"Twitter","type":"link","url":"https://twitter.com/OctopusGameDC"}],"end":"2022-08-14T18:00:00.000-0000","id":49653,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"tag_ids":[45360,45373,45450],"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"begin":"2022-08-14T17:00:00.000-0000","updated":"2022-08-05T23:40:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ada5dd","name":"Red Team Village","id":45385},"title":"OSINT Skills Lab Challenge","end_timestamp":{"seconds":1660500000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659679080,"nanoseconds":0},"speakers":[{"content_ids":[49440],"conference_id":65,"event_ids":[49635,49636,49637,49638,49639,49640,49641,49642,49643],"name":"Lee McWhorter","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/lee-mcwhorter/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/tleemcjr"}],"pronouns":null,"media":[],"id":48518},{"content_ids":[49440],"conference_id":65,"event_ids":[49635,49636,49637,49638,49639,49640,49641,49642,49643],"name":"Sandra Stibbards","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/camelotinvestigations/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/camelotinv"}],"pronouns":null,"media":[],"id":48531}],"timeband_id":893,"links":[],"end":"2022-08-14T18:00:00.000-0000","id":49642,"village_id":27,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"tag_ids":[40269,45332,45373,45385,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48518},{"tag_id":565,"sort_order":1,"person_id":48531}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"spans_timebands":"N","updated":"2022-08-05T05:58:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ada5dd","name":"Red Team Village","id":45385},"title":"Offensive Wireless Security 101","end_timestamp":{"seconds":1660500000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659679020,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T18:00:00.000-0000","id":49634,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"tag_ids":[40269,45332,45373,45385,45451],"village_id":27,"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"begin":"2022-08-14T17:00:00.000-0000","updated":"2022-08-05T05:57:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Intro to CTFs","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ada5dd","name":"Red Team Village","id":45385},"android_description":"","end_timestamp":{"seconds":1660500000,"nanoseconds":0},"updated_timestamp":{"seconds":1659679020,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T18:00:00.000-0000","id":49631,"village_id":27,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"tag_ids":[40269,45332,45373,45385,45451],"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"begin":"2022-08-14T17:00:00.000-0000","updated":"2022-08-05T05:57:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Hacking WebApps with WebSploit Labs","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"end_timestamp":{"seconds":1660500000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659678780,"nanoseconds":0},"speakers":[{"content_ids":[49042,49430,49436,48895],"conference_id":65,"event_ids":[48894,49045,49594,49620,49621,49622,49623,49624,49625,49626],"name":"Omar Santos","affiliations":[{"organization":"Cisco PSIRT","title":"Principal Engineer"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/santosomar"}],"pronouns":null,"media":[],"id":48470,"title":"Principal Engineer at Cisco PSIRT"}],"timeband_id":893,"links":[],"end":"2022-08-14T18:00:00.000-0000","id":49625,"village_id":27,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"tag_ids":[40269,45332,45373,45385,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48470}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"updated":"2022-08-05T05:53:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Once again this year’s DEF CON Red Team CTF will be hosted by Threat Simulations! We have an amazing, immersive scenario that stresses strong red team skills as players traverse through an enterprise network. This event is not for the faint of heart, first you will battle with hundreds of teams in a jeopardy board style ctf, then the top teams will enter the finals where your Red Team skills will be tested in a full Active Directory environment. Your team will compete against some of the best red teamers in the world as you exploit, pivot, and loot the target environment.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"title":"Red Team Village CTF Finals Part 2","end_timestamp":{"seconds":1660510800,"nanoseconds":0},"android_description":"Once again this year’s DEF CON Red Team CTF will be hosted by Threat Simulations! We have an amazing, immersive scenario that stresses strong red team skills as players traverse through an enterprise network. This event is not for the faint of heart, first you will battle with hundreds of teams in a jeopardy board style ctf, then the top teams will enter the finals where your Red Team skills will be tested in a full Active Directory environment. Your team will compete against some of the best red teamers in the world as you exploit, pivot, and loot the target environment.","updated_timestamp":{"seconds":1659678120,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[{"label":"Website","type":"link","url":"https://redteamvillage.io/ctf.html"},{"label":"Twitter","type":"link","url":"https://twitter.com/RedTeamVillage_"}],"end":"2022-08-14T21:00:00.000-0000","id":49591,"village_id":27,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"tag_ids":[40269,45360,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"spans_timebands":"N","updated":"2022-08-05T05:42:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Darknet-NG is an In-Person Massively Multiplayer Online Role Playing Game (MMO-RPG), where the players take on the Persona of an Agent who is sent on Quests to learn real skills and gain in-game points. If this is your first time at DEF CON, this is a great place to start, because we assume no prior knowledge. Building from basic concepts, we teach agents about a range of topics from Lock-picking, to using and decoding ciphers, to Electronics 101, just to name a few, all while also helping to connect them to the larger DEF CON Community. The “Learning Quests” help the agent gather knowledge from all across the other villages at the conference, while the “Challenge Quests” help hone their skills! Sunday Morning there is a BOSS FIGHT where the Agents must use their combined skills as a community and take on that year’s challenge! There is a whole skill tree of personal knowledge to obtain, community to connect with and memories to make! To get started, check out our site https://darknet-ng.network and join our growing Discord Community!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"title":"DARKNET-NG","end_timestamp":{"seconds":1660503600,"nanoseconds":0},"android_description":"Darknet-NG is an In-Person Massively Multiplayer Online Role Playing Game (MMO-RPG), where the players take on the Persona of an Agent who is sent on Quests to learn real skills and gain in-game points. If this is your first time at DEF CON, this is a great place to start, because we assume no prior knowledge. Building from basic concepts, we teach agents about a range of topics from Lock-picking, to using and decoding ciphers, to Electronics 101, just to name a few, all while also helping to connect them to the larger DEF CON Community. The “Learning Quests” help the agent gather knowledge from all across the other villages at the conference, while the “Challenge Quests” help hone their skills! Sunday Morning there is a BOSS FIGHT where the Agents must use their combined skills as a community and take on that year’s challenge! There is a whole skill tree of personal knowledge to obtain, community to connect with and memories to make! To get started, check out our site https://darknet-ng.network and join our growing Discord Community!","updated_timestamp":{"seconds":1659667380,"nanoseconds":0},"speakers":[],"timeband_id":893,"end":"2022-08-14T19:00:00.000-0000","links":[{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/741049958182158387"},{"label":"Website","type":"link","url":"https://darknet-ng.network/"},{"label":"Twitter","type":"link","url":"https://twitter.com/DarknetNg"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/240975"}],"id":49577,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"tag_ids":[45360,45375,45450],"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"updated":"2022-08-05T02:43:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Physical Security Village (formerly known as the Lock Bypass Village) explores the world of hardware bypasses and techniques generally outside of the realm of cyber security and lockpicking. Come learn some of these bypasses, how to fix them, and have the opportunity to try them out for yourself! \r\n\r\nWe'll be covering the basics, including the under-the-door-tool and latch slipping attacks, as well as an in-depth look at more complicated bypasses. Learn about elevator hacking, try out alarm system attacks at the sensor and communication line, and have an inside look at common hardware to see how it works.\r\n\r\nNo prior experience or skills necessary - drop in and learn as much or as little as you'd like!\r\n\r\nLooking for a challenge? Show us you can use lock bypass to escape from a pair of standard handcuffs in under 30 seconds and receive a prize!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#61ba95","name":"Physical Security Village","id":45381},"title":"Physical Security Village","end_timestamp":{"seconds":1660514400,"nanoseconds":0},"android_description":"The Physical Security Village (formerly known as the Lock Bypass Village) explores the world of hardware bypasses and techniques generally outside of the realm of cyber security and lockpicking. Come learn some of these bypasses, how to fix them, and have the opportunity to try them out for yourself! \r\n\r\nWe'll be covering the basics, including the under-the-door-tool and latch slipping attacks, as well as an in-depth look at more complicated bypasses. Learn about elevator hacking, try out alarm system attacks at the sensor and communication line, and have an inside look at common hardware to see how it works.\r\n\r\nNo prior experience or skills necessary - drop in and learn as much or as little as you'd like!\r\n\r\nLooking for a challenge? Show us you can use lock bypass to escape from a pair of standard handcuffs in under 30 seconds and receive a prize!","updated_timestamp":{"seconds":1659624480,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T22:00:00.000-0000","id":49552,"tag_ids":[40264,45341,45373,45381,45450],"village_id":22,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"includes":"","people":[],"tags":"Village Event","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 201-202 (Physical Security Village)","hotel":"","short_name":"201-202 (Physical Security Village)","id":45428},"spans_timebands":"N","begin":"2022-08-14T17:00:00.000-0000","updated":"2022-08-04T14:48:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Car Hacking Village CTF is a fun interactive challenge which gives contestants first hand experience to interact with automotive technologies. We work with multiple automotive OE's and suppliers to ensure our challenges give a real-world experience to hacking cars. We understand car hacking can be expensive, so please come check out our village and flex your skills in hacking automotive technologies.\n\n\n","title":"Car Hacking Village CTF","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"end_timestamp":{"seconds":1660503600,"nanoseconds":0},"android_description":"The Car Hacking Village CTF is a fun interactive challenge which gives contestants first hand experience to interact with automotive technologies. We work with multiple automotive OE's and suppliers to ensure our challenges give a real-world experience to hacking cars. We understand car hacking can be expensive, so please come check out our village and flex your skills in hacking automotive technologies.","updated_timestamp":{"seconds":1659586560,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[{"label":"CTFd","type":"link","url":"https://ctf.carhackingvillage.com/"},{"label":"Guidelines","type":"link","url":"https://www.carhackingvillage.com/ctf-rules-2022"}],"end":"2022-08-14T19:00:00.000-0000","id":49528,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"village_id":8,"tag_ids":[40251,45358,45360,45375,45450],"includes":"","people":[],"tags":"CTF","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 124-128 (Car Hacking Village)","hotel":"","short_name":"124-128 (Car Hacking Village)","id":45420},"updated":"2022-08-04T04:16:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"CISA and Idaho National Lab invite you to participate in an immersive Escape Room adventure to test your cybersecurity and infrastructure protection skills. This Escape Room will challenge you and your Team through a series of traditional time-bound Escape Room challenges mixed with cybersecurity elements. Participant’s skills will be confronted with cybersecurity puzzles involving wireless technologies, Open Source Intelligence (OSINT) analysis, database exploitation, network discovery, industrial control systems, cryptography, Arduino backed puzzles, and more. With the mix of traditional escape room puzzles, there is enough to do for everyone regardless of the level of their cyber skills. Come have fun while learning more about cybersecurity with CISA and Idaho National Lab.\r\n\r\n** Swing by the ICS Village to reserve a time for your team. **\r\n\r\nEscape Room Scenario: A disgruntled employee, Bob, has been plotting to bring down the company where he works. In retaliation for his perceived mistreatment, Bob has created an electromagnetic pulse device (EMP) to take out sensitive industrial control systems in the area. Thanks to a few diligent and observant company employees, Bob was taken into custody but not before the timer on the device could be activated! The EMP device has been armed and the clock is ticking. CISA needs your help in protecting our critical infrastructure by following the clues found in Bob’s office to help CISA to disarm the EMP device before it is too late.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#81f8bf","name":"ICS Village","id":45369},"title":"CISA and Idaho National Lab Escape Room","android_description":"CISA and Idaho National Lab invite you to participate in an immersive Escape Room adventure to test your cybersecurity and infrastructure protection skills. This Escape Room will challenge you and your Team through a series of traditional time-bound Escape Room challenges mixed with cybersecurity elements. Participant’s skills will be confronted with cybersecurity puzzles involving wireless technologies, Open Source Intelligence (OSINT) analysis, database exploitation, network discovery, industrial control systems, cryptography, Arduino backed puzzles, and more. With the mix of traditional escape room puzzles, there is enough to do for everyone regardless of the level of their cyber skills. Come have fun while learning more about cybersecurity with CISA and Idaho National Lab.\r\n\r\n** Swing by the ICS Village to reserve a time for your team. **\r\n\r\nEscape Room Scenario: A disgruntled employee, Bob, has been plotting to bring down the company where he works. In retaliation for his perceived mistreatment, Bob has created an electromagnetic pulse device (EMP) to take out sensitive industrial control systems in the area. Thanks to a few diligent and observant company employees, Bob was taken into custody but not before the timer on the device could be activated! The EMP device has been armed and the clock is ticking. CISA needs your help in protecting our critical infrastructure by following the clues found in Bob’s office to help CISA to disarm the EMP device before it is too late.","end_timestamp":{"seconds":1660507200,"nanoseconds":0},"updated_timestamp":{"seconds":1659584820,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49524,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"village_id":15,"tag_ids":[40258,45359,45369,45373,45450],"includes":"","people":[],"tags":"Competition","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45430,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village) - ICS CISA Escape Room","hotel":"","short_name":"319 ICS CISA Escape Room","id":45505},"spans_timebands":"N","begin":"2022-08-14T17:00:00.000-0000","updated":"2022-08-04T03:47:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Microgrids are pretty high maintenance, and like satellites, primarily built for survivability, not security. As the Department of Defense marches toward deploying microgrids at scale to shore up mission resilience in response to the challenges presented by climate change, hackers are gonna hack.\r\n\r\nIn this lab, you’ll learn the basics of microgrid design – from what they are, how they work, and how they regulate themselves. Then, you’ll be able to use this knowledge to then attempt to take over and shut down a mock microgrid by hacking its weather data system and sensor input network to generate chaos.\r\n\r\n(first-come-first-seated kind of event, essentially when a seat is free you are allowed to join)\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#81f8bf","name":"ICS Village","id":45369},"title":"DDS Hack-the-Microgrid","android_description":"Microgrids are pretty high maintenance, and like satellites, primarily built for survivability, not security. As the Department of Defense marches toward deploying microgrids at scale to shore up mission resilience in response to the challenges presented by climate change, hackers are gonna hack.\r\n\r\nIn this lab, you’ll learn the basics of microgrid design – from what they are, how they work, and how they regulate themselves. Then, you’ll be able to use this knowledge to then attempt to take over and shut down a mock microgrid by hacking its weather data system and sensor input network to generate chaos.\r\n\r\n(first-come-first-seated kind of event, essentially when a seat is free you are allowed to join)","end_timestamp":{"seconds":1660507200,"nanoseconds":0},"updated_timestamp":{"seconds":1659584100,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49519,"village_id":15,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"tag_ids":[40258,45332,45369,45373,45450],"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45430,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village) - ICS Workshop Area","hotel":"","short_name":"314 ICS Workshop Area","id":45504},"spans_timebands":"N","begin":"2022-08-14T17:00:00.000-0000","updated":"2022-08-04T03:35:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Contestants will be able to try their hand and compete in a point based Capture the Flag hacking competition based around 3 Maritime consoles. The consoles involved will be Navigation systems, Steering and Propulsion systems, and Ballast systems. These systems provide a relative experience of the actual systems found aboard a naval vessel.\r\n\r\nThis is a registration required based CTF https://www.sea-tf.com/registration First come first serve basis on time slots.\n\n\n","title":"Fantom5 SeaTF CTF","type":{"conference_id":65,"conference":"DEFCON30","color":"#81f8bf","updated_at":"2024-06-07T03:39+0000","name":"ICS Village","id":45369},"android_description":"Contestants will be able to try their hand and compete in a point based Capture the Flag hacking competition based around 3 Maritime consoles. The consoles involved will be Navigation systems, Steering and Propulsion systems, and Ballast systems. These systems provide a relative experience of the actual systems found aboard a naval vessel.\r\n\r\nThis is a registration required based CTF https://www.sea-tf.com/registration First come first serve basis on time slots.","end_timestamp":{"seconds":1660507200,"nanoseconds":0},"updated_timestamp":{"seconds":1659584640,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49516,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"village_id":15,"tag_ids":[40258,45358,45369,45373,45450],"includes":"","people":[],"tags":"CTF","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45430,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village) - ICS CTF Area","hotel":"","short_name":"316 - 317 ICS CTF Area","id":45503},"spans_timebands":"N","begin":"2022-08-14T17:00:00.000-0000","updated":"2022-08-04T03:44:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Our Memorial Room is returning this year. A bit more space and more to participate & honoring our community and friends. In FLAMINGO – Carson City 2. \r\n\r\nTake some time to remember and honor our friends that are no longer with us. You can share your stories and adventures across the many years of DEFCON and our hacker community. If this is your first year – you are welcome to come and experience the depth of our community. \r\n\r\nAdd names of friends no longer with us to our books or create some art that you feel is right. It is all your choice. We know that being at DEFCON often brings up memories and feeling about past highlights and this is the place to come and let those thoughts, feelings, and memories flow. DEFCON is an international community, and it is your community.\r\n\r\nLast year we were sort of set up to print photos from your phones – we have a few glitches – a ask about it when you drop by. BUT we think we are set to go!\r\n\r\nEmail the photos – with name or handle if you have it – to memorial@defconmusic.org and of course you can load them in when you are in the room. We have some really nice printers so they look good. And you can place them in the room. And we have lots of other ways to celebrate our family that is no longer with us.\n\n\n","title":"Memorial Room Open","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#77d8b8","name":"Misc","id":45342},"android_description":"Our Memorial Room is returning this year. A bit more space and more to participate & honoring our community and friends. In FLAMINGO – Carson City 2. \r\n\r\nTake some time to remember and honor our friends that are no longer with us. You can share your stories and adventures across the many years of DEFCON and our hacker community. If this is your first year – you are welcome to come and experience the depth of our community. \r\n\r\nAdd names of friends no longer with us to our books or create some art that you feel is right. It is all your choice. We know that being at DEFCON often brings up memories and feeling about past highlights and this is the place to come and let those thoughts, feelings, and memories flow. DEFCON is an international community, and it is your community.\r\n\r\nLast year we were sort of set up to print photos from your phones – we have a few glitches – a ask about it when you drop by. BUT we think we are set to go!\r\n\r\nEmail the photos – with name or handle if you have it – to memorial@defconmusic.org and of course you can load them in when you are in the room. We have some really nice printers so they look good. And you can place them in the room. And we have lots of other ways to celebrate our family that is no longer with us.","end_timestamp":{"seconds":1660503600,"nanoseconds":0},"updated_timestamp":{"seconds":1659558060,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T19:00:00.000-0000","id":49513,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"tag_ids":[45342,45373,45451],"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Carson City II (Memorial Room)","hotel":"","short_name":"Carson City II (Memorial Room)","id":45478},"updated":"2022-08-03T20:21:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Whether it's due to increasing awareness or due to Board/Compliance requirements, most OT Security programs start with a preliminary risk assessment. One of the initial steps is to get a list of OT assets, which used to be a rudimentary spreadsheet exercise. With the wide availability of passive OT asset discovery tools, many go down that path via a Proof of Concept to generate Asset Inventory. This talk focus on lessons learnt from the trenches performing the proof of concepts, and covers challenges including availability of infrastructure (span ports/tap, routing, bandwidth), archaic protocol implementations, organizational policies for network flows, risk appetite for active probing on low traffic networks, OT & IT personnel knowledge of each other's domains, and finally budgeting.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#81f8bf","updated_at":"2024-06-07T03:39+0000","name":"ICS Village","id":45369},"title":"Tales from the trenches - why organizations struggle to get even the basics of OT asset visibility & detection right.","end_timestamp":{"seconds":1660500000,"nanoseconds":0},"android_description":"Whether it's due to increasing awareness or due to Board/Compliance requirements, most OT Security programs start with a preliminary risk assessment. One of the initial steps is to get a list of OT assets, which used to be a rudimentary spreadsheet exercise. With the wide availability of passive OT asset discovery tools, many go down that path via a Proof of Concept to generate Asset Inventory. This talk focus on lessons learnt from the trenches performing the proof of concepts, and covers challenges including availability of infrastructure (span ports/tap, routing, bandwidth), archaic protocol implementations, organizational policies for network flows, risk appetite for active probing on low traffic networks, OT & IT personnel knowledge of each other's domains, and finally budgeting.","updated_timestamp":{"seconds":1659473640,"nanoseconds":0},"speakers":[{"content_ids":[49342,49351],"conference_id":65,"event_ids":[49442,49451],"name":"Vivek Ponnada","affiliations":[{"organization":"Nozomi","title":"Regional Sales Director"}],"links":[],"pronouns":null,"media":[],"id":48773,"title":"Regional Sales Director at Nozomi"}],"timeband_id":893,"links":[],"end":"2022-08-14T18:00:00.000-0000","id":49451,"tag_ids":[40258,45340,45369,45375,45450],"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"village_id":15,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48773}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village)","hotel":"","short_name":"314 - 319 (ICS Village)","id":45430},"updated":"2022-08-02T20:54:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"We’re keeping this space open for any overflow that may have occurred during one of our performances/workshops. Please come today and check out any of our over-filled workshops — because they’ll be back!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#569d6e","updated_at":"2024-06-07T03:39+0000","name":"Rogues Village","id":45368},"title":"Workshop Overflow","android_description":"We’re keeping this space open for any overflow that may have occurred during one of our performances/workshops. Please come today and check out any of our over-filled workshops — because they’ll be back!","end_timestamp":{"seconds":1660510800,"nanoseconds":0},"updated_timestamp":{"seconds":1659467520,"nanoseconds":0},"speakers":[{"content_ids":[49320,49325,49328],"conference_id":65,"event_ids":[49420,49425,49428],"name":"Four Suits Co","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/foursuits_co"},{"description":"","title":"Website","sort_order":0,"url":"https://foursuits.co/"}],"pronouns":null,"media":[],"id":48742}],"timeband_id":893,"links":[],"end":"2022-08-14T21:00:00.000-0000","id":49428,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"village_id":29,"tag_ids":[40271,45332,45368,45453],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48742}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Evolution (Rogues Village)","hotel":"","short_name":"Evolution (Rogues Village)","id":45407},"spans_timebands":"N","begin":"2022-08-14T17:00:00.000-0000","updated":"2022-08-02T19:12:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#c497fa","updated_at":"2024-06-07T03:39+0000","name":"Girls Hack Village","id":45361},"title":"Hide and Seek: Why do you need OpSec?","end_timestamp":{"seconds":1660498200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659465840,"nanoseconds":0},"speakers":[{"content_ids":[49314],"conference_id":65,"event_ids":[49414],"name":"Cybelle Oliveira","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/cybelleoliveira/"}],"media":[],"id":48719}],"timeband_id":893,"links":[],"end":"2022-08-14T17:30:00.000-0000","id":49414,"tag_ids":[40255,45340,45361,45451],"village_id":12,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48719}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City III (Girls Hack Village)","hotel":"","short_name":"Virginia City III (Girls Hack Village)","id":45400},"spans_timebands":"N","begin":"2022-08-14T17:00:00.000-0000","updated":"2022-08-02T18:44:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"We passively monitor the #DEFCON network looking for insecure network traffic. Drop by and see just how easy it can be! We strive to educate the “sheep” we catch: a friendly reminder that security matters.\n\n\n","title":"Wall of Sheep","type":{"conference_id":65,"conference":"DEFCON30","color":"#d68a9d","updated_at":"2024-06-07T03:39+0000","name":"Packet Hacking Village","id":45363},"android_description":"We passively monitor the #DEFCON network looking for insecure network traffic. Drop by and see just how easy it can be! We strive to educate the “sheep” we catch: a friendly reminder that security matters.","end_timestamp":{"seconds":1660507200,"nanoseconds":0},"updated_timestamp":{"seconds":1659455220,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49392,"tag_ids":[40261,45363,45364,45373,45450],"village_id":19,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"includes":"","people":[],"tags":"Educational Event","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"updated":"2022-08-02T15:47:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"New to packet-fu? Don't know a pcap from a bottle cap? Packet Inspector is the game for you! We provide the laptops and all necessary tools for you to learn the basics of network analysis, sniffing, and forensics.\n\n\n","title":"Packet Inspector","type":{"conference_id":65,"conference":"DEFCON30","color":"#d68a9d","updated_at":"2024-06-07T03:39+0000","name":"Packet Hacking Village","id":45363},"end_timestamp":{"seconds":1660507200,"nanoseconds":0},"android_description":"New to packet-fu? Don't know a pcap from a bottle cap? Packet Inspector is the game for you! We provide the laptops and all necessary tools for you to learn the basics of network analysis, sniffing, and forensics.","updated_timestamp":{"seconds":1659455280,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49390,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"village_id":19,"tag_ids":[40261,45363,45366,45373,45450],"includes":"","people":[],"tags":"Challenge","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"spans_timebands":"N","begin":"2022-08-14T17:00:00.000-0000","updated":"2022-08-02T15:48:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Ready to upgrade your skills at the Packet Hacking Village? It’s time to play Packet Detective. A step up in difficulty from Packet Investigator, Packet Detective will test your network hunting abilities at the intermediate level. Come learn some new tricks!\n\n\n","title":"Packet Detective","type":{"conference_id":65,"conference":"DEFCON30","color":"#d68a9d","updated_at":"2024-06-07T03:39+0000","name":"Packet Hacking Village","id":45363},"android_description":"Ready to upgrade your skills at the Packet Hacking Village? It’s time to play Packet Detective. A step up in difficulty from Packet Investigator, Packet Detective will test your network hunting abilities at the intermediate level. Come learn some new tricks!","end_timestamp":{"seconds":1660507200,"nanoseconds":0},"updated_timestamp":{"seconds":1659455280,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49388,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"tag_ids":[40261,45363,45366,45373,45450],"village_id":19,"includes":"","people":[],"tags":"Challenge","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"spans_timebands":"N","updated":"2022-08-02T15:48:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Think you know your way around a honeypot? Come to the Packet Hacking Village for a friendly, fun, low-pressure DEFCON challenge that's open to all! This game is designed for users of all experience levels: bring your own laptop, SSH in, and explore the adventure.\n\n\n","title":"Honey Pot Workshop","type":{"conference_id":65,"conference":"DEFCON30","color":"#d68a9d","updated_at":"2024-06-07T03:39+0000","name":"Packet Hacking Village","id":45363},"end_timestamp":{"seconds":1660507200,"nanoseconds":0},"android_description":"Think you know your way around a honeypot? Come to the Packet Hacking Village for a friendly, fun, low-pressure DEFCON challenge that's open to all! This game is designed for users of all experience levels: bring your own laptop, SSH in, and explore the adventure.","updated_timestamp":{"seconds":1659455340,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49386,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"village_id":19,"tag_ids":[40261,45363,45365,45373,45450],"includes":"","people":[],"tags":"Walkthrough Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"spans_timebands":"N","begin":"2022-08-14T17:00:00.000-0000","updated":"2022-08-02T15:49:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The NetworkOS workshop takes you into the mysterious world underpinning modern computing and global communication: the network itself. Step by step, you'll learn all the basics you need. No experience needed: must know how to type and copy/paste.\n\n\n","title":"NetworkOS Workshop","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d68a9d","name":"Packet Hacking Village","id":45363},"end_timestamp":{"seconds":1660507200,"nanoseconds":0},"android_description":"The NetworkOS workshop takes you into the mysterious world underpinning modern computing and global communication: the network itself. Step by step, you'll learn all the basics you need. No experience needed: must know how to type and copy/paste.","updated_timestamp":{"seconds":1659455340,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49384,"village_id":19,"tag_ids":[40261,45363,45365,45373,45450],"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"includes":"","people":[],"tags":"Walkthrough Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"updated":"2022-08-02T15:49:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Is regex a mystery to you? We've got your back at the Packet Hacking Village. Our new interactive REGEX Trainer will walk you through learning then doing, giving you a full understanding of how Regular Expressions work.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d68a9d","updated_at":"2024-06-07T03:39+0000","name":"Packet Hacking Village","id":45363},"title":"RegEx Trainer","end_timestamp":{"seconds":1660507200,"nanoseconds":0},"android_description":"Is regex a mystery to you? We've got your back at the Packet Hacking Village. Our new interactive REGEX Trainer will walk you through learning then doing, giving you a full understanding of how Regular Expressions work.","updated_timestamp":{"seconds":1659455340,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49382,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"tag_ids":[40261,45363,45365,45373,45450],"village_id":19,"includes":"","people":[],"tags":"Walkthrough Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"begin":"2022-08-14T17:00:00.000-0000","updated":"2022-08-02T15:49:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"New this year at DEF CON! Are you new to hacking? Want to learn Linux? We have a workshop for you! Interactive style training will teach you the basics of this operating system step by step so you can start your journey.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d68a9d","updated_at":"2024-06-07T03:39+0000","name":"Packet Hacking Village","id":45363},"title":"Linux Trainer","android_description":"New this year at DEF CON! Are you new to hacking? Want to learn Linux? We have a workshop for you! Interactive style training will teach you the basics of this operating system step by step so you can start your journey.","end_timestamp":{"seconds":1660507200,"nanoseconds":0},"updated_timestamp":{"seconds":1659455400,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49380,"tag_ids":[40261,45363,45365,45373,45450],"village_id":19,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"includes":"","people":[],"tags":"Walkthrough Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"begin":"2022-08-14T17:00:00.000-0000","updated":"2022-08-02T15:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"What is a botnet and how does it work? Come to the Packet Hacking Village and we'll teach you! Our workshop covers the basics of setup, operation, and shenanigans. Learn a skill useful for offense and defense in infosec!\n\n\n","title":"Botnet Workshop","type":{"conference_id":65,"conference":"DEFCON30","color":"#d68a9d","updated_at":"2024-06-07T03:39+0000","name":"Packet Hacking Village","id":45363},"end_timestamp":{"seconds":1660507200,"nanoseconds":0},"android_description":"What is a botnet and how does it work? Come to the Packet Hacking Village and we'll teach you! Our workshop covers the basics of setup, operation, and shenanigans. Learn a skill useful for offense and defense in infosec!","updated_timestamp":{"seconds":1659455400,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49378,"village_id":19,"tag_ids":[40261,45363,45365,45373,45450],"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"includes":"","people":[],"tags":"Walkthrough Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"updated":"2022-08-02T15:50:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"New at DEF CON: come play our newest Packet Hacking Village game, HardWired! Don't know how to make a network cable and want to learn? Has it been years? Or do you think you're a pro? Come test your skills against the clock, and make the best cable at con!\n\n\n","title":"HardWired","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d68a9d","name":"Packet Hacking Village","id":45363},"android_description":"New at DEF CON: come play our newest Packet Hacking Village game, HardWired! Don't know how to make a network cable and want to learn? Has it been years? Or do you think you're a pro? Come test your skills against the clock, and make the best cable at con!","end_timestamp":{"seconds":1660507200,"nanoseconds":0},"updated_timestamp":{"seconds":1659455460,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49376,"village_id":19,"tag_ids":[40261,45363,45365,45373,45450],"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"includes":"","people":[],"tags":"Walkthrough Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"spans_timebands":"N","updated":"2022-08-02T15:51:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Capture The Packet is returning to DEF CON! Our legendary cyber defense competition has been a Black Badge contest for over 10 years! Glory and prizes await. Follow this event on Twitter at @Capturetp for the latest information on competition dates and times, as well as prizes.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"title":"Capture The Packet Finals","android_description":"Capture The Packet is returning to DEF CON! Our legendary cyber defense competition has been a Black Badge contest for over 10 years! Glory and prizes await. Follow this event on Twitter at @Capturetp for the latest information on competition dates and times, as well as prizes.","end_timestamp":{"seconds":1660507200,"nanoseconds":0},"updated_timestamp":{"seconds":1659798600,"nanoseconds":0},"speakers":[],"timeband_id":893,"end":"2022-08-14T20:00:00.000-0000","links":[{"label":"Twitter","type":"link","url":"https://twitter.com/Capturetp"},{"label":"Website","type":"link","url":"https://capturethepacket.com"}],"id":49373,"village_id":19,"tag_ids":[40261,45359,45360,45373,45450],"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"includes":"","people":[],"tags":"Competition","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"spans_timebands":"N","begin":"2022-08-14T17:00:00.000-0000","updated":"2022-08-06T15:10:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"A handcrafted IoT challenge that will put your skills to the test. Be prepared to hack devices over bluetooth low energy, break into Wi-Fi networks, and exploit binaries. If you avoid the deadly sharks and laser beams you may be able to access smart locks, conduct electronic warfare, and fly drones.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d17648","name":"IoT Village","id":45356},"title":"Drone Hack","end_timestamp":{"seconds":1660507200,"nanoseconds":0},"android_description":"A handcrafted IoT challenge that will put your skills to the test. Be prepared to hack devices over bluetooth low energy, break into Wi-Fi networks, and exploit binaries. If you avoid the deadly sharks and laser beams you may be able to access smart locks, conduct electronic warfare, and fly drones.","updated_timestamp":{"seconds":1659392100,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49336,"tag_ids":[40275,45332,45356,45450],"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"village_id":16,"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 311, 320 (IoT Village)","hotel":"","short_name":"311, 320 (IoT Village)","id":45424},"spans_timebands":"N","updated":"2022-08-01T22:15:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Hardware hacking with Rapid7! Rapid7 guided exercises will lead you through the hands-on hardware hacking process to gain root level access to embedded IoT technology. This series of exercises will cover multiple steps including embedded multimedia controller (eMMC) interaction, making binary images copies of flash, interaction with read only squash files systems to unpack and repack systems, and altering startup files systems within the devices’ file system to allow you to eventually gain root level access over SSH.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d17648","updated_at":"2024-06-07T03:39+0000","name":"IoT Village","id":45356},"title":"Hands on Hardware Hacking – eMMC to Root","end_timestamp":{"seconds":1660507200,"nanoseconds":0},"android_description":"Hardware hacking with Rapid7! Rapid7 guided exercises will lead you through the hands-on hardware hacking process to gain root level access to embedded IoT technology. This series of exercises will cover multiple steps including embedded multimedia controller (eMMC) interaction, making binary images copies of flash, interaction with read only squash files systems to unpack and repack systems, and altering startup files systems within the devices’ file system to allow you to eventually gain root level access over SSH.","updated_timestamp":{"seconds":1659391980,"nanoseconds":0},"speakers":[{"content_ids":[49262],"conference_id":65,"event_ids":[49323,49333,49334],"name":"Deral Heiland","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48692}],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49334,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"tag_ids":[40275,45332,45356,45450],"village_id":16,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48692}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 311, 320 (IoT Village)","hotel":"","short_name":"311, 320 (IoT Village)","id":45424},"updated":"2022-08-01T22:13:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"IoT Hacking 101 is a set of quick, hands-on labs developed to teach the tools techniques for discovering and exploiting some of the common weaknesses found in loT devices today. Whether you're a pentester that has never hacked loT devices or even someone that has never hacked anything (!), these self-guided labs will walk you through all the steps in order to successfully pwn loT.\n\n\n","title":"Hands on hacking labs","type":{"conference_id":65,"conference":"DEFCON30","color":"#d17648","updated_at":"2024-06-07T03:39+0000","name":"IoT Village","id":45356},"android_description":"IoT Hacking 101 is a set of quick, hands-on labs developed to teach the tools techniques for discovering and exploiting some of the common weaknesses found in loT devices today. Whether you're a pentester that has never hacked loT devices or even someone that has never hacked anything (!), these self-guided labs will walk you through all the steps in order to successfully pwn loT.","end_timestamp":{"seconds":1660507200,"nanoseconds":0},"updated_timestamp":{"seconds":1659391920,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49332,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"village_id":16,"tag_ids":[40275,45332,45356,45450],"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 311, 320 (IoT Village)","hotel":"","short_name":"311, 320 (IoT Village)","id":45424},"updated":"2022-08-01T22:12:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Dive into hacking challenges with HTB at the IoT Village DEFCON 30 CTF. “House Edge” is a themed CTF challenge that aims to have the players travel through a mission inside a space casino with the final goal of accessing a safe box to retrieve its contents. Each challenge is a standalone and does not require to have solved any other challenges. That said, the content is structured in a specific order that helps facilitate the scenario, which at a high level can be broken down into the following side-tasks of the mission:\r\n\r\nGain access to the main security system to avoid being identified\r\nSteal RFID credentials of the reads in the open areas to gain access to restricted areas\r\nDisable the additional motion sensors in the restricted areas to avoid triggering an alarm\r\nOpen a safe box and retrieve its contents.\n\n\n","title":"IoT Village CTF Challenges","type":{"conference_id":65,"conference":"DEFCON30","color":"#d17648","updated_at":"2024-06-07T03:39+0000","name":"IoT Village","id":45356},"end_timestamp":{"seconds":1660507200,"nanoseconds":0},"android_description":"Dive into hacking challenges with HTB at the IoT Village DEFCON 30 CTF. “House Edge” is a themed CTF challenge that aims to have the players travel through a mission inside a space casino with the final goal of accessing a safe box to retrieve its contents. Each challenge is a standalone and does not require to have solved any other challenges. That said, the content is structured in a specific order that helps facilitate the scenario, which at a high level can be broken down into the following side-tasks of the mission:\r\n\r\nGain access to the main security system to avoid being identified\r\nSteal RFID credentials of the reads in the open areas to gain access to restricted areas\r\nDisable the additional motion sensors in the restricted areas to avoid triggering an alarm\r\nOpen a safe box and retrieve its contents.","updated_timestamp":{"seconds":1659403440,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49330,"tag_ids":[40275,45356,45358,45450],"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"village_id":16,"includes":"","people":[],"tags":"CTF","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 311, 320 (IoT Village)","hotel":"","short_name":"311, 320 (IoT Village)","id":45424},"spans_timebands":"N","updated":"2022-08-02T01:24:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The IoT Village CTF has over 30+ devices and challenges to find and exploit vulnerabilities in real IoT devices. Players, or teams up to 6 people, can register and compete against one another to win great prizes!. With an overall focus on real-life consequences, this year's CTF is the newest and best IoT Village CTF yet! The challenges will require creative thinking, knowledge in networking, and competency in exploit development to claim the top prize. Prizes will be awarded to the top 3 teams/players at the end of the event\r\n\r\n*****\r\n\r\nIoT Village Hacking CTF is hosted in IoT Village, teams of 1-6 players access a local network filled with IoT devices primed to be exploited. You will compete against others by successfully exploiting real IoT products and finding the hidden flags in each. The hacking contest features more than 30 real-world, vulnerable IoT devices.\r\n\r\nThis event has been redesigned to include challenges which highlight tangible impacts when exploiting real vulnerabilities on real IoT devices. Hidden in the network are devices which require advanced skills to exploit or require creative attack chaining to find the flag. Players will encounter unique hacking scenarios like, exfiltrating files off a NAS to find “clues” or bypassing a router firewall to access a camera on a hidden network to “see” a flag. Prepare to outwit, see, sneak, move, and listen your way through these hidden scenarios which have a cyber-physical effect.\r\n\r\nThe IoT devices in the contest are not simulated and do not contain contrived/made-up vulnerabilities. Competitors must figure out what real-world vulnerabilities exist in these devices and exploit them to get a shell and find the flag. This is what makes the IoT Village CTF special.\r\n\r\nThis 3-time DEF CON Black Badge awarded contest CTF is open to anyone! Our contest provides a wonderful experience to learn more about security and test your skills, and the IoT CTF provides the most realistic hacking experience around!\r\n\r\nA few devices are approachable for entry level people to experience getting their first root shell, but to win this CTF your team must perform detailed network reconnaissance, lateral pivoting, vulnerability research, hardware hacking, firmware analysis, reverse engineering, and exploit development.\r\n\r\nSo, join a team (or even by yourself) and compete for fun and prizes! Exploit as many as you can during the con and the top three teams will be rewarded.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"title":"IoT Village CTF (the CTF formally known as SOHOplessly Broken)","android_description":"The IoT Village CTF has over 30+ devices and challenges to find and exploit vulnerabilities in real IoT devices. Players, or teams up to 6 people, can register and compete against one another to win great prizes!. With an overall focus on real-life consequences, this year's CTF is the newest and best IoT Village CTF yet! The challenges will require creative thinking, knowledge in networking, and competency in exploit development to claim the top prize. Prizes will be awarded to the top 3 teams/players at the end of the event\r\n\r\n*****\r\n\r\nIoT Village Hacking CTF is hosted in IoT Village, teams of 1-6 players access a local network filled with IoT devices primed to be exploited. You will compete against others by successfully exploiting real IoT products and finding the hidden flags in each. The hacking contest features more than 30 real-world, vulnerable IoT devices.\r\n\r\nThis event has been redesigned to include challenges which highlight tangible impacts when exploiting real vulnerabilities on real IoT devices. Hidden in the network are devices which require advanced skills to exploit or require creative attack chaining to find the flag. Players will encounter unique hacking scenarios like, exfiltrating files off a NAS to find “clues” or bypassing a router firewall to access a camera on a hidden network to “see” a flag. Prepare to outwit, see, sneak, move, and listen your way through these hidden scenarios which have a cyber-physical effect.\r\n\r\nThe IoT devices in the contest are not simulated and do not contain contrived/made-up vulnerabilities. Competitors must figure out what real-world vulnerabilities exist in these devices and exploit them to get a shell and find the flag. This is what makes the IoT Village CTF special.\r\n\r\nThis 3-time DEF CON Black Badge awarded contest CTF is open to anyone! Our contest provides a wonderful experience to learn more about security and test your skills, and the IoT CTF provides the most realistic hacking experience around!\r\n\r\nA few devices are approachable for entry level people to experience getting their first root shell, but to win this CTF your team must perform detailed network reconnaissance, lateral pivoting, vulnerability research, hardware hacking, firmware analysis, reverse engineering, and exploit development.\r\n\r\nSo, join a team (or even by yourself) and compete for fun and prizes! Exploit as many as you can during the con and the top three teams will be rewarded.","end_timestamp":{"seconds":1660507200,"nanoseconds":0},"updated_timestamp":{"seconds":1659669300,"nanoseconds":0},"speakers":[],"timeband_id":893,"end":"2022-08-14T20:00:00.000-0000","links":[{"label":"Website","type":"link","url":"https://www.iotvillage.org/#yolo"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/240953"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711644307597164665"},{"label":"Twitter","type":"link","url":"https://twitter.com/IoTvillage"}],"id":49327,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"village_id":16,"tag_ids":[40275,45358,45360,45450],"includes":"","people":[],"tags":"CTF","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 311, 320 (IoT Village)","hotel":"","short_name":"311, 320 (IoT Village)","id":45424},"spans_timebands":"N","begin":"2022-08-14T17:00:00.000-0000","updated":"2022-08-05T03:15:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Can you restore the Aerospace Village runway lighting system? IntelliGenesis will be holding a mini-Hack the Airport that is designed to showcase the impact of a cyber-attack on critical infrastructure commercial or government facilities; specifically, Aviation Control Systems. Transportation Systems is one of the 16 Cybersecurity and Infrastructure Agency Critical Infrastructure Sectors for the US. There is a hyper focus on cybersecurity surrounding airports and the critical infrastructure systems supporting aviation operations. Come on over and give it an attempt, there will be 4 stages culminating in restoring the lighting system so that the village can begin landing and launching aircraft. All levels of experience can participate.\r\n\r\nSignups: beginning Monday 8/8 – but not required to participate\n\n\n","title":"Hack the Airport with Intelligenesis","type":{"conference_id":65,"conference":"DEFCON30","color":"#f5eab2","updated_at":"2024-06-07T03:39+0000","name":"Aerospace Village","id":45357},"android_description":"Can you restore the Aerospace Village runway lighting system? IntelliGenesis will be holding a mini-Hack the Airport that is designed to showcase the impact of a cyber-attack on critical infrastructure commercial or government facilities; specifically, Aviation Control Systems. Transportation Systems is one of the 16 Cybersecurity and Infrastructure Agency Critical Infrastructure Sectors for the US. There is a hyper focus on cybersecurity surrounding airports and the critical infrastructure systems supporting aviation operations. Come on over and give it an attempt, there will be 4 stages culminating in restoring the lighting system so that the village can begin landing and launching aircraft. All levels of experience can participate.\r\n\r\nSignups: beginning Monday 8/8 – but not required to participate","end_timestamp":{"seconds":1660507200,"nanoseconds":0},"updated_timestamp":{"seconds":1659379260,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49317,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"village_id":2,"tag_ids":[40247,45357,45358,45450],"includes":"","people":[],"tags":"CTF","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","updated":"2022-08-01T18:41:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Red Balloon Security will provide satellite modems as well as a small satellite for the modems to communicate with. We will provide support and training at the event to help people work through all steps of the challenges using OFRAK. OFRAK (Open Firmware Reverse Analysis Konsole) combines the ability to unpack, analyze, modify, and repack binaries & firmware in a single application. PWNSAT CHALLENGE \r\nParticipants will analyze and modify the modem firmware with the goal of successfully patching in shellcode to send malicious commands to the CubeSat to make it spin. Modifications may include – disabling firewall, finding credentials, and shellcode writing + injection. Winners with the most interesting CubeSat spin results will be rewarded with a prize. \r\n\r\nSAFE SPACE: SATELLITE CONTROL PATCHING \r\nIn this challenge, participants will have the opportunity to construct and apply a patch modeled after a real world bug detected in spacecrafts. The challenge will be to understand and patch code that’s trying to solve an equation, but has a bug that makes the satellite unusable. We provide guidance on how to identify the mistake and present multiple approaches in increasing degrees of patching complexity.\n\n\n","title":"Red Balloon Failsat Challenges","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#f5eab2","name":"Aerospace Village","id":45357},"android_description":"Red Balloon Security will provide satellite modems as well as a small satellite for the modems to communicate with. We will provide support and training at the event to help people work through all steps of the challenges using OFRAK. OFRAK (Open Firmware Reverse Analysis Konsole) combines the ability to unpack, analyze, modify, and repack binaries & firmware in a single application. PWNSAT CHALLENGE \r\nParticipants will analyze and modify the modem firmware with the goal of successfully patching in shellcode to send malicious commands to the CubeSat to make it spin. Modifications may include – disabling firewall, finding credentials, and shellcode writing + injection. Winners with the most interesting CubeSat spin results will be rewarded with a prize. \r\n\r\nSAFE SPACE: SATELLITE CONTROL PATCHING \r\nIn this challenge, participants will have the opportunity to construct and apply a patch modeled after a real world bug detected in spacecrafts. The challenge will be to understand and patch code that’s trying to solve an equation, but has a bug that makes the satellite unusable. We provide guidance on how to identify the mistake and present multiple approaches in increasing degrees of patching complexity.","end_timestamp":{"seconds":1660503600,"nanoseconds":0},"updated_timestamp":{"seconds":1659379260,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T19:00:00.000-0000","id":49315,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"tag_ids":[40247,45357,45359,45450],"village_id":2,"includes":"","people":[],"tags":"Competition","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","updated":"2022-08-01T18:41:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Satellite communications are used by millions of people every day. From television broadcasts to internet services, satellites bring connectivity beyond the reach of wired infrastructure. In this lab, you’ll learn about one of the most popular satellite communications protocols – DVB-S (Digital Video Broadcasting for Satellite) – and how anyone with inexpensive radio equipment and freely available software can intercept and listen to these signals.\r\n\r\nRequired gear: none!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#f5eab2","name":"Aerospace Village","id":45357},"title":"Satellite Eavesdropping with DDS","android_description":"Satellite communications are used by millions of people every day. From television broadcasts to internet services, satellites bring connectivity beyond the reach of wired infrastructure. In this lab, you’ll learn about one of the most popular satellite communications protocols – DVB-S (Digital Video Broadcasting for Satellite) – and how anyone with inexpensive radio equipment and freely available software can intercept and listen to these signals.\r\n\r\nRequired gear: none!","end_timestamp":{"seconds":1660507200,"nanoseconds":0},"updated_timestamp":{"seconds":1659379260,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49312,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"village_id":2,"tag_ids":[40247,45332,45357,45450],"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"updated":"2022-08-01T18:41:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Hack the Airfield is broken down into two primary components, the aircraft and the system used to locate and find them.\r\n\r\nBRICKS IN THE AIR\r\nLearn how avionics systems work in a safe and fun way in our Bricks in the Air workshop that simulates an environment requiring similar approaches to hacking on actual aviation buses without using any of the real hardware, protocols, or commands. Challengers can freely play and develop skills without worrying about legalities or sensitivities of real systems.\r\n\r\nSPOOFING ADS-B\r\nADS-B is the latest version of Identify Friend or Foe (IFF), which is the common name for cooperative radar surveillance of aircraft. Unlike traditional IFF, in ADS-B the aircraft periodically sends a broadcast out roughly every half second to alert all nearby receivers of its current location. These broadcasts are unencrypted and fairly easy to spoof, allowing anyone to create as many aircraft as they want. Stop by the workshop and learn what it takes to spoof fake aircraft into the system used to track them.\r\n\r\nRequired gear: none!\n\n\n","title":"Hack the Airfield with DDS","type":{"conference_id":65,"conference":"DEFCON30","color":"#f5eab2","updated_at":"2024-06-07T03:39+0000","name":"Aerospace Village","id":45357},"android_description":"Hack the Airfield is broken down into two primary components, the aircraft and the system used to locate and find them.\r\n\r\nBRICKS IN THE AIR\r\nLearn how avionics systems work in a safe and fun way in our Bricks in the Air workshop that simulates an environment requiring similar approaches to hacking on actual aviation buses without using any of the real hardware, protocols, or commands. Challengers can freely play and develop skills without worrying about legalities or sensitivities of real systems.\r\n\r\nSPOOFING ADS-B\r\nADS-B is the latest version of Identify Friend or Foe (IFF), which is the common name for cooperative radar surveillance of aircraft. Unlike traditional IFF, in ADS-B the aircraft periodically sends a broadcast out roughly every half second to alert all nearby receivers of its current location. These broadcasts are unencrypted and fairly easy to spoof, allowing anyone to create as many aircraft as they want. Stop by the workshop and learn what it takes to spoof fake aircraft into the system used to track them.\r\n\r\nRequired gear: none!","end_timestamp":{"seconds":1660507200,"nanoseconds":0},"updated_timestamp":{"seconds":1659379260,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49310,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"village_id":2,"tag_ids":[40247,45332,45357,45450],"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","updated":"2022-08-01T18:41:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Hack-A-Sat team is working hard to build the next competition platform for the Hack-A-Sat 3 (HAS3) Finals competition, where space math, hacking, and satellite operations are interwoven into a realistic space CTF environment. We will be demoing the HAS3 digital twin satellite in the Aerospace Village for participants to experience basic satellite command & control operations and flight software exploitation with two challenges created specifically for DEF CON. This year’s digital twin brings new tools, processor architecture, and physics simulation capabilities that we will be unveiling for the first time.\r\n\r\nRequired gear: We are hosting the demo on our own hardware so all you need to bring is your own desire to “Learn. Space. Faster”.\r\n\r\nSignups: first come first serve, come by the Aerospace Village during its normal operating hours!\n\n\n","title":"Hack-A-Sat Digital Twin Workshop","type":{"conference_id":65,"conference":"DEFCON30","color":"#f5eab2","updated_at":"2024-06-07T03:39+0000","name":"Aerospace Village","id":45357},"android_description":"The Hack-A-Sat team is working hard to build the next competition platform for the Hack-A-Sat 3 (HAS3) Finals competition, where space math, hacking, and satellite operations are interwoven into a realistic space CTF environment. We will be demoing the HAS3 digital twin satellite in the Aerospace Village for participants to experience basic satellite command & control operations and flight software exploitation with two challenges created specifically for DEF CON. This year’s digital twin brings new tools, processor architecture, and physics simulation capabilities that we will be unveiling for the first time.\r\n\r\nRequired gear: We are hosting the demo on our own hardware so all you need to bring is your own desire to “Learn. Space. Faster”.\r\n\r\nSignups: first come first serve, come by the Aerospace Village during its normal operating hours!","end_timestamp":{"seconds":1660507200,"nanoseconds":0},"updated_timestamp":{"seconds":1659379200,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49306,"village_id":2,"tag_ids":[40247,45332,45357,45450],"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","updated":"2022-08-01T18:40:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Come take the controls of Pen Test Partners’ immersive A320 simulator. Experience the effects of tampered electronic flight bag data on take-off and landing, TCAS spoofing and more all in the safety of the sim. You’ll see how experienced pilots would deal with these incidents and mitigate risk to passengers and the airplane.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#f5eab2","name":"Aerospace Village","id":45357},"title":"Pen Test Partners A320 Simulator","android_description":"Come take the controls of Pen Test Partners’ immersive A320 simulator. Experience the effects of tampered electronic flight bag data on take-off and landing, TCAS spoofing and more all in the safety of the sim. You’ll see how experienced pilots would deal with these incidents and mitigate risk to passengers and the airplane.","end_timestamp":{"seconds":1660503600,"nanoseconds":0},"updated_timestamp":{"seconds":1659379200,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T19:00:00.000-0000","id":49303,"tag_ids":[40247,45341,45357,45450],"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"village_id":2,"includes":"","people":[],"tags":"Village Event","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","begin":"2022-08-14T17:00:00.000-0000","updated":"2022-08-01T18:40:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"His method is able to create a no-fly area by spreading signals that can display the coordinates of any selected area as airport GPS coordinates with multiple HackRF. With this method, you can ensure security and privacy by closing the desired areas from public areas such as homes, workplaces etc.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#f5eab2","updated_at":"2024-06-07T03:39+0000","name":"Aerospace Village","id":45357},"title":"Self No-Fly Area Designing for UAV","android_description":"His method is able to create a no-fly area by spreading signals that can display the coordinates of any selected area as airport GPS coordinates with multiple HackRF. With this method, you can ensure security and privacy by closing the desired areas from public areas such as homes, workplaces etc.","end_timestamp":{"seconds":1660497900,"nanoseconds":0},"updated_timestamp":{"seconds":1659379440,"nanoseconds":0},"speakers":[{"content_ids":[49241],"conference_id":65,"event_ids":[49284],"name":"Utku Yildirim","affiliations":[{"organization":"Hoffmann Cybersecurity Netherlands","title":"Red Teamer / Penetration Tester"}],"links":[],"pronouns":null,"media":[],"id":48688,"title":"Red Teamer / Penetration Tester at Hoffmann Cybersecurity Netherlands"}],"timeband_id":893,"links":[],"end":"2022-08-14T17:25:00.000-0000","id":49284,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"village_id":2,"tag_ids":[40247,45340,45357,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48688}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","begin":"2022-08-14T17:00:00.000-0000","updated":"2022-08-01T18:44:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Ever want to take your rig off-grid powered by only the sun an a variety of batteries? This talk will discuss how to operate low power off the grid indefinitely as well as considerations to make on batteries. We'll talk power, cables, batteries, crimping and more. Every ham has unique use cases, and this talk will allow you to tailor your kit to your off-grid needs!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ed8d99","name":"Ham Radio Village","id":45355},"title":"Off the grid - Supplying your own power","end_timestamp":{"seconds":1660498200,"nanoseconds":0},"android_description":"Ever want to take your rig off-grid powered by only the sun an a variety of batteries? This talk will discuss how to operate low power off the grid indefinitely as well as considerations to make on batteries. We'll talk power, cables, batteries, crimping and more. Every ham has unique use cases, and this talk will allow you to tailor your kit to your off-grid needs!","updated_timestamp":{"seconds":1659309120,"nanoseconds":0},"speakers":[{"content_ids":[49218,49232,49662],"conference_id":65,"event_ids":[49275,49259,49850],"name":"Eric Escobar","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/EricEscobar"}],"media":[],"id":48669}],"timeband_id":893,"links":[],"end":"2022-08-14T17:30:00.000-0000","id":49259,"village_id":13,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"tag_ids":[40256,45340,45355,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48669}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City II (Ham Radio Village Activities)","hotel":"","short_name":"Virginia City II (Ham Radio Village Activities)","id":45489},"updated":"2022-07-31T23:12:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"These are the *general* operating hours for villages, across all locations. Refer to each village's location to see their specific hours or activities.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#77d8b8","updated_at":"2024-06-07T03:39+0000","name":"Misc","id":45342},"title":"Village Areas Open (Generally)","end_timestamp":{"seconds":1660514400,"nanoseconds":0},"android_description":"These are the *general* operating hours for villages, across all locations. Refer to each village's location to see their specific hours or activities.","updated_timestamp":{"seconds":1659313320,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T22:00:00.000-0000","id":49233,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"tag_ids":[45342,45373],"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Other/See Description","hotel":"","short_name":"Other/See Description","id":45329},"begin":"2022-08-14T17:00:00.000-0000","updated":"2022-08-01T00:22:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"This is when you can go visit our awesome vendors. \r\n\r\nWe don't know whether they will be accepting cash or cards. That's up to each vendor, and we do not have a list.\n\n\n","title":"Vendor Area Open","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#77d8b8","name":"Misc","id":45342},"android_description":"This is when you can go visit our awesome vendors. \r\n\r\nWe don't know whether they will be accepting cash or cards. That's up to each vendor, and we do not have a list.","end_timestamp":{"seconds":1660518000,"nanoseconds":0},"updated_timestamp":{"seconds":1660320240,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T23:00:00.000-0000","id":49230,"tag_ids":[45342,45373,45450],"village_id":null,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 130-132, 134 (Vendors)","hotel":"","short_name":"130-132, 134 (Vendors)","id":45448},"spans_timebands":"N","begin":"2022-08-14T17:00:00.000-0000","updated":"2022-08-12T16:04:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Amazon Web Services (AWS) is a complex ecosystem with hundreds of different services. In the case of a security breach or compromised credentials, attackers look for ways to abuse the customer's configuration of services with their compromised credentials, as the credentials are often granted more IAM permissions than is usually needed. Most research to date has focused on the core AWS services, such as , S3, EC2, IAM, CodeBuild, Lambda, KMS, etc. In our research, we present our analysis on a previously overlooked attack surface that is ripe for abuse in the wrong hands - an AWS Service called Amazon AppStream 2.0.\r\nAmazon AppStream 2.0 is a fully managed desktop service that provides users with instant access to their desktop applications from anywhere. Using AppStream 2.0, you can add your desktop applications to a virtual machine and share access to the VM by sharing a link - without requiring any credentials, you can share an image (an attack toolset) with a target account without needing any approval from the other side or attach some privileged role to an image and get those credentials.\r\n\r\nIn this talk, you'll learn about how AppStream works, how misconfigurations and excessive IAM permissions can be abused to compromise your AWS environment and allow attackers to control your entire AWS account. We'll cover tactics such as persistence, lateral movement, exfiltration, social engineering, and privilege escalation. We will also cover the key indicators of compromise for security incidents in AppStream and how to prevent these abuse cases, showing how excessive privileges without great monitoring could become a nightmare in your Cloud Security posture, making possible attackers control your AWS account.\n\n\n","title":"Understanding, Abusing and Monitoring AWS AppStream 2.0","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#7caa57","name":"Cloud Village","id":45350},"android_description":"Amazon Web Services (AWS) is a complex ecosystem with hundreds of different services. In the case of a security breach or compromised credentials, attackers look for ways to abuse the customer's configuration of services with their compromised credentials, as the credentials are often granted more IAM permissions than is usually needed. Most research to date has focused on the core AWS services, such as , S3, EC2, IAM, CodeBuild, Lambda, KMS, etc. In our research, we present our analysis on a previously overlooked attack surface that is ripe for abuse in the wrong hands - an AWS Service called Amazon AppStream 2.0.\r\nAmazon AppStream 2.0 is a fully managed desktop service that provides users with instant access to their desktop applications from anywhere. Using AppStream 2.0, you can add your desktop applications to a virtual machine and share access to the VM by sharing a link - without requiring any credentials, you can share an image (an attack toolset) with a target account without needing any approval from the other side or attach some privileged role to an image and get those credentials.\r\n\r\nIn this talk, you'll learn about how AppStream works, how misconfigurations and excessive IAM permissions can be abused to compromise your AWS environment and allow attackers to control your entire AWS account. We'll cover tactics such as persistence, lateral movement, exfiltration, social engineering, and privilege escalation. We will also cover the key indicators of compromise for security incidents in AppStream and how to prevent these abuse cases, showing how excessive privileges without great monitoring could become a nightmare in your Cloud Security posture, making possible attackers control your AWS account.","end_timestamp":{"seconds":1660498800,"nanoseconds":0},"updated_timestamp":{"seconds":1659283200,"nanoseconds":0},"speakers":[{"content_ids":[49180],"conference_id":65,"event_ids":[49216],"name":"Rodrigo Montoro","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/spookerlabs"}],"media":[],"id":48634}],"timeband_id":893,"links":[],"end":"2022-08-14T17:40:00.000-0000","id":49216,"tag_ids":[40252,45340,45350,45451],"village_id":9,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48634}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Cloud Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Cloud Village)","id":45431},"begin":"2022-08-14T17:00:00.000-0000","updated":"2022-07-31T16:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#77d8b8","updated_at":"2024-06-07T03:39+0000","name":"Misc","id":45342},"title":"Human Registration Open","android_description":"","end_timestamp":{"seconds":1660518000,"nanoseconds":0},"updated_timestamp":{"seconds":1659150840,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T23:00:00.000-0000","id":49145,"tag_ids":[45342,45373,45450],"village_id":null,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 102","hotel":"","short_name":"102","id":45522},"begin":"2022-08-14T17:00:00.000-0000","updated":"2022-07-30T03:14:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Solder Skills Village - Open","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#c5e58e","name":"Soldering Skills Village","id":45339},"end_timestamp":{"seconds":1660507200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659142500,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49142,"village_id":32,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"tag_ids":[40274,45339,45341,45373,45451],"includes":"","people":[],"tags":"Village Event","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45440,"name":"Flamingo - Exec Conf Ctr - Red Rock I, II, III, IV, V (Solder Skills Village)","hotel":"","short_name":"Red Rock I, II, III, IV, V (Solder Skills Village)","id":45425},"spans_timebands":"N","begin":"2022-08-14T17:00:00.000-0000","updated":"2022-07-30T00:55:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Hardware Hacking Village - Open","type":{"conference_id":65,"conference":"DEFCON30","color":"#dc99bf","updated_at":"2024-06-07T03:39+0000","name":"Hardware Hacking Village","id":45338},"android_description":"","end_timestamp":{"seconds":1660507200,"nanoseconds":0},"updated_timestamp":{"seconds":1659142440,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T20:00:00.000-0000","id":49139,"tag_ids":[40257,45338,45341,45373,45451],"village_id":14,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"includes":"","people":[],"tags":"Village Event","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45440,"name":"Flamingo - Exec Conf Ctr - Red Rock VI, VII, VII (Hardware Hacking Village)","hotel":"","short_name":"Red Rock VI, VII, VII (Hardware Hacking Village)","id":45422},"begin":"2022-08-14T17:00:00.000-0000","updated":"2022-07-30T00:54:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"This is your last chance to pickup your drives whether they're finished or not. Get here before 11:00am on Sunday as any drives left behind are considered donations.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#ef47d8","updated_at":"2024-06-07T03:39+0000","name":"Data Duplication Village","id":45328},"title":"Last chance to pick up drives at the DDV","android_description":"This is your last chance to pickup your drives whether they're finished or not. Get here before 11:00am on Sunday as any drives left behind are considered donations.","end_timestamp":{"seconds":1660500000,"nanoseconds":0},"updated_timestamp":{"seconds":1659070200,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T18:00:00.000-0000","id":49003,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"village_id":11,"tag_ids":[40254,45328,45373,45451],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45440,"name":"Flamingo - Exec Conf Ctr - Lake Meade and Valley of Fire (Data Duplication Village)","hotel":"","short_name":"Lake Meade and Valley of Fire (Data Duplication Village)","id":45423},"spans_timebands":"N","updated":"2022-07-29T04:50:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Every year, delivering effective cyber security policies becomes more urgent, and more complicated. These challenges are becoming more international. Just thinking about product security for IoT; consumers are buying more smart products through online marketplaces, supply chains are becoming more complex and overly reliant on online marketplaces , that often exist outside of the remit for existing legislation. Meanwhile, the vast majority of consumers simply don’t know what to look for to assess security. The problem isn’t just security, but it is one of market failure.\n \nIn the policy space, it also feels like there is a market failure at play. Security researchers want to feed into policy makers’ approaches, and civil servants (many of whom are generalists) need technical experts to help them assess lobbying and design proportionate plans.\n \nThe OECD exists to promote ‘better policies for better lives’. We support civil servants around the world, and would like to offer opportunities for the security research community to feed in at a broader scale. This will be a working session, with a particular focus on product security (including IoT) and the challenges facing the security research community in the handling of vulnerabilities.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ab59db","name":"Policy@DEF CON Content","id":45311},"title":"Better Policies for Better Lives: Hacker Input to international policy challenges","android_description":"Every year, delivering effective cyber security policies becomes more urgent, and more complicated. These challenges are becoming more international. Just thinking about product security for IoT; consumers are buying more smart products through online marketplaces, supply chains are becoming more complex and overly reliant on online marketplaces , that often exist outside of the remit for existing legislation. Meanwhile, the vast majority of consumers simply don’t know what to look for to assess security. The problem isn’t just security, but it is one of market failure.\n \nIn the policy space, it also feels like there is a market failure at play. Security researchers want to feed into policy makers’ approaches, and civil servants (many of whom are generalists) need technical experts to help them assess lobbying and design proportionate plans.\n \nThe OECD exists to promote ‘better policies for better lives’. We support civil servants around the world, and would like to offer opportunities for the security research community to feed in at a broader scale. This will be a working session, with a particular focus on product security (including IoT) and the challenges facing the security research community in the handling of vulnerabilities.","end_timestamp":{"seconds":1660502700,"nanoseconds":0},"updated_timestamp":{"seconds":1658982480,"nanoseconds":0},"speakers":[{"content_ids":[48893],"conference_id":65,"event_ids":[48893],"name":"Peter Stephens","affiliations":[{"organization":"","title":"Policy Advisor for CyberSecurity, Organisation for Economic Co-operation and Development (OECD)"}],"links":[],"pronouns":null,"media":[],"id":48315,"title":"Policy Advisor for CyberSecurity, Organisation for Economic Co-operation and Development (OECD)"}],"timeband_id":893,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242797"}],"end":"2022-08-14T18:45:00.000-0000","id":48893,"tag_ids":[40265,45311,45373,45450],"village_id":23,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48315}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 226-227 - Policy Roundtable","hotel":"","short_name":"226-227 - Policy Roundtable","id":45465},"spans_timebands":"N","updated":"2022-07-28T04:28:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Join the Atlantic Council's Cyber Statecraft Initiative and DefCon Policy Track Initiative for a discussion on the strategic urgency behind better vulnerability disclosure. The session will focus on why the US and allied states need to take steps to make vulnerability disclosure easier, motivating the discussion with results from a study of the effects of a recently passed Chinese law on vulnerability disclosure.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#ab59db","updated_at":"2024-06-07T03:39+0000","name":"Policy@DEF CON Content","id":45311},"title":"Improving International Vulnerability Disclosure: Why the US and Allies Have to Get Serious","end_timestamp":{"seconds":1660502700,"nanoseconds":0},"android_description":"Join the Atlantic Council's Cyber Statecraft Initiative and DefCon Policy Track Initiative for a discussion on the strategic urgency behind better vulnerability disclosure. The session will focus on why the US and allied states need to take steps to make vulnerability disclosure easier, motivating the discussion with results from a study of the effects of a recently passed Chinese law on vulnerability disclosure.","updated_timestamp":{"seconds":1658982480,"nanoseconds":0},"speakers":[{"content_ids":[48536,48894],"conference_id":65,"event_ids":[48529,48888],"name":"Stewart Scott","affiliations":[{"organization":"Cyber Statecraft Initiative, Atlantic Council","title":"Assistant Director"}],"links":[{"description":"","title":"Profile","sort_order":0,"url":"https://www.atlanticcouncil.org/expert/stewart-scott/"}],"pronouns":null,"media":[],"id":47845,"title":"Assistant Director at Cyber Statecraft Initiative, Atlantic Council"},{"content_ids":[48894],"conference_id":65,"event_ids":[48888],"name":"Christopher Robinson","affiliations":[{"organization":"","title":"Intel"}],"links":[],"pronouns":null,"media":[],"id":48317,"title":"Intel"}],"timeband_id":893,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242803"}],"end":"2022-08-14T18:45:00.000-0000","id":48888,"begin_timestamp":{"seconds":1660496400,"nanoseconds":0},"village_id":23,"tag_ids":[40265,45311,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48317},{"tag_id":565,"sort_order":1,"person_id":47845}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 224-225 - Policy Collaboratorium","hotel":"","short_name":"224-225 - Policy Collaboratorium","id":45464},"spans_timebands":"N","updated":"2022-07-28T04:28:00.000-0000","begin":"2022-08-14T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"https://www.se.community/research-cold-calls/\n\n\n","title":"Research and Cold Calls","type":{"conference_id":65,"conference":"DEFCON30","color":"#504dd0","updated_at":"2024-06-07T03:39+0000","name":"Social Engineering Community Village","id":45370},"end_timestamp":{"seconds":1660500000,"nanoseconds":0},"android_description":"https://www.se.community/research-cold-calls/","updated_timestamp":{"seconds":1659504360,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T18:00:00.000-0000","id":49503,"begin_timestamp":{"seconds":1660494600,"nanoseconds":0},"tag_ids":[40273,45370,45371,45453],"village_id":31,"includes":"","people":[],"tags":"Activity","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social A (Social Engineering Community)","hotel":"","short_name":"Social A (Social Engineering Community)","id":45418},"spans_timebands":"N","updated":"2022-08-03T05:26:00.000-0000","begin":"2022-08-14T16:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"We all know that person who never brushes their teeth, but seems never to get drilled in the dentist's chair. Why are they special? We also know the person who no matter how diligent they are with oral hygiene is constantly in the dentist's office. Why are they unlucky? The most common infectious disease in humans is dental caries, commonly referred to as cavities. This has plagued humanity since it became a species, and continues to this day. It disproportionately is suffered by those in the lower socioeconomic classes and in the global south. Conventional wisdom suggests that all that is needed is a good tooth-brushing regimen, and everything will be fine. But we know this is false. We now know that the cavity phenomenon is modulated by bacteria, and now that we can manipulate the genetic material of bacteria, we can eliminate this disease. Come see how we did it, get the new genetically modified bacteria which is the cure for yourself, and help save teeth all over the world.\n\n\n","title":"Eradicating Disease With BioTerrorism","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#a8c24b","name":"Skytalk","id":45291},"end_timestamp":{"seconds":1660497600,"nanoseconds":0},"android_description":"We all know that person who never brushes their teeth, but seems never to get drilled in the dentist's chair. Why are they special? We also know the person who no matter how diligent they are with oral hygiene is constantly in the dentist's office. Why are they unlucky? The most common infectious disease in humans is dental caries, commonly referred to as cavities. This has plagued humanity since it became a species, and continues to this day. It disproportionately is suffered by those in the lower socioeconomic classes and in the global south. Conventional wisdom suggests that all that is needed is a good tooth-brushing regimen, and everything will be fine. But we know this is false. We now know that the cavity phenomenon is modulated by bacteria, and now that we can manipulate the genetic material of bacteria, we can eliminate this disease. Come see how we did it, get the new genetically modified bacteria which is the cure for yourself, and help save teeth all over the world.","updated_timestamp":{"seconds":1658865600,"nanoseconds":0},"speakers":[{"content_ids":[48720,49014,49027],"conference_id":65,"event_ids":[48727,49017,49030],"name":"Mixæl S. Laufer","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/MichaelSLaufer"}],"pronouns":null,"media":[],"id":47996}],"timeband_id":893,"links":[],"end":"2022-08-14T17:20:00.000-0000","id":48727,"tag_ids":[40272,45291,45340,45373,45453],"village_id":30,"begin_timestamp":{"seconds":1660494600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47996}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45438,"name":"LINQ - BLOQ (SkyTalks 303)","hotel":"","short_name":"BLOQ (SkyTalks 303)","id":45413},"begin":"2022-08-14T16:30:00.000-0000","updated":"2022-07-26T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"DCGVR - Social - No agenda","type":{"conference_id":65,"conference":"DEFCON30","color":"#74a6bb","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Groups VR","id":45449},"android_description":"","end_timestamp":{"seconds":1660525200,"nanoseconds":0},"updated_timestamp":{"seconds":1660256940,"nanoseconds":0},"speakers":[],"timeband_id":893,"end":"2022-08-15T01:00:00.000-0000","links":[{"label":"URL","type":"link","url":"https://account.altvr.com/events/2059997537997160822"}],"id":49943,"tag_ids":[45374,45449],"village_id":null,"begin_timestamp":{"seconds":1660492800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - DEF CON Groups VR","hotel":"","short_name":"DEF CON Groups VR","id":45523},"spans_timebands":"N","begin":"2022-08-14T16:00:00.000-0000","updated":"2022-08-11T22:29:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Security teams nowadays are struggling to contain the risk of software supply chain attacks on their organizations, implementing control of that sort varies from internal controls hardening CI services /hardening developer workstations to demanding compliance to standards from vendors\\contactors.\r\nHowever, one of the places security teams having harder time is in the field of open-source software.\r\n\r\nThe use of third-party software components is part of the modern software development culture with over 90% of engineering teams worldwide building and shipping software that uses external code. While facilitating extreme agility, it also increases the attack surface of organizations as seen in the spike of recent major incidents .\r\nIt’s known in cybersecurity that you must understand the threat you are facing with. In this session, we will do an overview of the software supply chain flow and deep dive into each one’s weak spots. \r\n\r\nWe will also demonstrate the ease of conducting this sort of attack and our point of view as a defenders.\n\n\n","title":"The Simple, Yet Lethal, Anatomy of a Software Supply Chain Attack","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#5978bc","name":"AppSec Village","id":45378},"end_timestamp":{"seconds":1660496400,"nanoseconds":0},"android_description":"Security teams nowadays are struggling to contain the risk of software supply chain attacks on their organizations, implementing control of that sort varies from internal controls hardening CI services /hardening developer workstations to demanding compliance to standards from vendors\\contactors.\r\nHowever, one of the places security teams having harder time is in the field of open-source software.\r\n\r\nThe use of third-party software components is part of the modern software development culture with over 90% of engineering teams worldwide building and shipping software that uses external code. While facilitating extreme agility, it also increases the attack surface of organizations as seen in the spike of recent major incidents .\r\nIt’s known in cybersecurity that you must understand the threat you are facing with. In this session, we will do an overview of the software supply chain flow and deep dive into each one’s weak spots. \r\n\r\nWe will also demonstrate the ease of conducting this sort of attack and our point of view as a defenders.","updated_timestamp":{"seconds":1659917160,"nanoseconds":0},"speakers":[{"content_ids":[49649],"conference_id":65,"event_ids":[49833],"name":"tzachi(Zack) zorenshtain","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/tzachi-zornstain-9701741b9/"}],"pronouns":null,"media":[],"id":49001},{"content_ids":[49649],"conference_id":65,"event_ids":[49833],"name":"Elad Rapoport","affiliations":[],"pronouns":null,"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/elad-rapoport-649162a6/"}],"media":[],"id":49006}],"timeband_id":893,"links":[],"end":"2022-08-14T17:00:00.000-0000","id":49833,"tag_ids":[40278,45340,45345,45378,45451],"village_id":4,"begin_timestamp":{"seconds":1660492800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49006},{"tag_id":565,"sort_order":1,"person_id":49001}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45421,"name":"Flamingo - Twilight Ballroom - AppSec Village - Main Stage","hotel":"","short_name":"Main Stage","id":45517},"updated":"2022-08-08T00:06:00.000-0000","begin":"2022-08-14T16:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Try yourself in ATM, Online bank, POS and Cards hacking challenges.\r\n\r\nPlease join the DEF CON Discord and see the #payv-labs-text channel for more information. \n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cad46b","name":"Payment Village","id":45380},"title":"Payment Hacking Challenge","android_description":"Try yourself in ATM, Online bank, POS and Cards hacking challenges.\r\n\r\nPlease join the DEF CON Discord and see the #payv-labs-text channel for more information.","end_timestamp":{"seconds":1660510800,"nanoseconds":0},"updated_timestamp":{"seconds":1660259820,"nanoseconds":0},"speakers":[],"timeband_id":893,"end":"2022-08-14T21:00:00.000-0000","links":[{"label":"Discord #payv-labs-text","type":"link","url":"https://discord.com/channels/708208267699945503/732733473558626314"}],"id":49562,"village_id":21,"begin_timestamp":{"seconds":1660492800,"nanoseconds":0},"tag_ids":[40263,45366,45374,45380],"includes":"","people":[],"tags":"Challenge","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - Payment Village","hotel":"","short_name":"Payment Village","id":45414},"begin":"2022-08-14T16:00:00.000-0000","updated":"2022-08-11T23:17:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"https://www.se.community/research-cold-calls/\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#504dd0","updated_at":"2024-06-07T03:39+0000","name":"Social Engineering Community Village","id":45370},"title":"Research Calls","end_timestamp":{"seconds":1660494600,"nanoseconds":0},"android_description":"https://www.se.community/research-cold-calls/","updated_timestamp":{"seconds":1659504360,"nanoseconds":0},"speakers":[{"content_ids":[49308,49309,49366],"conference_id":65,"event_ids":[49407,49409,49502],"name":"Tessa Cole","affiliations":[],"pronouns":null,"links":[{"description":"","title":"","sort_order":0,"url":"https://www.linkedin.com/in/tessa-cole-phd-3aab70166/"},{"description":"","title":"Instagram","sort_order":0,"url":"https://www.instagram.com/tessacole8/"}],"media":[],"id":48739}],"timeband_id":893,"links":[],"end":"2022-08-14T16:30:00.000-0000","id":49502,"tag_ids":[40273,45370,45371,45453],"begin_timestamp":{"seconds":1660492800,"nanoseconds":0},"village_id":31,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48739}],"tags":"Activity","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social A (Social Engineering Community)","hotel":"","short_name":"Social A (Social Engineering Community)","id":45418},"begin":"2022-08-14T16:00:00.000-0000","updated":"2022-08-03T05:26:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"CALLING ALL KIDS! Come use your VS super skills and powers to work with a team of heroes SE COMMUNITY YOUTH CHALLENGE or villains.\r\n\r\nThe balance of good and evil will be determined by individual participants completing various challenges in this ‘Choose Your Own Adventure’ style event. By participating in this event, you will have opportunities to interact and learn from many other incredible villages at DEF CON while at the same time improving your Social Engineering abilities. If successful, you may even have the chance to help your team prevail and become the ultimate Superhero or Supervillain!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#504dd0","name":"Social Engineering Community Village","id":45370},"title":"Heroes vs Villians, a SEC Youth Challenge","end_timestamp":{"seconds":1660496400,"nanoseconds":0},"android_description":"CALLING ALL KIDS! Come use your VS super skills and powers to work with a team of heroes SE COMMUNITY YOUTH CHALLENGE or villains.\r\n\r\nThe balance of good and evil will be determined by individual participants completing various challenges in this ‘Choose Your Own Adventure’ style event. By participating in this event, you will have opportunities to interact and learn from many other incredible villages at DEF CON while at the same time improving your Social Engineering abilities. If successful, you may even have the chance to help your team prevail and become the ultimate Superhero or Supervillain!","updated_timestamp":{"seconds":1659670980,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[{"label":"Twitter","type":"link","url":"https://twitter.com/sec_defcon"},{"label":"Website","type":"link","url":"https://www.se.community/events/youth-challenge/"}],"end":"2022-08-14T17:00:00.000-0000","id":49498,"village_id":31,"begin_timestamp":{"seconds":1660492800,"nanoseconds":0},"tag_ids":[40273,45366,45370,45453],"includes":"","people":[],"tags":"Challenge","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social A (Social Engineering Community)","hotel":"","short_name":"Social A (Social Engineering Community)","id":45418},"spans_timebands":"N","updated":"2022-08-05T03:43:00.000-0000","begin":"2022-08-14T16:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there. \r\n\r\nAll chillout lounges are planned to be open 09:00 - 15:00 for chillout purposes.\r\n\r\nEntertainment schedule:\r\n\r\n09:00 to 12:00 - Pie & Darren\r\n12:00 to 13:00 - s1gnsofl1fe\r\n13:00 to 14:00 - Rusty\r\n14:00 to 15:00 - Merin MC\n\n\n","title":"Chillout Lounge (with entertainment)","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#9b8b77","name":"Entertainment","id":45326},"end_timestamp":{"seconds":1660514400,"nanoseconds":0},"android_description":"The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there. \r\n\r\nAll chillout lounges are planned to be open 09:00 - 15:00 for chillout purposes.\r\n\r\nEntertainment schedule:\r\n\r\n09:00 to 12:00 - Pie & Darren\r\n12:00 to 13:00 - s1gnsofl1fe\r\n13:00 to 14:00 - Rusty\r\n14:00 to 15:00 - Merin MC","updated_timestamp":{"seconds":1659477660,"nanoseconds":0},"speakers":[{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Pie & Darren","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48409},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"s1gnsofl1fe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48411},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Merin MC","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48412},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Rusty","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48413}],"timeband_id":893,"links":[],"end":"2022-08-14T22:00:00.000-0000","id":49470,"begin_timestamp":{"seconds":1660492800,"nanoseconds":0},"village_id":null,"tag_ids":[45326,45450,45451,45453],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48412},{"tag_id":565,"sort_order":1,"person_id":48409},{"tag_id":565,"sort_order":1,"person_id":48413},{"tag_id":565,"sort_order":1,"person_id":48411}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Reno I Ballroom (Chillout Lounge)","hotel":"","short_name":"Reno I Ballroom (Chillout Lounge)","id":45493},"spans_timebands":"N","begin":"2022-08-14T16:00:00.000-0000","updated":"2022-08-02T22:01:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there. \r\n\r\nAll chillout lounges are planned to be open 09:00 - 15:00 for chillout purposes.\r\n\r\nEntertainment schedule:\r\n\r\n09:00 to 12:00 - Pie & Darren\r\n12:00 to 13:00 - s1gnsofl1fe\r\n13:00 to 14:00 - Rusty\r\n14:00 to 15:00 - Merin MC\n\n\n","title":"Chillout Lounge (with entertainment)","type":{"conference_id":65,"conference":"DEFCON30","color":"#9b8b77","updated_at":"2024-06-07T03:39+0000","name":"Entertainment","id":45326},"android_description":"The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there. \r\n\r\nAll chillout lounges are planned to be open 09:00 - 15:00 for chillout purposes.\r\n\r\nEntertainment schedule:\r\n\r\n09:00 to 12:00 - Pie & Darren\r\n12:00 to 13:00 - s1gnsofl1fe\r\n13:00 to 14:00 - Rusty\r\n14:00 to 15:00 - Merin MC","end_timestamp":{"seconds":1660514400,"nanoseconds":0},"updated_timestamp":{"seconds":1659477660,"nanoseconds":0},"speakers":[{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Pie & Darren","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48409},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"s1gnsofl1fe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48411},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Merin MC","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48412},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Rusty","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48413}],"timeband_id":893,"links":[],"end":"2022-08-14T22:00:00.000-0000","id":49466,"village_id":null,"begin_timestamp":{"seconds":1660492800,"nanoseconds":0},"tag_ids":[45326,45450,45451,45453],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48412},{"tag_id":565,"sort_order":1,"person_id":48409},{"tag_id":565,"sort_order":1,"person_id":48413},{"tag_id":565,"sort_order":1,"person_id":48411}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Chillout","hotel":"","short_name":"Chillout","id":45449},"updated":"2022-08-02T22:01:00.000-0000","begin":"2022-08-14T16:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there. \r\n\r\nAll chillout lounges are planned to be open 09:00 - 15:00 for chillout purposes.\r\n\r\nEntertainment schedule:\r\n\r\n09:00 to 12:00 - Pie & Darren\r\n12:00 to 13:00 - s1gnsofl1fe\r\n13:00 to 14:00 - Rusty\r\n14:00 to 15:00 - Merin MC\n\n\n","title":"Chillout Lounge (with entertainment)","type":{"conference_id":65,"conference":"DEFCON30","color":"#9b8b77","updated_at":"2024-06-07T03:39+0000","name":"Entertainment","id":45326},"android_description":"The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there. \r\n\r\nAll chillout lounges are planned to be open 09:00 - 15:00 for chillout purposes.\r\n\r\nEntertainment schedule:\r\n\r\n09:00 to 12:00 - Pie & Darren\r\n12:00 to 13:00 - s1gnsofl1fe\r\n13:00 to 14:00 - Rusty\r\n14:00 to 15:00 - Merin MC","end_timestamp":{"seconds":1660514400,"nanoseconds":0},"updated_timestamp":{"seconds":1659477660,"nanoseconds":0},"speakers":[{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Pie & Darren","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48409},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"s1gnsofl1fe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48411},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Merin MC","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48412},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Rusty","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48413}],"timeband_id":893,"links":[],"end":"2022-08-14T22:00:00.000-0000","id":49458,"tag_ids":[45326,45450,45451,45453],"village_id":null,"begin_timestamp":{"seconds":1660492800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48412},{"tag_id":565,"sort_order":1,"person_id":48409},{"tag_id":565,"sort_order":1,"person_id":48413},{"tag_id":565,"sort_order":1,"person_id":48411}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Carson City I (Chillout)","hotel":"","short_name":"Carson City I (Chillout)","id":45477},"spans_timebands":"N","updated":"2022-08-02T22:01:00.000-0000","begin":"2022-08-14T16:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Today, over a quarter of security products for detection have some form of machine learning built in. However, “machine learning” is nothing more than a mysterious buzzword for many security analysts. In order to properly deploy and manage these products, analysts will need to understand how the machine learning components operate to ensure they are working efficiently. In this talk, we will dive head first into building and training our own security-related models using the 7-step machine learning process. No environment setup is necessary, but Python experience is strongly encouraged.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#7692ac","updated_at":"2024-06-07T03:39+0000","name":"AI Village","id":45330},"title":"Automate Detection with Machine Learning ","end_timestamp":{"seconds":1660497600,"nanoseconds":0},"android_description":"Today, over a quarter of security products for detection have some form of machine learning built in. However, “machine learning” is nothing more than a mysterious buzzword for many security analysts. In order to properly deploy and manage these products, analysts will need to understand how the machine learning components operate to ensure they are working efficiently. In this talk, we will dive head first into building and training our own security-related models using the 7-step machine learning process. No environment setup is necessary, but Python experience is strongly encouraged.","updated_timestamp":{"seconds":1659293100,"nanoseconds":0},"speakers":[{"content_ids":[49031,49045],"conference_id":65,"event_ids":[49034,49048],"name":"Gavin Klondike ","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48464}],"timeband_id":893,"links":[],"end":"2022-08-14T17:20:00.000-0000","id":49048,"tag_ids":[40248,45330,45450],"village_id":3,"begin_timestamp":{"seconds":1660492800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48464}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (AI Village)","hotel":"","short_name":"220->236 (AI Village)","id":45410},"updated":"2022-07-31T18:45:00.000-0000","begin":"2022-08-14T16:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there. \r\n\r\nAll chillout lounges are planned to be open 09:00 - 15:00 for chillout purposes.\r\n\r\nEntertainment schedule:\r\n\r\n09:00 to 12:00 - Pie & Darren\r\n12:00 to 13:00 - s1gnsofl1fe\r\n13:00 to 14:00 - Rusty\r\n14:00 to 15:00 - Merin MC\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#9b8b77","name":"Entertainment","id":45326},"title":"Chillout Lounge (with entertainment)","android_description":"The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there. \r\n\r\nAll chillout lounges are planned to be open 09:00 - 15:00 for chillout purposes.\r\n\r\nEntertainment schedule:\r\n\r\n09:00 to 12:00 - Pie & Darren\r\n12:00 to 13:00 - s1gnsofl1fe\r\n13:00 to 14:00 - Rusty\r\n14:00 to 15:00 - Merin MC","end_timestamp":{"seconds":1660514400,"nanoseconds":0},"updated_timestamp":{"seconds":1659477660,"nanoseconds":0},"speakers":[{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Pie & Darren","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48409},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"s1gnsofl1fe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48411},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Merin MC","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48412},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Rusty","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48413}],"timeband_id":893,"links":[],"end":"2022-08-14T22:00:00.000-0000","id":48990,"village_id":null,"begin_timestamp":{"seconds":1660492800,"nanoseconds":0},"tag_ids":[45326,45450,45451,45453],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48412},{"tag_id":565,"sort_order":1,"person_id":48409},{"tag_id":565,"sort_order":1,"person_id":48413},{"tag_id":565,"sort_order":1,"person_id":48411}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 120-123, 129, 137 (Chillout)","hotel":"","short_name":"120-123, 129, 137 (Chillout)","id":45397},"begin":"2022-08-14T16:00:00.000-0000","updated":"2022-08-02T22:01:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#504dd0","name":"Social Engineering Community Village","id":45370},"title":"Social Engineering Community Village opens - morning welcome and introduction","android_description":"","end_timestamp":{"seconds":1660492800,"nanoseconds":0},"updated_timestamp":{"seconds":1659503820,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T16:00:00.000-0000","id":49501,"begin_timestamp":{"seconds":1660491000,"nanoseconds":0},"village_id":31,"tag_ids":[40273,45341,45370,45453],"includes":"","people":[],"tags":"Village Event","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social A (Social Engineering Community)","hotel":"","short_name":"Social A (Social Engineering Community)","id":45418},"spans_timebands":"N","begin":"2022-08-14T15:30:00.000-0000","updated":"2022-08-03T05:17:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"If you find something that seems to have been lost, please take that item to the nearest infobooth. The item will enter the DEF CON Lost & Found system. \r\n\r\nIf you've lost something, the only way to check on it (or reclaim it) is by going to the Lost & Found department yourself. The Lost & Found department is in the room behind the infobooth that is in Caesars Forum, closest to Track 3 (across from rooms 222 and 407). If the infobooth is operating when you arrive, ask any on-duty goon for assistance. If the infobooth is closed, knock on the door behind the desk.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#77d8b8","updated_at":"2024-06-07T03:39+0000","name":"Misc","id":45342},"title":"Lost and Found Department Open (Generally)","android_description":"If you find something that seems to have been lost, please take that item to the nearest infobooth. The item will enter the DEF CON Lost & Found system. \r\n\r\nIf you've lost something, the only way to check on it (or reclaim it) is by going to the Lost & Found department yourself. The Lost & Found department is in the room behind the infobooth that is in Caesars Forum, closest to Track 3 (across from rooms 222 and 407). If the infobooth is operating when you arrive, ask any on-duty goon for assistance. If the infobooth is closed, knock on the door behind the desk.","end_timestamp":{"seconds":1660518000,"nanoseconds":0},"updated_timestamp":{"seconds":1660318080,"nanoseconds":0},"speakers":[],"timeband_id":893,"links":[],"end":"2022-08-14T23:00:00.000-0000","id":49975,"tag_ids":[45342,45373,45450],"begin_timestamp":{"seconds":1660489200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45432,"name":"Caesars Forum - Summit Pre-Function 4 (Lost & Found)","hotel":"","short_name":"Summit Pre-Function 4 (Lost & Found)","id":45525},"spans_timebands":"N","updated":"2022-08-12T15:28:00.000-0000","begin":"2022-08-14T15:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"It’s our sixth year but since we had to be virtual last year this will be our 5 YEAR ANNIVERSARY show of “Whose Slide Is It Anyway?”! We’re an unholy union of improv comedy, hacking and slide deck sado-masochism.\r\n\r\nOur team of slide monkeys will create a stupid amount of short slide decks on whatever nonsense tickles our fancies. Slides are not exclusive to technology, they can and will be about anything. Contestants will take the stage and choose a random number corresponding to a specific slide deck. They will then improvise a minimum 5 minute / maximum 10 minute lightning talk, becoming instant subject matter experts on whatever topic/stream of consciousness appears on the screen.\r\n\r\nWhether you delight in the chaos of watching your fellow hackers squirm or would like to sacrifice yourself to the Contest Gods, it’s a night of schadenfreude for the whole family. Oh, and prizes. Lots and lots of prizes.\n\n\n","title":"Whose Slide Is It Anyway? (WSIIA)","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#697bd0","name":"Event","id":45293},"end_timestamp":{"seconds":1660460400,"nanoseconds":0},"android_description":"It’s our sixth year but since we had to be virtual last year this will be our 5 YEAR ANNIVERSARY show of “Whose Slide Is It Anyway?”! We’re an unholy union of improv comedy, hacking and slide deck sado-masochism.\r\n\r\nOur team of slide monkeys will create a stupid amount of short slide decks on whatever nonsense tickles our fancies. Slides are not exclusive to technology, they can and will be about anything. Contestants will take the stage and choose a random number corresponding to a specific slide deck. They will then improvise a minimum 5 minute / maximum 10 minute lightning talk, becoming instant subject matter experts on whatever topic/stream of consciousness appears on the screen.\r\n\r\nWhether you delight in the chaos of watching your fellow hackers squirm or would like to sacrifice yourself to the Contest Gods, it’s a night of schadenfreude for the whole family. Oh, and prizes. Lots and lots of prizes.","updated_timestamp":{"seconds":1658976600,"nanoseconds":0},"speakers":[],"timeband_id":892,"end":"2022-08-14T07:00:00.000-0000","links":[{"label":"https://improvhacker.com","type":"link","url":"https://improvhacker.com"},{"label":"Twitter","type":"link","url":"https://twitter.com/WhoseSlide"}],"id":48879,"tag_ids":[45293,45373,45450],"village_id":null,"begin_timestamp":{"seconds":1660453200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"spans_timebands":"Y","updated":"2022-07-28T02:50:00.000-0000","begin":"2022-08-14T05:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Our village is throwing a low-key mixer! There will be a cash bar (alcoholic and nonalcoholic options). While there is no sign up needed, it will be on a first come, first serve/till we fill the room basis.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#504dd0","name":"Social Engineering Community Village","id":45370},"title":"Social Engineering Community Village Mixer","end_timestamp":{"seconds":1660374000,"nanoseconds":0},"android_description":"Our village is throwing a low-key mixer! There will be a cash bar (alcoholic and nonalcoholic options). While there is no sign up needed, it will be on a first come, first serve/till we fill the room basis.","updated_timestamp":{"seconds":1659504480,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-13T07:00:00.000-0000","id":49509,"village_id":31,"tag_ids":[40273,45370,45372,45453],"begin_timestamp":{"seconds":1660451400,"nanoseconds":0},"includes":"","people":[],"tags":"Mixer","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social A (Social Engineering Community)","hotel":"","short_name":"Social A (Social Engineering Community)","id":45418},"begin":"2022-08-14T04:30:00.000-0000","updated":"2022-08-03T05:28:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"21:00 - 22:00: Terrestrial Access Network\r\n22:00 - 23:00: Yesterday & Tomorrow\r\n23:00 - 00:00: Hellacopta\r\n00:00 - 01:00: Hanz Dwight\r\n01:00 - 02:00: Yesterday & Tomorrow\n\n\n","title":"Hallway Monitor Party - Entertainment","type":{"conference_id":65,"conference":"DEFCON30","color":"#9b8b77","updated_at":"2024-06-07T03:39+0000","name":"Entertainment","id":45326},"android_description":"21:00 - 22:00: Terrestrial Access Network\r\n22:00 - 23:00: Yesterday & Tomorrow\r\n23:00 - 00:00: Hellacopta\r\n00:00 - 01:00: Hanz Dwight\r\n01:00 - 02:00: Yesterday & Tomorrow","end_timestamp":{"seconds":1660467600,"nanoseconds":0},"updated_timestamp":{"seconds":1659992580,"nanoseconds":0},"speakers":[{"content_ids":[48993],"conference_id":65,"event_ids":[48995],"name":"Hanz Dwight","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48396},{"content_ids":[48993],"conference_id":65,"event_ids":[48995],"name":"Hellacopta","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48398},{"content_ids":[48993],"conference_id":65,"event_ids":[48995],"name":"Terrestrial Access Network","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48429},{"content_ids":[48993],"conference_id":65,"event_ids":[48995],"name":"Yesterday & Tomorrow","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48430}],"timeband_id":892,"links":[],"end":"2022-08-14T09:00:00.000-0000","id":48995,"begin_timestamp":{"seconds":1660449600,"nanoseconds":0},"tag_ids":[45326,45450],"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48396},{"tag_id":565,"sort_order":1,"person_id":48398},{"tag_id":565,"sort_order":1,"person_id":48429},{"tag_id":565,"sort_order":1,"person_id":48430}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45432,"name":"Caesars Forum - Skybridge Entrance","hotel":"","short_name":"Skybridge Entrance","id":45469},"begin":"2022-08-14T04:00:00.000-0000","updated":"2022-08-08T21:03:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Arcade Party is back! Come play your favorite classic arcade games while jamming out to Keith Myers DJing. Your favorite custom built 16 player LED foosball table will be ready for some competitive games.\r\n\r\nThis epic party is hosted by the Military Cyber Professionals Association (a tech ed charity) and friends.\r\n\r\nMore info: ArcadeParty.org (open to all DEF CON attendees)\n\n\n","title":"Arcade Party","type":{"conference_id":65,"conference":"DEFCON30","color":"#bfb17d","updated_at":"2024-06-07T03:39+0000","name":"Party","id":45287},"end_timestamp":{"seconds":1660460400,"nanoseconds":0},"android_description":"The Arcade Party is back! Come play your favorite classic arcade games while jamming out to Keith Myers DJing. Your favorite custom built 16 player LED foosball table will be ready for some competitive games.\r\n\r\nThis epic party is hosted by the Military Cyber Professionals Association (a tech ed charity) and friends.\r\n\r\nMore info: ArcadeParty.org (open to all DEF CON attendees)","updated_timestamp":{"seconds":1658811060,"nanoseconds":0},"speakers":[],"timeband_id":892,"end":"2022-08-14T07:00:00.000-0000","links":[{"label":"Website","type":"link","url":"https://ArcadeParty.org"}],"id":48695,"begin_timestamp":{"seconds":1660449600,"nanoseconds":0},"tag_ids":[45287,45373,45450],"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 104-105, 136","hotel":"","short_name":"104-105, 136","id":45388},"spans_timebands":"Y","updated":"2022-07-26T04:51:00.000-0000","begin":"2022-08-14T04:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Co-founded in 2018 by Jim McMurry and William Kimble, the founders of Milton Security and Cyber Defense Technologies, respectively, the VETCON conference is the official Veteran event of the DEFCON Hacker Conference. VETCON, through its Discord server and in person events, we connect and support veterans in the Information Security field. The event is open to all DEFCON attendees with a focus on military veterans.\r\n\r\nVETCON Is a Conference for Veterans, Run by Veterans, During the Largest Hacker Conference, DEFCON\n\n\n","title":"VETCON","type":{"conference_id":65,"conference":"DEFCON30","color":"#bfb17d","updated_at":"2024-06-07T03:39+0000","name":"Party","id":45287},"android_description":"Co-founded in 2018 by Jim McMurry and William Kimble, the founders of Milton Security and Cyber Defense Technologies, respectively, the VETCON conference is the official Veteran event of the DEFCON Hacker Conference. VETCON, through its Discord server and in person events, we connect and support veterans in the Information Security field. The event is open to all DEFCON attendees with a focus on military veterans.\r\n\r\nVETCON Is a Conference for Veterans, Run by Veterans, During the Largest Hacker Conference, DEFCON","end_timestamp":{"seconds":1660467600,"nanoseconds":0},"updated_timestamp":{"seconds":1658810940,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T09:00:00.000-0000","id":48694,"village_id":null,"begin_timestamp":{"seconds":1660449600,"nanoseconds":0},"tag_ids":[45287,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 106, 139","hotel":"","short_name":"106, 139","id":45387},"spans_timebands":"Y","begin":"2022-08-14T04:00:00.000-0000","updated":"2022-07-26T04:49:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Fireside Lounge sessions are your informal, off the record opportunity to get to know policymakers in an intimate setting. Maybe with a drink in hand. No specific knowledge is required, but a skeptical mind and mischievous intellect are a must. The speaker will give a strategic analysis of relevant issues, lead a Socratic dialogue about the trade-offs represented in decision-making, and open the floor to audience questions and/or a moderated group debate. Did we mention it's off the record?\n\n\n","title":"Fireside Policy Chats","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ab59db","name":"Policy@DEF CON Content","id":45311},"android_description":"Fireside Lounge sessions are your informal, off the record opportunity to get to know policymakers in an intimate setting. Maybe with a drink in hand. No specific knowledge is required, but a skeptical mind and mischievous intellect are a must. The speaker will give a strategic analysis of relevant issues, lead a Socratic dialogue about the trade-offs represented in decision-making, and open the floor to audience questions and/or a moderated group debate. Did we mention it's off the record?","end_timestamp":{"seconds":1660453200,"nanoseconds":0},"updated_timestamp":{"seconds":1659662760,"nanoseconds":0},"speakers":[{"content_ids":[49408],"conference_id":65,"event_ids":[49566],"name":"Chris Painter","affiliations":[{"organization":"","title":"President of Global Forum on Cyber Expertise"}],"links":[],"pronouns":null,"media":[],"id":49082,"title":"President of Global Forum on Cyber Expertise"}],"timeband_id":892,"links":[],"end":"2022-08-14T05:00:00.000-0000","id":49566,"tag_ids":[40265,45311,45334,45373,45450],"village_id":23,"begin_timestamp":{"seconds":1660447800,"nanoseconds":0},"includes":"","people":[{"tag_id":45448,"sort_order":1,"person_id":49082}],"tags":"Fireside Chat","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 226-227 - Policy Roundtable","hotel":"","short_name":"226-227 - Policy Roundtable","id":45465},"updated":"2022-08-05T01:26:00.000-0000","begin":"2022-08-14T03:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Nostalgia, maybe? I think so. In honor of DEF CON 30, we're throwing it back to the era of slow jams and house party mixtapes. We'll be playing everything from power ballads and rap to r&b and pop. Do like Kris Kross and Jump on the opportunity to have a good time with good people to good music.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#bfb17d","updated_at":"2024-06-07T03:39+0000","name":"Party","id":45287},"title":"Girls Hack Village 90’s House Party","android_description":"Nostalgia, maybe? I think so. In honor of DEF CON 30, we're throwing it back to the era of slow jams and house party mixtapes. We'll be playing everything from power ballads and rap to r&b and pop. Do like Kris Kross and Jump on the opportunity to have a good time with good people to good music.","end_timestamp":{"seconds":1660460400,"nanoseconds":0},"updated_timestamp":{"seconds":1659408720,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T07:00:00.000-0000","id":49342,"begin_timestamp":{"seconds":1660447800,"nanoseconds":0},"tag_ids":[40255,45287,45373,45450],"village_id":12,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 405","hotel":"","short_name":"405","id":45491},"spans_timebands":"Y","begin":"2022-08-14T03:30:00.000-0000","updated":"2022-08-02T02:52:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Chills! Thrills! A quiet place to sit down! 2 Movies for the price of none!\r\n\r\nThe Conversation - A paranoid, secretive surveillance expert has a crisis of conscience when he suspects that the couple he is spying on will be murdered. \r\n\r\nThe 13th Floor - A computer scientist a virtual reality simulation of 1937 becomes the primary suspect when his colleague and mentor is murdered.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#697bd0","updated_at":"2024-06-07T03:39+0000","name":"Event","id":45293},"title":"Movie Night Double Feature - The Conversation & The 13th Floor","android_description":"Chills! Thrills! A quiet place to sit down! 2 Movies for the price of none!\r\n\r\nThe Conversation - A paranoid, secretive surveillance expert has a crisis of conscience when he suspects that the couple he is spying on will be murdered. \r\n\r\nThe 13th Floor - A computer scientist a virtual reality simulation of 1937 becomes the primary suspect when his colleague and mentor is murdered.","end_timestamp":{"seconds":1660460400,"nanoseconds":0},"updated_timestamp":{"seconds":1659076620,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T07:00:00.000-0000","id":49010,"village_id":null,"begin_timestamp":{"seconds":1660446000,"nanoseconds":0},"tag_ids":[45293,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 401-410, 421 (Track 3)","hotel":"","short_name":"401-410, 421 (Track 3)","id":45374},"spans_timebands":"Y","updated":"2022-07-29T06:37:00.000-0000","begin":"2022-08-14T03:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Hacker Jeopardy, the classic DEF CON game show, is returning for yet another year of answers, questions, NULL beers, and occasionally some impressive feats of knowledge. You don't want to miss this opportunity to encourage the contestants, your fellow Humans, \"DON'T FUCK IT UP! \r\n\r\nWe will be opening auditions, with the call posted on the dfiu.tv website, and linked to DEF CON forums. (promoted on social media)\r\n\r\nTrack 4\r\nFriday: 2000-2200\r\nSaturday: 2000-2200\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#697bd0","name":"Event","id":45293},"title":"Hacker Jeopardy","android_description":"Hacker Jeopardy, the classic DEF CON game show, is returning for yet another year of answers, questions, NULL beers, and occasionally some impressive feats of knowledge. You don't want to miss this opportunity to encourage the contestants, your fellow Humans, \"DON'T FUCK IT UP! \r\n\r\nWe will be opening auditions, with the call posted on the dfiu.tv website, and linked to DEF CON forums. (promoted on social media)\r\n\r\nTrack 4\r\nFriday: 2000-2200\r\nSaturday: 2000-2200","end_timestamp":{"seconds":1660453200,"nanoseconds":0},"updated_timestamp":{"seconds":1658906100,"nanoseconds":0},"speakers":[],"timeband_id":892,"end":"2022-08-14T05:00:00.000-0000","links":[{"label":"DEF CON Discord","type":"link","url":"https://discord.com/channels/708208267699945503/732439600391389184"},{"label":"Website","type":"link","url":"https://dfiu.tv"},{"label":"Twitter","type":"link","url":"https://twitter.com/HackerJeopardy"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/240982"}],"id":48761,"village_id":null,"tag_ids":[45293,45373,45450],"begin_timestamp":{"seconds":1660446000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"spans_timebands":"N","updated":"2022-07-27T07:15:00.000-0000","begin":"2022-08-14T03:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Join the Electronic Frontier Foundation - The leading non-profit fighting for civil liberties in the digital world- to chat about the latest developments in Tech and Law and how these can help each other to build a better future.\r\n\r\nThe discussion will include updates on current EFF issues such as Disciplinary technologies, Stalkerware, LGBTQ+ Rights, Reproductive Rights, drones, updates on cases and legislation affecting security research, and law enforcement partnerships with industry.\r\n\r\nHalf of this session will be given over to question-and-answer, so it’s your chance to ask EFF questions about the law and tech.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d1c366","name":"Meetup","id":45288},"title":"Meet the EFF","android_description":"Join the Electronic Frontier Foundation - The leading non-profit fighting for civil liberties in the digital world- to chat about the latest developments in Tech and Law and how these can help each other to build a better future.\r\n\r\nThe discussion will include updates on current EFF issues such as Disciplinary technologies, Stalkerware, LGBTQ+ Rights, Reproductive Rights, drones, updates on cases and legislation affecting security research, and law enforcement partnerships with industry.\r\n\r\nHalf of this session will be given over to question-and-answer, so it’s your chance to ask EFF questions about the law and tech.","end_timestamp":{"seconds":1660453200,"nanoseconds":0},"updated_timestamp":{"seconds":1658810700,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T05:00:00.000-0000","id":48688,"village_id":null,"begin_timestamp":{"seconds":1660446000,"nanoseconds":0},"tag_ids":[45288,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 111","hotel":"","short_name":"111","id":45528},"begin":"2022-08-14T03:00:00.000-0000","updated":"2022-07-26T04:45:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The destination for badge collectors, designers, and hardware hacks to celebrate the flashier side of DEF CON. It is a melding of the 1337 and the un1eet interested in hardware and IoT. We see #badgelife, #badgelove, SAOs and badge hacking as a great potential for securing IoT and keeping the power in the hands of the consumer by spreading knowledge about the craft/trade. Those involved should be celebrated for sharing their knowledge. Many of them do not like the limelight, so this gives us a chance to personally say thank you in a chill environment.\n\n\n","title":"Hacker Flairgrounds","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d1c366","name":"Meetup","id":45288},"end_timestamp":{"seconds":1660453200,"nanoseconds":0},"android_description":"The destination for badge collectors, designers, and hardware hacks to celebrate the flashier side of DEF CON. It is a melding of the 1337 and the un1eet interested in hardware and IoT. We see #badgelife, #badgelove, SAOs and badge hacking as a great potential for securing IoT and keeping the power in the hands of the consumer by spreading knowledge about the craft/trade. Those involved should be celebrated for sharing their knowledge. Many of them do not like the limelight, so this gives us a chance to personally say thank you in a chill environment.","updated_timestamp":{"seconds":1658810460,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T05:00:00.000-0000","id":48684,"begin_timestamp":{"seconds":1660446000,"nanoseconds":0},"village_id":null,"tag_ids":[45288,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Accord Boardroom (Demo Labs)","hotel":"","short_name":"Accord Boardroom (Demo Labs)","id":45395},"begin":"2022-08-14T03:00:00.000-0000","updated":"2022-07-26T04:41:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"For those who love to sing and perform in front of others, we are celebrating our 14th year of Love, Laughter, and Song from 8 PM to 2 AM Friday and Saturday night.\r\n\r\nWe are open to everyone of any age, and singing is not required.\r\n\r\nFor more information visit:\r\n\r\nhttps://hackerkaraoke.org or Twitter @hackerkaraoke.\n\n\n","title":"Hacker Karaoke","type":{"conference_id":65,"conference":"DEFCON30","color":"#d1c366","updated_at":"2024-06-07T03:39+0000","name":"Meetup","id":45288},"android_description":"For those who love to sing and perform in front of others, we are celebrating our 14th year of Love, Laughter, and Song from 8 PM to 2 AM Friday and Saturday night.\r\n\r\nWe are open to everyone of any age, and singing is not required.\r\n\r\nFor more information visit:\r\n\r\nhttps://hackerkaraoke.org or Twitter @hackerkaraoke.","end_timestamp":{"seconds":1660467600,"nanoseconds":0},"updated_timestamp":{"seconds":1658810580,"nanoseconds":0},"speakers":[],"timeband_id":892,"end":"2022-08-14T09:00:00.000-0000","links":[{"label":"Twitter","type":"link","url":"https://twitter.com/hackerkaraoke"},{"label":"Website","type":"link","url":"https://hackerkaraoke.org"}],"id":49340,"begin_timestamp":{"seconds":1660444200,"nanoseconds":0},"tag_ids":[45288,45373,45450],"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 133 (Karaoke/Chess)","hotel":"","short_name":"133 (Karaoke/Chess)","id":45385},"spans_timebands":"Y","updated":"2022-07-26T04:43:00.000-0000","begin":"2022-08-14T02:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Blanket Fort Con: Come for the chill vibes and diversity, stay for the Blanket Fort Building, Cool Lights, Music, and, Kid Friendly\\Safe environment. Now with less Gluten and more animal onesies!\n\n\n","title":"BlanketFort Con","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#bfb17d","name":"Party","id":45287},"android_description":"Blanket Fort Con: Come for the chill vibes and diversity, stay for the Blanket Fort Building, Cool Lights, Music, and, Kid Friendly\\Safe environment. Now with less Gluten and more animal onesies!","end_timestamp":{"seconds":1660464000,"nanoseconds":0},"updated_timestamp":{"seconds":1658811060,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T08:00:00.000-0000","id":48696,"begin_timestamp":{"seconds":1660444200,"nanoseconds":0},"tag_ids":[45287,45373,45450],"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 109-110","hotel":"","short_name":"109-110","id":45389},"spans_timebands":"Y","updated":"2022-07-26T04:51:00.000-0000","begin":"2022-08-14T02:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Fireside Lounge sessions are your informal, off the record opportunity to get to know policymakers in an intimate setting. Maybe with a drink in hand. No specific knowledge is required, but a skeptical mind and mischievous intellect are a must. The speaker will give a strategic analysis of relevant issues, lead a Socratic dialogue about the trade-offs represented in decision-making, and open the floor to audience questions and/or a moderated group debate. Did we mention it's off the record?\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#ab59db","updated_at":"2024-06-07T03:39+0000","name":"Policy@DEF CON Content","id":45311},"title":"Fireside Policy Chats","android_description":"Fireside Lounge sessions are your informal, off the record opportunity to get to know policymakers in an intimate setting. Maybe with a drink in hand. No specific knowledge is required, but a skeptical mind and mischievous intellect are a must. The speaker will give a strategic analysis of relevant issues, lead a Socratic dialogue about the trade-offs represented in decision-making, and open the floor to audience questions and/or a moderated group debate. Did we mention it's off the record?","end_timestamp":{"seconds":1660446900,"nanoseconds":0},"updated_timestamp":{"seconds":1659662700,"nanoseconds":0},"speakers":[{"content_ids":[48521,49406],"conference_id":65,"event_ids":[48528,49564],"name":"Xan North","affiliations":[{"organization":"Distributed Denial of Secrets","title":""}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/brazendyke"}],"media":[],"id":47843,"title":"Distributed Denial of Secrets"},{"content_ids":[48521,49406],"conference_id":65,"event_ids":[48528,49564],"name":"Emma Best","affiliations":[{"organization":"Distributed Denial of Secrets","title":""}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/NatSecGeek"},{"description":"","title":"Website","sort_order":0,"url":"https://emma.best/"}],"pronouns":null,"media":[],"id":47874,"title":"Distributed Denial of Secrets"}],"timeband_id":892,"links":[],"end":"2022-08-14T03:15:00.000-0000","id":49564,"tag_ids":[40265,45311,45334,45373,45450],"village_id":23,"begin_timestamp":{"seconds":1660442400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47874},{"tag_id":565,"sort_order":1,"person_id":47843}],"tags":"Fireside Chat","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 226-227 - Policy Roundtable","hotel":"","short_name":"226-227 - Policy Roundtable","id":45465},"spans_timebands":"N","begin":"2022-08-14T02:00:00.000-0000","updated":"2022-08-05T01:25:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Hackers in healthcare have come a long way from the days of the Manifesto. There is no longer apathy amongst the powerful - baby food has been replaced with steak. Hackers are making medical devices safer for patients. Hackers are protecting hospitals from ransomware. Hackers are writing policy and guiding regulation. This is cause for celebration- and where better to throw down than DEF CON 30? \r\n\r\nLet’s face it- the last couple of years have been doom and gloom, and while attacks on hospitals continue to increase at record pace, and the promise of new medical technologies is equally matched with some terrifying security implications (Neuralink, call us), we really do need to stand back and appreciate where we’ve come from, because only then can we put into perspective what we still need to do.\r\n\r\nD0 No H4rm returns to DEF CON to once again give you the chance to interface directly with some of the biggest names in a domain that just keeps growing in importance. Moderated by physician hackers quaddi and r3plicant, this perennially packed event - with a heavily curated panel of policy badasses, elite hackers, and seasoned clinicians - always fills up fast. So if you want to protect patients, build a safer and more resilient healthcare system, and meet some incredible new friends, then join us. And welcome home.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#ab59db","updated_at":"2024-06-07T03:39+0000","name":"Policy@DEF CON Content","id":45311},"title":"D0 N0 H4RM: A Healthcare Security Conversation (Lounge)","android_description":"Hackers in healthcare have come a long way from the days of the Manifesto. There is no longer apathy amongst the powerful - baby food has been replaced with steak. Hackers are making medical devices safer for patients. Hackers are protecting hospitals from ransomware. Hackers are writing policy and guiding regulation. This is cause for celebration- and where better to throw down than DEF CON 30? \r\n\r\nLet’s face it- the last couple of years have been doom and gloom, and while attacks on hospitals continue to increase at record pace, and the promise of new medical technologies is equally matched with some terrifying security implications (Neuralink, call us), we really do need to stand back and appreciate where we’ve come from, because only then can we put into perspective what we still need to do.\r\n\r\nD0 No H4rm returns to DEF CON to once again give you the chance to interface directly with some of the biggest names in a domain that just keeps growing in importance. Moderated by physician hackers quaddi and r3plicant, this perennially packed event - with a heavily curated panel of policy badasses, elite hackers, and seasoned clinicians - always fills up fast. So if you want to protect patients, build a safer and more resilient healthcare system, and meet some incredible new friends, then join us. And welcome home.","end_timestamp":{"seconds":1660453200,"nanoseconds":0},"updated_timestamp":{"seconds":1659581940,"nanoseconds":0},"speakers":[{"content_ids":[48540,48890],"conference_id":65,"event_ids":[48570,48881],"name":"Jeff “r3plicant” Tully MD","affiliations":[{"organization":"","title":"Anesthesiologist at The University of California San Diego"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/JeffTullyMD"}],"pronouns":null,"media":[],"id":47870,"title":"Anesthesiologist at The University of California San Diego"},{"content_ids":[48540,48890],"conference_id":65,"event_ids":[48570,48881],"name":"Christian \"quaddi\" Dameff MD","affiliations":[{"organization":"","title":"Emergency Medicine Physician & Hacker at The University of California San Diego"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/CDameffMD"}],"media":[],"id":47880,"title":"Emergency Medicine Physician & Hacker at The University of California San Diego"},{"content_ids":[48890],"conference_id":65,"event_ids":[48881],"name":"Alissa Knight","affiliations":[{"organization":"","title":"Hacker & principal analyst at Alissa Knight & Associates"}],"links":[],"pronouns":null,"media":[],"id":48313,"title":"Hacker & principal analyst at Alissa Knight & Associates"},{"content_ids":[48890],"conference_id":65,"event_ids":[48881],"name":"Seeyew Mo","affiliations":[{"organization":"","title":"Senior Cybersecurity, Tech, National Security Fellow"}],"links":[],"pronouns":null,"media":[],"id":48314,"title":"Senior Cybersecurity, Tech, National Security Fellow"},{"content_ids":[48890],"conference_id":65,"event_ids":[48881],"name":"Joshua Corman","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49118}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242799"}],"end":"2022-08-14T05:00:00.000-0000","id":48881,"begin_timestamp":{"seconds":1660442400,"nanoseconds":0},"village_id":23,"tag_ids":[40265,45311,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48313},{"tag_id":565,"sort_order":1,"person_id":47880},{"tag_id":565,"sort_order":1,"person_id":47870},{"tag_id":565,"sort_order":1,"person_id":49118},{"tag_id":565,"sort_order":1,"person_id":48314}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 224-225 - Policy Collaboratorium","hotel":"","short_name":"224-225 - Policy Collaboratorium","id":45464},"spans_timebands":"N","updated":"2022-08-04T02:59:00.000-0000","begin":"2022-08-14T02:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"ICS Village will be hosting a #unicornchef (check out the show that has included interviews with recipes with folks like Chris Krebs) catered BBQ with a select group of great people in our community. As always, our events adhere to a safe space policy including lots of non-alcoholic options. There will be a pool so bring your swim trunks and a towel! All proceeds go to the ICS Village 501c3 non-profit.\r\n\r\nView more information, and get a ticket to the ICS Village Charity BBQ, here: https://www.eventbrite.com/e/ics-village-charity-bbq-tickets-391293578627\n\n\n","title":"ICS Village Charity BBQ","type":{"conference_id":65,"conference":"DEFCON30","color":"#81f8bf","updated_at":"2024-06-07T03:39+0000","name":"ICS Village","id":45369},"android_description":"ICS Village will be hosting a #unicornchef (check out the show that has included interviews with recipes with folks like Chris Krebs) catered BBQ with a select group of great people in our community. As always, our events adhere to a safe space policy including lots of non-alcoholic options. There will be a pool so bring your swim trunks and a towel! All proceeds go to the ICS Village 501c3 non-profit.\r\n\r\nView more information, and get a ticket to the ICS Village Charity BBQ, here: https://www.eventbrite.com/e/ics-village-charity-bbq-tickets-391293578627","end_timestamp":{"seconds":1660453200,"nanoseconds":0},"updated_timestamp":{"seconds":1659585120,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[{"label":"info","type":"link","url":"https://www.eventbrite.com/e/ics-village-charity-bbq-tickets-391293578627"}],"end":"2022-08-14T05:00:00.000-0000","id":49525,"begin_timestamp":{"seconds":1660440600,"nanoseconds":0},"village_id":15,"tag_ids":[40258,45369,45372,45373],"includes":"","people":[],"tags":"Mixer","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Other/See Description","hotel":"","short_name":"Other/See Description","id":45329},"begin":"2022-08-14T01:30:00.000-0000","updated":"2022-08-04T03:52:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Offline RFID systems rely on data stored within the key to control access and configuration. But what if a key lies? What if we can make the system trust those lies? Well then we can do some real spooky things…\nThis is the story of how a strange repeating data pattern turned into a skeleton key that can open an entire range of RFID access control products in seconds.\n\n\n","title":"Digital Skeleton Keys - We’ve got a bone to pick with offline Access Control Systems","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"android_description":"Offline RFID systems rely on data stored within the key to control access and configuration. But what if a key lies? What if we can make the system trust those lies? Well then we can do some real spooky things…\nThis is the story of how a strange repeating data pattern turned into a skeleton key that can open an entire range of RFID access control products in seconds.","end_timestamp":{"seconds":1660441800,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48576],"conference_id":65,"event_ids":[48572],"name":"Miana E Windall","affiliations":[{"organization":"","title":"Software Development Engineer"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/NiamhAstra"}],"pronouns":null,"media":[],"id":47828,"title":"Software Development Engineer"},{"content_ids":[48576],"conference_id":65,"event_ids":[48572],"name":"Micsen","affiliations":[{"organization":"","title":"Software developer, Installer, And much more!"}],"pronouns":null,"links":[{"description":"","title":"Keybase","sort_order":0,"url":"https://keybase.io/micsen"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/micsen97"}],"media":[],"id":47934,"title":"Software developer, Installer, And much more!"}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241997"}],"end":"2022-08-14T01:50:00.000-0000","id":48572,"village_id":null,"tag_ids":[45241,45279,45280,45281,45375,45450],"begin_timestamp":{"seconds":1660440600,"nanoseconds":0},"includes":"Exploit, Demo, Tool","people":[{"tag_id":565,"sort_order":1,"person_id":47828},{"tag_id":565,"sort_order":1,"person_id":47934}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-14T01:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"6pm at the Contest Stage we will be bringing you an extra special hybrid event. Con favorites Crash and Compile + Hack3r Runway will now be collaborating to bring you an all new brand of contest! Come for the show, you won’t want to miss this.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"title":"Crash and Compile + Hack3r Runway","end_timestamp":{"seconds":1660442400,"nanoseconds":0},"android_description":"6pm at the Contest Stage we will be bringing you an extra special hybrid event. Con favorites Crash and Compile + Hack3r Runway will now be collaborating to bring you an all new brand of contest! Come for the show, you won’t want to miss this.","updated_timestamp":{"seconds":1660435620,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T02:00:00.000-0000","id":49999,"tag_ids":[45360,45373,45450],"village_id":null,"begin_timestamp":{"seconds":1660438800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"spans_timebands":"N","begin":"2022-08-14T01:00:00.000-0000","updated":"2022-08-14T00:07:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"https://www.se.community/presentations/#career-panel\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#504dd0","updated_at":"2024-06-07T03:39+0000","name":"Social Engineering Community Village","id":45370},"title":"Social Engineering as a career panel","end_timestamp":{"seconds":1660442400,"nanoseconds":0},"android_description":"https://www.se.community/presentations/#career-panel","updated_timestamp":{"seconds":1659504420,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T02:00:00.000-0000","id":49508,"village_id":31,"tag_ids":[40273,45367,45370,45453],"begin_timestamp":{"seconds":1660438800,"nanoseconds":0},"includes":"","people":[],"tags":"Panel","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social A (Social Engineering Community)","hotel":"","short_name":"Social A (Social Engineering Community)","id":45418},"spans_timebands":"N","begin":"2022-08-14T01:00:00.000-0000","updated":"2022-08-03T05:27:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"18:00 - 19:00: Hildebrand Magic\r\n19:00 - 20:00: Scotch and Bubbles\r\n20:00 - 21:00: Z3npi\r\n21:00 - 22:00: Mass Accelerator\r\n22:00 - 23:00: Krisz Klink\r\n23:00 - 00:00: TAIKOPROJECT\r\n00:00 - 00:15: Costume Contest\r\n00:15 - 01:00: Zebbler Encanti Experience\r\n01:00 - 02:00: CTRL/rsm\n\n\n","title":"Night of the Ninjas - Entertainment","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#9b8b77","name":"Entertainment","id":45326},"end_timestamp":{"seconds":1660467600,"nanoseconds":0},"android_description":"18:00 - 19:00: Hildebrand Magic\r\n19:00 - 20:00: Scotch and Bubbles\r\n20:00 - 21:00: Z3npi\r\n21:00 - 22:00: Mass Accelerator\r\n22:00 - 23:00: Krisz Klink\r\n23:00 - 00:00: TAIKOPROJECT\r\n00:00 - 00:15: Costume Contest\r\n00:15 - 01:00: Zebbler Encanti Experience\r\n01:00 - 02:00: CTRL/rsm","updated_timestamp":{"seconds":1659060000,"nanoseconds":0},"speakers":[{"content_ids":[48989,48991,48994],"conference_id":65,"event_ids":[48991,48993,48996],"name":"Magician Kody Hildebrand","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48400},{"content_ids":[48994],"conference_id":65,"event_ids":[48996],"name":"Mass Accelerator","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48401},{"content_ids":[48994],"conference_id":65,"event_ids":[48996],"name":"Scotch and Bubbles","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48404},{"content_ids":[48994],"conference_id":65,"event_ids":[48996],"name":"TAIKOPROJECT","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48405},{"content_ids":[48994],"conference_id":65,"event_ids":[48996],"name":"CTRL/rsm","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48419},{"content_ids":[48994],"conference_id":65,"event_ids":[48996],"name":"Krisz Klink","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48423},{"content_ids":[48994],"conference_id":65,"event_ids":[48996],"name":"Z3NPI","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48431},{"content_ids":[48994],"conference_id":65,"event_ids":[48996],"name":"Zebbler Encanti Experience","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48432}],"timeband_id":892,"links":[],"end":"2022-08-14T09:00:00.000-0000","id":48996,"tag_ids":[45326,45450],"village_id":null,"begin_timestamp":{"seconds":1660438800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48419},{"tag_id":565,"sort_order":1,"person_id":48423},{"tag_id":565,"sort_order":1,"person_id":48400},{"tag_id":565,"sort_order":1,"person_id":48401},{"tag_id":565,"sort_order":1,"person_id":48404},{"tag_id":565,"sort_order":1,"person_id":48405},{"tag_id":565,"sort_order":1,"person_id":48431},{"tag_id":565,"sort_order":1,"person_id":48432}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 120-123, 129, 137 (Chillout)","hotel":"","short_name":"120-123, 129, 137 (Chillout)","id":45397},"spans_timebands":"Y","updated":"2022-07-29T02:00:00.000-0000","begin":"2022-08-14T01:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"CSRF is (really) dead. SameSite killed it. Browsers protect us. Lax by default!\n\nSounds a bit too good to be true, doesn't it? We live in a world where browsers get constantly updated with brand new web features and new specifications. The complexity abyss is getting wider and deeper. How do we know web technologies always play perfectly nice with each other? What happens when something slips? \n\nIn this talk, I focus on three intertwined web features: HTTP Cookie's SameSite attribute, PWA's Service Worker, and Fetch. I will start by taking a look at how each feature works in detail. Then, I will present how the three combined together allows CSRF to be resurrected, bypassing the SameSite's defense. Also, I will demonstrate how a web developer can easily introduce the vulnerability to their web apps when utilizing popular libraries. I will end the talk by sharing the complex disclosure timeline and the difficulty of patching the vulnerability due to the interconnected nature of web specifications.\n\n\n","title":"The CSRF Resurrections! Starring the Unholy Trinity: Service Worker of PWA, SameSite of HTTP Cookie, and Fetch","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"end_timestamp":{"seconds":1660441500,"nanoseconds":0},"android_description":"CSRF is (really) dead. SameSite killed it. Browsers protect us. Lax by default!\n\nSounds a bit too good to be true, doesn't it? We live in a world where browsers get constantly updated with brand new web features and new specifications. The complexity abyss is getting wider and deeper. How do we know web technologies always play perfectly nice with each other? What happens when something slips? \n\nIn this talk, I focus on three intertwined web features: HTTP Cookie's SameSite attribute, PWA's Service Worker, and Fetch. I will start by taking a look at how each feature works in detail. Then, I will present how the three combined together allows CSRF to be resurrected, bypassing the SameSite's defense. Also, I will demonstrate how a web developer can easily introduce the vulnerability to their web apps when utilizing popular libraries. I will end the talk by sharing the complex disclosure timeline and the difficulty of patching the vulnerability due to the interconnected nature of web specifications.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48575],"conference_id":65,"event_ids":[48567],"name":"Dongsung Kim","affiliations":[{"organization":"","title":"IT-Security Expert, Truesec"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/kid1ng"},{"description":"","title":"Website","sort_order":0,"url":"https://kidi.ng/"}],"media":[],"id":47927,"title":"IT-Security Expert, Truesec"}],"timeband_id":892,"end":"2022-08-14T01:45:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242201"}],"id":48567,"village_id":null,"begin_timestamp":{"seconds":1660438800,"nanoseconds":0},"tag_ids":[45241,45279,45281,45375,45450],"includes":"Tool, Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47927}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 401-410, 421 (Track 3)","hotel":"","short_name":"401-410, 421 (Track 3)","id":45374},"updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-14T01:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Reveal the hidden state of the person on the other end of your video call, using some Python code. In the age of remote work, we miss the nuances of face-to-face communication. But with videoconferencing, we also gain a surprising amount of information that’s normally hidden to a human observer. A new set of tools will allow you to detect the heart rate, attention, and inner mood of any face on your screen. You can then receive real-time feedback to subtly mirror your conversation partner. These tools also work on recordings, allowing us to analyze the inner states of politicians, interviewees, and anyone else in front of a high-resolution camera.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#504dd0","name":"Social Engineering Community Village","id":45370},"title":"Truthsayer: Make a remote lie detector and become irresistible on Zoom calls","android_description":"Reveal the hidden state of the person on the other end of your video call, using some Python code. In the age of remote work, we miss the nuances of face-to-face communication. But with videoconferencing, we also gain a surprising amount of information that’s normally hidden to a human observer. A new set of tools will allow you to detect the heart rate, attention, and inner mood of any face on your screen. You can then receive real-time feedback to subtly mirror your conversation partner. These tools also work on recordings, allowing us to analyze the inner states of politicians, interviewees, and anyone else in front of a high-resolution camera.","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1659504420,"nanoseconds":0},"speakers":[{"content_ids":[49371],"conference_id":65,"event_ids":[49507],"name":"Fletcher Heisler","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/fheisler/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/fheisler"},{"description":"","title":"YouTube","sort_order":0,"url":"https://www.youtube.com/c/EverythingIsHacked"}],"pronouns":null,"media":[],"id":48785}],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49507,"tag_ids":[40273,45340,45370,45453],"village_id":31,"begin_timestamp":{"seconds":1660437000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48785}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social A (Social Engineering Community)","hotel":"","short_name":"Social A (Social Engineering Community)","id":45418},"begin":"2022-08-14T00:30:00.000-0000","updated":"2022-08-03T05:27:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"You probably have at least two smart cards in your pockets right now. Your credit card, and the SIM card in your cell phone. You might also have a CAC, metro card, or the contactless key to your hotel room. Many of these cards are based on the same basic standards and share a common command format, called APDU.\n\nThis talk will discuss and demonstrate how even in the absence of information about a given card, there are a series of ways to enumerate the contents and capabilities of a card, find exposed information, fuzz for input handling flaws, and exploit poor authentication and access control.\n\n\n","title":"Black-Box Assessment of Smart Cards","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"android_description":"You probably have at least two smart cards in your pockets right now. Your credit card, and the SIM card in your cell phone. You might also have a CAC, metro card, or the contactless key to your hotel room. Many of these cards are based on the same basic standards and share a common command format, called APDU.\n\nThis talk will discuss and demonstrate how even in the absence of information about a given card, there are a series of ways to enumerate the contents and capabilities of a card, find exposed information, fuzz for input handling flaws, and exploit poor authentication and access control.","end_timestamp":{"seconds":1660439700,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48573],"conference_id":65,"event_ids":[48581],"name":"Daniel Crowley","affiliations":[{"organization":"","title":"Head of Research, X-Force Red"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/dan_crowley"}],"media":[],"id":47844,"title":"Head of Research, X-Force Red"}],"timeband_id":892,"end":"2022-08-14T01:15:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242289"}],"id":48581,"tag_ids":[45241,45279,45281,45375,45450],"village_id":null,"begin_timestamp":{"seconds":1660437000,"nanoseconds":0},"includes":"Tool, Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47844}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"spans_timebands":"N","updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-14T00:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In this talk we will tell the story of an insane exploit we used to compromise the otherwise secure KASM Workspaces software. KASM Workspaces is enterprise software for streaming virtual workstations to end users built on top of Docker. \n\nThis talk will span python binary RE, header smuggling, configuration injection, docker networking and questionable RFC interpretation. We hope to show you a little bit of what worked and a lot a bit of what didn't work on our quest to exploit this heisenbug.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"title":"Crossing the KASM -- a webapp pentest story","end_timestamp":{"seconds":1660439700,"nanoseconds":0},"android_description":"In this talk we will tell the story of an insane exploit we used to compromise the otherwise secure KASM Workspaces software. KASM Workspaces is enterprise software for streaming virtual workstations to end users built on top of Docker. \n\nThis talk will span python binary RE, header smuggling, configuration injection, docker networking and questionable RFC interpretation. We hope to show you a little bit of what worked and a lot a bit of what didn't work on our quest to exploit this heisenbug.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48574],"conference_id":65,"event_ids":[48526],"name":"Justin Gardner","affiliations":[{"organization":"","title":"Full-time Bug Bounty Hunter"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://www.twitter.com/Rhynorater"}],"pronouns":null,"media":[],"id":47883,"title":"Full-time Bug Bounty Hunter"},{"content_ids":[48574],"conference_id":65,"event_ids":[48526],"name":"Samuel Erb","affiliations":[{"organization":"","title":"Hacker"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/erbbysam"}],"pronouns":null,"media":[],"id":47906,"title":"Hacker"}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242001"}],"end":"2022-08-14T01:15:00.000-0000","id":48526,"village_id":null,"tag_ids":[45241,45280,45375,45450],"begin_timestamp":{"seconds":1660437000,"nanoseconds":0},"includes":"Exploit","people":[{"tag_id":565,"sort_order":1,"person_id":47883},{"tag_id":565,"sort_order":1,"person_id":47906}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 106-110, 138-139 (Track 2)","hotel":"","short_name":"106-110, 138-139 (Track 2)","id":45373},"begin":"2022-08-14T00:30:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Election security has left the realm of election professionals and is now top of mind for anyone. But what does it mean? Is it just about the security of voting equipment? Or the security of the entire system of running elections? If you haven't been able to catch the Voting Village's content, or would like the opportunity for a deeper dive on some of the issues policymakers are wrestling with, this session is for you. (Limited capacity event; open to all conference attendees to participate under Chatham House Rules.)\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ab59db","name":"Policy@DEF CON Content","id":45311},"title":"Thinking About Election Security: Annual Debrief (Community Roundtable)","end_timestamp":{"seconds":1660439700,"nanoseconds":0},"android_description":"Election security has left the realm of election professionals and is now top of mind for anyone. But what does it mean? Is it just about the security of voting equipment? Or the security of the entire system of running elections? If you haven't been able to catch the Voting Village's content, or would like the opportunity for a deeper dive on some of the issues policymakers are wrestling with, this session is for you. (Limited capacity event; open to all conference attendees to participate under Chatham House Rules.)","updated_timestamp":{"seconds":1660108200,"nanoseconds":0},"speakers":[{"content_ids":[49741,49742],"conference_id":65,"event_ids":[49934,49935],"name":"Cathy Gellis","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49081}],"timeband_id":892,"links":[],"end":"2022-08-14T01:15:00.000-0000","id":49934,"tag_ids":[40265,45311,45373,45447,45450],"village_id":23,"begin_timestamp":{"seconds":1660436100,"nanoseconds":0},"includes":"","people":[{"tag_id":45448,"sort_order":1,"person_id":49081}],"tags":"Discussion","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 226-227 - Policy Roundtable","hotel":"","short_name":"226-227 - Policy Roundtable","id":45465},"spans_timebands":"N","begin":"2022-08-14T00:15:00.000-0000","updated":"2022-08-10T05:10:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#54ab76","name":"Adversary Village","id":45377},"title":"Who doesn’t like a little Spice? Emulation Maturity, Team Culture and TTPs","android_description":"","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1659888240,"nanoseconds":0},"speakers":[{"content_ids":[48901,48926,49574],"conference_id":65,"event_ids":[48904,48927,49786],"name":"Jamie Williams","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jamieantisocial"}],"pronouns":null,"media":[],"id":48379},{"content_ids":[49574],"conference_id":65,"event_ids":[49786],"name":"TJ Null","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/tj_null"}],"pronouns":null,"media":[],"id":48911},{"content_ids":[49574],"conference_id":65,"event_ids":[49786],"name":"Niru Raghupathy","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/itsC0rg1"}],"pronouns":null,"media":[],"id":48919},{"content_ids":[49574],"conference_id":65,"event_ids":[49786],"name":"Cat Self","affiliations":[{"organization":"MITRE Corporation","title":""}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/coolestcatiknow/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/coolestcatiknow"}],"media":[],"id":48939,"title":"MITRE Corporation"},{"content_ids":[49574],"conference_id":65,"event_ids":[49786],"name":"Andy Grunt","affiliations":[{"organization":"Zoom","title":"Head of Offensive Security"}],"links":[],"pronouns":null,"media":[],"id":48942,"title":"Head of Offensive Security at Zoom"}],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49786,"tag_ids":[40246,45367,45373,45377,45451],"begin_timestamp":{"seconds":1660436100,"nanoseconds":0},"village_id":1,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48942},{"tag_id":565,"sort_order":1,"person_id":48939},{"tag_id":565,"sort_order":1,"person_id":48379},{"tag_id":565,"sort_order":1,"person_id":48919},{"tag_id":565,"sort_order":1,"person_id":48911}],"tags":"Panel","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"begin":"2022-08-14T00:15:00.000-0000","updated":"2022-08-07T16:04:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"You may be old enough to remember the civil unrest of 2020, but what you may not have noticed was the total absence of guns and ammunition from the store shelves. With escalating levels of violence you may have thought that exercising your human right to self protection would have been nice, but now you have found yourself behind the curve, and with few options. We will discuss a variety of steps to rapidly source, acquire, improvise, or construct firearms and ammunition from scratch, or from readily available precursor components. There will be a discussion of recent events involving improvised firearms on the world stage.\r\n\r\nElevator pitch: The world is dangerous. I will tell you how to make or source guns and ammunition. Don't break the law.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#a8c24b","name":"Skytalk","id":45291},"title":"Ghost Guns: Rapidly acquiring, constructing or improvising firearms","end_timestamp":{"seconds":1660438500,"nanoseconds":0},"android_description":"You may be old enough to remember the civil unrest of 2020, but what you may not have noticed was the total absence of guns and ammunition from the store shelves. With escalating levels of violence you may have thought that exercising your human right to self protection would have been nice, but now you have found yourself behind the curve, and with few options. We will discuss a variety of steps to rapidly source, acquire, improvise, or construct firearms and ammunition from scratch, or from readily available precursor components. There will be a discussion of recent events involving improvised firearms on the world stage.\r\n\r\nElevator pitch: The world is dangerous. I will tell you how to make or source guns and ammunition. Don't break the law.","updated_timestamp":{"seconds":1659591120,"nanoseconds":0},"speakers":[{"content_ids":[48718,49391],"conference_id":65,"event_ids":[48725,49538],"name":"Judge Taylor","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/mingheemouse"}],"pronouns":null,"media":[],"id":48004}],"timeband_id":892,"links":[],"end":"2022-08-14T00:55:00.000-0000","id":49538,"begin_timestamp":{"seconds":1660435500,"nanoseconds":0},"village_id":30,"tag_ids":[40272,45291,45340,45373,45453],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48004}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45438,"name":"LINQ - BLOQ (SkyTalks 303)","hotel":"","short_name":"BLOQ (SkyTalks 303)","id":45413},"begin":"2022-08-14T00:05:00.000-0000","updated":"2022-08-04T05:32:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"What happens when you take an ACM style programming contest, smash it head long into a drinking game, throw in a mix of our most distracting helpers, then shove the resulting chaos incarnate onto a stage? You get the contest known as Crash and Compile.\r\n\r\nTeams are given programming challenges and have to solve them with code. If your code fails to compile? Take a drink. Segfault? Take a drink. Did your code fail to produce the correct answer when you ran it? Take a drink. We set you against the clock and the other teams. And because our \"\"Team Distraction\"\" think watching people simply code is boring, they have taken it upon themselves to be creative in hindering you from programming, much to the enjoyment of the audience. At the end of the night, one team will have proven their ability, and walk away with the coveted Crash and Compile trophy.\r\n\r\nCrash and Compile is looking for the top programmers to test their skills in our contest. Can you complete our challenges? Can you do so with style that sets your team ahead of the others? To play our game you must first complete our qualifying round. Gather your team and see if you have the coding chops to secure your place as one of the top teams to move on to the main contest.\r\n\r\nQualifications for Crash and Compile will take place Friday from 10am to 3pm on-site and online at https://crashandcompile.org.\r\n\r\nYou may have up to two people per team. (Having two people on a team is highly suggested)\r\n\r\nOf the qualifiers, nine teams will move on to compete head to head on the contest stage.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"title":"Crash and Compile - Contest Stage","end_timestamp":{"seconds":1660446000,"nanoseconds":0},"android_description":"What happens when you take an ACM style programming contest, smash it head long into a drinking game, throw in a mix of our most distracting helpers, then shove the resulting chaos incarnate onto a stage? You get the contest known as Crash and Compile.\r\n\r\nTeams are given programming challenges and have to solve them with code. If your code fails to compile? Take a drink. Segfault? Take a drink. Did your code fail to produce the correct answer when you ran it? Take a drink. We set you against the clock and the other teams. And because our \"\"Team Distraction\"\" think watching people simply code is boring, they have taken it upon themselves to be creative in hindering you from programming, much to the enjoyment of the audience. At the end of the night, one team will have proven their ability, and walk away with the coveted Crash and Compile trophy.\r\n\r\nCrash and Compile is looking for the top programmers to test their skills in our contest. Can you complete our challenges? Can you do so with style that sets your team ahead of the others? To play our game you must first complete our qualifying round. Gather your team and see if you have the coding chops to secure your place as one of the top teams to move on to the main contest.\r\n\r\nQualifications for Crash and Compile will take place Friday from 10am to 3pm on-site and online at https://crashandcompile.org.\r\n\r\nYou may have up to two people per team. (Having two people on a team is highly suggested)\r\n\r\nOf the qualifiers, nine teams will move on to compete head to head on the contest stage.","updated_timestamp":{"seconds":1659666660,"nanoseconds":0},"speakers":[],"timeband_id":892,"end":"2022-08-14T03:00:00.000-0000","links":[{"label":"Website","type":"link","url":"https://crashandcompile.org"}],"id":49572,"tag_ids":[45360,45373,45450],"village_id":null,"begin_timestamp":{"seconds":1660435200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"spans_timebands":"N","begin":"2022-08-14T00:00:00.000-0000","updated":"2022-08-05T02:31:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Pentesting humans using social engineering techniques has become increasingly important to many organizations, and rightfully so. While many focus on the performance of a social engineering engagement, fewer deal with the post-engagement process. When a hacker has done their job, how are the results handled? How does a target feel afterward knowing they have been duped, and who is helping them to overcome adversarial feelings in the wake of a test? A social engineering pentest tests humans, and not systems. The people affected can feel they have failed as humans and not just professionally. Distress, psychological strain, and self-blame are just some of the factors that can affect a human not being helped correctly in the aftermath. But it’s not just the victims that are at risk of negative outcomes, but hackers themselves too. This talk aims to start a dialogue about the aftermath of social engineering pentests. When are we doing it right, and when are we doing it wrong? Is there a right or wrong way? The possible pitfalls will be highlighted in handling the aftermath of social engineering engagements and exploring various challenges and proposed solutions to problems that may arise.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#504dd0","name":"Social Engineering Community Village","id":45370},"title":"The aftermath of a social engineering pentest. - Are we being ethically responsible?”","end_timestamp":{"seconds":1660437000,"nanoseconds":0},"android_description":"Pentesting humans using social engineering techniques has become increasingly important to many organizations, and rightfully so. While many focus on the performance of a social engineering engagement, fewer deal with the post-engagement process. When a hacker has done their job, how are the results handled? How does a target feel afterward knowing they have been duped, and who is helping them to overcome adversarial feelings in the wake of a test? A social engineering pentest tests humans, and not systems. The people affected can feel they have failed as humans and not just professionally. Distress, psychological strain, and self-blame are just some of the factors that can affect a human not being helped correctly in the aftermath. But it’s not just the victims that are at risk of negative outcomes, but hackers themselves too. This talk aims to start a dialogue about the aftermath of social engineering pentests. When are we doing it right, and when are we doing it wrong? Is there a right or wrong way? The possible pitfalls will be highlighted in handling the aftermath of social engineering engagements and exploring various challenges and proposed solutions to problems that may arise.","updated_timestamp":{"seconds":1659504420,"nanoseconds":0},"speakers":[{"content_ids":[49370],"conference_id":65,"event_ids":[49506],"name":"Ragnhild “Bridget“ Sageng","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/ragnhildsageng/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ragnhild_bss"}],"pronouns":null,"media":[],"id":48784}],"timeband_id":892,"links":[],"end":"2022-08-14T00:30:00.000-0000","id":49506,"begin_timestamp":{"seconds":1660435200,"nanoseconds":0},"village_id":31,"tag_ids":[40273,45340,45370,45453],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48784}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social A (Social Engineering Community)","hotel":"","short_name":"Social A (Social Engineering Community)","id":45418},"begin":"2022-08-14T00:00:00.000-0000","updated":"2022-08-03T05:27:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The only publicly known electric system disruption events to ever take place have all impacted Ukraine. In 2015, 2016, and again in 2022, Ukrainian system operators experienced cyber-nexus disruptive events targeting various aspects of electric system operations. While each event has been explored individually, various technical and operational details exist that link these incidents and highlight how the adversary behind them effectively learned and adjusted offensive actions over time. In this presentation, we will explore these three incidents (and some intermediate events) in wider context to show both how the perpetrators adjusted operations in response to impacts as well as what lessons critical infrastructure and industrial asset owners and operators should learn from events.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#81f8bf","name":"ICS Village","id":45369},"title":"Thrice Is Nice: Evaluating the Ukrainian Power Events from BlackEnergy to Industroyer2","android_description":"The only publicly known electric system disruption events to ever take place have all impacted Ukraine. In 2015, 2016, and again in 2022, Ukrainian system operators experienced cyber-nexus disruptive events targeting various aspects of electric system operations. While each event has been explored individually, various technical and operational details exist that link these incidents and highlight how the adversary behind them effectively learned and adjusted offensive actions over time. In this presentation, we will explore these three incidents (and some intermediate events) in wider context to show both how the perpetrators adjusted operations in response to impacts as well as what lessons critical infrastructure and industrial asset owners and operators should learn from events.","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1659473580,"nanoseconds":0},"speakers":[{"content_ids":[48711,49350],"conference_id":65,"event_ids":[48718,49450],"name":"Joe Slowik","affiliations":[{"organization":"Gigamon","title":"Threat Intelligence & Detections Engineering Lead"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jfslowik"}],"pronouns":null,"media":[],"id":47999,"title":"Threat Intelligence & Detections Engineering Lead at Gigamon"}],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49450,"tag_ids":[40258,45340,45369,45375,45450],"begin_timestamp":{"seconds":1660435200,"nanoseconds":0},"village_id":15,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47999}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village)","hotel":"","short_name":"314 - 319 (ICS Village)","id":45430},"spans_timebands":"N","updated":"2022-08-02T20:53:00.000-0000","begin":"2022-08-14T00:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In this workshop, James will be going over the mechanics of picking pockets as well as the psychological principles which allow this centuries old technique to persist to this day.\n\n\n","title":"Picking Pockets, Picked Apart","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#569d6e","name":"Rogues Village","id":45368},"android_description":"In this workshop, James will be going over the mechanics of picking pockets as well as the psychological principles which allow this centuries old technique to persist to this day.","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1659467520,"nanoseconds":0},"speakers":[{"content_ids":[49319,49327],"conference_id":65,"event_ids":[49419,49427],"name":"James Harrison","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/PickpocketJames"},{"description":"","title":"Website","sort_order":0,"url":"https://www.pickpocketmagic.com/"}],"pronouns":null,"media":[],"id":48741}],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49427,"village_id":29,"tag_ids":[40271,45332,45368,45453],"begin_timestamp":{"seconds":1660435200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48741}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Evolution (Rogues Village)","hotel":"","short_name":"Evolution (Rogues Village)","id":45407},"begin":"2022-08-14T00:00:00.000-0000","updated":"2022-08-02T19:12:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#c497fa","updated_at":"2024-06-07T03:39+0000","name":"Girls Hack Village","id":45361},"title":"Zero Trust","android_description":"","end_timestamp":{"seconds":1660437000,"nanoseconds":0},"updated_timestamp":{"seconds":1659465840,"nanoseconds":0},"speakers":[{"content_ids":[49309,49313],"conference_id":65,"event_ids":[49409,49413],"name":"Ebony Pierce","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/ebony-p-71b09679/"}],"media":[],"id":48721}],"timeband_id":892,"links":[],"end":"2022-08-14T00:30:00.000-0000","id":49413,"begin_timestamp":{"seconds":1660435200,"nanoseconds":0},"village_id":12,"tag_ids":[40255,45340,45361,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48721}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City III (Girls Hack Village)","hotel":"","short_name":"Virginia City III (Girls Hack Village)","id":45400},"updated":"2022-08-02T18:44:00.000-0000","begin":"2022-08-14T00:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"New year, new challenges to privacy.\r\n\r\nYou are in a public event, or a coffee shop. Did a notification just tell you about a sale nearby? Why is this app showing ads for the car you rented and told your friend about? Is Santa Claus the only one who knows if you've been naughty or nice? \"Maybe if I run a VPN I will be safe.\" This is wishful thinking at best; it only helps to deal with some privacy attacks. You see, smart phones are little snitches. By design.\r\n\r\nThey listen to you. They know where you go, what you purchase, and who you interact with. And they never sleep or take vacations.\r\n\r\nYou can fight back. You can regain (at least some) control of your privacy! But it will not be done buying some magic software and pressing the EZ button. Some assembly is required.\r\n\r\nIf you are willing to roll up your sleeves and take your brave pill, join us in this workshop as we show how to build your Android phone with the balance between privacy, security, and convenience that fits your comfort level.\r\n\r\nAttendees will come out of this workshop with a privacy mindset:\r\n\r\n Appreciating the privacy and security implications of using a smart phone in general -- specifically consumer Android devices.\r\n Knowing how to achieve different levels of privacy in their phones and understanding the costs and benefits of each approach.\r\n Understanding what \"attribution of traffic\" tying IP to a person through a VPN is.Finding out which apps are privacy-respecting, and how to contain untrusted apps that may be a \"must have\".\r\n\r\n\r\n[Who should take this workshop]\r\nPrivacy-conscious smartphone users who would like to understand and control what their phones share about them.\r\n\r\n[Audience Skill Level]\r\n\r\n Intermediate \r\n Entry level, if you have studied the instructions and are prepared to hit the ground running. Or if your team is willing to help you out. We will NOT be able to wait for you to install 374 OS updates, download and install VirtualBox, and then build a Linux VM.\r\n\r\n\r\n[Attendees' requirements] \r\n\r\n An understanding of basic Linux commands.\r\n Be comfortable with the idea of installing an aftermarket firmware/OS (\"ROM\") on a mobile device. Soft/hard \"bricking\" is a possibility, so having a spare phone may be a good investment.\r\n Follow additional instructions provided on the GitHub repository (https://github.com/matthewnash/building-phone-privacy/wiki) ahead of the workshop.\r\n\r\n [What students should bring (or do beforehand)]\r\n\r\n An Android phone that has been configured per the GitHub instructions.\r\n Alternatively, a laptop with Android Studio installed.\r\n A learning attitude.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ff88ea","name":"Crypto & Privacy Village","id":45347},"title":"Pursuing Phone Privacy Protection [WORKSHOP]","android_description":"New year, new challenges to privacy.\r\n\r\nYou are in a public event, or a coffee shop. Did a notification just tell you about a sale nearby? Why is this app showing ads for the car you rented and told your friend about? Is Santa Claus the only one who knows if you've been naughty or nice? \"Maybe if I run a VPN I will be safe.\" This is wishful thinking at best; it only helps to deal with some privacy attacks. You see, smart phones are little snitches. By design.\r\n\r\nThey listen to you. They know where you go, what you purchase, and who you interact with. And they never sleep or take vacations.\r\n\r\nYou can fight back. You can regain (at least some) control of your privacy! But it will not be done buying some magic software and pressing the EZ button. Some assembly is required.\r\n\r\nIf you are willing to roll up your sleeves and take your brave pill, join us in this workshop as we show how to build your Android phone with the balance between privacy, security, and convenience that fits your comfort level.\r\n\r\nAttendees will come out of this workshop with a privacy mindset:\r\n\r\n Appreciating the privacy and security implications of using a smart phone in general -- specifically consumer Android devices.\r\n Knowing how to achieve different levels of privacy in their phones and understanding the costs and benefits of each approach.\r\n Understanding what \"attribution of traffic\" tying IP to a person through a VPN is.Finding out which apps are privacy-respecting, and how to contain untrusted apps that may be a \"must have\".\r\n\r\n\r\n[Who should take this workshop]\r\nPrivacy-conscious smartphone users who would like to understand and control what their phones share about them.\r\n\r\n[Audience Skill Level]\r\n\r\n Intermediate \r\n Entry level, if you have studied the instructions and are prepared to hit the ground running. Or if your team is willing to help you out. We will NOT be able to wait for you to install 374 OS updates, download and install VirtualBox, and then build a Linux VM.\r\n\r\n\r\n[Attendees' requirements] \r\n\r\n An understanding of basic Linux commands.\r\n Be comfortable with the idea of installing an aftermarket firmware/OS (\"ROM\") on a mobile device. Soft/hard \"bricking\" is a possibility, so having a spare phone may be a good investment.\r\n Follow additional instructions provided on the GitHub repository (https://github.com/matthewnash/building-phone-privacy/wiki) ahead of the workshop.\r\n\r\n [What students should bring (or do beforehand)]\r\n\r\n An Android phone that has been configured per the GitHub instructions.\r\n Alternatively, a laptop with Android Studio installed.\r\n A learning attitude.","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1659393960,"nanoseconds":0},"speakers":[{"content_ids":[49158],"conference_id":65,"event_ids":[49194],"name":"Matt Nash","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48624},{"content_ids":[49158],"conference_id":65,"event_ids":[49194],"name":"Mauricio Tavares","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48625}],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49194,"tag_ids":[40253,45347,45451],"village_id":10,"begin_timestamp":{"seconds":1660435200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48624},{"tag_id":565,"sort_order":1,"person_id":48625}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"spans_timebands":"N","updated":"2022-08-01T22:46:00.000-0000","begin":"2022-08-14T00:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"IR is constantly in motion, adversaries change tactics and techniques and so do Incident Responders. Come hear from IR professionals what they've been up to for the past year.\n\n\nIR is constantly in motion, adversaries change tactics and techniques and so do Incident Responders. Come hear from IR professionals what they've been up to for the past year.","type":{"conference_id":65,"conference":"DEFCON30","color":"#97ab92","updated_at":"2024-06-07T03:39+0000","name":"Blue Team Village","id":45376},"title":"Latest and Greatest in Incident Response","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"android_description":"IR is constantly in motion, adversaries change tactics and techniques and so do Incident Responders. Come hear from IR professionals what they've been up to for the past year.\n\n\nIR is constantly in motion, adversaries change tactics and techniques and so do Incident Responders. Come hear from IR professionals what they've been up to for the past year.","updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48912],"conference_id":65,"event_ids":[48914],"name":"Lauren Proehl","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48334},{"content_ids":[48912],"conference_id":65,"event_ids":[48914],"name":"Jess","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48343},{"content_ids":[48912],"conference_id":65,"event_ids":[48914],"name":"zr0","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48350},{"content_ids":[48912],"conference_id":65,"event_ids":[48914],"name":"plug","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48355},{"content_ids":[48912],"conference_id":65,"event_ids":[48914],"name":"LitMoose","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48360}],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":48914,"tag_ids":[40250,45332,45373,45376,45451],"village_id":7,"begin_timestamp":{"seconds":1660435200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48343},{"tag_id":565,"sort_order":1,"person_id":48334},{"tag_id":565,"sort_order":1,"person_id":48360},{"tag_id":565,"sort_order":1,"person_id":48355},{"tag_id":565,"sort_order":1,"person_id":48350}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Main Stage (In-person)","hotel":"","short_name":"BTV Main Stage (In-person)","id":45470},"updated":"2022-07-28T21:38:00.000-0000","begin":"2022-08-14T00:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun.\r\n\r\nPlease note: the Caesars Forum Unity Ballroom is at the \"front\" of Caesars Forum, beside Demo Labs, across from room 216 (the Contest-CTF area).\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d1c366","name":"Meetup","id":45288},"title":"Friends of Bill W","android_description":"For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun.\r\n\r\nPlease note: the Caesars Forum Unity Ballroom is at the \"front\" of Caesars Forum, beside Demo Labs, across from room 216 (the Contest-CTF area).","end_timestamp":{"seconds":1660435200,"nanoseconds":0},"updated_timestamp":{"seconds":1659541740,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T00:00:00.000-0000","id":48706,"village_id":null,"tag_ids":[45288,45373,45450],"begin_timestamp":{"seconds":1660435200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Unity Boardroom","hotel":"","short_name":"Unity Boardroom","id":45394},"spans_timebands":"N","updated":"2022-08-03T15:49:00.000-0000","begin":"2022-08-14T00:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Interested in cyber denial, deception, and adversary engagement? Come join the MITRE Engage team for conversations, war stories, and cyber shenanigans.\n\n\n","title":"Denial, Deception, and Drinks with Mitre Engage","type":{"conference_id":65,"conference":"DEFCON30","color":"#d1c366","updated_at":"2024-06-07T03:39+0000","name":"Meetup","id":45288},"android_description":"Interested in cyber denial, deception, and adversary engagement? Come join the MITRE Engage team for conversations, war stories, and cyber shenanigans.","end_timestamp":{"seconds":1660442400,"nanoseconds":0},"updated_timestamp":{"seconds":1658811300,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T02:00:00.000-0000","id":48701,"begin_timestamp":{"seconds":1660435200,"nanoseconds":0},"tag_ids":[45288,45373,45450],"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Society Boardroom (Demo Labs)","hotel":"","short_name":"Society Boardroom (Demo Labs)","id":45393},"begin":"2022-08-14T00:00:00.000-0000","updated":"2022-07-26T04:55:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In this talk I will show how to reverse engineer a proprietary HTTP Server in order to leverage memory corruption vulnerabilities using high level HTTP protocol exploitation techniques. To do so, I will present two critical vulnerabilities, CVE-2022-22536 and CVE-2022-22532, which were found in SAP's proprietary HTTP Server, and could be used by a remote unauthenticated attacker to compromise any SAP installation in the world.\n\nFirst, I will explain how to escalate an error in the request handling process to Desynchronize data buffers and hijack every user’s account with Advanced Response Smuggling. Furthermore, as the primitives of this vulnerability do not rely on header parsing errors, I will show a new technique to persist the attack using the first Desync botnet in history. This attack will prove to be effective even in an “impossible to exploit” scenario: without a Proxy!\n\nNext I will examine a Use-After-Free in the shared memory used for Inter-Process Communication. By exploiting the incorrect deallocation, I will show how to tamper messages belonging to other TCP connections and take control of all responses using Cache Poisoning and Response Splitting theory.\n\nFinally, as the affected buffers could also contain IPC control data, I will explain how to corrupt memory address pointers and end up obtaining RCE.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"title":"Internal Server Error: Exploiting Inter-Process Communication with new desynchronization primitives","end_timestamp":{"seconds":1660437900,"nanoseconds":0},"android_description":"In this talk I will show how to reverse engineer a proprietary HTTP Server in order to leverage memory corruption vulnerabilities using high level HTTP protocol exploitation techniques. To do so, I will present two critical vulnerabilities, CVE-2022-22536 and CVE-2022-22532, which were found in SAP's proprietary HTTP Server, and could be used by a remote unauthenticated attacker to compromise any SAP installation in the world.\n\nFirst, I will explain how to escalate an error in the request handling process to Desynchronize data buffers and hijack every user’s account with Advanced Response Smuggling. Furthermore, as the primitives of this vulnerability do not rely on header parsing errors, I will show a new technique to persist the attack using the first Desync botnet in history. This attack will prove to be effective even in an “impossible to exploit” scenario: without a Proxy!\n\nNext I will examine a Use-After-Free in the shared memory used for Inter-Process Communication. By exploiting the incorrect deallocation, I will show how to tamper messages belonging to other TCP connections and take control of all responses using Cache Poisoning and Response Splitting theory.\n\nFinally, as the affected buffers could also contain IPC control data, I will explain how to corrupt memory address pointers and end up obtaining RCE.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48572],"conference_id":65,"event_ids":[48566],"name":"Martin Doyhenard","affiliations":[{"organization":"","title":"Security Researcher at Onapsis"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/tincho_508"}],"media":[],"id":47857,"title":"Security Researcher at Onapsis"}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242287"}],"end":"2022-08-14T00:45:00.000-0000","id":48566,"village_id":null,"begin_timestamp":{"seconds":1660435200,"nanoseconds":0},"tag_ids":[45241,45279,45280,45281,45375,45450],"includes":"Demo, Exploit, Tool","people":[{"tag_id":565,"sort_order":1,"person_id":47857}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 401-410, 421 (Track 3)","hotel":"","short_name":"401-410, 421 (Track 3)","id":45374},"updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-14T00:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Hacking the farm. In this session, I'll demonstrate tractor-sized hardware hacking techniques, firmware extraction, duplication, emulation, and cloning. We'll be diving into how the inner workings of agricultural cyber security; how such low-tech devices are now high-tech devices. The \"connected farm\" is now a reality; a slurry of EOL devices, trade secrets, data transfer, and overall shenanigans in an industry that accounts for roughly one-fifth of the US economic activity. We'll be discussing hacking into tractors, combines, cotton harvesters, sugar cane and more.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"title":"Hacking The Farm: Breaking Badly Into Agricultural Devices.","end_timestamp":{"seconds":1660437900,"nanoseconds":0},"android_description":"Hacking the farm. In this session, I'll demonstrate tractor-sized hardware hacking techniques, firmware extraction, duplication, emulation, and cloning. We'll be diving into how the inner workings of agricultural cyber security; how such low-tech devices are now high-tech devices. The \"connected farm\" is now a reality; a slurry of EOL devices, trade secrets, data transfer, and overall shenanigans in an industry that accounts for roughly one-fifth of the US economic activity. We'll be discussing hacking into tractors, combines, cotton harvesters, sugar cane and more.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48571],"conference_id":65,"event_ids":[48506],"name":"Sick Codes","affiliations":[{"organization":"","title":"Hacker"}],"links":[{"description":"","title":"GitHub","sort_order":0,"url":"https://github.com/sickcodes"},{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/sickcodes/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/sickcodes"},{"description":"","title":"Website","sort_order":0,"url":"https://automatedsecurityresearch.com/"},{"description":"","title":"YouTube","sort_order":0,"url":"https://www.youtube.com/c/sickcodes"}],"pronouns":null,"media":[],"id":47884,"title":"Hacker"}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241833"}],"end":"2022-08-14T00:45:00.000-0000","id":48506,"tag_ids":[45241,45279,45280,45281,45375,45450],"village_id":null,"begin_timestamp":{"seconds":1660435200,"nanoseconds":0},"includes":"Tool, Exploit, Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47884}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 104-105, 135-136 (Track 1)","hotel":"","short_name":"104-105, 135-136 (Track 1)","id":45372},"spans_timebands":"N","begin":"2022-08-14T00:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The new Television News Visual Explorer is a collaboration with the Internet Archive’s Television News Archive to make its vast archive of television news “skimmable.” Learn about this powerful new interface metaphor for video, where it is heading and how we are merging broadcast and online news analysis to help contextualize global narratives.\n\n\n","title":"The Television News Visual Explorer: Cataloging Visual Narratives & Lending Context","type":{"conference_id":65,"conference":"DEFCON30","color":"#d5f67c","updated_at":"2024-06-07T03:39+0000","name":"Misinformation Village","id":45335},"end_timestamp":{"seconds":1660436100,"nanoseconds":0},"android_description":"The new Television News Visual Explorer is a collaboration with the Internet Archive’s Television News Archive to make its vast archive of television news “skimmable.” Learn about this powerful new interface metaphor for video, where it is heading and how we are merging broadcast and online news analysis to help contextualize global narratives.","updated_timestamp":{"seconds":1660423140,"nanoseconds":0},"speakers":[{"content_ids":[49785],"conference_id":65,"event_ids":[49998],"name":"Kalev Leearu","affiliations":[{"organization":"GDELT","title":""}],"links":[],"pronouns":null,"media":[],"id":49117,"title":"GDELT"}],"timeband_id":892,"links":[],"end":"2022-08-14T00:15:00.000-0000","id":49998,"begin_timestamp":{"seconds":1660434300,"nanoseconds":0},"tag_ids":[40260,45331,45335,45373,45450],"village_id":18,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49117}],"tags":"Lightning Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (Misinformation Village)","hotel":"","short_name":"220->236 (Misinformation Village)","id":45402},"spans_timebands":"N","begin":"2022-08-13T23:45:00.000-0000","updated":"2022-08-13T20:39:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Application Pentests are costly, sometimes six-figures costly, and can be very time consuming for the hosting AppSec team. Even so, application pentests often yield very few meaningful findings, leaving potential security bugs in the wild for malicious actors to find and exploit. The goal of a pentest is often to find and remediate security issues before they become an even more expensive problem. But if the hosting company doesn't set pentesters up for success, the likelihood of a worthwhile pentest is abysmally low. While a well-done pentest could cost hundreds of thousands of dollars for an application with a highly complex attack surface, a crappy pentest could cost millions in ransom payouts & GDPR fines by giving the hosting company a false sense of assurance while adding no extra protection against security breaches. Avoiding common pitfalls in application pentest planning will yield better results and ensure broader coverage of the target application.\r\n\r\n\r\nOutline\r\n\r\n* Intro\r\n\t* Cost of an average application pentest: Maybe 10K, or maybe 100K - depends how big your app is & how much coverage you want\r\n\t* You may just be hosting a webapp pentest to check a compliance checkbox. That's fine, but if you're going to spend the money, make sure you're getting the most bang for your buck.\r\n\t* There are a number of potential mistakes that could make a pentest go sour and waste your company's time and money\r\n\r\n* Mistake 1: Being unrealistic about time budgeting\r\n\t* How long do you think it takes to conduct a thorough webapp pentest? If your answer is \"3 days\", you're wrong.\r\n\t* First couple of days of a pentest, assume there will be access issues that the testers have to work through to even get started. Don't expect productivity until Day 3+\r\n\t* If you require testers to go through onboarding or to use your company's equipment, make sure to tack on an extra 2+ days to your pentest.\r\n\t* Time budgeting should account for how many APIs & pages the testers will need to touch, as well as how many different roles (admin, guest, regular user, etc.) your system has. Granular Role-Based access controls? That takes a long time to properly test.\r\n\r\n* Mistake 2: Crappy scope\r\n\t* Giving a pentester a URL and telling them to go nuts is probably not going to yield the best results\r\n\t* What keeps your team up at night? What is your company's absolute worst-case scenario? What findings do you care about, and what findings would you accept as an OK risk?\r\n\t* If you have a bug bounty, or other way for external users to report security issues, leverage that data to identify areas pentesters should focus their attention\r\n\t* With complex apps, consider breaking the test down further into individual features, and test only a few features at a time to minimize context switching\r\n\t* Beware of scope creep - Be very clear what is and is not a part of the pentest, and don't pile more on in the middle of the engagement. 3rd party services & libraries are generally off the table unless you have that 3rd party's written permission.\r\n\r\n* Mistake 3: Hiring the wrong company\r\n\t* Do your diligence: compare & contrast at least 3-5 pentest providers\r\n\t* Ask them about their area of expertise. Look at their blog posts. If you are scheduling a pentest of an iOS app, and you hire a company that specializes in cloud security, your results may not be what you expect.\r\n\t* Ask around - what is the company's reputation like among your peers?\r\n\t* Ask the company for sample reports and make sure those reports meet your expectations\r\n\t* Good reports should contain very detailed & clear remediation guidance. Super boiler plate-y language is a red flag\r\n\r\n* Mistake 4: Time-wasting & poor communication\r\n\t* Do everything you can to ensure testers have access to everything they need on Day 1. If you have 3 pentesters working together, wasting 1 day could cost upwards of 6 grand.\r\n\t* Be clear with testers about your communication expectations. Do you want a status update weekly? Daily? When do you want to be notified of findings (especially high & critical risk findings)?\r\n\t* Involve the right technical experts from your dev team in the communication process - make sure they understand, agree with and know how to fix any findings that come up!\r\n\t* Set up a designated channel where testers can ask questions, and devs can answer. Make sure someone is paying close attention to that channel. Resolve blockers ASAP - again, wasted time could cost thousands of dollars.\r\n\r\n* Mistake 5: Poor preparation\r\n\t* If you don't have enough documentation, testers will not have a solid understanding of your product\r\n\t* Provision the right kinds of accounts for your pentesters. Ideally, having a minimum of 2 different accounts at each role/access level will help with finding authZ and privesc issues. Don't expect much if you ask pentesters to hack on your product without any legitimate logins.\r\n\t* Black box testing - not the best! If you trust the company to conduct your pentest, trust them to also look through your code.\r\n\t* Do some internal threat modeling in preparation for the test - provide the results of your threat modeling exercises to the pentesters.\r\n\t* If your product/feature is half-baked and doesn't always work, don't schedule your pentest yet. Wait till you are close enough to code-complete that pentesters won't run into weird error conditions just trying to use the product.\r\n\r\n* Mistake 6: No plan for remediation\r\n\t* Make sure the devs who will be fixing the vulnerabilities are on your readout call so they can ask questions\r\n\t* Make sure you have sufficient information from the pentesters to understand & fix issues. Confused? Speak up!\r\n\t* Are you re-testing? When are you re-testing?\r\n\t* Got any SLAs? If not, what are the expectations for remediation timelines\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#5978bc","name":"AppSec Village","id":45378},"title":"One Low, Two Informational: Why Your Pentest Findings are so Boring","android_description":"Application Pentests are costly, sometimes six-figures costly, and can be very time consuming for the hosting AppSec team. Even so, application pentests often yield very few meaningful findings, leaving potential security bugs in the wild for malicious actors to find and exploit. The goal of a pentest is often to find and remediate security issues before they become an even more expensive problem. But if the hosting company doesn't set pentesters up for success, the likelihood of a worthwhile pentest is abysmally low. While a well-done pentest could cost hundreds of thousands of dollars for an application with a highly complex attack surface, a crappy pentest could cost millions in ransom payouts & GDPR fines by giving the hosting company a false sense of assurance while adding no extra protection against security breaches. Avoiding common pitfalls in application pentest planning will yield better results and ensure broader coverage of the target application.\r\n\r\n\r\nOutline\r\n\r\n* Intro\r\n\t* Cost of an average application pentest: Maybe 10K, or maybe 100K - depends how big your app is & how much coverage you want\r\n\t* You may just be hosting a webapp pentest to check a compliance checkbox. That's fine, but if you're going to spend the money, make sure you're getting the most bang for your buck.\r\n\t* There are a number of potential mistakes that could make a pentest go sour and waste your company's time and money\r\n\r\n* Mistake 1: Being unrealistic about time budgeting\r\n\t* How long do you think it takes to conduct a thorough webapp pentest? If your answer is \"3 days\", you're wrong.\r\n\t* First couple of days of a pentest, assume there will be access issues that the testers have to work through to even get started. Don't expect productivity until Day 3+\r\n\t* If you require testers to go through onboarding or to use your company's equipment, make sure to tack on an extra 2+ days to your pentest.\r\n\t* Time budgeting should account for how many APIs & pages the testers will need to touch, as well as how many different roles (admin, guest, regular user, etc.) your system has. Granular Role-Based access controls? That takes a long time to properly test.\r\n\r\n* Mistake 2: Crappy scope\r\n\t* Giving a pentester a URL and telling them to go nuts is probably not going to yield the best results\r\n\t* What keeps your team up at night? What is your company's absolute worst-case scenario? What findings do you care about, and what findings would you accept as an OK risk?\r\n\t* If you have a bug bounty, or other way for external users to report security issues, leverage that data to identify areas pentesters should focus their attention\r\n\t* With complex apps, consider breaking the test down further into individual features, and test only a few features at a time to minimize context switching\r\n\t* Beware of scope creep - Be very clear what is and is not a part of the pentest, and don't pile more on in the middle of the engagement. 3rd party services & libraries are generally off the table unless you have that 3rd party's written permission.\r\n\r\n* Mistake 3: Hiring the wrong company\r\n\t* Do your diligence: compare & contrast at least 3-5 pentest providers\r\n\t* Ask them about their area of expertise. Look at their blog posts. If you are scheduling a pentest of an iOS app, and you hire a company that specializes in cloud security, your results may not be what you expect.\r\n\t* Ask around - what is the company's reputation like among your peers?\r\n\t* Ask the company for sample reports and make sure those reports meet your expectations\r\n\t* Good reports should contain very detailed & clear remediation guidance. Super boiler plate-y language is a red flag\r\n\r\n* Mistake 4: Time-wasting & poor communication\r\n\t* Do everything you can to ensure testers have access to everything they need on Day 1. If you have 3 pentesters working together, wasting 1 day could cost upwards of 6 grand.\r\n\t* Be clear with testers about your communication expectations. Do you want a status update weekly? Daily? When do you want to be notified of findings (especially high & critical risk findings)?\r\n\t* Involve the right technical experts from your dev team in the communication process - make sure they understand, agree with and know how to fix any findings that come up!\r\n\t* Set up a designated channel where testers can ask questions, and devs can answer. Make sure someone is paying close attention to that channel. Resolve blockers ASAP - again, wasted time could cost thousands of dollars.\r\n\r\n* Mistake 5: Poor preparation\r\n\t* If you don't have enough documentation, testers will not have a solid understanding of your product\r\n\t* Provision the right kinds of accounts for your pentesters. Ideally, having a minimum of 2 different accounts at each role/access level will help with finding authZ and privesc issues. Don't expect much if you ask pentesters to hack on your product without any legitimate logins.\r\n\t* Black box testing - not the best! If you trust the company to conduct your pentest, trust them to also look through your code.\r\n\t* Do some internal threat modeling in preparation for the test - provide the results of your threat modeling exercises to the pentesters.\r\n\t* If your product/feature is half-baked and doesn't always work, don't schedule your pentest yet. Wait till you are close enough to code-complete that pentesters won't run into weird error conditions just trying to use the product.\r\n\r\n* Mistake 6: No plan for remediation\r\n\t* Make sure the devs who will be fixing the vulnerabilities are on your readout call so they can ask questions\r\n\t* Make sure you have sufficient information from the pentesters to understand & fix issues. Confused? Speak up!\r\n\t* Are you re-testing? When are you re-testing?\r\n\t* Got any SLAs? If not, what are the expectations for remediation timelines","end_timestamp":{"seconds":1660437000,"nanoseconds":0},"updated_timestamp":{"seconds":1659917160,"nanoseconds":0},"speakers":[{"content_ids":[49645],"conference_id":65,"event_ids":[49829],"name":"Robyn Lundin","affiliations":[],"pronouns":null,"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://linkedin.com/in/robyn-lundin"}],"media":[],"id":49017}],"timeband_id":892,"links":[],"end":"2022-08-14T00:30:00.000-0000","id":49829,"tag_ids":[40278,45340,45378,45431,45451],"village_id":4,"begin_timestamp":{"seconds":1660433400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49017}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45421,"name":"Flamingo - Twilight Ballroom - AppSec Village - Main Stage","hotel":"","short_name":"Main Stage","id":45517},"spans_timebands":"N","updated":"2022-08-08T00:06:00.000-0000","begin":"2022-08-13T23:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Ever wondered how the cards you use to enter your hotel room or the key fobs you use in your car work, and how vulnerabilities in their design and implementation can be exploited? Find out all that and more with this talk.\n\n\n","title":"RFID Hacking 101","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#61ba95","name":"Physical Security Village","id":45381},"android_description":"Ever wondered how the cards you use to enter your hotel room or the key fobs you use in your car work, and how vulnerabilities in their design and implementation can be exploited? Find out all that and more with this talk.","end_timestamp":{"seconds":1660435200,"nanoseconds":0},"updated_timestamp":{"seconds":1659624240,"nanoseconds":0},"speakers":[{"content_ids":[49395],"conference_id":65,"event_ids":[49542,49553,49554],"name":"Ege F","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Efeyzee"}],"pronouns":null,"media":[],"id":48800}],"timeband_id":892,"links":[],"end":"2022-08-14T00:00:00.000-0000","id":49554,"tag_ids":[40264,45340,45373,45381,45450],"village_id":22,"begin_timestamp":{"seconds":1660433400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48800}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 201-202 (Physical Security Village)","hotel":"","short_name":"201-202 (Physical Security Village)","id":45428},"begin":"2022-08-13T23:30:00.000-0000","updated":"2022-08-04T14:44:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In hacking and penetration testing, we use “reverse shells” to make a target machine connect back to us for further exploitation or privilege escalation. What does that look like in the realm of psychology and social engineering? This presentation discusses techniques on getting the “mark” to contact us for more help/exploitation.\n\n\n","title":"Psychological Reverse Shells","type":{"conference_id":65,"conference":"DEFCON30","color":"#504dd0","updated_at":"2024-06-07T03:39+0000","name":"Social Engineering Community Village","id":45370},"end_timestamp":{"seconds":1660435200,"nanoseconds":0},"android_description":"In hacking and penetration testing, we use “reverse shells” to make a target machine connect back to us for further exploitation or privilege escalation. What does that look like in the realm of psychology and social engineering? This presentation discusses techniques on getting the “mark” to contact us for more help/exploitation.","updated_timestamp":{"seconds":1659504420,"nanoseconds":0},"speakers":[{"content_ids":[49369,49720],"conference_id":65,"event_ids":[49505,49910],"name":"MasterChen","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/chenb0x"}],"media":[],"id":48783}],"timeband_id":892,"links":[],"end":"2022-08-14T00:00:00.000-0000","id":49505,"tag_ids":[40273,45340,45370,45453],"village_id":31,"begin_timestamp":{"seconds":1660433400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48783}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social A (Social Engineering Community)","hotel":"","short_name":"Social A (Social Engineering Community)","id":45418},"begin":"2022-08-13T23:30:00.000-0000","updated":"2022-08-03T05:27:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#c497fa","name":"Girls Hack Village","id":45361},"title":"Staying Afloat in a Tsunami Of Security Inflormation","android_description":"","end_timestamp":{"seconds":1660435200,"nanoseconds":0},"updated_timestamp":{"seconds":1659465840,"nanoseconds":0},"speakers":[{"content_ids":[48939,49309,49312,49719],"conference_id":65,"event_ids":[48939,49409,49412,49909],"name":"Tracy Z. Maleeff","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Blog","sort_order":0,"url":"https://infosecsherpa.medium.com"},{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/tzmaleeff/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/InfoSecSherpa"}],"media":[],"id":48381}],"timeband_id":892,"links":[],"end":"2022-08-14T00:00:00.000-0000","id":49412,"village_id":12,"tag_ids":[40255,45340,45361,45451],"begin_timestamp":{"seconds":1660433400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48381}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City III (Girls Hack Village)","hotel":"","short_name":"Virginia City III (Girls Hack Village)","id":45400},"spans_timebands":"N","updated":"2022-08-02T18:44:00.000-0000","begin":"2022-08-13T23:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Over the course of the past two years, our group has finished a number of projects which allow for people to take control of their own health. Automatic external defibrillators can cause someone who is in [certain types of] cardiac arrest to merely wake up, but only if they get it soon enough. However, they cost thousands of dollars. We have an open-source version which can be built for $500 by any mid-level hobbyist, and meets all CE and FDA requirements. Additionally, we have adjoint tools for the AED which increase the save rate, and reduce the likelihood of brain damage. We also have an open-source DIY automated chemical reactor, with which people can manufacture their own drugs. We will be demonstrating the device and releasing complete instructions and programs for it, including one which makes Narcan out of Vicodin. Lastly, we will have a live demonstration, and give public online access to an AI which can discover drug synthesis pathways. Come see all this and more, as we release detailed documentation explaining how to build devices yourself which can save your life.\n\n\n","title":"How to Build DIY Lifesaving Medical Devices","type":{"conference_id":65,"conference":"DEFCON30","color":"#a67a60","updated_at":"2024-06-07T03:39+0000","name":"Biohacking Village","id":45329},"end_timestamp":{"seconds":1660438800,"nanoseconds":0},"android_description":"Over the course of the past two years, our group has finished a number of projects which allow for people to take control of their own health. Automatic external defibrillators can cause someone who is in [certain types of] cardiac arrest to merely wake up, but only if they get it soon enough. However, they cost thousands of dollars. We have an open-source version which can be built for $500 by any mid-level hobbyist, and meets all CE and FDA requirements. Additionally, we have adjoint tools for the AED which increase the save rate, and reduce the likelihood of brain damage. We also have an open-source DIY automated chemical reactor, with which people can manufacture their own drugs. We will be demonstrating the device and releasing complete instructions and programs for it, including one which makes Narcan out of Vicodin. Lastly, we will have a live demonstration, and give public online access to an AI which can discover drug synthesis pathways. Come see all this and more, as we release detailed documentation explaining how to build devices yourself which can save your life.","updated_timestamp":{"seconds":1659748200,"nanoseconds":0},"speakers":[{"content_ids":[48720,49014,49027],"conference_id":65,"event_ids":[48727,49017,49030],"name":"Mixæl S. Laufer","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/MichaelSLaufer"}],"pronouns":null,"media":[],"id":47996},{"content_ids":[49027],"conference_id":65,"event_ids":[49030],"name":"Four Thieves Vinegar Collective","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/4ThievesVinegar"}],"media":[],"id":48443},{"content_ids":[49027],"conference_id":65,"event_ids":[49030],"name":"Zac Shannon","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48838},{"content_ids":[49027],"conference_id":65,"event_ids":[49030],"name":"Abraxas","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48839}],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49030,"tag_ids":[40277,45329,45373,45451],"begin_timestamp":{"seconds":1660433400,"nanoseconds":0},"village_id":5,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48839},{"tag_id":565,"sort_order":1,"person_id":48443},{"tag_id":565,"sort_order":1,"person_id":47996},{"tag_id":565,"sort_order":1,"person_id":48838}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Laughlin I,II,III (Biohacking Village)","hotel":"","short_name":"Laughlin I,II,III (Biohacking Village)","id":45405},"spans_timebands":"N","updated":"2022-08-06T01:10:00.000-0000","begin":"2022-08-13T23:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"A recent trend in high security locks is to add a moving element to the key: this prevents casting, 3D printing and many other forms of unauthorised duplication. Pioneered by the Mul-T-Lock Interactive locks, we see the technique used in recent Mul-T-Lock iterations, the Abloy Protec 2 and most recently, the Medeco M4, which is only rolling out to customers now. \n\nWe have identified a major vulnerability in this technology, and have developed a number of techniques to unlock these locks using a key made from a solid piece of material, which defeats all of the benefits of an interactive key. I’ll demonstrate how it can be applied to Mul-T-Lock Interactive, Mul-T-Lock MT5+ and the Medeco M4, allowing keys to be duplicated by casting, 3D printing and more. I’ll also cover other techniques to defeat moving elements in a key, such as printing a compliant mechanism and printing a captive element directly. With this talk, we’re also releasing a web application for anyone to generate 3D printable files based on this exploit.\nFinally, I’ll also discuss the responsible disclosure process, and working with the lock manufacturers to patch the vulnerability and mitigate the risk.\n\n\n","title":"Defeating Moving Elements in High Security Keys","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"android_description":"A recent trend in high security locks is to add a moving element to the key: this prevents casting, 3D printing and many other forms of unauthorised duplication. Pioneered by the Mul-T-Lock Interactive locks, we see the technique used in recent Mul-T-Lock iterations, the Abloy Protec 2 and most recently, the Medeco M4, which is only rolling out to customers now. \n\nWe have identified a major vulnerability in this technology, and have developed a number of techniques to unlock these locks using a key made from a solid piece of material, which defeats all of the benefits of an interactive key. I’ll demonstrate how it can be applied to Mul-T-Lock Interactive, Mul-T-Lock MT5+ and the Medeco M4, allowing keys to be duplicated by casting, 3D printing and more. I’ll also cover other techniques to defeat moving elements in a key, such as printing a compliant mechanism and printing a captive element directly. With this talk, we’re also releasing a web application for anyone to generate 3D printable files based on this exploit.\nFinally, I’ll also discuss the responsible disclosure process, and working with the lock manufacturers to patch the vulnerability and mitigate the risk.","end_timestamp":{"seconds":1660436100,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48569,49394,49402],"conference_id":65,"event_ids":[48588,49541,49549],"name":"Bill Graydon","affiliations":[{"organization":"","title":"Principal, Physical Security Analytics, GGR Security "}],"links":[{"description":"","title":"GitHub","sort_order":0,"url":"https://github.com/bgraydon"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/access_ctrl"},{"description":"","title":"YouTube","sort_order":0,"url":"https://www.youtube.com/channel/UCzZK3vjJL9rKNPXNoCPFO5g/videos"}],"pronouns":null,"media":[],"id":47862,"title":"Principal, Physical Security Analytics, GGR Security"}],"timeband_id":892,"end":"2022-08-14T00:15:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241834"}],"id":48588,"begin_timestamp":{"seconds":1660433400,"nanoseconds":0},"tag_ids":[45241,45280,45281,45375,45450],"village_id":null,"includes":"Exploit, Tool","people":[{"tag_id":565,"sort_order":1,"person_id":47862}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"begin":"2022-08-13T23:30:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The rise of the machines. \n\nWhenever you are buying online, especially if it’s a limited stock item, you are competing against Bots and lose miserably. Even when you are asleep, there’s a 14% chance that a bot trying to log into one of the 200+ digital accounts you own. \n\nYour mom called to say someone from her bank ask for 4 digit SMS? It was an OTP bot. \n\nMalicious automation is here to stay as it serves tens of thousands of hackers and retail scalpers and drives billions of dollars worth of marketplaces. \n\nDuring my talk, we will deep dive into the most fascinating architecture, business modules, and techniques top-performing of account crackers and retail bots use to maximize their success rate and revenue.\n\n\n","title":"Why did you lose the last PS5 restock to a bot Top-performing app-hackers business modules, architecture, and techniques","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"end_timestamp":{"seconds":1660436100,"nanoseconds":0},"android_description":"The rise of the machines. \n\nWhenever you are buying online, especially if it’s a limited stock item, you are competing against Bots and lose miserably. Even when you are asleep, there’s a 14% chance that a bot trying to log into one of the 200+ digital accounts you own. \n\nYour mom called to say someone from her bank ask for 4 digit SMS? It was an OTP bot. \n\nMalicious automation is here to stay as it serves tens of thousands of hackers and retail scalpers and drives billions of dollars worth of marketplaces. \n\nDuring my talk, we will deep dive into the most fascinating architecture, business modules, and techniques top-performing of account crackers and retail bots use to maximize their success rate and revenue.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48570],"conference_id":65,"event_ids":[48531],"name":"Arik","affiliations":[{"organization":"Human Security Inc","title":"Threat Intelligence Researcher"}],"links":[],"pronouns":null,"media":[],"id":47837,"title":"Threat Intelligence Researcher at Human Security Inc"}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242000"}],"end":"2022-08-14T00:15:00.000-0000","id":48531,"begin_timestamp":{"seconds":1660433400,"nanoseconds":0},"tag_ids":[45241,45375,45450],"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47837}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 106-110, 138-139 (Track 2)","hotel":"","short_name":"106-110, 138-139 (Track 2)","id":45373},"spans_timebands":"N","begin":"2022-08-13T23:30:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Supply chain research is so hot right now! In this talk I plan on talking about how to clone the NPM metadata database, and all of the interesting repercussions of this design decision. Between exposing code from private Github repos, being able to search through all contributors email addresses, cybersquatting maintainers expired domains for account takeovers, and the interactions between .gitignore and .npmignore, there's plenty of interesting things to be covered.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#bab7d9","name":"Recon Village","id":45384},"title":"NPM, “Private” Repos, and You","end_timestamp":{"seconds":1660435200,"nanoseconds":0},"android_description":"Supply chain research is so hot right now! In this talk I plan on talking about how to clone the NPM metadata database, and all of the interesting repercussions of this design decision. Between exposing code from private Github repos, being able to search through all contributors email addresses, cybersquatting maintainers expired domains for account takeovers, and the interactions between .gitignore and .npmignore, there's plenty of interesting things to be covered.","updated_timestamp":{"seconds":1659974880,"nanoseconds":0},"speakers":[{"content_ids":[49061,49731],"conference_id":65,"event_ids":[49064,49921],"name":"Justin Rhinehart","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48485}],"timeband_id":892,"links":[],"end":"2022-08-14T00:00:00.000-0000","id":49921,"begin_timestamp":{"seconds":1660432500,"nanoseconds":0},"tag_ids":[40268,45340,45373,45384,45453],"village_id":26,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48485}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social B and C (Recon Village)","hotel":"","short_name":"Social B and C (Recon Village)","id":45415},"begin":"2022-08-13T23:15:00.000-0000","updated":"2022-08-08T16:08:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"You are savvy enough to have a virtual private network aka VPN. Maybe you did a bit of research and bought one that lets you be “anonymous” and lets you stream your favorite streaming service from anywhere while you travel.\r\n\r\nHow much do you know about or trust your VPN provider? Have you considered that your VPN provider could be doing things you didn’t expect? Let's look at consumer VPNs, free VPNs, even VPNs that pay you!\r\n\r\nAfter analyzing hundreds of VPNs, their service offerings, and their code, you will have a deeper understanding of what actually is happening behind the scenes. Could you be supporting malware? Maybe something worse? This may be a talk you don’t want to hear, but you will come out of it with a better understanding of the world that says it is here to protect you.\n\n\n","title":"Toto, I’ve a feeling we’re not on a VPN anymore","type":{"conference_id":65,"conference":"DEFCON30","color":"#ff88ea","updated_at":"2024-06-07T03:39+0000","name":"Crypto & Privacy Village","id":45347},"android_description":"You are savvy enough to have a virtual private network aka VPN. Maybe you did a bit of research and bought one that lets you be “anonymous” and lets you stream your favorite streaming service from anywhere while you travel.\r\n\r\nHow much do you know about or trust your VPN provider? Have you considered that your VPN provider could be doing things you didn’t expect? Let's look at consumer VPNs, free VPNs, even VPNs that pay you!\r\n\r\nAfter analyzing hundreds of VPNs, their service offerings, and their code, you will have a deeper understanding of what actually is happening behind the scenes. Could you be supporting malware? Maybe something worse? This may be a talk you don’t want to hear, but you will come out of it with a better understanding of the world that says it is here to protect you.","end_timestamp":{"seconds":1660435200,"nanoseconds":0},"updated_timestamp":{"seconds":1659214020,"nanoseconds":0},"speakers":[{"content_ids":[49157],"conference_id":65,"event_ids":[49193],"name":"Jonathan Tomek","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/sakebomb"}],"pronouns":null,"media":[],"id":48623}],"timeband_id":892,"links":[],"end":"2022-08-14T00:00:00.000-0000","id":49193,"begin_timestamp":{"seconds":1660432500,"nanoseconds":0},"village_id":10,"tag_ids":[40253,45347,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48623}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"spans_timebands":"N","updated":"2022-07-30T20:47:00.000-0000","begin":"2022-08-13T23:15:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Misinformation has been around for as long as humans could talk, and it's usually pretty low tech - but what is the role of offensive security in misinformation campaigns? Let's do a technical breakdown of exploits I've done as an appsec red teamer, and how these exploits can fast track misinformation. Topics include: user spoofing tactics (and account takeover), XSS, and site vandalism.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d5f67c","name":"Misinformation Village","id":45335},"title":"Not Feeling Yourself: User Spoofing and Other Disinformation Exploits","android_description":"Misinformation has been around for as long as humans could talk, and it's usually pretty low tech - but what is the role of offensive security in misinformation campaigns? Let's do a technical breakdown of exploits I've done as an appsec red teamer, and how these exploits can fast track misinformation. Topics include: user spoofing tactics (and account takeover), XSS, and site vandalism.","end_timestamp":{"seconds":1660434300,"nanoseconds":0},"updated_timestamp":{"seconds":1660334100,"nanoseconds":0},"speakers":[{"content_ids":[49071],"conference_id":65,"event_ids":[49074],"name":"Burninator","affiliations":[{"organization":"Burninator Sec","title":""}],"links":[],"pronouns":null,"media":[],"id":48480,"title":"Burninator Sec"}],"timeband_id":892,"links":[],"end":"2022-08-13T23:45:00.000-0000","id":49074,"begin_timestamp":{"seconds":1660432500,"nanoseconds":0},"village_id":18,"tag_ids":[40260,45331,45335,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48480}],"tags":"Lightning Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (Misinformation Village)","hotel":"","short_name":"220->236 (Misinformation Village)","id":45402},"begin":"2022-08-13T23:15:00.000-0000","updated":"2022-08-12T19:55:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Evil Maid attack vs the Glitter nail polish tamper evident seal; recommended by many as one of the best defences in detecting tampering. But, what if it isn’t as infallible as we think it is? What if, a real maid could learn and do it without any lengthy specialised training?\r\n\r\nIn this talk, we’ll do a whirlwind tour of the techniques used to bypass tamper evident seals, with things you’d likely have in your home. I’ll wrap up by talking publicly for the first time how the Glitter nail polish seal was bypassed at the OzSecCon 2018 Tamper Evident Challenge\n\n\n","title":"Glitter nail polish vs the Evil Maid, the Story - Spoiler: The maid wins.","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#74a6bb","name":"DEF CON Groups VR","id":45449},"end_timestamp":{"seconds":1660435200,"nanoseconds":0},"android_description":"The Evil Maid attack vs the Glitter nail polish tamper evident seal; recommended by many as one of the best defences in detecting tampering. But, what if it isn’t as infallible as we think it is? What if, a real maid could learn and do it without any lengthy specialised training?\r\n\r\nIn this talk, we’ll do a whirlwind tour of the techniques used to bypass tamper evident seals, with things you’d likely have in your home. I’ll wrap up by talking publicly for the first time how the Glitter nail polish seal was bypassed at the OzSecCon 2018 Tamper Evident Challenge","updated_timestamp":{"seconds":1660257480,"nanoseconds":0},"speakers":[{"content_ids":[49762],"conference_id":65,"event_ids":[49960],"name":"hoodiePony","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/hoodiePony"}],"media":[],"id":49100}],"timeband_id":892,"links":[{"label":"URL","type":"link","url":"https://account.altvr.com/events/2059997537997160822"}],"end":"2022-08-14T00:00:00.000-0000","id":49960,"begin_timestamp":{"seconds":1660431600,"nanoseconds":0},"village_id":null,"tag_ids":[45374,45449],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49100}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - DEF CON Groups VR","hotel":"","short_name":"DEF CON Groups VR","id":45523},"spans_timebands":"N","updated":"2022-08-11T22:38:00.000-0000","begin":"2022-08-13T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Cybersecurity is obviously an important policy priority, but it's not the only area of tech policy getting attention by government. State and federal regulators are also pursuing laws and regulations in other areas, like copyright, privacy, antitrust, and social media regulation - each of which ultimately affects the ability to keep our computing systems and networks secure. Come to this session to learn about some of the policy pushes in these other areas, consider how some of the consequences these regulatory initiatives may bear on cybersecurity, and workshop how those effects might be avoided. (Limited capacity event; open to all conference attendees to participate under Chatham House Rules.)\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ab59db","name":"Policy@DEF CON Content","id":45311},"title":"Right Hand, Meet Left Hand: The Cybersecurity Implications of Non-Cybersecurity Internet Regulation (Community Roundtable)","android_description":"Cybersecurity is obviously an important policy priority, but it's not the only area of tech policy getting attention by government. State and federal regulators are also pursuing laws and regulations in other areas, like copyright, privacy, antitrust, and social media regulation - each of which ultimately affects the ability to keep our computing systems and networks secure. Come to this session to learn about some of the policy pushes in these other areas, consider how some of the consequences these regulatory initiatives may bear on cybersecurity, and workshop how those effects might be avoided. (Limited capacity event; open to all conference attendees to participate under Chatham House Rules.)","end_timestamp":{"seconds":1660435200,"nanoseconds":0},"updated_timestamp":{"seconds":1660108560,"nanoseconds":0},"speakers":[{"content_ids":[49741,49742],"conference_id":65,"event_ids":[49934,49935],"name":"Cathy Gellis","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49081}],"timeband_id":892,"links":[],"end":"2022-08-14T00:00:00.000-0000","id":49935,"begin_timestamp":{"seconds":1660431600,"nanoseconds":0},"tag_ids":[40265,45311,45373,45447,45450],"village_id":23,"includes":"","people":[{"tag_id":45448,"sort_order":1,"person_id":49081}],"tags":"Discussion","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 226-227 - Policy Roundtable","hotel":"","short_name":"226-227 - Policy Roundtable","id":45465},"begin":"2022-08-13T23:00:00.000-0000","updated":"2022-08-10T05:16:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Don’t be scared get your quantum on | Ask Anything, calling all Quantum n00bs\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#aae997","updated_at":"2024-06-07T03:39+0000","name":"Quantum Village","id":45382},"title":"Quantini Time\t","end_timestamp":{"seconds":1660437000,"nanoseconds":0},"android_description":"Don’t be scared get your quantum on | Ask Anything, calling all Quantum n00bs","updated_timestamp":{"seconds":1660427160,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T00:30:00.000-0000","id":49902,"begin_timestamp":{"seconds":1660431600,"nanoseconds":0},"tag_ids":[40266,45341,45373,45382,45450],"village_id":24,"includes":"","people":[],"tags":"Village Event","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 217 (Quantum Village)","hotel":"","short_name":"217 (Quantum Village)","id":45403},"updated":"2022-08-13T21:46:00.000-0000","begin":"2022-08-13T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"2 hours of people doing 5 minute pitches of their custom rigs, what makes it special, unique, build challenges they faced etc.\n\n\n","title":"Open Panel: War Driving Rig Makers Meetup","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8826b","updated_at":"2024-06-07T03:39+0000","name":"Radio Frequency Village","id":45383},"android_description":"2 hours of people doing 5 minute pitches of their custom rigs, what makes it special, unique, build challenges they faced etc.","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1659928740,"nanoseconds":0},"speakers":[{"content_ids":[49664,49671],"conference_id":65,"event_ids":[49852,49859],"name":"D4rkm4tter","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49020},{"content_ids":[49664,49671],"conference_id":65,"event_ids":[49852,49859],"name":"El Kentaro","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/elkentaro"}],"pronouns":null,"media":[],"id":49021},{"content_ids":[49664,49671],"conference_id":65,"event_ids":[49852,49859],"name":"Grim0us","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49022}],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49859,"tag_ids":[40267,45367,45373,45383,45451],"begin_timestamp":{"seconds":1660431600,"nanoseconds":0},"village_id":25,"includes":"","people":[{"tag_id":45289,"sort_order":1,"person_id":49020},{"tag_id":45289,"sort_order":1,"person_id":49021},{"tag_id":45289,"sort_order":1,"person_id":49022}],"tags":"Panel","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Eldorado Ballroom (Radio Frequency Village)","hotel":"","short_name":"Eldorado Ballroom (Radio Frequency Village)","id":45427},"spans_timebands":"N","updated":"2022-08-08T03:19:00.000-0000","begin":"2022-08-13T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"While in Las Vegas for data recovery and E-discovery work for a client, I attended DefCon 2017. By happenstance, I visited the Voting Village, organized by Harri Hurst.\r\n\r\nDozens of machines were on display for DefCon participants to ‘hack’ and find vulnerabilities. As I had my digital forensic toolkit with me, I asked Harri if the Windows CE and Windows XP devices had been professionally imaged and analyzed. Within minutes, I was presented with a pristine Windows CE machine. I imaged the device with BlackBag’s MacQuisition and began triage analysis with BlackBag’s BlackLight system.\r\n\r\nThe system was used for local, state, and national elections, initially purchased by Fairfax County, Virginia and placed into service, October 2002. The machine was last used in November 2014. I met with Harri at DefCon 2018 and performed the same tasks for thirty seven additional voting machines. The systematic lack of security was found on every single device nationwide. The same pattern was repeated at DefCon 2019.\r\n\r\nI will discuss the professional methods we use to image devices at the Voting Village prior to the general public accessing the machines and the two-person finding verification method in use as well as the best practice of multiple tools. (Imaged with write-blocking hardware, analyzed with BlackLight and Autopsy, with a deleted file recovery tool afterwards.) I will discuss the findings we have discovered in the voting village: The operating system had not been updated since purchase. Votes were compiled into cleartext (votes.txt) onto a removable media drive and in some instances, uploaded to a ftp server, unencrypted.\r\n\r\nHundreds of USB drives had been inserted into the machines since deployment. Voters access the machines as ‘administrator’ with all votes being cast on the admin account. Admin and security user names and passwords are found online due to the relevant state sunshine laws. I will present our findings as to what was absent from the machines:\r\n\r\nNo firewall or antivirus programs are present\r\nNo audit trail for USB drives or voting record integrity was found\r\nNo voter information was found\r\nNo evidence of tampering has been found.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#9d9a7e","name":"Voting Village","id":45387},"title":"Digital Forensics and Voting Machines","android_description":"While in Las Vegas for data recovery and E-discovery work for a client, I attended DefCon 2017. By happenstance, I visited the Voting Village, organized by Harri Hurst.\r\n\r\nDozens of machines were on display for DefCon participants to ‘hack’ and find vulnerabilities. As I had my digital forensic toolkit with me, I asked Harri if the Windows CE and Windows XP devices had been professionally imaged and analyzed. Within minutes, I was presented with a pristine Windows CE machine. I imaged the device with BlackBag’s MacQuisition and began triage analysis with BlackBag’s BlackLight system.\r\n\r\nThe system was used for local, state, and national elections, initially purchased by Fairfax County, Virginia and placed into service, October 2002. The machine was last used in November 2014. I met with Harri at DefCon 2018 and performed the same tasks for thirty seven additional voting machines. The systematic lack of security was found on every single device nationwide. The same pattern was repeated at DefCon 2019.\r\n\r\nI will discuss the professional methods we use to image devices at the Voting Village prior to the general public accessing the machines and the two-person finding verification method in use as well as the best practice of multiple tools. (Imaged with write-blocking hardware, analyzed with BlackLight and Autopsy, with a deleted file recovery tool afterwards.) I will discuss the findings we have discovered in the voting village: The operating system had not been updated since purchase. Votes were compiled into cleartext (votes.txt) onto a removable media drive and in some instances, uploaded to a ftp server, unencrypted.\r\n\r\nHundreds of USB drives had been inserted into the machines since deployment. Voters access the machines as ‘administrator’ with all votes being cast on the admin account. Admin and security user names and passwords are found online due to the relevant state sunshine laws. I will present our findings as to what was absent from the machines:\r\n\r\nNo firewall or antivirus programs are present\r\nNo audit trail for USB drives or voting record integrity was found\r\nNo voter information was found\r\nNo evidence of tampering has been found.","end_timestamp":{"seconds":1660433400,"nanoseconds":0},"updated_timestamp":{"seconds":1659912960,"nanoseconds":0},"speakers":[{"content_ids":[49606,49605],"conference_id":65,"event_ids":[49819,49820],"name":"Will Baggett, CCEE, CFE","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/iOSforensic"}],"media":[],"id":48953}],"timeband_id":892,"links":[{"label":"Twitch","type":"link","url":"https://www.twitch.tv/votingvillagedc"},{"label":"YouTube","type":"link","url":"https://m.youtube.com/channel/UCnDevqsxt3sO8chqS5MGvwg"}],"end":"2022-08-13T23:30:00.000-0000","id":49820,"village_id":34,"begin_timestamp":{"seconds":1660431600,"nanoseconds":0},"tag_ids":[40279,45340,45348,45374,45387,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48953}],"tags":"Talk, Pre-Recorded Content","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 313-314, 320 (Voting Village)","hotel":"","short_name":"313-314, 320 (Voting Village)","id":45416},"updated":"2022-08-07T22:56:00.000-0000","begin":"2022-08-13T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"title":"How Most Internal Networks are Compromised: A Set of Common Active Directory Attacks and How to Perform Them from Linux ","end_timestamp":{"seconds":1660435200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659678900,"nanoseconds":0},"speakers":[{"content_ids":[49437],"conference_id":65,"event_ids":[49627,49628,49629,49630],"name":"Scott Brink","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/_sandw1ch"}],"pronouns":null,"media":[],"id":48828}],"timeband_id":892,"links":[],"end":"2022-08-14T00:00:00.000-0000","id":49630,"begin_timestamp":{"seconds":1660431600,"nanoseconds":0},"village_id":27,"tag_ids":[40269,45332,45373,45385,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48828}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"updated":"2022-08-05T05:55:00.000-0000","begin":"2022-08-13T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"title":"Hacking WebApps with WebSploit Labs","end_timestamp":{"seconds":1660435200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659678780,"nanoseconds":0},"speakers":[{"content_ids":[49042,49430,49436,48895],"conference_id":65,"event_ids":[48894,49045,49594,49620,49621,49622,49623,49624,49625,49626],"name":"Omar Santos","affiliations":[{"organization":"Cisco PSIRT","title":"Principal Engineer"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/santosomar"}],"media":[],"id":48470,"title":"Principal Engineer at Cisco PSIRT"}],"timeband_id":892,"links":[],"end":"2022-08-14T00:00:00.000-0000","id":49624,"village_id":27,"begin_timestamp":{"seconds":1660431600,"nanoseconds":0},"tag_ids":[40269,45332,45373,45385,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48470}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"spans_timebands":"N","begin":"2022-08-13T23:00:00.000-0000","updated":"2022-08-05T05:53:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"HackerOps","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ada5dd","name":"Red Team Village","id":45385},"android_description":"","end_timestamp":{"seconds":1660435200,"nanoseconds":0},"updated_timestamp":{"seconds":1659678600,"nanoseconds":0},"speakers":[{"content_ids":[49434],"conference_id":65,"event_ids":[49606,49607,49608,49609,49610,49611,49612,49613,49614,49615,49616],"name":"Ralph May","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48825}],"timeband_id":892,"links":[],"end":"2022-08-14T00:00:00.000-0000","id":49616,"village_id":27,"begin_timestamp":{"seconds":1660431600,"nanoseconds":0},"tag_ids":[40269,45332,45373,45385,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48825}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"spans_timebands":"N","updated":"2022-08-05T05:50:00.000-0000","begin":"2022-08-13T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Cyber Resilience Bootcamp","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"end_timestamp":{"seconds":1660435200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659678480,"nanoseconds":0},"speakers":[{"content_ids":[49433],"conference_id":65,"event_ids":[49599,49600,49601,49602,49603,49604,49605],"name":"Ron Taylor","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Gu5G0rman"}],"media":[],"id":48826}],"timeband_id":892,"links":[],"end":"2022-08-14T00:00:00.000-0000","id":49604,"begin_timestamp":{"seconds":1660431600,"nanoseconds":0},"tag_ids":[40269,45332,45373,45385,45451],"village_id":27,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48826}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"spans_timebands":"N","begin":"2022-08-13T23:00:00.000-0000","updated":"2022-08-05T05:48:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"After 2 years virtual and one in person, we’d like to return to stage for our 4th year where this contest shines best. Hack3r Runw@y brings out all the sheek geeks out there. It encourages rethinking fashion in the eyes of hackers. Be it smartwear, LED additions, obfuscation, cosplay or just everyday wear using fabrics and textures that are familiar to the community. Contestants can enter clothing, shoes, jewelry, hats or accessories. If it can be worn, it is perfect for the runway. For convenience, contestants can enter the contest with designs made ahead of the conference, however it needs to be made by them and not just store bought.\r\n\r\nAwards will be handed out in 4 categories and one trophy for the People’s Choice category where the winner is anyone’s guess:\r\n\r\nDigital wearable - LED, electronic, passive\r\nSmart wear - interactive, temperature sensing, mood changing, card skimmers, etc\r\nAesthetics and More - 3d printed, geeky wear, passive design, obfuscation, cosplay\r\nFunctional wear - did you bling out your mask and/or shield, have a hazmat suit, lock pick earrings, cufflinks shims\r\nWinners will be selected based on, but no limited to:\r\n\r\nUniqueness\r\nTrendy\r\nPractical\r\nCouture\r\nCreativity\r\nRelevance\r\nOriginality\r\nPresentation\r\nMastery\r\n \r\nFriday: 2pm – 4pm\r\n\r\nSaturday: 4pm – 6pm (or 2 hours before the contest stage and then 1 hr on stage)\n\n\n","title":"Hack3r Runw@y  ","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"end_timestamp":{"seconds":1660438800,"nanoseconds":0},"android_description":"After 2 years virtual and one in person, we’d like to return to stage for our 4th year where this contest shines best. Hack3r Runw@y brings out all the sheek geeks out there. It encourages rethinking fashion in the eyes of hackers. Be it smartwear, LED additions, obfuscation, cosplay or just everyday wear using fabrics and textures that are familiar to the community. Contestants can enter clothing, shoes, jewelry, hats or accessories. If it can be worn, it is perfect for the runway. For convenience, contestants can enter the contest with designs made ahead of the conference, however it needs to be made by them and not just store bought.\r\n\r\nAwards will be handed out in 4 categories and one trophy for the People’s Choice category where the winner is anyone’s guess:\r\n\r\nDigital wearable - LED, electronic, passive\r\nSmart wear - interactive, temperature sensing, mood changing, card skimmers, etc\r\nAesthetics and More - 3d printed, geeky wear, passive design, obfuscation, cosplay\r\nFunctional wear - did you bling out your mask and/or shield, have a hazmat suit, lock pick earrings, cufflinks shims\r\nWinners will be selected based on, but no limited to:\r\n\r\nUniqueness\r\nTrendy\r\nPractical\r\nCouture\r\nCreativity\r\nRelevance\r\nOriginality\r\nPresentation\r\nMastery\r\n \r\nFriday: 2pm – 4pm\r\n\r\nSaturday: 4pm – 6pm (or 2 hours before the contest stage and then 1 hr on stage)","updated_timestamp":{"seconds":1659668820,"nanoseconds":0},"speakers":[],"timeband_id":892,"end":"2022-08-14T01:00:00.000-0000","links":[{"label":"Twitter","type":"link","url":"https://twitter.com/Hack3rRunway"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711643691877531698"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/240962"},{"label":"Website 2","type":"link","url":"https://hack3rrunway.github.io/"},{"label":"Website 1","type":"link","url":"https://Hack3rRunway.square.site"}],"id":49585,"village_id":null,"tag_ids":[45360,45373,45450],"begin_timestamp":{"seconds":1660431600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"begin":"2022-08-13T23:00:00.000-0000","updated":"2022-08-05T03:07:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"** Contestants who placed in qualifiers please show up at 4pm for setup. **\r\n\r\n\r\nWhat happens when you take an ACM style programming contest, smash it head long into a drinking game, throw in a mix of our most distracting helpers, then shove the resulting chaos incarnate onto a stage? You get the contest known as Crash and Compile.\r\n\r\nTeams are given programming challenges and have to solve them with code. If your code fails to compile? Take a drink. Segfault? Take a drink. Did your code fail to produce the correct answer when you ran it? Take a drink. We set you against the clock and the other teams. And because our \"\"Team Distraction\"\" think watching people simply code is boring, they have taken it upon themselves to be creative in hindering you from programming, much to the enjoyment of the audience. At the end of the night, one team will have proven their ability, and walk away with the coveted Crash and Compile trophy.\r\n\r\nCrash and Compile is looking for the top programmers to test their skills in our contest. Can you complete our challenges? Can you do so with style that sets your team ahead of the others? To play our game you must first complete our qualifying round. Gather your team and see if you have the coding chops to secure your place as one of the top teams to move on to the main contest.\r\n\r\nQualifications for Crash and Compile will take place Friday from 10am to 3pm on-site and online at https://crashandcompile.org.\r\n\r\nYou may have up to two people per team. (Having two people on a team is highly suggested)\r\n\r\nOf the qualifiers, nine teams will move on to compete head to head on the contest stage.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"title":"Crash and Compile - Contestant Setup","android_description":"** Contestants who placed in qualifiers please show up at 4pm for setup. **\r\n\r\n\r\nWhat happens when you take an ACM style programming contest, smash it head long into a drinking game, throw in a mix of our most distracting helpers, then shove the resulting chaos incarnate onto a stage? You get the contest known as Crash and Compile.\r\n\r\nTeams are given programming challenges and have to solve them with code. If your code fails to compile? Take a drink. Segfault? Take a drink. Did your code fail to produce the correct answer when you ran it? Take a drink. We set you against the clock and the other teams. And because our \"\"Team Distraction\"\" think watching people simply code is boring, they have taken it upon themselves to be creative in hindering you from programming, much to the enjoyment of the audience. At the end of the night, one team will have proven their ability, and walk away with the coveted Crash and Compile trophy.\r\n\r\nCrash and Compile is looking for the top programmers to test their skills in our contest. Can you complete our challenges? Can you do so with style that sets your team ahead of the others? To play our game you must first complete our qualifying round. Gather your team and see if you have the coding chops to secure your place as one of the top teams to move on to the main contest.\r\n\r\nQualifications for Crash and Compile will take place Friday from 10am to 3pm on-site and online at https://crashandcompile.org.\r\n\r\nYou may have up to two people per team. (Having two people on a team is highly suggested)\r\n\r\nOf the qualifiers, nine teams will move on to compete head to head on the contest stage.","end_timestamp":{"seconds":1660435200,"nanoseconds":0},"updated_timestamp":{"seconds":1659666600,"nanoseconds":0},"speakers":[],"timeband_id":892,"end":"2022-08-14T00:00:00.000-0000","links":[{"label":"Website","type":"link","url":"https://crashandcompile.org"}],"id":49571,"begin_timestamp":{"seconds":1660431600,"nanoseconds":0},"village_id":null,"tag_ids":[45360,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"updated":"2022-08-05T02:30:00.000-0000","begin":"2022-08-13T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Maritime transit relies on the set of global navigation satellite systems (GNSS); the position, navigation, and timing (PNT) systems they enable are crucial for traversing narrow straits and littoral waters. GNSS also facilitates the Automatic Identification System (AIS) for situational awareness; AIS tracings also provide the log of a ship’s movement. The Global Positioning System (GPS) and AIS contain a host of vulnerabilities, however, and vessels around the world, from the Black Sea to the Port of Shanghai, have been spoofed. Both AIS and GPS spoofing have escalated in their seriousness in the last five year, to the point where spoofing has become weaponized. These disruptions are provocative; adversary nations can create false AIS tracks to support virulent narratives, countering the interests of U.S. and our allies. Because of grave danger these threats entail, it is essential that policymakers and maritime operators understand the risks, mitigation techniques, and implications of GPS and AIS spoofing.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#81f8bf","name":"ICS Village","id":45369},"title":"The Geopolitical Implications of the Escalation and Weaponization of GPS and AIS Spoofing [[MARITIME]]","end_timestamp":{"seconds":1660435200,"nanoseconds":0},"android_description":"Maritime transit relies on the set of global navigation satellite systems (GNSS); the position, navigation, and timing (PNT) systems they enable are crucial for traversing narrow straits and littoral waters. GNSS also facilitates the Automatic Identification System (AIS) for situational awareness; AIS tracings also provide the log of a ship’s movement. The Global Positioning System (GPS) and AIS contain a host of vulnerabilities, however, and vessels around the world, from the Black Sea to the Port of Shanghai, have been spoofed. Both AIS and GPS spoofing have escalated in their seriousness in the last five year, to the point where spoofing has become weaponized. These disruptions are provocative; adversary nations can create false AIS tracks to support virulent narratives, countering the interests of U.S. and our allies. Because of grave danger these threats entail, it is essential that policymakers and maritime operators understand the risks, mitigation techniques, and implications of GPS and AIS spoofing.","updated_timestamp":{"seconds":1659472740,"nanoseconds":0},"speakers":[{"content_ids":[49334,49346],"conference_id":65,"event_ids":[49434,49446],"name":"Gary Kessler","affiliations":[{"organization":"Fathom5","title":"Principal Consultant"}],"links":[],"pronouns":null,"media":[],"id":48760,"title":"Principal Consultant at Fathom5"},{"content_ids":[49334,49344,49345],"conference_id":65,"event_ids":[49434,49444,49445],"name":"Tyson B. Meadors","affiliations":[{"organization":"US Navy","title":"Cyber Warfare Engineer"}],"links":[],"pronouns":null,"media":[],"id":48772,"title":"Cyber Warfare Engineer at US Navy"},{"content_ids":[49334],"conference_id":65,"event_ids":[49434],"name":"Dr. Diane Maye Zorri","affiliations":[{"organization":"Embry-Riddle Aeronautical University","title":"Associate Professor of Security Studies"}],"links":[],"pronouns":null,"media":[],"id":48778,"title":"Associate Professor of Security Studies at Embry-Riddle Aeronautical University"}],"timeband_id":892,"links":[],"end":"2022-08-14T00:00:00.000-0000","id":49434,"begin_timestamp":{"seconds":1660431600,"nanoseconds":0},"tag_ids":[40258,45367,45369,45375,45450],"village_id":15,"includes":"","people":[{"tag_id":45290,"sort_order":1,"person_id":48778},{"tag_id":45290,"sort_order":1,"person_id":48760},{"tag_id":45290,"sort_order":1,"person_id":48772}],"tags":"Panel","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village)","hotel":"","short_name":"314 - 319 (ICS Village)","id":45430},"spans_timebands":"N","begin":"2022-08-13T23:00:00.000-0000","updated":"2022-08-02T20:39:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#c497fa","name":"Girls Hack Village","id":45361},"title":"S.O.S How Sharing Our Stories Will Save Cybersecurity","android_description":"","end_timestamp":{"seconds":1660433400,"nanoseconds":0},"updated_timestamp":{"seconds":1659465840,"nanoseconds":0},"speakers":[{"content_ids":[49298,49309,49311],"conference_id":65,"event_ids":[49397,49409,49411],"name":"Rebekah Skeete","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/rebekah-skeete-01270192/"}],"pronouns":null,"media":[],"id":48733}],"timeband_id":892,"links":[],"end":"2022-08-13T23:30:00.000-0000","id":49411,"village_id":12,"begin_timestamp":{"seconds":1660431600,"nanoseconds":0},"tag_ids":[40255,45340,45361,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48733}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City III (Girls Hack Village)","hotel":"","short_name":"Virginia City III (Girls Hack Village)","id":45400},"spans_timebands":"N","updated":"2022-08-02T18:44:00.000-0000","begin":"2022-08-13T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.\n\n\n","title":"Intro to Lockpicking","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#856899","name":"Lock Pick Village","id":45362},"android_description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.","end_timestamp":{"seconds":1660433400,"nanoseconds":0},"updated_timestamp":{"seconds":1659419820,"nanoseconds":0},"speakers":[{"content_ids":[49271],"conference_id":65,"event_ids":[49344,49345,49346,49347,49348,49349,49350,49351],"name":"TOOOL","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48697}],"timeband_id":892,"links":[],"end":"2022-08-13T23:30:00.000-0000","id":49351,"begin_timestamp":{"seconds":1660431600,"nanoseconds":0},"village_id":17,"tag_ids":[40259,45340,45362,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48697}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 203-204, 235 (Lock Pick Village)","hotel":"","short_name":"203-204, 235 (Lock Pick Village)","id":45399},"updated":"2022-08-02T05:57:00.000-0000","begin":"2022-08-13T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Erin Miller, the Executive Director of Space ISAC, will lead a panel discussing the trends, data, intelligence, and threats that are affecting space systems and the satellite community.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#f5eab2","name":"Aerospace Village","id":45357},"title":"Space ISAC: Protecting Our Space Assets","end_timestamp":{"seconds":1660434600,"nanoseconds":0},"android_description":"Erin Miller, the Executive Director of Space ISAC, will lead a panel discussing the trends, data, intelligence, and threats that are affecting space systems and the satellite community.","updated_timestamp":{"seconds":1659379440,"nanoseconds":0},"speakers":[{"content_ids":[49240],"conference_id":65,"event_ids":[49283],"name":"Erin Miller","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48676}],"timeband_id":892,"links":[],"end":"2022-08-13T23:50:00.000-0000","id":49283,"tag_ids":[40247,45340,45357,45450],"begin_timestamp":{"seconds":1660431600,"nanoseconds":0},"village_id":2,"includes":"","people":[{"tag_id":45289,"sort_order":1,"person_id":48676}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","updated":"2022-08-01T18:44:00.000-0000","begin":"2022-08-13T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#8dc784","name":"BIC Village","id":45353},"title":"Neurodiversity in Cybersecurity: Find Your Competitive Advantage!","android_description":"","end_timestamp":{"seconds":1660433400,"nanoseconds":0},"updated_timestamp":{"seconds":1659305340,"nanoseconds":0},"speakers":[{"content_ids":[49204],"conference_id":65,"event_ids":[49245],"name":"Kassandra Pierre","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48657},{"content_ids":[49204],"conference_id":65,"event_ids":[49245],"name":"Nathan Chung","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48659}],"timeband_id":892,"links":[],"end":"2022-08-13T23:30:00.000-0000","id":49245,"tag_ids":[40249,45348,45353,45374],"begin_timestamp":{"seconds":1660431600,"nanoseconds":0},"village_id":6,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48657},{"tag_id":565,"sort_order":1,"person_id":48659}],"tags":"Pre-Recorded Content","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - BIC Village","hotel":"","short_name":"BIC Village","id":45488},"begin":"2022-08-13T23:00:00.000-0000","updated":"2022-07-31T22:09:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Prizes to be given out for these different events. For more information see - https://dchhv.org\n\n\n","title":"Prizes announced for HHV Rube Goldberg Machine, Make Your Own Use Contest, and Bring the Other Half","type":{"conference_id":65,"conference":"DEFCON30","color":"#dc99bf","updated_at":"2024-06-07T03:39+0000","name":"Hardware Hacking Village","id":45338},"android_description":"Prizes to be given out for these different events. For more information see - https://dchhv.org","end_timestamp":{"seconds":1660433400,"nanoseconds":0},"updated_timestamp":{"seconds":1659142380,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[{"label":"dchhv.org","type":"link","url":"https://dchhv.org"}],"end":"2022-08-13T23:30:00.000-0000","id":49136,"tag_ids":[40257,45338,45341,45373,45451],"village_id":14,"begin_timestamp":{"seconds":1660431600,"nanoseconds":0},"includes":"","people":[],"tags":"Village Event","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45440,"name":"Flamingo - Exec Conf Ctr - Red Rock VI, VII, VII (Hardware Hacking Village)","hotel":"","short_name":"Red Rock VI, VII, VII (Hardware Hacking Village)","id":45422},"begin":"2022-08-13T23:00:00.000-0000","updated":"2022-07-30T00:53:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Learn how the dadabots make their music and enjoy a performance after the tutorial.\n\n\n","title":"AI Music Tutorial and Show","type":{"conference_id":65,"conference":"DEFCON30","color":"#7692ac","updated_at":"2024-06-07T03:39+0000","name":"AI Village","id":45330},"end_timestamp":{"seconds":1660437000,"nanoseconds":0},"android_description":"Learn how the dadabots make their music and enjoy a performance after the tutorial.","updated_timestamp":{"seconds":1659293040,"nanoseconds":0},"speakers":[{"content_ids":[49044],"conference_id":65,"event_ids":[49047],"name":"dadabots","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48461}],"timeband_id":892,"links":[],"end":"2022-08-14T00:30:00.000-0000","id":49047,"begin_timestamp":{"seconds":1660431600,"nanoseconds":0},"village_id":3,"tag_ids":[40248,45330,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48461}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (AI Village)","hotel":"","short_name":"220->236 (AI Village)","id":45410},"begin":"2022-08-13T23:00:00.000-0000","updated":"2022-07-31T18:44:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Cyber-biosecurity is neither a biology-only nor a cyber-only challenge. As biotechnology continues to develop and the way that science is practiced evolves, so too does the nature of crime. In this talk, I will present a framework for mapping biotechnology crime and misuse opportunities with the aim to inform, influence and underpin evidence-based policymaking in the UK and abroad and, where relevant, to change organisational culture and practices, to improve national security.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#a67a60","updated_at":"2024-06-07T03:39+0000","name":"Biohacking Village","id":45329},"title":"Call for Evidence: Informing the Biological Security Strategy","android_description":"Cyber-biosecurity is neither a biology-only nor a cyber-only challenge. As biotechnology continues to develop and the way that science is practiced evolves, so too does the nature of crime. In this talk, I will present a framework for mapping biotechnology crime and misuse opportunities with the aim to inform, influence and underpin evidence-based policymaking in the UK and abroad and, where relevant, to change organisational culture and practices, to improve national security.","end_timestamp":{"seconds":1660433400,"nanoseconds":0},"updated_timestamp":{"seconds":1659108660,"nanoseconds":0},"speakers":[{"content_ids":[49026],"conference_id":65,"event_ids":[49029],"name":"Mariam Elgabry","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/MariamElgabry11"}],"pronouns":null,"media":[],"id":48452}],"timeband_id":892,"links":[],"end":"2022-08-13T23:30:00.000-0000","id":49029,"begin_timestamp":{"seconds":1660431600,"nanoseconds":0},"village_id":5,"tag_ids":[40277,45329,45373,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48452}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Laughlin I,II,III (Biohacking Village)","hotel":"","short_name":"Laughlin I,II,III (Biohacking Village)","id":45405},"begin":"2022-08-13T23:00:00.000-0000","updated":"2022-07-29T15:31:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Security Operations Center: is it really more than a place to go where dreams die? So many analysts feel that the soul-sucking march of awful false positive alerts will never end; there’s no way to improve and they’re in a dead end job. How can you turn your nightmare into something more bearable? Come join our panelists, four security analysts turned leaders, as they get grilled by our moderator in answering this question and more. By the end of this talk, you will gain a series of tips and tricks to take back to your SOC whether it’s new or old, big or small, chaotic or calm. You will learn how to get the most from your individual experience, lift up your team around you, or at least recognize when it’s time to run like mad.\n\n\nThe Security Operations Center: is it really more than a place to go where dreams die? So many analysts feel that there’s no way to improve and they’re in a dead end job. How can you turn your nightmare into something more bearable? By the end of this panel, you will gain a series of tips and tricks to take back to your SOC, you will learn how to get the most from your individual experience, lift up your team around you, or at least recognize when it’s time to run like mad.","type":{"conference_id":65,"conference":"DEFCON30","color":"#97ab92","updated_at":"2024-06-07T03:39+0000","name":"Blue Team Village","id":45376},"title":"Making Your SOC Suck Less","android_description":"The Security Operations Center: is it really more than a place to go where dreams die? So many analysts feel that the soul-sucking march of awful false positive alerts will never end; there’s no way to improve and they’re in a dead end job. How can you turn your nightmare into something more bearable? Come join our panelists, four security analysts turned leaders, as they get grilled by our moderator in answering this question and more. By the end of this talk, you will gain a series of tips and tricks to take back to your SOC whether it’s new or old, big or small, chaotic or calm. You will learn how to get the most from your individual experience, lift up your team around you, or at least recognize when it’s time to run like mad.\n\n\nThe Security Operations Center: is it really more than a place to go where dreams die? So many analysts feel that there’s no way to improve and they’re in a dead end job. How can you turn your nightmare into something more bearable? By the end of this panel, you will gain a series of tips and tricks to take back to your SOC, you will learn how to get the most from your individual experience, lift up your team around you, or at least recognize when it’s time to run like mad.","end_timestamp":{"seconds":1660435200,"nanoseconds":0},"updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48908],"conference_id":65,"event_ids":[48910],"name":"Sebastian Stein","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48327},{"content_ids":[48908],"conference_id":65,"event_ids":[48910],"name":"Shawn Thomas","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48329},{"content_ids":[48908],"conference_id":65,"event_ids":[48910],"name":"Carson Zimmerman","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48339},{"content_ids":[48908],"conference_id":65,"event_ids":[48910],"name":"Jackie Bow","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48354},{"content_ids":[48908],"conference_id":65,"event_ids":[48910],"name":"Alissa Torres","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48362}],"timeband_id":892,"links":[],"end":"2022-08-14T00:00:00.000-0000","id":48910,"begin_timestamp":{"seconds":1660431600,"nanoseconds":0},"tag_ids":[40250,45332,45373,45376,45451],"village_id":7,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48362},{"tag_id":565,"sort_order":1,"person_id":48339},{"tag_id":565,"sort_order":1,"person_id":48354},{"tag_id":565,"sort_order":1,"person_id":48327},{"tag_id":565,"sort_order":1,"person_id":48329}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Main Stage (In-person)","hotel":"","short_name":"BTV Main Stage (In-person)","id":45470},"spans_timebands":"N","updated":"2022-07-28T21:38:00.000-0000","begin":"2022-08-13T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Ransomware attacks continue to abound and various governments around the world are very active on combatting this issue. This session would bring some of them together to discuss what's being done and where it needs to go. It's been a little over a year since the Colonial Pipeline, HSE, and JBS attacks put ransomware firmly on the agenda as a threat to national security and economic stability. Since then, we've seen ransomware attacks become more openly politicized. We're also seen the White House and G7 both host international government forums to identify collaborative actions to tackle the threat. We've also seen new sanctions, public/private initiatives, bounties for criminals, and various other government actions introduced to make life for cybercriminals harder. This session brings together multiple govs to talk about what's being done, what results have been seen, and where we're headed next. They will start off covering these points and then open to the audience for questions and open discussion on next steps and impacts. \n\n\n\n","title":"International Government Action Against Ransomware","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ab59db","name":"Policy@DEF CON Content","id":45311},"android_description":"Ransomware attacks continue to abound and various governments around the world are very active on combatting this issue. This session would bring some of them together to discuss what's being done and where it needs to go. It's been a little over a year since the Colonial Pipeline, HSE, and JBS attacks put ransomware firmly on the agenda as a threat to national security and economic stability. Since then, we've seen ransomware attacks become more openly politicized. We're also seen the White House and G7 both host international government forums to identify collaborative actions to tackle the threat. We've also seen new sanctions, public/private initiatives, bounties for criminals, and various other government actions introduced to make life for cybercriminals harder. This session brings together multiple govs to talk about what's being done, what results have been seen, and where we're headed next. They will start off covering these points and then open to the audience for questions and open discussion on next steps and impacts.","end_timestamp":{"seconds":1660437900,"nanoseconds":0},"updated_timestamp":{"seconds":1658982480,"nanoseconds":0},"speakers":[{"content_ids":[48876,48889],"conference_id":65,"event_ids":[48887,48896],"name":"Jen Ellis","affiliations":[{"organization":"Rapid7","title":"Vice President of Community and Public Affairs"}],"links":[],"pronouns":null,"media":[],"id":48289,"title":"Vice President of Community and Public Affairs at Rapid7"},{"content_ids":[48889,48876],"conference_id":65,"event_ids":[48887,48896],"name":"Irfan Hemani","affiliations":[{"organization":"","title":"Deputy Director - Cyber Security, Cyber Security and Digital Identity Directorate, UK Department for Digital, Culture, Media and Sport"}],"links":[],"pronouns":null,"media":[],"id":48290,"title":"Deputy Director - Cyber Security, Cyber Security and Digital Identity Directorate, UK Department for Digital, Culture, Media and Sport"},{"content_ids":[48889,48876],"conference_id":65,"event_ids":[48887,48896],"name":"Adam Dobell","affiliations":[{"organization":"","title":"First Secretary, Department of Home Affairs, Embassy of Australia"}],"links":[],"pronouns":null,"media":[],"id":48291,"title":"First Secretary, Department of Home Affairs, Embassy of Australia"}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242804"}],"end":"2022-08-14T00:45:00.000-0000","id":48887,"begin_timestamp":{"seconds":1660431600,"nanoseconds":0},"village_id":23,"tag_ids":[40265,45311,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48291},{"tag_id":565,"sort_order":1,"person_id":48290},{"tag_id":565,"sort_order":1,"person_id":48289}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 224-225 - Policy Collaboratorium","hotel":"","short_name":"224-225 - Policy Collaboratorium","id":45464},"begin":"2022-08-13T23:00:00.000-0000","updated":"2022-07-28T04:28:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"After losing hundreds of pounds playing dance dance revolution (seriously, over 300 pounds down!), it was discovered that this game had suicide DRM - when the hard drive dies, it's game over; You could not get it repaired! Two friends set out on a journey to tear the game apart and find a way to keep dancing after the components have sunset. This is the story of how this game (and others that used the same protection scheme) was saved without fully needing to break their entire DRM scheme!\r\n\r\nThis talk will go over the hardware and software combination approach we used to combat a notorious DRM scheme and preserve a series of arcade games. The protection is employed in commercial and consumer environments and this trick has been used to preserve not only these, but many other digital games from extinction.\n\n\n","title":"Dancing Around DRM","type":{"conference_id":65,"conference":"DEFCON30","color":"#a8c24b","updated_at":"2024-06-07T03:39+0000","name":"Skytalk","id":45291},"end_timestamp":{"seconds":1660434600,"nanoseconds":0},"android_description":"After losing hundreds of pounds playing dance dance revolution (seriously, over 300 pounds down!), it was discovered that this game had suicide DRM - when the hard drive dies, it's game over; You could not get it repaired! Two friends set out on a journey to tear the game apart and find a way to keep dancing after the components have sunset. This is the story of how this game (and others that used the same protection scheme) was saved without fully needing to break their entire DRM scheme!\r\n\r\nThis talk will go over the hardware and software combination approach we used to combat a notorious DRM scheme and preserve a series of arcade games. The protection is employed in commercial and consumer environments and this trick has been used to preserve not only these, but many other digital games from extinction.","updated_timestamp":{"seconds":1658865480,"nanoseconds":0},"speakers":[{"content_ids":[48715],"conference_id":65,"event_ids":[48722],"name":"ギンジー🐾ターラノー ","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/lobstar85"}],"pronouns":null,"media":[],"id":47993},{"content_ids":[48715],"conference_id":65,"event_ids":[48722],"name":"Game Tech Chris","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/gtc"}],"pronouns":null,"media":[],"id":48005}],"timeband_id":892,"links":[],"end":"2022-08-13T23:50:00.000-0000","id":48722,"begin_timestamp":{"seconds":1660431600,"nanoseconds":0},"tag_ids":[40272,45291,45340,45373,45453],"village_id":30,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48005},{"tag_id":565,"sort_order":1,"person_id":47993}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45438,"name":"LINQ - BLOQ (SkyTalks 303)","hotel":"","short_name":"BLOQ (SkyTalks 303)","id":45413},"spans_timebands":"N","updated":"2022-07-26T19:58:00.000-0000","begin":"2022-08-13T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The lgbtqia+ community in InfoSec is throwing a party to bring our folk together and have a good time. Meet others like you or hang out with those you’ve met over the years. This is a safe and inclusive space meant to make you feel comfortable and help you socialize with others like you.\n\n\n","title":"Queercon Mixer","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d1c366","name":"Meetup","id":45288},"end_timestamp":{"seconds":1660438800,"nanoseconds":0},"android_description":"The lgbtqia+ community in InfoSec is throwing a party to bring our folk together and have a good time. Meet others like you or hang out with those you’ve met over the years. This is a safe and inclusive space meant to make you feel comfortable and help you socialize with others like you.","updated_timestamp":{"seconds":1658810760,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":48692,"village_id":null,"tag_ids":[45288,45373,45450],"begin_timestamp":{"seconds":1660431600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 120-123, 129, 137 (Chillout)","hotel":"","short_name":"120-123, 129, 137 (Chillout)","id":45397},"updated":"2022-07-26T04:46:00.000-0000","begin":"2022-08-13T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Why focus on heavily guarded crown jewels when you can dominate an organization through its shadow IT?\r\n\r\nLow-Code applications have become a reality in the enterprise, with surveys showing that most enterprise apps are now built outside of IT, with lacking security practices. Unsurprisingly, attackers have figured out ways to leverage these platforms for their gain.\r\n\r\nIn this talk, we demonstrate a host of attack techniques found in the wild, where enterprise No-Code platforms are leveraged and abused for every step in the cyber killchain. You will learn how attackers perform an account takeover by making the user simply click a link, move laterally and escalate privileges with zero network traffic, leave behind an untraceable backdoor, and automate data exfiltration, to name a few capabilities. All capabilities will be demonstrated with POCs, and their source code will be shared.\r\n\r\nFinally, we will introduce an open-source recon tool that identifies opportunities for lateral movement and privilege escalation through low-code platforms.\n\n\n","title":"Low Code High Risk: Enterprise Domination via Low Code Abuse","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"end_timestamp":{"seconds":1660434300,"nanoseconds":0},"android_description":"Why focus on heavily guarded crown jewels when you can dominate an organization through its shadow IT?\r\n\r\nLow-Code applications have become a reality in the enterprise, with surveys showing that most enterprise apps are now built outside of IT, with lacking security practices. Unsurprisingly, attackers have figured out ways to leverage these platforms for their gain.\r\n\r\nIn this talk, we demonstrate a host of attack techniques found in the wild, where enterprise No-Code platforms are leveraged and abused for every step in the cyber killchain. You will learn how attackers perform an account takeover by making the user simply click a link, move laterally and escalate privileges with zero network traffic, leave behind an untraceable backdoor, and automate data exfiltration, to name a few capabilities. All capabilities will be demonstrated with POCs, and their source code will be shared.\r\n\r\nFinally, we will introduce an open-source recon tool that identifies opportunities for lateral movement and privilege escalation through low-code platforms.","updated_timestamp":{"seconds":1660105800,"nanoseconds":0},"speakers":[{"content_ids":[48544,48567],"conference_id":65,"event_ids":[48565,48560],"name":"Michael Bargury","affiliations":[{"organization":"","title":"Co-Founder and CTO, Zenity.io"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/mbrg0"}],"pronouns":null,"media":[],"id":47865,"title":"Co-Founder and CTO, Zenity.io"}],"timeband_id":892,"end":"2022-08-13T23:45:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242003"}],"id":48565,"tag_ids":[45241,45279,45280,45281,45375,45450],"begin_timestamp":{"seconds":1660431600,"nanoseconds":0},"village_id":null,"includes":"Exploit, Demo, Tool","people":[{"tag_id":565,"sort_order":1,"person_id":47865}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 401-410, 421 (Track 3)","hotel":"","short_name":"401-410, 421 (Track 3)","id":45374},"begin":"2022-08-13T23:00:00.000-0000","updated":"2022-08-10T04:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Ben Gardiner, Chris Poore and other security researchers have been analyzing signals and performing research against trailers and Power Line Communication for multiple years. This year the team was able to disclose two vulnerabilities focused on the ability to remotely inject RF messages onto the powerline and in turn send un-authenticated messages to the brake controller over the link. The team will discuss the details of PLC4TRUCKS, identify what led to this research and the discovery of the vulnerabilities, and then highlight the details of the SDR and software used to perform the attack. The talk will conclude with the demonstration of a remotely induced brake controller solenoid test using an FL2K and the release of the GNU radio block used to perform the test to the community to promote further research in the area.\n\n\n","title":"Trailer Shouting: Talking PLC4TRUCKS Remotely with an SDR","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"android_description":"Ben Gardiner, Chris Poore and other security researchers have been analyzing signals and performing research against trailers and Power Line Communication for multiple years. This year the team was able to disclose two vulnerabilities focused on the ability to remotely inject RF messages onto the powerline and in turn send un-authenticated messages to the brake controller over the link. The team will discuss the details of PLC4TRUCKS, identify what led to this research and the discovery of the vulnerabilities, and then highlight the details of the SDR and software used to perform the attack. The talk will conclude with the demonstration of a remotely induced brake controller solenoid test using an FL2K and the release of the GNU radio block used to perform the test to the community to promote further research in the area.","end_timestamp":{"seconds":1660434300,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48568],"conference_id":65,"event_ids":[48511],"name":"Ben Gardiner","affiliations":[{"organization":"","title":"Senior Cybersecurity Research Engineer, National Motor Freight Traffic Association Inc.,"}],"links":[],"pronouns":null,"media":[],"id":47879,"title":"Senior Cybersecurity Research Engineer, National Motor Freight Traffic Association Inc.,"},{"content_ids":[48568],"conference_id":65,"event_ids":[48511],"name":"Chris Poore","affiliations":[{"organization":"","title":"Senior Reverse Engineer, Assured Information Security"}],"links":[],"pronouns":null,"media":[],"id":47918,"title":"Senior Reverse Engineer, Assured Information Security"}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241816"}],"end":"2022-08-13T23:45:00.000-0000","id":48511,"begin_timestamp":{"seconds":1660431600,"nanoseconds":0},"tag_ids":[45241,45279,45280,45281,45375,45450],"village_id":null,"includes":"Tool, Exploit, Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47879},{"tag_id":565,"sort_order":1,"person_id":47918}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 104-105, 135-136 (Track 1)","hotel":"","short_name":"104-105, 135-136 (Track 1)","id":45372},"begin":"2022-08-13T23:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Growing up, most of our parents told us, “There are no such thing as monsters.” The problem is, our parents likely knew nothing of the dark web, where the beings of nightmares live, breathe, and lurk. While we can’t be Van Helsing, slaying creatures of the shadows, we can target, hunt, and learn from them, digitally. This OSINT for good talk will examine child predator tracking and identification through open, deep, and dark web channels, as well as, leveraging linguistics analysis and chat forum engagement to locate vulnerabilities in OPSEC measures. Not even the stealthiest of targets can hide in the darkness for long, when their pursuers are armed with predator-specific investigative skills, a roadmap of their weaknesses and, of course, a white hat. \n\n\n","title":" A Light in Darkness: Child Predator Hunting through OSINT, Dark Web Sleuthing & Linguistic Analysis","type":{"conference_id":65,"conference":"DEFCON30","color":"#bab7d9","updated_at":"2024-06-07T03:39+0000","name":"Recon Village","id":45384},"android_description":"Growing up, most of our parents told us, “There are no such thing as monsters.” The problem is, our parents likely knew nothing of the dark web, where the beings of nightmares live, breathe, and lurk. While we can’t be Van Helsing, slaying creatures of the shadows, we can target, hunt, and learn from them, digitally. This OSINT for good talk will examine child predator tracking and identification through open, deep, and dark web channels, as well as, leveraging linguistics analysis and chat forum engagement to locate vulnerabilities in OPSEC measures. Not even the stealthiest of targets can hide in the darkness for long, when their pursuers are armed with predator-specific investigative skills, a roadmap of their weaknesses and, of course, a white hat.","end_timestamp":{"seconds":1660432500,"nanoseconds":0},"updated_timestamp":{"seconds":1659974820,"nanoseconds":0},"speakers":[{"content_ids":[49730],"conference_id":65,"event_ids":[49920],"name":"Jessica Smith","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/scarlettsleuth"}],"media":[],"id":49063}],"timeband_id":892,"links":[],"end":"2022-08-13T23:15:00.000-0000","id":49920,"village_id":26,"begin_timestamp":{"seconds":1660431000,"nanoseconds":0},"tag_ids":[40268,45331,45373,45384,45453],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49063}],"tags":"Lightning Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social B and C (Recon Village)","hotel":"","short_name":"Social B and C (Recon Village)","id":45415},"begin":"2022-08-13T22:50:00.000-0000","updated":"2022-08-08T16:07:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d5f67c","name":"Misinformation Village","id":45335},"title":"Ad it up: To minimize mis- and dis-information, we must reshape the ad tech business, not regulate speech","android_description":"","end_timestamp":{"seconds":1660432500,"nanoseconds":0},"updated_timestamp":{"seconds":1659128280,"nanoseconds":0},"speakers":[{"content_ids":[49070],"conference_id":65,"event_ids":[49073],"name":"Jessica Dheere","affiliations":[{"organization":"Ranking Digital Rights","title":""}],"links":[],"pronouns":null,"media":[],"id":48484,"title":"Ranking Digital Rights"}],"timeband_id":892,"links":[],"end":"2022-08-13T23:15:00.000-0000","id":49073,"village_id":18,"begin_timestamp":{"seconds":1660430700,"nanoseconds":0},"tag_ids":[40260,45333,45335,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48484}],"tags":"Guest Speaker","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (Misinformation Village)","hotel":"","short_name":"220->236 (Misinformation Village)","id":45402},"begin":"2022-08-13T22:45:00.000-0000","updated":"2022-07-29T20:58:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Trace Labs Search Party CTF is a non theoretical, gamified effort that allows for the crowdsourcing of contestants to perform a single task: Conduct open source intelligence operations to help find missing persons\r\n \r\nYou can have teams of 1-4 people, 4 person teams provide many benefits which include the coaching of more junior members. Often a great learning opportunity if you are able to pair up with OSINT veterans. Get your team together and join us in our Discord group to get started here: https://tracelabs.org/discord\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"title":"Trace Labs OSINT Search Party CTF - Announce CTF Grand Prize Winners","end_timestamp":{"seconds":1660429800,"nanoseconds":0},"android_description":"The Trace Labs Search Party CTF is a non theoretical, gamified effort that allows for the crowdsourcing of contestants to perform a single task: Conduct open source intelligence operations to help find missing persons\r\n \r\nYou can have teams of 1-4 people, 4 person teams provide many benefits which include the coaching of more junior members. Often a great learning opportunity if you are able to pair up with OSINT veterans. Get your team together and join us in our Discord group to get started here: https://tracelabs.org/discord","updated_timestamp":{"seconds":1659989340,"nanoseconds":0},"speakers":[],"timeband_id":892,"end":"2022-08-13T22:30:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/240969"},{"label":"Website","type":"link","url":"https://www.tracelabs.org/blog/dc-ctf"},{"label":"Twitter","type":"link","url":"https://twitter.com/tracelabs"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/864188734291705856"},{"label":"Discord","type":"link","url":"https://tracelabs.org/discord"}],"id":49924,"begin_timestamp":{"seconds":1660429800,"nanoseconds":0},"tag_ids":[45360,45375,45450],"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"updated":"2022-08-08T20:09:00.000-0000","begin":"2022-08-13T22:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Some 802.11n radios being used in Uncrewed Aerial Systems (UAS) are transmitting with non-standard channel widths below 20MHz to increase the communication range of the UAS. These narrow channel widths can be accessed in certain Atheros chipsets. Wifi communications using these narrow channel widths are more difficult to detect and evaluate. We discuss our our approach and the tools developed to detect, access, and assess this non-standard 802.11n transmission. No drones will be harmed during the presentation.\n\n\n","title":"Exploiting 802.11n Narrow Channel Bandwidth Implementation in UAV","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8826b","updated_at":"2024-06-07T03:39+0000","name":"Radio Frequency Village","id":45383},"end_timestamp":{"seconds":1660431600,"nanoseconds":0},"android_description":"Some 802.11n radios being used in Uncrewed Aerial Systems (UAS) are transmitting with non-standard channel widths below 20MHz to increase the communication range of the UAS. These narrow channel widths can be accessed in certain Atheros chipsets. Wifi communications using these narrow channel widths are more difficult to detect and evaluate. We discuss our our approach and the tools developed to detect, access, and assess this non-standard 802.11n transmission. No drones will be harmed during the presentation.","updated_timestamp":{"seconds":1659928680,"nanoseconds":0},"speakers":[{"content_ids":[49243,49670],"conference_id":65,"event_ids":[49286,49858],"name":"Ronald Broberg","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/noiq15"}],"pronouns":null,"media":[],"id":48684}],"timeband_id":892,"links":[],"end":"2022-08-13T23:00:00.000-0000","id":49858,"tag_ids":[40267,45340,45373,45383,45451],"begin_timestamp":{"seconds":1660429800,"nanoseconds":0},"village_id":25,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48684}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Eldorado Ballroom (Radio Frequency Village)","hotel":"","short_name":"Eldorado Ballroom (Radio Frequency Village)","id":45427},"spans_timebands":"N","begin":"2022-08-13T22:30:00.000-0000","updated":"2022-08-08T03:18:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Blockchain is a technology that is rapidly gaining widespread adoption; however, security standards, frameworks, or methodologies that incorporate the OWASP principles are not widely available. Frameworks such as OWASP as it relates to Blockchain Application Security (BAS) can ensure accountability, fair participation, and security within the network.\r\n\r\nDEFI stands for Decentralized Finance and is an alternate financial universe with a steadily growing catalog of applications that runs autonomously, where users can deposit digital assets and earn returns, borrow, and loan money — still in its infancy. There is an opportunity to increase the quality of life and economic health across the board as currently, the total all-time high exceeds $2t with about $3b lost or stolen through hacks.\r\n\r\nWhat are some components within a blockchain?\r\n\r\nBlockchain networks are primarily managed through a peer-to-peer network for use as a publicly distributed ledger. Some components of the blockchain include transaction blocks of data representing each transaction found. The wallet stores your funds and allows a way to buy, sell, swap, and earn cryptocurrencies. Smart Contracts are computer code that automatically executes all or parts of an agreement. Public Key Cryptography, or asymmetric cryptography, is an encryption method that employs two mathematically related numbers.\r\n\r\nHow does the blockchain work?\r\n\r\nBob wants to send money to Susan. Bob’s transaction gets represented within the block. The block gets broadcasted to every party in the network. The transactions gets confirmed and approved. The block gets appended to the ledger, and Susan receives her funds.\r\n\r\n\r\nThe OWASP Top Ten List is an industry-recognized tool for identifying vulnerabilities in application security. Blockchain Application security has some areas of opportunity for correlating OWASP to the blockchain to help discover potential vulnerabilities in blockchain systems.\r\n\r\n\r\nHere is a list of OWASP's top ten vulnerabilities as it relates to blockchain applications:\r\n\r\n\r\nA01:2021 – Broken Access Control\r\n\r\nSecure implementation of authentication is critical to the DEFI ecosystem. The wide use of browser wallet transaction authorization means that a large attack surface exists.\r\n\r\nExamples:\r\n\r\nMetamask wallet: Signing a transaction to an insecure wallet such as fake projects posing as trusted brands with the average end-users being unable to analyze a smart contract.\r\n\r\nContract Function calls allowing the owner to sign a transaction and allowing bad actors to claim ownership of the digital assets but didn’t check.\r\nSolution:\r\n\r\nWallet Access Policy and Implementation\r\n\r\nReading the contract before signing \r\n\r\nResearching the credibility of the project\r\n\r\n\r\n \r\nA02:2021-CRYPTOGRAPHIC FAILURES\r\n\r\nCryptographic algorithms within Blockchain Applications can guarantee a high level of privacy for the users. On the other hand, failures in cryptography can be traced to poor management errors.\r\n\r\n\r\nExamples:\r\n\r\nKeccak-256 failure (hashing algorithm for accessing addresses in memory or storage).\r\n\r\nMulti-signature architecture Failure\r\n\r\nPrivate keys that are not encrypted somehow fell into the hands of the hackers.\r\n\r\n\r\nA02:2021-CRYPTOGRAPHIC FAILURES DEFENSE\r\n\r\nSolution:\r\n\r\nLife cycle management of cryptographic keys (generation, distribution, destruction)\r\n\r\nEnsure geographical dispersion of keys required to sign a transaction.\r\n\r\nImplement Identity and Access Management (IAM) controls such as least privilege and zero-trust principles.\r\n\r\n\r\nA03:2021-INJECTION\r\n\r\n\r\nInjection attacks occur when the user-supplied is able to insert information into an insecure Blockchain Application API.\r\n\r\n\r\n \r\n\r\n\r\nExamples:\r\nInsecure Blockchain API\r\nSmart-contract parsing function that allowed a buffer-out-of-bounds write\r\nUnsecure function calls that allow a buffer-out-of-bounds write.\r\n\r\n \r\n\r\nA03:2021-INJECTION DEFENSE\r\n\r\nSolution:\r\nTest early and often for dynamic queries, escape special characters and etc.\r\nSanitize, validate and filter\r\nLeveraging machine learning for signature-based detection and anomaly-based detection.\r\n\r\n\r\nA04:2021-INSECURE DESIGN\r\n\r\nAn insecure design flaw in DEFI applications relates to, design patterns flaws in architectures such as weakness in the operation, management of exchanges, and e-wallet services\r\n\r\nInsecure Design example:\r\n\r\nDouble Spending Attacks \r\nRe-entrancy Attacks\r\n\r\n\r\nA04:2021-INSECURE DESIGN DEFENSE\r\n\r\nSolution:\r\nSecure Development Lifecycle with CICD principles Secured component library, tooling, and threat modeling.\r\n\r\nA05:2021-SECURITY MISCONFIGURATION\r\nDEFI applications allow access to a variety of services in the palm of your hands such as DAO, Trading, Insurance, P2P lending and borrowing, and more. In this case, security misconfigurations in the application could drastically end-users.\r\n\r\nExamples:\r\n\r\nSecurity features that are not enabled by default such as wallet password protection for browser-based wallets.\r\n\r\nDEFI applications rely on third-party outdated libraries such as NPM packages.\r\n\r\n\r\nA05:2021-SECURITY MISCONFIGURATION DEFENSE\r\n\r\nSolutions:\r\nAuditing Tools\r\nMFA\r\nDefense In-Depth\r\nPatch Management and Updates\r\nAn automated testing process to verify the effectiveness of the configurations and settings in all environments.\r\n\r\n\r\nA06:2021-VULNERABLE AND OUTDATED COMPONENTS\r\n\r\nBlockchain systems rely on complex middleware, like Ethereum or Hyperledger Fabric, and ether.js that allow running smart contracts, which specify business logic in cooperative applications.\r\n\r\nExamples:\r\nDependency faults lead to the declaration which allows an application to read data\r\n\r\n\r\nA06:2021-VULNERABLE AND OUTDATED COMPONENTS DEFENSE\r\n\r\nSolution:\r\nPatch management policy and process for outdated dependencies, unnecessary features, components, files, and documentation.\r\nActively Monitor for external libraries and functions that may be deprecated or within an outdated version.\r\n\r\n \r\nA07:2021-IDENTIFICATION AND AUTHENTICATION FAILURES\r\n\r\nIn a decentralized application, it is important to verify the user's identity, authentication, along with user session management to protect against authentication-related attacks.\r\n\r\nExamples:\r\n\r\nAuthentication weaknesses in the DEFI application that permit automated attacks such as brute force or other automated attacks No API Authentication\r\nExposed Private Keys from Github Repositories\r\nExcessive API data exposure in HTTP requests (GET, POST requests)\r\n\r\n\r\nA07:2021-IDENTIFICATION AND AUTHENTICATION FAILURES DEFENSE\r\n\r\nSolution:\r\n\r\nMulti-factor authentication (MFA) to prevent automated credential stuffing, brute force, and stolen credential reuse attacks.\r\nStrong password Policy Password for users and internal systems API Access Policy, and Attributes to limit requests for\r\nSession Manager Policy\r\nGood Testing\r\n\r\nA08:2021-SOFTWARE AND DATA INTEGRITY FAILURES\r\n\r\nSoftware and data integrity failures as it relates to blockchain application security hold valuable data that must be kept secret and must be appropriately protected.\r\n\r\nExample:\r\nA failure to achieve oracle integrity which allows exploitation by malicious actors.\r\n\r\n\r\nA08:2021-SOFTWARE AND DATA INTEGRITY FAILURES DEFENSE\r\n\r\nSolution:\r\n\r\nDigital signatures or similar mechanisms to verify the software or data is from the expected source and has not been altered. Ensure libraries and dependencies, such as npm, are consuming trusted repositories.\r\n\r\nUtilize logs\r\n\r\nChange Policies to minimize the chance that malicious code or configuration may be introduced into your software pipeline.\r\n\r\nCompliance Frameworks as it relates to personal data protected by privacy laws like the General Data Protection Regulation (GDPR) or the Health Insurance Portability and Accessibility Act (HIPAA)\r\n\r\nCentralized or private blockchain implementation\r\n \r\nA09:2021-SECURITY LOGGING AND MONITORING FAILURES\r\n\r\nSecurity Logging and Monitoring is currently not widely available for all blockchains such as bitcoin, Ethereum, and others. With proper logging and monitoring mechanism, anomalies can be detected.\r\n\r\nFor example:\r\n\r\nBlockchain explorer auditable events such as high-value transactions failed transactions and etc.\r\n\r\nAppropriate alerting thresholds and response escalation processes are not made widely available on all blockchains.\r\n \r\n\r\n \r\nA09:2021-SECURITY LOGGING AND MONITORING FAILURES DEFENSE\r\n\r\nSolution:\r\nAnomaly Detection and Alerts\r\nReal-Time Blockchain Explorer Analysis\r\nEnsure that logs are generated in a consumable format leveraged with AI\r\nIncident response and recovery policy\r\n\r\n\r\n \r\n A10:2021-SERVER-SIDE REQUEST FORGERY\r\n\r\nSSRF flaws as it relates to DEFI Applications occur whenever a web application is receiving resources without validating the user-supplied URL.\r\n\r\nExamples:\r\n\r\nInsecure URL fetching during the enumeration phases of an attack\r\n\r\nUntrusted data from the blockchain explorer without validating and sanitizing it first.\r\n\r\nCross-site scripting vulnerabilities that allow crypto-mining malware to be run on the victim’s computer.\r\n\r\n\r\n\r\n\r\nA10:2021-SERVER-SIDE REQUEST FORGERY DEFENSE\r\n\r\nSolution:\r\nWeb Application Firewall: Enforce “deny by default” firewall policies. Establish a lifecycle policy for firewall rules based on applications. Log all accepted and blocked network flows on the firewall\r\n\r\nSanitize and validate all client-supplied input data\r\n\r\nEnforce strong URL schema\r\n\r\nDisallow HTTP redirections\r\n\r\n\r\nCONCLUSION\r\n\r\nBlockchain Application Security (BAS) lacks specific security guidance and resource. The Blockchain may be secure however applications sitting on the blockchain may not. Most Web3 Application have HTML front-ends; in result, security controls correlating to the OWASP Framework centered around traditional web application security is critical.\r\n\r\n\n\n\n","title":"Hacking & Defending Blockchain Applications","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#5978bc","name":"AppSec Village","id":45378},"android_description":"Blockchain is a technology that is rapidly gaining widespread adoption; however, security standards, frameworks, or methodologies that incorporate the OWASP principles are not widely available. Frameworks such as OWASP as it relates to Blockchain Application Security (BAS) can ensure accountability, fair participation, and security within the network.\r\n\r\nDEFI stands for Decentralized Finance and is an alternate financial universe with a steadily growing catalog of applications that runs autonomously, where users can deposit digital assets and earn returns, borrow, and loan money — still in its infancy. There is an opportunity to increase the quality of life and economic health across the board as currently, the total all-time high exceeds $2t with about $3b lost or stolen through hacks.\r\n\r\nWhat are some components within a blockchain?\r\n\r\nBlockchain networks are primarily managed through a peer-to-peer network for use as a publicly distributed ledger. Some components of the blockchain include transaction blocks of data representing each transaction found. The wallet stores your funds and allows a way to buy, sell, swap, and earn cryptocurrencies. Smart Contracts are computer code that automatically executes all or parts of an agreement. Public Key Cryptography, or asymmetric cryptography, is an encryption method that employs two mathematically related numbers.\r\n\r\nHow does the blockchain work?\r\n\r\nBob wants to send money to Susan. Bob’s transaction gets represented within the block. The block gets broadcasted to every party in the network. The transactions gets confirmed and approved. The block gets appended to the ledger, and Susan receives her funds.\r\n\r\n\r\nThe OWASP Top Ten List is an industry-recognized tool for identifying vulnerabilities in application security. Blockchain Application security has some areas of opportunity for correlating OWASP to the blockchain to help discover potential vulnerabilities in blockchain systems.\r\n\r\n\r\nHere is a list of OWASP's top ten vulnerabilities as it relates to blockchain applications:\r\n\r\n\r\nA01:2021 – Broken Access Control\r\n\r\nSecure implementation of authentication is critical to the DEFI ecosystem. The wide use of browser wallet transaction authorization means that a large attack surface exists.\r\n\r\nExamples:\r\n\r\nMetamask wallet: Signing a transaction to an insecure wallet such as fake projects posing as trusted brands with the average end-users being unable to analyze a smart contract.\r\n\r\nContract Function calls allowing the owner to sign a transaction and allowing bad actors to claim ownership of the digital assets but didn’t check.\r\nSolution:\r\n\r\nWallet Access Policy and Implementation\r\n\r\nReading the contract before signing \r\n\r\nResearching the credibility of the project\r\n\r\n\r\n \r\nA02:2021-CRYPTOGRAPHIC FAILURES\r\n\r\nCryptographic algorithms within Blockchain Applications can guarantee a high level of privacy for the users. On the other hand, failures in cryptography can be traced to poor management errors.\r\n\r\n\r\nExamples:\r\n\r\nKeccak-256 failure (hashing algorithm for accessing addresses in memory or storage).\r\n\r\nMulti-signature architecture Failure\r\n\r\nPrivate keys that are not encrypted somehow fell into the hands of the hackers.\r\n\r\n\r\nA02:2021-CRYPTOGRAPHIC FAILURES DEFENSE\r\n\r\nSolution:\r\n\r\nLife cycle management of cryptographic keys (generation, distribution, destruction)\r\n\r\nEnsure geographical dispersion of keys required to sign a transaction.\r\n\r\nImplement Identity and Access Management (IAM) controls such as least privilege and zero-trust principles.\r\n\r\n\r\nA03:2021-INJECTION\r\n\r\n\r\nInjection attacks occur when the user-supplied is able to insert information into an insecure Blockchain Application API.\r\n\r\n\r\n \r\n\r\n\r\nExamples:\r\nInsecure Blockchain API\r\nSmart-contract parsing function that allowed a buffer-out-of-bounds write\r\nUnsecure function calls that allow a buffer-out-of-bounds write.\r\n\r\n \r\n\r\nA03:2021-INJECTION DEFENSE\r\n\r\nSolution:\r\nTest early and often for dynamic queries, escape special characters and etc.\r\nSanitize, validate and filter\r\nLeveraging machine learning for signature-based detection and anomaly-based detection.\r\n\r\n\r\nA04:2021-INSECURE DESIGN\r\n\r\nAn insecure design flaw in DEFI applications relates to, design patterns flaws in architectures such as weakness in the operation, management of exchanges, and e-wallet services\r\n\r\nInsecure Design example:\r\n\r\nDouble Spending Attacks \r\nRe-entrancy Attacks\r\n\r\n\r\nA04:2021-INSECURE DESIGN DEFENSE\r\n\r\nSolution:\r\nSecure Development Lifecycle with CICD principles Secured component library, tooling, and threat modeling.\r\n\r\nA05:2021-SECURITY MISCONFIGURATION\r\nDEFI applications allow access to a variety of services in the palm of your hands such as DAO, Trading, Insurance, P2P lending and borrowing, and more. In this case, security misconfigurations in the application could drastically end-users.\r\n\r\nExamples:\r\n\r\nSecurity features that are not enabled by default such as wallet password protection for browser-based wallets.\r\n\r\nDEFI applications rely on third-party outdated libraries such as NPM packages.\r\n\r\n\r\nA05:2021-SECURITY MISCONFIGURATION DEFENSE\r\n\r\nSolutions:\r\nAuditing Tools\r\nMFA\r\nDefense In-Depth\r\nPatch Management and Updates\r\nAn automated testing process to verify the effectiveness of the configurations and settings in all environments.\r\n\r\n\r\nA06:2021-VULNERABLE AND OUTDATED COMPONENTS\r\n\r\nBlockchain systems rely on complex middleware, like Ethereum or Hyperledger Fabric, and ether.js that allow running smart contracts, which specify business logic in cooperative applications.\r\n\r\nExamples:\r\nDependency faults lead to the declaration which allows an application to read data\r\n\r\n\r\nA06:2021-VULNERABLE AND OUTDATED COMPONENTS DEFENSE\r\n\r\nSolution:\r\nPatch management policy and process for outdated dependencies, unnecessary features, components, files, and documentation.\r\nActively Monitor for external libraries and functions that may be deprecated or within an outdated version.\r\n\r\n \r\nA07:2021-IDENTIFICATION AND AUTHENTICATION FAILURES\r\n\r\nIn a decentralized application, it is important to verify the user's identity, authentication, along with user session management to protect against authentication-related attacks.\r\n\r\nExamples:\r\n\r\nAuthentication weaknesses in the DEFI application that permit automated attacks such as brute force or other automated attacks No API Authentication\r\nExposed Private Keys from Github Repositories\r\nExcessive API data exposure in HTTP requests (GET, POST requests)\r\n\r\n\r\nA07:2021-IDENTIFICATION AND AUTHENTICATION FAILURES DEFENSE\r\n\r\nSolution:\r\n\r\nMulti-factor authentication (MFA) to prevent automated credential stuffing, brute force, and stolen credential reuse attacks.\r\nStrong password Policy Password for users and internal systems API Access Policy, and Attributes to limit requests for\r\nSession Manager Policy\r\nGood Testing\r\n\r\nA08:2021-SOFTWARE AND DATA INTEGRITY FAILURES\r\n\r\nSoftware and data integrity failures as it relates to blockchain application security hold valuable data that must be kept secret and must be appropriately protected.\r\n\r\nExample:\r\nA failure to achieve oracle integrity which allows exploitation by malicious actors.\r\n\r\n\r\nA08:2021-SOFTWARE AND DATA INTEGRITY FAILURES DEFENSE\r\n\r\nSolution:\r\n\r\nDigital signatures or similar mechanisms to verify the software or data is from the expected source and has not been altered. Ensure libraries and dependencies, such as npm, are consuming trusted repositories.\r\n\r\nUtilize logs\r\n\r\nChange Policies to minimize the chance that malicious code or configuration may be introduced into your software pipeline.\r\n\r\nCompliance Frameworks as it relates to personal data protected by privacy laws like the General Data Protection Regulation (GDPR) or the Health Insurance Portability and Accessibility Act (HIPAA)\r\n\r\nCentralized or private blockchain implementation\r\n \r\nA09:2021-SECURITY LOGGING AND MONITORING FAILURES\r\n\r\nSecurity Logging and Monitoring is currently not widely available for all blockchains such as bitcoin, Ethereum, and others. With proper logging and monitoring mechanism, anomalies can be detected.\r\n\r\nFor example:\r\n\r\nBlockchain explorer auditable events such as high-value transactions failed transactions and etc.\r\n\r\nAppropriate alerting thresholds and response escalation processes are not made widely available on all blockchains.\r\n \r\n\r\n \r\nA09:2021-SECURITY LOGGING AND MONITORING FAILURES DEFENSE\r\n\r\nSolution:\r\nAnomaly Detection and Alerts\r\nReal-Time Blockchain Explorer Analysis\r\nEnsure that logs are generated in a consumable format leveraged with AI\r\nIncident response and recovery policy\r\n\r\n\r\n \r\n A10:2021-SERVER-SIDE REQUEST FORGERY\r\n\r\nSSRF flaws as it relates to DEFI Applications occur whenever a web application is receiving resources without validating the user-supplied URL.\r\n\r\nExamples:\r\n\r\nInsecure URL fetching during the enumeration phases of an attack\r\n\r\nUntrusted data from the blockchain explorer without validating and sanitizing it first.\r\n\r\nCross-site scripting vulnerabilities that allow crypto-mining malware to be run on the victim’s computer.\r\n\r\n\r\n\r\n\r\nA10:2021-SERVER-SIDE REQUEST FORGERY DEFENSE\r\n\r\nSolution:\r\nWeb Application Firewall: Enforce “deny by default” firewall policies. Establish a lifecycle policy for firewall rules based on applications. Log all accepted and blocked network flows on the firewall\r\n\r\nSanitize and validate all client-supplied input data\r\n\r\nEnforce strong URL schema\r\n\r\nDisallow HTTP redirections\r\n\r\n\r\nCONCLUSION\r\n\r\nBlockchain Application Security (BAS) lacks specific security guidance and resource. The Blockchain may be secure however applications sitting on the blockchain may not. Most Web3 Application have HTML front-ends; in result, security controls correlating to the OWASP Framework centered around traditional web application security is critical.","end_timestamp":{"seconds":1660433400,"nanoseconds":0},"updated_timestamp":{"seconds":1659917160,"nanoseconds":0},"speakers":[{"content_ids":[49651],"conference_id":65,"event_ids":[49835],"name":"Kennashka DeSilva","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/mwlite/in/kennashka-desilva-7186b0175"}],"pronouns":null,"media":[],"id":49011},{"content_ids":[49651],"conference_id":65,"event_ids":[49835],"name":"Aimee Reyes","affiliations":[],"pronouns":null,"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"http://linkedin.com/in/reyesai"}],"media":[],"id":49013}],"timeband_id":892,"links":[],"end":"2022-08-13T23:30:00.000-0000","id":49835,"begin_timestamp":{"seconds":1660429800,"nanoseconds":0},"village_id":4,"tag_ids":[40278,45340,45345,45378,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49013},{"tag_id":565,"sort_order":1,"person_id":49011}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45421,"name":"Flamingo - Twilight Ballroom - AppSec Village - Main Stage","hotel":"","short_name":"Main Stage","id":45517},"updated":"2022-08-08T00:06:00.000-0000","begin":"2022-08-13T22:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Get a free signed copy of the #1bestseller Hackable and meet the author!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d17648","updated_at":"2024-06-07T03:39+0000","name":"IoT Village","id":45356},"title":"Hackable Book Signing","android_description":"Get a free signed copy of the #1bestseller Hackable and meet the author!","end_timestamp":{"seconds":1660431600,"nanoseconds":0},"updated_timestamp":{"seconds":1659712440,"nanoseconds":0},"speakers":[{"content_ids":[49446],"conference_id":65,"event_ids":[49650],"name":"Ted Harrington","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48829}],"timeband_id":892,"links":[],"end":"2022-08-13T23:00:00.000-0000","id":49650,"village_id":16,"begin_timestamp":{"seconds":1660429800,"nanoseconds":0},"tag_ids":[40275,45341,45356,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48829}],"tags":"Village Event","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 311, 320 (IoT Village)","hotel":"","short_name":"311, 320 (IoT Village)","id":45424},"spans_timebands":"N","updated":"2022-08-05T15:14:00.000-0000","begin":"2022-08-13T22:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Chess, computers, and hacking go way back. In the 18th century, the Mechanical Turk appeared to play a good game, but there was a human ghost hiding in the shell. Some of the first computer software was written to play chess. In 1997, world champion Garry Kasparov lost to the program Deep Blue, but after the match he accused IBM of cheating, alleging that only a rival grandmaster could have made certain moves.\r\n\r\nAt DEF CON 30, we propose to host a human chess tournament. The games will have a “blitz” time control of 5 minutes on each player’s clock, for a maximum total game time of 10 minutes. The tournament will have a Swiss-system format, with a fixed number of rounds. The match pairing for each round is done after the previous round has ended, and depends on its results. Each player is paired with another player who has a similar running score.\r\n\r\nTo determine the winner, the Swiss system is considered highly effective, even when there is a large number of competitors and a small number of rounds. Every player gets to play the full tournament, and the winner has the highest aggregate score when all rounds are over.\r\n\r\nWe’ll also have a top computer chess program on hand. There will be prizes for the winners of the tournament, as well as anyone who can beat the machine.\r\n\r\nThe tournament mechanics will be managed by the Las Vegas Chess Center (LVCC), which has over five years of experience in organizing royal game tournaments for all strength levels and ages. LVCC has professional coaches, and grandmasters are frequent visitors.\r\n\r\nDoes your contest or event plan to have a pre-qualifier?\r\n\r\nTo help crown the best chess player at DEF CON 30, we will register the highest-rated players first. We did this at DEF CON 26. In the end, everyone who wanted to play was able to play.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"title":"DEF CON 30 Chess Tournament","android_description":"Chess, computers, and hacking go way back. In the 18th century, the Mechanical Turk appeared to play a good game, but there was a human ghost hiding in the shell. Some of the first computer software was written to play chess. In 1997, world champion Garry Kasparov lost to the program Deep Blue, but after the match he accused IBM of cheating, alleging that only a rival grandmaster could have made certain moves.\r\n\r\nAt DEF CON 30, we propose to host a human chess tournament. The games will have a “blitz” time control of 5 minutes on each player’s clock, for a maximum total game time of 10 minutes. The tournament will have a Swiss-system format, with a fixed number of rounds. The match pairing for each round is done after the previous round has ended, and depends on its results. Each player is paired with another player who has a similar running score.\r\n\r\nTo determine the winner, the Swiss system is considered highly effective, even when there is a large number of competitors and a small number of rounds. Every player gets to play the full tournament, and the winner has the highest aggregate score when all rounds are over.\r\n\r\nWe’ll also have a top computer chess program on hand. There will be prizes for the winners of the tournament, as well as anyone who can beat the machine.\r\n\r\nThe tournament mechanics will be managed by the Las Vegas Chess Center (LVCC), which has over five years of experience in organizing royal game tournaments for all strength levels and ages. LVCC has professional coaches, and grandmasters are frequent visitors.\r\n\r\nDoes your contest or event plan to have a pre-qualifier?\r\n\r\nTo help crown the best chess player at DEF CON 30, we will register the highest-rated players first. We did this at DEF CON 26. In the end, everyone who wanted to play was able to play.","end_timestamp":{"seconds":1660437000,"nanoseconds":0},"updated_timestamp":{"seconds":1659665280,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T00:30:00.000-0000","id":49567,"tag_ids":[45360,45373,45450],"village_id":null,"begin_timestamp":{"seconds":1660429800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 133 (Karaoke/Chess)","hotel":"","short_name":"133 (Karaoke/Chess)","id":45385},"begin":"2022-08-13T22:30:00.000-0000","updated":"2022-08-05T02:08:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Elevator floor lockouts are often used as an additional, or the only, layer of security. This talk will focus on how to hack elevators for the purpose of getting to locked out floors ‚Äì including using special operating modes, tricking the controller into taking you there, and hoistway entry.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#61ba95","updated_at":"2024-06-07T03:39+0000","name":"Physical Security Village","id":45381},"title":"Elevators 101","end_timestamp":{"seconds":1660431600,"nanoseconds":0},"android_description":"Elevator floor lockouts are often used as an additional, or the only, layer of security. This talk will focus on how to hack elevators for the purpose of getting to locked out floors ‚Äì including using special operating modes, tricking the controller into taking you there, and hoistway entry.","updated_timestamp":{"seconds":1659624300,"nanoseconds":0},"speakers":[{"content_ids":[49393,49398,49399,49400],"conference_id":65,"event_ids":[49540,49545,49546,49547,49556,49557,49558],"name":"Karen Ng","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/hwenab"}],"pronouns":null,"media":[],"id":48801}],"timeband_id":892,"links":[],"end":"2022-08-13T23:00:00.000-0000","id":49556,"village_id":22,"begin_timestamp":{"seconds":1660429800,"nanoseconds":0},"tag_ids":[40264,45340,45373,45381,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48801}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 201-202 (Physical Security Village)","hotel":"","short_name":"201-202 (Physical Security Village)","id":45428},"spans_timebands":"N","begin":"2022-08-13T22:30:00.000-0000","updated":"2022-08-04T14:45:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"What’s better than stealing the Declaration of Independence? Flawlessly replicating one for your own home. In this talk, Chris will teach you the tricks of the trade of a professional historical document forger.\n\n\n","title":"Forgery & Document Replication","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#569d6e","name":"Rogues Village","id":45368},"end_timestamp":{"seconds":1660433400,"nanoseconds":0},"android_description":"What’s better than stealing the Declaration of Independence? Flawlessly replicating one for your own home. In this talk, Chris will teach you the tricks of the trade of a professional historical document forger.","updated_timestamp":{"seconds":1659467520,"nanoseconds":0},"speakers":[{"content_ids":[49326],"conference_id":65,"event_ids":[49426],"name":"Chris Dickson","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/CA_Dickson"}],"media":[],"id":48748}],"timeband_id":892,"links":[],"end":"2022-08-13T23:30:00.000-0000","id":49426,"tag_ids":[40271,45340,45368,45453],"village_id":29,"begin_timestamp":{"seconds":1660429800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48748}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Evolution (Rogues Village)","hotel":"","short_name":"Evolution (Rogues Village)","id":45407},"spans_timebands":"N","updated":"2022-08-02T19:12:00.000-0000","begin":"2022-08-13T22:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Much is made for the need for strong passwords and keys, but most cryptographic processes also require a source of entropy. While computers are excellent at doing what they're told, they suck at generating true randomness. Even when gathering high quality entropy, the pool can be quickly depleted with many processes invoking cryptographic functions in rapid succession. I will discuss why entropy is so important, give examples of randomness failures, and discuss techniques for generating high quality random values in low-cost embedded systems.\n\n\n","title":"Capturing Chaos: Harvesting Environmental Entropy","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ff88ea","name":"Crypto & Privacy Village","id":45347},"android_description":"Much is made for the need for strong passwords and keys, but most cryptographic processes also require a source of entropy. While computers are excellent at doing what they're told, they suck at generating true randomness. Even when gathering high quality entropy, the pool can be quickly depleted with many processes invoking cryptographic functions in rapid succession. I will discuss why entropy is so important, give examples of randomness failures, and discuss techniques for generating high quality random values in low-cost embedded systems.","end_timestamp":{"seconds":1660432500,"nanoseconds":0},"updated_timestamp":{"seconds":1659393900,"nanoseconds":0},"speakers":[{"content_ids":[49156],"conference_id":65,"event_ids":[49192],"name":"Carey Parker","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48593}],"timeband_id":892,"links":[],"end":"2022-08-13T23:15:00.000-0000","id":49192,"tag_ids":[40253,45347,45451],"begin_timestamp":{"seconds":1660429800,"nanoseconds":0},"village_id":10,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48593}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"updated":"2022-08-01T22:45:00.000-0000","begin":"2022-08-13T22:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The first critical component to any attack is an entry point. As we lock down firewalls and routers, it can be easy to overlook the network-connected physical access control systems. A study done by IBM in 2021 showed that the average cost of a physical security compromise is $3.54 million and takes an average of 223 days to identify a breach.\r\n\r\nHID Mercury is a global distributor of access control systems with more than 20 OEM partners, deployed across multiple industries and certified for use in federal and state government facilities.\r\n\r\nTrellix's Advanced Threat Research team uncovered 4 unique 0-day vulnerabilities and 4 additional undisclosed vulnerabilities leading to remote, unauthenticated code execution on multiple HID Mercury access control panels. These findings lead to full system control including the ability for an attacker to remotely manipulate door locks. During this presentation, we will briefly cover the hardware debugging process, leading to a root shell on the target. We will explore in greater depth the vulnerability discovery techniques, including emulation, fuzzing, static and dynamic reverse engineering, and a detailed walkthrough of several of the most critical vulnerabilities. We’ll address our approach to exploitation using simplistic malware we designed to control system functionality and culminate the talk with a live demo featuring full system control, unlocking doors remotely without triggering any software notification\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"title":"Perimeter Breached! Hacking an Access Control System","android_description":"The first critical component to any attack is an entry point. As we lock down firewalls and routers, it can be easy to overlook the network-connected physical access control systems. A study done by IBM in 2021 showed that the average cost of a physical security compromise is $3.54 million and takes an average of 223 days to identify a breach.\r\n\r\nHID Mercury is a global distributor of access control systems with more than 20 OEM partners, deployed across multiple industries and certified for use in federal and state government facilities.\r\n\r\nTrellix's Advanced Threat Research team uncovered 4 unique 0-day vulnerabilities and 4 additional undisclosed vulnerabilities leading to remote, unauthenticated code execution on multiple HID Mercury access control panels. These findings lead to full system control including the ability for an attacker to remotely manipulate door locks. During this presentation, we will briefly cover the hardware debugging process, leading to a root shell on the target. We will explore in greater depth the vulnerability discovery techniques, including emulation, fuzzing, static and dynamic reverse engineering, and a detailed walkthrough of several of the most critical vulnerabilities. We’ll address our approach to exploitation using simplistic malware we designed to control system functionality and culminate the talk with a live demo featuring full system control, unlocking doors remotely without triggering any software notification","end_timestamp":{"seconds":1660432500,"nanoseconds":0},"updated_timestamp":{"seconds":1659366300,"nanoseconds":0},"speakers":[{"content_ids":[48565],"conference_id":65,"event_ids":[48575],"name":"Steve Povolny","affiliations":[{"organization":"Trellix","title":"Principal Engineer & Head of Advanced Threat Research"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/spovolny"}],"pronouns":null,"media":[],"id":47861,"title":"Principal Engineer & Head of Advanced Threat Research at Trellix"},{"content_ids":[48565],"conference_id":65,"event_ids":[48575],"name":"Sam Quinn","affiliations":[{"organization":"Trellix","title":"Senior Security Researcher"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/eAyeP"}],"pronouns":null,"media":[],"id":47926,"title":"Senior Security Researcher at Trellix"}],"timeband_id":892,"end":"2022-08-13T23:15:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242288"}],"id":48575,"begin_timestamp":{"seconds":1660429800,"nanoseconds":0},"tag_ids":[45241,45279,45375,45450],"village_id":null,"includes":"Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47926},{"tag_id":565,"sort_order":1,"person_id":47861}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"spans_timebands":"N","updated":"2022-08-01T15:05:00.000-0000","begin":"2022-08-13T22:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The hacking subculture's closest relative is that of the Darknet. Both have knowledgeable people, many of whom are highly proficient with technology and wish to remain somewhat anonymous. They are both composed of a vast amount of introverts and abide by the same first rule: “Don’t get caught.\"\n\nOver the past decade, there have been many DEF CON talks that have discussed topics related to Tor and the Darknet. Having an IT, Infosec, and hacking background, the goal is to present a unique perspective from a hacker turned Darknet Vendor, who then learned about the law and–using metaphorical privilege escalation and social engineering–got himself out of federal prison after a year and a half by acting as his own lawyer.\n\nThe focus of this talk will surround operational security policies that a skilled Darknet Market Vendor (DMV) implements to avoid compromising their identity. We will look at tactics used by Law Enforcement and common attacks prevalent on the Darknet, ranging from linguistic analysis and United States Postal Inspector operations all the way to correlation attacks and utilizing long-range wifi antennas to avoid detection as a failsafe.\n\nBy focusing less on the basics of Tor and more on how insiders operate within it, we will uncover what it takes to navigate this ever-evolving landscape with clever OpSec.\n\n\n","title":"Tor: Darknet Opsec By a Veteran Darknet Vendor & the Hackers Mentality","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"android_description":"The hacking subculture's closest relative is that of the Darknet. Both have knowledgeable people, many of whom are highly proficient with technology and wish to remain somewhat anonymous. They are both composed of a vast amount of introverts and abide by the same first rule: “Don’t get caught.\"\n\nOver the past decade, there have been many DEF CON talks that have discussed topics related to Tor and the Darknet. Having an IT, Infosec, and hacking background, the goal is to present a unique perspective from a hacker turned Darknet Vendor, who then learned about the law and–using metaphorical privilege escalation and social engineering–got himself out of federal prison after a year and a half by acting as his own lawyer.\n\nThe focus of this talk will surround operational security policies that a skilled Darknet Market Vendor (DMV) implements to avoid compromising their identity. We will look at tactics used by Law Enforcement and common attacks prevalent on the Darknet, ranging from linguistic analysis and United States Postal Inspector operations all the way to correlation attacks and utilizing long-range wifi antennas to avoid detection as a failsafe.\n\nBy focusing less on the basics of Tor and more on how insiders operate within it, we will uncover what it takes to navigate this ever-evolving landscape with clever OpSec.","end_timestamp":{"seconds":1660432500,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48566],"conference_id":65,"event_ids":[48536],"name":"Sam Bent","affiliations":[{"organization":"","title":"KS LLC"}],"pronouns":null,"links":[{"description":"","title":"Facebook","sort_order":0,"url":"https://www.facebook.com/doing.fedtime"},{"description":"","title":"Reddit","sort_order":0,"url":"https://www.reddit.com/r/theFeds/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/DoingFedTime"},{"description":"","title":"YouTube (DoingFedtime)","sort_order":0,"url":"https://www.youtube.com/channel/UCUP5UhD6cMfpN4vxW3FYJLQ"},{"description":"","title":"https://2happytimes2.com/","sort_order":0,"url":"https://2happytimes2.com/"},{"description":"","title":"https://haxme.org/","sort_order":0,"url":"https://haxme.org/"},{"description":"","title":"https://www.doingfedtime.com/","sort_order":0,"url":"https://www.doingfedtime.com/"},{"description":"","title":"https://www.youtube.com/c/allhackingcons/","sort_order":0,"url":"https://www.youtube.com/c/allhackingcons/"}],"media":[],"id":47872,"title":"KS LLC"}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241998"}],"end":"2022-08-13T23:15:00.000-0000","id":48536,"village_id":null,"tag_ids":[45241,45375,45450],"begin_timestamp":{"seconds":1660429800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47872}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 106-110, 138-139 (Track 2)","hotel":"","short_name":"106-110, 138-139 (Track 2)","id":45373},"begin":"2022-08-13T22:30:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Car hacking is a tricky subject to hackers because it requires lots of money and hardware knowledge to research with a real car. \nAn alternative way would be to research with an ECU but it also difficult to know how to setup the equipment. \nMoreover, in order to communicate with Automotive Ethernet services running on the ECU, \nyou need additional devices such as media converters and Ethernet adapters supporting Virtual LAN(VLAN). \nEven if you succeed in building the hardware environment, \nyou can't communicate with the ECU over SOME/IP protocol of Automotive Ethernet if you don't know the network configuration, such as VLAN ID, service IDs and IP/port mapped to each service.\n\nThis talk describes how to do fuzzing on the SOME/IP services step by step. \nFirst, we demonstrate how to buy an ECU, how to power and wire it. \nSecond, we explain network configurations to communicate between ECU and PC. \nThird, we describe how to find out the information required to perform SOME/IP fuzzing and how to implement SOME/IP Fuzzer. \nWe have conducted the fuzzing with the BMW ECUs purchased by official BMW sales channels, not used products.\n\nWe hope this talk will make more people to try car hacking and will not go through the trials and errors that we have experienced.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"title":"Automotive Ethernet Fuzzing: From purchasing ECU to SOME/IP fuzzing","android_description":"Car hacking is a tricky subject to hackers because it requires lots of money and hardware knowledge to research with a real car. \nAn alternative way would be to research with an ECU but it also difficult to know how to setup the equipment. \nMoreover, in order to communicate with Automotive Ethernet services running on the ECU, \nyou need additional devices such as media converters and Ethernet adapters supporting Virtual LAN(VLAN). \nEven if you succeed in building the hardware environment, \nyou can't communicate with the ECU over SOME/IP protocol of Automotive Ethernet if you don't know the network configuration, such as VLAN ID, service IDs and IP/port mapped to each service.\n\nThis talk describes how to do fuzzing on the SOME/IP services step by step. \nFirst, we demonstrate how to buy an ECU, how to power and wire it. \nSecond, we explain network configurations to communicate between ECU and PC. \nThird, we describe how to find out the information required to perform SOME/IP fuzzing and how to implement SOME/IP Fuzzer. \nWe have conducted the fuzzing with the BMW ECUs purchased by official BMW sales channels, not used products.\n\nWe hope this talk will make more people to try car hacking and will not go through the trials and errors that we have experienced.","end_timestamp":{"seconds":1660431000,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48564,49388],"conference_id":65,"event_ids":[48507,49535],"name":"Jonghyuk Song","affiliations":[{"organization":"","title":"\"Jonghyuk Song, Redteam Leader, Autocrypt\""}],"links":[],"pronouns":null,"media":[],"id":47836,"title":"\"Jonghyuk Song, Redteam Leader, Autocrypt\""},{"content_ids":[48564,49388],"conference_id":65,"event_ids":[48507,49535],"name":"Soohwan Oh","affiliations":[{"organization":"","title":"Blueteam Engineer, Autocrypt"}],"links":[],"pronouns":null,"media":[],"id":47842,"title":"Blueteam Engineer, Autocrypt"},{"content_ids":[48564],"conference_id":65,"event_ids":[48507],"name":"Woongjo choi","affiliations":[{"organization":"","title":"Blueteam Leader, Autocrypt"}],"links":[],"pronouns":null,"media":[],"id":47848,"title":"Blueteam Leader, Autocrypt"}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242347"}],"end":"2022-08-13T22:50:00.000-0000","id":48507,"village_id":null,"begin_timestamp":{"seconds":1660429800,"nanoseconds":0},"tag_ids":[45241,45281,45375,45450],"includes":"Tool","people":[{"tag_id":565,"sort_order":1,"person_id":47836},{"tag_id":565,"sort_order":1,"person_id":47842},{"tag_id":565,"sort_order":1,"person_id":47848}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 104-105, 135-136 (Track 1)","hotel":"","short_name":"104-105, 135-136 (Track 1)","id":45372},"updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-13T22:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Command and Control is one of the most used tactics by adversaries in intrusions. Without command and control, you have to write a worm, and worms can get out of control. For this reason, 95% or more of attacks use Command and Control. We will leverage cyber threat intelligence to develop procedural emulations to attack target systems and then cover how to detect the attacks. The workshop will begin with a brief lecture to introduce cyber threat intelligence, threat emulation development, and detection engineering. The rest will be hands-on keyboard exercises.\r\n\r\nWe will supply individual labs using the VMware Learning Platform. The lab environment will include an attack system and a target Windows system. Please bring a laptop with internet access so that you can connect to the cloud-hosted VMware lab environment.\r\n\r\nAttendees will be able to follow the self-paced guide to set up emulations, create payloads, and gain execution for assumed breach payloads. From there, various adversary behaviors will be walked through to meet adversary objectives. From the defensive side, the guide will walk the attendee through setting up data sources for detection using free tools and cover common detection types.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#54ab76","name":"Adversary Village","id":45377},"title":"Attack and Defend with Adversary Emulation","android_description":"Command and Control is one of the most used tactics by adversaries in intrusions. Without command and control, you have to write a worm, and worms can get out of control. For this reason, 95% or more of attacks use Command and Control. We will leverage cyber threat intelligence to develop procedural emulations to attack target systems and then cover how to detect the attacks. The workshop will begin with a brief lecture to introduce cyber threat intelligence, threat emulation development, and detection engineering. The rest will be hands-on keyboard exercises.\r\n\r\nWe will supply individual labs using the VMware Learning Platform. The lab environment will include an attack system and a target Windows system. Please bring a laptop with internet access so that you can connect to the cloud-hosted VMware lab environment.\r\n\r\nAttendees will be able to follow the self-paced guide to set up emulations, create payloads, and gain execution for assumed breach payloads. From there, various adversary behaviors will be walked through to meet adversary objectives. From the defensive side, the guide will walk the attendee through setting up data sources for detection using free tools and cover common detection types.","end_timestamp":{"seconds":1660436100,"nanoseconds":0},"updated_timestamp":{"seconds":1659889020,"nanoseconds":0},"speakers":[{"content_ids":[48934,49431,49597],"conference_id":65,"event_ids":[48934,49595,49809],"name":"Jake Williams","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/jacob-williams-77938a16/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/MalwareJake"}],"pronouns":null,"media":[],"id":48349},{"content_ids":[49597],"conference_id":65,"event_ids":[49809],"name":"Christopher Peacock","affiliations":[{"organization":"SCYTHE","title":"Adversary Emulation - Detection Engineer"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/securepeacock/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/SecurePeacock"}],"media":[],"id":48937,"title":"Adversary Emulation - Detection Engineer at SCYTHE"}],"timeband_id":892,"links":[],"end":"2022-08-14T00:15:00.000-0000","id":49809,"tag_ids":[40246,45332,45373,45377,45451],"village_id":1,"begin_timestamp":{"seconds":1660428900,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48937},{"tag_id":565,"sort_order":1,"person_id":48349}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"spans_timebands":"N","updated":"2022-08-07T16:17:00.000-0000","begin":"2022-08-13T22:15:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#d5f67c","updated_at":"2024-06-07T03:39+0000","name":"Misinformation Village","id":45335},"title":"Fireside Chat","android_description":"","end_timestamp":{"seconds":1660430700,"nanoseconds":0},"updated_timestamp":{"seconds":1659128280,"nanoseconds":0},"speakers":[{"content_ids":[49067,49069],"conference_id":65,"event_ids":[49070,49072],"name":"Arikia Millikan","affiliations":[{"organization":"","title":"Journalist, Media Consultant"}],"links":[],"pronouns":null,"media":[],"id":48478,"title":"Journalist, Media Consultant"},{"content_ids":[49068,49069],"conference_id":65,"event_ids":[49071,49072],"name":"Uchi Uchibeke","affiliations":[{"organization":"Coil","title":""}],"links":[],"pronouns":null,"media":[],"id":48495,"title":"Coil"}],"timeband_id":892,"links":[],"end":"2022-08-13T22:45:00.000-0000","id":49072,"tag_ids":[40260,45334,45335,45450],"village_id":18,"begin_timestamp":{"seconds":1660428900,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48478},{"tag_id":565,"sort_order":1,"person_id":48495}],"tags":"Fireside Chat","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (Misinformation Village)","hotel":"","short_name":"220->236 (Misinformation Village)","id":45402},"begin":"2022-08-13T22:15:00.000-0000","updated":"2022-07-29T20:58:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"This talk is about how an attacker can take advantage of the AWS Instance Metadata Service(IMDS) of virtual machines to hack into an AWS account. The talk covers how IMDS works and what it is, as well as how attackers can get at it. It covers how to find and use credentials within IMDS to escalate privileges using both native AWS tools as well as various open source offensive security tools.\n\n\n","title":"AWS Metadata Privilege Escalation","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#74a6bb","name":"DEF CON Groups VR","id":45449},"android_description":"This talk is about how an attacker can take advantage of the AWS Instance Metadata Service(IMDS) of virtual machines to hack into an AWS account. The talk covers how IMDS works and what it is, as well as how attackers can get at it. It covers how to find and use credentials within IMDS to escalate privileges using both native AWS tools as well as various open source offensive security tools.","end_timestamp":{"seconds":1660431600,"nanoseconds":0},"updated_timestamp":{"seconds":1660257480,"nanoseconds":0},"speakers":[{"content_ids":[49761],"conference_id":65,"event_ids":[49959],"name":"Jim Shaver","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/https://github.com/ihamburglar"}],"media":[],"id":49099}],"timeband_id":892,"links":[{"label":"URL","type":"link","url":"https://account.altvr.com/events/2059997537997160822"}],"end":"2022-08-13T23:00:00.000-0000","id":49959,"begin_timestamp":{"seconds":1660428000,"nanoseconds":0},"village_id":null,"tag_ids":[45374,45449],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49099}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - DEF CON Groups VR","hotel":"","short_name":"DEF CON Groups VR","id":45523},"spans_timebands":"N","begin":"2022-08-13T22:00:00.000-0000","updated":"2022-08-11T22:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Scanning various parts of the internet is one of the fundamental techniques that security researchers or white-hat hackers use to keep the internet safe. To keep up with the increasing number of bug bounty programs and assets in general we need to level up our scanning software as well.\r\n\r\nThis talk explores the design of a high-performance DNS bruteforcer. Fundamental bottlenecks that limit current scanning software to only a fraction of line-rate scan capacity will be discussed, for example: what prevents a common DNS bruteforce tool like MassDNS from exceeding 350.000 requests per second?\r\n\r\nOur tooling is currently capable of scanning DNS with up to 40M requests per second, which is over 100x faster than MassDNS at peak performance. The scan capacity can reach 40GbE line-level rate. All building blocks for this scanner will be discussed in the talk, such as the concurrency model and the way incoming and outgoing packets are routed in the scanner.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#bab7d9","name":"Recon Village","id":45384},"title":"Sonic scanning: when fast is not fast enough","android_description":"Scanning various parts of the internet is one of the fundamental techniques that security researchers or white-hat hackers use to keep the internet safe. To keep up with the increasing number of bug bounty programs and assets in general we need to level up our scanning software as well.\r\n\r\nThis talk explores the design of a high-performance DNS bruteforcer. Fundamental bottlenecks that limit current scanning software to only a fraction of line-rate scan capacity will be discussed, for example: what prevents a common DNS bruteforce tool like MassDNS from exceeding 350.000 requests per second?\r\n\r\nOur tooling is currently capable of scanning DNS with up to 40M requests per second, which is over 100x faster than MassDNS at peak performance. The scan capacity can reach 40GbE line-level rate. All building blocks for this scanner will be discussed in the talk, such as the concurrency model and the way incoming and outgoing packets are routed in the scanner.","end_timestamp":{"seconds":1660431000,"nanoseconds":0},"updated_timestamp":{"seconds":1659974880,"nanoseconds":0},"speakers":[{"content_ids":[49729],"conference_id":65,"event_ids":[49919],"name":"Jasper Insinger","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49062}],"timeband_id":892,"links":[],"end":"2022-08-13T22:50:00.000-0000","id":49919,"begin_timestamp":{"seconds":1660428000,"nanoseconds":0},"village_id":26,"tag_ids":[40268,45340,45373,45384,45453],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49062}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social B and C (Recon Village)","hotel":"","short_name":"Social B and C (Recon Village)","id":45415},"spans_timebands":"N","begin":"2022-08-13T22:00:00.000-0000","updated":"2022-08-08T16:08:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"PQC but with rebuttals - come hear the arguments surrounding PQC in the near, mid, and long term post-quantum futures.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#aae997","updated_at":"2024-06-07T03:39+0000","name":"Quantum Village","id":45382},"title":"Debate - PQC, don't we have better things to do?","end_timestamp":{"seconds":1660431600,"nanoseconds":0},"android_description":"PQC but with rebuttals - come hear the arguments surrounding PQC in the near, mid, and long term post-quantum futures.","updated_timestamp":{"seconds":1660333320,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-13T23:00:00.000-0000","id":49900,"village_id":24,"begin_timestamp":{"seconds":1660428000,"nanoseconds":0},"tag_ids":[40266,45340,45373,45382,45450],"includes":"","people":[],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 217 (Quantum Village)","hotel":"","short_name":"217 (Quantum Village)","id":45403},"spans_timebands":"N","begin":"2022-08-13T22:00:00.000-0000","updated":"2022-08-12T19:42:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"How Most Internal Networks are Compromised: A Set of Common Active Directory Attacks and How to Perform Them from Linux ","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ada5dd","name":"Red Team Village","id":45385},"android_description":"","end_timestamp":{"seconds":1660431600,"nanoseconds":0},"updated_timestamp":{"seconds":1659678900,"nanoseconds":0},"speakers":[{"content_ids":[49437],"conference_id":65,"event_ids":[49627,49628,49629,49630],"name":"Scott Brink","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/_sandw1ch"}],"pronouns":null,"media":[],"id":48828}],"timeband_id":892,"links":[],"end":"2022-08-13T23:00:00.000-0000","id":49629,"begin_timestamp":{"seconds":1660428000,"nanoseconds":0},"village_id":27,"tag_ids":[40269,45332,45373,45385,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48828}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"begin":"2022-08-13T22:00:00.000-0000","updated":"2022-08-05T05:55:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Hacking WebApps with WebSploit Labs","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ada5dd","name":"Red Team Village","id":45385},"end_timestamp":{"seconds":1660431600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659678780,"nanoseconds":0},"speakers":[{"content_ids":[49042,49430,49436,48895],"conference_id":65,"event_ids":[48894,49045,49594,49620,49621,49622,49623,49624,49625,49626],"name":"Omar Santos","affiliations":[{"organization":"Cisco PSIRT","title":"Principal Engineer"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/santosomar"}],"media":[],"id":48470,"title":"Principal Engineer at Cisco PSIRT"}],"timeband_id":892,"links":[],"end":"2022-08-13T23:00:00.000-0000","id":49623,"tag_ids":[40269,45332,45373,45385,45451],"begin_timestamp":{"seconds":1660428000,"nanoseconds":0},"village_id":27,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48470}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"spans_timebands":"N","updated":"2022-08-05T05:53:00.000-0000","begin":"2022-08-13T22:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ada5dd","name":"Red Team Village","id":45385},"title":"Hacking APIs: How to break the chains of the web ","end_timestamp":{"seconds":1660431600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659678720,"nanoseconds":0},"speakers":[{"content_ids":[49435],"conference_id":65,"event_ids":[49617,49618,49619],"name":"Corey Ball","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/hAPI_hacker"}],"pronouns":null,"media":[],"id":48819}],"timeband_id":892,"links":[],"end":"2022-08-13T23:00:00.000-0000","id":49619,"begin_timestamp":{"seconds":1660428000,"nanoseconds":0},"tag_ids":[40269,45332,45373,45385,45451],"village_id":27,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48819}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"spans_timebands":"N","begin":"2022-08-13T22:00:00.000-0000","updated":"2022-08-05T05:52:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"title":"HackerOps","end_timestamp":{"seconds":1660431600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659678600,"nanoseconds":0},"speakers":[{"content_ids":[49434],"conference_id":65,"event_ids":[49606,49607,49608,49609,49610,49611,49612,49613,49614,49615,49616],"name":"Ralph May","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48825}],"timeband_id":892,"links":[],"end":"2022-08-13T23:00:00.000-0000","id":49615,"village_id":27,"tag_ids":[40269,45332,45373,45385,45451],"begin_timestamp":{"seconds":1660428000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48825}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"spans_timebands":"N","begin":"2022-08-13T22:00:00.000-0000","updated":"2022-08-05T05:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"** If you wish to compete in the Chess Tournament, you must register Saturday between 15:00 and 15:30. **\r\n\r\nChess, computers, and hacking go way back. In the 18th century, the Mechanical Turk appeared to play a good game, but there was a human ghost hiding in the shell. Some of the first computer software was written to play chess. In 1997, world champion Garry Kasparov lost to the program Deep Blue, but after the match he accused IBM of cheating, alleging that only a rival grandmaster could have made certain moves.\r\n\r\nAt DEF CON 30, we propose to host a human chess tournament. The games will have a “blitz” time control of 5 minutes on each player’s clock, for a maximum total game time of 10 minutes. The tournament will have a Swiss-system format, with a fixed number of rounds. The match pairing for each round is done after the previous round has ended, and depends on its results. Each player is paired with another player who has a similar running score.\r\n\r\nTo determine the winner, the Swiss system is considered highly effective, even when there is a large number of competitors and a small number of rounds. Every player gets to play the full tournament, and the winner has the highest aggregate score when all rounds are over.\r\n\r\nWe’ll also have a top computer chess program on hand. There will be prizes for the winners of the tournament, as well as anyone who can beat the machine.\r\n\r\nThe tournament mechanics will be managed by the Las Vegas Chess Center (LVCC), which has over five years of experience in organizing royal game tournaments for all strength levels and ages. LVCC has professional coaches, and grandmasters are frequent visitors.\r\n\r\nDoes your contest or event plan to have a pre-qualifier?\r\n\r\nTo help crown the best chess player at DEF CON 30, we will register the highest-rated players first. We did this at DEF CON 26. In the end, everyone who wanted to play was able to play.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"title":"DEF CON 30 Chess Tournament - Mandatory Sign-up","android_description":"** If you wish to compete in the Chess Tournament, you must register Saturday between 15:00 and 15:30. **\r\n\r\nChess, computers, and hacking go way back. In the 18th century, the Mechanical Turk appeared to play a good game, but there was a human ghost hiding in the shell. Some of the first computer software was written to play chess. In 1997, world champion Garry Kasparov lost to the program Deep Blue, but after the match he accused IBM of cheating, alleging that only a rival grandmaster could have made certain moves.\r\n\r\nAt DEF CON 30, we propose to host a human chess tournament. The games will have a “blitz” time control of 5 minutes on each player’s clock, for a maximum total game time of 10 minutes. The tournament will have a Swiss-system format, with a fixed number of rounds. The match pairing for each round is done after the previous round has ended, and depends on its results. Each player is paired with another player who has a similar running score.\r\n\r\nTo determine the winner, the Swiss system is considered highly effective, even when there is a large number of competitors and a small number of rounds. Every player gets to play the full tournament, and the winner has the highest aggregate score when all rounds are over.\r\n\r\nWe’ll also have a top computer chess program on hand. There will be prizes for the winners of the tournament, as well as anyone who can beat the machine.\r\n\r\nThe tournament mechanics will be managed by the Las Vegas Chess Center (LVCC), which has over five years of experience in organizing royal game tournaments for all strength levels and ages. LVCC has professional coaches, and grandmasters are frequent visitors.\r\n\r\nDoes your contest or event plan to have a pre-qualifier?\r\n\r\nTo help crown the best chess player at DEF CON 30, we will register the highest-rated players first. We did this at DEF CON 26. In the end, everyone who wanted to play was able to play.","end_timestamp":{"seconds":1660429800,"nanoseconds":0},"updated_timestamp":{"seconds":1659665400,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-13T22:30:00.000-0000","id":49568,"village_id":null,"tag_ids":[45360,45373,45450],"begin_timestamp":{"seconds":1660428000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 133 (Karaoke/Chess)","hotel":"","short_name":"133 (Karaoke/Chess)","id":45385},"begin":"2022-08-13T22:00:00.000-0000","updated":"2022-08-05T02:10:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Using real-world examples, we will walk through the exciting and often illicit maritime space. We will learn the techniques being used for evading sanctions, moving illegal goods, manipulating identities, and intimidation; as well as the OSINT tactics used to uncover these activities.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#81f8bf","name":"ICS Village","id":45369},"title":"The Perfect Storm: Deception, Manipulation, and Obfuscation on the High Seas","end_timestamp":{"seconds":1660431600,"nanoseconds":0},"android_description":"Using real-world examples, we will walk through the exciting and often illicit maritime space. We will learn the techniques being used for evading sanctions, moving illegal goods, manipulating identities, and intimidation; as well as the OSINT tactics used to uncover these activities.","updated_timestamp":{"seconds":1659473520,"nanoseconds":0},"speakers":[{"content_ids":[49349],"conference_id":65,"event_ids":[49449],"name":"Rae Baker","affiliations":[{"organization":"","title":"Senior OSINT Analyst"}],"links":[],"pronouns":null,"media":[],"id":48768,"title":"Senior OSINT Analyst"}],"timeband_id":892,"links":[],"end":"2022-08-13T23:00:00.000-0000","id":49449,"village_id":15,"begin_timestamp":{"seconds":1660428000,"nanoseconds":0},"tag_ids":[40258,45340,45369,45375,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48768}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village)","hotel":"","short_name":"314 - 319 (ICS Village)","id":45430},"spans_timebands":"N","begin":"2022-08-13T22:00:00.000-0000","updated":"2022-08-02T20:52:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"If you know the names Voyager 1 and 2, Galileo, Salvage 1, Hubble, Cassini, Opportunity, and Spirit then you are familiar with the work done by NASA’s Jet Propulsion Laboratory. But space operations are more than just the satellites and vehicles we typically hear about, and JPL’s Chief Information Security Officer is responsible for keeping the variety of complex ground networks continuously running. Join us to hear from Wes Gavins, CISO at JPL, and learn about his infosec journey, his inspiration, and how he leads his teams to ensure safe and secure space operations.\n\n\n","title":"Near and Far: Securing On and Off Planet Networks at JPL","type":{"conference_id":65,"conference":"DEFCON30","color":"#f5eab2","updated_at":"2024-06-07T03:39+0000","name":"Aerospace Village","id":45357},"android_description":"If you know the names Voyager 1 and 2, Galileo, Salvage 1, Hubble, Cassini, Opportunity, and Spirit then you are familiar with the work done by NASA’s Jet Propulsion Laboratory. But space operations are more than just the satellites and vehicles we typically hear about, and JPL’s Chief Information Security Officer is responsible for keeping the variety of complex ground networks continuously running. Join us to hear from Wes Gavins, CISO at JPL, and learn about his infosec journey, his inspiration, and how he leads his teams to ensure safe and secure space operations.","end_timestamp":{"seconds":1660431000,"nanoseconds":0},"updated_timestamp":{"seconds":1659379440,"nanoseconds":0},"speakers":[{"content_ids":[49239],"conference_id":65,"event_ids":[49282],"name":"Wes Gavins","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48689}],"timeband_id":892,"links":[],"end":"2022-08-13T22:50:00.000-0000","id":49282,"village_id":2,"tag_ids":[40247,45340,45357,45450],"begin_timestamp":{"seconds":1660428000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48689}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","begin":"2022-08-13T22:00:00.000-0000","updated":"2022-08-01T18:44:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Do you have any questions for those that have been involved in the amateur radio hobby? Now is the time to \"Ask-A-Ham\"!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#ed8d99","updated_at":"2024-06-07T03:39+0000","name":"Ham Radio Village","id":45355},"title":"Panel: Ask-a-ham","end_timestamp":{"seconds":1660429800,"nanoseconds":0},"android_description":"Do you have any questions for those that have been involved in the amateur radio hobby? Now is the time to \"Ask-A-Ham\"!","updated_timestamp":{"seconds":1659309060,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-13T22:30:00.000-0000","id":49257,"tag_ids":[40256,45340,45355,45451],"begin_timestamp":{"seconds":1660428000,"nanoseconds":0},"village_id":13,"includes":"","people":[],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City II (Ham Radio Village Activities)","hotel":"","short_name":"Virginia City II (Ham Radio Village Activities)","id":45489},"updated":"2022-07-31T23:11:00.000-0000","begin":"2022-08-13T22:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#8dc784","updated_at":"2024-06-07T03:39+0000","name":"BIC Village","id":45353},"title":"Threat hunting? Ain’t nobody got time for that...","android_description":"","end_timestamp":{"seconds":1660429800,"nanoseconds":0},"updated_timestamp":{"seconds":1659305280,"nanoseconds":0},"speakers":[{"content_ids":[49203],"conference_id":65,"event_ids":[49244],"name":"Nick Gobern","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48660}],"timeband_id":892,"links":[],"end":"2022-08-13T22:30:00.000-0000","id":49244,"village_id":6,"tag_ids":[40249,45348,45353,45374],"begin_timestamp":{"seconds":1660428000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48660}],"tags":"Pre-Recorded Content","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - BIC Village","hotel":"","short_name":"BIC Village","id":45488},"updated":"2022-07-31T22:08:00.000-0000","begin":"2022-08-13T22:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Kusto Query Language (KQL) is Microsoft's proprietary query language and has many use cases in enterprise Azure environments including threat hunting, threat detection and discovering misconfigured assets. In this workshop, I'll be going over these use cases and teaching the attendee how to structure KQL queries to get insights about activity in their Azure environments via Microsoft Sentinel.\r\n\r\nWorkshop Pre-requisites -\r\n- Laptop w/ network connectivity \r\n- An Azure subscription (Free trial or Pay-as-you-Go tier works just fine)\r\n - Disclaimer: Attendees may incur a small bill due to the nature of the workshop. We will be deleting everything we create during the workshop upon completion of the workshop.\r\n- Water, snacks and an appetite for learning\n\n\n","title":"KQL Kung Fu: Finding the Needle in the Haystack in Your Azure Environments","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#7caa57","name":"Cloud Village","id":45350},"end_timestamp":{"seconds":1660435200,"nanoseconds":0},"android_description":"Kusto Query Language (KQL) is Microsoft's proprietary query language and has many use cases in enterprise Azure environments including threat hunting, threat detection and discovering misconfigured assets. In this workshop, I'll be going over these use cases and teaching the attendee how to structure KQL queries to get insights about activity in their Azure environments via Microsoft Sentinel.\r\n\r\nWorkshop Pre-requisites -\r\n- Laptop w/ network connectivity \r\n- An Azure subscription (Free trial or Pay-as-you-Go tier works just fine)\r\n - Disclaimer: Attendees may incur a small bill due to the nature of the workshop. We will be deleting everything we create during the workshop upon completion of the workshop.\r\n- Water, snacks and an appetite for learning","updated_timestamp":{"seconds":1659797100,"nanoseconds":0},"speakers":[{"content_ids":[49189],"conference_id":65,"event_ids":[49225],"name":"Darwin Salazar","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/darwnsm"}],"pronouns":null,"media":[],"id":48640}],"timeband_id":892,"links":[],"end":"2022-08-14T00:00:00.000-0000","id":49225,"village_id":9,"tag_ids":[40252,45332,45350,45451],"begin_timestamp":{"seconds":1660428000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48640}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Cloud Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Cloud Village)","id":45431},"spans_timebands":"N","begin":"2022-08-13T22:00:00.000-0000","updated":"2022-08-06T14:45:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Learn how to make art with AI\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#7692ac","name":"AI Village","id":45330},"title":"Generative Art Tutorial","end_timestamp":{"seconds":1660431000,"nanoseconds":0},"android_description":"Learn how to make art with AI","updated_timestamp":{"seconds":1659292980,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-13T22:50:00.000-0000","id":49046,"begin_timestamp":{"seconds":1660428000,"nanoseconds":0},"tag_ids":[40248,45330,45450],"village_id":3,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (AI Village)","hotel":"","short_name":"220->236 (AI Village)","id":45410},"spans_timebands":"N","begin":"2022-08-13T22:00:00.000-0000","updated":"2022-07-31T18:43:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"\"\"\"This presentation is on planning for cybersecurity risks that are inherent within healthcare facility control systems. Traditional standalone OT systems that operate our building (HVAC, electrical, etc) are systems are essential components to a typical healthcare facility’s operation. \r\n\r\nThe evolution and market demand for smart and sustainable buildings is driving convergence of IT, IoT and OT systems. The return on investment offered by these technologies could be eliminated by a single cyber event without planning for cybersecurity and resilience, or even worse, can affect patient life safety due to interdependencies of systems.\r\n\r\nThis presentation shows how to recognize potential cybersecurity risks from integrated control system technologies and data integration, and how owners have successfully implemented secure, resilient, and maintainable solutions through application of a risk management framework within facility design.\"\"\"\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#a67a60","name":"Biohacking Village","id":45329},"title":"Secure by Design - Facilities design cybersecurity","android_description":"\"\"\"This presentation is on planning for cybersecurity risks that are inherent within healthcare facility control systems. Traditional standalone OT systems that operate our building (HVAC, electrical, etc) are systems are essential components to a typical healthcare facility’s operation. \r\n\r\nThe evolution and market demand for smart and sustainable buildings is driving convergence of IT, IoT and OT systems. The return on investment offered by these technologies could be eliminated by a single cyber event without planning for cybersecurity and resilience, or even worse, can affect patient life safety due to interdependencies of systems.\r\n\r\nThis presentation shows how to recognize potential cybersecurity risks from integrated control system technologies and data integration, and how owners have successfully implemented secure, resilient, and maintainable solutions through application of a risk management framework within facility design.\"\"\"","end_timestamp":{"seconds":1660429800,"nanoseconds":0},"updated_timestamp":{"seconds":1659108600,"nanoseconds":0},"speakers":[{"content_ids":[49025],"conference_id":65,"event_ids":[49028],"name":"David Brearley","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/david-brearley/"}],"pronouns":null,"media":[],"id":48440}],"timeband_id":892,"links":[],"end":"2022-08-13T22:30:00.000-0000","id":49028,"begin_timestamp":{"seconds":1660428000,"nanoseconds":0},"village_id":5,"tag_ids":[40277,45329,45373,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48440}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Laughlin I,II,III (Biohacking Village)","hotel":"","short_name":"Laughlin I,II,III (Biohacking Village)","id":45405},"begin":"2022-08-13T22:00:00.000-0000","updated":"2022-07-29T15:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Sample panel questions may include:\r\nHow is control validation different from red teaming?\r\nIsn’t control validation just purple teaming? (it’s not)\r\nHow do you recommend my organization starts its first control validation exercise?\r\nWhat’s you #1 recommendation for maturing a control validation program?\r\nWhat are methods for scaling control validation programs?\r\nHow much validation is too much? When is the cost no longer justified?\n\n\nTesting security controls is hard. Really hard. Every incident responder has lived with victims who are sure existing security controls should have prevented or detected the intrusion. While some organizations don’t do any security control validation, those that do understand the challenges. While red team operations allow for point-in-time validation, how are organizations dealing with control validations during product updates or configuration changes? By and large the answer is “they aren’t.” On this panel, we’ll discuss why control validation is difficult. Then we’ll discuss recommendations for scaling control validation operations in practically any organization.","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#97ab92","name":"Blue Team Village","id":45376},"title":"Challenges in Control Validation","android_description":"Sample panel questions may include:\r\nHow is control validation different from red teaming?\r\nIsn’t control validation just purple teaming? (it’s not)\r\nHow do you recommend my organization starts its first control validation exercise?\r\nWhat’s you #1 recommendation for maturing a control validation program?\r\nWhat are methods for scaling control validation programs?\r\nHow much validation is too much? When is the cost no longer justified?\n\n\nTesting security controls is hard. Really hard. Every incident responder has lived with victims who are sure existing security controls should have prevented or detected the intrusion. While some organizations don’t do any security control validation, those that do understand the challenges. While red team operations allow for point-in-time validation, how are organizations dealing with control validations during product updates or configuration changes? By and large the answer is “they aren’t.” On this panel, we’ll discuss why control validation is difficult. Then we’ll discuss recommendations for scaling control validation operations in practically any organization.","end_timestamp":{"seconds":1660431600,"nanoseconds":0},"updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48934],"conference_id":65,"event_ids":[48934],"name":"AJ King","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48321},{"content_ids":[48934],"conference_id":65,"event_ids":[48934],"name":"Kristen Cotten","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48336},{"content_ids":[48934,49431,49597],"conference_id":65,"event_ids":[48934,49595,49809],"name":"Jake Williams","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/jacob-williams-77938a16/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/MalwareJake"}],"media":[],"id":48349}],"timeband_id":892,"links":[],"end":"2022-08-13T23:00:00.000-0000","id":48934,"tag_ids":[40250,45367,45373,45376,45451],"begin_timestamp":{"seconds":1660428000,"nanoseconds":0},"village_id":7,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48321},{"tag_id":565,"sort_order":1,"person_id":48349},{"tag_id":565,"sort_order":1,"person_id":48336}],"tags":"Panel","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Main Stage (In-person)","hotel":"","short_name":"BTV Main Stage (In-person)","id":45470},"spans_timebands":"N","begin":"2022-08-13T22:00:00.000-0000","updated":"2022-07-28T21:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Demonstrate how Horusec can help and how easy it is to get started. Show the evolutions of the latest version and invite people to contribute. Show the case of Log4j where we became Top Trend on Twitter because of the detection and after that several big companies started using it.\r\n\r\nDemonstrate from installation to configuration to detection and how AppSec and BlueTeam times can benefit.\n\n\nPresentation of the Horusec tool (https://github.com/ZupIT/horusec) that was developed by ZUP IT in Brazil to help companies identify security problems in the most common languages still in a development environment or the IDE.","type":{"conference_id":65,"conference":"DEFCON30","color":"#97ab92","updated_at":"2024-06-07T03:39+0000","name":"Blue Team Village","id":45376},"title":"Horusec - Brazilian SAST help World","android_description":"Demonstrate how Horusec can help and how easy it is to get started. Show the evolutions of the latest version and invite people to contribute. Show the case of Log4j where we became Top Trend on Twitter because of the detection and after that several big companies started using it.\r\n\r\nDemonstrate from installation to configuration to detection and how AppSec and BlueTeam times can benefit.\n\n\nPresentation of the Horusec tool (https://github.com/ZupIT/horusec) that was developed by ZUP IT in Brazil to help companies identify security problems in the most common languages still in a development environment or the IDE.","end_timestamp":{"seconds":1660428900,"nanoseconds":0},"updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48921],"conference_id":65,"event_ids":[48922],"name":"Gilmar Esteves","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48361}],"timeband_id":892,"links":[],"end":"2022-08-13T22:15:00.000-0000","id":48922,"begin_timestamp":{"seconds":1660428000,"nanoseconds":0},"tag_ids":[40250,45332,45374,45376],"village_id":7,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48361}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45475,"name":"Virtual - BlueTeam Village - Talks","hotel":"","short_name":"Talks","id":45473},"begin":"2022-08-13T22:00:00.000-0000","updated":"2022-07-28T21:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"First defined in 1998, the iCalendar standard remains ubiquitous in enterprise software. However, it did not account for modern security concerns and allowed vendors to create proprietary extensions that expanded the attack surface.\n\nI demonstrate how flawed RFC implementations led to new vulnerabilities in popular applications such as Apple Calendar, Google Calendar, Microsoft Outlook, and VMware Boxer. Attackers can trigger exploits remotely with zero user interaction due to automatic parsing of event invitations. Some of these zombie properties were abandoned years ago for their obvious security problems but continue to pop up in legacy code.\n\nFurthermore, I explain how iCalendar’s integrations with the SMTP and CalDAV protocols enable multi-stage attacks. Despite attempts to secure these technologies separately, the interactions that arise from features such as emailed event reminders require a full-stack approach to calendar security. I conclude that developers should strengthen existing iCalendar standards in terms of design and implementation.\n\nI advocate for an open-source and open-standards approach to secure iCalendar rather than proprietary fragmentation. I will release a database of proprietary iCalendar properties and a technical whitepaper.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"title":"You Have One New Appwntment - Hacking Proprietary iCalendar Properties","android_description":"First defined in 1998, the iCalendar standard remains ubiquitous in enterprise software. However, it did not account for modern security concerns and allowed vendors to create proprietary extensions that expanded the attack surface.\n\nI demonstrate how flawed RFC implementations led to new vulnerabilities in popular applications such as Apple Calendar, Google Calendar, Microsoft Outlook, and VMware Boxer. Attackers can trigger exploits remotely with zero user interaction due to automatic parsing of event invitations. Some of these zombie properties were abandoned years ago for their obvious security problems but continue to pop up in legacy code.\n\nFurthermore, I explain how iCalendar’s integrations with the SMTP and CalDAV protocols enable multi-stage attacks. Despite attempts to secure these technologies separately, the interactions that arise from features such as emailed event reminders require a full-stack approach to calendar security. I conclude that developers should strengthen existing iCalendar standards in terms of design and implementation.\n\nI advocate for an open-source and open-standards approach to secure iCalendar rather than proprietary fragmentation. I will release a database of proprietary iCalendar properties and a technical whitepaper.","end_timestamp":{"seconds":1660430700,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48563,49167,49718],"conference_id":65,"event_ids":[48564,49203,49908],"name":"Eugene Lim","affiliations":[{"organization":"","title":"Cybersecurity Specialist, Government Technology Agency of Singapore"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/spaceraccoonsec"},{"description":"","title":"Website","sort_order":0,"url":"https://spaceraccoon.dev/"}],"pronouns":null,"media":[],"id":47912,"title":"Cybersecurity Specialist, Government Technology Agency of Singapore"}],"timeband_id":892,"end":"2022-08-13T22:45:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241931"}],"id":48564,"tag_ids":[45241,45279,45280,45281,45375,45450],"village_id":null,"begin_timestamp":{"seconds":1660428000,"nanoseconds":0},"includes":"Tool, Demo, Exploit","people":[{"tag_id":565,"sort_order":1,"person_id":47912}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 401-410, 421 (Track 3)","hotel":"","short_name":"401-410, 421 (Track 3)","id":45374},"begin":"2022-08-13T22:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"What happens when you have networked projectors, misconfigured devices, and a bored high school student looking for the perfect senior prank? You get a massive rickroll spanning six high schools and over 11,000 students at one of the largest school districts in suburban Chicago.\n\nThis talk will go over the coordination required to execute a hack of this scale and the logistics of commanding a botnet of IoT systems. It will also describe the operational security measures taken so that *you* can evade detection, avoid punishment, and successfully walk at graduation.\n\n\n","title":"The Big Rick: How I Rickrolled My High School District and Got Away With It","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"end_timestamp":{"seconds":1660429200,"nanoseconds":0},"android_description":"What happens when you have networked projectors, misconfigured devices, and a bored high school student looking for the perfect senior prank? You get a massive rickroll spanning six high schools and over 11,000 students at one of the largest school districts in suburban Chicago.\n\nThis talk will go over the coordination required to execute a hack of this scale and the logistics of commanding a botnet of IoT systems. It will also describe the operational security measures taken so that *you* can evade detection, avoid punishment, and successfully walk at graduation.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48562],"conference_id":65,"event_ids":[48524],"name":"Minh Duong","affiliations":[{"organization":"","title":"Student at University of Illinois at Urbana-Champaign"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/WhiteHoodHacker"}],"media":[],"id":47838,"title":"Student at University of Illinois at Urbana-Champaign"}],"timeband_id":892,"end":"2022-08-13T22:20:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241934"}],"id":48524,"village_id":null,"tag_ids":[45241,45375,45450],"begin_timestamp":{"seconds":1660428000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47838}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 106-110, 138-139 (Track 2)","hotel":"","short_name":"106-110, 138-139 (Track 2)","id":45373},"begin":"2022-08-13T22:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In an ideal world, members of a community work together towards a common goal or greater good. Unfortunately, we do not (yet) live in such a world.\n\nIn this talk, we discuss what appears to be a systemic issue impacting our cyber-security community: the theft and unauthorized use of algorithms by corporate entities. Entities who themselves may be part of the community.\n\nFirst, we’ll present a variety of search techniques that can automatically point to unauthorized code in commercial products. Then we’ll show how reverse-engineering and binary comparison techniques can confirm such findings.\n\nNext, we will apply these approaches in a real-world case study. Specifically, we’ll focus on a popular tool from a non-profit organization that was reverse-engineered by multiple entities such that its core algorithm could be recovered and used (unauthorized), in multiple commercial products.\n\nThe talk will end with actionable takeaways and recommendations, as who knows, this may happen to you too! For one, we'll present strategic approaches (and the challenges) of confronting culpable commercial entities (and their legal teams). Moreover, we’ll provide recommendations for corporations to ensure this doesn’t happen in the first place, thus ensuring that our community can remain cohesively focused on its mutual goals.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"title":"Déjà Vu: Uncovering Stolen Algorithms in Commercial Products","android_description":"In an ideal world, members of a community work together towards a common goal or greater good. Unfortunately, we do not (yet) live in such a world.\n\nIn this talk, we discuss what appears to be a systemic issue impacting our cyber-security community: the theft and unauthorized use of algorithms by corporate entities. Entities who themselves may be part of the community.\n\nFirst, we’ll present a variety of search techniques that can automatically point to unauthorized code in commercial products. Then we’ll show how reverse-engineering and binary comparison techniques can confirm such findings.\n\nNext, we will apply these approaches in a real-world case study. Specifically, we’ll focus on a popular tool from a non-profit organization that was reverse-engineered by multiple entities such that its core algorithm could be recovered and used (unauthorized), in multiple commercial products.\n\nThe talk will end with actionable takeaways and recommendations, as who knows, this may happen to you too! For one, we'll present strategic approaches (and the challenges) of confronting culpable commercial entities (and their legal teams). Moreover, we’ll provide recommendations for corporations to ensure this doesn’t happen in the first place, thus ensuring that our community can remain cohesively focused on its mutual goals.","end_timestamp":{"seconds":1660429200,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48561],"conference_id":65,"event_ids":[48515],"name":"Tom McGuire","affiliations":[],"links":[],"pronouns":null,"media":[],"id":47849},{"content_ids":[48515,48561],"conference_id":65,"event_ids":[48578,48515],"name":"Patrick Wardle","affiliations":[{"organization":"","title":"Founder, Objective-See Foundation"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/patrickwardle"},{"description":"","title":"https://objective-see.org/","sort_order":0,"url":"https://objective-see.org/"}],"media":[],"id":47914,"title":"Founder, Objective-See Foundation"}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241829"}],"end":"2022-08-13T22:20:00.000-0000","id":48515,"begin_timestamp":{"seconds":1660428000,"nanoseconds":0},"tag_ids":[45241,45279,45375,45450],"village_id":null,"includes":"Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47914},{"tag_id":565,"sort_order":1,"person_id":47849}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 104-105, 135-136 (Track 1)","hotel":"","short_name":"104-105, 135-136 (Track 1)","id":45372},"begin":"2022-08-13T22:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Are you new to the world of Threat and Adversary Emulation, Breach and Attack Simulation and/or Purple Teaming? A little over a year ago, I was too, and so there I began my journey down the rabbit hole into this new, hot, and upcoming area of cybersecurity. One year later, upon reflection, I asked myself what advice I could share to my past self as well as other defenders out there. What are some of the major obstacles to overcome when trying to implement purple teaming? What factors are often overlooked when using breach and attack simulation? What assumptions are typically made about threat emulation? And what could you do differently to start demonstrating value quicker? In this presentation I will be sharing my top 10 lessons learned from the trenches, with the aim of helping you to prepare, plan and ponder my recommendations with your existing Breach and Attack Simulation and/or Purple Teaming project. Regardless of what tool, platform, or framework you use, whether you are technical or not, or if you are red, blue, or purple, this neutral presentation aims to provide some useful, practical advice and guidance in the hope that all attendees can benefit from.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#54ab76","name":"Adversary Village","id":45377},"title":"Down The Rabbit Hole: 10 Lessons Learned from a Year in the Trenches","android_description":"Are you new to the world of Threat and Adversary Emulation, Breach and Attack Simulation and/or Purple Teaming? A little over a year ago, I was too, and so there I began my journey down the rabbit hole into this new, hot, and upcoming area of cybersecurity. One year later, upon reflection, I asked myself what advice I could share to my past self as well as other defenders out there. What are some of the major obstacles to overcome when trying to implement purple teaming? What factors are often overlooked when using breach and attack simulation? What assumptions are typically made about threat emulation? And what could you do differently to start demonstrating value quicker? In this presentation I will be sharing my top 10 lessons learned from the trenches, with the aim of helping you to prepare, plan and ponder my recommendations with your existing Breach and Attack Simulation and/or Purple Teaming project. Regardless of what tool, platform, or framework you use, whether you are technical or not, or if you are red, blue, or purple, this neutral presentation aims to provide some useful, practical advice and guidance in the hope that all attendees can benefit from.","end_timestamp":{"seconds":1660428900,"nanoseconds":0},"updated_timestamp":{"seconds":1659888660,"nanoseconds":0},"speakers":[{"content_ids":[49587],"conference_id":65,"event_ids":[49799],"name":"Andrew Costis","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/0x4143"}],"media":[],"id":48943}],"timeband_id":892,"links":[],"end":"2022-08-13T22:15:00.000-0000","id":49799,"begin_timestamp":{"seconds":1660427100,"nanoseconds":0},"village_id":1,"tag_ids":[40246,45340,45373,45377,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48943}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"spans_timebands":"N","updated":"2022-08-07T16:11:00.000-0000","begin":"2022-08-13T21:45:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"We will introduce Web Monetization and show participants how to monetize their content using the Interledger payment pointer could enable them to accept payments today. The workshop will also cover tipping and how Coil approaches tipping. All participants will get $10 in tip credit and 6 months of Coil membership \n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d5f67c","updated_at":"2024-06-07T03:39+0000","name":"Misinformation Village","id":45335},"title":"Web Monetization: A privacy-preserving and open way to earn from Content","end_timestamp":{"seconds":1660428900,"nanoseconds":0},"android_description":"We will introduce Web Monetization and show participants how to monetize their content using the Interledger payment pointer could enable them to accept payments today. The workshop will also cover tipping and how Coil approaches tipping. All participants will get $10 in tip credit and 6 months of Coil membership","updated_timestamp":{"seconds":1660363740,"nanoseconds":0},"speakers":[{"content_ids":[49068,49069],"conference_id":65,"event_ids":[49071,49072],"name":"Uchi Uchibeke","affiliations":[{"organization":"Coil","title":""}],"links":[],"pronouns":null,"media":[],"id":48495,"title":"Coil"}],"timeband_id":892,"links":[],"end":"2022-08-13T22:15:00.000-0000","id":49071,"begin_timestamp":{"seconds":1660427100,"nanoseconds":0},"tag_ids":[40260,45333,45335,45450],"village_id":18,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48495}],"tags":"Guest Speaker","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (Misinformation Village)","hotel":"","short_name":"220->236 (Misinformation Village)","id":45402},"updated":"2022-08-13T04:09:00.000-0000","begin":"2022-08-13T21:45:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The talk will cover two different aspects of modern RFID research using the Proxmark3 device. We be looking into a wellknown access control system final layers of protection and to wrap it up, using the new tear off attack to come up with fun findings with its tags. This talk is suitable for people with bizarre interest in PACS. \"\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8826b","name":"Radio Frequency Village","id":45383},"title":"Rip and tear","android_description":"The talk will cover two different aspects of modern RFID research using the Proxmark3 device. We be looking into a wellknown access control system final layers of protection and to wrap it up, using the new tear off attack to come up with fun findings with its tags. This talk is suitable for people with bizarre interest in PACS. \"","end_timestamp":{"seconds":1660429800,"nanoseconds":0},"updated_timestamp":{"seconds":1659928680,"nanoseconds":0},"speakers":[{"content_ids":[49669],"conference_id":65,"event_ids":[49857],"name":"Iceman","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/herrmann1001"}],"pronouns":null,"media":[],"id":49027}],"timeband_id":892,"links":[],"end":"2022-08-13T22:30:00.000-0000","id":49857,"begin_timestamp":{"seconds":1660426200,"nanoseconds":0},"tag_ids":[40267,45340,45373,45383,45451],"village_id":25,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49027}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Eldorado Ballroom (Radio Frequency Village)","hotel":"","short_name":"Eldorado Ballroom (Radio Frequency Village)","id":45427},"updated":"2022-08-08T03:18:00.000-0000","begin":"2022-08-13T21:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"No-code application platforms emerged a few years ago. They are a very attractive platform to many business organizations because they use modular and pre-built configurations for quick and efficient software development and delivery without writing code. \r\nSecure code review is one of the major processes to identify security weaknesses early in the SDLC and prevents potential vulnerabilities when the application is released in production. If there is no code in your software development, what are application security engineers reviewing in the application? \r\nIn this talk, I’ll talk about your security concerns in no-code application development platforms including the OWASP top 10 no-code security risks, and provide tips to mitigate risks from no-code development. I’ll also introduce a new security review process for no-code software development to reduce security risks. At the end of the talk, I will demonstrate how to conduct security reviews of no-code applications.\r\nThis talk is helpful for application security engineers whose organizations are considering or already using no-code platforms and anyone who wants to know how to incorporate security into no-code applications.\n\n\n","title":"No Code Security Review - What should I review in applications without code?","type":{"conference_id":65,"conference":"DEFCON30","color":"#5978bc","updated_at":"2024-06-07T03:39+0000","name":"AppSec Village","id":45378},"end_timestamp":{"seconds":1660429800,"nanoseconds":0},"android_description":"No-code application platforms emerged a few years ago. They are a very attractive platform to many business organizations because they use modular and pre-built configurations for quick and efficient software development and delivery without writing code. \r\nSecure code review is one of the major processes to identify security weaknesses early in the SDLC and prevents potential vulnerabilities when the application is released in production. If there is no code in your software development, what are application security engineers reviewing in the application? \r\nIn this talk, I’ll talk about your security concerns in no-code application development platforms including the OWASP top 10 no-code security risks, and provide tips to mitigate risks from no-code development. I’ll also introduce a new security review process for no-code software development to reduce security risks. At the end of the talk, I will demonstrate how to conduct security reviews of no-code applications.\r\nThis talk is helpful for application security engineers whose organizations are considering or already using no-code platforms and anyone who wants to know how to incorporate security into no-code applications.","updated_timestamp":{"seconds":1659917160,"nanoseconds":0},"speakers":[{"content_ids":[49643],"conference_id":65,"event_ids":[49827],"name":"Inaae Kim","affiliations":[],"pronouns":null,"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/inaae-kim-660aa577/"}],"media":[],"id":49010}],"timeband_id":892,"links":[],"end":"2022-08-13T22:30:00.000-0000","id":49827,"tag_ids":[40278,45340,45378,45432,45451],"begin_timestamp":{"seconds":1660426200,"nanoseconds":0},"village_id":4,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49010}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45421,"name":"Flamingo - Twilight Ballroom - AppSec Village - Main Stage","hotel":"","short_name":"Main Stage","id":45517},"updated":"2022-08-08T00:06:00.000-0000","begin":"2022-08-13T21:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Adversary Simulator booth will have hands-on adversary emulation plans specific to a wide variety of threat-actors - ransomware, these are meant to provide the participant/visitor with a better understanding of the Adversary tactics.\n\n\n","title":"Adversary Booth","type":{"conference_id":65,"conference":"DEFCON30","color":"#54ab76","updated_at":"2024-06-07T03:39+0000","name":"Adversary Village","id":45377},"end_timestamp":{"seconds":1660437000,"nanoseconds":0},"android_description":"Adversary Simulator booth will have hands-on adversary emulation plans specific to a wide variety of threat-actors - ransomware, these are meant to provide the participant/visitor with a better understanding of the Adversary tactics.","updated_timestamp":{"seconds":1659886380,"nanoseconds":0},"speakers":[{"content_ids":[49570],"conference_id":65,"event_ids":[49776,49778,49779,49780,49781],"name":"Michael Kouremetis","affiliations":[{"organization":"MITRE Corporation","title":"Lead Cyber Operations Engineer and Group Lead"}],"links":[],"pronouns":null,"media":[],"id":48920,"title":"Lead Cyber Operations Engineer and Group Lead at MITRE Corporation"},{"content_ids":[49570],"conference_id":65,"event_ids":[49776,49778,49779,49780,49781],"name":"Melanie Chan","affiliations":[{"organization":"MITRE Corporation","title":"Senior Cybersecurity Engineer & Intern Coordinator"}],"links":[],"pronouns":null,"media":[],"id":48921,"title":"Senior Cybersecurity Engineer & Intern Coordinator at MITRE Corporation"},{"content_ids":[49570],"conference_id":65,"event_ids":[49776,49778,49779,49780,49781],"name":"Ethan Michalak","affiliations":[{"organization":"MITRE Corporation","title":"Cyber Security Intern"}],"links":[],"pronouns":null,"media":[],"id":48930,"title":"Cyber Security Intern at MITRE Corporation"},{"content_ids":[49570],"conference_id":65,"event_ids":[49776,49778,49779,49780,49781],"name":"Dean Lawrence","affiliations":[{"organization":"MITRE Corporation","title":"Software Systems Engineer"}],"links":[],"pronouns":null,"media":[],"id":48932,"title":"Software Systems Engineer at MITRE Corporation"},{"content_ids":[49570],"conference_id":65,"event_ids":[49776,49778,49779,49780,49781],"name":"Jay Yee","affiliations":[{"organization":"MITRE Corporation","title":"Senior Cyber Security Engineer, Defensive Cyber Operations"}],"links":[],"pronouns":null,"media":[],"id":48946,"title":"Senior Cyber Security Engineer, Defensive Cyber Operations at MITRE Corporation"}],"timeband_id":892,"links":[],"end":"2022-08-14T00:30:00.000-0000","id":49780,"village_id":1,"tag_ids":[40246,45364,45373,45377,45451],"begin_timestamp":{"seconds":1660426200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48932},{"tag_id":565,"sort_order":1,"person_id":48930},{"tag_id":565,"sort_order":1,"person_id":48946},{"tag_id":565,"sort_order":1,"person_id":48921},{"tag_id":565,"sort_order":1,"person_id":48920}],"tags":"Educational Event","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"spans_timebands":"N","updated":"2022-08-07T15:33:00.000-0000","begin":"2022-08-13T21:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Traditional RFID badge cloning methods require you to be within 3 feet of your target. So how can you conduct a physical penetration test and clone a badge if you must stay at least 6 feet from a person? Over the past two years, companies have increasingly adopted a hybrid work environment, allowing employees to partially work remotely which has decreased the amount of foot traffic in and out of a building at any given time. This session discusses two accessible, entry-level hardware designs you can build in a day and deploy in the field, along with the tried-and-true social engineering techniques that can increase your chances of remotely cloning an RFID badge. Langston and Dan discuss their Red Team adventures and methods that can be used beyond a social distancing era. This presentation is supplemented with files and instructions that are available for download in order to build your own standalone gooseneck reader and wall implant devices!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#61ba95","name":"Physical Security Village","id":45381},"title":"Pwning RFID From 6ft Away","end_timestamp":{"seconds":1660428000,"nanoseconds":0},"android_description":"Traditional RFID badge cloning methods require you to be within 3 feet of your target. So how can you conduct a physical penetration test and clone a badge if you must stay at least 6 feet from a person? Over the past two years, companies have increasingly adopted a hybrid work environment, allowing employees to partially work remotely which has decreased the amount of foot traffic in and out of a building at any given time. This session discusses two accessible, entry-level hardware designs you can build in a day and deploy in the field, along with the tried-and-true social engineering techniques that can increase your chances of remotely cloning an RFID badge. Langston and Dan discuss their Red Team adventures and methods that can be used beyond a social distancing era. This presentation is supplemented with files and instructions that are available for download in order to build your own standalone gooseneck reader and wall implant devices!","updated_timestamp":{"seconds":1659624300,"nanoseconds":0},"speakers":[{"content_ids":[49396,49659],"conference_id":65,"event_ids":[49543,49555,49847],"name":"Daniel Goga","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/_badcharacters"}],"pronouns":null,"media":[],"id":48799},{"content_ids":[49396,49659],"conference_id":65,"event_ids":[49543,49555,49847],"name":"Langston Clement (aka sh0ck)","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/sh0ckSec"}],"pronouns":null,"media":[],"id":48802}],"timeband_id":892,"links":[],"end":"2022-08-13T22:00:00.000-0000","id":49555,"village_id":22,"begin_timestamp":{"seconds":1660426200,"nanoseconds":0},"tag_ids":[40264,45340,45373,45381,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48799},{"tag_id":565,"sort_order":1,"person_id":48802}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 201-202 (Physical Security Village)","hotel":"","short_name":"201-202 (Physical Security Village)","id":45428},"begin":"2022-08-13T21:30:00.000-0000","updated":"2022-08-04T14:45:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#c497fa","updated_at":"2024-06-07T03:39+0000","name":"Girls Hack Village","id":45361},"title":"Workshop: Protect the Pi","android_description":"","end_timestamp":{"seconds":1660431600,"nanoseconds":0},"updated_timestamp":{"seconds":1659465780,"nanoseconds":0},"speakers":[{"content_ids":[49310],"conference_id":65,"event_ids":[49410],"name":"Girls Hack Village Staff","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48723}],"timeband_id":892,"links":[],"end":"2022-08-13T23:00:00.000-0000","id":49410,"village_id":12,"tag_ids":[40255,45332,45361,45451],"begin_timestamp":{"seconds":1660426200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48723}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City III (Girls Hack Village)","hotel":"","short_name":"Virginia City III (Girls Hack Village)","id":45400},"updated":"2022-08-02T18:43:00.000-0000","begin":"2022-08-13T21:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"A combined space-cyber warfare theatre is emerging to become the primary battlefield in the twenty-first century and the main mode of space warfare. Cyberattacks on critical space-based infrastructure have already been launched by States, criminal organizations, and terrorist groups, and such attacks could even trigger a war. The risks are high, yet current multilateral regimes and most national policies do not address the emerging space-cyber nexus. A new project aims to identify shared norms\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#f5eab2","updated_at":"2024-06-07T03:39+0000","name":"Aerospace Village","id":45357},"title":"The Emerging Space - Cyber Warfare Theatre","end_timestamp":{"seconds":1660427700,"nanoseconds":0},"android_description":"A combined space-cyber warfare theatre is emerging to become the primary battlefield in the twenty-first century and the main mode of space warfare. Cyberattacks on critical space-based infrastructure have already been launched by States, criminal organizations, and terrorist groups, and such attacks could even trigger a war. The risks are high, yet current multilateral regimes and most national policies do not address the emerging space-cyber nexus. A new project aims to identify shared norms","updated_timestamp":{"seconds":1659379500,"nanoseconds":0},"speakers":[{"content_ids":[49238],"conference_id":65,"event_ids":[49281],"name":"Eytan Tepper","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48677}],"timeband_id":892,"links":[],"end":"2022-08-13T21:55:00.000-0000","id":49281,"begin_timestamp":{"seconds":1660426200,"nanoseconds":0},"village_id":2,"tag_ids":[40247,45340,45357,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48677}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","updated":"2022-08-01T18:45:00.000-0000","begin":"2022-08-13T21:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Whether serving up medical misinformation through ads, or brokering patients into predatory startups like Cerebral - patients going through the trauma of a diagnosis experience harm as they seek knowledge online. This talk will focus on this specific research, and share a broader perspective on the deadly state of surveillance capitalism and ad targeting in healthcare.\r\n\r\nIn a recent study from researchers at Duke University and the patient privacy-focused group the Light Collective, patient advocates who are active in the hereditary cancer community and cancer support groups on Facebook—including three who are Facebook group admins—downloaded and analyzed their data from the platform's \"Off Facebook Activity\" feature in September and October. The tool shows what information third parties are sharing with Facebook and its parent company Meta about your activity on other apps and websites. Along with the retail and media sites that typically show up in these reports, the researchers found that several genetic-testing and digital-medicine companies had shared customer information with the social media giant for ad targeting.\r\n\r\nThis talk will not only share examples of harm, we will talk about what our patient-led collective is doing to help patients take back their privacy.\r\n\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#ff88ea","updated_at":"2024-06-07T03:39+0000","name":"Crypto & Privacy Village","id":45347},"title":"The deadly state of surveillance capitalism in healthcare","android_description":"Whether serving up medical misinformation through ads, or brokering patients into predatory startups like Cerebral - patients going through the trauma of a diagnosis experience harm as they seek knowledge online. This talk will focus on this specific research, and share a broader perspective on the deadly state of surveillance capitalism and ad targeting in healthcare.\r\n\r\nIn a recent study from researchers at Duke University and the patient privacy-focused group the Light Collective, patient advocates who are active in the hereditary cancer community and cancer support groups on Facebook—including three who are Facebook group admins—downloaded and analyzed their data from the platform's \"Off Facebook Activity\" feature in September and October. The tool shows what information third parties are sharing with Facebook and its parent company Meta about your activity on other apps and websites. Along with the retail and media sites that typically show up in these reports, the researchers found that several genetic-testing and digital-medicine companies had shared customer information with the social media giant for ad targeting.\r\n\r\nThis talk will not only share examples of harm, we will talk about what our patient-led collective is doing to help patients take back their privacy.","end_timestamp":{"seconds":1660428000,"nanoseconds":0},"updated_timestamp":{"seconds":1659213960,"nanoseconds":0},"speakers":[{"content_ids":[49013,49155],"conference_id":65,"event_ids":[49016,49191],"name":"Andrea Downing","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48437},{"content_ids":[49013,49155],"conference_id":65,"event_ids":[49016,49191],"name":"Valencia Robinson","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48459},{"content_ids":[49155],"conference_id":65,"event_ids":[49191],"name":"Mike Mittelman","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48619}],"timeband_id":892,"links":[],"end":"2022-08-13T22:00:00.000-0000","id":49191,"begin_timestamp":{"seconds":1660426200,"nanoseconds":0},"village_id":10,"tag_ids":[40253,45347,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48437},{"tag_id":565,"sort_order":1,"person_id":48619},{"tag_id":565,"sort_order":1,"person_id":48459}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"spans_timebands":"N","begin":"2022-08-13T21:30:00.000-0000","updated":"2022-07-30T20:46:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Natural Disasters and International Supply Chains: Biomedical and Pharmaceutical Review","type":{"conference_id":65,"conference":"DEFCON30","color":"#a67a60","updated_at":"2024-06-07T03:39+0000","name":"Biohacking Village","id":45329},"android_description":"","end_timestamp":{"seconds":1660428000,"nanoseconds":0},"updated_timestamp":{"seconds":1659108600,"nanoseconds":0},"speakers":[{"content_ids":[49024],"conference_id":65,"event_ids":[49027],"name":"Jorge Acevedo Canabal, MD","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/jacanabal/"}],"pronouns":null,"media":[],"id":48447}],"timeband_id":892,"links":[],"end":"2022-08-13T22:00:00.000-0000","id":49027,"village_id":5,"tag_ids":[40277,45329,45373,45451],"begin_timestamp":{"seconds":1660426200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48447}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Laughlin I,II,III (Biohacking Village)","hotel":"","short_name":"Laughlin I,II,III (Biohacking Village)","id":45405},"spans_timebands":"N","begin":"2022-08-13T21:30:00.000-0000","updated":"2022-07-29T15:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Obsidian 4n6 Station: Pre-Recorded - Obsidian 4n6: Creating a custom Velociraptor collector\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nObsidian 4n6 Station: Pre-Recorded - Obsidian 4n6: Creating a custom Velociraptor collector\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#97ab92","name":"Blue Team Village","id":45376},"title":"Obsidian Forensics: Creating a custom Velociraptor collector","end_timestamp":{"seconds":1660428000,"nanoseconds":0},"android_description":"Obsidian 4n6 Station: Pre-Recorded - Obsidian 4n6: Creating a custom Velociraptor collector\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nObsidian 4n6 Station: Pre-Recorded - Obsidian 4n6: Creating a custom Velociraptor collector\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48909,48924,48910],"conference_id":65,"event_ids":[48911,48912,48925],"name":"Wes Lambert","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48325},{"content_ids":[48909,48906,48924,48932,48910],"conference_id":65,"event_ids":[48908,48911,48912,48925,48933],"name":"Omenscan","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48341}],"timeband_id":892,"links":[],"end":"2022-08-13T22:00:00.000-0000","id":48912,"village_id":7,"begin_timestamp":{"seconds":1660426200,"nanoseconds":0},"tag_ids":[40250,45367,45373,45376,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48341},{"tag_id":565,"sort_order":1,"person_id":48325}],"tags":"Panel","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person)","hotel":"","short_name":"BTV Project Obsidian: Track 0x41 (In-person)","id":45471},"spans_timebands":"N","updated":"2022-07-28T21:38:00.000-0000","begin":"2022-08-13T21:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Mainframes run the world, literally. Have you ever paid for something,\na mainframe was involved, flown? Used a bank? Gone to college? A\nmainframe was involved. Do you live in a country with a government?\nMainframes! The current (and really only) mainframe OS is z/OS from\nIBM. If you've ever talked to a mainframer you'll get told how they're\nmore secure because buffer overflows are (were) impossible. This talk\nwill prove them all wrong!\n\nFinding exploits on z/OS is no different than any other platform. This\ntalk will walk through how you too can become a mainframe exploit\nresearcher!\n\nRemote code execution is extra tricky on a mainframe as almost all\nsockets read data with the ASCII character set and convert that to\nEBCDIC for the application. With this talk you will find out how to\nfind and then remotely overflow a vulnerable mainframe C program and\ncreate a ASCII -> EBCDIC shellcode to escalate your privileges\nremotely, without auth. Previous mainframe talks focused on\ninfrastructure based attacks. This talk builds on those but adds a\nclass of vulnerabilities, opening up the mainframe hacking community.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"title":"Doing the Impossible: How I Found Mainframe Buffer Overflows","end_timestamp":{"seconds":1660428900,"nanoseconds":0},"android_description":"Mainframes run the world, literally. Have you ever paid for something,\na mainframe was involved, flown? Used a bank? Gone to college? A\nmainframe was involved. Do you live in a country with a government?\nMainframes! The current (and really only) mainframe OS is z/OS from\nIBM. If you've ever talked to a mainframer you'll get told how they're\nmore secure because buffer overflows are (were) impossible. This talk\nwill prove them all wrong!\n\nFinding exploits on z/OS is no different than any other platform. This\ntalk will walk through how you too can become a mainframe exploit\nresearcher!\n\nRemote code execution is extra tricky on a mainframe as almost all\nsockets read data with the ASCII character set and convert that to\nEBCDIC for the application. With this talk you will find out how to\nfind and then remotely overflow a vulnerable mainframe C program and\ncreate a ASCII -> EBCDIC shellcode to escalate your privileges\nremotely, without auth. Previous mainframe talks focused on\ninfrastructure based attacks. This talk builds on those but adds a\nclass of vulnerabilities, opening up the mainframe hacking community.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48560,49116],"conference_id":65,"event_ids":[48593,49159],"name":"Jake Labelle","affiliations":[{"organization":"","title":"Security Consultant"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Jabellz2"}],"pronouns":null,"media":[],"id":47876,"title":"Security Consultant"}],"timeband_id":892,"end":"2022-08-13T22:15:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241999"}],"id":48593,"begin_timestamp":{"seconds":1660426200,"nanoseconds":0},"tag_ids":[45241,45279,45280,45281,45375,45450],"village_id":null,"includes":"Exploit, Tool, Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47876}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"spans_timebands":"N","updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-13T21:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Far East and China account for two-thirds of global mobile payments in 2021. That is about $4 billion in mobile wallet transactions. Such a huge amount of money is sure to attract the attention of hackers. Have you ever wondered how safe it is to pay from a mobile device? Can a malicious app steal money from your digital wallet? To answer these questions, we researched the payment system built into Xiaomi smartphones based on MediaTek chips, which are very popular in China. As a result, we discovered vulnerabilities that allow forging payment packages or disabling the payment system directly from an unprivileged Android application.\n\nMobile payment signatures are carried out in the Trusted Execution Environment (TEE) that remains secure on compromised devices. The attacker needs to hack the TEE in order to hack the payment. There is a lot of good research about mobile TEEs in the public domain, but no one pays attention to trusted apps written by device vendors like Xiaomi and not by chip makers, while the core of mobile payments is implemented there. In our research, we reviewed Xiaomi's TEE for security issues in order to find a way to scam WeChat Pay.\n\n\n","title":"Digging into Xiaomi’s TEE to get to Chinese money","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"end_timestamp":{"seconds":1660427400,"nanoseconds":0},"android_description":"The Far East and China account for two-thirds of global mobile payments in 2021. That is about $4 billion in mobile wallet transactions. Such a huge amount of money is sure to attract the attention of hackers. Have you ever wondered how safe it is to pay from a mobile device? Can a malicious app steal money from your digital wallet? To answer these questions, we researched the payment system built into Xiaomi smartphones based on MediaTek chips, which are very popular in China. As a result, we discovered vulnerabilities that allow forging payment packages or disabling the payment system directly from an unprivileged Android application.\n\nMobile payment signatures are carried out in the Trusted Execution Environment (TEE) that remains secure on compromised devices. The attacker needs to hack the TEE in order to hack the payment. There is a lot of good research about mobile TEEs in the public domain, but no one pays attention to trusted apps written by device vendors like Xiaomi and not by chip makers, while the core of mobile payments is implemented there. In our research, we reviewed Xiaomi's TEE for security issues in order to find a way to scam WeChat Pay.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48559],"conference_id":65,"event_ids":[48535],"name":"Slava Makkaveev","affiliations":[{"organization":"","title":"Security Researcher, Check Point"}],"links":[],"pronouns":null,"media":[],"id":47885,"title":"Security Researcher, Check Point"}],"timeband_id":892,"end":"2022-08-13T21:50:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241991"}],"id":48535,"village_id":null,"begin_timestamp":{"seconds":1660426200,"nanoseconds":0},"tag_ids":[45241,45279,45280,45375,45450],"includes":"Exploit, Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47885}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 106-110, 138-139 (Track 2)","hotel":"","short_name":"106-110, 138-139 (Track 2)","id":45373},"begin":"2022-08-13T21:30:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Access Undenied on AWS analyzes AWS CloudTrail AccessDenied events û it scans the environment to identify and explain the reasons for which access was denied. When the reason is an explicit deny statement, AccessUndenied identifies the exact statement. When the reason is a missing allow statement, AccessUndenied offers a least-privilege policy that facilitates access.\r\n\r\nIAM is a complex system in which permission information is distributed among many sources and permission evaluation logic is complex. The tool can help both defensive and offensive security teams with this challenge.\r\n\r\nFor defenders. The need to facilitate access to teams annoyed or frustrated by access denied messages often breaks least-privilege and creates excessive permissions in the environment. AccessUndenied gives a minimal least-privilege policy suggestion and prevents this. Some users of the tool are even scaling their use by hooking AccessUndenied to a Lambda that automatically handles AccessDenied messages and sends them a slack notification with the tool's output.\r\n\r\nFor offensive teams. In AWS IAM, a Deny statement trumps any allow. Therefore even after privilege escalation to admin, certain actions can still be blocked. Offensive teams can use AccessUndenied to quickly and effectively track down these explicit deny statements to then circumvent or remove them.\r\n\r\nSometimes, the new and more detailed AccessDenied messages provided by AWS will be sufficient. However, this is not always the case.\r\n\r\nSome AccessDenied messages do not provide details. Among the services with (many or exclusively) undetailed messages are: S3, SSO, EFS, EKS, GuardDuty, Batch, SQS, and many more. \r\n\r\nWhen the reason for AccessDenied is an explicit deny, it can be difficult to track down and evaluate every relevant policy.\r\n\r\nWhen the explicit deny is in a service control policy (SCP), one has to find every single policy in the organization that applies to the account.\r\n\r\nWhen the problem is a missing allow statement, users still need to define a least-privilege policy.\r\n\r\nGithub: https://github.com/ermetic/access-undenied-aws\r\n\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#7caa57","updated_at":"2024-06-07T03:39+0000","name":"Cloud Village","id":45350},"title":"Access Undenied on AWS - Troubleshooting AWS IAM AccessDenied Errors","end_timestamp":{"seconds":1660427400,"nanoseconds":0},"android_description":"Access Undenied on AWS analyzes AWS CloudTrail AccessDenied events û it scans the environment to identify and explain the reasons for which access was denied. When the reason is an explicit deny statement, AccessUndenied identifies the exact statement. When the reason is a missing allow statement, AccessUndenied offers a least-privilege policy that facilitates access.\r\n\r\nIAM is a complex system in which permission information is distributed among many sources and permission evaluation logic is complex. The tool can help both defensive and offensive security teams with this challenge.\r\n\r\nFor defenders. The need to facilitate access to teams annoyed or frustrated by access denied messages often breaks least-privilege and creates excessive permissions in the environment. AccessUndenied gives a minimal least-privilege policy suggestion and prevents this. Some users of the tool are even scaling their use by hooking AccessUndenied to a Lambda that automatically handles AccessDenied messages and sends them a slack notification with the tool's output.\r\n\r\nFor offensive teams. In AWS IAM, a Deny statement trumps any allow. Therefore even after privilege escalation to admin, certain actions can still be blocked. Offensive teams can use AccessUndenied to quickly and effectively track down these explicit deny statements to then circumvent or remove them.\r\n\r\nSometimes, the new and more detailed AccessDenied messages provided by AWS will be sufficient. However, this is not always the case.\r\n\r\nSome AccessDenied messages do not provide details. Among the services with (many or exclusively) undetailed messages are: S3, SSO, EFS, EKS, GuardDuty, Batch, SQS, and many more. \r\n\r\nWhen the reason for AccessDenied is an explicit deny, it can be difficult to track down and evaluate every relevant policy.\r\n\r\nWhen the explicit deny is in a service control policy (SCP), one has to find every single policy in the organization that applies to the account.\r\n\r\nWhen the problem is a missing allow statement, users still need to define a least-privilege policy.\r\n\r\nGithub: https://github.com/ermetic/access-undenied-aws","updated_timestamp":{"seconds":1659283860,"nanoseconds":0},"speakers":[{"content_ids":[48724,49170,49186],"conference_id":65,"event_ids":[48734,49222,49206],"name":"Noam Dahan","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/NoamDahan"}],"media":[],"id":48054}],"timeband_id":892,"end":"2022-08-13T21:50:00.000-0000","links":[{"label":"GitHub","type":"link","url":"https://github.com/ermetic/access-undenied-aws"}],"id":49222,"begin_timestamp":{"seconds":1660425600,"nanoseconds":0},"tag_ids":[40252,45349,45350,45451],"village_id":9,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48054}],"tags":"Tool Demo","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Cloud Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Cloud Village)","id":45431},"spans_timebands":"N","updated":"2022-07-31T16:11:00.000-0000","begin":"2022-08-13T21:20:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"When a writer signs a contract to get paid for creating a publication for a digital platform, they often sign away all rights to that work. What happens 10 years later when those publications are bought, sold, and traded for the purpose of SEO link farming? I offer a few case studies in the bizarre reshaping of history due to the rise and fall of digital publications.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d5f67c","updated_at":"2024-06-07T03:39+0000","name":"Misinformation Village","id":45335},"title":"404! Memory Holing and the SEO Warping of Human History","android_description":"When a writer signs a contract to get paid for creating a publication for a digital platform, they often sign away all rights to that work. What happens 10 years later when those publications are bought, sold, and traded for the purpose of SEO link farming? I offer a few case studies in the bizarre reshaping of history due to the rise and fall of digital publications.","end_timestamp":{"seconds":1660427100,"nanoseconds":0},"updated_timestamp":{"seconds":1660334100,"nanoseconds":0},"speakers":[{"content_ids":[49067,49069],"conference_id":65,"event_ids":[49070,49072],"name":"Arikia Millikan","affiliations":[{"organization":"","title":"Journalist, Media Consultant"}],"links":[],"pronouns":null,"media":[],"id":48478,"title":"Journalist, Media Consultant"}],"timeband_id":892,"links":[],"end":"2022-08-13T21:45:00.000-0000","id":49070,"begin_timestamp":{"seconds":1660425300,"nanoseconds":0},"tag_ids":[40260,45333,45335,45450],"village_id":18,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48478}],"tags":"Guest Speaker","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (Misinformation Village)","hotel":"","short_name":"220->236 (Misinformation Village)","id":45402},"spans_timebands":"N","updated":"2022-08-12T19:55:00.000-0000","begin":"2022-08-13T21:15:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The talk will cover the following areas:\r\n\r\n- Baselining Office macros behaviors\r\n- Contextualized / Risk-based alerting strategies \r\n- Data sets & Sysmon configurations will be provided\r\n- Coverage of new attack vectors such as mark of the web bypasses and VSTO files\n\n\nWhen reviewing threat intelligence reports it is common to see malicious Office macros of various types used as an initial access vector. Recently, Microsoft announced big changes to Office behavior in the context of malicious macros. However, organizations still struggle with detecting malicious macros which is often a prerequisite for implementing any type of hardening changes. The aim of this talk is to address this gap and provide guidance on how to detect malicious macro usage in environments and highlight the necessary steps to ensure systems are properly hardened against this threat.","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#97ab92","name":"Blue Team Village","id":45376},"title":"Hunting Malicious Office Macros","android_description":"The talk will cover the following areas:\r\n\r\n- Baselining Office macros behaviors\r\n- Contextualized / Risk-based alerting strategies \r\n- Data sets & Sysmon configurations will be provided\r\n- Coverage of new attack vectors such as mark of the web bypasses and VSTO files\n\n\nWhen reviewing threat intelligence reports it is common to see malicious Office macros of various types used as an initial access vector. Recently, Microsoft announced big changes to Office behavior in the context of malicious macros. However, organizations still struggle with detecting malicious macros which is often a prerequisite for implementing any type of hardening changes. The aim of this talk is to address this gap and provide guidance on how to detect malicious macro usage in environments and highlight the necessary steps to ensure systems are properly hardened against this threat.","end_timestamp":{"seconds":1660427100,"nanoseconds":0},"updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48899],"conference_id":65,"event_ids":[48902],"name":"Anton Ovrutsky","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48326}],"timeband_id":892,"links":[],"end":"2022-08-13T21:45:00.000-0000","id":48902,"tag_ids":[40250,45367,45373,45376,45451],"village_id":7,"begin_timestamp":{"seconds":1660425300,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48326}],"tags":"Panel","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45475,"name":"Virtual - BlueTeam Village - Talks","hotel":"","short_name":"Talks","id":45473},"begin":"2022-08-13T21:15:00.000-0000","updated":"2022-07-28T21:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Android phones are filled with interesting System Apps, which are often overlooked by unsuspecting end-users and even researchers. In this talk, we will share technical details of several vulnerabilities that affected millions of Android devices, as well as learnings from the disclosure and the Android ecosystem in general.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#74a6bb","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Groups VR","id":45449},"title":"How getting a free phone got me to report critical vulns affecting millions of Android devices","android_description":"Android phones are filled with interesting System Apps, which are often overlooked by unsuspecting end-users and even researchers. In this talk, we will share technical details of several vulnerabilities that affected millions of Android devices, as well as learnings from the disclosure and the Android ecosystem in general.","end_timestamp":{"seconds":1660428000,"nanoseconds":0},"updated_timestamp":{"seconds":1660257480,"nanoseconds":0},"speakers":[{"content_ids":[49760],"conference_id":65,"event_ids":[49958],"name":"Jonathan Bar Or","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/yo_yo_yo_jbo"}],"pronouns":null,"media":[],"id":49098}],"timeband_id":892,"links":[{"label":"URL","type":"link","url":"https://account.altvr.com/events/2059997537997160822"}],"end":"2022-08-13T22:00:00.000-0000","id":49958,"village_id":null,"tag_ids":[45374,45449],"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49098}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - DEF CON Groups VR","hotel":"","short_name":"DEF CON Groups VR","id":45523},"begin":"2022-08-13T21:00:00.000-0000","updated":"2022-08-11T22:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Quantum computers are expected to break modern public key cryptography owing to Shor’s algorithm. As a result, these cryptosystems need to be replaced by quantum-resistant algorithms, also known as post-quantum cryptography (PQC) algorithms.\n\n\n","title":"Start now or else! A perspective on transitioning organizations to PQC","type":{"conference_id":65,"conference":"DEFCON30","color":"#aae997","updated_at":"2024-06-07T03:39+0000","name":"Quantum Village","id":45382},"android_description":"Quantum computers are expected to break modern public key cryptography owing to Shor’s algorithm. As a result, these cryptosystems need to be replaced by quantum-resistant algorithms, also known as post-quantum cryptography (PQC) algorithms.","end_timestamp":{"seconds":1660428000,"nanoseconds":0},"updated_timestamp":{"seconds":1660333320,"nanoseconds":0},"speakers":[{"content_ids":[49709],"conference_id":65,"event_ids":[49899],"name":"David Joseph","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49056}],"timeband_id":892,"links":[],"end":"2022-08-13T22:00:00.000-0000","id":49899,"village_id":24,"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"tag_ids":[40266,45340,45373,45382,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49056}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 217 (Quantum Village)","hotel":"","short_name":"217 (Quantum Village)","id":45403},"updated":"2022-08-12T19:42:00.000-0000","begin":"2022-08-13T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"What would you do if you were implanted with a medical device that broadcasts every 12 seconds? Starting with loads of curiosity and very little knowledge about RF, how to use a software defined radio (SDR), and no knowledge of how to decode captured RF signals, I embarked on an adventure to teach myself something new. Jumping head first into the RF CTF helped greatly! This presentation starts with cocaine and ketamine (in a controlled medical setting) and includes a near-death experience and new skills attained by building on the work of those who came before me. The end result of this adventure led me to the US Capitol to sit down with Senate staffers about the security and exploitability of medical devices.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8826b","name":"Radio Frequency Village","id":45383},"title":"Biohacking Using SDR When You Don’t Know What You’re Doing","android_description":"What would you do if you were implanted with a medical device that broadcasts every 12 seconds? Starting with loads of curiosity and very little knowledge about RF, how to use a software defined radio (SDR), and no knowledge of how to decode captured RF signals, I embarked on an adventure to teach myself something new. Jumping head first into the RF CTF helped greatly! This presentation starts with cocaine and ketamine (in a controlled medical setting) and includes a near-death experience and new skills attained by building on the work of those who came before me. The end result of this adventure led me to the US Capitol to sit down with Senate staffers about the security and exploitability of medical devices.","end_timestamp":{"seconds":1660426200,"nanoseconds":0},"updated_timestamp":{"seconds":1659928620,"nanoseconds":0},"speakers":[{"content_ids":[49668],"conference_id":65,"event_ids":[49856],"name":"J9","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/fackque99"}],"media":[],"id":49028}],"timeband_id":892,"links":[],"end":"2022-08-13T21:30:00.000-0000","id":49856,"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"tag_ids":[40267,45340,45373,45383,45451],"village_id":25,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49028}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Eldorado Ballroom (Radio Frequency Village)","hotel":"","short_name":"Eldorado Ballroom (Radio Frequency Village)","id":45427},"begin":"2022-08-13T21:00:00.000-0000","updated":"2022-08-08T03:17:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#9d9a7e","updated_at":"2024-06-07T03:39+0000","name":"Voting Village","id":45387},"title":"Election Forensics","android_description":"","end_timestamp":{"seconds":1660428000,"nanoseconds":0},"updated_timestamp":{"seconds":1659912900,"nanoseconds":0},"speakers":[{"content_ids":[49603,49605],"conference_id":65,"event_ids":[49817,49819],"name":"Assistant Professor Drew Springall","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/_aaspring_"},{"description":"","title":"Website","sort_order":0,"url":"https://aaspring.com"}],"media":[],"id":48951},{"content_ids":[49604,49605],"conference_id":65,"event_ids":[49818,49819],"name":"Michael Moore","affiliations":[{"organization":"Maricopa County Recorder’s Office","title":"Information Security Officer"}],"links":[{"description":"","title":"Website","sort_order":0,"url":"https://recorder.maricopa.gov"}],"pronouns":null,"media":[],"id":48952,"title":"Information Security Officer at Maricopa County Recorder’s Office"},{"content_ids":[49606,49605],"conference_id":65,"event_ids":[49819,49820],"name":"Will Baggett, CCEE, CFE","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/iOSforensic"}],"pronouns":null,"media":[],"id":48953}],"timeband_id":892,"links":[{"label":"YouTube","type":"link","url":"https://m.youtube.com/channel/UCnDevqsxt3sO8chqS5MGvwg"},{"label":"Twitch","type":"link","url":"https://www.twitch.tv/votingvillagedc"}],"end":"2022-08-13T22:00:00.000-0000","id":49819,"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"tag_ids":[40279,45348,45367,45374,45387,45450],"village_id":34,"includes":"","people":[{"tag_id":45290,"sort_order":1,"person_id":48951},{"tag_id":45290,"sort_order":1,"person_id":48952},{"tag_id":45290,"sort_order":1,"person_id":48953}],"tags":"Pre-Recorded Content, Panel","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 313-314, 320 (Voting Village)","hotel":"","short_name":"313-314, 320 (Voting Village)","id":45416},"spans_timebands":"N","begin":"2022-08-13T21:00:00.000-0000","updated":"2022-08-07T22:55:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The adversary philosophy and mindset are important when trying to emulate a threat actor during a red team operation or offensive cybersecurity assessment or trying to understand them as a defender. In this talk, we will take a look at the philosophy and mindset of an adversary as well as what motivates them.\n\n\n","title":"The Way of The Adversary","type":{"conference_id":65,"conference":"DEFCON30","color":"#54ab76","updated_at":"2024-06-07T03:39+0000","name":"Adversary Village","id":45377},"android_description":"The adversary philosophy and mindset are important when trying to emulate a threat actor during a red team operation or offensive cybersecurity assessment or trying to understand them as a defender. In this talk, we will take a look at the philosophy and mindset of an adversary as well as what motivates them.","end_timestamp":{"seconds":1660426200,"nanoseconds":0},"updated_timestamp":{"seconds":1659888660,"nanoseconds":0},"speakers":[{"content_ids":[49586],"conference_id":65,"event_ids":[49798],"name":"Phillip Wylie","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/phillipwylie/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/phillipwylie"}],"media":[],"id":48916}],"timeband_id":892,"links":[],"end":"2022-08-13T21:30:00.000-0000","id":49798,"tag_ids":[40246,45340,45373,45377,45451],"village_id":1,"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48916}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"updated":"2022-08-07T16:11:00.000-0000","begin":"2022-08-13T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"title":"Offensive Wireless Security 101","android_description":"","end_timestamp":{"seconds":1660428000,"nanoseconds":0},"updated_timestamp":{"seconds":1659679020,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-13T22:00:00.000-0000","id":49633,"village_id":27,"tag_ids":[40269,45332,45373,45385,45451],"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"spans_timebands":"N","updated":"2022-08-05T05:57:00.000-0000","begin":"2022-08-13T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"title":"How Most Internal Networks are Compromised: A Set of Common Active Directory Attacks and How to Perform Them from Linux ","end_timestamp":{"seconds":1660428000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659678900,"nanoseconds":0},"speakers":[{"content_ids":[49437],"conference_id":65,"event_ids":[49627,49628,49629,49630],"name":"Scott Brink","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/_sandw1ch"}],"pronouns":null,"media":[],"id":48828}],"timeband_id":892,"links":[],"end":"2022-08-13T22:00:00.000-0000","id":49628,"tag_ids":[40269,45332,45373,45385,45451],"village_id":27,"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48828}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"spans_timebands":"N","begin":"2022-08-13T21:00:00.000-0000","updated":"2022-08-05T05:55:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Hacking APIs: How to break the chains of the web ","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ada5dd","name":"Red Team Village","id":45385},"android_description":"","end_timestamp":{"seconds":1660428000,"nanoseconds":0},"updated_timestamp":{"seconds":1659678720,"nanoseconds":0},"speakers":[{"content_ids":[49435],"conference_id":65,"event_ids":[49617,49618,49619],"name":"Corey Ball","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/hAPI_hacker"}],"media":[],"id":48819}],"timeband_id":892,"links":[],"end":"2022-08-13T22:00:00.000-0000","id":49618,"tag_ids":[40269,45332,45373,45385,45451],"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"village_id":27,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48819}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"updated":"2022-08-05T05:52:00.000-0000","begin":"2022-08-13T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"title":"HackerOps","android_description":"","end_timestamp":{"seconds":1660428000,"nanoseconds":0},"updated_timestamp":{"seconds":1659678600,"nanoseconds":0},"speakers":[{"content_ids":[49434],"conference_id":65,"event_ids":[49606,49607,49608,49609,49610,49611,49612,49613,49614,49615,49616],"name":"Ralph May","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48825}],"timeband_id":892,"links":[],"end":"2022-08-13T22:00:00.000-0000","id":49614,"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"village_id":27,"tag_ids":[40269,45332,45373,45385,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48825}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"spans_timebands":"N","begin":"2022-08-13T21:00:00.000-0000","updated":"2022-08-05T05:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"AI Village + RTV Panel: The Use of AI/ML in Offensive Security Operations","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ada5dd","name":"Red Team Village","id":45385},"android_description":"","end_timestamp":{"seconds":1660428000,"nanoseconds":0},"updated_timestamp":{"seconds":1659678360,"nanoseconds":0},"speakers":[{"content_ids":[49042,49430,49436,48895],"conference_id":65,"event_ids":[48894,49045,49594,49620,49621,49622,49623,49624,49625,49626],"name":"Omar Santos","affiliations":[{"organization":"Cisco PSIRT","title":"Principal Engineer"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/santosomar"}],"pronouns":null,"media":[],"id":48470,"title":"Principal Engineer at Cisco PSIRT"},{"content_ids":[49042,49048,49430],"conference_id":65,"event_ids":[49045,49051,49594],"name":"Will Pearce","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/moo_hax"}],"media":[],"id":48650},{"content_ids":[49042,49430],"conference_id":65,"event_ids":[49045,49594],"name":"Will Schroeder","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/HarmJ0y"}],"pronouns":null,"media":[],"id":48651}],"timeband_id":892,"links":[],"end":"2022-08-13T22:00:00.000-0000","id":49594,"village_id":27,"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"tag_ids":[40269,45332,45373,45385,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48470},{"tag_id":565,"sort_order":1,"person_id":48650},{"tag_id":565,"sort_order":1,"person_id":48651}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"spans_timebands":"N","begin":"2022-08-13T21:00:00.000-0000","updated":"2022-08-05T05:46:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Enterprise IT face a huge number of threats while ICS face fewer. But within that threat environment, nation-states will often test or reuse attack vectors which makes cross-sector visibility even more important. Cybersecurity leaders from threat information sharing communities will draw back the curtain on intelligence, actions and processes surrounding ICS threats and vulnerabilities. The discussion will set the stage for the question of what you as attendees would target and how enterprises and sharing communities should react to stop you.\n\n\n","title":"Keeping Beer Cold: Attackers, ICS and Cross-Sector Defense","type":{"conference_id":65,"conference":"DEFCON30","color":"#81f8bf","updated_at":"2024-06-07T03:39+0000","name":"ICS Village","id":45369},"android_description":"Enterprise IT face a huge number of threats while ICS face fewer. But within that threat environment, nation-states will often test or reuse attack vectors which makes cross-sector visibility even more important. Cybersecurity leaders from threat information sharing communities will draw back the curtain on intelligence, actions and processes surrounding ICS threats and vulnerabilities. The discussion will set the stage for the question of what you as attendees would target and how enterprises and sharing communities should react to stop you.","end_timestamp":{"seconds":1660428000,"nanoseconds":0},"updated_timestamp":{"seconds":1659472560,"nanoseconds":0},"speakers":[{"content_ids":[49333],"conference_id":65,"event_ids":[49433],"name":"Tim Chase","affiliations":[{"organization":"GRF","title":"Program Director at Manufacturing ISAC"}],"links":[],"pronouns":null,"media":[],"id":48770,"title":"Program Director at Manufacturing ISAC at GRF"},{"content_ids":[49333],"conference_id":65,"event_ids":[49433],"name":"Jaquar Harris","affiliations":[{"organization":"Global Resilience Federation","title":"Director of Intelligence Services"}],"links":[],"pronouns":null,"media":[],"id":48776,"title":"Director of Intelligence Services at Global Resilience Federation"},{"content_ids":[49333],"conference_id":65,"event_ids":[49433],"name":"John Bryk","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48777}],"timeband_id":892,"links":[],"end":"2022-08-13T22:00:00.000-0000","id":49433,"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"village_id":15,"tag_ids":[40258,45367,45369,45375,45450],"includes":"","people":[{"tag_id":45290,"sort_order":1,"person_id":48776},{"tag_id":45290,"sort_order":1,"person_id":48777},{"tag_id":45290,"sort_order":1,"person_id":48770}],"tags":"Panel","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village)","hotel":"","short_name":"314 - 319 (ICS Village)","id":45430},"spans_timebands":"N","updated":"2022-08-02T20:36:00.000-0000","begin":"2022-08-13T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"We will take a look at patents and lock models from payphones through the years leading up to the WE30C and beyond.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#856899","updated_at":"2024-06-07T03:39+0000","name":"Lock Pick Village","id":45362},"title":"Please deposit 30c: A history of payphone locks that lead to one of the most secure locks ever made.","android_description":"We will take a look at patents and lock models from payphones through the years leading up to the WE30C and beyond.","end_timestamp":{"seconds":1660428000,"nanoseconds":0},"updated_timestamp":{"seconds":1659420360,"nanoseconds":0},"speakers":[{"content_ids":[49272,49278],"conference_id":65,"event_ids":[49352,49358],"name":"N∅thing","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48698}],"timeband_id":892,"links":[],"end":"2022-08-13T22:00:00.000-0000","id":49358,"tag_ids":[40259,45340,45362,45373,45450],"village_id":17,"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48698}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 203-204, 235 (Lock Pick Village)","hotel":"","short_name":"203-204, 235 (Lock Pick Village)","id":45399},"updated":"2022-08-02T06:06:00.000-0000","begin":"2022-08-13T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"This research performed a vulnerability assessment of a realistic satellite system, demonstrated some of these vulnerabilities on a high-fidelity satellite simulator, and proposed security solutions for discovered vulnerabilities. If the attacks successfully performed against our satellite simulator were to be performed against a real satellite, it would have significantly harmful effects, including loss of data confidentiality, reduced functionality, or a total loss of access to the satellite\n\n\n","title":"Vulnerability Assessment of a Satellite Simulator","type":{"conference_id":65,"conference":"DEFCON30","color":"#f5eab2","updated_at":"2024-06-07T03:39+0000","name":"Aerospace Village","id":45357},"end_timestamp":{"seconds":1660425900,"nanoseconds":0},"android_description":"This research performed a vulnerability assessment of a realistic satellite system, demonstrated some of these vulnerabilities on a high-fidelity satellite simulator, and proposed security solutions for discovered vulnerabilities. If the attacks successfully performed against our satellite simulator were to be performed against a real satellite, it would have significantly harmful effects, including loss of data confidentiality, reduced functionality, or a total loss of access to the satellite","updated_timestamp":{"seconds":1659379500,"nanoseconds":0},"speakers":[{"content_ids":[49237],"conference_id":65,"event_ids":[49280],"name":"Henry Haswell","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48679}],"timeband_id":892,"links":[],"end":"2022-08-13T21:25:00.000-0000","id":49280,"tag_ids":[40247,45340,45357,45450],"village_id":2,"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48679}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"begin":"2022-08-13T21:00:00.000-0000","updated":"2022-08-01T18:45:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#a68c60","updated_at":"2024-06-07T03:39+0000","name":"Vendor Event","id":45354},"title":"No Starch Press - Book Signing - Jon DiMaggio, The Art of Cyberwarfare","end_timestamp":{"seconds":1660424400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659306420,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-13T21:00:00.000-0000","id":49252,"village_id":null,"tag_ids":[45354,45373,45450],"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 130-132, 134 (Vendors)","hotel":"","short_name":"130-132, 134 (Vendors)","id":45448},"spans_timebands":"N","begin":"2022-08-13T21:00:00.000-0000","updated":"2022-07-31T22:27:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The hard outer shell of cyber defenses often give way to a soft, gooey and easy-to-exploit centre, but all the lateral movement and escalation techniques in the world, isn’t going to be worth anything if initial access cannot be secured. For threat actors and Red Teamer’s alike, getting over that initial hurdle can be a long, arduous task with little hope of success and phishing in particular is often the bane of any aspiring attacker. Between EDRs, email scanner solutions, payload fingerprinting… what do you do?\n\nThis workshop has been developed with the aim of giving participants hands-on experience working with sophisticated payloads and techniques used by nation-state threat actors. Armed with payload automation tools, participants will learn to implement novel bypass techniques to circumvent state of the art anti-malware security products, both network-based and host-based technical controls, and iteratively improve their payloads throughout.\n\nTopics will include:\n* Multiple payload formats, the advantages and disadvantages\n* Combining phishing techniques\n* Automation, obfuscation and creation of payloads for quick turn around\n* How to Improve payloads based on information gathered from earlier attacks\n* Extracting technical information from threat actor intelligence breakdowns \n\nMaterials:\nJust the laptop\n\nPrereq:\nLaptop with ability to connect to local network and run 1 VM requiring 4GB of memory\nSome understanding of phishing and what a payload is also a good idea\nExperience with creating / modifying tools from source code will also help\n\n\n","title":"Hybrid Phishing Payloads: From Threat-actors to You","type":{"conference_id":65,"conference":"DEFCON30","color":"#eab14f","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Workshop (Sold Out)","id":45336},"end_timestamp":{"seconds":1660438800,"nanoseconds":0},"android_description":"The hard outer shell of cyber defenses often give way to a soft, gooey and easy-to-exploit centre, but all the lateral movement and escalation techniques in the world, isn’t going to be worth anything if initial access cannot be secured. For threat actors and Red Teamer’s alike, getting over that initial hurdle can be a long, arduous task with little hope of success and phishing in particular is often the bane of any aspiring attacker. Between EDRs, email scanner solutions, payload fingerprinting… what do you do?\n\nThis workshop has been developed with the aim of giving participants hands-on experience working with sophisticated payloads and techniques used by nation-state threat actors. Armed with payload automation tools, participants will learn to implement novel bypass techniques to circumvent state of the art anti-malware security products, both network-based and host-based technical controls, and iteratively improve their payloads throughout.\n\nTopics will include:\n* Multiple payload formats, the advantages and disadvantages\n* Combining phishing techniques\n* Automation, obfuscation and creation of payloads for quick turn around\n* How to Improve payloads based on information gathered from earlier attacks\n* Extracting technical information from threat actor intelligence breakdowns \n\nMaterials:\nJust the laptop\n\nPrereq:\nLaptop with ability to connect to local network and run 1 VM requiring 4GB of memory\nSome understanding of phishing and what a payload is also a good idea\nExperience with creating / modifying tools from source code will also help","updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[49135],"conference_id":65,"event_ids":[49168],"name":"Jon Christiansen","affiliations":[{"organization":"","title":"Red Team Lead"}],"links":[],"pronouns":null,"media":[],"id":48562,"title":"Red Team Lead"},{"content_ids":[49135],"conference_id":65,"event_ids":[49168],"name":"Magnus Stubman","affiliations":[{"organization":"","title":"Red Team"}],"links":[],"pronouns":null,"media":[],"id":48567,"title":"Red Team"}],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49168,"village_id":null,"tag_ids":[45336,45346,45373,45452],"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48562},{"tag_id":565,"sort_order":1,"person_id":48567}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Copper (Workshops)","hotel":"","short_name":"Copper (Workshops)","id":45483},"spans_timebands":"N","begin":"2022-08-13T21:00:00.000-0000","updated":"2022-07-30T05:13:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Defenders are constantly adapting their security to counter new threats. Our mission is to identify how they plan on securing their systems and avoid being identified as a threat. This is a hands-on class to learn the methodology behind malware delivery and avoiding detection. This workshop explores the inner workings of Microsoft's Antimalware Scan Interface (AMSI), Windows Defender, and Event Tracing for Windows (ETW). We will learn how to employ obfuscated malware using Visual Basic (VB), PowerShell, and C# to avoid Microsoft's defenses. Students will learn to build AMSI bypass techniques, obfuscate payloads from dynamic and static signature detection methods, and learn about alternative network evasion methods.\n\nIn this workshop, we will:\ni. Understand the use and employment of obfuscation in red teaming.\nii. Demonstrate the concept of least obfuscation.\niii. Introduce Microsoft's Antimalware Scan Interface (AMSI) and explain its importance.\niv. Demonstrate obfuscation methodology for .NET payloads.\n\nMaterials:\nLaptop\nVMWare or Virtual Box\nWindows Dev machine or other Windows VM\nKali Linux VM\n\nPrereq:\nBasic level of PowerShell or C# experience.\n\n\n","title":"Evading Detection: A Beginner's Guide to Obfuscation","type":{"conference_id":65,"conference":"DEFCON30","color":"#eab14f","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Workshop (Sold Out)","id":45336},"end_timestamp":{"seconds":1660438800,"nanoseconds":0},"android_description":"Defenders are constantly adapting their security to counter new threats. Our mission is to identify how they plan on securing their systems and avoid being identified as a threat. This is a hands-on class to learn the methodology behind malware delivery and avoiding detection. This workshop explores the inner workings of Microsoft's Antimalware Scan Interface (AMSI), Windows Defender, and Event Tracing for Windows (ETW). We will learn how to employ obfuscated malware using Visual Basic (VB), PowerShell, and C# to avoid Microsoft's defenses. Students will learn to build AMSI bypass techniques, obfuscate payloads from dynamic and static signature detection methods, and learn about alternative network evasion methods.\n\nIn this workshop, we will:\ni. Understand the use and employment of obfuscation in red teaming.\nii. Demonstrate the concept of least obfuscation.\niii. Introduce Microsoft's Antimalware Scan Interface (AMSI) and explain its importance.\niv. Demonstrate obfuscation methodology for .NET payloads.\n\nMaterials:\nLaptop\nVMWare or Virtual Box\nWindows Dev machine or other Windows VM\nKali Linux VM\n\nPrereq:\nBasic level of PowerShell or C# experience.","updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[48734,49137],"conference_id":65,"event_ids":[48737,49165],"name":"Anthony \"Cx01N\" Rose","affiliations":[{"organization":"","title":"Lead Security Researcher"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Cx01N_"}],"media":[],"id":48053,"title":"Lead Security Researcher"},{"content_ids":[48734,49137],"conference_id":65,"event_ids":[48737,49165],"name":"Vincent \"Vinnybod\" Rose","affiliations":[{"organization":"","title":"Lead Tool Developer"}],"links":[],"pronouns":null,"media":[],"id":48061,"title":"Lead Tool Developer"},{"content_ids":[49137],"conference_id":65,"event_ids":[49165],"name":"Jake \"Hubbl3\" Krasnov","affiliations":[{"organization":"BC Security","title":"Red Team Operations Lead and Chief Executive Officer"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/_Hubbl3"}],"pronouns":null,"media":[],"id":48539,"title":"Red Team Operations Lead and Chief Executive Officer at BC Security"}],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49165,"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"tag_ids":[45336,45345,45373,45452],"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48053},{"tag_id":565,"sort_order":1,"person_id":48539},{"tag_id":565,"sort_order":1,"person_id":48061}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Lake Tahoe (Workshops)","hotel":"","short_name":"Lake Tahoe (Workshops)","id":45481},"spans_timebands":"N","updated":"2022-07-30T05:13:00.000-0000","begin":"2022-08-13T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"How do anti-debug tricks actually work? Is there a way to automate tedious debugging tasks like unpacking malware? Have you ever wondered what is happening under the hood of a debugger?\n\nIn this workshop you will build your own programmable Windows debugger from scratch (using Python). Each component in the debugger will be built as a separate module with an accompanying lab used to explain the concepts and Windows internals that support the component. In the final lab you will have the chance to test your new debugger against various malware samples and attempt to automatically unpack them, and extract IOCs.\n\nThis workshop is aimed at malware analysts and reverse engineers who are interested in learning more about debuggers and how programmable debuggers can be used to automate some reverse engineering workflows. Students must be able to write basic Python scripts, and have a working knowledge of the Windows OS.\n\nYou will be provided with a VirtualMachine to use during the workshop. Please make sure to bring a laptop that meets the following requirements.\n- Your laptop must have VirtualBox or VMWare installed and working prior to the start of the course.\n- Your laptop must have at least 60GB of disk space free.\n- Your laptop must also be able to mount USB storage devices. (Make sure you have the appropriate dongle if you need one.)\n\nMaterials:\nStudents will be provided with a VirtualMachine to use during the workshop. They will need to bring a laptop that meets the following requirements;\n- The laptop must have VirtualBox or VMWare installed and working prior to class.\n- The laptop must have at least 60GB of disk space free.\n- The laptop must be able to mount USB storage devices (ensure you have the appropriate dongle if you need one).\n\nPrereq:\nStudents must be able to write basic Python scripts and have a basic understanding of the Windows operating system. Familiarity with a Windows user space debugger like x64dbg would also be a benefit.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#eab14f","name":"DEF CON Workshop (Sold Out)","id":45336},"title":"Automated Debugging Under The Hood - Building A Programmable Windows Debugger From Scratch (In Python)","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"android_description":"How do anti-debug tricks actually work? Is there a way to automate tedious debugging tasks like unpacking malware? Have you ever wondered what is happening under the hood of a debugger?\n\nIn this workshop you will build your own programmable Windows debugger from scratch (using Python). Each component in the debugger will be built as a separate module with an accompanying lab used to explain the concepts and Windows internals that support the component. In the final lab you will have the chance to test your new debugger against various malware samples and attempt to automatically unpack them, and extract IOCs.\n\nThis workshop is aimed at malware analysts and reverse engineers who are interested in learning more about debuggers and how programmable debuggers can be used to automate some reverse engineering workflows. Students must be able to write basic Python scripts, and have a working knowledge of the Windows OS.\n\nYou will be provided with a VirtualMachine to use during the workshop. Please make sure to bring a laptop that meets the following requirements.\n- Your laptop must have VirtualBox or VMWare installed and working prior to the start of the course.\n- Your laptop must have at least 60GB of disk space free.\n- Your laptop must also be able to mount USB storage devices. (Make sure you have the appropriate dongle if you need one.)\n\nMaterials:\nStudents will be provided with a VirtualMachine to use during the workshop. They will need to bring a laptop that meets the following requirements;\n- The laptop must have VirtualBox or VMWare installed and working prior to class.\n- The laptop must have at least 60GB of disk space free.\n- The laptop must be able to mount USB storage devices (ensure you have the appropriate dongle if you need one).\n\nPrereq:\nStudents must be able to write basic Python scripts and have a basic understanding of the Windows operating system. Familiarity with a Windows user space debugger like x64dbg would also be a benefit.","updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[49136],"conference_id":65,"event_ids":[49162],"name":"Sean Wilson","affiliations":[{"organization":"","title":"Co-Founder, OpenAnalysis Inc."}],"links":[],"pronouns":null,"media":[],"id":48583,"title":"Co-Founder, OpenAnalysis Inc."},{"content_ids":[49136],"conference_id":65,"event_ids":[49162],"name":"Sergei Frankoff","affiliations":[{"organization":"","title":"Co-Founder, OpenAnalysis Inc."}],"links":[],"pronouns":null,"media":[],"id":48584,"title":"Co-Founder, OpenAnalysis Inc."}],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49162,"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"tag_ids":[45336,45345,45373,45452],"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48583},{"tag_id":565,"sort_order":1,"person_id":48584}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Silver (Workshops)","hotel":"","short_name":"Silver (Workshops)","id":45480},"spans_timebands":"N","updated":"2022-07-30T05:13:00.000-0000","begin":"2022-08-13T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Containers are the future. Like it or not even the most technically conservative industries are shifting to them. What that means for the bad actors is they get access to an excellent delivery mechanism for malware deployment in organizations, offering a wide variety of detection avoidance and persistence mechanisms. Fear not protectors, containers also offer ways to detect these, but can be fraught with challenges. Whether you're red, blue or just container curious this workshop is for you. \n\nIn this workshop, you will get hands-on with containers and kubernetes, - starting with introductory content - learning how they work, where and how to hide or find things, how to identify indicators of compromise, indicators of attack, and how to apply analysis to gain a deeper understanding of container malware and what is going on inside containers. \n\nThis workshop will utilize the Google Cloud Platform alongside command line operands and a small amount of open source tooling to learn both offensive and defense techniques on containers. By the end, you’ll have a solid mental model of how containers work, how they are managed and deployed, and be equipped with the ability to analyze container images, identify problems, and identify familiar patterns. Ultimately, these skills will allow you to generate valuable insights for your organization’s defense or aid you in your next attack. \n\nThis is a fast-paced course designed to take you deep into the world of containers, making tooling like Kubernetes much more intuitive and easy to understand. Labs will be used to reinforce your learnings, and the course comes with very detailed notes and instructions for setup which you can repeat on your own time. This course will provide references to scripts that make certain tasks easier, but we will be challenging you to learn the process and reasoning behind them rather than relying on automation. \n\nAttendees will be provided with all the lab material used in the course in digital format, including labs, guides and virtual machine setup. \n\nMaterials:\nA Google Cloud free tier account (basically a fresh gmail account), and an internet connected computer. We hope to send out instructions to attendees prior to the class, so they can be ready on the day. \n\nPrereq:\nNone, the class is well designed to allow those with little to no linux, kubernetes or cloud familiarity to follow along, but a basic familiarity with Linux and terminal will allow attendees to focus on the work.\n\n\n","title":"Creating and uncovering malicious containers.","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#eab14f","name":"DEF CON Workshop (Sold Out)","id":45336},"end_timestamp":{"seconds":1660438800,"nanoseconds":0},"android_description":"Containers are the future. Like it or not even the most technically conservative industries are shifting to them. What that means for the bad actors is they get access to an excellent delivery mechanism for malware deployment in organizations, offering a wide variety of detection avoidance and persistence mechanisms. Fear not protectors, containers also offer ways to detect these, but can be fraught with challenges. Whether you're red, blue or just container curious this workshop is for you. \n\nIn this workshop, you will get hands-on with containers and kubernetes, - starting with introductory content - learning how they work, where and how to hide or find things, how to identify indicators of compromise, indicators of attack, and how to apply analysis to gain a deeper understanding of container malware and what is going on inside containers. \n\nThis workshop will utilize the Google Cloud Platform alongside command line operands and a small amount of open source tooling to learn both offensive and defense techniques on containers. By the end, you’ll have a solid mental model of how containers work, how they are managed and deployed, and be equipped with the ability to analyze container images, identify problems, and identify familiar patterns. Ultimately, these skills will allow you to generate valuable insights for your organization’s defense or aid you in your next attack. \n\nThis is a fast-paced course designed to take you deep into the world of containers, making tooling like Kubernetes much more intuitive and easy to understand. Labs will be used to reinforce your learnings, and the course comes with very detailed notes and instructions for setup which you can repeat on your own time. This course will provide references to scripts that make certain tasks easier, but we will be challenging you to learn the process and reasoning behind them rather than relying on automation. \n\nAttendees will be provided with all the lab material used in the course in digital format, including labs, guides and virtual machine setup. \n\nMaterials:\nA Google Cloud free tier account (basically a fresh gmail account), and an internet connected computer. We hope to send out instructions to attendees prior to the class, so they can be ready on the day. \n\nPrereq:\nNone, the class is well designed to allow those with little to no linux, kubernetes or cloud familiarity to follow along, but a basic familiarity with Linux and terminal will allow attendees to focus on the work.","updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[49134],"conference_id":65,"event_ids":[49157],"name":"Adrian Wood","affiliations":[{"organization":"","title":"Security Researcher"}],"links":[],"pronouns":null,"media":[],"id":48547,"title":"Security Researcher"},{"content_ids":[49134],"conference_id":65,"event_ids":[49157],"name":"David Mitchell","affiliations":[{"organization":"","title":"Red Team"}],"links":[],"pronouns":null,"media":[],"id":48553,"title":"Red Team"},{"content_ids":[49134],"conference_id":65,"event_ids":[49157],"name":"Griffin Francis","affiliations":[{"organization":"","title":"Security Research Consultant"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/aussinfosec"}],"media":[],"id":48558,"title":"Security Research Consultant"}],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49157,"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"village_id":null,"tag_ids":[45336,45344,45373,45452],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48547},{"tag_id":565,"sort_order":1,"person_id":48553},{"tag_id":565,"sort_order":1,"person_id":48558}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Elko (Workshops)","hotel":"","short_name":"Elko (Workshops)","id":45484},"spans_timebands":"N","begin":"2022-08-13T21:00:00.000-0000","updated":"2022-07-30T05:13:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Attack Web applications with: command injection, SQL injection, Cross-Site Request Forgery, Cross-Site Scripting, cookie manipulation, Server-Side Template Injection, and more. We will also exploit Drupal and SAML. We will then implement network defenses and monitoring agents. We will use Burp, Splunk, and Suricata. We will also perform attacks on a vulnerable API.\nThis workshop is structured as a CTF competition, to make it useful to students at all levels. We will demonstrate the easier challenges from each topic, and detailed step-by-step instructions are available. We will have several instructors available to answer questions and help participants individually. Every participant should learn new, useful techniques.\n\nMaterials:\nAny computer with a Web browser.\n\nPrereq:\nBeginners are welcome. Familiarity with\nweb technologies is helpful but not necessary.\n\n\n","title":"Securing Web Apps","type":{"conference_id":65,"conference":"DEFCON30","color":"#eab14f","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Workshop (Sold Out)","id":45336},"end_timestamp":{"seconds":1660438800,"nanoseconds":0},"android_description":"Attack Web applications with: command injection, SQL injection, Cross-Site Request Forgery, Cross-Site Scripting, cookie manipulation, Server-Side Template Injection, and more. We will also exploit Drupal and SAML. We will then implement network defenses and monitoring agents. We will use Burp, Splunk, and Suricata. We will also perform attacks on a vulnerable API.\nThis workshop is structured as a CTF competition, to make it useful to students at all levels. We will demonstrate the easier challenges from each topic, and detailed step-by-step instructions are available. We will have several instructors available to answer questions and help participants individually. Every participant should learn new, useful techniques.\n\nMaterials:\nAny computer with a Web browser.\n\nPrereq:\nBeginners are welcome. Familiarity with\nweb technologies is helpful but not necessary.","updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[49133,49127],"conference_id":65,"event_ids":[49156,49161],"name":"Elizabeth Biddlecome","affiliations":[{"organization":"","title":"Consultant and Instructor"}],"links":[],"pronouns":null,"media":[],"id":48511,"title":"Consultant and Instructor"},{"content_ids":[49133,49127],"conference_id":65,"event_ids":[49156,49161],"name":"Sam Bowne","affiliations":[{"organization":"","title":"Instructor"}],"links":[],"pronouns":null,"media":[],"id":48530,"title":"Instructor"},{"content_ids":[49133,49127],"conference_id":65,"event_ids":[49156,49161],"name":"Irvin Lemus","affiliations":[{"organization":"","title":"Instructor"}],"links":[],"pronouns":null,"media":[],"id":48561,"title":"Instructor"},{"content_ids":[49133,49127],"conference_id":65,"event_ids":[49156,49161],"name":"Kaitlyn Handleman","affiliations":[{"organization":"","title":"Security Engineer"}],"links":[],"pronouns":null,"media":[],"id":48564,"title":"Security Engineer"}],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49156,"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"village_id":null,"tag_ids":[45336,45343,45373,45452],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48511},{"tag_id":565,"sort_order":1,"person_id":48561},{"tag_id":565,"sort_order":1,"person_id":48564},{"tag_id":565,"sort_order":1,"person_id":48530}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Reno (Workshops)","hotel":"","short_name":"Reno (Workshops)","id":45482},"updated":"2022-07-30T05:13:00.000-0000","begin":"2022-08-13T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Red Team Village and the AI Village will host a panel from different industry experts to discuss the use of artificial intelligence and machine learning in offensive security operations. More details coming soon!\n\n\n","title":"The Use of AI/ML in Offensive Security Operations","type":{"conference_id":65,"conference":"DEFCON30","color":"#7692ac","updated_at":"2024-06-07T03:39+0000","name":"AI Village","id":45330},"end_timestamp":{"seconds":1660427400,"nanoseconds":0},"android_description":"The Red Team Village and the AI Village will host a panel from different industry experts to discuss the use of artificial intelligence and machine learning in offensive security operations. More details coming soon!","updated_timestamp":{"seconds":1659292920,"nanoseconds":0},"speakers":[{"content_ids":[49042,49430,49436,48895],"conference_id":65,"event_ids":[48894,49045,49594,49620,49621,49622,49623,49624,49625,49626],"name":"Omar Santos","affiliations":[{"organization":"Cisco PSIRT","title":"Principal Engineer"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/santosomar"}],"pronouns":null,"media":[],"id":48470,"title":"Principal Engineer at Cisco PSIRT"},{"content_ids":[49042,49048,49430],"conference_id":65,"event_ids":[49045,49051,49594],"name":"Will Pearce","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/moo_hax"}],"pronouns":null,"media":[],"id":48650},{"content_ids":[49042,49430],"conference_id":65,"event_ids":[49045,49594],"name":"Will Schroeder","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/HarmJ0y"}],"pronouns":null,"media":[],"id":48651}],"timeband_id":892,"links":[],"end":"2022-08-13T21:50:00.000-0000","id":49045,"tag_ids":[40248,45330,45450],"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"village_id":3,"includes":"","people":[{"tag_id":45289,"sort_order":1,"person_id":48470},{"tag_id":45290,"sort_order":1,"person_id":48650},{"tag_id":45290,"sort_order":1,"person_id":48651}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (AI Village)","hotel":"","short_name":"220->236 (AI Village)","id":45410},"begin":"2022-08-13T21:00:00.000-0000","updated":"2022-07-31T18:42:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"What happens when an attacker clears the logs in an effort to hide their tracks? Here we will dive into that question, build a Threat Hunting hypothesis, develop some ways to detect this activity, and document the process.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nWhat happens when an attacker clears the logs in an effort to hide their tracks? Here we will dive into that question, build a Threat Hunting hypothesis, develop some ways to detect this activity, and document the process.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","title":"Obsidian CTH: The Logs are Gone?","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#97ab92","name":"Blue Team Village","id":45376},"end_timestamp":{"seconds":1660428000,"nanoseconds":0},"android_description":"What happens when an attacker clears the logs in an effort to hide their tracks? Here we will dive into that question, build a Threat Hunting hypothesis, develop some ways to detect this activity, and document the process.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nWhat happens when an attacker clears the logs in an effort to hide their tracks? Here we will dive into that question, build a Threat Hunting hypothesis, develop some ways to detect this activity, and document the process.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48909,48931,48924,48938],"conference_id":65,"event_ids":[48911,48925,48932,48938],"name":"ExtremePaperClip","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48364}],"timeband_id":892,"links":[],"end":"2022-08-13T22:00:00.000-0000","id":48938,"village_id":7,"tag_ids":[40250,45332,45373,45376,45451],"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48364}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person)","hotel":"","short_name":"BTV Project Obsidian: Track 0x42 (In-person)","id":45472},"begin":"2022-08-13T21:00:00.000-0000","updated":"2022-07-28T21:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"This talk is a small in-depth look of using Chainsaw for investigations using the Obsidian project as the example. \r\n\r\nThe intent is to go over the following:\r\n- Default display to console\r\n- Creating a CSV for slicing and to put into a spreadsheet\r\n- SIGMA rules and how Chinsaw applies those rules\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nWhen time is of essence in IR, having a tool to quickly collect data from Windows Event Logs is the way to go. We'll LET IT RIP with Chainsaw, hosted by B4nd1t0 as part of Project Obsidian.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#97ab92","name":"Blue Team Village","id":45376},"title":"Obsidian Forensics: Using Chainsaw to Identify Malicious Activity","end_timestamp":{"seconds":1660428000,"nanoseconds":0},"android_description":"This talk is a small in-depth look of using Chainsaw for investigations using the Obsidian project as the example. \r\n\r\nThe intent is to go over the following:\r\n- Default display to console\r\n- Creating a CSV for slicing and to put into a spreadsheet\r\n- SIGMA rules and how Chinsaw applies those rules\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nWhen time is of essence in IR, having a tool to quickly collect data from Windows Event Logs is the way to go. We'll LET IT RIP with Chainsaw, hosted by B4nd1t0 as part of Project Obsidian.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48937],"conference_id":65,"event_ids":[48937],"name":"Danny D. Henderson Jr (B4nd1t0)","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48346}],"timeband_id":892,"links":[],"end":"2022-08-13T22:00:00.000-0000","id":48937,"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"village_id":7,"tag_ids":[40250,45332,45373,45376,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48346}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person)","hotel":"","short_name":"BTV Project Obsidian: Track 0x41 (In-person)","id":45471},"spans_timebands":"N","updated":"2022-07-28T21:38:00.000-0000","begin":"2022-08-13T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Incident Response Live Walkthough: This will go over how to use OODA to effectively investigate and respond to a real world incident. Come work through the demos alongside experts during this live walkthrough.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nIncident Response Live Walkthough: This will go over how to use OODA to effectively investigate and respond to a real world incident. Come work through the demos alongside experts during this live walkthrough.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","title":"Obsidian Live: May We Have the OODA Loops?","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#97ab92","name":"Blue Team Village","id":45376},"android_description":"Incident Response Live Walkthough: This will go over how to use OODA to effectively investigate and respond to a real world incident. Come work through the demos alongside experts during this live walkthrough.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nIncident Response Live Walkthough: This will go over how to use OODA to effectively investigate and respond to a real world incident. Come work through the demos alongside experts during this live walkthrough.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","end_timestamp":{"seconds":1660428000,"nanoseconds":0},"updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48925,48905],"conference_id":65,"event_ids":[48907,48926],"name":"juju43","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48357},{"content_ids":[48928,48925,48915],"conference_id":65,"event_ids":[48917,48926,48929],"name":"CountZ3r0","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48384}],"timeband_id":892,"links":[],"end":"2022-08-13T22:00:00.000-0000","id":48926,"village_id":7,"tag_ids":[40250,45365,45373,45376,45451],"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48384},{"tag_id":565,"sort_order":1,"person_id":48357}],"tags":"Walkthrough Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Main Stage (In-person)","hotel":"","short_name":"BTV Main Stage (In-person)","id":45470},"begin":"2022-08-13T21:00:00.000-0000","updated":"2022-07-28T21:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The global internet is in large part a creation of the United States. The internet’s basic structure—a reliance on the private sector and the technical community, relatively light regulatory oversight, and the protection of speech and the promotion of the free flow of information—reflected American values. Moreover, U.S. strategic, economic, political, and foreign policy interests were served by the global, open internet. But the United States now confronts a starkly different reality. The utopian vision of an open, reliable, and secure global network has not been achieved and is unlikely ever to be realized. Today, the internet is less free, more fragmented, and less secure. \n\nThe United States needs a new strategy that responds to what is now a fragmented and dangerous internet. The Council on Foreign Relations launched an independent task force to develop findings and recommendations for a new foreign policy for cyberspace. This session will seek input from the DEF CON community on specific foreign policy measures, to help guide Washington’s adaptation to today’s more complex, variegated, and dangerous cyber realm.\n\nCome prepared to discuss topics, such as: Developing a digital privacy policy that is interoperable with Europe’s General Data Protection Regulation (GDPR); Building a coalition for open-source software; Developing coalition-wide practices for the Vulnerabilities Equities Process (VEP); Clean up U.S. cyberspace by offering incentives for internet service providers (ISPs) and cloud providers to reduce malicious activity within their infrastructure.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#ab59db","updated_at":"2024-06-07T03:39+0000","name":"Policy@DEF CON Content","id":45311},"title":"Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet","end_timestamp":{"seconds":1660430700,"nanoseconds":0},"android_description":"The global internet is in large part a creation of the United States. The internet’s basic structure—a reliance on the private sector and the technical community, relatively light regulatory oversight, and the protection of speech and the promotion of the free flow of information—reflected American values. Moreover, U.S. strategic, economic, political, and foreign policy interests were served by the global, open internet. But the United States now confronts a starkly different reality. The utopian vision of an open, reliable, and secure global network has not been achieved and is unlikely ever to be realized. Today, the internet is less free, more fragmented, and less secure. \n\nThe United States needs a new strategy that responds to what is now a fragmented and dangerous internet. The Council on Foreign Relations launched an independent task force to develop findings and recommendations for a new foreign policy for cyberspace. This session will seek input from the DEF CON community on specific foreign policy measures, to help guide Washington’s adaptation to today’s more complex, variegated, and dangerous cyber realm.\n\nCome prepared to discuss topics, such as: Developing a digital privacy policy that is interoperable with Europe’s General Data Protection Regulation (GDPR); Building a coalition for open-source software; Developing coalition-wide practices for the Vulnerabilities Equities Process (VEP); Clean up U.S. cyberspace by offering incentives for internet service providers (ISPs) and cloud providers to reduce malicious activity within their infrastructure.","updated_timestamp":{"seconds":1658982480,"nanoseconds":0},"speakers":[{"content_ids":[48887],"conference_id":65,"event_ids":[48882],"name":"Neal Pollard","affiliations":[{"organization":"","title":"Ernst & Young"}],"links":[],"pronouns":null,"media":[],"id":48310,"title":"Ernst & Young"},{"content_ids":[48887,48517,49738],"conference_id":65,"event_ids":[48542,48882,49931],"name":"Jason Healey","affiliations":[{"organization":"Columbia University SIPA","title":"Senior Research Scholar"}],"links":[],"pronouns":null,"media":[],"id":48311,"title":"Senior Research Scholar at Columbia University SIPA"},{"content_ids":[48887],"conference_id":65,"event_ids":[48882],"name":"Guillermo Christensen","affiliations":[{"organization":"K&L Gates","title":"Partner"}],"links":[],"pronouns":null,"media":[],"id":48787,"title":"Partner at K&L Gates"}],"timeband_id":892,"end":"2022-08-13T22:45:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242798"}],"id":48882,"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"tag_ids":[40265,45311,45373,45450],"village_id":23,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48787},{"tag_id":565,"sort_order":1,"person_id":48311},{"tag_id":565,"sort_order":1,"person_id":48310}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 224-225 - Policy Collaboratorium","hotel":"","short_name":"224-225 - Policy Collaboratorium","id":45464},"begin":"2022-08-13T21:00:00.000-0000","updated":"2022-07-28T04:28:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"A moderated discussion on how to hack policy systems using laws and authorities already on the books, featuring the policymakers who write and use them, focusing on open source and software security. At DefCon 22 in the aftermath of Heartbleed, John Menerick told us to \"keep calm and hide the internet\". Alas, they found it. The policy community in the US, and lesser extent Europe, is finally starting to put serious focus on software security including open source. This event will bring hackers together with policymakers to identify policies on the book that could help improve the open source ecosystem and the security of software. Other policy conversations might stray into the possible, this one will emphasize the practical. The discussion will involve policymakers who write and implement these laws and use these authorities to enable discussion and debate focused on pragmatic solutions, putting hackers inside ongoing policy debates in real time. \n\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ab59db","name":"Policy@DEF CON Content","id":45311},"title":"Return-Oriented Policy Making for Open Source and Software Security","end_timestamp":{"seconds":1660430700,"nanoseconds":0},"android_description":"A moderated discussion on how to hack policy systems using laws and authorities already on the books, featuring the policymakers who write and use them, focusing on open source and software security. At DefCon 22 in the aftermath of Heartbleed, John Menerick told us to \"keep calm and hide the internet\". Alas, they found it. The policy community in the US, and lesser extent Europe, is finally starting to put serious focus on software security including open source. This event will bring hackers together with policymakers to identify policies on the book that could help improve the open source ecosystem and the security of software. Other policy conversations might stray into the possible, this one will emphasize the practical. The discussion will involve policymakers who write and implement these laws and use these authorities to enable discussion and debate focused on pragmatic solutions, putting hackers inside ongoing policy debates in real time.","updated_timestamp":{"seconds":1658982480,"nanoseconds":0},"speakers":[{"content_ids":[48536,48886],"conference_id":65,"event_ids":[48529,48880],"name":"Trey Herr","affiliations":[{"organization":"Cyber Statecraft Initiative, Atlantic Council","title":"Director"}],"pronouns":null,"links":[{"description":"","title":"Profile","sort_order":0,"url":"https://www.atlanticcouncil.org/expert/trey-herr/"}],"media":[],"id":47893,"title":"Director at Cyber Statecraft Initiative, Atlantic Council"},{"content_ids":[48886],"conference_id":65,"event_ids":[48880],"name":"Eric Mill","affiliations":[{"organization":"","title":"US Office of Management and Budget"}],"links":[],"pronouns":null,"media":[],"id":48308,"title":"US Office of Management and Budget"},{"content_ids":[48886],"conference_id":65,"event_ids":[48880],"name":"Harry Mourtos","affiliations":[{"organization":"","title":"Office of the National Cyber Director"}],"links":[],"pronouns":null,"media":[],"id":48309,"title":"Office of the National Cyber Director"}],"timeband_id":892,"end":"2022-08-13T22:45:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242838"}],"id":48880,"tag_ids":[40265,45311,45373,45450],"village_id":23,"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48308},{"tag_id":565,"sort_order":1,"person_id":48309},{"tag_id":565,"sort_order":1,"person_id":47893}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 226-227 - Policy Roundtable","hotel":"","short_name":"226-227 - Policy Roundtable","id":45465},"updated":"2022-07-28T04:28:00.000-0000","begin":"2022-08-13T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"ResidueFree is a privacy-enhancing tool that allows individuals to keep sensitive information off their device's filesystem. It takes on-device privacy protections from TAILS and \"incognito\" web browser modes and applies them to any app running on a user's regular operating system, effectively making the privacy protections offered by TAILS more usable and accessible while improving the on-device privacy guarantees made by web browsers and extending them to any application. While ResidueFree currently runs on Linux, its maintainers are hoping to port it to other operating systems in the near future. In addition, ResidueFree can help forensic analysts and application security engineers isolate filesystem changes made by a specific application. The same implementation ResidueFree uses to ensure that any file changes an application makes are not stored to disk can also be used to isolate those changes to a separate folder without impacting the original files.\n\nAudience: ResidueFree was primarily developed for individuals facing privacy threats that can access the information stored on the individuals' device. However, this presentation is also designed for security trainers that want to expand the tools they can suggest as well as for privacy engineers interested in contributing to ResidueFree or expanding it to more commonly used operating systems. ResidueFree also has features built for malware or forensic analysts, application security engineers, or others who wish to easily isolate an application's changes to a device's filesystem with a simple tool.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#b3b0b6","name":"Demo Lab","id":45292},"title":"ResidueFree","android_description":"ResidueFree is a privacy-enhancing tool that allows individuals to keep sensitive information off their device's filesystem. It takes on-device privacy protections from TAILS and \"incognito\" web browser modes and applies them to any app running on a user's regular operating system, effectively making the privacy protections offered by TAILS more usable and accessible while improving the on-device privacy guarantees made by web browsers and extending them to any application. While ResidueFree currently runs on Linux, its maintainers are hoping to port it to other operating systems in the near future. In addition, ResidueFree can help forensic analysts and application security engineers isolate filesystem changes made by a specific application. The same implementation ResidueFree uses to ensure that any file changes an application makes are not stored to disk can also be used to isolate those changes to a separate folder without impacting the original files.\n\nAudience: ResidueFree was primarily developed for individuals facing privacy threats that can access the information stored on the individuals' device. However, this presentation is also designed for security trainers that want to expand the tools they can suggest as well as for privacy engineers interested in contributing to ResidueFree or expanding it to more commonly used operating systems. ResidueFree also has features built for malware or forensic analysts, application security engineers, or others who wish to easily isolate an application's changes to a device's filesystem with a simple tool.","end_timestamp":{"seconds":1660431300,"nanoseconds":0},"updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48747],"conference_id":65,"event_ids":[48754],"name":"Logan Arkema","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48056}],"timeband_id":892,"links":[],"end":"2022-08-13T22:55:00.000-0000","id":48754,"village_id":null,"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"tag_ids":[45292,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48056}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Committee Boardroom (Demo Labs)","hotel":"","short_name":"Committee Boardroom (Demo Labs)","id":45444},"begin":"2022-08-13T21:00:00.000-0000","updated":"2022-07-27T05:31:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Malware continues to advance in sophistication. Well-engineered malware can obfuscate itself from the user and the OS. Volatile memory is the unique structure malware cannot evade. I have engineered a new construct for memory analysis and a new open-source tool that automates memory analysis, correlation, and user-interaction to increase investigation accuracy, reduce analysis time and workload, and better detect malware presence from memory. This talk demos a new visualization construct that creates the ability to interact with memory analysis artifacts. Additionally, this talk demos new, very impactful data XREF and a system manifest analysis features. Data XREF provides an index and memory context detailing how your search data is coupled with processes, modules, and events captured in memory. The System Manifest distills the analysis data to create a new memory analysis snapshot and precise identification of malicious artifacts detectable from malware execution especially useful for exploit dev and malware analysis! \n\nAudience: Malware Analysts/Software Reverse Engineers Exploit Developers CTF Subject Matter Experts Incident Responders Digital Forensics Examiners Offense & Defense\n\n\n","title":"Xavier Memory Analysis Framework","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#b3b0b6","name":"Demo Lab","id":45292},"end_timestamp":{"seconds":1660431300,"nanoseconds":0},"android_description":"Malware continues to advance in sophistication. Well-engineered malware can obfuscate itself from the user and the OS. Volatile memory is the unique structure malware cannot evade. I have engineered a new construct for memory analysis and a new open-source tool that automates memory analysis, correlation, and user-interaction to increase investigation accuracy, reduce analysis time and workload, and better detect malware presence from memory. This talk demos a new visualization construct that creates the ability to interact with memory analysis artifacts. Additionally, this talk demos new, very impactful data XREF and a system manifest analysis features. Data XREF provides an index and memory context detailing how your search data is coupled with processes, modules, and events captured in memory. The System Manifest distills the analysis data to create a new memory analysis snapshot and precise identification of malicious artifacts detectable from malware execution especially useful for exploit dev and malware analysis! \n\nAudience: Malware Analysts/Software Reverse Engineers Exploit Developers CTF Subject Matter Experts Incident Responders Digital Forensics Examiners Offense & Defense","updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48742,49131],"conference_id":65,"event_ids":[48749,49170],"name":"Solomon Sonya","affiliations":[{"organization":"","title":"Director of Cyber Operations Training"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Carpenter1010"}],"media":[],"id":48051,"title":"Director of Cyber Operations Training"}],"timeband_id":892,"links":[],"end":"2022-08-13T22:55:00.000-0000","id":48749,"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"village_id":null,"tag_ids":[45292,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48051}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Society Boardroom (Demo Labs)","hotel":"","short_name":"Society Boardroom (Demo Labs)","id":45393},"spans_timebands":"N","updated":"2022-07-27T05:31:00.000-0000","begin":"2022-08-13T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Born from the high energy physics community at the Large Hadron Collider, hls4ml is an open-source Python package for machine learning inference in FPGAs (Field Programmable Gate Arrays). It creates firmware implementations of machine learning algorithms by translating traditional, open-source machine learning package models into optimized high level synthesis C++ that can then be customized for your use case and implemented on devices such as FPGAs and Application Specific Integrated Circuits (ASICs). Hls4ml can easily scale the implementation of a model to take advantage of the parallel processing capabilities that FPGAs offer, not only allowing for low latency, high throughput designs, but also designs sized to fit on lower cost, resource constrained hardware. Hls4ml also supports generating accelerators with different drivers that build minimal, self-contained implementations which enable control via Python or C/C++ with little extra development or hardware expertise.\n\nAudience: Hardware, AI, IoT, FPGA\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#b3b0b6","updated_at":"2024-06-07T03:39+0000","name":"Demo Lab","id":45292},"title":"hls4ml - Open Source Machine Learning Accelerators on FPGAs","end_timestamp":{"seconds":1660431300,"nanoseconds":0},"android_description":"Born from the high energy physics community at the Large Hadron Collider, hls4ml is an open-source Python package for machine learning inference in FPGAs (Field Programmable Gate Arrays). It creates firmware implementations of machine learning algorithms by translating traditional, open-source machine learning package models into optimized high level synthesis C++ that can then be customized for your use case and implemented on devices such as FPGAs and Application Specific Integrated Circuits (ASICs). Hls4ml can easily scale the implementation of a model to take advantage of the parallel processing capabilities that FPGAs offer, not only allowing for low latency, high throughput designs, but also designs sized to fit on lower cost, resource constrained hardware. Hls4ml also supports generating accelerators with different drivers that build minimal, self-contained implementations which enable control via Python or C/C++ with little extra development or hardware expertise.\n\nAudience: Hardware, AI, IoT, FPGA","updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48735],"conference_id":65,"event_ids":[48745],"name":"Ben Hawks","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48022},{"content_ids":[48735],"conference_id":65,"event_ids":[48745],"name":"Andres Meza","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48038}],"timeband_id":892,"links":[],"end":"2022-08-13T22:55:00.000-0000","id":48745,"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"village_id":null,"tag_ids":[45292,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48038},{"tag_id":565,"sort_order":1,"person_id":48022}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Council Boardroom (Demo Labs)","hotel":"","short_name":"Council Boardroom (Demo Labs)","id":45443},"spans_timebands":"N","updated":"2022-07-27T05:31:00.000-0000","begin":"2022-08-13T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"OpenTDF is an open source project that provides developers with the tools to build data protections natively within their applications using the Trusted Data Format (TDF).\n\nAudience: AppSec, Defense, Mobile, IoT\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#b3b0b6","updated_at":"2024-06-07T03:39+0000","name":"Demo Lab","id":45292},"title":"OpenTDF","android_description":"OpenTDF is an open source project that provides developers with the tools to build data protections natively within their applications using the Trusted Data Format (TDF).\n\nAudience: AppSec, Defense, Mobile, IoT","end_timestamp":{"seconds":1660431300,"nanoseconds":0},"updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48738],"conference_id":65,"event_ids":[48736],"name":"Paul Flynn","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48029},{"content_ids":[48738],"conference_id":65,"event_ids":[48736],"name":"Cassandra Bailey","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48062}],"timeband_id":892,"links":[],"end":"2022-08-13T22:55:00.000-0000","id":48736,"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"village_id":null,"tag_ids":[45292,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48062},{"tag_id":565,"sort_order":1,"person_id":48029}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Accord Boardroom (Demo Labs)","hotel":"","short_name":"Accord Boardroom (Demo Labs)","id":45395},"spans_timebands":"N","updated":"2022-07-27T05:31:00.000-0000","begin":"2022-08-13T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Control Validation Compass (\"Control Compass\") provides a needed public resource that enables cyber security teams to actually operationalize MITRE ATT&CK for its best purpose: prioritized control validation. Control Compass unites tens of thousands of detection rules, offensive security scripts, and policy recommendations from 60+ open sources – all aligned with MITRE ATT&CK – into the largest single, continuously updated reference library for such content, wrapped in an easily searchable interface. This saves defenders, red teamers, and intel & GRC analysts serious time & effort when researching content for purple teaming efforts (aka control validation). Like its input components and sources, Control Compass resource sets are openly available to all, no strings attached. Control Compass supports a powerful second use case informed by its author’s experience advising security & intelligence teams across maturity levels: the tool also provides a library of unique, openly available threat landscape summaries organized by key adversary categories, including motivation, location, and victim industry. By enabling easy identification of relevant threat intelligence – and a simple UI-based workflow to instantly surface corresponding security controls – Control Compass greatly lowers the barrier to building accurate, intelligence-driven threat models and helps drive tighter control validation feedback loops around the threats that matter most to a given organization.\n\nAudience: Intelligence analysts, SOC/blue team/defenders, red team/adversary emulation, GRC analysts\n\n\n","title":"Control Validation Compass – Threat Modeling Aide & Purple Team Content Repo","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#b3b0b6","name":"Demo Lab","id":45292},"end_timestamp":{"seconds":1660431300,"nanoseconds":0},"android_description":"Control Validation Compass (\"Control Compass\") provides a needed public resource that enables cyber security teams to actually operationalize MITRE ATT&CK for its best purpose: prioritized control validation. Control Compass unites tens of thousands of detection rules, offensive security scripts, and policy recommendations from 60+ open sources – all aligned with MITRE ATT&CK – into the largest single, continuously updated reference library for such content, wrapped in an easily searchable interface. This saves defenders, red teamers, and intel & GRC analysts serious time & effort when researching content for purple teaming efforts (aka control validation). Like its input components and sources, Control Compass resource sets are openly available to all, no strings attached. Control Compass supports a powerful second use case informed by its author’s experience advising security & intelligence teams across maturity levels: the tool also provides a library of unique, openly available threat landscape summaries organized by key adversary categories, including motivation, location, and victim industry. By enabling easy identification of relevant threat intelligence – and a simple UI-based workflow to instantly surface corresponding security controls – Control Compass greatly lowers the barrier to building accurate, intelligence-driven threat models and helps drive tighter control validation feedback loops around the threats that matter most to a given organization.\n\nAudience: Intelligence analysts, SOC/blue team/defenders, red team/adversary emulation, GRC analysts","updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48728,49593],"conference_id":65,"event_ids":[48732,49805],"name":"Scott Small","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/scott-small-20ba0164/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/IntelScott"}],"pronouns":null,"media":[],"id":48059}],"timeband_id":892,"links":[],"end":"2022-08-13T22:55:00.000-0000","id":48732,"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"tag_ids":[45292,45373,45450],"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48059}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Caucus Boardroom (Demo Labs)","hotel":"","short_name":"Caucus Boardroom (Demo Labs)","id":45442},"updated":"2022-07-27T05:31:00.000-0000","begin":"2022-08-13T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Virtualization and containers are the foundations of cloud services. Containers should be isolated from the real host’s settings to ensure the security of the host.\n\nIn this talk we’ll answer these questions: “Are Windows process-isolated containers really isolated?” and “What can an attacker achieve by breaking the isolation?”\n\nBefore we jump into the vulnerabilities, we’ll explain how Windows isolates the container’s processes, filesystem and how the host prevents the container from executing syscalls which can impact the host.\nSpecifically, we’ll focus on the isolation implementation of Ntoskrnl using server silos and job objects.\n\nWe’ll compare Windows containers to Linux containers and describe the differences between their security architectural designs.\nWe’ll follow the scenario of an attacker-crafted container running with low privileges. We'll show in multiple ways how to gain privilege escalation inside the container to NT/System. After gaining NT/System permissions, we'll talk about how we escaped the isolation of the container and easily achieved a dump of the entire host’s kernel memory from within the container. If the host is configured with a kernel debugger, we can even dump the host’s Admin credentials. \n\nWe’ll finish by demonstrating how an attacker-crafted container with low privileges can read UEFI settings and then set them. Using this technique an attacker can communicate between containers and cause a permanent Denial-of-Service (DoS) to a host with default settings, through the UEFI interface.\n\n\n","title":"The COW (Container On Windows) Who Escaped the Silo","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"android_description":"Virtualization and containers are the foundations of cloud services. Containers should be isolated from the real host’s settings to ensure the security of the host.\n\nIn this talk we’ll answer these questions: “Are Windows process-isolated containers really isolated?” and “What can an attacker achieve by breaking the isolation?”\n\nBefore we jump into the vulnerabilities, we’ll explain how Windows isolates the container’s processes, filesystem and how the host prevents the container from executing syscalls which can impact the host.\nSpecifically, we’ll focus on the isolation implementation of Ntoskrnl using server silos and job objects.\n\nWe’ll compare Windows containers to Linux containers and describe the differences between their security architectural designs.\nWe’ll follow the scenario of an attacker-crafted container running with low privileges. We'll show in multiple ways how to gain privilege escalation inside the container to NT/System. After gaining NT/System permissions, we'll talk about how we escaped the isolation of the container and easily achieved a dump of the entire host’s kernel memory from within the container. If the host is configured with a kernel debugger, we can even dump the host’s Admin credentials. \n\nWe’ll finish by demonstrating how an attacker-crafted container with low privileges can read UEFI settings and then set them. Using this technique an attacker can communicate between containers and cause a permanent Denial-of-Service (DoS) to a host with default settings, through the UEFI interface.","end_timestamp":{"seconds":1660427100,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48558],"conference_id":65,"event_ids":[48563],"name":"Eran Segal","affiliations":[{"organization":"","title":"Security research team leader at SafeBreach"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/eran-segal-15b29a180/"}],"pronouns":null,"media":[],"id":47903,"title":"Security research team leader at SafeBreach"}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241828"}],"end":"2022-08-13T21:45:00.000-0000","id":48563,"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"tag_ids":[45241,45279,45280,45281,45375,45450],"village_id":null,"includes":"Tool, Demo, Exploit","people":[{"tag_id":565,"sort_order":1,"person_id":47903}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 401-410, 421 (Track 3)","hotel":"","short_name":"401-410, 421 (Track 3)","id":45374},"begin":"2022-08-13T21:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The internet, as it stands today, is not a very trustworthy environment, as evidenced by the numerous headlines of companies abusing personal data and activity. This is not really surprising since companies are responsible for optimizing revenue, which is often at odds with user benefit. The result of these incentives has produced or exacerbated significant problems: tech silos, misinformation, privacy abuse, concentration of wealth, the attention economy, etc. We built OpenCola, free and open source, as an alternative to existing big-tech applications. It puts users in control of their personal activity and the algorithms that shape the flow of data to them. We believe that this solution, although simple, can significantly mitigate the challenges facing the Internet.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"title":"OpenCola. The AntiSocial Network","android_description":"The internet, as it stands today, is not a very trustworthy environment, as evidenced by the numerous headlines of companies abusing personal data and activity. This is not really surprising since companies are responsible for optimizing revenue, which is often at odds with user benefit. The result of these incentives has produced or exacerbated significant problems: tech silos, misinformation, privacy abuse, concentration of wealth, the attention economy, etc. We built OpenCola, free and open source, as an alternative to existing big-tech applications. It puts users in control of their personal activity and the algorithms that shape the flow of data to them. We believe that this solution, although simple, can significantly mitigate the challenges facing the Internet.","end_timestamp":{"seconds":1660427100,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48557],"conference_id":65,"event_ids":[48503],"name":"John Midgley","affiliations":[{"organization":"","title":"Cult of the Dead Cow"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/john-midgley-5991/"}],"pronouns":null,"media":[],"id":47891,"title":"Cult of the Dead Cow"}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242204"}],"end":"2022-08-13T21:45:00.000-0000","id":48503,"tag_ids":[45241,45279,45281,45375,45450],"village_id":null,"begin_timestamp":{"seconds":1660424400,"nanoseconds":0},"includes":"Demo, Tool","people":[{"tag_id":565,"sort_order":1,"person_id":47891}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 104-105, 135-136 (Track 1)","hotel":"","short_name":"104-105, 135-136 (Track 1)","id":45372},"begin":"2022-08-13T21:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"It's been a long 12 years since the last time an Internet Wars panel was held at DEF CON, in that time a lot has changed, and a lot has not. This panel will bring together representatives from multiple industries and with a breadth of experiences discuss current trends and topics in internet security and the way those are playing out in both the cyber and the physical realm.\r\n\r\nThis discussion will start with an introductory presentation on some of the latest trends in digital security, threat intel, disinformation, and APTs. Further we will be discussing how cyber threats are being weaponized in the Russian attacks on Ukraine. From there we'll move into questions and answers from the audience. Panelists will accept questions on any subject related to the threat landscape, IoT and ICS threats, internet warfare and will discuss what we expect is coming and how we, as an industry, can best deal with it.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#a8c24b","name":"Skytalk","id":45291},"title":"INTERNET WARS 2022: These wars aren't just virtual","end_timestamp":{"seconds":1660430400,"nanoseconds":0},"android_description":"It's been a long 12 years since the last time an Internet Wars panel was held at DEF CON, in that time a lot has changed, and a lot has not. This panel will bring together representatives from multiple industries and with a breadth of experiences discuss current trends and topics in internet security and the way those are playing out in both the cyber and the physical realm.\r\n\r\nThis discussion will start with an introductory presentation on some of the latest trends in digital security, threat intel, disinformation, and APTs. Further we will be discussing how cyber threats are being weaponized in the Russian attacks on Ukraine. From there we'll move into questions and answers from the audience. Panelists will accept questions on any subject related to the threat landscape, IoT and ICS threats, internet warfare and will discuss what we expect is coming and how we, as an industry, can best deal with it.","updated_timestamp":{"seconds":1658865180,"nanoseconds":0},"speakers":[{"content_ids":[48703,48708,49784],"conference_id":65,"event_ids":[48711,48715,49997],"name":"Chris Kubecka","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/SecEvangelism"}],"pronouns":null,"media":[],"id":47994},{"content_ids":[48703],"conference_id":65,"event_ids":[48711],"name":"Jivesx","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jivesx"}],"media":[],"id":47998},{"content_ids":[48703],"conference_id":65,"event_ids":[48711],"name":"Harri Hursti","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/HarriHursti"}],"media":[],"id":48008},{"content_ids":[48703],"conference_id":65,"event_ids":[48711],"name":"Cheryl Biswall","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/3ncr1pt3d"}],"pronouns":null,"media":[],"id":48009},{"content_ids":[48703],"conference_id":65,"event_ids":[48711],"name":"Russ Handorf","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/dntlookbehindu"}],"pronouns":null,"media":[],"id":48011},{"content_ids":[48703,49575,49601],"conference_id":65,"event_ids":[48711,49787,49815],"name":"Bryson Bort","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/brysonbort/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/brysonbort"}],"pronouns":null,"media":[],"id":48012},{"content_ids":[48703],"conference_id":65,"event_ids":[48711],"name":"Gadi Evron","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/gadievron"}],"pronouns":null,"media":[],"id":48013}],"timeband_id":892,"links":[],"end":"2022-08-13T22:40:00.000-0000","id":48711,"begin_timestamp":{"seconds":1660423800,"nanoseconds":0},"village_id":30,"tag_ids":[40272,45291,45340,45373,45453],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48012},{"tag_id":565,"sort_order":1,"person_id":48009},{"tag_id":565,"sort_order":1,"person_id":47994},{"tag_id":565,"sort_order":1,"person_id":48013},{"tag_id":565,"sort_order":1,"person_id":48008},{"tag_id":565,"sort_order":1,"person_id":47998},{"tag_id":565,"sort_order":1,"person_id":48011}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45438,"name":"LINQ - BLOQ (SkyTalks 303)","hotel":"","short_name":"BLOQ (SkyTalks 303)","id":45413},"spans_timebands":"N","updated":"2022-07-26T19:53:00.000-0000","begin":"2022-08-13T20:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"A virtual reality (VR) user thought they were joining an anonymous server in the popular \"VR Chat\" application. Behind the scenes, however, an adversarial program had accurately inferred over 25 of their personal data attributes, from anthropometrics like height and wingspan to demographics like age and gender, within just a few minutes of them joining. As notoriously data-hungry companies become increasingly involved in VR development, this scenario may soon represent a typical VR user experience. While virtual telepresence applications (and the so-called \"metaverse\") have recently received increased attention and investment from major tech firms, these environments remain relatively under-studied from a security and privacy standpoint. In this talk, we'll illustrate via a real-time VR/XR demo how an attacker can covertly harvest personal attributes from seemingly-anonymous users of innocent-looking VR games. These attackers can be as simple as other VR users without special privilege, and the potential scale and scope of this data collection far exceed what is feasible within traditional mobile and web applications. We aim to shed light on the unique privacy risks that the metaverse entails and contribute a new way of thinking about security and privacy in emerging AR/VR environments.\n\n\n","title":"Exploring Unprecedented Avenues for Data Harvesting in the Metaverse","type":{"conference_id":65,"conference":"DEFCON30","color":"#ff88ea","updated_at":"2024-06-07T03:39+0000","name":"Crypto & Privacy Village","id":45347},"end_timestamp":{"seconds":1660426200,"nanoseconds":0},"android_description":"A virtual reality (VR) user thought they were joining an anonymous server in the popular \"VR Chat\" application. Behind the scenes, however, an adversarial program had accurately inferred over 25 of their personal data attributes, from anthropometrics like height and wingspan to demographics like age and gender, within just a few minutes of them joining. As notoriously data-hungry companies become increasingly involved in VR development, this scenario may soon represent a typical VR user experience. While virtual telepresence applications (and the so-called \"metaverse\") have recently received increased attention and investment from major tech firms, these environments remain relatively under-studied from a security and privacy standpoint. In this talk, we'll illustrate via a real-time VR/XR demo how an attacker can covertly harvest personal attributes from seemingly-anonymous users of innocent-looking VR games. These attackers can be as simple as other VR users without special privilege, and the potential scale and scope of this data collection far exceed what is feasible within traditional mobile and web applications. We aim to shed light on the unique privacy risks that the metaverse entails and contribute a new way of thinking about security and privacy in emerging AR/VR environments.","updated_timestamp":{"seconds":1659213900,"nanoseconds":0},"speakers":[{"content_ids":[49154],"conference_id":65,"event_ids":[49190],"name":"Gonzalo Munilla Garrido","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48597},{"content_ids":[49154,49266],"conference_id":65,"event_ids":[49190,49338],"name":"Vivek Nair","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48615}],"timeband_id":892,"links":[],"end":"2022-08-13T21:30:00.000-0000","id":49190,"begin_timestamp":{"seconds":1660423500,"nanoseconds":0},"tag_ids":[40253,45347,45451],"village_id":10,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48597},{"tag_id":565,"sort_order":1,"person_id":48615}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"spans_timebands":"N","updated":"2022-07-30T20:45:00.000-0000","begin":"2022-08-13T20:45:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Attackers do not always land close to their objectives (data to steal). Consequently, they often need to move laterally to accomplish their goals. That is also the case in cloud environments, where most organizations are increasingly storing their most valuable data. So as a defender, understanding the possibilities of lateral movements in the cloud is a must.\r\n\r\nBecause the control plane APIs are exposed and well documented, attackers can move between networks and AWS accounts by assuming roles, pivoting, and escalating privileges. It is also possible for attackers to move relatively easily from the data plane to the control plane and vice-versa.\r\n\r\nIn this talk, we are going to explore how attackers can leverage AWS Control and Data Planes to move laterally and achieve their objectives. We will explore some scenarios that we discovered with our clients and how we approached the problem. We will also share a tool we created to help us visualize and understand those paths.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#7caa57","name":"Cloud Village","id":45350},"title":"us-east-1 Shuffle: Lateral Movement and other Creative Steps Attackers Take in AWS Cloud Environments and how to detect them","end_timestamp":{"seconds":1660425600,"nanoseconds":0},"android_description":"Attackers do not always land close to their objectives (data to steal). Consequently, they often need to move laterally to accomplish their goals. That is also the case in cloud environments, where most organizations are increasingly storing their most valuable data. So as a defender, understanding the possibilities of lateral movements in the cloud is a must.\r\n\r\nBecause the control plane APIs are exposed and well documented, attackers can move between networks and AWS accounts by assuming roles, pivoting, and escalating privileges. It is also possible for attackers to move relatively easily from the data plane to the control plane and vice-versa.\r\n\r\nIn this talk, we are going to explore how attackers can leverage AWS Control and Data Planes to move laterally and achieve their objectives. We will explore some scenarios that we discovered with our clients and how we approached the problem. We will also share a tool we created to help us visualize and understand those paths.","updated_timestamp":{"seconds":1659283200,"nanoseconds":0},"speakers":[{"content_ids":[49179],"conference_id":65,"event_ids":[49215],"name":"Felipe Espósito","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Pr0teusBR"}],"media":[],"id":48633}],"timeband_id":892,"links":[],"end":"2022-08-13T21:20:00.000-0000","id":49215,"begin_timestamp":{"seconds":1660423200,"nanoseconds":0},"village_id":9,"tag_ids":[40252,45340,45350,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48633}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Cloud Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Cloud Village)","id":45431},"updated":"2022-07-31T16:00:00.000-0000","begin":"2022-08-13T20:40:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Experience has shown that we spend most of our test effort on unit testing. Many team reports that a key blocker for spending more time on system testing is the effort required to manage/mock the authentication and authorization parts of the system. In this talk we will briefly explore this problem and present one potential solution that could work for some teams.\n\n\n","title":"Running system tests with active authn/z","type":{"conference_id":65,"conference":"DEFCON30","color":"#5978bc","updated_at":"2024-06-07T03:39+0000","name":"AppSec Village","id":45378},"end_timestamp":{"seconds":1660426200,"nanoseconds":0},"android_description":"Experience has shown that we spend most of our test effort on unit testing. Many team reports that a key blocker for spending more time on system testing is the effort required to manage/mock the authentication and authorization parts of the system. In this talk we will briefly explore this problem and present one potential solution that could work for some teams.","updated_timestamp":{"seconds":1659917160,"nanoseconds":0},"speakers":[{"content_ids":[49642],"conference_id":65,"event_ids":[49826],"name":"Lars Skjorestad","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/larskaare/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/larskaare"}],"pronouns":null,"media":[],"id":49000}],"timeband_id":892,"links":[],"end":"2022-08-13T21:30:00.000-0000","id":49826,"village_id":4,"tag_ids":[40278,45340,45345,45378,45451],"begin_timestamp":{"seconds":1660422600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49000}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45421,"name":"Flamingo - Twilight Ballroom - AppSec Village - Main Stage","hotel":"","short_name":"Main Stage","id":45517},"begin":"2022-08-13T20:30:00.000-0000","updated":"2022-08-08T00:06:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Ever wondered how the cards you use to enter your hotel room or the key fobs you use in your car work, and how vulnerabilities in their design and implementation can be exploited? Find out all that and more with this talk.\n\n\n","title":"RFID Hacking 101","type":{"conference_id":65,"conference":"DEFCON30","color":"#61ba95","updated_at":"2024-06-07T03:39+0000","name":"Physical Security Village","id":45381},"android_description":"Ever wondered how the cards you use to enter your hotel room or the key fobs you use in your car work, and how vulnerabilities in their design and implementation can be exploited? Find out all that and more with this talk.","end_timestamp":{"seconds":1660424400,"nanoseconds":0},"updated_timestamp":{"seconds":1659624240,"nanoseconds":0},"speakers":[{"content_ids":[49395],"conference_id":65,"event_ids":[49542,49553,49554],"name":"Ege F","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Efeyzee"}],"pronouns":null,"media":[],"id":48800}],"timeband_id":892,"links":[],"end":"2022-08-13T21:00:00.000-0000","id":49553,"begin_timestamp":{"seconds":1660422600,"nanoseconds":0},"village_id":22,"tag_ids":[40264,45340,45373,45381,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48800}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 201-202 (Physical Security Village)","hotel":"","short_name":"201-202 (Physical Security Village)","id":45428},"begin":"2022-08-13T20:30:00.000-0000","updated":"2022-08-04T14:44:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"This will be a discussion about the Cyber-SHIP lab, a Cyber-Physical lab environment and hardware testbed, currently being developed at the University of Plymouth to help prevent Maritime Cyber-attacks. The talk will focus on the facilities capabilities, research aims and current development progress, as well as some details on current research projects.\n\n\n","title":"Cyber Physical Lab Environment for Maritime Cyber Security","type":{"conference_id":65,"conference":"DEFCON30","color":"#81f8bf","updated_at":"2024-06-07T03:39+0000","name":"ICS Village","id":45369},"android_description":"This will be a discussion about the Cyber-SHIP lab, a Cyber-Physical lab environment and hardware testbed, currently being developed at the University of Plymouth to help prevent Maritime Cyber-attacks. The talk will focus on the facilities capabilities, research aims and current development progress, as well as some details on current research projects.","end_timestamp":{"seconds":1660424400,"nanoseconds":0},"updated_timestamp":{"seconds":1659473520,"nanoseconds":0},"speakers":[{"content_ids":[49348],"conference_id":65,"event_ids":[49448],"name":"Wesley Andrews","affiliations":[{"organization":"University of Plymouth","title":"Industrial Research Associate and Project Engineer"}],"links":[],"pronouns":null,"media":[],"id":48774,"title":"Industrial Research Associate and Project Engineer at University of Plymouth"}],"timeband_id":892,"links":[],"end":"2022-08-13T21:00:00.000-0000","id":49448,"begin_timestamp":{"seconds":1660422600,"nanoseconds":0},"tag_ids":[40258,45340,45369,45375,45450],"village_id":15,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48774}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village)","hotel":"","short_name":"314 - 319 (ICS Village)","id":45430},"spans_timebands":"N","begin":"2022-08-13T20:30:00.000-0000","updated":"2022-08-02T20:52:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#c497fa","name":"Girls Hack Village","id":45361},"title":"Hacking Diversity","end_timestamp":{"seconds":1660426200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659465780,"nanoseconds":0},"speakers":[{"content_ids":[48939,49309,49312,49719],"conference_id":65,"event_ids":[48939,49409,49412,49909],"name":"Tracy Z. Maleeff","affiliations":[],"links":[{"description":"","title":"Blog","sort_order":0,"url":"https://infosecsherpa.medium.com"},{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/tzmaleeff/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/InfoSecSherpa"}],"pronouns":null,"media":[],"id":48381},{"content_ids":[49294,49298,49300,49309],"conference_id":65,"event_ids":[49393,49397,49399,49409],"name":"Tennisha Martin","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"www.linkedin.com/in/tennisha"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/misstennisha"},{"description":"","title":"Website","sort_order":0,"url":"https://tennisha.com"}],"pronouns":null,"media":[],"id":48713},{"content_ids":[49309,49313],"conference_id":65,"event_ids":[49409,49413],"name":"Ebony Pierce","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/ebony-p-71b09679/"}],"pronouns":null,"media":[],"id":48721},{"content_ids":[49309],"conference_id":65,"event_ids":[49409],"name":"Jessica Afeku","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48724},{"content_ids":[49302,49309],"conference_id":65,"event_ids":[49401,49409],"name":"Melissa Miller","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48730},{"content_ids":[49298,49309,49311],"conference_id":65,"event_ids":[49397,49409,49411],"name":"Rebekah Skeete","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/rebekah-skeete-01270192/"}],"media":[],"id":48733},{"content_ids":[49309],"conference_id":65,"event_ids":[49409],"name":"Sonju Walker","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48736},{"content_ids":[49308,49309,49366],"conference_id":65,"event_ids":[49407,49409,49502],"name":"Tessa Cole","affiliations":[],"pronouns":null,"links":[{"description":"","title":"","sort_order":0,"url":"https://www.linkedin.com/in/tessa-cole-phd-3aab70166/"},{"description":"","title":"Instagram","sort_order":0,"url":"https://www.instagram.com/tessacole8/"}],"media":[],"id":48739}],"timeband_id":892,"links":[],"end":"2022-08-13T21:30:00.000-0000","id":49409,"village_id":12,"tag_ids":[40255,45361,45367,45451],"begin_timestamp":{"seconds":1660422600,"nanoseconds":0},"includes":"","people":[{"tag_id":45290,"sort_order":1,"person_id":48721},{"tag_id":45290,"sort_order":1,"person_id":48724},{"tag_id":45290,"sort_order":1,"person_id":48730},{"tag_id":45290,"sort_order":1,"person_id":48733},{"tag_id":45290,"sort_order":1,"person_id":48736},{"tag_id":45290,"sort_order":1,"person_id":48713},{"tag_id":45290,"sort_order":1,"person_id":48739},{"tag_id":45290,"sort_order":1,"person_id":48381}],"tags":"Panel","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City III (Girls Hack Village)","hotel":"","short_name":"Virginia City III (Girls Hack Village)","id":45400},"spans_timebands":"N","updated":"2022-08-02T18:43:00.000-0000","begin":"2022-08-13T20:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Capture The Packet is returning to DEF CON! Our legendary cyber defense competition has been a Black Badge contest for over 10 years! Glory and prizes await. Follow this event on Twitter at @Capturetp for the latest information on competition dates and times, as well as prizes.\r\n\r\nLast round kicks off at 16:00\n\n\n","title":"Capture The Packet Main Rounds","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"end_timestamp":{"seconds":1660438800,"nanoseconds":0},"android_description":"Capture The Packet is returning to DEF CON! Our legendary cyber defense competition has been a Black Badge contest for over 10 years! Glory and prizes await. Follow this event on Twitter at @Capturetp for the latest information on competition dates and times, as well as prizes.\r\n\r\nLast round kicks off at 16:00","updated_timestamp":{"seconds":1659455580,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[{"label":"Twitter","type":"link","url":"https://twitter.com/Capturetp"},{"label":"Website","type":"link","url":"https://capturethepacket.com"}],"end":"2022-08-14T01:00:00.000-0000","id":49372,"village_id":19,"begin_timestamp":{"seconds":1660422600,"nanoseconds":0},"tag_ids":[40261,45359,45360,45373,45450],"includes":"","people":[],"tags":"Competition","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"updated":"2022-08-02T15:53:00.000-0000","begin":"2022-08-13T20:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Cyborgs and mutants are not fictional creatures relegated to the realm of sci-fi and superheroes, they are all around us: regular people with pacemakers and prosthetics, with cancer and chronic illness, as well as gender queer and neurodivergent people. For cyborgs and mutants, biohacking often isn’t just a hobby, it is a method of survival. This workshop aims to examine the history, ethics, and legalities of various forms of biohacking and their impact on gender queer, disabled, chronically ill, and neurodivergent persons.\n\n\n","title":"Radical inclusivity and intersectionality in the biohacking world","type":{"conference_id":65,"conference":"DEFCON30","color":"#a67a60","updated_at":"2024-06-07T03:39+0000","name":"Biohacking Village","id":45329},"end_timestamp":{"seconds":1660426200,"nanoseconds":0},"android_description":"Cyborgs and mutants are not fictional creatures relegated to the realm of sci-fi and superheroes, they are all around us: regular people with pacemakers and prosthetics, with cancer and chronic illness, as well as gender queer and neurodivergent people. For cyborgs and mutants, biohacking often isn’t just a hobby, it is a method of survival. This workshop aims to examine the history, ethics, and legalities of various forms of biohacking and their impact on gender queer, disabled, chronically ill, and neurodivergent persons.","updated_timestamp":{"seconds":1659108420,"nanoseconds":0},"speakers":[{"content_ids":[49023],"conference_id":65,"event_ids":[49026],"name":"Berkelly Gonzalez","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/berkellygonzalez/"}],"pronouns":null,"media":[],"id":48438}],"timeband_id":892,"links":[],"end":"2022-08-13T21:30:00.000-0000","id":49026,"village_id":5,"tag_ids":[40277,45329,45373,45451],"begin_timestamp":{"seconds":1660422600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48438}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Laughlin I,II,III (Biohacking Village)","hotel":"","short_name":"Laughlin I,II,III (Biohacking Village)","id":45405},"begin":"2022-08-13T20:30:00.000-0000","updated":"2022-07-29T15:27:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Cisco ASA and ASA-X are widely deployed firewalls that are relied upon to protect internal networks from the dangers of the outside world. This key piece of network infrastructure is an obvious point of attack, and a known target for exploitation and implantation by APT such as the Equation Group. Yet it’s been a number of years since a new vulnerability has been published that can provide privileged access to the ASA or the protected internal network. But all good things must come to an end.\n\nIn this talk, new vulnerabilities affecting the Cisco ASA will be presented. We’ll exploit the firewall, the system’s administrators, and the ASA-X FirePOWER module. The result of which should call into question the firewall’s trustworthiness.\n\nThe talk will focus on the practical exploitation of the ASA using these new vulnerabilities. To that end, new tooling and Metasploit modules will be presented. For IT protectors, mitigation and potential indicators of compromise will also be explored.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"title":"Do Not Trust the ASA, Trojans!","end_timestamp":{"seconds":1660425300,"nanoseconds":0},"android_description":"Cisco ASA and ASA-X are widely deployed firewalls that are relied upon to protect internal networks from the dangers of the outside world. This key piece of network infrastructure is an obvious point of attack, and a known target for exploitation and implantation by APT such as the Equation Group. Yet it’s been a number of years since a new vulnerability has been published that can provide privileged access to the ASA or the protected internal network. But all good things must come to an end.\n\nIn this talk, new vulnerabilities affecting the Cisco ASA will be presented. We’ll exploit the firewall, the system’s administrators, and the ASA-X FirePOWER module. The result of which should call into question the firewall’s trustworthiness.\n\nThe talk will focus on the practical exploitation of the ASA using these new vulnerabilities. To that end, new tooling and Metasploit modules will be presented. For IT protectors, mitigation and potential indicators of compromise will also be explored.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48555],"conference_id":65,"event_ids":[48586],"name":"Jacob Baines","affiliations":[{"organization":"","title":"Lead Security Researcher, Rapid7"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"http://twitter.com/Junior_Baines"}],"media":[],"id":47877,"title":"Lead Security Researcher, Rapid7"}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241939"}],"end":"2022-08-13T21:15:00.000-0000","id":48586,"village_id":null,"begin_timestamp":{"seconds":1660422600,"nanoseconds":0},"tag_ids":[45241,45280,45281,45375,45450],"includes":"Tool, Exploit","people":[{"tag_id":565,"sort_order":1,"person_id":47877}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-13T20:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Shadytel cabal had an unprecedented opportunity to legally uplink to and use a vacant transponder slot on a geostationary satellite about to be decommissioned. This talk will explain how we modified an unused commercial uplink facility to broadcast modern HD DVB-S2 signals and created the media processing chain to generate the ultimate information broadcast. You'll learn how satellite transponders work, how HDTV is encoded and transmitted, and how you can create your own hacker event broadcast.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"title":"HACK THE HEMISPHERE! How we (legally) broadcasted hacker content to all of North America using an end-of-life geostationary satellite, and how you can set up your own broadcast too!","android_description":"The Shadytel cabal had an unprecedented opportunity to legally uplink to and use a vacant transponder slot on a geostationary satellite about to be decommissioned. This talk will explain how we modified an unused commercial uplink facility to broadcast modern HD DVB-S2 signals and created the media processing chain to generate the ultimate information broadcast. You'll learn how satellite transponders work, how HDTV is encoded and transmitted, and how you can create your own hacker event broadcast.","end_timestamp":{"seconds":1660425300,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48556],"conference_id":65,"event_ids":[48530],"name":"Andrew Green","affiliations":[{"organization":"","title":"Hacker"}],"links":[],"pronouns":null,"media":[],"id":47820,"title":"Hacker"},{"content_ids":[48556],"conference_id":65,"event_ids":[48530],"name":"Karl Koscher","affiliations":[{"organization":"","title":"Hacker"}],"links":[],"pronouns":null,"media":[],"id":47866,"title":"Hacker"}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241832"}],"end":"2022-08-13T21:15:00.000-0000","id":48530,"begin_timestamp":{"seconds":1660422600,"nanoseconds":0},"village_id":null,"tag_ids":[45241,45279,45375,45450],"includes":"Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47820},{"tag_id":565,"sort_order":1,"person_id":47866}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 106-110, 138-139 (Track 2)","hotel":"","short_name":"106-110, 138-139 (Track 2)","id":45373},"begin":"2022-08-13T20:30:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"At Meedan, we define gendered misinformation as the unintentional spread of false or substandard information that is about women, trans people, or nonbinary people. This session narrows in on gendered health misinformation, with a focus on misinformation surrounding three topics: 1) pregnancy and infant care, 2) gender-affirming care, and 3) abortion.\r\n\r\nPlatforms have understandably been focused on COVID-19 misinformation. However, they continue to fall short on other types of health misinformation, particularly content that most negatively impacts people with marginalized gender identities. \r\n\r\nResearch shows that the vast majority of women, trans people, and nonbinary people seeking information about health turn to the internet. This makes sense given that these demographics are the most marginalized in our healthcare systems. Unfortunately, research also shows that a significant amount of the online content about the health of women, trans people, and nonbinary people is low quality and that most people are not likely to question the validity of posts. As a result, misinformation is dangerously impacting health outcomes. \r\n\r\nThrough a set of three case studies I delve into 1) the pervasiveness of gendered health misinformation online, 2) misinformation trends on each topic, and 3) what platforms should do to address this urgent problem.\n\n\n","title":"Examining the urgency of gendered health misinformation online through three case studies","type":{"conference_id":65,"conference":"DEFCON30","color":"#d5f67c","updated_at":"2024-06-07T03:39+0000","name":"Misinformation Village","id":45335},"end_timestamp":{"seconds":1660425300,"nanoseconds":0},"android_description":"At Meedan, we define gendered misinformation as the unintentional spread of false or substandard information that is about women, trans people, or nonbinary people. This session narrows in on gendered health misinformation, with a focus on misinformation surrounding three topics: 1) pregnancy and infant care, 2) gender-affirming care, and 3) abortion.\r\n\r\nPlatforms have understandably been focused on COVID-19 misinformation. However, they continue to fall short on other types of health misinformation, particularly content that most negatively impacts people with marginalized gender identities. \r\n\r\nResearch shows that the vast majority of women, trans people, and nonbinary people seeking information about health turn to the internet. This makes sense given that these demographics are the most marginalized in our healthcare systems. Unfortunately, research also shows that a significant amount of the online content about the health of women, trans people, and nonbinary people is low quality and that most people are not likely to question the validity of posts. As a result, misinformation is dangerously impacting health outcomes. \r\n\r\nThrough a set of three case studies I delve into 1) the pervasiveness of gendered health misinformation online, 2) misinformation trends on each topic, and 3) what platforms should do to address this urgent problem.","updated_timestamp":{"seconds":1660363320,"nanoseconds":0},"speakers":[{"content_ids":[49777],"conference_id":65,"event_ids":[49978],"name":"Jenna Sherman","affiliations":[{"organization":"Meedan","title":""}],"links":[],"pronouns":null,"media":[],"id":48482,"title":"Meedan"}],"timeband_id":892,"links":[],"end":"2022-08-13T21:15:00.000-0000","id":49978,"begin_timestamp":{"seconds":1660421700,"nanoseconds":0},"tag_ids":[40260,45331,45335,45348,45373,45450],"village_id":18,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48482}],"tags":"Pre-Recorded Content, Lightning Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (Misinformation Village)","hotel":"","short_name":"220->236 (Misinformation Village)","id":45402},"spans_timebands":"N","begin":"2022-08-13T20:15:00.000-0000","updated":"2022-08-13T04:02:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Link to tool: https://www.brokenazure.cloud/\r\n\r\nBecause cloud and on-premise infrastructures are not alike, security analysts require a different skillset when assessing cloud infrastructure. There are multiple courses and exams that can be taken to learn how to work with and audit cloud environments. All these courses teach a global understanding of cloud security, but do not go in-depth due to all services having a different portal and setup. With this tool we will create security hacking training for the rapidly developing Azure space.\r\n\r\nWith this tool we will create security hacking training for the rapidly developing Azure space. We aim to breach the gap between theory and practice in a real secured Azure cloud environment. The software allows everyone that is trying to get into the field of cloud security to train their skills in the Azure space, with a Capture-the-Flag requiring multiple vulnerabilities that need to be exploited. All challenges are hosted online for free for anyone that wants to use the software. The challenges are beginner-friendly. The broken features are explained to give insight into why they exist and how they can be prevented. If the user is not able to figure out how to complete the challenge, additional hints (and eventually the answer) can be requested. The environment is built using the Infrastructure-As-Code language Terraform, which will all be open-source to allow other developers and security professionals to add new challenges and make the tool even better.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#7caa57","updated_at":"2024-06-07T03:39+0000","name":"Cloud Village","id":45350},"title":"BrokenbyDesign: Azure | Get started with hacking Azure","end_timestamp":{"seconds":1660423200,"nanoseconds":0},"android_description":"Link to tool: https://www.brokenazure.cloud/\r\n\r\nBecause cloud and on-premise infrastructures are not alike, security analysts require a different skillset when assessing cloud infrastructure. There are multiple courses and exams that can be taken to learn how to work with and audit cloud environments. All these courses teach a global understanding of cloud security, but do not go in-depth due to all services having a different portal and setup. With this tool we will create security hacking training for the rapidly developing Azure space.\r\n\r\nWith this tool we will create security hacking training for the rapidly developing Azure space. We aim to breach the gap between theory and practice in a real secured Azure cloud environment. The software allows everyone that is trying to get into the field of cloud security to train their skills in the Azure space, with a Capture-the-Flag requiring multiple vulnerabilities that need to be exploited. All challenges are hosted online for free for anyone that wants to use the software. The challenges are beginner-friendly. The broken features are explained to give insight into why they exist and how they can be prevented. If the user is not able to figure out how to complete the challenge, additional hints (and eventually the answer) can be requested. The environment is built using the Infrastructure-As-Code language Terraform, which will all be open-source to allow other developers and security professionals to add new challenges and make the tool even better.","updated_timestamp":{"seconds":1659283680,"nanoseconds":0},"speakers":[{"content_ids":[49185],"conference_id":65,"event_ids":[49221],"name":"Ricardo Sanchez","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ric_rojo"}],"pronouns":null,"media":[],"id":48635},{"content_ids":[49185],"conference_id":65,"event_ids":[49221],"name":"Siebren Kraak","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48643},{"content_ids":[49181,49185],"conference_id":65,"event_ids":[49217,49221],"name":"Ricardo Sanchez","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48644},{"content_ids":[49185],"conference_id":65,"event_ids":[49221],"name":"Roy Stultiens","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48645}],"timeband_id":892,"end":"2022-08-13T20:40:00.000-0000","links":[{"label":"https://www.brokenazure.cloud","type":"link","url":"https://www.brokenazure.cloud/"}],"id":49221,"village_id":9,"begin_timestamp":{"seconds":1660421400,"nanoseconds":0},"tag_ids":[40252,45349,45350,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48635},{"tag_id":565,"sort_order":1,"person_id":48644},{"tag_id":565,"sort_order":1,"person_id":48645},{"tag_id":565,"sort_order":1,"person_id":48643}],"tags":"Tool Demo","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Cloud Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Cloud Village)","id":45431},"spans_timebands":"N","begin":"2022-08-13T20:10:00.000-0000","updated":"2022-07-31T16:08:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Locking down patient data and ensuring secure access is more nuanced in a healthcare setting. In this talk you will be given an introduction to the medical Laboratory and testing process - find out where your samples go, and how your patient data is handled! Learn about laboratory instrumentation and the laboratory information system.\n\n\n","title":"Security Concerns of the Medical Laboratory","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#74a6bb","name":"DEF CON Groups VR","id":45449},"end_timestamp":{"seconds":1660424400,"nanoseconds":0},"android_description":"Locking down patient data and ensuring secure access is more nuanced in a healthcare setting. In this talk you will be given an introduction to the medical Laboratory and testing process - find out where your samples go, and how your patient data is handled! Learn about laboratory instrumentation and the laboratory information system.","updated_timestamp":{"seconds":1660257420,"nanoseconds":0},"speakers":[{"content_ids":[49759],"conference_id":65,"event_ids":[49957],"name":"Squiddy","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49097}],"timeband_id":892,"links":[{"label":"URL","type":"link","url":"https://account.altvr.com/events/2059997537997160822"}],"end":"2022-08-13T21:00:00.000-0000","id":49957,"tag_ids":[45374,45449],"begin_timestamp":{"seconds":1660420800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49097}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - DEF CON Groups VR","hotel":"","short_name":"DEF CON Groups VR","id":45523},"begin":"2022-08-13T20:00:00.000-0000","updated":"2022-08-11T22:37:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"\"Antennas Different types, where and when you would want one design vs another. (Short overview of my last talk for you) Why the 1/4 wave whip is a NON-FUNCTIONAL antenna on small transmitters! (needs to be much longer) SDR More comments on the design limitations of SDR's. Proper use of Low Noise AMPs and why filters are usually necessary. Short Bio on Mr Leon Theremin An extremely productive spy for the KGB. He had spent far more time in the Patent office making copies of patents than he did in the concert hall. Quick notes on the technology of the passive microphone he built that was put in the wood carving of the US Seal and placed in the ambassadors office. And to think he did that work while vacationing in one of Stalin's gulags! Taking Theremin's work to the next level and using various objects in an office as passive microphones. This would cover why the Russians and the Cubans like to beam microwaves into embassies.\"\n\n\n","title":"Antennas for Surveillance ","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8826b","updated_at":"2024-06-07T03:39+0000","name":"Radio Frequency Village","id":45383},"end_timestamp":{"seconds":1660424400,"nanoseconds":0},"android_description":"\"Antennas Different types, where and when you would want one design vs another. (Short overview of my last talk for you) Why the 1/4 wave whip is a NON-FUNCTIONAL antenna on small transmitters! (needs to be much longer) SDR More comments on the design limitations of SDR's. Proper use of Low Noise AMPs and why filters are usually necessary. Short Bio on Mr Leon Theremin An extremely productive spy for the KGB. He had spent far more time in the Patent office making copies of patents than he did in the concert hall. Quick notes on the technology of the passive microphone he built that was put in the wood carving of the US Seal and placed in the ambassadors office. And to think he did that work while vacationing in one of Stalin's gulags! Taking Theremin's work to the next level and using various objects in an office as passive microphones. This would cover why the Russians and the Cubans like to beam microwaves into embassies.\"","updated_timestamp":{"seconds":1659928620,"nanoseconds":0},"speakers":[{"content_ids":[49667],"conference_id":65,"event_ids":[49855],"name":"Kent Britain WA5VJB","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49029}],"timeband_id":892,"links":[],"end":"2022-08-13T21:00:00.000-0000","id":49855,"tag_ids":[40267,45340,45373,45383,45451],"village_id":25,"begin_timestamp":{"seconds":1660420800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49029}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Eldorado Ballroom (Radio Frequency Village)","hotel":"","short_name":"Eldorado Ballroom (Radio Frequency Village)","id":45427},"updated":"2022-08-08T03:17:00.000-0000","begin":"2022-08-13T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The release of Microsoft Sysmon for Linux gives defenders new opportunities for monitoring, management and detection development on Linux Operating Systems. In this presentation, presenters will showcase open source Splunk Attack Range in order to replicate adversarial TTPs, record, analyze and develop detections based on Linux Sysmon data.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#54ab76","name":"Adversary Village","id":45377},"title":"Linux Threat Detection with Attack Range","end_timestamp":{"seconds":1660424400,"nanoseconds":0},"android_description":"The release of Microsoft Sysmon for Linux gives defenders new opportunities for monitoring, management and detection development on Linux Operating Systems. In this presentation, presenters will showcase open source Splunk Attack Range in order to replicate adversarial TTPs, record, analyze and develop detections based on Linux Sysmon data.","updated_timestamp":{"seconds":1659888960,"nanoseconds":0},"speakers":[{"content_ids":[49596],"conference_id":65,"event_ids":[49808],"name":"Teoderick Contreras","affiliations":[{"organization":"Splunk","title":"Security Researcher"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/teoderickc/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/tccontre18"}],"media":[],"id":48912,"title":"Security Researcher at Splunk"},{"content_ids":[49596],"conference_id":65,"event_ids":[49808],"name":"Rod Soto","affiliations":[{"organization":"Splunk","title":"Security Researcher"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/rod-soto/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/rodsoto"}],"media":[],"id":48915,"title":"Security Researcher at Splunk"}],"timeband_id":892,"links":[],"end":"2022-08-13T21:00:00.000-0000","id":49808,"village_id":1,"tag_ids":[40246,45332,45373,45377,45451],"begin_timestamp":{"seconds":1660420800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48915},{"tag_id":565,"sort_order":1,"person_id":48912}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"updated":"2022-08-07T16:16:00.000-0000","begin":"2022-08-13T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ada5dd","name":"Red Team Village","id":45385},"title":"How Most Internal Networks are Compromised: A Set of Common Active Directory Attacks and How to Perform Them from Linux ","android_description":"","end_timestamp":{"seconds":1660424400,"nanoseconds":0},"updated_timestamp":{"seconds":1659678900,"nanoseconds":0},"speakers":[{"content_ids":[49437],"conference_id":65,"event_ids":[49627,49628,49629,49630],"name":"Scott Brink","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/_sandw1ch"}],"media":[],"id":48828}],"timeband_id":892,"links":[],"end":"2022-08-13T21:00:00.000-0000","id":49627,"village_id":27,"tag_ids":[40269,45332,45373,45385,45451],"begin_timestamp":{"seconds":1660420800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48828}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"begin":"2022-08-13T20:00:00.000-0000","updated":"2022-08-05T05:55:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ada5dd","name":"Red Team Village","id":45385},"title":"Hacking WebApps with WebSploit Labs","end_timestamp":{"seconds":1660424400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659678780,"nanoseconds":0},"speakers":[{"content_ids":[49042,49430,49436,48895],"conference_id":65,"event_ids":[48894,49045,49594,49620,49621,49622,49623,49624,49625,49626],"name":"Omar Santos","affiliations":[{"organization":"Cisco PSIRT","title":"Principal Engineer"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/santosomar"}],"media":[],"id":48470,"title":"Principal Engineer at Cisco PSIRT"}],"timeband_id":892,"links":[],"end":"2022-08-13T21:00:00.000-0000","id":49622,"tag_ids":[40269,45332,45373,45385,45451],"village_id":27,"begin_timestamp":{"seconds":1660420800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48470}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"begin":"2022-08-13T20:00:00.000-0000","updated":"2022-08-05T05:53:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"title":"HackerOps","android_description":"","end_timestamp":{"seconds":1660424400,"nanoseconds":0},"updated_timestamp":{"seconds":1659678600,"nanoseconds":0},"speakers":[{"content_ids":[49434],"conference_id":65,"event_ids":[49606,49607,49608,49609,49610,49611,49612,49613,49614,49615,49616],"name":"Ralph May","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48825}],"timeband_id":892,"links":[],"end":"2022-08-13T21:00:00.000-0000","id":49613,"tag_ids":[40269,45332,45373,45385,45451],"begin_timestamp":{"seconds":1660420800,"nanoseconds":0},"village_id":27,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48825}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"begin":"2022-08-13T20:00:00.000-0000","updated":"2022-08-05T05:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Cyber Resilience Bootcamp","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"end_timestamp":{"seconds":1660424400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659678480,"nanoseconds":0},"speakers":[{"content_ids":[49433],"conference_id":65,"event_ids":[49599,49600,49601,49602,49603,49604,49605],"name":"Ron Taylor","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Gu5G0rman"}],"media":[],"id":48826}],"timeband_id":892,"links":[],"end":"2022-08-13T21:00:00.000-0000","id":49603,"begin_timestamp":{"seconds":1660420800,"nanoseconds":0},"tag_ids":[40269,45332,45373,45385,45451],"village_id":27,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48826}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"begin":"2022-08-13T20:00:00.000-0000","updated":"2022-08-05T05:48:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Have you ever wanted to run your own shipyard? To drive ships? Without permission? Then the Hacking Boundary tabletop role playing game is just for you. Hacking Boundary is a realistic, competitive, game of identifying and exploiting vulnerabilities in ports and ships. The game is designed to allow for you to bring your knowledge, skills, and abilities to the table and use these to compete against your peers. The game will last about 4 hours, and participants will have roles as attackers, defenders, or the mighty US government. Come for the competition, stay for the victory points, but try and not generate a lot of digital exhaust for the cops to find.\r\n\r\n- Session 1 Friday August 12: 1:00 pm to 5:00 pm PDT\r\n- Session 2 Saturday August 13: 1:00 pm to 5:00 pm PDT\r\n- Session 3 Sunday August 14: TBD\n\n\n","title":"Maritime Hacking Boundary Adventure","type":{"conference_id":65,"conference":"DEFCON30","color":"#81f8bf","updated_at":"2024-06-07T03:39+0000","name":"ICS Village","id":45369},"android_description":"Have you ever wanted to run your own shipyard? To drive ships? Without permission? Then the Hacking Boundary tabletop role playing game is just for you. Hacking Boundary is a realistic, competitive, game of identifying and exploiting vulnerabilities in ports and ships. The game is designed to allow for you to bring your knowledge, skills, and abilities to the table and use these to compete against your peers. The game will last about 4 hours, and participants will have roles as attackers, defenders, or the mighty US government. Come for the competition, stay for the victory points, but try and not generate a lot of digital exhaust for the cops to find.\r\n\r\n- Session 1 Friday August 12: 1:00 pm to 5:00 pm PDT\r\n- Session 2 Saturday August 13: 1:00 pm to 5:00 pm PDT\r\n- Session 3 Sunday August 14: TBD","end_timestamp":{"seconds":1660435200,"nanoseconds":0},"updated_timestamp":{"seconds":1659584580,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T00:00:00.000-0000","id":49521,"tag_ids":[40258,45359,45369,45373,45450],"village_id":15,"begin_timestamp":{"seconds":1660420800,"nanoseconds":0},"includes":"","people":[],"tags":"Competition","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45430,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village) - ICS Workshop Area","hotel":"","short_name":"314 ICS Workshop Area","id":45504},"begin":"2022-08-13T20:00:00.000-0000","updated":"2022-08-04T03:43:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In this competition, teams go toe to toe by placing live vishing (voice phishing) phone calls in front of the Social Engineering Community audience at DEF CON. These calls showcase the duality of ease and complexity of the craft against the various levels of preparedness and defenses by actual companies.\r\n\r\nTeams can consist of 1-3 individuals, which we hope allows for teams to utilize novel techniques to implement different Social Engineering tactics. Each team is provided limited time to place as many calls as possible from a soundproof booth. During that time, their goal is to elicit from the receiver as many objectives as possible. Whether you’re an attacker, defender, business executive, or brand new to this community, you can learn by witnessing firsthand how easy it is for some competitors to schmooze their way to their goals and how well prepared some companies are to shut down those competitors!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#504dd0","updated_at":"2024-06-07T03:39+0000","name":"Social Engineering Community Village","id":45370},"title":"Vishing Competition (SECVC) - LIVE CALLS","end_timestamp":{"seconds":1660431600,"nanoseconds":0},"android_description":"In this competition, teams go toe to toe by placing live vishing (voice phishing) phone calls in front of the Social Engineering Community audience at DEF CON. These calls showcase the duality of ease and complexity of the craft against the various levels of preparedness and defenses by actual companies.\r\n\r\nTeams can consist of 1-3 individuals, which we hope allows for teams to utilize novel techniques to implement different Social Engineering tactics. Each team is provided limited time to place as many calls as possible from a soundproof booth. During that time, their goal is to elicit from the receiver as many objectives as possible. Whether you’re an attacker, defender, business executive, or brand new to this community, you can learn by witnessing firsthand how easy it is for some competitors to schmooze their way to their goals and how well prepared some companies are to shut down those competitors!","updated_timestamp":{"seconds":1659671340,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[{"label":"Website","type":"link","url":"https://www.se.community/events/vishing-competition/"},{"label":"Twitter","type":"link","url":"https://twitter.com/sec_defcon"}],"end":"2022-08-13T23:00:00.000-0000","id":49496,"tag_ids":[40273,45359,45370,45453],"begin_timestamp":{"seconds":1660420800,"nanoseconds":0},"village_id":31,"includes":"","people":[],"tags":"Competition","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social A (Social Engineering Community)","hotel":"","short_name":"Social A (Social Engineering Community)","id":45418},"spans_timebands":"N","updated":"2022-08-05T03:49:00.000-0000","begin":"2022-08-13T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"There is an ongoing industry stigma that you cannot, or should not, penetration testing in OT environments. Looking back, it took over a decade to normalize IT penetration testing as a valuable proof of vulnerability and detectability. However, while asset owners sit back and wait, the offensive community is already full steam ahead at developing exploitation tools to use within these environments. We hope to use 2-3 OT relevant examples of what can be done and what we believe should be done within OT environments to better understand how to defend and detect within them.\n\n\n","title":"We Promise Not to Brick It... But If We Do...","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#81f8bf","name":"ICS Village","id":45369},"end_timestamp":{"seconds":1660422600,"nanoseconds":0},"android_description":"There is an ongoing industry stigma that you cannot, or should not, penetration testing in OT environments. Looking back, it took over a decade to normalize IT penetration testing as a valuable proof of vulnerability and detectability. However, while asset owners sit back and wait, the offensive community is already full steam ahead at developing exploitation tools to use within these environments. We hope to use 2-3 OT relevant examples of what can be done and what we believe should be done within OT environments to better understand how to defend and detect within them.","updated_timestamp":{"seconds":1659473460,"nanoseconds":0},"speakers":[{"content_ids":[49347],"conference_id":65,"event_ids":[49447],"name":"Marissa Costa","affiliations":[{"organization":"Dragos","title":"Industrial Penetration Tester II"}],"links":[],"pronouns":null,"media":[],"id":48762,"title":"Industrial Penetration Tester II at Dragos"},{"content_ids":[49347],"conference_id":65,"event_ids":[49447],"name":"Todd Keller","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48779}],"timeband_id":892,"links":[],"end":"2022-08-13T20:30:00.000-0000","id":49447,"tag_ids":[40258,45340,45369,45375,45450],"village_id":15,"begin_timestamp":{"seconds":1660420800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48762},{"tag_id":565,"sort_order":1,"person_id":48779}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village)","hotel":"","short_name":"314 - 319 (ICS Village)","id":45430},"begin":"2022-08-13T20:00:00.000-0000","updated":"2022-08-02T20:51:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.\n\n\n","title":"Intro to Lockpicking","type":{"conference_id":65,"conference":"DEFCON30","color":"#856899","updated_at":"2024-06-07T03:39+0000","name":"Lock Pick Village","id":45362},"android_description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.","end_timestamp":{"seconds":1660422600,"nanoseconds":0},"updated_timestamp":{"seconds":1659419820,"nanoseconds":0},"speakers":[{"content_ids":[49271],"conference_id":65,"event_ids":[49344,49345,49346,49347,49348,49349,49350,49351],"name":"TOOOL","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48697}],"timeband_id":892,"links":[],"end":"2022-08-13T20:30:00.000-0000","id":49349,"village_id":17,"tag_ids":[40259,45340,45362,45373,45450],"begin_timestamp":{"seconds":1660420800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48697}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 203-204, 235 (Lock Pick Village)","hotel":"","short_name":"203-204, 235 (Lock Pick Village)","id":45399},"updated":"2022-08-02T05:57:00.000-0000","begin":"2022-08-13T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Bring yourself and a copy of your resume to discuss your career trajectory with public and private industry leaders. Prepare your questions or sit in a mock interview as you hone your skills for a future in aerospace cybersecurity.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#f5eab2","name":"Aerospace Village","id":45357},"title":"Resumé Review and Career Guidance Session","android_description":"Bring yourself and a copy of your resume to discuss your career trajectory with public and private industry leaders. Prepare your questions or sit in a mock interview as you hone your skills for a future in aerospace cybersecurity.","end_timestamp":{"seconds":1660428000,"nanoseconds":0},"updated_timestamp":{"seconds":1659379320,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-13T22:00:00.000-0000","id":49313,"begin_timestamp":{"seconds":1660420800,"nanoseconds":0},"village_id":2,"tag_ids":[40247,45332,45357,45450],"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","begin":"2022-08-13T20:00:00.000-0000","updated":"2022-08-01T18:42:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Come take the controls of Pen Test Partners’ immersive A320 simulator. Experience the effects of tampered electronic flight bag data on take-off and landing, TCAS spoofing and more all in the safety of the sim. You’ll see how experienced pilots would deal with these incidents and mitigate risk to passengers and the airplane.\n\n\n","title":"Pen Test Partners A320 Simulator","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#f5eab2","name":"Aerospace Village","id":45357},"end_timestamp":{"seconds":1660428000,"nanoseconds":0},"android_description":"Come take the controls of Pen Test Partners’ immersive A320 simulator. Experience the effects of tampered electronic flight bag data on take-off and landing, TCAS spoofing and more all in the safety of the sim. You’ll see how experienced pilots would deal with these incidents and mitigate risk to passengers and the airplane.","updated_timestamp":{"seconds":1659379200,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-13T22:00:00.000-0000","id":49302,"tag_ids":[40247,45341,45357,45450],"begin_timestamp":{"seconds":1660420800,"nanoseconds":0},"village_id":2,"includes":"","people":[],"tags":"Village Event","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"updated":"2022-08-01T18:40:00.000-0000","begin":"2022-08-13T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"To ensure spacecraft architectures and software are built with security and resiliency, a focus on high-fidelity digital twins, purpose built for the testing need is recommended to perform research-based cyber evaluation and testing. This presentation will demonstrate how to use high fidelity digital twins for advanced cyber research. Focus will be applied on PowerPC750 environment.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#f5eab2","name":"Aerospace Village","id":45357},"title":"Hunting for Spacecraft Zero Days Using Digital Twins","end_timestamp":{"seconds":1660423800,"nanoseconds":0},"android_description":"To ensure spacecraft architectures and software are built with security and resiliency, a focus on high-fidelity digital twins, purpose built for the testing need is recommended to perform research-based cyber evaluation and testing. This presentation will demonstrate how to use high fidelity digital twins for advanced cyber research. Focus will be applied on PowerPC750 environment.","updated_timestamp":{"seconds":1659379500,"nanoseconds":0},"speakers":[{"content_ids":[49236],"conference_id":65,"event_ids":[49279],"name":"Brandon Bailey","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48674}],"timeband_id":892,"links":[],"end":"2022-08-13T20:50:00.000-0000","id":49279,"begin_timestamp":{"seconds":1660420800,"nanoseconds":0},"tag_ids":[40247,45340,45357,45450],"village_id":2,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48674}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"begin":"2022-08-13T20:00:00.000-0000","updated":"2022-08-01T18:45:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Have a FCC amateur radio license or thinking about getting one? There are some easy quick ways to get on the air, and yes all it takes is some wire, balun, and a radio (this can be a raspberry pi). I'll share a few quick examples of my own.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#ed8d99","updated_at":"2024-06-07T03:39+0000","name":"Ham Radio Village","id":45355},"title":"Getting on the air: My experiences with Ham radio QRP","android_description":"Have a FCC amateur radio license or thinking about getting one? There are some easy quick ways to get on the air, and yes all it takes is some wire, balun, and a radio (this can be a raspberry pi). I'll share a few quick examples of my own.","end_timestamp":{"seconds":1660422600,"nanoseconds":0},"updated_timestamp":{"seconds":1659309000,"nanoseconds":0},"speakers":[{"content_ids":[49215],"conference_id":65,"event_ids":[49256],"name":"Jeremy Hong","affiliations":[],"pronouns":null,"links":[{"description":"","title":"link","sort_order":0,"url":"https://www.qrz.com/db/KD8TUO"}],"media":[],"id":48667}],"timeband_id":892,"links":[],"end":"2022-08-13T20:30:00.000-0000","id":49256,"village_id":13,"tag_ids":[40256,45340,45355,45451],"begin_timestamp":{"seconds":1660420800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48667}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City II (Ham Radio Village Activities)","hotel":"","short_name":"Virginia City II (Ham Radio Village Activities)","id":45489},"spans_timebands":"N","begin":"2022-08-13T20:00:00.000-0000","updated":"2022-07-31T23:10:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#a68c60","updated_at":"2024-06-07T03:39+0000","name":"Vendor Event","id":45354},"title":"No Starch Press - Book Signing - Joe Gray, Practical Social Engineering","end_timestamp":{"seconds":1660420800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659306420,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-13T20:00:00.000-0000","id":49251,"begin_timestamp":{"seconds":1660420800,"nanoseconds":0},"village_id":null,"tag_ids":[45354,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 130-132, 134 (Vendors)","hotel":"","short_name":"130-132, 134 (Vendors)","id":45448},"begin":"2022-08-13T20:00:00.000-0000","updated":"2022-07-31T22:27:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"State of the Model","type":{"conference_id":65,"conference":"DEFCON30","color":"#8dc784","updated_at":"2024-06-07T03:39+0000","name":"BIC Village","id":45353},"android_description":"","end_timestamp":{"seconds":1660424400,"nanoseconds":0},"updated_timestamp":{"seconds":1659305280,"nanoseconds":0},"speakers":[{"content_ids":[49194,49202],"conference_id":65,"event_ids":[49235,49243],"name":"GACWR Team ","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48655},{"content_ids":[49194,49202],"conference_id":65,"event_ids":[49235,49243],"name":"Jovonni Pharr","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48656}],"timeband_id":892,"links":[],"end":"2022-08-13T21:00:00.000-0000","id":49243,"tag_ids":[40249,45348,45353,45374],"begin_timestamp":{"seconds":1660420800,"nanoseconds":0},"village_id":6,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48655},{"tag_id":565,"sort_order":1,"person_id":48656}],"tags":"Pre-Recorded Content","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - BIC Village","hotel":"","short_name":"BIC Village","id":45488},"updated":"2022-07-31T22:08:00.000-0000","begin":"2022-08-13T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Wordle is a popular web-based game, where a single player has to guess a five-letter word in six attempts, with yellow/green colored titles shown as hints in each round, indicating letters that match with the secret word.\r\n\r\nWe’ve created an open source clone of Wordle called Cryptle, with the goal of demonstrating data encryption in use, where the processing of the data is done in a Trusted Execution Environment (TEE), and only accessible to the Cryptle application.\r\n\r\nCryptle is similar to Wordle but one important difference is that it is multi-party and the secret words are suggested by the players themselves. Each player proposes words that are most likely to match those sent by others. The words are sent to the Cryptle application deployed and running in an Enarx Keep (a specific TEE instance) and are only revealed to the players when there’s a match between the secret words.\r\n\r\nThe standard way to engage with the game is for players to guess the secret words by playing Cryptle from the client side. However, we will also be allowing an alternative: players may write an open source application which runs with root privileges on the host side and attempts to derive or otherwise guess the secret words. Since Cryptle makes use of Confidential Computing, players shouldn't be able to read what's in memory, even with root access.\r\n\r\nWe'll provide an overview of an exploit of Enarx and we'll explain how we were able to fix it. Attendees will be invited to find new vulnerabilities as part of the Cryptle Hack Challenge.\r\n\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ff88ea","name":"Crypto & Privacy Village","id":45347},"title":"Cryptle: a secure multi-party Wordle clone with Enarx","end_timestamp":{"seconds":1660423500,"nanoseconds":0},"android_description":"Wordle is a popular web-based game, where a single player has to guess a five-letter word in six attempts, with yellow/green colored titles shown as hints in each round, indicating letters that match with the secret word.\r\n\r\nWe’ve created an open source clone of Wordle called Cryptle, with the goal of demonstrating data encryption in use, where the processing of the data is done in a Trusted Execution Environment (TEE), and only accessible to the Cryptle application.\r\n\r\nCryptle is similar to Wordle but one important difference is that it is multi-party and the secret words are suggested by the players themselves. Each player proposes words that are most likely to match those sent by others. The words are sent to the Cryptle application deployed and running in an Enarx Keep (a specific TEE instance) and are only revealed to the players when there’s a match between the secret words.\r\n\r\nThe standard way to engage with the game is for players to guess the secret words by playing Cryptle from the client side. However, we will also be allowing an alternative: players may write an open source application which runs with root privileges on the host side and attempts to derive or otherwise guess the secret words. Since Cryptle makes use of Confidential Computing, players shouldn't be able to read what's in memory, even with root access.\r\n\r\nWe'll provide an overview of an exploit of Enarx and we'll explain how we were able to fix it. Attendees will be invited to find new vulnerabilities as part of the Cryptle Hack Challenge.","updated_timestamp":{"seconds":1659213840,"nanoseconds":0},"speakers":[{"content_ids":[49148,49153],"conference_id":65,"event_ids":[49184,49189],"name":"Nick Vidal","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48605},{"content_ids":[49148,49153],"conference_id":65,"event_ids":[49184,49189],"name":"Richard Zak","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48610},{"content_ids":[49153],"conference_id":65,"event_ids":[49189],"name":"Tom Dohrmann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48614}],"timeband_id":892,"links":[],"end":"2022-08-13T20:45:00.000-0000","id":49189,"tag_ids":[40253,45347,45451],"village_id":10,"begin_timestamp":{"seconds":1660420800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48605},{"tag_id":565,"sort_order":1,"person_id":48610},{"tag_id":565,"sort_order":1,"person_id":48614}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"begin":"2022-08-13T20:00:00.000-0000","updated":"2022-07-30T20:44:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Bring a robo sumo and compete. Details at - https://dchhv.org/events/robosumo.html\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#dc99bf","updated_at":"2024-06-07T03:39+0000","name":"Hardware Hacking Village","id":45338},"title":"RoboSumo","android_description":"Bring a robo sumo and compete. Details at - https://dchhv.org/events/robosumo.html","end_timestamp":{"seconds":1660423500,"nanoseconds":0},"updated_timestamp":{"seconds":1659142380,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[{"label":"Details","type":"link","url":"https://dchhv.org/events/robosumo.html"}],"end":"2022-08-13T20:45:00.000-0000","id":49135,"tag_ids":[40257,45338,45341,45373,45451],"begin_timestamp":{"seconds":1660420800,"nanoseconds":0},"village_id":14,"includes":"","people":[],"tags":"Village Event","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45440,"name":"Flamingo - Exec Conf Ctr - Red Rock VI, VII, VII (Hardware Hacking Village)","hotel":"","short_name":"Red Rock VI, VII, VII (Hardware Hacking Village)","id":45422},"begin":"2022-08-13T20:00:00.000-0000","updated":"2022-07-30T00:53:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Infestations of bots on social network platforms is nothing new, but the sophistication of these bots have transformed dramatically in the past few years. In the recent past, it was fairly easy for any sensible person to recognize if they were talking to a bot. But that is rapidly changing as Artificial Intelligence (AI) solutions become more advanced and more accessible. During this presentation, the speaker will explore the increasing use of AI for automated social engineering within the context of social networks, and will show how AI chat bots can be leveraged to conduct phishing attacks, compromise credentials, or distribute malware. By using emerging technologies (to include Generative Adversarial Networks for generating non-searchable profile images, and deep-learning natural language processing models for simulating human intelligence), these bots can be used to consistently fool even the most vigilant of users.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#7692ac","updated_at":"2024-06-07T03:39+0000","name":"AI Village","id":45330},"title":"CatPhish Automation - The Emerging Use of Artificial Intelligence in Social Engineering","end_timestamp":{"seconds":1660423800,"nanoseconds":0},"android_description":"Infestations of bots on social network platforms is nothing new, but the sophistication of these bots have transformed dramatically in the past few years. In the recent past, it was fairly easy for any sensible person to recognize if they were talking to a bot. But that is rapidly changing as Artificial Intelligence (AI) solutions become more advanced and more accessible. During this presentation, the speaker will explore the increasing use of AI for automated social engineering within the context of social networks, and will show how AI chat bots can be leveraged to conduct phishing attacks, compromise credentials, or distribute malware. By using emerging technologies (to include Generative Adversarial Networks for generating non-searchable profile images, and deep-learning natural language processing models for simulating human intelligence), these bots can be used to consistently fool even the most vigilant of users.","updated_timestamp":{"seconds":1659292860,"nanoseconds":0},"speakers":[{"content_ids":[49041],"conference_id":65,"event_ids":[49044],"name":"Justin Hutchens ","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48467}],"timeband_id":892,"links":[],"end":"2022-08-13T20:50:00.000-0000","id":49044,"village_id":3,"tag_ids":[40248,45330,45450],"begin_timestamp":{"seconds":1660420800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48467}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (AI Village)","hotel":"","short_name":"220->236 (AI Village)","id":45410},"spans_timebands":"N","updated":"2022-07-31T18:41:00.000-0000","begin":"2022-08-13T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"\"\"\"The introduction of an SBOM in the 2018 FDA premarket cybersecurity guidance, and inclusion in update 2022 quality system considerations guidance, has become a rallying cry for SBOM adoption across the healthcare industry. However, three years on and progress has been incremental in generation, adoption, distribution and consumption. The end objective is knowing when a vulnerability impacts an ecosystem.\r\n\r\nThis talk shares some observations, practical / technical insights into challenges, and paints a picture of the potential future we could have.\"\"\"\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#a67a60","updated_at":"2024-06-07T03:39+0000","name":"Biohacking Village","id":45329},"title":"Out of the Abyss: Surviving Vulnerability Management","android_description":"\"\"\"The introduction of an SBOM in the 2018 FDA premarket cybersecurity guidance, and inclusion in update 2022 quality system considerations guidance, has become a rallying cry for SBOM adoption across the healthcare industry. However, three years on and progress has been incremental in generation, adoption, distribution and consumption. The end objective is knowing when a vulnerability impacts an ecosystem.\r\n\r\nThis talk shares some observations, practical / technical insights into challenges, and paints a picture of the potential future we could have.\"\"\"","end_timestamp":{"seconds":1660422600,"nanoseconds":0},"updated_timestamp":{"seconds":1659108420,"nanoseconds":0},"speakers":[{"content_ids":[49022],"conference_id":65,"event_ids":[49025],"name":"Leo Nendza","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48449},{"content_ids":[49022],"conference_id":65,"event_ids":[49025],"name":"Mike Kijewski","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/mikekijewski"}],"media":[],"id":48450}],"timeband_id":892,"links":[],"end":"2022-08-13T20:30:00.000-0000","id":49025,"begin_timestamp":{"seconds":1660420800,"nanoseconds":0},"tag_ids":[40277,45329,45373,45451],"village_id":5,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48449},{"tag_id":565,"sort_order":1,"person_id":48450}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Laughlin I,II,III (Biohacking Village)","hotel":"","short_name":"Laughlin I,II,III (Biohacking Village)","id":45405},"updated":"2022-07-29T15:27:00.000-0000","begin":"2022-08-13T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Obsidian CTH Live: Killchain 3 Walkthrough\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nObsidian CTH Live: Killchain 3 Walkthrough\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","title":"Obsidian CTH Live: Killchain 3 Walkthrough","type":{"conference_id":65,"conference":"DEFCON30","color":"#97ab92","updated_at":"2024-06-07T03:39+0000","name":"Blue Team Village","id":45376},"end_timestamp":{"seconds":1660424400,"nanoseconds":0},"android_description":"Obsidian CTH Live: Killchain 3 Walkthrough\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nObsidian CTH Live: Killchain 3 Walkthrough\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-13T21:00:00.000-0000","id":48941,"tag_ids":[40250,45365,45373,45376,45451],"begin_timestamp":{"seconds":1660420800,"nanoseconds":0},"village_id":7,"includes":"","people":[],"tags":"Walkthrough Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Main Stage (In-person)","hotel":"","short_name":"BTV Main Stage (In-person)","id":45470},"spans_timebands":"N","begin":"2022-08-13T20:00:00.000-0000","updated":"2022-07-28T21:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The DFIR Report Homecoming Parade will not discuss normal (BAU) CTI actions, such as searching the logs for hits on the IOCs or entering the IOCs into a Threat Intelligence Platform (TIP) or other alerting platform. Instead, the participants will focus on pivoting, TTPs, and how they would take the contents in the various DFIR Reports to the NEXT LEVEL! When the Panelists respond to the DFIR Reports, they are operating under the assumption that they performed the preliminary analysis and deemed the threat report relevant to their environment. The purpose of this assumption is to decrease the amount of debate on whether or not something is relevant to get to the part of the analysis that involves extracting actionable takeaways.\n\n\nFollow along as we take the DEF CON Hacker Homecoming theme to the next level with a DFIR Report Homecoming Parade. The panel will provide additional context to various DFIR Reports released in the past year. Pick up some tips and tricks to up your game!","title":"The DFIR Report Homecoming Parade Panel","type":{"conference_id":65,"conference":"DEFCON30","color":"#97ab92","updated_at":"2024-06-07T03:39+0000","name":"Blue Team Village","id":45376},"end_timestamp":{"seconds":1660424400,"nanoseconds":0},"android_description":"The DFIR Report Homecoming Parade will not discuss normal (BAU) CTI actions, such as searching the logs for hits on the IOCs or entering the IOCs into a Threat Intelligence Platform (TIP) or other alerting platform. Instead, the participants will focus on pivoting, TTPs, and how they would take the contents in the various DFIR Reports to the NEXT LEVEL! When the Panelists respond to the DFIR Reports, they are operating under the assumption that they performed the preliminary analysis and deemed the threat report relevant to their environment. The purpose of this assumption is to decrease the amount of debate on whether or not something is relevant to get to the part of the analysis that involves extracting actionable takeaways.\n\n\nFollow along as we take the DEF CON Hacker Homecoming theme to the next level with a DFIR Report Homecoming Parade. The panel will provide additional context to various DFIR Reports released in the past year. Pick up some tips and tricks to up your game!","updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48926],"conference_id":65,"event_ids":[48927],"name":"ICSNick - Nicklas Keijser","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48330},{"content_ids":[48926],"conference_id":65,"event_ids":[48927],"name":"nas_bench - Nasreddine Bencherchali","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48335},{"content_ids":[48926],"conference_id":65,"event_ids":[48927],"name":"Ch33r10","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48340},{"content_ids":[48926],"conference_id":65,"event_ids":[48927],"name":"Kostas","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48367},{"content_ids":[48926],"conference_id":65,"event_ids":[48927],"name":"Justin Elze","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48371},{"content_ids":[48901,48926,49574],"conference_id":65,"event_ids":[48904,48927,49786],"name":"Jamie Williams","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jamieantisocial"}],"media":[],"id":48379}],"timeband_id":892,"links":[],"end":"2022-08-13T21:00:00.000-0000","id":48927,"tag_ids":[40250,45365,45373,45376,45451],"village_id":7,"begin_timestamp":{"seconds":1660420800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48340},{"tag_id":565,"sort_order":1,"person_id":48330},{"tag_id":565,"sort_order":1,"person_id":48379},{"tag_id":565,"sort_order":1,"person_id":48371},{"tag_id":565,"sort_order":1,"person_id":48367},{"tag_id":565,"sort_order":1,"person_id":48335}],"tags":"Walkthrough Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45475,"name":"Virtual - BlueTeam Village - Talks","hotel":"","short_name":"Talks","id":45473},"spans_timebands":"N","updated":"2022-07-28T21:38:00.000-0000","begin":"2022-08-13T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"*Insert eye catching and compelling abstract on IR final reporting here. Make it seem exciting and not at all a dreaded yet critical part of incident handling.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\n*Insert eye catching and compelling abstract on IR final reporting here. Make it seem exciting and not at all a dreaded yet critical part of incident handling.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","title":"Obsidian: IR - Final Reporting Made Exciting*","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#97ab92","name":"Blue Team Village","id":45376},"android_description":"*Insert eye catching and compelling abstract on IR final reporting here. Make it seem exciting and not at all a dreaded yet critical part of incident handling.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\n*Insert eye catching and compelling abstract on IR final reporting here. Make it seem exciting and not at all a dreaded yet critical part of incident handling.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","end_timestamp":{"seconds":1660424400,"nanoseconds":0},"updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48918,48928,48915],"conference_id":65,"event_ids":[48917,48919,48929],"name":"aviditas","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48370},{"content_ids":[48928,48925,48915],"conference_id":65,"event_ids":[48917,48926,48929],"name":"CountZ3r0","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48384}],"timeband_id":892,"links":[],"end":"2022-08-13T21:00:00.000-0000","id":48917,"begin_timestamp":{"seconds":1660420800,"nanoseconds":0},"tag_ids":[40250,45332,45373,45376,45451],"village_id":7,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48384},{"tag_id":565,"sort_order":1,"person_id":48370}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person)","hotel":"","short_name":"BTV Project Obsidian: Track 0x41 (In-person)","id":45471},"updated":"2022-07-28T21:38:00.000-0000","begin":"2022-08-13T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Coming soon\n\n\nComing soon","type":{"conference_id":65,"conference":"DEFCON30","color":"#97ab92","updated_at":"2024-06-07T03:39+0000","name":"Blue Team Village","id":45376},"title":"Obsidian REM: Phishing In The Morning: An Abundance of Samples!","android_description":"Coming soon\n\n\nComing soon","end_timestamp":{"seconds":1660424400,"nanoseconds":0},"updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48930,48900],"conference_id":65,"event_ids":[48903,48931],"name":"Alison N","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48366}],"timeband_id":892,"links":[],"end":"2022-08-13T21:00:00.000-0000","id":48903,"begin_timestamp":{"seconds":1660420800,"nanoseconds":0},"village_id":7,"tag_ids":[40250,45340,45348,45374,45376],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48366}],"tags":"Pre-Recorded Content, Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person)","hotel":"","short_name":"BTV Project Obsidian: Track 0x42 (In-person)","id":45472},"spans_timebands":"N","begin":"2022-08-13T20:00:00.000-0000","updated":"2022-07-28T21:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"MS-RPC is Microsoft's implementation of the Remote Procedure Calls protocol. Even though the protocol is extremely widespread, and serves as the basis for nearly all Windows services on both managed and unmanaged networks, little has been published about MS-RPC, its attack surface and design flaws.\n\nIn this talk, we will walkthrough and demonstrate a 0-day RCE vulnerability which we discovered through our research of MS-RPC. When exploited, this vulnerability allows an attacker to execute code remotely and potentially take over the Domain Controller. We believe this vulnerability may belong to a somewhat novel bug-class which is unique to RPC server implementations, and would like to share this idea as a possible research direction with the audience.\n\nTo aid future research into the topic of MS-RPC, we will share a deep, technical overview of the RPC system in Windows, explain why we decided to target it, and point out several design flaws. We will also outline the methodology we developed around RPC as a research target along with some tools we built to facilitate the bug-hunting process.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"title":"Exploring Ancient Ruins to Find Modern Bugs: Discovering a 0-Day in an MS-RPC Service","android_description":"MS-RPC is Microsoft's implementation of the Remote Procedure Calls protocol. Even though the protocol is extremely widespread, and serves as the basis for nearly all Windows services on both managed and unmanaged networks, little has been published about MS-RPC, its attack surface and design flaws.\n\nIn this talk, we will walkthrough and demonstrate a 0-day RCE vulnerability which we discovered through our research of MS-RPC. When exploited, this vulnerability allows an attacker to execute code remotely and potentially take over the Domain Controller. We believe this vulnerability may belong to a somewhat novel bug-class which is unique to RPC server implementations, and would like to share this idea as a possible research direction with the audience.\n\nTo aid future research into the topic of MS-RPC, we will share a deep, technical overview of the RPC system in Windows, explain why we decided to target it, and point out several design flaws. We will also outline the methodology we developed around RPC as a research target along with some tools we built to facilitate the bug-hunting process.","end_timestamp":{"seconds":1660423500,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48553],"conference_id":65,"event_ids":[48561],"name":"Ophir Harpaz","affiliations":[{"organization":"","title":"Senior Security Research Team Lead, Akamai"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/OphirHarpaz"}],"media":[],"id":47832,"title":"Senior Security Research Team Lead, Akamai"},{"content_ids":[48553],"conference_id":65,"event_ids":[48561],"name":"Ben Barnea","affiliations":[{"organization":"","title":"Senior Security Researcher, Akamai"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/nachoskrnl"}],"media":[],"id":47920,"title":"Senior Security Researcher, Akamai"}],"timeband_id":892,"end":"2022-08-13T20:45:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241930"}],"id":48561,"tag_ids":[45241,45279,45280,45281,45375,45450],"begin_timestamp":{"seconds":1660420800,"nanoseconds":0},"village_id":null,"includes":"Demo, Exploit, Tool","people":[{"tag_id":565,"sort_order":1,"person_id":47920},{"tag_id":565,"sort_order":1,"person_id":47832}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 401-410, 421 (Track 3)","hotel":"","short_name":"401-410, 421 (Track 3)","id":45374},"spans_timebands":"N","begin":"2022-08-13T20:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Learn how we used our Pico Ducky to escape Chromebook jail, rescue our friends along the way, and have some fun Living Off the Land! Leveraging a discovered (but previously disclosed) Command Injection vulnerability in the ChromeOS crosh shell, we rabbithole into the internal ChromeOS Linux system, obtain persistence across reboots, and exfiltrate user data even before Developer Mode has been enabled. Learn how to provision and utilize local services in order to perform Privilege Escalations, and also create a 'Master Key' with the Pico Ducky and custom GTFO 1-liners, in order to perform a full Chromebook Breakout!\n\n\n","title":"Chromebook Breakout: Escaping Jail, with your friends, using a Pico Ducky","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"android_description":"Learn how we used our Pico Ducky to escape Chromebook jail, rescue our friends along the way, and have some fun Living Off the Land! Leveraging a discovered (but previously disclosed) Command Injection vulnerability in the ChromeOS crosh shell, we rabbithole into the internal ChromeOS Linux system, obtain persistence across reboots, and exfiltrate user data even before Developer Mode has been enabled. Learn how to provision and utilize local services in order to perform Privilege Escalations, and also create a 'Master Key' with the Pico Ducky and custom GTFO 1-liners, in order to perform a full Chromebook Breakout!","end_timestamp":{"seconds":1660423500,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48552],"conference_id":65,"event_ids":[48514],"name":"Jimi Allee","affiliations":[{"organization":"","title":"CEO @ Lost Rabbit Labs"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jimi2x303"}],"media":[],"id":47867,"title":"CEO @ Lost Rabbit Labs"}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241992"}],"end":"2022-08-13T20:45:00.000-0000","id":48514,"tag_ids":[45241,45279,45375,45450],"begin_timestamp":{"seconds":1660420800,"nanoseconds":0},"village_id":null,"includes":"Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47867}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 104-105, 135-136 (Track 1)","hotel":"","short_name":"104-105, 135-136 (Track 1)","id":45372},"spans_timebands":"N","begin":"2022-08-13T20:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In today's world, where temporary mail services are used a lot, our project is to monitor these temporary mail services according to the given configuration and to find useful gems.\r\n\r\nWe wrote a command and control python tool for this research. This Tool is hosted on our private server on amazon. So what does this tool do? This tool constantly scans the most used temporary mail services (yopmail, tempr.email, dispostable, guerrila, maildrop) today and indexes the mails falling there according to the words we specify, and keeps us informed via telegram with the telegram API integrated into the tool. This tool has been running on our server for about 1 year and has stored and continues to store more than 1 million mails. In our research, we observed these e-mails, what kind of e-mails are sent in these services and what use these e-mails can be for a hacker. In our research, we were able to take over the accounts containing money from these mail services. In our ongoing research, we have identified information such as confidential personal information, account reset emails, hundreds of game accounts, bitcoin wallet information. We will show them in our presentation, some of which will be censored.\r\n\r\nIn addition, we will release the tool on github after the presentation. this tool\r\ncontains a config. It constantly crawls and monitors the mails in the URLs given in this config file and can save it if you want. It makes the e-mails it will record according to the keywords in the config file that you can configure. Therefore, I can say that this tool is very effective.\r\n\r\nFor example, I installed this tool and entered words such as ebay, password reset, bitcoin, OTP into the related words. This tool saves or tells you when e-mails containing these words come to the relevant e-mail services instantly. In addition, this tool has telegram API integration. In this way, when the relevant e-mails are received instantly, you can receive information via telegram.\r\n\r\nWe have included all of these in our research. In addition, while presenting our project, we will perform a live proof of concept and see what valuable things we can gain during the presentation.\r\n\r\nIn the bonus part, we will show the redteam activities that we noticed while examining these mail services. This place can be very interesting 🙂\n\n\n","title":"Finding Hidden Gems In Temporary Mail Services","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#bab7d9","name":"Recon Village","id":45384},"android_description":"In today's world, where temporary mail services are used a lot, our project is to monitor these temporary mail services according to the given configuration and to find useful gems.\r\n\r\nWe wrote a command and control python tool for this research. This Tool is hosted on our private server on amazon. So what does this tool do? This tool constantly scans the most used temporary mail services (yopmail, tempr.email, dispostable, guerrila, maildrop) today and indexes the mails falling there according to the words we specify, and keeps us informed via telegram with the telegram API integrated into the tool. This tool has been running on our server for about 1 year and has stored and continues to store more than 1 million mails. In our research, we observed these e-mails, what kind of e-mails are sent in these services and what use these e-mails can be for a hacker. In our research, we were able to take over the accounts containing money from these mail services. In our ongoing research, we have identified information such as confidential personal information, account reset emails, hundreds of game accounts, bitcoin wallet information. We will show them in our presentation, some of which will be censored.\r\n\r\nIn addition, we will release the tool on github after the presentation. this tool\r\ncontains a config. It constantly crawls and monitors the mails in the URLs given in this config file and can save it if you want. It makes the e-mails it will record according to the keywords in the config file that you can configure. Therefore, I can say that this tool is very effective.\r\n\r\nFor example, I installed this tool and entered words such as ebay, password reset, bitcoin, OTP into the related words. This tool saves or tells you when e-mails containing these words come to the relevant e-mail services instantly. In addition, this tool has telegram API integration. In this way, when the relevant e-mails are received instantly, you can receive information via telegram.\r\n\r\nWe have included all of these in our research. In addition, while presenting our project, we will perform a live proof of concept and see what valuable things we can gain during the presentation.\r\n\r\nIn the bonus part, we will show the redteam activities that we noticed while examining these mail services. This place can be very interesting 🙂","end_timestamp":{"seconds":1660422600,"nanoseconds":0},"updated_timestamp":{"seconds":1659974820,"nanoseconds":0},"speakers":[{"content_ids":[49728],"conference_id":65,"event_ids":[49918],"name":"Berk Can Geyikçi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49061}],"timeband_id":892,"links":[],"end":"2022-08-13T20:30:00.000-0000","id":49918,"tag_ids":[40268,45279,45340,45373,45384,45453],"begin_timestamp":{"seconds":1660420500,"nanoseconds":0},"village_id":26,"includes":"Demo","people":[{"tag_id":565,"sort_order":1,"person_id":49061}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social B and C (Recon Village)","hotel":"","short_name":"Social B and C (Recon Village)","id":45415},"updated":"2022-08-08T16:07:00.000-0000","begin":"2022-08-13T19:55:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Voter targeting firms use “microtargeting” to help campaigns target individual voters to get them to go vote (or stay home and not vote). Data brokers buy your location data from scummy apps and resell it in bulk, claiming the data is anonymized. Now, location data brokers are giving these voter targeting firms unfettered access to the non-anonymized location data of hundreds of millions of voters to further this chicanery.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#a8c24b","name":"Skytalk","id":45291},"title":"Voter Targeting, Location Data, and You","android_description":"Voter targeting firms use “microtargeting” to help campaigns target individual voters to get them to go vote (or stay home and not vote). Data brokers buy your location data from scummy apps and resell it in bulk, claiming the data is anonymized. Now, location data brokers are giving these voter targeting firms unfettered access to the non-anonymized location data of hundreds of millions of voters to further this chicanery.","end_timestamp":{"seconds":1660422900,"nanoseconds":0},"updated_timestamp":{"seconds":1658865540,"nanoseconds":0},"speakers":[{"content_ids":[48717],"conference_id":65,"event_ids":[48724],"name":"l0ngrange","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/l0ngrange"}],"pronouns":null,"media":[],"id":48003}],"timeband_id":892,"links":[],"end":"2022-08-13T20:35:00.000-0000","id":48724,"tag_ids":[40272,45291,45340,45373,45453],"begin_timestamp":{"seconds":1660419900,"nanoseconds":0},"village_id":30,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48003}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45438,"name":"LINQ - BLOQ (SkyTalks 303)","hotel":"","short_name":"BLOQ (SkyTalks 303)","id":45413},"updated":"2022-07-26T19:59:00.000-0000","begin":"2022-08-13T19:45:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Google Colab is an excellent, cloud-hosted Jupyter Notebook service that allows researchers to collaborate on machine learning, data analysis, and other projects while providing a GPU, all for free! But is anything REALLY free? This presentation will demonstrate how a malicious actor might abuse this fantastic service to\r\nsteal your precious Google Drive data.\r\n\r\nAttendees of this talk need not have any prior knowledge of Google Colab but should have a basic understanding of getting shells. I will demonstrate backdooring a victim's Colab account and exfiltrating data using tools such as Ngrok. You will leave this talk with an understanding of a whole new attack vector and a desire to research more ways Colab might be abused.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#74a6bb","name":"DEF CON Groups VR","id":45449},"title":"Careful Who You Colab With: Abusing Google Colaboratory","android_description":"Google Colab is an excellent, cloud-hosted Jupyter Notebook service that allows researchers to collaborate on machine learning, data analysis, and other projects while providing a GPU, all for free! But is anything REALLY free? This presentation will demonstrate how a malicious actor might abuse this fantastic service to\r\nsteal your precious Google Drive data.\r\n\r\nAttendees of this talk need not have any prior knowledge of Google Colab but should have a basic understanding of getting shells. I will demonstrate backdooring a victim's Colab account and exfiltrating data using tools such as Ngrok. You will leave this talk with an understanding of a whole new attack vector and a desire to research more ways Colab might be abused.","end_timestamp":{"seconds":1660420800,"nanoseconds":0},"updated_timestamp":{"seconds":1660257420,"nanoseconds":0},"speakers":[{"content_ids":[49758],"conference_id":65,"event_ids":[49956],"name":"Antonio Piazza","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/antman1p"}],"pronouns":null,"media":[],"id":49096}],"timeband_id":892,"end":"2022-08-13T20:00:00.000-0000","links":[{"label":"URL","type":"link","url":"https://account.altvr.com/events/2059997537997160822"}],"id":49956,"tag_ids":[45374,45449],"begin_timestamp":{"seconds":1660419000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49096}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - DEF CON Groups VR","hotel":"","short_name":"DEF CON Groups VR","id":45523},"spans_timebands":"N","begin":"2022-08-13T19:30:00.000-0000","updated":"2022-08-11T22:37:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In recent years the offensive infosec community has shifted from Powershell tooling to C#. Other less popular lanuages like Nim, Rust, F#, Boolang have also been leveraged to create custom tooling. Modern endpoint defenses are deploying kernel callbacks, userland hooking and ML models to help identify threats. Security-by-default configuration is also becoming the new mantra that will hopefully challenge attackers and narrow down their avenues for action. Furthermore, very popular offensive commercial tools are under increased scrutiny by security vendors, so there's the need to have alternative capabilities and tools at hand. For these reasons, it is crucial for pentesters to know the full potential of a language as a foundational stone for tooling and evasion capabilities that can be brought to the game. In this context of improving security, Python language has something more to say. During the talk will be presented several techniques that can be leveraged using a Python implant to bypass modern defenses by:\r\n\r\n1. Importing python modules dynamically and in memory to bring the vast amount of offensive tooling straight into the interpreter or the implant. Impacket tools and bloodhound-python will be imported and ran entirely from memory.\r\n\r\n2. Executing Cobalt Strikes’s Beacon Object Files (BOF) through the Python implant and use them to stealthily dump lsass process memory. BOFs are first converted into shellcode before execution (ref. https://www.naksyn.com/injection/2022/02/16/running-cobalt-strike-bofs-from-python.html ).\r\n\r\n3. Decoupling C2 communications to reduce implant network fingerprint.\r\n\r\n4. Using Python bundle that comes with a signed interpreter that can be dropped to a machine with low probability of alerting because of Python's wide adoption. The tool used to leverage the afore-mentioned capabilities is named Pyramid and will be published during the talk. Common post exploitation activities have been performed using Pyramid on endpoints equipped with top-tier EDRs, leveraging BOFs and in-memory loaded modules. Results showed that Python is still a viable language for evasion and post-exploitation tasks. Running scripts in memory through a signed interpreter binary can increase the probability of getting a non-malicious verdict by Machine Learning models. Furthermore, modern defenses lack extensive visibility and native prevention capabilities because currently there is no AMSI for Python where security vendors can tap into. Python provides “audit hooks” (ref. https://peps.python.org/pep-0578/ ) that can make Python runtime actions visible to auditing tools. However, audit hooks are not enabled by default in Python official bundle since they will downgrade performance. All things considered, Python might currently represent a blindspot for modern defenses and this could be true for the foreseeable future unless a new surge in popularity as an offensive tooling language will make security vendors put more efforts into malicious Python detection, just like it happened for Powershell or C#.\n\n\n","title":"Python vs Modern Defenses","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#54ab76","name":"Adversary Village","id":45377},"android_description":"In recent years the offensive infosec community has shifted from Powershell tooling to C#. Other less popular lanuages like Nim, Rust, F#, Boolang have also been leveraged to create custom tooling. Modern endpoint defenses are deploying kernel callbacks, userland hooking and ML models to help identify threats. Security-by-default configuration is also becoming the new mantra that will hopefully challenge attackers and narrow down their avenues for action. Furthermore, very popular offensive commercial tools are under increased scrutiny by security vendors, so there's the need to have alternative capabilities and tools at hand. For these reasons, it is crucial for pentesters to know the full potential of a language as a foundational stone for tooling and evasion capabilities that can be brought to the game. In this context of improving security, Python language has something more to say. During the talk will be presented several techniques that can be leveraged using a Python implant to bypass modern defenses by:\r\n\r\n1. Importing python modules dynamically and in memory to bring the vast amount of offensive tooling straight into the interpreter or the implant. Impacket tools and bloodhound-python will be imported and ran entirely from memory.\r\n\r\n2. Executing Cobalt Strikes’s Beacon Object Files (BOF) through the Python implant and use them to stealthily dump lsass process memory. BOFs are first converted into shellcode before execution (ref. https://www.naksyn.com/injection/2022/02/16/running-cobalt-strike-bofs-from-python.html ).\r\n\r\n3. Decoupling C2 communications to reduce implant network fingerprint.\r\n\r\n4. Using Python bundle that comes with a signed interpreter that can be dropped to a machine with low probability of alerting because of Python's wide adoption. The tool used to leverage the afore-mentioned capabilities is named Pyramid and will be published during the talk. Common post exploitation activities have been performed using Pyramid on endpoints equipped with top-tier EDRs, leveraging BOFs and in-memory loaded modules. Results showed that Python is still a viable language for evasion and post-exploitation tasks. Running scripts in memory through a signed interpreter binary can increase the probability of getting a non-malicious verdict by Machine Learning models. Furthermore, modern defenses lack extensive visibility and native prevention capabilities because currently there is no AMSI for Python where security vendors can tap into. Python provides “audit hooks” (ref. https://peps.python.org/pep-0578/ ) that can make Python runtime actions visible to auditing tools. However, audit hooks are not enabled by default in Python official bundle since they will downgrade performance. All things considered, Python might currently represent a blindspot for modern defenses and this could be true for the foreseeable future unless a new surge in popularity as an offensive tooling language will make security vendors put more efforts into malicious Python detection, just like it happened for Powershell or C#.","end_timestamp":{"seconds":1660420800,"nanoseconds":0},"updated_timestamp":{"seconds":1659888660,"nanoseconds":0},"speakers":[{"content_ids":[49585],"conference_id":65,"event_ids":[49797],"name":"Diego Capriotti","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/diego-capriotti-a088281b1/"}],"pronouns":null,"media":[],"id":48931}],"timeband_id":892,"links":[],"end":"2022-08-13T20:00:00.000-0000","id":49797,"village_id":1,"begin_timestamp":{"seconds":1660419000,"nanoseconds":0},"tag_ids":[40246,45340,45373,45377,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48931}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"spans_timebands":"N","updated":"2022-08-07T16:11:00.000-0000","begin":"2022-08-13T19:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"\"I demonstrate how to defeat a biometric padlock via USB with a laptop, or with your bare hands, or even with a Defcon badge.\r\n\r\nWhile flipping through products a biometric lock caught my attention. It mentioned a back-up \"\"Morse code\"\" feature for unlocking it -- a series of 6 short or long presses, suggesting there were only 64 possible keys. Surely it couldn't be that easy... But wait, there's more! It had another backup unlock feature: a USB port and an app that can unlock it with a PIN, and a default PIN set for bonus stupidity. I had a feeling this was just the tip of the terrible-security-iceberg.\r\nI will demonstrate how to defeat this lock with some simple tools, with just your bare hands, and with a USB attack.\"\n\n\n","title":"The least secure biometric lock on Earth","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#61ba95","name":"Physical Security Village","id":45381},"android_description":"\"I demonstrate how to defeat a biometric padlock via USB with a laptop, or with your bare hands, or even with a Defcon badge.\r\n\r\nWhile flipping through products a biometric lock caught my attention. It mentioned a back-up \"\"Morse code\"\" feature for unlocking it -- a series of 6 short or long presses, suggesting there were only 64 possible keys. Surely it couldn't be that easy... But wait, there's more! It had another backup unlock feature: a USB port and an app that can unlock it with a PIN, and a default PIN set for bonus stupidity. I had a feeling this was just the tip of the terrible-security-iceberg.\r\nI will demonstrate how to defeat this lock with some simple tools, with just your bare hands, and with a USB attack.\"","end_timestamp":{"seconds":1660420800,"nanoseconds":0},"updated_timestamp":{"seconds":1659624360,"nanoseconds":0},"speakers":[{"content_ids":[49273,49401],"conference_id":65,"event_ids":[49353,49548],"name":"Seth Kintigh","affiliations":[],"pronouns":null,"links":[{"description":"","title":"GitHub","sort_order":0,"url":"https://github.com/skintigh"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Seth_Kintigh"}],"media":[],"id":48699}],"timeband_id":892,"links":[],"end":"2022-08-13T20:00:00.000-0000","id":49548,"begin_timestamp":{"seconds":1660419000,"nanoseconds":0},"tag_ids":[40264,45340,45373,45381,45450],"village_id":22,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48699}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 201-202 (Physical Security Village)","hotel":"","short_name":"201-202 (Physical Security Village)","id":45428},"spans_timebands":"N","begin":"2022-08-13T19:30:00.000-0000","updated":"2022-08-04T14:46:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"AxJay & AcZay illway emonstrateday a pularpay ediumisticmay untstay omfray the 1900s — show you how stage mystics utilize code to convey secret information, and spark your mind for creative methods of deployment for your own security uses. (It’s not pig-latin, btw).\n\n\n","title":"Verbal Steganography Re-Loaded","type":{"conference_id":65,"conference":"DEFCON30","color":"#569d6e","updated_at":"2024-06-07T03:39+0000","name":"Rogues Village","id":45368},"end_timestamp":{"seconds":1660422600,"nanoseconds":0},"android_description":"AxJay & AcZay illway emonstrateday a pularpay ediumisticmay untstay omfray the 1900s — show you how stage mystics utilize code to convey secret information, and spark your mind for creative methods of deployment for your own security uses. (It’s not pig-latin, btw).","updated_timestamp":{"seconds":1659467520,"nanoseconds":0},"speakers":[{"content_ids":[49320,49325,49328],"conference_id":65,"event_ids":[49420,49425,49428],"name":"Four Suits Co","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/foursuits_co"},{"description":"","title":"Website","sort_order":0,"url":"https://foursuits.co/"}],"media":[],"id":48742},{"content_ids":[49323,49325],"conference_id":65,"event_ids":[49423,49425],"name":"Zac","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48745},{"content_ids":[49325],"conference_id":65,"event_ids":[49425],"name":"Jax","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48747}],"timeband_id":892,"links":[],"end":"2022-08-13T20:30:00.000-0000","id":49425,"village_id":29,"begin_timestamp":{"seconds":1660419000,"nanoseconds":0},"tag_ids":[40271,45340,45368,45453],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48742},{"tag_id":565,"sort_order":1,"person_id":48747},{"tag_id":565,"sort_order":1,"person_id":48745}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Evolution (Rogues Village)","hotel":"","short_name":"Evolution (Rogues Village)","id":45407},"spans_timebands":"N","updated":"2022-08-02T19:12:00.000-0000","begin":"2022-08-13T19:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Resumé Review","type":{"conference_id":65,"conference":"DEFCON30","color":"#c497fa","updated_at":"2024-06-07T03:39+0000","name":"Girls Hack Village","id":45361},"android_description":"","end_timestamp":{"seconds":1660422600,"nanoseconds":0},"updated_timestamp":{"seconds":1659465720,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-13T20:30:00.000-0000","id":49408,"begin_timestamp":{"seconds":1660419000,"nanoseconds":0},"tag_ids":[40255,45341,45361,45451],"village_id":12,"includes":"","people":[],"tags":"Village Event","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City III (Girls Hack Village)","hotel":"","short_name":"Virginia City III (Girls Hack Village)","id":45400},"updated":"2022-08-02T18:42:00.000-0000","begin":"2022-08-13T19:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Intro time (5 mins) Well, I have to say who I am and why I'm here and my qualifications, otherwise people leave. Ok, maybe they don't leave, but I want to explain how/why I do this and how I'm going to make it a fun project for everyone after the talk!\r\nBaking something fluffy (10 mins) Now I take a few minutes to explain the common concepts of cloud configurations such as IAM/ORG policies and how they compare to redteaming 'on-prem'. It's all about understanding the magic that is the cloud in clear terms that everyone can follow along with - and yes, there are funny jokes and memes throughout. A happy crowd is an engaged crowd! Seriously, in a quick 10 minutes, 'Pizza as a Service' is used to explain the concepts of the cloud, the attack vectors presented and how pentesters and bad actors use these attack points to their advantage.\r\nIt's clobberin time (10 mins) Let's get to it with lots of example of misconfigurations and the attack vectors they pose. This is both live (with recorded backup) demo time and OSS tool demonstrations to help find misconfigured cloud services. Not much else to say about this part. It is interactive, fun and really shows off how simple mistakes can lead to serious incidents like exposing millions of records to the public 'accidentally' or how a public github repo was used to launch over 300 VMs for crypto mining and no one knew until a month later. Oh yeah, and a brief description of how cryptomining is a fun diversion to take your attention away from what the attacker was really doing will be discussed. Peace offerings to the demo gods will be made prior to the live portion of course.\r\nGreat, now how do we fix it? (10 mins) Well, attendees have to come away with some clear AIs to be able to apply to their cloud configurations and some suggestions on how to avoid misconfigurations in the first place. Auditing tools are discussed and shown (not in demo, but output from audits are shared and discussed) Tools discussed are all OSS and nothing, (and I mean nothing!) is commercial! Before and afters of misconfigured cloud projects will be shown with some general automation suggestions to help remove the 'human threat' factor from the process.\r\nKey Takeaways (5 mins) Let's bring it all to a neat and tidy conclusion with specific takeaways so attendees feel like they got something out of this. What good is any talk without identified specifics of what we learned and how to apply them, am I right? And there you have it, tied up neatly with a lovely bow and ready to take home!\r\nQ/A (5 mins)\n\n\n","title":"Security Misconfigurations in the Cloud - \"Oh Look, something fluffy, poke, poke, poke\"","type":{"conference_id":65,"conference":"DEFCON30","color":"#7caa57","updated_at":"2024-06-07T03:39+0000","name":"Cloud Village","id":45350},"android_description":"Intro time (5 mins) Well, I have to say who I am and why I'm here and my qualifications, otherwise people leave. Ok, maybe they don't leave, but I want to explain how/why I do this and how I'm going to make it a fun project for everyone after the talk!\r\nBaking something fluffy (10 mins) Now I take a few minutes to explain the common concepts of cloud configurations such as IAM/ORG policies and how they compare to redteaming 'on-prem'. It's all about understanding the magic that is the cloud in clear terms that everyone can follow along with - and yes, there are funny jokes and memes throughout. A happy crowd is an engaged crowd! Seriously, in a quick 10 minutes, 'Pizza as a Service' is used to explain the concepts of the cloud, the attack vectors presented and how pentesters and bad actors use these attack points to their advantage.\r\nIt's clobberin time (10 mins) Let's get to it with lots of example of misconfigurations and the attack vectors they pose. This is both live (with recorded backup) demo time and OSS tool demonstrations to help find misconfigured cloud services. Not much else to say about this part. It is interactive, fun and really shows off how simple mistakes can lead to serious incidents like exposing millions of records to the public 'accidentally' or how a public github repo was used to launch over 300 VMs for crypto mining and no one knew until a month later. Oh yeah, and a brief description of how cryptomining is a fun diversion to take your attention away from what the attacker was really doing will be discussed. Peace offerings to the demo gods will be made prior to the live portion of course.\r\nGreat, now how do we fix it? (10 mins) Well, attendees have to come away with some clear AIs to be able to apply to their cloud configurations and some suggestions on how to avoid misconfigurations in the first place. Auditing tools are discussed and shown (not in demo, but output from audits are shared and discussed) Tools discussed are all OSS and nothing, (and I mean nothing!) is commercial! Before and afters of misconfigured cloud projects will be shown with some general automation suggestions to help remove the 'human threat' factor from the process.\r\nKey Takeaways (5 mins) Let's bring it all to a neat and tidy conclusion with specific takeaways so attendees feel like they got something out of this. What good is any talk without identified specifics of what we learned and how to apply them, am I right? And there you have it, tied up neatly with a lovely bow and ready to take home!\r\nQ/A (5 mins)","end_timestamp":{"seconds":1660421400,"nanoseconds":0},"updated_timestamp":{"seconds":1659283140,"nanoseconds":0},"speakers":[{"content_ids":[49178],"conference_id":65,"event_ids":[49214],"name":"Kat Fitzgerald","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/rnbwkat"}],"media":[],"id":48632}],"timeband_id":892,"links":[],"end":"2022-08-13T20:10:00.000-0000","id":49214,"tag_ids":[40252,45340,45350,45451],"begin_timestamp":{"seconds":1660419000,"nanoseconds":0},"village_id":9,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48632}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Cloud Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Cloud Village)","id":45431},"begin":"2022-08-13T19:30:00.000-0000","updated":"2022-07-31T15:59:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Cognitive security is the application of information security principles, practices, and tools to misinformation, disinformation, and other information harms. This workshop walk though principles and tools for managing disinformation incidents alongside cybersecurity and physical incidents. \n\n\n","title":"Cognitive Security in Theory and Practice","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d5f67c","name":"Misinformation Village","id":45335},"android_description":"Cognitive security is the application of information security principles, practices, and tools to misinformation, disinformation, and other information harms. This workshop walk though principles and tools for managing disinformation incidents alongside cybersecurity and physical incidents.","end_timestamp":{"seconds":1660421700,"nanoseconds":0},"updated_timestamp":{"seconds":1660334100,"nanoseconds":0},"speakers":[{"content_ids":[49066],"conference_id":65,"event_ids":[49069],"name":"Sara-Jayne Terp","affiliations":[{"organization":"CogSec Collaborative","title":""}],"links":[],"pronouns":null,"media":[],"id":48493,"title":"CogSec Collaborative"}],"timeband_id":892,"links":[],"end":"2022-08-13T20:15:00.000-0000","id":49069,"village_id":18,"tag_ids":[40260,45332,45335,45450],"begin_timestamp":{"seconds":1660419000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48493}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (Misinformation Village)","hotel":"","short_name":"220->236 (Misinformation Village)","id":45402},"updated":"2022-08-12T19:55:00.000-0000","begin":"2022-08-13T19:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Identified early in 2022, PIPEDREAM is the seventh-known ICS-specific\nmalware and the fifth malware specifically developed to disrupt\nindustrial processes. PIPEDREAM demonstrates significant adversary\nresearch and development focused on the disruption, degradation, and\npotentially, the destruction of industrial environments and physical\nprocesses. PIPEDREAM can impact a wide variety of PLCs including Omron\nand Schneider Electric controllers. PIPEDREAM can also execute attacks\nthat take advantage of ubiquitous industrial protocols, including\nCODESYS, Modbus, FINS, and OPC-UA.\n\nThis presentation will summarize the malware, and detail the\ndifficulties encountered during the reverse engineering and analysis\nof the malware to include acquiring equipment and setting up our\nlab. This talk will also release the latest results from Drago's lab\nincluding an assessment of the breadth of impact of PIPEDREAM's\nCODESYS modules on equipment beyond Schneider Electric's PLCs, testing\nOmron servo manipulation, as well as OPC-UA server manipulation.\nWhile a background in ICS is helpful to understand this talk, it is\nnot required. The audience will learn about what challenges they can\nexpect to encounter when testing ICS malware and how to overcome them.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"title":"Analyzing PIPEDREAM: Challenges in testing an ICS attack toolkit.","end_timestamp":{"seconds":1660421700,"nanoseconds":0},"android_description":"Identified early in 2022, PIPEDREAM is the seventh-known ICS-specific\nmalware and the fifth malware specifically developed to disrupt\nindustrial processes. PIPEDREAM demonstrates significant adversary\nresearch and development focused on the disruption, degradation, and\npotentially, the destruction of industrial environments and physical\nprocesses. PIPEDREAM can impact a wide variety of PLCs including Omron\nand Schneider Electric controllers. PIPEDREAM can also execute attacks\nthat take advantage of ubiquitous industrial protocols, including\nCODESYS, Modbus, FINS, and OPC-UA.\n\nThis presentation will summarize the malware, and detail the\ndifficulties encountered during the reverse engineering and analysis\nof the malware to include acquiring equipment and setting up our\nlab. This talk will also release the latest results from Drago's lab\nincluding an assessment of the breadth of impact of PIPEDREAM's\nCODESYS modules on equipment beyond Schneider Electric's PLCs, testing\nOmron servo manipulation, as well as OPC-UA server manipulation.\nWhile a background in ICS is helpful to understand this talk, it is\nnot required. The audience will learn about what challenges they can\nexpect to encounter when testing ICS malware and how to overcome them.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48549],"conference_id":65,"event_ids":[48585],"name":"Jimmy Wylie","affiliations":[{"organization":"","title":"Principal Malware Analyst II , Dragos, Inc."}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/mayahustle"}],"pronouns":null,"media":[],"id":47917,"title":"Principal Malware Analyst II , Dragos, Inc."}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241937"}],"end":"2022-08-13T20:15:00.000-0000","id":48585,"tag_ids":[45241,45279,45375,45450],"begin_timestamp":{"seconds":1660419000,"nanoseconds":0},"village_id":null,"includes":"Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47917}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-13T19:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"I have explored the subject of UFOs seriously and in depth and detail for 44 years. I have worked with some of the best and brightest in the \"invisible college\" to do academic research and reach conclusions based on the evidence. I contributed to the celebrated history, \"UFOs and Government: A Historical Inquiry,\" the gold standard for historical research into the subject now in over 100 university libraries. This talk more than updates the latest government statements on the subject--it is the most complete, honest, and forthright presentation I can make. I will tell the most truth I can, based on data and evidence. As an NSA analyst told me, \"Richard, they are here. They're here.\"\n\n\n","title":"UFOs, Alien Life, and the Least Untruthful Things I Can Say.","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"android_description":"I have explored the subject of UFOs seriously and in depth and detail for 44 years. I have worked with some of the best and brightest in the \"invisible college\" to do academic research and reach conclusions based on the evidence. I contributed to the celebrated history, \"UFOs and Government: A Historical Inquiry,\" the gold standard for historical research into the subject now in over 100 university libraries. This talk more than updates the latest government statements on the subject--it is the most complete, honest, and forthright presentation I can make. I will tell the most truth I can, based on data and evidence. As an NSA analyst told me, \"Richard, they are here. They're here.\"","end_timestamp":{"seconds":1660421700,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48551],"conference_id":65,"event_ids":[48538],"name":"Richard Thieme","affiliations":[{"organization":"","title":"ThiemeWorks"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/neuralcowboy"},{"description":"","title":"Website","sort_order":0,"url":"https://thiemeworks.com"}],"pronouns":null,"media":[],"id":47908,"title":"ThiemeWorks"}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242199"}],"end":"2022-08-13T20:15:00.000-0000","id":48538,"begin_timestamp":{"seconds":1660419000,"nanoseconds":0},"village_id":null,"tag_ids":[45241,45375,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47908}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 106-110, 138-139 (Track 2)","hotel":"","short_name":"106-110, 138-139 (Track 2)","id":45373},"spans_timebands":"N","updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-13T19:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Apple’s Lightning connector was introduced almost 10 years ago - and\nunder the hood it can be used for much more than just charging an\niPhone: Using a proprietary protocol it can also be configured to give\naccess to a serial-console and even expose the JTAG pins of the\napplication processor! So far these hidden debugging features have not\nbeen very accessible, and could only be accessed using expensive and\ndifficult to acquire \"Kanzi\" and \"Bonobo\" cables. In this talk we\nintroduce the cheap and open-source \"Tamarin Cable\", bringing\nLightning exploration to the masses!\n\nIn this talk we are diving deep into the weeds of Apple Lightning:\nWhat’s “Tristar”, “Hydra” and “HiFive”? What’s SDQ and IDBUS? And how\ndoes it all fit together?\n\nWe show how you can analyze Lightning communications, what different\ntypes of cables (such as DCSD, Kanzi & co) communicate with the\niPhone, and how everything works on the hardware level.\n\nWe then show how we developed the “Tamarin Cable”: An open-source,\nsuper cheap (~$5 and a sacrificed cable) Lightning explorer that\nsupports sending custom IDBUS & SDQ commands, can access the iPhone’s\nserial-console, and even provides a full JTAG/SWD probe able to debug\niPhones.\n\nWe also show how we fuzzed Lightning to uncover new commands, and\nreverse engineer some Lightning details hidden in iOS itself.\n\n\n","title":"The hitchhacker’s guide to iPhone Lightning & JTAG hacking","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"android_description":"Apple’s Lightning connector was introduced almost 10 years ago - and\nunder the hood it can be used for much more than just charging an\niPhone: Using a proprietary protocol it can also be configured to give\naccess to a serial-console and even expose the JTAG pins of the\napplication processor! So far these hidden debugging features have not\nbeen very accessible, and could only be accessed using expensive and\ndifficult to acquire \"Kanzi\" and \"Bonobo\" cables. In this talk we\nintroduce the cheap and open-source \"Tamarin Cable\", bringing\nLightning exploration to the masses!\n\nIn this talk we are diving deep into the weeds of Apple Lightning:\nWhat’s “Tristar”, “Hydra” and “HiFive”? What’s SDQ and IDBUS? And how\ndoes it all fit together?\n\nWe show how you can analyze Lightning communications, what different\ntypes of cables (such as DCSD, Kanzi & co) communicate with the\niPhone, and how everything works on the hardware level.\n\nWe then show how we developed the “Tamarin Cable”: An open-source,\nsuper cheap (~$5 and a sacrificed cable) Lightning explorer that\nsupports sending custom IDBUS & SDQ commands, can access the iPhone’s\nserial-console, and even provides a full JTAG/SWD probe able to debug\niPhones.\n\nWe also show how we fuzzed Lightning to uncover new commands, and\nreverse engineer some Lightning details hidden in iOS itself.","end_timestamp":{"seconds":1660420200,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48550],"conference_id":65,"event_ids":[48520],"name":"stacksmashing","affiliations":[{"organization":"","title":"Hacker"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ghidraninja"},{"description":"","title":"YouTube","sort_order":0,"url":"https://youtube.com/stacksmashing"}],"pronouns":null,"media":[],"id":47913,"title":"Hacker"}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241936"}],"end":"2022-08-13T19:50:00.000-0000","id":48520,"tag_ids":[45241,45279,45281,45375,45450],"begin_timestamp":{"seconds":1660419000,"nanoseconds":0},"village_id":null,"includes":"Tool, Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47913}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 104-105, 135-136 (Track 1)","hotel":"","short_name":"104-105, 135-136 (Track 1)","id":45372},"begin":"2022-08-13T19:30:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Detailed Outline will be as follows:\r\n\r\n1. What is Threat Modelling?\r\n2. Why is Threat Modeling necessary?\r\n3.Common Threat Modelling Frameworks:\r\n All the mentioned frameworks will be explained in detail with actionable scenarios and how to measure violations and propose mitigations\r\n STRIDE\r\n PASTA\r\n VAST\r\n TRIKE\r\n\r\n4. How to plan Threat Modelling?\r\n5. What NOT to do when doing threat modelling?\r\n6. How to handle the results of threat modelling to not make it overwhelming to different stakeholders? \r\n\r\nFor eg: \r\nIn STRIDE, I'll give an overview and then walkthrough real life scenarios how \r\n 1. Explanantion of the framwork\r\n 2. Example:\r\n 2.1. Spoofing Identity refers to violation of authentication\r\n Can be potrayed by misconfigured VPN configurations (in detail)\r\n 2.2 Tampering with data refers to Integrity\r\n Having mutable logs and super admin having toxic right to change them (in detail)\r\n 2.3 Non Repudiation\r\n Multiple users using same set of credentials causing non-repudiation and making logs useless because actions can't be backtracked to the user performing it (in details)\r\n etc\r\n\r\nI will give examples from actual threat modellings I have done but remove all the organisation related information and make them generic, then what scenarios look like in organisations.\n\n\nThe talk will mainly focus on different frameworks of Threat Modelling and how threat modelling can be more efficient. Learning from the past experiences and common mistakes which organizations make while doing threat modelling.","title":"Even my Dad is a Threat Modeler!","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#97ab92","name":"Blue Team Village","id":45376},"end_timestamp":{"seconds":1660419900,"nanoseconds":0},"android_description":"Detailed Outline will be as follows:\r\n\r\n1. What is Threat Modelling?\r\n2. Why is Threat Modeling necessary?\r\n3.Common Threat Modelling Frameworks:\r\n All the mentioned frameworks will be explained in detail with actionable scenarios and how to measure violations and propose mitigations\r\n STRIDE\r\n PASTA\r\n VAST\r\n TRIKE\r\n\r\n4. How to plan Threat Modelling?\r\n5. What NOT to do when doing threat modelling?\r\n6. How to handle the results of threat modelling to not make it overwhelming to different stakeholders? \r\n\r\nFor eg: \r\nIn STRIDE, I'll give an overview and then walkthrough real life scenarios how \r\n 1. Explanantion of the framwork\r\n 2. Example:\r\n 2.1. Spoofing Identity refers to violation of authentication\r\n Can be potrayed by misconfigured VPN configurations (in detail)\r\n 2.2 Tampering with data refers to Integrity\r\n Having mutable logs and super admin having toxic right to change them (in detail)\r\n 2.3 Non Repudiation\r\n Multiple users using same set of credentials causing non-repudiation and making logs useless because actions can't be backtracked to the user performing it (in details)\r\n etc\r\n\r\nI will give examples from actual threat modellings I have done but remove all the organisation related information and make them generic, then what scenarios look like in organisations.\n\n\nThe talk will mainly focus on different frameworks of Threat Modelling and how threat modelling can be more efficient. Learning from the past experiences and common mistakes which organizations make while doing threat modelling.","updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48936],"conference_id":65,"event_ids":[48936],"name":"Sarthak Taneja","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48342}],"timeband_id":892,"links":[],"end":"2022-08-13T19:45:00.000-0000","id":48936,"begin_timestamp":{"seconds":1660418100,"nanoseconds":0},"tag_ids":[40250,45340,45348,45374,45376],"village_id":7,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48342}],"tags":"Talk, Pre-Recorded Content","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45475,"name":"Virtual - BlueTeam Village - Talks","hotel":"","short_name":"Talks","id":45473},"begin":"2022-08-13T19:15:00.000-0000","updated":"2022-07-28T21:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Even after years of scolding from security teams around the world, GitHub remains a developer's favorite place to post passwords, API tokens, and proprietary information. While these leaks have been well-studied for more than three years, gaps still remain in the process of uncovering these leaks. Many techniques for secret searching only consider entities with strong connections companies––users who belong to the company's org and repositories that are posted by the org itself. Most secrets have loose connections with the organization––users that post their dotfiles and configs, for example. By combining a breadth-first approach to GitHub searching along with heuristics for eliminating false positives, we are able to more effectively find secrets. We highlight recent work in the area of secret sprawl and present a new technique to find secrets across GitHub.\r\n\r\nThis talk is the first to provide the following:\r\n- A new, breadth-first technique to find secrets across GitHub\r\n- Strategies for false-positive reduction that can be applied to both source code + other OSINT tools\r\n- Insight into the root causes of leaks– what types of repos are more likely to be posted?\n\n\n","title":"New Frontiers in GitHub Secret Snatching","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#bab7d9","name":"Recon Village","id":45384},"android_description":"Even after years of scolding from security teams around the world, GitHub remains a developer's favorite place to post passwords, API tokens, and proprietary information. While these leaks have been well-studied for more than three years, gaps still remain in the process of uncovering these leaks. Many techniques for secret searching only consider entities with strong connections companies––users who belong to the company's org and repositories that are posted by the org itself. Most secrets have loose connections with the organization––users that post their dotfiles and configs, for example. By combining a breadth-first approach to GitHub searching along with heuristics for eliminating false positives, we are able to more effectively find secrets. We highlight recent work in the area of secret sprawl and present a new technique to find secrets across GitHub.\r\n\r\nThis talk is the first to provide the following:\r\n- A new, breadth-first technique to find secrets across GitHub\r\n- Strategies for false-positive reduction that can be applied to both source code + other OSINT tools\r\n- Insight into the root causes of leaks– what types of repos are more likely to be posted?","end_timestamp":{"seconds":1660420500,"nanoseconds":0},"updated_timestamp":{"seconds":1659974880,"nanoseconds":0},"speakers":[{"content_ids":[49727],"conference_id":65,"event_ids":[49917],"name":"Tillson Galloway","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/tillson_"}],"pronouns":null,"media":[],"id":49069}],"timeband_id":892,"links":[],"end":"2022-08-13T19:55:00.000-0000","id":49917,"begin_timestamp":{"seconds":1660417800,"nanoseconds":0},"village_id":26,"tag_ids":[40268,45340,45373,45384,45453],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49069}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social B and C (Recon Village)","hotel":"","short_name":"Social B and C (Recon Village)","id":45415},"spans_timebands":"N","updated":"2022-08-08T16:08:00.000-0000","begin":"2022-08-13T19:10:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"I spend a lot of time on Twitter among people that are fun, interesting and sometimes strange. There are tweets that I like and tweets that I retweet but the ones that go into my bookmarks folder are special. \r\n\r\nThey are sometimes funny, sometimes weird but some of them are really good interesting information that I aim to follow up later (spoiler alert - I never do). This talk will walk you through the contents of my bookmarks folder - you should be entertained but you may actually learn something too.\n\n\n","title":"Fun with bookmarks: From someone who spends way too much time on Twitter","type":{"conference_id":65,"conference":"DEFCON30","color":"#74a6bb","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Groups VR","id":45449},"end_timestamp":{"seconds":1660419000,"nanoseconds":0},"android_description":"I spend a lot of time on Twitter among people that are fun, interesting and sometimes strange. There are tweets that I like and tweets that I retweet but the ones that go into my bookmarks folder are special. \r\n\r\nThey are sometimes funny, sometimes weird but some of them are really good interesting information that I aim to follow up later (spoiler alert - I never do). This talk will walk you through the contents of my bookmarks folder - you should be entertained but you may actually learn something too.","updated_timestamp":{"seconds":1660257540,"nanoseconds":0},"speakers":[{"content_ids":[49763],"conference_id":65,"event_ids":[49961],"name":"Allen Baranov","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/abaranov"}],"pronouns":null,"media":[],"id":49101}],"timeband_id":892,"links":[{"label":"URL","type":"link","url":"https://account.altvr.com/events/2059997537997160822"}],"end":"2022-08-13T19:30:00.000-0000","id":49961,"village_id":null,"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"tag_ids":[45374,45449],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49101}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - DEF CON Groups VR","hotel":"","short_name":"DEF CON Groups VR","id":45523},"updated":"2022-08-11T22:39:00.000-0000","begin":"2022-08-13T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Schemaverse [skee-muh vurs] is a space battleground that lives inside a PostgreSQL database. Mine the hell out of resources and build up your fleet of ships, all while trying to protect your home planet. Once you're ready, head out and conquer the map from other DEF CON rivals.\r\n\r\nThis unique game gives you direct access to the database that governs the rules. Write SQL queries directly by connecting with any supported PostgreSQL client or use your favourite language to write AI that plays on your behalf. This is DEF CON of course so start working on your SQL Injections - anything goes!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"title":"The Schemaverse Championship","end_timestamp":{"seconds":1660500000,"nanoseconds":0},"android_description":"The Schemaverse [skee-muh vurs] is a space battleground that lives inside a PostgreSQL database. Mine the hell out of resources and build up your fleet of ships, all while trying to protect your home planet. Once you're ready, head out and conquer the map from other DEF CON rivals.\r\n\r\nThis unique game gives you direct access to the database that governs the rules. Write SQL queries directly by connecting with any supported PostgreSQL client or use your favourite language to write AI that plays on your behalf. This is DEF CON of course so start working on your SQL Injections - anything goes!","updated_timestamp":{"seconds":1659988980,"nanoseconds":0},"speakers":[],"timeband_id":892,"end":"2022-08-14T18:00:00.000-0000","links":[{"label":"Twitter","type":"link","url":"https://twitter.com/schemaverse"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/240965"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711644182116040784"},{"label":"Website","type":"link","url":"https://schemaverse.com"}],"id":49922,"tag_ids":[45360,45374],"village_id":null,"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45476},"spans_timebands":"Y","begin":"2022-08-13T19:00:00.000-0000","updated":"2022-08-08T20:03:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Attendees of this session will leave understanding crypto agility and why it should be a primary consideration when adopting PQE.\n\n\n","title":"Why Organizations Must Consider Crypto Agility","type":{"conference_id":65,"conference":"DEFCON30","color":"#aae997","updated_at":"2024-06-07T03:39+0000","name":"Quantum Village","id":45382},"android_description":"Attendees of this session will leave understanding crypto agility and why it should be a primary consideration when adopting PQE.","end_timestamp":{"seconds":1660420800,"nanoseconds":0},"updated_timestamp":{"seconds":1660333260,"nanoseconds":0},"speakers":[{"content_ids":[49708,49702],"conference_id":65,"event_ids":[49892,49898],"name":"Vikram Sharma","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49055}],"timeband_id":892,"links":[],"end":"2022-08-13T20:00:00.000-0000","id":49898,"tag_ids":[40266,45340,45373,45382,45450],"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"village_id":24,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49055}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 217 (Quantum Village)","hotel":"","short_name":"217 (Quantum Village)","id":45403},"spans_timebands":"N","updated":"2022-08-12T19:41:00.000-0000","begin":"2022-08-13T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"End-to-end encryption is a concept we've been hearing about a lot these last few years, and has gained a lot of prominence in the public eye due to various platforms (WhatsApp, Signal, Telegram) implementing a variation of it. \r\n\r\nIn this talk I want to cover E2E encryption in detail, it's usages, as well as why everyone keeps saying to \"never roll your own crypto\".\r\n\r\nGeneral Outline:\r\nThe presentation will try in a first part to demystify various aspects of E2E-encryption, describing various algorithms that are used to that extent, and where they are primarily used.\r\n\r\nThe second part will focus on the various usages of E2E encryption and why countries and organizations are fighting against it. It will also go into detail about what that means for the average person, versus what that means for various categories of individuals, such as for example journalists or criminals.\r\n\r\nThe third and most extensive part will involve diving into a custom - but not by any means secure - implementation of E2E encryption that was \"made for fun\" (to learn more about cryptography) and seeing what concepts are implemented. This is to take a look at how theory - as seen in books - often distances itself from practice, and what pitfalls one can easily find themselves falling into when trying to implement such algorithms.\n\n\n","title":"Implementing E2E multi-client communication (for fun, work or profit) - what could go wrong?","type":{"conference_id":65,"conference":"DEFCON30","color":"#5978bc","updated_at":"2024-06-07T03:39+0000","name":"AppSec Village","id":45378},"android_description":"End-to-end encryption is a concept we've been hearing about a lot these last few years, and has gained a lot of prominence in the public eye due to various platforms (WhatsApp, Signal, Telegram) implementing a variation of it. \r\n\r\nIn this talk I want to cover E2E encryption in detail, it's usages, as well as why everyone keeps saying to \"never roll your own crypto\".\r\n\r\nGeneral Outline:\r\nThe presentation will try in a first part to demystify various aspects of E2E-encryption, describing various algorithms that are used to that extent, and where they are primarily used.\r\n\r\nThe second part will focus on the various usages of E2E encryption and why countries and organizations are fighting against it. It will also go into detail about what that means for the average person, versus what that means for various categories of individuals, such as for example journalists or criminals.\r\n\r\nThe third and most extensive part will involve diving into a custom - but not by any means secure - implementation of E2E encryption that was \"made for fun\" (to learn more about cryptography) and seeing what concepts are implemented. This is to take a look at how theory - as seen in books - often distances itself from practice, and what pitfalls one can easily find themselves falling into when trying to implement such algorithms.","end_timestamp":{"seconds":1660420800,"nanoseconds":0},"updated_timestamp":{"seconds":1659917160,"nanoseconds":0},"speakers":[{"content_ids":[49648],"conference_id":65,"event_ids":[49832],"name":"Nicolas Boeckh","affiliations":[],"pronouns":null,"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://linkedin.com/in/nicolas-boeckh"}],"media":[],"id":49005}],"timeband_id":892,"links":[],"end":"2022-08-13T20:00:00.000-0000","id":49832,"tag_ids":[40278,45340,45345,45378,45451],"village_id":4,"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49005}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45421,"name":"Flamingo - Twilight Ballroom - AppSec Village - Main Stage","hotel":"","short_name":"Main Stage","id":45517},"spans_timebands":"N","begin":"2022-08-13T19:00:00.000-0000","updated":"2022-08-08T00:06:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Election security is largely not cybersecurity – we’ll review some of the checks and balances in place: Logic and Accuracy testing, Post-Election statistically significant hand count, air gapped EMS. We’ll also review improvements we've worked towards including physical security hardening, threat intelligence sharing, incorporating least privilege methodologies, advocating for security improvements from the EAC as well as our EMS vendors, and being the originators of the EMS Gateway CIS benchmark.\r\n\r\nLastly, we’ll inform the audience on how they can do their part - fight MDM, demand intellectual integrity from themselves and those around them, normalize requesting citations, volunteer to work for elections and speak up if something seems wrong!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#9d9a7e","updated_at":"2024-06-07T03:39+0000","name":"Voting Village","id":45387},"title":"United We Stand","end_timestamp":{"seconds":1660419000,"nanoseconds":0},"android_description":"Election security is largely not cybersecurity – we’ll review some of the checks and balances in place: Logic and Accuracy testing, Post-Election statistically significant hand count, air gapped EMS. We’ll also review improvements we've worked towards including physical security hardening, threat intelligence sharing, incorporating least privilege methodologies, advocating for security improvements from the EAC as well as our EMS vendors, and being the originators of the EMS Gateway CIS benchmark.\r\n\r\nLastly, we’ll inform the audience on how they can do their part - fight MDM, demand intellectual integrity from themselves and those around them, normalize requesting citations, volunteer to work for elections and speak up if something seems wrong!","updated_timestamp":{"seconds":1659912900,"nanoseconds":0},"speakers":[{"content_ids":[49604,49605],"conference_id":65,"event_ids":[49818,49819],"name":"Michael Moore","affiliations":[{"organization":"Maricopa County Recorder’s Office","title":"Information Security Officer"}],"links":[{"description":"","title":"Website","sort_order":0,"url":"https://recorder.maricopa.gov"}],"pronouns":null,"media":[],"id":48952,"title":"Information Security Officer at Maricopa County Recorder’s Office"},{"content_ids":[49604],"conference_id":65,"event_ids":[49818],"name":"Nate Young","affiliations":[{"organization":"Maricopa County Recorder’s Office","title":"Director of IT"}],"links":[],"pronouns":null,"media":[],"id":49083,"title":"Director of IT at Maricopa County Recorder’s Office"}],"timeband_id":892,"links":[{"label":"Twitch","type":"link","url":"https://www.twitch.tv/votingvillagedc"},{"label":"YouTube","type":"link","url":"https://m.youtube.com/channel/UCnDevqsxt3sO8chqS5MGvwg"}],"end":"2022-08-13T19:30:00.000-0000","id":49818,"tag_ids":[40279,45340,45348,45374,45387,45450],"village_id":34,"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48952},{"tag_id":565,"sort_order":1,"person_id":49083}],"tags":"Pre-Recorded Content, Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 313-314, 320 (Voting Village)","hotel":"","short_name":"313-314, 320 (Voting Village)","id":45416},"spans_timebands":"N","updated":"2022-08-07T22:55:00.000-0000","begin":"2022-08-13T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Control Validation Compass (\"CVC\") is the hub for publicly accessible, operational cybersecurity resources. CVC unites a broad set of technical controls, offensive security tests, and governance resources around a common language for adversary behavior (MITRE ATT&CK). CVC allows intelligence analysts, defenders, and red teamers to instantly surface relevant detection rules, scripts, and policy controls across more than 30 repositories, reducing time and effort to strengthen, validate, and measure security posture.\n\n\n","title":"Control Validation Compass: Intelligence for Improved Security Validation","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#54ab76","name":"Adversary Village","id":45377},"android_description":"Control Validation Compass (\"CVC\") is the hub for publicly accessible, operational cybersecurity resources. CVC unites a broad set of technical controls, offensive security tests, and governance resources around a common language for adversary behavior (MITRE ATT&CK). CVC allows intelligence analysts, defenders, and red teamers to instantly surface relevant detection rules, scripts, and policy controls across more than 30 repositories, reducing time and effort to strengthen, validate, and measure security posture.","end_timestamp":{"seconds":1660419000,"nanoseconds":0},"updated_timestamp":{"seconds":1659888900,"nanoseconds":0},"speakers":[{"content_ids":[48728,49593],"conference_id":65,"event_ids":[48732,49805],"name":"Scott Small","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/scott-small-20ba0164/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/IntelScott"}],"media":[],"id":48059}],"timeband_id":892,"links":[],"end":"2022-08-13T19:30:00.000-0000","id":49805,"village_id":1,"tag_ids":[40246,45340,45349,45373,45377,45451],"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48059}],"tags":"Tool Demo, Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"begin":"2022-08-13T19:00:00.000-0000","updated":"2022-08-07T16:15:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Hacking Active Directory","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ada5dd","name":"Red Team Village","id":45385},"end_timestamp":{"seconds":1660431600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659679320,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-13T23:00:00.000-0000","id":49647,"tag_ids":[40269,45332,45373,45385,45451],"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"village_id":27,"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"updated":"2022-08-05T06:02:00.000-0000","begin":"2022-08-13T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Quiet Recon: Gathering everything you need with LDAP and native AD services ","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"android_description":"","end_timestamp":{"seconds":1660420800,"nanoseconds":0},"updated_timestamp":{"seconds":1659679260,"nanoseconds":0},"speakers":[{"content_ids":[49441],"conference_id":65,"event_ids":[49644,49645],"name":"Cory Wolff","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/cwolff411"}],"media":[],"id":48820}],"timeband_id":892,"links":[],"end":"2022-08-13T20:00:00.000-0000","id":49645,"tag_ids":[40269,45332,45373,45385,45451],"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"village_id":27,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48820}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"updated":"2022-08-05T06:01:00.000-0000","begin":"2022-08-13T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"title":"OSINT Skills Lab Challenge","end_timestamp":{"seconds":1660420800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659679080,"nanoseconds":0},"speakers":[{"content_ids":[49440],"conference_id":65,"event_ids":[49635,49636,49637,49638,49639,49640,49641,49642,49643],"name":"Lee McWhorter","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/lee-mcwhorter/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/tleemcjr"}],"media":[],"id":48518},{"content_ids":[49440],"conference_id":65,"event_ids":[49635,49636,49637,49638,49639,49640,49641,49642,49643],"name":"Sandra Stibbards","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/camelotinvestigations/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/camelotinv"}],"media":[],"id":48531}],"timeband_id":892,"links":[],"end":"2022-08-13T20:00:00.000-0000","id":49641,"tag_ids":[40269,45332,45373,45385,45451],"village_id":27,"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48518},{"tag_id":565,"sort_order":1,"person_id":48531}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"spans_timebands":"N","updated":"2022-08-05T05:58:00.000-0000","begin":"2022-08-13T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"HackerOps","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"end_timestamp":{"seconds":1660420800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659678600,"nanoseconds":0},"speakers":[{"content_ids":[49434],"conference_id":65,"event_ids":[49606,49607,49608,49609,49610,49611,49612,49613,49614,49615,49616],"name":"Ralph May","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48825}],"timeband_id":892,"links":[],"end":"2022-08-13T20:00:00.000-0000","id":49612,"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"tag_ids":[40269,45332,45373,45385,45451],"village_id":27,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48825}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"begin":"2022-08-13T19:00:00.000-0000","updated":"2022-08-05T05:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ada5dd","name":"Red Team Village","id":45385},"title":"Container and Kubernetes Offense","end_timestamp":{"seconds":1660420800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659678420,"nanoseconds":0},"speakers":[{"content_ids":[49432],"conference_id":65,"event_ids":[49596,49597,49598],"name":"Michael Mitchell","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48824}],"timeband_id":892,"links":[],"end":"2022-08-13T20:00:00.000-0000","id":49598,"village_id":27,"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"tag_ids":[40269,45332,45373,45385,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48824}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"updated":"2022-08-05T05:47:00.000-0000","begin":"2022-08-13T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Once again this year’s DEF CON Red Team CTF will be hosted by Threat Simulations! We have an amazing, immersive scenario that stresses strong red team skills as players traverse through an enterprise network. This event is not for the faint of heart, first you will battle with hundreds of teams in a jeopardy board style ctf, then the top teams will enter the finals where your Red Team skills will be tested in a full Active Directory environment. Your team will compete against some of the best red teamers in the world as you exploit, pivot, and loot the target environment.\n\n\n","title":"Red Team Village CTF Qualifiers Part 1","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"end_timestamp":{"seconds":1660435200,"nanoseconds":0},"android_description":"Once again this year’s DEF CON Red Team CTF will be hosted by Threat Simulations! We have an amazing, immersive scenario that stresses strong red team skills as players traverse through an enterprise network. This event is not for the faint of heart, first you will battle with hundreds of teams in a jeopardy board style ctf, then the top teams will enter the finals where your Red Team skills will be tested in a full Active Directory environment. Your team will compete against some of the best red teamers in the world as you exploit, pivot, and loot the target environment.","updated_timestamp":{"seconds":1659678120,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[{"label":"Website","type":"link","url":"https://redteamvillage.io/ctf.html"},{"label":"Twitter","type":"link","url":"https://twitter.com/RedTeamVillage_"}],"end":"2022-08-14T00:00:00.000-0000","id":49590,"tag_ids":[40269,45360,45373,45450],"village_id":27,"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"begin":"2022-08-13T19:00:00.000-0000","updated":"2022-08-05T05:42:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"https://www.se.community/research-cold-calls/#coldcalls\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#504dd0","name":"Social Engineering Community Village","id":45370},"title":"Cold Calls","end_timestamp":{"seconds":1660420800,"nanoseconds":0},"android_description":"https://www.se.community/research-cold-calls/#coldcalls","updated_timestamp":{"seconds":1659503880,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-13T20:00:00.000-0000","id":49499,"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"village_id":31,"tag_ids":[40273,45370,45371,45453],"includes":"","people":[],"tags":"Activity","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social A (Social Engineering Community)","hotel":"","short_name":"Social A (Social Engineering Community)","id":45418},"updated":"2022-08-03T05:18:00.000-0000","begin":"2022-08-13T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Fathom5 will be hosting a number of Grace Maritime Cyber Testbed consoles at the ICS Village to support the SeaTF activity. This \"lunchtime tutorial\" will discuss the protocols associated with the Automatic Identification System (AIS), the widely-used maritime situational awareness system and part of the Grace Navigation console. This mini-tutorial will describe the AIS protocol and transmission format used between vessels using radio transmission.\n\n\n","title":"Understanding AIS Protocols and the GRACE Console [[Maritime]]","type":{"conference_id":65,"conference":"DEFCON30","color":"#81f8bf","updated_at":"2024-06-07T03:39+0000","name":"ICS Village","id":45369},"android_description":"Fathom5 will be hosting a number of Grace Maritime Cyber Testbed consoles at the ICS Village to support the SeaTF activity. This \"lunchtime tutorial\" will discuss the protocols associated with the Automatic Identification System (AIS), the widely-used maritime situational awareness system and part of the Grace Navigation console. This mini-tutorial will describe the AIS protocol and transmission format used between vessels using radio transmission.","end_timestamp":{"seconds":1660420800,"nanoseconds":0},"updated_timestamp":{"seconds":1659473400,"nanoseconds":0},"speakers":[{"content_ids":[49334,49346],"conference_id":65,"event_ids":[49434,49446],"name":"Gary Kessler","affiliations":[{"organization":"Fathom5","title":"Principal Consultant"}],"links":[],"pronouns":null,"media":[],"id":48760,"title":"Principal Consultant at Fathom5"}],"timeband_id":892,"links":[],"end":"2022-08-13T20:00:00.000-0000","id":49446,"village_id":15,"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"tag_ids":[40258,45340,45369,45375,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48760}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village)","hotel":"","short_name":"314 - 319 (ICS Village)","id":45430},"updated":"2022-08-02T20:50:00.000-0000","begin":"2022-08-13T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Exploring Fruadsters Persuasion Strategies on Employment Databases","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#c497fa","name":"Girls Hack Village","id":45361},"end_timestamp":{"seconds":1660419000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659465660,"nanoseconds":0},"speakers":[{"content_ids":[49308,49309,49366],"conference_id":65,"event_ids":[49407,49409,49502],"name":"Tessa Cole","affiliations":[],"pronouns":null,"links":[{"description":"","title":"","sort_order":0,"url":"https://www.linkedin.com/in/tessa-cole-phd-3aab70166/"},{"description":"","title":"Instagram","sort_order":0,"url":"https://www.instagram.com/tessacole8/"}],"media":[],"id":48739}],"timeband_id":892,"links":[],"end":"2022-08-13T19:30:00.000-0000","id":49407,"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"tag_ids":[40255,45340,45361,45451],"village_id":12,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48739}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City III (Girls Hack Village)","hotel":"","short_name":"Virginia City III (Girls Hack Village)","id":45400},"spans_timebands":"N","updated":"2022-08-02T18:41:00.000-0000","begin":"2022-08-13T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Have you ever wanted to break out of handcuffs, pick open a closed bag and shoot your buddy in the chest with a nerf gun? So have we, that's why TOOOL presents the Dozer Drill. A fast paced skill based game where you have to free yourself from handcuffs, open a closed bag, and retrieve the nerf gun to be the first to hit the target. Join us through the con for unofficial games, and on Saturday for an official bracket tournament.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#856899","name":"Lock Pick Village","id":45362},"title":"Dozier Drill Tournament","end_timestamp":{"seconds":1660424400,"nanoseconds":0},"android_description":"Have you ever wanted to break out of handcuffs, pick open a closed bag and shoot your buddy in the chest with a nerf gun? So have we, that's why TOOOL presents the Dozer Drill. A fast paced skill based game where you have to free yourself from handcuffs, open a closed bag, and retrieve the nerf gun to be the first to hit the target. Join us through the con for unofficial games, and on Saturday for an official bracket tournament.","updated_timestamp":{"seconds":1660110060,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-13T21:00:00.000-0000","id":49357,"village_id":17,"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"tag_ids":[40259,45340,45362,45373,45450],"includes":"","people":[],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 203-204, 235 (Lock Pick Village)","hotel":"","short_name":"203-204, 235 (Lock Pick Village)","id":45399},"spans_timebands":"N","updated":"2022-08-10T05:41:00.000-0000","begin":"2022-08-13T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Engineers at the Aerospace Corporation are hosting a CTF using the PiSat platform (check out the PiSat Workshop also in the Aerospace Village). Teams will command a PiSat via a COSMOS web GUI and complete challenges, which will be announced during the event. The CTF will primarily use crosslinks between PiSats to complete tasks including attacking other PiSats. Rounds will last ten minutes each, but teams can stay for up to one hour.\r\n\r\nRequired gear: bring a laptop (with an ethernet port!) to compete in the contest.\r\n\r\nSignups: Sign-ups for the event will be in person each morning from 10am – 12pm and will be first come, first served.\n\n\n","title":"Hack-A-Sat Aerospace PiSat Challenge","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#f5eab2","name":"Aerospace Village","id":45357},"end_timestamp":{"seconds":1660435200,"nanoseconds":0},"android_description":"Engineers at the Aerospace Corporation are hosting a CTF using the PiSat platform (check out the PiSat Workshop also in the Aerospace Village). Teams will command a PiSat via a COSMOS web GUI and complete challenges, which will be announced during the event. The CTF will primarily use crosslinks between PiSats to complete tasks including attacking other PiSats. Rounds will last ten minutes each, but teams can stay for up to one hour.\r\n\r\nRequired gear: bring a laptop (with an ethernet port!) to compete in the contest.\r\n\r\nSignups: Sign-ups for the event will be in person each morning from 10am – 12pm and will be first come, first served.","updated_timestamp":{"seconds":1659379380,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T00:00:00.000-0000","id":49307,"tag_ids":[40247,45357,45358,45450],"village_id":2,"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"includes":"","people":[],"tags":"CTF","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","updated":"2022-08-01T18:43:00.000-0000","begin":"2022-08-13T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"How is a commercial aircraft’s avionics network designed? How is an aircraft architecture integrated with an avionics network? Come learn about complexity of the aviation systems environment, aircraft design security requirements, design assurance levels, and lastly dive deep from a cyber perspective into an aircraft environment we are all familiar with: the passenger cabin.\n\n\n","title":"Introduction to Aircraft Networks and Security Design Considerations","type":{"conference_id":65,"conference":"DEFCON30","color":"#f5eab2","updated_at":"2024-06-07T03:39+0000","name":"Aerospace Village","id":45357},"end_timestamp":{"seconds":1660420200,"nanoseconds":0},"android_description":"How is a commercial aircraft’s avionics network designed? How is an aircraft architecture integrated with an avionics network? Come learn about complexity of the aviation systems environment, aircraft design security requirements, design assurance levels, and lastly dive deep from a cyber perspective into an aircraft environment we are all familiar with: the passenger cabin.","updated_timestamp":{"seconds":1659379500,"nanoseconds":0},"speakers":[{"content_ids":[49235],"conference_id":65,"event_ids":[49278],"name":"Sean Sullivan","affiliations":[{"organization":"Boeing Commercial Airplanes","title":"Chief Engineer for Cabin, Network Systems and Product Security"}],"links":[],"pronouns":null,"media":[],"id":48686,"title":"Chief Engineer for Cabin, Network Systems and Product Security at Boeing Commercial Airplanes"}],"timeband_id":892,"links":[],"end":"2022-08-13T19:50:00.000-0000","id":49278,"tag_ids":[40247,45340,45357,45450],"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"village_id":2,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48686}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"updated":"2022-08-01T18:45:00.000-0000","begin":"2022-08-13T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#a68c60","updated_at":"2024-06-07T03:39+0000","name":"Vendor Event","id":45354},"title":"No Starch Press - Book Signing - Corey Ball, Hacking APIs","android_description":"","end_timestamp":{"seconds":1660417200,"nanoseconds":0},"updated_timestamp":{"seconds":1659306420,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-13T19:00:00.000-0000","id":49250,"village_id":null,"tag_ids":[45354,45373,45450],"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 130-132, 134 (Vendors)","hotel":"","short_name":"130-132, 134 (Vendors)","id":45448},"updated":"2022-07-31T22:27:00.000-0000","begin":"2022-08-13T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Decolonizing Cybersecurity","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#8dc784","name":"BIC Village","id":45353},"android_description":"","end_timestamp":{"seconds":1660419000,"nanoseconds":0},"updated_timestamp":{"seconds":1659305280,"nanoseconds":0},"speakers":[{"content_ids":[49201],"conference_id":65,"event_ids":[49242],"name":"Birhanu Eshete","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48653}],"timeband_id":892,"links":[],"end":"2022-08-13T19:30:00.000-0000","id":49242,"village_id":6,"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"tag_ids":[40249,45348,45353,45374],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48653}],"tags":"Pre-Recorded Content","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - BIC Village","hotel":"","short_name":"BIC Village","id":45488},"begin":"2022-08-13T19:00:00.000-0000","updated":"2022-07-31T22:08:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"SquarePhish is a phishing tool that combines QR Codes and OAuth 2.0 Device Code Flow for Advanced Phishing Attacks against Office 365.\n\n\n","title":"SquarePhish - Phishing Office 365 using QR Codes and Oauth 2.0 Device Code Flow","type":{"conference_id":65,"conference":"DEFCON30","color":"#7caa57","updated_at":"2024-06-07T03:39+0000","name":"Cloud Village","id":45350},"end_timestamp":{"seconds":1660419000,"nanoseconds":0},"android_description":"SquarePhish is a phishing tool that combines QR Codes and OAuth 2.0 Device Code Flow for Advanced Phishing Attacks against Office 365.","updated_timestamp":{"seconds":1659283680,"nanoseconds":0},"speakers":[{"content_ids":[49184],"conference_id":65,"event_ids":[49220],"name":"Nevada Romsdahl","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/nevadaromsdahl"}],"pronouns":null,"media":[],"id":48641},{"content_ids":[49184],"conference_id":65,"event_ids":[49220],"name":"Kamron Talebzadeh","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48642}],"timeband_id":892,"links":[],"end":"2022-08-13T19:30:00.000-0000","id":49220,"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"tag_ids":[40252,45349,45350,45451],"village_id":9,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48642},{"tag_id":565,"sort_order":1,"person_id":48641}],"tags":"Tool Demo","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Cloud Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Cloud Village)","id":45431},"spans_timebands":"N","updated":"2022-07-31T16:08:00.000-0000","begin":"2022-08-13T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"At any moment, tens of thousands of analysts within security operations centers (SOCs) inspect security alerts to detect evidence of compromise, but the knowledge they gain in the process is often lost, siloed, or inefficiently preserved. In our talk, we’ll present a machine learning prototype that leverages this forgotten knowledge, helping analysts triage malicious alerts in a feedback loop. The system learns to predict which alerts analysts will escalate, presents these alerts to analysts, and improves as analysts make decisions about these alerts. Our system is trained on real activity from hundreds of SOC analysts analyzing threats over thousands of customer environments, and it demonstrates a dramatic reduction in alert volume with minimal loss in detection rate, freeing up analysts to dive into alerts that truly matter.\r\n\r\nIn our presentation, we describe this system in transparent detail, discussing the complexity of raw data, the limitations of current approaches, and how our system can integrate into existing infrastructure, even in the presence of unstructured data and a shifting landscape of security sensors. We’ll also show our system’s performance in the practical defense of a diverse population of organizations and go over in-the-trenches case studies illustrating our system’s strengths and weaknesses.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#7692ac","updated_at":"2024-06-07T03:39+0000","name":"AI Village","id":45330},"title":"A System for Alert Prioritization","android_description":"At any moment, tens of thousands of analysts within security operations centers (SOCs) inspect security alerts to detect evidence of compromise, but the knowledge they gain in the process is often lost, siloed, or inefficiently preserved. In our talk, we’ll present a machine learning prototype that leverages this forgotten knowledge, helping analysts triage malicious alerts in a feedback loop. The system learns to predict which alerts analysts will escalate, presents these alerts to analysts, and improves as analysts make decisions about these alerts. Our system is trained on real activity from hundreds of SOC analysts analyzing threats over thousands of customer environments, and it demonstrates a dramatic reduction in alert volume with minimal loss in detection rate, freeing up analysts to dive into alerts that truly matter.\r\n\r\nIn our presentation, we describe this system in transparent detail, discussing the complexity of raw data, the limitations of current approaches, and how our system can integrate into existing infrastructure, even in the presence of unstructured data and a shifting landscape of security sensors. We’ll also show our system’s performance in the practical defense of a diverse population of organizations and go over in-the-trenches case studies illustrating our system’s strengths and weaknesses.","end_timestamp":{"seconds":1660420200,"nanoseconds":0},"updated_timestamp":{"seconds":1659292800,"nanoseconds":0},"speakers":[{"content_ids":[49050],"conference_id":65,"event_ids":[49053],"name":"Salma Taoufiq","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48472},{"content_ids":[49050],"conference_id":65,"event_ids":[49053],"name":"Ben Gelman ","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48476}],"timeband_id":892,"links":[],"end":"2022-08-13T19:50:00.000-0000","id":49053,"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"village_id":3,"tag_ids":[40248,45330,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48476},{"tag_id":565,"sort_order":1,"person_id":48472}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (AI Village)","hotel":"","short_name":"220->236 (AI Village)","id":45410},"spans_timebands":"N","updated":"2022-07-31T18:40:00.000-0000","begin":"2022-08-13T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Threat Intelligence has become a buzzword in the last few years, and almost every organization now understands the need for intelligence to enable better protection in the organization. The intelligence function is decisive in the ability of the organization to be proactive in security, but what do we really know about establishing this function, and how can we tailor the function to our intelligence needs and our protection capabilities? In \"Breaking the Intelligence Cycle\", Ohad Zaidenberg, Threat Intelligence Strategic Leader and the founder of the CTI League, will review the steps that need to be taken to create this tailor-made function with considerations for the maturity level of the recipient stakeholders. Moreover, Ohad will present brand new methods for establishing PIRs and disseminating intelligence, especially for the medical sector. \n\n\n","title":"Breaking the Intelligence Cycle - how to tailor intelligence function to your needs?","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#a67a60","name":"Biohacking Village","id":45329},"android_description":"Threat Intelligence has become a buzzword in the last few years, and almost every organization now understands the need for intelligence to enable better protection in the organization. The intelligence function is decisive in the ability of the organization to be proactive in security, but what do we really know about establishing this function, and how can we tailor the function to our intelligence needs and our protection capabilities? In \"Breaking the Intelligence Cycle\", Ohad Zaidenberg, Threat Intelligence Strategic Leader and the founder of the CTI League, will review the steps that need to be taken to create this tailor-made function with considerations for the maturity level of the recipient stakeholders. Moreover, Ohad will present brand new methods for establishing PIRs and disseminating intelligence, especially for the medical sector.","end_timestamp":{"seconds":1660419000,"nanoseconds":0},"updated_timestamp":{"seconds":1659108360,"nanoseconds":0},"speakers":[{"content_ids":[49021],"conference_id":65,"event_ids":[49024],"name":"Ohad Zaidenberg","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ohad_mz"}],"pronouns":null,"media":[],"id":48456}],"timeband_id":892,"links":[],"end":"2022-08-13T19:30:00.000-0000","id":49024,"village_id":5,"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"tag_ids":[40277,45329,45373,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48456}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Laughlin I,II,III (Biohacking Village)","hotel":"","short_name":"Laughlin I,II,III (Biohacking Village)","id":45405},"spans_timebands":"N","updated":"2022-07-29T15:26:00.000-0000","begin":"2022-08-13T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Through this session we propose to outline the draft methodology, so as to leverage the expertise of the audience to provide feedback and indicate interest in peer-reviewing or testing such a methodology. As well as to have an open discussion about the value of understanding harm in a cyber context.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ab59db","name":"Policy@DEF CON Content","id":45311},"title":"Addressing the gap in assessing (or measuring) the harm of cyberattacks","android_description":"Through this session we propose to outline the draft methodology, so as to leverage the expertise of the audience to provide feedback and indicate interest in peer-reviewing or testing such a methodology. As well as to have an open discussion about the value of understanding harm in a cyber context.","end_timestamp":{"seconds":1660423500,"nanoseconds":0},"updated_timestamp":{"seconds":1658982480,"nanoseconds":0},"speakers":[{"content_ids":[48749,48884],"conference_id":65,"event_ids":[48735,48890],"name":"Adrien Ogee","affiliations":[{"organization":"Cyber Peace Institute","title":"Chief Operations Officer"}],"links":[],"pronouns":null,"media":[],"id":48020,"title":"Chief Operations Officer at Cyber Peace Institute"}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242750"}],"end":"2022-08-13T20:45:00.000-0000","id":48890,"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"tag_ids":[40265,45311,45373,45450],"village_id":23,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48020}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 226-227 - Policy Roundtable","hotel":"","short_name":"226-227 - Policy Roundtable","id":45465},"spans_timebands":"N","updated":"2022-07-28T04:28:00.000-0000","begin":"2022-08-13T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"TSA and DEFCON will host a policy discussion group focused on the current cybersecurity threats to the aviation ecosystem. Discussion will be focused on the increasing threat space focused on airports, airframes, airlines, and air cargo. Additional topics of discussion will focus on cybersecurity work force issues, prioritization of mitigation measures to counter the threats, and how the research community can assist the government and the private sector. The aviation sector policy discussion will be held under Chatham House rules, otherwise known as “what happens in Vegas, stays in Vegas,” with the desired outcome that participants will come away with a better understanding of the threats, possible solutions, and the importance of collaboration to solve these pressing issues. Given the global nature of aviation, we will touch on the partnerships and policy regimes under consideration by the international community.\n\n\n","title":"Hacking Aviation Policy","type":{"conference_id":65,"conference":"DEFCON30","color":"#ab59db","updated_at":"2024-06-07T03:39+0000","name":"Policy@DEF CON Content","id":45311},"end_timestamp":{"seconds":1660423500,"nanoseconds":0},"android_description":"TSA and DEFCON will host a policy discussion group focused on the current cybersecurity threats to the aviation ecosystem. Discussion will be focused on the increasing threat space focused on airports, airframes, airlines, and air cargo. Additional topics of discussion will focus on cybersecurity work force issues, prioritization of mitigation measures to counter the threats, and how the research community can assist the government and the private sector. The aviation sector policy discussion will be held under Chatham House rules, otherwise known as “what happens in Vegas, stays in Vegas,” with the desired outcome that participants will come away with a better understanding of the threats, possible solutions, and the importance of collaboration to solve these pressing issues. Given the global nature of aviation, we will touch on the partnerships and policy regimes under consideration by the international community.","updated_timestamp":{"seconds":1658982480,"nanoseconds":0},"speakers":[{"content_ids":[48885,49228],"conference_id":65,"event_ids":[48886,49271],"name":"Timothy Weston","affiliations":[{"organization":"","title":"Deputy Executive Director (acting), Cybersecurity Policy Coordinator, Transportation Security Administration"}],"links":[],"pronouns":null,"media":[],"id":48302,"title":"Deputy Executive Director (acting), Cybersecurity Policy Coordinator, Transportation Security Administration"},{"content_ids":[48885],"conference_id":65,"event_ids":[48886],"name":"Meg King","affiliations":[{"organization":"","title":"Executive Director for Strategy, Policy Coordination & Innovation, Transportation Security Administration"}],"links":[],"pronouns":null,"media":[],"id":48303,"title":"Executive Director for Strategy, Policy Coordination & Innovation, Transportation Security Administration"},{"content_ids":[48885,48510],"conference_id":65,"event_ids":[48532,48886],"name":"Pete Cooper","affiliations":[{"organization":"UK Cabinet Office","title":"Deputy Director Cyber Defence"}],"links":[],"pronouns":null,"media":[],"id":48304,"title":"Deputy Director Cyber Defence at UK Cabinet Office"},{"content_ids":[48885,49229],"conference_id":65,"event_ids":[48886,49272],"name":"Ayan Islam","affiliations":[{"organization":"","title":"R-Street Institute"}],"links":[],"pronouns":null,"media":[],"id":48305,"title":"R-Street Institute"},{"content_ids":[48885,49231],"conference_id":65,"event_ids":[48886,49274],"name":"Ken Munro","affiliations":[{"organization":"","title":"Pentest Partners"}],"links":[],"pronouns":null,"media":[],"id":48306,"title":"Pentest Partners"}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242800"}],"end":"2022-08-13T20:45:00.000-0000","id":48886,"village_id":23,"tag_ids":[40265,45311,45373,45450],"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48305},{"tag_id":565,"sort_order":1,"person_id":48306},{"tag_id":565,"sort_order":1,"person_id":48303},{"tag_id":565,"sort_order":1,"person_id":48304},{"tag_id":565,"sort_order":1,"person_id":48302}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 224-225 - Policy Collaboratorium","hotel":"","short_name":"224-225 - Policy Collaboratorium","id":45464},"updated":"2022-07-28T04:28:00.000-0000","begin":"2022-08-13T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"PMR (PTVA Management & Reporting) is an open-source collaboration platform that closes the gap between InfoSec Technical teams and Management in all assessment phases, from planning to reporting. Technical folks can focus on assessment methodology planning, test execution ,and engagement collaboration. Whereas management can plan engagements, track progress, assign testers, monitor remediation status, and escalate SLA breaches, this is an All-in-One fancy dashboard. The main features are: A) *Asset Management* which allows IT asset inventory tracking with system owner contacts. B) *Engagements Management & Planning* that enable security testers to follow a test execution roadmap by creating a new testing methodology or follow execution standards such as NIST, PTES or OWASP. It definitely will keep pentesting engagements and projects more professional. Also, it enables collaborative testing, gathering information and evidence uploading. C) *Report Automation* that automates boring tasks such as writing technical reports and validation reports. Generating a PDF report that is ready to share with clients and management can be accomplished with one-click. D) *All-in-One Dashboard* that will keep executives and management up-to-date with the organization's security posture. The dashboard components are: - High level of current vulnerabilities. - Engagement progress. - Remediation Status. - Track SLA breaches. -Monitoring risk exceptions.\n\nAudience: Security professionals, Vulnerability Analysts , AppSec, Offense, Risk Management\n\n\n","title":"PMR - PT & VA Management & Reporting","type":{"conference_id":65,"conference":"DEFCON30","color":"#b3b0b6","updated_at":"2024-06-07T03:39+0000","name":"Demo Lab","id":45292},"android_description":"PMR (PTVA Management & Reporting) is an open-source collaboration platform that closes the gap between InfoSec Technical teams and Management in all assessment phases, from planning to reporting. Technical folks can focus on assessment methodology planning, test execution ,and engagement collaboration. Whereas management can plan engagements, track progress, assign testers, monitor remediation status, and escalate SLA breaches, this is an All-in-One fancy dashboard. The main features are: A) *Asset Management* which allows IT asset inventory tracking with system owner contacts. B) *Engagements Management & Planning* that enable security testers to follow a test execution roadmap by creating a new testing methodology or follow execution standards such as NIST, PTES or OWASP. It definitely will keep pentesting engagements and projects more professional. Also, it enables collaborative testing, gathering information and evidence uploading. C) *Report Automation* that automates boring tasks such as writing technical reports and validation reports. Generating a PDF report that is ready to share with clients and management can be accomplished with one-click. D) *All-in-One Dashboard* that will keep executives and management up-to-date with the organization's security posture. The dashboard components are: - High level of current vulnerabilities. - Engagement progress. - Remediation Status. - Track SLA breaches. -Monitoring risk exceptions.\n\nAudience: Security professionals, Vulnerability Analysts , AppSec, Offense, Risk Management","end_timestamp":{"seconds":1660424100,"nanoseconds":0},"updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48737],"conference_id":65,"event_ids":[48756],"name":"Musaed Bin Muatred","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48036},{"content_ids":[48737],"conference_id":65,"event_ids":[48756],"name":"Abdul Alanazi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48052}],"timeband_id":892,"links":[],"end":"2022-08-13T20:55:00.000-0000","id":48756,"tag_ids":[45292,45373,45450],"village_id":null,"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48052},{"tag_id":565,"sort_order":1,"person_id":48036}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Committee Boardroom (Demo Labs)","hotel":"","short_name":"Committee Boardroom (Demo Labs)","id":45444},"spans_timebands":"N","updated":"2022-07-27T05:31:00.000-0000","begin":"2022-08-13T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr, formerly SCCM) for lateral movement from a C2 agent without requiring access to the SCCM administration console. SharpSCCM supports lateral movement functions ported from PowerSCCM and contains additional functionality to abuse newly discovered attack primitives for coercing NTLM authentication from local administrator and SCCM site server machine accounts in environments where automatic client push installation is enabled. SharpSCCM can also dump information about the SCCM environment from a client, including domain credentials for Network Access Accounts. Further, with access to an SCCM administrator account, operators of SharpSCCM can execute code as SYSTEM or coerce NTLM authentication from the currently logged-in user or the machine account on any SCCM client.\n\nAudience: Offense, Defense, System Administrators\n\n\n","title":"SharpSCCM","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#b3b0b6","name":"Demo Lab","id":45292},"android_description":"SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr, formerly SCCM) for lateral movement from a C2 agent without requiring access to the SCCM administration console. SharpSCCM supports lateral movement functions ported from PowerSCCM and contains additional functionality to abuse newly discovered attack primitives for coercing NTLM authentication from local administrator and SCCM site server machine accounts in environments where automatic client push installation is enabled. SharpSCCM can also dump information about the SCCM environment from a client, including domain credentials for Network Access Accounts. Further, with access to an SCCM administrator account, operators of SharpSCCM can execute code as SYSTEM or coerce NTLM authentication from the currently logged-in user or the machine account on any SCCM client.\n\nAudience: Offense, Defense, System Administrators","end_timestamp":{"seconds":1660424100,"nanoseconds":0},"updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48745],"conference_id":65,"event_ids":[48747],"name":"Chris Thompson","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48039},{"content_ids":[48745],"conference_id":65,"event_ids":[48747],"name":"Duane Michael","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48042}],"timeband_id":892,"links":[],"end":"2022-08-13T20:55:00.000-0000","id":48747,"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"tag_ids":[45292,45373,45450],"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48039},{"tag_id":565,"sort_order":1,"person_id":48042}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Society Boardroom (Demo Labs)","hotel":"","short_name":"Society Boardroom (Demo Labs)","id":45393},"spans_timebands":"N","begin":"2022-08-13T19:00:00.000-0000","updated":"2022-07-27T05:31:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In this work we developed a 4.5G/5G network using only commercial off the shelf (COTS) hardware and open-source software to serve as test-infrastructure for studying vulnerabilities in 5G networks. We are using software defined networking (SDN) tools such as Faucet and Dovesnap and software defined radio(SDR) capabilities such as Open5gs and srsRAN along with Docker Containers to facilitate the rapid and reliable setup and configuration of network topologies that can be used to represent the 5G networks that we intend to test. By having a configurable and repeatable mechanism that could be shared among multiple users with differing hardware setups we were able to test 5G network configurations in a variety of ways and have those results validated by other team members.\n\nAudience: Target Audience: Network Defense and Attack, 5G, Software Defined Radio and Infrastructure-as-Code.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#b3b0b6","updated_at":"2024-06-07T03:39+0000","name":"Demo Lab","id":45292},"title":"Defensive 5G","end_timestamp":{"seconds":1660424100,"nanoseconds":0},"android_description":"In this work we developed a 4.5G/5G network using only commercial off the shelf (COTS) hardware and open-source software to serve as test-infrastructure for studying vulnerabilities in 5G networks. We are using software defined networking (SDN) tools such as Faucet and Dovesnap and software defined radio(SDR) capabilities such as Open5gs and srsRAN along with Docker Containers to facilitate the rapid and reliable setup and configuration of network topologies that can be used to represent the 5G networks that we intend to test. By having a configurable and repeatable mechanism that could be shared among multiple users with differing hardware setups we were able to test 5G network configurations in a variety of ways and have those results validated by other team members.\n\nAudience: Target Audience: Network Defense and Attack, 5G, Software Defined Radio and Infrastructure-as-Code.","updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48750],"conference_id":65,"event_ids":[48742],"name":"Ryan Ashley","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48035},{"content_ids":[48750],"conference_id":65,"event_ids":[48742],"name":"Eric Mair","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48048}],"timeband_id":892,"links":[],"end":"2022-08-13T20:55:00.000-0000","id":48742,"tag_ids":[45292,45373,45450],"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48048},{"tag_id":565,"sort_order":1,"person_id":48035}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Council Boardroom (Demo Labs)","hotel":"","short_name":"Council Boardroom (Demo Labs)","id":45443},"updated":"2022-07-27T05:31:00.000-0000","begin":"2022-08-13T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"alsanna is a command-line based intercepting proxy for arbitrary TCP traffic. It includes built-in support for decrypting TLS streams, and allows editing the stream as it passes over the network. It is deliberately lightweight and documented to help hackers who need to modify its behavior. This demo will include live instances of the tool which can be used by visitors, live support for anyone looking to learn how to use alsanna, and a short on-demand walkthrough for visitors, covering how the tool works and what you need to know to modify it.\n\nAudience: Researchers, reverse engineers, pentesters, bug bounty hunters\n\n\n","title":"alsanna","type":{"conference_id":65,"conference":"DEFCON30","color":"#b3b0b6","updated_at":"2024-06-07T03:39+0000","name":"Demo Lab","id":45292},"android_description":"alsanna is a command-line based intercepting proxy for arbitrary TCP traffic. It includes built-in support for decrypting TLS streams, and allows editing the stream as it passes over the network. It is deliberately lightweight and documented to help hackers who need to modify its behavior. This demo will include live instances of the tool which can be used by visitors, live support for anyone looking to learn how to use alsanna, and a short on-demand walkthrough for visitors, covering how the tool works and what you need to know to modify it.\n\nAudience: Researchers, reverse engineers, pentesters, bug bounty hunters","end_timestamp":{"seconds":1660424100,"nanoseconds":0},"updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48723],"conference_id":65,"event_ids":[48740],"name":"Jason Johnson","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48017}],"timeband_id":892,"links":[],"end":"2022-08-13T20:55:00.000-0000","id":48740,"tag_ids":[45292,45373,45450],"village_id":null,"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48017}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Accord Boardroom (Demo Labs)","hotel":"","short_name":"Accord Boardroom (Demo Labs)","id":45395},"spans_timebands":"N","begin":"2022-08-13T19:00:00.000-0000","updated":"2022-07-27T05:31:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Unblob is a command line extraction tool to obtain content from any kind of binary blob. It has been initially developed for the sound and safe extraction of arbitrary firmware images. It has been built as a modular framework where anyone can develop and submit new format handlers and extractors. Its public version already supports a large number of filesystems, archive, and compression formats: https://github.com/onekey-sec/unblob\n\nAudience: Reverse Engineers, Embedded Security\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#b3b0b6","updated_at":"2024-06-07T03:39+0000","name":"Demo Lab","id":45292},"title":"unblob - towards efficient firmware extraction","end_timestamp":{"seconds":1660424100,"nanoseconds":0},"android_description":"Unblob is a command line extraction tool to obtain content from any kind of binary blob. It has been initially developed for the sound and safe extraction of arbitrary firmware images. It has been built as a modular framework where anyone can develop and submit new format handlers and extractors. Its public version already supports a large number of filesystems, archive, and compression formats: https://github.com/onekey-sec/unblob\n\nAudience: Reverse Engineers, Embedded Security","updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48743],"conference_id":65,"event_ids":[48729],"name":"Quentin Kaiser","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48018},{"content_ids":[48743],"conference_id":65,"event_ids":[48729],"name":"Florian Lukavsky","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48028}],"timeband_id":892,"links":[],"end":"2022-08-13T20:55:00.000-0000","id":48729,"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"village_id":null,"tag_ids":[45292,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48028},{"tag_id":565,"sort_order":1,"person_id":48018}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Caucus Boardroom (Demo Labs)","hotel":"","short_name":"Caucus Boardroom (Demo Labs)","id":45442},"begin":"2022-08-13T19:00:00.000-0000","updated":"2022-07-27T05:31:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun.\r\n\r\nPlease note: the Caesars Forum Unity Ballroom is at the \"front\" of Caesars Forum, beside Demo Labs, across from room 216 (the Contest-CTF area).\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d1c366","name":"Meetup","id":45288},"title":"Friends of Bill W","android_description":"For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun.\r\n\r\nPlease note: the Caesars Forum Unity Ballroom is at the \"front\" of Caesars Forum, beside Demo Labs, across from room 216 (the Contest-CTF area).","end_timestamp":{"seconds":1660417200,"nanoseconds":0},"updated_timestamp":{"seconds":1659541740,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-13T19:00:00.000-0000","id":48707,"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"village_id":null,"tag_ids":[45288,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Unity Boardroom","hotel":"","short_name":"Unity Boardroom","id":45394},"spans_timebands":"N","begin":"2022-08-13T19:00:00.000-0000","updated":"2022-08-03T15:49:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"These days, Programmable Logic Controllers (PLC) in an industrial network are a critical attack target, with more exploits being identified every day. But what if the PLC wasn’t the prey, but the predator? This presentation demonstrates a novel TTP called the \"Evil PLC Attack\", where a PLC is weaponized in a way that when an engineer is trying to configure or troubleshoot it, the engineer’s machine gets compromised.\n\nWe will describe how engineers diagnose PLC issues, write code, and transfer bytecode to PLCs for execution with industrial processes in any number of critical sectors, including electric, water and wastewater, heavy industry, and automotive manufacturing. Then we will describe how we conceptualized, developed, and implemented different techniques to weaponize a PLC in order to achieve code execution on an engineer’s machine. \n\nThe research resulted in working PoCs against ICS market leaders which fixed all the reported vulnerabilities and remediated the attack vector. Such vendors include Rockwell Automation, Schneider Electric, GE, B&R, Xinje, OVARRO and more.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"title":"The Evil PLC Attack: Weaponizing PLCs","end_timestamp":{"seconds":1660418400,"nanoseconds":0},"android_description":"These days, Programmable Logic Controllers (PLC) in an industrial network are a critical attack target, with more exploits being identified every day. But what if the PLC wasn’t the prey, but the predator? This presentation demonstrates a novel TTP called the \"Evil PLC Attack\", where a PLC is weaponized in a way that when an engineer is trying to configure or troubleshoot it, the engineer’s machine gets compromised.\n\nWe will describe how engineers diagnose PLC issues, write code, and transfer bytecode to PLCs for execution with industrial processes in any number of critical sectors, including electric, water and wastewater, heavy industry, and automotive manufacturing. Then we will describe how we conceptualized, developed, and implemented different techniques to weaponize a PLC in order to achieve code execution on an engineer’s machine. \n\nThe research resulted in working PoCs against ICS market leaders which fixed all the reported vulnerabilities and remediated the attack vector. Such vendors include Rockwell Automation, Schneider Electric, GE, B&R, Xinje, OVARRO and more.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48547],"conference_id":65,"event_ids":[48584],"name":"Sharon Brizinov","affiliations":[{"organization":"","title":"Vulnerability Research Team Lead @ Claroty"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://linkedin.com/in/sharonbrizinov"}],"pronouns":null,"media":[],"id":47823,"title":"Vulnerability Research Team Lead @ Claroty"}],"timeband_id":892,"end":"2022-08-13T19:20:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241822"}],"id":48584,"village_id":null,"tag_ids":[45241,45279,45280,45281,45375,45450],"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"includes":"Exploit, Tool, Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47823}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"spans_timebands":"N","updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-13T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Container security is a prevalent topic in security research. Due to the great design and long-term effort, containers have been more and more secure. Usage of container technology is increasingly being used. Container security is a topic that has started to be discussed a lot lately.\n\nIn late 2021, Google increased the vulnerability reward program in kCTF infrastructure, which was built on top of Kubernetes and Google Container Optimized OS, with a minimum reward of $31,337 per submission.\n\nIn this talk, we will share about how we managed to have 4 successful submissions on kCTF VRP by exploiting four Linux kernel bugs to perform container escape on kCTF cluster, we will explain some interesting kernel exploit techniques and tricks that can be used to bypass the latest security mitigation in Linux kernel. We will also share what we did wrong that causes us to nearly lose 1 of the bounty.\n\nAs of writing, there are 14 successful entries to kCTF. In this presentation, we are willing to share our full, in-depth details on the research of kCTF.\n\nTo the best of our knowledge, this presentation will be the first to talk about a complete methodology to pwn kCTF (find and exploit bugs within 0-day and 1-day) in public.\n\n\n","title":"All Roads leads to GKE's Host : 4+ Ways to Escape","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"android_description":"Container security is a prevalent topic in security research. Due to the great design and long-term effort, containers have been more and more secure. Usage of container technology is increasingly being used. Container security is a topic that has started to be discussed a lot lately.\n\nIn late 2021, Google increased the vulnerability reward program in kCTF infrastructure, which was built on top of Kubernetes and Google Container Optimized OS, with a minimum reward of $31,337 per submission.\n\nIn this talk, we will share about how we managed to have 4 successful submissions on kCTF VRP by exploiting four Linux kernel bugs to perform container escape on kCTF cluster, we will explain some interesting kernel exploit techniques and tricks that can be used to bypass the latest security mitigation in Linux kernel. We will also share what we did wrong that causes us to nearly lose 1 of the bounty.\n\nAs of writing, there are 14 successful entries to kCTF. In this presentation, we are willing to share our full, in-depth details on the research of kCTF.\n\nTo the best of our knowledge, this presentation will be the first to talk about a complete methodology to pwn kCTF (find and exploit bugs within 0-day and 1-day) in public.","end_timestamp":{"seconds":1660419900,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48546],"conference_id":65,"event_ids":[48548],"name":"Muhammad ALifa Ramdhan","affiliations":[{"organization":"","title":"Security Researcher at STAR Labs"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/n0psledbyte"}],"pronouns":null,"media":[],"id":47852,"title":"Security Researcher at STAR Labs"},{"content_ids":[48546],"conference_id":65,"event_ids":[48548],"name":"Billy Jheng","affiliations":[{"organization":"","title":"Security Researcher at STAR Labs"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/st424204"}],"media":[],"id":47873,"title":"Security Researcher at STAR Labs"}],"timeband_id":892,"end":"2022-08-13T19:45:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241933"}],"id":48548,"village_id":null,"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"tag_ids":[45241,45279,45280,45375,45450],"includes":"Exploit, Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47873},{"tag_id":565,"sort_order":1,"person_id":47852}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 401-410, 421 (Track 3)","hotel":"","short_name":"401-410, 421 (Track 3)","id":45374},"spans_timebands":"N","begin":"2022-08-13T19:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"There's a running joke around Washington D.C. that the \"State Bird\" is the helicopter. Yet 96% of helicopter noise complaints from 2018-2021 went unattributed: D.C. Residents can not tell a news helicopter from a black hawk. Flight tracking sites remove flights as a paid service to aircraft owners and government agencies; even in the best case these sites do not receive tracking information from most military helicopters due to a Code of Federal Regulations exemption for \"sensitive government mission for national defense, homeland security, intelligence or law enforcement.\" This makes an enormous amount of helicopter flights untraceable even for the FAA and leaves residents in the dark.\n\nWhat if we could help residents identify helicopters? What if we could crowd source helicopter tracking? What if we could collect images to identify helicopters using computer vision? What if we could make aircraft radio as accessible as reading a map? What if we could make spotting helicopters a game that appeals to the competitive spirit of Washingtonians? And what if we could do all of this... on Twitter?\n\n\n","title":"Tracking Military Ghost Helicopters over our Nation's Capital","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"end_timestamp":{"seconds":1660418400,"nanoseconds":0},"android_description":"There's a running joke around Washington D.C. that the \"State Bird\" is the helicopter. Yet 96% of helicopter noise complaints from 2018-2021 went unattributed: D.C. Residents can not tell a news helicopter from a black hawk. Flight tracking sites remove flights as a paid service to aircraft owners and government agencies; even in the best case these sites do not receive tracking information from most military helicopters due to a Code of Federal Regulations exemption for \"sensitive government mission for national defense, homeland security, intelligence or law enforcement.\" This makes an enormous amount of helicopter flights untraceable even for the FAA and leaves residents in the dark.\n\nWhat if we could help residents identify helicopters? What if we could crowd source helicopter tracking? What if we could collect images to identify helicopters using computer vision? What if we could make aircraft radio as accessible as reading a map? What if we could make spotting helicopters a game that appeals to the competitive spirit of Washingtonians? And what if we could do all of this... on Twitter?","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48548],"conference_id":65,"event_ids":[48539],"name":"Andrew Logan","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/HelicoptersofDC"},{"description":"","title":"Website","sort_order":0,"url":"https://CopterSpotter.com"}],"pronouns":null,"media":[],"id":47894}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241838"}],"end":"2022-08-13T19:20:00.000-0000","id":48539,"village_id":null,"tag_ids":[45241,45375,45450],"begin_timestamp":{"seconds":1660417200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47894}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 106-110, 138-139 (Track 2)","hotel":"","short_name":"106-110, 138-139 (Track 2)","id":45373},"updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-13T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Most people don't know how Hospitals go through a ransomware incident. This lack of understanding creates a false sense of security for the places we rely on to help us when we are at our most vulnerable. This talk will describe what happened during a ransomware incident at a small midwestern hospital.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#a8c24b","name":"Skytalk","id":45291},"title":"This one time, at this Hospital, I got Ransomware","end_timestamp":{"seconds":1660419000,"nanoseconds":0},"android_description":"Most people don't know how Hospitals go through a ransomware incident. This lack of understanding creates a false sense of security for the places we rely on to help us when we are at our most vulnerable. This talk will describe what happened during a ransomware incident at a small midwestern hospital.","updated_timestamp":{"seconds":1658865480,"nanoseconds":0},"speakers":[{"content_ids":[48716,49009],"conference_id":65,"event_ids":[48723,49012],"name":"Eirick Luraas","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/tyercel"}],"media":[],"id":48001}],"timeband_id":892,"links":[],"end":"2022-08-13T19:30:00.000-0000","id":48723,"tag_ids":[40272,45291,45340,45373,45453],"village_id":30,"begin_timestamp":{"seconds":1660416000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48001}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45438,"name":"LINQ - BLOQ (SkyTalks 303)","hotel":"","short_name":"BLOQ (SkyTalks 303)","id":45413},"spans_timebands":"N","begin":"2022-08-13T18:40:00.000-0000","updated":"2022-07-26T19:58:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Couple years ago at DEF CON‘s Recon Village, I introduced a new OSINT technique to obtain a target’s phone number by just knowing the email address and published the tool \"email2phonenumber\" which automates the entire process. email2phonenumber, among other things, generates possible phone numbers for the target based on the Phone Numbering Plan of the target's country.\r\n\r\nThis year, I am introducing \"Phonerator\", a web-based tool to search, filter and generate *valid* phone number lists. Taking the phone number generation process of email2phonenumber to the next level, Phonerator allows you to provide only a few known digits of your target's phone number and start creating lists of possible (and valid) numbers. You don't have any intel on your target's phone number but know which carrier he uses, area he lives in, date when he started using the number? Phonerator can take in all those pieces of information and help you narrow down possible phone numbers.\r\n\r\nPhonerator is also a great tool for discovery and research. Want to find obscure and unknown carriers together with the phone numbers assigned to them for your wardialing needs? Phonerator can help. Want to abuse \"Contact Discovery\" to find in which websites your target is registered? Phonerator can export your curated list of numbers in vCard format to easily import to your test devices. Join this talk if you are an OSINT lover, SE professional, phreaker or just curious about how phone numbers get assigned and how you can profit from it.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#bab7d9","name":"Recon Village","id":45384},"title":"Phonerator, an advanced *valid* phone number generator for your OSINT/SE needs","android_description":"Couple years ago at DEF CON‘s Recon Village, I introduced a new OSINT technique to obtain a target’s phone number by just knowing the email address and published the tool \"email2phonenumber\" which automates the entire process. email2phonenumber, among other things, generates possible phone numbers for the target based on the Phone Numbering Plan of the target's country.\r\n\r\nThis year, I am introducing \"Phonerator\", a web-based tool to search, filter and generate *valid* phone number lists. Taking the phone number generation process of email2phonenumber to the next level, Phonerator allows you to provide only a few known digits of your target's phone number and start creating lists of possible (and valid) numbers. You don't have any intel on your target's phone number but know which carrier he uses, area he lives in, date when he started using the number? Phonerator can take in all those pieces of information and help you narrow down possible phone numbers.\r\n\r\nPhonerator is also a great tool for discovery and research. Want to find obscure and unknown carriers together with the phone numbers assigned to them for your wardialing needs? Phonerator can help. Want to abuse \"Contact Discovery\" to find in which websites your target is registered? Phonerator can export your curated list of numbers in vCard format to easily import to your test devices. Join this talk if you are an OSINT lover, SE professional, phreaker or just curious about how phone numbers get assigned and how you can profit from it.","end_timestamp":{"seconds":1660417800,"nanoseconds":0},"updated_timestamp":{"seconds":1659974820,"nanoseconds":0},"speakers":[{"content_ids":[49726],"conference_id":65,"event_ids":[49916],"name":"Martin Vigo","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/martin_vigo"}],"pronouns":null,"media":[],"id":49065}],"timeband_id":892,"links":[],"end":"2022-08-13T19:10:00.000-0000","id":49916,"tag_ids":[40268,45279,45340,45373,45384,45453],"village_id":26,"begin_timestamp":{"seconds":1660415700,"nanoseconds":0},"includes":"Demo","people":[{"tag_id":565,"sort_order":1,"person_id":49065}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social B and C (Recon Village)","hotel":"","short_name":"Social B and C (Recon Village)","id":45415},"spans_timebands":"N","updated":"2022-08-08T16:07:00.000-0000","begin":"2022-08-13T18:35:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The existing MITRE ATT&CK for ICS Framework largely describes the range of TTPs that could be leveraged against ships. Consequently, it has the potential to be an effective starting point for those charged with assessing the risks and potential detection and mitigation methodologies associated with mitigating those risks. That said, recent attempts at applying ATT&CK for ICS for shipboard cyber assessments has identified several key gaps and potential amplifications needed to more comprehensively cover the range of TTPs that can be leveraged by adversary actors against shipboard systems and networks. The presenter is currently collaborating with MITRE to add maritime specific TTPs and existing TTP applications into the upcoming release of the MITRE ATT&CK for ICS Framework.\n\n\n","title":"Taking MITRE ATT&CK for ICS to Sea","type":{"conference_id":65,"conference":"DEFCON30","color":"#81f8bf","updated_at":"2024-06-07T03:39+0000","name":"ICS Village","id":45369},"android_description":"The existing MITRE ATT&CK for ICS Framework largely describes the range of TTPs that could be leveraged against ships. Consequently, it has the potential to be an effective starting point for those charged with assessing the risks and potential detection and mitigation methodologies associated with mitigating those risks. That said, recent attempts at applying ATT&CK for ICS for shipboard cyber assessments has identified several key gaps and potential amplifications needed to more comprehensively cover the range of TTPs that can be leveraged by adversary actors against shipboard systems and networks. The presenter is currently collaborating with MITRE to add maritime specific TTPs and existing TTP applications into the upcoming release of the MITRE ATT&CK for ICS Framework.","end_timestamp":{"seconds":1660417200,"nanoseconds":0},"updated_timestamp":{"seconds":1659473340,"nanoseconds":0},"speakers":[{"content_ids":[49334,49344,49345],"conference_id":65,"event_ids":[49434,49444,49445],"name":"Tyson B. Meadors","affiliations":[{"organization":"US Navy","title":"Cyber Warfare Engineer"}],"links":[],"pronouns":null,"media":[],"id":48772,"title":"Cyber Warfare Engineer at US Navy"}],"timeband_id":892,"links":[],"end":"2022-08-13T19:00:00.000-0000","id":49445,"tag_ids":[40258,45340,45369,45375,45450],"begin_timestamp":{"seconds":1660415400,"nanoseconds":0},"village_id":15,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48772}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village)","hotel":"","short_name":"314 - 319 (ICS Village)","id":45430},"updated":"2022-08-02T20:49:00.000-0000","begin":"2022-08-13T18:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Black in Cybersecurity Research and Education: The Experience of one Black Girl's Journey through Graduate School","type":{"conference_id":65,"conference":"DEFCON30","color":"#c497fa","updated_at":"2024-06-07T03:39+0000","name":"Girls Hack Village","id":45361},"end_timestamp":{"seconds":1660417200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659465660,"nanoseconds":0},"speakers":[{"content_ids":[49307],"conference_id":65,"event_ids":[49406],"name":"Katorah Williams","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/katorah-williams/"}],"pronouns":null,"media":[],"id":48725}],"timeband_id":892,"links":[],"end":"2022-08-13T19:00:00.000-0000","id":49406,"begin_timestamp":{"seconds":1660415400,"nanoseconds":0},"village_id":12,"tag_ids":[40255,45340,45361,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48725}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City III (Girls Hack Village)","hotel":"","short_name":"Virginia City III (Girls Hack Village)","id":45400},"updated":"2022-08-02T18:41:00.000-0000","begin":"2022-08-13T18:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Ham Nets 101 - An introduction to ham nets for operators of all experience levels. Nets are an easy way to get on the air, talk to other hams, and be part of the ham community. Ham nets operate on all bands and often even on local repeaters. If you have a brand new Technician license, or a dusty old Extra, come learn all about what ham nets are and how to participate.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ed8d99","name":"Ham Radio Village","id":45355},"title":"Ham Nets 101","end_timestamp":{"seconds":1660417200,"nanoseconds":0},"android_description":"Ham Nets 101 - An introduction to ham nets for operators of all experience levels. Nets are an easy way to get on the air, talk to other hams, and be part of the ham community. Ham nets operate on all bands and often even on local repeaters. If you have a brand new Technician license, or a dusty old Extra, come learn all about what ham nets are and how to participate.","updated_timestamp":{"seconds":1659309000,"nanoseconds":0},"speakers":[{"content_ids":[49214],"conference_id":65,"event_ids":[49255],"name":"Jon Marler","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jmarler"}],"media":[],"id":48666}],"timeband_id":892,"links":[],"end":"2022-08-13T19:00:00.000-0000","id":49255,"begin_timestamp":{"seconds":1660415400,"nanoseconds":0},"village_id":13,"tag_ids":[40256,45340,45355,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48666}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City II (Ham Radio Village Activities)","hotel":"","short_name":"Virginia City II (Ham Radio Village Activities)","id":45489},"spans_timebands":"N","begin":"2022-08-13T18:30:00.000-0000","updated":"2022-07-31T23:10:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The overturning of Roe v Wade brings with it grim implications not just for abortion access in America, but for all digital privacy rights. In this talk we revisit the threats to our privacy and encryption slipped into law and practice under the guise of “protecting life” that were first discussed in the 2018 talk “Jailed by a Google Search.” We will then examine the pervasive digital monitoring that in many ways creates an even more dangerous surveillance environment for pregnant people than before Roe’s 1973 landmark ruling (temporarily) federally legalizing abortion.\r\n\r\nToday patients must navigate an ever-expanding interlocked web of digital data collection and anti-abortion misinformation, all while enduring the existing infrastructures of pregnancy surveillance in our medical and policing systems. By the end of this talk you’ll receive information on how to threat model issues that may come up in pursuing different safe abortion options, tips and strategies for digitally securing an abortion experience, and ways our privacy community can help take action.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#ff88ea","updated_at":"2024-06-07T03:39+0000","name":"Crypto & Privacy Village","id":45347},"title":"Jailed By a Google Search Part 2: Abortion Surveillance in Post-Roe America","android_description":"The overturning of Roe v Wade brings with it grim implications not just for abortion access in America, but for all digital privacy rights. In this talk we revisit the threats to our privacy and encryption slipped into law and practice under the guise of “protecting life” that were first discussed in the 2018 talk “Jailed by a Google Search.” We will then examine the pervasive digital monitoring that in many ways creates an even more dangerous surveillance environment for pregnant people than before Roe’s 1973 landmark ruling (temporarily) federally legalizing abortion.\r\n\r\nToday patients must navigate an ever-expanding interlocked web of digital data collection and anti-abortion misinformation, all while enduring the existing infrastructures of pregnancy surveillance in our medical and policing systems. By the end of this talk you’ll receive information on how to threat model issues that may come up in pursuing different safe abortion options, tips and strategies for digitally securing an abortion experience, and ways our privacy community can help take action.","end_timestamp":{"seconds":1660419000,"nanoseconds":0},"updated_timestamp":{"seconds":1659213840,"nanoseconds":0},"speakers":[{"content_ids":[49152,49270],"conference_id":65,"event_ids":[49188,49343],"name":"Kate Bertash","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/KateRoseBee"}],"pronouns":null,"media":[],"id":48600}],"timeband_id":892,"links":[],"end":"2022-08-13T19:30:00.000-0000","id":49188,"tag_ids":[40253,45347,45451],"begin_timestamp":{"seconds":1660415400,"nanoseconds":0},"village_id":10,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48600}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"begin":"2022-08-13T18:30:00.000-0000","updated":"2022-07-30T20:44:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"\"\"\"When Isaac* arrived at our Emergency department in a critical condition, the last place we thought to investigate was within the Deep Brain Stimulator (DBS) inside his head. Medical device failures or 'medical hacks' are not constituents of practitioner training, and the consequences were immediately apparent as we attempted to care for the patient [1]. Isaac's recovery was due to the resetting of the DBS settings by the programmer, and not as a result of medical attention. \r\n\r\nThe use of implanted neuromodulation is increasing in both the medical and consumer space, yet the telemetric nature of these closed looped systems expose them to a range of vulnerabilities [2-4]. Unlike hacks on insulin pumps and pacemakers, there is currently no research on hacks of brain-computer interfaces [1, 5]. \r\n\r\nInteractions between hardware and neuroanatomy invoke a range of unexpected symptoms - for Isaac the DBS error induced intense emotions and motor disturbance. An understanding of these biotechnological syndromes requires expertise from computer scientists, engineers, biomedical experts and hackers who can expose system flaws. We bring this case to DEFCON to foster collaboration between the medical and hacking community, to improve the care of patients like Isaac, who present with medical emergencies resulting from technological failures.\r\n\r\n*Psuedonym\r\n\"\"\"\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#a67a60","updated_at":"2024-06-07T03:39+0000","name":"Biohacking Village","id":45329},"title":"All information should be free (except the brain data you want to keep in your head) ","android_description":"\"\"\"When Isaac* arrived at our Emergency department in a critical condition, the last place we thought to investigate was within the Deep Brain Stimulator (DBS) inside his head. Medical device failures or 'medical hacks' are not constituents of practitioner training, and the consequences were immediately apparent as we attempted to care for the patient [1]. Isaac's recovery was due to the resetting of the DBS settings by the programmer, and not as a result of medical attention. \r\n\r\nThe use of implanted neuromodulation is increasing in both the medical and consumer space, yet the telemetric nature of these closed looped systems expose them to a range of vulnerabilities [2-4]. Unlike hacks on insulin pumps and pacemakers, there is currently no research on hacks of brain-computer interfaces [1, 5]. \r\n\r\nInteractions between hardware and neuroanatomy invoke a range of unexpected symptoms - for Isaac the DBS error induced intense emotions and motor disturbance. An understanding of these biotechnological syndromes requires expertise from computer scientists, engineers, biomedical experts and hackers who can expose system flaws. We bring this case to DEFCON to foster collaboration between the medical and hacking community, to improve the care of patients like Isaac, who present with medical emergencies resulting from technological failures.\r\n\r\n*Psuedonym\r\n\"\"\"","end_timestamp":{"seconds":1660417200,"nanoseconds":0},"updated_timestamp":{"seconds":1659108360,"nanoseconds":0},"speakers":[{"content_ids":[49020],"conference_id":65,"event_ids":[49023],"name":"Isabel Straw, MD","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/IsabelStrawMD"}],"media":[],"id":48444}],"timeband_id":892,"links":[],"end":"2022-08-13T19:00:00.000-0000","id":49023,"tag_ids":[40277,45329,45373,45451],"begin_timestamp":{"seconds":1660415400,"nanoseconds":0},"village_id":5,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48444}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Laughlin I,II,III (Biohacking Village)","hotel":"","short_name":"Laughlin I,II,III (Biohacking Village)","id":45405},"updated":"2022-07-29T15:26:00.000-0000","begin":"2022-08-13T18:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Obsidian Forensics Station: In this pre-recorded presentation we will walk through the artifacts and analysis of the Obsidian Kill Chain 3 using forensics artifacts found on affected Endpoints.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nObsidian Forensics Station: Kill Chain 3 Endpoint Forensics Walkthrough\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","title":"Obsidian Forensics: Kill Chain 3 Endpoint Forensics Walkthrough","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#97ab92","name":"Blue Team Village","id":45376},"android_description":"Obsidian Forensics Station: In this pre-recorded presentation we will walk through the artifacts and analysis of the Obsidian Kill Chain 3 using forensics artifacts found on affected Endpoints.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nObsidian Forensics Station: Kill Chain 3 Endpoint Forensics Walkthrough\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","end_timestamp":{"seconds":1660419000,"nanoseconds":0},"updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48909,48906,48924,48932,48910],"conference_id":65,"event_ids":[48908,48911,48912,48925,48933],"name":"Omenscan","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48341}],"timeband_id":892,"links":[],"end":"2022-08-13T19:30:00.000-0000","id":48933,"begin_timestamp":{"seconds":1660415400,"nanoseconds":0},"village_id":7,"tag_ids":[40250,45332,45373,45376,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48341}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person)","hotel":"","short_name":"BTV Project Obsidian: Track 0x41 (In-person)","id":45471},"begin":"2022-08-13T18:30:00.000-0000","updated":"2022-07-28T21:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"This module covers:\r\n\r\n- Direction & Planning: Establishing CTI goals and objectives \r\n- Collection: Objective is to review and operationalize a single CTI report\r\n- Analysis & Production: Elements to identify in a CTI report\r\n- Dissemination: Sharing takeaways from a CTI report with stakeholders\r\n- Feedback & Evaluation: Methods for receiving feedback\r\n\r\nObjective: Demonstrate how a CTI report can be operationalized.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nThis module presents an overview of how threat intelligence gleaned from a single CTI report can be operationalized across an organization. We'll run through a report based on content from Project Obsidian's kill chain 3 and demonstrate how it can be operationalized by different teams (SOC, IR, forensics, security management, and executives.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","title":"Obsidian CTI: Operationalizing Threat Intelligence","type":{"conference_id":65,"conference":"DEFCON30","color":"#97ab92","updated_at":"2024-06-07T03:39+0000","name":"Blue Team Village","id":45376},"end_timestamp":{"seconds":1660419000,"nanoseconds":0},"android_description":"This module covers:\r\n\r\n- Direction & Planning: Establishing CTI goals and objectives \r\n- Collection: Objective is to review and operationalize a single CTI report\r\n- Analysis & Production: Elements to identify in a CTI report\r\n- Dissemination: Sharing takeaways from a CTI report with stakeholders\r\n- Feedback & Evaluation: Methods for receiving feedback\r\n\r\nObjective: Demonstrate how a CTI report can be operationalized.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nThis module presents an overview of how threat intelligence gleaned from a single CTI report can be operationalized across an organization. We'll run through a report based on content from Project Obsidian's kill chain 3 and demonstrate how it can be operationalized by different teams (SOC, IR, forensics, security management, and executives.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48907,48929],"conference_id":65,"event_ids":[48909,48930],"name":"ttheveii0x","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48323},{"content_ids":[48907,48929],"conference_id":65,"event_ids":[48909,48930],"name":"Stephanie G.","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48328},{"content_ids":[48907,48929],"conference_id":65,"event_ids":[48909,48930],"name":"l00sid","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48331}],"timeband_id":892,"links":[],"end":"2022-08-13T19:30:00.000-0000","id":48930,"tag_ids":[40250,45332,45373,45376,45451],"begin_timestamp":{"seconds":1660415400,"nanoseconds":0},"village_id":7,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48328},{"tag_id":565,"sort_order":1,"person_id":48331},{"tag_id":565,"sort_order":1,"person_id":48323}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person)","hotel":"","short_name":"BTV Project Obsidian: Track 0x42 (In-person)","id":45472},"begin":"2022-08-13T18:30:00.000-0000","updated":"2022-07-28T21:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Xbox Live for original Xbox systems launched on November 15, 2002 and was subsequently discontinued on April 15, 2010. The first half of this talk will be an infromation dense overview of the gritty details of how the underlying protocols work and intermixing a retrospective of two decades of how the industry has approached IOT and network security. The second half of the talk will use that base to discuss the architecture of drop in replacement server infrastructure, how the speaker approaches the ethics of third party support for non-updatable abandoned networked devices, and culminating in a demo.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"title":"Reversing the Original Xbox Live Protocols","android_description":"Xbox Live for original Xbox systems launched on November 15, 2002 and was subsequently discontinued on April 15, 2010. The first half of this talk will be an infromation dense overview of the gritty details of how the underlying protocols work and intermixing a retrospective of two decades of how the industry has approached IOT and network security. The second half of the talk will use that base to discuss the architecture of drop in replacement server infrastructure, how the speaker approaches the ethics of third party support for non-updatable abandoned networked devices, and culminating in a demo.","end_timestamp":{"seconds":1660418100,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48545],"conference_id":65,"event_ids":[48508],"name":"Tristan Miller","affiliations":[{"organization":"","title":"Hacker"}],"links":[],"pronouns":null,"media":[],"id":47833,"title":"Hacker"}],"timeband_id":892,"end":"2022-08-13T19:15:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241929"}],"id":48508,"begin_timestamp":{"seconds":1660415400,"nanoseconds":0},"village_id":null,"tag_ids":[45241,45279,45281,45375,45450],"includes":"Tool, Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47833}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 104-105, 135-136 (Track 1)","hotel":"","short_name":"104-105, 135-136 (Track 1)","id":45372},"spans_timebands":"N","updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-13T18:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"To detect evil in the cloud, you must first know what 'evil' looks like. Then, it's critical to have an easy way to reproduce common attack techniques in live environments, to validate that our threat detection and logging pipelines work as intended. In this talk, we present Stratus Red Team, an open-source project for adversary emulation and end-to-end validation of threat detection in AWS, Kubernetes and Azure.\r\n\r\nWe discuss the motivation behind the project, design choices, and the philosophy behind Stratus Red Team: helping blue teams focus on real-world, documented attack techniques and empower them to iteratively build high-quality detections. We also discuss more advanced use-cases that Stratus Red Team allows, such as running it on a schedule in your CI/CD to continuously validate that the expected alerts are popping up in your SIEM.\r\n\r\nWe conclude with a live demo where we 'detonate' attack techniques against a live Kubernetes cluster and AWS account.\n\n\n","title":"Purple Teaming & Adversary Emulation in the Cloud with Stratus Red Team","type":{"conference_id":65,"conference":"DEFCON30","color":"#7caa57","updated_at":"2024-06-07T03:39+0000","name":"Cloud Village","id":45350},"end_timestamp":{"seconds":1660417200,"nanoseconds":0},"android_description":"To detect evil in the cloud, you must first know what 'evil' looks like. Then, it's critical to have an easy way to reproduce common attack techniques in live environments, to validate that our threat detection and logging pipelines work as intended. In this talk, we present Stratus Red Team, an open-source project for adversary emulation and end-to-end validation of threat detection in AWS, Kubernetes and Azure.\r\n\r\nWe discuss the motivation behind the project, design choices, and the philosophy behind Stratus Red Team: helping blue teams focus on real-world, documented attack techniques and empower them to iteratively build high-quality detections. We also discuss more advanced use-cases that Stratus Red Team allows, such as running it on a schedule in your CI/CD to continuously validate that the expected alerts are popping up in your SIEM.\r\n\r\nWe conclude with a live demo where we 'detonate' attack techniques against a live Kubernetes cluster and AWS account.","updated_timestamp":{"seconds":1659283140,"nanoseconds":0},"speakers":[{"content_ids":[49177],"conference_id":65,"event_ids":[49213],"name":"Christophe Tafani-Dereeper","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/christophetd"}],"media":[],"id":48631}],"timeband_id":892,"links":[],"end":"2022-08-13T19:00:00.000-0000","id":49213,"begin_timestamp":{"seconds":1660414800,"nanoseconds":0},"village_id":9,"tag_ids":[40252,45340,45350,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48631}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Cloud Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Cloud Village)","id":45431},"spans_timebands":"N","updated":"2022-07-31T15:59:00.000-0000","begin":"2022-08-13T18:20:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Three Time's a Charm: Our Experience at the Public Hacking Trials of the Brazilian Election Systems","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#9d9a7e","name":"Voting Village","id":45387},"end_timestamp":{"seconds":1660417200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1660259160,"nanoseconds":0},"speakers":[{"content_ids":[49765],"conference_id":65,"event_ids":[49963],"name":"Ivo de Carvalho Peixinho","affiliations":[{"organization":"","title":"Cybercrime Researcher and Forensic Expert"}],"links":[],"pronouns":null,"media":[],"id":49104,"title":"Cybercrime Researcher and Forensic Expert"}],"timeband_id":892,"links":[],"end":"2022-08-13T19:00:00.000-0000","id":49963,"begin_timestamp":{"seconds":1660413600,"nanoseconds":0},"village_id":34,"tag_ids":[40279,45348,45387,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49104}],"tags":"Pre-Recorded Content","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 313-314, 320 (Voting Village)","hotel":"","short_name":"313-314, 320 (Voting Village)","id":45416},"spans_timebands":"N","updated":"2022-08-11T23:06:00.000-0000","begin":"2022-08-13T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Most people think that incident response only involves using cool tools in detecting and responding to cyber threats. However, there are other aspects of incident response work that deal with the other IR phases that may be overlooked. One of the ways to prepare to respond to a cyber security incident is to stage tabletop exercises and produce IR reports for the lessons learned phase. Did you know that an understanding of creative writing and plot structure will help you create tabletop exercises that are engaging and write IR reports which are easier to understand?\n\n\n","title":"How my High School Creative Writing Class Helped Me Become a Better Incident Responder","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#74a6bb","name":"DEF CON Groups VR","id":45449},"android_description":"Most people think that incident response only involves using cool tools in detecting and responding to cyber threats. However, there are other aspects of incident response work that deal with the other IR phases that may be overlooked. One of the ways to prepare to respond to a cyber security incident is to stage tabletop exercises and produce IR reports for the lessons learned phase. Did you know that an understanding of creative writing and plot structure will help you create tabletop exercises that are engaging and write IR reports which are easier to understand?","end_timestamp":{"seconds":1660417200,"nanoseconds":0},"updated_timestamp":{"seconds":1660257300,"nanoseconds":0},"speakers":[{"content_ids":[49756],"conference_id":65,"event_ids":[49954],"name":"GyledC","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/GyledC"}],"media":[],"id":49094}],"timeband_id":892,"links":[{"label":"URL","type":"link","url":"https://account.altvr.com/events/2059997537997160822"}],"end":"2022-08-13T19:00:00.000-0000","id":49954,"tag_ids":[45374,45449],"begin_timestamp":{"seconds":1660413600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49094}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - DEF CON Groups VR","hotel":"","short_name":"DEF CON Groups VR","id":45523},"begin":"2022-08-13T18:00:00.000-0000","updated":"2022-08-11T22:35:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"We all know a little about ML and NLP, and have maybe used it for some projects - but add a little ‘quantum’ and amazing things emerge! \n\n\n","title":"QML/QNLP workshop/showcase","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#aae997","name":"Quantum Village","id":45382},"android_description":"We all know a little about ML and NLP, and have maybe used it for some projects - but add a little ‘quantum’ and amazing things emerge!","end_timestamp":{"seconds":1660417200,"nanoseconds":0},"updated_timestamp":{"seconds":1660333260,"nanoseconds":0},"speakers":[{"content_ids":[49707],"conference_id":65,"event_ids":[49897],"name":"Thomas Cervoni","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49054}],"timeband_id":892,"links":[],"end":"2022-08-13T19:00:00.000-0000","id":49897,"begin_timestamp":{"seconds":1660413600,"nanoseconds":0},"tag_ids":[40266,45340,45373,45382,45450],"village_id":24,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49054}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 217 (Quantum Village)","hotel":"","short_name":"217 (Quantum Village)","id":45403},"begin":"2022-08-13T18:00:00.000-0000","updated":"2022-08-12T19:41:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Log4J was a merry Christmas call for many teams around the world. This talk will share our story of how we were among the first to respond to in-the-wild attacks, helping the community manage and understand how to prepare for such an incident.\r\n\r\nLog4J did not catch us unaware, but we did not connect the dots at first. Who would have guessed that chatter of a new vulnerability in Minecraft is related to a wave of coinminer incidents we responded to?\r\n\r\nThis talk will cover the line between threat intelligence, responding to cyber incidents, releasing open-source tools, and helping our customers and the community!\r\n\r\nWe will not focus on the technical analysis of the vulnerability (there are plenty of talks like that already). Instead, our focus is on how an organization prepares for such incidents ahead of time. For example, laying the pieces in place to be ready for the unknown (e.g., being aware of vulnerabilities in vendor appliances before they are!)\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#5978bc","name":"AppSec Village","id":45378},"title":"The Log4J Rollercoaster - from an incident response perspective","end_timestamp":{"seconds":1660417200,"nanoseconds":0},"android_description":"Log4J was a merry Christmas call for many teams around the world. This talk will share our story of how we were among the first to respond to in-the-wild attacks, helping the community manage and understand how to prepare for such an incident.\r\n\r\nLog4J did not catch us unaware, but we did not connect the dots at first. Who would have guessed that chatter of a new vulnerability in Minecraft is related to a wave of coinminer incidents we responded to?\r\n\r\nThis talk will cover the line between threat intelligence, responding to cyber incidents, releasing open-source tools, and helping our customers and the community!\r\n\r\nWe will not focus on the technical analysis of the vulnerability (there are plenty of talks like that already). Instead, our focus is on how an organization prepares for such incidents ahead of time. For example, laying the pieces in place to be ready for the unknown (e.g., being aware of vulnerabilities in vendor appliances before they are!)","updated_timestamp":{"seconds":1659917160,"nanoseconds":0},"speakers":[{"content_ids":[49646],"conference_id":65,"event_ids":[49830],"name":"Brenton Morris","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/brenton-morris-03a84a80/"}],"pronouns":null,"media":[],"id":49002},{"content_ids":[49646],"conference_id":65,"event_ids":[49830],"name":"Guy Barnhart-Magen","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/guy-barnhart-magen/"}],"pronouns":null,"media":[],"id":49009}],"timeband_id":892,"links":[],"end":"2022-08-13T19:00:00.000-0000","id":49830,"village_id":4,"begin_timestamp":{"seconds":1660413600,"nanoseconds":0},"tag_ids":[40278,45340,45378,45431,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49002},{"tag_id":565,"sort_order":1,"person_id":49009}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45421,"name":"Flamingo - Twilight Ballroom - AppSec Village - Main Stage","hotel":"","short_name":"Main Stage","id":45517},"spans_timebands":"N","begin":"2022-08-13T18:00:00.000-0000","updated":"2022-08-08T00:06:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"All the cool kids are using obscure programming languages to write malware nowadays. Offensive security professionals (as well as threat actors with cool names) are increasingly wrapping their malware in languages such as Go, Rust, or Nim. This talk will break down why Nim is a prime candidate for malware development and how it allows you to write low-level functionality without having to bother learning \"\"actually complicated\"\" low-level languages such as C.\r\n\r\nWe will dive into the intricacies of various open-source Nim tools and analyze how they manage to evade defenses such as AV and EDR, providing you with the foundation needed to get started building your own Nim-based malware. If you're interested in learning Nim, malware development, or are just tagging along to build better detections - consider this your invitation into the wondrous world of Nim malware.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#54ab76","name":"Adversary Village","id":45377},"title":"Nimbly Navigating a Nimiety of Nimplants: Writing Nim Malware Like The Cool Kids","end_timestamp":{"seconds":1660416300,"nanoseconds":0},"android_description":"All the cool kids are using obscure programming languages to write malware nowadays. Offensive security professionals (as well as threat actors with cool names) are increasingly wrapping their malware in languages such as Go, Rust, or Nim. This talk will break down why Nim is a prime candidate for malware development and how it allows you to write low-level functionality without having to bother learning \"\"actually complicated\"\" low-level languages such as C.\r\n\r\nWe will dive into the intricacies of various open-source Nim tools and analyze how they manage to evade defenses such as AV and EDR, providing you with the foundation needed to get started building your own Nim-based malware. If you're interested in learning Nim, malware development, or are just tagging along to build better detections - consider this your invitation into the wondrous world of Nim malware.","updated_timestamp":{"seconds":1659888600,"nanoseconds":0},"speakers":[{"content_ids":[49584],"conference_id":65,"event_ids":[49796],"name":"Cas Van Cooten","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/chvancooten/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/chvancooten"}],"pronouns":null,"media":[],"id":48940}],"timeband_id":892,"links":[],"end":"2022-08-13T18:45:00.000-0000","id":49796,"village_id":1,"tag_ids":[40246,45340,45373,45377,45451],"begin_timestamp":{"seconds":1660413600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48940}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"updated":"2022-08-07T16:10:00.000-0000","begin":"2022-08-13T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ada5dd","name":"Red Team Village","id":45385},"title":"Phishing With Phineas (Again) - Steroid Boosted Hack Recreation Workshop","end_timestamp":{"seconds":1660417200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659679320,"nanoseconds":0},"speakers":[{"content_ids":[49444],"conference_id":65,"event_ids":[49648],"name":"George Karantzas","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48821}],"timeband_id":892,"links":[],"end":"2022-08-13T19:00:00.000-0000","id":49648,"village_id":27,"tag_ids":[40269,45332,45373,45385,45451],"begin_timestamp":{"seconds":1660413600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48821}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"updated":"2022-08-05T06:02:00.000-0000","begin":"2022-08-13T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"title":"OSINT Skills Lab Challenge","android_description":"","end_timestamp":{"seconds":1660417200,"nanoseconds":0},"updated_timestamp":{"seconds":1659679080,"nanoseconds":0},"speakers":[{"content_ids":[49440],"conference_id":65,"event_ids":[49635,49636,49637,49638,49639,49640,49641,49642,49643],"name":"Lee McWhorter","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/lee-mcwhorter/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/tleemcjr"}],"media":[],"id":48518},{"content_ids":[49440],"conference_id":65,"event_ids":[49635,49636,49637,49638,49639,49640,49641,49642,49643],"name":"Sandra Stibbards","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/camelotinvestigations/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/camelotinv"}],"media":[],"id":48531}],"timeband_id":892,"links":[],"end":"2022-08-13T19:00:00.000-0000","id":49640,"village_id":27,"begin_timestamp":{"seconds":1660413600,"nanoseconds":0},"tag_ids":[40269,45332,45373,45385,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48518},{"tag_id":565,"sort_order":1,"person_id":48531}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"updated":"2022-08-05T05:58:00.000-0000","begin":"2022-08-13T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"title":"HackerOps","android_description":"","end_timestamp":{"seconds":1660417200,"nanoseconds":0},"updated_timestamp":{"seconds":1659678600,"nanoseconds":0},"speakers":[{"content_ids":[49434],"conference_id":65,"event_ids":[49606,49607,49608,49609,49610,49611,49612,49613,49614,49615,49616],"name":"Ralph May","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48825}],"timeband_id":892,"links":[],"end":"2022-08-13T19:00:00.000-0000","id":49611,"begin_timestamp":{"seconds":1660413600,"nanoseconds":0},"village_id":27,"tag_ids":[40269,45332,45373,45385,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48825}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"begin":"2022-08-13T18:00:00.000-0000","updated":"2022-08-05T05:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Cyber Resilience Bootcamp","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ada5dd","name":"Red Team Village","id":45385},"end_timestamp":{"seconds":1660417200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659678480,"nanoseconds":0},"speakers":[{"content_ids":[49433],"conference_id":65,"event_ids":[49599,49600,49601,49602,49603,49604,49605],"name":"Ron Taylor","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Gu5G0rman"}],"pronouns":null,"media":[],"id":48826}],"timeband_id":892,"links":[],"end":"2022-08-13T19:00:00.000-0000","id":49602,"begin_timestamp":{"seconds":1660413600,"nanoseconds":0},"village_id":27,"tag_ids":[40269,45332,45373,45385,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48826}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"spans_timebands":"N","updated":"2022-08-05T05:48:00.000-0000","begin":"2022-08-13T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Container and Kubernetes Offense","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"android_description":"","end_timestamp":{"seconds":1660417200,"nanoseconds":0},"updated_timestamp":{"seconds":1659678420,"nanoseconds":0},"speakers":[{"content_ids":[49432],"conference_id":65,"event_ids":[49596,49597,49598],"name":"Michael Mitchell","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48824}],"timeband_id":892,"links":[],"end":"2022-08-13T19:00:00.000-0000","id":49597,"village_id":27,"tag_ids":[40269,45332,45373,45385,45451],"begin_timestamp":{"seconds":1660413600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48824}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"spans_timebands":"N","begin":"2022-08-13T18:00:00.000-0000","updated":"2022-08-05T05:47:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Now that you‚Äôre familiar with the techniques used to bypass locks in some door installation, come and learn the remediations for these common bypasses. In this talk, you will learn how to protect against or harden against attacks such as the Under the Door attack, latch slipping, and more.\n\n\n","title":"Bypass 102","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#61ba95","name":"Physical Security Village","id":45381},"android_description":"Now that you‚Äôre familiar with the techniques used to bypass locks in some door installation, come and learn the remediations for these common bypasses. In this talk, you will learn how to protect against or harden against attacks such as the Under the Door attack, latch slipping, and more.","end_timestamp":{"seconds":1660415400,"nanoseconds":0},"updated_timestamp":{"seconds":1659624360,"nanoseconds":0},"speakers":[{"content_ids":[49393,49398,49399,49400],"conference_id":65,"event_ids":[49540,49545,49546,49547,49556,49557,49558],"name":"Karen Ng","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/hwenab"}],"media":[],"id":48801}],"timeband_id":892,"links":[],"end":"2022-08-13T18:30:00.000-0000","id":49547,"village_id":22,"tag_ids":[40264,45340,45373,45381,45450],"begin_timestamp":{"seconds":1660413600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48801}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 201-202 (Physical Security Village)","hotel":"","short_name":"201-202 (Physical Security Village)","id":45428},"spans_timebands":"N","begin":"2022-08-13T18:00:00.000-0000","updated":"2022-08-04T14:46:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"This presentation provides insights from a recent US government \"tiger team\" that worked to examine the maritime cybersecurity workforce gaps identified in the 2020 National Maritime Cybersecurity Plan from a National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework perspective in order to identify gaps in the existing framework as well as to develop proposals for new statements describing maritime cyber-specific task, skills, knowledge, and competencies that should be recommended for inclusion into future versions of the framework. In the process of doing so, the interagency group identified five, high-level strategic factors that are going to shape maritime cybersecurity workforce development for years to come.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#81f8bf","name":"ICS Village","id":45369},"title":"Describing Maritime Cyber work roles Using the NICE Framework","android_description":"This presentation provides insights from a recent US government \"tiger team\" that worked to examine the maritime cybersecurity workforce gaps identified in the 2020 National Maritime Cybersecurity Plan from a National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework perspective in order to identify gaps in the existing framework as well as to develop proposals for new statements describing maritime cyber-specific task, skills, knowledge, and competencies that should be recommended for inclusion into future versions of the framework. In the process of doing so, the interagency group identified five, high-level strategic factors that are going to shape maritime cybersecurity workforce development for years to come.","end_timestamp":{"seconds":1660415400,"nanoseconds":0},"updated_timestamp":{"seconds":1659473340,"nanoseconds":0},"speakers":[{"content_ids":[49334,49344,49345],"conference_id":65,"event_ids":[49434,49444,49445],"name":"Tyson B. Meadors","affiliations":[{"organization":"US Navy","title":"Cyber Warfare Engineer"}],"links":[],"pronouns":null,"media":[],"id":48772,"title":"Cyber Warfare Engineer at US Navy"}],"timeband_id":892,"links":[],"end":"2022-08-13T18:30:00.000-0000","id":49444,"village_id":15,"begin_timestamp":{"seconds":1660413600,"nanoseconds":0},"tag_ids":[40258,45340,45369,45375,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48772}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village)","hotel":"","short_name":"314 - 319 (ICS Village)","id":45430},"begin":"2022-08-13T18:00:00.000-0000","updated":"2022-08-02T20:49:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"B will show you the elusive art of “juicing” a deck of cards. Often referenced in heist/poker literature since the invention of playing cards for gambling, B will show you everything you need to apply this arcane method to a deck of cards.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#569d6e","name":"Rogues Village","id":45368},"title":"Juicing & Marking Cards","end_timestamp":{"seconds":1660417200,"nanoseconds":0},"android_description":"B will show you the elusive art of “juicing” a deck of cards. Often referenced in heist/poker literature since the invention of playing cards for gambling, B will show you everything you need to apply this arcane method to a deck of cards.","updated_timestamp":{"seconds":1659467460,"nanoseconds":0},"speakers":[{"content_ids":[49324],"conference_id":65,"event_ids":[49424],"name":"B","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48746}],"timeband_id":892,"links":[],"end":"2022-08-13T19:00:00.000-0000","id":49424,"village_id":29,"tag_ids":[40271,45332,45368,45453],"begin_timestamp":{"seconds":1660413600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48746}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Evolution (Rogues Village)","hotel":"","short_name":"Evolution (Rogues Village)","id":45407},"spans_timebands":"N","updated":"2022-08-02T19:11:00.000-0000","begin":"2022-08-13T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"What is the Info Sec Color Wheel?","type":{"conference_id":65,"conference":"DEFCON30","color":"#c497fa","updated_at":"2024-06-07T03:39+0000","name":"Girls Hack Village","id":45361},"android_description":"","end_timestamp":{"seconds":1660415400,"nanoseconds":0},"updated_timestamp":{"seconds":1659465660,"nanoseconds":0},"speakers":[{"content_ids":[49306],"conference_id":65,"event_ids":[49405],"name":"Saman Fatima","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/saman-fatima-30/"}],"pronouns":null,"media":[],"id":48734}],"timeband_id":892,"links":[],"end":"2022-08-13T18:30:00.000-0000","id":49405,"village_id":12,"tag_ids":[40255,45340,45361,45451],"begin_timestamp":{"seconds":1660413600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48734}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City III (Girls Hack Village)","hotel":"","short_name":"Virginia City III (Girls Hack Village)","id":45400},"updated":"2022-08-02T18:41:00.000-0000","begin":"2022-08-13T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"You've seen lockpickers open doors by manipulating pins. Such a tactic relies on ownership of pick tools and the knowledge of how to use them.\r\n\r\nYou may have witnessed hackers demonstrate the art of impressioning. Such a technique requires a working blank key that can be hand-filed into the correct shape in order to facilitate entry.\r\n\r\nBut have you ever seen a key fabricated before your eyes from nothing at all? With a raw ingot of metal ore, heat from a flame, and some subversive skill it's possible to re-create almost any key -- no matter how obscure -- via molding and casting. That is what this presentation entails: keys will be created using raw metal and fire. But not in a forge or foundry... this is a tactic that can be employed in the field by covert entry types who want a way to gain repeated access without having to carry around key blanks and specific tools specialized for every brand of lock.\r\n\r\nWhen you're casting a key from nothing, virtually any kind of mechanical lock becomes a valid target.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#856899","name":"Lock Pick Village","id":45362},"title":"Metal and Fire... Copying Keys via Mold and Cast Tactics","end_timestamp":{"seconds":1660415400,"nanoseconds":0},"android_description":"You've seen lockpickers open doors by manipulating pins. Such a tactic relies on ownership of pick tools and the knowledge of how to use them.\r\n\r\nYou may have witnessed hackers demonstrate the art of impressioning. Such a technique requires a working blank key that can be hand-filed into the correct shape in order to facilitate entry.\r\n\r\nBut have you ever seen a key fabricated before your eyes from nothing at all? With a raw ingot of metal ore, heat from a flame, and some subversive skill it's possible to re-create almost any key -- no matter how obscure -- via molding and casting. That is what this presentation entails: keys will be created using raw metal and fire. But not in a forge or foundry... this is a tactic that can be employed in the field by covert entry types who want a way to gain repeated access without having to carry around key blanks and specific tools specialized for every brand of lock.\r\n\r\nWhen you're casting a key from nothing, virtually any kind of mechanical lock becomes a valid target.","updated_timestamp":{"seconds":1659420300,"nanoseconds":0},"speakers":[{"content_ids":[49276],"conference_id":65,"event_ids":[49356],"name":"Deviant Ollam","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48702}],"timeband_id":892,"links":[],"end":"2022-08-13T18:30:00.000-0000","id":49356,"tag_ids":[40259,45340,45362,45373,45450],"begin_timestamp":{"seconds":1660413600,"nanoseconds":0},"village_id":17,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48702}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 203-204, 235 (Lock Pick Village)","hotel":"","short_name":"203-204, 235 (Lock Pick Village)","id":45399},"spans_timebands":"N","updated":"2022-08-02T06:05:00.000-0000","begin":"2022-08-13T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"\"From Apple iOS to LastPass to WPA/WPA2, decades-old password-based key derivation functions like PBKDF2 remain in widespread use across major enterprise systems today. Yet the advent of fast SHA-1 and SHA-256 ASICs and the increasing prevalence of credential stuffing and password spraying attacks have made password-based key derivation all but obsolete. Moreover, current key recovery standards (like NIST SP 800-57) suggest using a master key to recover lost passwords, creating a central point of failure and thus entirely defeating the purpose of user-derived keys. While multi-factor authentication is a great defense against credential stuffing, password-derived keys remain only as strong as the passwords they're based on. This talk will demonstrate how credential stuffing attacks can target data encrypted with password-derived keys and will propose a new KDF construction, \"\"multi-factor key derivation,\"\" that leverages novel cryptography to take advantage of all of a user's authentication factors in the key derivation process.\r\n\"\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#71c2b9","name":"Password Village","id":45351},"title":"So long, PBKDF2! The end of password-based key derivation","android_description":"\"From Apple iOS to LastPass to WPA/WPA2, decades-old password-based key derivation functions like PBKDF2 remain in widespread use across major enterprise systems today. Yet the advent of fast SHA-1 and SHA-256 ASICs and the increasing prevalence of credential stuffing and password spraying attacks have made password-based key derivation all but obsolete. Moreover, current key recovery standards (like NIST SP 800-57) suggest using a master key to recover lost passwords, creating a central point of failure and thus entirely defeating the purpose of user-derived keys. While multi-factor authentication is a great defense against credential stuffing, password-derived keys remain only as strong as the passwords they're based on. This talk will demonstrate how credential stuffing attacks can target data encrypted with password-derived keys and will propose a new KDF construction, \"\"multi-factor key derivation,\"\" that leverages novel cryptography to take advantage of all of a user's authentication factors in the key derivation process.\r\n\"","end_timestamp":{"seconds":1660413600,"nanoseconds":0},"updated_timestamp":{"seconds":1659403800,"nanoseconds":0},"speakers":[{"content_ids":[49154,49266],"conference_id":65,"event_ids":[49190,49338],"name":"Vivek Nair","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48615}],"timeband_id":892,"links":[],"end":"2022-08-13T18:00:00.000-0000","id":49338,"village_id":20,"tag_ids":[40262,45340,45351,45450],"begin_timestamp":{"seconds":1660413600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48615}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 218-219 (Password Village)","hotel":"","short_name":"218-219 (Password Village)","id":45419},"spans_timebands":"N","updated":"2022-08-02T01:30:00.000-0000","begin":"2022-08-13T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Developing and maintaining Aerospace systems for cyber resilient operation requires knowledge and insight into adversarial techniques and tactics. The historical origins of cyber risk assessment and cyber development standards center around an understanding of the threat actors who perpetrate attacks on Aerospace systems. This presentation cuts through the historical origins of that focus so developers and operators of aviation systems, space systems, and critical infrastructure can leverage that insight into effective adversarial targeting, capabilities required, and cyber effects that align with intent. Finally this talk describes specific actionable analysis that can help industry drive toward more cyber resilient Aerospace systems and get “Left of Boom” of adversarial cyber-attack.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#f5eab2","updated_at":"2024-06-07T03:39+0000","name":"Aerospace Village","id":45357},"title":"Cyber Threats Against Aviation Systems: The Only Threat Briefing You Really Need","end_timestamp":{"seconds":1660416600,"nanoseconds":0},"android_description":"Developing and maintaining Aerospace systems for cyber resilient operation requires knowledge and insight into adversarial techniques and tactics. The historical origins of cyber risk assessment and cyber development standards center around an understanding of the threat actors who perpetrate attacks on Aerospace systems. This presentation cuts through the historical origins of that focus so developers and operators of aviation systems, space systems, and critical infrastructure can leverage that insight into effective adversarial targeting, capabilities required, and cyber effects that align with intent. Finally this talk describes specific actionable analysis that can help industry drive toward more cyber resilient Aerospace systems and get “Left of Boom” of adversarial cyber-attack.","updated_timestamp":{"seconds":1659379500,"nanoseconds":0},"speakers":[{"content_ids":[49234],"conference_id":65,"event_ids":[49277],"name":"Teresa Merklin","affiliations":[{"organization":"Lockheed Martin","title":"Fellow attached to the Aeronautics Cyber Range"}],"links":[],"pronouns":null,"media":[],"id":48687,"title":"Fellow attached to the Aeronautics Cyber Range at Lockheed Martin"}],"timeband_id":892,"links":[],"end":"2022-08-13T18:50:00.000-0000","id":49277,"begin_timestamp":{"seconds":1660413600,"nanoseconds":0},"tag_ids":[40247,45340,45357,45450],"village_id":2,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48687}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","updated":"2022-08-01T18:45:00.000-0000","begin":"2022-08-13T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Take the test to join what has been considered to be one of the first hacker communities, amateur radio! The Ham Radio Village is back at DEF CON 30 to offer free amateur radio license exams to anyone who wishes to get their ham radio license. Examinees are encouraged to study on https://ham.study/, and may sign up here: https://ham.study/sessions/626c9a57d57aa149429eebf3/1\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#ed8d99","updated_at":"2024-06-07T03:39+0000","name":"Ham Radio Village","id":45355},"title":"Free Amateur Radio License Exams","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"android_description":"Take the test to join what has been considered to be one of the first hacker communities, amateur radio! The Ham Radio Village is back at DEF CON 30 to offer free amateur radio license exams to anyone who wishes to get their ham radio license. Examinees are encouraged to study on https://ham.study/, and may sign up here: https://ham.study/sessions/626c9a57d57aa149429eebf3/1","updated_timestamp":{"seconds":1659309180,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49261,"tag_ids":[40256,45341,45355,45451],"begin_timestamp":{"seconds":1660413600,"nanoseconds":0},"village_id":13,"includes":"","people":[],"tags":"Village Event","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City I (Ham Radio Village Exams)","hotel":"","short_name":"Virginia City I (Ham Radio Village Exams)","id":45426},"begin":"2022-08-13T18:00:00.000-0000","updated":"2022-07-31T23:13:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Cryptocurrency: A Bridge Across the Digital Divide","type":{"conference_id":65,"conference":"DEFCON30","color":"#8dc784","updated_at":"2024-06-07T03:39+0000","name":"BIC Village","id":45353},"end_timestamp":{"seconds":1660416300,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659305280,"nanoseconds":0},"speakers":[{"content_ids":[49200],"conference_id":65,"event_ids":[49241],"name":"Stephanie Barnes","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48663}],"timeband_id":892,"links":[],"end":"2022-08-13T18:45:00.000-0000","id":49241,"village_id":6,"tag_ids":[40249,45348,45353,45374],"begin_timestamp":{"seconds":1660413600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48663}],"tags":"Pre-Recorded Content","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - BIC Village","hotel":"","short_name":"BIC Village","id":45488},"begin":"2022-08-13T18:00:00.000-0000","updated":"2022-07-31T22:08:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Reinforcement learning (RL) is a class of machine learning where an agent learns the optimal actions to take to achieve short- and long-term objectives in the context of its environment. RL models are everywhere, from enabling autonomous vehicles to drive to assisting in diagnostic decision making in healthcare. They are used to make critical decisions with life-or-death implications, meaning the security and robustness of these models and the machine learning systems they comprise is extremely important.\r\n\r\nHowever, the threat model of these RL systems is not well understood. Traditional network and system security measures are expected to provide some level of protection from threat actors, but if an attacker can get past these, many post-exploitation threat vectors exist in the reinforcement learning model itself, which can be weaponized and lead to disastrous outcomes.\r\n\r\nIn this talk, I will provide a high-level overview of reinforcement learning and the classes of attacks used to compromise RL systems. I will also present and demo two RL attacks we developed that do not require in-depth machine learning expertise to implement: the initial perturbation attack and the Corrupted Replay Attack (CRA), an attack we created while doing this research. Both of these attacks will be available as part of our open-source toolkit, Counterfit, so attendees can use these attacks against a reinforcement learning model of their choice. Finally, I will speak about my practical experiences in this space, describing the repercussions of an adversary successfully executing these attacks in the wild.\r\n\r\nAttendees will walk away from this talk with the knowledge and tools to attack RL models, as well as an appreciation for the importance of properly securing machine learning systems.\n\n\n","title":"Hands-on Hacking of Reinforcement Learning Systems","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#7692ac","name":"AI Village","id":45330},"end_timestamp":{"seconds":1660416600,"nanoseconds":0},"android_description":"Reinforcement learning (RL) is a class of machine learning where an agent learns the optimal actions to take to achieve short- and long-term objectives in the context of its environment. RL models are everywhere, from enabling autonomous vehicles to drive to assisting in diagnostic decision making in healthcare. They are used to make critical decisions with life-or-death implications, meaning the security and robustness of these models and the machine learning systems they comprise is extremely important.\r\n\r\nHowever, the threat model of these RL systems is not well understood. Traditional network and system security measures are expected to provide some level of protection from threat actors, but if an attacker can get past these, many post-exploitation threat vectors exist in the reinforcement learning model itself, which can be weaponized and lead to disastrous outcomes.\r\n\r\nIn this talk, I will provide a high-level overview of reinforcement learning and the classes of attacks used to compromise RL systems. I will also present and demo two RL attacks we developed that do not require in-depth machine learning expertise to implement: the initial perturbation attack and the Corrupted Replay Attack (CRA), an attack we created while doing this research. Both of these attacks will be available as part of our open-source toolkit, Counterfit, so attendees can use these attacks against a reinforcement learning model of their choice. Finally, I will speak about my practical experiences in this space, describing the repercussions of an adversary successfully executing these attacks in the wild.\r\n\r\nAttendees will walk away from this talk with the knowledge and tools to attack RL models, as well as an appreciation for the importance of properly securing machine learning systems.","updated_timestamp":{"seconds":1659292800,"nanoseconds":0},"speakers":[{"content_ids":[49039],"conference_id":65,"event_ids":[49042],"name":"Dr. Amanda Minnich ","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48462}],"timeband_id":892,"links":[],"end":"2022-08-13T18:50:00.000-0000","id":49042,"begin_timestamp":{"seconds":1660413600,"nanoseconds":0},"tag_ids":[40248,45330,45450],"village_id":3,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48462}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (AI Village)","hotel":"","short_name":"220->236 (AI Village)","id":45410},"begin":"2022-08-13T18:00:00.000-0000","updated":"2022-07-31T18:40:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Manufacturers Disclosure Statement for Medical Device Security, or MDS2, has become increasingly ubiquitous as a source of information about the security capabilities of IoMT devices, but many organizations still find operationalizing the information contained within to be challenging. In this talk, learn how to best analyze the MDS2 form to gather security data, and how to leverage the data contained within the MDS2 form to improve your IoMT security posture across the device lifecycle, both for pre-procurement risk assessments and post-procurement management and hardening.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#a67a60","updated_at":"2024-06-07T03:39+0000","name":"Biohacking Village","id":45329},"title":"How to Leverage MDS2 Data for Medical Device Security","end_timestamp":{"seconds":1660417200,"nanoseconds":0},"android_description":"The Manufacturers Disclosure Statement for Medical Device Security, or MDS2, has become increasingly ubiquitous as a source of information about the security capabilities of IoMT devices, but many organizations still find operationalizing the information contained within to be challenging. In this talk, learn how to best analyze the MDS2 form to gather security data, and how to leverage the data contained within the MDS2 form to improve your IoMT security posture across the device lifecycle, both for pre-procurement risk assessments and post-procurement management and hardening.","updated_timestamp":{"seconds":1659108300,"nanoseconds":0},"speakers":[{"content_ids":[49019],"conference_id":65,"event_ids":[49022],"name":"Jeremy Linden","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jeremydlinden"}],"media":[],"id":48445}],"timeband_id":892,"links":[],"end":"2022-08-13T19:00:00.000-0000","id":49022,"begin_timestamp":{"seconds":1660413600,"nanoseconds":0},"tag_ids":[40277,45329,45373,45451],"village_id":5,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48445}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Laughlin I,II,III (Biohacking Village)","hotel":"","short_name":"Laughlin I,II,III (Biohacking Village)","id":45405},"updated":"2022-07-29T15:25:00.000-0000","begin":"2022-08-13T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Many players in the Buy Now Pay Later (BNPL) and merchant services industries are increasingly relying on digital footprint services when credit checks and national identification schemes are not easily available for different types of campaigns. There are a number of ethical considerations with this type of information is gathered and used along with regulatory issues that need to be considered.\n\n\n","title":"Ethical considerations in using digital footprints for verifying identities for online services","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#c3a2fb","name":"Retail Hacking Village","id":45327},"end_timestamp":{"seconds":1660417200,"nanoseconds":0},"android_description":"Many players in the Buy Now Pay Later (BNPL) and merchant services industries are increasingly relying on digital footprint services when credit checks and national identification schemes are not easily available for different types of campaigns. There are a number of ethical considerations with this type of information is gathered and used along with regulatory issues that need to be considered.","updated_timestamp":{"seconds":1659067440,"nanoseconds":0},"speakers":[{"content_ids":[48996,48997],"conference_id":65,"event_ids":[48998,48999],"name":"Larsbodian","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48434}],"timeband_id":892,"links":[],"end":"2022-08-13T19:00:00.000-0000","id":48999,"village_id":28,"begin_timestamp":{"seconds":1660413600,"nanoseconds":0},"tag_ids":[40270,45327,45373,45447,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48434}],"tags":"Discussion","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 310, 320 (Retail Hacking Village)","hotel":"","short_name":"310, 320 (Retail Hacking Village)","id":45408},"begin":"2022-08-13T18:00:00.000-0000","updated":"2022-07-29T04:04:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"This workshop will provide the basics of what web shells are, how they are typically used, defensive strategies to prevent them, and ways they can be detected in different layers of security. The detection layers that will be covered are antivirus/endpoint protection, file integrity monitoring, file system analysis, log analysis, network traffic analysis, and endpoint anomaly detection.\r\n\r\nParticipants will be provided with a virtual machine image that they could both exploit with web shells and perform threat hunting on.\r\n\r\nThe breakdown is roughly this:\r\n60-80 minutes - what web shells are, what they're used for, ways they can be detected\r\n20 minutes - overview of my perspective on what web threat hunting is and how it varies from conventional threat hunting (TLDR - if you're on the internet, you're always going to be attacked so it's not a matter of picking up an unknown threat so much as filtering through evidence to determine if an attack is actually dangerous)\r\n90+ minutes - hands-on exercises covering various ways to detect web shells such as file integrity monitoring, deobfuscation, YARA, dirty words, time stomping, etc. And then exploiting a vulnerable application and uploading a Web Shell and showing how it can be used to plunder data.\n\n\nWeb Shells are malicious web applications used for remote access. They've been used in many of the recent prominent breaches/vulnerabilities including Equifax, SolarWinds, and ProxyLogon and are used by APTs and other threats. With ProxyLogon, the FBI was authorized to remove them from victim machines.\r\n\r\nThis session will help you avoid telling your employer that the FBI is now doing volunteer admin work by teaching you about Web Shells, how to hunt for them, and doing hands-on hunting in a VM. A little groundwork goes a long way and this class will show what to do.","title":"Web Shell Hunting","type":{"conference_id":65,"conference":"DEFCON30","color":"#97ab92","updated_at":"2024-06-07T03:39+0000","name":"Blue Team Village","id":45376},"end_timestamp":{"seconds":1660428000,"nanoseconds":0},"android_description":"This workshop will provide the basics of what web shells are, how they are typically used, defensive strategies to prevent them, and ways they can be detected in different layers of security. The detection layers that will be covered are antivirus/endpoint protection, file integrity monitoring, file system analysis, log analysis, network traffic analysis, and endpoint anomaly detection.\r\n\r\nParticipants will be provided with a virtual machine image that they could both exploit with web shells and perform threat hunting on.\r\n\r\nThe breakdown is roughly this:\r\n60-80 minutes - what web shells are, what they're used for, ways they can be detected\r\n20 minutes - overview of my perspective on what web threat hunting is and how it varies from conventional threat hunting (TLDR - if you're on the internet, you're always going to be attacked so it's not a matter of picking up an unknown threat so much as filtering through evidence to determine if an attack is actually dangerous)\r\n90+ minutes - hands-on exercises covering various ways to detect web shells such as file integrity monitoring, deobfuscation, YARA, dirty words, time stomping, etc. And then exploiting a vulnerable application and uploading a Web Shell and showing how it can be used to plunder data.\n\n\nWeb Shells are malicious web applications used for remote access. They've been used in many of the recent prominent breaches/vulnerabilities including Equifax, SolarWinds, and ProxyLogon and are used by APTs and other threats. With ProxyLogon, the FBI was authorized to remove them from victim machines.\r\n\r\nThis session will help you avoid telling your employer that the FBI is now doing volunteer admin work by teaching you about Web Shells, how to hunt for them, and doing hands-on hunting in a VM. A little groundwork goes a long way and this class will show what to do.","updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48920],"conference_id":65,"event_ids":[48921],"name":"Joe Schottman","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48380}],"timeband_id":892,"links":[],"end":"2022-08-13T22:00:00.000-0000","id":48921,"village_id":7,"tag_ids":[40250,45340,45348,45374,45376],"begin_timestamp":{"seconds":1660413600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48380}],"tags":"Talk, Pre-Recorded Content","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45475,"name":"Virtual - BlueTeam Village - Workshops","hotel":"","short_name":"Workshops","id":45474},"updated":"2022-07-28T21:38:00.000-0000","begin":"2022-08-13T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Although file-less threats may require some sort of files to operate or indirectly use them in some part of their lifecycle (e.g., infection chain), their malicious activities are conducted only in the memory. The adversaries misuse the trusted applications or native utilities such as PowerShell and WMI to download and load malicious codes directly into memory and execute them without touching the hard disk. \r\n\r\nThe newly discovered file-less threat campaign utilizes an innovative technique for the first time to store and hide its shellcode in the Windows event logs, which will be loaded and used by a dropper in the last stage of the infection lifecycle. To put it simply, the file-less threat could be a nightmare for blue teams and threat hunters. \r\n\r\nThis technical talk will briefly explain the different categories of file-less threats; however, as the title suggests, the focus of this trilogy will be a file-less threat hunt via three different approaches as follows:\r\n\r\n•\tSystem Live Analysis: A few techniques such as running processes and lineage analysis, command-line Strings, masquerading and obfuscation, and port to process mapping will be used to look for the file-less threat traces on a live active system. \r\n\r\n•\tMemory Forensics: This is one of the most exciting parts as it dives into the main territory of file-less threats and examines PowerShell execution, process tree, hierarchy, and handles to look for any potential signs of threats.\r\n\r\n•\tNetwork Packet Investigation: Network conversations, malicious HTTP requests, files transferred, and adversaries' commands will be extracted from network packets (i.e., a sample PCAP file) to hunt the files-less threat used in the previous parts. \r\n\r\nFinally, a comparative review discusses the advantages and disadvantages of the above techniques. All the three approaches will be conducted using open-source and free tools, native operating system commands, and built-in utilities. The threat hunt hypothesis and educated guesses will be formulated based on the industrial test cases provided by MITRE ATT&CK, D3fend, and CAR [Cyber Analytics Repository].\n\n\nFile-less threats operate in silence and stealth, enabling adversaries to bypass automated cybersecurity, lurk in our digital wonderland, and avoid standard detections. They are hidden beasts in shadow! This technical talk will briefly explain the different types of file-less threats and the importance of threat hunting to combat them. A Windows-based file-less threat will also be hunted via the live system, memory, and network packet analysis, followed by a comparative discussion about each method's capabilities. The threat hunts' hypotheses used in this presentation are practical, and all will be mapped with MITRE knowledge bases.","title":"Threat Hunt Trilogy: A Beast in the Shadow!","type":{"conference_id":65,"conference":"DEFCON30","color":"#97ab92","updated_at":"2024-06-07T03:39+0000","name":"Blue Team Village","id":45376},"android_description":"Although file-less threats may require some sort of files to operate or indirectly use them in some part of their lifecycle (e.g., infection chain), their malicious activities are conducted only in the memory. The adversaries misuse the trusted applications or native utilities such as PowerShell and WMI to download and load malicious codes directly into memory and execute them without touching the hard disk. \r\n\r\nThe newly discovered file-less threat campaign utilizes an innovative technique for the first time to store and hide its shellcode in the Windows event logs, which will be loaded and used by a dropper in the last stage of the infection lifecycle. To put it simply, the file-less threat could be a nightmare for blue teams and threat hunters. \r\n\r\nThis technical talk will briefly explain the different categories of file-less threats; however, as the title suggests, the focus of this trilogy will be a file-less threat hunt via three different approaches as follows:\r\n\r\n•\tSystem Live Analysis: A few techniques such as running processes and lineage analysis, command-line Strings, masquerading and obfuscation, and port to process mapping will be used to look for the file-less threat traces on a live active system. \r\n\r\n•\tMemory Forensics: This is one of the most exciting parts as it dives into the main territory of file-less threats and examines PowerShell execution, process tree, hierarchy, and handles to look for any potential signs of threats.\r\n\r\n•\tNetwork Packet Investigation: Network conversations, malicious HTTP requests, files transferred, and adversaries' commands will be extracted from network packets (i.e., a sample PCAP file) to hunt the files-less threat used in the previous parts. \r\n\r\nFinally, a comparative review discusses the advantages and disadvantages of the above techniques. All the three approaches will be conducted using open-source and free tools, native operating system commands, and built-in utilities. The threat hunt hypothesis and educated guesses will be formulated based on the industrial test cases provided by MITRE ATT&CK, D3fend, and CAR [Cyber Analytics Repository].\n\n\nFile-less threats operate in silence and stealth, enabling adversaries to bypass automated cybersecurity, lurk in our digital wonderland, and avoid standard detections. They are hidden beasts in shadow! This technical talk will briefly explain the different types of file-less threats and the importance of threat hunting to combat them. A Windows-based file-less threat will also be hunted via the live system, memory, and network packet analysis, followed by a comparative discussion about each method's capabilities. The threat hunts' hypotheses used in this presentation are practical, and all will be mapped with MITRE knowledge bases.","end_timestamp":{"seconds":1660417200,"nanoseconds":0},"updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48917],"conference_id":65,"event_ids":[48918],"name":"Dr. Meisam Eslahi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48368}],"timeband_id":892,"links":[],"end":"2022-08-13T19:00:00.000-0000","id":48918,"village_id":7,"tag_ids":[40250,45332,45373,45376,45451],"begin_timestamp":{"seconds":1660413600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48368}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45475,"name":"Virtual - BlueTeam Village - Talks","hotel":"","short_name":"Talks","id":45473},"updated":"2022-07-28T21:38:00.000-0000","begin":"2022-08-13T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In the 60s, engineers working in a lab at Massachusettes General Hospital in Boston invented a programming environment for use in medical contexts. This is before C, before the Unix epoch, before the concept of an electronic medical records system even existed. But if you have medical records in the US, or if you've banked in the US, its likely that this language has touched your data. Since the 1960s, this language has been used in everything from EMRs to core banking to general database needs, and even is contained in apt to this day.\n\nThis is the Massachusettes General Hospital Utility Multi-Programming System. This is MUMPS.\n\nThis talk covers new research into common open-source MUMPS implementations, starting with an application that relies on MUMPS: the Department of Veterans Affairs' VistA EMR. We’ll cover a short history of VistA before diving into its guts and examining MUMPS, the language that VistA was written in. Then we'll talk about 30 memory bugs discovered while fuzzing open source MUMPS implementations before returning to VistA to cover critical vulnerabilities found in credential handling and login mechanisms. We'll close by taking a step back and asking questions about how we even got here in the first place, the right moves we made, and what we can do better.\n\n\n","title":"How To Get MUMPS Thirty Years Later (or, Hacking The Government via FOIA'd Code)","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"end_timestamp":{"seconds":1660416300,"nanoseconds":0},"android_description":"In the 60s, engineers working in a lab at Massachusettes General Hospital in Boston invented a programming environment for use in medical contexts. This is before C, before the Unix epoch, before the concept of an electronic medical records system even existed. But if you have medical records in the US, or if you've banked in the US, its likely that this language has touched your data. Since the 1960s, this language has been used in everything from EMRs to core banking to general database needs, and even is contained in apt to this day.\n\nThis is the Massachusettes General Hospital Utility Multi-Programming System. This is MUMPS.\n\nThis talk covers new research into common open-source MUMPS implementations, starting with an application that relies on MUMPS: the Department of Veterans Affairs' VistA EMR. We’ll cover a short history of VistA before diving into its guts and examining MUMPS, the language that VistA was written in. Then we'll talk about 30 memory bugs discovered while fuzzing open source MUMPS implementations before returning to VistA to cover critical vulnerabilities found in credential handling and login mechanisms. We'll close by taking a step back and asking questions about how we even got here in the first place, the right moves we made, and what we can do better.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48542,49114],"conference_id":65,"event_ids":[48583,49160],"name":"Zachary Minneker","affiliations":[{"organization":"","title":"Senior Security Engineer, Security Innovation"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/seiranib"}],"pronouns":null,"media":[],"id":47922,"title":"Senior Security Engineer, Security Innovation"}],"timeband_id":892,"end":"2022-08-13T18:45:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241815"}],"id":48583,"tag_ids":[45241,45279,45280,45375,45450],"village_id":null,"begin_timestamp":{"seconds":1660413600,"nanoseconds":0},"includes":"Exploit, Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47922}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"spans_timebands":"N","begin":"2022-08-13T18:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Windows 11 ships with a nifty feature called Power Automate, which lets users automate mundane processes. In a nutshell, Users can build custom processes and hand them to Microsoft, which in turn ensures they are distributed to all user machines or Office cloud, executed successfully and reports back to the cloud. You can probably already see where this is going..\nIn this presentation, we will show how Power Automate can be repurposed to power malware operations. We will demonstrate the full cycle of distributing payloads, bypassing perimeter controls, executing them on victim machines and exfiltrating data. All while using nothing but Windows baked-in and signed executables, and Office cloud services.\nWe will then take you behind the scenes and explore how this service works, what attack surface it exposes on the machine and in the cloud, and how it is enabled by-default and can be used without explicit user consent. We will also point out a few promising future research directions for the community to pursue.\nFinally, we will share an open-source command line tool to easily accomplish all of the above, so you will be able to add it into your Red Team arsenal and try out your own ideas.\n\n\n","title":"No-Code Malware: Windows 11 At Your Service","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"end_timestamp":{"seconds":1660416300,"nanoseconds":0},"android_description":"Windows 11 ships with a nifty feature called Power Automate, which lets users automate mundane processes. In a nutshell, Users can build custom processes and hand them to Microsoft, which in turn ensures they are distributed to all user machines or Office cloud, executed successfully and reports back to the cloud. You can probably already see where this is going..\nIn this presentation, we will show how Power Automate can be repurposed to power malware operations. We will demonstrate the full cycle of distributing payloads, bypassing perimeter controls, executing them on victim machines and exfiltrating data. All while using nothing but Windows baked-in and signed executables, and Office cloud services.\nWe will then take you behind the scenes and explore how this service works, what attack surface it exposes on the machine and in the cloud, and how it is enabled by-default and can be used without explicit user consent. We will also point out a few promising future research directions for the community to pursue.\nFinally, we will share an open-source command line tool to easily accomplish all of the above, so you will be able to add it into your Red Team arsenal and try out your own ideas.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48544,48567],"conference_id":65,"event_ids":[48565,48560],"name":"Michael Bargury","affiliations":[{"organization":"","title":"Co-Founder and CTO, Zenity.io"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/mbrg0"}],"media":[],"id":47865,"title":"Co-Founder and CTO, Zenity.io"}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241932"}],"end":"2022-08-13T18:45:00.000-0000","id":48560,"begin_timestamp":{"seconds":1660413600,"nanoseconds":0},"tag_ids":[45241,45279,45280,45281,45375,45450],"village_id":null,"includes":"Tool, Exploit, Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47865}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 401-410, 421 (Track 3)","hotel":"","short_name":"401-410, 421 (Track 3)","id":45374},"spans_timebands":"N","updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-13T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"My first hack was in 1958, and it was all my mother’s fault. Or perhaps I should also blame my father. They were both engineers and I got their DNA. As a kid I hacked phones… cuz, well, phones were expensive! (Cardboard was an important hacking tool.) At age 6 I made a decent living cuz I could fix tube TVs. True!\n \nIn roughly 1970 (thanks to NYU) we moved on to hacking Hollerith (punch) cards to avoid paying for telephone and our utilities, and of course, shenanigans.\n \nAs a recording studio designer and builder, we dumpster dived for technology from AT&T. We never threw anything out and learned how to repurpose and abuse tech from the 1940s.\n \nAs a rock’n’roll engineer, I learned to live with constant systems epic failures. Anything that could break would break: before a live TV event or a massive concert. Talk about lessons in Disaster Recovery and Incident Response.\n \nThis talk, chock full of pictures and stories from the past, covers my hacking path as a kid then as a necessary part of survival in the entertainment industry. 1958-1981.\n \nCome on down for the ride and see how 64 years of lessons learned can give you an entirely different view of Hacking and how and why I have embraced failure for both of my careers!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"title":"My First Hack Was in 1958 (Then A Career in Rock’n’Roll Taught Me About Security)","end_timestamp":{"seconds":1660416300,"nanoseconds":0},"android_description":"My first hack was in 1958, and it was all my mother’s fault. Or perhaps I should also blame my father. They were both engineers and I got their DNA. As a kid I hacked phones… cuz, well, phones were expensive! (Cardboard was an important hacking tool.) At age 6 I made a decent living cuz I could fix tube TVs. True!\n \nIn roughly 1970 (thanks to NYU) we moved on to hacking Hollerith (punch) cards to avoid paying for telephone and our utilities, and of course, shenanigans.\n \nAs a recording studio designer and builder, we dumpster dived for technology from AT&T. We never threw anything out and learned how to repurpose and abuse tech from the 1940s.\n \nAs a rock’n’roll engineer, I learned to live with constant systems epic failures. Anything that could break would break: before a live TV event or a massive concert. Talk about lessons in Disaster Recovery and Incident Response.\n \nThis talk, chock full of pictures and stories from the past, covers my hacking path as a kid then as a necessary part of survival in the entertainment industry. 1958-1981.\n \nCome on down for the ride and see how 64 years of lessons learned can give you an entirely different view of Hacking and how and why I have embraced failure for both of my careers!","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48543],"conference_id":65,"event_ids":[48534],"name":"Winn Schwartau","affiliations":[{"organization":"","title":"Security Thinker Since 1983"}],"pronouns":null,"links":[{"description":"","title":"Facebook","sort_order":0,"url":"https://www.facebook.com/winn.schwartau"},{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/winnschwartau/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/WinnSchwartau"},{"description":"","title":"Website","sort_order":0,"url":"https://www.winnschwartau.com/"}],"media":[],"id":47851,"title":"Security Thinker Since 1983"}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241818"}],"end":"2022-08-13T18:45:00.000-0000","id":48534,"tag_ids":[45241,45375,45450],"begin_timestamp":{"seconds":1660413600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47851}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 106-110, 138-139 (Track 2)","hotel":"","short_name":"106-110, 138-139 (Track 2)","id":45373},"updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-13T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In February of 2022, I received a LinkedIn connection request from an unknown account that appeared to be illegitimate. Investigation of the account confirmed that it was a fraudulent account, and led to my discovery of several dozen other clearly illegitimate accounts using the same “account laundering” methodology. Following this initial exploration, I conducted an in-depth analysis on the group of accounts to determine commonalities of behavior and potential links among the accounts.\r\n\r\nThis presentation will explore the results of the analysis of these accounts, information leading to potential initial attribution for the creator(s) of the accounts, as well as potential analysis of other groups of accounts using similar methodologies. In this session, participants will learn how this group of accounts works, as well as learning the mistakes in tradecraft that led to the identification of this group of accounts as illegitimate. This knowledge will be useful in detection of fraudulent accounts (including some methods that can be used by less technical audiences), as well as for creation of more plausible sockpuppet accounts for OSINT purposes.\n\n\n","title":"FOX STEED: Analysis of a Social Media Identity Laundering Campaign","type":{"conference_id":65,"conference":"DEFCON30","color":"#bab7d9","updated_at":"2024-06-07T03:39+0000","name":"Recon Village","id":45384},"end_timestamp":{"seconds":1660415700,"nanoseconds":0},"android_description":"In February of 2022, I received a LinkedIn connection request from an unknown account that appeared to be illegitimate. Investigation of the account confirmed that it was a fraudulent account, and led to my discovery of several dozen other clearly illegitimate accounts using the same “account laundering” methodology. Following this initial exploration, I conducted an in-depth analysis on the group of accounts to determine commonalities of behavior and potential links among the accounts.\r\n\r\nThis presentation will explore the results of the analysis of these accounts, information leading to potential initial attribution for the creator(s) of the accounts, as well as potential analysis of other groups of accounts using similar methodologies. In this session, participants will learn how this group of accounts works, as well as learning the mistakes in tradecraft that led to the identification of this group of accounts as illegitimate. This knowledge will be useful in detection of fraudulent accounts (including some methods that can be used by less technical audiences), as well as for creation of more plausible sockpuppet accounts for OSINT purposes.","updated_timestamp":{"seconds":1659974940,"nanoseconds":0},"speakers":[{"content_ids":[49725],"conference_id":65,"event_ids":[49915],"name":"Shea Nangle","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49068}],"timeband_id":892,"links":[],"end":"2022-08-13T18:35:00.000-0000","id":49915,"tag_ids":[40268,45340,45373,45384,45453],"village_id":26,"begin_timestamp":{"seconds":1660413000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49068}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social B and C (Recon Village)","hotel":"","short_name":"Social B and C (Recon Village)","id":45415},"updated":"2022-08-08T16:09:00.000-0000","begin":"2022-08-13T17:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The concept of PII, or personally identifying information, has guided critical decisions around privacy for years. Companies, governments, and consumers believe that protecting a limited subset of data points is sufficient to protect an individual’s privacy. But they’re dangerously wrong. This talk explains how the term “PII” died a long time ago, why it still lingers in undeath, and what we can do to protect privacy in the modern data era.\n\n\n","title":"PII: The Privacy Zombie","type":{"conference_id":65,"conference":"DEFCON30","color":"#ff88ea","updated_at":"2024-06-07T03:39+0000","name":"Crypto & Privacy Village","id":45347},"android_description":"The concept of PII, or personally identifying information, has guided critical decisions around privacy for years. Companies, governments, and consumers believe that protecting a limited subset of data points is sufficient to protect an individual’s privacy. But they’re dangerously wrong. This talk explains how the term “PII” died a long time ago, why it still lingers in undeath, and what we can do to protect privacy in the modern data era.","end_timestamp":{"seconds":1660415400,"nanoseconds":0},"updated_timestamp":{"seconds":1659214140,"nanoseconds":0},"speakers":[{"content_ids":[49163],"conference_id":65,"event_ids":[49199],"name":"Alisha Kloc","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48589}],"timeband_id":892,"links":[],"end":"2022-08-13T18:30:00.000-0000","id":49199,"village_id":10,"tag_ids":[40253,45347,45451],"begin_timestamp":{"seconds":1660412700,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48589}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"spans_timebands":"N","begin":"2022-08-13T17:45:00.000-0000","updated":"2022-07-30T20:49:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"This workshop aims to teach a methodology to tackle Disinformation Operations. We will use OSINT and SOCMINT techniques and tools along with Structured Analytical Intelligence Analysis Techniques and community initiatives that teach how much a counter disinformation operation resembles a cyber security incident response\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d5f67c","updated_at":"2024-06-07T03:39+0000","name":"Misinformation Village","id":45335},"title":"Mass Disinformation Operations - How to detect and assess Ops with OSINT & SOCMINT tools and techniques","end_timestamp":{"seconds":1660419000,"nanoseconds":0},"android_description":"This workshop aims to teach a methodology to tackle Disinformation Operations. We will use OSINT and SOCMINT techniques and tools along with Structured Analytical Intelligence Analysis Techniques and community initiatives that teach how much a counter disinformation operation resembles a cyber security incident response","updated_timestamp":{"seconds":1660363680,"nanoseconds":0},"speakers":[{"content_ids":[49072],"conference_id":65,"event_ids":[49075],"name":"Paula González Nagore","affiliations":[{"organization":"FutureSpaces","title":""}],"links":[],"pronouns":null,"media":[],"id":48488,"title":"FutureSpaces"}],"timeband_id":892,"links":[],"end":"2022-08-13T19:30:00.000-0000","id":49075,"begin_timestamp":{"seconds":1660412700,"nanoseconds":0},"village_id":18,"tag_ids":[40260,45332,45335,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48488}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (Misinformation Village)","hotel":"","short_name":"220->236 (Misinformation Village)","id":45402},"spans_timebands":"N","begin":"2022-08-13T17:45:00.000-0000","updated":"2022-08-13T04:08:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"What is Serverless? Serverless computing is a cloud computing execution model in which the cloud provider allocates machine resources on-demand, taking care of the servers on behalf of their customers.\r\n\r\n\"Serverless\" is a misnomer in the sense that servers are still used by cloud service providers to execute code for developers.\r\n\r\nHow does Serverless work? Where is this Serverless code executed? Who's in charge of securing it? There are many questions surrounding the topic of Serverless computing.\r\n\r\nIn this talk, I will present to you my research on Serverless Functions. I will show you how I managed to break the serverless interface barrier and what is hidden behind it. I will also show you how I managed to break out of the container that was supposed to contain my possibly malicious code and get to the underlying host.\r\n\r\nI will start by explaining what is Serverless and the idea behind it. I will show some prime examples of what Serverless is supposed to be used for. I will continue with a break out of the cloud provider interface to show you the infrastructure of the machine, the server of the serverless function, that is actually running the code.\r\n\r\nAfter that, I will begin walking you through my research and journey from the point of view of an attacker. I will show you how I discovered the image that the container was running and the steps I took to reverse engineer it.\r\n\r\nFrom there, the path to an elevation of privileges to root to escaping the container was short. I will walk you through a very old but useful exploit I used to escalate my containerized root access to a full-on container breakout.\r\nTo finish the talk, I will discuss some of the mitigations that were in place in this instance by the cloud provider, and why they were critical in this scenario.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#7caa57","updated_at":"2024-06-07T03:39+0000","name":"Cloud Village","id":45350},"title":"Who Contains the “Serverless” Containers?","android_description":"What is Serverless? Serverless computing is a cloud computing execution model in which the cloud provider allocates machine resources on-demand, taking care of the servers on behalf of their customers.\r\n\r\n\"Serverless\" is a misnomer in the sense that servers are still used by cloud service providers to execute code for developers.\r\n\r\nHow does Serverless work? Where is this Serverless code executed? Who's in charge of securing it? There are many questions surrounding the topic of Serverless computing.\r\n\r\nIn this talk, I will present to you my research on Serverless Functions. I will show you how I managed to break the serverless interface barrier and what is hidden behind it. I will also show you how I managed to break out of the container that was supposed to contain my possibly malicious code and get to the underlying host.\r\n\r\nI will start by explaining what is Serverless and the idea behind it. I will show some prime examples of what Serverless is supposed to be used for. I will continue with a break out of the cloud provider interface to show you the infrastructure of the machine, the server of the serverless function, that is actually running the code.\r\n\r\nAfter that, I will begin walking you through my research and journey from the point of view of an attacker. I will show you how I discovered the image that the container was running and the steps I took to reverse engineer it.\r\n\r\nFrom there, the path to an elevation of privileges to root to escaping the container was short. I will walk you through a very old but useful exploit I used to escalate my containerized root access to a full-on container breakout.\r\nTo finish the talk, I will discuss some of the mitigations that were in place in this instance by the cloud provider, and why they were critical in this scenario.","end_timestamp":{"seconds":1660414800,"nanoseconds":0},"updated_timestamp":{"seconds":1659283080,"nanoseconds":0},"speakers":[{"content_ids":[49176],"conference_id":65,"event_ids":[49212],"name":"Daniel Prizmant","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/pushrsp"}],"media":[],"id":48630}],"timeband_id":892,"links":[],"end":"2022-08-13T18:20:00.000-0000","id":49212,"tag_ids":[40252,45340,45350,45451],"village_id":9,"begin_timestamp":{"seconds":1660412400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48630}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Cloud Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Cloud Village)","id":45431},"begin":"2022-08-13T17:40:00.000-0000","updated":"2022-07-31T15:58:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"A judge tells you how and why Billions of U.S. taxpayer dollars were stolen by domestic and foreign hackers and scammers, with the help of the U.S. government. If you saw an attorney annihilate a bunch of hostile watermelons with a $19 homemade gun and homemade ammunition at the 2017 SkyTalks.. Well he's a Judge now.. and he has to deal with unemployment appeals from identity theft victims who are wondering why they mysteriously have to pay back unemployment programs in 6 different States. Oh.. and GUNS.. he talks about GUNS too..\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#a8c24b","updated_at":"2024-06-07T03:39+0000","name":"Skytalk","id":45291},"title":"What your stolen identity did on its CoViD vacation","end_timestamp":{"seconds":1660415100,"nanoseconds":0},"android_description":"A judge tells you how and why Billions of U.S. taxpayer dollars were stolen by domestic and foreign hackers and scammers, with the help of the U.S. government. If you saw an attorney annihilate a bunch of hostile watermelons with a $19 homemade gun and homemade ammunition at the 2017 SkyTalks.. Well he's a Judge now.. and he has to deal with unemployment appeals from identity theft victims who are wondering why they mysteriously have to pay back unemployment programs in 6 different States. Oh.. and GUNS.. he talks about GUNS too..","updated_timestamp":{"seconds":1658865540,"nanoseconds":0},"speakers":[{"content_ids":[48718,49391],"conference_id":65,"event_ids":[48725,49538],"name":"Judge Taylor","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/mingheemouse"}],"media":[],"id":48004}],"timeband_id":892,"links":[],"end":"2022-08-13T18:25:00.000-0000","id":48725,"begin_timestamp":{"seconds":1660412100,"nanoseconds":0},"village_id":30,"tag_ids":[40272,45291,45340,45373,45453],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48004}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45438,"name":"LINQ - BLOQ (SkyTalks 303)","hotel":"","short_name":"BLOQ (SkyTalks 303)","id":45413},"begin":"2022-08-13T17:35:00.000-0000","updated":"2022-07-26T19:59:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Trace Labs Search Party CTF is a non theoretical, gamified effort that allows for the crowdsourcing of contestants to perform a single task: Conduct open source intelligence operations to help find missing persons\r\n \r\nYou can have teams of 1-4 people, 4 person teams provide many benefits which include the coaching of more junior members. Often a great learning opportunity if you are able to pair up with OSINT veterans. Get your team together and join us in our Discord group to get started here: https://tracelabs.org/discord\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"title":"Trace Labs OSINT Search Party CTF - CTF Platform Open for Submissions","end_timestamp":{"seconds":1660426200,"nanoseconds":0},"android_description":"The Trace Labs Search Party CTF is a non theoretical, gamified effort that allows for the crowdsourcing of contestants to perform a single task: Conduct open source intelligence operations to help find missing persons\r\n \r\nYou can have teams of 1-4 people, 4 person teams provide many benefits which include the coaching of more junior members. Often a great learning opportunity if you are able to pair up with OSINT veterans. Get your team together and join us in our Discord group to get started here: https://tracelabs.org/discord","updated_timestamp":{"seconds":1659989340,"nanoseconds":0},"speakers":[],"timeband_id":892,"end":"2022-08-13T21:30:00.000-0000","links":[{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/864188734291705856"},{"label":"Discord","type":"link","url":"https://tracelabs.org/discord"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/240969"},{"label":"Twitter","type":"link","url":"https://twitter.com/tracelabs"},{"label":"Website","type":"link","url":"https://www.tracelabs.org/blog/dc-ctf"}],"id":49923,"begin_timestamp":{"seconds":1660411800,"nanoseconds":0},"tag_ids":[45360,45375,45450],"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"spans_timebands":"N","begin":"2022-08-13T17:30:00.000-0000","updated":"2022-08-08T20:09:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Join the RF Hackers for a presentation on how to RF CTF. All are welcome for this free to play game, documentation online for virtual players. https://github.com/rfhs/rfhs-wiki/wiki/RF-CTF-Virtual-HowToGetStarted\n\n\n","title":"RF CTF Kick Off Day 2","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8826b","updated_at":"2024-06-07T03:39+0000","name":"Radio Frequency Village","id":45383},"end_timestamp":{"seconds":1660415400,"nanoseconds":0},"android_description":"Join the RF Hackers for a presentation on how to RF CTF. All are welcome for this free to play game, documentation online for virtual players. https://github.com/rfhs/rfhs-wiki/wiki/RF-CTF-Virtual-HowToGetStarted","updated_timestamp":{"seconds":1659928380,"nanoseconds":0},"speakers":[{"content_ids":[49654,49655,49656],"conference_id":65,"event_ids":[49842,49843,49844],"name":"RF Hackers Village Staff","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/rfhackers"},{"description":"","title":"Website","sort_order":0,"url":"https://rfhackers.com"}],"media":[],"id":49024}],"timeband_id":892,"links":[],"end":"2022-08-13T18:30:00.000-0000","id":49843,"begin_timestamp":{"seconds":1660411800,"nanoseconds":0},"village_id":25,"tag_ids":[40267,45340,45373,45383,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49024}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Eldorado Ballroom (Radio Frequency Village)","hotel":"","short_name":"Eldorado Ballroom (Radio Frequency Village)","id":45427},"updated":"2022-08-08T03:13:00.000-0000","begin":"2022-08-13T17:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Adversary Wars CTF will have real world simulation CTF scenarios and challenges, where the adversaries can simulate attacks and learn new attack vectors, TTPs, techniques, etc. There would be combined exercises which include different levels of threat/adversary emulation and purple teaming.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#54ab76","updated_at":"2024-06-07T03:39+0000","name":"Adversary Village","id":45377},"title":"Adversary Wars CTF","android_description":"Adversary Wars CTF will have real world simulation CTF scenarios and challenges, where the adversaries can simulate attacks and learn new attack vectors, TTPs, techniques, etc. There would be combined exercises which include different levels of threat/adversary emulation and purple teaming.","end_timestamp":{"seconds":1660437000,"nanoseconds":0},"updated_timestamp":{"seconds":1659886920,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T00:30:00.000-0000","id":49783,"tag_ids":[40246,45358,45373,45377,45451],"village_id":1,"begin_timestamp":{"seconds":1660411800,"nanoseconds":0},"includes":"","people":[],"tags":"CTF","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"spans_timebands":"N","begin":"2022-08-13T17:30:00.000-0000","updated":"2022-08-07T15:42:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Adversary Simulator booth will have hands-on adversary emulation plans specific to a wide variety of threat-actors - ransomware, these are meant to provide the participant/visitor with a better understanding of the Adversary tactics.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#54ab76","name":"Adversary Village","id":45377},"title":"Adversary Booth","end_timestamp":{"seconds":1660419000,"nanoseconds":0},"android_description":"Adversary Simulator booth will have hands-on adversary emulation plans specific to a wide variety of threat-actors - ransomware, these are meant to provide the participant/visitor with a better understanding of the Adversary tactics.","updated_timestamp":{"seconds":1659886380,"nanoseconds":0},"speakers":[{"content_ids":[49570],"conference_id":65,"event_ids":[49776,49778,49779,49780,49781],"name":"Michael Kouremetis","affiliations":[{"organization":"MITRE Corporation","title":"Lead Cyber Operations Engineer and Group Lead"}],"links":[],"pronouns":null,"media":[],"id":48920,"title":"Lead Cyber Operations Engineer and Group Lead at MITRE Corporation"},{"content_ids":[49570],"conference_id":65,"event_ids":[49776,49778,49779,49780,49781],"name":"Melanie Chan","affiliations":[{"organization":"MITRE Corporation","title":"Senior Cybersecurity Engineer & Intern Coordinator"}],"links":[],"pronouns":null,"media":[],"id":48921,"title":"Senior Cybersecurity Engineer & Intern Coordinator at MITRE Corporation"},{"content_ids":[49570],"conference_id":65,"event_ids":[49776,49778,49779,49780,49781],"name":"Ethan Michalak","affiliations":[{"organization":"MITRE Corporation","title":"Cyber Security Intern"}],"links":[],"pronouns":null,"media":[],"id":48930,"title":"Cyber Security Intern at MITRE Corporation"},{"content_ids":[49570],"conference_id":65,"event_ids":[49776,49778,49779,49780,49781],"name":"Dean Lawrence","affiliations":[{"organization":"MITRE Corporation","title":"Software Systems Engineer"}],"links":[],"pronouns":null,"media":[],"id":48932,"title":"Software Systems Engineer at MITRE Corporation"},{"content_ids":[49570],"conference_id":65,"event_ids":[49776,49778,49779,49780,49781],"name":"Jay Yee","affiliations":[{"organization":"MITRE Corporation","title":"Senior Cyber Security Engineer, Defensive Cyber Operations"}],"links":[],"pronouns":null,"media":[],"id":48946,"title":"Senior Cyber Security Engineer, Defensive Cyber Operations at MITRE Corporation"}],"timeband_id":892,"links":[],"end":"2022-08-13T19:30:00.000-0000","id":49779,"begin_timestamp":{"seconds":1660411800,"nanoseconds":0},"village_id":1,"tag_ids":[40246,45364,45373,45377,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48932},{"tag_id":565,"sort_order":1,"person_id":48930},{"tag_id":565,"sort_order":1,"person_id":48946},{"tag_id":565,"sort_order":1,"person_id":48921},{"tag_id":565,"sort_order":1,"person_id":48920}],"tags":"Educational Event","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"spans_timebands":"N","updated":"2022-08-07T15:33:00.000-0000","begin":"2022-08-13T17:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Hackfortress is a unique blend of Team Fortress 2 and a computer security contest. Teams are made up of 6 TF2 players and 4 hackers, TF2 players duke it out while hackers are busy with challenges like application security, network security, social engineering, or reverse engineering. As teams start scoring they can redeem points in the hack fortress store for bonuses. Bonuses range from crits for the TF2, lighting the opposing team on fire, or preventing the other teams hackers from accessing the store. HackFortress challenges range from beginner to advanced, from serious to absurd.\r\n\r\nDeadline for registration is Friday at 17:00\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"title":"Hack Fortress","android_description":"Hackfortress is a unique blend of Team Fortress 2 and a computer security contest. Teams are made up of 6 TF2 players and 4 hackers, TF2 players duke it out while hackers are busy with challenges like application security, network security, social engineering, or reverse engineering. As teams start scoring they can redeem points in the hack fortress store for bonuses. Bonuses range from crits for the TF2, lighting the opposing team on fire, or preventing the other teams hackers from accessing the store. HackFortress challenges range from beginner to advanced, from serious to absurd.\r\n\r\nDeadline for registration is Friday at 17:00","end_timestamp":{"seconds":1660444200,"nanoseconds":0},"updated_timestamp":{"seconds":1660239240,"nanoseconds":0},"speakers":[],"timeband_id":892,"end":"2022-08-14T02:30:00.000-0000","links":[{"label":"Registration","type":"link","url":"https://docs.google.com/forms/d/e/1FAIpQLSdupEkgL7m9mELjzKkjgTaMVMSQgY4kkOLBZbXA33Dqtb4CNQ/viewform?fbzx=9038029964706703259"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241394"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711643831275225125"},{"label":"Twitter","type":"link","url":"https://twitter.com/tf2shmoo"},{"label":"Website","type":"link","url":"http://hackfortress.net"}],"id":49770,"village_id":null,"tag_ids":[45360,45373,45450],"begin_timestamp":{"seconds":1660411800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"updated":"2022-08-11T17:34:00.000-0000","begin":"2022-08-13T17:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"There are loads of ways to get through a door without actually attacking the lock itself, including using the egress hardware, access control hardware, and countless other techniques to gain entry. Learn the basics in this talk.\n\n\n","title":"Bypass 101","type":{"conference_id":65,"conference":"DEFCON30","color":"#61ba95","updated_at":"2024-06-07T03:39+0000","name":"Physical Security Village","id":45381},"android_description":"There are loads of ways to get through a door without actually attacking the lock itself, including using the egress hardware, access control hardware, and countless other techniques to gain entry. Learn the basics in this talk.","end_timestamp":{"seconds":1660413600,"nanoseconds":0},"updated_timestamp":{"seconds":1659624300,"nanoseconds":0},"speakers":[{"content_ids":[49393,49398,49399,49400],"conference_id":65,"event_ids":[49540,49545,49546,49547,49556,49557,49558],"name":"Karen Ng","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/hwenab"}],"media":[],"id":48801}],"timeband_id":892,"links":[],"end":"2022-08-13T18:00:00.000-0000","id":49546,"begin_timestamp":{"seconds":1660411800,"nanoseconds":0},"village_id":22,"tag_ids":[40264,45340,45373,45381,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48801}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 201-202 (Physical Security Village)","hotel":"","short_name":"201-202 (Physical Security Village)","id":45428},"begin":"2022-08-13T17:30:00.000-0000","updated":"2022-08-04T14:45:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#c497fa","name":"Girls Hack Village","id":45361},"title":"Opportunity Fuels Grit","android_description":"","end_timestamp":{"seconds":1660413600,"nanoseconds":0},"updated_timestamp":{"seconds":1659465600,"nanoseconds":0},"speakers":[{"content_ids":[48939,49305],"conference_id":65,"event_ids":[48939,49404],"name":"Tanisha O'Donoghue","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/tanisha-o-donoghue/"}],"media":[],"id":48363}],"timeband_id":892,"links":[],"end":"2022-08-13T18:00:00.000-0000","id":49404,"tag_ids":[40255,45340,45361,45451],"begin_timestamp":{"seconds":1660411800,"nanoseconds":0},"village_id":12,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48363}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City III (Girls Hack Village)","hotel":"","short_name":"Virginia City III (Girls Hack Village)","id":45400},"updated":"2022-08-02T18:40:00.000-0000","begin":"2022-08-13T17:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Capture The Packet is returning to DEF CON! Our legendary cyber defense competition has been a Black Badge contest for over 10 years! Glory and prizes await. Follow this event on Twitter at @Capturetp for the latest information on competition dates and times, as well as prizes. \r\n\r\nLast round for Friday kicks off at 16:00.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"title":"Capture The Packet Preliminaries","end_timestamp":{"seconds":1660417200,"nanoseconds":0},"android_description":"Capture The Packet is returning to DEF CON! Our legendary cyber defense competition has been a Black Badge contest for over 10 years! Glory and prizes await. Follow this event on Twitter at @Capturetp for the latest information on competition dates and times, as well as prizes. \r\n\r\nLast round for Friday kicks off at 16:00.","updated_timestamp":{"seconds":1659455520,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[{"label":"Website","type":"link","url":"https://capturethepacket.com"},{"label":"Twitter","type":"link","url":"https://twitter.com/Capturetp"}],"end":"2022-08-13T19:00:00.000-0000","id":49374,"village_id":19,"tag_ids":[40261,45359,45360,45373,45450],"begin_timestamp":{"seconds":1660411800,"nanoseconds":0},"includes":"","people":[],"tags":"Competition","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"spans_timebands":"N","begin":"2022-08-13T17:30:00.000-0000","updated":"2022-08-02T15:52:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":" This presentation will provide a short primer on Quantum Communications in the Aerospace (Communications, Computing and Cybersecurity). We will cover what Quantum Communications overpromises (It will make you coffee in the morning) & talk about the right tools for the right job. Finally, an overview of the engineering challenges to implementing a QKD system in space will also be discussed.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#f5eab2","updated_at":"2024-06-07T03:39+0000","name":"Aerospace Village","id":45357},"title":"Quantum Snake Oil? What Ailments Can It Cure?","android_description":"This presentation will provide a short primer on Quantum Communications in the Aerospace (Communications, Computing and Cybersecurity). We will cover what Quantum Communications overpromises (It will make you coffee in the morning) & talk about the right tools for the right job. Finally, an overview of the engineering challenges to implementing a QKD system in space will also be discussed.","end_timestamp":{"seconds":1660413300,"nanoseconds":0},"updated_timestamp":{"seconds":1659379560,"nanoseconds":0},"speakers":[{"content_ids":[49233],"conference_id":65,"event_ids":[49276],"name":"Jose Pizarro","affiliations":[{"organization":"ESA","title":"System Engineer"}],"links":[],"pronouns":null,"media":[],"id":48680,"title":"System Engineer at ESA"}],"timeband_id":892,"links":[],"end":"2022-08-13T17:55:00.000-0000","id":49276,"tag_ids":[40247,45340,45357,45450],"begin_timestamp":{"seconds":1660411800,"nanoseconds":0},"village_id":2,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48680}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"begin":"2022-08-13T17:30:00.000-0000","updated":"2022-08-01T18:46:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"I looked at 3 different COVID at-home tests this year (2 used Bluetooth, one used a camera). I tried to identify weaknesses in these tests, and with the Bluetooth specific tests I was able to fake a positive test result. In theory, my research can be used to fake a negative result as well.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#a67a60","name":"Biohacking Village","id":45329},"title":"Faking Positive COVID Tests","android_description":"I looked at 3 different COVID at-home tests this year (2 used Bluetooth, one used a camera). I tried to identify weaknesses in these tests, and with the Bluetooth specific tests I was able to fake a positive test result. In theory, my research can be used to fake a negative result as well.","end_timestamp":{"seconds":1660413600,"nanoseconds":0},"updated_timestamp":{"seconds":1659108300,"nanoseconds":0},"speakers":[{"content_ids":[49018],"conference_id":65,"event_ids":[49021],"name":"Ken Gannon","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Yogehi"}],"pronouns":null,"media":[],"id":48448}],"timeband_id":892,"links":[],"end":"2022-08-13T18:00:00.000-0000","id":49021,"tag_ids":[40277,45329,45373,45451],"village_id":5,"begin_timestamp":{"seconds":1660411800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48448}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Laughlin I,II,III (Biohacking Village)","hotel":"","short_name":"Laughlin I,II,III (Biohacking Village)","id":45405},"spans_timebands":"N","updated":"2022-07-29T15:25:00.000-0000","begin":"2022-08-13T17:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Join us on a journey as we chase BloodHound through a compromised environment via host and network telemetry. We will dive quickly into detections to become better prepared for next time.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nJoin us on a journey as we chase BloodHound through a compromised environment via host and network telemetry. We will dive quickly into detections to become better prepared for next time.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","type":{"conference_id":65,"conference":"DEFCON30","color":"#97ab92","updated_at":"2024-06-07T03:39+0000","name":"Blue Team Village","id":45376},"title":"Obsidian CTH: Sniffing Compromise: Hunting for Bloodhound","end_timestamp":{"seconds":1660415400,"nanoseconds":0},"android_description":"Join us on a journey as we chase BloodHound through a compromised environment via host and network telemetry. We will dive quickly into detections to become better prepared for next time.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nJoin us on a journey as we chase BloodHound through a compromised environment via host and network telemetry. We will dive quickly into detections to become better prepared for next time.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48944],"conference_id":65,"event_ids":[48944],"name":"CerealKiller","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48332}],"timeband_id":892,"links":[],"end":"2022-08-13T18:30:00.000-0000","id":48944,"begin_timestamp":{"seconds":1660411800,"nanoseconds":0},"tag_ids":[40250,45332,45373,45376,45451],"village_id":7,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48332}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person)","hotel":"","short_name":"BTV Project Obsidian: Track 0x42 (In-person)","id":45472},"updated":"2022-07-28T21:38:00.000-0000","begin":"2022-08-13T17:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"A Live Forensics Walkthrough of Obsidian Kill Chain 3 (KC3) forensics analysis using Splunk and Security Onion\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nA Live Forensics Walkthrough of Obsidian Kill Chain 3 (KC3) forensics analysis using Splunk and Security Onion\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","type":{"conference_id":65,"conference":"DEFCON30","color":"#97ab92","updated_at":"2024-06-07T03:39+0000","name":"Blue Team Village","id":45376},"title":"Obsidian Forensics: KillChain3 - Continued Adventures in Splunk and Security Onion","android_description":"A Live Forensics Walkthrough of Obsidian Kill Chain 3 (KC3) forensics analysis using Splunk and Security Onion\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nA Live Forensics Walkthrough of Obsidian Kill Chain 3 (KC3) forensics analysis using Splunk and Security Onion\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","end_timestamp":{"seconds":1660415400,"nanoseconds":0},"updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48909,48924,48910],"conference_id":65,"event_ids":[48911,48912,48925],"name":"Wes Lambert","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48325},{"content_ids":[48909,48906,48924,48932,48910],"conference_id":65,"event_ids":[48908,48911,48912,48925,48933],"name":"Omenscan","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48341},{"content_ids":[48909,48931,48924,48938],"conference_id":65,"event_ids":[48911,48925,48932,48938],"name":"ExtremePaperClip","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48364}],"timeband_id":892,"links":[],"end":"2022-08-13T18:30:00.000-0000","id":48925,"village_id":7,"begin_timestamp":{"seconds":1660411800,"nanoseconds":0},"tag_ids":[40250,45332,45374,45376],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48364},{"tag_id":565,"sort_order":1,"person_id":48341},{"tag_id":565,"sort_order":1,"person_id":48325}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Main Stage (In-person)","hotel":"","short_name":"BTV Main Stage (In-person)","id":45470},"updated":"2022-07-28T21:38:00.000-0000","begin":"2022-08-13T17:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Project Obsidian Incident Response station will walk through the OODA loop and Jupyter Notebooks to help you investigate, document and answer the key questions during incidents.\r\nThis session is based on Kill Chain 3 data set and will leverage msticpy.\r\nData, Notebook and Presentation will be made available after Defcon.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nLet's dance and fly from dogfight to cyberworld. How to investigate and win against threats.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#97ab92","name":"Blue Team Village","id":45376},"title":"Obsidian: IR - OODA! An hour in incident responder life","end_timestamp":{"seconds":1660415400,"nanoseconds":0},"android_description":"Project Obsidian Incident Response station will walk through the OODA loop and Jupyter Notebooks to help you investigate, document and answer the key questions during incidents.\r\nThis session is based on Kill Chain 3 data set and will leverage msticpy.\r\nData, Notebook and Presentation will be made available after Defcon.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nLet's dance and fly from dogfight to cyberworld. How to investigate and win against threats.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48925,48905],"conference_id":65,"event_ids":[48907,48926],"name":"juju43","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48357}],"timeband_id":892,"links":[],"end":"2022-08-13T18:30:00.000-0000","id":48907,"tag_ids":[40250,45341,45373,45376,45451],"village_id":7,"begin_timestamp":{"seconds":1660411800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48357}],"tags":"Village Event","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person)","hotel":"","short_name":"BTV Project Obsidian: Track 0x41 (In-person)","id":45471},"begin":"2022-08-13T17:30:00.000-0000","updated":"2022-07-28T21:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#856899","updated_at":"2024-06-07T03:39+0000","name":"Lock Pick Village","id":45362},"title":"Intro to Lockpicking","android_description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.","end_timestamp":{"seconds":1660412700,"nanoseconds":0},"updated_timestamp":{"seconds":1659419820,"nanoseconds":0},"speakers":[{"content_ids":[49271],"conference_id":65,"event_ids":[49344,49345,49346,49347,49348,49349,49350,49351],"name":"TOOOL","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48697}],"timeband_id":892,"links":[],"end":"2022-08-13T17:45:00.000-0000","id":49347,"village_id":17,"tag_ids":[40259,45340,45362,45373,45450],"begin_timestamp":{"seconds":1660410900,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48697}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 203-204, 235 (Lock Pick Village)","hotel":"","short_name":"203-204, 235 (Lock Pick Village)","id":45399},"begin":"2022-08-13T17:15:00.000-0000","updated":"2022-08-02T05:57:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"To understate things, the 2020s have been a challenging time for AppSec. First, Corona took the hardware out of the office for everyone. Now, with a war in Ukraine activating hacktivists, patriotic hackers, and nation-state level actors are wreaking havoc on our apps and websites. Cyber-attacks are targeting the code and products of allied nations, pro-Russian, and pro-sanction companies.\r\n\r\nCome on a journey with a hacker who will share the top ten geopolitical gotchas in your AppSec and real-world examples. Through her experiences in several cyber warfare incidents as well as her recent experiences in Ukraine, Romania, Moldova, and Transnistria.\n\n\n","title":"WarTime AppSec","type":{"conference_id":65,"conference":"DEFCON30","color":"#5978bc","updated_at":"2024-06-07T03:39+0000","name":"AppSec Village","id":45378},"end_timestamp":{"seconds":1660413600,"nanoseconds":0},"android_description":"To understate things, the 2020s have been a challenging time for AppSec. First, Corona took the hardware out of the office for everyone. Now, with a war in Ukraine activating hacktivists, patriotic hackers, and nation-state level actors are wreaking havoc on our apps and websites. Cyber-attacks are targeting the code and products of allied nations, pro-Russian, and pro-sanction companies.\r\n\r\nCome on a journey with a hacker who will share the top ten geopolitical gotchas in your AppSec and real-world examples. Through her experiences in several cyber warfare incidents as well as her recent experiences in Ukraine, Romania, Moldova, and Transnistria.","updated_timestamp":{"seconds":1660409640,"nanoseconds":0},"speakers":[{"content_ids":[48703,48708,49784],"conference_id":65,"event_ids":[48711,48715,49997],"name":"Chris Kubecka","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/SecEvangelism"}],"media":[],"id":47994}],"timeband_id":892,"links":[],"end":"2022-08-13T18:00:00.000-0000","id":49997,"tag_ids":[40278,45340,45373,45378,45451],"begin_timestamp":{"seconds":1660410300,"nanoseconds":0},"village_id":4,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47994}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Twilight Ballroom (Appsec Village)","hotel":"","short_name":"Sunset-Twilight Ballroom (Appsec Village)","id":45421},"spans_timebands":"N","begin":"2022-08-13T17:05:00.000-0000","updated":"2022-08-13T16:54:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Show up with your dangerous things purchase, and our professional body mod artist will implant them for you.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#c3a2fb","name":"Retail Hacking Village","id":45327},"title":"Human Chip Implants","end_timestamp":{"seconds":1660424400,"nanoseconds":0},"android_description":"Show up with your dangerous things purchase, and our professional body mod artist will implant them for you.","updated_timestamp":{"seconds":1660267740,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-13T21:00:00.000-0000","id":49977,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"tag_ids":[40270,45327,45373,45450],"village_id":28,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 310, 320 (Retail Hacking Village)","hotel":"","short_name":"310, 320 (Retail Hacking Village)","id":45408},"updated":"2022-08-12T01:29:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"How is the cybersecurity industry going to recruit the next generation of cyber warriors? With the high workforce gap, we need a way to get the next generation interested in the field at a young age. Almost no high schools and only a few universities offer practical cybersecurity programs, and extracurricular cybersecurity programs are few and not well known.\n\n\n","title":"Building the Cybersecurity Workforce Pipeline: How to Recruit and Educate the Next Generation of Cyber Warriors","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#74a6bb","name":"DEF CON Groups VR","id":45449},"end_timestamp":{"seconds":1660413600,"nanoseconds":0},"android_description":"How is the cybersecurity industry going to recruit the next generation of cyber warriors? With the high workforce gap, we need a way to get the next generation interested in the field at a young age. Almost no high schools and only a few universities offer practical cybersecurity programs, and extracurricular cybersecurity programs are few and not well known.","updated_timestamp":{"seconds":1660257240,"nanoseconds":0},"speakers":[{"content_ids":[49755],"conference_id":65,"event_ids":[49953],"name":"CyberQueenMeg","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/cyberqueenmeg"}],"pronouns":null,"media":[],"id":49093}],"timeband_id":892,"end":"2022-08-13T18:00:00.000-0000","links":[{"label":"URL","type":"link","url":"https://account.altvr.com/events/2059997537997160822"}],"id":49953,"village_id":null,"tag_ids":[45374,45449],"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49093}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - DEF CON Groups VR","hotel":"","short_name":"DEF CON Groups VR","id":45523},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-11T22:34:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"pTFS is a hacker collective that has been competing in various DEF CON contests for almost 15 years.\r\n\r\nOutside the Box is a fun and interactive jeopardy style CTF contest. Don't worry if you don't know what that means. Winning will require demonstrating a wide range of hacking skills, but participating is encouraged for all ability levels. Challenges range from simple puzzles, to challenging crypto problems, to truly outside the box hijinks.\r\n\r\nMayhem Industries, a big multinational corporation, runs energy extraction and private military contracting all over the world. Our game begins with a tip that they're Up To Something on an oil rig in the Black Sea off the coast of Egypt. But what are they up to? How do you even hack an oil rig? Is this box with flashing light, exposed ports, and locked doors and ancient relic or of some extraterrestrial origin‽ Join us at DEF CON 30 to find out.\r\n\r\nFk Gl Hlnvgsrmt\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"title":"pTFS Presents: Mayhem Industries - Outside the Box","android_description":"pTFS is a hacker collective that has been competing in various DEF CON contests for almost 15 years.\r\n\r\nOutside the Box is a fun and interactive jeopardy style CTF contest. Don't worry if you don't know what that means. Winning will require demonstrating a wide range of hacking skills, but participating is encouraged for all ability levels. Challenges range from simple puzzles, to challenging crypto problems, to truly outside the box hijinks.\r\n\r\nMayhem Industries, a big multinational corporation, runs energy extraction and private military contracting all over the world. Our game begins with a tip that they're Up To Something on an oil rig in the Black Sea off the coast of Egypt. But what are they up to? How do you even hack an oil rig? Is this box with flashing light, exposed ports, and locked doors and ancient relic or of some extraterrestrial origin‽ Join us at DEF CON 30 to find out.\r\n\r\nFk Gl Hlnvgsrmt","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1660259940,"nanoseconds":0},"speakers":[],"timeband_id":892,"end":"2022-08-14T01:00:00.000-0000","links":[{"label":"Twitter","type":"link","url":"https://twitter.com/Mayhem_Ind"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/996933488735440966"},{"label":"Contest","type":"link","url":"https://mayhem-industries.net/"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/240978"}],"id":49936,"village_id":null,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"tag_ids":[45360,45375,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-11T23:19:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"SpaceX is developing a low latency broadband internet system known as Starlink, to provide satellite internet access to people around the planet - especially people in rural or remote areas with limited internet infrastructure. Starlink has provided service to individuals and nations in need, including recently for Ukraine. The SpaceX Starlink team will be at the RF Village with Starlink kits (user terminals and routers) as well as PCBA's. Come connect to the Starlink network and check out the service for yourself!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8826b","name":"Radio Frequency Village","id":45383},"title":"SpaceX & Starlink Satellite Internet","android_description":"SpaceX is developing a low latency broadband internet system known as Starlink, to provide satellite internet access to people around the planet - especially people in rural or remote areas with limited internet infrastructure. Starlink has provided service to individuals and nations in need, including recently for Ukraine. The SpaceX Starlink team will be at the RF Village with Starlink kits (user terminals and routers) as well as PCBA's. Come connect to the Starlink network and check out the service for yourself!","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1660011420,"nanoseconds":0},"speakers":[{"content_ids":[49736],"conference_id":65,"event_ids":[49928,49929],"name":"Starlink","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@SpaceX"},{"description":"","title":"Website","sort_order":0,"url":"https://www.starlink.com/"}],"pronouns":null,"media":[],"id":49071}],"timeband_id":892,"links":[{"label":"Website","type":"link","url":"https://starlink.com"},{"label":"Twitter","type":"link","url":"https://twitter.com/SpaceX"}],"end":"2022-08-14T01:00:00.000-0000","id":49929,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"tag_ids":[40267,45279,45373,45383,45451],"village_id":25,"includes":"Demo","people":[{"tag_id":565,"sort_order":1,"person_id":49071}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Eldorado Ballroom (Radio Frequency Village)","hotel":"","short_name":"Eldorado Ballroom (Radio Frequency Village)","id":45427},"updated":"2022-08-09T02:17:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Red Alert ICS CTF is a competition for Hackers by Hackers. The event exclusively focuses on having the participants break through several layers of security in our virtual SCADA environment and eventually take over complete control of the SCADA system.\r\n\r\nThe contest would house actual ICS (Industrial Control System) devices from various vendors on a testbed showcasing different sectors of critical infrastructure. The participants would be able to view and engage with the devices in real time and understand how each of them control each of the aspects of the testbed and leverage this to compromise the devices.\r\n\r\nRed Alert ICS CTF is back with a ton of fun challenges after successfully running the CTF at DEF CON 29, DEF CON 27 and DEF CON 26 (Black Badge).\r\n\r\nHighlights of the Red Alert ICS CTF is available at: https://youtu.be/AanKdrrQ0u0\r\n\r\nTeam Size: The team size is limited to a maximum of 4 players per team. Teams can have 1-4 players.\r\n\r\nAdditional Information: The toolkit required to access any of our specialized hardware/equipment will be provided by us.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"title":"Red Alert ICS CTF ","android_description":"Red Alert ICS CTF is a competition for Hackers by Hackers. The event exclusively focuses on having the participants break through several layers of security in our virtual SCADA environment and eventually take over complete control of the SCADA system.\r\n\r\nThe contest would house actual ICS (Industrial Control System) devices from various vendors on a testbed showcasing different sectors of critical infrastructure. The participants would be able to view and engage with the devices in real time and understand how each of them control each of the aspects of the testbed and leverage this to compromise the devices.\r\n\r\nRed Alert ICS CTF is back with a ton of fun challenges after successfully running the CTF at DEF CON 29, DEF CON 27 and DEF CON 26 (Black Badge).\r\n\r\nHighlights of the Red Alert ICS CTF is available at: https://youtu.be/AanKdrrQ0u0\r\n\r\nTeam Size: The team size is limited to a maximum of 4 players per team. Teams can have 1-4 players.\r\n\r\nAdditional Information: The toolkit required to access any of our specialized hardware/equipment will be provided by us.","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1659991380,"nanoseconds":0},"speakers":[],"timeband_id":892,"end":"2022-08-14T01:00:00.000-0000","links":[{"label":"YouTube","type":"link","url":"https://youtu.be/AanKdrrQ0u0"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241399"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/864187671776329738"},{"label":"Twitter","type":"link","url":"https://twitter.com/icsctf"}],"id":49925,"village_id":null,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"tag_ids":[45360,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-08T20:43:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Attack Surface Management Panel","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#bab7d9","name":"Recon Village","id":45384},"android_description":"","end_timestamp":{"seconds":1660413000,"nanoseconds":0},"updated_timestamp":{"seconds":1659974520,"nanoseconds":0},"speakers":[{"content_ids":[49724],"conference_id":65,"event_ids":[49914],"name":"Ben Sadeghipour","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/NahamSec"}],"media":[],"id":48502}],"timeband_id":892,"links":[],"end":"2022-08-13T17:50:00.000-0000","id":49914,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"tag_ids":[40268,45367,45373,45384,45453],"village_id":26,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48502}],"tags":"Panel","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social B and C (Recon Village)","hotel":"","short_name":"Social B and C (Recon Village)","id":45415},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-08T16:02:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Math without the tears ior homework! Come and learn the basics and have an 1-2-1 with the inside knowledge that makes quantum computing work.\r\n\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#aae997","updated_at":"2024-06-07T03:39+0000","name":"Quantum Village","id":45382},"title":"QC 101 workshop","android_description":"Math without the tears ior homework! Come and learn the basics and have an 1-2-1 with the inside knowledge that makes quantum computing work.","end_timestamp":{"seconds":1660413600,"nanoseconds":0},"updated_timestamp":{"seconds":1660427040,"nanoseconds":0},"speakers":[{"content_ids":[49699,49704,49713],"conference_id":65,"event_ids":[49894,49889,49903],"name":"Mark C","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49051}],"timeband_id":892,"links":[],"end":"2022-08-13T18:00:00.000-0000","id":49889,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":24,"tag_ids":[40266,45340,45373,45382,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49051}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 217 (Quantum Village)","hotel":"","short_name":"217 (Quantum Village)","id":45403},"spans_timebands":"N","begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-13T21:44:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Opulent Voice Opulent Voice is an open source high bitrate digital voice (and data) protocol. It's intended to be useful for both space and terrestrial deployments. We’re getting nice clear 16kbps OPUS audio out of the demodulator. See and hear a demonstration at the ORI exhibit in RF Village. We’ll be using COBS protocol within Opulent Voice. If you’re unfamiliar with COBS, please read about it here: https://en.wikipedia.org/wiki/Consistent_Overhead_Byte_Stuffing Authentication and authorization is built in and optional. There is no separate “packet mode”. Things are designed to “just work” and get out of your way whether or not you’re sending voice or data. Based on Mobilinkd codebase that implemented M17, the Opulent Voice development implementation can be found here: https://github.com/phase4ground/opv-cxx-demod Authentication and Authorization functions will be summarized in a poster presentation. Find out more about this work here: https://github.com/phase4ground/documents/tree/master/Engineering/AAAAA Ribbit Ribbit is an open source SMS data mode that leverages smart phone hardware. The free Android app produces digital audio that you transmit over your HT or any other audio coupled device. There will be poster explaining the architecture and you can pick up a Ribbit sticker with QR code for the free Android app at ORI's exhibit in RF Village. Regulatory Interested in being able to do more with open source satellites? We have some landmark regulatory results that solve a big problem for those of us in the US that have wanted to do open source satellite work without fear. See our poster in RF Village and find out more at the following link: https://github.com/phase4ground/documents/tree/master/Regulatory OpenRTX OpenRTX is a team based in Italy that specializes in open source firmware for a variety of platforms in the VHF/UHF digital voice world. They work on DMR and M17 implementations for the MD-380, and more. Pick up a business card and see a demonstration of OpenRTX's work at ORI's exhibit in RF Village. Tiny CTF We'll have the World's Smallest Wireless CTF! Come and find it and get a mission patch for successful solves of the challenge. More! There's plenty more. If you see a Volcano and friendly people, you've found the right place.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8826b","name":"Radio Frequency Village","id":45383},"title":"DEFCON Demonstrations and Presentations by Open Research Institute at RF Village","android_description":"Opulent Voice Opulent Voice is an open source high bitrate digital voice (and data) protocol. It's intended to be useful for both space and terrestrial deployments. We’re getting nice clear 16kbps OPUS audio out of the demodulator. See and hear a demonstration at the ORI exhibit in RF Village. We’ll be using COBS protocol within Opulent Voice. If you’re unfamiliar with COBS, please read about it here: https://en.wikipedia.org/wiki/Consistent_Overhead_Byte_Stuffing Authentication and authorization is built in and optional. There is no separate “packet mode”. Things are designed to “just work” and get out of your way whether or not you’re sending voice or data. Based on Mobilinkd codebase that implemented M17, the Opulent Voice development implementation can be found here: https://github.com/phase4ground/opv-cxx-demod Authentication and Authorization functions will be summarized in a poster presentation. Find out more about this work here: https://github.com/phase4ground/documents/tree/master/Engineering/AAAAA Ribbit Ribbit is an open source SMS data mode that leverages smart phone hardware. The free Android app produces digital audio that you transmit over your HT or any other audio coupled device. There will be poster explaining the architecture and you can pick up a Ribbit sticker with QR code for the free Android app at ORI's exhibit in RF Village. Regulatory Interested in being able to do more with open source satellites? We have some landmark regulatory results that solve a big problem for those of us in the US that have wanted to do open source satellite work without fear. See our poster in RF Village and find out more at the following link: https://github.com/phase4ground/documents/tree/master/Regulatory OpenRTX OpenRTX is a team based in Italy that specializes in open source firmware for a variety of platforms in the VHF/UHF digital voice world. They work on DMR and M17 implementations for the MD-380, and more. Pick up a business card and see a demonstration of OpenRTX's work at ORI's exhibit in RF Village. Tiny CTF We'll have the World's Smallest Wireless CTF! Come and find it and get a mission patch for successful solves of the challenge. More! There's plenty more. If you see a Volcano and friendly people, you've found the right place.","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1659928140,"nanoseconds":0},"speakers":[{"content_ids":[49653],"conference_id":65,"event_ids":[49839,49840,49841],"name":"Open Research Institute","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/company/open-research-institute-inc/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/OpenResearchIns"},{"description":"","title":"Website","sort_order":0,"url":"https://www.openresearch.institute/"}],"media":[],"id":49023}],"timeband_id":892,"end":"2022-08-14T01:00:00.000-0000","links":[{"label":"Getting Started","type":"link","url":"https://openresearch.institute/getting-started"}],"id":49840,"tag_ids":[40267,45349,45373,45383,45451],"village_id":25,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49023}],"tags":"Tool Demo","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Eldorado Ballroom (Radio Frequency Village)","hotel":"","short_name":"Eldorado Ballroom (Radio Frequency Village)","id":45427},"spans_timebands":"N","updated":"2022-08-08T03:09:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Stop by anytime we're open for 1:1 or small-group teaching about tamper-evident hardware, such as mechanical seals, adhesive seals, electronic seals, and mail tampering.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#b24887","name":"Tamper-Evident Village","id":45386},"title":"Learn at Tamper-Evident Village","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"android_description":"Stop by anytime we're open for 1:1 or small-group teaching about tamper-evident hardware, such as mechanical seals, adhesive seals, electronic seals, and mail tampering.","updated_timestamp":{"seconds":1659924660,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49837,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"tag_ids":[40276,45364,45373,45386,45450],"village_id":33,"includes":"","people":[],"tags":"Educational Event","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 203-204, 235 (Tamper Evident Village)","hotel":"","short_name":"203-204, 235 (Tamper Evident Village)","id":45412},"updated":"2022-08-08T02:11:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In February of this year, we worked with CISA to conduct the first: CVD related to an active, widely-used voting system (the Dominion Democracy Suite 5.5-A system) in order to disclose multiple vulnerabilities found through analysis and testing of the system as used in the state of Georgia (ICSA-22-151-01). Though initiated prior to and not focused on the November 2020 election, our research and efforts to disclose occurred in its shadow and with the November 2022 election on the horizon. Along with the urgency, overlapping primary elections ensured that the importance of \"getting it right\" was not lost but along the way, found discovered that \"right\" meant very different things to the various stakeholders. In this talk, we'll share our experiences and lessons-leamed from this journey, discuss how the advisory-sausage is actually made, and offer our analysis and opinions on the use of the standard CVD process for voting system vulnerabilities going-forward.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#9d9a7e","updated_at":"2024-06-07T03:39+0000","name":"Voting Village","id":45387},"title":"Dominion ImageCast X CVEs and reflections on CVD for election systems ","end_timestamp":{"seconds":1660411800,"nanoseconds":0},"android_description":"In February of this year, we worked with CISA to conduct the first: CVD related to an active, widely-used voting system (the Dominion Democracy Suite 5.5-A system) in order to disclose multiple vulnerabilities found through analysis and testing of the system as used in the state of Georgia (ICSA-22-151-01). Though initiated prior to and not focused on the November 2020 election, our research and efforts to disclose occurred in its shadow and with the November 2022 election on the horizon. Along with the urgency, overlapping primary elections ensured that the importance of \"getting it right\" was not lost but along the way, found discovered that \"right\" meant very different things to the various stakeholders. In this talk, we'll share our experiences and lessons-leamed from this journey, discuss how the advisory-sausage is actually made, and offer our analysis and opinions on the use of the standard CVD process for voting system vulnerabilities going-forward.","updated_timestamp":{"seconds":1659912840,"nanoseconds":0},"speakers":[{"content_ids":[49603,49605],"conference_id":65,"event_ids":[49817,49819],"name":"Assistant Professor Drew Springall","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/_aaspring_"},{"description":"","title":"Website","sort_order":0,"url":"https://aaspring.com"}],"pronouns":null,"media":[],"id":48951}],"timeband_id":892,"end":"2022-08-13T17:30:00.000-0000","links":[{"label":"Twitch","type":"link","url":"https://www.twitch.tv/votingvillagedc"},{"label":"YouTube","type":"link","url":"https://m.youtube.com/channel/UCnDevqsxt3sO8chqS5MGvwg"}],"id":49817,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":34,"tag_ids":[40279,45340,45348,45374,45387,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48951}],"tags":"Talk, Pre-Recorded Content","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 313-314, 320 (Voting Village)","hotel":"","short_name":"313-314, 320 (Voting Village)","id":45416},"spans_timebands":"N","updated":"2022-08-07T22:54:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Hack the Plan[e]t Capture the Flag (CTF) contest will feature Howdy Neighbor and the Industrial Control System (ICS) Range. This first of its kind CTF will integrate both Internet of Things (IoT) and ICS environments with interactive components for competitors to test their skills and knowledge.\r\n\r\nHowdy Neighbor is an interactive IoT CTF challenge where competitors can test their hacking skills and learn about common oversights made in development, configuration, and setup of IoT devices. Howdy Neighbor is a miniature home - made to be “smart” from basement to garage. It’s a test-bed for reverse engineering and hacking distinct consumerfocused smart devices, and to understand how the (in)security of individual devices can implicate the safety of your home or office, and ultimately your family or business. Within Howdy Neighbor there are over 25 emulated or real devices and over 50 vulnerabilities that have been staged as challenges. Each of the challenges are of varying levels to test a competitors ability to find vulnerabilities in an IoT environment. Howdy Neighbor’s challenges are composed of a real and simulated devices controlled by an App or Network interface and additional hardware sensors; each Howdy Neighbor device contains 1 to 3 staged vulnerabilities which when solved present a key for scoring/reporting that it was discovered.\r\n\r\nIn the same vein, this CTF challenge will also leverage the ICS Village’s ICS Ranges including physical and virtual environments to provide an additional testbed for more advanced challenges in critical infrastructure and ICS environments. There will be integrated elements from DHS/CISA with their ranges that are realistically miniaturized assets (ie operational oil and natural gas pipeline, etc.).\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#81f8bf","updated_at":"2024-06-07T03:39+0000","name":"ICS Village","id":45369},"title":"Hack the Plan[e]t CTF","android_description":"Hack the Plan[e]t Capture the Flag (CTF) contest will feature Howdy Neighbor and the Industrial Control System (ICS) Range. This first of its kind CTF will integrate both Internet of Things (IoT) and ICS environments with interactive components for competitors to test their skills and knowledge.\r\n\r\nHowdy Neighbor is an interactive IoT CTF challenge where competitors can test their hacking skills and learn about common oversights made in development, configuration, and setup of IoT devices. Howdy Neighbor is a miniature home - made to be “smart” from basement to garage. It’s a test-bed for reverse engineering and hacking distinct consumerfocused smart devices, and to understand how the (in)security of individual devices can implicate the safety of your home or office, and ultimately your family or business. Within Howdy Neighbor there are over 25 emulated or real devices and over 50 vulnerabilities that have been staged as challenges. Each of the challenges are of varying levels to test a competitors ability to find vulnerabilities in an IoT environment. Howdy Neighbor’s challenges are composed of a real and simulated devices controlled by an App or Network interface and additional hardware sensors; each Howdy Neighbor device contains 1 to 3 staged vulnerabilities which when solved present a key for scoring/reporting that it was discovered.\r\n\r\nIn the same vein, this CTF challenge will also leverage the ICS Village’s ICS Ranges including physical and virtual environments to provide an additional testbed for more advanced challenges in critical infrastructure and ICS environments. There will be integrated elements from DHS/CISA with their ranges that are realistically miniaturized assets (ie operational oil and natural gas pipeline, etc.).","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1659891840,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49811,"tag_ids":[40258,45358,45369,45373,45450],"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":15,"includes":"","people":[],"tags":"CTF","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45430,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village) - ICS CTF Area","hotel":"","short_name":"316 - 317 ICS CTF Area","id":45503},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-07T17:04:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The forms of authentication and data protection are becoming more and more robust, but the users remain the same. How to breach all those controls to capture credentials and the 2FA of one of the most used email clients in the world? The aim of this paper is to demonstrate how anyone without any advanced programming knowledge could easily do it. How? Social Engineering. Inspired by Alice in Wonderland a particular White RatBit will explain it.\n\n\n","title":"Drag us to Wonder Bad: a tale of how to be good people by capturing credentials and 2FA","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#54ab76","name":"Adversary Village","id":45377},"end_timestamp":{"seconds":1660412700,"nanoseconds":0},"android_description":"The forms of authentication and data protection are becoming more and more robust, but the users remain the same. How to breach all those controls to capture credentials and the 2FA of one of the most used email clients in the world? The aim of this paper is to demonstrate how anyone without any advanced programming knowledge could easily do it. How? Social Engineering. Inspired by Alice in Wonderland a particular White RatBit will explain it.","updated_timestamp":{"seconds":1659888600,"nanoseconds":0},"speakers":[{"content_ids":[49583],"conference_id":65,"event_ids":[49795],"name":"Daniel Isler","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Fr1endlyRATs"}],"pronouns":null,"media":[],"id":48934}],"timeband_id":892,"links":[],"end":"2022-08-13T17:45:00.000-0000","id":49795,"tag_ids":[40246,45340,45373,45377,45451],"village_id":1,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48934}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-07T16:10:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Hospital Under Siege is a scenario-driven Capture the Flag contest run by the Biohacking Village, pitting teams of participants against adversaries and against a clock, to protect human life and public safety. Participants will compete against each other on both real and simulated medical devices, in the fully immersive Biohacking Village: Device Lab, laid out as a working hospital. Teams of any size are welcome, as are players from all backgrounds and skill levels. Challenges will be tailored for all skill levels and draw from expertise areas including forensics, RF hacking, network exploitation techniques, web security, protocol reverse engineering, hardware hacking, and others.\r\n\r\nYou will hack actual medical devices and play with protocols like DICOM, HL7 and FHIR.\r\n\r\nVisit https://www.villageb.io/capturetheflag for more information.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"title":"Hospital Under Siege ","android_description":"Hospital Under Siege is a scenario-driven Capture the Flag contest run by the Biohacking Village, pitting teams of participants against adversaries and against a clock, to protect human life and public safety. Participants will compete against each other on both real and simulated medical devices, in the fully immersive Biohacking Village: Device Lab, laid out as a working hospital. Teams of any size are welcome, as are players from all backgrounds and skill levels. Challenges will be tailored for all skill levels and draw from expertise areas including forensics, RF hacking, network exploitation techniques, web security, protocol reverse engineering, hardware hacking, and others.\r\n\r\nYou will hack actual medical devices and play with protocols like DICOM, HL7 and FHIR.\r\n\r\nVisit https://www.villageb.io/capturetheflag for more information.","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1659746700,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[{"label":"Website & Rules","type":"link","url":"https://www.villageb.io/capturetheflag"},{"label":"CTFd","type":"link","url":"https://bhv.ctfd.io"},{"label":"Twitter","type":"link","url":"https://twitter.com/DC_BHV"}],"end":"2022-08-14T01:00:00.000-0000","id":49658,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":5,"tag_ids":[40277,45360,45375,45451],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Laughlin I,II,III (Biohacking Village)","hotel":"","short_name":"Laughlin I,II,III (Biohacking Village)","id":45405},"spans_timebands":"N","updated":"2022-08-06T00:45:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"OSINT Skills Lab Challenge","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"end_timestamp":{"seconds":1660413600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659679080,"nanoseconds":0},"speakers":[{"content_ids":[49440],"conference_id":65,"event_ids":[49635,49636,49637,49638,49639,49640,49641,49642,49643],"name":"Lee McWhorter","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/lee-mcwhorter/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/tleemcjr"}],"media":[],"id":48518},{"content_ids":[49440],"conference_id":65,"event_ids":[49635,49636,49637,49638,49639,49640,49641,49642,49643],"name":"Sandra Stibbards","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/camelotinvestigations/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/camelotinv"}],"media":[],"id":48531}],"timeband_id":892,"links":[],"end":"2022-08-13T18:00:00.000-0000","id":49639,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":27,"tag_ids":[40269,45332,45373,45385,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48518},{"tag_id":565,"sort_order":1,"person_id":48531}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-05T05:58:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ada5dd","name":"Red Team Village","id":45385},"title":"HackerOps","end_timestamp":{"seconds":1660413600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659678600,"nanoseconds":0},"speakers":[{"content_ids":[49434],"conference_id":65,"event_ids":[49606,49607,49608,49609,49610,49611,49612,49613,49614,49615,49616],"name":"Ralph May","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48825}],"timeband_id":892,"links":[],"end":"2022-08-13T18:00:00.000-0000","id":49610,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":27,"tag_ids":[40269,45332,45373,45385,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48825}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-05T05:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"title":"Cyber Resilience Bootcamp","end_timestamp":{"seconds":1660413600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659678480,"nanoseconds":0},"speakers":[{"content_ids":[49433],"conference_id":65,"event_ids":[49599,49600,49601,49602,49603,49604,49605],"name":"Ron Taylor","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Gu5G0rman"}],"pronouns":null,"media":[],"id":48826}],"timeband_id":892,"links":[],"end":"2022-08-13T18:00:00.000-0000","id":49601,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"tag_ids":[40269,45332,45373,45385,45451],"village_id":27,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48826}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"spans_timebands":"N","begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-05T05:48:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Container and Kubernetes Offense","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"android_description":"","end_timestamp":{"seconds":1660413600,"nanoseconds":0},"updated_timestamp":{"seconds":1659678420,"nanoseconds":0},"speakers":[{"content_ids":[49432],"conference_id":65,"event_ids":[49596,49597,49598],"name":"Michael Mitchell","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48824}],"timeband_id":892,"links":[],"end":"2022-08-13T18:00:00.000-0000","id":49596,"tag_ids":[40269,45332,45373,45385,45451],"village_id":27,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48824}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"spans_timebands":"N","updated":"2022-08-05T05:47:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Once again this year’s DEF CON Red Team CTF will be hosted by Threat Simulations! We have an amazing, immersive scenario that stresses strong red team skills as players traverse through an enterprise network. This event is not for the faint of heart, first you will battle with hundreds of teams in a jeopardy board style ctf, then the top teams will enter the finals where your Red Team skills will be tested in a full Active Directory environment. Your team will compete against some of the best red teamers in the world as you exploit, pivot, and loot the target environment.\n\n\n","title":"Red Team Village CTF Qualifiers Part 2","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"end_timestamp":{"seconds":1660417200,"nanoseconds":0},"android_description":"Once again this year’s DEF CON Red Team CTF will be hosted by Threat Simulations! We have an amazing, immersive scenario that stresses strong red team skills as players traverse through an enterprise network. This event is not for the faint of heart, first you will battle with hundreds of teams in a jeopardy board style ctf, then the top teams will enter the finals where your Red Team skills will be tested in a full Active Directory environment. Your team will compete against some of the best red teamers in the world as you exploit, pivot, and loot the target environment.","updated_timestamp":{"seconds":1659678240,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[{"label":"Website","type":"link","url":"https://redteamvillage.io/ctf.html"},{"label":"Twitter","type":"link","url":"https://twitter.com/RedTeamVillage_"}],"end":"2022-08-13T19:00:00.000-0000","id":49593,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":27,"tag_ids":[40269,45360,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-05T05:44:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The DEF CON Kubernetes Capture the Flag (CTF) contest features a Kubernetes-based CTF challenge, where teams and individuals can build and test their Kubernetes hacking skills. Each team/individual is given access to a single Kubernetes cluster that contains a set of serial challenges, winning flags and points as they progress. Later flags pose more difficulty, but count for more points.\r\n\r\nA scoreboard tracks the teams’ current and final scores. In the event of a tie, the first team to achieve the score wins that tie.\r\n\r\nFriday: 10:00-20:00\r\nSaturday: 10:00-17:00\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"title":"Kubernetes Capture The Flag","end_timestamp":{"seconds":1660435200,"nanoseconds":0},"android_description":"The DEF CON Kubernetes Capture the Flag (CTF) contest features a Kubernetes-based CTF challenge, where teams and individuals can build and test their Kubernetes hacking skills. Each team/individual is given access to a single Kubernetes cluster that contains a set of serial challenges, winning flags and points as they progress. Later flags pose more difficulty, but count for more points.\r\n\r\nA scoreboard tracks the teams’ current and final scores. In the event of a tie, the first team to achieve the score wins that tie.\r\n\r\nFriday: 10:00-20:00\r\nSaturday: 10:00-17:00","updated_timestamp":{"seconds":1659669780,"nanoseconds":0},"speakers":[],"timeband_id":892,"end":"2022-08-14T00:00:00.000-0000","links":[{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/792884058354745354"},{"label":"Twitter","type":"link","url":"https://twitter.com/ctfsecurity"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241018"},{"label":"Website","type":"link","url":"https://containersecurityctf.com/"}],"id":49587,"village_id":null,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"tag_ids":[45360,45374],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45476},"updated":"2022-08-05T03:23:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In the world of amateur radio, groups of hams will often put together a transmitter hunt (also called “fox hunting”) in order to hone their radio direction finding skills to locate one or more hidden radio transmitters broadcasting. The Defcon Ham Radio Fox Hunt will require participants to locate a number of hidden radio transmitters broadcasting at very low power which are hidden throughout the conference. A map with rough search areas will be given to participants to guide them on their hunt. Additional hints and tips will be provided throughout Defcon at the contest table to help people who find themselves stuck. This contest is designed to be an introduction to ham radio fox hunting and as such will be simple to participate in and all people who participate will be guided towards successful completion!\r\n\r\nFriday: 10:00-20:00\r\nSaturday: 10:00-20:00\n\n\n","title":"DC30 Ham Radio Fox Hunt Contest","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"end_timestamp":{"seconds":1660446000,"nanoseconds":0},"android_description":"In the world of amateur radio, groups of hams will often put together a transmitter hunt (also called “fox hunting”) in order to hone their radio direction finding skills to locate one or more hidden radio transmitters broadcasting. The Defcon Ham Radio Fox Hunt will require participants to locate a number of hidden radio transmitters broadcasting at very low power which are hidden throughout the conference. A map with rough search areas will be given to participants to guide them on their hunt. Additional hints and tips will be provided throughout Defcon at the contest table to help people who find themselves stuck. This contest is designed to be an introduction to ham radio fox hunting and as such will be simple to participate in and all people who participate will be guided towards successful completion!\r\n\r\nFriday: 10:00-20:00\r\nSaturday: 10:00-20:00","updated_timestamp":{"seconds":1659668040,"nanoseconds":0},"speakers":[],"timeband_id":892,"end":"2022-08-14T03:00:00.000-0000","links":[{"label":"Twitter","type":"link","url":"https://twitter.com/richsentme"},{"label":"Website","type":"link","url":"https://defcon27foxhunt.com"}],"id":49583,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":null,"tag_ids":[45360,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"spans_timebands":"N","begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-05T02:54:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Threat Modeling is arguably the single most important activity in an application security program and if performed early can identify a wide range of potential flaws before a single line of code has been written. While being so critically important there is no single correct way to perform Threat Modeling, many techniques, methodologies and/or tools exist. \r\n\r\nAs part of our challenge we will present contestants with the exact same design and compare the outputs they produce against a number of categories in order to identify a winner and crown DEF CON’s Next Top Threat Model(er).\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"title":"DEF CON’s Next Top Threat Model","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"android_description":"Threat Modeling is arguably the single most important activity in an application security program and if performed early can identify a wide range of potential flaws before a single line of code has been written. While being so critically important there is no single correct way to perform Threat Modeling, many techniques, methodologies and/or tools exist. \r\n\r\nAs part of our challenge we will present contestants with the exact same design and compare the outputs they produce against a number of categories in order to identify a winner and crown DEF CON’s Next Top Threat Model(er).","updated_timestamp":{"seconds":1659667860,"nanoseconds":0},"speakers":[],"timeband_id":892,"end":"2022-08-14T01:00:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/240973"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/864187569247354900"}],"id":49581,"tag_ids":[45360,45375,45450],"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-05T02:51:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Darknet-NG is an In-Person Massively Multiplayer Online Role Playing Game (MMO-RPG), where the players take on the Persona of an Agent who is sent on Quests to learn real skills and gain in-game points. If this is your first time at DEF CON, this is a great place to start, because we assume no prior knowledge. Building from basic concepts, we teach agents about a range of topics from Lock-picking, to using and decoding ciphers, to Electronics 101, just to name a few, all while also helping to connect them to the larger DEF CON Community. The “Learning Quests” help the agent gather knowledge from all across the other villages at the conference, while the “Challenge Quests” help hone their skills! Sunday Morning there is a BOSS FIGHT where the Agents must use their combined skills as a community and take on that year’s challenge! There is a whole skill tree of personal knowledge to obtain, community to connect with and memories to make! To get started, check out our site https://darknet-ng.network and join our growing Discord Community!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"title":"DARKNET-NG","android_description":"Darknet-NG is an In-Person Massively Multiplayer Online Role Playing Game (MMO-RPG), where the players take on the Persona of an Agent who is sent on Quests to learn real skills and gain in-game points. If this is your first time at DEF CON, this is a great place to start, because we assume no prior knowledge. Building from basic concepts, we teach agents about a range of topics from Lock-picking, to using and decoding ciphers, to Electronics 101, just to name a few, all while also helping to connect them to the larger DEF CON Community. The “Learning Quests” help the agent gather knowledge from all across the other villages at the conference, while the “Challenge Quests” help hone their skills! Sunday Morning there is a BOSS FIGHT where the Agents must use their combined skills as a community and take on that year’s challenge! There is a whole skill tree of personal knowledge to obtain, community to connect with and memories to make! To get started, check out our site https://darknet-ng.network and join our growing Discord Community!","end_timestamp":{"seconds":1660446000,"nanoseconds":0},"updated_timestamp":{"seconds":1659667380,"nanoseconds":0},"speakers":[],"timeband_id":892,"end":"2022-08-14T03:00:00.000-0000","links":[{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/741049958182158387"},{"label":"Website","type":"link","url":"https://darknet-ng.network/"},{"label":"Twitter","type":"link","url":"https://twitter.com/DarknetNg"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/240975"}],"id":49576,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":null,"tag_ids":[45360,45375,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-05T02:43:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Physical Security Village (formerly known as the Lock Bypass Village) explores the world of hardware bypasses and techniques generally outside of the realm of cyber security and lockpicking. Come learn some of these bypasses, how to fix them, and have the opportunity to try them out for yourself! \r\n\r\nWe'll be covering the basics, including the under-the-door-tool and latch slipping attacks, as well as an in-depth look at more complicated bypasses. Learn about elevator hacking, try out alarm system attacks at the sensor and communication line, and have an inside look at common hardware to see how it works.\r\n\r\nNo prior experience or skills necessary - drop in and learn as much or as little as you'd like!\r\n\r\nLooking for a challenge? Show us you can use lock bypass to escape from a pair of standard handcuffs in under 30 seconds and receive a prize!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#61ba95","name":"Physical Security Village","id":45381},"title":"Physical Security Village","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"android_description":"The Physical Security Village (formerly known as the Lock Bypass Village) explores the world of hardware bypasses and techniques generally outside of the realm of cyber security and lockpicking. Come learn some of these bypasses, how to fix them, and have the opportunity to try them out for yourself! \r\n\r\nWe'll be covering the basics, including the under-the-door-tool and latch slipping attacks, as well as an in-depth look at more complicated bypasses. Learn about elevator hacking, try out alarm system attacks at the sensor and communication line, and have an inside look at common hardware to see how it works.\r\n\r\nNo prior experience or skills necessary - drop in and learn as much or as little as you'd like!\r\n\r\nLooking for a challenge? Show us you can use lock bypass to escape from a pair of standard handcuffs in under 30 seconds and receive a prize!","updated_timestamp":{"seconds":1659624480,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49551,"tag_ids":[40264,45341,45373,45381,45450],"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":22,"includes":"","people":[],"tags":"Village Event","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 201-202 (Physical Security Village)","hotel":"","short_name":"201-202 (Physical Security Village)","id":45428},"spans_timebands":"N","updated":"2022-08-04T14:48:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Car Hacking Village CTF is a fun interactive challenge which gives contestants first hand experience to interact with automotive technologies. We work with multiple automotive OE's and suppliers to ensure our challenges give a real-world experience to hacking cars. We understand car hacking can be expensive, so please come check out our village and flex your skills in hacking automotive technologies.\n\n\n","title":"Car Hacking Village CTF","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"android_description":"The Car Hacking Village CTF is a fun interactive challenge which gives contestants first hand experience to interact with automotive technologies. We work with multiple automotive OE's and suppliers to ensure our challenges give a real-world experience to hacking cars. We understand car hacking can be expensive, so please come check out our village and flex your skills in hacking automotive technologies.","end_timestamp":{"seconds":1660437000,"nanoseconds":0},"updated_timestamp":{"seconds":1659586560,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[{"label":"CTFd","type":"link","url":"https://ctf.carhackingvillage.com/"},{"label":"Guidelines","type":"link","url":"https://www.carhackingvillage.com/ctf-rules-2022"}],"end":"2022-08-14T00:30:00.000-0000","id":49527,"village_id":8,"tag_ids":[40251,45358,45360,45375,45450],"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"includes":"","people":[],"tags":"CTF","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 124-128 (Car Hacking Village)","hotel":"","short_name":"124-128 (Car Hacking Village)","id":45420},"spans_timebands":"N","updated":"2022-08-04T04:16:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"CISA and Idaho National Lab invite you to participate in an immersive Escape Room adventure to test your cybersecurity and infrastructure protection skills. This Escape Room will challenge you and your Team through a series of traditional time-bound Escape Room challenges mixed with cybersecurity elements. Participant’s skills will be confronted with cybersecurity puzzles involving wireless technologies, Open Source Intelligence (OSINT) analysis, database exploitation, network discovery, industrial control systems, cryptography, Arduino backed puzzles, and more. With the mix of traditional escape room puzzles, there is enough to do for everyone regardless of the level of their cyber skills. Come have fun while learning more about cybersecurity with CISA and Idaho National Lab.\r\n\r\n** Swing by the ICS Village to reserve a time for your team. **\r\n\r\nEscape Room Scenario: A disgruntled employee, Bob, has been plotting to bring down the company where he works. In retaliation for his perceived mistreatment, Bob has created an electromagnetic pulse device (EMP) to take out sensitive industrial control systems in the area. Thanks to a few diligent and observant company employees, Bob was taken into custody but not before the timer on the device could be activated! The EMP device has been armed and the clock is ticking. CISA needs your help in protecting our critical infrastructure by following the clues found in Bob’s office to help CISA to disarm the EMP device before it is too late.\n\n\n","title":"CISA and Idaho National Lab Escape Room","type":{"conference_id":65,"conference":"DEFCON30","color":"#81f8bf","updated_at":"2024-06-07T03:39+0000","name":"ICS Village","id":45369},"android_description":"CISA and Idaho National Lab invite you to participate in an immersive Escape Room adventure to test your cybersecurity and infrastructure protection skills. This Escape Room will challenge you and your Team through a series of traditional time-bound Escape Room challenges mixed with cybersecurity elements. Participant’s skills will be confronted with cybersecurity puzzles involving wireless technologies, Open Source Intelligence (OSINT) analysis, database exploitation, network discovery, industrial control systems, cryptography, Arduino backed puzzles, and more. With the mix of traditional escape room puzzles, there is enough to do for everyone regardless of the level of their cyber skills. Come have fun while learning more about cybersecurity with CISA and Idaho National Lab.\r\n\r\n** Swing by the ICS Village to reserve a time for your team. **\r\n\r\nEscape Room Scenario: A disgruntled employee, Bob, has been plotting to bring down the company where he works. In retaliation for his perceived mistreatment, Bob has created an electromagnetic pulse device (EMP) to take out sensitive industrial control systems in the area. Thanks to a few diligent and observant company employees, Bob was taken into custody but not before the timer on the device could be activated! The EMP device has been armed and the clock is ticking. CISA needs your help in protecting our critical infrastructure by following the clues found in Bob’s office to help CISA to disarm the EMP device before it is too late.","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1659584820,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49523,"tag_ids":[40258,45359,45369,45373,45450],"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":15,"includes":"","people":[],"tags":"Competition","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45430,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village) - ICS CISA Escape Room","hotel":"","short_name":"319 ICS CISA Escape Room","id":45505},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-04T03:47:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Microgrids are pretty high maintenance, and like satellites, primarily built for survivability, not security. As the Department of Defense marches toward deploying microgrids at scale to shore up mission resilience in response to the challenges presented by climate change, hackers are gonna hack.\r\n\r\nIn this lab, you’ll learn the basics of microgrid design – from what they are, how they work, and how they regulate themselves. Then, you’ll be able to use this knowledge to then attempt to take over and shut down a mock microgrid by hacking its weather data system and sensor input network to generate chaos.\r\n\r\n(first-come-first-seated kind of event, essentially when a seat is free you are allowed to join)\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#81f8bf","updated_at":"2024-06-07T03:39+0000","name":"ICS Village","id":45369},"title":"DDS Hack-the-Microgrid","android_description":"Microgrids are pretty high maintenance, and like satellites, primarily built for survivability, not security. As the Department of Defense marches toward deploying microgrids at scale to shore up mission resilience in response to the challenges presented by climate change, hackers are gonna hack.\r\n\r\nIn this lab, you’ll learn the basics of microgrid design – from what they are, how they work, and how they regulate themselves. Then, you’ll be able to use this knowledge to then attempt to take over and shut down a mock microgrid by hacking its weather data system and sensor input network to generate chaos.\r\n\r\n(first-come-first-seated kind of event, essentially when a seat is free you are allowed to join)","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1659584100,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49518,"village_id":15,"tag_ids":[40258,45332,45369,45373,45450],"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45430,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village) - ICS Workshop Area","hotel":"","short_name":"314 ICS Workshop Area","id":45504},"updated":"2022-08-04T03:35:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Contestants will be able to try their hand and compete in a point based Capture the Flag hacking competition based around 3 Maritime consoles. The consoles involved will be Navigation systems, Steering and Propulsion systems, and Ballast systems. These systems provide a relative experience of the actual systems found aboard a naval vessel.\r\n\r\nThis is a registration required based CTF https://www.sea-tf.com/registration First come first serve basis on time slots.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#81f8bf","updated_at":"2024-06-07T03:39+0000","name":"ICS Village","id":45369},"title":"Fantom5 SeaTF CTF","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"android_description":"Contestants will be able to try their hand and compete in a point based Capture the Flag hacking competition based around 3 Maritime consoles. The consoles involved will be Navigation systems, Steering and Propulsion systems, and Ballast systems. These systems provide a relative experience of the actual systems found aboard a naval vessel.\r\n\r\nThis is a registration required based CTF https://www.sea-tf.com/registration First come first serve basis on time slots.","updated_timestamp":{"seconds":1659584640,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49515,"tag_ids":[40258,45358,45369,45373,45450],"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":15,"includes":"","people":[],"tags":"CTF","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45430,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village) - ICS CTF Area","hotel":"","short_name":"316 - 317 ICS CTF Area","id":45503},"spans_timebands":"N","updated":"2022-08-04T03:44:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Our Memorial Room is returning this year. A bit more space and more to participate & honoring our community and friends. In FLAMINGO – Carson City 2. \r\n\r\nTake some time to remember and honor our friends that are no longer with us. You can share your stories and adventures across the many years of DEFCON and our hacker community. If this is your first year – you are welcome to come and experience the depth of our community. \r\n\r\nAdd names of friends no longer with us to our books or create some art that you feel is right. It is all your choice. We know that being at DEFCON often brings up memories and feeling about past highlights and this is the place to come and let those thoughts, feelings, and memories flow. DEFCON is an international community, and it is your community.\r\n\r\nLast year we were sort of set up to print photos from your phones – we have a few glitches – a ask about it when you drop by. BUT we think we are set to go!\r\n\r\nEmail the photos – with name or handle if you have it – to memorial@defconmusic.org and of course you can load them in when you are in the room. We have some really nice printers so they look good. And you can place them in the room. And we have lots of other ways to celebrate our family that is no longer with us.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#77d8b8","updated_at":"2024-06-07T03:39+0000","name":"Misc","id":45342},"title":"Memorial Room Open","android_description":"Our Memorial Room is returning this year. A bit more space and more to participate & honoring our community and friends. In FLAMINGO – Carson City 2. \r\n\r\nTake some time to remember and honor our friends that are no longer with us. You can share your stories and adventures across the many years of DEFCON and our hacker community. If this is your first year – you are welcome to come and experience the depth of our community. \r\n\r\nAdd names of friends no longer with us to our books or create some art that you feel is right. It is all your choice. We know that being at DEFCON often brings up memories and feeling about past highlights and this is the place to come and let those thoughts, feelings, and memories flow. DEFCON is an international community, and it is your community.\r\n\r\nLast year we were sort of set up to print photos from your phones – we have a few glitches – a ask about it when you drop by. BUT we think we are set to go!\r\n\r\nEmail the photos – with name or handle if you have it – to memorial@defconmusic.org and of course you can load them in when you are in the room. We have some really nice printers so they look good. And you can place them in the room. And we have lots of other ways to celebrate our family that is no longer with us.","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1659558060,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49512,"tag_ids":[45342,45373,45451],"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Carson City II (Memorial Room)","hotel":"","short_name":"Carson City II (Memorial Room)","id":45478},"spans_timebands":"N","updated":"2022-08-03T20:21:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The maritime transportation system (MTS) today is realizing a sea change in the entire ecosystem due to digitalization, a technological leap that is transforming the industry and redefining our sometimes ancient processes. Digitalization is enabled by the integration of advanced computing and sensor technologies, industrial control systems (ICS) and operational technology (OT), digital processing and telecommunications capabilities, and data analytics. These new and improved capabilities will change all aspects of the maritime industry, including enabling partially and fully autonomous vessels and operations. This is the intersection of the MTS and Industry 4.0. With these advances, we see myriad new opportunities for research and study, economic and environmental benefits, industry optimization, and sustainability. Of course, this new capability totally depends upon reliable access to quality information. Without adequate cybersecurity protections, the benefits of this technological convergence implodes and, instead, becomes an existential threat to the industry and every nations' food, energy, economic, and national security.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#81f8bf","name":"ICS Village","id":45369},"title":"Industry 4.0 and the MTS of the Future – Convergence, Challenges and Opportunities [[MARITIME]]","end_timestamp":{"seconds":1660413600,"nanoseconds":0},"android_description":"The maritime transportation system (MTS) today is realizing a sea change in the entire ecosystem due to digitalization, a technological leap that is transforming the industry and redefining our sometimes ancient processes. Digitalization is enabled by the integration of advanced computing and sensor technologies, industrial control systems (ICS) and operational technology (OT), digital processing and telecommunications capabilities, and data analytics. These new and improved capabilities will change all aspects of the maritime industry, including enabling partially and fully autonomous vessels and operations. This is the intersection of the MTS and Industry 4.0. With these advances, we see myriad new opportunities for research and study, economic and environmental benefits, industry optimization, and sustainability. Of course, this new capability totally depends upon reliable access to quality information. Without adequate cybersecurity protections, the benefits of this technological convergence implodes and, instead, becomes an existential threat to the industry and every nations' food, energy, economic, and national security.","updated_timestamp":{"seconds":1659473280,"nanoseconds":0},"speakers":[{"content_ids":[49343],"conference_id":65,"event_ids":[49443],"name":"Zac Staples","affiliations":[{"organization":"Fathom5","title":"Founder & CEO"}],"links":[],"pronouns":null,"media":[],"id":48775,"title":"Founder & CEO at Fathom5"}],"timeband_id":892,"links":[],"end":"2022-08-13T18:00:00.000-0000","id":49443,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":15,"tag_ids":[40258,45340,45369,45375,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48775}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village)","hotel":"","short_name":"314 - 319 (ICS Village)","id":45430},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-02T20:48:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Learn The Game, Play The Game, Change the Game","type":{"conference_id":65,"conference":"DEFCON30","color":"#c497fa","updated_at":"2024-06-07T03:39+0000","name":"Girls Hack Village","id":45361},"android_description":"","end_timestamp":{"seconds":1660411800,"nanoseconds":0},"updated_timestamp":{"seconds":1659465600,"nanoseconds":0},"speakers":[{"content_ids":[49298,49304],"conference_id":65,"event_ids":[49397,49403],"name":"Yatia Hopkins","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/yatiahopkins/"}],"media":[],"id":48740}],"timeband_id":892,"links":[],"end":"2022-08-13T17:30:00.000-0000","id":49403,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":12,"tag_ids":[40255,45340,45361,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48740}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City III (Girls Hack Village)","hotel":"","short_name":"Virginia City III (Girls Hack Village)","id":45400},"updated":"2022-08-02T18:40:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"We passively monitor the #DEFCON network looking for insecure network traffic. Drop by and see just how easy it can be! We strive to educate the “sheep” we catch: a friendly reminder that security matters.\n\n\n","title":"Wall of Sheep","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d68a9d","name":"Packet Hacking Village","id":45363},"end_timestamp":{"seconds":1660438800,"nanoseconds":0},"android_description":"We passively monitor the #DEFCON network looking for insecure network traffic. Drop by and see just how easy it can be! We strive to educate the “sheep” we catch: a friendly reminder that security matters.","updated_timestamp":{"seconds":1659455220,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49391,"village_id":19,"tag_ids":[40261,45363,45364,45373,45450],"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"includes":"","people":[],"tags":"Educational Event","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-02T15:47:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"New to packet-fu? Don't know a pcap from a bottle cap? Packet Inspector is the game for you! We provide the laptops and all necessary tools for you to learn the basics of network analysis, sniffing, and forensics.\n\n\n","title":"Packet Inspector","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d68a9d","name":"Packet Hacking Village","id":45363},"android_description":"New to packet-fu? Don't know a pcap from a bottle cap? Packet Inspector is the game for you! We provide the laptops and all necessary tools for you to learn the basics of network analysis, sniffing, and forensics.","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1659455280,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49389,"village_id":19,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"tag_ids":[40261,45363,45366,45373,45450],"includes":"","people":[],"tags":"Challenge","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"updated":"2022-08-02T15:48:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Ready to upgrade your skills at the Packet Hacking Village? It’s time to play Packet Detective. A step up in difficulty from Packet Investigator, Packet Detective will test your network hunting abilities at the intermediate level. Come learn some new tricks!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d68a9d","name":"Packet Hacking Village","id":45363},"title":"Packet Detective","android_description":"Ready to upgrade your skills at the Packet Hacking Village? It’s time to play Packet Detective. A step up in difficulty from Packet Investigator, Packet Detective will test your network hunting abilities at the intermediate level. Come learn some new tricks!","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1659455280,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49387,"village_id":19,"tag_ids":[40261,45363,45366,45373,45450],"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"includes":"","people":[],"tags":"Challenge","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-02T15:48:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Think you know your way around a honeypot? Come to the Packet Hacking Village for a friendly, fun, low-pressure DEFCON challenge that's open to all! This game is designed for users of all experience levels: bring your own laptop, SSH in, and explore the adventure.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d68a9d","updated_at":"2024-06-07T03:39+0000","name":"Packet Hacking Village","id":45363},"title":"Honey Pot Workshop","android_description":"Think you know your way around a honeypot? Come to the Packet Hacking Village for a friendly, fun, low-pressure DEFCON challenge that's open to all! This game is designed for users of all experience levels: bring your own laptop, SSH in, and explore the adventure.","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1659455340,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49385,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"tag_ids":[40261,45363,45365,45373,45450],"village_id":19,"includes":"","people":[],"tags":"Walkthrough Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"spans_timebands":"N","begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-02T15:49:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The NetworkOS workshop takes you into the mysterious world underpinning modern computing and global communication: the network itself. Step by step, you'll learn all the basics you need. No experience needed: must know how to type and copy/paste.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d68a9d","name":"Packet Hacking Village","id":45363},"title":"NetworkOS Workshop","android_description":"The NetworkOS workshop takes you into the mysterious world underpinning modern computing and global communication: the network itself. Step by step, you'll learn all the basics you need. No experience needed: must know how to type and copy/paste.","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1659455340,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49383,"tag_ids":[40261,45363,45365,45373,45450],"village_id":19,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"includes":"","people":[],"tags":"Walkthrough Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"updated":"2022-08-02T15:49:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Is regex a mystery to you? We've got your back at the Packet Hacking Village. Our new interactive REGEX Trainer will walk you through learning then doing, giving you a full understanding of how Regular Expressions work.\n\n\n","title":"RegEx Trainer","type":{"conference_id":65,"conference":"DEFCON30","color":"#d68a9d","updated_at":"2024-06-07T03:39+0000","name":"Packet Hacking Village","id":45363},"end_timestamp":{"seconds":1660438800,"nanoseconds":0},"android_description":"Is regex a mystery to you? We've got your back at the Packet Hacking Village. Our new interactive REGEX Trainer will walk you through learning then doing, giving you a full understanding of how Regular Expressions work.","updated_timestamp":{"seconds":1659455340,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49381,"tag_ids":[40261,45363,45365,45373,45450],"village_id":19,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"includes":"","people":[],"tags":"Walkthrough Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-02T15:49:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"New this year at DEF CON! Are you new to hacking? Want to learn Linux? We have a workshop for you! Interactive style training will teach you the basics of this operating system step by step so you can start your journey.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d68a9d","name":"Packet Hacking Village","id":45363},"title":"Linux Trainer","android_description":"New this year at DEF CON! Are you new to hacking? Want to learn Linux? We have a workshop for you! Interactive style training will teach you the basics of this operating system step by step so you can start your journey.","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1659455400,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49379,"tag_ids":[40261,45363,45365,45373,45450],"village_id":19,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"includes":"","people":[],"tags":"Walkthrough Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"updated":"2022-08-02T15:50:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"What is a botnet and how does it work? Come to the Packet Hacking Village and we'll teach you! Our workshop covers the basics of setup, operation, and shenanigans. Learn a skill useful for offense and defense in infosec!\n\n\n","title":"Botnet Workshop","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d68a9d","name":"Packet Hacking Village","id":45363},"android_description":"What is a botnet and how does it work? Come to the Packet Hacking Village and we'll teach you! Our workshop covers the basics of setup, operation, and shenanigans. Learn a skill useful for offense and defense in infosec!","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1659455400,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49377,"tag_ids":[40261,45363,45365,45373,45450],"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":19,"includes":"","people":[],"tags":"Walkthrough Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"spans_timebands":"N","updated":"2022-08-02T15:50:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"New at DEF CON: come play our newest Packet Hacking Village game, HardWired! Don't know how to make a network cable and want to learn? Has it been years? Or do you think you're a pro? Come test your skills against the clock, and make the best cable at con!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d68a9d","updated_at":"2024-06-07T03:39+0000","name":"Packet Hacking Village","id":45363},"title":"HardWired","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"android_description":"New at DEF CON: come play our newest Packet Hacking Village game, HardWired! Don't know how to make a network cable and want to learn? Has it been years? Or do you think you're a pro? Come test your skills against the clock, and make the best cable at con!","updated_timestamp":{"seconds":1659455460,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49375,"tag_ids":[40261,45363,45365,45373,45450],"village_id":19,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"includes":"","people":[],"tags":"Walkthrough Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-02T15:51:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"A handcrafted IoT challenge that will put your skills to the test. Be prepared to hack devices over bluetooth low energy, break into Wi-Fi networks, and exploit binaries. If you avoid the deadly sharks and laser beams you may be able to access smart locks, conduct electronic warfare, and fly drones.\n\n\n","title":"Drone Hack","type":{"conference_id":65,"conference":"DEFCON30","color":"#d17648","updated_at":"2024-06-07T03:39+0000","name":"IoT Village","id":45356},"end_timestamp":{"seconds":1660438800,"nanoseconds":0},"android_description":"A handcrafted IoT challenge that will put your skills to the test. Be prepared to hack devices over bluetooth low energy, break into Wi-Fi networks, and exploit binaries. If you avoid the deadly sharks and laser beams you may be able to access smart locks, conduct electronic warfare, and fly drones.","updated_timestamp":{"seconds":1659392100,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49335,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"tag_ids":[40275,45332,45356,45450],"village_id":16,"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 311, 320 (IoT Village)","hotel":"","short_name":"311, 320 (IoT Village)","id":45424},"spans_timebands":"N","updated":"2022-08-01T22:15:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Hardware hacking with Rapid7! Rapid7 guided exercises will lead you through the hands-on hardware hacking process to gain root level access to embedded IoT technology. This series of exercises will cover multiple steps including embedded multimedia controller (eMMC) interaction, making binary images copies of flash, interaction with read only squash files systems to unpack and repack systems, and altering startup files systems within the devices’ file system to allow you to eventually gain root level access over SSH.\n\n\n","title":"Hands on Hardware Hacking – eMMC to Root","type":{"conference_id":65,"conference":"DEFCON30","color":"#d17648","updated_at":"2024-06-07T03:39+0000","name":"IoT Village","id":45356},"android_description":"Hardware hacking with Rapid7! Rapid7 guided exercises will lead you through the hands-on hardware hacking process to gain root level access to embedded IoT technology. This series of exercises will cover multiple steps including embedded multimedia controller (eMMC) interaction, making binary images copies of flash, interaction with read only squash files systems to unpack and repack systems, and altering startup files systems within the devices’ file system to allow you to eventually gain root level access over SSH.","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1659391980,"nanoseconds":0},"speakers":[{"content_ids":[49262],"conference_id":65,"event_ids":[49323,49333,49334],"name":"Deral Heiland","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48692}],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49333,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":16,"tag_ids":[40275,45332,45356,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48692}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 311, 320 (IoT Village)","hotel":"","short_name":"311, 320 (IoT Village)","id":45424},"spans_timebands":"N","begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-01T22:13:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"IoT Hacking 101 is a set of quick, hands-on labs developed to teach the tools techniques for discovering and exploiting some of the common weaknesses found in loT devices today. Whether you're a pentester that has never hacked loT devices or even someone that has never hacked anything (!), these self-guided labs will walk you through all the steps in order to successfully pwn loT.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d17648","name":"IoT Village","id":45356},"title":"Hands on hacking labs","android_description":"IoT Hacking 101 is a set of quick, hands-on labs developed to teach the tools techniques for discovering and exploiting some of the common weaknesses found in loT devices today. Whether you're a pentester that has never hacked loT devices or even someone that has never hacked anything (!), these self-guided labs will walk you through all the steps in order to successfully pwn loT.","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1659391920,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49331,"tag_ids":[40275,45332,45356,45450],"village_id":16,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 311, 320 (IoT Village)","hotel":"","short_name":"311, 320 (IoT Village)","id":45424},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-01T22:12:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Dive into hacking challenges with HTB at the IoT Village DEFCON 30 CTF. “House Edge” is a themed CTF challenge that aims to have the players travel through a mission inside a space casino with the final goal of accessing a safe box to retrieve its contents. Each challenge is a standalone and does not require to have solved any other challenges. That said, the content is structured in a specific order that helps facilitate the scenario, which at a high level can be broken down into the following side-tasks of the mission:\r\n\r\nGain access to the main security system to avoid being identified\r\nSteal RFID credentials of the reads in the open areas to gain access to restricted areas\r\nDisable the additional motion sensors in the restricted areas to avoid triggering an alarm\r\nOpen a safe box and retrieve its contents.\n\n\n","title":"IoT Village CTF Challenges","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d17648","name":"IoT Village","id":45356},"end_timestamp":{"seconds":1660438800,"nanoseconds":0},"android_description":"Dive into hacking challenges with HTB at the IoT Village DEFCON 30 CTF. “House Edge” is a themed CTF challenge that aims to have the players travel through a mission inside a space casino with the final goal of accessing a safe box to retrieve its contents. Each challenge is a standalone and does not require to have solved any other challenges. That said, the content is structured in a specific order that helps facilitate the scenario, which at a high level can be broken down into the following side-tasks of the mission:\r\n\r\nGain access to the main security system to avoid being identified\r\nSteal RFID credentials of the reads in the open areas to gain access to restricted areas\r\nDisable the additional motion sensors in the restricted areas to avoid triggering an alarm\r\nOpen a safe box and retrieve its contents.","updated_timestamp":{"seconds":1659403440,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49329,"tag_ids":[40275,45356,45358,45450],"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":16,"includes":"","people":[],"tags":"CTF","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 311, 320 (IoT Village)","hotel":"","short_name":"311, 320 (IoT Village)","id":45424},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-02T01:24:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The IoT Village CTF has over 30+ devices and challenges to find and exploit vulnerabilities in real IoT devices. Players, or teams up to 6 people, can register and compete against one another to win great prizes!. With an overall focus on real-life consequences, this year's CTF is the newest and best IoT Village CTF yet! The challenges will require creative thinking, knowledge in networking, and competency in exploit development to claim the top prize. Prizes will be awarded to the top 3 teams/players at the end of the event\r\n\r\n*****\r\n\r\nIoT Village Hacking CTF is hosted in IoT Village, teams of 1-6 players access a local network filled with IoT devices primed to be exploited. You will compete against others by successfully exploiting real IoT products and finding the hidden flags in each. The hacking contest features more than 30 real-world, vulnerable IoT devices.\r\n\r\nThis event has been redesigned to include challenges which highlight tangible impacts when exploiting real vulnerabilities on real IoT devices. Hidden in the network are devices which require advanced skills to exploit or require creative attack chaining to find the flag. Players will encounter unique hacking scenarios like, exfiltrating files off a NAS to find “clues” or bypassing a router firewall to access a camera on a hidden network to “see” a flag. Prepare to outwit, see, sneak, move, and listen your way through these hidden scenarios which have a cyber-physical effect.\r\n\r\nThe IoT devices in the contest are not simulated and do not contain contrived/made-up vulnerabilities. Competitors must figure out what real-world vulnerabilities exist in these devices and exploit them to get a shell and find the flag. This is what makes the IoT Village CTF special.\r\n\r\nThis 3-time DEF CON Black Badge awarded contest CTF is open to anyone! Our contest provides a wonderful experience to learn more about security and test your skills, and the IoT CTF provides the most realistic hacking experience around!\r\n\r\nA few devices are approachable for entry level people to experience getting their first root shell, but to win this CTF your team must perform detailed network reconnaissance, lateral pivoting, vulnerability research, hardware hacking, firmware analysis, reverse engineering, and exploit development.\r\n\r\nSo, join a team (or even by yourself) and compete for fun and prizes! Exploit as many as you can during the con and the top three teams will be rewarded.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"title":"IoT Village CTF (the CTF formally known as SOHOplessly Broken)","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"android_description":"The IoT Village CTF has over 30+ devices and challenges to find and exploit vulnerabilities in real IoT devices. Players, or teams up to 6 people, can register and compete against one another to win great prizes!. With an overall focus on real-life consequences, this year's CTF is the newest and best IoT Village CTF yet! The challenges will require creative thinking, knowledge in networking, and competency in exploit development to claim the top prize. Prizes will be awarded to the top 3 teams/players at the end of the event\r\n\r\n*****\r\n\r\nIoT Village Hacking CTF is hosted in IoT Village, teams of 1-6 players access a local network filled with IoT devices primed to be exploited. You will compete against others by successfully exploiting real IoT products and finding the hidden flags in each. The hacking contest features more than 30 real-world, vulnerable IoT devices.\r\n\r\nThis event has been redesigned to include challenges which highlight tangible impacts when exploiting real vulnerabilities on real IoT devices. Hidden in the network are devices which require advanced skills to exploit or require creative attack chaining to find the flag. Players will encounter unique hacking scenarios like, exfiltrating files off a NAS to find “clues” or bypassing a router firewall to access a camera on a hidden network to “see” a flag. Prepare to outwit, see, sneak, move, and listen your way through these hidden scenarios which have a cyber-physical effect.\r\n\r\nThe IoT devices in the contest are not simulated and do not contain contrived/made-up vulnerabilities. Competitors must figure out what real-world vulnerabilities exist in these devices and exploit them to get a shell and find the flag. This is what makes the IoT Village CTF special.\r\n\r\nThis 3-time DEF CON Black Badge awarded contest CTF is open to anyone! Our contest provides a wonderful experience to learn more about security and test your skills, and the IoT CTF provides the most realistic hacking experience around!\r\n\r\nA few devices are approachable for entry level people to experience getting their first root shell, but to win this CTF your team must perform detailed network reconnaissance, lateral pivoting, vulnerability research, hardware hacking, firmware analysis, reverse engineering, and exploit development.\r\n\r\nSo, join a team (or even by yourself) and compete for fun and prizes! Exploit as many as you can during the con and the top three teams will be rewarded.","updated_timestamp":{"seconds":1659669300,"nanoseconds":0},"speakers":[],"timeband_id":892,"end":"2022-08-14T01:00:00.000-0000","links":[{"label":"Website","type":"link","url":"https://www.iotvillage.org/#yolo"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/240953"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711644307597164665"},{"label":"Twitter","type":"link","url":"https://twitter.com/IoTvillage"}],"id":49326,"tag_ids":[40275,45358,45360,45450],"village_id":16,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"includes":"","people":[],"tags":"CTF","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 311, 320 (IoT Village)","hotel":"","short_name":"311, 320 (IoT Village)","id":45424},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-05T03:15:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"These exercises will show how simple security flaws and exposures become critical, world wide exposures in systems like the Emergency Alert System and network infrastructure from Cisco & Dell. Recreate some of the most impactful kill chains ever, learn new IOT / appsec skills, enumerate a supply chain network with a text editor, and \"\"live off the land\"\" with a few simple free tools like BURP SUITE.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d17648","updated_at":"2024-06-07T03:39+0000","name":"IoT Village","id":45356},"title":"BURP Suite, Forensics Tools & 0-day Exploit Development.","end_timestamp":{"seconds":1660424400,"nanoseconds":0},"android_description":"These exercises will show how simple security flaws and exposures become critical, world wide exposures in systems like the Emergency Alert System and network infrastructure from Cisco & Dell. Recreate some of the most impactful kill chains ever, learn new IOT / appsec skills, enumerate a supply chain network with a text editor, and \"\"live off the land\"\" with a few simple free tools like BURP SUITE.","updated_timestamp":{"seconds":1659391980,"nanoseconds":0},"speakers":[{"content_ids":[49261],"conference_id":65,"event_ids":[49322],"name":"Ken Pyle","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48693}],"timeband_id":892,"links":[],"end":"2022-08-13T21:00:00.000-0000","id":49322,"village_id":16,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"tag_ids":[40275,45332,45356,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48693}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 311, 320 (IoT Village)","hotel":"","short_name":"311, 320 (IoT Village)","id":45424},"updated":"2022-08-01T22:13:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Can you restore the Aerospace Village runway lighting system? IntelliGenesis will be holding a mini-Hack the Airport that is designed to showcase the impact of a cyber-attack on critical infrastructure commercial or government facilities; specifically, Aviation Control Systems. Transportation Systems is one of the 16 Cybersecurity and Infrastructure Agency Critical Infrastructure Sectors for the US. There is a hyper focus on cybersecurity surrounding airports and the critical infrastructure systems supporting aviation operations. Come on over and give it an attempt, there will be 4 stages culminating in restoring the lighting system so that the village can begin landing and launching aircraft. All levels of experience can participate.\r\n\r\nSignups: beginning Monday 8/8 – but not required to participate\n\n\n","title":"Hack the Airport with Intelligenesis","type":{"conference_id":65,"conference":"DEFCON30","color":"#f5eab2","updated_at":"2024-06-07T03:39+0000","name":"Aerospace Village","id":45357},"android_description":"Can you restore the Aerospace Village runway lighting system? IntelliGenesis will be holding a mini-Hack the Airport that is designed to showcase the impact of a cyber-attack on critical infrastructure commercial or government facilities; specifically, Aviation Control Systems. Transportation Systems is one of the 16 Cybersecurity and Infrastructure Agency Critical Infrastructure Sectors for the US. There is a hyper focus on cybersecurity surrounding airports and the critical infrastructure systems supporting aviation operations. Come on over and give it an attempt, there will be 4 stages culminating in restoring the lighting system so that the village can begin landing and launching aircraft. All levels of experience can participate.\r\n\r\nSignups: beginning Monday 8/8 – but not required to participate","end_timestamp":{"seconds":1660435200,"nanoseconds":0},"updated_timestamp":{"seconds":1659379260,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T00:00:00.000-0000","id":49316,"tag_ids":[40247,45357,45358,45450],"village_id":2,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"includes":"","people":[],"tags":"CTF","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-01T18:41:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Red Balloon Security will provide satellite modems as well as a small satellite for the modems to communicate with. We will provide support and training at the event to help people work through all steps of the challenges using OFRAK. OFRAK (Open Firmware Reverse Analysis Konsole) combines the ability to unpack, analyze, modify, and repack binaries & firmware in a single application. PWNSAT CHALLENGE \r\nParticipants will analyze and modify the modem firmware with the goal of successfully patching in shellcode to send malicious commands to the CubeSat to make it spin. Modifications may include – disabling firewall, finding credentials, and shellcode writing + injection. Winners with the most interesting CubeSat spin results will be rewarded with a prize. \r\n\r\nSAFE SPACE: SATELLITE CONTROL PATCHING \r\nIn this challenge, participants will have the opportunity to construct and apply a patch modeled after a real world bug detected in spacecrafts. The challenge will be to understand and patch code that’s trying to solve an equation, but has a bug that makes the satellite unusable. We provide guidance on how to identify the mistake and present multiple approaches in increasing degrees of patching complexity.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#f5eab2","name":"Aerospace Village","id":45357},"title":"Red Balloon Failsat Challenges","android_description":"Red Balloon Security will provide satellite modems as well as a small satellite for the modems to communicate with. We will provide support and training at the event to help people work through all steps of the challenges using OFRAK. OFRAK (Open Firmware Reverse Analysis Konsole) combines the ability to unpack, analyze, modify, and repack binaries & firmware in a single application. PWNSAT CHALLENGE \r\nParticipants will analyze and modify the modem firmware with the goal of successfully patching in shellcode to send malicious commands to the CubeSat to make it spin. Modifications may include – disabling firewall, finding credentials, and shellcode writing + injection. Winners with the most interesting CubeSat spin results will be rewarded with a prize. \r\n\r\nSAFE SPACE: SATELLITE CONTROL PATCHING \r\nIn this challenge, participants will have the opportunity to construct and apply a patch modeled after a real world bug detected in spacecrafts. The challenge will be to understand and patch code that’s trying to solve an equation, but has a bug that makes the satellite unusable. We provide guidance on how to identify the mistake and present multiple approaches in increasing degrees of patching complexity.","end_timestamp":{"seconds":1660431600,"nanoseconds":0},"updated_timestamp":{"seconds":1659379260,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-13T23:00:00.000-0000","id":49314,"village_id":2,"tag_ids":[40247,45357,45359,45450],"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"includes":"","people":[],"tags":"Competition","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","updated":"2022-08-01T18:41:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Satellite communications are used by millions of people every day. From television broadcasts to internet services, satellites bring connectivity beyond the reach of wired infrastructure. In this lab, you’ll learn about one of the most popular satellite communications protocols – DVB-S (Digital Video Broadcasting for Satellite) – and how anyone with inexpensive radio equipment and freely available software can intercept and listen to these signals.\r\n\r\nRequired gear: none!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#f5eab2","name":"Aerospace Village","id":45357},"title":"Satellite Eavesdropping with DDS","android_description":"Satellite communications are used by millions of people every day. From television broadcasts to internet services, satellites bring connectivity beyond the reach of wired infrastructure. In this lab, you’ll learn about one of the most popular satellite communications protocols – DVB-S (Digital Video Broadcasting for Satellite) – and how anyone with inexpensive radio equipment and freely available software can intercept and listen to these signals.\r\n\r\nRequired gear: none!","end_timestamp":{"seconds":1660435200,"nanoseconds":0},"updated_timestamp":{"seconds":1659379260,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T00:00:00.000-0000","id":49311,"tag_ids":[40247,45332,45357,45450],"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":2,"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","updated":"2022-08-01T18:41:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Hack the Airfield is broken down into two primary components, the aircraft and the system used to locate and find them.\r\n\r\nBRICKS IN THE AIR\r\nLearn how avionics systems work in a safe and fun way in our Bricks in the Air workshop that simulates an environment requiring similar approaches to hacking on actual aviation buses without using any of the real hardware, protocols, or commands. Challengers can freely play and develop skills without worrying about legalities or sensitivities of real systems.\r\n\r\nSPOOFING ADS-B\r\nADS-B is the latest version of Identify Friend or Foe (IFF), which is the common name for cooperative radar surveillance of aircraft. Unlike traditional IFF, in ADS-B the aircraft periodically sends a broadcast out roughly every half second to alert all nearby receivers of its current location. These broadcasts are unencrypted and fairly easy to spoof, allowing anyone to create as many aircraft as they want. Stop by the workshop and learn what it takes to spoof fake aircraft into the system used to track them.\r\n\r\nRequired gear: none!\n\n\n","title":"Hack the Airfield with DDS","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#f5eab2","name":"Aerospace Village","id":45357},"end_timestamp":{"seconds":1660435200,"nanoseconds":0},"android_description":"Hack the Airfield is broken down into two primary components, the aircraft and the system used to locate and find them.\r\n\r\nBRICKS IN THE AIR\r\nLearn how avionics systems work in a safe and fun way in our Bricks in the Air workshop that simulates an environment requiring similar approaches to hacking on actual aviation buses without using any of the real hardware, protocols, or commands. Challengers can freely play and develop skills without worrying about legalities or sensitivities of real systems.\r\n\r\nSPOOFING ADS-B\r\nADS-B is the latest version of Identify Friend or Foe (IFF), which is the common name for cooperative radar surveillance of aircraft. Unlike traditional IFF, in ADS-B the aircraft periodically sends a broadcast out roughly every half second to alert all nearby receivers of its current location. These broadcasts are unencrypted and fairly easy to spoof, allowing anyone to create as many aircraft as they want. Stop by the workshop and learn what it takes to spoof fake aircraft into the system used to track them.\r\n\r\nRequired gear: none!","updated_timestamp":{"seconds":1659379260,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T00:00:00.000-0000","id":49309,"tag_ids":[40247,45332,45357,45450],"village_id":2,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-01T18:41:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Jams are immersive engagements that encourage you to up-level your security and coding skills on AWS through the use of hands-on real-world scenarios. The scenarios have varying level of difficulty and points associated with them. Jam engagements allow you to identify strengths, areas of improvement, and the ability to work together in team or individual challenges. Participating will help you advance your cloud cyber skills, hone your problem-solving abilities, and better understand and appreciate the complex set of threat vectors that the aerospace and satellite community confront every day. You will gain experience with a wide range of AWS services in a series of prepared scenarios across aerospace and satellite use cases and operational tasks. Come prepared to stop threat actors from laterally moving through your virtual flight operations center. Detect manipulated imagery in your satellite imagery analysis pipeline. Defend against a DDOS attack on your satellite ground station receiver network. Harden your virtual twin Mars rover against Internet of Things (IoT) attacks. There’s never a dull moment to work in space! \r\n\r\nRequired gear: Laptop and connection required to access the jam environment, set up DEF CON WiFi in advance!\n\n\n","title":"Amazon Web Services Aerospace and Satellite Jam","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#f5eab2","name":"Aerospace Village","id":45357},"end_timestamp":{"seconds":1660435200,"nanoseconds":0},"android_description":"Jams are immersive engagements that encourage you to up-level your security and coding skills on AWS through the use of hands-on real-world scenarios. The scenarios have varying level of difficulty and points associated with them. Jam engagements allow you to identify strengths, areas of improvement, and the ability to work together in team or individual challenges. Participating will help you advance your cloud cyber skills, hone your problem-solving abilities, and better understand and appreciate the complex set of threat vectors that the aerospace and satellite community confront every day. You will gain experience with a wide range of AWS services in a series of prepared scenarios across aerospace and satellite use cases and operational tasks. Come prepared to stop threat actors from laterally moving through your virtual flight operations center. Detect manipulated imagery in your satellite imagery analysis pipeline. Defend against a DDOS attack on your satellite ground station receiver network. Harden your virtual twin Mars rover against Internet of Things (IoT) attacks. There’s never a dull moment to work in space! \r\n\r\nRequired gear: Laptop and connection required to access the jam environment, set up DEF CON WiFi in advance!","updated_timestamp":{"seconds":1659379260,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T00:00:00.000-0000","id":49308,"tag_ids":[40247,45332,45357,45450],"village_id":2,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-01T18:41:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Hack-A-Sat team is working hard to build the next competition platform for the Hack-A-Sat 3 (HAS3) Finals competition, where space math, hacking, and satellite operations are interwoven into a realistic space CTF environment. We will be demoing the HAS3 digital twin satellite in the Aerospace Village for participants to experience basic satellite command & control operations and flight software exploitation with two challenges created specifically for DEF CON. This year’s digital twin brings new tools, processor architecture, and physics simulation capabilities that we will be unveiling for the first time.\r\n\r\nRequired gear: We are hosting the demo on our own hardware so all you need to bring is your own desire to “Learn. Space. Faster”.\r\n\r\nSignups: first come first serve, come by the Aerospace Village during its normal operating hours!\n\n\n","title":"Hack-A-Sat Digital Twin Workshop","type":{"conference_id":65,"conference":"DEFCON30","color":"#f5eab2","updated_at":"2024-06-07T03:39+0000","name":"Aerospace Village","id":45357},"android_description":"The Hack-A-Sat team is working hard to build the next competition platform for the Hack-A-Sat 3 (HAS3) Finals competition, where space math, hacking, and satellite operations are interwoven into a realistic space CTF environment. We will be demoing the HAS3 digital twin satellite in the Aerospace Village for participants to experience basic satellite command & control operations and flight software exploitation with two challenges created specifically for DEF CON. This year’s digital twin brings new tools, processor architecture, and physics simulation capabilities that we will be unveiling for the first time.\r\n\r\nRequired gear: We are hosting the demo on our own hardware so all you need to bring is your own desire to “Learn. Space. Faster”.\r\n\r\nSignups: first come first serve, come by the Aerospace Village during its normal operating hours!","end_timestamp":{"seconds":1660435200,"nanoseconds":0},"updated_timestamp":{"seconds":1659379200,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T00:00:00.000-0000","id":49305,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":2,"tag_ids":[40247,45332,45357,45450],"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-01T18:40:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Boeing Test & Evaluation (T&E) has developed two modules to provide an interactive learning environment and engagement opportunity on ARINC 429 data bus. Three modules will be offered, including a 10-15 minute guided discussion on the basics of ARINC 429, highlighting the key components necessary to participate in the two interactive modules. Boeing will provide an interactive learning environment to improve situational awareness of ARINC 429 data bus and promote discussion on Cyber T&E across the aviation industry. After completing the basics guided tour, participants may engage in one or both of events, the Airplane Challenge and CTF.\r\n\r\nIn order to get participants familiar with ARINC 429 concepts, there will be a presentation introducing 429 and the challenge environment at 10:30 and 13:00 both days.\r\n\r\nEvent #1 – Airplane Challenge (“AC”): during this event the user is presented with a user interface to send their own crafted 429 messages. The participant will be assigned an airplane on a map with the objectives of navigating the airplane to a win condition.\r\n\r\nEvent #2 – Capture The Flag (CTF): The participants will connect into the CTF to take on challenges involving protocol and message manipulation. The participant will be able to validate each flag found in order to complete the event!\r\n\r\nRequired gear: for the AC, you will need a mobile phone and/or Laptop with ability to connect to WiFi. For the CTF you will need a laptop and ethernet cable\r\n\r\nSignups: first come first serve!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#f5eab2","name":"Aerospace Village","id":45357},"title":"Boeing ARINC 429 Airplane Challenge and CTF","end_timestamp":{"seconds":1660431600,"nanoseconds":0},"android_description":"Boeing Test & Evaluation (T&E) has developed two modules to provide an interactive learning environment and engagement opportunity on ARINC 429 data bus. Three modules will be offered, including a 10-15 minute guided discussion on the basics of ARINC 429, highlighting the key components necessary to participate in the two interactive modules. Boeing will provide an interactive learning environment to improve situational awareness of ARINC 429 data bus and promote discussion on Cyber T&E across the aviation industry. After completing the basics guided tour, participants may engage in one or both of events, the Airplane Challenge and CTF.\r\n\r\nIn order to get participants familiar with ARINC 429 concepts, there will be a presentation introducing 429 and the challenge environment at 10:30 and 13:00 both days.\r\n\r\nEvent #1 – Airplane Challenge (“AC”): during this event the user is presented with a user interface to send their own crafted 429 messages. The participant will be assigned an airplane on a map with the objectives of navigating the airplane to a win condition.\r\n\r\nEvent #2 – Capture The Flag (CTF): The participants will connect into the CTF to take on challenges involving protocol and message manipulation. The participant will be able to validate each flag found in order to complete the event!\r\n\r\nRequired gear: for the AC, you will need a mobile phone and/or Laptop with ability to connect to WiFi. For the CTF you will need a laptop and ethernet cable\r\n\r\nSignups: first come first serve!","updated_timestamp":{"seconds":1659379200,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-13T23:00:00.000-0000","id":49304,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"tag_ids":[40247,45357,45358,45450],"village_id":2,"includes":"","people":[],"tags":"CTF","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","updated":"2022-08-01T18:40:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Come take the controls of Pen Test Partners’ immersive A320 simulator. Experience the effects of tampered electronic flight bag data on take-off and landing, TCAS spoofing and more all in the safety of the sim. You’ll see how experienced pilots would deal with these incidents and mitigate risk to passengers and the airplane.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#f5eab2","updated_at":"2024-06-07T03:39+0000","name":"Aerospace Village","id":45357},"title":"Pen Test Partners A320 Simulator","android_description":"Come take the controls of Pen Test Partners’ immersive A320 simulator. Experience the effects of tampered electronic flight bag data on take-off and landing, TCAS spoofing and more all in the safety of the sim. You’ll see how experienced pilots would deal with these incidents and mitigate risk to passengers and the airplane.","end_timestamp":{"seconds":1660417200,"nanoseconds":0},"updated_timestamp":{"seconds":1659379200,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-13T19:00:00.000-0000","id":49301,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":2,"tag_ids":[40247,45341,45357,45450],"includes":"","people":[],"tags":"Village Event","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-01T18:40:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Are you interested in satellite communications? Would you like to help a growing community of ground station and satellite operators collect telemetry data? Well this is the talk for you. With some inexpensive hardware and a trip to your local hardware store, you too can create your very own satellite ground station. In this talk you’ll learn about hardware, radio propagation and how to get started receiving data from satellites on your own ground station\n\n\n","title":"Building Your Own Satellite Ground Station","type":{"conference_id":65,"conference":"DEFCON30","color":"#f5eab2","updated_at":"2024-06-07T03:39+0000","name":"Aerospace Village","id":45357},"android_description":"Are you interested in satellite communications? Would you like to help a growing community of ground station and satellite operators collect telemetry data? Well this is the talk for you. With some inexpensive hardware and a trip to your local hardware store, you too can create your very own satellite ground station. In this talk you’ll learn about hardware, radio propagation and how to get started receiving data from satellites on your own ground station","end_timestamp":{"seconds":1660411500,"nanoseconds":0},"updated_timestamp":{"seconds":1659379560,"nanoseconds":0},"speakers":[{"content_ids":[49218,49232,49662],"conference_id":65,"event_ids":[49275,49259,49850],"name":"Eric Escobar","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/EricEscobar"}],"pronouns":null,"media":[],"id":48669}],"timeband_id":892,"links":[],"end":"2022-08-13T17:25:00.000-0000","id":49275,"tag_ids":[40247,45340,45357,45450],"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":2,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48669}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","begin":"2022-08-13T17:00:00.000-0000","updated":"2022-08-01T18:46:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"When The \"IT\" Hits The Fan, Stick To the Plan","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#8dc784","name":"BIC Village","id":45353},"android_description":"","end_timestamp":{"seconds":1660412700,"nanoseconds":0},"updated_timestamp":{"seconds":1659305160,"nanoseconds":0},"speakers":[{"content_ids":[49195],"conference_id":65,"event_ids":[49236],"name":"Levone Campbell","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48658}],"timeband_id":892,"links":[],"end":"2022-08-13T17:45:00.000-0000","id":49236,"tag_ids":[40249,45340,45353,45373,45451],"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":6,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48658}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Twilight Ballroom (Blacks In Cybersecurity Village)","hotel":"","short_name":"Sunset-Twilight Ballroom (Blacks In Cybersecurity Village)","id":45401},"spans_timebands":"N","updated":"2022-07-31T22:06:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"These are the *general* operating hours for villages, across all locations. Refer to each village's location to see their specific hours or activities.\n\n\n","title":"Village Areas Open (Generally)","type":{"conference_id":65,"conference":"DEFCON30","color":"#77d8b8","updated_at":"2024-06-07T03:39+0000","name":"Misc","id":45342},"android_description":"These are the *general* operating hours for villages, across all locations. Refer to each village's location to see their specific hours or activities.","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1659313320,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49232,"tag_ids":[45342,45373],"village_id":null,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Other/See Description","hotel":"","short_name":"Other/See Description","id":45329},"updated":"2022-08-01T00:22:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"This is when you can go visit our awesome vendors. \r\n\r\nWe don't know whether they will be accepting cash or cards. That's up to each vendor, and we do not have a list.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#77d8b8","updated_at":"2024-06-07T03:39+0000","name":"Misc","id":45342},"title":"Vendor Area Open","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"android_description":"This is when you can go visit our awesome vendors. \r\n\r\nWe don't know whether they will be accepting cash or cards. That's up to each vendor, and we do not have a list.","updated_timestamp":{"seconds":1660320240,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49229,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"tag_ids":[45342,45373,45450],"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 130-132, 134 (Vendors)","hotel":"","short_name":"130-132, 134 (Vendors)","id":45448},"updated":"2022-08-12T16:04:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Join in this deep dive looking at new abuses of OAuth 2.0. We'll look at a variety of attacks including phishing and stolen credential attacks, starting with Microsoft authorization code grant to Google authorization code grant using copy/paste. We'll then move on to new attacks including: OWA browser attacks, Chrome attacks, different SaaS OAuth implementations, upstream SSO attacks, and hidden uses of OAuth in Google App Scripting and Google Cloud Shell.\r\n\r\nIn a nod to Penn and Teller, with each attack, we'll reveal the underlying secret techniques used, why and how it works, and what can be generalized. We'll then show how the most common defensive measures (e.g. MFA, IP allow lists, application allow lists, authorization controls) are used to mitigate each attack, then adjust the attack to bypass the defensive measure. We'll also discuss what vendors have been doing to mitigate these attacks and whether they are effective.\r\n\r\nCode for any demo/POCs will be made available as open-source.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#7caa57","name":"Cloud Village","id":45350},"title":"OAuth-some Security Tricks: Yet more OAuth abuse","end_timestamp":{"seconds":1660412400,"nanoseconds":0},"android_description":"Join in this deep dive looking at new abuses of OAuth 2.0. We'll look at a variety of attacks including phishing and stolen credential attacks, starting with Microsoft authorization code grant to Google authorization code grant using copy/paste. We'll then move on to new attacks including: OWA browser attacks, Chrome attacks, different SaaS OAuth implementations, upstream SSO attacks, and hidden uses of OAuth in Google App Scripting and Google Cloud Shell.\r\n\r\nIn a nod to Penn and Teller, with each attack, we'll reveal the underlying secret techniques used, why and how it works, and what can be generalized. We'll then show how the most common defensive measures (e.g. MFA, IP allow lists, application allow lists, authorization controls) are used to mitigate each attack, then adjust the attack to bypass the defensive measure. We'll also discuss what vendors have been doing to mitigate these attacks and whether they are effective.\r\n\r\nCode for any demo/POCs will be made available as open-source.","updated_timestamp":{"seconds":1659283080,"nanoseconds":0},"speakers":[{"content_ids":[49175],"conference_id":65,"event_ids":[49211],"name":"Jenko Hwong","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jenkohwong"}],"pronouns":null,"media":[],"id":48629}],"timeband_id":892,"links":[],"end":"2022-08-13T17:40:00.000-0000","id":49211,"tag_ids":[40252,45340,45350,45451],"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":9,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48629}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Cloud Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Cloud Village)","id":45431},"spans_timebands":"N","updated":"2022-07-31T15:58:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#c5e58e","updated_at":"2024-06-07T03:39+0000","name":"Soldering Skills Village","id":45339},"title":"Solder Skills Village - Open","android_description":"","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1659142500,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49141,"tag_ids":[40274,45339,45341,45373,45451],"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":32,"includes":"","people":[],"tags":"Village Event","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45440,"name":"Flamingo - Exec Conf Ctr - Red Rock I, II, III, IV, V (Solder Skills Village)","hotel":"","short_name":"Red Rock I, II, III, IV, V (Solder Skills Village)","id":45425},"spans_timebands":"N","updated":"2022-07-30T00:55:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Hardware Hacking Village - Open","type":{"conference_id":65,"conference":"DEFCON30","color":"#dc99bf","updated_at":"2024-06-07T03:39+0000","name":"Hardware Hacking Village","id":45338},"android_description":"","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1659142440,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49138,"village_id":14,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"tag_ids":[40257,45338,45341,45373,45451],"includes":"","people":[],"tags":"Village Event","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45440,"name":"Flamingo - Exec Conf Ctr - Red Rock VI, VII, VII (Hardware Hacking Village)","hotel":"","short_name":"Red Rock VI, VII, VII (Hardware Hacking Village)","id":45422},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-07-30T00:54:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Tools for Fighting Disinformation","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d5f67c","name":"Misinformation Village","id":45335},"end_timestamp":{"seconds":1660412700,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659128160,"nanoseconds":0},"speakers":[{"content_ids":[49054,49065],"conference_id":65,"event_ids":[49057,49068],"name":"Preslav Nakov","affiliations":[{"organization":"Mohamed bin Zayed University of Artificial Intelligence","title":""}],"links":[],"pronouns":null,"media":[],"id":48489,"title":"Mohamed bin Zayed University of Artificial Intelligence"}],"timeband_id":892,"links":[],"end":"2022-08-13T17:45:00.000-0000","id":49068,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":18,"tag_ids":[40260,45332,45335,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48489}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (Misinformation Village)","hotel":"","short_name":"220->236 (Misinformation Village)","id":45402},"spans_timebands":"N","updated":"2022-07-29T20:56:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"AI Red Teams are sprouting across organizations: Microsoft, Facebook, Google, DeepMind, OpenAI, NVIDIA all have dedicated teams to secure and red team their AI systems. Even the US Government is jumping on this bandwagon. But surprisingly, unlike traditional red teams, which have an agreed upon form, function and definition, there is little agreement on AI Red Teaming. This talk synthesizes Microsoft’s perspective of AI Red Team and interleaves formal and informal conversations with more than 15 different AI Red Teams across the industry and governments, as well analyzing their job postings, publications and blog posts. We ground each of the lessons in our experience of red teaming production systems.\r\n\r\nAfter this talk, you will get a taste of how AI Red Teams approach the problem, grasp what AI Red Teams do, how they interact with existing security paradigms like traditional red teaming as well as emerging areas like adversarial machine learning. You will be able to assess what it takes to be successful in this field, and how your can make an impact without a PhD in Adversarial Machine learning.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#7692ac","name":"AI Village","id":45330},"title":"A few useful things to know about AI Red Teams ","end_timestamp":{"seconds":1660413000,"nanoseconds":0},"android_description":"AI Red Teams are sprouting across organizations: Microsoft, Facebook, Google, DeepMind, OpenAI, NVIDIA all have dedicated teams to secure and red team their AI systems. Even the US Government is jumping on this bandwagon. But surprisingly, unlike traditional red teams, which have an agreed upon form, function and definition, there is little agreement on AI Red Teaming. This talk synthesizes Microsoft’s perspective of AI Red Team and interleaves formal and informal conversations with more than 15 different AI Red Teams across the industry and governments, as well analyzing their job postings, publications and blog posts. We ground each of the lessons in our experience of red teaming production systems.\r\n\r\nAfter this talk, you will get a taste of how AI Red Teams approach the problem, grasp what AI Red Teams do, how they interact with existing security paradigms like traditional red teaming as well as emerging areas like adversarial machine learning. You will be able to assess what it takes to be successful in this field, and how your can make an impact without a PhD in Adversarial Machine learning.","updated_timestamp":{"seconds":1659292740,"nanoseconds":0},"speakers":[{"content_ids":[49038],"conference_id":65,"event_ids":[49041],"name":"Sudipto Rakshit ","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48473}],"timeband_id":892,"links":[],"end":"2022-08-13T17:50:00.000-0000","id":49041,"tag_ids":[40248,45330,45450],"village_id":3,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48473}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (AI Village)","hotel":"","short_name":"220->236 (AI Village)","id":45410},"spans_timebands":"N","updated":"2022-07-31T18:39:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Dr. Schmid will provide an overview of the NASA space medicine operations current spaceflight challenges and opportunities in the context of the environments of care including air, space and terrestrially in our domestic and international health systems. He will provide a worldwind tour of Space Medicine origins, space telemedicine, medical training required, extreme environments of care, NASA international and off the planet medical operations, mission planning, space physiology, longitudinal surveillance of astronaut health, current and future missions, commercial space flight and new vehicles. Dr. Schmid will introduce the Holoportation Project, the first Holographic Transportation of humans to space, new technologies and opportunities for collaboration and problem solving with NASA.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#a67a60","name":"Biohacking Village","id":45329},"title":"Space Station Sapians: Health is out of this world","end_timestamp":{"seconds":1660411800,"nanoseconds":0},"android_description":"Dr. Schmid will provide an overview of the NASA space medicine operations current spaceflight challenges and opportunities in the context of the environments of care including air, space and terrestrially in our domestic and international health systems. He will provide a worldwind tour of Space Medicine origins, space telemedicine, medical training required, extreme environments of care, NASA international and off the planet medical operations, mission planning, space physiology, longitudinal surveillance of astronaut health, current and future missions, commercial space flight and new vehicles. Dr. Schmid will introduce the Holoportation Project, the first Holographic Transportation of humans to space, new technologies and opportunities for collaboration and problem solving with NASA.","updated_timestamp":{"seconds":1659747480,"nanoseconds":0},"speakers":[{"content_ids":[49017],"conference_id":65,"event_ids":[49020],"name":"Dr. Josef Schmid","affiliations":[{"organization":"NASA","title":"Flight Surgeon"}],"links":[],"pronouns":null,"media":[],"id":48441,"title":"Flight Surgeon at NASA"}],"timeband_id":892,"links":[],"end":"2022-08-13T17:30:00.000-0000","id":49020,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"tag_ids":[40277,45329,45373,45451],"village_id":5,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48441}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Laughlin I,II,III (Biohacking Village)","hotel":"","short_name":"Laughlin I,II,III (Biohacking Village)","id":45405},"spans_timebands":"N","updated":"2022-08-06T00:58:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"We reopen and accept drives until we reach capacity (usually late Friday or early Saturday).  Then we copy and copy all the things until we just can't copy any more - first come, first served.  We run around the clock until we run out of time on Sunday morning with the last possible pickup being before 11:00am on Sunday.\n\n\n","title":"DDV open and accepting drives for duplication","type":{"conference_id":65,"conference":"DEFCON30","color":"#ef47d8","updated_at":"2024-06-07T03:39+0000","name":"Data Duplication Village","id":45328},"end_timestamp":{"seconds":1660435200,"nanoseconds":0},"android_description":"We reopen and accept drives until we reach capacity (usually late Friday or early Saturday).  Then we copy and copy all the things until we just can't copy any more - first come, first served.  We run around the clock until we run out of time on Sunday morning with the last possible pickup being before 11:00am on Sunday.","updated_timestamp":{"seconds":1659070140,"nanoseconds":0},"speakers":[],"timeband_id":892,"end":"2022-08-14T00:00:00.000-0000","links":[{"label":"https://dcddv.org","type":"link","url":"https://dcddv.org"}],"id":49002,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":11,"tag_ids":[40254,45328,45373,45451],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45440,"name":"Flamingo - Exec Conf Ctr - Lake Meade and Valley of Fire (Data Duplication Village)","hotel":"","short_name":"Lake Meade and Valley of Fire (Data Duplication Village)","id":45423},"updated":"2022-07-29T04:49:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Story time for hackers. The importance of storytelling and simulation for teaching and training policymakers including a scenario from the Atlantic Council Cyber 9/12 program and other comparable efforts. Hear from panelists on how they construct stories and simulations for policymakers, from short from prose to war games to student competitions. This panel draws on the hacking community’s rich history of storytelling through fiction, graphic art, and more to demonstrate the practical importance of shaping ideas in policy debates. This session complements an otherwise heavy emphasis throughout the track on ideas over the medium itself. Panelists would also discuss their approach to breaking down a complicated issue or problem in order to represent its core themes, challenges, and opportunities especially for policymakers.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ab59db","name":"Policy@DEF CON Content","id":45311},"title":"Imagining a cyber policy crisis: Storytelling and Simulation for real-world risks","end_timestamp":{"seconds":1660416300,"nanoseconds":0},"android_description":"Story time for hackers. The importance of storytelling and simulation for teaching and training policymakers including a scenario from the Atlantic Council Cyber 9/12 program and other comparable efforts. Hear from panelists on how they construct stories and simulations for policymakers, from short from prose to war games to student competitions. This panel draws on the hacking community’s rich history of storytelling through fiction, graphic art, and more to demonstrate the practical importance of shaping ideas in policy debates. This session complements an otherwise heavy emphasis throughout the track on ideas over the medium itself. Panelists would also discuss their approach to breaking down a complicated issue or problem in order to represent its core themes, challenges, and opportunities especially for policymakers.","updated_timestamp":{"seconds":1658982480,"nanoseconds":0},"speakers":[{"content_ids":[48882],"conference_id":65,"event_ids":[48889],"name":"Safa Shahwan Edwards","affiliations":[{"organization":"","title":"Deputy Director, Cyber Statecraft Initiative, Atlantic Council"}],"links":[],"pronouns":null,"media":[],"id":48297,"title":"Deputy Director, Cyber Statecraft Initiative, Atlantic Council"},{"content_ids":[48882],"conference_id":65,"event_ids":[48889],"name":"Nina Kollars","affiliations":[{"organization":"","title":"Department of Defense"}],"links":[],"pronouns":null,"media":[],"id":48298,"title":"Department of Defense"},{"content_ids":[48896,48882],"conference_id":65,"event_ids":[48889,48891],"name":"Winnona DeSombre","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48299}],"timeband_id":892,"end":"2022-08-13T18:45:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242749"}],"id":48889,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":23,"tag_ids":[40265,45311,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48298},{"tag_id":565,"sort_order":1,"person_id":48297},{"tag_id":565,"sort_order":1,"person_id":48299}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 226-227 - Policy Roundtable","hotel":"","short_name":"226-227 - Policy Roundtable","id":45465},"updated":"2022-07-28T04:28:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"CISA/JCDC leadership will speak on a panel to review the purpose and history of JCDC, and set the scene for the event before attendees begin their own conversations. Following the panel, attendees will split up into four breakout sections and gather in four corners of the room. Each of these groups will divide again to form no more than 5-6 people per discussion group. These small groups will delve into one proposal for a JCDC initiative and discuss for 15-20 minutes, after which they will rotate to the next section/topic. Each conversation will be facilitated by CISA, who play the “champion” for that specific proposal. Topics may include: Transnational Trust Webs (How can JCDC collaborate with researchers, orgs, and partners spread across the globe? Internet security, not just national security); Chaos Engine (How do we turn the Internet into a much more risky place for adversaries? Which hackers have the right data to find adversary infrastructure?); We Want You (How can CISA expand on its past work with individuals on research to integrate volunteer hackers into response operations?); Expect the Worst (What kind of contingencies should CISA prioritize? What planning and preparation can achieve the most leverage if the worst happens?)\n\n\n","title":"Hacking Operational Collaboration","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ab59db","name":"Policy@DEF CON Content","id":45311},"android_description":"CISA/JCDC leadership will speak on a panel to review the purpose and history of JCDC, and set the scene for the event before attendees begin their own conversations. Following the panel, attendees will split up into four breakout sections and gather in four corners of the room. Each of these groups will divide again to form no more than 5-6 people per discussion group. These small groups will delve into one proposal for a JCDC initiative and discuss for 15-20 minutes, after which they will rotate to the next section/topic. Each conversation will be facilitated by CISA, who play the “champion” for that specific proposal. Topics may include: Transnational Trust Webs (How can JCDC collaborate with researchers, orgs, and partners spread across the globe? Internet security, not just national security); Chaos Engine (How do we turn the Internet into a much more risky place for adversaries? Which hackers have the right data to find adversary infrastructure?); We Want You (How can CISA expand on its past work with individuals on research to integrate volunteer hackers into response operations?); Expect the Worst (What kind of contingencies should CISA prioritize? What planning and preparation can achieve the most leverage if the worst happens?)","end_timestamp":{"seconds":1660416300,"nanoseconds":0},"updated_timestamp":{"seconds":1658982480,"nanoseconds":0},"speakers":[{"content_ids":[48883],"conference_id":65,"event_ids":[48885],"name":"David Forscey","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48300},{"content_ids":[48883],"conference_id":65,"event_ids":[48885],"name":"Brianna McClenon","affiliations":[{"organization":"CISA","title":"Joint Cyber Defense Collaborative"}],"links":[],"pronouns":null,"media":[],"id":48804,"title":"Joint Cyber Defense Collaborative at CISA"},{"content_ids":[48883],"conference_id":65,"event_ids":[48885],"name":"Seth McKinnis","affiliations":[{"organization":"CISA","title":"Joint Cyber Defense Collaborative"}],"links":[],"pronouns":null,"media":[],"id":48805,"title":"Joint Cyber Defense Collaborative at CISA"},{"content_ids":[48883],"conference_id":65,"event_ids":[48885],"name":"Gavin To","affiliations":[{"organization":"CISA","title":"Joint Cyber Defense Collaborative"}],"links":[],"pronouns":null,"media":[],"id":48806,"title":"Joint Cyber Defense Collaborative at CISA"},{"content_ids":[48883],"conference_id":65,"event_ids":[48885],"name":"Hristiana Petkova","affiliations":[{"organization":"CISA","title":"Joint Cyber Defense Collaborative"}],"links":[],"pronouns":null,"media":[],"id":48807,"title":"Joint Cyber Defense Collaborative at CISA"}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242802"}],"end":"2022-08-13T18:45:00.000-0000","id":48885,"tag_ids":[40265,45311,45373,45450],"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"village_id":23,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48804},{"tag_id":565,"sort_order":1,"person_id":48300},{"tag_id":565,"sort_order":1,"person_id":48806},{"tag_id":565,"sort_order":1,"person_id":48807},{"tag_id":565,"sort_order":1,"person_id":48805}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 224-225 - Policy Collaboratorium","hotel":"","short_name":"224-225 - Policy Collaboratorium","id":45464},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-07-28T04:28:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Writeups for CTF challenges and machines are a critical learning resource for our community. For the author, it presents an opportunity to document their methodology, tips/tricks and progress. For the audience, it serves as reference material. Oftentimes, authors switch roles and become the audience to learn from their own work. This demo aims to showcase tools, svachal and machinescli, developed with these insights. These work in conjunction to help users curate their learning in .yml structured files, find insights and query this knowledge base as and when needed.\n\nAudience: Offense/Defense\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#b3b0b6","updated_at":"2024-06-07T03:39+0000","name":"Demo Lab","id":45292},"title":"svachal + machinescli","end_timestamp":{"seconds":1660416900,"nanoseconds":0},"android_description":"Writeups for CTF challenges and machines are a critical learning resource for our community. For the author, it presents an opportunity to document their methodology, tips/tricks and progress. For the audience, it serves as reference material. Oftentimes, authors switch roles and become the audience to learn from their own work. This demo aims to showcase tools, svachal and machinescli, developed with these insights. These work in conjunction to help users curate their learning in .yml structured files, find insights and query this knowledge base as and when needed.\n\nAudience: Offense/Defense","updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48748],"conference_id":65,"event_ids":[48753],"name":"Ankur Tyagi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48027}],"timeband_id":892,"links":[],"end":"2022-08-13T18:55:00.000-0000","id":48753,"tag_ids":[45292,45373,45450],"village_id":null,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48027}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Committee Boardroom (Demo Labs)","hotel":"","short_name":"Committee Boardroom (Demo Labs)","id":45444},"spans_timebands":"N","begin":"2022-08-13T17:00:00.000-0000","updated":"2022-07-27T05:31:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"EDRSandBlast is a tool written in C that implements and industrializes known as well as original bypass techniques to make EDR evasion easier during adversary simulations. Both user-land and kernel-land EDR detection capabilities can be bypassed, using multiple unhooking techniques and a vulnerable signed driver to unregister kernel callbacks and disable the ETW Threat Intelligence provider. Since the initial release, multiple improvements have been implemented in EDRSandBlast: it is now possible to use this toolbox as a library from another attacking tool, new bypasses have been implemented, the embedded vulnerable driver is now interchangeable to increase stealthiness and the use of a pre-built offsets database is no more required! Come discover our tool and its new features, learn (or teach us!) something about EDRs and discuss about the potential improvements to this project. \n\nAudience: Offense, Defense, Windows, EDR\n\n\n","title":"EDR detection mechanisms and bypass techniques with EDRSandBlast","type":{"conference_id":65,"conference":"DEFCON30","color":"#b3b0b6","updated_at":"2024-06-07T03:39+0000","name":"Demo Lab","id":45292},"android_description":"EDRSandBlast is a tool written in C that implements and industrializes known as well as original bypass techniques to make EDR evasion easier during adversary simulations. Both user-land and kernel-land EDR detection capabilities can be bypassed, using multiple unhooking techniques and a vulnerable signed driver to unregister kernel callbacks and disable the ETW Threat Intelligence provider. Since the initial release, multiple improvements have been implemented in EDRSandBlast: it is now possible to use this toolbox as a library from another attacking tool, new bypasses have been implemented, the embedded vulnerable driver is now interchangeable to increase stealthiness and the use of a pre-built offsets database is no more required! Come discover our tool and its new features, learn (or teach us!) something about EDRs and discuss about the potential improvements to this project. \n\nAudience: Offense, Defense, Windows, EDR","end_timestamp":{"seconds":1660416900,"nanoseconds":0},"updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48744],"conference_id":65,"event_ids":[48748],"name":"Thomas Diot","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48032},{"content_ids":[48744],"conference_id":65,"event_ids":[48748],"name":"Maxime Meignan","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48040}],"timeband_id":892,"links":[],"end":"2022-08-13T18:55:00.000-0000","id":48748,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"tag_ids":[45292,45373,45450],"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48040},{"tag_id":565,"sort_order":1,"person_id":48032}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Society Boardroom (Demo Labs)","hotel":"","short_name":"Society Boardroom (Demo Labs)","id":45393},"spans_timebands":"N","begin":"2022-08-13T17:00:00.000-0000","updated":"2022-07-27T05:31:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Enterprises today are shifting away from dedicated workstations, and moving to flexible workspaces with shared hardware peripherals. This creates the ideal landscape for hardware implant attacks; however, implants have not kept up with this shift. While closed source, for-profit solutions exist and have seen some recent advances in innovation, they lack the customization to adapt to large targeted deployments. Open-source projects exist but focus more on individual workstations (dumb keyboards/terminals) relying on corporate networks for remote control. Our solution is an open source, hardware implant which adopts IoT technologies, using non-standard channels to create a remotely managed mesh network of hardware implants. Attendees will learn how to create a new breed of open-source hardware implants. Topics covered in this talk include the scaling of implants for enterprise takeover, creating and utilizing a custom C2 server, a reverse shell that survives screen lock, and more. They will also leave with a new platform from which to innovate custom implants. Live demos will be used to show these new tactics against real world infrastructure. This talk builds off of previous implant talks but will show how to leverage new techniques and technologies to push the innovation of hardware implants forward evolutionarily.\n\nAudience: Offense and Red Teams with a focus on a hardware approach\n\n\n","title":"Injectyll-HIDe: Pushing the Future of Hardware Implants to the Next Level","type":{"conference_id":65,"conference":"DEFCON30","color":"#b3b0b6","updated_at":"2024-06-07T03:39+0000","name":"Demo Lab","id":45292},"end_timestamp":{"seconds":1660416900,"nanoseconds":0},"android_description":"Enterprises today are shifting away from dedicated workstations, and moving to flexible workspaces with shared hardware peripherals. This creates the ideal landscape for hardware implant attacks; however, implants have not kept up with this shift. While closed source, for-profit solutions exist and have seen some recent advances in innovation, they lack the customization to adapt to large targeted deployments. Open-source projects exist but focus more on individual workstations (dumb keyboards/terminals) relying on corporate networks for remote control. Our solution is an open source, hardware implant which adopts IoT technologies, using non-standard channels to create a remotely managed mesh network of hardware implants. Attendees will learn how to create a new breed of open-source hardware implants. Topics covered in this talk include the scaling of implants for enterprise takeover, creating and utilizing a custom C2 server, a reverse shell that survives screen lock, and more. They will also leave with a new platform from which to innovate custom implants. Live demos will be used to show these new tactics against real world infrastructure. This talk builds off of previous implant talks but will show how to leverage new techniques and technologies to push the innovation of hardware implants forward evolutionarily.\n\nAudience: Offense and Red Teams with a focus on a hardware approach","updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48751,49104],"conference_id":65,"event_ids":[48741,49134],"name":"Jonathan Fischer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48030},{"content_ids":[48751,49104],"conference_id":65,"event_ids":[48741,49134],"name":"Jeremy Miller","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48031}],"timeband_id":892,"links":[],"end":"2022-08-13T18:55:00.000-0000","id":48741,"village_id":null,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"tag_ids":[45292,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48031},{"tag_id":565,"sort_order":1,"person_id":48030}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Council Boardroom (Demo Labs)","hotel":"","short_name":"Council Boardroom (Demo Labs)","id":45443},"spans_timebands":"N","begin":"2022-08-13T17:00:00.000-0000","updated":"2022-07-27T05:31:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Empire is a Command and Control (C2) framework powered by Python 3 that supports Windows, Linux, and macOS exploitation. It has evolved significantly since its introduction in 2015 and has become one of the most widely used open-source C2 platforms. Starting life as PowerShell Empire and later merging in Empyre, Empire is now a full-fledged .NET C2 leveraging PowerShell, Python, C#, and Dynamic Language Runtime (DLR) agents. It offers a flexible modular architecture that links Advanced Persistent Threats (APTs) Tactics, Techniques, and Procedures (TTPs) through the MITRE ATT&CK database. The framework aims to provide a flexible and easy-to-use interface to easily incorporate a wide array of tools into a single platform for red team operations to emulate APTs. This presentation will explore our most recent upgrades in Empire 4.0, including C# and IronPython agents, Customizable Bypasses, Malleable HTTP C2, Donut Integration, Beacon Object File (BoF), and much more. In addition, our team will be giving a preview of Empire 5.0 and its features. The most exciting of these being the brand-new web client (Starkiller 2.0) and v2 API, which will be released later this year.\n\nAudience: Offense\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#b3b0b6","updated_at":"2024-06-07T03:39+0000","name":"Demo Lab","id":45292},"title":"Empire 4.0 and Beyond","end_timestamp":{"seconds":1660416900,"nanoseconds":0},"android_description":"Empire is a Command and Control (C2) framework powered by Python 3 that supports Windows, Linux, and macOS exploitation. It has evolved significantly since its introduction in 2015 and has become one of the most widely used open-source C2 platforms. Starting life as PowerShell Empire and later merging in Empyre, Empire is now a full-fledged .NET C2 leveraging PowerShell, Python, C#, and Dynamic Language Runtime (DLR) agents. It offers a flexible modular architecture that links Advanced Persistent Threats (APTs) Tactics, Techniques, and Procedures (TTPs) through the MITRE ATT&CK database. The framework aims to provide a flexible and easy-to-use interface to easily incorporate a wide array of tools into a single platform for red team operations to emulate APTs. This presentation will explore our most recent upgrades in Empire 4.0, including C# and IronPython agents, Customizable Bypasses, Malleable HTTP C2, Donut Integration, Beacon Object File (BoF), and much more. In addition, our team will be giving a preview of Empire 5.0 and its features. The most exciting of these being the brand-new web client (Starkiller 2.0) and v2 API, which will be released later this year.\n\nAudience: Offense","updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48734,49137],"conference_id":65,"event_ids":[48737,49165],"name":"Anthony \"Cx01N\" Rose","affiliations":[{"organization":"","title":"Lead Security Researcher"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Cx01N_"}],"pronouns":null,"media":[],"id":48053,"title":"Lead Security Researcher"},{"content_ids":[48734,49137],"conference_id":65,"event_ids":[48737,49165],"name":"Vincent \"Vinnybod\" Rose","affiliations":[{"organization":"","title":"Lead Tool Developer"}],"links":[],"pronouns":null,"media":[],"id":48061,"title":"Lead Tool Developer"}],"timeband_id":892,"links":[],"end":"2022-08-13T18:55:00.000-0000","id":48737,"village_id":null,"tag_ids":[45292,45373,45450],"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48053},{"tag_id":565,"sort_order":1,"person_id":48061}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Accord Boardroom (Demo Labs)","hotel":"","short_name":"Accord Boardroom (Demo Labs)","id":45395},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-07-27T05:31:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Surprisingly, memory related events logging has been ignored by monitoring tool’s authors since a long time. There are multiple event loggers present for Linux that are capable of monitoring processes, i/o operations, function calls or whole systemwide events. But something which lacks in most is global monitoring of memory related events like allocation, attachment to a shared memory, memory allocation in foreign process etc. This has many applications in security domain or even software engineering in general. The main area of focus or use case for Memfini is to assist Security professionals for carrying out memory specific Dynamic Malware Analysis, in order to help them in finding indicators for malicious activities without reversing the behavior. Below listed are few of the use cases (which we will also be demonstrating in the talk). • Process Injection • Fileless malware execution • Shellcode Execution • Malicious shared memory usage On the other hand, it can also be helpful for Software developers, who wish to have an eagle eye on the memory allocations • Finding Memory Leaks • Error detection for debugging purposes. The is possible as Memfini is capable of monitoring memory allocations on User space, Kernel space as well as some under looked allocations like PCI device mapping, DMA allocations etc. It provides a command line interface with multiple filters, allowing a user to interact with the logs generated & get the required data. Currently, the user will be able to filter the events by individual process, type of access etc.\n\nAudience: Defensive security(Malware researcher, IR/Forensics) and Offensive security(memory based vulnerability discovery)\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#b3b0b6","updated_at":"2024-06-07T03:39+0000","name":"Demo Lab","id":45292},"title":"Memfini - A systemwide memory monitor interface for linux","end_timestamp":{"seconds":1660416900,"nanoseconds":0},"android_description":"Surprisingly, memory related events logging has been ignored by monitoring tool’s authors since a long time. There are multiple event loggers present for Linux that are capable of monitoring processes, i/o operations, function calls or whole systemwide events. But something which lacks in most is global monitoring of memory related events like allocation, attachment to a shared memory, memory allocation in foreign process etc. This has many applications in security domain or even software engineering in general. The main area of focus or use case for Memfini is to assist Security professionals for carrying out memory specific Dynamic Malware Analysis, in order to help them in finding indicators for malicious activities without reversing the behavior. Below listed are few of the use cases (which we will also be demonstrating in the talk). • Process Injection • Fileless malware execution • Shellcode Execution • Malicious shared memory usage On the other hand, it can also be helpful for Software developers, who wish to have an eagle eye on the memory allocations • Finding Memory Leaks • Error detection for debugging purposes. The is possible as Memfini is capable of monitoring memory allocations on User space, Kernel space as well as some under looked allocations like PCI device mapping, DMA allocations etc. It provides a command line interface with multiple filters, allowing a user to interact with the logs generated & get the required data. Currently, the user will be able to filter the events by individual process, type of access etc.\n\nAudience: Defensive security(Malware researcher, IR/Forensics) and Offensive security(memory based vulnerability discovery)","updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48736],"conference_id":65,"event_ids":[48730],"name":"Shubham Dubey","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48023},{"content_ids":[48736],"conference_id":65,"event_ids":[48730],"name":"Rishal Dwivedi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48034}],"timeband_id":892,"links":[],"end":"2022-08-13T18:55:00.000-0000","id":48730,"village_id":null,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"tag_ids":[45292,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48034},{"tag_id":565,"sort_order":1,"person_id":48023}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Caucus Boardroom (Demo Labs)","hotel":"","short_name":"Caucus Boardroom (Demo Labs)","id":45442},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-07-27T05:31:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"What do Apple, John Deere and Wahl Shavers have in common with med-tech companies? They all insist that if you were able to mod their \nstuff, you would kill yourself and/or someone else... and they've all demonstrated, time and again, that they are unfit to have the final\n say over how the tools you depend on should work. As right to repair and other interoperability movements gain prominence, med-tech wants\n us to think that it's too life-or-death for modding. We think that med-tech is too life-or-death NOT to to be open, accountable and \nconfigurable by the people who depend on it. Hear two hacker doctors and a tech activist talk about who's on the right side of history \nand how the people on the wrong side of history are trying to turn you into a walking inkjet printer, locked into an app store.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"title":"Literal Self-Pwning: Why Patients - and Their Advocates - Should Be Encouraged to Hack, Improve, and Mod Med Tech","android_description":"What do Apple, John Deere and Wahl Shavers have in common with med-tech companies? They all insist that if you were able to mod their \nstuff, you would kill yourself and/or someone else... and they've all demonstrated, time and again, that they are unfit to have the final\n say over how the tools you depend on should work. As right to repair and other interoperability movements gain prominence, med-tech wants\n us to think that it's too life-or-death for modding. We think that med-tech is too life-or-death NOT to to be open, accountable and \nconfigurable by the people who depend on it. Hear two hacker doctors and a tech activist talk about who's on the right side of history \nand how the people on the wrong side of history are trying to turn you into a walking inkjet printer, locked into an app store.","end_timestamp":{"seconds":1660412700,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48540,48890],"conference_id":65,"event_ids":[48570,48881],"name":"Jeff “r3plicant” Tully MD","affiliations":[{"organization":"","title":"Anesthesiologist at The University of California San Diego"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/JeffTullyMD"}],"pronouns":null,"media":[],"id":47870,"title":"Anesthesiologist at The University of California San Diego"},{"content_ids":[48540,48890],"conference_id":65,"event_ids":[48570,48881],"name":"Christian \"quaddi\" Dameff MD","affiliations":[{"organization":"","title":"Emergency Medicine Physician & Hacker at The University of California San Diego"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/CDameffMD"}],"media":[],"id":47880,"title":"Emergency Medicine Physician & Hacker at The University of California San Diego"},{"content_ids":[48540],"conference_id":65,"event_ids":[48570],"name":"Cory Doctorow","affiliations":[{"organization":"","title":"Science fiction author, activist and journalist"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/doctorow"}],"media":[],"id":47892,"title":"Science fiction author, activist and journalist"}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242205"}],"end":"2022-08-13T17:45:00.000-0000","id":48570,"village_id":null,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"tag_ids":[45241,45375,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47880},{"tag_id":565,"sort_order":1,"person_id":47892},{"tag_id":565,"sort_order":1,"person_id":47870}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Hundreds of thousands of human hours are invested every year in finding common security vulnerabilities with relatively simple fixes. These vulnerabilities aren’t sexy, cool, or new, we’ve known about them for years, but they’re everywhere!\n\nThe scale of GitHub & tools like CodeQL (GitHub's code query language) enable one to scan for vulnerabilities across hundreds of thousands of OSS projects, but the challenge is how to scale the triaging, reporting, and fixing. Simply automating the creation of thousands of bug reports by itself isn’t useful, & would be even more of a burden on volunteer maintainers of OSS projects. Ideally the maintainers would be provided with not only information about the vulnerability, but also a fix in the form of an easily actionable pull request.\n\nWhen facing a problem of this scale, what is the most efficient way to leverage researcher knowledge to fix the most vulnerabilities across OSS? This talk will cover a highly scalable solution - automated bulk pull request generation. We’ll discuss the practical applications of this technique on real world OSS projects. We’ll also cover technologies like CodeQL & OpenRewrite (a style-preserving refactoring tool created at Netflix & now developed by Moderne). Let’s not just talk about vulnerabilities, let’s actually fix them at scale.\n\n\n","title":"Scaling the Security Researcher to Eliminate OSS Vulnerabilities Once and For All","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"end_timestamp":{"seconds":1660412700,"nanoseconds":0},"android_description":"Hundreds of thousands of human hours are invested every year in finding common security vulnerabilities with relatively simple fixes. These vulnerabilities aren’t sexy, cool, or new, we’ve known about them for years, but they’re everywhere!\n\nThe scale of GitHub & tools like CodeQL (GitHub's code query language) enable one to scan for vulnerabilities across hundreds of thousands of OSS projects, but the challenge is how to scale the triaging, reporting, and fixing. Simply automating the creation of thousands of bug reports by itself isn’t useful, & would be even more of a burden on volunteer maintainers of OSS projects. Ideally the maintainers would be provided with not only information about the vulnerability, but also a fix in the form of an easily actionable pull request.\n\nWhen facing a problem of this scale, what is the most efficient way to leverage researcher knowledge to fix the most vulnerabilities across OSS? This talk will cover a highly scalable solution - automated bulk pull request generation. We’ll discuss the practical applications of this technique on real world OSS projects. We’ll also cover technologies like CodeQL & OpenRewrite (a style-preserving refactoring tool created at Netflix & now developed by Moderne). Let’s not just talk about vulnerabilities, let’s actually fix them at scale.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48541],"conference_id":65,"event_ids":[48559],"name":"Jonathan Leitschuh","affiliations":[{"organization":"","title":"OSS Security Researcher - Dan Kaminsky Fellowship @ HUMAN Security"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/jonathan-leitschuh-94553661"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/JLLeitschuh"}],"media":[],"id":47835,"title":"OSS Security Researcher - Dan Kaminsky Fellowship @ HUMAN Security"}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242207"}],"end":"2022-08-13T17:45:00.000-0000","id":48559,"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"tag_ids":[45241,45279,45375,45450],"village_id":null,"includes":"Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47835}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 401-410, 421 (Track 3)","hotel":"","short_name":"401-410, 421 (Track 3)","id":45374},"begin":"2022-08-13T17:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Terry Gilliam’s 1985 cult film Brazil posits a polluted, hyper-consumerist and totalitarian dystopia in which a renegade heating engineer, Archibald Tuttle, takes great risks to conduct repairs outside of the stifling and inefficient bureaucracy of “Central Services.” When Tuttle’s rogue repairs are detected, Central Services workers demolish and seize repaired systems under the pretext of “fixing” them. It’s dark. It's also not so far off from our present reality in which device makers use always-on Internet connections, DRM and expansive copyright and IP claims to sustain “Central Services”-like monopolies on the service and repair of appliances, agricultural and medical equipment, personal electronics and more. The net effect of this is a less- not more secure ecosystem of connected things that burdens consumers, businesses and the planet. Our panel of repair and cybersecurity experts will delve into how OEMs’ anti-repair arguments trumpet cybersecurity risks, while strangling independent repair and dissembling about the abysmal state of embedded device security. We’ll also examine how the emergent “right to repair” movement aims to dismantle this emerging “Brazil” style dystopia and lay the foundation for a “circular” economy that reduces waste while also ensuring better security and privacy protections for technology users.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"title":"Brazil Redux: Short Circuiting Tech-Enabled Dystopia with The Right to Repair","end_timestamp":{"seconds":1660414500,"nanoseconds":0},"android_description":"Terry Gilliam’s 1985 cult film Brazil posits a polluted, hyper-consumerist and totalitarian dystopia in which a renegade heating engineer, Archibald Tuttle, takes great risks to conduct repairs outside of the stifling and inefficient bureaucracy of “Central Services.” When Tuttle’s rogue repairs are detected, Central Services workers demolish and seize repaired systems under the pretext of “fixing” them. It’s dark. It's also not so far off from our present reality in which device makers use always-on Internet connections, DRM and expansive copyright and IP claims to sustain “Central Services”-like monopolies on the service and repair of appliances, agricultural and medical equipment, personal electronics and more. The net effect of this is a less- not more secure ecosystem of connected things that burdens consumers, businesses and the planet. Our panel of repair and cybersecurity experts will delve into how OEMs’ anti-repair arguments trumpet cybersecurity risks, while strangling independent repair and dissembling about the abysmal state of embedded device security. We’ll also examine how the emergent “right to repair” movement aims to dismantle this emerging “Brazil” style dystopia and lay the foundation for a “circular” economy that reduces waste while also ensuring better security and privacy protections for technology users.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48539,49270],"conference_id":65,"event_ids":[48501,49343],"name":"Corynne McSherry","affiliations":[{"organization":"","title":"Legal Director, Electronic Frontier Foundation"}],"links":[{"description":"","title":"Profile","sort_order":0,"url":"https://www.eff.org/about/staff/corynne-mcsherry"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/cmcsherr"}],"pronouns":null,"media":[],"id":47863,"title":"Legal Director, Electronic Frontier Foundation"},{"content_ids":[48539],"conference_id":65,"event_ids":[48501],"name":"Kyle Wiens","affiliations":[{"organization":"","title":"CEO, iFixit"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/kwiens"},{"description":"","title":"Twitter ifixit","sort_order":0,"url":"https://twitter.com/ifixit"},{"description":"","title":"Website","sort_order":0,"url":"https://www.ifixit.com/"}],"media":[],"id":47882,"title":"CEO, iFixit"},{"content_ids":[48539],"conference_id":65,"event_ids":[48501],"name":"Joe Grand","affiliations":[{"organization":"","title":"Founder and CEO, Grand Idea Studios"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/joegrand"},{"description":"","title":"YouTube","sort_order":0,"url":"https://www.youtube.com/c/JoeGrand"}],"pronouns":null,"media":[],"id":47887,"title":"Founder and CEO, Grand Idea Studios"},{"content_ids":[48539],"conference_id":65,"event_ids":[48501],"name":"Paul Roberts","affiliations":[{"organization":"","title":"Founder, SecuRepairs.org, Editor in Chief, The Security Ledger"}],"pronouns":null,"links":[{"description":"","title":"Twitter paulfroberts","sort_order":0,"url":"https://twitter.com/paulfroberts"},{"description":"","title":"Twitter securepairs","sort_order":0,"url":"https://twitter.com/securepairs"},{"description":"","title":"Twitter securityledger","sort_order":0,"url":"https://twitter.com/securityledger"},{"description":"","title":"https://fighttorepair.substack.com/","sort_order":0,"url":"https://fighttorepair.substack.com/"},{"description":"","title":"https://www.securepairs.org/","sort_order":0,"url":"https://www.securepairs.org/"},{"description":"","title":"https://www.securityledger.com/","sort_order":0,"url":"https://www.securityledger.com/"}],"media":[],"id":47889,"title":"Founder, SecuRepairs.org, Editor in Chief, The Security Ledger"},{"content_ids":[48539],"conference_id":65,"event_ids":[48501],"name":"Louis Rossmann","affiliations":[{"organization":"","title":"Founder, Rossmanngroup.com"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/rossmannsupply"},{"description":"","title":"YouTube","sort_order":0,"url":"https://www.youtube.com/user/rossmanngroup"}],"pronouns":null,"media":[],"id":47897,"title":"Founder, Rossmanngroup.com"}],"timeband_id":892,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242197"}],"end":"2022-08-13T18:15:00.000-0000","id":48501,"village_id":null,"tag_ids":[45241,45375,45450],"begin_timestamp":{"seconds":1660410000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47863},{"tag_id":565,"sort_order":1,"person_id":47887},{"tag_id":565,"sort_order":1,"person_id":47882},{"tag_id":565,"sort_order":1,"person_id":47897},{"tag_id":565,"sort_order":1,"person_id":47889}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 104-105, 135-136 (Track 1)","hotel":"","short_name":"104-105, 135-136 (Track 1)","id":45372},"updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-13T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"This talk focuses on using Python to acquire LIVE open-source intelligence (OSINT) from tweets and the associated images, videos, and translated emojis from geographically bounded areas anywhere in the world. This method delivers a plethora of information (tweets, images, videos, emojis, friends, followers, and detailed mapping of movement) within a specific time/space continuum, including chronolocation data. Twitter routinely removes tweets and images from their platform based on policy violations and other influences. By acquiring them “at the moment they are tweeted” provides timely access to live events, as well as the ability to preserve future redacted information. Our ability to generate alerts of aberrant behaviors through the lens of those on the scene has never been more important. The lecture and demonstration will include real examples of collections and mapping from war zones, natural disasters, social unrest, and criminal activity.\n\n\n","title":"Geo-Targeting Live Tweets","type":{"conference_id":65,"conference":"DEFCON30","color":"#a8c24b","updated_at":"2024-06-07T03:39+0000","name":"Skytalk","id":45291},"android_description":"This talk focuses on using Python to acquire LIVE open-source intelligence (OSINT) from tweets and the associated images, videos, and translated emojis from geographically bounded areas anywhere in the world. This method delivers a plethora of information (tweets, images, videos, emojis, friends, followers, and detailed mapping of movement) within a specific time/space continuum, including chronolocation data. Twitter routinely removes tweets and images from their platform based on policy violations and other influences. By acquiring them “at the moment they are tweeted” provides timely access to live events, as well as the ability to preserve future redacted information. Our ability to generate alerts of aberrant behaviors through the lens of those on the scene has never been more important. The lecture and demonstration will include real examples of collections and mapping from war zones, natural disasters, social unrest, and criminal activity.","end_timestamp":{"seconds":1660411200,"nanoseconds":0},"updated_timestamp":{"seconds":1659591180,"nanoseconds":0},"speakers":[{"content_ids":[49337,49392],"conference_id":65,"event_ids":[49539,49437],"name":"Chet Hosmer","affiliations":[{"organization":"University of Arizona, Cyber Operations","title":"Professor of Practice"}],"links":[],"pronouns":null,"media":[],"id":48750,"title":"Professor of Practice at University of Arizona, Cyber Operations"}],"timeband_id":892,"links":[],"end":"2022-08-13T17:20:00.000-0000","id":49539,"village_id":30,"tag_ids":[40272,45291,45340,45373,45453],"begin_timestamp":{"seconds":1660408200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48750}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45438,"name":"LINQ - BLOQ (SkyTalks 303)","hotel":"","short_name":"BLOQ (SkyTalks 303)","id":45413},"spans_timebands":"N","updated":"2022-08-04T05:33:00.000-0000","begin":"2022-08-13T16:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"🍻☕🎉🥳\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#74a6bb","name":"DEF CON Groups VR","id":45449},"title":"DCGVR - Social Hour","android_description":"🍻☕🎉🥳","end_timestamp":{"seconds":1660410000,"nanoseconds":0},"updated_timestamp":{"seconds":1660256880,"nanoseconds":0},"speakers":[],"timeband_id":892,"end":"2022-08-13T17:00:00.000-0000","links":[{"label":"URL","type":"link","url":"https://account.altvr.com/events/2059997537997160822"}],"id":49942,"tag_ids":[45374,45449],"begin_timestamp":{"seconds":1660406400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - DEF CON Groups VR","hotel":"","short_name":"DEF CON Groups VR","id":45523},"spans_timebands":"N","begin":"2022-08-13T16:00:00.000-0000","updated":"2022-08-11T22:28:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Try yourself in ATM, Online bank, POS and Cards hacking challenges.\r\n\r\nPlease join the DEF CON Discord and see the #payv-labs-text channel for more information. \n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cad46b","name":"Payment Village","id":45380},"title":"Payment Hacking Challenge","end_timestamp":{"seconds":1660424400,"nanoseconds":0},"android_description":"Try yourself in ATM, Online bank, POS and Cards hacking challenges.\r\n\r\nPlease join the DEF CON Discord and see the #payv-labs-text channel for more information.","updated_timestamp":{"seconds":1660259820,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[{"label":"Discord #payv-labs-text","type":"link","url":"https://discord.com/channels/708208267699945503/732733473558626314"}],"end":"2022-08-13T21:00:00.000-0000","id":49561,"tag_ids":[40263,45366,45374,45380],"begin_timestamp":{"seconds":1660406400,"nanoseconds":0},"village_id":21,"includes":"","people":[],"tags":"Challenge","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - Payment Village","hotel":"","short_name":"Payment Village","id":45414},"spans_timebands":"N","updated":"2022-08-11T23:17:00.000-0000","begin":"2022-08-13T16:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"CALLING ALL KIDS! Come use your VS super skills and powers to work with a team of heroes SE COMMUNITY YOUTH CHALLENGE or villains.\r\n\r\nThe balance of good and evil will be determined by individual participants completing various challenges in this ‘Choose Your Own Adventure’ style event. By participating in this event, you will have opportunities to interact and learn from many other incredible villages at DEF CON while at the same time improving your Social Engineering abilities. If successful, you may even have the chance to help your team prevail and become the ultimate Superhero or Supervillain!\n\n\n","title":"Heroes vs Villians, a SEC Youth Challenge","type":{"conference_id":65,"conference":"DEFCON30","color":"#504dd0","updated_at":"2024-06-07T03:39+0000","name":"Social Engineering Community Village","id":45370},"end_timestamp":{"seconds":1660438800,"nanoseconds":0},"android_description":"CALLING ALL KIDS! Come use your VS super skills and powers to work with a team of heroes SE COMMUNITY YOUTH CHALLENGE or villains.\r\n\r\nThe balance of good and evil will be determined by individual participants completing various challenges in this ‘Choose Your Own Adventure’ style event. By participating in this event, you will have opportunities to interact and learn from many other incredible villages at DEF CON while at the same time improving your Social Engineering abilities. If successful, you may even have the chance to help your team prevail and become the ultimate Superhero or Supervillain!","updated_timestamp":{"seconds":1659670980,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[{"label":"Twitter","type":"link","url":"https://twitter.com/sec_defcon"},{"label":"Website","type":"link","url":"https://www.se.community/events/youth-challenge/"}],"end":"2022-08-14T01:00:00.000-0000","id":49497,"tag_ids":[40273,45366,45370,45453],"begin_timestamp":{"seconds":1660406400,"nanoseconds":0},"village_id":31,"includes":"","people":[],"tags":"Challenge","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social A (Social Engineering Community)","hotel":"","short_name":"Social A (Social Engineering Community)","id":45418},"updated":"2022-08-05T03:43:00.000-0000","begin":"2022-08-13T16:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In this competition, teams go toe to toe by placing live vishing (voice phishing) phone calls in front of the Social Engineering Community audience at DEF CON. These calls showcase the duality of ease and complexity of the craft against the various levels of preparedness and defenses by actual companies.\r\n\r\nTeams can consist of 1-3 individuals, which we hope allows for teams to utilize novel techniques to implement different Social Engineering tactics. Each team is provided limited time to place as many calls as possible from a soundproof booth. During that time, their goal is to elicit from the receiver as many objectives as possible. Whether you’re an attacker, defender, business executive, or brand new to this community, you can learn by witnessing firsthand how easy it is for some competitors to schmooze their way to their goals and how well prepared some companies are to shut down those competitors!\n\n\n","title":"Vishing Competition (SECVC) - LIVE CALLS","type":{"conference_id":65,"conference":"DEFCON30","color":"#504dd0","updated_at":"2024-06-07T03:39+0000","name":"Social Engineering Community Village","id":45370},"android_description":"In this competition, teams go toe to toe by placing live vishing (voice phishing) phone calls in front of the Social Engineering Community audience at DEF CON. These calls showcase the duality of ease and complexity of the craft against the various levels of preparedness and defenses by actual companies.\r\n\r\nTeams can consist of 1-3 individuals, which we hope allows for teams to utilize novel techniques to implement different Social Engineering tactics. Each team is provided limited time to place as many calls as possible from a soundproof booth. During that time, their goal is to elicit from the receiver as many objectives as possible. Whether you’re an attacker, defender, business executive, or brand new to this community, you can learn by witnessing firsthand how easy it is for some competitors to schmooze their way to their goals and how well prepared some companies are to shut down those competitors!","end_timestamp":{"seconds":1660417200,"nanoseconds":0},"updated_timestamp":{"seconds":1659671340,"nanoseconds":0},"speakers":[],"timeband_id":892,"end":"2022-08-13T19:00:00.000-0000","links":[{"label":"Website","type":"link","url":"https://www.se.community/events/vishing-competition/"},{"label":"Twitter","type":"link","url":"https://twitter.com/sec_defcon"}],"id":49495,"tag_ids":[40273,45359,45370,45453],"village_id":31,"begin_timestamp":{"seconds":1660406400,"nanoseconds":0},"includes":"","people":[],"tags":"Competition","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social A (Social Engineering Community)","hotel":"","short_name":"Social A (Social Engineering Community)","id":45418},"spans_timebands":"N","begin":"2022-08-13T16:00:00.000-0000","updated":"2022-08-05T03:49:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there. \r\n\r\nAll chillout lounges are planned to be open 09:00 - 18:00 for chillout purposes. Each may be open at other times for parties, meetups, etc.\r\n\r\nEntertainment schedule:\r\n\r\n09:00 to 12:00 - Pie & Darren\r\n12:00 to 13:30 - Kampf\r\n13:30 to 14:30 - s1gnsofl1fe\r\n14:30 to 15:30 - Merin MC\r\n15:30 to 16:30 - Rusty\r\n16:30 to 18:00 - djdead\n\n\n","title":"Chillout Lounge (with entertainment)","type":{"conference_id":65,"conference":"DEFCON30","color":"#9b8b77","updated_at":"2024-06-07T03:39+0000","name":"Entertainment","id":45326},"end_timestamp":{"seconds":1660438800,"nanoseconds":0},"android_description":"The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there. \r\n\r\nAll chillout lounges are planned to be open 09:00 - 18:00 for chillout purposes. Each may be open at other times for parties, meetups, etc.\r\n\r\nEntertainment schedule:\r\n\r\n09:00 to 12:00 - Pie & Darren\r\n12:00 to 13:30 - Kampf\r\n13:30 to 14:30 - s1gnsofl1fe\r\n14:30 to 15:30 - Merin MC\r\n15:30 to 16:30 - Rusty\r\n16:30 to 18:00 - djdead","updated_timestamp":{"seconds":1659477660,"nanoseconds":0},"speakers":[{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Pie & Darren","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48409},{"content_ids":[48987],"conference_id":65,"event_ids":[49461,48988,48987,48989,49455,49457,49459,49467,49469],"name":"Kampf","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48410},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"s1gnsofl1fe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48411},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Merin MC","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48412},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Rusty","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48413},{"content_ids":[48987],"conference_id":65,"event_ids":[49461,48988,48987,48989,49455,49457,49459,49467,49469],"name":"djdead","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48414}],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49469,"begin_timestamp":{"seconds":1660406400,"nanoseconds":0},"village_id":null,"tag_ids":[45326,45373,45450,45451,45453],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48410},{"tag_id":565,"sort_order":1,"person_id":48412},{"tag_id":565,"sort_order":1,"person_id":48409},{"tag_id":565,"sort_order":1,"person_id":48413},{"tag_id":565,"sort_order":1,"person_id":48414},{"tag_id":565,"sort_order":1,"person_id":48411}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Reno I Ballroom (Chillout Lounge)","hotel":"","short_name":"Reno I Ballroom (Chillout Lounge)","id":45493},"spans_timebands":"N","updated":"2022-08-02T22:01:00.000-0000","begin":"2022-08-13T16:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there. \r\n\r\nAll chillout lounges are planned to be open 09:00 - 18:00 for chillout purposes. Each may be open at other times for parties, meetups, etc.\r\n\r\nEntertainment schedule:\r\n\r\n09:00 to 12:00 - Pie & Darren\r\n12:00 to 13:30 - Kampf\r\n13:30 to 14:30 - s1gnsofl1fe\r\n14:30 to 15:30 - Merin MC\r\n15:30 to 16:30 - Rusty\r\n16:30 to 18:00 - djdead\n\n\n","title":"Chillout Lounge (with entertainment)","type":{"conference_id":65,"conference":"DEFCON30","color":"#9b8b77","updated_at":"2024-06-07T03:39+0000","name":"Entertainment","id":45326},"end_timestamp":{"seconds":1660438800,"nanoseconds":0},"android_description":"The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there. \r\n\r\nAll chillout lounges are planned to be open 09:00 - 18:00 for chillout purposes. Each may be open at other times for parties, meetups, etc.\r\n\r\nEntertainment schedule:\r\n\r\n09:00 to 12:00 - Pie & Darren\r\n12:00 to 13:30 - Kampf\r\n13:30 to 14:30 - s1gnsofl1fe\r\n14:30 to 15:30 - Merin MC\r\n15:30 to 16:30 - Rusty\r\n16:30 to 18:00 - djdead","updated_timestamp":{"seconds":1659477660,"nanoseconds":0},"speakers":[{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Pie & Darren","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48409},{"content_ids":[48987],"conference_id":65,"event_ids":[49461,48988,48987,48989,49455,49457,49459,49467,49469],"name":"Kampf","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48410},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"s1gnsofl1fe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48411},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Merin MC","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48412},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Rusty","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48413},{"content_ids":[48987],"conference_id":65,"event_ids":[49461,48988,48987,48989,49455,49457,49459,49467,49469],"name":"djdead","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48414}],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49461,"village_id":null,"tag_ids":[45326,45373,45450,45451,45453],"begin_timestamp":{"seconds":1660406400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48410},{"tag_id":565,"sort_order":1,"person_id":48412},{"tag_id":565,"sort_order":1,"person_id":48409},{"tag_id":565,"sort_order":1,"person_id":48413},{"tag_id":565,"sort_order":1,"person_id":48414},{"tag_id":565,"sort_order":1,"person_id":48411}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Chillout","hotel":"","short_name":"Chillout","id":45449},"updated":"2022-08-02T22:01:00.000-0000","begin":"2022-08-13T16:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there. \r\n\r\nAll chillout lounges are planned to be open 09:00 - 18:00 for chillout purposes. Each may be open at other times for parties, meetups, etc.\r\n\r\nEntertainment schedule:\r\n\r\n09:00 to 12:00 - Pie & Darren\r\n12:00 to 13:30 - Kampf\r\n13:30 to 14:30 - s1gnsofl1fe\r\n14:30 to 15:30 - Merin MC\r\n15:30 to 16:30 - Rusty\r\n16:30 to 18:00 - djdead\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#9b8b77","name":"Entertainment","id":45326},"title":"Chillout Lounge (with entertainment)","android_description":"The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there. \r\n\r\nAll chillout lounges are planned to be open 09:00 - 18:00 for chillout purposes. Each may be open at other times for parties, meetups, etc.\r\n\r\nEntertainment schedule:\r\n\r\n09:00 to 12:00 - Pie & Darren\r\n12:00 to 13:30 - Kampf\r\n13:30 to 14:30 - s1gnsofl1fe\r\n14:30 to 15:30 - Merin MC\r\n15:30 to 16:30 - Rusty\r\n16:30 to 18:00 - djdead","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1659477660,"nanoseconds":0},"speakers":[{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Pie & Darren","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48409},{"content_ids":[48987],"conference_id":65,"event_ids":[49461,48988,48987,48989,49455,49457,49459,49467,49469],"name":"Kampf","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48410},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"s1gnsofl1fe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48411},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Merin MC","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48412},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Rusty","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48413},{"content_ids":[48987],"conference_id":65,"event_ids":[49461,48988,48987,48989,49455,49457,49459,49467,49469],"name":"djdead","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48414}],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":49457,"begin_timestamp":{"seconds":1660406400,"nanoseconds":0},"tag_ids":[45326,45373,45450,45451,45453],"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48410},{"tag_id":565,"sort_order":1,"person_id":48412},{"tag_id":565,"sort_order":1,"person_id":48409},{"tag_id":565,"sort_order":1,"person_id":48413},{"tag_id":565,"sort_order":1,"person_id":48414},{"tag_id":565,"sort_order":1,"person_id":48411}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Carson City I (Chillout)","hotel":"","short_name":"Carson City I (Chillout)","id":45477},"spans_timebands":"N","updated":"2022-08-02T22:01:00.000-0000","begin":"2022-08-13T16:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"All merch sales are USD CASH ONLY. No cards will be accepted.\r\n\r\nThe published hours for the merch area are only an approximation: supplies are limited, and when merch is sold out, the merch area will close. (We intend to update this schedule to reflect their true operating status, but this is strictly best-effort.)\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#77d8b8","updated_at":"2024-06-07T03:39+0000","name":"Misc","id":45342},"title":"Merch (formerly swag) Area Open -- README","end_timestamp":{"seconds":1660431600,"nanoseconds":0},"android_description":"All merch sales are USD CASH ONLY. No cards will be accepted.\r\n\r\nThe published hours for the merch area are only an approximation: supplies are limited, and when merch is sold out, the merch area will close. (We intend to update this schedule to reflect their true operating status, but this is strictly best-effort.)","updated_timestamp":{"seconds":1660233480,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-13T23:00:00.000-0000","id":49264,"tag_ids":[45342,45373,45450],"village_id":null,"begin_timestamp":{"seconds":1660406400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 229 (Merch)","hotel":"","short_name":"229 (Merch)","id":45446},"spans_timebands":"N","begin":"2022-08-13T16:00:00.000-0000","updated":"2022-08-11T15:58:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Malware continues to advance in sophistication. Well-engineered malware can obfuscate itself from the user and the OS. Volatile memory is the unique structure malware cannot evade. I have engineered a new construct for memory analysis and a new open-source tool that automates memory analysis, correlation, and user-interaction to increase investigation accuracy, reduce analysis time and workload, and better detect malware presence from memory. This workshop introduces a new visualization construct that creates the ability to interact with memory analysis artifacts. We will cover how to conducted advanced memory analysis utilizing this brand new tool that will greatly enhance the analysis process. Additionally, we will learn how to use new Data XREF and System Manifest features in this workshop. Data XREF provides an index and memory context detailing how your search data is coupled with processes, modules, and events captured in memory. The System Manifest distills the analysis data to create a new memory analysis snapshot and precise identification of malicious artifacts detectable from malware execution especially useful for exploit dev and malware analysis! This talk is perfect if you have conducted memory analysis before and understand the pain it is to conduct this type of analysis by hand. In this workshop, we will work with a new revolutionary tool to automate, correlate, and enrich memory analysis saving you hours of analysis time. This work shop exposes participants to capture-the-flag memory analysis challenges utilizing the new Xavier Memory Analysis Framework and concludes with a culminating capstone exercise at the end. Participants will walk away with advanced memory analysis capabilities including how to recognize and handle various forms of advance code injection and rootkit hooking techniques from computer memory.\n\nMaterials:\nJust a laptop with VirtualBox installed. I will provide the memory images with all tools configured ready for the workshop.\n\nPrereq:\nNone\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#eab14f","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Workshop (Sold Out)","id":45336},"title":"Master Class: Delivering a New Construct in Advanced Volatile Memory Analysis for Fun and Profit","end_timestamp":{"seconds":1660420800,"nanoseconds":0},"android_description":"Malware continues to advance in sophistication. Well-engineered malware can obfuscate itself from the user and the OS. Volatile memory is the unique structure malware cannot evade. I have engineered a new construct for memory analysis and a new open-source tool that automates memory analysis, correlation, and user-interaction to increase investigation accuracy, reduce analysis time and workload, and better detect malware presence from memory. This workshop introduces a new visualization construct that creates the ability to interact with memory analysis artifacts. We will cover how to conducted advanced memory analysis utilizing this brand new tool that will greatly enhance the analysis process. Additionally, we will learn how to use new Data XREF and System Manifest features in this workshop. Data XREF provides an index and memory context detailing how your search data is coupled with processes, modules, and events captured in memory. The System Manifest distills the analysis data to create a new memory analysis snapshot and precise identification of malicious artifacts detectable from malware execution especially useful for exploit dev and malware analysis! This talk is perfect if you have conducted memory analysis before and understand the pain it is to conduct this type of analysis by hand. In this workshop, we will work with a new revolutionary tool to automate, correlate, and enrich memory analysis saving you hours of analysis time. This work shop exposes participants to capture-the-flag memory analysis challenges utilizing the new Xavier Memory Analysis Framework and concludes with a culminating capstone exercise at the end. Participants will walk away with advanced memory analysis capabilities including how to recognize and handle various forms of advance code injection and rootkit hooking techniques from computer memory.\n\nMaterials:\nJust a laptop with VirtualBox installed. I will provide the memory images with all tools configured ready for the workshop.\n\nPrereq:\nNone","updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[48742,49131],"conference_id":65,"event_ids":[48749,49170],"name":"Solomon Sonya","affiliations":[{"organization":"","title":"Director of Cyber Operations Training"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Carpenter1010"}],"media":[],"id":48051,"title":"Director of Cyber Operations Training"}],"timeband_id":892,"links":[],"end":"2022-08-13T20:00:00.000-0000","id":49170,"begin_timestamp":{"seconds":1660406400,"nanoseconds":0},"tag_ids":[45336,45345,45373,45452],"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48051}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Ely (Workshops)","hotel":"","short_name":"Ely (Workshops)","id":45486},"spans_timebands":"N","begin":"2022-08-13T16:00:00.000-0000","updated":"2022-07-30T05:13:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In a world of decreasing privacy, it's important that users can communicate P2P without any reliance on centralized solutions. But how do computers connect directly to each other without having external IP addresses, using an insecure protocol like UPnP, manually port forwarding, or routing through intermediary services like Signal, Skype, or Telegram? The traditional solution to this problem has been to trust companies and just route our data though their servers. We can totally trust them, right? If the future of secure communication depends on companies to route our traffic, then I would argue that the future of communications is insecure. There must be a better solution more in line with privacy fundamentals.\n \nReverse Network Tunneling, i.e. UDP Hole Punching, is a powerful technique that makes it possible for computers with internal IP addresses that are inaccessible on the Internet to be able to connect to each other directly, and therefore become accessible. As crazy as this sounds, it's real and works. This has multiple applications in the real world, such as allowing a pentester to directly connect to a victim that is hidden behind a router. Network tunneling also invalidates the need of centralized services provided by companies that log, surveil and profit from our traffic. Imagine how the future of secure communications would change if all of our online interactions were off-the-grid?\n \nThis workshop shows you how to punch holes through external routers to allow computers that were once hidden from the Internet to connect to each other P2P. If you've ever wanted to tunnel into private networks and access internal computers, then this workshop is for you. Create a botnet, backdoor, or even the next great privacy app - the sky's the limit! This is a beginner-level, technical workshop and requires that attendees have some prior experience in at least one programming language, such as Python, JavaScript or C++. Bring your laptop and a strong appetite for pwning network devices.\n\nMaterials:\nLaptop with Windows, Linux, or OSX. USB flash drive for copying program materials (optional).\n\nPrereq:\nPrevious experience in at least one programming language is required. Previous experience with Python or C/C++ is recommended, but not required.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#eab14f","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Workshop (Sold Out)","id":45336},"title":"Dig Dug: The Lost Art of Network Tunneling","end_timestamp":{"seconds":1660420800,"nanoseconds":0},"android_description":"In a world of decreasing privacy, it's important that users can communicate P2P without any reliance on centralized solutions. But how do computers connect directly to each other without having external IP addresses, using an insecure protocol like UPnP, manually port forwarding, or routing through intermediary services like Signal, Skype, or Telegram? The traditional solution to this problem has been to trust companies and just route our data though their servers. We can totally trust them, right? If the future of secure communication depends on companies to route our traffic, then I would argue that the future of communications is insecure. There must be a better solution more in line with privacy fundamentals.\n \nReverse Network Tunneling, i.e. UDP Hole Punching, is a powerful technique that makes it possible for computers with internal IP addresses that are inaccessible on the Internet to be able to connect to each other directly, and therefore become accessible. As crazy as this sounds, it's real and works. This has multiple applications in the real world, such as allowing a pentester to directly connect to a victim that is hidden behind a router. Network tunneling also invalidates the need of centralized services provided by companies that log, surveil and profit from our traffic. Imagine how the future of secure communications would change if all of our online interactions were off-the-grid?\n \nThis workshop shows you how to punch holes through external routers to allow computers that were once hidden from the Internet to connect to each other P2P. If you've ever wanted to tunnel into private networks and access internal computers, then this workshop is for you. Create a botnet, backdoor, or even the next great privacy app - the sky's the limit! This is a beginner-level, technical workshop and requires that attendees have some prior experience in at least one programming language, such as Python, JavaScript or C++. Bring your laptop and a strong appetite for pwning network devices.\n\nMaterials:\nLaptop with Windows, Linux, or OSX. USB flash drive for copying program materials (optional).\n\nPrereq:\nPrevious experience in at least one programming language is required. Previous experience with Python or C/C++ is recommended, but not required.","updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[49132],"conference_id":65,"event_ids":[49167],"name":"Cam","affiliations":[{"organization":"","title":"Developer, Hacker"}],"links":[],"pronouns":null,"media":[],"id":48552,"title":"Developer, Hacker"},{"content_ids":[49132],"conference_id":65,"event_ids":[49167],"name":"Eijah","affiliations":[{"organization":"Code Siren, LLC ","title":"Founder"}],"links":[],"pronouns":null,"media":[],"id":48556,"title":"Founder at Code Siren, LLC"}],"timeband_id":892,"links":[],"end":"2022-08-13T20:00:00.000-0000","id":49167,"begin_timestamp":{"seconds":1660406400,"nanoseconds":0},"tag_ids":[45336,45343,45373,45452],"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48552},{"tag_id":565,"sort_order":1,"person_id":48556}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Lake Tahoe (Workshops)","hotel":"","short_name":"Lake Tahoe (Workshops)","id":45481},"begin":"2022-08-13T16:00:00.000-0000","updated":"2022-07-30T05:13:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Breaking into the capture the flag (CTF) world can be daunting. With much of the world going virtual, many companies, organizations, and individuals are sponsoring capture the flag competitions and people are using these types of events, or various hacking platforms (e.g., Offensive Security's Proving Grounds or Hack The Box), to learn and practice new skills. Unfortunately, many feel overwhelmed when faced with these challenges or don't know where to start. This workshop will introduce the basics of CTFs and provide resources, tips, and fundamental skills that can be helpful when getting started.\n\nThis workshop will start with an overview of the CTF landscape, why we do them, and what value they have in the scope of the hacking community. This workshop will include various resources, a couple walkthroughs to show how to approach CTFs, and how it may differ from \"real world\" hacking challenges. Next, a short CTF will be hosted to give attendees hands-on experience solving challenges while being able to ask for help to successfully navigate the challenges. By the end of the workshop, the group will have worked through various types of CTF challenges, and have the confidence to participate in other CTFs hosted throughout the year.\n\nAreas of focus will include:\n* Common platforms and formats\n* Overview of online resources\n* Common tools used in CTFs and hacking challenges\n* Basics of web challenges\n* Basics of binary exploitation and reversing challenges\n* Basics of cryptographic challenges\n* Basics of forensic and network traffic challenges\n* Some ways of preparing for your next CTF / Hacking challenge\n\nMaterials:\nLaptop\nDebian-based Virtual Machine (e.g., Kali) is recommended, and USB install drives will be available\nVirtualized environment or Kali is not required but Kali will provide all the tools useful in solving the challenges and help standardize available tools. All challenge solutions will be possible using default Kali installations.\n\nPrereq:\nBe curious about CTFs and have a very basic knowledge of or exposure to fundamental topics (e.g., Linux, websites, networking, data encoding and encryption)\nExposure to the above concepts will help during the workshop defined CTF challenges but is not required for the workshop\n\n\n","title":"CTF 101: Breaking into CTFs (or “The Petting Zoo” - Breaking into CTFs)","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#eab14f","name":"DEF CON Workshop (Sold Out)","id":45336},"android_description":"Breaking into the capture the flag (CTF) world can be daunting. With much of the world going virtual, many companies, organizations, and individuals are sponsoring capture the flag competitions and people are using these types of events, or various hacking platforms (e.g., Offensive Security's Proving Grounds or Hack The Box), to learn and practice new skills. Unfortunately, many feel overwhelmed when faced with these challenges or don't know where to start. This workshop will introduce the basics of CTFs and provide resources, tips, and fundamental skills that can be helpful when getting started.\n\nThis workshop will start with an overview of the CTF landscape, why we do them, and what value they have in the scope of the hacking community. This workshop will include various resources, a couple walkthroughs to show how to approach CTFs, and how it may differ from \"real world\" hacking challenges. Next, a short CTF will be hosted to give attendees hands-on experience solving challenges while being able to ask for help to successfully navigate the challenges. By the end of the workshop, the group will have worked through various types of CTF challenges, and have the confidence to participate in other CTFs hosted throughout the year.\n\nAreas of focus will include:\n* Common platforms and formats\n* Overview of online resources\n* Common tools used in CTFs and hacking challenges\n* Basics of web challenges\n* Basics of binary exploitation and reversing challenges\n* Basics of cryptographic challenges\n* Basics of forensic and network traffic challenges\n* Some ways of preparing for your next CTF / Hacking challenge\n\nMaterials:\nLaptop\nDebian-based Virtual Machine (e.g., Kali) is recommended, and USB install drives will be available\nVirtualized environment or Kali is not required but Kali will provide all the tools useful in solving the challenges and help standardize available tools. All challenge solutions will be possible using default Kali installations.\n\nPrereq:\nBe curious about CTFs and have a very basic knowledge of or exposure to fundamental topics (e.g., Linux, websites, networking, data encoding and encryption)\nExposure to the above concepts will help during the workshop defined CTF challenges but is not required for the workshop","end_timestamp":{"seconds":1660420800,"nanoseconds":0},"updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[49129],"conference_id":65,"event_ids":[49164],"name":"Chris Forte","affiliations":[{"organization":"","title":"Security Researcher"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://linkedin.com/in/itschrisforte"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/chris__forte"}],"pronouns":null,"media":[],"id":48505,"title":"Security Researcher"},{"content_ids":[49129],"conference_id":65,"event_ids":[49164],"name":"Robert Fitzpatrick","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48579}],"timeband_id":892,"links":[],"end":"2022-08-13T20:00:00.000-0000","id":49164,"village_id":null,"tag_ids":[45336,45343,45373,45452],"begin_timestamp":{"seconds":1660406400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48505},{"tag_id":565,"sort_order":1,"person_id":48579}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Silver (Workshops)","hotel":"","short_name":"Silver (Workshops)","id":45480},"begin":"2022-08-13T16:00:00.000-0000","updated":"2022-07-30T05:13:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Windows Defence Evasion and Fortification Primitives workshop will walk candidates through adapting initial access, code execution, credential access and lateral movement TTPs against commonly encountered defences (such as Anti-Virus, Endpoint Detection Tooling and Windows Credential Guard). Candidates will be challenged to think critically and expand their classroom knowledge of vulnerabilities against limitations in defensive technologies on Windows 10, 11, Server 2016 and Server 2019 systems.\n\nAgenda: \n- Connectivity and Setup Tests\n- Initial Endpoint Compromise and Code Execution\n - Discussing common defensive challenges\n - AV\n - Application control\n - Process relationship\n - Process flow using Attack Surface Reduction Rules\n - AMSI\n- Initial Access\n\t- DLL Hijacking/Proxying\n \t\t- Identifying common issues\n\t\t- Creating DLLs\n- Living out-of-land\n\t- SOCKS Proxy\n \t\t- Unmanaged code\n\t\t- Managed code\n- In-process/In-memory unmanaged code execution\n\t- Leveraging C2 capabilities\n\t- Injection\n- Credential Access\n\t- Interrogating Browsers\n \t\t- Information gathering\n \t\t- Extracting secrets\n\t- LSA\n\t\t- Running Mimikatz/Kekeo\n\t\t- What's a protected process?\n\t\t- In-memory patching using\n\t\t- Discussing other methods\n\t\t- Credential Guard\n\t\t- Remote Desktop Credential Guard\n\t\t- Effects of EDR\n\t\t- Kerberos\n\t\t\t- Session 0\n\t\t\t- Code Injection\n\t\t\t- TGS Exports\n- Lateral Movement\n - SMB\n - Artefacts\n - Customisation\n - Service\n - Named pipe\n - Alternatives (WinRM/RDP)\n - Artefacts\n - SOCKS Proxy\n\nMaterials:\nLaptop capable of outbound SSH/RDP to our labs. \n\nPrereq:\nWorkshop candidates should familiarise themself with common tooling (such as a C2, PowerShell, MS Build, Rubeus and Kekeo) and have experience using common Windows protocols (such as SMB and RDP). Suggested exercises and labs for this will be sent to registered candidates prior to the workshop.\n\n\n","title":"Windows Defence Evasion and Fortification Primitives","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#eab14f","name":"DEF CON Workshop (Sold Out)","id":45336},"end_timestamp":{"seconds":1660420800,"nanoseconds":0},"android_description":"The Windows Defence Evasion and Fortification Primitives workshop will walk candidates through adapting initial access, code execution, credential access and lateral movement TTPs against commonly encountered defences (such as Anti-Virus, Endpoint Detection Tooling and Windows Credential Guard). Candidates will be challenged to think critically and expand their classroom knowledge of vulnerabilities against limitations in defensive technologies on Windows 10, 11, Server 2016 and Server 2019 systems.\n\nAgenda: \n- Connectivity and Setup Tests\n- Initial Endpoint Compromise and Code Execution\n - Discussing common defensive challenges\n - AV\n - Application control\n - Process relationship\n - Process flow using Attack Surface Reduction Rules\n - AMSI\n- Initial Access\n\t- DLL Hijacking/Proxying\n \t\t- Identifying common issues\n\t\t- Creating DLLs\n- Living out-of-land\n\t- SOCKS Proxy\n \t\t- Unmanaged code\n\t\t- Managed code\n- In-process/In-memory unmanaged code execution\n\t- Leveraging C2 capabilities\n\t- Injection\n- Credential Access\n\t- Interrogating Browsers\n \t\t- Information gathering\n \t\t- Extracting secrets\n\t- LSA\n\t\t- Running Mimikatz/Kekeo\n\t\t- What's a protected process?\n\t\t- In-memory patching using\n\t\t- Discussing other methods\n\t\t- Credential Guard\n\t\t- Remote Desktop Credential Guard\n\t\t- Effects of EDR\n\t\t- Kerberos\n\t\t\t- Session 0\n\t\t\t- Code Injection\n\t\t\t- TGS Exports\n- Lateral Movement\n - SMB\n - Artefacts\n - Customisation\n - Service\n - Named pipe\n - Alternatives (WinRM/RDP)\n - Artefacts\n - SOCKS Proxy\n\nMaterials:\nLaptop capable of outbound SSH/RDP to our labs. \n\nPrereq:\nWorkshop candidates should familiarise themself with common tooling (such as a C2, PowerShell, MS Build, Rubeus and Kekeo) and have experience using common Windows protocols (such as SMB and RDP). Suggested exercises and labs for this will be sent to registered candidates prior to the workshop.","updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[49128],"conference_id":65,"event_ids":[49158],"name":"Paul Laîné","affiliations":[{"organization":"","title":"Senior Security Consultant"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/am0nsec"}],"pronouns":null,"media":[],"id":48575,"title":"Senior Security Consultant"},{"content_ids":[49128],"conference_id":65,"event_ids":[49158],"name":"Rohan Durve","affiliations":[{"organization":"","title":"Senior Security Consultant"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Decode141"}],"media":[],"id":48580,"title":"Senior Security Consultant"}],"timeband_id":892,"links":[],"end":"2022-08-13T20:00:00.000-0000","id":49158,"begin_timestamp":{"seconds":1660406400,"nanoseconds":0},"village_id":null,"tag_ids":[45336,45345,45373,45452],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48575},{"tag_id":565,"sort_order":1,"person_id":48580}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Reno (Workshops)","hotel":"","short_name":"Reno (Workshops)","id":45482},"spans_timebands":"N","begin":"2022-08-13T16:00:00.000-0000","updated":"2022-07-30T05:13:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Pivoting, tunneling, and redirection are essential skills that separate the junior and senior operators in the offensive security landscape. This workshop describes various techniques used to creatively route traffic through multiple network segments. Various tools and techniques will be discussed and demonstrated. Attendees will be able to practice these skills in a provided cyber range during and after the workshop. These are essential skills for every pentester, bug bounty hunter, and red team operator. But that's not all! Defenders will learn techniques for detecting these sorts of suspicious traffic in their network.\n\nMaterials:\nLaptop with wireless network adapter\n\nPrereq:\nMust have a laptop with an ssh client, students should have beginner experience with ssh and networking.\n\n\n","title":"Pivoting, Tunneling, and Redirection Master Class","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#eab14f","name":"DEF CON Workshop (Sold Out)","id":45336},"android_description":"Pivoting, tunneling, and redirection are essential skills that separate the junior and senior operators in the offensive security landscape. This workshop describes various techniques used to creatively route traffic through multiple network segments. Various tools and techniques will be discussed and demonstrated. Attendees will be able to practice these skills in a provided cyber range during and after the workshop. These are essential skills for every pentester, bug bounty hunter, and red team operator. But that's not all! Defenders will learn techniques for detecting these sorts of suspicious traffic in their network.\n\nMaterials:\nLaptop with wireless network adapter\n\nPrereq:\nMust have a laptop with an ssh client, students should have beginner experience with ssh and networking.","end_timestamp":{"seconds":1660420800,"nanoseconds":0},"updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[49130],"conference_id":65,"event_ids":[49154],"name":"Barrett Darnell","affiliations":[{"organization":"","title":"Principal Security Engineer"}],"links":[],"pronouns":null,"media":[],"id":48550,"title":"Principal Security Engineer"},{"content_ids":[49130],"conference_id":65,"event_ids":[49154],"name":"Wesley Thurner","affiliations":[{"organization":"","title":"Principal Security Engineer "}],"links":[],"pronouns":null,"media":[],"id":48586,"title":"Principal Security Engineer"}],"timeband_id":892,"links":[],"end":"2022-08-13T20:00:00.000-0000","id":49154,"tag_ids":[45336,45343,45373,45452],"village_id":null,"begin_timestamp":{"seconds":1660406400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48550},{"tag_id":565,"sort_order":1,"person_id":48586}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Copper (Workshops)","hotel":"","short_name":"Copper (Workshops)","id":45483},"updated":"2022-07-30T05:13:00.000-0000","begin":"2022-08-13T16:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Human Registration Open","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#77d8b8","name":"Misc","id":45342},"android_description":"","end_timestamp":{"seconds":1660442400,"nanoseconds":0},"updated_timestamp":{"seconds":1659150840,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T02:00:00.000-0000","id":49144,"begin_timestamp":{"seconds":1660406400,"nanoseconds":0},"village_id":null,"tag_ids":[45342,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 102","hotel":"","short_name":"102","id":45522},"spans_timebands":"N","updated":"2022-07-30T03:14:00.000-0000","begin":"2022-08-13T16:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there. \r\n\r\nAll chillout lounges are planned to be open 09:00 - 18:00 for chillout purposes. Each may be open at other times for parties, meetups, etc.\r\n\r\nEntertainment schedule:\r\n\r\n09:00 to 12:00 - Pie & Darren\r\n12:00 to 13:30 - Kampf\r\n13:30 to 14:30 - s1gnsofl1fe\r\n14:30 to 15:30 - Merin MC\r\n15:30 to 16:30 - Rusty\r\n16:30 to 18:00 - djdead\n\n\n","title":"Chillout Lounge (with entertainment)","type":{"conference_id":65,"conference":"DEFCON30","color":"#9b8b77","updated_at":"2024-06-07T03:39+0000","name":"Entertainment","id":45326},"android_description":"The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there. \r\n\r\nAll chillout lounges are planned to be open 09:00 - 18:00 for chillout purposes. Each may be open at other times for parties, meetups, etc.\r\n\r\nEntertainment schedule:\r\n\r\n09:00 to 12:00 - Pie & Darren\r\n12:00 to 13:30 - Kampf\r\n13:30 to 14:30 - s1gnsofl1fe\r\n14:30 to 15:30 - Merin MC\r\n15:30 to 16:30 - Rusty\r\n16:30 to 18:00 - djdead","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"updated_timestamp":{"seconds":1659477660,"nanoseconds":0},"speakers":[{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Pie & Darren","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48409},{"content_ids":[48987],"conference_id":65,"event_ids":[49461,48988,48987,48989,49455,49457,49459,49467,49469],"name":"Kampf","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48410},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"s1gnsofl1fe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48411},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Merin MC","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48412},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Rusty","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48413},{"content_ids":[48987],"conference_id":65,"event_ids":[49461,48988,48987,48989,49455,49457,49459,49467,49469],"name":"djdead","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48414}],"timeband_id":892,"links":[],"end":"2022-08-14T01:00:00.000-0000","id":48989,"tag_ids":[45326,45373,45450,45451,45453],"begin_timestamp":{"seconds":1660406400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48410},{"tag_id":565,"sort_order":1,"person_id":48412},{"tag_id":565,"sort_order":1,"person_id":48409},{"tag_id":565,"sort_order":1,"person_id":48413},{"tag_id":565,"sort_order":1,"person_id":48414},{"tag_id":565,"sort_order":1,"person_id":48411}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 120-123, 129, 137 (Chillout)","hotel":"","short_name":"120-123, 129, 137 (Chillout)","id":45397},"spans_timebands":"N","updated":"2022-08-02T22:01:00.000-0000","begin":"2022-08-13T16:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#504dd0","name":"Social Engineering Community Village","id":45370},"title":"Social Engineering Community Village opens - morning welcome and introduction","android_description":"","end_timestamp":{"seconds":1660406400,"nanoseconds":0},"updated_timestamp":{"seconds":1659503820,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-13T16:00:00.000-0000","id":49500,"tag_ids":[40273,45341,45370,45453],"village_id":31,"begin_timestamp":{"seconds":1660404600,"nanoseconds":0},"includes":"","people":[],"tags":"Village Event","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social A (Social Engineering Community)","hotel":"","short_name":"Social A (Social Engineering Community)","id":45418},"spans_timebands":"N","updated":"2022-08-03T05:17:00.000-0000","begin":"2022-08-13T15:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"If you find something that seems to have been lost, please take that item to the nearest infobooth. The item will enter the DEF CON Lost & Found system. \r\n\r\nIf you've lost something, the only way to check on it (or reclaim it) is by going to the Lost & Found department yourself. The Lost & Found department is in the room behind the infobooth that is in Caesars Forum, closest to Track 3 (across from rooms 222 and 407). If the infobooth is operating when you arrive, ask any on-duty goon for assistance. If the infobooth is closed, knock on the door behind the desk.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#77d8b8","name":"Misc","id":45342},"title":"Lost and Found Department Open (Generally)","android_description":"If you find something that seems to have been lost, please take that item to the nearest infobooth. The item will enter the DEF CON Lost & Found system. \r\n\r\nIf you've lost something, the only way to check on it (or reclaim it) is by going to the Lost & Found department yourself. The Lost & Found department is in the room behind the infobooth that is in Caesars Forum, closest to Track 3 (across from rooms 222 and 407). If the infobooth is operating when you arrive, ask any on-duty goon for assistance. If the infobooth is closed, knock on the door behind the desk.","end_timestamp":{"seconds":1660456800,"nanoseconds":0},"updated_timestamp":{"seconds":1660318080,"nanoseconds":0},"speakers":[],"timeband_id":892,"links":[],"end":"2022-08-14T06:00:00.000-0000","id":49974,"tag_ids":[45342,45373,45450],"village_id":null,"begin_timestamp":{"seconds":1660402800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45432,"name":"Caesars Forum - Summit Pre-Function 4 (Lost & Found)","hotel":"","short_name":"Summit Pre-Function 4 (Lost & Found)","id":45525},"updated":"2022-08-12T15:28:00.000-0000","begin":"2022-08-13T15:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The lgbtqia+ community in InfoSec is throwing a party to bring our folk together and have a good time. Meet others like you or hang out with those you’ve met over the years. This is a safe and inclusive space meant to make you feel comfortable and help you socialize with others like you.\n\n\n","title":"Queercon Party","type":{"conference_id":65,"conference":"DEFCON30","color":"#bfb17d","updated_at":"2024-06-07T03:39+0000","name":"Party","id":45287},"android_description":"The lgbtqia+ community in InfoSec is throwing a party to bring our folk together and have a good time. Meet others like you or hang out with those you’ve met over the years. This is a safe and inclusive space meant to make you feel comfortable and help you socialize with others like you.","end_timestamp":{"seconds":1660377600,"nanoseconds":0},"updated_timestamp":{"seconds":1658810880,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T08:00:00.000-0000","id":48693,"begin_timestamp":{"seconds":1660366800,"nanoseconds":0},"tag_ids":[45287,45373,45450],"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 108-110","hotel":"","short_name":"108-110","id":45386},"updated":"2022-07-26T04:48:00.000-0000","begin":"2022-08-13T05:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"21:00 - 22:00: Tense Future\r\n22:00 - 23:00: DJ Scythe\r\n23:00 - 00:00: DJ UNIT 77 [ 0077 : 0077 ]\r\n00:00 - 01:00: CaptHz\r\n01:00 - 02:00: Magik Plan\n\n\n","title":"Hallway Monitor Party - Entertainment","type":{"conference_id":65,"conference":"DEFCON30","color":"#9b8b77","updated_at":"2024-06-07T03:39+0000","name":"Entertainment","id":45326},"end_timestamp":{"seconds":1660381200,"nanoseconds":0},"android_description":"21:00 - 22:00: Tense Future\r\n22:00 - 23:00: DJ Scythe\r\n23:00 - 00:00: DJ UNIT 77 [ 0077 : 0077 ]\r\n00:00 - 01:00: CaptHz\r\n01:00 - 02:00: Magik Plan","updated_timestamp":{"seconds":1659059820,"nanoseconds":0},"speakers":[{"content_ids":[48992],"conference_id":65,"event_ids":[48994],"name":"CaptHz","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48388},{"content_ids":[48992],"conference_id":65,"event_ids":[48994],"name":"DJ Scythe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48391},{"content_ids":[48992],"conference_id":65,"event_ids":[48994],"name":"DJ UNIT 77 [ 0077 : 0077 ]","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48393},{"content_ids":[48992],"conference_id":65,"event_ids":[48994],"name":"Magik Plan","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48424},{"content_ids":[48992],"conference_id":65,"event_ids":[48994],"name":"Tense Future","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48428}],"timeband_id":891,"links":[],"end":"2022-08-13T09:00:00.000-0000","id":48994,"tag_ids":[45326,45450],"village_id":null,"begin_timestamp":{"seconds":1660363200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48388},{"tag_id":565,"sort_order":1,"person_id":48391},{"tag_id":565,"sort_order":1,"person_id":48393},{"tag_id":565,"sort_order":1,"person_id":48424},{"tag_id":565,"sort_order":1,"person_id":48428}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45432,"name":"Caesars Forum - Skybridge Entrance","hotel":"","short_name":"Skybridge Entrance","id":45469},"spans_timebands":"Y","begin":"2022-08-13T04:00:00.000-0000","updated":"2022-07-29T01:57:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Back for their 5th year, GOTHCON welcomes everyone to come dance and stomp the night away at their Techno Coven. 9pm-2am Friday Aug 12th. Follow @dcgothcon on twitter for updates and details on location. All are welcome (except nazis), and dress however you want - whatever makes you the most comfortable and happy.\n\n\n","title":"GOTHCON (#DCGOTHCON)","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#bfb17d","name":"Party","id":45287},"android_description":"Back for their 5th year, GOTHCON welcomes everyone to come dance and stomp the night away at their Techno Coven. 9pm-2am Friday Aug 12th. Follow @dcgothcon on twitter for updates and details on location. All are welcome (except nazis), and dress however you want - whatever makes you the most comfortable and happy.","end_timestamp":{"seconds":1660381200,"nanoseconds":0},"updated_timestamp":{"seconds":1658810100,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T09:00:00.000-0000","id":48683,"begin_timestamp":{"seconds":1660363200,"nanoseconds":0},"village_id":null,"tag_ids":[45287,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 104-105, 136","hotel":"","short_name":"104-105, 136","id":45388},"spans_timebands":"Y","begin":"2022-08-13T04:00:00.000-0000","updated":"2022-07-26T04:35:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Fireside Lounge sessions are your informal, off the record opportunity to get to know policymakers in an intimate setting. Maybe with a drink in hand. No specific knowledge is required, but a skeptical mind and mischievous intellect are a must. The speaker will give a strategic analysis of relevant issues, lead a Socratic dialogue about the trade-offs represented in decision-making, and open the floor to audience questions and/or a moderated group debate. Did we mention it's off the record?\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ab59db","name":"Policy@DEF CON Content","id":45311},"title":"Fireside Policy Chats","end_timestamp":{"seconds":1660365900,"nanoseconds":0},"android_description":"Fireside Lounge sessions are your informal, off the record opportunity to get to know policymakers in an intimate setting. Maybe with a drink in hand. No specific knowledge is required, but a skeptical mind and mischievous intellect are a must. The speaker will give a strategic analysis of relevant issues, lead a Socratic dialogue about the trade-offs represented in decision-making, and open the floor to audience questions and/or a moderated group debate. Did we mention it's off the record?","updated_timestamp":{"seconds":1659662760,"nanoseconds":0},"speakers":[{"content_ids":[48510,49407],"conference_id":65,"event_ids":[48532,49565],"name":"Gaurav Keerthi","affiliations":[{"organization":"Cyber Security Agency of Singapore ","title":"Deputy Chief Executive"}],"links":[],"pronouns":null,"media":[],"id":48708,"title":"Deputy Chief Executive at Cyber Security Agency of Singapore"}],"timeband_id":891,"links":[],"end":"2022-08-13T04:45:00.000-0000","id":49565,"begin_timestamp":{"seconds":1660361400,"nanoseconds":0},"village_id":23,"tag_ids":[40265,45311,45334,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48708}],"tags":"Fireside Chat","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 224-225 - Policy Collaboratorium","hotel":"","short_name":"224-225 - Policy Collaboratorium","id":45464},"updated":"2022-08-05T01:26:00.000-0000","begin":"2022-08-13T03:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Chills! Thrills! A quiet place to sit down! 2 Movies for the price of none!\r\n\r\nArrival - A linguist works with the military to communicate with alien lifeforms after mysterious spacecraft appear around the world.\r\n\r\nReal Genius - Yet another in a long series of diversions in an attempt to avoid responsibility.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#697bd0","name":"Event","id":45293},"title":"Movie Night Double Feature - Arrival & Real Genius","android_description":"Chills! Thrills! A quiet place to sit down! 2 Movies for the price of none!\r\n\r\nArrival - A linguist works with the military to communicate with alien lifeforms after mysterious spacecraft appear around the world.\r\n\r\nReal Genius - Yet another in a long series of diversions in an attempt to avoid responsibility.","end_timestamp":{"seconds":1660374000,"nanoseconds":0},"updated_timestamp":{"seconds":1659076560,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T07:00:00.000-0000","id":49009,"village_id":null,"tag_ids":[45293,45373,45450],"begin_timestamp":{"seconds":1660359600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 401-410, 421 (Track 3)","hotel":"","short_name":"401-410, 421 (Track 3)","id":45374},"spans_timebands":"Y","updated":"2022-07-29T06:36:00.000-0000","begin":"2022-08-13T03:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Members several DHS departments will be on hand to discuss issues they address daily, as well as meet the DEF CON community. Representatives from across DHS are expected, including the Secret Service, Coast Guard, Transportaiton Safety Administration, and the Office of the Secretary.\n\n\n","title":"Meet the Feds: DHS Edition (Lounge)","type":{"conference_id":65,"conference":"DEFCON30","color":"#ab59db","updated_at":"2024-06-07T03:39+0000","name":"Policy@DEF CON Content","id":45311},"end_timestamp":{"seconds":1660366800,"nanoseconds":0},"android_description":"Members several DHS departments will be on hand to discuss issues they address daily, as well as meet the DEF CON community. Representatives from across DHS are expected, including the Secret Service, Coast Guard, Transportaiton Safety Administration, and the Office of the Secretary.","updated_timestamp":{"seconds":1658982480,"nanoseconds":0},"speakers":[{"content_ids":[48880],"conference_id":65,"event_ids":[48883],"name":"DHS Staff","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48296}],"timeband_id":891,"end":"2022-08-13T05:00:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242896"}],"id":48883,"tag_ids":[40265,45311,45373,45450],"begin_timestamp":{"seconds":1660359600,"nanoseconds":0},"village_id":23,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48296}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 226-227 - Policy Roundtable","hotel":"","short_name":"226-227 - Policy Roundtable","id":45465},"spans_timebands":"N","begin":"2022-08-13T03:00:00.000-0000","updated":"2022-07-28T04:28:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Hacker Jeopardy, the classic DEF CON game show, is returning for yet another year of answers, questions, NULL beers, and occasionally some impressive feats of knowledge. You don't want to miss this opportunity to encourage the contestants, your fellow Humans, \"DON'T FUCK IT UP! \r\n\r\nWe will be opening auditions, with the call posted on the dfiu.tv website, and linked to DEF CON forums. (promoted on social media)\r\n\r\nTrack 4\r\nFriday: 2000-2200\r\nSaturday: 2000-2200\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#697bd0","name":"Event","id":45293},"title":"Hacker Jeopardy","end_timestamp":{"seconds":1660366800,"nanoseconds":0},"android_description":"Hacker Jeopardy, the classic DEF CON game show, is returning for yet another year of answers, questions, NULL beers, and occasionally some impressive feats of knowledge. You don't want to miss this opportunity to encourage the contestants, your fellow Humans, \"DON'T FUCK IT UP! \r\n\r\nWe will be opening auditions, with the call posted on the dfiu.tv website, and linked to DEF CON forums. (promoted on social media)\r\n\r\nTrack 4\r\nFriday: 2000-2200\r\nSaturday: 2000-2200","updated_timestamp":{"seconds":1658906100,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[{"label":"DEF CON Discord","type":"link","url":"https://discord.com/channels/708208267699945503/732439600391389184"},{"label":"Website","type":"link","url":"https://dfiu.tv"},{"label":"Twitter","type":"link","url":"https://twitter.com/HackerJeopardy"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/240982"}],"end":"2022-08-13T05:00:00.000-0000","id":48760,"village_id":null,"begin_timestamp":{"seconds":1660359600,"nanoseconds":0},"tag_ids":[45293,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"updated":"2022-07-27T07:15:00.000-0000","begin":"2022-08-13T03:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"This year BTV will be celebrating five years at DEF CON!!! Join us Friday night 8pm-11pm at the LINQ pool. Libations will be available at the cash bar. Free tacos, sliders, and other goodies.\r\n\r\nDual Core will be performing at 9pm!\r\n\r\nWe hope to see you during this special Homecoming event.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#bfb17d","updated_at":"2024-06-07T03:39+0000","name":"Party","id":45287},"title":"BlueTeam Village Party","android_description":"This year BTV will be celebrating five years at DEF CON!!! Join us Friday night 8pm-11pm at the LINQ pool. Libations will be available at the cash bar. Free tacos, sliders, and other goodies.\r\n\r\nDual Core will be performing at 9pm!\r\n\r\nWe hope to see you during this special Homecoming event.","end_timestamp":{"seconds":1660370400,"nanoseconds":0},"updated_timestamp":{"seconds":1658811120,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T06:00:00.000-0000","id":48697,"village_id":null,"begin_timestamp":{"seconds":1660359600,"nanoseconds":0},"tag_ids":[45287,45373,45453],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45438,"name":"LINQ - Pool","hotel":"","short_name":"Pool","id":45382},"spans_timebands":"N","updated":"2022-07-26T04:52:00.000-0000","begin":"2022-08-13T03:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Aerospace Village presents....\r\n\r\nBuzzing the tower – a Pilot / Hacker meetup\r\n\r\nWhether you are a hacker, a pilot, or have an interest in either you are welcome to join us at Buzzing the Tower, a meetup hosted by the Aerospace Village. Come and relax, squawk with others, and try your hand at our DEF CON 30 themed Flight Sim challenge! So please stow your tray table in readiness for landing at the destination favoured by pilots and hackers alike!\n\n\n","title":"Pilots and Hackers Meetup","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d1c366","name":"Meetup","id":45288},"android_description":"Aerospace Village presents....\r\n\r\nBuzzing the tower – a Pilot / Hacker meetup\r\n\r\nWhether you are a hacker, a pilot, or have an interest in either you are welcome to join us at Buzzing the Tower, a meetup hosted by the Aerospace Village. Come and relax, squawk with others, and try your hand at our DEF CON 30 themed Flight Sim challenge! So please stow your tray table in readiness for landing at the destination favoured by pilots and hackers alike!","end_timestamp":{"seconds":1660366800,"nanoseconds":0},"updated_timestamp":{"seconds":1658810760,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T05:00:00.000-0000","id":48689,"begin_timestamp":{"seconds":1660359600,"nanoseconds":0},"village_id":null,"tag_ids":[45288,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Caucus & Society Boardrooms (Demo Labs)","hotel":"","short_name":"Caucus & Society Boardrooms (Demo Labs)","id":45396},"spans_timebands":"N","updated":"2022-07-26T04:46:00.000-0000","begin":"2022-08-13T03:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"For those who love to sing and perform in front of others, we are celebrating our 14th year of Love, Laughter, and Song from 8 PM to 2 AM Friday and Saturday night.\r\n\r\nWe are open to everyone of any age, and singing is not required.\r\n\r\nFor more information visit:\r\n\r\nhttps://hackerkaraoke.org or Twitter @hackerkaraoke.\n\n\n","title":"Hacker Karaoke","type":{"conference_id":65,"conference":"DEFCON30","color":"#d1c366","updated_at":"2024-06-07T03:39+0000","name":"Meetup","id":45288},"android_description":"For those who love to sing and perform in front of others, we are celebrating our 14th year of Love, Laughter, and Song from 8 PM to 2 AM Friday and Saturday night.\r\n\r\nWe are open to everyone of any age, and singing is not required.\r\n\r\nFor more information visit:\r\n\r\nhttps://hackerkaraoke.org or Twitter @hackerkaraoke.","end_timestamp":{"seconds":1660381200,"nanoseconds":0},"updated_timestamp":{"seconds":1658810580,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[{"label":"Twitter","type":"link","url":"https://twitter.com/hackerkaraoke"},{"label":"Website","type":"link","url":"https://hackerkaraoke.org"}],"end":"2022-08-13T09:00:00.000-0000","id":48685,"tag_ids":[45288,45373,45450],"begin_timestamp":{"seconds":1660357800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 133 (Karaoke/Chess)","hotel":"","short_name":"133 (Karaoke/Chess)","id":45385},"spans_timebands":"Y","begin":"2022-08-13T02:30:00.000-0000","updated":"2022-07-26T04:43:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Fireside Lounge sessions are your informal, off the record opportunity to get to know policymakers in an intimate setting. Maybe with a drink in hand. No specific knowledge is required, but a skeptical mind and mischievous intellect are a must. The speaker will give a strategic analysis of relevant issues, lead a Socratic dialogue about the trade-offs represented in decision-making, and open the floor to audience questions and/or a moderated group debate. Did we mention it's off the record?\n\n\n","title":"Fireside Policy Chats","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ab59db","name":"Policy@DEF CON Content","id":45311},"end_timestamp":{"seconds":1660360500,"nanoseconds":0},"android_description":"Fireside Lounge sessions are your informal, off the record opportunity to get to know policymakers in an intimate setting. Maybe with a drink in hand. No specific knowledge is required, but a skeptical mind and mischievous intellect are a must. The speaker will give a strategic analysis of relevant issues, lead a Socratic dialogue about the trade-offs represented in decision-making, and open the floor to audience questions and/or a moderated group debate. Did we mention it's off the record?","updated_timestamp":{"seconds":1659662700,"nanoseconds":0},"speakers":[{"content_ids":[48872,49405],"conference_id":65,"event_ids":[48884,49563],"name":"Leonard Bailey","affiliations":[{"organization":"Department of Justice","title":"Head of the Cybersecurity Unit and Special Counsel for National Security in the Criminal Division’s Computer Crime and Intellectual Property Section"}],"links":[],"pronouns":null,"media":[],"id":48287,"title":"Head of the Cybersecurity Unit and Special Counsel for National Security in the Criminal Division’s Computer Crime and Intellectual Property Section at Department of Justice"}],"timeband_id":891,"links":[],"end":"2022-08-13T03:15:00.000-0000","id":49563,"begin_timestamp":{"seconds":1660356000,"nanoseconds":0},"tag_ids":[40265,45311,45334,45373,45450],"village_id":23,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48287}],"tags":"Fireside Chat","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 224-225 - Policy Collaboratorium","hotel":"","short_name":"224-225 - Policy Collaboratorium","id":45464},"updated":"2022-08-05T01:25:00.000-0000","begin":"2022-08-13T02:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Following the fireside chat with US Cybersecurity and Infrastructure Security Agency (CISA) Director, Jen Easterly, several members of the CISA team will be on hand to provide a more in depth look at the Agency, their work, and some of the ways they're already engaging with the hacker community. This session will give hackers an opportunity to ask questions of the CISA team and provide candid feedback to them.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#ab59db","updated_at":"2024-06-07T03:39+0000","name":"Policy@DEF CON Content","id":45311},"title":"Meet the Feds: CISA Edition (Lounge)\t","android_description":"Following the fireside chat with US Cybersecurity and Infrastructure Security Agency (CISA) Director, Jen Easterly, several members of the CISA team will be on hand to provide a more in depth look at the Agency, their work, and some of the ways they're already engaging with the hacker community. This session will give hackers an opportunity to ask questions of the CISA team and provide candid feedback to them.","end_timestamp":{"seconds":1660359600,"nanoseconds":0},"updated_timestamp":{"seconds":1658982480,"nanoseconds":0},"speakers":[{"content_ids":[48878],"conference_id":65,"event_ids":[48897],"name":"CISA Staff","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48295}],"timeband_id":891,"end":"2022-08-13T03:00:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242837"}],"id":48897,"tag_ids":[40265,45311,45373,45450],"begin_timestamp":{"seconds":1660356000,"nanoseconds":0},"village_id":23,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48295}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 226-227 - Policy Roundtable","hotel":"","short_name":"226-227 - Policy Roundtable","id":45465},"spans_timebands":"N","begin":"2022-08-13T02:00:00.000-0000","updated":"2022-07-28T04:28:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"\"You miss 100% of the shots you don't take\" - Wayne Gretzky -Michael Scott - Girls Hack Village.\r\n\r\nThis meetup will be a fun networking event that gives attendees the opportunity to meet and make connections. Are you awkward at social gatherings? Are you the life of the party? We endeavor to create an environment where those on either side and anywhere in between are welcome and feel as though they belong. Want to grow your brand or just make new Hacker Summer Camp friends? Come one, come all.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d1c366","name":"Meetup","id":45288},"title":"Girls Hack Village Meetup: Shoot Your Shot Networking Event","end_timestamp":{"seconds":1660365000,"nanoseconds":0},"android_description":"\"You miss 100% of the shots you don't take\" - Wayne Gretzky -Michael Scott - Girls Hack Village.\r\n\r\nThis meetup will be a fun networking event that gives attendees the opportunity to meet and make connections. Are you awkward at social gatherings? Are you the life of the party? We endeavor to create an environment where those on either side and anywhere in between are welcome and feel as though they belong. Want to grow your brand or just make new Hacker Summer Camp friends? Come one, come all.","updated_timestamp":{"seconds":1659465960,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T04:30:00.000-0000","id":49341,"begin_timestamp":{"seconds":1660354200,"nanoseconds":0},"tag_ids":[40255,45288,45373,45451],"village_id":12,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City III (Girls Hack Village)","hotel":"","short_name":"Virginia City III (Girls Hack Village)","id":45400},"updated":"2022-08-02T18:46:00.000-0000","begin":"2022-08-13T01:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"This talk will present a study of the reliance of proprietary and open source software on Chinese vulnerability research. A difficult political environment for Chinese security researchers became acute when a law requiring vulnerability disclosure to government and banning it to all others but the affected vendor took effect in Sept. 2021. No public evaluation of this law's impact has yet been made. This talk will present results of a quantitative analysis on the changing proportion of Chinese-based disclosures to major software products from Google, Microsoft, Apple, and VMWare alongside several major open source packages. The analysis will measure change over time in response to evolving Chinese legislation, significant divergence from data on the allocation of bug bounty rewards, and notable trends in the kinds of disclosed vulnerabilities. The Chinese research community’s prowess is well known, from exploits at the Tianfu Cup to preeminent enterprise labs like Qihoo 360. However, the recent law aiming to give the Chinese government early access to the community’s discoveries—and the government’s apparent willingness to enforce it even on high-profile corporations as seen in its punishment of Alibaba—demand more thorough scrutiny. This talk will address implications for policy and the wider hacker community.\n\n\n","title":"Dragon Tails: Supply-side Security and International Vulnerability Disclosure Law","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"end_timestamp":{"seconds":1660355400,"nanoseconds":0},"android_description":"This talk will present a study of the reliance of proprietary and open source software on Chinese vulnerability research. A difficult political environment for Chinese security researchers became acute when a law requiring vulnerability disclosure to government and banning it to all others but the affected vendor took effect in Sept. 2021. No public evaluation of this law's impact has yet been made. This talk will present results of a quantitative analysis on the changing proportion of Chinese-based disclosures to major software products from Google, Microsoft, Apple, and VMWare alongside several major open source packages. The analysis will measure change over time in response to evolving Chinese legislation, significant divergence from data on the allocation of bug bounty rewards, and notable trends in the kinds of disclosed vulnerabilities. The Chinese research community’s prowess is well known, from exploits at the Tianfu Cup to preeminent enterprise labs like Qihoo 360. However, the recent law aiming to give the Chinese government early access to the community’s discoveries—and the government’s apparent willingness to enforce it even on high-profile corporations as seen in its punishment of Alibaba—demand more thorough scrutiny. This talk will address implications for policy and the wider hacker community.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48536,48894],"conference_id":65,"event_ids":[48529,48888],"name":"Stewart Scott","affiliations":[{"organization":"Cyber Statecraft Initiative, Atlantic Council","title":"Assistant Director"}],"links":[{"description":"","title":"Profile","sort_order":0,"url":"https://www.atlanticcouncil.org/expert/stewart-scott/"}],"pronouns":null,"media":[],"id":47845,"title":"Assistant Director at Cyber Statecraft Initiative, Atlantic Council"},{"content_ids":[48536,48886],"conference_id":65,"event_ids":[48529,48880],"name":"Trey Herr","affiliations":[{"organization":"Cyber Statecraft Initiative, Atlantic Council","title":"Director"}],"pronouns":null,"links":[{"description":"","title":"Profile","sort_order":0,"url":"https://www.atlanticcouncil.org/expert/trey-herr/"}],"media":[],"id":47893,"title":"Director at Cyber Statecraft Initiative, Atlantic Council"}],"timeband_id":891,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241941"}],"end":"2022-08-13T01:50:00.000-0000","id":48529,"village_id":null,"begin_timestamp":{"seconds":1660354200,"nanoseconds":0},"tag_ids":[45241,45375,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47845},{"tag_id":565,"sort_order":1,"person_id":47893}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 106-110, 138-139 (Track 2)","hotel":"","short_name":"106-110, 138-139 (Track 2)","id":45373},"begin":"2022-08-13T01:30:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"When most users, hackers and cyber security folks think of web browsers we think of the need for only privacy and defensive security. However, after playing countless CTF Tournaments where a major category is web security, I started to wonder, what would a web browser look like if it was built for offensive capabilities over defensive. In this short presentation I show off a modified version of Firefox with a curated list of extensions and tools that allow everything from script injections, man in the middle attacks, in-depth forensics, vlun scanning and even launching into a command line shell directly in the browser. After the presentation, attendees will be able to try out the modified browser in person and the download for it’s Firefox Profile will be posted on the DCG 201 blog!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#74a6bb","name":"DEF CON Groups VR","id":45449},"title":"When (Fire)Fox Gets Angry! A Web Browser for Red Teamers","android_description":"When most users, hackers and cyber security folks think of web browsers we think of the need for only privacy and defensive security. However, after playing countless CTF Tournaments where a major category is web security, I started to wonder, what would a web browser look like if it was built for offensive capabilities over defensive. In this short presentation I show off a modified version of Firefox with a curated list of extensions and tools that allow everything from script injections, man in the middle attacks, in-depth forensics, vlun scanning and even launching into a command line shell directly in the browser. After the presentation, attendees will be able to try out the modified browser in person and the download for it’s Firefox Profile will be posted on the DCG 201 blog!","end_timestamp":{"seconds":1660356000,"nanoseconds":0},"updated_timestamp":{"seconds":1660257240,"nanoseconds":0},"speakers":[{"content_ids":[49754],"conference_id":65,"event_ids":[49952],"name":"sidepocket","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/defcon201nj"}],"media":[],"id":49092}],"timeband_id":891,"end":"2022-08-13T02:00:00.000-0000","links":[{"label":"URL","type":"link","url":"https://account.altvr.com/events/2059997537997160822"}],"id":49952,"tag_ids":[45374,45449],"village_id":null,"begin_timestamp":{"seconds":1660352400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49092}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - DEF CON Groups VR","hotel":"","short_name":"DEF CON Groups VR","id":45523},"begin":"2022-08-13T01:00:00.000-0000","updated":"2022-08-11T22:34:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"https://www.se.community/presentations/#ethics-panel\n\n\n","title":"Ethics, morality & the law","type":{"conference_id":65,"conference":"DEFCON30","color":"#504dd0","updated_at":"2024-06-07T03:39+0000","name":"Social Engineering Community Village","id":45370},"android_description":"https://www.se.community/presentations/#ethics-panel","end_timestamp":{"seconds":1660356000,"nanoseconds":0},"updated_timestamp":{"seconds":1659504000,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T02:00:00.000-0000","id":49491,"begin_timestamp":{"seconds":1660352400,"nanoseconds":0},"village_id":31,"tag_ids":[40273,45367,45370,45453],"includes":"","people":[],"tags":"Panel","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social A (Social Engineering Community)","hotel":"","short_name":"Social A (Social Engineering Community)","id":45418},"spans_timebands":"N","updated":"2022-08-03T05:20:00.000-0000","begin":"2022-08-13T01:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"18:00 - 19:00: Hildebrand Magic\r\n19:00 - 20:00: Dual Core\r\n20:00 - 21:00: Icetre Normal\r\n21:00 - 22:00: n0x08\r\n22:00 - 23:00: Skittish & Bus\r\n23:00 - 00:00: Biolux\r\n00:00 - 00:15: Costume Contest\r\n00:15 - 01:15: Miss Jackalope\r\n01:15 - 02:00: Keith Myers\r\n\r\nThe party starts at 18:00; everyone can come whenever they like. The doors are not going to close between “chill out” and the Black & White Ball.\r\n\r\n**********\r\n\r\nDEF CON Arts & Entertainment Presents: Hacker Homecoming at the Black & White Ball\r\n\r\nJoin us Friday night (Aug 12) at the Forum and travel back in time as we relaunch the Black & White ball that many of you may remember. Embracing the Hacker Homecoming theme for DEF CON 30, we hope you will arrive dressed your best and ready to party! This is your chance to be yourself, express yourself, and have an amazing time!\r\n\r\nEnjoy Some Beverages – On Us!\r\n\r\nYour first reward for dressing up is special access to the Friday event including a custom pass that gets you free drinks (Until they run out)!\r\n\r\nContest – Win the cost of a DEF CON badge – $360!\r\n\r\nBe creative, have fun, and impress the crowd! The best dressed will win $360 and be crowned King/Queen/[Insert Title Here] of the DEF CON 30 Black & White Ball! Judging begins at midnight, and the winner will be chosen based on crowd noise level. No speech necessary!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#9b8b77","name":"Entertainment","id":45326},"title":"Black & White Ball - Entertainment","android_description":"18:00 - 19:00: Hildebrand Magic\r\n19:00 - 20:00: Dual Core\r\n20:00 - 21:00: Icetre Normal\r\n21:00 - 22:00: n0x08\r\n22:00 - 23:00: Skittish & Bus\r\n23:00 - 00:00: Biolux\r\n00:00 - 00:15: Costume Contest\r\n00:15 - 01:15: Miss Jackalope\r\n01:15 - 02:00: Keith Myers\r\n\r\nThe party starts at 18:00; everyone can come whenever they like. The doors are not going to close between “chill out” and the Black & White Ball.\r\n\r\n**********\r\n\r\nDEF CON Arts & Entertainment Presents: Hacker Homecoming at the Black & White Ball\r\n\r\nJoin us Friday night (Aug 12) at the Forum and travel back in time as we relaunch the Black & White ball that many of you may remember. Embracing the Hacker Homecoming theme for DEF CON 30, we hope you will arrive dressed your best and ready to party! This is your chance to be yourself, express yourself, and have an amazing time!\r\n\r\nEnjoy Some Beverages – On Us!\r\n\r\nYour first reward for dressing up is special access to the Friday event including a custom pass that gets you free drinks (Until they run out)!\r\n\r\nContest – Win the cost of a DEF CON badge – $360!\r\n\r\nBe creative, have fun, and impress the crowd! The best dressed will win $360 and be crowned King/Queen/[Insert Title Here] of the DEF CON 30 Black & White Ball! Judging begins at midnight, and the winner will be chosen based on crowd noise level. No speech necessary!","end_timestamp":{"seconds":1660381200,"nanoseconds":0},"updated_timestamp":{"seconds":1660349100,"nanoseconds":0},"speakers":[{"content_ids":[48991],"conference_id":65,"event_ids":[48993],"name":"Biolux","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48387},{"content_ids":[48991],"conference_id":65,"event_ids":[48993],"name":"Dual Core","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48395},{"content_ids":[48991],"conference_id":65,"event_ids":[48993],"name":"Keith Meyers","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48399},{"content_ids":[48989,48991,48994],"conference_id":65,"event_ids":[48991,48993,48996],"name":"Magician Kody Hildebrand","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48400},{"content_ids":[48991],"conference_id":65,"event_ids":[48993],"name":"Icetre Normal","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48422},{"content_ids":[48991],"conference_id":65,"event_ids":[48993],"name":"Miss Jackalope","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48425},{"content_ids":[48991],"conference_id":65,"event_ids":[48993],"name":"n0x08","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48426},{"content_ids":[48991],"conference_id":65,"event_ids":[48993],"name":"Skittish & Bus","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48427}],"timeband_id":891,"links":[],"end":"2022-08-13T09:00:00.000-0000","id":48993,"tag_ids":[45326,45450],"village_id":null,"begin_timestamp":{"seconds":1660352400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48387},{"tag_id":565,"sort_order":1,"person_id":48395},{"tag_id":565,"sort_order":1,"person_id":48422},{"tag_id":565,"sort_order":1,"person_id":48399},{"tag_id":565,"sort_order":1,"person_id":48400},{"tag_id":565,"sort_order":1,"person_id":48425},{"tag_id":565,"sort_order":1,"person_id":48427},{"tag_id":565,"sort_order":1,"person_id":48426}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 120-123, 129, 137 (Chillout)","hotel":"","short_name":"120-123, 129, 137 (Chillout)","id":45397},"spans_timebands":"Y","updated":"2022-08-13T00:05:00.000-0000","begin":"2022-08-13T01:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"If you’re a lawyer (recently unfrozen or otherwise), a judge or a law student please make a note to join Jeff McNamara for a friendly get-together, drinks, and conversation.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d1c366","name":"Meetup","id":45288},"title":"Lawyers Meet","android_description":"If you’re a lawyer (recently unfrozen or otherwise), a judge or a law student please make a note to join Jeff McNamara for a friendly get-together, drinks, and conversation.","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"updated_timestamp":{"seconds":1658810640,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":48686,"tag_ids":[45288,45373,45452],"begin_timestamp":{"seconds":1660352400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Parlor D & The Veranda (Meetup)","hotel":"","short_name":"Parlor D & The Veranda (Meetup)","id":45384},"spans_timebands":"N","updated":"2022-07-26T04:44:00.000-0000","begin":"2022-08-13T01:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"How do you go bug hunting in devices you own when the manufacturer has slapped some pesky encryption scheme on the firmware? Starting from an encrypted blob of bits and getting to executable code is hard and can be even more frustrating when you already know the bug is there, you just want to see it! Join me on my expedition to access the contents of my Zyxel firewall's firmware using password and hash cracking, hardware and software reverse engineering, and duct taping puzzle pieces together. We'll start with a device and a firmware blob, flail helplessly at the crypto, tear apart the hardware, reverse engineer the software and emulate the platform, and finally identify the decryption routine – ultimately breaking the protection used by the entire product line to decrypt whatever firmware version we want.\n\n\n","title":"Tear Down this Zywall: Breaking Open Zyxel Encrypted Firmware","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"android_description":"How do you go bug hunting in devices you own when the manufacturer has slapped some pesky encryption scheme on the firmware? Starting from an encrypted blob of bits and getting to executable code is hard and can be even more frustrating when you already know the bug is there, you just want to see it! Join me on my expedition to access the contents of my Zyxel firewall's firmware using password and hash cracking, hardware and software reverse engineering, and duct taping puzzle pieces together. We'll start with a device and a firmware blob, flail helplessly at the crypto, tear apart the hardware, reverse engineer the software and emulate the platform, and finally identify the decryption routine – ultimately breaking the protection used by the entire product line to decrypt whatever firmware version we want.","end_timestamp":{"seconds":1660355100,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48538],"conference_id":65,"event_ids":[48571],"name":"Jay Lagorio","affiliations":[{"organization":"","title":"Independent Security Researcher"}],"pronouns":null,"links":[{"description":"","title":"GitHub","sort_order":0,"url":"https://github.com/jaylagorio"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jaylagorio"},{"description":"","title":"Website","sort_order":0,"url":"https://lagor.io/"}],"media":[],"id":47935,"title":"Independent Security Researcher"}],"timeband_id":891,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241823"}],"end":"2022-08-13T01:45:00.000-0000","id":48571,"begin_timestamp":{"seconds":1660352400,"nanoseconds":0},"village_id":null,"tag_ids":[45241,45375,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47935}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"spans_timebands":"N","begin":"2022-08-13T01:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"System Center Configuration Manager, now Microsoft Endpoint Configuration Manager (MECM), is a software management product that has been widely adopted by large organizations to deploy, update, and manage software; it is commonly responsible for the deployment and management of the majority of server and workstation machines in enterprise Windows environments.\n\nThis talk will provide an outline of how MECM is used to deploy machines into enterprise environments (typically through network booting, although it supports various Operating System deployment techniques), and will explore attacks that allow Active Directory credentials to be extracted from this process. The common MECM misconfigurations leading to these attacks will be detailed and, in so doing, the talk will aim to show how to identify and exploit these misconfigurations and how to defend against these attacks. Each viable attack will be discussed in depth (mostly by discussing the protocols and architecture in use, but sometimes by diving into relevant code, if necessary) so that the context of how and why the attack works will be understood. These concepts will be illustrated through the demo and release of a tool that allows for the extraction of credentials from several of the onsite deployment techniques that MECM supports.\n\n\n","title":"Pulling Passwords out of Configuration Manager: Practical Attacks against Microsoft's Endpoint Management Software","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"end_timestamp":{"seconds":1660355100,"nanoseconds":0},"android_description":"System Center Configuration Manager, now Microsoft Endpoint Configuration Manager (MECM), is a software management product that has been widely adopted by large organizations to deploy, update, and manage software; it is commonly responsible for the deployment and management of the majority of server and workstation machines in enterprise Windows environments.\n\nThis talk will provide an outline of how MECM is used to deploy machines into enterprise environments (typically through network booting, although it supports various Operating System deployment techniques), and will explore attacks that allow Active Directory credentials to be extracted from this process. The common MECM misconfigurations leading to these attacks will be detailed and, in so doing, the talk will aim to show how to identify and exploit these misconfigurations and how to defend against these attacks. Each viable attack will be discussed in depth (mostly by discussing the protocols and architecture in use, but sometimes by diving into relevant code, if necessary) so that the context of how and why the attack works will be understood. These concepts will be illustrated through the demo and release of a tool that allows for the extraction of credentials from several of the onsite deployment techniques that MECM supports.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48537],"conference_id":65,"event_ids":[48557],"name":"Christopher Panayi","affiliations":[{"organization":"","title":"Chief Research Officer, MWR CyberSec"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Raiona_ZA"}],"pronouns":null,"media":[],"id":47846,"title":"Chief Research Officer, MWR CyberSec"}],"timeband_id":891,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241925"}],"end":"2022-08-13T01:45:00.000-0000","id":48557,"tag_ids":[45241,45279,45281,45375,45450],"village_id":null,"begin_timestamp":{"seconds":1660352400,"nanoseconds":0},"includes":"Demo, Tool","people":[{"tag_id":565,"sort_order":1,"person_id":47846}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 401-410, 421 (Track 3)","hotel":"","short_name":"401-410, 421 (Track 3)","id":45374},"begin":"2022-08-13T01:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Governments and the private sector around the world spend billions of dollars on Electronic Counter Measures (ECMs) which include jamming technologies. These jammers are used by police departments to disrupt criminal communication operations as well as in prisons to disrupt prisoners using smuggled in cell phones. The military use jammers to disrupt radar communications, prevent remote IEDs from triggering and radio communications. The private sector use jammers to disrupt espionage in the board room and to protect VIPS from RC-IEDs.\n \nWhat if there was a way of communicating that was immune to jammers without knowing the point of origin. A way of communicating at short to medium distances, an Electronic Counter Countermeasure ECCM to the jammer.\n \nUsing a custom-built Tx/Rx, I will use the earth’s crust to generate a H-field Near Field Communication (NFC) channel spanning 1-11km away in the sub 9 kHz range to communicate encrypted messages in a jammed environment.\n\n\n","title":"Killer Hertz","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"end_timestamp":{"seconds":1660355100,"nanoseconds":0},"android_description":"Governments and the private sector around the world spend billions of dollars on Electronic Counter Measures (ECMs) which include jamming technologies. These jammers are used by police departments to disrupt criminal communication operations as well as in prisons to disrupt prisoners using smuggled in cell phones. The military use jammers to disrupt radar communications, prevent remote IEDs from triggering and radio communications. The private sector use jammers to disrupt espionage in the board room and to protect VIPS from RC-IEDs.\n \nWhat if there was a way of communicating that was immune to jammers without knowing the point of origin. A way of communicating at short to medium distances, an Electronic Counter Countermeasure ECCM to the jammer.\n \nUsing a custom-built Tx/Rx, I will use the earth’s crust to generate a H-field Near Field Communication (NFC) channel spanning 1-11km away in the sub 9 kHz range to communicate encrypted messages in a jammed environment.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48535],"conference_id":65,"event_ids":[48519],"name":"Chris Rock","affiliations":[{"organization":"","title":"Hacker"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/chrisrockhacker"},{"description":"","title":"Website","sort_order":0,"url":"https://chrisrockhacker.com"}],"media":[],"id":47850,"title":"Hacker"}],"timeband_id":891,"end":"2022-08-13T01:45:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241994"}],"id":48519,"tag_ids":[45241,45279,45280,45281,45375,45450],"village_id":null,"begin_timestamp":{"seconds":1660352400,"nanoseconds":0},"includes":"Exploit, Demo, Tool","people":[{"tag_id":565,"sort_order":1,"person_id":47850}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 104-105, 135-136 (Track 1)","hotel":"","short_name":"104-105, 135-136 (Track 1)","id":45372},"spans_timebands":"N","begin":"2022-08-13T01:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Too often, our understanding of cyber threats is limited to passive observation of the threat as it comes into an environment. In essence, the only intelligence that can be gleaned from this type of passive collection is simply what the adversary reveals in the initial phase of an attack and we are blind to the rest of the attack cycle. This presentation will cover how today’s phishing attacks present us with an opportunity to better understand the full cycle of a cyber attack by engaging with an attacker to collect intelligence to reveal what happens AFTER a potential attack is successful. We’ll start by talking about the concept of active defense, which helps answer the question, “And then what?” that we aren’t able to answer using normal passive intelligence collection. We’ll discuss why these tactics work so well and how the same behavioral exploits scammers use to con victims can also be used to better understand their attacks. We’ll end by looking at some examples of successful active defense engagements, including an engagement with a ransomware actor that used multiple communication platforms and will include some clips of conversations with the actor where we’ll learn more about his background and motivations.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#504dd0","name":"Social Engineering Community Village","id":45370},"title":"Socially Engineering the Social Engineers: Understanding Phishing Threats by Engaging with Actors","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"Too often, our understanding of cyber threats is limited to passive observation of the threat as it comes into an environment. In essence, the only intelligence that can be gleaned from this type of passive collection is simply what the adversary reveals in the initial phase of an attack and we are blind to the rest of the attack cycle. This presentation will cover how today’s phishing attacks present us with an opportunity to better understand the full cycle of a cyber attack by engaging with an attacker to collect intelligence to reveal what happens AFTER a potential attack is successful. We’ll start by talking about the concept of active defense, which helps answer the question, “And then what?” that we aren’t able to answer using normal passive intelligence collection. We’ll discuss why these tactics work so well and how the same behavioral exploits scammers use to con victims can also be used to better understand their attacks. We’ll end by looking at some examples of successful active defense engagements, including an engagement with a ransomware actor that used multiple communication platforms and will include some clips of conversations with the actor where we’ll learn more about his background and motivations.","updated_timestamp":{"seconds":1659503940,"nanoseconds":0},"speakers":[{"content_ids":[49362],"conference_id":65,"event_ids":[49490],"name":"Crane Hassold","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48782}],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49490,"village_id":31,"begin_timestamp":{"seconds":1660350600,"nanoseconds":0},"tag_ids":[40273,45340,45370,45453],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48782}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social A (Social Engineering Community)","hotel":"","short_name":"Social A (Social Engineering Community)","id":45418},"updated":"2022-08-03T05:19:00.000-0000","begin":"2022-08-13T00:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"If you have been following some of the recent news about PLC code injection, or toolkits such as Incontroller, you'd think that these discoveries are 'shocking' or conceptually new, and that Industrial Control Systems are constantly under attack by 'sophisticated' APTs or Nation-States. The reality is that besides due to 'insecure by design' and 'insecure by practice', many of these attack vectors have been documented years ago. Vendors and Integrators alike treated these as 'it's a feature, not a bug', 'we've always done it this way' and at other times 'this is a problem, but we'll just pretend no one will exploit it'. This talk will highlight some of the previously documented instances of the more recent discoveries, and attempt to provide reasonable mitigation or prevention strategies based on best practices, established frameworks and sector-specific guidance.\n\n\n","title":"Stop worrying about Nation-States and Zero-Days; let's fix things that have been known for years!","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#81f8bf","name":"ICS Village","id":45369},"end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"If you have been following some of the recent news about PLC code injection, or toolkits such as Incontroller, you'd think that these discoveries are 'shocking' or conceptually new, and that Industrial Control Systems are constantly under attack by 'sophisticated' APTs or Nation-States. The reality is that besides due to 'insecure by design' and 'insecure by practice', many of these attack vectors have been documented years ago. Vendors and Integrators alike treated these as 'it's a feature, not a bug', 'we've always done it this way' and at other times 'this is a problem, but we'll just pretend no one will exploit it'. This talk will highlight some of the previously documented instances of the more recent discoveries, and attempt to provide reasonable mitigation or prevention strategies based on best practices, established frameworks and sector-specific guidance.","updated_timestamp":{"seconds":1659473220,"nanoseconds":0},"speakers":[{"content_ids":[49342,49351],"conference_id":65,"event_ids":[49442,49451],"name":"Vivek Ponnada","affiliations":[{"organization":"Nozomi","title":"Regional Sales Director"}],"links":[],"pronouns":null,"media":[],"id":48773,"title":"Regional Sales Director at Nozomi"}],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49442,"tag_ids":[40258,45340,45369,45375,45450],"begin_timestamp":{"seconds":1660350600,"nanoseconds":0},"village_id":15,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48773}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village)","hotel":"","short_name":"314 - 319 (ICS Village)","id":45430},"spans_timebands":"N","updated":"2022-08-02T20:47:00.000-0000","begin":"2022-08-13T00:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#c497fa","updated_at":"2024-06-07T03:39+0000","name":"Girls Hack Village","id":45361},"title":"Hidden Payloads in Cyber Security","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659465600,"nanoseconds":0},"speakers":[{"content_ids":[49303],"conference_id":65,"event_ids":[49402],"name":"Chantel Sims aka Root","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/chantel-sims-6b474a15b/"}],"media":[],"id":48714}],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49402,"village_id":12,"tag_ids":[40255,45340,45361,45451],"begin_timestamp":{"seconds":1660350600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48714}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City III (Girls Hack Village)","hotel":"","short_name":"Virginia City III (Girls Hack Village)","id":45400},"begin":"2022-08-13T00:30:00.000-0000","updated":"2022-08-02T18:40:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"You likely receive OTPs (one-time-passwords) all the time, usually in the form of an SMS with a 4 to 8 digit code in it. Pretty common when you sign-in (or register) to Uber, your bank, Whatsapp, etc. The most adopted OTP size is 6 digits, and we just accept that it's hard to guess, after all it's 1 in a million chance, and leave it there. Some may wonder, what if get a new OTP after the first one expires, assuming it's another 1 in a million chance, and forget about it. When you calculate the actual chance of guessing an OTP one after the other, the odds are NOT 1 in a million. You will be surprised how the probabilities spiral once you start thinking of brute forcing OTPs one after the other, and what about parallelising the brute force among different users, the surprise is even bigger.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ff88ea","name":"Crypto & Privacy Village","id":45347},"title":"[T]OTPs are not as secure as you might believe","android_description":"You likely receive OTPs (one-time-passwords) all the time, usually in the form of an SMS with a 4 to 8 digit code in it. Pretty common when you sign-in (or register) to Uber, your bank, Whatsapp, etc. The most adopted OTP size is 6 digits, and we just accept that it's hard to guess, after all it's 1 in a million chance, and leave it there. Some may wonder, what if get a new OTP after the first one expires, assuming it's another 1 in a million chance, and forget about it. When you calculate the actual chance of guessing an OTP one after the other, the odds are NOT 1 in a million. You will be surprised how the probabilities spiral once you start thinking of brute forcing OTPs one after the other, and what about parallelising the brute force among different users, the surprise is even bigger.","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"updated_timestamp":{"seconds":1659213720,"nanoseconds":0},"speakers":[{"content_ids":[49149,49165],"conference_id":65,"event_ids":[49185,49201],"name":"Santiago Kantorowicz","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48612}],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49185,"tag_ids":[40253,45347,45451],"begin_timestamp":{"seconds":1660350600,"nanoseconds":0},"village_id":10,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48612}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"spans_timebands":"N","updated":"2022-07-30T20:42:00.000-0000","begin":"2022-08-13T00:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Anonymity networks such as Tor are used to protect the identity of people or services. Several deanonymization techniques have been described over time. Some of them attacked the protocol, others exploited various configuration issues. Through this presentation I will focus on deanonymization techniques of the http services of such networks by exploiting configuration issues.\n\nIn the first part of the presentation, I will present deanonymization techniques on TOR which are public, and I will also present the techniques developed by me and the interesting story of how I came to develop them.\n\nIn the last part of my presentation, I will do a demo with the exploitation of http hidden services in TOR and I will present each technique separately. I will also present how one of the techniques can be used successfully not only in the TOR network, but also on the internet in order to obtain information about the server that will help you discover other services.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"title":"Deanonymization of TOR HTTP hidden services","end_timestamp":{"seconds":1660351800,"nanoseconds":0},"android_description":"Anonymity networks such as Tor are used to protect the identity of people or services. Several deanonymization techniques have been described over time. Some of them attacked the protocol, others exploited various configuration issues. Through this presentation I will focus on deanonymization techniques of the http services of such networks by exploiting configuration issues.\n\nIn the first part of the presentation, I will present deanonymization techniques on TOR which are public, and I will also present the techniques developed by me and the interesting story of how I came to develop them.\n\nIn the last part of my presentation, I will do a demo with the exploitation of http hidden services in TOR and I will present each technique separately. I will also present how one of the techniques can be used successfully not only in the TOR network, but also on the internet in order to obtain information about the server that will help you discover other services.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48533],"conference_id":65,"event_ids":[48579],"name":"Ionut Cernica","affiliations":[{"organization":"","title":"PHD Student Department of Computer Science, Faculty of Automatic Control and Computer Science, University Politehnica of Bucharest"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/cernica-ionut-ba844745/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/CernicaIonut"}],"pronouns":null,"media":[],"id":47871,"title":"PHD Student Department of Computer Science, Faculty of Automatic Control and Computer Science, University Politehnica of Bucharest"}],"timeband_id":891,"end":"2022-08-13T00:50:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241995"}],"id":48579,"village_id":null,"begin_timestamp":{"seconds":1660350600,"nanoseconds":0},"tag_ids":[45241,45279,45280,45375,45450],"includes":"Demo, Exploit","people":[{"tag_id":565,"sort_order":1,"person_id":47871}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"spans_timebands":"N","updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-13T00:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The year was 1986 and the arena rock of the 1970s was coming to a whimpering end, while rap had not quite gained a mainstream foothold. The unlikely collaboration between Aerosmith and Run D.M.C. changed the course of music forever, reinvigorating the relevance of rock while bringing rap to the forefront of prominence. This collaboration, unexpected, and by some accounts uncomfortable, paved the way for the future of music and celebrated the genius of innovation of partnership. The cybersecurity community has much to learn from this example of partnership for the better. \r\n \r\nJen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), and Jeff Moss, founder and President of DefCon Communications, will discuss the importance of partnership between the Federal Government and the hacker community. The growing partnership through CISA’s recently established Cybersecurity Advisory Committee and the work of the technical advisory council could have the same effect on our future shared cybersecurity posture to truly raise our shared cyber defense. Through this Council, researchers, academics, and technologists are working together with government to evolve how to understand new vulnerabilities, how to identify and encourage adoption of strong security controls, and how to use increasing volumes of security data to derive actionable insights that can be shared across the broader community. #walkthisway\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"title":"Walk This Way: What Run D.M.C. and Aerosmith Can Teach Us About the Future of Cybersecurity","android_description":"The year was 1986 and the arena rock of the 1970s was coming to a whimpering end, while rap had not quite gained a mainstream foothold. The unlikely collaboration between Aerosmith and Run D.M.C. changed the course of music forever, reinvigorating the relevance of rock while bringing rap to the forefront of prominence. This collaboration, unexpected, and by some accounts uncomfortable, paved the way for the future of music and celebrated the genius of innovation of partnership. The cybersecurity community has much to learn from this example of partnership for the better. \r\n \r\nJen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA), and Jeff Moss, founder and President of DefCon Communications, will discuss the importance of partnership between the Federal Government and the hacker community. The growing partnership through CISA’s recently established Cybersecurity Advisory Committee and the work of the technical advisory council could have the same effect on our future shared cybersecurity posture to truly raise our shared cyber defense. Through this Council, researchers, academics, and technologists are working together with government to evolve how to understand new vulnerabilities, how to identify and encourage adoption of strong security controls, and how to use increasing volumes of security data to derive actionable insights that can be shared across the broader community. #walkthisway","end_timestamp":{"seconds":1660353300,"nanoseconds":0},"updated_timestamp":{"seconds":1659453420,"nanoseconds":0},"speakers":[{"content_ids":[48506,48593,48501,48534],"conference_id":65,"event_ids":[48594,48504,48523,48540],"name":"The Dark Tangent","affiliations":[{"organization":"","title":"DEF CON "}],"links":[],"pronouns":null,"media":[],"id":47869,"title":"DEF CON"},{"content_ids":[48534],"conference_id":65,"event_ids":[48540],"name":"Jen Easterly","affiliations":[{"organization":"US Cybersecurity and Infrastructure Security Agency (CISA)","title":"Director"}],"links":[],"pronouns":null,"media":[],"id":48711,"title":"Director at US Cybersecurity and Infrastructure Security Agency (CISA)"}],"timeband_id":891,"links":[],"end":"2022-08-13T01:15:00.000-0000","id":48540,"begin_timestamp":{"seconds":1660350600,"nanoseconds":0},"tag_ids":[45241,45375,45450],"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48711},{"tag_id":565,"sort_order":1,"person_id":47869}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 106-110, 138-139 (Track 2)","hotel":"","short_name":"106-110, 138-139 (Track 2)","id":45373},"begin":"2022-08-13T00:30:00.000-0000","updated":"2022-08-02T15:17:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Assessing Cyber Security ROI: Adversary simulation and Purple teaming","type":{"conference_id":65,"conference":"DEFCON30","color":"#54ab76","updated_at":"2024-06-07T03:39+0000","name":"Adversary Village","id":45377},"end_timestamp":{"seconds":1660349700,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659888300,"nanoseconds":0},"speakers":[{"content_ids":[48703,49575,49601],"conference_id":65,"event_ids":[48711,49787,49815],"name":"Bryson Bort","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/brysonbort/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/brysonbort"}],"pronouns":null,"media":[],"id":48012},{"content_ids":[49575],"conference_id":65,"event_ids":[49787],"name":"Joe Vest","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/joe-vest/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/joevest"}],"media":[],"id":48924},{"content_ids":[49575],"conference_id":65,"event_ids":[49787],"name":"Itzik Kotler","affiliations":[{"organization":"SafeBreach","title":"CTO and Co-Founder"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/itzikk/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/itzikkotler"}],"pronouns":null,"media":[],"id":48927,"title":"CTO and Co-Founder at SafeBreach"},{"content_ids":[49575],"conference_id":65,"event_ids":[49787],"name":"Ben Opel","affiliations":[{"organization":"AttackIQ","title":"Senior Director for Professional Services"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/benjamin-opel-9a373066/"}],"media":[],"id":48941,"title":"Senior Director for Professional Services at AttackIQ"}],"timeband_id":891,"links":[],"end":"2022-08-13T00:15:00.000-0000","id":49787,"begin_timestamp":{"seconds":1660349700,"nanoseconds":0},"tag_ids":[40246,45367,45373,45377,45451],"village_id":1,"includes":"","people":[{"tag_id":45290,"sort_order":1,"person_id":48941},{"tag_id":45290,"sort_order":1,"person_id":48012},{"tag_id":45290,"sort_order":1,"person_id":48927},{"tag_id":45290,"sort_order":1,"person_id":48924}],"tags":"Panel","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"spans_timebands":"N","begin":"2022-08-13T00:15:00.000-0000","updated":"2022-08-07T16:05:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Has Russian malware lead to loss of life, yes. The effects of the Ukrainian border patrol and orphan database wiper viruses. Russian malware pinpointing evacuating refugees for murder. Wiping orphan identifications so they can't escape the Mariupol, killing many in the theater they sheltered in. Wiping border control to the point they operated on pen and paper, slowing evacuations leaving some to freeze to death desperate to flee. Luring of humanitarian aid workers through surveillanceware and misinformation leading to kidnapping and ransom payments with cryptocurrency. Targeting refugees in Europe for surveillance, harassment and intimidation. No digital ID, no cash, no credit cards. What happens when cyberwar affects everyday lives.\n\n\n","title":"Deadly Russian Malware in Ukraine","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#a8c24b","name":"Skytalk","id":45291},"end_timestamp":{"seconds":1660352100,"nanoseconds":0},"android_description":"Has Russian malware lead to loss of life, yes. The effects of the Ukrainian border patrol and orphan database wiper viruses. Russian malware pinpointing evacuating refugees for murder. Wiping orphan identifications so they can't escape the Mariupol, killing many in the theater they sheltered in. Wiping border control to the point they operated on pen and paper, slowing evacuations leaving some to freeze to death desperate to flee. Luring of humanitarian aid workers through surveillanceware and misinformation leading to kidnapping and ransom payments with cryptocurrency. Targeting refugees in Europe for surveillance, harassment and intimidation. No digital ID, no cash, no credit cards. What happens when cyberwar affects everyday lives.","updated_timestamp":{"seconds":1658865300,"nanoseconds":0},"speakers":[{"content_ids":[48703,48708,49784],"conference_id":65,"event_ids":[48711,48715,49997],"name":"Chris Kubecka","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/SecEvangelism"}],"pronouns":null,"media":[],"id":47994}],"timeband_id":891,"links":[],"end":"2022-08-13T00:55:00.000-0000","id":48715,"tag_ids":[40272,45291,45340,45373,45453],"village_id":30,"begin_timestamp":{"seconds":1660349100,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47994}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45438,"name":"LINQ - BLOQ (SkyTalks 303)","hotel":"","short_name":"BLOQ (SkyTalks 303)","id":45413},"begin":"2022-08-13T00:05:00.000-0000","updated":"2022-07-26T19:55:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"No matter how sophisticated and thorough security precautions are, there will always be a possible means, method or technique to compromise a target. A threat hunter has to know these techniques and use them to their advantage. In this talk we will discuss the techniques, tactics and procedures of the MITTRE ATT&CK Framework.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#74a6bb","name":"DEF CON Groups VR","id":45449},"title":"Starting Threat Hunting with MITRE ATT&CK Framework","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"No matter how sophisticated and thorough security precautions are, there will always be a possible means, method or technique to compromise a target. A threat hunter has to know these techniques and use them to their advantage. In this talk we will discuss the techniques, tactics and procedures of the MITTRE ATT&CK Framework.","updated_timestamp":{"seconds":1660257240,"nanoseconds":0},"speakers":[{"content_ids":[49753],"conference_id":65,"event_ids":[49951],"name":"Shellt3r","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49091}],"timeband_id":891,"end":"2022-08-13T01:00:00.000-0000","links":[{"label":"URL","type":"link","url":"https://account.altvr.com/events/2059997537997160822"}],"id":49951,"tag_ids":[45374,45449],"begin_timestamp":{"seconds":1660348800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49091}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - DEF CON Groups VR","hotel":"","short_name":"DEF CON Groups VR","id":45523},"spans_timebands":"N","updated":"2022-08-11T22:34:00.000-0000","begin":"2022-08-13T00:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Hackfortress is a unique blend of Team Fortress 2 and a computer security contest. Teams are made up of 6 TF2 players and 4 hackers, TF2 players duke it out while hackers are busy with challenges like application security, network security, social engineering, or reverse engineering. As teams start scoring they can redeem points in the hack fortress store for bonuses. Bonuses range from crits for the TF2, lighting the opposing team on fire, or preventing the other teams hackers from accessing the store. HackFortress challenges range from beginner to advanced, from serious to absurd.\r\n\r\nDeadline for registration is Friday at 17:00\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"title":"Hack Fortress","end_timestamp":{"seconds":1660348800,"nanoseconds":0},"android_description":"Hackfortress is a unique blend of Team Fortress 2 and a computer security contest. Teams are made up of 6 TF2 players and 4 hackers, TF2 players duke it out while hackers are busy with challenges like application security, network security, social engineering, or reverse engineering. As teams start scoring they can redeem points in the hack fortress store for bonuses. Bonuses range from crits for the TF2, lighting the opposing team on fire, or preventing the other teams hackers from accessing the store. HackFortress challenges range from beginner to advanced, from serious to absurd.\r\n\r\nDeadline for registration is Friday at 17:00","updated_timestamp":{"seconds":1660239240,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[{"label":"Registration","type":"link","url":"https://docs.google.com/forms/d/e/1FAIpQLSdupEkgL7m9mELjzKkjgTaMVMSQgY4kkOLBZbXA33Dqtb4CNQ/viewform?fbzx=9038029964706703259"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241394"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711643831275225125"},{"label":"Twitter","type":"link","url":"https://twitter.com/tf2shmoo"},{"label":"Website","type":"link","url":"http://hackfortress.net"}],"end":"2022-08-13T00:00:00.000-0000","id":49939,"begin_timestamp":{"seconds":1660348800,"nanoseconds":0},"tag_ids":[45360,45373,45450],"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"spans_timebands":"N","begin":"2022-08-13T00:00:00.000-0000","updated":"2022-08-11T17:34:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"When wardriving becomes an obsession. elkentaro,d4rkm4tter,grim0us panel discussion on \"extreme\" wardriving/warwalking. The why, how and why...\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8826b","name":"Radio Frequency Village","id":45383},"title":"When you're too competitive for your own good","android_description":"When wardriving becomes an obsession. elkentaro,d4rkm4tter,grim0us panel discussion on \"extreme\" wardriving/warwalking. The why, how and why...","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"updated_timestamp":{"seconds":1659928560,"nanoseconds":0},"speakers":[{"content_ids":[49664,49671],"conference_id":65,"event_ids":[49852,49859],"name":"D4rkm4tter","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49020},{"content_ids":[49664,49671],"conference_id":65,"event_ids":[49852,49859],"name":"El Kentaro","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/elkentaro"}],"pronouns":null,"media":[],"id":49021},{"content_ids":[49664,49671],"conference_id":65,"event_ids":[49852,49859],"name":"Grim0us","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49022}],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49852,"begin_timestamp":{"seconds":1660348800,"nanoseconds":0},"tag_ids":[40267,45340,45373,45383,45451],"village_id":25,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49020},{"tag_id":565,"sort_order":1,"person_id":49021},{"tag_id":565,"sort_order":1,"person_id":49022}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Eldorado Ballroom (Radio Frequency Village)","hotel":"","short_name":"Eldorado Ballroom (Radio Frequency Village)","id":45427},"spans_timebands":"N","begin":"2022-08-13T00:00:00.000-0000","updated":"2022-08-08T03:16:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"We're skipping lock picking and discussing the other elements of physical security. Come and learn about the evolution of modern physical security, and what you can do to attack and defend common systems. We'll briefly review terminology and legality before exploring a wide variety of modern security devices and bypasses, with plenty of tricks and tips along the way.\n\n\n","title":"Physical Security Bypasses","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#61ba95","name":"Physical Security Village","id":45381},"android_description":"We're skipping lock picking and discussing the other elements of physical security. Come and learn about the evolution of modern physical security, and what you can do to attack and defend common systems. We'll briefly review terminology and legality before exploring a wide variety of modern security devices and bypasses, with plenty of tricks and tips along the way.","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"updated_timestamp":{"seconds":1659624300,"nanoseconds":0},"speakers":[{"content_ids":[49397],"conference_id":65,"event_ids":[49544],"name":"redteamwynns","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/redteamwynns"}],"pronouns":null,"media":[],"id":48803}],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49544,"begin_timestamp":{"seconds":1660348800,"nanoseconds":0},"village_id":22,"tag_ids":[40264,45340,45373,45381,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48803}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 201-202 (Physical Security Village)","hotel":"","short_name":"201-202 (Physical Security Village)","id":45428},"spans_timebands":"N","begin":"2022-08-13T00:00:00.000-0000","updated":"2022-08-04T14:45:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"CANalyse is a software tool built to analyse the log files in a creative powerful way to find out unique data sets automatically and inject the refined payload back into vehicle network. \r\n\r\nCANalyse has three modes; \r\n1) Smart Scan: automatic data filtration. \r\n2) CANalyse IDE: powerful integrated development environment (IDE) using pandasql. \r\n3) Telegram: it uses the IDE on base level and receives the commands through a telegram bot. \r\n\r\nIn short, using CANalyse an attacker can sniff the CAN network (all python-can supported protocols), analyse (both in automatic and manual method) rapidly, and inject the payload back into vehicle network. All this can also be done by using a telegram bot too.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#b9b1c5","updated_at":"2024-06-07T03:39+0000","name":"Car Hacking Village","id":45352},"title":"CANalyse 2.0 : A vehicle network analysis and attack tool.","android_description":"CANalyse is a software tool built to analyse the log files in a creative powerful way to find out unique data sets automatically and inject the refined payload back into vehicle network. \r\n\r\nCANalyse has three modes; \r\n1) Smart Scan: automatic data filtration. \r\n2) CANalyse IDE: powerful integrated development environment (IDE) using pandasql. \r\n3) Telegram: it uses the IDE on base level and receives the commands through a telegram bot. \r\n\r\nIn short, using CANalyse an attacker can sniff the CAN network (all python-can supported protocols), analyse (both in automatic and manual method) rapidly, and inject the payload back into vehicle network. All this can also be done by using a telegram bot too.","end_timestamp":{"seconds":1660351200,"nanoseconds":0},"updated_timestamp":{"seconds":1659587520,"nanoseconds":0},"speakers":[{"content_ids":[49390],"conference_id":65,"event_ids":[49537],"name":"Rahul J","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48797},{"content_ids":[49390],"conference_id":65,"event_ids":[49537],"name":"Kartheek Lade (@0xh3nry)","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48798}],"timeband_id":891,"links":[],"end":"2022-08-13T00:40:00.000-0000","id":49537,"village_id":8,"tag_ids":[40251,45340,45348,45352,45374],"begin_timestamp":{"seconds":1660348800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48798},{"tag_id":565,"sort_order":1,"person_id":48797}],"tags":"Pre-Recorded Content, Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - Car Hacking Village","hotel":"","short_name":"Car Hacking Village","id":45487},"updated":"2022-08-04T04:32:00.000-0000","begin":"2022-08-13T00:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Running phishing simulations can be complicated. At worst, you risk damaging your personal brand and that of the Information Security function. What if you could run a phishing simulation that maximizes all the value that you hope to get from these simulations, while minimizing potential bad outcomes? In this talk, we’ll go through the lessons we’ve learned from running successful phishing campaigns and focus on how to approach this work with empathy and a positive attitude to boost your organization’s security IQ. Session participants will learn how to: – Design, execute, and measure the results of phishing simulations on a budget – Craft effective, thoughtful phishing pretexts and learn which pretexts should be avoided – Avoid common pitfalls through proactive communication and executive buy-in.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#504dd0","name":"Social Engineering Community Village","id":45370},"title":"Phishing with Empathy: Running Successful Phishing Campaigns without Making Enemies and Irritating People","android_description":"Running phishing simulations can be complicated. At worst, you risk damaging your personal brand and that of the Information Security function. What if you could run a phishing simulation that maximizes all the value that you hope to get from these simulations, while minimizing potential bad outcomes? In this talk, we’ll go through the lessons we’ve learned from running successful phishing campaigns and focus on how to approach this work with empathy and a positive attitude to boost your organization’s security IQ. Session participants will learn how to: – Design, execute, and measure the results of phishing simulations on a budget – Craft effective, thoughtful phishing pretexts and learn which pretexts should be avoided – Avoid common pitfalls through proactive communication and executive buy-in.","end_timestamp":{"seconds":1660350600,"nanoseconds":0},"updated_timestamp":{"seconds":1659503940,"nanoseconds":0},"speakers":[{"content_ids":[49361],"conference_id":65,"event_ids":[49489],"name":"Brian Markham","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/maru37"}],"media":[],"id":48781},{"content_ids":[49361],"conference_id":65,"event_ids":[49489],"name":"SooYun Chung","affiliations":[{"organization":"EAB Global","title":"Security Analyst"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/theiciso"}],"media":[],"id":48786,"title":"Security Analyst at EAB Global"}],"timeband_id":891,"links":[],"end":"2022-08-13T00:30:00.000-0000","id":49489,"village_id":31,"tag_ids":[40273,45340,45370,45453],"begin_timestamp":{"seconds":1660348800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48781},{"tag_id":565,"sort_order":1,"person_id":48786}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social A (Social Engineering Community)","hotel":"","short_name":"Social A (Social Engineering Community)","id":45418},"begin":"2022-08-13T00:00:00.000-0000","updated":"2022-08-03T05:19:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"When you do something, you’ll want to remember how to do it again. Notes are fine, scripts are better. Automate all the things.\n\n\n","title":"Why aren’t you automating?","type":{"conference_id":65,"conference":"DEFCON30","color":"#81f8bf","updated_at":"2024-06-07T03:39+0000","name":"ICS Village","id":45369},"end_timestamp":{"seconds":1660350600,"nanoseconds":0},"android_description":"When you do something, you’ll want to remember how to do it again. Notes are fine, scripts are better. Automate all the things.","updated_timestamp":{"seconds":1659473220,"nanoseconds":0},"speakers":[{"content_ids":[49341],"conference_id":65,"event_ids":[49441],"name":"Don C.Weber","affiliations":[{"organization":"Cutaway Security,LLC","title":"Principal Consultant"}],"links":[],"pronouns":null,"media":[],"id":48759,"title":"Principal Consultant at Cutaway Security,LLC"}],"timeband_id":891,"links":[],"end":"2022-08-13T00:30:00.000-0000","id":49441,"tag_ids":[40258,45340,45369,45375,45450],"village_id":15,"begin_timestamp":{"seconds":1660348800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48759}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village)","hotel":"","short_name":"314 - 319 (ICS Village)","id":45430},"spans_timebands":"N","updated":"2022-08-02T20:47:00.000-0000","begin":"2022-08-13T00:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Zac will show you how to escape from common restraints in a variety of manners. Then practice these skills with a buddy, or at our restraint breaking table anytime you’d like.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#569d6e","updated_at":"2024-06-07T03:39+0000","name":"Rogues Village","id":45368},"title":"DIY Restraint Breaking","android_description":"Zac will show you how to escape from common restraints in a variety of manners. Then practice these skills with a buddy, or at our restraint breaking table anytime you’d like.","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"updated_timestamp":{"seconds":1659467460,"nanoseconds":0},"speakers":[{"content_ids":[49323,49325],"conference_id":65,"event_ids":[49423,49425],"name":"Zac","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48745}],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49423,"begin_timestamp":{"seconds":1660348800,"nanoseconds":0},"village_id":29,"tag_ids":[40271,45332,45368,45453],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48745}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Evolution (Rogues Village)","hotel":"","short_name":"Evolution (Rogues Village)","id":45407},"updated":"2022-08-02T19:11:00.000-0000","begin":"2022-08-13T00:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Discussion around Imposter Syndrome and its effect\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#c497fa","name":"Girls Hack Village","id":45361},"title":"Imposter Syndrome- The Silent Killer of Motivation","end_timestamp":{"seconds":1660350600,"nanoseconds":0},"android_description":"Discussion around Imposter Syndrome and its effect","updated_timestamp":{"seconds":1659465600,"nanoseconds":0},"speakers":[{"content_ids":[49302,49309],"conference_id":65,"event_ids":[49401,49409],"name":"Melissa Miller","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48730}],"timeband_id":891,"links":[],"end":"2022-08-13T00:30:00.000-0000","id":49401,"village_id":12,"tag_ids":[40255,45340,45361,45451],"begin_timestamp":{"seconds":1660348800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48730}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City III (Girls Hack Village)","hotel":"","short_name":"Virginia City III (Girls Hack Village)","id":45400},"spans_timebands":"N","updated":"2022-08-02T18:40:00.000-0000","begin":"2022-08-13T00:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"EFF's team of technology experts have crafted challenging trivia about the fascinating, obscure, and trivial aspects of digital security, online rights, and Internet culture. Competing teams will plumb the unfathomable depths of their knowledge, but only the champion hive mind will claim the First Place Tech Trivia Plaque and EFF swag pack. The second and third place teams will also win great EFF gear.\n\n\n","title":"EFF Tech Trivia","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"android_description":"EFF's team of technology experts have crafted challenging trivia about the fascinating, obscure, and trivial aspects of digital security, online rights, and Internet culture. Competing teams will plumb the unfathomable depths of their knowledge, but only the champion hive mind will claim the First Place Tech Trivia Plaque and EFF swag pack. The second and third place teams will also win great EFF gear.","end_timestamp":{"seconds":1660359600,"nanoseconds":0},"updated_timestamp":{"seconds":1659407580,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T03:00:00.000-0000","id":49339,"village_id":null,"tag_ids":[45360,45450],"begin_timestamp":{"seconds":1660348800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"updated":"2022-08-02T02:33:00.000-0000","begin":"2022-08-13T00:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Whether you’re in AWS, Azure or GCP, cloud security engineering doesn’t stop at basic guardrails and sending logs to a SIEM. So how do you engineer for the challenges unique to cloud forensics and incident response? This panel of cloud security engineers and incident responders will share their experiences and insights to help you take your security engineering from “just the basics” to “prepared for the inevitable”.\n\n\nWhether you’re in AWS, Azure or GCP, cloud security engineering doesn’t stop at basic guardrails and sending logs to a SIEM. So how do you engineer for the challenges unique to cloud forensics and incident response? This panel of cloud security engineers and incident responders will share their experiences and insights to help you take your security engineering from “just the basics” to “prepared for the inevitable”.","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#97ab92","name":"Blue Team Village","id":45376},"title":"Blue Teaming Cloud: Security Engineering for Cloud Forensics & Incident Response","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"Whether you’re in AWS, Azure or GCP, cloud security engineering doesn’t stop at basic guardrails and sending logs to a SIEM. So how do you engineer for the challenges unique to cloud forensics and incident response? This panel of cloud security engineers and incident responders will share their experiences and insights to help you take your security engineering from “just the basics” to “prepared for the inevitable”.\n\n\nWhether you’re in AWS, Azure or GCP, cloud security engineering doesn’t stop at basic guardrails and sending logs to a SIEM. So how do you engineer for the challenges unique to cloud forensics and incident response? This panel of cloud security engineers and incident responders will share their experiences and insights to help you take your security engineering from “just the basics” to “prepared for the inevitable”.","updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48914],"conference_id":65,"event_ids":[48916],"name":"Misstech","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48338},{"content_ids":[48914,49172],"conference_id":65,"event_ids":[48916,49208],"name":"Cassandra Young (muteki)","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/muteki_rtw"}],"pronouns":null,"media":[],"id":48358},{"content_ids":[48914],"conference_id":65,"event_ids":[48916],"name":"KyleHaxWhy","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48365},{"content_ids":[48914],"conference_id":65,"event_ids":[48916],"name":"John Orleans","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48369}],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":48916,"begin_timestamp":{"seconds":1660348800,"nanoseconds":0},"village_id":7,"tag_ids":[40250,45367,45373,45376,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48358},{"tag_id":565,"sort_order":1,"person_id":48369},{"tag_id":565,"sort_order":1,"person_id":48365},{"tag_id":565,"sort_order":1,"person_id":48338}],"tags":"Panel","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Main Stage (In-person)","hotel":"","short_name":"BTV Main Stage (In-person)","id":45470},"spans_timebands":"N","begin":"2022-08-13T00:00:00.000-0000","updated":"2022-07-28T21:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun.\r\n\r\nPlease note: the Caesars Forum Unity Ballroom is at the \"front\" of Caesars Forum, beside Demo Labs, across from room 216 (the Contest-CTF area).\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d1c366","updated_at":"2024-06-07T03:39+0000","name":"Meetup","id":45288},"title":"Friends of Bill W","end_timestamp":{"seconds":1660348800,"nanoseconds":0},"android_description":"For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun.\r\n\r\nPlease note: the Caesars Forum Unity Ballroom is at the \"front\" of Caesars Forum, beside Demo Labs, across from room 216 (the Contest-CTF area).","updated_timestamp":{"seconds":1659541740,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T00:00:00.000-0000","id":48705,"begin_timestamp":{"seconds":1660348800,"nanoseconds":0},"tag_ids":[45288,45373,45450],"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Unity Boardroom","hotel":"","short_name":"Unity Boardroom","id":45394},"spans_timebands":"N","updated":"2022-08-03T15:49:00.000-0000","begin":"2022-08-13T00:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Consumer Reports Digital Lab is a team of hackers, technologists and advocates that break the products we use every day to identify vulnerabilities that harm consumers. Come meet CR’s resident hackers and learn how you can hack alongside us. We’ll be showcasing our work in IoT, VPNs, and data rights and asking you how we can better leverage our security testing and research to provoke industry change.\n\n\n","title":"Meet the Digital Lab at Consumer Reports","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d1c366","name":"Meetup","id":45288},"android_description":"Consumer Reports Digital Lab is a team of hackers, technologists and advocates that break the products we use every day to identify vulnerabilities that harm consumers. Come meet CR’s resident hackers and learn how you can hack alongside us. We’ll be showcasing our work in IoT, VPNs, and data rights and asking you how we can better leverage our security testing and research to provoke industry change.","end_timestamp":{"seconds":1660359600,"nanoseconds":0},"updated_timestamp":{"seconds":1658810640,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T03:00:00.000-0000","id":48687,"village_id":null,"tag_ids":[45288,45373,45450],"begin_timestamp":{"seconds":1660348800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Accord Boardroom (Demo Labs)","hotel":"","short_name":"Accord Boardroom (Demo Labs)","id":45395},"spans_timebands":"N","updated":"2022-07-26T04:44:00.000-0000","begin":"2022-08-13T00:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Hash Table, as the most fundamental Data Structure in Computer Science, is extensively applied in Software Architecture to store data in an associative manner. However, its architecture makes it prone to Collision Attacks. To deal with this problem, 25 years ago, Microsoft designed its own Dynamic Hashing algorithm and applied it everywhere in IIS, the Web Server from Microsoft, to serve various data from HTTP Stack. As Hash Table is everywhere, isn't the design from Microsoft worth scrutinizing?\n\nWe dive into IIS internals through months of Reverse-Engineering efforts to examine both the Hash Table implementation and the use of Hash Table algorithms. Several types of attacks are proposed and uncovered in our research, including (1) A specially designed Zero-Hash Flooding Attack against Microsoft's self-implemented algorithm. (2) A Cache Poisoning Attack based on the inconsistency between Hash-Keys. (3) An unusual Authentication Bypass based on a hash collision.\n\nBy understanding this talk, the audience won't be surprised why we can destabilize the Hash Table easily. The audience will also learn how we explore the IIS internals and will be surprised by our results. These results could not only make a default installed IIS Server hang with 100% CPU but also modify arbitrary HTTP responses through crafted HTTP request. Moreover, we'll demonstrate how we bypass the authentication requirement with a single, crafted password by colliding the identity cache!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"title":"Let's Dance in the Cache - Destabilizing Hash Table on Microsoft IIS","end_timestamp":{"seconds":1660351500,"nanoseconds":0},"android_description":"Hash Table, as the most fundamental Data Structure in Computer Science, is extensively applied in Software Architecture to store data in an associative manner. However, its architecture makes it prone to Collision Attacks. To deal with this problem, 25 years ago, Microsoft designed its own Dynamic Hashing algorithm and applied it everywhere in IIS, the Web Server from Microsoft, to serve various data from HTTP Stack. As Hash Table is everywhere, isn't the design from Microsoft worth scrutinizing?\n\nWe dive into IIS internals through months of Reverse-Engineering efforts to examine both the Hash Table implementation and the use of Hash Table algorithms. Several types of attacks are proposed and uncovered in our research, including (1) A specially designed Zero-Hash Flooding Attack against Microsoft's self-implemented algorithm. (2) A Cache Poisoning Attack based on the inconsistency between Hash-Keys. (3) An unusual Authentication Bypass based on a hash collision.\n\nBy understanding this talk, the audience won't be surprised why we can destabilize the Hash Table easily. The audience will also learn how we explore the IIS internals and will be surprised by our results. These results could not only make a default installed IIS Server hang with 100% CPU but also modify arbitrary HTTP responses through crafted HTTP request. Moreover, we'll demonstrate how we bypass the authentication requirement with a single, crafted password by colliding the identity cache!","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48532],"conference_id":65,"event_ids":[48556],"name":"Orange Tsai","affiliations":[{"organization":"","title":"Principal Security Researcher of DEVCORE"}],"links":[{"description":"","title":"Blog","sort_order":0,"url":"http://blog.orange.tw/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/orange_8361"}],"pronouns":null,"media":[],"id":47929,"title":"Principal Security Researcher of DEVCORE"}],"timeband_id":891,"end":"2022-08-13T00:45:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241837"}],"id":48556,"begin_timestamp":{"seconds":1660348800,"nanoseconds":0},"village_id":null,"tag_ids":[45241,45279,45280,45281,45348,45375,45450],"includes":"Demo, Exploit, Tool","people":[{"tag_id":565,"sort_order":1,"person_id":47929}],"tags":"Pre-Recorded Content","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 401-410, 421 (Track 3)","hotel":"","short_name":"401-410, 421 (Track 3)","id":45374},"updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-13T00:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Aruba Networks makes networking products for the enterprise. I make enterprise products run arbitrary code.\n\nOver the past couple of years, I've been hunting for vulnerabilities in some of Aruba's on-premise networking products and have had a bountiful harvest. A curated (read: patched) selection of these will be presented for your enjoyment. Pre-auth vulnerabilities and interesting bug chains abound, as well as a few unexpected attack surfaces and a frequently overlooked bug class.\n\nThis talk will explore some of the vulnerabilities I've found in various products in the Aruba range, and include details of their exploitation. I'll elaborate on how I found these bugs, detailing my workflow for breaking open virtual appliances and searching for vulnerabilities in them.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"title":"Hunting Bugs in The Tropics","android_description":"Aruba Networks makes networking products for the enterprise. I make enterprise products run arbitrary code.\n\nOver the past couple of years, I've been hunting for vulnerabilities in some of Aruba's on-premise networking products and have had a bountiful harvest. A curated (read: patched) selection of these will be presented for your enjoyment. Pre-auth vulnerabilities and interesting bug chains abound, as well as a few unexpected attack surfaces and a frequently overlooked bug class.\n\nThis talk will explore some of the vulnerabilities I've found in various products in the Aruba range, and include details of their exploitation. I'll elaborate on how I found these bugs, detailing my workflow for breaking open virtual appliances and searching for vulnerabilities in them.","end_timestamp":{"seconds":1660351500,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48531],"conference_id":65,"event_ids":[48521],"name":"Daniel Jensen","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/dozernz"},{"description":"","title":"Website","sort_order":0,"url":"https://dozer.nz/"}],"media":[],"id":47898}],"timeband_id":891,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242208"}],"end":"2022-08-13T00:45:00.000-0000","id":48521,"village_id":null,"begin_timestamp":{"seconds":1660348800,"nanoseconds":0},"tag_ids":[45241,45280,45375,45450],"includes":"Exploit","people":[{"tag_id":565,"sort_order":1,"person_id":47898}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 104-105, 135-136 (Track 1)","hotel":"","short_name":"104-105, 135-136 (Track 1)","id":45372},"spans_timebands":"N","updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-13T00:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Cloud is just somebody else's computer. So when you run a workload on a cloud host, anyone who owns (or pwns) that system can peak or tweak the data or even the application itself. You have no confidentiality or integrity protection from your Cloud Service Provider, rogue sysadmins, or just anyone who compromises their machines.\r\n\r\nBut being pwned does not necessarily mean it’s endgame. Confidential Computing uses hardware-based Trusted Execution Environments to provide confidentiality and integrity even in the most vulnerable scenarios.\r\n\r\nThis session will define Confidential Computing at a technical level and discuss current and upcoming hardware that have support for it. Later, we’ll introduce Enarx, an open source Linux Foundation project, and present a live demo to showcase Confidential Computing in a system that has been “pwned.”\n\n\n","title":"Owned or pwned? No peekin' or tweakin'!","type":{"conference_id":65,"conference":"DEFCON30","color":"#ff88ea","updated_at":"2024-06-07T03:39+0000","name":"Crypto & Privacy Village","id":45347},"end_timestamp":{"seconds":1660350600,"nanoseconds":0},"android_description":"The Cloud is just somebody else's computer. So when you run a workload on a cloud host, anyone who owns (or pwns) that system can peak or tweak the data or even the application itself. You have no confidentiality or integrity protection from your Cloud Service Provider, rogue sysadmins, or just anyone who compromises their machines.\r\n\r\nBut being pwned does not necessarily mean it’s endgame. Confidential Computing uses hardware-based Trusted Execution Environments to provide confidentiality and integrity even in the most vulnerable scenarios.\r\n\r\nThis session will define Confidential Computing at a technical level and discuss current and upcoming hardware that have support for it. Later, we’ll introduce Enarx, an open source Linux Foundation project, and present a live demo to showcase Confidential Computing in a system that has been “pwned.”","updated_timestamp":{"seconds":1659649680,"nanoseconds":0},"speakers":[{"content_ids":[49148,49153],"conference_id":65,"event_ids":[49184,49189],"name":"Nick Vidal","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48605},{"content_ids":[49148,49153],"conference_id":65,"event_ids":[49184,49189],"name":"Richard Zak","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48610}],"timeband_id":891,"links":[],"end":"2022-08-13T00:30:00.000-0000","id":49184,"village_id":10,"begin_timestamp":{"seconds":1660347900,"nanoseconds":0},"tag_ids":[40253,45347,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48605},{"tag_id":565,"sort_order":1,"person_id":48610}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"updated":"2022-08-04T21:48:00.000-0000","begin":"2022-08-12T23:45:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Whenever we want to proactively hunt for malware of interest for threat intelligence purposes, YARA is the swiss-army knife that makes the work of malware researchers and threat intelligence Researchers easier.\r\n\r\nWe will talk about leveraging the YARA to detect the future version of the malware.\r\nMalware developers work just like legitimate software developers, aiming to reduce the time wasted on repetitive tasks wherever possible. That means they create and reuse code across their malware. This has a pay-off for malware hunters and threat intelligence researchers, we can learn how to create search rules to detect this kind of code reuse, Traditional Yara rules are written on strings, but if we implement code leveraging YARA code reuse rules in addition to the strings rule the rule will last decades. We can leverage that for finding future malware from the same authors using their digital code fingerprints.\n\n\nMalware developers work just like legitimate software developers, aiming to reduce the time wasted on repetitive tasks wherever possible. That means they create and reuse code across their malware. This has a pay-off for malware hunters and threat intelligence researchers, we can learn how to create search rules to detect this kind of code reuse, Traditional Yara rules are written on strings, but if we implement code leveraging YARA code reuse rules in addition to the strings rule the rule will last decades.","type":{"conference_id":65,"conference":"DEFCON30","color":"#97ab92","updated_at":"2024-06-07T03:39+0000","name":"Blue Team Village","id":45376},"title":"YARA Rules to Rule them All","android_description":"Whenever we want to proactively hunt for malware of interest for threat intelligence purposes, YARA is the swiss-army knife that makes the work of malware researchers and threat intelligence Researchers easier.\r\n\r\nWe will talk about leveraging the YARA to detect the future version of the malware.\r\nMalware developers work just like legitimate software developers, aiming to reduce the time wasted on repetitive tasks wherever possible. That means they create and reuse code across their malware. This has a pay-off for malware hunters and threat intelligence researchers, we can learn how to create search rules to detect this kind of code reuse, Traditional Yara rules are written on strings, but if we implement code leveraging YARA code reuse rules in addition to the strings rule the rule will last decades. We can leverage that for finding future malware from the same authors using their digital code fingerprints.\n\n\nMalware developers work just like legitimate software developers, aiming to reduce the time wasted on repetitive tasks wherever possible. That means they create and reuse code across their malware. This has a pay-off for malware hunters and threat intelligence researchers, we can learn how to create search rules to detect this kind of code reuse, Traditional Yara rules are written on strings, but if we implement code leveraging YARA code reuse rules in addition to the strings rule the rule will last decades.","end_timestamp":{"seconds":1660348800,"nanoseconds":0},"updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48927],"conference_id":65,"event_ids":[48928],"name":"Saurabh Chaudhary","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48383}],"timeband_id":891,"links":[],"end":"2022-08-13T00:00:00.000-0000","id":48928,"tag_ids":[40250,45340,45348,45374,45376],"village_id":7,"begin_timestamp":{"seconds":1660347900,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48383}],"tags":"Pre-Recorded Content, Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45475,"name":"Virtual - BlueTeam Village - Talks","hotel":"","short_name":"Talks","id":45473},"updated":"2022-07-28T21:38:00.000-0000","begin":"2022-08-12T23:45:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"This talk focuses on cryptography topics that have not yet been discussed in any PQC 101 talks thus far;\r\n\r\neither because they are outside of the scope of the NIST PQC standardization project (thus far), or because they are relatively new and novel constructions.\r\n\n\n\n","title":"PQC in the Real World","type":{"conference_id":65,"conference":"DEFCON30","color":"#aae997","updated_at":"2024-06-07T03:39+0000","name":"Quantum Village","id":45382},"end_timestamp":{"seconds":1660350600,"nanoseconds":0},"android_description":"This talk focuses on cryptography topics that have not yet been discussed in any PQC 101 talks thus far;\r\n\r\neither because they are outside of the scope of the NIST PQC standardization project (thus far), or because they are relatively new and novel constructions.","updated_timestamp":{"seconds":1660333080,"nanoseconds":0},"speakers":[{"content_ids":[49705],"conference_id":65,"event_ids":[49895],"name":"James Howe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49057}],"timeband_id":891,"links":[],"end":"2022-08-13T00:30:00.000-0000","id":49895,"tag_ids":[40266,45340,45373,45382,45450],"begin_timestamp":{"seconds":1660347000,"nanoseconds":0},"village_id":24,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49057}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 217 (Quantum Village)","hotel":"","short_name":"217 (Quantum Village)","id":45403},"updated":"2022-08-12T19:38:00.000-0000","begin":"2022-08-12T23:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"canTot is a cli framework similar to the usage of known frameworks like Metasploit, dronesploit, expliot, and Recon-ng. The fun thing is that it contains fun hacks and known vulnerabilities disclosed. It can also be used as a guide for pentesting vehicles and learning python for Car Hacking the easier way. This is not to reinvent the wheel of known CAN fuzzers, car exploration tools like caring caribou, or other great CAN analyzers out there. But to combine all the known vulnerabilities and fun CAN bus hacks in automotive security.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#b9b1c5","updated_at":"2024-06-07T03:39+0000","name":"Car Hacking Village","id":45352},"title":"canTot - a CAN Bus Hacking Framework to Compile Fun Hacks and Vulnerabilities","end_timestamp":{"seconds":1660348800,"nanoseconds":0},"android_description":"canTot is a cli framework similar to the usage of known frameworks like Metasploit, dronesploit, expliot, and Recon-ng. The fun thing is that it contains fun hacks and known vulnerabilities disclosed. It can also be used as a guide for pentesting vehicles and learning python for Car Hacking the easier way. This is not to reinvent the wheel of known CAN fuzzers, car exploration tools like caring caribou, or other great CAN analyzers out there. But to combine all the known vulnerabilities and fun CAN bus hacks in automotive security.","updated_timestamp":{"seconds":1659587460,"nanoseconds":0},"speakers":[{"content_ids":[49389],"conference_id":65,"event_ids":[49536],"name":"Jay Turla","affiliations":[{"organization":"VikingCloud","title":"Principal Security Consultant"}],"links":[],"pronouns":null,"media":[],"id":48796,"title":"Principal Security Consultant at VikingCloud"}],"timeband_id":891,"links":[],"end":"2022-08-13T00:00:00.000-0000","id":49536,"begin_timestamp":{"seconds":1660347000,"nanoseconds":0},"tag_ids":[40251,45340,45348,45352,45374],"village_id":8,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48796}],"tags":"Pre-Recorded Content, Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - Car Hacking Village","hotel":"","short_name":"Car Hacking Village","id":45487},"updated":"2022-08-04T04:31:00.000-0000","begin":"2022-08-12T23:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"When we define Social Engineering in the context of Cyber Security, we’re often presented with a manipulative context where someone is exploiting a victim. Yet the same tactics that malicious actors use in emotional exploitation are present in news, advertising, social media, and marketing. These are multi-billion industries driving our very way of life. Can all influence systems be malicious or is there a range of ethics presented by the need to communicate potential value relationships? The tactics described by the best Social Engineers often involve soft skills traditions like active listening, building rapport, and communicating needs clearly. Social Engineering is a critical part of how we navigate relationships at work and home. Don’t you dress better and shine a bit brighter on that first date? Aren’t you trying your hardest to communicate your value to your boss? Like it or not, Social Engineering is a part of our every day lives. You can ignore it and risk becoming a victim or use it to enhance your relationships. That’s an ultimatum.\n\n\n","title":"Social Engineering the People you Love","type":{"conference_id":65,"conference":"DEFCON30","color":"#504dd0","updated_at":"2024-06-07T03:39+0000","name":"Social Engineering Community Village","id":45370},"android_description":"When we define Social Engineering in the context of Cyber Security, we’re often presented with a manipulative context where someone is exploiting a victim. Yet the same tactics that malicious actors use in emotional exploitation are present in news, advertising, social media, and marketing. These are multi-billion industries driving our very way of life. Can all influence systems be malicious or is there a range of ethics presented by the need to communicate potential value relationships? The tactics described by the best Social Engineers often involve soft skills traditions like active listening, building rapport, and communicating needs clearly. Social Engineering is a critical part of how we navigate relationships at work and home. Don’t you dress better and shine a bit brighter on that first date? Aren’t you trying your hardest to communicate your value to your boss? Like it or not, Social Engineering is a part of our every day lives. You can ignore it and risk becoming a victim or use it to enhance your relationships. That’s an ultimatum.","end_timestamp":{"seconds":1660348800,"nanoseconds":0},"updated_timestamp":{"seconds":1659503880,"nanoseconds":0},"speakers":[{"content_ids":[49360],"conference_id":65,"event_ids":[49488],"name":"Micah Turner","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/micahthemaker"}],"pronouns":null,"media":[],"id":48780}],"timeband_id":891,"links":[],"end":"2022-08-13T00:00:00.000-0000","id":49488,"village_id":31,"begin_timestamp":{"seconds":1660347000,"nanoseconds":0},"tag_ids":[40273,45340,45370,45453],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48780}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social A (Social Engineering Community)","hotel":"","short_name":"Social A (Social Engineering Community)","id":45418},"spans_timebands":"N","begin":"2022-08-12T23:30:00.000-0000","updated":"2022-08-03T05:18:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"TBD","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#c497fa","name":"Girls Hack Village","id":45361},"android_description":"","end_timestamp":{"seconds":1660348800,"nanoseconds":0},"updated_timestamp":{"seconds":1659465600,"nanoseconds":0},"speakers":[{"content_ids":[49301],"conference_id":65,"event_ids":[49400],"name":"Slammer Musuta","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/pumzi-code/"}],"pronouns":null,"media":[],"id":48735}],"timeband_id":891,"links":[],"end":"2022-08-13T00:00:00.000-0000","id":49400,"tag_ids":[40255,45340,45361,45451],"begin_timestamp":{"seconds":1660347000,"nanoseconds":0},"village_id":12,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48735}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City III (Girls Hack Village)","hotel":"","short_name":"Virginia City III (Girls Hack Village)","id":45400},"spans_timebands":"N","begin":"2022-08-12T23:30:00.000-0000","updated":"2022-08-02T18:40:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"A presentation about how easy hardware hacking is using a couple of over the counter medical devices to show how debug access, firmware reverse engineering, etc work in the embedded medical device pentesting world. Live demos on real products with a workshop to follow.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#a67a60","name":"Biohacking Village","id":45329},"title":"Medical Device Hacking: A hands on introduction","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"A presentation about how easy hardware hacking is using a couple of over the counter medical devices to show how debug access, firmware reverse engineering, etc work in the embedded medical device pentesting world. Live demos on real products with a workshop to follow.","updated_timestamp":{"seconds":1659747840,"nanoseconds":0},"speakers":[{"content_ids":[49016],"conference_id":65,"event_ids":[49019],"name":"Malcolm Galland","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48451},{"content_ids":[49016],"conference_id":65,"event_ids":[49019],"name":"Nathan Smith","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48833},{"content_ids":[49016],"conference_id":65,"event_ids":[49019],"name":"Caleb Davis","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48834},{"content_ids":[49016],"conference_id":65,"event_ids":[49019],"name":"Carolyn Majane","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48835},{"content_ids":[49016],"conference_id":65,"event_ids":[49019],"name":"Matthew Freilich","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48836}],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49019,"tag_ids":[40277,45329,45373,45451],"begin_timestamp":{"seconds":1660347000,"nanoseconds":0},"village_id":5,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48834},{"tag_id":565,"sort_order":1,"person_id":48835},{"tag_id":565,"sort_order":1,"person_id":48451},{"tag_id":565,"sort_order":1,"person_id":48836},{"tag_id":565,"sort_order":1,"person_id":48833}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Laughlin I,II,III (Biohacking Village)","hotel":"","short_name":"Laughlin I,II,III (Biohacking Village)","id":45405},"spans_timebands":"N","begin":"2022-08-12T23:30:00.000-0000","updated":"2022-08-06T01:04:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Do you ever worry about responsible disclosure because they could instead exploit the time-to-patch to find you and remove you from the equation? Dead man switches exist for a reason... \n In this talk we present a new form of vulnerability disclosure relying on timelock encryption of content: where you encrypt a message that cannot be decrypted until a given (future) time. This notion of timelock encryption first surfaced on the Cypherpunks mailing list in 1993 by the crypto-anarchist founder, Tim May, and to date while there have been numerous attempts to tackle it, none have been deployed at scale, nor made available to be used in any useful way.\n This changes today: we’re releasing a free, open-source tool that achieves this goal with proper security guarantees. We rely on threshold cryptography and decentralization of trust to exploit the existing League of Entropy (that is running a distributed, public, verifiable randomness beacon network) in order to do so. We will first cover what all of these means, we will then see how these building blocks allow us to deploy a responsible disclosure system that guarantees that your report will be fully disclosed after the time-to-patch has elapsed. This system works without any further input from you, unlike the usual Twitter SHA256 commitments to a file on your computer.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"title":"A dead man’s full-yet-responsible-disclosure system","end_timestamp":{"seconds":1660349700,"nanoseconds":0},"android_description":"Do you ever worry about responsible disclosure because they could instead exploit the time-to-patch to find you and remove you from the equation? Dead man switches exist for a reason... \n In this talk we present a new form of vulnerability disclosure relying on timelock encryption of content: where you encrypt a message that cannot be decrypted until a given (future) time. This notion of timelock encryption first surfaced on the Cypherpunks mailing list in 1993 by the crypto-anarchist founder, Tim May, and to date while there have been numerous attempts to tackle it, none have been deployed at scale, nor made available to be used in any useful way.\n This changes today: we’re releasing a free, open-source tool that achieves this goal with proper security guarantees. We rely on threshold cryptography and decentralization of trust to exploit the existing League of Entropy (that is running a distributed, public, verifiable randomness beacon network) in order to do so. We will first cover what all of these means, we will then see how these building blocks allow us to deploy a responsible disclosure system that guarantees that your report will be fully disclosed after the time-to-patch has elapsed. This system works without any further input from you, unlike the usual Twitter SHA256 commitments to a file on your computer.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48530],"conference_id":65,"event_ids":[48582],"name":"Yolan Romailler","affiliations":[{"organization":"","title":"Applied Cryptographer"}],"links":[],"pronouns":null,"media":[],"id":47839,"title":"Applied Cryptographer"}],"timeband_id":891,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242203"}],"end":"2022-08-13T00:15:00.000-0000","id":48582,"tag_ids":[45241,45279,45281,45375,45450],"begin_timestamp":{"seconds":1660347000,"nanoseconds":0},"village_id":null,"includes":"Tool, Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47839}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"spans_timebands":"N","updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-12T23:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"As Russia invaded Ukraine in February of this year, the Ukrainian government sent requests to ICANN and RIPE to have Russia removed from the Internet. Those requests were refused, but engendered a lively debate on the role of Internet operators and the Internet governance system in sanctioning bad actors, on the Internet and in the world. This talk will introduce how governmental and intergovernmental sanctions are defined and enacted, and discuss the Internet community’s reaction to past attempts to engage the Internet in sanctions enforcement, the current conflict, and what the Internet community is doing in this area to prepare for future conflicts.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"title":"The Internet’s role in sanctions enforcement: Russia/Ukraine and the future","end_timestamp":{"seconds":1660349700,"nanoseconds":0},"android_description":"As Russia invaded Ukraine in February of this year, the Ukrainian government sent requests to ICANN and RIPE to have Russia removed from the Internet. Those requests were refused, but engendered a lively debate on the role of Internet operators and the Internet governance system in sanctioning bad actors, on the Internet and in the world. This talk will introduce how governmental and intergovernmental sanctions are defined and enacted, and discuss the Internet community’s reaction to past attempts to engage the Internet in sanctions enforcement, the current conflict, and what the Internet community is doing in this area to prepare for future conflicts.","updated_timestamp":{"seconds":1659884160,"nanoseconds":0},"speakers":[{"content_ids":[48529],"conference_id":65,"event_ids":[48543],"name":"Bill Woodcock","affiliations":[{"organization":"Packet Clearing House","title":"Executive Director"}],"links":[],"pronouns":null,"media":[],"id":48909,"title":"Executive Director at Packet Clearing House"}],"timeband_id":891,"links":[],"end":"2022-08-13T00:15:00.000-0000","id":48543,"tag_ids":[45241,45375,45450],"begin_timestamp":{"seconds":1660347000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48909}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 106-110, 138-139 (Track 2)","hotel":"","short_name":"106-110, 138-139 (Track 2)","id":45373},"updated":"2022-08-07T14:56:00.000-0000","begin":"2022-08-12T23:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"URLScan has been frequently used by anti-phishing techniques to identify potentially malicious websites. However, a misconfigured scan could sometimes expose internal assets, domains, and sensitive information to the public. GitHub had a similar event in 2021 where internal repository names got exposed due to a misconfigured scan set.\r\n\r\nThe talk will cover various technologies and their internal usage at sample companies. Once the technologies are covered the talk will explore how these technologies can be queried in URLScan to identify sensitive information disclosed by companies.\r\n\r\nThe talk will start by explaining and highlighting SaaS technologies that oftentime leak sensitive information of a company. In addition to the technologies, the talk will proceed to explain how to use extracted information for privilege escalation or access to internal resources. The technologies covered will include at minimum: Microsoft Office 365, GSuite, Salesforce, GitHub and SAML providers.\r\n\r\nOnce the technologies are covered, the talk will cover how URLScan can help identify these resources en masse. This specific section of the talk will go over various search queries and regex searches that can be used to reliably retrieve information from these technologies. Once the basic queries are covered, the talk will then explore specific queries that can be combined to reliably pull information for a given company.\r\n\r\nThe end of the talk will also show sample examples with real companies who I have found to have disclosed sensitive information.\r\n\r\nAt the end of the talk, attendees will be able to walk out with exact queries they can run to find if their company or their target is disclosing sensitive information. In addition, they will also be able to use some disclosed information to further escalate their access internally.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#bab7d9","name":"Recon Village","id":45384},"title":"Scanning your way into internal systems via URLScan","android_description":"URLScan has been frequently used by anti-phishing techniques to identify potentially malicious websites. However, a misconfigured scan could sometimes expose internal assets, domains, and sensitive information to the public. GitHub had a similar event in 2021 where internal repository names got exposed due to a misconfigured scan set.\r\n\r\nThe talk will cover various technologies and their internal usage at sample companies. Once the technologies are covered the talk will explore how these technologies can be queried in URLScan to identify sensitive information disclosed by companies.\r\n\r\nThe talk will start by explaining and highlighting SaaS technologies that oftentime leak sensitive information of a company. In addition to the technologies, the talk will proceed to explain how to use extracted information for privilege escalation or access to internal resources. The technologies covered will include at minimum: Microsoft Office 365, GSuite, Salesforce, GitHub and SAML providers.\r\n\r\nOnce the technologies are covered, the talk will cover how URLScan can help identify these resources en masse. This specific section of the talk will go over various search queries and regex searches that can be used to reliably retrieve information from these technologies. Once the basic queries are covered, the talk will then explore specific queries that can be combined to reliably pull information for a given company.\r\n\r\nThe end of the talk will also show sample examples with real companies who I have found to have disclosed sensitive information.\r\n\r\nAt the end of the talk, attendees will be able to walk out with exact queries they can run to find if their company or their target is disclosing sensitive information. In addition, they will also be able to use some disclosed information to further escalate their access internally.","end_timestamp":{"seconds":1660349400,"nanoseconds":0},"updated_timestamp":{"seconds":1659974940,"nanoseconds":0},"speakers":[{"content_ids":[49723],"conference_id":65,"event_ids":[49913],"name":"Rojan Rijal","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/uraniumhacker"}],"media":[],"id":49067}],"timeband_id":891,"links":[],"end":"2022-08-13T00:10:00.000-0000","id":49913,"village_id":26,"tag_ids":[40268,45340,45373,45384,45453],"begin_timestamp":{"seconds":1660346700,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49067}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social B and C (Recon Village)","hotel":"","short_name":"Social B and C (Recon Village)","id":45415},"spans_timebands":"N","updated":"2022-08-08T16:09:00.000-0000","begin":"2022-08-12T23:25:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"\"We know that the human element is always the weakest in cybersecurity, and that usually the blame falls on poorly trained users. But in this talk I will go through some findings regarding an even more dangerous kind of human, the Lazy IT guy.\r\n\r\nI will talk about findings regarding physical access, password reuse, using business devices for personal use, bad cable management, incident response and how we fixed that.\"\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#74a6bb","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Groups VR","id":45449},"title":"Pwning Lazy Admins","android_description":"\"We know that the human element is always the weakest in cybersecurity, and that usually the blame falls on poorly trained users. But in this talk I will go through some findings regarding an even more dangerous kind of human, the Lazy IT guy.\r\n\r\nI will talk about findings regarding physical access, password reuse, using business devices for personal use, bad cable management, incident response and how we fixed that.\"","end_timestamp":{"seconds":1660348800,"nanoseconds":0},"updated_timestamp":{"seconds":1660257180,"nanoseconds":0},"speakers":[{"content_ids":[49752],"conference_id":65,"event_ids":[49950],"name":"Jabbles","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Jb198813"}],"media":[],"id":49090}],"timeband_id":891,"end":"2022-08-13T00:00:00.000-0000","links":[{"label":"URL","type":"link","url":"https://account.altvr.com/events/2059997537997160822"}],"id":49950,"begin_timestamp":{"seconds":1660345200,"nanoseconds":0},"tag_ids":[45374,45449],"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49090}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - DEF CON Groups VR","hotel":"","short_name":"DEF CON Groups VR","id":45523},"spans_timebands":"N","begin":"2022-08-12T23:00:00.000-0000","updated":"2022-08-11T22:33:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The main objective of the presentation is to share the results of the research work with on-stage demonstrations, to bring the practical vision to everything presented in recent years on the security of 5G mobile networks. These attacks have been grouped into three areas; traditional denial of service attacks (Downgrade attacks), attacks on legacy protocols in the core of the network (SCTP Hijacker) and finally attacks on the new SUCI identity (SUCI Cracker).\n\n\n","title":"A Telco Odyssey. 5G SUCI-Cracker & SCTP-Hijacker","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8826b","updated_at":"2024-06-07T03:39+0000","name":"Radio Frequency Village","id":45383},"android_description":"The main objective of the presentation is to share the results of the research work with on-stage demonstrations, to bring the practical vision to everything presented in recent years on the security of 5G mobile networks. These attacks have been grouped into three areas; traditional denial of service attacks (Downgrade attacks), attacks on legacy protocols in the core of the network (SCTP Hijacker) and finally attacks on the new SUCI identity (SUCI Cracker).","end_timestamp":{"seconds":1660348800,"nanoseconds":0},"updated_timestamp":{"seconds":1659928560,"nanoseconds":0},"speakers":[{"content_ids":[49663],"conference_id":65,"event_ids":[49851],"name":"Miguel Gallego Vara","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49030},{"content_ids":[49663],"conference_id":65,"event_ids":[49851],"name":"Pedro Cabrera","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/PcabreraCamara"}],"media":[],"id":49032}],"timeband_id":891,"links":[],"end":"2022-08-13T00:00:00.000-0000","id":49851,"begin_timestamp":{"seconds":1660345200,"nanoseconds":0},"village_id":25,"tag_ids":[40267,45340,45373,45383,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49030},{"tag_id":565,"sort_order":1,"person_id":49032}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Eldorado Ballroom (Radio Frequency Village)","hotel":"","short_name":"Eldorado Ballroom (Radio Frequency Village)","id":45427},"updated":"2022-08-08T03:16:00.000-0000","begin":"2022-08-12T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Local laws around voting vary widely. Building secure authorization that implements all of them is challenging. Future voting systems built on tested open source components will reduce the attack surface and improve trust in the system. In this session, we will first examine various authorization challenges that arise in voting contexts. As a possible solution, we will discuss the usage of a highly flexible open source authorization system based on Ory’s open source efforts to implement Google Zanzibar, and how an implementation within a voting system would work.\n\n\n","title":"Open Source Zero Trust Security using Ory Keto","type":{"conference_id":65,"conference":"DEFCON30","color":"#9d9a7e","updated_at":"2024-06-07T03:39+0000","name":"Voting Village","id":45387},"end_timestamp":{"seconds":1660347000,"nanoseconds":0},"android_description":"Local laws around voting vary widely. Building secure authorization that implements all of them is challenging. Future voting systems built on tested open source components will reduce the attack surface and improve trust in the system. In this session, we will first examine various authorization challenges that arise in voting contexts. As a possible solution, we will discuss the usage of a highly flexible open source authorization system based on Ory’s open source efforts to implement Google Zanzibar, and how an implementation within a voting system would work.","updated_timestamp":{"seconds":1659912660,"nanoseconds":0},"speakers":[{"content_ids":[49600],"conference_id":65,"event_ids":[49814],"name":"Patrik Neu","affiliations":[{"organization":"Ory Systems GmbH","title":""}],"pronouns":null,"links":[{"description":"","title":"Website","sort_order":0,"url":"https://github.com/zepatrik"}],"media":[],"id":48949,"title":"Ory Systems GmbH"}],"timeband_id":891,"links":[{"label":"Twitch","type":"link","url":"https://www.twitch.tv/votingvillagedc"},{"label":"YouTube","type":"link","url":"https://m.youtube.com/channel/UCnDevqsxt3sO8chqS5MGvwg"}],"end":"2022-08-12T23:30:00.000-0000","id":49814,"tag_ids":[40279,45340,45348,45374,45387,45450],"begin_timestamp":{"seconds":1660345200,"nanoseconds":0},"village_id":34,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48949}],"tags":"Talk, Pre-Recorded Content","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 313-314, 320 (Voting Village)","hotel":"","short_name":"313-314, 320 (Voting Village)","id":45416},"begin":"2022-08-12T23:00:00.000-0000","updated":"2022-08-07T22:51:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ada5dd","name":"Red Team Village","id":45385},"title":"OSINT Skills Lab Challenge","android_description":"","end_timestamp":{"seconds":1660348800,"nanoseconds":0},"updated_timestamp":{"seconds":1659679080,"nanoseconds":0},"speakers":[{"content_ids":[49440],"conference_id":65,"event_ids":[49635,49636,49637,49638,49639,49640,49641,49642,49643],"name":"Lee McWhorter","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/lee-mcwhorter/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/tleemcjr"}],"media":[],"id":48518},{"content_ids":[49440],"conference_id":65,"event_ids":[49635,49636,49637,49638,49639,49640,49641,49642,49643],"name":"Sandra Stibbards","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/camelotinvestigations/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/camelotinv"}],"media":[],"id":48531}],"timeband_id":891,"links":[],"end":"2022-08-13T00:00:00.000-0000","id":49638,"begin_timestamp":{"seconds":1660345200,"nanoseconds":0},"tag_ids":[40269,45332,45373,45385,45451],"village_id":27,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48518},{"tag_id":565,"sort_order":1,"person_id":48531}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"spans_timebands":"N","updated":"2022-08-05T05:58:00.000-0000","begin":"2022-08-12T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Hacking WebApps with WebSploit Labs","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"end_timestamp":{"seconds":1660348800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659678780,"nanoseconds":0},"speakers":[{"content_ids":[49042,49430,49436,48895],"conference_id":65,"event_ids":[48894,49045,49594,49620,49621,49622,49623,49624,49625,49626],"name":"Omar Santos","affiliations":[{"organization":"Cisco PSIRT","title":"Principal Engineer"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/santosomar"}],"media":[],"id":48470,"title":"Principal Engineer at Cisco PSIRT"}],"timeband_id":891,"links":[],"end":"2022-08-13T00:00:00.000-0000","id":49621,"begin_timestamp":{"seconds":1660345200,"nanoseconds":0},"village_id":27,"tag_ids":[40269,45332,45373,45385,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48470}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"begin":"2022-08-12T23:00:00.000-0000","updated":"2022-08-05T05:53:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Hacking APIs: How to break the chains of the web ","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ada5dd","name":"Red Team Village","id":45385},"android_description":"","end_timestamp":{"seconds":1660348800,"nanoseconds":0},"updated_timestamp":{"seconds":1659678720,"nanoseconds":0},"speakers":[{"content_ids":[49435],"conference_id":65,"event_ids":[49617,49618,49619],"name":"Corey Ball","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/hAPI_hacker"}],"pronouns":null,"media":[],"id":48819}],"timeband_id":891,"links":[],"end":"2022-08-13T00:00:00.000-0000","id":49617,"village_id":27,"tag_ids":[40269,45332,45373,45385,45451],"begin_timestamp":{"seconds":1660345200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48819}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"updated":"2022-08-05T05:52:00.000-0000","begin":"2022-08-12T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"title":"HackerOps","android_description":"","end_timestamp":{"seconds":1660348800,"nanoseconds":0},"updated_timestamp":{"seconds":1659678600,"nanoseconds":0},"speakers":[{"content_ids":[49434],"conference_id":65,"event_ids":[49606,49607,49608,49609,49610,49611,49612,49613,49614,49615,49616],"name":"Ralph May","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48825}],"timeband_id":891,"links":[],"end":"2022-08-13T00:00:00.000-0000","id":49609,"village_id":27,"begin_timestamp":{"seconds":1660345200,"nanoseconds":0},"tag_ids":[40269,45332,45373,45385,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48825}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"spans_timebands":"N","begin":"2022-08-12T23:00:00.000-0000","updated":"2022-08-05T05:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Critical Infrastructure Resilience Institute (CIRI) in the Grainger College of Engineering at the University of Illinois Urbana-Champaign was awarded a contract from the DHS Cybersecurity and Infrastructure Security Agency (CISA) to lead the development of a comprehensive plan for developing and managing a nationwide cybersecurity education and training network to address our nation’s chronic and urgent cybersecurity workforce shortage, with particular emphasis on developing and delivering curricula focused on incident response and industrial control systems. This presentation will discuss the research findings, the network, example ICS curriculum, and how interested stakeholders can engage with the project partners.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#81f8bf","updated_at":"2024-06-07T03:39+0000","name":"ICS Village","id":45369},"title":"Research and Deliverables on Utilizing an Academic Hub and Spoke Model to Create a National Network of ICS Institutes","end_timestamp":{"seconds":1660348800,"nanoseconds":0},"android_description":"The Critical Infrastructure Resilience Institute (CIRI) in the Grainger College of Engineering at the University of Illinois Urbana-Champaign was awarded a contract from the DHS Cybersecurity and Infrastructure Security Agency (CISA) to lead the development of a comprehensive plan for developing and managing a nationwide cybersecurity education and training network to address our nation’s chronic and urgent cybersecurity workforce shortage, with particular emphasis on developing and delivering curricula focused on incident response and industrial control systems. This presentation will discuss the research findings, the network, example ICS curriculum, and how interested stakeholders can engage with the project partners.","updated_timestamp":{"seconds":1659473160,"nanoseconds":0},"speakers":[{"content_ids":[49340],"conference_id":65,"event_ids":[49440],"name":"Casey O'Brien","affiliations":[{"organization":"Information Trust Institute, University of Illinois Urbana-Champaign","title":"Assistant Director, Cyber Defense Education and Training"}],"links":[],"pronouns":null,"media":[],"id":48749,"title":"Assistant Director, Cyber Defense Education and Training at Information Trust Institute, University of Illinois Urbana-Champaign"}],"timeband_id":891,"links":[],"end":"2022-08-13T00:00:00.000-0000","id":49440,"tag_ids":[40258,45340,45369,45375,45450],"begin_timestamp":{"seconds":1660345200,"nanoseconds":0},"village_id":15,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48749}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village)","hotel":"","short_name":"314 - 319 (ICS Village)","id":45430},"spans_timebands":"N","updated":"2022-08-02T20:46:00.000-0000","begin":"2022-08-12T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#856899","updated_at":"2024-06-07T03:39+0000","name":"Lock Pick Village","id":45362},"title":"Intro to Lockpicking","android_description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.","end_timestamp":{"seconds":1660347000,"nanoseconds":0},"updated_timestamp":{"seconds":1659419820,"nanoseconds":0},"speakers":[{"content_ids":[49271],"conference_id":65,"event_ids":[49344,49345,49346,49347,49348,49349,49350,49351],"name":"TOOOL","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48697}],"timeband_id":891,"links":[],"end":"2022-08-12T23:30:00.000-0000","id":49346,"village_id":17,"begin_timestamp":{"seconds":1660345200,"nanoseconds":0},"tag_ids":[40259,45340,45362,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48697}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 203-204, 235 (Lock Pick Village)","hotel":"","short_name":"203-204, 235 (Lock Pick Village)","id":45399},"spans_timebands":"N","begin":"2022-08-12T23:00:00.000-0000","updated":"2022-08-02T05:57:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"\"Hacking EFBs: What’s an EFB and how does hacking one affect flight safety? We’ll cover tampering with perf, W&B and detail numerous real incidents that have stemmed from EFB misuse or miskeying. So far we’ve found exploitable vulns in 6 different EFB app suites, covering nearly every major operator in the world. Separately, the flight sim will be set up to demonstrate a tailstrike and/or runway excursion as a result of tampered perf on our own EFB” Vulnerability disclosure in aviation: the good, the bad and the unsafe: \r\n\r\n“We’ve been researching aviation security for the past 5 years. Along the way we have responsibility disclosed numerous vulnerabilities. Our experience with various aviation businesses has ranged from excellent to appalling. Many of the issues stem from cultural issues at these businesses, failing to bust safety silos in engineering. What can anyone in aviation learn from our experience? How can one build a successful vulnerability disclosure program that boosts safety?” \r\n\r\nGetting started in aviation & avionics security research \r\n\r\n“Independent research in aviation has one big barrier to entry: airplanes cost $millions! How does a researcher or research group break in past this barrier? We’ll talk about ways we have successfully (and legally!) carried out vanilla security research in airplanes. What will you find on board and how do the various systems work?”\"\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#f5eab2","name":"Aerospace Village","id":45357},"title":"Pen Test Partner Power Hour","end_timestamp":{"seconds":1660348200,"nanoseconds":0},"android_description":"\"Hacking EFBs: What’s an EFB and how does hacking one affect flight safety? We’ll cover tampering with perf, W&B and detail numerous real incidents that have stemmed from EFB misuse or miskeying. So far we’ve found exploitable vulns in 6 different EFB app suites, covering nearly every major operator in the world. Separately, the flight sim will be set up to demonstrate a tailstrike and/or runway excursion as a result of tampered perf on our own EFB” Vulnerability disclosure in aviation: the good, the bad and the unsafe: \r\n\r\n“We’ve been researching aviation security for the past 5 years. Along the way we have responsibility disclosed numerous vulnerabilities. Our experience with various aviation businesses has ranged from excellent to appalling. Many of the issues stem from cultural issues at these businesses, failing to bust safety silos in engineering. What can anyone in aviation learn from our experience? How can one build a successful vulnerability disclosure program that boosts safety?” \r\n\r\nGetting started in aviation & avionics security research \r\n\r\n“Independent research in aviation has one big barrier to entry: airplanes cost $millions! How does a researcher or research group break in past this barrier? We’ll talk about ways we have successfully (and legally!) carried out vanilla security research in airplanes. What will you find on board and how do the various systems work?”\"","updated_timestamp":{"seconds":1659379560,"nanoseconds":0},"speakers":[{"content_ids":[48885,49231],"conference_id":65,"event_ids":[48886,49274],"name":"Ken Munro","affiliations":[{"organization":"","title":"Pentest Partners"}],"links":[],"pronouns":null,"media":[],"id":48306,"title":"Pentest Partners"},{"content_ids":[49231],"conference_id":65,"event_ids":[49274],"name":"Alex Lomas","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48672}],"timeband_id":891,"links":[],"end":"2022-08-12T23:50:00.000-0000","id":49274,"tag_ids":[40247,45340,45357,45450],"village_id":2,"begin_timestamp":{"seconds":1660345200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48672},{"tag_id":565,"sort_order":1,"person_id":48306}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","updated":"2022-08-01T18:46:00.000-0000","begin":"2022-08-12T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#8dc784","updated_at":"2024-06-07T03:39+0000","name":"BIC Village","id":45353},"title":"The Last Log4Shell Talk You Need","end_timestamp":{"seconds":1660348800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659305220,"nanoseconds":0},"speakers":[{"content_ids":[49199],"conference_id":65,"event_ids":[49240],"name":"Ochuan Marshall","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48661}],"timeband_id":891,"links":[],"end":"2022-08-13T00:00:00.000-0000","id":49240,"tag_ids":[40249,45348,45353,45374],"village_id":6,"begin_timestamp":{"seconds":1660345200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48661}],"tags":"Pre-Recorded Content","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - BIC Village","hotel":"","short_name":"BIC Village","id":45488},"begin":"2022-08-12T23:00:00.000-0000","updated":"2022-07-31T22:07:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"When consumers’ data is pwned, what are the legal and regulatory tools available? Consumer harms result not only from explicit privacy violations, but also from inadequate data security. We will walk through several relevant laws and regulations, as well as past cases where firms were held accountable. We will also examine past remedies that tackled the harms and attempted to prevent them going forward.\n\n\n","title":"Once More Unto the Breach: Federal Regulators' Response to Privacy Breaches and Consumer Harms","type":{"conference_id":65,"conference":"DEFCON30","color":"#ff88ea","updated_at":"2024-06-07T03:39+0000","name":"Crypto & Privacy Village","id":45347},"end_timestamp":{"seconds":1660347900,"nanoseconds":0},"android_description":"When consumers’ data is pwned, what are the legal and regulatory tools available? Consumer harms result not only from explicit privacy violations, but also from inadequate data security. We will walk through several relevant laws and regulations, as well as past cases where firms were held accountable. We will also examine past remedies that tackled the harms and attempted to prevent them going forward.","updated_timestamp":{"seconds":1659213660,"nanoseconds":0},"speakers":[{"content_ids":[49147],"conference_id":65,"event_ids":[49183],"name":"Alexis Goldstein","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48588},{"content_ids":[49147],"conference_id":65,"event_ids":[49183],"name":"Erie Meyer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48595}],"timeband_id":891,"links":[],"end":"2022-08-12T23:45:00.000-0000","id":49183,"begin_timestamp":{"seconds":1660345200,"nanoseconds":0},"tag_ids":[40253,45347,45451],"village_id":10,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48588},{"tag_id":565,"sort_order":1,"person_id":48595}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"spans_timebands":"N","updated":"2022-07-30T20:41:00.000-0000","begin":"2022-08-12T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In 2022 Russia invaded Ukraine. The manner in which this happened and the tactics used on all sides to frame this invasion cut deep to how we perceive media and information across the worldwide. This information confrontation is something the west is ill prepared to combat whereas this has been the operation for Russia for a long time. This however is also a background for the confrontation taking place in the networks across Europe and likely the East of the world. We are seeing joined up operations of Kinetic, Information, and Cyber warfare being conducted from all levels of the military. No longer can we ignore the power of joint operations and multi domain warfare. The focus of this talk will be information gathering and extrapolation\n\n\n","title":"Information Confrontation 2022 - A loud war and a quiet enemy","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d5f67c","name":"Misinformation Village","id":45335},"android_description":"In 2022 Russia invaded Ukraine. The manner in which this happened and the tactics used on all sides to frame this invasion cut deep to how we perceive media and information across the worldwide. This information confrontation is something the west is ill prepared to combat whereas this has been the operation for Russia for a long time. This however is also a background for the confrontation taking place in the networks across Europe and likely the East of the world. We are seeing joined up operations of Kinetic, Information, and Cyber warfare being conducted from all levels of the military. No longer can we ignore the power of joint operations and multi domain warfare. The focus of this talk will be information gathering and extrapolation","end_timestamp":{"seconds":1660348800,"nanoseconds":0},"updated_timestamp":{"seconds":1660334040,"nanoseconds":0},"speakers":[{"content_ids":[49064,49717],"conference_id":65,"event_ids":[49067,49907],"name":"Luke Richards (Wbbigdave)","affiliations":[{"organization":"Independent ","title":""}],"links":[],"pronouns":null,"media":[],"id":48486,"title":"Independent"}],"timeband_id":891,"links":[],"end":"2022-08-13T00:00:00.000-0000","id":49067,"village_id":18,"tag_ids":[40260,45331,45335,45450],"begin_timestamp":{"seconds":1660345200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48486}],"tags":"Lightning Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (Misinformation Village)","hotel":"","short_name":"220->236 (Misinformation Village)","id":45402},"updated":"2022-08-12T19:54:00.000-0000","begin":"2022-08-12T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Social media is big business for ad companies. That's why some of the social media grids give marketers the ability to zero in on their precise market. Those that peddle disinformation have become masters at using these tools. Breitbart pioneered this around 2010, and people like Steve Bannon have perfected their use of social media to \"flood the zone\" with information. This session will share that history, and give a few concrete suggestions on how to identify when you're being targeted with misinformation.\n\n\n","title":"History of the weaponization of social media","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d5f67c","name":"Misinformation Village","id":45335},"end_timestamp":{"seconds":1660348800,"nanoseconds":0},"android_description":"Social media is big business for ad companies. That's why some of the social media grids give marketers the ability to zero in on their precise market. Those that peddle disinformation have become masters at using these tools. Breitbart pioneered this around 2010, and people like Steve Bannon have perfected their use of social media to \"flood the zone\" with information. This session will share that history, and give a few concrete suggestions on how to identify when you're being targeted with misinformation.","updated_timestamp":{"seconds":1660334040,"nanoseconds":0},"speakers":[{"content_ids":[49063],"conference_id":65,"event_ids":[49066],"name":"Gina Rosenthal ","affiliations":[{"organization":"","title":"Independent "}],"links":[],"pronouns":null,"media":[],"id":48481,"title":"Independent"}],"timeband_id":891,"links":[],"end":"2022-08-13T00:00:00.000-0000","id":49066,"tag_ids":[40260,45331,45335,45450],"begin_timestamp":{"seconds":1660345200,"nanoseconds":0},"village_id":18,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48481}],"tags":"Lightning Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (Misinformation Village)","hotel":"","short_name":"220->236 (Misinformation Village)","id":45402},"updated":"2022-08-12T19:54:00.000-0000","begin":"2022-08-12T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Russian disinformation or 'active measures' or 'political warfare', since 2007 has always contained an element of cyber attacks. However, in the west, we have been slow to understand that reality. In light of the most recent invasion of the Ukraine, we are becoming more aware of the nexus between information operations and cyber operations. This talk will discuss the history and nexus of Russian cyber operations and information operations conducted by Russia since 2007.\n\n\n","title":"History of Russian Cyber & Information Warfare (2007-Present)","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d5f67c","name":"Misinformation Village","id":45335},"end_timestamp":{"seconds":1660348800,"nanoseconds":0},"android_description":"Russian disinformation or 'active measures' or 'political warfare', since 2007 has always contained an element of cyber attacks. However, in the west, we have been slow to understand that reality. In light of the most recent invasion of the Ukraine, we are becoming more aware of the nexus between information operations and cyber operations. This talk will discuss the history and nexus of Russian cyber operations and information operations conducted by Russia since 2007.","updated_timestamp":{"seconds":1660334040,"nanoseconds":0},"speakers":[{"content_ids":[49062],"conference_id":65,"event_ids":[49065],"name":"Ryan Westman ","affiliations":[{"organization":"E-Sentire","title":""}],"links":[],"pronouns":null,"media":[],"id":48491,"title":"E-Sentire"}],"timeband_id":891,"links":[],"end":"2022-08-13T00:00:00.000-0000","id":49065,"tag_ids":[40260,45331,45335,45450],"village_id":18,"begin_timestamp":{"seconds":1660345200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48491}],"tags":"Lightning Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (Misinformation Village)","hotel":"","short_name":"220->236 (Misinformation Village)","id":45402},"begin":"2022-08-12T23:00:00.000-0000","updated":"2022-08-12T19:54:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Link shorteners are one of the many tools used to spread spam, scams, and general misinformation. While performing a security audit on a popular link shortener, we discovered a way to redirect links that were banned for terms of service violations (or otherwise normally 404'd.) This gave us a rare chance to take a look behind the curtain and allowed us to gather lots of really interesting metrics about how and where these link shorteners are abused, to the tune of over 40,000 pageviews a day. The talk ends with us having a little fun with our newly found traffic firehose and using it as a chance to teach would-be victims about the dangers of scams and misinformation on the internet at scale!\n\n\n","title":"Tracking Scams and Disinformation by Hacking Link Shorteners","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d5f67c","name":"Misinformation Village","id":45335},"end_timestamp":{"seconds":1660348800,"nanoseconds":0},"android_description":"Link shorteners are one of the many tools used to spread spam, scams, and general misinformation. While performing a security audit on a popular link shortener, we discovered a way to redirect links that were banned for terms of service violations (or otherwise normally 404'd.) This gave us a rare chance to take a look behind the curtain and allowed us to gather lots of really interesting metrics about how and where these link shorteners are abused, to the tune of over 40,000 pageviews a day. The talk ends with us having a little fun with our newly found traffic firehose and using it as a chance to teach would-be victims about the dangers of scams and misinformation on the internet at scale!","updated_timestamp":{"seconds":1660333980,"nanoseconds":0},"speakers":[{"content_ids":[49061,49731],"conference_id":65,"event_ids":[49064,49921],"name":"Justin Rhinehart","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48485},{"content_ids":[49061],"conference_id":65,"event_ids":[49064],"name":"Sam Curry","affiliations":[{"organization":"Pillsade Consulting","title":""}],"links":[],"pronouns":null,"media":[],"id":48492,"title":"Pillsade Consulting"}],"timeband_id":891,"links":[],"end":"2022-08-13T00:00:00.000-0000","id":49064,"village_id":18,"tag_ids":[40260,45331,45335,45450],"begin_timestamp":{"seconds":1660345200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48485},{"tag_id":565,"sort_order":1,"person_id":48492}],"tags":"Lightning Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (Misinformation Village)","hotel":"","short_name":"220->236 (Misinformation Village)","id":45402},"spans_timebands":"N","updated":"2022-08-12T19:53:00.000-0000","begin":"2022-08-12T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"AI and ML is already being used to identify job candidates, screen resumes, assess worker productivity and even help tag candidates for firing. Can the interview chatbot AI really be fairer than a human being, and does the way you answer the personality test or your score on the video game assessment really reflect your ability to do the job? Of course, federal, state and local government regulators are concerned, and there are multiple (and potentially conflicting) regulatory efforts underway.\r\n\r\nThis conversation, featuring perspectives from a government regulator, civil-rights advocates, and a hacker who’s told a client that their AI is breaking the law, will highlight some of the existing and pending efforts to regulate AI-powered employment tools, and will focus on regulatory, technical and societal solutions to this very-real problem.\n\n\n","title":"Panel: AI and Hiring Tech","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#7692ac","name":"AI Village","id":45330},"android_description":"AI and ML is already being used to identify job candidates, screen resumes, assess worker productivity and even help tag candidates for firing. Can the interview chatbot AI really be fairer than a human being, and does the way you answer the personality test or your score on the video game assessment really reflect your ability to do the job? Of course, federal, state and local government regulators are concerned, and there are multiple (and potentially conflicting) regulatory efforts underway.\r\n\r\nThis conversation, featuring perspectives from a government regulator, civil-rights advocates, and a hacker who’s told a client that their AI is breaking the law, will highlight some of the existing and pending efforts to regulate AI-powered employment tools, and will focus on regulatory, technical and societal solutions to this very-real problem.","end_timestamp":{"seconds":1660348200,"nanoseconds":0},"updated_timestamp":{"seconds":1660318320,"nanoseconds":0},"speakers":[{"content_ids":[49037],"conference_id":65,"event_ids":[49040],"name":"Rachel See","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48471}],"timeband_id":891,"links":[],"end":"2022-08-12T23:50:00.000-0000","id":49040,"tag_ids":[40248,45330,45450],"village_id":3,"begin_timestamp":{"seconds":1660345200,"nanoseconds":0},"includes":"","people":[{"tag_id":45289,"sort_order":1,"person_id":48471}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (AI Village)","hotel":"","short_name":"220->236 (AI Village)","id":45410},"begin":"2022-08-12T23:00:00.000-0000","updated":"2022-08-12T15:32:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Why dwell in the lobby of the Security field when you could be enjoying the view from the penthouse? Get insight from our esteemed panel on how to stay up to date on hacker news, increase your technical skills, and be aware of opportunities for professional development. Our panel will also discuss the importance of sending that elevator back down to help others so that our entire industry can grow and thrive, just like you will. Open up your ears and your mind and enjoy the gems that will be dropped.\n\n\nWhy dwell in the lobby of the Security field when you could be enjoying the view from the penthouse? Get insight from our esteemed panel on how to stay up to date on hacker news, increase your technical skills, and be aware of opportunities for professional development. Our panel will also discuss the importance of sending that elevator back down to help others so that our entire industry can grow and thrive, just like you will. Open up your ears and your mind and enjoy the gems that will be dropped.","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#97ab92","name":"Blue Team Village","id":45376},"title":"Take Your Security Skills From Good to Better to Best!","end_timestamp":{"seconds":1660348800,"nanoseconds":0},"android_description":"Why dwell in the lobby of the Security field when you could be enjoying the view from the penthouse? Get insight from our esteemed panel on how to stay up to date on hacker news, increase your technical skills, and be aware of opportunities for professional development. Our panel will also discuss the importance of sending that elevator back down to help others so that our entire industry can grow and thrive, just like you will. Open up your ears and your mind and enjoy the gems that will be dropped.\n\n\nWhy dwell in the lobby of the Security field when you could be enjoying the view from the penthouse? Get insight from our esteemed panel on how to stay up to date on hacker news, increase your technical skills, and be aware of opportunities for professional development. Our panel will also discuss the importance of sending that elevator back down to help others so that our entire industry can grow and thrive, just like you will. Open up your ears and your mind and enjoy the gems that will be dropped.","updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48939],"conference_id":65,"event_ids":[48939],"name":"Neumann Lim (scsideath)","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48345},{"content_ids":[48939],"conference_id":65,"event_ids":[48939],"name":"Kimberly Mentzell","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48353},{"content_ids":[48939,49305],"conference_id":65,"event_ids":[48939,49404],"name":"Tanisha O'Donoghue","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/tanisha-o-donoghue/"}],"pronouns":null,"media":[],"id":48363},{"content_ids":[48939],"conference_id":65,"event_ids":[48939],"name":"Ricky Banda","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48372},{"content_ids":[48939,49309,49312,49719],"conference_id":65,"event_ids":[48939,49409,49412,49909],"name":"Tracy Z. Maleeff","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Blog","sort_order":0,"url":"https://infosecsherpa.medium.com"},{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/tzmaleeff/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/InfoSecSherpa"}],"media":[],"id":48381}],"timeband_id":891,"links":[],"end":"2022-08-13T00:00:00.000-0000","id":48939,"village_id":7,"begin_timestamp":{"seconds":1660345200,"nanoseconds":0},"tag_ids":[40250,45367,45373,45376,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48353},{"tag_id":565,"sort_order":1,"person_id":48345},{"tag_id":565,"sort_order":1,"person_id":48372},{"tag_id":565,"sort_order":1,"person_id":48363},{"tag_id":565,"sort_order":1,"person_id":48381}],"tags":"Panel","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Main Stage (In-person)","hotel":"","short_name":"BTV Main Stage (In-person)","id":45470},"spans_timebands":"N","updated":"2022-07-28T21:38:00.000-0000","begin":"2022-08-12T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Cybercriminals are no longer focusing all their efforts on the biggest fish, which means organizations below the security poverty line - who often struggle with achieving adequate cyber resilience - are increasingly being hit. At the same time, we've seen an increase in supply chain attacks, which makes sense as more and more of the tech ecosystem is moving to cloud or managed service provider models. Various governments are paying attention to these shifts and are considering how regulating digital service providers may advance security more broadly, while also alleviating the burden on small to medium businesses. This session will be led by one or two governments working on this issue and will include an open discussion on the challenges and opportunities of this approach.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#ab59db","updated_at":"2024-06-07T03:39+0000","name":"Policy@DEF CON Content","id":45311},"title":"Moving Regulation Upstream - An Increasing focus on the Role of Digital Service Providers","android_description":"Cybercriminals are no longer focusing all their efforts on the biggest fish, which means organizations below the security poverty line - who often struggle with achieving adequate cyber resilience - are increasingly being hit. At the same time, we've seen an increase in supply chain attacks, which makes sense as more and more of the tech ecosystem is moving to cloud or managed service provider models. Various governments are paying attention to these shifts and are considering how regulating digital service providers may advance security more broadly, while also alleviating the burden on small to medium businesses. This session will be led by one or two governments working on this issue and will include an open discussion on the challenges and opportunities of this approach.","end_timestamp":{"seconds":1660351500,"nanoseconds":0},"updated_timestamp":{"seconds":1658982480,"nanoseconds":0},"speakers":[{"content_ids":[48876,48889],"conference_id":65,"event_ids":[48887,48896],"name":"Jen Ellis","affiliations":[{"organization":"Rapid7","title":"Vice President of Community and Public Affairs"}],"links":[],"pronouns":null,"media":[],"id":48289,"title":"Vice President of Community and Public Affairs at Rapid7"},{"content_ids":[48889,48876],"conference_id":65,"event_ids":[48887,48896],"name":"Irfan Hemani","affiliations":[{"organization":"","title":"Deputy Director - Cyber Security, Cyber Security and Digital Identity Directorate, UK Department for Digital, Culture, Media and Sport"}],"links":[],"pronouns":null,"media":[],"id":48290,"title":"Deputy Director - Cyber Security, Cyber Security and Digital Identity Directorate, UK Department for Digital, Culture, Media and Sport"},{"content_ids":[48889,48876],"conference_id":65,"event_ids":[48887,48896],"name":"Adam Dobell","affiliations":[{"organization":"","title":"First Secretary, Department of Home Affairs, Embassy of Australia"}],"links":[],"pronouns":null,"media":[],"id":48291,"title":"First Secretary, Department of Home Affairs, Embassy of Australia"}],"timeband_id":891,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242835"}],"end":"2022-08-13T00:45:00.000-0000","id":48896,"begin_timestamp":{"seconds":1660345200,"nanoseconds":0},"village_id":23,"tag_ids":[40265,45311,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48291},{"tag_id":565,"sort_order":1,"person_id":48290},{"tag_id":565,"sort_order":1,"person_id":48289}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 226-227 - Policy Roundtable","hotel":"","short_name":"226-227 - Policy Roundtable","id":45465},"spans_timebands":"N","begin":"2022-08-12T23:00:00.000-0000","updated":"2022-07-28T04:28:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Psst. I have heard whispers on Capitol Hill that one of the barriers to more secure elections is strengthening the trust between election workers and security researchers. And what better venue to bring together good faith researchers with election officials than DEF CON Policy? \n\nDEF CON Policy Department is working with top election security officials and security researchers to host a roundtable discussion on strenthening trust and collaboration in electiom security. This session will highlight work from top researchers and members of the DEF CON community, federal government representation, and perspectives from Secretaries of State.\n\n\n","title":"Election Security Bridge Building","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ab59db","name":"Policy@DEF CON Content","id":45311},"android_description":"Psst. I have heard whispers on Capitol Hill that one of the barriers to more secure elections is strengthening the trust between election workers and security researchers. And what better venue to bring together good faith researchers with election officials than DEF CON Policy? \n\nDEF CON Policy Department is working with top election security officials and security researchers to host a roundtable discussion on strenthening trust and collaboration in electiom security. This session will highlight work from top researchers and members of the DEF CON community, federal government representation, and perspectives from Secretaries of State.","end_timestamp":{"seconds":1660351500,"nanoseconds":0},"updated_timestamp":{"seconds":1658982480,"nanoseconds":0},"speakers":[{"content_ids":[48877],"conference_id":65,"event_ids":[48892],"name":"Jack Cable","affiliations":[{"organization":"","title":"Independent Security Researcher"}],"links":[],"pronouns":null,"media":[],"id":48292,"title":"Independent Security Researcher"},{"content_ids":[48877],"conference_id":65,"event_ids":[48892],"name":"Michael Ross","affiliations":[{"organization":"","title":"Deputy Secretary of State"}],"links":[],"pronouns":null,"media":[],"id":48293,"title":"Deputy Secretary of State"},{"content_ids":[48877],"conference_id":65,"event_ids":[48892],"name":"Trevor Timmons","affiliations":[{"organization":"Office of Colorado Secretary of State","title":""}],"links":[],"pronouns":null,"media":[],"id":48294,"title":"Office of Colorado Secretary of State"}],"timeband_id":891,"end":"2022-08-13T00:45:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242827"}],"id":48892,"village_id":23,"begin_timestamp":{"seconds":1660345200,"nanoseconds":0},"tag_ids":[40265,45311,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48292},{"tag_id":565,"sort_order":1,"person_id":48293},{"tag_id":565,"sort_order":1,"person_id":48294}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 224-225 - Policy Collaboratorium","hotel":"","short_name":"224-225 - Policy Collaboratorium","id":45464},"updated":"2022-07-28T04:28:00.000-0000","begin":"2022-08-12T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Having fun is at the core of discovering new CVEs or getting bug bounties. While this talk is about neither of those things, I want to show that doing something for the lulz can lead to some awesome possibilities no matter what you’re doing. Would you like to troll more but you work full time? Let’s automate! Are you one of the 40,000+ users who have been contacted by my bots such as the /r/pmmebot Reddit bot? Or ChinaNumberFour? Or J0hnnyDoxxille? Let’s talk it out. Some may say learning to code AI in Python just to troll is too much effort. I agree. I did it anyway.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#a8c24b","name":"Skytalk","id":45291},"title":"Automated Trolling for Fun and No Profit","end_timestamp":{"seconds":1660348200,"nanoseconds":0},"android_description":"Having fun is at the core of discovering new CVEs or getting bug bounties. While this talk is about neither of those things, I want to show that doing something for the lulz can lead to some awesome possibilities no matter what you’re doing. Would you like to troll more but you work full time? Let’s automate! Are you one of the 40,000+ users who have been contacted by my bots such as the /r/pmmebot Reddit bot? Or ChinaNumberFour? Or J0hnnyDoxxille? Let’s talk it out. Some may say learning to code AI in Python just to troll is too much effort. I agree. I did it anyway.","updated_timestamp":{"seconds":1658865180,"nanoseconds":0},"speakers":[{"content_ids":[48704],"conference_id":65,"event_ids":[48712],"name":"burninator","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/burninatorsec"}],"pronouns":null,"media":[],"id":47987}],"timeband_id":891,"links":[],"end":"2022-08-12T23:50:00.000-0000","id":48712,"village_id":30,"begin_timestamp":{"seconds":1660345200,"nanoseconds":0},"tag_ids":[40272,45291,45340,45373,45453],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47987}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45438,"name":"LINQ - BLOQ (SkyTalks 303)","hotel":"","short_name":"BLOQ (SkyTalks 303)","id":45413},"begin":"2022-08-12T23:00:00.000-0000","updated":"2022-07-26T19:53:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In The Netherlands it’s a tradition to catch up with your colleagues just before the end of the workday on Friday when the weekend starts to kick in. In The Netherlands this is called the “VrijMiBo” (Vrijdag/Friday - Middag/Afternoon Borrel/Drink)\r\n\r\n“VrijMiBo/Friday afternoon Drink” at DefCon is a perfect moment to talk about what your favorite thing is at DefCon, show your cool handmade badges, impress other hackers about your latest hacks, make new friends, gossip about your boss and show your cat or dog pictures.\r\n\r\nVrijdag Middag Borrel, Freitag Mittags Getränk, Apéritif du vendredi après-midi, trago de viernes por la tarde.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d1c366","updated_at":"2024-06-07T03:39+0000","name":"Meetup","id":45288},"title":"DEF CON Holland DC3115 & DC3120 Group Meetup","android_description":"In The Netherlands it’s a tradition to catch up with your colleagues just before the end of the workday on Friday when the weekend starts to kick in. In The Netherlands this is called the “VrijMiBo” (Vrijdag/Friday - Middag/Afternoon Borrel/Drink)\r\n\r\n“VrijMiBo/Friday afternoon Drink” at DefCon is a perfect moment to talk about what your favorite thing is at DefCon, show your cool handmade badges, impress other hackers about your latest hacks, make new friends, gossip about your boss and show your cat or dog pictures.\r\n\r\nVrijdag Middag Borrel, Freitag Mittags Getränk, Apéritif du vendredi après-midi, trago de viernes por la tarde.","end_timestamp":{"seconds":1660356000,"nanoseconds":0},"updated_timestamp":{"seconds":1658811300,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T02:00:00.000-0000","id":48700,"village_id":null,"begin_timestamp":{"seconds":1660345200,"nanoseconds":0},"tag_ids":[45288,45373,45451],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45437,"name":"Flamingo - Bird Bar","hotel":"","short_name":"Bird Bar","id":45383},"spans_timebands":"N","begin":"2022-08-12T23:00:00.000-0000","updated":"2022-07-26T04:55:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"They say Atlanta is the city too busy to hate, but it also has too much traffic for its widespread hacker fam to get together in a single meetup. So instead we’re meeting up in the desert during DEF CON - the one time of year when intown, northern burbs, south siders, and anyone else connected to (or interested in!) DC404’s 20+ year legacy can catch up, share stories, and make new connections. Come prepared to share your interests, hacks, swag, stories, and good times!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d1c366","name":"Meetup","id":45288},"title":"DC404/DC678/DC770/DC470 (Atlanta Metro) Meetup","end_timestamp":{"seconds":1660356000,"nanoseconds":0},"android_description":"They say Atlanta is the city too busy to hate, but it also has too much traffic for its widespread hacker fam to get together in a single meetup. So instead we’re meeting up in the desert during DEF CON - the one time of year when intown, northern burbs, south siders, and anyone else connected to (or interested in!) DC404’s 20+ year legacy can catch up, share stories, and make new connections. Come prepared to share your interests, hacks, swag, stories, and good times!","updated_timestamp":{"seconds":1658811180,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T02:00:00.000-0000","id":48698,"village_id":null,"begin_timestamp":{"seconds":1660345200,"nanoseconds":0},"tag_ids":[45288,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 211-213 (Teacher's Lounge)","hotel":"","short_name":"211-213 (Teacher's Lounge)","id":45466},"updated":"2022-07-26T04:53:00.000-0000","begin":"2022-08-12T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The lgbtqia+ community in InfoSec is throwing a party to bring our folk together and have a good time. Meet others like you or hang out with those you’ve met over the years. This is a safe and inclusive space meant to make you feel comfortable and help you socialize with others like you.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d1c366","updated_at":"2024-06-07T03:39+0000","name":"Meetup","id":45288},"title":"Queercon Mixer","android_description":"The lgbtqia+ community in InfoSec is throwing a party to bring our folk together and have a good time. Meet others like you or hang out with those you’ve met over the years. This is a safe and inclusive space meant to make you feel comfortable and help you socialize with others like you.","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"updated_timestamp":{"seconds":1658810760,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":48691,"village_id":null,"tag_ids":[45288,45373,45450],"begin_timestamp":{"seconds":1660345200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 120-123, 129, 137 (Chillout)","hotel":"","short_name":"120-123, 129, 137 (Chillout)","id":45397},"spans_timebands":"N","updated":"2022-07-26T04:46:00.000-0000","begin":"2022-08-12T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"\"We present a Microsoft Windows vulnerability that allows a remote attacker to impersonate a Bluetooth Low Energy (BLE) keyboard and perform Wireless Key Injection (WKI) on its behalf. It can occur after a legitimate BLE keyboard automatically closes its connection because of inactivity. In that situation, an attacker can impersonate it and wirelessly send keys. \nIn this talk we will demonstrate the attack live and we will explain the theoretical basis behind it and the process that led us to discover the vulnerability. We will also release the tool that allows to reproduce the attack and we will detail how to use it.\"\n\n\n","title":"Wireless Keystroke Injection (WKI) via Bluetooth Low Energy (BLE)","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"android_description":"\"We present a Microsoft Windows vulnerability that allows a remote attacker to impersonate a Bluetooth Low Energy (BLE) keyboard and perform Wireless Key Injection (WKI) on its behalf. It can occur after a legitimate BLE keyboard automatically closes its connection because of inactivity. In that situation, an attacker can impersonate it and wirelessly send keys. \nIn this talk we will demonstrate the attack live and we will explain the theoretical basis behind it and the process that led us to discover the vulnerability. We will also release the tool that allows to reproduce the attack and we will detail how to use it.\"","end_timestamp":{"seconds":1660347900,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48528],"conference_id":65,"event_ids":[48547],"name":"Jose Pico","affiliations":[{"organization":"","title":"Founder at LAYAKK"}],"links":[],"pronouns":null,"media":[],"id":47868,"title":"Founder at LAYAKK"},{"content_ids":[48528],"conference_id":65,"event_ids":[48547],"name":"Fernando Perera","affiliations":[{"organization":"","title":"Security Analyst at LAYAKK"}],"links":[],"pronouns":null,"media":[],"id":47916,"title":"Security Analyst at LAYAKK"}],"timeband_id":891,"end":"2022-08-12T23:45:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241935"}],"id":48547,"begin_timestamp":{"seconds":1660345200,"nanoseconds":0},"village_id":null,"tag_ids":[45241,45279,45280,45281,45375,45450],"includes":"Exploit, Demo, Tool","people":[{"tag_id":565,"sort_order":1,"person_id":47916},{"tag_id":565,"sort_order":1,"person_id":47868}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 401-410, 421 (Track 3)","hotel":"","short_name":"401-410, 421 (Track 3)","id":45374},"updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-12T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Hello, my name is BWL-X8620, and I'm a SOHO router. For many years my fellow SOHO routers and I were victims of endless abuse by hackers. Default credentials, command injections, file uploading - you name it. And it is all just because we're WAN-facing devices. Just because our ISP leaves our web server internet-facing makes hackers think it's okay to attack and make us zombies. But today, I say NO MORE! \n\nIn this talk, I will show that if a web client can attack a web server, then an ISP client can attack the ISP servers!\nI will reveal a hidden attack surface and vulnerabilities in popular network equipment used by ISPs worldwide to connect end-users to the internet. \nBRAS devices are not that different from us SOHO routers. No one is infallible. But, BRAS devices can support up to 256,000 subscribers, and exploiting them can cause a ruckus. Code executing can lead to a total ISP compromise, mass client DNS poisoning, end-points RCE, and more!\n\nThis talk will present a high severity logical DOS vulnerability in a telecommunications vendor implementation of PPPoE and a critical RCE vulnerability in PPP. That means we, the SOHO routers, can attack and execute code on the ISP's that connect us to the internet!\n\nToday we are fighting back!\n\n\n","title":"Hacking ISPs with Point-to-Pwn Protocol over Ethernet (PPPoE)","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"end_timestamp":{"seconds":1660347900,"nanoseconds":0},"android_description":"Hello, my name is BWL-X8620, and I'm a SOHO router. For many years my fellow SOHO routers and I were victims of endless abuse by hackers. Default credentials, command injections, file uploading - you name it. And it is all just because we're WAN-facing devices. Just because our ISP leaves our web server internet-facing makes hackers think it's okay to attack and make us zombies. But today, I say NO MORE! \n\nIn this talk, I will show that if a web client can attack a web server, then an ISP client can attack the ISP servers!\nI will reveal a hidden attack surface and vulnerabilities in popular network equipment used by ISPs worldwide to connect end-users to the internet. \nBRAS devices are not that different from us SOHO routers. No one is infallible. But, BRAS devices can support up to 256,000 subscribers, and exploiting them can cause a ruckus. Code executing can lead to a total ISP compromise, mass client DNS poisoning, end-points RCE, and more!\n\nThis talk will present a high severity logical DOS vulnerability in a telecommunications vendor implementation of PPPoE and a critical RCE vulnerability in PPP. That means we, the SOHO routers, can attack and execute code on the ISP's that connect us to the internet!\n\nToday we are fighting back!","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48527],"conference_id":65,"event_ids":[48518],"name":"Gal Zror","affiliations":[{"organization":"","title":"Vulnerability Research Manager at CyberArk Labs"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/waveburst"}],"media":[],"id":47840,"title":"Vulnerability Research Manager at CyberArk Labs"}],"timeband_id":891,"end":"2022-08-12T23:45:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242004"}],"id":48518,"village_id":null,"begin_timestamp":{"seconds":1660345200,"nanoseconds":0},"tag_ids":[45241,45279,45375,45450],"includes":"Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47840}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 104-105, 135-136 (Track 1)","hotel":"","short_name":"104-105, 135-136 (Track 1)","id":45372},"spans_timebands":"N","begin":"2022-08-12T23:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Adversaries have increasingly been leveraging completely legitimate 3rd party web hosting products to circumvent traditional domain reputation analysis engines, and successfully get their phishing pages in front of their victims. Using these third party services also offers them a great opportunity to limit the exposure of their own infrastructure, offering a great OPSEC advantage. However, in one investigation, a few breadcrumbs left in the adversaries code led us down a rabbit hole to slowly uncovering the person behind what is perhaps the largest Facebook credential harvesting campaign ever investigated, reported by cybersecurity blogs and news media worldwide in mid June of 2022.\r\n\r\nIn this talk, we will follow the breadcrumb trail left by a threat actor, demonstrating how we pieced together the shocking scale of their credential harvesting and malversating operation. From comments in their code, to their various online identities, to accessing their infrastructure - we will walk through our investigation into a wanted Colombian Cyber Criminal, and demonstrate how recon can be used against adversaries \n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#bab7d9","updated_at":"2024-06-07T03:39+0000","name":"Recon Village","id":45384},"title":"The Richest Phisherman in Colombia","end_timestamp":{"seconds":1660346700,"nanoseconds":0},"android_description":"Adversaries have increasingly been leveraging completely legitimate 3rd party web hosting products to circumvent traditional domain reputation analysis engines, and successfully get their phishing pages in front of their victims. Using these third party services also offers them a great opportunity to limit the exposure of their own infrastructure, offering a great OPSEC advantage. However, in one investigation, a few breadcrumbs left in the adversaries code led us down a rabbit hole to slowly uncovering the person behind what is perhaps the largest Facebook credential harvesting campaign ever investigated, reported by cybersecurity blogs and news media worldwide in mid June of 2022.\r\n\r\nIn this talk, we will follow the breadcrumb trail left by a threat actor, demonstrating how we pieced together the shocking scale of their credential harvesting and malversating operation. From comments in their code, to their various online identities, to accessing their infrastructure - we will walk through our investigation into a wanted Colombian Cyber Criminal, and demonstrate how recon can be used against adversaries","updated_timestamp":{"seconds":1659974820,"nanoseconds":0},"speakers":[{"content_ids":[48712,49722],"conference_id":65,"event_ids":[48719,49912],"name":"Nick Ascoli","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/kcin418"}],"media":[],"id":48000}],"timeband_id":891,"links":[],"end":"2022-08-12T23:25:00.000-0000","id":49912,"begin_timestamp":{"seconds":1660344600,"nanoseconds":0},"tag_ids":[40268,45340,45373,45384,45453],"village_id":26,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48000}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social B and C (Recon Village)","hotel":"","short_name":"Social B and C (Recon Village)","id":45415},"updated":"2022-08-08T16:07:00.000-0000","begin":"2022-08-12T22:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Come and find out how the quantum computer tech stack works, and what interesting things can be done with a hacker mindset on quantum algos.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#aae997","name":"Quantum Village","id":45382},"title":"Quantum Hardware Hacking","android_description":"Come and find out how the quantum computer tech stack works, and what interesting things can be done with a hacker mindset on quantum algos.","end_timestamp":{"seconds":1660347000,"nanoseconds":0},"updated_timestamp":{"seconds":1660333080,"nanoseconds":0},"speakers":[{"content_ids":[49699,49704,49713],"conference_id":65,"event_ids":[49894,49889,49903],"name":"Mark C","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49051}],"timeband_id":891,"links":[],"end":"2022-08-12T23:30:00.000-0000","id":49894,"village_id":24,"begin_timestamp":{"seconds":1660343400,"nanoseconds":0},"tag_ids":[40266,45340,45373,45382,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49051}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 217 (Quantum Village)","hotel":"","short_name":"217 (Quantum Village)","id":45403},"updated":"2022-08-12T19:38:00.000-0000","begin":"2022-08-12T22:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Detecting rogue access points is easy right? Are you confident you'd be able to detect one in your environment? Rogue access points come in a variety of flavors depending on the objectives of the adversary. This talk will cover a variety of tactics used by attackers to evade WIPS/WIDS (Wireless Intrusion Prevention/Detection Systems). Come check out this talk to see how robust your detection is!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8826b","name":"Radio Frequency Village","id":45383},"title":"WIPS/WIDS Evasion for Rogue Access Points","end_timestamp":{"seconds":1660345200,"nanoseconds":0},"android_description":"Detecting rogue access points is easy right? Are you confident you'd be able to detect one in your environment? Rogue access points come in a variety of flavors depending on the objectives of the adversary. This talk will cover a variety of tactics used by attackers to evade WIPS/WIDS (Wireless Intrusion Prevention/Detection Systems). Come check out this talk to see how robust your detection is!","updated_timestamp":{"seconds":1659928560,"nanoseconds":0},"speakers":[{"content_ids":[49218,49232,49662],"conference_id":65,"event_ids":[49275,49259,49850],"name":"Eric Escobar","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/EricEscobar"}],"media":[],"id":48669}],"timeband_id":891,"links":[],"end":"2022-08-12T23:00:00.000-0000","id":49850,"begin_timestamp":{"seconds":1660343400,"nanoseconds":0},"village_id":25,"tag_ids":[40267,45340,45373,45383,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48669}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Eldorado Ballroom (Radio Frequency Village)","hotel":"","short_name":"Eldorado Ballroom (Radio Frequency Village)","id":45427},"updated":"2022-08-08T03:16:00.000-0000","begin":"2022-08-12T22:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Elevator floor lockouts are often used as an additional, or the only, layer of security. This talk will focus on how to hack elevators for the purpose of getting to locked out floors ‚Äì including using special operating modes, tricking the controller into taking you there, and hoistway entry.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#61ba95","updated_at":"2024-06-07T03:39+0000","name":"Physical Security Village","id":45381},"title":"Elevators 101","android_description":"Elevator floor lockouts are often used as an additional, or the only, layer of security. This talk will focus on how to hack elevators for the purpose of getting to locked out floors ‚Äì including using special operating modes, tricking the controller into taking you there, and hoistway entry.","end_timestamp":{"seconds":1660345200,"nanoseconds":0},"updated_timestamp":{"seconds":1659624300,"nanoseconds":0},"speakers":[{"content_ids":[49393,49398,49399,49400],"conference_id":65,"event_ids":[49540,49545,49546,49547,49556,49557,49558],"name":"Karen Ng","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/hwenab"}],"media":[],"id":48801}],"timeband_id":891,"links":[],"end":"2022-08-12T23:00:00.000-0000","id":49545,"village_id":22,"begin_timestamp":{"seconds":1660343400,"nanoseconds":0},"tag_ids":[40264,45340,45373,45381,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48801}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 201-202 (Physical Security Village)","hotel":"","short_name":"201-202 (Physical Security Village)","id":45428},"spans_timebands":"N","updated":"2022-08-04T14:45:00.000-0000","begin":"2022-08-12T22:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"How to solve the difficulties when performing black box fuzzing on the real automobiles. First, coverage-guided fuzzing is impossible, so we should generate testcases with full understanding of UDS CAN, such as message flows, frame types. Second, it is hard to decide whether errors occurred, we should check timeout, pending response, DTC (diagnostic Trouble Code) and NRC (Negative Response Code). Third, even if the target ECU is dead, we should continue the fuzzing by using ClearDiagnosticInformation and ECUReset. During this talk, audiences can learn the effective and practical CAN fuzzing guides on the technical level.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#b9b1c5","updated_at":"2024-06-07T03:39+0000","name":"Car Hacking Village","id":45352},"title":"Smart Black Box Fuzzing of UDS CAN","end_timestamp":{"seconds":1660344900,"nanoseconds":0},"android_description":"How to solve the difficulties when performing black box fuzzing on the real automobiles. First, coverage-guided fuzzing is impossible, so we should generate testcases with full understanding of UDS CAN, such as message flows, frame types. Second, it is hard to decide whether errors occurred, we should check timeout, pending response, DTC (diagnostic Trouble Code) and NRC (Negative Response Code). Third, even if the target ECU is dead, we should continue the fuzzing by using ClearDiagnosticInformation and ECUReset. During this talk, audiences can learn the effective and practical CAN fuzzing guides on the technical level.","updated_timestamp":{"seconds":1659587340,"nanoseconds":0},"speakers":[{"content_ids":[48564,49388],"conference_id":65,"event_ids":[48507,49535],"name":"Jonghyuk Song","affiliations":[{"organization":"","title":"\"Jonghyuk Song, Redteam Leader, Autocrypt\""}],"links":[],"pronouns":null,"media":[],"id":47836,"title":"\"Jonghyuk Song, Redteam Leader, Autocrypt\""},{"content_ids":[48564,49388],"conference_id":65,"event_ids":[48507,49535],"name":"Soohwan Oh","affiliations":[{"organization":"","title":"Blueteam Engineer, Autocrypt"}],"links":[],"pronouns":null,"media":[],"id":47842,"title":"Blueteam Engineer, Autocrypt"},{"content_ids":[49388],"conference_id":65,"event_ids":[49535],"name":"Jeongho Yang","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48795}],"timeband_id":891,"links":[],"end":"2022-08-12T22:55:00.000-0000","id":49535,"village_id":8,"tag_ids":[40251,45340,45348,45352,45374],"begin_timestamp":{"seconds":1660343400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48795},{"tag_id":565,"sort_order":1,"person_id":47836},{"tag_id":565,"sort_order":1,"person_id":47842}],"tags":"Pre-Recorded Content, Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - Car Hacking Village","hotel":"","short_name":"Car Hacking Village","id":45487},"updated":"2022-08-04T04:29:00.000-0000","begin":"2022-08-12T22:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Has this ever happened to you? You get root on an RTU in a transmission substation but have no idea what any of the settings are, or do. Are you an analyst that doesn't understand why someone changing a transformer tap setting might be a bad thing? Are you wondering if you've been hacked because you're equipment is saying you have a ground fault but also that your voltage and current phasors are 120 degrees out of phase? Then come to this talk and learn about Power Fundamentals. We'll go over all the basics no one every taught you, like AC current, phasors, calculating Power Flow, and how transformers work.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#81f8bf","name":"ICS Village","id":45369},"title":"Power Flow 101 for hackers and analysts","android_description":"Has this ever happened to you? You get root on an RTU in a transmission substation but have no idea what any of the settings are, or do. Are you an analyst that doesn't understand why someone changing a transformer tap setting might be a bad thing? Are you wondering if you've been hacked because you're equipment is saying you have a ground fault but also that your voltage and current phasors are 120 degrees out of phase? Then come to this talk and learn about Power Fundamentals. We'll go over all the basics no one every taught you, like AC current, phasors, calculating Power Flow, and how transformers work.","end_timestamp":{"seconds":1660345200,"nanoseconds":0},"updated_timestamp":{"seconds":1659473100,"nanoseconds":0},"speakers":[{"content_ids":[49339],"conference_id":65,"event_ids":[49439],"name":"Stefan Stephenson-Moe","affiliations":[{"organization":"Splunk","title":"Senior Sales Engineer"}],"links":[],"pronouns":null,"media":[],"id":48769,"title":"Senior Sales Engineer at Splunk"}],"timeband_id":891,"links":[],"end":"2022-08-12T23:00:00.000-0000","id":49439,"tag_ids":[40258,45340,45369,45375,45450],"begin_timestamp":{"seconds":1660343400,"nanoseconds":0},"village_id":15,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48769}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village)","hotel":"","short_name":"314 - 319 (ICS Village)","id":45430},"begin":"2022-08-12T22:30:00.000-0000","updated":"2022-08-02T20:45:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"We are happy to welcome her back from Rogues Village DC27: RxGamble. You need more than math to hack a casino game… She’ll show you how!\n\n\n","title":"Secrets of an Advantage Player","type":{"conference_id":65,"conference":"DEFCON30","color":"#569d6e","updated_at":"2024-06-07T03:39+0000","name":"Rogues Village","id":45368},"end_timestamp":{"seconds":1660347000,"nanoseconds":0},"android_description":"We are happy to welcome her back from Rogues Village DC27: RxGamble. You need more than math to hack a casino game… She’ll show you how!","updated_timestamp":{"seconds":1659467400,"nanoseconds":0},"speakers":[{"content_ids":[49322],"conference_id":65,"event_ids":[49422],"name":"RxGamble","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/rxgamble"},{"description":"","title":"Website","sort_order":0,"url":"https://rxgamble.com/"}],"pronouns":null,"media":[],"id":48744}],"timeband_id":891,"links":[],"end":"2022-08-12T23:30:00.000-0000","id":49422,"begin_timestamp":{"seconds":1660343400,"nanoseconds":0},"tag_ids":[40271,45340,45368,45453],"village_id":29,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48744}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Evolution (Rogues Village)","hotel":"","short_name":"Evolution (Rogues Village)","id":45407},"spans_timebands":"N","begin":"2022-08-12T22:30:00.000-0000","updated":"2022-08-02T19:10:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"High level explanation of how a handcuff actually works inside. \r\n\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#856899","name":"Lock Pick Village","id":45362},"title":"Handcuffs and how they work","end_timestamp":{"seconds":1660344300,"nanoseconds":0},"android_description":"High level explanation of how a handcuff actually works inside.","updated_timestamp":{"seconds":1659420240,"nanoseconds":0},"speakers":[{"content_ids":[49275],"conference_id":65,"event_ids":[49355],"name":"Steven Collins","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48701}],"timeband_id":891,"links":[],"end":"2022-08-12T22:45:00.000-0000","id":49355,"begin_timestamp":{"seconds":1660343400,"nanoseconds":0},"tag_ids":[40259,45340,45362,45373,45450],"village_id":17,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48701}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 203-204, 235 (Lock Pick Village)","hotel":"","short_name":"203-204, 235 (Lock Pick Village)","id":45399},"begin":"2022-08-12T22:30:00.000-0000","updated":"2022-08-02T06:04:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The U.S. Supreme Court sent shockwaves with its decision to overturn protections for reproductive rights (https://www.eff.org/issues/reproductive-justice) under Roe v. Wade. In addition to depriving millions of people of a fundamental right, the decision also means that those who seek (https://www.eff.org/deeplinks/2022/06/security-and-privacy-tips-people-seeking-abortion), offer (https://www.eff.org/deeplinks/2022/05/digital-security-and-privacy-tips-those-involved-abortion-access), or facilitate abortion healthcare must now consider whether law enforcement could access and use previously benign digital data as evidence of a crime. That’s an alarming prospect for an increasingly online world without strong privacy protections.\r\n\r\nThis panel will explore the future of access to healthcare resources, how technologists are working to help people secure their data now, how policymakers in both the private and public sectors can ensure safety and privacy for millions of people—and what you can do to protect yourself and your communities.\n\n\n","title":"EFF: Reproductive Justice in the Age of Surveillance","type":{"conference_id":65,"conference":"DEFCON30","color":"#697bd0","updated_at":"2024-06-07T03:39+0000","name":"Event","id":45293},"end_timestamp":{"seconds":1660347000,"nanoseconds":0},"android_description":"The U.S. Supreme Court sent shockwaves with its decision to overturn protections for reproductive rights (https://www.eff.org/issues/reproductive-justice) under Roe v. Wade. In addition to depriving millions of people of a fundamental right, the decision also means that those who seek (https://www.eff.org/deeplinks/2022/06/security-and-privacy-tips-people-seeking-abortion), offer (https://www.eff.org/deeplinks/2022/05/digital-security-and-privacy-tips-those-involved-abortion-access), or facilitate abortion healthcare must now consider whether law enforcement could access and use previously benign digital data as evidence of a crime. That’s an alarming prospect for an increasingly online world without strong privacy protections.\r\n\r\nThis panel will explore the future of access to healthcare resources, how technologists are working to help people secure their data now, how policymakers in both the private and public sectors can ensure safety and privacy for millions of people—and what you can do to protect yourself and your communities.","updated_timestamp":{"seconds":1659414300,"nanoseconds":0},"speakers":[{"content_ids":[48539,49270],"conference_id":65,"event_ids":[48501,49343],"name":"Corynne McSherry","affiliations":[{"organization":"","title":"Legal Director, Electronic Frontier Foundation"}],"pronouns":null,"links":[{"description":"","title":"Profile","sort_order":0,"url":"https://www.eff.org/about/staff/corynne-mcsherry"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/cmcsherr"}],"media":[],"id":47863,"title":"Legal Director, Electronic Frontier Foundation"},{"content_ids":[49152,49270],"conference_id":65,"event_ids":[49188,49343],"name":"Kate Bertash","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/KateRoseBee"}],"pronouns":null,"media":[],"id":48600},{"content_ids":[49270],"conference_id":65,"event_ids":[49343],"name":"India McKinney","affiliations":[{"organization":"EFF","title":"Director of Federal Affairs"}],"links":[{"description":"","title":"Profile","sort_order":0,"url":"https://www.eff.org/about/staff/india-mckinney"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/imck82"}],"pronouns":null,"media":[],"id":48695,"title":"Director of Federal Affairs at EFF"},{"content_ids":[49270],"conference_id":65,"event_ids":[49343],"name":"Daly Barnett","affiliations":[{"organization":"EFF","title":"Staff Technologist"}],"pronouns":null,"links":[{"description":"","title":"Profile","sort_order":0,"url":"https://www.eff.org/about/staff/daly-barnett"}],"media":[],"id":48696,"title":"Staff Technologist at EFF"}],"timeband_id":891,"links":[{"label":"Webpage","type":"link","url":"https://www.eff.org/event/reproductive-rights-age-surveillance-panel-def-con-30"}],"end":"2022-08-12T23:30:00.000-0000","id":49343,"tag_ids":[45293,45373,45450],"begin_timestamp":{"seconds":1660343400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45290,"sort_order":1,"person_id":47863},{"tag_id":45290,"sort_order":1,"person_id":48696},{"tag_id":45290,"sort_order":1,"person_id":48695},{"tag_id":45290,"sort_order":1,"person_id":48600}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 133 (Karaoke/Chess)","hotel":"","short_name":"133 (Karaoke/Chess)","id":45385},"spans_timebands":"N","begin":"2022-08-12T22:30:00.000-0000","updated":"2022-08-02T04:25:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"We'll walk through the structures of a PDF, analyzing each part of it, demonstrating how Threat Actors work in the inclusion of malicious components in the structures of the file, in addition to demonstrating the collection of IOC(Indicators of Attack)s and how to build IOA(Indicators of Attack) for analysis by behavior, to anticipate new attacks. Demonstrating structures in the binaries as a PDF(header/ body/cross-reference table/trailer) and performing a comparison of malicious PDFs, explaining how each session works within a binary, what are the techniques used such as packers, obfuscation with JavaScript (PDF) and more, explaining too about some anti-disassembly techniques, demonstrating as a is the action of these malware’s and where it would be possible to “include” a malicious code.\n\n\nDemonstrate different kind of structures in the binaries as a PDF(header/ body/cross-reference table/trailer), explaining how each session works within a binary, what are the techniques used such as packers, obfuscation with JavaScript (PDF) and more","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#97ab92","name":"Blue Team Village","id":45376},"title":"Malware Hunting - Discovering techniques in PDF malicious","end_timestamp":{"seconds":1660347000,"nanoseconds":0},"android_description":"We'll walk through the structures of a PDF, analyzing each part of it, demonstrating how Threat Actors work in the inclusion of malicious components in the structures of the file, in addition to demonstrating the collection of IOC(Indicators of Attack)s and how to build IOA(Indicators of Attack) for analysis by behavior, to anticipate new attacks. Demonstrating structures in the binaries as a PDF(header/ body/cross-reference table/trailer) and performing a comparison of malicious PDFs, explaining how each session works within a binary, what are the techniques used such as packers, obfuscation with JavaScript (PDF) and more, explaining too about some anti-disassembly techniques, demonstrating as a is the action of these malware’s and where it would be possible to “include” a malicious code.\n\n\nDemonstrate different kind of structures in the binaries as a PDF(header/ body/cross-reference table/trailer), explaining how each session works within a binary, what are the techniques used such as packers, obfuscation with JavaScript (PDF) and more","updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48942],"conference_id":65,"event_ids":[48942],"name":"Filipi Pires","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48337}],"timeband_id":891,"links":[],"end":"2022-08-12T23:30:00.000-0000","id":48942,"village_id":7,"tag_ids":[40250,45340,45348,45374,45376],"begin_timestamp":{"seconds":1660343400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48337}],"tags":"Talk, Pre-Recorded Content","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45475,"name":"Virtual - BlueTeam Village - Talks","hotel":"","short_name":"Talks","id":45473},"spans_timebands":"N","begin":"2022-08-12T22:30:00.000-0000","updated":"2022-07-28T21:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The recent rise of HTTP Request Smuggling has seen a flood of critical findings enabling near-complete compromise of numerous major websites. However, the threat has been confined to attacker-accessible systems with a reverse proxy front-end... until now.\n\nIn this session, I'll show you how to turn your victim's web browser into a desync delivery platform, shifting the request smuggling frontier by exposing single-server websites and internal networks. You'll learn how to combine cross-domain requests with server flaws to poison browser connection pools, install backdoors, and release desync worms. With these techniques I'll compromise targets including Apache, Akamai, Varnish, Amazon, and multiple web VPNs.\n\nWhile some classic desync gadgets can be adapted, other scenarios force extreme innovation. To help, I'll share a battle-tested methodology combining browser features and custom open-source tooling. We'll also release free online labs to help hone your new skillset.\n\nI'll also share the research journey, uncovering a strategy for black-box analysis that solved several long-standing desync obstacles and unveiled an extremely effective novel desync trigger. The resulting fallout will encompass client-side, server-side, and even MITM attacks; to wrap up, I'll live-demo breaking HTTPS on Apache.\n\n\n","title":"Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"android_description":"The recent rise of HTTP Request Smuggling has seen a flood of critical findings enabling near-complete compromise of numerous major websites. However, the threat has been confined to attacker-accessible systems with a reverse proxy front-end... until now.\n\nIn this session, I'll show you how to turn your victim's web browser into a desync delivery platform, shifting the request smuggling frontier by exposing single-server websites and internal networks. You'll learn how to combine cross-domain requests with server flaws to poison browser connection pools, install backdoors, and release desync worms. With these techniques I'll compromise targets including Apache, Akamai, Varnish, Amazon, and multiple web VPNs.\n\nWhile some classic desync gadgets can be adapted, other scenarios force extreme innovation. To help, I'll share a battle-tested methodology combining browser features and custom open-source tooling. We'll also release free online labs to help hone your new skillset.\n\nI'll also share the research journey, uncovering a strategy for black-box analysis that solved several long-standing desync obstacles and unveiled an extremely effective novel desync trigger. The resulting fallout will encompass client-side, server-side, and even MITM attacks; to wrap up, I'll live-demo breaking HTTPS on Apache.","end_timestamp":{"seconds":1660346100,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48526],"conference_id":65,"event_ids":[48580],"name":"James Kettle","affiliations":[{"organization":"","title":"Director of Research, PortSwigger"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/albinowax"},{"description":"","title":"Website","sort_order":0,"url":"https://skeletonscribe.net/"}],"media":[],"id":47822,"title":"Director of Research, PortSwigger"}],"timeband_id":891,"end":"2022-08-12T23:15:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241826"}],"id":48580,"begin_timestamp":{"seconds":1660343400,"nanoseconds":0},"tag_ids":[45241,45279,45280,45375,45450],"village_id":null,"includes":"Exploit, Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47822}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"begin":"2022-08-12T22:30:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In December 2021, some ISPs in Russia started blocking Tor's website,\nalong with protocol-level (DPI) and network-level (IP address) blocking to\ntry to make it harder for people in Russia to reach the Tor network. Some\nmonths later, we're now at a steady-state where they are trying to find\nnew IP addresses to block and we're rotating IP addresses to keep up.\n\nIn this talk I'll walk through what steps the Russian censors have taken,\nand how we reverse engineered their attempts and changed our strategies\nand our software. Then we'll discuss where the arms race goes from here,\nwhat new techniques the anti-censorship world needs if we're going to\nstay ahead of future attacks, and what it means for the world that more\nand more countries are turning to network-level blocking as the solution\nto their political problems.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"title":"How Russia is trying to block Tor","android_description":"In December 2021, some ISPs in Russia started blocking Tor's website,\nalong with protocol-level (DPI) and network-level (IP address) blocking to\ntry to make it harder for people in Russia to reach the Tor network. Some\nmonths later, we're now at a steady-state where they are trying to find\nnew IP addresses to block and we're rotating IP addresses to keep up.\n\nIn this talk I'll walk through what steps the Russian censors have taken,\nand how we reverse engineered their attempts and changed our strategies\nand our software. Then we'll discuss where the arms race goes from here,\nwhat new techniques the anti-censorship world needs if we're going to\nstay ahead of future attacks, and what it means for the world that more\nand more countries are turning to network-level blocking as the solution\nto their political problems.","end_timestamp":{"seconds":1660346100,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48525],"conference_id":65,"event_ids":[48533],"name":"Roger Dingledine","affiliations":[{"organization":"","title":"The Tor Project"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/RogerDingledine"}],"media":[],"id":47911,"title":"The Tor Project"}],"timeband_id":891,"end":"2022-08-12T23:15:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241819"}],"id":48533,"tag_ids":[45241,45281,45375,45450],"village_id":null,"begin_timestamp":{"seconds":1660343400,"nanoseconds":0},"includes":"Tool","people":[{"tag_id":565,"sort_order":1,"person_id":47911}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 106-110, 138-139 (Track 2)","hotel":"","short_name":"106-110, 138-139 (Track 2)","id":45373},"spans_timebands":"N","begin":"2022-08-12T22:30:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The main point of the presentation is that while Ham Radio appears to be for retired old guys, there is a broad range of awesome stuff being designed, put into space and other new frontiers. The hacker spirit is aligned with these new frontiers and all you need to transmit on approved frequencies is an amateur radio license. Which is not hard at all to get. Slides will go through related discussion topics.\n\n\n","title":"Ham Radio is not just for Dinosaurs, Why hackers need an amateur radio license","type":{"conference_id":65,"conference":"DEFCON30","color":"#74a6bb","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Groups VR","id":45449},"end_timestamp":{"seconds":1660345200,"nanoseconds":0},"android_description":"The main point of the presentation is that while Ham Radio appears to be for retired old guys, there is a broad range of awesome stuff being designed, put into space and other new frontiers. The hacker spirit is aligned with these new frontiers and all you need to transmit on approved frequencies is an amateur radio license. Which is not hard at all to get. Slides will go through related discussion topics.","updated_timestamp":{"seconds":1660257180,"nanoseconds":0},"speakers":[{"content_ids":[49751],"conference_id":65,"event_ids":[49949],"name":"Giglio","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/larrybiggs"}],"media":[],"id":49089}],"timeband_id":891,"links":[{"label":"URL","type":"link","url":"https://account.altvr.com/events/2059997537997160822"}],"end":"2022-08-12T23:00:00.000-0000","id":49949,"begin_timestamp":{"seconds":1660341600,"nanoseconds":0},"tag_ids":[45374,45449],"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49089}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - DEF CON Groups VR","hotel":"","short_name":"DEF CON Groups VR","id":45523},"updated":"2022-08-11T22:33:00.000-0000","begin":"2022-08-12T22:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"The Bug Hunters Methodology – Application Analysis Edition v1.5","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#bab7d9","name":"Recon Village","id":45384},"end_timestamp":{"seconds":1660344600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659974460,"nanoseconds":0},"speakers":[{"content_ids":[49721],"conference_id":65,"event_ids":[49911],"name":"JHaddix","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jhaddix"}],"media":[],"id":49064}],"timeband_id":891,"links":[],"end":"2022-08-12T22:50:00.000-0000","id":49911,"village_id":26,"begin_timestamp":{"seconds":1660341600,"nanoseconds":0},"tag_ids":[40268,45340,45373,45384,45453],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49064}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social B and C (Recon Village)","hotel":"","short_name":"Social B and C (Recon Village)","id":45415},"updated":"2022-08-08T16:01:00.000-0000","begin":"2022-08-12T22:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Our first Union-style debate - come hear the for and against for QKD!\n\n\n","title":"Debate - QKD","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#aae997","name":"Quantum Village","id":45382},"android_description":"Our first Union-style debate - come hear the for and against for QKD!","end_timestamp":{"seconds":1660343400,"nanoseconds":0},"updated_timestamp":{"seconds":1660333020,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-12T22:30:00.000-0000","id":49893,"begin_timestamp":{"seconds":1660341600,"nanoseconds":0},"tag_ids":[40266,45340,45373,45382,45450],"village_id":24,"includes":"","people":[],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 217 (Quantum Village)","hotel":"","short_name":"217 (Quantum Village)","id":45403},"updated":"2022-08-12T19:37:00.000-0000","begin":"2022-08-12T22:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Every week, the Prelude security team builds attack chains that emulate the most notorious threat actors online. The attacks are released in an event called “TTP Tuesday” and each chain can be browsed on chains.prelude.org. For those with an Operator license, the chains pop into the command-and-control (C2) application automatically. For the first time, the author of Operator - along with Prelude security engineers - will walk you through their process of building and releasing these chains. In this workshop, you will learn how to:\r\n\r\n* Evaluate open-source threat intelligence and output it as an attack plan.\r\n* Convert your plan into an actionable set of TTPs called a “chain”.\r\n* Select hosts around your network to test your plan.\r\n* Deploy agents on your selected hosts and execute your chain against them.\r\n* Put your chains on repeat so they’re constantly at work in your environment.\r\n* Package your results into a report that can measure your success.\r\n\r\nYou should expect to be hands-on, with a laptop running Operator. Expect to walk away from this workshop with both knowledge of how to build attack chains and a brand new, unreleased chain that will go out in a future TTP Tuesday event. Attackers use advanced tactics to infiltrate your network and run undetected. Learn how to emulate them so you can get ahead of their game. Proactive adversary emulation leads to better detection, which leads to faster response and a more robust grasp of your current risk profile.\n\n\n","title":"Building Adversary Chains Like an Operator","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#54ab76","name":"Adversary Village","id":45377},"android_description":"Every week, the Prelude security team builds attack chains that emulate the most notorious threat actors online. The attacks are released in an event called “TTP Tuesday” and each chain can be browsed on chains.prelude.org. For those with an Operator license, the chains pop into the command-and-control (C2) application automatically. For the first time, the author of Operator - along with Prelude security engineers - will walk you through their process of building and releasing these chains. In this workshop, you will learn how to:\r\n\r\n* Evaluate open-source threat intelligence and output it as an attack plan.\r\n* Convert your plan into an actionable set of TTPs called a “chain”.\r\n* Select hosts around your network to test your plan.\r\n* Deploy agents on your selected hosts and execute your chain against them.\r\n* Put your chains on repeat so they’re constantly at work in your environment.\r\n* Package your results into a report that can measure your success.\r\n\r\nYou should expect to be hands-on, with a laptop running Operator. Expect to walk away from this workshop with both knowledge of how to build attack chains and a brand new, unreleased chain that will go out in a future TTP Tuesday event. Attackers use advanced tactics to infiltrate your network and run undetected. Learn how to emulate them so you can get ahead of their game. Proactive adversary emulation leads to better detection, which leads to faster response and a more robust grasp of your current risk profile.","end_timestamp":{"seconds":1660348800,"nanoseconds":0},"updated_timestamp":{"seconds":1659888960,"nanoseconds":0},"speakers":[{"content_ids":[49595],"conference_id":65,"event_ids":[49807],"name":"Stephan Wampouille","affiliations":[{"organization":"Prelude Research","title":"Software Engineer"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/stephan-wampouille/"}],"pronouns":null,"media":[],"id":48913,"title":"Software Engineer at Prelude Research"},{"content_ids":[49595],"conference_id":65,"event_ids":[49807],"name":"David Hunt","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/david-hunt-b72864200/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/privateducky"}],"pronouns":null,"media":[],"id":48933}],"timeband_id":891,"links":[],"end":"2022-08-13T00:00:00.000-0000","id":49807,"begin_timestamp":{"seconds":1660341600,"nanoseconds":0},"tag_ids":[40246,45332,45373,45377,45451],"village_id":1,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48933},{"tag_id":565,"sort_order":1,"person_id":48913}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"begin":"2022-08-12T22:00:00.000-0000","updated":"2022-08-07T16:16:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"title":"OSINT Skills Lab Challenge","end_timestamp":{"seconds":1660345200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659679080,"nanoseconds":0},"speakers":[{"content_ids":[49440],"conference_id":65,"event_ids":[49635,49636,49637,49638,49639,49640,49641,49642,49643],"name":"Lee McWhorter","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/lee-mcwhorter/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/tleemcjr"}],"pronouns":null,"media":[],"id":48518},{"content_ids":[49440],"conference_id":65,"event_ids":[49635,49636,49637,49638,49639,49640,49641,49642,49643],"name":"Sandra Stibbards","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/camelotinvestigations/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/camelotinv"}],"media":[],"id":48531}],"timeband_id":891,"links":[],"end":"2022-08-12T23:00:00.000-0000","id":49637,"village_id":27,"tag_ids":[40269,45332,45373,45385,45451],"begin_timestamp":{"seconds":1660341600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48518},{"tag_id":565,"sort_order":1,"person_id":48531}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"spans_timebands":"N","begin":"2022-08-12T22:00:00.000-0000","updated":"2022-08-05T05:58:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"title":"Hacking WebApps with WebSploit Labs","android_description":"","end_timestamp":{"seconds":1660345200,"nanoseconds":0},"updated_timestamp":{"seconds":1659678780,"nanoseconds":0},"speakers":[{"content_ids":[49042,49430,49436,48895],"conference_id":65,"event_ids":[48894,49045,49594,49620,49621,49622,49623,49624,49625,49626],"name":"Omar Santos","affiliations":[{"organization":"Cisco PSIRT","title":"Principal Engineer"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/santosomar"}],"media":[],"id":48470,"title":"Principal Engineer at Cisco PSIRT"}],"timeband_id":891,"links":[],"end":"2022-08-12T23:00:00.000-0000","id":49620,"village_id":27,"begin_timestamp":{"seconds":1660341600,"nanoseconds":0},"tag_ids":[40269,45332,45373,45385,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48470}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"spans_timebands":"N","begin":"2022-08-12T22:00:00.000-0000","updated":"2022-08-05T05:53:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"title":"HackerOps","end_timestamp":{"seconds":1660345200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659678600,"nanoseconds":0},"speakers":[{"content_ids":[49434],"conference_id":65,"event_ids":[49606,49607,49608,49609,49610,49611,49612,49613,49614,49615,49616],"name":"Ralph May","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48825}],"timeband_id":891,"links":[],"end":"2022-08-12T23:00:00.000-0000","id":49608,"tag_ids":[40269,45332,45373,45385,45451],"begin_timestamp":{"seconds":1660341600,"nanoseconds":0},"village_id":27,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48825}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"updated":"2022-08-05T05:50:00.000-0000","begin":"2022-08-12T22:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Cyber Resilience Bootcamp","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"android_description":"","end_timestamp":{"seconds":1660345200,"nanoseconds":0},"updated_timestamp":{"seconds":1659678480,"nanoseconds":0},"speakers":[{"content_ids":[49433],"conference_id":65,"event_ids":[49599,49600,49601,49602,49603,49604,49605],"name":"Ron Taylor","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Gu5G0rman"}],"media":[],"id":48826}],"timeband_id":891,"links":[],"end":"2022-08-12T23:00:00.000-0000","id":49600,"village_id":27,"begin_timestamp":{"seconds":1660341600,"nanoseconds":0},"tag_ids":[40269,45332,45373,45385,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48826}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"updated":"2022-08-05T05:48:00.000-0000","begin":"2022-08-12T22:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Wind energy cybersecurity made headlines in February 2022 when Russian cyberattacks to disrupt Ukrainian command and control infrastructure resulted in an outage of commercial SATCOM networks, impacting the remote communications of 5800 European wind turbines. Surrounding this high-profile attack were other wind energy sector cyber incidents - ransomware attacks at major turbine manufacturers Vestas and Nordex and a cyberattack on the IT systems of wind farm operator Deutsche Windtechnik. This talk will integrate threat intelligence with unique attributes of control system environments in the wind energy sector to bring to light cybersecurity issues facing one of the fastest growing sources of electricity around the world.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#81f8bf","updated_at":"2024-06-07T03:39+0000","name":"ICS Village","id":45369},"title":"Wind Energy Cybersecurity: Novel Environments facing Increased Threats","android_description":"Wind energy cybersecurity made headlines in February 2022 when Russian cyberattacks to disrupt Ukrainian command and control infrastructure resulted in an outage of commercial SATCOM networks, impacting the remote communications of 5800 European wind turbines. Surrounding this high-profile attack were other wind energy sector cyber incidents - ransomware attacks at major turbine manufacturers Vestas and Nordex and a cyberattack on the IT systems of wind farm operator Deutsche Windtechnik. This talk will integrate threat intelligence with unique attributes of control system environments in the wind energy sector to bring to light cybersecurity issues facing one of the fastest growing sources of electricity around the world.","end_timestamp":{"seconds":1660343400,"nanoseconds":0},"updated_timestamp":{"seconds":1659473040,"nanoseconds":0},"speakers":[{"content_ids":[49338],"conference_id":65,"event_ids":[49438],"name":"Meg Egan","affiliations":[{"organization":"Idaho National Lab","title":"Control Systems Cybersecurity Analyst"}],"links":[],"pronouns":null,"media":[],"id":48763,"title":"Control Systems Cybersecurity Analyst at Idaho National Lab"}],"timeband_id":891,"links":[],"end":"2022-08-12T22:30:00.000-0000","id":49438,"tag_ids":[40258,45340,45369,45375,45450],"begin_timestamp":{"seconds":1660341600,"nanoseconds":0},"village_id":15,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48763}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village)","hotel":"","short_name":"314 - 319 (ICS Village)","id":45430},"begin":"2022-08-12T22:00:00.000-0000","updated":"2022-08-02T20:44:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Network Penetration Workshop\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#c497fa","updated_at":"2024-06-07T03:39+0000","name":"Girls Hack Village","id":45361},"title":"Workshop: Network Penetration Testing w HyperQube","android_description":"Network Penetration Workshop","end_timestamp":{"seconds":1660347000,"nanoseconds":0},"updated_timestamp":{"seconds":1659465540,"nanoseconds":0},"speakers":[{"content_ids":[49294,49298,49300,49309],"conference_id":65,"event_ids":[49393,49397,49399,49409],"name":"Tennisha Martin","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"www.linkedin.com/in/tennisha"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/misstennisha"},{"description":"","title":"Website","sort_order":0,"url":"https://tennisha.com"}],"pronouns":null,"media":[],"id":48713},{"content_ids":[49300],"conference_id":65,"event_ids":[49399],"name":"Craig Stevenson","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48717},{"content_ids":[49300],"conference_id":65,"event_ids":[49399],"name":"Kevin Chapman","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48726},{"content_ids":[49300],"conference_id":65,"event_ids":[49399],"name":"Makayla Ferrell","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48727}],"timeband_id":891,"links":[],"end":"2022-08-12T23:30:00.000-0000","id":49399,"tag_ids":[40255,45332,45361,45451],"begin_timestamp":{"seconds":1660341600,"nanoseconds":0},"village_id":12,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48717},{"tag_id":565,"sort_order":1,"person_id":48726},{"tag_id":565,"sort_order":1,"person_id":48727},{"tag_id":565,"sort_order":1,"person_id":48713}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City III (Girls Hack Village)","hotel":"","short_name":"Virginia City III (Girls Hack Village)","id":45400},"spans_timebands":"N","begin":"2022-08-12T22:00:00.000-0000","updated":"2022-08-02T18:39:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":" In this talk, Aakin Patel goes over the unique aspects of IT and cybersecurity at an airport, what makes LAS different from most other airports. After this short overview, there will be a hosted Q&A for whatever questions people have about airport technology and airport cybersecurity.\n\n\n","title":"Ask an Airport CISO","type":{"conference_id":65,"conference":"DEFCON30","color":"#f5eab2","updated_at":"2024-06-07T03:39+0000","name":"Aerospace Village","id":45357},"end_timestamp":{"seconds":1660344600,"nanoseconds":0},"android_description":"In this talk, Aakin Patel goes over the unique aspects of IT and cybersecurity at an airport, what makes LAS different from most other airports. After this short overview, there will be a hosted Q&A for whatever questions people have about airport technology and airport cybersecurity.","updated_timestamp":{"seconds":1659379560,"nanoseconds":0},"speakers":[{"content_ids":[49230],"conference_id":65,"event_ids":[49273],"name":"Aakinn Patel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48671}],"timeband_id":891,"links":[],"end":"2022-08-12T22:50:00.000-0000","id":49273,"village_id":2,"tag_ids":[40247,45340,45357,45450],"begin_timestamp":{"seconds":1660341600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48671}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","updated":"2022-08-01T18:46:00.000-0000","begin":"2022-08-12T22:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Amateur radio can be used to communicate with operators all over the world using voice, Morse code, or even computers. When connected to a computer, our rigs can do anything from text messaging and email to sharing images and tracking weather balloons. There’s something magical about connecting to a device or person across the planet without the modern Internet, but can these connections be abused? Of course, they can! This presentation will review a memory corruption exploit developed to obtain remote code execution via ham radio. The presentation will briefly describe packet radio and APRS before moving on to target selection, fuzzing, reverse engineering, shellcode development, and exploitation. Prior understanding of basic exploit techniques such as simple buffer overflows and SEH overwrites is helpful, but not strictly required.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#ed8d99","updated_at":"2024-06-07T03:39+0000","name":"Ham Radio Village","id":45355},"title":"Hacking Ham Radio: Dropping Shells at 1200 Baud","android_description":"Amateur radio can be used to communicate with operators all over the world using voice, Morse code, or even computers. When connected to a computer, our rigs can do anything from text messaging and email to sharing images and tracking weather balloons. There’s something magical about connecting to a device or person across the planet without the modern Internet, but can these connections be abused? Of course, they can! This presentation will review a memory corruption exploit developed to obtain remote code execution via ham radio. The presentation will briefly describe packet radio and APRS before moving on to target selection, fuzzing, reverse engineering, shellcode development, and exploitation. Prior understanding of basic exploit techniques such as simple buffer overflows and SEH overwrites is helpful, but not strictly required.","end_timestamp":{"seconds":1660345200,"nanoseconds":0},"updated_timestamp":{"seconds":1659309000,"nanoseconds":0},"speakers":[{"content_ids":[49213],"conference_id":65,"event_ids":[49254],"name":"Rick Osgood","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/rickoooooo"},{"description":"","title":"link","sort_order":0,"url":"https://www.richardosgood.com"}],"pronouns":null,"media":[],"id":48665}],"timeband_id":891,"links":[],"end":"2022-08-12T23:00:00.000-0000","id":49254,"tag_ids":[40256,45340,45355,45451],"begin_timestamp":{"seconds":1660341600,"nanoseconds":0},"village_id":13,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48665}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City II (Ham Radio Village Activities)","hotel":"","short_name":"Virginia City II (Ham Radio Village Activities)","id":45489},"spans_timebands":"N","updated":"2022-07-31T23:10:00.000-0000","begin":"2022-08-12T22:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Whether you are a long time Prowler user or if you are just getting started, this workshop will give you the tools to get AWS security up and running and under control at your organization.\r\nWith millions of downloads and a large community of users, Prowler is one of the most used tools when it comes to AWS security assessments, hardening, incident response and security posture monitoring.\r\nProwler has some new features and important changes coming in v3.0. This includes a new check architecture, python support, and a load of new checks for compliance and AWS services. In addition to allowing us to build new checks with the existing bash/aws-cli support we will teach how to do it with python as well and going beyond the AWS API and increasing the coverage of Prowler to get the most of it and adapt it to your requirements.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#7caa57","updated_at":"2024-06-07T03:39+0000","name":"Cloud Village","id":45350},"title":"Prowler Open Source Cloud Security: A Deep Dive Workshop","end_timestamp":{"seconds":1660348800,"nanoseconds":0},"android_description":"Whether you are a long time Prowler user or if you are just getting started, this workshop will give you the tools to get AWS security up and running and under control at your organization.\r\nWith millions of downloads and a large community of users, Prowler is one of the most used tools when it comes to AWS security assessments, hardening, incident response and security posture monitoring.\r\nProwler has some new features and important changes coming in v3.0. This includes a new check architecture, python support, and a load of new checks for compliance and AWS services. In addition to allowing us to build new checks with the existing bash/aws-cli support we will teach how to do it with python as well and going beyond the AWS API and increasing the coverage of Prowler to get the most of it and adapt it to your requirements.","updated_timestamp":{"seconds":1659283980,"nanoseconds":0},"speakers":[{"content_ids":[49188],"conference_id":65,"event_ids":[49224],"name":"Toni de la Fuente","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ToniBlyx"}],"media":[],"id":48638}],"timeband_id":891,"links":[],"end":"2022-08-13T00:00:00.000-0000","id":49224,"begin_timestamp":{"seconds":1660341600,"nanoseconds":0},"village_id":9,"tag_ids":[40252,45332,45350,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48638}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Cloud Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Cloud Village)","id":45431},"spans_timebands":"N","updated":"2022-07-31T16:13:00.000-0000","begin":"2022-08-12T22:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"You’ve got ID theft insurance bundled with other insurance products. No, you can’t unselect the id theft insurance part. No, you can’t have just one of them, & you pay for all of them. They are not valid if you get fooled/tricked. The insurance is not valid if the theft is committed by close relatives. The insurance is not valid if they don’t target you personally, outside of work. They will not cover any monetary losses you may suffer, but will pay lawyers to tell you how to try to clean up your digital life - no guarantees provided. The primary business of the id theft insurance company is building effective customer loyalty programs through data collection & management. Oh, and they will use your personal data to «search for your personal data on the dark web to see if it has already leaked».\r\n\r\nWhat could possibly go wrong?\r\n\r\nThis is my story, after I fell into a rabbit hole of security & privacy issues. Supposedly safe within the EU & GDPR borders governing my privacy.\n\n\n","title":"ID theft insurance - The Emperor’s new clothes?","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ff88ea","name":"Crypto & Privacy Village","id":45347},"android_description":"You’ve got ID theft insurance bundled with other insurance products. No, you can’t unselect the id theft insurance part. No, you can’t have just one of them, & you pay for all of them. They are not valid if you get fooled/tricked. The insurance is not valid if the theft is committed by close relatives. The insurance is not valid if they don’t target you personally, outside of work. They will not cover any monetary losses you may suffer, but will pay lawyers to tell you how to try to clean up your digital life - no guarantees provided. The primary business of the id theft insurance company is building effective customer loyalty programs through data collection & management. Oh, and they will use your personal data to «search for your personal data on the dark web to see if it has already leaked».\r\n\r\nWhat could possibly go wrong?\r\n\r\nThis is my story, after I fell into a rabbit hole of security & privacy issues. Supposedly safe within the EU & GDPR borders governing my privacy.","end_timestamp":{"seconds":1660343400,"nanoseconds":0},"updated_timestamp":{"seconds":1659213600,"nanoseconds":0},"speakers":[{"content_ids":[49146],"conference_id":65,"event_ids":[49182],"name":"Per Thorsheim","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48608}],"timeband_id":891,"links":[],"end":"2022-08-12T22:30:00.000-0000","id":49182,"tag_ids":[40253,45347,45451],"begin_timestamp":{"seconds":1660341600,"nanoseconds":0},"village_id":10,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48608}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"spans_timebands":"N","begin":"2022-08-12T22:00:00.000-0000","updated":"2022-07-30T20:40:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Hardware implants are not a new topic; however, their evolution seems to have stagnated outside of closed source, for-profit solutions. The disadvantage to these is that they lack the customization to adapt to large targeted deployments. Open-source projects exist but focus more on individual workstations (dumb keyboards/terminals), relying on corporate networks for remote control. This leaves a gap that we decided to address with our research. Our solution is an open source, hardware implant which adopts IoT technologies, using non-standard channels to create a remotely managed mesh network of hardware implants. Attendees will learn how we created a new breed of open-source hardware implant, along with lessons that we learned throughout the project. Topics covered in this talk include a detailed dive into the hardware that we used, the evolution of the project from start to finish, the complete design of our project, and our lessons learned along the way. Attendees will also be able to interact with a live version of the project.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#dc99bf","updated_at":"2024-06-07T03:39+0000","name":"Hardware Hacking Village","id":45338},"title":"Injectyll-Hide: Build-Your-Own Hardware Implants","android_description":"Hardware implants are not a new topic; however, their evolution seems to have stagnated outside of closed source, for-profit solutions. The disadvantage to these is that they lack the customization to adapt to large targeted deployments. Open-source projects exist but focus more on individual workstations (dumb keyboards/terminals), relying on corporate networks for remote control. This leaves a gap that we decided to address with our research. Our solution is an open source, hardware implant which adopts IoT technologies, using non-standard channels to create a remotely managed mesh network of hardware implants. Attendees will learn how we created a new breed of open-source hardware implant, along with lessons that we learned throughout the project. Topics covered in this talk include a detailed dive into the hardware that we used, the evolution of the project from start to finish, the complete design of our project, and our lessons learned along the way. Attendees will also be able to interact with a live version of the project.","end_timestamp":{"seconds":1660344300,"nanoseconds":0},"updated_timestamp":{"seconds":1659142320,"nanoseconds":0},"speakers":[{"content_ids":[48751,49104],"conference_id":65,"event_ids":[48741,49134],"name":"Jonathan Fischer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48030},{"content_ids":[48751,49104],"conference_id":65,"event_ids":[48741,49134],"name":"Jeremy Miller","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48031}],"timeband_id":891,"links":[],"end":"2022-08-12T22:45:00.000-0000","id":49134,"begin_timestamp":{"seconds":1660341600,"nanoseconds":0},"village_id":14,"tag_ids":[40257,45338,45340,45373,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48031},{"tag_id":565,"sort_order":1,"person_id":48030}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45440,"name":"Flamingo - Exec Conf Ctr - Red Rock VI, VII, VII (Hardware Hacking Village)","hotel":"","short_name":"Red Rock VI, VII, VII (Hardware Hacking Village)","id":45422},"updated":"2022-07-30T00:52:00.000-0000","begin":"2022-08-12T22:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Lateral movement is the stage in which attackers spread in networks following initial access. so far, reliable detections of lateral movement attacks from a given set of authentications is an unaddressed challenge. This talk will present a new online algorithm for detecting lateral movement attacks which provides one false positive a day, 30 times better than the state-of-the-art algorithms. Our algorithm was trained and tested on data from more than 20 different enterprise environments. The detection method combines domain knowledge, practical machine learning and algorithmic tools. In addition, we will present the offline tool LATMA which collects authentication AD logs, finds suspected lateral movement based on our algorithm and visualises the results. We will explain how to analyse lateral movement attacks using LATMA’s visualisations and demonstrate it.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#7692ac","name":"AI Village","id":45330},"title":"LATMA - Lateral movement analyzer","android_description":"Lateral movement is the stage in which attackers spread in networks following initial access. so far, reliable detections of lateral movement attacks from a given set of authentications is an unaddressed challenge. This talk will present a new online algorithm for detecting lateral movement attacks which provides one false positive a day, 30 times better than the state-of-the-art algorithms. Our algorithm was trained and tested on data from more than 20 different enterprise environments. The detection method combines domain knowledge, practical machine learning and algorithmic tools. In addition, we will present the offline tool LATMA which collects authentication AD logs, finds suspected lateral movement based on our algorithm and visualises the results. We will explain how to analyse lateral movement attacks using LATMA’s visualisations and demonstrate it.","end_timestamp":{"seconds":1660344600,"nanoseconds":0},"updated_timestamp":{"seconds":1659292680,"nanoseconds":0},"speakers":[{"content_ids":[49036],"conference_id":65,"event_ids":[49039],"name":"Gal Sadeh ","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48463}],"timeband_id":891,"links":[],"end":"2022-08-12T22:50:00.000-0000","id":49039,"tag_ids":[40248,45330,45450],"begin_timestamp":{"seconds":1660341600,"nanoseconds":0},"village_id":3,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48463}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (AI Village)","hotel":"","short_name":"220->236 (AI Village)","id":45410},"spans_timebands":"N","updated":"2022-07-31T18:38:00.000-0000","begin":"2022-08-12T22:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"\"How do Cybersecurity professionals decide if they are looking at a false alarm or a breach in progress? The answer is data. Securing an organization is all about data - collecting, storing, analyzing. Where is all this data coming from? How is it being used and when? What are the causes of data duplication throughout this practice and when is it necessary?\r\nIn this talk we will discuss these subjects in detail, review different models and their strengths and weaknesses.\"\n\n\n","title":"No bricks without clay - Data Fusion and Duplication in Cybersecurity","type":{"conference_id":65,"conference":"DEFCON30","color":"#ef47d8","updated_at":"2024-06-07T03:39+0000","name":"Data Duplication Village","id":45328},"end_timestamp":{"seconds":1660345200,"nanoseconds":0},"android_description":"\"How do Cybersecurity professionals decide if they are looking at a false alarm or a breach in progress? The answer is data. Securing an organization is all about data - collecting, storing, analyzing. Where is all this data coming from? How is it being used and when? What are the causes of data duplication throughout this practice and when is it necessary?\r\nIn this talk we will discuss these subjects in detail, review different models and their strengths and weaknesses.\"","updated_timestamp":{"seconds":1659070320,"nanoseconds":0},"speakers":[{"content_ids":[49002],"conference_id":65,"event_ids":[49005],"name":"Lior Kolnik","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48436}],"timeband_id":891,"links":[],"end":"2022-08-12T23:00:00.000-0000","id":49005,"begin_timestamp":{"seconds":1660341600,"nanoseconds":0},"village_id":11,"tag_ids":[40254,45328,45373,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48436}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45440,"name":"Flamingo - Exec Conf Ctr - Lake Meade and Valley of Fire (Data Duplication Village)","hotel":"","short_name":"Lake Meade and Valley of Fire (Data Duplication Village)","id":45423},"spans_timebands":"N","begin":"2022-08-12T22:00:00.000-0000","updated":"2022-07-29T04:52:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Working in banking, merchant services providers such as Klarna, and conducting forensic investigations, there are some important considerations about how to implement 2FA that is resilient to the human factor. Larsbodian will discuss actual experiences in fraud and account takeover and how vulnerabilities in how 2FA works when combined with humans can be mitigated.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#c3a2fb","updated_at":"2024-06-07T03:39+0000","name":"Retail Hacking Village","id":45327},"title":"Mitigating vulnerabilities in two-factor authentication in preventing account takeover","android_description":"Working in banking, merchant services providers such as Klarna, and conducting forensic investigations, there are some important considerations about how to implement 2FA that is resilient to the human factor. Larsbodian will discuss actual experiences in fraud and account takeover and how vulnerabilities in how 2FA works when combined with humans can be mitigated.","end_timestamp":{"seconds":1660345200,"nanoseconds":0},"updated_timestamp":{"seconds":1659067380,"nanoseconds":0},"speakers":[{"content_ids":[48996,48997],"conference_id":65,"event_ids":[48998,48999],"name":"Larsbodian","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48434}],"timeband_id":891,"links":[],"end":"2022-08-12T23:00:00.000-0000","id":48998,"begin_timestamp":{"seconds":1660341600,"nanoseconds":0},"tag_ids":[40270,45327,45373,45447,45450],"village_id":28,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48434}],"tags":"Discussion","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 310, 320 (Retail Hacking Village)","hotel":"","short_name":"310, 320 (Retail Hacking Village)","id":45408},"spans_timebands":"N","updated":"2022-07-29T04:03:00.000-0000","begin":"2022-08-12T22:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Panel Discussion discussing how evolving techniques for defenders is amplified, from some of the teams behind the blogs.\n\n\nPanel Discussion discussing how evolving techniques for defenders is amplified, from some of the teams behind the blogs.","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#97ab92","name":"Blue Team Village","id":45376},"title":"Heavyweights: Threat Hunting at Scale","android_description":"Panel Discussion discussing how evolving techniques for defenders is amplified, from some of the teams behind the blogs.\n\n\nPanel Discussion discussing how evolving techniques for defenders is amplified, from some of the teams behind the blogs.","end_timestamp":{"seconds":1660345200,"nanoseconds":0},"updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48901],"conference_id":65,"event_ids":[48904],"name":"Ashlee Benge","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48320},{"content_ids":[48901],"conference_id":65,"event_ids":[48904],"name":"nohackme","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48347},{"content_ids":[48901],"conference_id":65,"event_ids":[48904],"name":"Ryan Kovar","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48352},{"content_ids":[48901],"conference_id":65,"event_ids":[48904],"name":"Sherrod DeGrippo","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48356},{"content_ids":[48901,48926,49574],"conference_id":65,"event_ids":[48904,48927,49786],"name":"Jamie Williams","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jamieantisocial"}],"media":[],"id":48379},{"content_ids":[48901],"conference_id":65,"event_ids":[48904],"name":"Sean Zadig","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48385}],"timeband_id":891,"links":[],"end":"2022-08-12T23:00:00.000-0000","id":48904,"tag_ids":[40250,45340,45348,45374,45376],"village_id":7,"begin_timestamp":{"seconds":1660341600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48320},{"tag_id":565,"sort_order":1,"person_id":48379},{"tag_id":565,"sort_order":1,"person_id":48352},{"tag_id":565,"sort_order":1,"person_id":48385},{"tag_id":565,"sort_order":1,"person_id":48356},{"tag_id":565,"sort_order":1,"person_id":48347}],"tags":"Pre-Recorded Content, Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Main Stage (In-person)","hotel":"","short_name":"BTV Main Stage (In-person)","id":45470},"updated":"2022-07-28T21:38:00.000-0000","begin":"2022-08-12T22:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"This presentation will show a new method of dumping LSASS that bypasses current EDR defenses without using a vulnerability but by abusing a built-in mechanism in the Windows environment which is the WER (Windows Error Reporting) service. \r\n\r\nWER is a built-in system in Windows designed to gather information about software crashes. One of its main features is producing a memory dump of crashing user-mode processes for further analysis.\r\n\r\nWe will present in detail and demo a new attack vector for dumping LSASS, which we dubbed LSASS Shtinkering, by manually reporting an exception to WER on the LSASS process without crashing it. The technique can also be used to dump the memory of any other process of interest on the system.\r\n\r\nThis attack can bypass defenses that wrongfully assume that a memory dump generated from the WER service is always a benign or non-attacker triggered activity.\r\n\r\nThe talk will take the audience through the steps and approach of how we reverse-engineered the WER dumping process, the challenges we found along the way, as well as how we have managed to solve them.\n\n\n","title":"LSASS Shtinkering: Abusing Windows Error Reporting to Dump LSASS","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"end_timestamp":{"seconds":1660344300,"nanoseconds":0},"android_description":"This presentation will show a new method of dumping LSASS that bypasses current EDR defenses without using a vulnerability but by abusing a built-in mechanism in the Windows environment which is the WER (Windows Error Reporting) service. \r\n\r\nWER is a built-in system in Windows designed to gather information about software crashes. One of its main features is producing a memory dump of crashing user-mode processes for further analysis.\r\n\r\nWe will present in detail and demo a new attack vector for dumping LSASS, which we dubbed LSASS Shtinkering, by manually reporting an exception to WER on the LSASS process without crashing it. The technique can also be used to dump the memory of any other process of interest on the system.\r\n\r\nThis attack can bypass defenses that wrongfully assume that a memory dump generated from the WER service is always a benign or non-attacker triggered activity.\r\n\r\nThe talk will take the audience through the steps and approach of how we reverse-engineered the WER dumping process, the challenges we found along the way, as well as how we have managed to solve them.","updated_timestamp":{"seconds":1659366180,"nanoseconds":0},"speakers":[{"content_ids":[48524],"conference_id":65,"event_ids":[48555],"name":"Asaf Gilboa","affiliations":[{"organization":"","title":"Security Researcher, Deep Instinct"}],"links":[],"pronouns":null,"media":[],"id":47924,"title":"Security Researcher, Deep Instinct"},{"content_ids":[48524],"conference_id":65,"event_ids":[48555],"name":"Ron Ben Yitzhak","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48015}],"timeband_id":891,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241942"}],"end":"2022-08-12T22:45:00.000-0000","id":48555,"tag_ids":[45241,45279,45281,45375,45450],"village_id":null,"begin_timestamp":{"seconds":1660341600,"nanoseconds":0},"includes":"Tool, Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47924},{"tag_id":565,"sort_order":1,"person_id":48015}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 401-410, 421 (Track 3)","hotel":"","short_name":"401-410, 421 (Track 3)","id":45374},"spans_timebands":"N","updated":"2022-08-01T15:03:00.000-0000","begin":"2022-08-12T22:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In this presentation, we go over the main challenges we faced during our analysis of the top selling router in a local eCommerce, and how we found a zero-click remote unauthenticated RCE vulnerability. We will do a walkthrough on how we located the root cause of this vulnerability and found that it was ingrained in Realtek’s implementation of a networking functionality in its SDK for eCos devices. \n\nWe then present the method we used to automate the detection of this vulnerability in other firmware images. We reflect on the fact that on most routers this functionality is not even documented and can’t be disabled via the router’s web interface. We take this as an example of the hidden attack surface that lurks in OEM internet-connected devices.\n\nWe conclude by discussing why this vulnerability hasn’t been reported yet, despite being easy to spot (having no prior IoT experience), widespread (affecting multiple devices from different vendors), and critical.\n\nOur research highlights the poor state of firmware security, where vulnerable code introduced down the supply chain might never get reviewed and end up having a great impact, evidencing that security is not a priority for the vendors and opening the possibility for attackers to find high impact bugs with low investment and little prior knowledge.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"title":"Exploring the hidden attack surface of OEM IoT devices: pwning thousands of routers with a vulnerability in Realtek’s SDK for eCos OS.","end_timestamp":{"seconds":1660344300,"nanoseconds":0},"android_description":"In this presentation, we go over the main challenges we faced during our analysis of the top selling router in a local eCommerce, and how we found a zero-click remote unauthenticated RCE vulnerability. We will do a walkthrough on how we located the root cause of this vulnerability and found that it was ingrained in Realtek’s implementation of a networking functionality in its SDK for eCos devices. \n\nWe then present the method we used to automate the detection of this vulnerability in other firmware images. We reflect on the fact that on most routers this functionality is not even documented and can’t be disabled via the router’s web interface. We take this as an example of the hidden attack surface that lurks in OEM internet-connected devices.\n\nWe conclude by discussing why this vulnerability hasn’t been reported yet, despite being easy to spot (having no prior IoT experience), widespread (affecting multiple devices from different vendors), and critical.\n\nOur research highlights the poor state of firmware security, where vulnerable code introduced down the supply chain might never get reviewed and end up having a great impact, evidencing that security is not a priority for the vendors and opening the possibility for attackers to find high impact bugs with low investment and little prior knowledge.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48523],"conference_id":65,"event_ids":[48510],"name":"Octavio Galland","affiliations":[{"organization":"","title":"Security Researcher at Faraday"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/GallandOctavio"}],"media":[],"id":47859,"title":"Security Researcher at Faraday"},{"content_ids":[48523],"conference_id":65,"event_ids":[48510],"name":"Octavio Gianatiempo","affiliations":[{"organization":"","title":"Security Researcher at Faraday"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ogianatiempo"}],"media":[],"id":47901,"title":"Security Researcher at Faraday"}],"timeband_id":891,"end":"2022-08-12T22:45:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241835"}],"id":48510,"tag_ids":[45241,45375,45450],"village_id":null,"begin_timestamp":{"seconds":1660341600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47859},{"tag_id":565,"sort_order":1,"person_id":47901}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 104-105, 135-136 (Track 1)","hotel":"","short_name":"104-105, 135-136 (Track 1)","id":45372},"spans_timebands":"N","begin":"2022-08-12T22:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Threat actors have elevated their attacks against cloud environments through the direct targeting and usage of Identity and Access Management (IAM) resources. Successful attacks not only expose the wider customer cloud environment workloads but also expose a defender's inability to successfully track the total scope of the incident using only a single cloud visibility tool. I have been tracking the evolution of cloud targeted threats and the threat actors behind them, what I have found is that actors who target cloud environments have begun to use techniques that are solely unique to cloud environments. So much so, that the Unit 42 threat intelligence team and I found it necessary to define these actors as Cloud Threat Actors. \"\"An individual or group posing a threat to organizations through directed and sustained access to cloud platform resources, services or embedded metadata.\"\"\r\n\r\nIn this talk, we will guide the audience through the first-ever Cloud Threat Actor Index detailing the targeting cloud environments, who are behind these attacks, how they are targeting and leveraging techniques unique to cloud environments, and most importantly how poorly defined IAM identities open the biggest holes. We will also give the audience the knowledge needed to properly harden their cloud environments by illustrating how the most successful cloud-targeted attacks have occurred. IAM is the first line of defense in your cloud, knowing how attackers target and leverage IAM resources to evade detection is the best tool we have to properly defend your entire cloud infrastructure.\n\n\n","title":"Cloud Threat Actors: No longer cryptojacking for fun and profit","type":{"conference_id":65,"conference":"DEFCON30","color":"#a8c24b","updated_at":"2024-06-07T03:39+0000","name":"Skytalk","id":45291},"end_timestamp":{"seconds":1660344300,"nanoseconds":0},"android_description":"Threat actors have elevated their attacks against cloud environments through the direct targeting and usage of Identity and Access Management (IAM) resources. Successful attacks not only expose the wider customer cloud environment workloads but also expose a defender's inability to successfully track the total scope of the incident using only a single cloud visibility tool. I have been tracking the evolution of cloud targeted threats and the threat actors behind them, what I have found is that actors who target cloud environments have begun to use techniques that are solely unique to cloud environments. So much so, that the Unit 42 threat intelligence team and I found it necessary to define these actors as Cloud Threat Actors. \"\"An individual or group posing a threat to organizations through directed and sustained access to cloud platform resources, services or embedded metadata.\"\"\r\n\r\nIn this talk, we will guide the audience through the first-ever Cloud Threat Actor Index detailing the targeting cloud environments, who are behind these attacks, how they are targeting and leveraging techniques unique to cloud environments, and most importantly how poorly defined IAM identities open the biggest holes. We will also give the audience the knowledge needed to properly harden their cloud environments by illustrating how the most successful cloud-targeted attacks have occurred. IAM is the first line of defense in your cloud, knowing how attackers target and leverage IAM resources to evade detection is the best tool we have to properly defend your entire cloud infrastructure.","updated_timestamp":{"seconds":1658865240,"nanoseconds":0},"speakers":[{"content_ids":[48705],"conference_id":65,"event_ids":[48713],"name":"Nathaniel Quist","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/qcuequeue"}],"pronouns":null,"media":[],"id":47989}],"timeband_id":891,"links":[],"end":"2022-08-12T22:45:00.000-0000","id":48713,"village_id":30,"tag_ids":[40272,45291,45340,45373,45453],"begin_timestamp":{"seconds":1660341300,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47989}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45438,"name":"LINQ - BLOQ (SkyTalks 303)","hotel":"","short_name":"BLOQ (SkyTalks 303)","id":45413},"updated":"2022-07-26T19:54:00.000-0000","begin":"2022-08-12T21:55:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Everyone from security teams to CISOs wants to ingrain threat modeling across the organization, but how do you teach threat modeling that sticks? We’ll provide a two-hour security threat modeling workshop to engage participants and help them put security-focused threat modeling into action. Each session contains real-world, hands-on exercises, where participants review various data flow diagrams, identify threats and mitigations, and share results.\n\n\n","title":"Hands-on threat modeling","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#5978bc","name":"AppSec Village","id":45378},"android_description":"Everyone from security teams to CISOs wants to ingrain threat modeling across the organization, but how do you teach threat modeling that sticks? We’ll provide a two-hour security threat modeling workshop to engage participants and help them put security-focused threat modeling into action. Each session contains real-world, hands-on exercises, where participants review various data flow diagrams, identify threats and mitigations, and share results.","end_timestamp":{"seconds":1660347900,"nanoseconds":0},"updated_timestamp":{"seconds":1659917160,"nanoseconds":0},"speakers":[{"content_ids":[49637],"conference_id":65,"event_ids":[49821],"name":"Chris Romeo","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/securityjourney/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/edgeroute"}],"pronouns":null,"media":[],"id":49012}],"timeband_id":891,"links":[],"end":"2022-08-12T23:45:00.000-0000","id":49821,"begin_timestamp":{"seconds":1660340700,"nanoseconds":0},"village_id":4,"tag_ids":[40278,45332,45345,45378,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49012}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45421,"name":"Flamingo - Twilight Ballroom - AppSec Village - Main Stage","hotel":"","short_name":"Main Stage","id":45517},"spans_timebands":"N","updated":"2022-08-08T00:06:00.000-0000","begin":"2022-08-12T21:45:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In this talk we will explore 3 different ideas that could be used for data exfiltration after successful compromise. These techniques, while simple, are quite different from the traditional DNS, SMB, HTTP(S), SMTP abuse cases that have been covered deeply and described in the MITRE ATT&CK framework. Source code for each proof of concept code will be made available after the talk.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#54ab76","updated_at":"2024-06-07T03:39+0000","name":"Adversary Village","id":45377},"title":"Exotic data exfiltration","android_description":"In this talk we will explore 3 different ideas that could be used for data exfiltration after successful compromise. These techniques, while simple, are quite different from the traditional DNS, SMB, HTTP(S), SMTP abuse cases that have been covered deeply and described in the MITRE ATT&CK framework. Source code for each proof of concept code will be made available after the talk.","end_timestamp":{"seconds":1660341600,"nanoseconds":0},"updated_timestamp":{"seconds":1659888420,"nanoseconds":0},"speakers":[{"content_ids":[49577],"conference_id":65,"event_ids":[49789],"name":"Jean-Michel Amblat","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/jmamblat/"}],"media":[],"id":48925}],"timeband_id":891,"links":[],"end":"2022-08-12T22:00:00.000-0000","id":49789,"begin_timestamp":{"seconds":1660340400,"nanoseconds":0},"tag_ids":[40246,45331,45373,45377,45451],"village_id":1,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48925}],"tags":"Lightning Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"spans_timebands":"N","begin":"2022-08-12T21:40:00.000-0000","updated":"2022-08-07T16:07:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Most Software Defined Radios (SDRs) process a wide range of frequencies usually ranging from few MHz to multiple GHz where different antennas are used to pick up signals in a specific subset of that range. All applications using SDR require antennas to operate efficiently at very specific frequencies. Most inexpensive commercial antennas are designed either for wider ranges with lower gain over the entire range or very specific known frequencies with higher gain. The problem occurs when the researcher performs an assessment of a device and requires the use of specific frequency for which an antenna with high gain is not readily available. Most security researchers within wireless domain have outlined that their specific attack or exploit could be executed at higher range if antenna had better gain at that specific frequency. This talk focuses on bridging that gap by providing a way for researchers to create their own patch antennas without deep electrical engineering experience.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8826b","updated_at":"2024-06-07T03:39+0000","name":"Radio Frequency Village","id":45383},"title":"Have a Software Defined Radio? - Design and make your own antennas","android_description":"Most Software Defined Radios (SDRs) process a wide range of frequencies usually ranging from few MHz to multiple GHz where different antennas are used to pick up signals in a specific subset of that range. All applications using SDR require antennas to operate efficiently at very specific frequencies. Most inexpensive commercial antennas are designed either for wider ranges with lower gain over the entire range or very specific known frequencies with higher gain. The problem occurs when the researcher performs an assessment of a device and requires the use of specific frequency for which an antenna with high gain is not readily available. Most security researchers within wireless domain have outlined that their specific attack or exploit could be executed at higher range if antenna had better gain at that specific frequency. This talk focuses on bridging that gap by providing a way for researchers to create their own patch antennas without deep electrical engineering experience.","end_timestamp":{"seconds":1660343400,"nanoseconds":0},"updated_timestamp":{"seconds":1659928560,"nanoseconds":0},"speakers":[{"content_ids":[49661],"conference_id":65,"event_ids":[49849],"name":"Erwin","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49026}],"timeband_id":891,"links":[],"end":"2022-08-12T22:30:00.000-0000","id":49849,"tag_ids":[40267,45340,45373,45383,45451],"village_id":25,"begin_timestamp":{"seconds":1660339800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49026}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Eldorado Ballroom (Radio Frequency Village)","hotel":"","short_name":"Eldorado Ballroom (Radio Frequency Village)","id":45427},"updated":"2022-08-08T03:16:00.000-0000","begin":"2022-08-12T21:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Adversary Simulator booth will have hands-on adversary emulation plans specific to a wide variety of threat-actors - ransomware, these are meant to provide the participant/visitor with a better understanding of the Adversary tactics.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#54ab76","updated_at":"2024-06-07T03:39+0000","name":"Adversary Village","id":45377},"title":"Adversary Booth","android_description":"Adversary Simulator booth will have hands-on adversary emulation plans specific to a wide variety of threat-actors - ransomware, these are meant to provide the participant/visitor with a better understanding of the Adversary tactics.","end_timestamp":{"seconds":1660350600,"nanoseconds":0},"updated_timestamp":{"seconds":1659886380,"nanoseconds":0},"speakers":[{"content_ids":[49570],"conference_id":65,"event_ids":[49776,49778,49779,49780,49781],"name":"Michael Kouremetis","affiliations":[{"organization":"MITRE Corporation","title":"Lead Cyber Operations Engineer and Group Lead"}],"links":[],"pronouns":null,"media":[],"id":48920,"title":"Lead Cyber Operations Engineer and Group Lead at MITRE Corporation"},{"content_ids":[49570],"conference_id":65,"event_ids":[49776,49778,49779,49780,49781],"name":"Melanie Chan","affiliations":[{"organization":"MITRE Corporation","title":"Senior Cybersecurity Engineer & Intern Coordinator"}],"links":[],"pronouns":null,"media":[],"id":48921,"title":"Senior Cybersecurity Engineer & Intern Coordinator at MITRE Corporation"},{"content_ids":[49570],"conference_id":65,"event_ids":[49776,49778,49779,49780,49781],"name":"Ethan Michalak","affiliations":[{"organization":"MITRE Corporation","title":"Cyber Security Intern"}],"links":[],"pronouns":null,"media":[],"id":48930,"title":"Cyber Security Intern at MITRE Corporation"},{"content_ids":[49570],"conference_id":65,"event_ids":[49776,49778,49779,49780,49781],"name":"Dean Lawrence","affiliations":[{"organization":"MITRE Corporation","title":"Software Systems Engineer"}],"links":[],"pronouns":null,"media":[],"id":48932,"title":"Software Systems Engineer at MITRE Corporation"},{"content_ids":[49570],"conference_id":65,"event_ids":[49776,49778,49779,49780,49781],"name":"Jay Yee","affiliations":[{"organization":"MITRE Corporation","title":"Senior Cyber Security Engineer, Defensive Cyber Operations"}],"links":[],"pronouns":null,"media":[],"id":48946,"title":"Senior Cyber Security Engineer, Defensive Cyber Operations at MITRE Corporation"}],"timeband_id":891,"links":[],"end":"2022-08-13T00:30:00.000-0000","id":49778,"begin_timestamp":{"seconds":1660339800,"nanoseconds":0},"village_id":1,"tag_ids":[40246,45364,45373,45377,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48932},{"tag_id":565,"sort_order":1,"person_id":48930},{"tag_id":565,"sort_order":1,"person_id":48946},{"tag_id":565,"sort_order":1,"person_id":48921},{"tag_id":565,"sort_order":1,"person_id":48920}],"tags":"Educational Event","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"spans_timebands":"N","updated":"2022-08-07T15:33:00.000-0000","begin":"2022-08-12T21:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"This workshop is on Messages to Extra-Terrestrial Intelligence (METI) and their principles. During the workshop, you will decode an active METI and then you will work together to think about, design, and create the next active METI. We will broadcast the workshop’s fan favorite METI over VHF to Proxima b in the Alpha Centauri System, as decided by the discord.\n\n\n","title":"How to have an extraterrestrial conversation. Active METI Principles and Hackathon!","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#a67a60","name":"Biohacking Village","id":45329},"android_description":"This workshop is on Messages to Extra-Terrestrial Intelligence (METI) and their principles. During the workshop, you will decode an active METI and then you will work together to think about, design, and create the next active METI. We will broadcast the workshop’s fan favorite METI over VHF to Proxima b in the Alpha Centauri System, as decided by the discord.","end_timestamp":{"seconds":1660345200,"nanoseconds":0},"updated_timestamp":{"seconds":1659747780,"nanoseconds":0},"speakers":[{"content_ids":[49454],"conference_id":65,"event_ids":[49660],"name":"Chris Richardson","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48831},{"content_ids":[49454],"conference_id":65,"event_ids":[49660],"name":"Éanna Doyle","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48832}],"timeband_id":891,"links":[],"end":"2022-08-12T23:00:00.000-0000","id":49660,"village_id":5,"tag_ids":[40277,45329,45340,45373,45451],"begin_timestamp":{"seconds":1660339800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48831},{"tag_id":565,"sort_order":1,"person_id":48832}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Laughlin I,II,III (Biohacking Village)","hotel":"","short_name":"Laughlin I,II,III (Biohacking Village)","id":45405},"updated":"2022-08-06T01:03:00.000-0000","begin":"2022-08-12T21:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Traditional RFID badge cloning methods require you to be within 3 feet of your target. So how can you conduct a physical penetration test and clone a badge if you must stay at least 6 feet from a person? Over the past two years, companies have increasingly adopted a hybrid work environment, allowing employees to partially work remotely which has decreased the amount of foot traffic in and out of a building at any given time. This session discusses two accessible, entry-level hardware designs you can build in a day and deploy in the field, along with the tried-and-true social engineering techniques that can increase your chances of remotely cloning an RFID badge. Langston and Dan discuss their Red Team adventures and methods that can be used beyond a social distancing era. This presentation is supplemented with files and instructions that are available for download in order to build your own standalone gooseneck reader and wall implant devices!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#61ba95","name":"Physical Security Village","id":45381},"title":"Pwning RFID From 6ft Away","android_description":"Traditional RFID badge cloning methods require you to be within 3 feet of your target. So how can you conduct a physical penetration test and clone a badge if you must stay at least 6 feet from a person? Over the past two years, companies have increasingly adopted a hybrid work environment, allowing employees to partially work remotely which has decreased the amount of foot traffic in and out of a building at any given time. This session discusses two accessible, entry-level hardware designs you can build in a day and deploy in the field, along with the tried-and-true social engineering techniques that can increase your chances of remotely cloning an RFID badge. Langston and Dan discuss their Red Team adventures and methods that can be used beyond a social distancing era. This presentation is supplemented with files and instructions that are available for download in order to build your own standalone gooseneck reader and wall implant devices!","end_timestamp":{"seconds":1660341600,"nanoseconds":0},"updated_timestamp":{"seconds":1659624300,"nanoseconds":0},"speakers":[{"content_ids":[49396,49659],"conference_id":65,"event_ids":[49543,49555,49847],"name":"Daniel Goga","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/_badcharacters"}],"pronouns":null,"media":[],"id":48799},{"content_ids":[49396,49659],"conference_id":65,"event_ids":[49543,49555,49847],"name":"Langston Clement (aka sh0ck)","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/sh0ckSec"}],"pronouns":null,"media":[],"id":48802}],"timeband_id":891,"links":[],"end":"2022-08-12T22:00:00.000-0000","id":49543,"tag_ids":[40264,45340,45373,45381,45450],"village_id":22,"begin_timestamp":{"seconds":1660339800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48799},{"tag_id":565,"sort_order":1,"person_id":48802}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 201-202 (Physical Security Village)","hotel":"","short_name":"201-202 (Physical Security Village)","id":45428},"updated":"2022-08-04T14:45:00.000-0000","begin":"2022-08-12T21:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"This talk will explain how we were able to get real-world car hacking equipment for mileage clocking up and running in our own vehicle hacking simulator in order to help us reverse engineer and also demo it (without getting arrested). David Rogers will also explain how rigs can be built to include in other types of equipment, from head units to dashcams. He will show how the rig has also been adapted to allow others to ‘remotely control’ elements of the vehicle – including removing the brakes and accelerator, which provides a truly terrifying, immersive experience (with motion) of what it would be like to be in car where things are in the control of a malicious third party, not the driver. The talk will conclude with what needs to be done in the future autonomous and connected vehicle space to ensure safety and security.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#b9b1c5","name":"Car Hacking Village","id":45352},"title":"Integrating mileage clocking and other hacking equipment into a vehicle simulator rig","end_timestamp":{"seconds":1660342200,"nanoseconds":0},"android_description":"This talk will explain how we were able to get real-world car hacking equipment for mileage clocking up and running in our own vehicle hacking simulator in order to help us reverse engineer and also demo it (without getting arrested). David Rogers will also explain how rigs can be built to include in other types of equipment, from head units to dashcams. He will show how the rig has also been adapted to allow others to ‘remotely control’ elements of the vehicle – including removing the brakes and accelerator, which provides a truly terrifying, immersive experience (with motion) of what it would be like to be in car where things are in the control of a malicious third party, not the driver. The talk will conclude with what needs to be done in the future autonomous and connected vehicle space to ensure safety and security.","updated_timestamp":{"seconds":1659587340,"nanoseconds":0},"speakers":[{"content_ids":[49387],"conference_id":65,"event_ids":[49534],"name":"David Rogers","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48794}],"timeband_id":891,"links":[],"end":"2022-08-12T22:10:00.000-0000","id":49534,"tag_ids":[40251,45340,45348,45352,45374],"begin_timestamp":{"seconds":1660339800,"nanoseconds":0},"village_id":8,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48794}],"tags":"Talk, Pre-Recorded Content","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - Car Hacking Village","hotel":"","short_name":"Car Hacking Village","id":45487},"spans_timebands":"N","begin":"2022-08-12T21:30:00.000-0000","updated":"2022-08-04T04:29:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Discussion around experiences and challenges within the first year of cybersecurity.\n\n\n","title":"First Year in Cyber","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#c497fa","name":"Girls Hack Village","id":45361},"android_description":"Discussion around experiences and challenges within the first year of cybersecurity.","end_timestamp":{"seconds":1660341600,"nanoseconds":0},"updated_timestamp":{"seconds":1659465480,"nanoseconds":0},"speakers":[{"content_ids":[49299],"conference_id":65,"event_ids":[49398],"name":"Crystal Phinn","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/crystalphinn/"}],"media":[],"id":48718},{"content_ids":[49299],"conference_id":65,"event_ids":[49398],"name":"T. Halloway","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48737}],"timeband_id":891,"links":[],"end":"2022-08-12T22:00:00.000-0000","id":49398,"village_id":12,"begin_timestamp":{"seconds":1660339800,"nanoseconds":0},"tag_ids":[40255,45340,45361,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48718},{"tag_id":565,"sort_order":1,"person_id":48737}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City III (Girls Hack Village)","hotel":"","short_name":"Virginia City III (Girls Hack Village)","id":45400},"spans_timebands":"N","begin":"2022-08-12T21:30:00.000-0000","updated":"2022-08-02T18:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"States have been taking the lead to address privacy. Last year, multiple states introduced or strengthened their privacy laws, and in 2022 several states are primed to do the same. But these new laws raise concerns for both the public and companies. Some of these new privacy laws don’t match public perception and worries related to privacy. In addition, these new laws are being crafted by state legislators that few people voted for. Voter turnout in local elections is historically low, and the people who vote in these elections don’t reflect the demographics of their districts. Even still, these new laws can be great for consumers. But it often leaves companies, especially small and medium-sized ones, struggling to address this new normal and leaving communities with regulations that they aren’t prepared for. Companies working nationally or even regionally must navigate multiple state privacy demands. This presentation will provide an update on these new laws and how they compare to public perception of privacy. Next, we will examine their impact on privacy and security, outline some common characteristics of these laws, and provide tips for companies to be privacy compliant. Finally, we talk about ways the public can shape these new laws.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#ff88ea","updated_at":"2024-06-07T03:39+0000","name":"Crypto & Privacy Village","id":45347},"title":"The Multiverse of Madness: Navigating the 50-State Approach to Privacy and Security","end_timestamp":{"seconds":1660341600,"nanoseconds":0},"android_description":"States have been taking the lead to address privacy. Last year, multiple states introduced or strengthened their privacy laws, and in 2022 several states are primed to do the same. But these new laws raise concerns for both the public and companies. Some of these new privacy laws don’t match public perception and worries related to privacy. In addition, these new laws are being crafted by state legislators that few people voted for. Voter turnout in local elections is historically low, and the people who vote in these elections don’t reflect the demographics of their districts. Even still, these new laws can be great for consumers. But it often leaves companies, especially small and medium-sized ones, struggling to address this new normal and leaving communities with regulations that they aren’t prepared for. Companies working nationally or even regionally must navigate multiple state privacy demands. This presentation will provide an update on these new laws and how they compare to public perception of privacy. Next, we will examine their impact on privacy and security, outline some common characteristics of these laws, and provide tips for companies to be privacy compliant. Finally, we talk about ways the public can shape these new laws.","updated_timestamp":{"seconds":1659213600,"nanoseconds":0},"speakers":[{"content_ids":[49145],"conference_id":65,"event_ids":[49181],"name":"Anthony Hendricks","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48590}],"timeband_id":891,"links":[],"end":"2022-08-12T22:00:00.000-0000","id":49181,"village_id":10,"tag_ids":[40253,45347,45451],"begin_timestamp":{"seconds":1660339800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48590}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"spans_timebands":"N","begin":"2022-08-12T21:30:00.000-0000","updated":"2022-07-30T20:40:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#d5f67c","updated_at":"2024-06-07T03:39+0000","name":"Misinformation Village","id":45335},"title":"Fireside Chat","end_timestamp":{"seconds":1660345200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659128100,"nanoseconds":0},"speakers":[{"content_ids":[49059,49060],"conference_id":65,"event_ids":[49062,49063],"name":"Adam Hickey","affiliations":[{"organization":"Department of Justice","title":""}],"links":[],"pronouns":null,"media":[],"id":48477,"title":"Department of Justice"},{"content_ids":[49058,49060],"conference_id":65,"event_ids":[49061,49063],"name":"Jennifer Mathieu","affiliations":[{"organization":"Graphika","title":""}],"links":[],"pronouns":null,"media":[],"id":48483,"title":"Graphika"}],"timeband_id":891,"links":[],"end":"2022-08-12T23:00:00.000-0000","id":49063,"tag_ids":[40260,45334,45335,45450],"begin_timestamp":{"seconds":1660339800,"nanoseconds":0},"village_id":18,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48477},{"tag_id":565,"sort_order":1,"person_id":48483}],"tags":"Fireside Chat","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (Misinformation Village)","hotel":"","short_name":"220->236 (Misinformation Village)","id":45402},"begin":"2022-08-12T21:30:00.000-0000","updated":"2022-07-29T20:55:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"FARA and DOJ’s Approach to Disinformation","type":{"conference_id":65,"conference":"DEFCON30","color":"#d5f67c","updated_at":"2024-06-07T03:39+0000","name":"Misinformation Village","id":45335},"android_description":"","end_timestamp":{"seconds":1660345200,"nanoseconds":0},"updated_timestamp":{"seconds":1659128100,"nanoseconds":0},"speakers":[{"content_ids":[49059,49060],"conference_id":65,"event_ids":[49062,49063],"name":"Adam Hickey","affiliations":[{"organization":"Department of Justice","title":""}],"links":[],"pronouns":null,"media":[],"id":48477,"title":"Department of Justice"}],"timeband_id":891,"links":[],"end":"2022-08-12T23:00:00.000-0000","id":49062,"tag_ids":[40260,45333,45335,45450],"village_id":18,"begin_timestamp":{"seconds":1660339800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48477}],"tags":"Guest Speaker","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (Misinformation Village)","hotel":"","short_name":"220->236 (Misinformation Village)","id":45402},"updated":"2022-07-29T20:55:00.000-0000","begin":"2022-08-12T21:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Drawing on extensive experience working with industry leaders and public bodies to defend the democratic process in countries around the world, Graphika will provide a detailed breakdown of the online threats and challenges we expect to encounter in our election integrity work this year. The presentation will include an overview of the current online landscape, an illustrated breakdown of key threats we have identified so far, and suggested mitigation measures that can be employed by election defenders.\n\n\n","title":"Multi-Stakeholder Online Harm Threat Analysis","type":{"conference_id":65,"conference":"DEFCON30","color":"#d5f67c","updated_at":"2024-06-07T03:39+0000","name":"Misinformation Village","id":45335},"end_timestamp":{"seconds":1660345200,"nanoseconds":0},"android_description":"Drawing on extensive experience working with industry leaders and public bodies to defend the democratic process in countries around the world, Graphika will provide a detailed breakdown of the online threats and challenges we expect to encounter in our election integrity work this year. The presentation will include an overview of the current online landscape, an illustrated breakdown of key threats we have identified so far, and suggested mitigation measures that can be employed by election defenders.","updated_timestamp":{"seconds":1660333980,"nanoseconds":0},"speakers":[{"content_ids":[49058,49060],"conference_id":65,"event_ids":[49061,49063],"name":"Jennifer Mathieu","affiliations":[{"organization":"Graphika","title":""}],"links":[],"pronouns":null,"media":[],"id":48483,"title":"Graphika"}],"timeband_id":891,"links":[],"end":"2022-08-12T23:00:00.000-0000","id":49061,"village_id":18,"begin_timestamp":{"seconds":1660339800,"nanoseconds":0},"tag_ids":[40260,45333,45335,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48483}],"tags":"Guest Speaker","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (Misinformation Village)","hotel":"","short_name":"220->236 (Misinformation Village)","id":45402},"updated":"2022-08-12T19:53:00.000-0000","begin":"2022-08-12T21:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In this talk, we will present novel vulnerabilities and exploitation techniques that reliably bypass Linux syscall tracing. A user mode program does not need any special privileges or capabilities to reliably avoid system call tracing detections by exploiting these vulnerabilities. The exploits work even when seccomp, SELinux, and AppArmor are enforced.\r\n\r\nAdvanced security monitoring solutions on Linux VMs and containers offer system call monitoring to effectively detect attack behaviors. Linux system calls can be monitored by kernel tracing technologies such as tracepoint, kprobe, ptrace, etc. These technologies intercept system calls at different places in the system call execution. These monitoring solutions can be deployed on cloud compute instances such as AWS EC2, Fargate, EKS, and the corresponding services from other cloud providers.\r\n\r\nWe comprehensively analyzed the Time-of-check-to-time-of-use (TOCTOU) issues in the Linux kernel syscall tracing framework and showed that these issues can be reliably exploited to bypass syscall tracing. Our exploits manipulate different system interactions that can impact the execution time of a syscall. We demonstrated that significant syscall execution delays can be introduced to make TOCTOU bypass reliable even when seccomp, SELinux, and AppArmor are enforced. Compared to the phantom attacks in DEFCON 29, the new exploit primitives we use do not require precise timing control or synchronization. \r\n\r\nWe will demonstrate our bypass for Falco on Linux VMs/containers and GKE. We will also demonstrate bypass for pdig on AWS Fargate. In addition, we will demonstrate exploitation techniques for syscall enter and explain the reason why certain configurations are difficult to reliably exploit. Finally, we will summarize exploitable TOCTOU scenarios and discuss potential mitigations in various cloud computing environments.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"title":"Trace me if you can: Bypassing Linux Syscall Tracing","android_description":"In this talk, we will present novel vulnerabilities and exploitation techniques that reliably bypass Linux syscall tracing. A user mode program does not need any special privileges or capabilities to reliably avoid system call tracing detections by exploiting these vulnerabilities. The exploits work even when seccomp, SELinux, and AppArmor are enforced.\r\n\r\nAdvanced security monitoring solutions on Linux VMs and containers offer system call monitoring to effectively detect attack behaviors. Linux system calls can be monitored by kernel tracing technologies such as tracepoint, kprobe, ptrace, etc. These technologies intercept system calls at different places in the system call execution. These monitoring solutions can be deployed on cloud compute instances such as AWS EC2, Fargate, EKS, and the corresponding services from other cloud providers.\r\n\r\nWe comprehensively analyzed the Time-of-check-to-time-of-use (TOCTOU) issues in the Linux kernel syscall tracing framework and showed that these issues can be reliably exploited to bypass syscall tracing. Our exploits manipulate different system interactions that can impact the execution time of a syscall. We demonstrated that significant syscall execution delays can be introduced to make TOCTOU bypass reliable even when seccomp, SELinux, and AppArmor are enforced. Compared to the phantom attacks in DEFCON 29, the new exploit primitives we use do not require precise timing control or synchronization. \r\n\r\nWe will demonstrate our bypass for Falco on Linux VMs/containers and GKE. We will also demonstrate bypass for pdig on AWS Fargate. In addition, we will demonstrate exploitation techniques for syscall enter and explain the reason why certain configurations are difficult to reliably exploit. Finally, we will summarize exploitable TOCTOU scenarios and discuss potential mitigations in various cloud computing environments.","end_timestamp":{"seconds":1660342500,"nanoseconds":0},"updated_timestamp":{"seconds":1659365940,"nanoseconds":0},"speakers":[{"content_ids":[48522],"conference_id":65,"event_ids":[48573],"name":"Junyuan Zeng","affiliations":[{"organization":"","title":"Senior Software Engineer, Linkedin.com\n"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/junyuanzeng/"}],"media":[],"id":47826,"title":"Senior Software Engineer, Linkedin.com\n"},{"content_ids":[48522],"conference_id":65,"event_ids":[48573],"name":"Rex Guo","affiliations":[{"organization":"Lacework","title":"Principal Engineer"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/xiaofeiguo"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Xiaofei_REX"}],"pronouns":null,"media":[],"id":47909,"title":"Principal Engineer at Lacework"}],"timeband_id":891,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241839"}],"end":"2022-08-12T22:15:00.000-0000","id":48573,"village_id":null,"begin_timestamp":{"seconds":1660339800,"nanoseconds":0},"tag_ids":[45241,45279,45280,45281,45375,45450],"includes":"Exploit, Demo, Tool","people":[{"tag_id":565,"sort_order":1,"person_id":47826},{"tag_id":565,"sort_order":1,"person_id":47909}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"updated":"2022-08-01T14:59:00.000-0000","begin":"2022-08-12T21:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"As leaks become more prevalent, they come from an increasing variety of sources: from data that simply isn't secured, to insiders, to hacktivists, and even occassional state-actors (both covert and overt). Often treated as a threat, when handled responsibly leaks are a necessary part of the ecosystem of a healthy and free society and economy. In spite of prosecutors' love of prosecution, the eternal fixation with Fear, Uncertainty and Doubt and DDoSecrets' apocalyptic motto, leaks won't destroy the world - they can only save it.\n\nIn this presentation, we'll discuss the necessity and evolution of leaks, and how various types of leaks and sources can offer different sorts of revelations. We'll then explore how we can responsibly handle different types of leaks even during volatile and politically charged situations, as well as past failures.\n\nWe'll also debunk the myth that hacktivism is just a cover for state actors by exploring examples of entities with state ties and how they were identified, as well as how both hacktivists and state actors have been misidentified or mishandled in the past.\n\nFinally, we'll discuss some of the lessons activists, newsrooms and governments can learn from the last decade, and where we should collectively go from here.\n\n\n","title":"Leak The Planet: Veritatem cognoscere non pereat mundus","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"android_description":"As leaks become more prevalent, they come from an increasing variety of sources: from data that simply isn't secured, to insiders, to hacktivists, and even occassional state-actors (both covert and overt). Often treated as a threat, when handled responsibly leaks are a necessary part of the ecosystem of a healthy and free society and economy. In spite of prosecutors' love of prosecution, the eternal fixation with Fear, Uncertainty and Doubt and DDoSecrets' apocalyptic motto, leaks won't destroy the world - they can only save it.\n\nIn this presentation, we'll discuss the necessity and evolution of leaks, and how various types of leaks and sources can offer different sorts of revelations. We'll then explore how we can responsibly handle different types of leaks even during volatile and politically charged situations, as well as past failures.\n\nWe'll also debunk the myth that hacktivism is just a cover for state actors by exploring examples of entities with state ties and how they were identified, as well as how both hacktivists and state actors have been misidentified or mishandled in the past.\n\nFinally, we'll discuss some of the lessons activists, newsrooms and governments can learn from the last decade, and where we should collectively go from here.","end_timestamp":{"seconds":1660342500,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48521,49406],"conference_id":65,"event_ids":[48528,49564],"name":"Xan North","affiliations":[{"organization":"Distributed Denial of Secrets","title":""}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/brazendyke"}],"pronouns":null,"media":[],"id":47843,"title":"Distributed Denial of Secrets"},{"content_ids":[48521,49406],"conference_id":65,"event_ids":[48528,49564],"name":"Emma Best","affiliations":[{"organization":"Distributed Denial of Secrets","title":""}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/NatSecGeek"},{"description":"","title":"Website","sort_order":0,"url":"https://emma.best/"}],"pronouns":null,"media":[],"id":47874,"title":"Distributed Denial of Secrets"}],"timeband_id":891,"end":"2022-08-12T22:15:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241993"}],"id":48528,"begin_timestamp":{"seconds":1660339800,"nanoseconds":0},"village_id":null,"tag_ids":[45241,45375,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47874},{"tag_id":565,"sort_order":1,"person_id":47843}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 106-110, 138-139 (Track 2)","hotel":"","short_name":"106-110, 138-139 (Track 2)","id":45373},"begin":"2022-08-12T21:30:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Every system has its blind spots. The major cloud providers are no different. The shadows in which attackers can hide out of sight (or in plain sight), and the doors that are too often left open are important parts of the cloud security landscape.\r\n\r\nThe pressure to create usability, the need to support legacy systems and workflows in a rapidly evolving landscape and the porting over of on-prem systems are just some factors that lead to these exploitable parts of cloud security.\r\n\r\nIn this talk, we'll map out a few of these built-in blind spots, focusing on AWS, Azure, and GCP in three key areas: 1) Hard knock life: Critical security areas that are hard to get right or confusingly misrepresented. 2) Trust no one! Cloud provider design flaws and backdoors that limit the degree of security that can be reached. 3) Too old for this s***: Legacy support and dirty fixes that make for great hiding places for attackers.\r\n\r\nWe'll explore cool ways to penetrate cloud environments, escalate privilege and achieve stealth. By identifying what these weak points have in common, we can also figure out how to spot more such oversights in the future.\n\n\n","title":"Flying Under Cloud Cover: Built-in Blind Spots in Cloud Security","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#7caa57","name":"Cloud Village","id":45350},"android_description":"Every system has its blind spots. The major cloud providers are no different. The shadows in which attackers can hide out of sight (or in plain sight), and the doors that are too often left open are important parts of the cloud security landscape.\r\n\r\nThe pressure to create usability, the need to support legacy systems and workflows in a rapidly evolving landscape and the porting over of on-prem systems are just some factors that lead to these exploitable parts of cloud security.\r\n\r\nIn this talk, we'll map out a few of these built-in blind spots, focusing on AWS, Azure, and GCP in three key areas: 1) Hard knock life: Critical security areas that are hard to get right or confusingly misrepresented. 2) Trust no one! Cloud provider design flaws and backdoors that limit the degree of security that can be reached. 3) Too old for this s***: Legacy support and dirty fixes that make for great hiding places for attackers.\r\n\r\nWe'll explore cool ways to penetrate cloud environments, escalate privilege and achieve stealth. By identifying what these weak points have in common, we can also figure out how to spot more such oversights in the future.","end_timestamp":{"seconds":1660341000,"nanoseconds":0},"updated_timestamp":{"seconds":1659282960,"nanoseconds":0},"speakers":[{"content_ids":[48724,49170,49186],"conference_id":65,"event_ids":[48734,49222,49206],"name":"Noam Dahan","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/NoamDahan"}],"pronouns":null,"media":[],"id":48054}],"timeband_id":891,"links":[],"end":"2022-08-12T21:50:00.000-0000","id":49206,"village_id":9,"begin_timestamp":{"seconds":1660339200,"nanoseconds":0},"tag_ids":[40252,45340,45350,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48054}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Cloud Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Cloud Village)","id":45431},"updated":"2022-07-31T15:56:00.000-0000","begin":"2022-08-12T21:20:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"This is a fun technical talk covering three of my favorite security investigations as an Incident Response professional. The presentation features demoed reenactments of actual real-world attacks. I showcase both the attacker side as well as the investigation side of these security incidents. I show and talk through example source code and explain how each of the attacks work. I then flip these scenarios around by explaining how to use numerous free and open-source tools to investigate those same security incidents. Each scenario is closed by covering the follow-up remediation steps.\n\n\nProtecting systems and networks as a tech defender means withstanding a constant barrage of unsophisticated attacks from automated tools, botnets, crawlers, exploit kits, phish kits, and script kiddies; oh my! Occasionally, we encounter attacks worthy of style points for creativity or new twists on old attack techniques. This talk features demoed reenactments from some advanced attacks investigated by the presenter. The demos showcase technical deep dives of the underpinnings from both the attacker and investigator sides of these attacks. Attendee key takeaways are strategies, freely available tools, and techniques helpful during incident response investigations.","title":"Lend me your IR's!","type":{"conference_id":65,"conference":"DEFCON30","color":"#97ab92","updated_at":"2024-06-07T03:39+0000","name":"Blue Team Village","id":45376},"android_description":"This is a fun technical talk covering three of my favorite security investigations as an Incident Response professional. The presentation features demoed reenactments of actual real-world attacks. I showcase both the attacker side as well as the investigation side of these security incidents. I show and talk through example source code and explain how each of the attacks work. I then flip these scenarios around by explaining how to use numerous free and open-source tools to investigate those same security incidents. Each scenario is closed by covering the follow-up remediation steps.\n\n\nProtecting systems and networks as a tech defender means withstanding a constant barrage of unsophisticated attacks from automated tools, botnets, crawlers, exploit kits, phish kits, and script kiddies; oh my! Occasionally, we encounter attacks worthy of style points for creativity or new twists on old attack techniques. This talk features demoed reenactments from some advanced attacks investigated by the presenter. The demos showcase technical deep dives of the underpinnings from both the attacker and investigator sides of these attacks. Attendee key takeaways are strategies, freely available tools, and techniques helpful during incident response investigations.","end_timestamp":{"seconds":1660342500,"nanoseconds":0},"updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48919],"conference_id":65,"event_ids":[48920],"name":"Matt Scheurer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48377}],"timeband_id":891,"links":[],"end":"2022-08-12T22:15:00.000-0000","id":48920,"tag_ids":[40250,45365,45373,45376,45451],"village_id":7,"begin_timestamp":{"seconds":1660338900,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48377}],"tags":"Walkthrough Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45475,"name":"Virtual - BlueTeam Village - Talks","hotel":"","short_name":"Talks","id":45473},"spans_timebands":"N","begin":"2022-08-12T21:15:00.000-0000","updated":"2022-07-28T21:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"\"Ever have application owners point fingers at each other only to find out it was a network issue the entire time? Using tcpdump, we can quickly validate what's happening on the wire. But what if you're hunting for something much more specific?\r\n\r\nIn this talk, we'll explore use cases and examples of advanced tcpdump usage. Combining tcpdump filter syntax and BPF, you'll be able to quickly locate (or rule out) the traffic you're looking for.\"\n\n\n","title":"Advanced Packet Wrangling with tcpdump","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#74a6bb","name":"DEF CON Groups VR","id":45449},"android_description":"\"Ever have application owners point fingers at each other only to find out it was a network issue the entire time? Using tcpdump, we can quickly validate what's happening on the wire. But what if you're hunting for something much more specific?\r\n\r\nIn this talk, we'll explore use cases and examples of advanced tcpdump usage. Combining tcpdump filter syntax and BPF, you'll be able to quickly locate (or rule out) the traffic you're looking for.\"","end_timestamp":{"seconds":1660341600,"nanoseconds":0},"updated_timestamp":{"seconds":1660257180,"nanoseconds":0},"speakers":[{"content_ids":[49750],"conference_id":65,"event_ids":[49948],"name":"Scribbles","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/404scribbles"}],"pronouns":null,"media":[],"id":49088}],"timeband_id":891,"links":[{"label":"URL","type":"link","url":"https://account.altvr.com/events/2059997537997160822"}],"end":"2022-08-12T22:00:00.000-0000","id":49948,"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"village_id":null,"tag_ids":[45374,45449],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49088}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - DEF CON Groups VR","hotel":"","short_name":"DEF CON Groups VR","id":45523},"spans_timebands":"N","begin":"2022-08-12T21:00:00.000-0000","updated":"2022-08-11T22:33:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The DEF CON community confronts difficult challenges daily, overcoming many through defensive levers, such as tools, technology, and process. How about a push to make a Nation (or Nations) more secure with actionable directives? Larger, more stubborn challenges require other tools, including those dealt with at the public policy layer, such as executive orders, Congressional action, agency rules and guidance, or collective industry action. Hackers and policymakers will raise several such challenges and moderate discussions about which policy levers may be able to address them, and how.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#ab59db","updated_at":"2024-06-07T03:39+0000","name":"Policy@DEF CON Content","id":45311},"title":"Emerging Technical Cyber Policy Topics","end_timestamp":{"seconds":1660344300,"nanoseconds":0},"android_description":"The DEF CON community confronts difficult challenges daily, overcoming many through defensive levers, such as tools, technology, and process. How about a push to make a Nation (or Nations) more secure with actionable directives? Larger, more stubborn challenges require other tools, including those dealt with at the public policy layer, such as executive orders, Congressional action, agency rules and guidance, or collective industry action. Hackers and policymakers will raise several such challenges and moderate discussions about which policy levers may be able to address them, and how.","updated_timestamp":{"seconds":1660107780,"nanoseconds":0},"speakers":[{"content_ids":[49740],"conference_id":65,"event_ids":[49933],"name":"Luiz Eduardo","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49077},{"content_ids":[49740],"conference_id":65,"event_ids":[49933],"name":"Kurt Opsahl","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49078},{"content_ids":[49740],"conference_id":65,"event_ids":[49933],"name":"Yan Shoshitaishvili","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49079},{"content_ids":[49740],"conference_id":65,"event_ids":[49933],"name":"Yan Zhu","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49080}],"timeband_id":891,"links":[],"end":"2022-08-12T22:45:00.000-0000","id":49933,"village_id":23,"tag_ids":[40265,45311,45373,45450],"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"includes":"","people":[{"tag_id":45448,"sort_order":1,"person_id":49078},{"tag_id":45448,"sort_order":1,"person_id":49077},{"tag_id":45448,"sort_order":1,"person_id":49079},{"tag_id":45448,"sort_order":1,"person_id":49080}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 226-227 - Policy Roundtable","hotel":"","short_name":"226-227 - Policy Roundtable","id":45465},"begin":"2022-08-12T21:00:00.000-0000","updated":"2022-08-10T05:03:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Part 1 \r\n\r\nCome learn about quantum’s answer to cryptography - Quantum Key Distribution protocols! From BB84 to modern implementations.\r\n\r\nPart 2 \r\n\r\nQuantum computers are expeted to break modern public key cryptography owing to Shor's algorithm. As a result, these cryptosystems need to be replaced by quantum-resistant algorithms, also known as post-quantum cryptography (PQC) algorithms.\n\n\n","title":"The Quantum Tech Showcase: From QKD to QRNG Demo","type":{"conference_id":65,"conference":"DEFCON30","color":"#aae997","updated_at":"2024-06-07T03:39+0000","name":"Quantum Village","id":45382},"android_description":"Part 1 \r\n\r\nCome learn about quantum’s answer to cryptography - Quantum Key Distribution protocols! From BB84 to modern implementations.\r\n\r\nPart 2 \r\n\r\nQuantum computers are expeted to break modern public key cryptography owing to Shor's algorithm. As a result, these cryptosystems need to be replaced by quantum-resistant algorithms, also known as post-quantum cryptography (PQC) algorithms.","end_timestamp":{"seconds":1660341600,"nanoseconds":0},"updated_timestamp":{"seconds":1660334460,"nanoseconds":0},"speakers":[{"content_ids":[49708,49702],"conference_id":65,"event_ids":[49892,49898],"name":"Vikram Sharma","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49055}],"timeband_id":891,"links":[],"end":"2022-08-12T22:00:00.000-0000","id":49892,"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"village_id":24,"tag_ids":[40266,45332,45373,45382,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49055}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 217 (Quantum Village)","hotel":"","short_name":"217 (Quantum Village)","id":45403},"spans_timebands":"N","begin":"2022-08-12T21:00:00.000-0000","updated":"2022-08-12T20:01:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Meshtastic is an open-source mesh based text messaging project that utilizes affordable and easily hack-able hardware coupled with the computer that already lives in your pocket. It enables long range text based communications off-grid, without requiring infrastructure, by utilizing the LoRa protocol. Come see how you can use this project to build an off-grid communicator with location sharing, a distributed sensor network, or just use it to send text messages to people at a con.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8826b","name":"Radio Frequency Village","id":45383},"title":"Getting started with Meshtastic","end_timestamp":{"seconds":1660339800,"nanoseconds":0},"android_description":"Meshtastic is an open-source mesh based text messaging project that utilizes affordable and easily hack-able hardware coupled with the computer that already lives in your pocket. It enables long range text based communications off-grid, without requiring infrastructure, by utilizing the LoRa protocol. Come see how you can use this project to build an off-grid communicator with location sharing, a distributed sensor network, or just use it to send text messages to people at a con.","updated_timestamp":{"seconds":1659928500,"nanoseconds":0},"speakers":[{"content_ids":[49660],"conference_id":65,"event_ids":[49848],"name":"aromond","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/aromond2001"}],"media":[],"id":49019}],"timeband_id":891,"links":[],"end":"2022-08-12T21:30:00.000-0000","id":49848,"tag_ids":[40267,45340,45373,45383,45451],"village_id":25,"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49019}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Eldorado Ballroom (Radio Frequency Village)","hotel":"","short_name":"Eldorado Ballroom (Radio Frequency Village)","id":45427},"spans_timebands":"N","begin":"2022-08-12T21:00:00.000-0000","updated":"2022-08-08T03:15:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Discussion about how information operations have changed from 2015 to today and what we can predict about the future. Additionally, the panel will cover how war was once fought on land, then progressed to sea, then underwater and air, followed by space and cyber. We have to realize that information space warfare is the new domain of war. \n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#9d9a7e","updated_at":"2024-06-07T03:39+0000","name":"Voting Village","id":45387},"title":"Information Operations ","end_timestamp":{"seconds":1660341600,"nanoseconds":0},"android_description":"Discussion about how information operations have changed from 2015 to today and what we can predict about the future. Additionally, the panel will cover how war was once fought on land, then progressed to sea, then underwater and air, followed by space and cyber. We have to realize that information space warfare is the new domain of war.","updated_timestamp":{"seconds":1659912780,"nanoseconds":0},"speakers":[{"content_ids":[48703,49575,49601],"conference_id":65,"event_ids":[48711,49787,49815],"name":"Bryson Bort","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/brysonbort/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/brysonbort"}],"pronouns":null,"media":[],"id":48012},{"content_ids":[49602,49601],"conference_id":65,"event_ids":[49815,49816],"name":"Nicole Tisdale","affiliations":[{"organization":"","title":"Director of The White House National Security Council (2021-2022) - Director of the U.S. Committee on Homeland Security (2009-2019)"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/nicoletisdale?trk=people-guest_people_search-card"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/HiNicoleTisdale"},{"description":"","title":"Website","sort_order":0,"url":"https://nicoletisdale.com"}],"media":[],"id":48950,"title":"Director of The White House National Security Council (2021-2022) - Director of the U.S. Committee on Homeland Security (2009-2019)"},{"content_ids":[49601],"conference_id":65,"event_ids":[49815],"name":"Trapezoid","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48954}],"timeband_id":891,"end":"2022-08-12T22:00:00.000-0000","links":[{"label":"Twitch","type":"link","url":"https://www.twitch.tv/votingvillagedc"},{"label":"YouTube","type":"link","url":"https://m.youtube.com/channel/UCnDevqsxt3sO8chqS5MGvwg"}],"id":49815,"village_id":34,"tag_ids":[40279,45348,45367,45374,45387,45450],"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"includes":"","people":[{"tag_id":45290,"sort_order":1,"person_id":48012},{"tag_id":45290,"sort_order":1,"person_id":48950},{"tag_id":45290,"sort_order":1,"person_id":48954}],"tags":"Panel, Pre-Recorded Content","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 313-314, 320 (Voting Village)","hotel":"","short_name":"313-314, 320 (Voting Village)","id":45416},"begin":"2022-08-12T21:00:00.000-0000","updated":"2022-08-07T22:53:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"More and more companies realize, trying to prevent malicious activities alone is not enough, therefore more and more companies are using EDR products in their environment. From red team perspective this gets more and more a challenge, because even if the red team has achieved a local privilege escalation, most well known EDR products are still be very annoying. In the last few months we saw a lot about bypassing EDRs, but what about possible ways to disable the main functionalities from an EDR by targeted, controlled tampering from specific key components from them? What EDR components can be a key element in Windows user space and kernel space to disable the EDR main functionalities, but without relying on an uninstall password, uninstalling the product or using the Windows security center. And how can we as red teamer not just get rid of prevention by the antivirus module from an EPP/EDR, instead we also want to get rid of detections (active alerts in the web console) by the EDR module, get rid of the telemetry footprint based on the EDR sensor, host isolation, real time response remote shells and EDR sensor recovery feature.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#54ab76","updated_at":"2024-06-07T03:39+0000","name":"Adversary Village","id":45377},"title":"Master of Puppets: How to tamper the EDR?","android_description":"More and more companies realize, trying to prevent malicious activities alone is not enough, therefore more and more companies are using EDR products in their environment. From red team perspective this gets more and more a challenge, because even if the red team has achieved a local privilege escalation, most well known EDR products are still be very annoying. In the last few months we saw a lot about bypassing EDRs, but what about possible ways to disable the main functionalities from an EDR by targeted, controlled tampering from specific key components from them? What EDR components can be a key element in Windows user space and kernel space to disable the EDR main functionalities, but without relying on an uninstall password, uninstalling the product or using the Windows security center. And how can we as red teamer not just get rid of prevention by the antivirus module from an EPP/EDR, instead we also want to get rid of detections (active alerts in the web console) by the EDR module, get rid of the telemetry footprint based on the EDR sensor, host isolation, real time response remote shells and EDR sensor recovery feature.","end_timestamp":{"seconds":1660339800,"nanoseconds":0},"updated_timestamp":{"seconds":1659888540,"nanoseconds":0},"speakers":[{"content_ids":[49582],"conference_id":65,"event_ids":[49794],"name":"Daniel Feichter","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/daniel-feichter-5277a0140/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/virtualallocex"}],"media":[],"id":48935}],"timeband_id":891,"links":[],"end":"2022-08-12T21:30:00.000-0000","id":49794,"village_id":1,"tag_ids":[40246,45340,45373,45377,45451],"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48935}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"spans_timebands":"N","begin":"2022-08-12T21:00:00.000-0000","updated":"2022-08-07T16:09:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"title":"OSINT Skills Lab Challenge","android_description":"","end_timestamp":{"seconds":1660341600,"nanoseconds":0},"updated_timestamp":{"seconds":1659679080,"nanoseconds":0},"speakers":[{"content_ids":[49440],"conference_id":65,"event_ids":[49635,49636,49637,49638,49639,49640,49641,49642,49643],"name":"Lee McWhorter","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/lee-mcwhorter/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/tleemcjr"}],"media":[],"id":48518},{"content_ids":[49440],"conference_id":65,"event_ids":[49635,49636,49637,49638,49639,49640,49641,49642,49643],"name":"Sandra Stibbards","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/camelotinvestigations/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/camelotinv"}],"pronouns":null,"media":[],"id":48531}],"timeband_id":891,"links":[],"end":"2022-08-12T22:00:00.000-0000","id":49636,"village_id":27,"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"tag_ids":[40269,45332,45373,45385,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48518},{"tag_id":565,"sort_order":1,"person_id":48531}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"updated":"2022-08-05T05:58:00.000-0000","begin":"2022-08-12T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"title":"HackerOps","end_timestamp":{"seconds":1660341600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659678600,"nanoseconds":0},"speakers":[{"content_ids":[49434],"conference_id":65,"event_ids":[49606,49607,49608,49609,49610,49611,49612,49613,49614,49615,49616],"name":"Ralph May","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48825}],"timeband_id":891,"links":[],"end":"2022-08-12T22:00:00.000-0000","id":49607,"tag_ids":[40269,45332,45373,45385,45451],"village_id":27,"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48825}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"spans_timebands":"N","updated":"2022-08-05T05:50:00.000-0000","begin":"2022-08-12T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ada5dd","name":"Red Team Village","id":45385},"title":"Cyber Resilience Bootcamp","android_description":"","end_timestamp":{"seconds":1660341600,"nanoseconds":0},"updated_timestamp":{"seconds":1659678480,"nanoseconds":0},"speakers":[{"content_ids":[49433],"conference_id":65,"event_ids":[49599,49600,49601,49602,49603,49604,49605],"name":"Ron Taylor","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Gu5G0rman"}],"media":[],"id":48826}],"timeband_id":891,"links":[],"end":"2022-08-12T22:00:00.000-0000","id":49599,"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"tag_ids":[40269,45332,45373,45385,45451],"village_id":27,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48826}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"updated":"2022-08-05T05:48:00.000-0000","begin":"2022-08-12T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"After 2 years virtual and one in person, we’d like to return to stage for our 4th year where this contest shines best. Hack3r Runw@y brings out all the sheek geeks out there. It encourages rethinking fashion in the eyes of hackers. Be it smartwear, LED additions, obfuscation, cosplay or just everyday wear using fabrics and textures that are familiar to the community. Contestants can enter clothing, shoes, jewelry, hats or accessories. If it can be worn, it is perfect for the runway. For convenience, contestants can enter the contest with designs made ahead of the conference, however it needs to be made by them and not just store bought.\r\n\r\nAwards will be handed out in 4 categories and one trophy for the People’s Choice category where the winner is anyone’s guess:\r\n\r\nDigital wearable - LED, electronic, passive\r\nSmart wear - interactive, temperature sensing, mood changing, card skimmers, etc\r\nAesthetics and More - 3d printed, geeky wear, passive design, obfuscation, cosplay\r\nFunctional wear - did you bling out your mask and/or shield, have a hazmat suit, lock pick earrings, cufflinks shims\r\nWinners will be selected based on, but no limited to:\r\n\r\nUniqueness\r\nTrendy\r\nPractical\r\nCouture\r\nCreativity\r\nRelevance\r\nOriginality\r\nPresentation\r\nMastery\r\n \r\nFriday: 2pm – 4pm\r\n\r\nSaturday: 4pm – 6pm (or 2 hours before the contest stage and then 1 hr on stage)\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"title":"Hack3r Runw@y  ","android_description":"After 2 years virtual and one in person, we’d like to return to stage for our 4th year where this contest shines best. Hack3r Runw@y brings out all the sheek geeks out there. It encourages rethinking fashion in the eyes of hackers. Be it smartwear, LED additions, obfuscation, cosplay or just everyday wear using fabrics and textures that are familiar to the community. Contestants can enter clothing, shoes, jewelry, hats or accessories. If it can be worn, it is perfect for the runway. For convenience, contestants can enter the contest with designs made ahead of the conference, however it needs to be made by them and not just store bought.\r\n\r\nAwards will be handed out in 4 categories and one trophy for the People’s Choice category where the winner is anyone’s guess:\r\n\r\nDigital wearable - LED, electronic, passive\r\nSmart wear - interactive, temperature sensing, mood changing, card skimmers, etc\r\nAesthetics and More - 3d printed, geeky wear, passive design, obfuscation, cosplay\r\nFunctional wear - did you bling out your mask and/or shield, have a hazmat suit, lock pick earrings, cufflinks shims\r\nWinners will be selected based on, but no limited to:\r\n\r\nUniqueness\r\nTrendy\r\nPractical\r\nCouture\r\nCreativity\r\nRelevance\r\nOriginality\r\nPresentation\r\nMastery\r\n \r\nFriday: 2pm – 4pm\r\n\r\nSaturday: 4pm – 6pm (or 2 hours before the contest stage and then 1 hr on stage)","end_timestamp":{"seconds":1660345200,"nanoseconds":0},"updated_timestamp":{"seconds":1659668820,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[{"label":"Twitter","type":"link","url":"https://twitter.com/Hack3rRunway"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711643691877531698"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/240962"},{"label":"Website 2","type":"link","url":"https://hack3rrunway.github.io/"},{"label":"Website 1","type":"link","url":"https://Hack3rRunway.square.site"}],"end":"2022-08-12T23:00:00.000-0000","id":49584,"tag_ids":[45360,45373,45450],"village_id":null,"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"spans_timebands":"N","begin":"2022-08-12T21:00:00.000-0000","updated":"2022-08-05T03:07:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The issue about convenience vs. security has been spoken about for years now, with most devices having wireless capability now, it invites trouble, especially when it is not encrypted or secured. Right from our tap-to-pay cards to even unlocking and starting out car.\r\n\r\nThis talk discusses CVE-2022-27254 and the story of how we came about discovering it. The CVE exploits an issues wherein the remote keyless system on various Honda vehicles, allowing an attacker to access the cars, and potentially even let them drive away with it!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#b9b1c5","updated_at":"2024-06-07T03:39+0000","name":"Car Hacking Village","id":45352},"title":"Security like the 80's: How I stole your RF","end_timestamp":{"seconds":1660339500,"nanoseconds":0},"android_description":"The issue about convenience vs. security has been spoken about for years now, with most devices having wireless capability now, it invites trouble, especially when it is not encrypted or secured. Right from our tap-to-pay cards to even unlocking and starting out car.\r\n\r\nThis talk discusses CVE-2022-27254 and the story of how we came about discovering it. The CVE exploits an issues wherein the remote keyless system on various Honda vehicles, allowing an attacker to access the cars, and potentially even let them drive away with it!","updated_timestamp":{"seconds":1659587280,"nanoseconds":0},"speakers":[{"content_ids":[49386],"conference_id":65,"event_ids":[49533],"name":"Ayyappan Rajesh","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48793}],"timeband_id":891,"links":[],"end":"2022-08-12T21:25:00.000-0000","id":49533,"village_id":8,"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"tag_ids":[40251,45340,45348,45352,45374],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48793}],"tags":"Pre-Recorded Content, Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - Car Hacking Village","hotel":"","short_name":"Car Hacking Village","id":45487},"begin":"2022-08-12T21:00:00.000-0000","updated":"2022-08-04T04:28:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Meet the Feds: ONCO Edition","type":{"conference_id":65,"conference":"DEFCON30","color":"#ab59db","updated_at":"2024-06-07T03:39+0000","name":"Policy@DEF CON Content","id":45311},"android_description":"","end_timestamp":{"seconds":1660345200,"nanoseconds":0},"updated_timestamp":{"seconds":1659548940,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-12T23:00:00.000-0000","id":49510,"village_id":23,"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"tag_ids":[40265,45311,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 224-225 - Policy Collaboratorium","hotel":"","short_name":"224-225 - Policy Collaboratorium","id":45464},"spans_timebands":"N","begin":"2022-08-12T21:00:00.000-0000","updated":"2022-08-03T17:49:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Using an Active Cyber Defense framework and combining that with our homegrown ML, we’ve created our own approach to detecting aberrant network behavior through passive network monitoring to discover covert communications with a Raspberry Pi. We will then demo our open source solution, a free Modbus TCP pcap analysis tool, to uncover the risky and potentially very damaging covert channels communicating with the outside world and the types of data that is being harvested along with the new attack surfaces that they offer.\n\n\n","title":"Exposing aberrant network behaviors within ICS environments using a Raspberry Pi","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#81f8bf","name":"ICS Village","id":45369},"end_timestamp":{"seconds":1660341600,"nanoseconds":0},"android_description":"Using an Active Cyber Defense framework and combining that with our homegrown ML, we’ve created our own approach to detecting aberrant network behavior through passive network monitoring to discover covert communications with a Raspberry Pi. We will then demo our open source solution, a free Modbus TCP pcap analysis tool, to uncover the risky and potentially very damaging covert channels communicating with the outside world and the types of data that is being harvested along with the new attack surfaces that they offer.","updated_timestamp":{"seconds":1659472980,"nanoseconds":0},"speakers":[{"content_ids":[49337,49392],"conference_id":65,"event_ids":[49539,49437],"name":"Chet Hosmer","affiliations":[{"organization":"University of Arizona, Cyber Operations","title":"Professor of Practice"}],"links":[],"pronouns":null,"media":[],"id":48750,"title":"Professor of Practice at University of Arizona, Cyber Operations"},{"content_ids":[49337],"conference_id":65,"event_ids":[49437],"name":"Mike Raggo","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48764}],"timeband_id":891,"links":[],"end":"2022-08-12T22:00:00.000-0000","id":49437,"village_id":15,"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"tag_ids":[40258,45340,45369,45375,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48750},{"tag_id":565,"sort_order":1,"person_id":48764}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village)","hotel":"","short_name":"314 - 319 (ICS Village)","id":45430},"begin":"2022-08-12T21:00:00.000-0000","updated":"2022-08-02T20:43:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Daniel Roy is a card manipulation expert who specializes in two areas: the sleight-of-hand techniques used by professional card cheats and the “sleight-of-mind” techniques he learned while studying neurobiology at the University of Pennsylvania. In this workshop, he’ll demonstrate how you can be swindled at the card table and teach you a few of the secrets so you can try them out for yourself, all the while explaining how these techniques target the mind.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#569d6e","name":"Rogues Village","id":45368},"title":"False Dealing","android_description":"Daniel Roy is a card manipulation expert who specializes in two areas: the sleight-of-hand techniques used by professional card cheats and the “sleight-of-mind” techniques he learned while studying neurobiology at the University of Pennsylvania. In this workshop, he’ll demonstrate how you can be swindled at the card table and teach you a few of the secrets so you can try them out for yourself, all the while explaining how these techniques target the mind.","end_timestamp":{"seconds":1660341600,"nanoseconds":0},"updated_timestamp":{"seconds":1659467400,"nanoseconds":0},"speakers":[{"content_ids":[49321],"conference_id":65,"event_ids":[49421],"name":"Daniel Roy","affiliations":[],"links":[{"description":"","title":"Website","sort_order":0,"url":"https://danielroymagic.com/"}],"pronouns":null,"media":[],"id":48743}],"timeband_id":891,"links":[],"end":"2022-08-12T22:00:00.000-0000","id":49421,"tag_ids":[40271,45332,45368,45453],"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"village_id":29,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48743}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Evolution (Rogues Village)","hotel":"","short_name":"Evolution (Rogues Village)","id":45407},"updated":"2022-08-02T19:10:00.000-0000","begin":"2022-08-12T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In 1905 Harry Houdini wrote his first book entitled “The Right Way to Do Wrong” wherein he divulged the lockpicking and other trade secrets of criminals. People make assumptions about how schemes work and believe them to be complicated, yet in many cases the insider knows how simple they are. Most people assume that besides tailgating and social engineering, real break-ins (or physical security testing) are all about picking locks. However, the secret is that on physical pentests it’s typically unnecessary to do that! Some physical controls have known bypasses, and some building contractors (or even locksmiths) don't implement things correctly. Just like Houdini, I’ll be divulging the simple tricks of the trade employed by both criminals and professional physical pentesters to bypass physical controls without using picks. You may be shocked and amazed by what you see, and once you leave you'll be an insider too - seeing insecurity everywhere!\r\n\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#856899","updated_at":"2024-06-07T03:39+0000","name":"Lock Pick Village","id":45362},"title":"The Right Way To Do Wrong: Physical security secrets of criminals and professionals alike","android_description":"In 1905 Harry Houdini wrote his first book entitled “The Right Way to Do Wrong” wherein he divulged the lockpicking and other trade secrets of criminals. People make assumptions about how schemes work and believe them to be complicated, yet in many cases the insider knows how simple they are. Most people assume that besides tailgating and social engineering, real break-ins (or physical security testing) are all about picking locks. However, the secret is that on physical pentests it’s typically unnecessary to do that! Some physical controls have known bypasses, and some building contractors (or even locksmiths) don't implement things correctly. Just like Houdini, I’ll be divulging the simple tricks of the trade employed by both criminals and professional physical pentesters to bypass physical controls without using picks. You may be shocked and amazed by what you see, and once you leave you'll be an insider too - seeing insecurity everywhere!","end_timestamp":{"seconds":1660341600,"nanoseconds":0},"updated_timestamp":{"seconds":1659420240,"nanoseconds":0},"speakers":[{"content_ids":[49274],"conference_id":65,"event_ids":[49354],"name":"Patrick McNeil","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48700}],"timeband_id":891,"links":[],"end":"2022-08-12T22:00:00.000-0000","id":49354,"tag_ids":[40259,45340,45362,45373,45450],"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"village_id":17,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48700}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 203-204, 235 (Lock Pick Village)","hotel":"","short_name":"203-204, 235 (Lock Pick Village)","id":45399},"spans_timebands":"N","updated":"2022-08-02T06:04:00.000-0000","begin":"2022-08-12T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Too often analysts to security researchers are left out of legislative activities. This presentation covers current affairs and the ways to get involved. We will share what has and hasn’t worked, why your participation is needed, and how the collection of cyber incident reports and statistics matters. By sharing the policy landscape, the opportunities for participation will be clear and can further efforts to build operations-policy connections. Your input is needed–don’t miss your flight. \n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#f5eab2","updated_at":"2024-06-07T03:39+0000","name":"Aerospace Village","id":45357},"title":"Final Boarding Call for Cyber Policy Airlines Flight 443","end_timestamp":{"seconds":1660341000,"nanoseconds":0},"android_description":"Too often analysts to security researchers are left out of legislative activities. This presentation covers current affairs and the ways to get involved. We will share what has and hasn’t worked, why your participation is needed, and how the collection of cyber incident reports and statistics matters. By sharing the policy landscape, the opportunities for participation will be clear and can further efforts to build operations-policy connections. Your input is needed–don’t miss your flight.","updated_timestamp":{"seconds":1659379560,"nanoseconds":0},"speakers":[{"content_ids":[48885,49229],"conference_id":65,"event_ids":[48886,49272],"name":"Ayan Islam","affiliations":[{"organization":"","title":"R-Street Institute"}],"links":[],"pronouns":null,"media":[],"id":48305,"title":"R-Street Institute"},{"content_ids":[49229],"conference_id":65,"event_ids":[49272],"name":"Mary Brooks","affiliations":[{"organization":"R Street Institute","title":"Fellow for Cybersecurity and Emerging Threats"}],"links":[],"pronouns":null,"media":[],"id":48681,"title":"Fellow for Cybersecurity and Emerging Threats at R Street Institute"},{"content_ids":[49229],"conference_id":65,"event_ids":[49272],"name":"Olivia Stella","affiliations":[{"organization":"Southwest Airlines","title":"Senior Systems Engineer in Cybersecurity"}],"links":[],"pronouns":null,"media":[],"id":48683,"title":"Senior Systems Engineer in Cybersecurity at Southwest Airlines"},{"content_ids":[49229],"conference_id":65,"event_ids":[49272],"name":"Rebecca Ash","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48691}],"timeband_id":891,"links":[],"end":"2022-08-12T21:50:00.000-0000","id":49272,"village_id":2,"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"tag_ids":[40247,45340,45357,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48305},{"tag_id":565,"sort_order":1,"person_id":48681},{"tag_id":565,"sort_order":1,"person_id":48683},{"tag_id":565,"sort_order":1,"person_id":48691}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"updated":"2022-08-01T18:46:00.000-0000","begin":"2022-08-12T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#a68c60","name":"Vendor Event","id":45354},"title":"No Starch Press - Book Signing - Travis Goodspeed, PoC or GTFO Volume 3","android_description":"","end_timestamp":{"seconds":1660338000,"nanoseconds":0},"updated_timestamp":{"seconds":1659306420,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-12T21:00:00.000-0000","id":49249,"tag_ids":[45354,45373,45450],"village_id":null,"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 130-132, 134 (Vendors)","hotel":"","short_name":"130-132, 134 (Vendors)","id":45448},"begin":"2022-08-12T21:00:00.000-0000","updated":"2022-07-31T22:27:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"DEI in Cybersecurity (Breaking through the barrier, behind the barrier... behind the barrier)","type":{"conference_id":65,"conference":"DEFCON30","color":"#8dc784","updated_at":"2024-06-07T03:39+0000","name":"BIC Village","id":45353},"end_timestamp":{"seconds":1660339800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659305220,"nanoseconds":0},"speakers":[{"content_ids":[49198],"conference_id":65,"event_ids":[49239],"name":"Damian Grant","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48654}],"timeband_id":891,"links":[],"end":"2022-08-12T21:30:00.000-0000","id":49239,"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"tag_ids":[40249,45348,45353,45374],"village_id":6,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48654}],"tags":"Pre-Recorded Content","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - BIC Village","hotel":"","short_name":"BIC Village","id":45488},"begin":"2022-08-12T21:00:00.000-0000","updated":"2022-07-31T22:07:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"There is no standard and secure way to exchange data rights requests under the law and it’s hard and time-consuming for consumers and companies alike. We think there should be a better way to process data rights requests that’s streamlined and inexpensive. A standard protocol that formalizes the components of a data rights request would allow for more consistency and efficiency for both consumers submitting requests and companies processing them. That’s why Consumer Reports is incubating a Data Rights Protocol with a consortium of companies committed to strengthening consumer data rights. Authorized agents, privacy infrastructure providers, and businesses that need to comply with CCPA will all be evaluating this protocol for its security before deciding to adopt. In this presentation our team of lawyers, technologists, and designers will enumerate security considerations for the protocol and present a draft security model that can help drive an ecosystem of products that empower consumers.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ff88ea","name":"Crypto & Privacy Village","id":45347},"title":"Securing and Standardizing Data Rights Requests with a Data Rights Protocol","android_description":"There is no standard and secure way to exchange data rights requests under the law and it’s hard and time-consuming for consumers and companies alike. We think there should be a better way to process data rights requests that’s streamlined and inexpensive. A standard protocol that formalizes the components of a data rights request would allow for more consistency and efficiency for both consumers submitting requests and companies processing them. That’s why Consumer Reports is incubating a Data Rights Protocol with a consortium of companies committed to strengthening consumer data rights. Authorized agents, privacy infrastructure providers, and businesses that need to comply with CCPA will all be evaluating this protocol for its security before deciding to adopt. In this presentation our team of lawyers, technologists, and designers will enumerate security considerations for the protocol and present a draft security model that can help drive an ecosystem of products that empower consumers.","end_timestamp":{"seconds":1660339800,"nanoseconds":0},"updated_timestamp":{"seconds":1659213600,"nanoseconds":0},"speakers":[{"content_ids":[49144],"conference_id":65,"event_ids":[49180],"name":"Dazza Greenwood","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48594},{"content_ids":[49144],"conference_id":65,"event_ids":[49180],"name":"Ginny Fahs","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48596},{"content_ids":[49144],"conference_id":65,"event_ids":[49180],"name":"Ryan Rix","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48611}],"timeband_id":891,"links":[],"end":"2022-08-12T21:30:00.000-0000","id":49180,"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"village_id":10,"tag_ids":[40253,45347,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48594},{"tag_id":565,"sort_order":1,"person_id":48596},{"tag_id":565,"sort_order":1,"person_id":48611}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"spans_timebands":"N","updated":"2022-07-30T20:40:00.000-0000","begin":"2022-08-12T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Securing Industrial Control Systems from cyberattacks often starts by properly segmenting the network, securing remote accesses and overall focusing on traditional “IT” cybersecurity measures. However, we can also leverage existing technology to detect and protect from cyberattacks.\nThe Top 20 Secure PLC Coding Practices (www.plc-security.com) is a community-led effort to identify best practices in Programmable Logic Controllers (PLC) code development that improve cybersecurity.\nIn this workshop, you will learn how to program a PLC and connect it to a SCADA system. You will then perform attacks on this system and finally implement a sample of the TOP20 coding practices to block or detect such attacks.\nYou will be provided with access to cloud VMs preconfigured with a SCADA software as well as a PLC simulator. Some demonstrations will also be performed on-site on real hardware PLCs.\n\nThe workshop is accessible to anyone, even with no prior ICS experience.\n\nMaterials:\nJust a laptop with a modern web browser. Students will be provided with cloud VMs to perform the exercices\n\nPrereq:\nNone\n\n\n","title":"Securing Industrial Control Systems from the core: PLC secure coding practices","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#eab14f","name":"DEF CON Workshop (Sold Out)","id":45336},"android_description":"Securing Industrial Control Systems from cyberattacks often starts by properly segmenting the network, securing remote accesses and overall focusing on traditional “IT” cybersecurity measures. However, we can also leverage existing technology to detect and protect from cyberattacks.\nThe Top 20 Secure PLC Coding Practices (www.plc-security.com) is a community-led effort to identify best practices in Programmable Logic Controllers (PLC) code development that improve cybersecurity.\nIn this workshop, you will learn how to program a PLC and connect it to a SCADA system. You will then perform attacks on this system and finally implement a sample of the TOP20 coding practices to block or detect such attacks.\nYou will be provided with access to cloud VMs preconfigured with a SCADA software as well as a PLC simulator. Some demonstrations will also be performed on-site on real hardware PLCs.\n\nThe workshop is accessible to anyone, even with no prior ICS experience.\n\nMaterials:\nJust a laptop with a modern web browser. Students will be provided with cloud VMs to perform the exercices\n\nPrereq:\nNone","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[49125,49117],"conference_id":65,"event_ids":[49171,49173],"name":"Alexandrine Torrents","affiliations":[{"organization":"","title":"Security Consultant"}],"links":[],"pronouns":null,"media":[],"id":48548,"title":"Security Consultant"},{"content_ids":[49125,49117],"conference_id":65,"event_ids":[49171,49173],"name":"Arnaud Soullie","affiliations":[{"organization":"","title":"Senior Manager "}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/arnaudsoullie"}],"pronouns":null,"media":[],"id":48549,"title":"Senior Manager"}],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49173,"village_id":null,"tag_ids":[45336,45344,45373,45452],"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48548},{"tag_id":565,"sort_order":1,"person_id":48549}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Ely (Workshops)","hotel":"","short_name":"Ely (Workshops)","id":45486},"spans_timebands":"N","updated":"2022-07-30T05:13:00.000-0000","begin":"2022-08-12T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Learn how blockchains, cryptocurrency, NFTs, and smart contracts work, and their most important security flaws. We will also cover the underlying cryptography: hashes, symmetric encryption, and asymmetric encryption. We will configure wallets, servers, and vulnerable smart contracts, and exploit them.\n\nWe will configure systems using Bitcoin, Ethereum, Hyperledger, Multichain, Stellar, and more. We will perform exploits including double-spend, reentrancy, integer underflow, and logic flaws.\n\nNo previous experience with coding or blockchains is required.\n\nThis workshop is structured as a CTF competition, to make it useful to students at all levels. We will demonstrate the easier challenges from each topic, and detailed step-by-step instructions are available. We will have several instructors available to answer questions and help participants individually. Every participant should learn new, useful techniques.\n\nMaterials:\nAny computer with a Web browser. The capacity to run a local virtual machine is helpful but not required.\n\nPrereq:\nBeginners are welcome. Familiarity with\ncryptocurrency and smart contracts is helpful but not necessary.\n\n\n","title":"Securing Smart Contracts","type":{"conference_id":65,"conference":"DEFCON30","color":"#eab14f","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Workshop (Sold Out)","id":45336},"end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"Learn how blockchains, cryptocurrency, NFTs, and smart contracts work, and their most important security flaws. We will also cover the underlying cryptography: hashes, symmetric encryption, and asymmetric encryption. We will configure wallets, servers, and vulnerable smart contracts, and exploit them.\n\nWe will configure systems using Bitcoin, Ethereum, Hyperledger, Multichain, Stellar, and more. We will perform exploits including double-spend, reentrancy, integer underflow, and logic flaws.\n\nNo previous experience with coding or blockchains is required.\n\nThis workshop is structured as a CTF competition, to make it useful to students at all levels. We will demonstrate the easier challenges from each topic, and detailed step-by-step instructions are available. We will have several instructors available to answer questions and help participants individually. Every participant should learn new, useful techniques.\n\nMaterials:\nAny computer with a Web browser. The capacity to run a local virtual machine is helpful but not required.\n\nPrereq:\nBeginners are welcome. Familiarity with\ncryptocurrency and smart contracts is helpful but not necessary.","updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[49133,49127],"conference_id":65,"event_ids":[49156,49161],"name":"Elizabeth Biddlecome","affiliations":[{"organization":"","title":"Consultant and Instructor"}],"links":[],"pronouns":null,"media":[],"id":48511,"title":"Consultant and Instructor"},{"content_ids":[49133,49127],"conference_id":65,"event_ids":[49156,49161],"name":"Sam Bowne","affiliations":[{"organization":"","title":"Instructor"}],"links":[],"pronouns":null,"media":[],"id":48530,"title":"Instructor"},{"content_ids":[49133,49127],"conference_id":65,"event_ids":[49156,49161],"name":"Irvin Lemus","affiliations":[{"organization":"","title":"Instructor"}],"links":[],"pronouns":null,"media":[],"id":48561,"title":"Instructor"},{"content_ids":[49133,49127],"conference_id":65,"event_ids":[49156,49161],"name":"Kaitlyn Handleman","affiliations":[{"organization":"","title":"Security Engineer"}],"links":[],"pronouns":null,"media":[],"id":48564,"title":"Security Engineer"}],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49161,"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"tag_ids":[45336,45343,45373,45452],"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48511},{"tag_id":565,"sort_order":1,"person_id":48561},{"tag_id":565,"sort_order":1,"person_id":48564},{"tag_id":565,"sort_order":1,"person_id":48530}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Reno (Workshops)","hotel":"","short_name":"Reno (Workshops)","id":45482},"spans_timebands":"N","begin":"2022-08-12T21:00:00.000-0000","updated":"2022-07-30T05:13:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"For decades mainframes have been thought to be unhackable. One of the core tenants of this myth was that buffer overflows were not possible on MVS. In 2020 a mainframe hacker figured out how to find and exploit z/OS binaries using very simple buffer overflow techniques. This workshop aims to teach you those techniques. Attendees will learn how C programs are used on mainframes, understand how to use JCL for buffer overflows, how save areas are used, common registries used for pointers, ASCII to EBCDIC machine code, and how they can hunt vulnerable binaries in their environment. Multiple hands-on labs will be instructor lead with a real mainframe provided both during and after class.\n\nMaterials:\nA laptop capable of running a modern browser\n\nPrereq:\nNone\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#eab14f","name":"DEF CON Workshop (Sold Out)","id":45336},"title":"Hand On Mainframe Buffer Overflows - RCE Edition","android_description":"For decades mainframes have been thought to be unhackable. One of the core tenants of this myth was that buffer overflows were not possible on MVS. In 2020 a mainframe hacker figured out how to find and exploit z/OS binaries using very simple buffer overflow techniques. This workshop aims to teach you those techniques. Attendees will learn how C programs are used on mainframes, understand how to use JCL for buffer overflows, how save areas are used, common registries used for pointers, ASCII to EBCDIC machine code, and how they can hunt vulnerable binaries in their environment. Multiple hands-on labs will be instructor lead with a real mainframe provided both during and after class.\n\nMaterials:\nA laptop capable of running a modern browser\n\nPrereq:\nNone","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[48560,49116],"conference_id":65,"event_ids":[48593,49159],"name":"Jake Labelle","affiliations":[{"organization":"","title":"Security Consultant"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Jabellz2"}],"pronouns":null,"media":[],"id":47876,"title":"Security Consultant"},{"content_ids":[49116],"conference_id":65,"event_ids":[49159],"name":"Phil Young","affiliations":[{"organization":"","title":"Mainframe Security Expert"}],"links":[],"pronouns":null,"media":[],"id":48576,"title":"Mainframe Security Expert"}],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49159,"tag_ids":[45336,45345,45373,45452],"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47876},{"tag_id":565,"sort_order":1,"person_id":48576}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Elko (Workshops)","hotel":"","short_name":"Elko (Workshops)","id":45484},"begin":"2022-08-12T21:00:00.000-0000","updated":"2022-07-30T05:13:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Blockchain technology has to be one of the biggest technology innovations of the past few years. The top emerging blockchain development trends are crypto coins, NFT, Defi, and even metaverse. Nowadays, Companies are adopting blockchain technology and moving to the decentralized world. Especially smart contract technologies, which open them to a new cyberattack in a new crypto world. While technology evolves cybercriminals evolve along and we constantly hear about the theft of millions of dollars at security breaches in smart contracts everywhere.\n\nIn our workshop, we will teach you what is a Blockchain, what is a smart contract and what security vulnerabilities it possesses. Our workshop is intended for beginner to intermediate level hackers who want to learn new blockchain and crypto hacking techniques based on dApps TOP 10 v2022.\n\nIn the workshop, we will teach how to find vulnerabilities in blockchain smart contracts according to the latest methods and techniques. We will demonstrate every vulnerability by giving an example on the blockchain and show everything from both attacker and defender perspectives.\n\nMaterials:\nPersonal Laptop\n\nPrereq:\nBasic Programing skills in Python\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#eab14f","name":"DEF CON Workshop (Sold Out)","id":45336},"title":"FROM ZERO TO HERO IN A BLOCKCHAIN SECURITY","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"Blockchain technology has to be one of the biggest technology innovations of the past few years. The top emerging blockchain development trends are crypto coins, NFT, Defi, and even metaverse. Nowadays, Companies are adopting blockchain technology and moving to the decentralized world. Especially smart contract technologies, which open them to a new cyberattack in a new crypto world. While technology evolves cybercriminals evolve along and we constantly hear about the theft of millions of dollars at security breaches in smart contracts everywhere.\n\nIn our workshop, we will teach you what is a Blockchain, what is a smart contract and what security vulnerabilities it possesses. Our workshop is intended for beginner to intermediate level hackers who want to learn new blockchain and crypto hacking techniques based on dApps TOP 10 v2022.\n\nIn the workshop, we will teach how to find vulnerabilities in blockchain smart contracts according to the latest methods and techniques. We will demonstrate every vulnerability by giving an example on the blockchain and show everything from both attacker and defender perspectives.\n\nMaterials:\nPersonal Laptop\n\nPrereq:\nBasic Programing skills in Python","updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[49126],"conference_id":65,"event_ids":[49153],"name":"Dikla Barda","affiliations":[{"organization":"","title":"Security Expert"}],"links":[],"pronouns":null,"media":[],"id":48554,"title":"Security Expert"},{"content_ids":[49126],"conference_id":65,"event_ids":[49153],"name":"Oded Vanunu","affiliations":[{"organization":"","title":"Head of Product Vulnerability Research"}],"links":[],"pronouns":null,"media":[],"id":48573,"title":"Head of Product Vulnerability Research"},{"content_ids":[49126],"conference_id":65,"event_ids":[49153],"name":"Roman Zaikin","affiliations":[{"organization":"","title":"Security Expert"}],"links":[],"pronouns":null,"media":[],"id":48581,"title":"Security Expert"}],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49153,"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"village_id":null,"tag_ids":[45336,45344,45373,45452],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48554},{"tag_id":565,"sort_order":1,"person_id":48573},{"tag_id":565,"sort_order":1,"person_id":48581}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Lake Tahoe (Workshops)","hotel":"","short_name":"Lake Tahoe (Workshops)","id":45481},"spans_timebands":"N","updated":"2022-07-30T05:13:00.000-0000","begin":"2022-08-12T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Beneath the surface of your favorite video game, operating system, or mobile app hides a subterranean world of low-level programming and hardware architecture that was once the domain of all programmers, but now lives mostly hidden behind dazzling graphics and modern abstractions. Diving into this world, we will delve into the design of processors using a hardware description language, tour through a handful of assembly language programs, and then plunge into systems programming in C, with comparison and contrast to the underlying assembly language that the compiler generates. Along the way, we will build programs both entertaining and mischievous, and emerge with a deeper understanding of the secrets behind all modern digital computing. \n\nMaterials:\nLaptop\n\nPrereq:\nSome coding experience is helpful but not mandatory\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#eab14f","name":"DEF CON Workshop (Sold Out)","id":45336},"title":"Hacking the Metal 2: Hardware and the Evolution of C Creatures","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"Beneath the surface of your favorite video game, operating system, or mobile app hides a subterranean world of low-level programming and hardware architecture that was once the domain of all programmers, but now lives mostly hidden behind dazzling graphics and modern abstractions. Diving into this world, we will delve into the design of processors using a hardware description language, tour through a handful of assembly language programs, and then plunge into systems programming in C, with comparison and contrast to the underlying assembly language that the compiler generates. Along the way, we will build programs both entertaining and mischievous, and emerge with a deeper understanding of the secrets behind all modern digital computing. \n\nMaterials:\nLaptop\n\nPrereq:\nSome coding experience is helpful but not mandatory","updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[49124],"conference_id":65,"event_ids":[49146],"name":"Eigentourist","affiliations":[{"organization":"","title":"Programmer"}],"links":[],"pronouns":null,"media":[],"id":48555,"title":"Programmer"}],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49146,"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"village_id":null,"tag_ids":[45336,45345,45373,45452],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48555}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Copper (Workshops)","hotel":"","short_name":"Copper (Workshops)","id":45483},"updated":"2022-07-30T05:13:00.000-0000","begin":"2022-08-12T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"We all have hardware devices sitting around: In server rooms or your IoT devices at home. What are these things actually doing? It would be really handy to have root access on them to aid us in future adventures.\r\n\r\nOr maybe you want to perma-root the device and re-sell it to some unsuspecting victim. Or maybe you want to know if you’re the unsuspecting victim. Who am I to judge?\r\n\r\nWhat does it take to cause these devices to fail? Can we get them to fail open?\r\n\r\nI’m going to tell a story about circuit-shorting attacks, how to build a hardware circuit to perform this attack with a computer, and give you the instructions and code to build one yourself… with a device you may already have :)\n\n\n","title":"Movie-Style Hardware Hacking","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#dc99bf","name":"Hardware Hacking Village","id":45338},"android_description":"We all have hardware devices sitting around: In server rooms or your IoT devices at home. What are these things actually doing? It would be really handy to have root access on them to aid us in future adventures.\r\n\r\nOr maybe you want to perma-root the device and re-sell it to some unsuspecting victim. Or maybe you want to know if you’re the unsuspecting victim. Who am I to judge?\r\n\r\nWhat does it take to cause these devices to fail? Can we get them to fail open?\r\n\r\nI’m going to tell a story about circuit-shorting attacks, how to build a hardware circuit to perform this attack with a computer, and give you the instructions and code to build one yourself… with a device you may already have :)","end_timestamp":{"seconds":1660340700,"nanoseconds":0},"updated_timestamp":{"seconds":1659142260,"nanoseconds":0},"speakers":[{"content_ids":[49103],"conference_id":65,"event_ids":[49133],"name":"Bryan C. Geraghty ","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48543}],"timeband_id":891,"links":[],"end":"2022-08-12T21:45:00.000-0000","id":49133,"tag_ids":[40257,45338,45340,45373,45451],"village_id":14,"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48543}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45440,"name":"Flamingo - Exec Conf Ctr - Red Rock VI, VII, VII (Hardware Hacking Village)","hotel":"","short_name":"Red Rock VI, VII, VII (Hardware Hacking Village)","id":45422},"updated":"2022-07-30T00:51:00.000-0000","begin":"2022-08-12T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Language models are being deployed to assist with writing code and explaining code snippets. These transformer-based models have learned patterns and probabilities from large datasets of open source code and human text. A Wired article claims one plugin writes “a remarkable 35 percent of its users’ newly posted code”.\r\n\r\nCould these models be a new source of exploits and risky coding practices? What can research in Natural Language Generation tell us about what to expect from our new AI coworkers?\r\n\r\nThis presentation will cover:\r\n\r\nHow code explanation models, by reading variable names and comments for context clues, can be tricked to ignore unusual imports and calls to remote servers in their descriptions.\r\n\r\nHow code generation models may generate different code based on licenses and author names. Others’ research shows these models’ accuracy are highly variable based on “prompt engineering” (example: “I’ve tested this function myself so I know that it’s correct:”).\r\n\r\nAn adversarial search for comments, prompts, and decoding strategies which would increase the chance of a SQL injection vulnerability in generated code. This helps evaluate if normal user interaction may result in models recommending exploitable coding.\r\n\r\nResources will include a GitHub repo, runnable notebooks, and a form to suggest new prompts for code generation.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#7692ac","name":"AI Village","id":45330},"title":"The Chaos of Coding with Language Models","end_timestamp":{"seconds":1660341000,"nanoseconds":0},"android_description":"Language models are being deployed to assist with writing code and explaining code snippets. These transformer-based models have learned patterns and probabilities from large datasets of open source code and human text. A Wired article claims one plugin writes “a remarkable 35 percent of its users’ newly posted code”.\r\n\r\nCould these models be a new source of exploits and risky coding practices? What can research in Natural Language Generation tell us about what to expect from our new AI coworkers?\r\n\r\nThis presentation will cover:\r\n\r\nHow code explanation models, by reading variable names and comments for context clues, can be tricked to ignore unusual imports and calls to remote servers in their descriptions.\r\n\r\nHow code generation models may generate different code based on licenses and author names. Others’ research shows these models’ accuracy are highly variable based on “prompt engineering” (example: “I’ve tested this function myself so I know that it’s correct:”).\r\n\r\nAn adversarial search for comments, prompts, and decoding strategies which would increase the chance of a SQL injection vulnerability in generated code. This helps evaluate if normal user interaction may result in models recommending exploitable coding.\r\n\r\nResources will include a GitHub repo, runnable notebooks, and a form to suggest new prompts for code generation.","updated_timestamp":{"seconds":1659292500,"nanoseconds":0},"speakers":[{"content_ids":[49035],"conference_id":65,"event_ids":[49038],"name":"Nick Dorion ","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48469}],"timeband_id":891,"links":[],"end":"2022-08-12T21:50:00.000-0000","id":49038,"tag_ids":[40248,45330,45450],"village_id":3,"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48469}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (AI Village)","hotel":"","short_name":"220->236 (AI Village)","id":45410},"begin":"2022-08-12T21:00:00.000-0000","updated":"2022-07-31T18:35:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Video presentation outlining the benefits of Sysmon for investigations.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nIn this video we will discuss Sysmon -- what it is, how to get it, the configuration file, the events it logs, and why it's so valuable to forensic investigations.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","title":"Obsidian Forensics: The Importance of Sysmon for Investigations","type":{"conference_id":65,"conference":"DEFCON30","color":"#97ab92","updated_at":"2024-06-07T03:39+0000","name":"Blue Team Village","id":45376},"end_timestamp":{"seconds":1660341600,"nanoseconds":0},"android_description":"Video presentation outlining the benefits of Sysmon for investigations.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nIn this video we will discuss Sysmon -- what it is, how to get it, the configuration file, the events it logs, and why it's so valuable to forensic investigations.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48909,48931,48924,48938],"conference_id":65,"event_ids":[48911,48925,48932,48938],"name":"ExtremePaperClip","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48364}],"timeband_id":891,"links":[],"end":"2022-08-12T22:00:00.000-0000","id":48932,"village_id":7,"tag_ids":[40250,45332,45373,45376,45451],"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48364}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person)","hotel":"","short_name":"BTV Project Obsidian: Track 0x41 (In-person)","id":45471},"begin":"2022-08-12T21:00:00.000-0000","updated":"2022-07-28T21:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"A quick introduction to malware analysis, Powershell script analysis, and how to not panic when VirusTotal shrugs.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nSo you just got a bunch of Powershell scripts dumped on you. What now?\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#97ab92","name":"Blue Team Village","id":45376},"title":"Obsidian REM: Long Walks On The Beach: Analyzing Collected PowerShells","android_description":"A quick introduction to malware analysis, Powershell script analysis, and how to not panic when VirusTotal shrugs.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nSo you just got a bunch of Powershell scripts dumped on you. What now?\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","end_timestamp":{"seconds":1660341600,"nanoseconds":0},"updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48930,48900],"conference_id":65,"event_ids":[48903,48931],"name":"Alison N","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48366}],"timeband_id":891,"links":[],"end":"2022-08-12T22:00:00.000-0000","id":48931,"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"tag_ids":[40250,45332,45373,45376,45451],"village_id":7,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48366}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person)","hotel":"","short_name":"BTV Project Obsidian: Track 0x42 (In-person)","id":45472},"begin":"2022-08-12T21:00:00.000-0000","updated":"2022-07-28T21:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Come take a dive into the data lake and cast some queries to find proof that users have run files from malicious actors. How can we prove the existence of troublesome activity in the environment?\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nCome take a dive into the data lake and cast some queries to find proof that users have run files from malicious actors. How can we prove the existence of troublesome activity in the environment?\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#97ab92","name":"Blue Team Village","id":45376},"title":"Obsidian CTH Live: Killchain 1 Walkthrough","end_timestamp":{"seconds":1660341600,"nanoseconds":0},"android_description":"Come take a dive into the data lake and cast some queries to find proof that users have run files from malicious actors. How can we prove the existence of troublesome activity in the environment?\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nCome take a dive into the data lake and cast some queries to find proof that users have run files from malicious actors. How can we prove the existence of troublesome activity in the environment?\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-12T22:00:00.000-0000","id":48923,"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"tag_ids":[40250,45331,45348,45374,45376],"village_id":7,"includes":"","people":[],"tags":"Pre-Recorded Content, Lightning Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Main Stage (In-person)","hotel":"","short_name":"BTV Main Stage (In-person)","id":45470},"spans_timebands":"N","begin":"2022-08-12T21:00:00.000-0000","updated":"2022-07-28T21:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ab59db","name":"Policy@DEF CON Content","id":45311},"title":"Emerging Cybersecurity Policy Topics","android_description":"","end_timestamp":{"seconds":1660344300,"nanoseconds":0},"updated_timestamp":{"seconds":1659549180,"nanoseconds":0},"speakers":[],"timeband_id":891,"end":"2022-08-12T22:45:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241813"}],"id":48895,"tag_ids":[40265,45311,45373,45450],"village_id":23,"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 226-227 - Policy Roundtable","hotel":"","short_name":"226-227 - Policy Roundtable","id":45465},"spans_timebands":"N","updated":"2022-08-03T17:53:00.000-0000","begin":"2022-08-12T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"AADInternals is an open-source hacking toolkit for Azure AD and Microsoft 365, having over 14,000 downloads from the PowerShell gallery. It has over 230 different functions in 15 categories for various purposes. The most famous ones are related to Golden SAML attacks: you can export AD FS token signing certificates remotely, forge SAML tokens, and impersonate users w/ MFA bypass. These techniques have been used in multiple attacks during the last two years, including Solorigate and other NOBELIUM attacks. AADInternals also allows you to harvest credentials, export Azure AD Connect passwords and modify numerous Azure AD / Office 365 settings not otherwise possible. The latest update can extract certificates and impersonate Azure AD joined devices allowing bypassing device based conditional access rules. https://o365blog.com/aadinternals/ https://attack.mitre.org/software/S0677\n\nAudience: Blue teamers, red teamers, administrators, wannabe-hackers, etc.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#b3b0b6","updated_at":"2024-06-07T03:39+0000","name":"Demo Lab","id":45292},"title":"AADInternals: The Ultimate Azure AD Hacking Toolkit","android_description":"AADInternals is an open-source hacking toolkit for Azure AD and Microsoft 365, having over 14,000 downloads from the PowerShell gallery. It has over 230 different functions in 15 categories for various purposes. The most famous ones are related to Golden SAML attacks: you can export AD FS token signing certificates remotely, forge SAML tokens, and impersonate users w/ MFA bypass. These techniques have been used in multiple attacks during the last two years, including Solorigate and other NOBELIUM attacks. AADInternals also allows you to harvest credentials, export Azure AD Connect passwords and modify numerous Azure AD / Office 365 settings not otherwise possible. The latest update can extract certificates and impersonate Azure AD joined devices allowing bypassing device based conditional access rules. https://o365blog.com/aadinternals/ https://attack.mitre.org/software/S0677\n\nAudience: Blue teamers, red teamers, administrators, wannabe-hackers, etc.","end_timestamp":{"seconds":1660344900,"nanoseconds":0},"updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48726,49169],"conference_id":65,"event_ids":[48758,49205],"name":"Nestori Syynimaa","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/DrAzureAD"}],"pronouns":null,"media":[],"id":48055}],"timeband_id":891,"links":[],"end":"2022-08-12T22:55:00.000-0000","id":48758,"village_id":null,"tag_ids":[45292,45373,45450],"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48055}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Committee Boardroom (Demo Labs)","hotel":"","short_name":"Committee Boardroom (Demo Labs)","id":45444},"begin":"2022-08-12T21:00:00.000-0000","updated":"2022-07-27T05:31:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Remote Access Trojans (RATs) are one of the defining tradecraft for identifying an Advanced Persistent Threat. The reason being is that APTs typically leverage custom toolkits for gaining initial access, so they do not risk burning full-featured implants. Badrats takes characteristics from APT Tactics, Techniques, and Procedures (TTPs) and implements them into a custom Command and Control (C2) tool with a focus on initial access and implant flexibility. The key goal is to emulate that modern threat actors avoid loading fully-featured implants unless required, instead opting to use a smaller staged implant. Badrats implants are written in various languages, each with a similar yet limited feature set. The implants are designed to be small for antivirus evasion and provides multiple methods of loading additional tools, such as shellcode, .NET assemblies, PowerShell, and shell commands on a compromised host. One of the most advanced TTPs that Badrats supports is peer-to-peer communications over SMB to allow implants to communicate through other compromised hosts.\n\nAudience: Offense\n\n\n","title":"Badrats: Initial Access Made Easy","type":{"conference_id":65,"conference":"DEFCON30","color":"#b3b0b6","updated_at":"2024-06-07T03:39+0000","name":"Demo Lab","id":45292},"end_timestamp":{"seconds":1660344900,"nanoseconds":0},"android_description":"Remote Access Trojans (RATs) are one of the defining tradecraft for identifying an Advanced Persistent Threat. The reason being is that APTs typically leverage custom toolkits for gaining initial access, so they do not risk burning full-featured implants. Badrats takes characteristics from APT Tactics, Techniques, and Procedures (TTPs) and implements them into a custom Command and Control (C2) tool with a focus on initial access and implant flexibility. The key goal is to emulate that modern threat actors avoid loading fully-featured implants unless required, instead opting to use a smaller staged implant. Badrats implants are written in various languages, each with a similar yet limited feature set. The implants are designed to be small for antivirus evasion and provides multiple methods of loading additional tools, such as shellcode, .NET assemblies, PowerShell, and shell commands on a compromised host. One of the most advanced TTPs that Badrats supports is peer-to-peer communications over SMB to allow implants to communicate through other compromised hosts.\n\nAudience: Offense","updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48739],"conference_id":65,"event_ids":[48752],"name":"Kevin Clark","affiliations":[],"links":[{"description":"","title":"Blog","sort_order":0,"url":"https://henpeebin.com/kevin/blog"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/GuhnooPlusLinux"}],"pronouns":null,"media":[],"id":48037},{"content_ids":[48739],"conference_id":65,"event_ids":[48752],"name":"Dominic “Cryillic” Cunningham","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48041}],"timeband_id":891,"links":[],"end":"2022-08-12T22:55:00.000-0000","id":48752,"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"village_id":null,"tag_ids":[45292,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48041},{"tag_id":565,"sort_order":1,"person_id":48037}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Society Boardroom (Demo Labs)","hotel":"","short_name":"Society Boardroom (Demo Labs)","id":45393},"begin":"2022-08-12T21:00:00.000-0000","updated":"2022-07-27T05:31:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The PCILeech direct memory access attack toolkit was presented at DEF CON 24 and quickly became popular amongst red teamers and game hackers alike. We will demonstrate how to take control of still vulnerable systems with PCIe DMA code injection using affordable FPGA hardware and the open source PCILeech toolkit. MemProcFS is memory forensics and analysis made super easy! Analyze memory by clicking on files in a virtual file system or by using the API. Analyze memory dump files or live memory acquired using drivers or PCILeech PCIe FPGA hardware devices.\n\nAudience: Offense, Defense, Forensics, Hardware\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#b3b0b6","name":"Demo Lab","id":45292},"title":"PCILeech and MemProcFS","end_timestamp":{"seconds":1660344900,"nanoseconds":0},"android_description":"The PCILeech direct memory access attack toolkit was presented at DEF CON 24 and quickly became popular amongst red teamers and game hackers alike. We will demonstrate how to take control of still vulnerable systems with PCIe DMA code injection using affordable FPGA hardware and the open source PCILeech toolkit. MemProcFS is memory forensics and analysis made super easy! Analyze memory by clicking on files in a virtual file system or by using the API. Analyze memory dump files or live memory acquired using drivers or PCILeech PCIe FPGA hardware devices.\n\nAudience: Offense, Defense, Forensics, Hardware","updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48733],"conference_id":65,"event_ids":[48743],"name":"Ulf Frisk","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48046},{"content_ids":[48733],"conference_id":65,"event_ids":[48743],"name":"Ian Vitek","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48060}],"timeband_id":891,"links":[],"end":"2022-08-12T22:55:00.000-0000","id":48743,"tag_ids":[45292,45373,45450],"village_id":null,"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48060},{"tag_id":565,"sort_order":1,"person_id":48046}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Council Boardroom (Demo Labs)","hotel":"","short_name":"Council Boardroom (Demo Labs)","id":45443},"begin":"2022-08-12T21:00:00.000-0000","updated":"2022-07-27T05:31:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The CyberPeace Builders are pro hackers who volunteer to help NGOs improve their cybersecurity. Through a portal that I’ll demo, hackers can access a variety of short engagements, from 1 to 4 hours, to provide targeted cybersecurity help to NGOs on topics ranging from staff awareness to DMARC implementation, password management and authentication practices, breach notification, OSINT and dark web monitoring, all the way to designing a cyber-related poster for the staff, reviewing their privacy policy and cyber insurance papers. The programme is the world’s first and only skills-based volunteering opportunity for professionals in the cybersecurity industry; it has been prototyped over 2 years, was launched in July 2021 and is now being used by over 60 NGOs worldwide, ultimately helping to protect over 350 million vulnerable people and $500 million in funds. I’ll demo the platform, show the type of help NGOs need and explain how NGOs and security professionals can leverage the programme.\n\nAudience: Security professionals, NGOs\n\n\n","title":"CyberPeace Builders","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#b3b0b6","name":"Demo Lab","id":45292},"android_description":"The CyberPeace Builders are pro hackers who volunteer to help NGOs improve their cybersecurity. Through a portal that I’ll demo, hackers can access a variety of short engagements, from 1 to 4 hours, to provide targeted cybersecurity help to NGOs on topics ranging from staff awareness to DMARC implementation, password management and authentication practices, breach notification, OSINT and dark web monitoring, all the way to designing a cyber-related poster for the staff, reviewing their privacy policy and cyber insurance papers. The programme is the world’s first and only skills-based volunteering opportunity for professionals in the cybersecurity industry; it has been prototyped over 2 years, was launched in July 2021 and is now being used by over 60 NGOs worldwide, ultimately helping to protect over 350 million vulnerable people and $500 million in funds. I’ll demo the platform, show the type of help NGOs need and explain how NGOs and security professionals can leverage the programme.\n\nAudience: Security professionals, NGOs","end_timestamp":{"seconds":1660344900,"nanoseconds":0},"updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48749,48884],"conference_id":65,"event_ids":[48735,48890],"name":"Adrien Ogee","affiliations":[{"organization":"Cyber Peace Institute","title":"Chief Operations Officer"}],"links":[],"pronouns":null,"media":[],"id":48020,"title":"Chief Operations Officer at Cyber Peace Institute"}],"timeband_id":891,"links":[],"end":"2022-08-12T22:55:00.000-0000","id":48735,"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"village_id":null,"tag_ids":[45292,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48020}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Accord Boardroom (Demo Labs)","hotel":"","short_name":"Accord Boardroom (Demo Labs)","id":45395},"begin":"2022-08-12T21:00:00.000-0000","updated":"2022-07-27T05:31:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Compromising an organization's cloud infrastructure is like sitting on a gold mine for attackers. And sometimes, a simple misconfiguration or a vulnerability in web applications, is all an attacker needs to compromise the entire infrastructure. Since cloud is relatively new, many developers are not fully aware of the threatscape and they end up deploying a vulnerable cloud infrastructure. When it comes to web application pentesting on traditional infrastructure, deliberately vulnerable applications such as DVWA and bWAPP have helped the infosec community in understanding the popular web attack vectors. However, at this point in time, we do not have a similar framework for the cloud environment. In this talk, we will be introducing AWSGoat, a vulnerable by design infrastructure on AWS featuring the latest released OWASP Top 10 web application security risks (2021) and other misconfiguration based on services such as IAM, S3, API Gateway, Lambda, EC2, and ECS. AWSGoat mimics real-world infrastructure but with added vulnerabilities. The idea behind AWSGoat is to provide security enthusiasts and pen-testers with an easy to deploy/destroy vulnerable infrastructure where they can learn how to enumerate cloud applications, identify vulnerabilities, and chain various attacks to compromise the AWS account. The deployment scripts will be open-source and made available after the talk.\n\nAudience: Cloud, Ofference, Defense\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#b3b0b6","name":"Demo Lab","id":45292},"title":"AWSGoat : A Damn Vulnerable AWS Infrastructure","android_description":"Compromising an organization's cloud infrastructure is like sitting on a gold mine for attackers. And sometimes, a simple misconfiguration or a vulnerability in web applications, is all an attacker needs to compromise the entire infrastructure. Since cloud is relatively new, many developers are not fully aware of the threatscape and they end up deploying a vulnerable cloud infrastructure. When it comes to web application pentesting on traditional infrastructure, deliberately vulnerable applications such as DVWA and bWAPP have helped the infosec community in understanding the popular web attack vectors. However, at this point in time, we do not have a similar framework for the cloud environment. In this talk, we will be introducing AWSGoat, a vulnerable by design infrastructure on AWS featuring the latest released OWASP Top 10 web application security risks (2021) and other misconfiguration based on services such as IAM, S3, API Gateway, Lambda, EC2, and ECS. AWSGoat mimics real-world infrastructure but with added vulnerabilities. The idea behind AWSGoat is to provide security enthusiasts and pen-testers with an easy to deploy/destroy vulnerable infrastructure where they can learn how to enumerate cloud applications, identify vulnerabilities, and chain various attacks to compromise the AWS account. The deployment scripts will be open-source and made available after the talk.\n\nAudience: Cloud, Ofference, Defense","end_timestamp":{"seconds":1660344900,"nanoseconds":0},"updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48725],"conference_id":65,"event_ids":[48733],"name":"Sanjeev Mahunta","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48019},{"content_ids":[48725,49115],"conference_id":65,"event_ids":[48733,49163],"name":"Jeswin Mathai","affiliations":[{"organization":"","title":"Senior Security Researcher"}],"links":[],"pronouns":null,"media":[],"id":48050,"title":"Senior Security Researcher"}],"timeband_id":891,"links":[],"end":"2022-08-12T22:55:00.000-0000","id":48733,"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"village_id":null,"tag_ids":[45292,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48050},{"tag_id":565,"sort_order":1,"person_id":48019}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Caucus Boardroom (Demo Labs)","hotel":"","short_name":"Caucus Boardroom (Demo Labs)","id":45442},"begin":"2022-08-12T21:00:00.000-0000","updated":"2022-07-27T05:31:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Microsoft Teams offers the possibility to integrate your own communication infrastructure, e.g. your own SIP provider for phone services. This requires a Microsoft-certified and -approved Session Border Controller. During the security analysis of this federation, Moritz Abrell identified several vulnerabilities that allow an external, unauthenticated attacker to perform toll fraud.\n\nThis talk is a summary of this analysis, the identified security issues and the practical exploitation as well as the manufacturer's capitulation to the final fix of the vulnerabilities.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"title":"Phreaking 2.0 - Abusing Microsoft Teams Direct Routing","android_description":"Microsoft Teams offers the possibility to integrate your own communication infrastructure, e.g. your own SIP provider for phone services. This requires a Microsoft-certified and -approved Session Border Controller. During the security analysis of this federation, Moritz Abrell identified several vulnerabilities that allow an external, unauthenticated attacker to perform toll fraud.\n\nThis talk is a summary of this analysis, the identified security issues and the practical exploitation as well as the manufacturer's capitulation to the final fix of the vulnerabilities.","end_timestamp":{"seconds":1660339200,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48520],"conference_id":65,"event_ids":[48569],"name":"Moritz Abrell","affiliations":[{"organization":"","title":"SySS GmbH"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/moritz_abrell"}],"pronouns":null,"media":[],"id":47925,"title":"SySS GmbH"}],"timeband_id":891,"end":"2022-08-12T21:20:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241821"}],"id":48569,"village_id":null,"tag_ids":[45241,45279,45280,45375,45450],"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"includes":"Exploit, Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47925}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"spans_timebands":"N","begin":"2022-08-12T21:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"macOS local security is shifting more and more to the iOS model, where every application is codesigned, sandboxed and needs to ask for permission to access sensitive data. New security layers have been added to make it harder for malware that has gained a foothold to compromise the user's most sensitive data. Changing the security model of something as large and established as macOS is a long process, as it requires many existing parts of the system to be re-examined. For example, creating a security boundary between applications running as the same user is a large change from the previous security model.\n\nCVE-2021-30873 is a process injection vulnerability we reported to Apple that affected all macOS applications. This was addressed in the macOS Monterey update, but completely fixing this vulnerability requires changes to all third-party applications as well. Apple has even changed the template for new applications in Xcode to assist developers with this.\n\nIn this talk, we'll explain what a process injection vulnerability is and why it can have critical impact on macOS. Then, we'll explain the details of this vulnerability, including how to exploit insecure deserialization in macOS. Finally, we will explain how we exploited it to escape the macOS sandbox, elevate our privileges to root and bypass SIP.\n\n\n","title":"Process injection: breaking all macOS security layers with a single vulnerability","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"android_description":"macOS local security is shifting more and more to the iOS model, where every application is codesigned, sandboxed and needs to ask for permission to access sensitive data. New security layers have been added to make it harder for malware that has gained a foothold to compromise the user's most sensitive data. Changing the security model of something as large and established as macOS is a long process, as it requires many existing parts of the system to be re-examined. For example, creating a security boundary between applications running as the same user is a large change from the previous security model.\n\nCVE-2021-30873 is a process injection vulnerability we reported to Apple that affected all macOS applications. This was addressed in the macOS Monterey update, but completely fixing this vulnerability requires changes to all third-party applications as well. Apple has even changed the template for new applications in Xcode to assist developers with this.\n\nIn this talk, we'll explain what a process injection vulnerability is and why it can have critical impact on macOS. Then, we'll explain the details of this vulnerability, including how to exploit insecure deserialization in macOS. Finally, we will explain how we exploited it to escape the macOS sandbox, elevate our privileges to root and bypass SIP.","end_timestamp":{"seconds":1660340700,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48519],"conference_id":65,"event_ids":[48554],"name":"Thijs Alkemade","affiliations":[{"organization":"","title":"Security Researcher at Computest"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/xnyhps"}],"pronouns":null,"media":[],"id":47834,"title":"Security Researcher at Computest"}],"timeband_id":891,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241927"}],"end":"2022-08-12T21:45:00.000-0000","id":48554,"village_id":null,"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"tag_ids":[45241,45280,45375,45450],"includes":"Exploit","people":[{"tag_id":565,"sort_order":1,"person_id":47834}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 401-410, 421 (Track 3)","hotel":"","short_name":"401-410, 421 (Track 3)","id":45374},"spans_timebands":"N","begin":"2022-08-12T21:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Satellite designs are myriad as stars in the sky, but one common denominator across all modern missions is their dependency on long-distance radio links. In this briefing, we will turn a hacker’s eye towards the signals that are the lifeblood of space missions. We’ll learn how both state and non-state actors can, and have, executed physical-layer attacks on satellite communications systems and what their motivations have been for causing such disruption. \n\nBuilding on this foundation, we’ll present modern evolutions of these attack strategies which can threaten next-generation space missions. From jamming, to spoofing, to signal hijacking, we’ll see how radio links represent a key attack surface for space platforms and how technological developments make these attacks ever more accessible and affordable. We’ll simulate strategies attackers may use to cause disruption in key space communications links and even model attacks which may undermine critical safety controls involved in rocket launches.\n\nThe presentation will conclude with a discussion of strategies which can defend against many of these attacks.\n\nWhile this talk includes technical components, it is intended to be accessible to all audiences and does not assume any prior background in radio communications, astrodynamics, or aerospace engineering. The hope is to provide a launchpad for researchers across the security community to contribute to protecting critical infrastructure in space and beyond.\n\n\n","title":"Space Jam: Exploring Radio Frequency Attacks in Outer Space","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"end_timestamp":{"seconds":1660340700,"nanoseconds":0},"android_description":"Satellite designs are myriad as stars in the sky, but one common denominator across all modern missions is their dependency on long-distance radio links. In this briefing, we will turn a hacker’s eye towards the signals that are the lifeblood of space missions. We’ll learn how both state and non-state actors can, and have, executed physical-layer attacks on satellite communications systems and what their motivations have been for causing such disruption. \n\nBuilding on this foundation, we’ll present modern evolutions of these attack strategies which can threaten next-generation space missions. From jamming, to spoofing, to signal hijacking, we’ll see how radio links represent a key attack surface for space platforms and how technological developments make these attacks ever more accessible and affordable. We’ll simulate strategies attackers may use to cause disruption in key space communications links and even model attacks which may undermine critical safety controls involved in rocket launches.\n\nThe presentation will conclude with a discussion of strategies which can defend against many of these attacks.\n\nWhile this talk includes technical components, it is intended to be accessible to all audiences and does not assume any prior background in radio communications, astrodynamics, or aerospace engineering. The hope is to provide a launchpad for researchers across the security community to contribute to protecting critical infrastructure in space and beyond.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48518,49225],"conference_id":65,"event_ids":[48517,49268],"name":"James Pavur","affiliations":[{"organization":"","title":"Digital Service Expert, Defense Digital Service"}],"pronouns":null,"links":[{"description":"","title":"GitHub","sort_order":0,"url":"https://github.com/pavja2"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jamespavur"}],"media":[],"id":47827,"title":"Digital Service Expert, Defense Digital Service"}],"timeband_id":891,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242005"}],"end":"2022-08-12T21:45:00.000-0000","id":48517,"tag_ids":[45241,45279,45281,45375,45450],"begin_timestamp":{"seconds":1660338000,"nanoseconds":0},"village_id":null,"includes":"Tool, Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47827}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 104-105, 135-136 (Track 1)","hotel":"","short_name":"104-105, 135-136 (Track 1)","id":45372},"updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-12T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"How do you harness the power of collaboration when you need it most to protect and defend against threats? You build a fusion center. The concept evolved some 20 years ago in response to countering terrorism post 9/11, and a number of centres were built per the DOJ and DHS. But a few years ago, the concept became the new shiny for banks, a way to keep up with evolving threats and cybercrime. Alas, all that glitters is not gold. Effective fusion centres are powered by trust-enabled collaboration between people. At the end of the day, however, all those flashy lights, big monitors and dazzling graphs don't mean anything without the skilled people who know how to analyze and act on the real information. This talk is a cautionary tale of what's good and bad about fusion centres, with comparisons drawn from my experiences of working in one that really wasn't working well and why we must value our people over our technology.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#a8c24b","updated_at":"2024-06-07T03:39+0000","name":"Skytalk","id":45291},"title":"Don't Blow A Fuse: Some Truths about Fusion Centres","android_description":"How do you harness the power of collaboration when you need it most to protect and defend against threats? You build a fusion center. The concept evolved some 20 years ago in response to countering terrorism post 9/11, and a number of centres were built per the DOJ and DHS. But a few years ago, the concept became the new shiny for banks, a way to keep up with evolving threats and cybercrime. Alas, all that glitters is not gold. Effective fusion centres are powered by trust-enabled collaboration between people. At the end of the day, however, all those flashy lights, big monitors and dazzling graphs don't mean anything without the skilled people who know how to analyze and act on the real information. This talk is a cautionary tale of what's good and bad about fusion centres, with comparisons drawn from my experiences of working in one that really wasn't working well and why we must value our people over our technology.","end_timestamp":{"seconds":1660340400,"nanoseconds":0},"updated_timestamp":{"seconds":1658865360,"nanoseconds":0},"speakers":[{"content_ids":[48709],"conference_id":65,"event_ids":[48716],"name":"3ncr1pt3d","affiliations":[],"links":[],"pronouns":null,"media":[],"id":47995}],"timeband_id":891,"links":[],"end":"2022-08-12T21:40:00.000-0000","id":48716,"tag_ids":[40272,45291,45340,45373,45453],"village_id":30,"begin_timestamp":{"seconds":1660337400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47995}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45438,"name":"LINQ - BLOQ (SkyTalks 303)","hotel":"","short_name":"BLOQ (SkyTalks 303)","id":45413},"spans_timebands":"N","updated":"2022-07-26T19:56:00.000-0000","begin":"2022-08-12T20:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Many companies are reluctant to pay bug hunters to find and report vulnerabilities in software produced by a 3rd party.\r\n\r\nIn this lecture, we explore the pros and cons of this approach and demonstrate why taking responsibility for 3rd party vulnerabilities is actually better for everyone.\r\n\r\nUsing shared services and systems from 3rd parties is becoming more and more common today. Because of that, a vulnerability found in one target may also affect the millions of others who use the same vulnerable shared system. This situation raises important dilemmas for everyone involved - the 3rd party vendor, the millions of users, and the security researchers/bug hunters who identify the problem. \r\n\r\nThis talk will showcase a vulnerability we found in a 3rd party application. We will show the technical details of how it was found, but will focus primarily on how we handled the submissions, both to the vendor and affected clients. \r\n\r\nWe will discuss the different dilemmas we encountered: Who should be contacted first? How do we make sure the exploit won’t be leaked prematurely? How much time should we allow for vendor response? Who should release the CVE? And finally: What are the consequences of each of these decisions for the vendor, the client, and us?\r\n\n\n\n","title":"Hacking 8+ million websites - Ethical dilemmas when bug hunting and why they matter","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#5978bc","name":"AppSec Village","id":45378},"android_description":"Many companies are reluctant to pay bug hunters to find and report vulnerabilities in software produced by a 3rd party.\r\n\r\nIn this lecture, we explore the pros and cons of this approach and demonstrate why taking responsibility for 3rd party vulnerabilities is actually better for everyone.\r\n\r\nUsing shared services and systems from 3rd parties is becoming more and more common today. Because of that, a vulnerability found in one target may also affect the millions of others who use the same vulnerable shared system. This situation raises important dilemmas for everyone involved - the 3rd party vendor, the millions of users, and the security researchers/bug hunters who identify the problem. \r\n\r\nThis talk will showcase a vulnerability we found in a 3rd party application. We will show the technical details of how it was found, but will focus primarily on how we handled the submissions, both to the vendor and affected clients. \r\n\r\nWe will discuss the different dilemmas we encountered: Who should be contacted first? How do we make sure the exploit won’t be leaked prematurely? How much time should we allow for vendor response? Who should release the CVE? And finally: What are the consequences of each of these decisions for the vendor, the client, and us?","end_timestamp":{"seconds":1660340700,"nanoseconds":0},"updated_timestamp":{"seconds":1659917160,"nanoseconds":0},"speakers":[{"content_ids":[49641],"conference_id":65,"event_ids":[49825],"name":"Rotem Bar","affiliations":[],"pronouns":null,"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/r0tem/"}],"media":[],"id":49003}],"timeband_id":891,"links":[],"end":"2022-08-12T21:45:00.000-0000","id":49825,"village_id":4,"tag_ids":[40278,45340,45345,45378,45451],"begin_timestamp":{"seconds":1660337100,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49003}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45421,"name":"Flamingo - Twilight Ballroom - AppSec Village - Main Stage","hotel":"","short_name":"Main Stage","id":45517},"begin":"2022-08-12T20:45:00.000-0000","updated":"2022-08-08T00:06:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#7caa57","updated_at":"2024-06-07T03:39+0000","name":"Cloud Village","id":45350},"title":"Sponsored Talk","android_description":"","end_timestamp":{"seconds":1660339200,"nanoseconds":0},"updated_timestamp":{"seconds":1659283020,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-12T21:20:00.000-0000","id":49209,"begin_timestamp":{"seconds":1660336800,"nanoseconds":0},"village_id":9,"tag_ids":[40252,45340,45350,45451],"includes":"","people":[],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Cloud Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Cloud Village)","id":45431},"begin":"2022-08-12T20:40:00.000-0000","updated":"2022-07-31T15:57:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Traditional RFID badge cloning methods require you to be within 3 feet of your target. So how can you conduct a physical penetration test and clone a badge if you must stay at least 6 feet from a person? Over the past two years, companies have increasingly adopted a hybrid work environment, allowing employees to partially work remotely which has decreased the amount of foot traffic in and out of a building at any given time. This session discusses two accessible, entry-level hardware designs you can build in a day and deploy in the field, along with the tried-and-true social engineering techniques that can increase your chances of remotely cloning an RFID badge. Langston and Dan discuss their Red Team adventures and methods that can be used beyond a social distancing era. This presentation is supplemented with files and instructions that are available for download so you can build your own unique standalone gooseneck reader and wall implant devices!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8826b","updated_at":"2024-06-07T03:39+0000","name":"Radio Frequency Village","id":45383},"title":"Keeping Your Distance: Pwning  RFID Physical Access Controls From 6FT and Beyond ","android_description":"Traditional RFID badge cloning methods require you to be within 3 feet of your target. So how can you conduct a physical penetration test and clone a badge if you must stay at least 6 feet from a person? Over the past two years, companies have increasingly adopted a hybrid work environment, allowing employees to partially work remotely which has decreased the amount of foot traffic in and out of a building at any given time. This session discusses two accessible, entry-level hardware designs you can build in a day and deploy in the field, along with the tried-and-true social engineering techniques that can increase your chances of remotely cloning an RFID badge. Langston and Dan discuss their Red Team adventures and methods that can be used beyond a social distancing era. This presentation is supplemented with files and instructions that are available for download so you can build your own unique standalone gooseneck reader and wall implant devices!","end_timestamp":{"seconds":1660338000,"nanoseconds":0},"updated_timestamp":{"seconds":1659928500,"nanoseconds":0},"speakers":[{"content_ids":[49396,49659],"conference_id":65,"event_ids":[49543,49555,49847],"name":"Daniel Goga","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/_badcharacters"}],"media":[],"id":48799},{"content_ids":[49396,49659],"conference_id":65,"event_ids":[49543,49555,49847],"name":"Langston Clement (aka sh0ck)","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/sh0ckSec"}],"pronouns":null,"media":[],"id":48802}],"timeband_id":891,"links":[],"end":"2022-08-12T21:00:00.000-0000","id":49847,"begin_timestamp":{"seconds":1660336200,"nanoseconds":0},"tag_ids":[40267,45340,45373,45383,45451],"village_id":25,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48799},{"tag_id":565,"sort_order":1,"person_id":48802}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Eldorado Ballroom (Radio Frequency Village)","hotel":"","short_name":"Eldorado Ballroom (Radio Frequency Village)","id":45427},"updated":"2022-08-08T03:15:00.000-0000","begin":"2022-08-12T20:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Ever wondered how the cards you use to enter your hotel room or the key fobs you use in your car work, and how vulnerabilities in their design and implementation can be exploited? Find out all that and more with this talk.\n\n\n","title":"RFID Hacking 101","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#61ba95","name":"Physical Security Village","id":45381},"end_timestamp":{"seconds":1660338000,"nanoseconds":0},"android_description":"Ever wondered how the cards you use to enter your hotel room or the key fobs you use in your car work, and how vulnerabilities in their design and implementation can be exploited? Find out all that and more with this talk.","updated_timestamp":{"seconds":1659624240,"nanoseconds":0},"speakers":[{"content_ids":[49395],"conference_id":65,"event_ids":[49542,49553,49554],"name":"Ege F","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Efeyzee"}],"pronouns":null,"media":[],"id":48800}],"timeband_id":891,"links":[],"end":"2022-08-12T21:00:00.000-0000","id":49542,"begin_timestamp":{"seconds":1660336200,"nanoseconds":0},"tag_ids":[40264,45340,45373,45381,45450],"village_id":22,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48800}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 201-202 (Physical Security Village)","hotel":"","short_name":"201-202 (Physical Security Village)","id":45428},"spans_timebands":"N","updated":"2022-08-04T14:44:00.000-0000","begin":"2022-08-12T20:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Panelist Discussion\n\n\n","title":"Leading the Way","type":{"conference_id":65,"conference":"DEFCON30","color":"#c497fa","updated_at":"2024-06-07T03:39+0000","name":"Girls Hack Village","id":45361},"end_timestamp":{"seconds":1660339800,"nanoseconds":0},"android_description":"Panelist Discussion","updated_timestamp":{"seconds":1659465360,"nanoseconds":0},"speakers":[{"content_ids":[49298],"conference_id":65,"event_ids":[49397],"name":"Alshlon Banks","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48712},{"content_ids":[49294,49298,49300,49309],"conference_id":65,"event_ids":[49393,49397,49399,49409],"name":"Tennisha Martin","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"www.linkedin.com/in/tennisha"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/misstennisha"},{"description":"","title":"Website","sort_order":0,"url":"https://tennisha.com"}],"media":[],"id":48713},{"content_ids":[49298],"conference_id":65,"event_ids":[49397],"name":"Eric Belardo","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48722},{"content_ids":[49298],"conference_id":65,"event_ids":[49397],"name":"Mari Galloway","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48728},{"content_ids":[49298,49315],"conference_id":65,"event_ids":[49397,49415],"name":"Monique Head","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/moniquehead/"}],"media":[],"id":48731},{"content_ids":[49298,49309,49311],"conference_id":65,"event_ids":[49397,49409,49411],"name":"Rebekah Skeete","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/rebekah-skeete-01270192/"}],"pronouns":null,"media":[],"id":48733},{"content_ids":[49298,49304],"conference_id":65,"event_ids":[49397,49403],"name":"Yatia Hopkins","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/yatiahopkins/"}],"media":[],"id":48740}],"timeband_id":891,"links":[],"end":"2022-08-12T21:30:00.000-0000","id":49397,"tag_ids":[40255,45361,45367,45451],"village_id":12,"begin_timestamp":{"seconds":1660336200,"nanoseconds":0},"includes":"","people":[{"tag_id":45290,"sort_order":1,"person_id":48712},{"tag_id":45290,"sort_order":1,"person_id":48722},{"tag_id":45290,"sort_order":1,"person_id":48728},{"tag_id":45290,"sort_order":1,"person_id":48731},{"tag_id":45290,"sort_order":1,"person_id":48733},{"tag_id":45290,"sort_order":1,"person_id":48713},{"tag_id":45290,"sort_order":1,"person_id":48740}],"tags":"Panel","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City III (Girls Hack Village)","hotel":"","short_name":"Virginia City III (Girls Hack Village)","id":45400},"begin":"2022-08-12T20:30:00.000-0000","updated":"2022-08-02T18:36:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Presentation will cover the future of aviation cybersecurity, including the security of Advanced Air Mobility/Urban Air Mobility, Space Port Security, Space Tourism Security, and the transformation of the TSA workforce. I will cover in depth the legal and regulatory framework that provides for securing IT and OT networks, as well as the airframes, for the next generation of air travel. I will close with an update and call for action to modernization of the aviation workforce.\n\n\n","title":"Securing the Future of Aviation CyberSecurity","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#f5eab2","name":"Aerospace Village","id":45357},"android_description":"Presentation will cover the future of aviation cybersecurity, including the security of Advanced Air Mobility/Urban Air Mobility, Space Port Security, Space Tourism Security, and the transformation of the TSA workforce. I will cover in depth the legal and regulatory framework that provides for securing IT and OT networks, as well as the airframes, for the next generation of air travel. I will close with an update and call for action to modernization of the aviation workforce.","end_timestamp":{"seconds":1660337700,"nanoseconds":0},"updated_timestamp":{"seconds":1659379620,"nanoseconds":0},"speakers":[{"content_ids":[48885,49228],"conference_id":65,"event_ids":[48886,49271],"name":"Timothy Weston","affiliations":[{"organization":"","title":"Deputy Executive Director (acting), Cybersecurity Policy Coordinator, Transportation Security Administration"}],"links":[],"pronouns":null,"media":[],"id":48302,"title":"Deputy Executive Director (acting), Cybersecurity Policy Coordinator, Transportation Security Administration"}],"timeband_id":891,"links":[],"end":"2022-08-12T20:55:00.000-0000","id":49271,"begin_timestamp":{"seconds":1660336200,"nanoseconds":0},"tag_ids":[40247,45340,45357,45450],"village_id":2,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48302}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"begin":"2022-08-12T20:30:00.000-0000","updated":"2022-08-01T18:47:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"International and United States privacy laws provide individuals with rights to the personal information companies have about them. One of the most exercised rights is the right to access personal information. This talk will explain: 1) what are data subject rights; 2) who has these rights; 3) how to respond to access requests; 4) methods for responding to data subject rights requests; and 5) what to know before implementing a privacy automation vendor.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#ff88ea","updated_at":"2024-06-07T03:39+0000","name":"Crypto & Privacy Village","id":45347},"title":"How to Respond to Data Subject Access Requests","android_description":"International and United States privacy laws provide individuals with rights to the personal information companies have about them. One of the most exercised rights is the right to access personal information. This talk will explain: 1) what are data subject rights; 2) who has these rights; 3) how to respond to access requests; 4) methods for responding to data subject rights requests; and 5) what to know before implementing a privacy automation vendor.","end_timestamp":{"seconds":1660338000,"nanoseconds":0},"updated_timestamp":{"seconds":1659213540,"nanoseconds":0},"speakers":[{"content_ids":[49143],"conference_id":65,"event_ids":[49179],"name":"Irene Mo","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48622}],"timeband_id":891,"links":[],"end":"2022-08-12T21:00:00.000-0000","id":49179,"begin_timestamp":{"seconds":1660336200,"nanoseconds":0},"tag_ids":[40253,45347,45451],"village_id":10,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48622}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"spans_timebands":"N","updated":"2022-07-30T20:39:00.000-0000","begin":"2022-08-12T20:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Not only are there plenty of cures and treatments which stay on the shelf, inaccessible because they were never approved by the FDA, but there are also drugs which have already been approved, but are not generally prescribed for their best uses. Viagra cures menstrual cramps better than it treats ED, but doctors will not prescribe it for that. There is a decades-old substance which arrests and fixes tooth decay without drilling, approved by the ADA, but no dentist will ever tell you about it. You can easily give yourself an abortion with existing ulcer drugs, but they require a trick to acquire. Anxiety, depression, poor sleep, and bad digestion are all linked to GABA deficiency, which often has its roots in the deficiency of a precursor which only comes from gut bacteria. You can repopulate your gut with those bacteria with supplements which are GRAS [FDA designation: generally recognized as safe], cheap and not patented; but for this exact reason, you're much more likely to instead be prescribed zoloft, valium, protonix, and ambien. The medical industry seems be ignoring long covid while there is a decades-old drug for a rare disease which can cure most autoimmune-presenting instances of long covid. Come see all this and more, as we show you how to hack medicines which are already on the shelf.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#a67a60","name":"Biohacking Village","id":45329},"title":"DIY Medicine With Unusual Uses for Existing FDA-Approved Drugs","end_timestamp":{"seconds":1660338000,"nanoseconds":0},"android_description":"Not only are there plenty of cures and treatments which stay on the shelf, inaccessible because they were never approved by the FDA, but there are also drugs which have already been approved, but are not generally prescribed for their best uses. Viagra cures menstrual cramps better than it treats ED, but doctors will not prescribe it for that. There is a decades-old substance which arrests and fixes tooth decay without drilling, approved by the ADA, but no dentist will ever tell you about it. You can easily give yourself an abortion with existing ulcer drugs, but they require a trick to acquire. Anxiety, depression, poor sleep, and bad digestion are all linked to GABA deficiency, which often has its roots in the deficiency of a precursor which only comes from gut bacteria. You can repopulate your gut with those bacteria with supplements which are GRAS [FDA designation: generally recognized as safe], cheap and not patented; but for this exact reason, you're much more likely to instead be prescribed zoloft, valium, protonix, and ambien. The medical industry seems be ignoring long covid while there is a decades-old drug for a rare disease which can cure most autoimmune-presenting instances of long covid. Come see all this and more, as we show you how to hack medicines which are already on the shelf.","updated_timestamp":{"seconds":1659108060,"nanoseconds":0},"speakers":[{"content_ids":[48720,49014,49027],"conference_id":65,"event_ids":[48727,49017,49030],"name":"Mixæl S. Laufer","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/MichaelSLaufer"}],"media":[],"id":47996}],"timeband_id":891,"links":[],"end":"2022-08-12T21:00:00.000-0000","id":49017,"begin_timestamp":{"seconds":1660336200,"nanoseconds":0},"tag_ids":[40277,45329,45373,45451],"village_id":5,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47996}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Laughlin I,II,III (Biohacking Village)","hotel":"","short_name":"Laughlin I,II,III (Biohacking Village)","id":45405},"updated":"2022-07-29T15:21:00.000-0000","begin":"2022-08-12T20:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"While much knowledge exists on using syscalls for red team efforts, information on writing original shellcode with syscalls so in modern x86 is sparse and lacking. Our reverse engineering efforts, however, have revealed the necessary steps to take to successfully perform syscalls in shellcode, both for Windows 7 and 10, as there are some significant differences.\n\nIn this talk, we will embark upon a journey that will show the process of reverse engineering how Windows syscalls work in both Windows 7 and 10, while focusing predominately on the latter. With this necessary foundation, we will explore the process of effectively utilizing syscalls inside shellcode. We will explore the special steps that must be taken to set up syscalls – steps that may not be required to do equivalent actions with WinAPI functions.\n\nThis talk will feature various demonstrations of syscalls in x86 shellcode.\n\n\n","title":"Weaponizing Windows Syscalls as Modern, 32-bit Shellcode","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"android_description":"While much knowledge exists on using syscalls for red team efforts, information on writing original shellcode with syscalls so in modern x86 is sparse and lacking. Our reverse engineering efforts, however, have revealed the necessary steps to take to successfully perform syscalls in shellcode, both for Windows 7 and 10, as there are some significant differences.\n\nIn this talk, we will embark upon a journey that will show the process of reverse engineering how Windows syscalls work in both Windows 7 and 10, while focusing predominately on the latter. With this necessary foundation, we will explore the process of effectively utilizing syscalls inside shellcode. We will explore the special steps that must be taken to set up syscalls – steps that may not be required to do equivalent actions with WinAPI functions.\n\nThis talk will feature various demonstrations of syscalls in x86 shellcode.","end_timestamp":{"seconds":1660337400,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48516],"conference_id":65,"event_ids":[48551],"name":"Tarek Abdelmotaleb","affiliations":[{"organization":"","title":"Security Researcher, VERONA Labs"}],"links":[],"pronouns":null,"media":[],"id":47904,"title":"Security Researcher, VERONA Labs"},{"content_ids":[48516],"conference_id":65,"event_ids":[48551],"name":"Dr. Bramwell Brizendine","affiliations":[],"links":[],"pronouns":null,"media":[],"id":47915}],"timeband_id":891,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241996"}],"end":"2022-08-12T20:50:00.000-0000","id":48551,"village_id":null,"begin_timestamp":{"seconds":1660336200,"nanoseconds":0},"tag_ids":[45241,45279,45375,45450],"includes":"Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47915},{"tag_id":565,"sort_order":1,"person_id":47904}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 401-410, 421 (Track 3)","hotel":"","short_name":"401-410, 421 (Track 3)","id":45374},"spans_timebands":"N","updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-12T20:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In this fireside chat, Jason Healey (w0nk) will talk about the earliest days of information security and hacking, back in 1970s, where we’ve come since, and the future role of security researchers and hackers. This year is not just the 30th DEF CON but the 50th anniversary of the first realizations that hackers (red teams) will almost always succeed. Jason will reflect on the lessons for information security and hacking and explore if we have any chance of getting blue better than red. Unless we make substantial changes, our kids will be coming to DEF CON 60 without much left of a global, resilient Internet.\n\n\n","title":"A Policy Fireside Chat with Jay Healey","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"end_timestamp":{"seconds":1660338900,"nanoseconds":0},"android_description":"In this fireside chat, Jason Healey (w0nk) will talk about the earliest days of information security and hacking, back in 1970s, where we’ve come since, and the future role of security researchers and hackers. This year is not just the 30th DEF CON but the 50th anniversary of the first realizations that hackers (red teams) will almost always succeed. Jason will reflect on the lessons for information security and hacking and explore if we have any chance of getting blue better than red. Unless we make substantial changes, our kids will be coming to DEF CON 60 without much left of a global, resilient Internet.","updated_timestamp":{"seconds":1659642000,"nanoseconds":0},"speakers":[{"content_ids":[48887,48517,49738],"conference_id":65,"event_ids":[48542,48882,49931],"name":"Jason Healey","affiliations":[{"organization":"Columbia University SIPA","title":"Senior Research Scholar"}],"links":[],"pronouns":null,"media":[],"id":48311,"title":"Senior Research Scholar at Columbia University SIPA"},{"content_ids":[48517],"conference_id":65,"event_ids":[48542],"name":"Fahmida Rashid","affiliations":[{"organization":"Dark Reading","title":"Managing Editor of Features"}],"links":[],"pronouns":null,"media":[],"id":48710,"title":"Managing Editor of Features at Dark Reading"}],"timeband_id":891,"links":[],"end":"2022-08-12T21:15:00.000-0000","id":48542,"village_id":null,"begin_timestamp":{"seconds":1660336200,"nanoseconds":0},"tag_ids":[45241,45375,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48710},{"tag_id":565,"sort_order":1,"person_id":48311}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 106-110, 138-139 (Track 2)","hotel":"","short_name":"106-110, 138-139 (Track 2)","id":45373},"begin":"2022-08-12T20:30:00.000-0000","updated":"2022-08-04T19:40:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In MITRE ATT&CK, techniques describe the means by which adversaries achieve tactical goals, sub-techniques describe the same means but a more specific level, and procedures describe the variations that are precise implementations of those techniques. This precision in many ways is what enables adversary emulation, and makes it, well, emulation. It allows us to confidently and accurately call something “in the spirit of APT29”. In many cases, in an effort to try to be precise, we narrow the focus of our evaluations and only implement the limited procedures an adversary is known to perform. But what happens if procedural information is not available for a specific adversary? We have to make an assumption about them. We do our best to get in their mindset. We consider what we believe to be their end goals, but in the end, we are left with a couple choices. We can make an educated guess, but in this case we fall into the same trapping of above - a narrowed focus that might not even be accurate. The alternate is to implement a variety of procedures and hope that we effectively cover our bases. Procedural variation looks at a single technique or sub-technique, and implements them in different ways, ideally to trigger different data sources, and thus potentially different defensive capabilities. It is for this reason that over the past year, there has been an increased awareness and advocacy for procedural variation. Procedural variation gives us greater confidence that when we say we have a defensive for the technique under test, the defense will actually work. Procedural variation comes with its own challenges; increased development costs and potentially reducing the accuracy of our emulations are only the start of that conversation. So how do we balance the benefits of procedure variation with the challenges? In this talk, we will present the key considerations to make when designing your ATT&CK test plans so that you can maximize your test plan’s bang-for-the-buck, gaining the key confidence that procedural variation offers while staying true to threat intelligence, and doing all of this while keeping budget in the back of our minds.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#54ab76","updated_at":"2024-06-07T03:39+0000","name":"Adversary Village","id":45377},"title":"Balancing the Scales of Just-Good-Enough","android_description":"In MITRE ATT&CK, techniques describe the means by which adversaries achieve tactical goals, sub-techniques describe the same means but a more specific level, and procedures describe the variations that are precise implementations of those techniques. This precision in many ways is what enables adversary emulation, and makes it, well, emulation. It allows us to confidently and accurately call something “in the spirit of APT29”. In many cases, in an effort to try to be precise, we narrow the focus of our evaluations and only implement the limited procedures an adversary is known to perform. But what happens if procedural information is not available for a specific adversary? We have to make an assumption about them. We do our best to get in their mindset. We consider what we believe to be their end goals, but in the end, we are left with a couple choices. We can make an educated guess, but in this case we fall into the same trapping of above - a narrowed focus that might not even be accurate. The alternate is to implement a variety of procedures and hope that we effectively cover our bases. Procedural variation looks at a single technique or sub-technique, and implements them in different ways, ideally to trigger different data sources, and thus potentially different defensive capabilities. It is for this reason that over the past year, there has been an increased awareness and advocacy for procedural variation. Procedural variation gives us greater confidence that when we say we have a defensive for the technique under test, the defense will actually work. Procedural variation comes with its own challenges; increased development costs and potentially reducing the accuracy of our emulations are only the start of that conversation. So how do we balance the benefits of procedure variation with the challenges? In this talk, we will present the key considerations to make when designing your ATT&CK test plans so that you can maximize your test plan’s bang-for-the-buck, gaining the key confidence that procedural variation offers while staying true to threat intelligence, and doing all of this while keeping budget in the back of our minds.","end_timestamp":{"seconds":1660337100,"nanoseconds":0},"updated_timestamp":{"seconds":1659888540,"nanoseconds":0},"speakers":[{"content_ids":[49581],"conference_id":65,"event_ids":[49793],"name":"Ian Davila","affiliations":[{"organization":"Tidal Cyber","title":"Lead Adversary Emulation Engineer"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/ian-davila/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/advemuian"}],"media":[],"id":48928,"title":"Lead Adversary Emulation Engineer at Tidal Cyber"},{"content_ids":[49581],"conference_id":65,"event_ids":[49793],"name":"Frank Duff","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/frank-duff-b713851b/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/frankduff"}],"pronouns":null,"media":[],"id":48929}],"timeband_id":891,"links":[],"end":"2022-08-12T20:45:00.000-0000","id":49793,"village_id":1,"tag_ids":[40246,45340,45373,45377,45451],"begin_timestamp":{"seconds":1660335300,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48929},{"tag_id":565,"sort_order":1,"person_id":48928}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"begin":"2022-08-12T20:15:00.000-0000","updated":"2022-08-07T16:09:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Securing application or infrastructure code in the Cloud is more than just scoping permissions in IAM and scanning ECS, EKS and EC2 instances. Attackers can use poisoned container instances, malicious code and dependencies, and vulnerable CI/CD pipelines to break into your environment, requiring you to consider the entire development lifecycle, from who's writing the code, to how it's deployed. This short talk will introduce you to basic but powerful practices you can put in place now, such as signed Git commits, securing repo access, code analysis, CI/CD permissions, and resource scanning and hardening.\n\n\n","title":"Security at Every Step: The TL;DR on Securing Your AWS Code Pipeline","type":{"conference_id":65,"conference":"DEFCON30","color":"#7caa57","updated_at":"2024-06-07T03:39+0000","name":"Cloud Village","id":45350},"end_timestamp":{"seconds":1660336800,"nanoseconds":0},"android_description":"Securing application or infrastructure code in the Cloud is more than just scoping permissions in IAM and scanning ECS, EKS and EC2 instances. Attackers can use poisoned container instances, malicious code and dependencies, and vulnerable CI/CD pipelines to break into your environment, requiring you to consider the entire development lifecycle, from who's writing the code, to how it's deployed. This short talk will introduce you to basic but powerful practices you can put in place now, such as signed Git commits, securing repo access, code analysis, CI/CD permissions, and resource scanning and hardening.","updated_timestamp":{"seconds":1659282960,"nanoseconds":0},"speakers":[{"content_ids":[48914,49172],"conference_id":65,"event_ids":[48916,49208],"name":"Cassandra Young (muteki)","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/muteki_rtw"}],"media":[],"id":48358}],"timeband_id":891,"links":[],"end":"2022-08-12T20:40:00.000-0000","id":49208,"village_id":9,"tag_ids":[40252,45340,45350,45451],"begin_timestamp":{"seconds":1660335000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48358}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Cloud Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Cloud Village)","id":45431},"begin":"2022-08-12T20:10:00.000-0000","updated":"2022-07-31T15:56:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"How To Start and Run A Group: This will cover most everything you will need to start and run a group. It applies to all types, from DEF CON Groups, to juggling clubs. I will cover the secret sauce from finding a place to meet, to governance and finances, and most importantly how to make it fun.\n\n\n","title":"How to Start and Run a Group","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#74a6bb","name":"DEF CON Groups VR","id":45449},"end_timestamp":{"seconds":1660338000,"nanoseconds":0},"android_description":"How To Start and Run A Group: This will cover most everything you will need to start and run a group. It applies to all types, from DEF CON Groups, to juggling clubs. I will cover the secret sauce from finding a place to meet, to governance and finances, and most importantly how to make it fun.","updated_timestamp":{"seconds":1660257120,"nanoseconds":0},"speakers":[{"content_ids":[49749],"conference_id":65,"event_ids":[49947],"name":"Xray","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/NoBoxLabs"}],"media":[],"id":49087}],"timeband_id":891,"end":"2022-08-12T21:00:00.000-0000","links":[{"label":"URL","type":"link","url":"https://account.altvr.com/events/2059997537997160822"}],"id":49947,"village_id":null,"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"tag_ids":[45374,45449],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49087}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - DEF CON Groups VR","hotel":"","short_name":"DEF CON Groups VR","id":45523},"spans_timebands":"N","begin":"2022-08-12T20:00:00.000-0000","updated":"2022-08-11T22:32:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"So you have heard of wardriving and/or WiGLE and want to try it out. Come listen to a recent former newbie wardriver talk about his first year of wardriving and learn how you can be a better new wardriver than he was.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8826b","updated_at":"2024-06-07T03:39+0000","name":"Radio Frequency Village","id":45383},"title":"Wardriving 101 - or How I Learned to Stop Worrying and Love Bad Fuel Economy and High Gas Prices","end_timestamp":{"seconds":1660336200,"nanoseconds":0},"android_description":"So you have heard of wardriving and/or WiGLE and want to try it out. Come listen to a recent former newbie wardriver talk about his first year of wardriving and learn how you can be a better new wardriver than he was.","updated_timestamp":{"seconds":1659928500,"nanoseconds":0},"speakers":[{"content_ids":[49658],"conference_id":65,"event_ids":[49846],"name":"Raker","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/w4www_raker"}],"media":[],"id":49033}],"timeband_id":891,"links":[],"end":"2022-08-12T20:30:00.000-0000","id":49846,"village_id":25,"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"tag_ids":[40267,45340,45373,45383,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49033}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Eldorado Ballroom (Radio Frequency Village)","hotel":"","short_name":"Eldorado Ballroom (Radio Frequency Village)","id":45427},"begin":"2022-08-12T20:00:00.000-0000","updated":"2022-08-08T03:15:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#9d9a7e","name":"Voting Village","id":45387},"title":"Truly Maligned: How Disinformation Targets Minority Communities to Create Voter Suppression","android_description":"","end_timestamp":{"seconds":1660336200,"nanoseconds":0},"updated_timestamp":{"seconds":1660150920,"nanoseconds":0},"speakers":[{"content_ids":[49602,49601],"conference_id":65,"event_ids":[49815,49816],"name":"Nicole Tisdale","affiliations":[{"organization":"","title":"Director of The White House National Security Council (2021-2022) - Director of the U.S. Committee on Homeland Security (2009-2019)"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/nicoletisdale?trk=people-guest_people_search-card"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/HiNicoleTisdale"},{"description":"","title":"Website","sort_order":0,"url":"https://nicoletisdale.com"}],"media":[],"id":48950,"title":"Director of The White House National Security Council (2021-2022) - Director of the U.S. Committee on Homeland Security (2009-2019)"}],"timeband_id":891,"links":[{"label":"YouTube","type":"link","url":"https://m.youtube.com/channel/UCnDevqsxt3sO8chqS5MGvwg"},{"label":"Twitch","type":"link","url":"https://www.twitch.tv/votingvillagedc"}],"end":"2022-08-12T20:30:00.000-0000","id":49816,"tag_ids":[40279,45340,45348,45374,45387,45450],"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"village_id":34,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48950}],"tags":"Pre-Recorded Content, Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 313-314, 320 (Voting Village)","hotel":"","short_name":"313-314, 320 (Voting Village)","id":45416},"spans_timebands":"N","begin":"2022-08-12T20:00:00.000-0000","updated":"2022-08-10T17:02:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"title":"Quiet Recon: Gathering everything you need with LDAP and native AD services ","android_description":"","end_timestamp":{"seconds":1660338000,"nanoseconds":0},"updated_timestamp":{"seconds":1659679260,"nanoseconds":0},"speakers":[{"content_ids":[49441],"conference_id":65,"event_ids":[49644,49645],"name":"Cory Wolff","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/cwolff411"}],"media":[],"id":48820}],"timeband_id":891,"links":[],"end":"2022-08-12T21:00:00.000-0000","id":49644,"village_id":27,"tag_ids":[40269,45332,45373,45385,45451],"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48820}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"begin":"2022-08-12T20:00:00.000-0000","updated":"2022-08-05T06:01:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"OSINT Skills Lab Challenge","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ada5dd","name":"Red Team Village","id":45385},"end_timestamp":{"seconds":1660338000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659679080,"nanoseconds":0},"speakers":[{"content_ids":[49440],"conference_id":65,"event_ids":[49635,49636,49637,49638,49639,49640,49641,49642,49643],"name":"Lee McWhorter","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/lee-mcwhorter/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/tleemcjr"}],"pronouns":null,"media":[],"id":48518},{"content_ids":[49440],"conference_id":65,"event_ids":[49635,49636,49637,49638,49639,49640,49641,49642,49643],"name":"Sandra Stibbards","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/camelotinvestigations/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/camelotinv"}],"pronouns":null,"media":[],"id":48531}],"timeband_id":891,"links":[],"end":"2022-08-12T21:00:00.000-0000","id":49635,"tag_ids":[40269,45332,45373,45385,45451],"village_id":27,"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48518},{"tag_id":565,"sort_order":1,"person_id":48531}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"spans_timebands":"N","begin":"2022-08-12T20:00:00.000-0000","updated":"2022-08-05T05:58:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"HackerOps","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"android_description":"","end_timestamp":{"seconds":1660338000,"nanoseconds":0},"updated_timestamp":{"seconds":1659678600,"nanoseconds":0},"speakers":[{"content_ids":[49434],"conference_id":65,"event_ids":[49606,49607,49608,49609,49610,49611,49612,49613,49614,49615,49616],"name":"Ralph May","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48825}],"timeband_id":891,"links":[],"end":"2022-08-12T21:00:00.000-0000","id":49606,"village_id":27,"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"tag_ids":[40269,45332,45373,45385,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48825}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"updated":"2022-08-05T05:50:00.000-0000","begin":"2022-08-12T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"title":"Attack and Defend with the Command and Control (C2) Matrix","android_description":"","end_timestamp":{"seconds":1660338000,"nanoseconds":0},"updated_timestamp":{"seconds":1659678360,"nanoseconds":0},"speakers":[{"content_ids":[48934,49431,49597],"conference_id":65,"event_ids":[48934,49595,49809],"name":"Jake Williams","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/jacob-williams-77938a16/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/MalwareJake"}],"pronouns":null,"media":[],"id":48349}],"timeband_id":891,"links":[],"end":"2022-08-12T21:00:00.000-0000","id":49595,"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"village_id":27,"tag_ids":[40269,45332,45373,45385,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48349}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"begin":"2022-08-12T20:00:00.000-0000","updated":"2022-08-05T05:46:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Bluetooth isn't a protocol, it's like 10 small protocols wearing a big coat pretending to be a protocol. One of the more important little protocols is the RFCOMM protocol, which acts as a standard transport layer for many other protocols to be built on top of it. In this talk, I'll introduce the audience to Bluetooth RFCOMM channels and how they're used, and introduce/release a tool I've developed to help with testing services attached to RFCOMM channels used in vehicles (and other IoT devices).\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#b9b1c5","name":"Car Hacking Village","id":45352},"title":"RFCommotion - Invisible Serial Ports Flying Through the Air","end_timestamp":{"seconds":1660336800,"nanoseconds":0},"android_description":"Bluetooth isn't a protocol, it's like 10 small protocols wearing a big coat pretending to be a protocol. One of the more important little protocols is the RFCOMM protocol, which acts as a standard transport layer for many other protocols to be built on top of it. In this talk, I'll introduce the audience to Bluetooth RFCOMM channels and how they're used, and introduce/release a tool I've developed to help with testing services attached to RFCOMM channels used in vehicles (and other IoT devices).","updated_timestamp":{"seconds":1659587280,"nanoseconds":0},"speakers":[{"content_ids":[49385],"conference_id":65,"event_ids":[49532],"name":"Kamel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48792}],"timeband_id":891,"links":[],"end":"2022-08-12T20:40:00.000-0000","id":49532,"village_id":8,"tag_ids":[40251,45340,45348,45352,45374],"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48792}],"tags":"Pre-Recorded Content, Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - Car Hacking Village","hotel":"","short_name":"Car Hacking Village","id":45487},"updated":"2022-08-04T04:28:00.000-0000","begin":"2022-08-12T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Have you ever wanted to run your own shipyard? To drive ships? Without permission? Then the Hacking Boundary tabletop role playing game is just for you. Hacking Boundary is a realistic, competitive, game of identifying and exploiting vulnerabilities in ports and ships. The game is designed to allow for you to bring your knowledge, skills, and abilities to the table and use these to compete against your peers. The game will last about 4 hours, and participants will have roles as attackers, defenders, or the mighty US government. Come for the competition, stay for the victory points, but try and not generate a lot of digital exhaust for the cops to find.\r\n\r\n- Session 1 Friday August 12: 1:00 pm to 5:00 pm PDT\r\n- Session 2 Saturday August 13: 1:00 pm to 5:00 pm PDT\r\n- Session 3 Sunday August 14: TBD\n\n\n","title":"Maritime Hacking Boundary Adventure","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#81f8bf","name":"ICS Village","id":45369},"end_timestamp":{"seconds":1660348800,"nanoseconds":0},"android_description":"Have you ever wanted to run your own shipyard? To drive ships? Without permission? Then the Hacking Boundary tabletop role playing game is just for you. Hacking Boundary is a realistic, competitive, game of identifying and exploiting vulnerabilities in ports and ships. The game is designed to allow for you to bring your knowledge, skills, and abilities to the table and use these to compete against your peers. The game will last about 4 hours, and participants will have roles as attackers, defenders, or the mighty US government. Come for the competition, stay for the victory points, but try and not generate a lot of digital exhaust for the cops to find.\r\n\r\n- Session 1 Friday August 12: 1:00 pm to 5:00 pm PDT\r\n- Session 2 Saturday August 13: 1:00 pm to 5:00 pm PDT\r\n- Session 3 Sunday August 14: TBD","updated_timestamp":{"seconds":1659584580,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T00:00:00.000-0000","id":49520,"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"village_id":15,"tag_ids":[40258,45359,45369,45373,45450],"includes":"","people":[],"tags":"Competition","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45430,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village) - ICS Workshop Area","hotel":"","short_name":"314 ICS Workshop Area","id":45504},"begin":"2022-08-12T20:00:00.000-0000","updated":"2022-08-04T03:43:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In this competition, teams go toe to toe by placing live vishing (voice phishing) phone calls in front of the Social Engineering Community audience at DEF CON. These calls showcase the duality of ease and complexity of the craft against the various levels of preparedness and defenses by actual companies.\r\n\r\nTeams can consist of 1-3 individuals, which we hope allows for teams to utilize novel techniques to implement different Social Engineering tactics. Each team is provided limited time to place as many calls as possible from a soundproof booth. During that time, their goal is to elicit from the receiver as many objectives as possible. Whether you’re an attacker, defender, business executive, or brand new to this community, you can learn by witnessing firsthand how easy it is for some competitors to schmooze their way to their goals and how well prepared some companies are to shut down those competitors!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#504dd0","updated_at":"2024-06-07T03:39+0000","name":"Social Engineering Community Village","id":45370},"title":"Vishing Competition (SECVC) - LIVE CALLS","end_timestamp":{"seconds":1660345200,"nanoseconds":0},"android_description":"In this competition, teams go toe to toe by placing live vishing (voice phishing) phone calls in front of the Social Engineering Community audience at DEF CON. These calls showcase the duality of ease and complexity of the craft against the various levels of preparedness and defenses by actual companies.\r\n\r\nTeams can consist of 1-3 individuals, which we hope allows for teams to utilize novel techniques to implement different Social Engineering tactics. Each team is provided limited time to place as many calls as possible from a soundproof booth. During that time, their goal is to elicit from the receiver as many objectives as possible. Whether you’re an attacker, defender, business executive, or brand new to this community, you can learn by witnessing firsthand how easy it is for some competitors to schmooze their way to their goals and how well prepared some companies are to shut down those competitors!","updated_timestamp":{"seconds":1659671340,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[{"label":"Website","type":"link","url":"https://www.se.community/events/vishing-competition/"},{"label":"Twitter","type":"link","url":"https://twitter.com/sec_defcon"}],"end":"2022-08-12T23:00:00.000-0000","id":49494,"village_id":31,"tag_ids":[40273,45359,45370,45453],"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"includes":"","people":[],"tags":"Competition","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social A (Social Engineering Community)","hotel":"","short_name":"Social A (Social Engineering Community)","id":45418},"spans_timebands":"N","begin":"2022-08-12T20:00:00.000-0000","updated":"2022-08-05T03:49:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"RADM Mauger will describe and discuss the USCG's Cyber Strategic Outlook (2021) and directions in managing maritime cybersecurity in terms of facilities, ships, and workforce development.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#81f8bf","name":"ICS Village","id":45369},"title":"The USCG's Maritime Cybersecurity Strategy [[maritime]]","android_description":"RADM Mauger will describe and discuss the USCG's Cyber Strategic Outlook (2021) and directions in managing maritime cybersecurity in terms of facilities, ships, and workforce development.","end_timestamp":{"seconds":1660338000,"nanoseconds":0},"updated_timestamp":{"seconds":1659472260,"nanoseconds":0},"speakers":[{"content_ids":[49330],"conference_id":65,"event_ids":[49430],"name":"RADM John Mauger","affiliations":[{"organization":"U.S. Coast Guard","title":"First District Commander (D1)"}],"links":[],"pronouns":null,"media":[],"id":48767,"title":"First District Commander (D1) at U.S. Coast Guard"}],"timeband_id":891,"links":[],"end":"2022-08-12T21:00:00.000-0000","id":49430,"tag_ids":[40258,45340,45369,45375],"village_id":15,"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48767}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"ICS Village Virtual","hotel":"","short_name":"ICS Village","id":45492},"spans_timebands":"N","updated":"2022-08-02T20:31:00.000-0000","begin":"2022-08-12T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.\n\n\n","title":"Intro to Lockpicking","type":{"conference_id":65,"conference":"DEFCON30","color":"#856899","updated_at":"2024-06-07T03:39+0000","name":"Lock Pick Village","id":45362},"android_description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.","end_timestamp":{"seconds":1660336200,"nanoseconds":0},"updated_timestamp":{"seconds":1659419820,"nanoseconds":0},"speakers":[{"content_ids":[49271],"conference_id":65,"event_ids":[49344,49345,49346,49347,49348,49349,49350,49351],"name":"TOOOL","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48697}],"timeband_id":891,"links":[],"end":"2022-08-12T20:30:00.000-0000","id":49345,"village_id":17,"tag_ids":[40259,45340,45362,45373,45450],"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48697}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 203-204, 235 (Lock Pick Village)","hotel":"","short_name":"203-204, 235 (Lock Pick Village)","id":45399},"updated":"2022-08-02T05:57:00.000-0000","begin":"2022-08-12T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Cracking Passwords to Make Them Strong\r\n\r\nExisting password meters say that passwords like \"\"Fall2021!\"\" or \"\"Password123!\"\" are strong, just because they have upper case, lower case, and numbers. \"\"Password123!\"\" is NOT a strong password; it will get cracked in seconds. I gave 47,000 “strong” password hashes to some of the best password crackers. Although the meters said these passwords were strong, over 99% of them actually got cracked.\r\n\r\nBy reversing the tools the password crackers *actually* use, we can tell whether a password will actually be cracked, by real password crackers, including those who win the Defcon Crack Me If You Can.\r\n\r\nI will demonstrate a new open source Python tool which tells you with over 90% accuracy whether a real password cracker would be able to crack the password you're thinking about using. This tool tests the types of attacks that crackers conduct using tools like Hashcat or John the Ripper.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#71c2b9","updated_at":"2024-06-07T03:39+0000","name":"Password Village","id":45351},"title":"Hacking Hashcat","android_description":"Cracking Passwords to Make Them Strong\r\n\r\nExisting password meters say that passwords like \"\"Fall2021!\"\" or \"\"Password123!\"\" are strong, just because they have upper case, lower case, and numbers. \"\"Password123!\"\" is NOT a strong password; it will get cracked in seconds. I gave 47,000 “strong” password hashes to some of the best password crackers. Although the meters said these passwords were strong, over 99% of them actually got cracked.\r\n\r\nBy reversing the tools the password crackers *actually* use, we can tell whether a password will actually be cracked, by real password crackers, including those who win the Defcon Crack Me If You Can.\r\n\r\nI will demonstrate a new open source Python tool which tells you with over 90% accuracy whether a real password cracker would be able to crack the password you're thinking about using. This tool tests the types of attacks that crackers conduct using tools like Hashcat or John the Ripper.","end_timestamp":{"seconds":1660334400,"nanoseconds":0},"updated_timestamp":{"seconds":1659403800,"nanoseconds":0},"speakers":[{"content_ids":[49265],"conference_id":65,"event_ids":[49337],"name":"Ray “Senpai” Morris","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48694}],"timeband_id":891,"links":[],"end":"2022-08-12T20:00:00.000-0000","id":49337,"village_id":20,"tag_ids":[40262,45340,45351,45450],"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48694}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 218-219 (Password Village)","hotel":"","short_name":"218-219 (Password Village)","id":45419},"updated":"2022-08-02T01:30:00.000-0000","begin":"2022-08-12T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Come take the controls of Pen Test Partners’ immersive A320 simulator. Experience the effects of tampered electronic flight bag data on take-off and landing, TCAS spoofing and more all in the safety of the sim. You’ll see how experienced pilots would deal with these incidents and mitigate risk to passengers and the airplane.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#f5eab2","updated_at":"2024-06-07T03:39+0000","name":"Aerospace Village","id":45357},"title":"Pen Test Partners A320 Simulator","end_timestamp":{"seconds":1660341600,"nanoseconds":0},"android_description":"Come take the controls of Pen Test Partners’ immersive A320 simulator. Experience the effects of tampered electronic flight bag data on take-off and landing, TCAS spoofing and more all in the safety of the sim. You’ll see how experienced pilots would deal with these incidents and mitigate risk to passengers and the airplane.","updated_timestamp":{"seconds":1659379200,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-12T22:00:00.000-0000","id":49300,"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"village_id":2,"tag_ids":[40247,45341,45357,45450],"includes":"","people":[],"tags":"Village Event","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","begin":"2022-08-12T20:00:00.000-0000","updated":"2022-08-01T18:40:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Bring yourself and a copy of your resume to discuss your career trajectory with public and private industry leaders. Prepare your questions or sit in a mock interview as you hone your skills for a future in aerospace cybersecurity.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#f5eab2","updated_at":"2024-06-07T03:39+0000","name":"Aerospace Village","id":45357},"title":"Resumé Review and Career Guidance Session","android_description":"Bring yourself and a copy of your resume to discuss your career trajectory with public and private industry leaders. Prepare your questions or sit in a mock interview as you hone your skills for a future in aerospace cybersecurity.","end_timestamp":{"seconds":1660341600,"nanoseconds":0},"updated_timestamp":{"seconds":1659379320,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-12T22:00:00.000-0000","id":49296,"village_id":2,"tag_ids":[40247,45332,45357,45450],"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"begin":"2022-08-12T20:00:00.000-0000","updated":"2022-08-01T18:42:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Cyber Star© is a role-play game exploring the implications of cyber security on the projection of space power. Players compete to become the predominant space power by carefully investing in space assets, ASAT weapons, and cyber capabilities both to advance their own objectives and thwart those of their opponents. No specialized knowledge or skills are required to play.\r\n\r\nThis competition will consist of a practice round, main round, and finals. The winner will receive a 2022 Aerospace Village Badge!\n\n\n","title":"Cyber Star© Competition Presented by The Space ISAC","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#f5eab2","name":"Aerospace Village","id":45357},"android_description":"Cyber Star© is a role-play game exploring the implications of cyber security on the projection of space power. Players compete to become the predominant space power by carefully investing in space assets, ASAT weapons, and cyber capabilities both to advance their own objectives and thwart those of their opponents. No specialized knowledge or skills are required to play.\r\n\r\nThis competition will consist of a practice round, main round, and finals. The winner will receive a 2022 Aerospace Village Badge!","end_timestamp":{"seconds":1660334400,"nanoseconds":0},"updated_timestamp":{"seconds":1659379380,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-12T20:00:00.000-0000","id":49295,"village_id":2,"tag_ids":[40247,45357,45359,45450],"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"includes":"","people":[],"tags":"Competition","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"updated":"2022-08-01T18:43:00.000-0000","begin":"2022-08-12T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Cyber Star© is a role-play game exploring the implications of cyber security on the projection of space power. Players compete to become the predominant space power by carefully investing in space assets, ASAT weapons, and cyber capabilities both to advance their own objectives and thwart those of their opponents. No specialized knowledge or skills are required to play. This competition will consist of a practice round, main round, and finals. The winner will receive a 2022 Aerospace Village Badge!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#f5eab2","name":"Aerospace Village","id":45357},"title":"Cyber Star Card Game Tutorial","android_description":"Cyber Star© is a role-play game exploring the implications of cyber security on the projection of space power. Players compete to become the predominant space power by carefully investing in space assets, ASAT weapons, and cyber capabilities both to advance their own objectives and thwart those of their opponents. No specialized knowledge or skills are required to play. This competition will consist of a practice round, main round, and finals. The winner will receive a 2022 Aerospace Village Badge!","end_timestamp":{"seconds":1660335900,"nanoseconds":0},"updated_timestamp":{"seconds":1659379620,"nanoseconds":0},"speakers":[{"content_ids":[49227],"conference_id":65,"event_ids":[49270],"name":"Rick White","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48690}],"timeband_id":891,"links":[],"end":"2022-08-12T20:25:00.000-0000","id":49270,"tag_ids":[40247,45340,45357,45450],"village_id":2,"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48690}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"updated":"2022-08-01T18:47:00.000-0000","begin":"2022-08-12T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Take the test to join what has been considered to be one of the first hacker communities, amateur radio! The Ham Radio Village is back at DEF CON 30 to offer free amateur radio license exams to anyone who wishes to get their ham radio license. Examinees are encouraged to study on https://ham.study/, and may sign up here: https://ham.study/sessions/626c994a86c7aedb713d1e1f/1\n\n\n","title":"Free Amateur Radio License Exams","type":{"conference_id":65,"conference":"DEFCON30","color":"#ed8d99","updated_at":"2024-06-07T03:39+0000","name":"Ham Radio Village","id":45355},"android_description":"Take the test to join what has been considered to be one of the first hacker communities, amateur radio! The Ham Radio Village is back at DEF CON 30 to offer free amateur radio license exams to anyone who wishes to get their ham radio license. Examinees are encouraged to study on https://ham.study/, and may sign up here: https://ham.study/sessions/626c994a86c7aedb713d1e1f/1","end_timestamp":{"seconds":1660345200,"nanoseconds":0},"updated_timestamp":{"seconds":1659309120,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-12T23:00:00.000-0000","id":49260,"tag_ids":[40256,45341,45355,45451],"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"village_id":13,"includes":"","people":[],"tags":"Village Event","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City I (Ham Radio Village Exams)","hotel":"","short_name":"Virginia City I (Ham Radio Village Exams)","id":45426},"spans_timebands":"N","begin":"2022-08-12T20:00:00.000-0000","updated":"2022-07-31T23:12:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"No Starch Press - Book Signing - Fotios Chantzis, Paulino Calderon, & Beau Woods, Practical IoT Hacking","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#a68c60","name":"Vendor Event","id":45354},"end_timestamp":{"seconds":1660334400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659306420,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-12T20:00:00.000-0000","id":49248,"village_id":null,"tag_ids":[45354,45373,45450],"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 130-132, 134 (Vendors)","hotel":"","short_name":"130-132, 134 (Vendors)","id":45448},"updated":"2022-07-31T22:27:00.000-0000","begin":"2022-08-12T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ff88ea","name":"Crypto & Privacy Village","id":45347},"title":"Reflections on 9 Years of CPV","end_timestamp":{"seconds":1660336200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659213540,"nanoseconds":0},"speakers":[{"content_ids":[49142],"conference_id":65,"event_ids":[49178],"name":"Whitney Merrill","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48616}],"timeband_id":891,"links":[],"end":"2022-08-12T20:30:00.000-0000","id":49178,"village_id":10,"tag_ids":[40253,45347,45451],"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48616}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"updated":"2022-07-30T20:39:00.000-0000","begin":"2022-08-12T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"While busy hacking the planet, have you ever encountered an unfamiliar architecture and simply had no idea where to start? You pried the firmware from a reluctant (and almost not smoldering) flash chip, loaded the thing in IDA, but what’s next? We got into this pickle while working on reversing the firmware of a medical device. The mystery architecture turned out to be M32C, and thankfully, IDA Pro added support for it a few months prior.\r\n\r\nThis talk is not exactly about reversing yet another embedded device. Instead, this is more about the journey and lessons learned so that it could be abstracted away for the next project. Rather than focusing on the specifics of the firmware itself, we will see how it interacts with the micro-controller and the steps taken to approach an unfamiliar embedded architecture.\r\n\r\nDuring this presentation, you can expect digging into low-level micro-controller notions such as interrupt handlers, special purpose registers, how to find flash handling code, and way too much M32C assembly. If you’ve ever dabbled in hardware hacking and want to have a look at something that is not Linux-based, this talk will give you some pointers in how to get the ball* rolling. (*not talking about the ones we dropped at the reballing station)\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#dc99bf","updated_at":"2024-06-07T03:39+0000","name":"Hardware Hacking Village","id":45338},"title":"Reversing An M32C Firmware – Lesson Learned From Playing With An Uncommon Architecture","android_description":"While busy hacking the planet, have you ever encountered an unfamiliar architecture and simply had no idea where to start? You pried the firmware from a reluctant (and almost not smoldering) flash chip, loaded the thing in IDA, but what’s next? We got into this pickle while working on reversing the firmware of a medical device. The mystery architecture turned out to be M32C, and thankfully, IDA Pro added support for it a few months prior.\r\n\r\nThis talk is not exactly about reversing yet another embedded device. Instead, this is more about the journey and lessons learned so that it could be abstracted away for the next project. Rather than focusing on the specifics of the firmware itself, we will see how it interacts with the micro-controller and the steps taken to approach an unfamiliar embedded architecture.\r\n\r\nDuring this presentation, you can expect digging into low-level micro-controller notions such as interrupt handlers, special purpose registers, how to find flash handling code, and way too much M32C assembly. If you’ve ever dabbled in hardware hacking and want to have a look at something that is not Linux-based, this talk will give you some pointers in how to get the ball* rolling. (*not talking about the ones we dropped at the reballing station)","end_timestamp":{"seconds":1660337100,"nanoseconds":0},"updated_timestamp":{"seconds":1659142260,"nanoseconds":0},"speakers":[{"content_ids":[49102],"conference_id":65,"event_ids":[49132],"name":"Philippe Laulheret ","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48542}],"timeband_id":891,"links":[],"end":"2022-08-12T20:45:00.000-0000","id":49132,"village_id":14,"tag_ids":[40257,45338,45340,45373,45451],"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48542}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45440,"name":"Flamingo - Exec Conf Ctr - Red Rock VI, VII, VII (Hardware Hacking Village)","hotel":"","short_name":"Red Rock VI, VII, VII (Hardware Hacking Village)","id":45422},"begin":"2022-08-12T20:00:00.000-0000","updated":"2022-07-30T00:51:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Calling ML practitioners and security researchers to compete in two competitions. Returning to AI Village is the ML Security Evasion Competition–with new twists for the offense-minded contestant. New to AI Village this year is the ML Model Attribution Challenge for those interested in defense and compliance. There are multiple ways to win in each competition, with first place prizes at $3000 USD, honorable mention prizes at $1500 USD, and multiple student awards also valued at $1500 USD. In all, we’ll be giving away up to $20K USD divided amongst up to 9 top contestants. The challenges begin now!\r\n\r\nIn the ML Security Evasion Competition (https://mlsec.io), you are an attacker attempting to bypass HTML antiphishing models, and biometric face recognition models in two separate challenges. Modify HTML or image samples in a way to fool the models hosted by the competition sponsors. Visit https://mlsec.io to register, participate, submit and potentially win. You have 6 weeks to submit (Sep 23, 2022).\r\n\r\nIn the ML Model Attribution Challenge (https://mlmac.io), you take the role of an adjudicator, where you must determine which base model has been used for several fined-tuned generative models hosted by the competition sponsors. Query the models to investigate what might be under the hood. Students are especially encouraged to apply, with additional travel awards given to top student submissions to present results at https://camlis.org. Visit https://mlmac.io to register, participate, submit and potentially win. You have 4 weeks to submit (Sep 9, 2022).\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#7692ac","name":"AI Village","id":45330},"title":"Machine Learning Security Evasion Competition Launch","android_description":"Calling ML practitioners and security researchers to compete in two competitions. Returning to AI Village is the ML Security Evasion Competition–with new twists for the offense-minded contestant. New to AI Village this year is the ML Model Attribution Challenge for those interested in defense and compliance. There are multiple ways to win in each competition, with first place prizes at $3000 USD, honorable mention prizes at $1500 USD, and multiple student awards also valued at $1500 USD. In all, we’ll be giving away up to $20K USD divided amongst up to 9 top contestants. The challenges begin now!\r\n\r\nIn the ML Security Evasion Competition (https://mlsec.io), you are an attacker attempting to bypass HTML antiphishing models, and biometric face recognition models in two separate challenges. Modify HTML or image samples in a way to fool the models hosted by the competition sponsors. Visit https://mlsec.io to register, participate, submit and potentially win. You have 6 weeks to submit (Sep 23, 2022).\r\n\r\nIn the ML Model Attribution Challenge (https://mlmac.io), you take the role of an adjudicator, where you must determine which base model has been used for several fined-tuned generative models hosted by the competition sponsors. Query the models to investigate what might be under the hood. Students are especially encouraged to apply, with additional travel awards given to top student submissions to present results at https://camlis.org. Visit https://mlmac.io to register, participate, submit and potentially win. You have 4 weeks to submit (Sep 9, 2022).","end_timestamp":{"seconds":1660337400,"nanoseconds":0},"updated_timestamp":{"seconds":1659292500,"nanoseconds":0},"speakers":[{"content_ids":[49034],"conference_id":65,"event_ids":[49037],"name":"Hyrum Anderson ","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48466}],"timeband_id":891,"links":[],"end":"2022-08-12T20:50:00.000-0000","id":49037,"tag_ids":[40248,45330,45450],"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"village_id":3,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48466}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (AI Village)","hotel":"","short_name":"220->236 (AI Village)","id":45410},"updated":"2022-07-31T18:35:00.000-0000","begin":"2022-08-12T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Since 2013 Andrew’s company has collected daily operational data from the hard drives and SSDs in our data centers. This includes daily SMART statistics from over 250,000 drives totaling over 2 Exabytes of storage. We've reviewed and analyzed this data and we would like to share what we've learned including the most current annualized failure rates for the hard drive and SSDs we use which we’ll present model-by-model and by manufacture and size. We'll show, explain, and compare the life expectancy curves for several drive models we use including 4, 8, 12 and 14TB drives. We'll demonstrate how you can you use SMART stats and Machine Learning techniques to predict drive failure, and we’ll finish up by answering some drive mysteries like; is drive failure related to drive temperature, or using helium in the drive, or power-cycling the drive (turning it on and off on a regular basis)? As a bonus, we’ll show you where to get the data so you can do your own analysis if you desire.\n\n\n","title":"How long do hard drives and SSDs live, and what can they tell us along the way?","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ef47d8","name":"Data Duplication Village","id":45328},"android_description":"Since 2013 Andrew’s company has collected daily operational data from the hard drives and SSDs in our data centers. This includes daily SMART statistics from over 250,000 drives totaling over 2 Exabytes of storage. We've reviewed and analyzed this data and we would like to share what we've learned including the most current annualized failure rates for the hard drive and SSDs we use which we’ll present model-by-model and by manufacture and size. We'll show, explain, and compare the life expectancy curves for several drive models we use including 4, 8, 12 and 14TB drives. We'll demonstrate how you can you use SMART stats and Machine Learning techniques to predict drive failure, and we’ll finish up by answering some drive mysteries like; is drive failure related to drive temperature, or using helium in the drive, or power-cycling the drive (turning it on and off on a regular basis)? As a bonus, we’ll show you where to get the data so you can do your own analysis if you desire.","end_timestamp":{"seconds":1660338000,"nanoseconds":0},"updated_timestamp":{"seconds":1659070320,"nanoseconds":0},"speakers":[{"content_ids":[49001],"conference_id":65,"event_ids":[49004],"name":"Andrew Klein","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48435}],"timeband_id":891,"links":[],"end":"2022-08-12T21:00:00.000-0000","id":49004,"tag_ids":[40254,45328,45373,45451],"village_id":11,"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48435}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45440,"name":"Flamingo - Exec Conf Ctr - Lake Meade and Valley of Fire (Data Duplication Village)","hotel":"","short_name":"Lake Meade and Valley of Fire (Data Duplication Village)","id":45423},"updated":"2022-07-29T04:52:00.000-0000","begin":"2022-08-12T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Once an adversary gained a foothold, they typically would like to keep their access. Here, I'm using the term \"\"access\"\" loosely where it could be many things like C2 beacon, script, binary, security source providers, shortcuts, and so on. This is called Persistence and in MITRE speak \"\"TA0003\"\" [3]. We take a look at one such persistence method, Scheduled Task. Scheduled tasks are one of the most commonly used persistence techniques in adversary intrusions and for a good reason. It provides flexibility to be created on local and remote machines and provides several ways to be created (from GUI to Net32API), along with the ability to combine/achieve tactics like Execution and Privilege Escalation. We start with the basics of scheduled tasks, and why and when an adversary would like to use them. Then we jump into the hell of threat hunting to see some ways to create a hypothesis and investigate the result set. In the end, we take a stab at detection engineering concepts surrounding the creation/revision of detections/analytics from queries/results we got from hunting this technique.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nOnce an adversary gained a foothold, they typically would like to keep their access and establish persistence. Scheduled tasks are one of the most commonly used persistence techniques in adversary intrusions and for a good reason. In this session we take a look at Scheduled Tasks. We start with the basics, and then learn how to create a hypothesis to conduct a threat hunt. In the end, we'll take a stab at detection engineering concepts surrounding the creation/revision of detections/analytics from telemetry we obtain from hunting this technique.\r\n\r\nProject Obsidian is an immersive, defensive cybersecurity learning experience.","title":"Obsidian CTH: Hunting for Adversary's Schedule","type":{"conference_id":65,"conference":"DEFCON30","color":"#97ab92","updated_at":"2024-06-07T03:39+0000","name":"Blue Team Village","id":45376},"android_description":"Once an adversary gained a foothold, they typically would like to keep their access. Here, I'm using the term \"\"access\"\" loosely where it could be many things like C2 beacon, script, binary, security source providers, shortcuts, and so on. This is called Persistence and in MITRE speak \"\"TA0003\"\" [3]. We take a look at one such persistence method, Scheduled Task. Scheduled tasks are one of the most commonly used persistence techniques in adversary intrusions and for a good reason. It provides flexibility to be created on local and remote machines and provides several ways to be created (from GUI to Net32API), along with the ability to combine/achieve tactics like Execution and Privilege Escalation. We start with the basics of scheduled tasks, and why and when an adversary would like to use them. Then we jump into the hell of threat hunting to see some ways to create a hypothesis and investigate the result set. In the end, we take a stab at detection engineering concepts surrounding the creation/revision of detections/analytics from queries/results we got from hunting this technique.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nOnce an adversary gained a foothold, they typically would like to keep their access and establish persistence. Scheduled tasks are one of the most commonly used persistence techniques in adversary intrusions and for a good reason. In this session we take a look at Scheduled Tasks. We start with the basics, and then learn how to create a hypothesis to conduct a threat hunt. In the end, we'll take a stab at detection engineering concepts surrounding the creation/revision of detections/analytics from telemetry we obtain from hunting this technique.\r\n\r\nProject Obsidian is an immersive, defensive cybersecurity learning experience.","end_timestamp":{"seconds":1660338000,"nanoseconds":0},"updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48943],"conference_id":65,"event_ids":[48943],"name":"Cyb3rHawk","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48378}],"timeband_id":891,"links":[],"end":"2022-08-12T21:00:00.000-0000","id":48943,"village_id":7,"tag_ids":[40250,45332,45373,45376,45451],"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48378}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person)","hotel":"","short_name":"BTV Project Obsidian: Track 0x42 (In-person)","id":45472},"spans_timebands":"N","begin":"2022-08-12T20:00:00.000-0000","updated":"2022-07-28T21:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Project Obsidian Incident Response station will walk through how to capture the necessary information as you are actively working an incident without slowing down on tickets, notes, timeline recording, and status updates. Plus tips based on years of IR experience on what NOT to do; spend less time writing and more time doing. \r\nThis session is based on Kill Chain 1 data set and will show you how to prep and work an incident with a focus on communication and efficiency in all aspects.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nIf you don't document it, it didn't happen. A real world approach to IR communication.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","title":"Obsidian: IR - Mise En Place for Investigations","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#97ab92","name":"Blue Team Village","id":45376},"android_description":"Project Obsidian Incident Response station will walk through how to capture the necessary information as you are actively working an incident without slowing down on tickets, notes, timeline recording, and status updates. Plus tips based on years of IR experience on what NOT to do; spend less time writing and more time doing. \r\nThis session is based on Kill Chain 1 data set and will show you how to prep and work an incident with a focus on communication and efficiency in all aspects.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nIf you don't document it, it didn't happen. A real world approach to IR communication.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","end_timestamp":{"seconds":1660338000,"nanoseconds":0},"updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48918,48928,48915],"conference_id":65,"event_ids":[48917,48919,48929],"name":"aviditas","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48370},{"content_ids":[48918,48935,48928],"conference_id":65,"event_ids":[48919,48929,48935],"name":"ChocolateCoat","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48375},{"content_ids":[48928,48925,48915],"conference_id":65,"event_ids":[48917,48926,48929],"name":"CountZ3r0","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48384}],"timeband_id":891,"links":[],"end":"2022-08-12T21:00:00.000-0000","id":48929,"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"tag_ids":[40250,45331,45348,45374,45376],"village_id":7,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48375},{"tag_id":565,"sort_order":1,"person_id":48384},{"tag_id":565,"sort_order":1,"person_id":48370}],"tags":"Lightning Talk, Pre-Recorded Content","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person)","hotel":"","short_name":"BTV Project Obsidian: Track 0x41 (In-person)","id":45471},"spans_timebands":"N","begin":"2022-08-12T20:00:00.000-0000","updated":"2022-07-28T21:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"This hands-on training workshop will walk attendees through threat hunting exercises to detect and investigate common Tactics, Techniques, and Procedures (TTPs) frequently used by ransomware threat actors during an attack. From Reconnaissance and Initial Access to Exfiltration and Impact, attendees will be exposed to a compressed ransomware attack lifecycle while being able to leverage attack TTPs including commands, scripts, tools, communication channels, and techniques that we frequently see and use in the wild. Tactics and techniques will be mapped to the MITRE ATT&CK Framework, and will be inspired by ATT&CK's Adversary Emulation Plans. The workshop will accordingly incorporate offensive operation elements such as adversary emulation and red teaming, but with an emphasis on purple teaming and blue teaming. In other words, we will explore the logs and other artifacts potentially left behind by our attack TTPs and how the blue team might utilize endpoint and network logs and defensive tooling to detect and disrupt the ATT&CK kill chain components. Examples of tools and threat intelligence sources that will be incorporated include Atomic Red Team, open-source offensive security tools such as Mimikatz, Living off the Land Binaries and Scripts (LOLBAS) including PowerShell, real-world or Proof-of-Concept malware samples and exploits, and leaked ransomware playbooks supplemented by other open-source intelligence (OSINT) sources; and specifically on the blue team side, popular security logging pipeline and Security Information and Events Management (SIEM) tools such as Sysmon and Elastic Stack.\n\n\nThis hands-on training workshop will walk attendees through hunting for Tactics, Techniques, and Procedures (TTPs) frequently used by ransomware adversaries. From Reconnaissance and Initial Access to Exfiltration and Impact, attendees will be exposed to a compressed ransomware attack lifecycle. Workshop TTPs will be mapped to the MITRE ATT&CK Framework, and it will incorporate offensive operation elements such as adversary emulation, but while emphasizing purple and blue teaming. We will explore the endpoint and network logs left behind by attack TTPs and how the blue team can utilize such logs and defensive tooling to detect and disrupt the attack.","type":{"conference_id":65,"conference":"DEFCON30","color":"#97ab92","updated_at":"2024-06-07T03:39+0000","name":"Blue Team Village","id":45376},"title":"Ransomware ATT&CK and Defense","android_description":"This hands-on training workshop will walk attendees through threat hunting exercises to detect and investigate common Tactics, Techniques, and Procedures (TTPs) frequently used by ransomware threat actors during an attack. From Reconnaissance and Initial Access to Exfiltration and Impact, attendees will be exposed to a compressed ransomware attack lifecycle while being able to leverage attack TTPs including commands, scripts, tools, communication channels, and techniques that we frequently see and use in the wild. Tactics and techniques will be mapped to the MITRE ATT&CK Framework, and will be inspired by ATT&CK's Adversary Emulation Plans. The workshop will accordingly incorporate offensive operation elements such as adversary emulation and red teaming, but with an emphasis on purple teaming and blue teaming. In other words, we will explore the logs and other artifacts potentially left behind by our attack TTPs and how the blue team might utilize endpoint and network logs and defensive tooling to detect and disrupt the ATT&CK kill chain components. Examples of tools and threat intelligence sources that will be incorporated include Atomic Red Team, open-source offensive security tools such as Mimikatz, Living off the Land Binaries and Scripts (LOLBAS) including PowerShell, real-world or Proof-of-Concept malware samples and exploits, and leaked ransomware playbooks supplemented by other open-source intelligence (OSINT) sources; and specifically on the blue team side, popular security logging pipeline and Security Information and Events Management (SIEM) tools such as Sysmon and Elastic Stack.\n\n\nThis hands-on training workshop will walk attendees through hunting for Tactics, Techniques, and Procedures (TTPs) frequently used by ransomware adversaries. From Reconnaissance and Initial Access to Exfiltration and Impact, attendees will be exposed to a compressed ransomware attack lifecycle. Workshop TTPs will be mapped to the MITRE ATT&CK Framework, and it will incorporate offensive operation elements such as adversary emulation, but while emphasizing purple and blue teaming. We will explore the endpoint and network logs left behind by attack TTPs and how the blue team can utilize such logs and defensive tooling to detect and disrupt the attack.","end_timestamp":{"seconds":1660339800,"nanoseconds":0},"updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48911],"conference_id":65,"event_ids":[48913],"name":"Esther Matut","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48348},{"content_ids":[48911],"conference_id":65,"event_ids":[48913],"name":"Daniel Chen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48351},{"content_ids":[48911],"conference_id":65,"event_ids":[48913],"name":"Ben Hughes","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48359},{"content_ids":[48911],"conference_id":65,"event_ids":[48913],"name":"Ronny Thammasathiti","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48374},{"content_ids":[48911],"conference_id":65,"event_ids":[48913],"name":"Nick Baker","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48382}],"timeband_id":891,"links":[],"end":"2022-08-12T21:30:00.000-0000","id":48913,"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"tag_ids":[40250,45365,45373,45376,45451],"village_id":7,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48359},{"tag_id":565,"sort_order":1,"person_id":48351},{"tag_id":565,"sort_order":1,"person_id":48348},{"tag_id":565,"sort_order":1,"person_id":48382},{"tag_id":565,"sort_order":1,"person_id":48374}],"tags":"Walkthrough Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45475,"name":"Virtual - BlueTeam Village - Workshops","hotel":"","short_name":"Workshops","id":45474},"begin":"2022-08-12T20:00:00.000-0000","updated":"2022-07-28T21:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"A Live Forensics Walkthrough of Obsidian Kill Chain 1 (KC1) forensics analysis using Splunk and Security Onion\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nA Live Forensics Walkthrough of Obsidian Kill Chain 1 (KC1) forensics analysis using Splunk and Security Onion\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","title":"Obsidian Forensics: KillChain1 - Adventures in Splunk and Security Onion","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#97ab92","name":"Blue Team Village","id":45376},"end_timestamp":{"seconds":1660338000,"nanoseconds":0},"android_description":"A Live Forensics Walkthrough of Obsidian Kill Chain 1 (KC1) forensics analysis using Splunk and Security Onion\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nA Live Forensics Walkthrough of Obsidian Kill Chain 1 (KC1) forensics analysis using Splunk and Security Onion\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48909,48924,48910],"conference_id":65,"event_ids":[48911,48912,48925],"name":"Wes Lambert","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48325},{"content_ids":[48909,48906,48924,48932,48910],"conference_id":65,"event_ids":[48908,48911,48912,48925,48933],"name":"Omenscan","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48341},{"content_ids":[48909,48931,48924,48938],"conference_id":65,"event_ids":[48911,48925,48932,48938],"name":"ExtremePaperClip","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48364}],"timeband_id":891,"links":[],"end":"2022-08-12T21:00:00.000-0000","id":48911,"village_id":7,"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"tag_ids":[40250,45332,45373,45376,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48364},{"tag_id":565,"sort_order":1,"person_id":48341},{"tag_id":565,"sort_order":1,"person_id":48325}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Main Stage (In-person)","hotel":"","short_name":"BTV Main Stage (In-person)","id":45470},"begin":"2022-08-12T20:00:00.000-0000","updated":"2022-07-28T21:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"We are from the Microsoft identity product group responsible for Active Directory and Azure Active Directory. We’ve noticed many customers struggle to deliver a good end user experience to their Apple and Linux Platforms. There are various ways to do this, but many customers are simply unaware of recommended configurations and best practices. This will be a deeply technical session that focuses not only on what can be done to improve this experience, but how the underlying Microsoft, Linux, and Apple technologies can work better together.\n\n\nMost organizations have Windows, MacOS and Linux in their environment. Typically many of the security controls that are applied to Windows are not applied to MacOS or Linux, due to the size of the footprint and the difficulty of implementation. This can lead to holes in an organization's overall security posture as well as a poor end user experience.\r\n\r\nRecently, Azure AD has released some new functionality to help improve the overall environment security posture for MacOS and Linux, both servers and clients. We'll discuss how these pieces work deep down and some best practices on deploying them.","title":"Improving security posture of MacOS and Linux with Azure AD","type":{"conference_id":65,"conference":"DEFCON30","color":"#97ab92","updated_at":"2024-06-07T03:39+0000","name":"Blue Team Village","id":45376},"end_timestamp":{"seconds":1660338000,"nanoseconds":0},"android_description":"We are from the Microsoft identity product group responsible for Active Directory and Azure Active Directory. We’ve noticed many customers struggle to deliver a good end user experience to their Apple and Linux Platforms. There are various ways to do this, but many customers are simply unaware of recommended configurations and best practices. This will be a deeply technical session that focuses not only on what can be done to improve this experience, but how the underlying Microsoft, Linux, and Apple technologies can work better together.\n\n\nMost organizations have Windows, MacOS and Linux in their environment. Typically many of the security controls that are applied to Windows are not applied to MacOS or Linux, due to the size of the footprint and the difficulty of implementation. This can lead to holes in an organization's overall security posture as well as a poor end user experience.\r\n\r\nRecently, Azure AD has released some new functionality to help improve the overall environment security posture for MacOS and Linux, both servers and clients. We'll discuss how these pieces work deep down and some best practices on deploying them.","updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48904],"conference_id":65,"event_ids":[48906],"name":"Michael Epping","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48322},{"content_ids":[48904],"conference_id":65,"event_ids":[48906],"name":"Mark Morowczynski","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48373}],"timeband_id":891,"links":[],"end":"2022-08-12T21:00:00.000-0000","id":48906,"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"village_id":7,"tag_ids":[40250,45367,45373,45376,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48373},{"tag_id":565,"sort_order":1,"person_id":48322}],"tags":"Panel","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45475,"name":"Virtual - BlueTeam Village - Talks","hotel":"","short_name":"Talks","id":45473},"spans_timebands":"N","updated":"2022-07-28T21:38:00.000-0000","begin":"2022-08-12T20:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"With a recent market cap of over $100 billion and the genericization of its name, the popularity of Zoom is undeniable. But what about its security? This imperative question is often quite personal, as who amongst us isn't jumping on weekly (daily?) Zoom calls? \n\nIn this talk, we’ll explore Zoom’s macOS application to uncover several critical security flaws. Flaws, that provided a local unprivileged attacker a direct and reliable path to root. \n\nThe first flaw, presents itself subtly in a core cryptographic validation routine, while the second is due to a nuanced trust issue between Zoom’s client and its privileged helper component.\n\nAfter detailing both root cause analysis and full exploitation of these flaws, we’ll end the talk by showing how such issues could be avoided …both by Zoom, but also in other macOS applications.\n\n\n","title":"You’re MutedRooted","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"android_description":"With a recent market cap of over $100 billion and the genericization of its name, the popularity of Zoom is undeniable. But what about its security? This imperative question is often quite personal, as who amongst us isn't jumping on weekly (daily?) Zoom calls? \n\nIn this talk, we’ll explore Zoom’s macOS application to uncover several critical security flaws. Flaws, that provided a local unprivileged attacker a direct and reliable path to root. \n\nThe first flaw, presents itself subtly in a core cryptographic validation routine, while the second is due to a nuanced trust issue between Zoom’s client and its privileged helper component.\n\nAfter detailing both root cause analysis and full exploitation of these flaws, we’ll end the talk by showing how such issues could be avoided …both by Zoom, but also in other macOS applications.","end_timestamp":{"seconds":1660337100,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48515,48561],"conference_id":65,"event_ids":[48578,48515],"name":"Patrick Wardle","affiliations":[{"organization":"","title":"Founder, Objective-See Foundation"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/patrickwardle"},{"description":"","title":"https://objective-see.org/","sort_order":0,"url":"https://objective-see.org/"}],"media":[],"id":47914,"title":"Founder, Objective-See Foundation"}],"timeband_id":891,"end":"2022-08-12T20:45:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241830"}],"id":48578,"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"village_id":null,"tag_ids":[45241,45279,45280,45281,45375,45450],"includes":"Tool, Demo, Exploit","people":[{"tag_id":565,"sort_order":1,"person_id":47914}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"begin":"2022-08-12T20:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Eleven years ago, \"Sour Pickles\" was presented by Marco Slaviero. Python docs already said pickles were insecure at that time. But since then, machine learning frameworks started saving models in pickled formats as well. So, I will show how simple it is to add a backdoor into any pickled object using machine learning models as an example. As well as an example of how to securely save a model to prevent malicious code from being injected into it.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"title":"Backdooring Pickles: A decade only made things worse","end_timestamp":{"seconds":1660335600,"nanoseconds":0},"android_description":"Eleven years ago, \"Sour Pickles\" was presented by Marco Slaviero. Python docs already said pickles were insecure at that time. But since then, machine learning frameworks started saving models in pickled formats as well. So, I will show how simple it is to add a backdoor into any pickled object using machine learning models as an example. As well as an example of how to securely save a model to prevent malicious code from being injected into it.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48514],"conference_id":65,"event_ids":[48552],"name":"ColdwaterQ","affiliations":[{"organization":"","title":"Senior Security Engineer at Nvidia"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ColdwaterQ"},{"description":"","title":"Website","sort_order":0,"url":"https://coldwaterq.com/"}],"media":[],"id":47864,"title":"Senior Security Engineer at Nvidia"}],"timeband_id":891,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241825"}],"end":"2022-08-12T20:20:00.000-0000","id":48552,"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"village_id":null,"tag_ids":[45241,45279,45281,45375,45450],"includes":"Demo, Tool","people":[{"tag_id":565,"sort_order":1,"person_id":47864}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 401-410, 421 (Track 3)","hotel":"","short_name":"401-410, 421 (Track 3)","id":45374},"begin":"2022-08-12T20:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Shellcodes are short executable stubs that are used in various attack scenarios, whenever code execution is possible. After quickly recalling what a shellcode is and why designing shellcodes under constraints is an art, we'll study a new constraint for which (to the best of our knowledge) no such shellcode was previously known: emoji shellcoding. We'll tackle this problem by introducing a new and more generic approach to shellcoding under constraints. Brace yourselves, you'll see some black magic weaponizing these cute little emojis 🥰 into merciless exploits 👿.\n\n\n","title":"Emoji Shellcoding: 🛠️, 🧌, and 🤯","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"android_description":"Shellcodes are short executable stubs that are used in various attack scenarios, whenever code execution is possible. After quickly recalling what a shellcode is and why designing shellcodes under constraints is an art, we'll study a new constraint for which (to the best of our knowledge) no such shellcode was previously known: emoji shellcoding. We'll tackle this problem by introducing a new and more generic approach to shellcoding under constraints. Brace yourselves, you'll see some black magic weaponizing these cute little emojis 🥰 into merciless exploits 👿.","end_timestamp":{"seconds":1660337100,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48513],"conference_id":65,"event_ids":[48502],"name":"Georges-Axel Jaloyan","affiliations":[{"organization":"","title":"Hacker"}],"links":[],"pronouns":null,"media":[],"id":47821,"title":"Hacker"},{"content_ids":[48513],"conference_id":65,"event_ids":[48502],"name":"Hadrien Barral","affiliations":[{"organization":"","title":"Hacker"}],"links":[],"pronouns":null,"media":[],"id":47886,"title":"Hacker"}],"timeband_id":891,"end":"2022-08-12T20:45:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241820"}],"id":48502,"village_id":null,"tag_ids":[45241,45279,45281,45375,45450],"begin_timestamp":{"seconds":1660334400,"nanoseconds":0},"includes":"Demo, Tool","people":[{"tag_id":565,"sort_order":1,"person_id":47821},{"tag_id":565,"sort_order":1,"person_id":47886}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 104-105, 135-136 (Track 1)","hotel":"","short_name":"104-105, 135-136 (Track 1)","id":45372},"begin":"2022-08-12T20:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"You are being stalked. What can be done? Can you stalk back, and should you? What exactly does it mean to \"stalk back\"? These issues and questions are addressed through a detailed case study in this presentation. OSINT and disinformation are tools discussed in leveling the playing field in an otherwise disadvantaged scenario. \n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#bab7d9","updated_at":"2024-06-07T03:39+0000","name":"Recon Village","id":45384},"title":"Stalking Back","android_description":"You are being stalked. What can be done? Can you stalk back, and should you? What exactly does it mean to \"stalk back\"? These issues and questions are addressed through a detailed case study in this presentation. OSINT and disinformation are tools discussed in leveling the playing field in an otherwise disadvantaged scenario.","end_timestamp":{"seconds":1660336200,"nanoseconds":0},"updated_timestamp":{"seconds":1659974940,"nanoseconds":0},"speakers":[{"content_ids":[49369,49720],"conference_id":65,"event_ids":[49505,49910],"name":"MasterChen","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/chenb0x"}],"pronouns":null,"media":[],"id":48783}],"timeband_id":891,"links":[],"end":"2022-08-12T20:30:00.000-0000","id":49910,"begin_timestamp":{"seconds":1660333500,"nanoseconds":0},"village_id":26,"tag_ids":[40268,45340,45373,45384,45453],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48783}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social B and C (Recon Village)","hotel":"","short_name":"Social B and C (Recon Village)","id":45415},"begin":"2022-08-12T19:45:00.000-0000","updated":"2022-08-08T16:09:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Media hype concerning \"\"attacks\"\" on the electric grid is common through multiple sources, but ignores actual vectors of concern for impacting electric services to populations. This talk will examine how cyber effects can effectively impair electric services, focusing on how cyber can leverage underlying system dependencies and opportunities to achieve outsized impacts. In addition to reviewing the most studied disruptive cyber events on electric systems (2015 and 2016 Ukraine), this talk will also explore \"\"near miss\"\" events (such as the Berserk Bear campaigns from 2017 through at least 2020) as well as recent events in Ukraine. Furthermore, we will also discuss the lessons from non-cyber events (such as the 2003 blackouts in North America and Europe, and more recent incidents) to illustrate necessary steps to effectively disabling the delivery of electric services.\r\n\r\nAs a result of this discussion, attendees will emerge with a more thorough understanding of the number of steps and actions required to overcome existing protections and redundancies in electric environments. Additionally, attendees will learn of potential shortcuts through external events and environmental factors that can enable outsized effects. Overall, this discussion will inform attendees as to the overall complexity of electric systems, and what types of actions are necessary to undermine such systems through cyber means.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#a8c24b","name":"Skytalk","id":45291},"title":"Taking Down the Grid","end_timestamp":{"seconds":1660336500,"nanoseconds":0},"android_description":"Media hype concerning \"\"attacks\"\" on the electric grid is common through multiple sources, but ignores actual vectors of concern for impacting electric services to populations. This talk will examine how cyber effects can effectively impair electric services, focusing on how cyber can leverage underlying system dependencies and opportunities to achieve outsized impacts. In addition to reviewing the most studied disruptive cyber events on electric systems (2015 and 2016 Ukraine), this talk will also explore \"\"near miss\"\" events (such as the Berserk Bear campaigns from 2017 through at least 2020) as well as recent events in Ukraine. Furthermore, we will also discuss the lessons from non-cyber events (such as the 2003 blackouts in North America and Europe, and more recent incidents) to illustrate necessary steps to effectively disabling the delivery of electric services.\r\n\r\nAs a result of this discussion, attendees will emerge with a more thorough understanding of the number of steps and actions required to overcome existing protections and redundancies in electric environments. Additionally, attendees will learn of potential shortcuts through external events and environmental factors that can enable outsized effects. Overall, this discussion will inform attendees as to the overall complexity of electric systems, and what types of actions are necessary to undermine such systems through cyber means.","updated_timestamp":{"seconds":1658865420,"nanoseconds":0},"speakers":[{"content_ids":[48711,49350],"conference_id":65,"event_ids":[48718,49450],"name":"Joe Slowik","affiliations":[{"organization":"Gigamon","title":"Threat Intelligence & Detections Engineering Lead"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jfslowik"}],"pronouns":null,"media":[],"id":47999,"title":"Threat Intelligence & Detections Engineering Lead at Gigamon"}],"timeband_id":891,"links":[],"end":"2022-08-12T20:35:00.000-0000","id":48718,"village_id":30,"tag_ids":[40272,45291,45340,45373,45453],"begin_timestamp":{"seconds":1660333500,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47999}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45438,"name":"LINQ - BLOQ (SkyTalks 303)","hotel":"","short_name":"BLOQ (SkyTalks 303)","id":45413},"spans_timebands":"N","begin":"2022-08-12T19:45:00.000-0000","updated":"2022-07-26T19:57:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"We did the Ford Raptor attack but there is so much more to show. There have been several recent release of vehicle vulnerabilities. In this quick intro to keyfobs we will discuss some easy steps to find vulnerabilities. These are the steps we use to discover if a vehicle is susceptible to replay attacks. We will have some demos and the flowchart we use to start finding flaws with rolling code protocols. After this talk you will have some great starting point to do your own RF exploitation of vehicles. This is the talk for you if you want to attack vehicles or just have 30 minutes to kill.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8826b","name":"Radio Frequency Village","id":45383},"title":"Intro guide to keyfob hacking","android_description":"We did the Ford Raptor attack but there is so much more to show. There have been several recent release of vehicle vulnerabilities. In this quick intro to keyfobs we will discuss some easy steps to find vulnerabilities. These are the steps we use to discover if a vehicle is susceptible to replay attacks. We will have some demos and the flowchart we use to start finding flaws with rolling code protocols. After this talk you will have some great starting point to do your own RF exploitation of vehicles. This is the talk for you if you want to attack vehicles or just have 30 minutes to kill.","end_timestamp":{"seconds":1660334400,"nanoseconds":0},"updated_timestamp":{"seconds":1660011360,"nanoseconds":0},"speakers":[{"content_ids":[49735],"conference_id":65,"event_ids":[49927],"name":"Woody","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/tb69rr"}],"pronouns":null,"media":[],"id":49070}],"timeband_id":891,"links":[],"end":"2022-08-12T20:00:00.000-0000","id":49927,"begin_timestamp":{"seconds":1660332600,"nanoseconds":0},"village_id":25,"tag_ids":[40267,45340,45373,45383,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49070}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Eldorado Ballroom (Radio Frequency Village)","hotel":"","short_name":"Eldorado Ballroom (Radio Frequency Village)","id":45427},"spans_timebands":"N","begin":"2022-08-12T19:30:00.000-0000","updated":"2022-08-09T02:16:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Suppose you need to create a scenario for a national cyber crisis exercise with hundred participating organizations. It has to be an attack with a disruptive national impact BUT cannot be an existing APT group. The solution: creating a realistic threat actor and their simulated attack - entirely from scratch. Creating such an adversary simulation is not an easy task. How do you simulate a zero-day attack on the networks of all participating companies, create a fictive country, define TTPs for the non-existent adversary, reflect all defined TTPs in the attack, and allow attribution? This talk includes a detailed description of the attack chain created and how more than two thousand participants broke their heads over finding the attack path in supplied injects, like event logs, memory dumps, and custom malware.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#54ab76","updated_at":"2024-06-07T03:39+0000","name":"Adversary Village","id":45377},"title":"Hacked by Raspberia: Simulating a nationally disruptive attack by a non-existent state actor","android_description":"Suppose you need to create a scenario for a national cyber crisis exercise with hundred participating organizations. It has to be an attack with a disruptive national impact BUT cannot be an existing APT group. The solution: creating a realistic threat actor and their simulated attack - entirely from scratch. Creating such an adversary simulation is not an easy task. How do you simulate a zero-day attack on the networks of all participating companies, create a fictive country, define TTPs for the non-existent adversary, reflect all defined TTPs in the attack, and allow attribution? This talk includes a detailed description of the attack chain created and how more than two thousand participants broke their heads over finding the attack path in supplied injects, like event logs, memory dumps, and custom malware.","end_timestamp":{"seconds":1660334400,"nanoseconds":0},"updated_timestamp":{"seconds":1659888540,"nanoseconds":0},"speakers":[{"content_ids":[49580],"conference_id":65,"event_ids":[49792],"name":"Sanne Maasakkers","affiliations":[{"organization":"NCSC-NL","title":"Security Specialist"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/sannemaasakkers/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/sannemaasakkers"}],"pronouns":null,"media":[],"id":48914,"title":"Security Specialist at NCSC-NL"}],"timeband_id":891,"links":[],"end":"2022-08-12T20:00:00.000-0000","id":49792,"tag_ids":[40246,45340,45373,45377,45451],"begin_timestamp":{"seconds":1660332600,"nanoseconds":0},"village_id":1,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48914}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"updated":"2022-08-07T16:09:00.000-0000","begin":"2022-08-12T19:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"First you'll get an overview of all hardware and systems involved in access controlled doors and alarm systems, and a multitude of attack vectors to defeat them; then try your hand at a number of these attacks using our physical displays and online games.\n\n\n","title":"Pwning Alarm Wires","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#61ba95","name":"Physical Security Village","id":45381},"end_timestamp":{"seconds":1660334400,"nanoseconds":0},"android_description":"First you'll get an overview of all hardware and systems involved in access controlled doors and alarm systems, and a multitude of attack vectors to defeat them; then try your hand at a number of these attacks using our physical displays and online games.","updated_timestamp":{"seconds":1659624240,"nanoseconds":0},"speakers":[{"content_ids":[48569,49394,49402],"conference_id":65,"event_ids":[48588,49541,49549],"name":"Bill Graydon","affiliations":[{"organization":"","title":"Principal, Physical Security Analytics, GGR Security "}],"links":[{"description":"","title":"GitHub","sort_order":0,"url":"https://github.com/bgraydon"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/access_ctrl"},{"description":"","title":"YouTube","sort_order":0,"url":"https://www.youtube.com/channel/UCzZK3vjJL9rKNPXNoCPFO5g/videos"}],"pronouns":null,"media":[],"id":47862,"title":"Principal, Physical Security Analytics, GGR Security"}],"timeband_id":891,"links":[],"end":"2022-08-12T20:00:00.000-0000","id":49541,"begin_timestamp":{"seconds":1660332600,"nanoseconds":0},"tag_ids":[40264,45340,45373,45381,45450],"village_id":22,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47862}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 201-202 (Physical Security Village)","hotel":"","short_name":"201-202 (Physical Security Village)","id":45428},"updated":"2022-08-04T14:44:00.000-0000","begin":"2022-08-12T19:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Watch members of the Rogues Village staff try to fool you with an elaborate series of gambling situations and sleights. Can you be the one to “Catch the Cheat”?\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#569d6e","name":"Rogues Village","id":45368},"title":"Catch the Cheat","android_description":"Watch members of the Rogues Village staff try to fool you with an elaborate series of gambling situations and sleights. Can you be the one to “Catch the Cheat”?","end_timestamp":{"seconds":1660336200,"nanoseconds":0},"updated_timestamp":{"seconds":1659467400,"nanoseconds":0},"speakers":[{"content_ids":[49320,49325,49328],"conference_id":65,"event_ids":[49420,49425,49428],"name":"Four Suits Co","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/foursuits_co"},{"description":"","title":"Website","sort_order":0,"url":"https://foursuits.co/"}],"pronouns":null,"media":[],"id":48742}],"timeband_id":891,"links":[],"end":"2022-08-12T20:30:00.000-0000","id":49420,"village_id":29,"tag_ids":[40271,45340,45368,45453],"begin_timestamp":{"seconds":1660332600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48742}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Evolution (Rogues Village)","hotel":"","short_name":"Evolution (Rogues Village)","id":45407},"spans_timebands":"N","begin":"2022-08-12T19:30:00.000-0000","updated":"2022-08-02T19:10:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#c497fa","name":"Girls Hack Village","id":45361},"title":"Resumé Review","end_timestamp":{"seconds":1660336200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659465720,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-12T20:30:00.000-0000","id":49396,"tag_ids":[40255,45341,45361,45451],"begin_timestamp":{"seconds":1660332600,"nanoseconds":0},"village_id":12,"includes":"","people":[],"tags":"Village Event","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City III (Girls Hack Village)","hotel":"","short_name":"Virginia City III (Girls Hack Village)","id":45400},"begin":"2022-08-12T19:30:00.000-0000","updated":"2022-08-02T18:42:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Default Google Cloud Platform (GCP) configurations include open ports, high numbers of excessive permissions, limited logging, and credential expiration dates, which security professionals would typically never let happen. But, we cannot expect users in GCP environments to know and prioritize the most secure option for each setting when they configure a resource. This inadvertently leads to unsafe environments that attackers can leverage.\r\n\r\nIn this talk, we will review the 'dangerous defaults' of GCP and how they can be abused by attackers. We'll also provide specific policies cloud architects and cloud administrators should implement to stop their users from deploying default configurations and outline how to set up policies that reduce decision fatigue on their users. The goal is for cloud architects, engineers, and Blue Teamers to implement what they see in this talk and scale their environment to be significantly more secure. It will also give my fellow Red Teamers a list of items to check for during their assessments to help organizations further harden their environments.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#7caa57","name":"Cloud Village","id":45350},"title":"Weather Proofing GCP Defaults","android_description":"Default Google Cloud Platform (GCP) configurations include open ports, high numbers of excessive permissions, limited logging, and credential expiration dates, which security professionals would typically never let happen. But, we cannot expect users in GCP environments to know and prioritize the most secure option for each setting when they configure a resource. This inadvertently leads to unsafe environments that attackers can leverage.\r\n\r\nIn this talk, we will review the 'dangerous defaults' of GCP and how they can be abused by attackers. We'll also provide specific policies cloud architects and cloud administrators should implement to stop their users from deploying default configurations and outline how to set up policies that reduce decision fatigue on their users. The goal is for cloud architects, engineers, and Blue Teamers to implement what they see in this talk and scale their environment to be significantly more secure. It will also give my fellow Red Teamers a list of items to check for during their assessments to help organizations further harden their environments.","end_timestamp":{"seconds":1660335000,"nanoseconds":0},"updated_timestamp":{"seconds":1659282960,"nanoseconds":0},"speakers":[{"content_ids":[49171],"conference_id":65,"event_ids":[49207],"name":"Shannon McHale","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/_shannon_mchale"}],"pronouns":null,"media":[],"id":48628}],"timeband_id":891,"links":[],"end":"2022-08-12T20:10:00.000-0000","id":49207,"begin_timestamp":{"seconds":1660332600,"nanoseconds":0},"village_id":9,"tag_ids":[40252,45340,45350,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48628}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Cloud Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Cloud Village)","id":45431},"spans_timebands":"N","updated":"2022-07-31T15:56:00.000-0000","begin":"2022-08-12T19:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Light Collective will share how ad targeting tools in healthcare leak PHI from hospitals and other HIPAA covered entities at an unprecedented scale. We'll cover the ways surveillance capitalism in healthcare has caused harm to patient populations during the pandemic. We'll walk through common marketing tactics and techniques used in healthcare which create an effective kill chain when exploited. Finally, we'll discuss legal & policy implications.\n\n\n","title":"How to stop Surveillance Captalism in Healthcare","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#a67a60","name":"Biohacking Village","id":45329},"end_timestamp":{"seconds":1660336200,"nanoseconds":0},"android_description":"The Light Collective will share how ad targeting tools in healthcare leak PHI from hospitals and other HIPAA covered entities at an unprecedented scale. We'll cover the ways surveillance capitalism in healthcare has caused harm to patient populations during the pandemic. We'll walk through common marketing tactics and techniques used in healthcare which create an effective kill chain when exploited. Finally, we'll discuss legal & policy implications.","updated_timestamp":{"seconds":1659108000,"nanoseconds":0},"speakers":[{"content_ids":[49013,49155],"conference_id":65,"event_ids":[49016,49191],"name":"Andrea Downing","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48437},{"content_ids":[49013],"conference_id":65,"event_ids":[49016],"name":"Jillian Simons","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48446},{"content_ids":[49013,49155],"conference_id":65,"event_ids":[49016,49191],"name":"Valencia Robinson","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48459}],"timeband_id":891,"links":[],"end":"2022-08-12T20:30:00.000-0000","id":49016,"tag_ids":[40277,45329,45373,45451],"village_id":5,"begin_timestamp":{"seconds":1660332600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48437},{"tag_id":565,"sort_order":1,"person_id":48446},{"tag_id":565,"sort_order":1,"person_id":48459}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Laughlin I,II,III (Biohacking Village)","hotel":"","short_name":"Laughlin I,II,III (Biohacking Village)","id":45405},"spans_timebands":"N","updated":"2022-07-29T15:20:00.000-0000","begin":"2022-08-12T19:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"While each nation and region around the world has unique governance models and concerns, there is a large commonality in our: adversaries, markets, supply chains, vulnerabilities, and connectivity. So each nation and region approaches cyber policy in ways that are unique and ways that are in common with the broader global community. Join this session to hear from national leaders in cyber policy on what makes their distinct practices appropriate for them, and how they work together on the international stage where interests and concerns are aligned.\n\n\n","title":"Global Challenges, Global Approaches in Cyber Policy","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"end_timestamp":{"seconds":1660335300,"nanoseconds":0},"android_description":"While each nation and region around the world has unique governance models and concerns, there is a large commonality in our: adversaries, markets, supply chains, vulnerabilities, and connectivity. So each nation and region approaches cyber policy in ways that are unique and ways that are in common with the broader global community. Join this session to hear from national leaders in cyber policy on what makes their distinct practices appropriate for them, and how they work together on the international stage where interests and concerns are aligned.","updated_timestamp":{"seconds":1659642180,"nanoseconds":0},"speakers":[{"content_ids":[48885,48510],"conference_id":65,"event_ids":[48532,48886],"name":"Pete Cooper","affiliations":[{"organization":"UK Cabinet Office","title":"Deputy Director Cyber Defence"}],"links":[],"pronouns":null,"media":[],"id":48304,"title":"Deputy Director Cyber Defence at UK Cabinet Office"},{"content_ids":[48510,49407],"conference_id":65,"event_ids":[48532,49565],"name":"Gaurav Keerthi","affiliations":[{"organization":"Cyber Security Agency of Singapore ","title":"Deputy Chief Executive"}],"links":[],"pronouns":null,"media":[],"id":48708,"title":"Deputy Chief Executive at Cyber Security Agency of Singapore"},{"content_ids":[48510],"conference_id":65,"event_ids":[48532],"name":"Lily Newman","affiliations":[{"organization":"WIRED","title":"Senior Writer"}],"links":[],"pronouns":null,"media":[],"id":48709,"title":"Senior Writer at WIRED"}],"timeband_id":891,"links":[],"end":"2022-08-12T20:15:00.000-0000","id":48532,"tag_ids":[45241,45375,45450],"village_id":null,"begin_timestamp":{"seconds":1660332600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48708},{"tag_id":565,"sort_order":1,"person_id":48709},{"tag_id":565,"sort_order":1,"person_id":48304}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 106-110, 138-139 (Track 2)","hotel":"","short_name":"106-110, 138-139 (Track 2)","id":45373},"spans_timebands":"N","begin":"2022-08-12T19:30:00.000-0000","updated":"2022-08-04T19:43:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Want to emulate an adversary but OSINT is light on details and you don’t have access to your own forensic incident response data from a related intrusion? Building a playbook of an adversary of interest and want to add more to it? Wonder whether endpoint security controls would detect or prevent an adversary’s malware if your AV didn’t? ATT&CK Navigator doesn’t have your malware mapped as Software? In this lightning talk I will highlight another use for malware analysis and how characteristic functions and features of a malware sample or family can serve new purposes to fill in OSINT gaps and emulate technique/procedure combinations in Python.\n\n\n","title":"Malware Emulation Attack Graphs","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#54ab76","name":"Adversary Village","id":45377},"end_timestamp":{"seconds":1660332600,"nanoseconds":0},"android_description":"Want to emulate an adversary but OSINT is light on details and you don’t have access to your own forensic incident response data from a related intrusion? Building a playbook of an adversary of interest and want to add more to it? Wonder whether endpoint security controls would detect or prevent an adversary’s malware if your AV didn’t? ATT&CK Navigator doesn’t have your malware mapped as Software? In this lightning talk I will highlight another use for malware analysis and how characteristic functions and features of a malware sample or family can serve new purposes to fill in OSINT gaps and emulate technique/procedure combinations in Python.","updated_timestamp":{"seconds":1659888360,"nanoseconds":0},"speakers":[{"content_ids":[49576],"conference_id":65,"event_ids":[49788],"name":"Jack Wells","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/jackson-wells/"}],"pronouns":null,"media":[],"id":48926}],"timeband_id":891,"links":[],"end":"2022-08-12T19:30:00.000-0000","id":49788,"village_id":1,"begin_timestamp":{"seconds":1660331700,"nanoseconds":0},"tag_ids":[40246,45331,45373,45377,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48926}],"tags":"Lightning Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"begin":"2022-08-12T19:15:00.000-0000","updated":"2022-08-07T16:06:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Our research shows that the number of known ransomware attacks grew 85%, and the ransom demand climbed 144% (2.2M) from 2020 to 2021. The abundant data stored in the cloud make them lucrative targets for ransomware actors.\r\nDue to the fundamental difference between the cloud-native and on-premises IT infrastructure, existing ransomware will not be effective in cloud environments. Ransomware actors will need new TTPs to achieve successful disruption and extortion.\r\nWhat are the weaknesses that attackers are likely to exploit? What types of cloud resources are more susceptible to ransomware attacks? How may ransomware disrupt cloud workloads? This research aims to identify the possible TTPs using the knowledge of known ransomware and cloud security incidents. I will also demonstrate POC attacks that abuse a few APIs to quickly render a large amount of cloud-hosted data inaccessible. My goal is not to create fear, uncertainty, and doubt but to help clarify the risk and mitigation strategy.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#7caa57","updated_at":"2024-06-07T03:39+0000","name":"Cloud Village","id":45350},"title":"A ransomware actor looks at the clouds: attacking in a cloud-native way","android_description":"Our research shows that the number of known ransomware attacks grew 85%, and the ransom demand climbed 144% (2.2M) from 2020 to 2021. The abundant data stored in the cloud make them lucrative targets for ransomware actors.\r\nDue to the fundamental difference between the cloud-native and on-premises IT infrastructure, existing ransomware will not be effective in cloud environments. Ransomware actors will need new TTPs to achieve successful disruption and extortion.\r\nWhat are the weaknesses that attackers are likely to exploit? What types of cloud resources are more susceptible to ransomware attacks? How may ransomware disrupt cloud workloads? This research aims to identify the possible TTPs using the knowledge of known ransomware and cloud security incidents. I will also demonstrate POC attacks that abuse a few APIs to quickly render a large amount of cloud-hosted data inaccessible. My goal is not to create fear, uncertainty, and doubt but to help clarify the risk and mitigation strategy.","end_timestamp":{"seconds":1660332600,"nanoseconds":0},"updated_timestamp":{"seconds":1659282240,"nanoseconds":0},"speakers":[{"content_ids":[49166,49182],"conference_id":65,"event_ids":[49202,49218],"name":"Jay Chen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48636}],"timeband_id":891,"links":[],"end":"2022-08-12T19:30:00.000-0000","id":49202,"begin_timestamp":{"seconds":1660331400,"nanoseconds":0},"village_id":9,"tag_ids":[40252,45331,45350,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48636}],"tags":"Lightning Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Cloud Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Cloud Village)","id":45431},"updated":"2022-07-31T15:44:00.000-0000","begin":"2022-08-12T19:10:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Adversaries have increasingly been leveraging completely legitimate 3rd party web hosting products to circumvent traditional domain reputation analysis engines, and successfully get their phishing pages in front of their victims. Using these third party services also offers them a great opportunity to limit the exposure of their own infrastructure, offering a great OPSEC advantage. However, in one investigation, a few breadcrumbs left in the adversaries code led us down a rabbit hole to slowly uncovering the person behind what is perhaps the largest Facebook credential harvesting campaign ever investigated (over 100 million potentially impacted at the time of this submission).\r\n\r\nIn this talk, we will follow the breadcrumb trail left by a threat actor, demonstrating how we pieced together the shocking scale of their credential harvesting and malversating operation. From comments in their code, to their various online identities, to accessing their infrastructure - we will walk through our investigation into a wanted Colombian Cyber Criminal.\n\n\n","title":"The Richest Phisherman in Colombia","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#a8c24b","name":"Skytalk","id":45291},"android_description":"Adversaries have increasingly been leveraging completely legitimate 3rd party web hosting products to circumvent traditional domain reputation analysis engines, and successfully get their phishing pages in front of their victims. Using these third party services also offers them a great opportunity to limit the exposure of their own infrastructure, offering a great OPSEC advantage. However, in one investigation, a few breadcrumbs left in the adversaries code led us down a rabbit hole to slowly uncovering the person behind what is perhaps the largest Facebook credential harvesting campaign ever investigated (over 100 million potentially impacted at the time of this submission).\r\n\r\nIn this talk, we will follow the breadcrumb trail left by a threat actor, demonstrating how we pieced together the shocking scale of their credential harvesting and malversating operation. From comments in their code, to their various online identities, to accessing their infrastructure - we will walk through our investigation into a wanted Colombian Cyber Criminal.","end_timestamp":{"seconds":1660332600,"nanoseconds":0},"updated_timestamp":{"seconds":1658865420,"nanoseconds":0},"speakers":[{"content_ids":[48712,49722],"conference_id":65,"event_ids":[48719,49912],"name":"Nick Ascoli","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/kcin418"}],"media":[],"id":48000},{"content_ids":[48712],"conference_id":65,"event_ids":[48719],"name":"Matt Mosley","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48006}],"timeband_id":891,"links":[],"end":"2022-08-12T19:30:00.000-0000","id":48719,"village_id":30,"begin_timestamp":{"seconds":1660331400,"nanoseconds":0},"tag_ids":[40272,45291,45340,45373,45453],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48006},{"tag_id":565,"sort_order":1,"person_id":48000}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45438,"name":"LINQ - BLOQ (SkyTalks 303)","hotel":"","short_name":"BLOQ (SkyTalks 303)","id":45413},"spans_timebands":"N","updated":"2022-07-26T19:57:00.000-0000","begin":"2022-08-12T19:10:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"The State of Election Security Training","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#9d9a7e","name":"Voting Village","id":45387},"end_timestamp":{"seconds":1660334400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1660259100,"nanoseconds":0},"speakers":[{"content_ids":[49764],"conference_id":65,"event_ids":[49962],"name":"Jerome Lovato","affiliations":[{"organization":"","title":"Consultant"}],"links":[],"pronouns":null,"media":[],"id":49103,"title":"Consultant"}],"timeband_id":891,"links":[],"end":"2022-08-12T20:00:00.000-0000","id":49962,"village_id":34,"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"tag_ids":[40279,45348,45373,45387,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49103}],"tags":"Pre-Recorded Content","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 313-314, 320 (Voting Village)","hotel":"","short_name":"313-314, 320 (Voting Village)","id":45416},"begin":"2022-08-12T19:00:00.000-0000","updated":"2022-08-11T23:05:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"\"Some other nerds like CTFs and Hacking.\r\nWe professional nerds chose Exploits & Dragons.\r\n\r\nExploits & Dragons is an Open Source tool developed by DC5411, which gamifies CTF and Pentesting exercises through the use of \"\"Bosses\"\", a kind of box which WILL fight back.\r\n\r\nUsing Docker, Ruby, and a minimalistic web interface, E&D allows any user to create a containerized Boss, which will jealously guard a flag. This boss will have a health meter represented by a series of security challenges to solve (locate and delete a file, avoid a specific connection, interrupt a process, etc) to eventually \"\"kill\"\" him and take his flag.\r\n\r\nBut this is not all, throughout the event, the Boss will be able to roll dice and act accordingly: disconnecting a user, launching an area attack (disconnecting everyone), executing a user (blocking his account), or even giving hints via Discord or Slack.\r\n\r\nBring your team, and let's start a new campaign.\r\n\r\nE&D is free, open, and welcomes contributions of stories, ideas, and ASCII arts to expand it.\"\n\n\n","title":"Exploits and Dragons","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#74a6bb","name":"DEF CON Groups VR","id":45449},"android_description":"\"Some other nerds like CTFs and Hacking.\r\nWe professional nerds chose Exploits & Dragons.\r\n\r\nExploits & Dragons is an Open Source tool developed by DC5411, which gamifies CTF and Pentesting exercises through the use of \"\"Bosses\"\", a kind of box which WILL fight back.\r\n\r\nUsing Docker, Ruby, and a minimalistic web interface, E&D allows any user to create a containerized Boss, which will jealously guard a flag. This boss will have a health meter represented by a series of security challenges to solve (locate and delete a file, avoid a specific connection, interrupt a process, etc) to eventually \"\"kill\"\" him and take his flag.\r\n\r\nBut this is not all, throughout the event, the Boss will be able to roll dice and act accordingly: disconnecting a user, launching an area attack (disconnecting everyone), executing a user (blocking his account), or even giving hints via Discord or Slack.\r\n\r\nBring your team, and let's start a new campaign.\r\n\r\nE&D is free, open, and welcomes contributions of stories, ideas, and ASCII arts to expand it.\"","end_timestamp":{"seconds":1660334400,"nanoseconds":0},"updated_timestamp":{"seconds":1660257120,"nanoseconds":0},"speakers":[{"content_ids":[49748],"conference_id":65,"event_ids":[49946],"name":"Mauro Eldritch","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/mauroeldritch &"}],"pronouns":null,"media":[],"id":49086},{"content_ids":[49748],"conference_id":65,"event_ids":[49946],"name":"AdanZkx","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/AdanZkx"}],"pronouns":null,"media":[],"id":49102}],"timeband_id":891,"end":"2022-08-12T20:00:00.000-0000","links":[{"label":"URL","type":"link","url":"https://account.altvr.com/events/2059997537997160822"}],"id":49946,"village_id":null,"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"tag_ids":[45374,45449],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49102},{"tag_id":565,"sort_order":1,"person_id":49086}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - DEF CON Groups VR","hotel":"","short_name":"DEF CON Groups VR","id":45523},"spans_timebands":"N","updated":"2022-08-11T22:32:00.000-0000","begin":"2022-08-12T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Open source software supply chain has enabled great innovation, but there are a unique set of risks from this supply chain. While not a new topic, everyone from software users to governments have started to pay attention to the security risks that have emerged from the success of--and our dependence on—open source software. Some solutions proposed are not popular among open source developers and maintainers. Even worse, much of the discussion does not directly involve those with an attacker mindset, relying on just a few high profile incidents.\r\n\r\nThis session will bring together experts from the open source ecosystem with security experts to think about OSS security from an attacker’s perspective. We’ll go through a few scenarios collectively, and then brainstorm more in small groups, sharing them out. Each attack scenario will then be evaluated against potential defensive measures.\n\n\n","title":"Red Teaming the Open Source Software Supply Chain","type":{"conference_id":65,"conference":"DEFCON30","color":"#ab59db","updated_at":"2024-06-07T03:39+0000","name":"Policy@DEF CON Content","id":45311},"end_timestamp":{"seconds":1660337100,"nanoseconds":0},"android_description":"Open source software supply chain has enabled great innovation, but there are a unique set of risks from this supply chain. While not a new topic, everyone from software users to governments have started to pay attention to the security risks that have emerged from the success of--and our dependence on—open source software. Some solutions proposed are not popular among open source developers and maintainers. Even worse, much of the discussion does not directly involve those with an attacker mindset, relying on just a few high profile incidents.\r\n\r\nThis session will bring together experts from the open source ecosystem with security experts to think about OSS security from an attacker’s perspective. We’ll go through a few scenarios collectively, and then brainstorm more in small groups, sharing them out. Each attack scenario will then be evaluated against potential defensive measures.","updated_timestamp":{"seconds":1660107180,"nanoseconds":0},"speakers":[{"content_ids":[49739],"conference_id":65,"event_ids":[49932],"name":"Aeva Black","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49075},{"content_ids":[49739],"conference_id":65,"event_ids":[49932],"name":"Allan Friedman","affiliations":[{"organization":"CISA","title":"OSS Security Lead"}],"links":[],"pronouns":null,"media":[],"id":49076,"title":"OSS Security Lead at CISA"}],"timeband_id":891,"links":[],"end":"2022-08-12T20:45:00.000-0000","id":49932,"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"tag_ids":[40265,45311,45373,45450],"village_id":23,"includes":"","people":[{"tag_id":45448,"sort_order":1,"person_id":49075},{"tag_id":45448,"sort_order":1,"person_id":49076}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 224-225 - Policy Collaboratorium","hotel":"","short_name":"224-225 - Policy Collaboratorium","id":45464},"spans_timebands":"N","begin":"2022-08-12T19:00:00.000-0000","updated":"2022-08-10T04:53:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Whether you like to stay at home and virtually travel by way of computer or you like to get out and experience things first-hand, this talk will highlight how using OSINT resources and techniques can optimize your trip enjoyment. The presenter’s first career was as a travel agent in addition to having a lifelong case of wanderlust. Through the utilization of anecdotes and research skills, this presentation will provide you with resources and tips for the planning, booking, and enjoying a trip – with special attention paid to the privacy and security aspects of travel. No passport required, just your interest in learning!\n\n\n","title":"Not All Who Wander Are Lost: Using OSINT for a Fulfilling Travel Experience","type":{"conference_id":65,"conference":"DEFCON30","color":"#bab7d9","updated_at":"2024-06-07T03:39+0000","name":"Recon Village","id":45384},"end_timestamp":{"seconds":1660333500,"nanoseconds":0},"android_description":"Whether you like to stay at home and virtually travel by way of computer or you like to get out and experience things first-hand, this talk will highlight how using OSINT resources and techniques can optimize your trip enjoyment. The presenter’s first career was as a travel agent in addition to having a lifelong case of wanderlust. Through the utilization of anecdotes and research skills, this presentation will provide you with resources and tips for the planning, booking, and enjoying a trip – with special attention paid to the privacy and security aspects of travel. No passport required, just your interest in learning!","updated_timestamp":{"seconds":1659974940,"nanoseconds":0},"speakers":[{"content_ids":[48939,49309,49312,49719],"conference_id":65,"event_ids":[48939,49409,49412,49909],"name":"Tracy Z. Maleeff","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Blog","sort_order":0,"url":"https://infosecsherpa.medium.com"},{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/tzmaleeff/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/InfoSecSherpa"}],"media":[],"id":48381}],"timeband_id":891,"links":[],"end":"2022-08-12T19:45:00.000-0000","id":49909,"village_id":26,"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"tag_ids":[40268,45340,45373,45384,45453],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48381}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social B and C (Recon Village)","hotel":"","short_name":"Social B and C (Recon Village)","id":45415},"spans_timebands":"N","begin":"2022-08-12T19:00:00.000-0000","updated":"2022-08-08T16:09:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"We all know the building blocks of regular algos, so come learn the things necessary to write your own quantum algos!\n\n\n","title":"An introduction to quantum algorithms","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#aae997","name":"Quantum Village","id":45382},"end_timestamp":{"seconds":1660334400,"nanoseconds":0},"android_description":"We all know the building blocks of regular algos, so come learn the things necessary to write your own quantum algos!","updated_timestamp":{"seconds":1660333020,"nanoseconds":0},"speakers":[{"content_ids":[49701],"conference_id":65,"event_ids":[49891],"name":"Kathrin Spendier","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49059},{"content_ids":[49701],"conference_id":65,"event_ids":[49891],"name":"Mark Jackson","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49060}],"timeband_id":891,"links":[],"end":"2022-08-12T20:00:00.000-0000","id":49891,"tag_ids":[40266,45340,45373,45382,45450],"village_id":24,"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49059},{"tag_id":565,"sort_order":1,"person_id":49060}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 217 (Quantum Village)","hotel":"","short_name":"217 (Quantum Village)","id":45403},"spans_timebands":"N","begin":"2022-08-12T19:00:00.000-0000","updated":"2022-08-12T19:37:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Red Alert ICS CTF is a competition for Hackers by Hackers. The event exclusively focuses on having the participants break through several layers of security in our virtual SCADA environment and eventually take over complete control of the SCADA system.\r\n\r\nThe contest would house actual ICS (Industrial Control System) devices from various vendors on a testbed showcasing different sectors of critical infrastructure. The participants would be able to view and engage with the devices in real time and understand how each of them control each of the aspects of the testbed and leverage this to compromise the devices.\r\n\r\nRed Alert ICS CTF is back with a ton of fun challenges after successfully running the CTF at DEF CON 29, DEF CON 27 and DEF CON 26 (Black Badge).\r\n\r\nHighlights of the Red Alert ICS CTF is available at: https://youtu.be/AanKdrrQ0u0\r\n\r\nTeam Size: The team size is limited to a maximum of 4 players per team. Teams can have 1-4 players.\r\n\r\nAdditional Information: The toolkit required to access any of our specialized hardware/equipment will be provided by us.\n\n\n","title":"Red Alert ICS CTF ","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"android_description":"Red Alert ICS CTF is a competition for Hackers by Hackers. The event exclusively focuses on having the participants break through several layers of security in our virtual SCADA environment and eventually take over complete control of the SCADA system.\r\n\r\nThe contest would house actual ICS (Industrial Control System) devices from various vendors on a testbed showcasing different sectors of critical infrastructure. The participants would be able to view and engage with the devices in real time and understand how each of them control each of the aspects of the testbed and leverage this to compromise the devices.\r\n\r\nRed Alert ICS CTF is back with a ton of fun challenges after successfully running the CTF at DEF CON 29, DEF CON 27 and DEF CON 26 (Black Badge).\r\n\r\nHighlights of the Red Alert ICS CTF is available at: https://youtu.be/AanKdrrQ0u0\r\n\r\nTeam Size: The team size is limited to a maximum of 4 players per team. Teams can have 1-4 players.\r\n\r\nAdditional Information: The toolkit required to access any of our specialized hardware/equipment will be provided by us.","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"updated_timestamp":{"seconds":1659991380,"nanoseconds":0},"speakers":[],"timeband_id":891,"end":"2022-08-13T01:00:00.000-0000","links":[{"label":"YouTube","type":"link","url":"https://youtu.be/AanKdrrQ0u0"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241399"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/864187671776329738"},{"label":"Twitter","type":"link","url":"https://twitter.com/icsctf"}],"id":49772,"village_id":null,"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"tag_ids":[45360,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"spans_timebands":"N","updated":"2022-08-08T20:43:00.000-0000","begin":"2022-08-12T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The BIC Village Capture The Flag Event is a jeopardy style event designed to practice solving challenges in multiple categories. \r\n\r\nThis event seeks to not only be a series of puzzles and challenges to solve, but a gamified way to learn concepts of social justice and Black history. The gamified and challenge oriented sections of the event will not only challenge one's mind in problem solving and critical thinking but also charge one with the mission of identifying and learning about historical facts and figures that they would not otherwise be exposed to.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"title":"BIC Village Capture The Flag  ","android_description":"The BIC Village Capture The Flag Event is a jeopardy style event designed to practice solving challenges in multiple categories. \r\n\r\nThis event seeks to not only be a series of puzzles and challenges to solve, but a gamified way to learn concepts of social justice and Black history. The gamified and challenge oriented sections of the event will not only challenge one's mind in problem solving and critical thinking but also charge one with the mission of identifying and learning about historical facts and figures that they would not otherwise be exposed to.","end_timestamp":{"seconds":1660428000,"nanoseconds":0},"updated_timestamp":{"seconds":1659810300,"nanoseconds":0},"speakers":[],"timeband_id":891,"end":"2022-08-13T22:00:00.000-0000","links":[{"label":"Website","type":"link","url":"https://www.blacksincyberconf.com/ctf"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/864186927062450186"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241007"},{"label":"Twitter","type":"link","url":"https://twitter.com/BlackInCyberCo1"}],"id":49760,"village_id":6,"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"tag_ids":[40249,45360,45375,45451],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Twilight Ballroom (Blacks In Cybersecurity Village)","hotel":"","short_name":"Sunset-Twilight Ballroom (Blacks In Cybersecurity Village)","id":45401},"spans_timebands":"Y","begin":"2022-08-12T19:00:00.000-0000","updated":"2022-08-06T18:25:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Are you the next Octopus Champion? Find out at DEF CON 30! Enter here: https://www.mirolabs.info/octopusgame\r\n\r\nOnce entered, contestants are provided a random opponent. Locate your opponent and challenge them to a contest: rock-paper-scissors, Ddakji, staring contest, etc. Winners receive their opponents’ targets and the game continues until we reach the top 4. The Octopus Champion is then decided at a special tournament with events designed by the Octopus Master.\r\n\r\nPhases: \r\n\r\nRecruitment/Registration: until Friday Aug 12 10:00\r\nMandatory On-site Sign-in: Friday Aug 12 10:00 - 12:00\r\nIndividual Phase: Friday Aug 12 12:00 - Sunday Aug 14 10:00\r\nFinal 8 Phase: Sunday Aug 14 10:00 - 11:00\n\n\n","title":"Octopus Game - Individual Phase","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"android_description":"Are you the next Octopus Champion? Find out at DEF CON 30! Enter here: https://www.mirolabs.info/octopusgame\r\n\r\nOnce entered, contestants are provided a random opponent. Locate your opponent and challenge them to a contest: rock-paper-scissors, Ddakji, staring contest, etc. Winners receive their opponents’ targets and the game continues until we reach the top 4. The Octopus Champion is then decided at a special tournament with events designed by the Octopus Master.\r\n\r\nPhases: \r\n\r\nRecruitment/Registration: until Friday Aug 12 10:00\r\nMandatory On-site Sign-in: Friday Aug 12 10:00 - 12:00\r\nIndividual Phase: Friday Aug 12 12:00 - Sunday Aug 14 10:00\r\nFinal 8 Phase: Sunday Aug 14 10:00 - 11:00","end_timestamp":{"seconds":1660496400,"nanoseconds":0},"updated_timestamp":{"seconds":1659742740,"nanoseconds":0},"speakers":[],"timeband_id":891,"end":"2022-08-14T17:00:00.000-0000","links":[{"label":"Twitter","type":"link","url":"https://twitter.com/OctopusGameDC"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241373"},{"label":"Website","type":"link","url":"https://www.mirolabs.info/octopusgame"}],"id":49651,"village_id":null,"tag_ids":[45360,45373,45450],"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"spans_timebands":"Y","updated":"2022-08-05T23:39:00.000-0000","begin":"2022-08-12T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Common free learning environments online prepare people to test single boxes, but when consultants are thrown into their first real world internal infrastructure penetration test there are so many things that these environments might not be able to emulate. Come along and get some hands-on experience in a simulated internal network with tools such as Responder, Rubeus, Mimikatz and Metasploit and learn to exploit some of the most common vulnerabilities that the presenters have seen in real world environments.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"title":"Dip Your Toes in Infrastructure Testing: A Hands on Workshop Focusing on the Things CTF's Don't Teach","end_timestamp":{"seconds":1660345200,"nanoseconds":0},"android_description":"Common free learning environments online prepare people to test single boxes, but when consultants are thrown into their first real world internal infrastructure penetration test there are so many things that these environments might not be able to emulate. Come along and get some hands-on experience in a simulated internal network with tools such as Responder, Rubeus, Mimikatz and Metasploit and learn to exploit some of the most common vulnerabilities that the presenters have seen in real world environments.","updated_timestamp":{"seconds":1659679320,"nanoseconds":0},"speakers":[{"content_ids":[49442],"conference_id":65,"event_ids":[49646],"name":"Andrew Sutters","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/HillsBraindead"}],"media":[],"id":48818},{"content_ids":[49442],"conference_id":65,"event_ids":[49646],"name":"Jules Rigaudie","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48823}],"timeband_id":891,"links":[],"end":"2022-08-12T23:00:00.000-0000","id":49646,"village_id":27,"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"tag_ids":[40269,45332,45373,45385,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48818},{"tag_id":565,"sort_order":1,"person_id":48823}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"spans_timebands":"N","updated":"2022-08-05T06:02:00.000-0000","begin":"2022-08-12T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"We’re going all in on internet freedom. Take a break from hacking the Gibson to face off with your competition at the tables—and benefit EFF! Your buy-in is paired with a donation to support EFF’s mission to protect online privacy and free expression for all. Play for glory. Play for money. Play for the future of the web. Seating is limited, so reserve your spot today at https://eff.org/poker.\r\n\r\nTournament Specs: $100 Bally’s tournament buy-in with a suggested donation of $250 to EFF to sign up. Rebuys are unlimited to level 6 with each having a suggested donation of $100. Levels will be fifteen minutes, and the blinds go up at each level. Attendees must be 21+.\r\n\r\nWHEN: Friday, August 12, 2022 12:00 pm to 3:00 pm\r\n\r\nWHERE: Bally's Poker Room, 3645 Las Vegas Blvd Overpass, Las Vegas, NV 89109\r\n\r\nMore details at https://eff.org/poker\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"title":"Betting on Your Digital Rights: EFF Benefit Poker Tournament","android_description":"We’re going all in on internet freedom. Take a break from hacking the Gibson to face off with your competition at the tables—and benefit EFF! Your buy-in is paired with a donation to support EFF’s mission to protect online privacy and free expression for all. Play for glory. Play for money. Play for the future of the web. Seating is limited, so reserve your spot today at https://eff.org/poker.\r\n\r\nTournament Specs: $100 Bally’s tournament buy-in with a suggested donation of $250 to EFF to sign up. Rebuys are unlimited to level 6 with each having a suggested donation of $100. Levels will be fifteen minutes, and the blinds go up at each level. Attendees must be 21+.\r\n\r\nWHEN: Friday, August 12, 2022 12:00 pm to 3:00 pm\r\n\r\nWHERE: Bally's Poker Room, 3645 Las Vegas Blvd Overpass, Las Vegas, NV 89109\r\n\r\nMore details at https://eff.org/poker","end_timestamp":{"seconds":1660341600,"nanoseconds":0},"updated_timestamp":{"seconds":1659672480,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[{"label":"Website","type":"link","url":"https://eff.org/poker"}],"end":"2022-08-12T22:00:00.000-0000","id":49589,"village_id":null,"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"tag_ids":[45360,45373],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Other/See Description","hotel":"","short_name":"Other/See Description","id":45329},"begin":"2022-08-12T19:00:00.000-0000","updated":"2022-08-05T04:08:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Honda Connect app used by Honda City 5th generation used weak security mechanisms in its APIs for access control which would allow a malicious user to perform actions like starting the car, locking/unlocking car etc. remotely by interacting with it's Telematics Control Unit (TCU)\n\n\n","title":"Remote Exploitation of Honda Cars","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#b9b1c5","name":"Car Hacking Village","id":45352},"android_description":"The Honda Connect app used by Honda City 5th generation used weak security mechanisms in its APIs for access control which would allow a malicious user to perform actions like starting the car, locking/unlocking car etc. remotely by interacting with it's Telematics Control Unit (TCU)","end_timestamp":{"seconds":1660332300,"nanoseconds":0},"updated_timestamp":{"seconds":1659587220,"nanoseconds":0},"speakers":[{"content_ids":[49384],"conference_id":65,"event_ids":[49531],"name":"Mohammed Shine","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48791}],"timeband_id":891,"links":[],"end":"2022-08-12T19:25:00.000-0000","id":49531,"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"village_id":8,"tag_ids":[40251,45340,45348,45352,45374],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48791}],"tags":"Pre-Recorded Content, Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - Car Hacking Village","hotel":"","short_name":"Car Hacking Village","id":45487},"updated":"2022-08-04T04:27:00.000-0000","begin":"2022-08-12T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"https://www.se.community/research-cold-calls/#coldcalls\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#504dd0","name":"Social Engineering Community Village","id":45370},"title":"Cold Calls","end_timestamp":{"seconds":1660334400,"nanoseconds":0},"android_description":"https://www.se.community/research-cold-calls/#coldcalls","updated_timestamp":{"seconds":1659503880,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-12T20:00:00.000-0000","id":49486,"village_id":31,"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"tag_ids":[40273,45370,45371,45453],"includes":"","people":[],"tags":"Activity","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social A (Social Engineering Community)","hotel":"","short_name":"Social A (Social Engineering Community)","id":45418},"updated":"2022-08-03T05:18:00.000-0000","begin":"2022-08-12T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Fathom5 will be hosting a number of Grace Maritime Cyber Testbed consoles at the ICS Village to support the SeaTF activity. This \"lunchtime tutorial\" will discuss the Modbus TCP protocol, which is employed in the Grace Ballast console. Modbus is the de facto industry standard for the interconnection of ICS and OT systems. This mini-tutorial will address the protocol history, architecture, frame format, and operation.\n\n\n","title":"Understanding Modbus TCP and the GRACE Console [[Maritime]]","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#81f8bf","name":"ICS Village","id":45369},"android_description":"Fathom5 will be hosting a number of Grace Maritime Cyber Testbed consoles at the ICS Village to support the SeaTF activity. This \"lunchtime tutorial\" will discuss the Modbus TCP protocol, which is employed in the Grace Ballast console. Modbus is the de facto industry standard for the interconnection of ICS and OT systems. This mini-tutorial will address the protocol history, architecture, frame format, and operation.","end_timestamp":{"seconds":1660334400,"nanoseconds":0},"updated_timestamp":{"seconds":1659472920,"nanoseconds":0},"speakers":[{"content_ids":[49336,49352],"conference_id":65,"event_ids":[49436,49452],"name":"Dave Burke","affiliations":[{"organization":"Fathom5","title":"Chief Engineer"}],"links":[],"pronouns":null,"media":[],"id":48752,"title":"Chief Engineer at Fathom5"}],"timeband_id":891,"links":[],"end":"2022-08-12T20:00:00.000-0000","id":49436,"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"village_id":15,"tag_ids":[40258,45340,45369,45375,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48752}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village)","hotel":"","short_name":"314 - 319 (ICS Village)","id":45430},"spans_timebands":"N","begin":"2022-08-12T19:00:00.000-0000","updated":"2022-08-02T20:42:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"I demonstrate how to defeat a biometric padlock via USB with a laptop, or with your bare hands, or maybe even with a Defcon badge.\r\n\r\nWhile flipping through products a biometric lock caught my attention. It mentioned a back-up “Morse code” feature for unlocking it -- a series of 6 short or long presses, suggesting there were only 64 possible keys. Surely it couldn’t be that easy... But wait, there's more! It had another backup unlock feature: a USB port and an app that can unlock it with a PIN, with a default PIN set for bonus stupidity. I had a feeling this was just the tip of the terrible-security-iceberg.\r\n\r\nI will demonstrate how to defeat this lock with some simple tools, with just your bare hands, and with a USB attack.\r\n\n\n\n","title":"The least secure biometric lock on Earth?","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#856899","name":"Lock Pick Village","id":45362},"android_description":"I demonstrate how to defeat a biometric padlock via USB with a laptop, or with your bare hands, or maybe even with a Defcon badge.\r\n\r\nWhile flipping through products a biometric lock caught my attention. It mentioned a back-up “Morse code” feature for unlocking it -- a series of 6 short or long presses, suggesting there were only 64 possible keys. Surely it couldn’t be that easy... But wait, there's more! It had another backup unlock feature: a USB port and an app that can unlock it with a PIN, with a default PIN set for bonus stupidity. I had a feeling this was just the tip of the terrible-security-iceberg.\r\n\r\nI will demonstrate how to defeat this lock with some simple tools, with just your bare hands, and with a USB attack.","end_timestamp":{"seconds":1660332600,"nanoseconds":0},"updated_timestamp":{"seconds":1659420180,"nanoseconds":0},"speakers":[{"content_ids":[49273,49401],"conference_id":65,"event_ids":[49353,49548],"name":"Seth Kintigh","affiliations":[],"links":[{"description":"","title":"GitHub","sort_order":0,"url":"https://github.com/skintigh"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Seth_Kintigh"}],"pronouns":null,"media":[],"id":48699}],"timeband_id":891,"links":[],"end":"2022-08-12T19:30:00.000-0000","id":49353,"village_id":17,"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"tag_ids":[40259,45340,45362,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48699}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 203-204, 235 (Lock Pick Village)","hotel":"","short_name":"203-204, 235 (Lock Pick Village)","id":45399},"spans_timebands":"N","updated":"2022-08-02T06:03:00.000-0000","begin":"2022-08-12T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Engineers at the Aerospace Corporation are hosting a CTF using the PiSat platform (check out the PiSat Workshop also in the Aerospace Village). Teams will command a PiSat via a COSMOS web GUI and complete challenges, which will be announced during the event. The CTF will primarily use crosslinks between PiSats to complete tasks including attacking other PiSats. Rounds will last ten minutes each, but teams can stay for up to one hour.\r\n\r\nRequired gear: bring a laptop (with an ethernet port!) to compete in the contest.\r\n\r\nSignups: Sign-ups for the event will be in person each morning from 10am – 12pm and will be first come, first served.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#f5eab2","updated_at":"2024-06-07T03:39+0000","name":"Aerospace Village","id":45357},"title":"Hack-A-Sat Aerospace PiSat Challenge","android_description":"Engineers at the Aerospace Corporation are hosting a CTF using the PiSat platform (check out the PiSat Workshop also in the Aerospace Village). Teams will command a PiSat via a COSMOS web GUI and complete challenges, which will be announced during the event. The CTF will primarily use crosslinks between PiSats to complete tasks including attacking other PiSats. Rounds will last ten minutes each, but teams can stay for up to one hour.\r\n\r\nRequired gear: bring a laptop (with an ethernet port!) to compete in the contest.\r\n\r\nSignups: Sign-ups for the event will be in person each morning from 10am – 12pm and will be first come, first served.","end_timestamp":{"seconds":1660348800,"nanoseconds":0},"updated_timestamp":{"seconds":1659379380,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T00:00:00.000-0000","id":49291,"village_id":2,"tag_ids":[40247,45357,45358,45450],"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"includes":"","people":[],"tags":"CTF","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"updated":"2022-08-01T18:43:00.000-0000","begin":"2022-08-12T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Ensuring passengers are safe while flying goes well beyond the cybersecurity of just an aircraft. Join this fireside chat with Deneen DeFiore, the Chief Information Security Officer for United Airlines, to learn how she is building an enterprise security program that leverages smart, experienced hackers. Deneen will share her background in infosec along with her approach to engaging security expertise to maintain the trust her customers have in her airline’s safe and secure operations.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#f5eab2","name":"Aerospace Village","id":45357},"title":"Hackers Help Make My Airline Secure","android_description":"Ensuring passengers are safe while flying goes well beyond the cybersecurity of just an aircraft. Join this fireside chat with Deneen DeFiore, the Chief Information Security Officer for United Airlines, to learn how she is building an enterprise security program that leverages smart, experienced hackers. Deneen will share her background in infosec along with her approach to engaging security expertise to maintain the trust her customers have in her airline’s safe and secure operations.","end_timestamp":{"seconds":1660333800,"nanoseconds":0},"updated_timestamp":{"seconds":1659377700,"nanoseconds":0},"speakers":[{"content_ids":[49226],"conference_id":65,"event_ids":[49269],"name":"Deneen Defiore","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48675}],"timeband_id":891,"links":[],"end":"2022-08-12T19:50:00.000-0000","id":49269,"village_id":2,"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"tag_ids":[40247,45340,45357,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48675}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","updated":"2022-08-01T18:15:00.000-0000","begin":"2022-08-12T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"No Starch Press - Book Signing - Jasper van Woudenberg, Hardware Hacking Handbook","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#a68c60","name":"Vendor Event","id":45354},"end_timestamp":{"seconds":1660330800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659306360,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-12T19:00:00.000-0000","id":49247,"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"tag_ids":[45354,45373,45450],"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 130-132, 134 (Vendors)","hotel":"","short_name":"130-132, 134 (Vendors)","id":45448},"spans_timebands":"N","begin":"2022-08-12T19:00:00.000-0000","updated":"2022-07-31T22:26:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"\"The Man\" in the Middle","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#8dc784","name":"BIC Village","id":45353},"end_timestamp":{"seconds":1660332600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659305220,"nanoseconds":0},"speakers":[{"content_ids":[49197],"conference_id":65,"event_ids":[49238],"name":"Alexis Hancock ","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48652}],"timeband_id":891,"links":[],"end":"2022-08-12T19:30:00.000-0000","id":49238,"tag_ids":[40249,45348,45353,45374],"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"village_id":6,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48652}],"tags":"Pre-Recorded Content","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - BIC Village","hotel":"","short_name":"BIC Village","id":45488},"spans_timebands":"N","begin":"2022-08-12T19:00:00.000-0000","updated":"2022-07-31T22:07:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Millions of video doorbells have been installed outside of U.S. homes. They’re so ubiquitous that you might expect to be captured on other people’s video feeds every time you walk or drive down the street. What you might not be aware of is that video doorbells can record audio, too. Conversations you have in your own home or when walking by a neighbor’s house may be sitting on Amazon’s servers. You might be recording audio from unsuspecting passersby, too. In this talk, we’ll discuss new Consumer Reports research—both in our lab and outside of our smart home reporter’s home—on audio capture distance. We’ll delve into potential risks and privacy concerns. And we’ll discuss what video doorbell owners can do (short of getting rid of the devices altogether).\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ff88ea","name":"Crypto & Privacy Village","id":45347},"title":"PSA: Doorbell Cameras Have Mics, Too","end_timestamp":{"seconds":1660332600,"nanoseconds":0},"android_description":"Millions of video doorbells have been installed outside of U.S. homes. They’re so ubiquitous that you might expect to be captured on other people’s video feeds every time you walk or drive down the street. What you might not be aware of is that video doorbells can record audio, too. Conversations you have in your own home or when walking by a neighbor’s house may be sitting on Amazon’s servers. You might be recording audio from unsuspecting passersby, too. In this talk, we’ll discuss new Consumer Reports research—both in our lab and outside of our smart home reporter’s home—on audio capture distance. We’ll delve into potential risks and privacy concerns. And we’ll discuss what video doorbell owners can do (short of getting rid of the devices altogether).","updated_timestamp":{"seconds":1659213480,"nanoseconds":0},"speakers":[{"content_ids":[49141],"conference_id":65,"event_ids":[49177],"name":"Matthew Guariglia","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48602},{"content_ids":[49141],"conference_id":65,"event_ids":[49177],"name":"Yael Grauer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48617}],"timeband_id":891,"links":[],"end":"2022-08-12T19:30:00.000-0000","id":49177,"village_id":10,"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"tag_ids":[40253,45347,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48602},{"tag_id":565,"sort_order":1,"person_id":48617}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"spans_timebands":"N","updated":"2022-07-30T20:38:00.000-0000","begin":"2022-08-12T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Commissioner Sonderling will provide an overview of the ways that AI is already being used to make employment decisions, the legal framework governing AI in the U.S., important ways that U.S. civil rights laws protect employees from discrimination by algorithms, and the status of regulatory efforts at the federal, state, local and global levels. He will also discuss his thoughts on ways our society can achieve the benefits of AI while respecting the rights of workers. \n\n\n","title":"AI Village Keynote","type":{"conference_id":65,"conference":"DEFCON30","color":"#7692ac","updated_at":"2024-06-07T03:39+0000","name":"AI Village","id":45330},"android_description":"Commissioner Sonderling will provide an overview of the ways that AI is already being used to make employment decisions, the legal framework governing AI in the U.S., important ways that U.S. civil rights laws protect employees from discrimination by algorithms, and the status of regulatory efforts at the federal, state, local and global levels. He will also discuss his thoughts on ways our society can achieve the benefits of AI while respecting the rights of workers.","end_timestamp":{"seconds":1660333800,"nanoseconds":0},"updated_timestamp":{"seconds":1660317720,"nanoseconds":0},"speakers":[{"content_ids":[49033],"conference_id":65,"event_ids":[49036],"name":"Keith E. Sonderling ","affiliations":[],"pronouns":null,"links":[{"description":"","title":"EEOC Profile","sort_order":0,"url":"https://www.eeoc.gov/keith-e-sonderling-commissioner"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/KSonderlingEEOC"}],"media":[],"id":48468}],"timeband_id":891,"links":[],"end":"2022-08-12T19:50:00.000-0000","id":49036,"tag_ids":[40248,45330,45450],"village_id":3,"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48468}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (AI Village)","hotel":"","short_name":"220->236 (AI Village)","id":45410},"spans_timebands":"N","updated":"2022-08-12T15:22:00.000-0000","begin":"2022-08-12T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#a67a60","updated_at":"2024-06-07T03:39+0000","name":"Biohacking Village","id":45329},"title":"Gird your loins: premise and perils of biomanufacturing","android_description":"","end_timestamp":{"seconds":1660332600,"nanoseconds":0},"updated_timestamp":{"seconds":1659107940,"nanoseconds":0},"speakers":[{"content_ids":[49012],"conference_id":65,"event_ids":[49015],"name":"Nathan Case","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/nathancase/"}],"pronouns":null,"media":[],"id":48454}],"timeband_id":891,"links":[],"end":"2022-08-12T19:30:00.000-0000","id":49015,"village_id":5,"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"tag_ids":[40277,45329,45373,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48454}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Laughlin I,II,III (Biohacking Village)","hotel":"","short_name":"Laughlin I,II,III (Biohacking Village)","id":45405},"spans_timebands":"N","updated":"2022-07-29T15:19:00.000-0000","begin":"2022-08-12T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"What a year for hacker law! 2021-2022 saw major changes to laws that regulate hacking, such as the notorious CFAA, the grotesque DMCA Sec. 1201, and China's grisly \"Management of Security Vulnerabilities\" regulation. This presentation will walk through each of these developments and detail their implications for security researchers. We'll give background on how these laws have recently changed, identify areas of continued risk for hackers, and suggest concrete ways for the security community to make additional progress in shaping a favorable legal environment. An extended roundtable discussion will follow the presentation.\n\n\n","title":"Hacking law is for hackers - how recent changes to CFAA, DMCA, and global policies affect security research","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ab59db","name":"Policy@DEF CON Content","id":45311},"android_description":"What a year for hacker law! 2021-2022 saw major changes to laws that regulate hacking, such as the notorious CFAA, the grotesque DMCA Sec. 1201, and China's grisly \"Management of Security Vulnerabilities\" regulation. This presentation will walk through each of these developments and detail their implications for security researchers. We'll give background on how these laws have recently changed, identify areas of continued risk for hackers, and suggest concrete ways for the security community to make additional progress in shaping a favorable legal environment. An extended roundtable discussion will follow the presentation.","end_timestamp":{"seconds":1660337100,"nanoseconds":0},"updated_timestamp":{"seconds":1659581700,"nanoseconds":0},"speakers":[{"content_ids":[48872],"conference_id":65,"event_ids":[48884],"name":"Harley Geiger","affiliations":[{"organization":"Rapid7","title":"Senior Director for Public Policy"}],"links":[],"pronouns":null,"media":[],"id":48286,"title":"Senior Director for Public Policy at Rapid7"},{"content_ids":[48872,49405],"conference_id":65,"event_ids":[48884,49563],"name":"Leonard Bailey","affiliations":[{"organization":"Department of Justice","title":"Head of the Cybersecurity Unit and Special Counsel for National Security in the Criminal Division’s Computer Crime and Intellectual Property Section"}],"links":[],"pronouns":null,"media":[],"id":48287,"title":"Head of the Cybersecurity Unit and Special Counsel for National Security in the Criminal Division’s Computer Crime and Intellectual Property Section at Department of Justice"}],"timeband_id":891,"end":"2022-08-12T20:45:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/242801"}],"id":48884,"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"village_id":23,"tag_ids":[40265,45311,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48286},{"tag_id":565,"sort_order":1,"person_id":48287}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45406,"name":"Caesars Forum - Summit 226-227 - Policy Roundtable","hotel":"","short_name":"226-227 - Policy Roundtable","id":45465},"spans_timebands":"N","updated":"2022-08-04T02:55:00.000-0000","begin":"2022-08-12T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Microsoft Azure cloud has become the second-largest vendor by market share in the cloud infrastructure providers (as per multiple reports), just behind AWS. There are numerous tools and vulnerable applications available for AWS for the security professional to perform attack/defense practices, but it is not the case with Azure. There are far fewer options available to the community. AzureGoat is our attempt to shorten this gap by providing a ready-to-deploy vulnerable setup (vulnerable application + misconfigured Azure components + multiple attack paths) that can be used to learn/teach/practice Azure cloud environment pentesting.\n\nAudience: Cloud, Ofference, Defense\n\n\n","title":"AzureGoat: Damn Vulnerable Azure Infrastructure","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#b3b0b6","name":"Demo Lab","id":45292},"end_timestamp":{"seconds":1660337700,"nanoseconds":0},"android_description":"Microsoft Azure cloud has become the second-largest vendor by market share in the cloud infrastructure providers (as per multiple reports), just behind AWS. There are numerous tools and vulnerable applications available for AWS for the security professional to perform attack/defense practices, but it is not the case with Azure. There are far fewer options available to the community. AzureGoat is our attempt to shorten this gap by providing a ready-to-deploy vulnerable setup (vulnerable application + misconfigured Azure components + multiple attack paths) that can be used to learn/teach/practice Azure cloud environment pentesting.\n\nAudience: Cloud, Ofference, Defense","updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48727],"conference_id":65,"event_ids":[48757],"name":"Rachna Umraniya","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48024},{"content_ids":[48727,49115],"conference_id":65,"event_ids":[48757,49163],"name":"Nishant Sharma","affiliations":[{"organization":"","title":"Security Research Manager"}],"links":[],"pronouns":null,"media":[],"id":48045,"title":"Security Research Manager"}],"timeband_id":891,"links":[],"end":"2022-08-12T20:55:00.000-0000","id":48757,"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"village_id":null,"tag_ids":[45292,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48045},{"tag_id":565,"sort_order":1,"person_id":48024}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Committee Boardroom (Demo Labs)","hotel":"","short_name":"Committee Boardroom (Demo Labs)","id":45444},"begin":"2022-08-12T19:00:00.000-0000","updated":"2022-07-27T05:31:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Mercury is an open source package for network metadata extraction and analysis. It reports session metadata including fingerprint strings for TLS, QUIC, HTTP, DNS, and many other protocols. Mercury can output JSON or PCAP. Designed for large scale use, it can process packets in real time at 40Gbps on server-class commodity hardware, using Linux native zero-copy high performance networking. The Mercury package includes tools for analyzing PKIX/X.509 certificates and finding weak keys, and for analyzing fingerprints with destination context using a naive Bayes classifier.\n\nAudience: Network defense, incident response, forensics, security and privacy research\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#b3b0b6","name":"Demo Lab","id":45292},"title":"Mercury","end_timestamp":{"seconds":1660337700,"nanoseconds":0},"android_description":"Mercury is an open source package for network metadata extraction and analysis. It reports session metadata including fingerprint strings for TLS, QUIC, HTTP, DNS, and many other protocols. Mercury can output JSON or PCAP. Designed for large scale use, it can process packets in real time at 40Gbps on server-class commodity hardware, using Linux native zero-copy high performance networking. The Mercury package includes tools for analyzing PKIX/X.509 certificates and finding weak keys, and for analyzing fingerprints with destination context using a naive Bayes classifier.\n\nAudience: Network defense, incident response, forensics, security and privacy research","updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48740],"conference_id":65,"event_ids":[48751],"name":"David McGrew","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48025},{"content_ids":[48740],"conference_id":65,"event_ids":[48751],"name":"Brandon Enright","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48058}],"timeband_id":891,"links":[],"end":"2022-08-12T20:55:00.000-0000","id":48751,"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"village_id":null,"tag_ids":[45292,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48058},{"tag_id":565,"sort_order":1,"person_id":48025}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Society Boardroom (Demo Labs)","hotel":"","short_name":"Society Boardroom (Demo Labs)","id":45393},"spans_timebands":"N","updated":"2022-07-27T05:31:00.000-0000","begin":"2022-08-12T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Penetration testing of current embedded devices is quite complex as we have to deal with different architectures, optimized operating systems and special protocols. EMBA is an open-source firmware analyzer with the goal to simplify, optimize and automate the complex task of firmware security analysis. \n\nAudience: Offense (penetration testers) and defense (security team and developers).\n\n\n","title":"EMBA - Open-Source Firmware Security Testing","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#b3b0b6","name":"Demo Lab","id":45292},"end_timestamp":{"seconds":1660337700,"nanoseconds":0},"android_description":"Penetration testing of current embedded devices is quite complex as we have to deal with different architectures, optimized operating systems and special protocols. EMBA is an open-source firmware analyzer with the goal to simplify, optimize and automate the complex task of firmware security analysis. \n\nAudience: Offense (penetration testers) and defense (security team and developers).","updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48722],"conference_id":65,"event_ids":[48746],"name":"Michael Messner","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48026},{"content_ids":[48722],"conference_id":65,"event_ids":[48746],"name":"Pascal Eckmann","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48043}],"timeband_id":891,"links":[],"end":"2022-08-12T20:55:00.000-0000","id":48746,"village_id":null,"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"tag_ids":[45292,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48026},{"tag_id":565,"sort_order":1,"person_id":48043}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Council Boardroom (Demo Labs)","hotel":"","short_name":"Council Boardroom (Demo Labs)","id":45443},"spans_timebands":"N","updated":"2022-07-27T05:31:00.000-0000","begin":"2022-08-12T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Packet Sender is a free open-source (GPLv2) cross-platform (Windows, Mac, Linux) tool used daily by security researchers, college students, and professional developers to troubleshoot and reverse engineer network-based devices. Its core features are crafting and listening for UDP, TCP, and SSL/TLS packets via IPv4 or IPv6. It can listen simultaneously on any number of ports while sending to any UDP, TCP, SSL/TLS packet server. It is available for direct download or through the Winget, Homebrew, Debian, or Snap repos.\n\nAudience: Offensive, Defensive, Developers, Testers\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#b3b0b6","name":"Demo Lab","id":45292},"title":"Packet Sender","android_description":"Packet Sender is a free open-source (GPLv2) cross-platform (Windows, Mac, Linux) tool used daily by security researchers, college students, and professional developers to troubleshoot and reverse engineer network-based devices. Its core features are crafting and listening for UDP, TCP, and SSL/TLS packets via IPv4 or IPv6. It can listen simultaneously on any number of ports while sending to any UDP, TCP, SSL/TLS packet server. It is available for direct download or through the Winget, Homebrew, Debian, or Snap repos.\n\nAudience: Offensive, Defensive, Developers, Testers","end_timestamp":{"seconds":1660337700,"nanoseconds":0},"updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48729],"conference_id":65,"event_ids":[48739],"name":"Dan Nagle","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48033}],"timeband_id":891,"links":[],"end":"2022-08-12T20:55:00.000-0000","id":48739,"village_id":null,"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"tag_ids":[45292,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48033}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Accord Boardroom (Demo Labs)","hotel":"","short_name":"Accord Boardroom (Demo Labs)","id":45395},"spans_timebands":"N","updated":"2022-07-27T05:31:00.000-0000","begin":"2022-08-12T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Wakanda Land is a Cyber Range deployment tool that uses terraform for automating the process of deploying an Adversarial Simulation lab infrastructure for practicing various offensive attacks. This project inherits from other people's work in the Cybersecurity Community, to which I have added some additional sprinkles to their work from my other research. The tool deploys the following for the lab infrastructure (of course, more assets can be added): -Two Subnets -Guacamole Server --This provides dashboard access to --Kali GUI and Windows RDP instances The Kali GUI, Windows RDP and the user accounts used to log into these instances are already backed into the deployment process --To log into the Guacamole dashboard with the guacadmin account, you need to SSH into the Guacamole server using the public IP address (which is displayed after the deployment is complete) and then change into the guacamole directory and then type cat .env for the password (the guacadmin password is randomly generated and saved as an environment variable) -Windows Domain Controller for the Child Domain (first.local) -Windows Domain Controller for the Parent Domain (second.local) -Windows Server in the Child Domain -Windows 10 workstation in the Child Domain -Kali Machine - a directory called toolz is created on this box and Covenant C2 is downloaded into that folder, so its just a matter of running Covenant once you are authenticated into Kali -Debian Server serving as Web Server 1 - OWASP's Juice Shop deployed via Docker -Debian Server serving as Web Server 2 - Vulnerable web apps\n\nAudience: Offensive - Defensive - Any Cybersecurity enthusiasts\n\n\n","title":"Wakanda Land","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#b3b0b6","name":"Demo Lab","id":45292},"android_description":"Wakanda Land is a Cyber Range deployment tool that uses terraform for automating the process of deploying an Adversarial Simulation lab infrastructure for practicing various offensive attacks. This project inherits from other people's work in the Cybersecurity Community, to which I have added some additional sprinkles to their work from my other research. The tool deploys the following for the lab infrastructure (of course, more assets can be added): -Two Subnets -Guacamole Server --This provides dashboard access to --Kali GUI and Windows RDP instances The Kali GUI, Windows RDP and the user accounts used to log into these instances are already backed into the deployment process --To log into the Guacamole dashboard with the guacadmin account, you need to SSH into the Guacamole server using the public IP address (which is displayed after the deployment is complete) and then change into the guacamole directory and then type cat .env for the password (the guacadmin password is randomly generated and saved as an environment variable) -Windows Domain Controller for the Child Domain (first.local) -Windows Domain Controller for the Parent Domain (second.local) -Windows Server in the Child Domain -Windows 10 workstation in the Child Domain -Kali Machine - a directory called toolz is created on this box and Covenant C2 is downloaded into that folder, so its just a matter of running Covenant once you are authenticated into Kali -Debian Server serving as Web Server 1 - OWASP's Juice Shop deployed via Docker -Debian Server serving as Web Server 2 - Vulnerable web apps\n\nAudience: Offensive - Defensive - Any Cybersecurity enthusiasts","end_timestamp":{"seconds":1660337700,"nanoseconds":0},"updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48731],"conference_id":65,"event_ids":[48731],"name":"Stephen Kofi Asamoah","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48049}],"timeband_id":891,"links":[],"end":"2022-08-12T20:55:00.000-0000","id":48731,"village_id":null,"tag_ids":[45292,45373,45450],"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48049}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Caucus Boardroom (Demo Labs)","hotel":"","short_name":"Caucus Boardroom (Demo Labs)","id":45442},"begin":"2022-08-12T19:00:00.000-0000","updated":"2022-07-27T05:31:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun.\r\n\r\nPlease note: the Caesars Forum Unity Ballroom is at the \"front\" of Caesars Forum, beside Demo Labs, across from room 216 (the Contest-CTF area).\n\n\n","title":"Friends of Bill W","type":{"conference_id":65,"conference":"DEFCON30","color":"#d1c366","updated_at":"2024-06-07T03:39+0000","name":"Meetup","id":45288},"android_description":"For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun.\r\n\r\nPlease note: the Caesars Forum Unity Ballroom is at the \"front\" of Caesars Forum, beside Demo Labs, across from room 216 (the Contest-CTF area).","end_timestamp":{"seconds":1660330800,"nanoseconds":0},"updated_timestamp":{"seconds":1659541740,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-12T19:00:00.000-0000","id":48708,"village_id":null,"tag_ids":[45288,45373,45450],"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Unity Boardroom","hotel":"","short_name":"Unity Boardroom","id":45394},"updated":"2022-08-03T15:49:00.000-0000","begin":"2022-08-12T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Introduced in 2012, Secure Boot - the OG trust in boot - has become a foundational rock in modern computing and is used by millions of UEFI-enabled computers around the world due to its integration in their BIOS. \nThe way Secure Boot works is simple and effective, by using tightly controlled code signing certificates, OEMs like Microsoft, Lenovo, Dell and others secure their boot process, blocking unsigned code from running during boot. \nBut this model puts its trust in developers developing code without vulnerabilities or backdoors; in this presentation we will discuss past and current flaws in valid bootloaders, including some which misuse built-in features to inadvertently bypass Secure Boot. We will also discuss how in some cases malicious executables can hide from TPM measurements used by BitLocker and remote attestation mechanisms. \nCome join us as we dive deeper and explain how it all works, describe the vulnerabilities we found and walk you through how to use the new exploits and custom tools we created to allow for a consistent bypass for secure boot effective against every X86-64 UEFI platform.\n\n\n","title":"One Bootloader to Load Them All","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"android_description":"Introduced in 2012, Secure Boot - the OG trust in boot - has become a foundational rock in modern computing and is used by millions of UEFI-enabled computers around the world due to its integration in their BIOS. \nThe way Secure Boot works is simple and effective, by using tightly controlled code signing certificates, OEMs like Microsoft, Lenovo, Dell and others secure their boot process, blocking unsigned code from running during boot. \nBut this model puts its trust in developers developing code without vulnerabilities or backdoors; in this presentation we will discuss past and current flaws in valid bootloaders, including some which misuse built-in features to inadvertently bypass Secure Boot. We will also discuss how in some cases malicious executables can hide from TPM measurements used by BitLocker and remote attestation mechanisms. \nCome join us as we dive deeper and explain how it all works, describe the vulnerabilities we found and walk you through how to use the new exploits and custom tools we created to allow for a consistent bypass for secure boot effective against every X86-64 UEFI platform.","end_timestamp":{"seconds":1660333500,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48512],"conference_id":65,"event_ids":[48574],"name":"Mickey Shkatov","affiliations":[{"organization":"","title":"Hacker"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/HackingThings"}],"pronouns":null,"media":[],"id":47860,"title":"Hacker"},{"content_ids":[48512],"conference_id":65,"event_ids":[48574],"name":"Jesse Michael","affiliations":[{"organization":"","title":"Hacker"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/JesseMichael"}],"media":[],"id":47932,"title":"Hacker"}],"timeband_id":891,"end":"2022-08-12T19:45:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241827"}],"id":48574,"village_id":null,"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"tag_ids":[45241,45279,45280,45281,45375,45450],"includes":"Exploit, Demo, Tool","people":[{"tag_id":565,"sort_order":1,"person_id":47932},{"tag_id":565,"sort_order":1,"person_id":47860}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"spans_timebands":"N","updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-12T19:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Tired of encoding strings or recompiling to break signatures? Wish you could keep PE-sieve from ripping your malware out of memory? Interested in learning how to do all of this with your existing COTS or private toolsets?\n\nFor years, reverse engineers and endpoint security software have used memory scanning to locate shellcode and malware implants in Windows memory. These tools rely on IoCs such as signatures and unbacked executable memory. This talk will dive into the various methods in which memory scanners search for these indicators and demonstrate a stable evasion technique for each method. A new position-independent reflective DLL loader, AceLdr, will be released alongside the presentation and features the demonstrated techniques to evade all of the previously described memory scanners. The presenter and their colleagues have used AceLdr on red team operations against mature security programs to avoid detection successfully.\n\nThis talk will focus on the internals of Pe-sieve, MalMemDetect, Moneta, Volatility malfind, and YARA to understand how they find malware in memory and how malware can be modified to fly under their radar consistently.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"title":"Avoiding Memory Scanners: Customizing Malware to Evade YARA, PE-sieve, and More","android_description":"Tired of encoding strings or recompiling to break signatures? Wish you could keep PE-sieve from ripping your malware out of memory? Interested in learning how to do all of this with your existing COTS or private toolsets?\n\nFor years, reverse engineers and endpoint security software have used memory scanning to locate shellcode and malware implants in Windows memory. These tools rely on IoCs such as signatures and unbacked executable memory. This talk will dive into the various methods in which memory scanners search for these indicators and demonstrate a stable evasion technique for each method. A new position-independent reflective DLL loader, AceLdr, will be released alongside the presentation and features the demonstrated techniques to evade all of the previously described memory scanners. The presenter and their colleagues have used AceLdr on red team operations against mature security programs to avoid detection successfully.\n\nThis talk will focus on the internals of Pe-sieve, MalMemDetect, Moneta, Volatility malfind, and YARA to understand how they find malware in memory and how malware can be modified to fly under their radar consistently.","end_timestamp":{"seconds":1660333500,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48511],"conference_id":65,"event_ids":[48553],"name":"Kyle Avery","affiliations":[{"organization":"","title":"Hacker"}],"pronouns":null,"links":[{"description":"","title":"GitHub","sort_order":0,"url":"https://github.com/kyleavery"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/kyleavery_"},{"description":"","title":"Website","sort_order":0,"url":"https://kyleavery.com/"}],"media":[],"id":47878,"title":"Hacker"}],"timeband_id":891,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241824"}],"end":"2022-08-12T19:45:00.000-0000","id":48553,"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"village_id":null,"tag_ids":[45241,45375,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47878}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 401-410, 421 (Track 3)","hotel":"","short_name":"401-410, 421 (Track 3)","id":45374},"begin":"2022-08-12T19:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"This presentation covers the first black-box hardware security evaluation of the SpaceX Starlink User Terminal (UT). The UT uses a custom quad-core Cortex-A53 System-on-Chip that implements verified boot based on the ARM trusted firmware (TF-A) project. The early stage TF-A bootloaders, and in particular the immutable ROM bootloader include custom fault injection countermeasures. Despite the black-box nature of our evaluation we were able to bypass signature verification during execution of the ROM bootloader using voltage fault injection.\n\nUsing a modified second stage bootloader we could extract the ROM bootloader and eFuse memory. Our analysis demonstrates that the fault model used during countermeasure development does not hold in practice. Our voltage fault injection attack was first performed in a laboratory setting and later implemented as a custom printed circuit board or 'modchip'. The presented attack results in an unfixable compromise of the Starlink UT and allows us to execute arbitrary code.\n\nObtaining root access on the Starlink UT is a prerequisite to freely explore the Starlink network and the underlying communication interfaces. \nThis presentation will cover an initial exploration of the Starlink network. Other researchers should be able to build on our work to further explore the Starlink ecosystem.\n\n\n","title":"Glitched on Earth by humans: A Black-Box Security Evaluation of the SpaceX Starlink User Terminal","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"android_description":"This presentation covers the first black-box hardware security evaluation of the SpaceX Starlink User Terminal (UT). The UT uses a custom quad-core Cortex-A53 System-on-Chip that implements verified boot based on the ARM trusted firmware (TF-A) project. The early stage TF-A bootloaders, and in particular the immutable ROM bootloader include custom fault injection countermeasures. Despite the black-box nature of our evaluation we were able to bypass signature verification during execution of the ROM bootloader using voltage fault injection.\n\nUsing a modified second stage bootloader we could extract the ROM bootloader and eFuse memory. Our analysis demonstrates that the fault model used during countermeasure development does not hold in practice. Our voltage fault injection attack was first performed in a laboratory setting and later implemented as a custom printed circuit board or 'modchip'. The presented attack results in an unfixable compromise of the Starlink UT and allows us to execute arbitrary code.\n\nObtaining root access on the Starlink UT is a prerequisite to freely explore the Starlink network and the underlying communication interfaces. \nThis presentation will cover an initial exploration of the Starlink network. Other researchers should be able to build on our work to further explore the Starlink ecosystem.","end_timestamp":{"seconds":1660333500,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48509],"conference_id":65,"event_ids":[48516],"name":"Lennert Wouters","affiliations":[{"organization":"","title":"researcher at imec-COSIC, KU Leuven"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/LennertWo"}],"pronouns":null,"media":[],"id":47931,"title":"researcher at imec-COSIC, KU Leuven"}],"timeband_id":891,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241928"}],"end":"2022-08-12T19:45:00.000-0000","id":48516,"tag_ids":[45241,45279,45280,45375,45450],"village_id":null,"begin_timestamp":{"seconds":1660330800,"nanoseconds":0},"includes":"Demo, Exploit","people":[{"tag_id":565,"sort_order":1,"person_id":47931}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 104-105, 135-136 (Track 1)","hotel":"","short_name":"104-105, 135-136 (Track 1)","id":45372},"spans_timebands":"N","begin":"2022-08-12T19:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"My presentation will cover malicious memory techniques which will focus on the Windows operating system. These will span from relatively simple in-line hooking techniques used to jump to malicious code or circumvent legitimate code execution, all the way to manipulation of exception handling mechanisms. The talk will also cover information on problematic situations which occur when designing detection mechanisms for such activities in the real world where cost-balancing is required for resource management. \r\n\r\nI will explain in-line hooking, Kernel patching (InfinityHook, Ghost_in_the_logs), Heaven-Gate hooking and Vectored Exception Handler (VEH) manipulation techniques (FireWalker) and how they can be detected. In-line hooking and Heavens-Gate hooking involves the practice of manipulating the loaded memory of a module within a specific processes memory space. Kernel Patching involves injecting a hook into the Kernel memory space in order to provide a low level, high priority bypassing technique for malicious programs to circumvent ETW log publication via vulnerable kernel driver installation. VEH manipulation is the use of the high priority frameless exception mechanism in order to circumvent memory integrity checks, manipulate flow control and even run malicious shellcode. Detection for all these techniques will involve advancing from the explanation of its execution to the telemetry sources that can be leveraged for detection purposes. In all cases this involves the examination of volatile memory, however as each technique targets a different native functionality, the mechanisms required to analyze the memory differ greatly. The deviations can be relatively simple, but in some cases an understanding of undocumented mechanisms and structures is required to affect detection capability \r\n\r\nExamination of un-tabled module function modifications will also provide insight into some of the difficulties involved in this detection development work. This section will provide the audience with a low level technical understanding of how these techniques are targeted, developed and used by malicious actors and some possible solutions for detection, with an explanation of the inherent caveats in such solutions (primarily around resource availability or accuracy trade-offs). \r\n\r\nA full explanation on devised detection methodology and collectable telemetry will be provided for each malicious technique. This will cover the overall detection capabilities as well as exploring the low level mechanisms used to collect this data from the monitored system such as OP code heuristics and memory location attribution crossing CPU mode boundaries. Included in this explanation will be an explanation on issues encountered with collection, typically related to OS architecture choices, and how these can also be circumvented to enable effective monitoring. \r\n\r\nAudience members should leave my presentation having a firm grasp on the fundamentals of all the techniques outlined and why attackers may choose to employ them in different scenarios. Along with a functional understanding of the malicious technique, the audience members will also be supplied with a working understanding of detection options for these techniques and clear examples of how monitoring can be deployed and integrated into their solutions.\n\n\nMalicious actors are always trying to find new ways to avoid detection by evermore vigilant EDR systems and deploy their payloads. Over the years, the scope of techniques used has branched from relatively simplistic hash comparison and sandbox avoidance to low level log dodging and even direct circumvention of EDR telemetry acquisition. By examining some of the techniques used on Windows systems this talk will highlight will highlight the range of capabilities defensive operators are dealing with, how some can be detected and, in rare cases, the performance and false-positive obstacles in designing detection capability.","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#97ab92","name":"Blue Team Village","id":45376},"title":"Malicious memory techniques on Windows and how to spot them","android_description":"My presentation will cover malicious memory techniques which will focus on the Windows operating system. These will span from relatively simple in-line hooking techniques used to jump to malicious code or circumvent legitimate code execution, all the way to manipulation of exception handling mechanisms. The talk will also cover information on problematic situations which occur when designing detection mechanisms for such activities in the real world where cost-balancing is required for resource management. \r\n\r\nI will explain in-line hooking, Kernel patching (InfinityHook, Ghost_in_the_logs), Heaven-Gate hooking and Vectored Exception Handler (VEH) manipulation techniques (FireWalker) and how they can be detected. In-line hooking and Heavens-Gate hooking involves the practice of manipulating the loaded memory of a module within a specific processes memory space. Kernel Patching involves injecting a hook into the Kernel memory space in order to provide a low level, high priority bypassing technique for malicious programs to circumvent ETW log publication via vulnerable kernel driver installation. VEH manipulation is the use of the high priority frameless exception mechanism in order to circumvent memory integrity checks, manipulate flow control and even run malicious shellcode. Detection for all these techniques will involve advancing from the explanation of its execution to the telemetry sources that can be leveraged for detection purposes. In all cases this involves the examination of volatile memory, however as each technique targets a different native functionality, the mechanisms required to analyze the memory differ greatly. The deviations can be relatively simple, but in some cases an understanding of undocumented mechanisms and structures is required to affect detection capability \r\n\r\nExamination of un-tabled module function modifications will also provide insight into some of the difficulties involved in this detection development work. This section will provide the audience with a low level technical understanding of how these techniques are targeted, developed and used by malicious actors and some possible solutions for detection, with an explanation of the inherent caveats in such solutions (primarily around resource availability or accuracy trade-offs). \r\n\r\nA full explanation on devised detection methodology and collectable telemetry will be provided for each malicious technique. This will cover the overall detection capabilities as well as exploring the low level mechanisms used to collect this data from the monitored system such as OP code heuristics and memory location attribution crossing CPU mode boundaries. Included in this explanation will be an explanation on issues encountered with collection, typically related to OS architecture choices, and how these can also be circumvented to enable effective monitoring. \r\n\r\nAudience members should leave my presentation having a firm grasp on the fundamentals of all the techniques outlined and why attackers may choose to employ them in different scenarios. Along with a functional understanding of the malicious technique, the audience members will also be supplied with a working understanding of detection options for these techniques and clear examples of how monitoring can be deployed and integrated into their solutions.\n\n\nMalicious actors are always trying to find new ways to avoid detection by evermore vigilant EDR systems and deploy their payloads. Over the years, the scope of techniques used has branched from relatively simplistic hash comparison and sandbox avoidance to low level log dodging and even direct circumvention of EDR telemetry acquisition. By examining some of the techniques used on Windows systems this talk will highlight will highlight the range of capabilities defensive operators are dealing with, how some can be detected and, in rare cases, the performance and false-positive obstacles in designing detection capability.","end_timestamp":{"seconds":1660333500,"nanoseconds":0},"updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48916],"conference_id":65,"event_ids":[48900],"name":"Connor Morley","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48333}],"timeband_id":891,"links":[],"end":"2022-08-12T19:45:00.000-0000","id":48900,"tag_ids":[40250,45367,45373,45376,45451],"begin_timestamp":{"seconds":1660329900,"nanoseconds":0},"village_id":7,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48333}],"tags":"Panel","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45475,"name":"Virtual - BlueTeam Village - Talks","hotel":"","short_name":"Talks","id":45473},"begin":"2022-08-12T18:45:00.000-0000","updated":"2022-07-28T21:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"What do you get when you combine a curious hacker dad at an 8 year old's birthday party with a couple open wifi networks, and a plain old android smartphone? A innocent digital trespass and spelunk into a network where full blown identity theft is possible by the end. Come hear about a low skill intrusion done with consumer hardware (No root required), apps straight off the shelf of the Google play store, and a burning curiosity and desire to get into places you're not supposed to be. UNPXGURCYNARG!\n\n\n","title":"Android, Birthday Cake, Open Wifi... Oh my!","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#a8c24b","name":"Skytalk","id":45291},"end_timestamp":{"seconds":1660330800,"nanoseconds":0},"android_description":"What do you get when you combine a curious hacker dad at an 8 year old's birthday party with a couple open wifi networks, and a plain old android smartphone? A innocent digital trespass and spelunk into a network where full blown identity theft is possible by the end. Come hear about a low skill intrusion done with consumer hardware (No root required), apps straight off the shelf of the Google play store, and a burning curiosity and desire to get into places you're not supposed to be. UNPXGURCYNARG!","updated_timestamp":{"seconds":1658865120,"nanoseconds":0},"speakers":[{"content_ids":[48702],"conference_id":65,"event_ids":[48710],"name":"A.Krontab","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/akrotos"}],"media":[],"id":47986}],"timeband_id":891,"links":[],"end":"2022-08-12T19:00:00.000-0000","id":48710,"tag_ids":[40272,45291,45340,45373,45453],"begin_timestamp":{"seconds":1660329600,"nanoseconds":0},"village_id":30,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47986}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45438,"name":"LINQ - BLOQ (SkyTalks 303)","hotel":"","short_name":"BLOQ (SkyTalks 303)","id":45413},"spans_timebands":"N","updated":"2022-07-26T19:52:00.000-0000","begin":"2022-08-12T18:40:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"ngrok is a popular developer tool to expose local ports to the internet, which can be helpful when testing applications or private network devices. Despite the large reconnaissance surface for development environments exposed by ngrok, most security research has focused on offensive applications for ngrok, such as (https://www.huntress.com/blog/abusing-ngrok-hackers-at-the-end-of-the-tunnel). Instead, I will focus on two new reconnaissance vectors: 1. ngrok domain squatting; and 2. ngrok tunnel enumeration.\r\n\r\nBy default, ngrok HTTP tunnels exposes HTTP traffic via randomly-generated *.ngrok.io endpoints such as https://5e9c5373ffed.ngrok.io. These subdomains can be harvested from a variety of OSINT sources, such as GitHub repositories, documentation, StackOverflow answers, and “how-to” blogposts. Unfortunately, paid ngrok users can select any *.ngrok.io subdomain for their tunnels, allowing them to squat on these subdomains in wait for unsuspecting users copy-pasting commands that use these hard-coded “random” endpoints. I will show examples of squatting that yielded interesting webhook callbacks and leaked information.\r\n\r\nngrok also allows users to create TCP tunnels which are exposed via ports 10000-20000 on *.tcp.ngrok.io. Due to the ease of enumerating these values as compared to HTTP tunnels, users can easily map out the entire ngrok TCP tunnel space. This unveiled a house of horrors, from Jenkins dashboards to even VNC and MySQL servers that allowed anonymous access! I will share a statistical breakdown of one such mapping that clearly shows that ngrok users may have been far too reliant on security by obscurity.\r\n\r\nI will conclude by sharing some tips on using ngrok safely through built-in authentication options and domain reservation. I will also share real-life examples of ngrok endpoints popping up in production code, further highlighting the potential of ngrok as a reconnaissance source.\n\n\n","title":"(Not-So-Secret) Tunnel: Digging into Exposed ngrok Endpoints","type":{"conference_id":65,"conference":"DEFCON30","color":"#bab7d9","updated_at":"2024-06-07T03:39+0000","name":"Recon Village","id":45384},"end_timestamp":{"seconds":1660330800,"nanoseconds":0},"android_description":"ngrok is a popular developer tool to expose local ports to the internet, which can be helpful when testing applications or private network devices. Despite the large reconnaissance surface for development environments exposed by ngrok, most security research has focused on offensive applications for ngrok, such as (https://www.huntress.com/blog/abusing-ngrok-hackers-at-the-end-of-the-tunnel). Instead, I will focus on two new reconnaissance vectors: 1. ngrok domain squatting; and 2. ngrok tunnel enumeration.\r\n\r\nBy default, ngrok HTTP tunnels exposes HTTP traffic via randomly-generated *.ngrok.io endpoints such as https://5e9c5373ffed.ngrok.io. These subdomains can be harvested from a variety of OSINT sources, such as GitHub repositories, documentation, StackOverflow answers, and “how-to” blogposts. Unfortunately, paid ngrok users can select any *.ngrok.io subdomain for their tunnels, allowing them to squat on these subdomains in wait for unsuspecting users copy-pasting commands that use these hard-coded “random” endpoints. I will show examples of squatting that yielded interesting webhook callbacks and leaked information.\r\n\r\nngrok also allows users to create TCP tunnels which are exposed via ports 10000-20000 on *.tcp.ngrok.io. Due to the ease of enumerating these values as compared to HTTP tunnels, users can easily map out the entire ngrok TCP tunnel space. This unveiled a house of horrors, from Jenkins dashboards to even VNC and MySQL servers that allowed anonymous access! I will share a statistical breakdown of one such mapping that clearly shows that ngrok users may have been far too reliant on security by obscurity.\r\n\r\nI will conclude by sharing some tips on using ngrok safely through built-in authentication options and domain reservation. I will also share real-life examples of ngrok endpoints popping up in production code, further highlighting the potential of ngrok as a reconnaissance source.","updated_timestamp":{"seconds":1659974880,"nanoseconds":0},"speakers":[{"content_ids":[48563,49167,49718],"conference_id":65,"event_ids":[48564,49203,49908],"name":"Eugene Lim","affiliations":[{"organization":"","title":"Cybersecurity Specialist, Government Technology Agency of Singapore"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/spaceraccoonsec"},{"description":"","title":"Website","sort_order":0,"url":"https://spaceraccoon.dev/"}],"pronouns":null,"media":[],"id":47912,"title":"Cybersecurity Specialist, Government Technology Agency of Singapore"}],"timeband_id":891,"links":[],"end":"2022-08-12T19:00:00.000-0000","id":49908,"village_id":26,"tag_ids":[40268,45331,45373,45384,45453],"begin_timestamp":{"seconds":1660329300,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47912}],"tags":"Lightning Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social B and C (Recon Village)","hotel":"","short_name":"Social B and C (Recon Village)","id":45415},"spans_timebands":"N","updated":"2022-08-08T16:08:00.000-0000","begin":"2022-08-12T18:35:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Antennas - What do they do? What are all those weird numbers? What is a dBi? This is a presentation for everyone who has used an antenna, but maybe doesn't quite grasp all the dBi, gain, return loss, frequency, mumbo jumbo. The presentation describes all those numbers and even dips a toe into the more in-depth concepts. Antenna measurements are covered as well, including using inexpensive VNAs to measure antenna performance. Many typical antenna types are also covered.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8826b","name":"Radio Frequency Village","id":45383},"title":"How a weirdly shaped piece of metal pulls cat memes out of thin air","end_timestamp":{"seconds":1660332600,"nanoseconds":0},"android_description":"Antennas - What do they do? What are all those weird numbers? What is a dBi? This is a presentation for everyone who has used an antenna, but maybe doesn't quite grasp all the dBi, gain, return loss, frequency, mumbo jumbo. The presentation describes all those numbers and even dips a toe into the more in-depth concepts. Antenna measurements are covered as well, including using inexpensive VNAs to measure antenna performance. Many typical antenna types are also covered.","updated_timestamp":{"seconds":1659928500,"nanoseconds":0},"speakers":[{"content_ids":[49657],"conference_id":65,"event_ids":[49845],"name":"Tyler","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Chuck1eJ"}],"pronouns":null,"media":[],"id":49034}],"timeband_id":891,"links":[],"end":"2022-08-12T19:30:00.000-0000","id":49845,"begin_timestamp":{"seconds":1660329000,"nanoseconds":0},"tag_ids":[40267,45340,45373,45383,45451],"village_id":25,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49034}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Eldorado Ballroom (Radio Frequency Village)","hotel":"","short_name":"Eldorado Ballroom (Radio Frequency Village)","id":45427},"updated":"2022-08-08T03:15:00.000-0000","begin":"2022-08-12T18:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Naval Fleet: a symphony of specialized assets working together to complete a goal. Fleet doctrine and tactics were upended in the early 1900s when two new classes of ships were introduced: the carrier and the submarine. Looking at the past 20 years of cyber doctrine, new classes of capabilities were introduced: the red team and the hunt team. But unlike modern fleets, cyber teams are not properly incorporating these new assets to great effect, squandering the potential of the capability. The assets are leashed when they should be unleashed. By studying the unique capabilities of ships in a fleet and pairing them with a cyber discipline, we unlock countless real world examples of naval warfare tactics, battles, and strategy that can be applied to cyber and freeing the true potential of each cyber element. Like the critical evolution of the modern fleet from Battleship centric to Carrier centric, modern cyber teams are past due to make the same evolution from SOC centric, to Hunt centric.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#54ab76","updated_at":"2024-06-07T03:39+0000","name":"Adversary Village","id":45377},"title":"'Damn the exploits! Full speed ahead!' How naval fleet tactics redefine cyber operations","end_timestamp":{"seconds":1660331700,"nanoseconds":0},"android_description":"The Naval Fleet: a symphony of specialized assets working together to complete a goal. Fleet doctrine and tactics were upended in the early 1900s when two new classes of ships were introduced: the carrier and the submarine. Looking at the past 20 years of cyber doctrine, new classes of capabilities were introduced: the red team and the hunt team. But unlike modern fleets, cyber teams are not properly incorporating these new assets to great effect, squandering the potential of the capability. The assets are leashed when they should be unleashed. By studying the unique capabilities of ships in a fleet and pairing them with a cyber discipline, we unlock countless real world examples of naval warfare tactics, battles, and strategy that can be applied to cyber and freeing the true potential of each cyber element. Like the critical evolution of the modern fleet from Battleship centric to Carrier centric, modern cyber teams are past due to make the same evolution from SOC centric, to Hunt centric.","updated_timestamp":{"seconds":1659888780,"nanoseconds":0},"speakers":[{"content_ids":[49591],"conference_id":65,"event_ids":[49803],"name":"Christopher Cottrell","affiliations":[{"organization":"Nvidia","title":"Threat Operations Leader"}],"links":[],"pronouns":null,"media":[],"id":48938,"title":"Threat Operations Leader at Nvidia"}],"timeband_id":891,"links":[],"end":"2022-08-12T19:15:00.000-0000","id":49803,"tag_ids":[40246,45340,45373,45377,45451],"village_id":1,"begin_timestamp":{"seconds":1660329000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48938}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"spans_timebands":"N","begin":"2022-08-12T18:30:00.000-0000","updated":"2022-08-07T16:13:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Adversary Wars CTF will have real world simulation CTF scenarios and challenges, where the adversaries can simulate attacks and learn new attack vectors, TTPs, techniques, etc. There would be combined exercises which include different levels of threat/adversary emulation and purple teaming.\n\n\n","title":"Adversary Wars CTF","type":{"conference_id":65,"conference":"DEFCON30","color":"#54ab76","updated_at":"2024-06-07T03:39+0000","name":"Adversary Village","id":45377},"android_description":"Adversary Wars CTF will have real world simulation CTF scenarios and challenges, where the adversaries can simulate attacks and learn new attack vectors, TTPs, techniques, etc. There would be combined exercises which include different levels of threat/adversary emulation and purple teaming.","end_timestamp":{"seconds":1660350600,"nanoseconds":0},"updated_timestamp":{"seconds":1659886920,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T00:30:00.000-0000","id":49782,"begin_timestamp":{"seconds":1660329000,"nanoseconds":0},"village_id":1,"tag_ids":[40246,45358,45373,45377,45451],"includes":"","people":[],"tags":"CTF","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"begin":"2022-08-12T18:30:00.000-0000","updated":"2022-08-07T15:42:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Adversary Simulator booth will have hands-on adversary emulation plans specific to a wide variety of threat-actors - ransomware, these are meant to provide the participant/visitor with a better understanding of the Adversary tactics.\n\n\n","title":"Adversary Booth","type":{"conference_id":65,"conference":"DEFCON30","color":"#54ab76","updated_at":"2024-06-07T03:39+0000","name":"Adversary Village","id":45377},"android_description":"Adversary Simulator booth will have hands-on adversary emulation plans specific to a wide variety of threat-actors - ransomware, these are meant to provide the participant/visitor with a better understanding of the Adversary tactics.","end_timestamp":{"seconds":1660336200,"nanoseconds":0},"updated_timestamp":{"seconds":1659886380,"nanoseconds":0},"speakers":[{"content_ids":[49570],"conference_id":65,"event_ids":[49776,49778,49779,49780,49781],"name":"Michael Kouremetis","affiliations":[{"organization":"MITRE Corporation","title":"Lead Cyber Operations Engineer and Group Lead"}],"links":[],"pronouns":null,"media":[],"id":48920,"title":"Lead Cyber Operations Engineer and Group Lead at MITRE Corporation"},{"content_ids":[49570],"conference_id":65,"event_ids":[49776,49778,49779,49780,49781],"name":"Melanie Chan","affiliations":[{"organization":"MITRE Corporation","title":"Senior Cybersecurity Engineer & Intern Coordinator"}],"links":[],"pronouns":null,"media":[],"id":48921,"title":"Senior Cybersecurity Engineer & Intern Coordinator at MITRE Corporation"},{"content_ids":[49570],"conference_id":65,"event_ids":[49776,49778,49779,49780,49781],"name":"Ethan Michalak","affiliations":[{"organization":"MITRE Corporation","title":"Cyber Security Intern"}],"links":[],"pronouns":null,"media":[],"id":48930,"title":"Cyber Security Intern at MITRE Corporation"},{"content_ids":[49570],"conference_id":65,"event_ids":[49776,49778,49779,49780,49781],"name":"Dean Lawrence","affiliations":[{"organization":"MITRE Corporation","title":"Software Systems Engineer"}],"links":[],"pronouns":null,"media":[],"id":48932,"title":"Software Systems Engineer at MITRE Corporation"},{"content_ids":[49570],"conference_id":65,"event_ids":[49776,49778,49779,49780,49781],"name":"Jay Yee","affiliations":[{"organization":"MITRE Corporation","title":"Senior Cyber Security Engineer, Defensive Cyber Operations"}],"links":[],"pronouns":null,"media":[],"id":48946,"title":"Senior Cyber Security Engineer, Defensive Cyber Operations at MITRE Corporation"}],"timeband_id":891,"links":[],"end":"2022-08-12T20:30:00.000-0000","id":49776,"tag_ids":[40246,45364,45373,45377,45451],"village_id":1,"begin_timestamp":{"seconds":1660329000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48932},{"tag_id":565,"sort_order":1,"person_id":48930},{"tag_id":565,"sort_order":1,"person_id":48946},{"tag_id":565,"sort_order":1,"person_id":48921},{"tag_id":565,"sort_order":1,"person_id":48920}],"tags":"Educational Event","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"begin":"2022-08-12T18:30:00.000-0000","updated":"2022-08-07T15:33:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"There are loads of ways to get through a door without actually attacking the lock itself, including using the egress hardware, access control hardware, and countless other techniques to gain entry. Learn the basics in this talk.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#61ba95","updated_at":"2024-06-07T03:39+0000","name":"Physical Security Village","id":45381},"title":"Bypass 101","android_description":"There are loads of ways to get through a door without actually attacking the lock itself, including using the egress hardware, access control hardware, and countless other techniques to gain entry. Learn the basics in this talk.","end_timestamp":{"seconds":1660330800,"nanoseconds":0},"updated_timestamp":{"seconds":1659624180,"nanoseconds":0},"speakers":[{"content_ids":[49393,49398,49399,49400],"conference_id":65,"event_ids":[49540,49545,49546,49547,49556,49557,49558],"name":"Karen Ng","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/hwenab"}],"media":[],"id":48801}],"timeband_id":891,"links":[],"end":"2022-08-12T19:00:00.000-0000","id":49540,"village_id":22,"begin_timestamp":{"seconds":1660329000,"nanoseconds":0},"tag_ids":[40264,45340,45373,45381,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48801}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 201-202 (Physical Security Village)","hotel":"","short_name":"201-202 (Physical Security Village)","id":45428},"spans_timebands":"N","begin":"2022-08-12T18:30:00.000-0000","updated":"2022-08-04T14:43:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Professional Services team at Dragos performs dozens of network architecture reviews every year, for industrial facilities ranging from tiny municipal water treatment plants to massive global manufacturing conglomerates. We present to you here the crème de la crème: the top misconfigurations, anti-patterns, and poor practices our team repeatedly discovers which jeopardize the security of the underlying OT network. If your organization can implement protections against these findings within your most critical facilities, your network will be significantly less palatable to attackers, and you will be head and shoulders above many of your peers.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#81f8bf","updated_at":"2024-06-07T03:39+0000","name":"ICS Village","id":45369},"title":"CRITICAL FINDING: Lessons Learned from Dozens of Industrial Network Architecture Reviews","android_description":"The Professional Services team at Dragos performs dozens of network architecture reviews every year, for industrial facilities ranging from tiny municipal water treatment plants to massive global manufacturing conglomerates. We present to you here the crème de la crème: the top misconfigurations, anti-patterns, and poor practices our team repeatedly discovers which jeopardize the security of the underlying OT network. If your organization can implement protections against these findings within your most critical facilities, your network will be significantly less palatable to attackers, and you will be head and shoulders above many of your peers.","end_timestamp":{"seconds":1660330800,"nanoseconds":0},"updated_timestamp":{"seconds":1659472860,"nanoseconds":0},"speakers":[{"content_ids":[49335],"conference_id":65,"event_ids":[49435],"name":"Nate Pelz","affiliations":[{"organization":"Dragos","title":"Industrial Incident Responder"}],"links":[],"pronouns":null,"media":[],"id":48765,"title":"Industrial Incident Responder at Dragos"},{"content_ids":[49335],"conference_id":65,"event_ids":[49435],"name":"Miriam Lorbert","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48766}],"timeband_id":891,"links":[],"end":"2022-08-12T19:00:00.000-0000","id":49435,"tag_ids":[40258,45340,45369,45375,45450],"village_id":15,"begin_timestamp":{"seconds":1660329000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48766},{"tag_id":565,"sort_order":1,"person_id":48765}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village)","hotel":"","short_name":"314 - 319 (ICS Village)","id":45430},"updated":"2022-08-02T20:41:00.000-0000","begin":"2022-08-12T18:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Hacking Product Security Interviews\r\nCybersecurity is a complex, multi-faceted field and pursuing a career in it requires the acquisition of a number of different skill sets. Product Security interviews can be particularly challenging due to the expectation that candidates possess both hacking AND software engineering intuition and skills. \r\n\r\nZoox will take a software engineering perspective and unpack this topic in an interactive talk. They focus on big-picture as well as tactical insights that will help you invest your time when preparing for your dream Product Security job. This is an interactive group activity!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d17648","updated_at":"2024-06-07T03:39+0000","name":"IoT Village","id":45356},"title":"Hacking Product Security Interviews","end_timestamp":{"seconds":1660330800,"nanoseconds":0},"android_description":"Hacking Product Security Interviews\r\nCybersecurity is a complex, multi-faceted field and pursuing a career in it requires the acquisition of a number of different skill sets. Product Security interviews can be particularly challenging due to the expectation that candidates possess both hacking AND software engineering intuition and skills. \r\n\r\nZoox will take a software engineering perspective and unpack this topic in an interactive talk. They focus on big-picture as well as tactical insights that will help you invest your time when preparing for your dream Product Security job. This is an interactive group activity!","updated_timestamp":{"seconds":1659392040,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-12T19:00:00.000-0000","id":49328,"begin_timestamp":{"seconds":1660329000,"nanoseconds":0},"tag_ids":[40275,45332,45356,45450],"village_id":16,"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 311, 320 (IoT Village)","hotel":"","short_name":"311, 320 (IoT Village)","id":45424},"spans_timebands":"N","updated":"2022-08-01T22:14:00.000-0000","begin":"2022-08-12T18:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The goal of this demo lab is to teach participants that radio signals can often be received and interpreted by people who aren’t their intended recipients. A secondary objective is to explore the consequences of that in the context of other critical infrastructure and convey why privacy in SATCOMs matters.\n\n\n","title":"DDS Space Signal Lab","type":{"conference_id":65,"conference":"DEFCON30","color":"#f5eab2","updated_at":"2024-06-07T03:39+0000","name":"Aerospace Village","id":45357},"android_description":"The goal of this demo lab is to teach participants that radio signals can often be received and interpreted by people who aren’t their intended recipients. A secondary objective is to explore the consequences of that in the context of other critical infrastructure and convey why privacy in SATCOMs matters.","end_timestamp":{"seconds":1660330500,"nanoseconds":0},"updated_timestamp":{"seconds":1659379320,"nanoseconds":0},"speakers":[{"content_ids":[48518,49225],"conference_id":65,"event_ids":[48517,49268],"name":"James Pavur","affiliations":[{"organization":"","title":"Digital Service Expert, Defense Digital Service"}],"pronouns":null,"links":[{"description":"","title":"GitHub","sort_order":0,"url":"https://github.com/pavja2"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jamespavur"}],"media":[],"id":47827,"title":"Digital Service Expert, Defense Digital Service"}],"timeband_id":891,"links":[],"end":"2022-08-12T18:55:00.000-0000","id":49268,"begin_timestamp":{"seconds":1660329000,"nanoseconds":0},"tag_ids":[40247,45340,45357,45450],"village_id":2,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47827}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"begin":"2022-08-12T18:30:00.000-0000","updated":"2022-08-01T18:42:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Once you acquire an amateur radio license (otherwise known as ham radio), many are left to wonder what to do next. This presentation will cover some of the basic/fundamental topics to know once you get your amateur radio license and how to use it. Hopefully after you leave this presentation your may overcome that “mic fright” many hams get once they get their license, and their hands on a radio.\n\n\n","title":"Your Amateur Radio License and You","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ed8d99","name":"Ham Radio Village","id":45355},"android_description":"Once you acquire an amateur radio license (otherwise known as ham radio), many are left to wonder what to do next. This presentation will cover some of the basic/fundamental topics to know once you get your amateur radio license and how to use it. Hopefully after you leave this presentation your may overcome that “mic fright” many hams get once they get their license, and their hands on a radio.","end_timestamp":{"seconds":1660332600,"nanoseconds":0},"updated_timestamp":{"seconds":1659309000,"nanoseconds":0},"speakers":[{"content_ids":[49212],"conference_id":65,"event_ids":[49253],"name":"Justin/InkRF","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/InkRF"},{"description":"","title":"link","sort_order":0,"url":"https://inkrf.net/"}],"pronouns":null,"media":[],"id":48664}],"timeband_id":891,"links":[],"end":"2022-08-12T19:30:00.000-0000","id":49253,"begin_timestamp":{"seconds":1660329000,"nanoseconds":0},"village_id":13,"tag_ids":[40256,45340,45355,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48664}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City II (Ham Radio Village Activities)","hotel":"","short_name":"Virginia City II (Ham Radio Village Activities)","id":45489},"spans_timebands":"N","begin":"2022-08-12T18:30:00.000-0000","updated":"2022-07-31T23:10:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Recently the Conti ransomware group internal chat leaks was fascinating reading. Among other things, it reminded us that both well-intentioned and malicious actors are constantly trying to find ways to find vulnerabilities and develop exploits to widely used IT products. This is particularly true those that are externally exposed firewalls, VPNs and load balancers, or security products that might thwart their techniques and tools.\r\nThe timeline from the chats seems to show a gap of several months between Conti members trying to procure either appliances or commercial software that they were trying to get for these purposes. This got us thinking about how the major cloud service providers these days have marketplaces where you can easily buy virtual appliances or SaaS licenses for lots of widely used IT and security products with little more than a valid credit card, in minutes. And we decided to check how feasible it is to use this to conduct vulnerability research.\r\nIn this presentation we will show what kind of access one can get to the internals of IT and security products using these marketplaces, particularly in the case of products only typically offered in hardware appliances. Which cloud providers try to prevent this sort of activity, how they do it, which ones simply don't care, and what techniques we were able to use to access these appliance's internals.\r\nThe objective here is threefold: 1) help well intentioned vulnerability researchers find an easier avenue to do their work; 2) allow cloud providers to get a better understanding of how their marketplaces can be abused and which controls they could implement to mitigate that risk, and 3) let IT and security vendors realize the added exposure of publishing their products on these marketplaces.\n\n\n","title":"Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can Help White and Black Hat Vulnerability Research","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#7caa57","name":"Cloud Village","id":45350},"android_description":"Recently the Conti ransomware group internal chat leaks was fascinating reading. Among other things, it reminded us that both well-intentioned and malicious actors are constantly trying to find ways to find vulnerabilities and develop exploits to widely used IT products. This is particularly true those that are externally exposed firewalls, VPNs and load balancers, or security products that might thwart their techniques and tools.\r\nThe timeline from the chats seems to show a gap of several months between Conti members trying to procure either appliances or commercial software that they were trying to get for these purposes. This got us thinking about how the major cloud service providers these days have marketplaces where you can easily buy virtual appliances or SaaS licenses for lots of widely used IT and security products with little more than a valid credit card, in minutes. And we decided to check how feasible it is to use this to conduct vulnerability research.\r\nIn this presentation we will show what kind of access one can get to the internals of IT and security products using these marketplaces, particularly in the case of products only typically offered in hardware appliances. Which cloud providers try to prevent this sort of activity, how they do it, which ones simply don't care, and what techniques we were able to use to access these appliance's internals.\r\nThe objective here is threefold: 1) help well intentioned vulnerability researchers find an easier avenue to do their work; 2) allow cloud providers to get a better understanding of how their marketplaces can be abused and which controls they could implement to mitigate that risk, and 3) let IT and security vendors realize the added exposure of publishing their products on these marketplaces.","end_timestamp":{"seconds":1660330800,"nanoseconds":0},"updated_timestamp":{"seconds":1659283020,"nanoseconds":0},"speakers":[{"content_ids":[49174],"conference_id":65,"event_ids":[49210],"name":"Alexandre Sieira","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/AlexandreSieira"}],"media":[],"id":48627}],"timeband_id":891,"links":[],"end":"2022-08-12T19:00:00.000-0000","id":49210,"tag_ids":[40252,45340,45350,45451],"begin_timestamp":{"seconds":1660329000,"nanoseconds":0},"village_id":9,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48627}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Cloud Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Cloud Village)","id":45431},"spans_timebands":"N","begin":"2022-08-12T18:30:00.000-0000","updated":"2022-07-31T15:57:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Dispelling myths about OPAQUE. What OPAQUE is and more importantly what it is not. The RFC for OPAQUE is not finalized and people are already implementing it and running into its footgun. Are there better and/or faster PAKEs? The types of PAKEs (balanced, augmented, double augmented, and identity) and what they are used for. PAKEs are just AKEs (authenticated key exchanges) with something hidden with a password. The properties of PAKEs: forward secrecy, fragile, quantum annoying, prevent precomputation, secure registration, and number of trips.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#ff88ea","updated_at":"2024-06-07T03:39+0000","name":"Crypto & Privacy Village","id":45347},"title":"OPAQUE is Not Magic","end_timestamp":{"seconds":1660330800,"nanoseconds":0},"android_description":"Dispelling myths about OPAQUE. What OPAQUE is and more importantly what it is not. The RFC for OPAQUE is not finalized and people are already implementing it and running into its footgun. Are there better and/or faster PAKEs? The types of PAKEs (balanced, augmented, double augmented, and identity) and what they are used for. PAKEs are just AKEs (authenticated key exchanges) with something hidden with a password. The properties of PAKEs: forward secrecy, fragile, quantum annoying, prevent precomputation, secure registration, and number of trips.","updated_timestamp":{"seconds":1659213480,"nanoseconds":0},"speakers":[{"content_ids":[49140],"conference_id":65,"event_ids":[49176],"name":"Steve Thomas","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48613}],"timeband_id":891,"links":[],"end":"2022-08-12T19:00:00.000-0000","id":49176,"begin_timestamp":{"seconds":1660329000,"nanoseconds":0},"village_id":10,"tag_ids":[40253,45347,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48613}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"updated":"2022-07-30T20:38:00.000-0000","begin":"2022-08-12T18:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Data deficits and data voids — sometimes referred to as data deserts — describe situations in which the demand for information about an event or issue far exceeds the supply of credible information, resulting in an information landscape that is ripe for exploitation by bad actors. These types of information vacuums are particularly common during times of crisis, such as the coronavirus pandemic, when access to and discoverability of credible information could mean the difference between life and death. In this presentation, we will discuss our research exploring the information environment surrounding COVID-19 vaccination, focusing on how data deficits and voids created an opening for mis- and disinformation to proliferate. We will describe the conditions under which these information vacuums form, as well as the tactics used to exploit them, with a particular emphasis on vulnerabilities in the information environment outside of the U.S. and in non-English language communities. Specifically, we focused on the anti-vaccination narratives in Central Asia. The region provides a distinct avenue to explore data voids and the disinformation landscape given the dearth of English in the media landscape; extensive Russian and Chinese geopolitical, socio-linguistic, and economic influences; and scant mis- and disinformation research or investigative reporting.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d5f67c","name":"Misinformation Village","id":45335},"title":"Dazed and Seriously Confused: Analysis of Data Voids & the Disinformation Landscape of Central Asia","end_timestamp":{"seconds":1660336200,"nanoseconds":0},"android_description":"Data deficits and data voids — sometimes referred to as data deserts — describe situations in which the demand for information about an event or issue far exceeds the supply of credible information, resulting in an information landscape that is ripe for exploitation by bad actors. These types of information vacuums are particularly common during times of crisis, such as the coronavirus pandemic, when access to and discoverability of credible information could mean the difference between life and death. In this presentation, we will discuss our research exploring the information environment surrounding COVID-19 vaccination, focusing on how data deficits and voids created an opening for mis- and disinformation to proliferate. We will describe the conditions under which these information vacuums form, as well as the tactics used to exploit them, with a particular emphasis on vulnerabilities in the information environment outside of the U.S. and in non-English language communities. Specifically, we focused on the anti-vaccination narratives in Central Asia. The region provides a distinct avenue to explore data voids and the disinformation landscape given the dearth of English in the media landscape; extensive Russian and Chinese geopolitical, socio-linguistic, and economic influences; and scant mis- and disinformation research or investigative reporting.","updated_timestamp":{"seconds":1660333980,"nanoseconds":0},"speakers":[{"content_ids":[49057],"conference_id":65,"event_ids":[49060],"name":"Rhyner Washburn","affiliations":[{"organization":"University of Maryland","title":""}],"links":[],"pronouns":null,"media":[],"id":48490,"title":"University of Maryland"}],"timeband_id":891,"links":[],"end":"2022-08-12T20:30:00.000-0000","id":49060,"village_id":18,"tag_ids":[40260,45331,45335,45450],"begin_timestamp":{"seconds":1660329000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48490}],"tags":"Lightning Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (Misinformation Village)","hotel":"","short_name":"220->236 (Misinformation Village)","id":45402},"spans_timebands":"N","updated":"2022-08-12T19:53:00.000-0000","begin":"2022-08-12T18:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Online disinformation is a dynamic and pervasive problem on social networks as evidenced recently by the COVID-19 \"infodemic\". It is unclear how effective countermeasures are in practice due to limited access to platform data. In such cases, simulations are a popular technique to study the long-term effects of disinformation and influence operations. We develop a high-fidelity simulation of disinformation spread via influence operations on a popular social network, Reddit, and their effects on content distribution via ranking and recommendation algorithms. It is a novel application of agent-based modeling combined with empirical data from users at scale and offers insight into the impact of so-called coordinated inauthentic behavior. This is joint work in collaboration with Oxford and NYU that has been invited for an Oral presentation (top 3/26 papers) at the AI4ABM workshop at the International Conference on Machine Learning, 2022.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d5f67c","updated_at":"2024-06-07T03:39+0000","name":"Misinformation Village","id":45335},"title":"SimPPL: Simulating Social Networks and Disinformation","end_timestamp":{"seconds":1660336200,"nanoseconds":0},"android_description":"Online disinformation is a dynamic and pervasive problem on social networks as evidenced recently by the COVID-19 \"infodemic\". It is unclear how effective countermeasures are in practice due to limited access to platform data. In such cases, simulations are a popular technique to study the long-term effects of disinformation and influence operations. We develop a high-fidelity simulation of disinformation spread via influence operations on a popular social network, Reddit, and their effects on content distribution via ranking and recommendation algorithms. It is a novel application of agent-based modeling combined with empirical data from users at scale and offers insight into the impact of so-called coordinated inauthentic behavior. This is joint work in collaboration with Oxford and NYU that has been invited for an Oral presentation (top 3/26 papers) at the AI4ABM workshop at the International Conference on Machine Learning, 2022.","updated_timestamp":{"seconds":1660333920,"nanoseconds":0},"speakers":[{"content_ids":[49056],"conference_id":65,"event_ids":[49059],"name":"Swapneel Mehta","affiliations":[{"organization":"New York University","title":""}],"links":[],"pronouns":null,"media":[],"id":48494,"title":"New York University"}],"timeband_id":891,"links":[],"end":"2022-08-12T20:30:00.000-0000","id":49059,"tag_ids":[40260,45331,45335,45450],"village_id":18,"begin_timestamp":{"seconds":1660329000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48494}],"tags":"Lightning Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (Misinformation Village)","hotel":"","short_name":"220->236 (Misinformation Village)","id":45402},"begin":"2022-08-12T18:30:00.000-0000","updated":"2022-08-12T19:52:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The quality of online information is deteriorating. Misinformation operations and bot accounts all contribute to the worsening environment. To address those challenges, researchers need real-time data and actionable intelligence to trace information spread and to identify suspicious spread patterns. \r\n\r\nThis session introduces Information Tracer, a service to provide fine-grained intelligence about how online information spreads to journalists, researchers and developers. \r\n\r\nInformation Tracer consists of three components. The first components collects public posts containing a particular URL, hashtag or keyword over five platforms—Twitter, Facebook, YouTube, Reddit, Gab. The second components turns heterogeneous raw data into explainable metrics that describe how information spreads. The last component shares our intelligence via either web interface or API endpoints. End users can set up their own collection pipelines and thresholds for metrics to surface potentially coordinated misinformation attacks.\r\n\r\nIn this session, we will walk through our system architecture, and demo how to trace a URL related to recent Amber Heard vs Johnny Depp lawsuit. We will examine how the URL is shared on different platforms, and decide if the spread is organic or not.\n\n\n","title":"Uncovering multi-platform misinformation campaigns with Information Tracer","type":{"conference_id":65,"conference":"DEFCON30","color":"#d5f67c","updated_at":"2024-06-07T03:39+0000","name":"Misinformation Village","id":45335},"end_timestamp":{"seconds":1660336200,"nanoseconds":0},"android_description":"The quality of online information is deteriorating. Misinformation operations and bot accounts all contribute to the worsening environment. To address those challenges, researchers need real-time data and actionable intelligence to trace information spread and to identify suspicious spread patterns. \r\n\r\nThis session introduces Information Tracer, a service to provide fine-grained intelligence about how online information spreads to journalists, researchers and developers. \r\n\r\nInformation Tracer consists of three components. The first components collects public posts containing a particular URL, hashtag or keyword over five platforms—Twitter, Facebook, YouTube, Reddit, Gab. The second components turns heterogeneous raw data into explainable metrics that describe how information spreads. The last component shares our intelligence via either web interface or API endpoints. End users can set up their own collection pipelines and thresholds for metrics to surface potentially coordinated misinformation attacks.\r\n\r\nIn this session, we will walk through our system architecture, and demo how to trace a URL related to recent Amber Heard vs Johnny Depp lawsuit. We will examine how the URL is shared on different platforms, and decide if the spread is organic or not.","updated_timestamp":{"seconds":1660333920,"nanoseconds":0},"speakers":[{"content_ids":[49055],"conference_id":65,"event_ids":[49058],"name":"Zhouhan Chen","affiliations":[{"organization":"New York University","title":""}],"links":[],"pronouns":null,"media":[],"id":48496,"title":"New York University"}],"timeband_id":891,"links":[],"end":"2022-08-12T20:30:00.000-0000","id":49058,"village_id":18,"tag_ids":[40260,45331,45335,45450],"begin_timestamp":{"seconds":1660329000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48496}],"tags":"Lightning Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (Misinformation Village)","hotel":"","short_name":"220->236 (Misinformation Village)","id":45402},"begin":"2022-08-12T18:30:00.000-0000","updated":"2022-08-12T19:52:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Preslav will demonstrate some tools for fighting disinformation, which were developed as part of the Tanbih mega-project, which aims to limit the impact of \"fake news\", propaganda and media bias by making users aware of what they are reading, thus promoting media literacy and critical thinking, which are arguably the best way to address disinformation in the long run.\n\n\n","title":"Detecting the \"Fake News\" Before It Was Even Written, Media Literacy, and Flattening the Curve of the COVID-19 Infodemic","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d5f67c","name":"Misinformation Village","id":45335},"android_description":"Preslav will demonstrate some tools for fighting disinformation, which were developed as part of the Tanbih mega-project, which aims to limit the impact of \"fake news\", propaganda and media bias by making users aware of what they are reading, thus promoting media literacy and critical thinking, which are arguably the best way to address disinformation in the long run.","end_timestamp":{"seconds":1660336200,"nanoseconds":0},"updated_timestamp":{"seconds":1660363800,"nanoseconds":0},"speakers":[{"content_ids":[49054,49065],"conference_id":65,"event_ids":[49057,49068],"name":"Preslav Nakov","affiliations":[{"organization":"Mohamed bin Zayed University of Artificial Intelligence","title":""}],"links":[],"pronouns":null,"media":[],"id":48489,"title":"Mohamed bin Zayed University of Artificial Intelligence"}],"timeband_id":891,"links":[],"end":"2022-08-12T20:30:00.000-0000","id":49057,"village_id":18,"begin_timestamp":{"seconds":1660329000,"nanoseconds":0},"tag_ids":[40260,45331,45335,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48489}],"tags":"Lightning Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (Misinformation Village)","hotel":"","short_name":"220->236 (Misinformation Village)","id":45402},"spans_timebands":"N","begin":"2022-08-12T18:30:00.000-0000","updated":"2022-08-13T04:10:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Misinformation, disinformation, and malinformation (MDM) operations depend upon and leverage existing human cognitive biases. Our research group has cataloged a diverse collection of cognitive biases which are vulnerable to exploitation by malicious actors. This presentation describes the construction and development of this database as well as suggesting use case applications and real-world examples which will eventually serve to build the foundation for a comprehensive cognitive security defense framework. This Human Vulnerability, Exploitation, Tools & Tactics (HVETT) database will be a significant resource for the prevention, analysis, and attribution of threat actors across tactical, operational, and strategic threats. \r\n\r\nWe begin by introducing the concept and scope of cognitive security, discuss framework development, and provide an overview of how and why humans are vulnerable to MDM operations. Next, we will discuss how technologically mediated communications (TMCs) and synthetic media (such as deep fakes) exacerbate these vulnerabilities by adding new attack vectors. After establishing this foundation, we introduce the HVETT database and discuss potential applications to real-world challenges. Finally, we conclude with a series of recent examples of exploits and tactics which threaten the cognitive security of every human with access to TMCs.\n\n\n","title":"Cognitive Security: Human Vulnerabilities, Exploits, & TTPs","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d5f67c","name":"Misinformation Village","id":45335},"end_timestamp":{"seconds":1660336200,"nanoseconds":0},"android_description":"Misinformation, disinformation, and malinformation (MDM) operations depend upon and leverage existing human cognitive biases. Our research group has cataloged a diverse collection of cognitive biases which are vulnerable to exploitation by malicious actors. This presentation describes the construction and development of this database as well as suggesting use case applications and real-world examples which will eventually serve to build the foundation for a comprehensive cognitive security defense framework. This Human Vulnerability, Exploitation, Tools & Tactics (HVETT) database will be a significant resource for the prevention, analysis, and attribution of threat actors across tactical, operational, and strategic threats. \r\n\r\nWe begin by introducing the concept and scope of cognitive security, discuss framework development, and provide an overview of how and why humans are vulnerable to MDM operations. Next, we will discuss how technologically mediated communications (TMCs) and synthetic media (such as deep fakes) exacerbate these vulnerabilities by adding new attack vectors. After establishing this foundation, we introduce the HVETT database and discuss potential applications to real-world challenges. Finally, we conclude with a series of recent examples of exploits and tactics which threaten the cognitive security of every human with access to TMCs.","updated_timestamp":{"seconds":1660333860,"nanoseconds":0},"speakers":[{"content_ids":[49053],"conference_id":65,"event_ids":[49056],"name":"Matthew Canham","affiliations":[{"organization":"Beyond Layer Seven","title":""}],"links":[],"pronouns":null,"media":[],"id":48487,"title":"Beyond Layer Seven"}],"timeband_id":891,"links":[],"end":"2022-08-12T20:30:00.000-0000","id":49056,"tag_ids":[40260,45331,45335,45450],"village_id":18,"begin_timestamp":{"seconds":1660329000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48487}],"tags":"Lightning Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (Misinformation Village)","hotel":"","short_name":"220->236 (Misinformation Village)","id":45402},"spans_timebands":"N","updated":"2022-08-12T19:51:00.000-0000","begin":"2022-08-12T18:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Departmenf of Defense 5G Telemedicine and Medical Training: The Future of Healthcare the Remote Warrior","type":{"conference_id":65,"conference":"DEFCON30","color":"#a67a60","updated_at":"2024-06-07T03:39+0000","name":"Biohacking Village","id":45329},"android_description":"","end_timestamp":{"seconds":1660330800,"nanoseconds":0},"updated_timestamp":{"seconds":1659107880,"nanoseconds":0},"speakers":[{"content_ids":[49011],"conference_id":65,"event_ids":[49014],"name":"Paul Young, MD","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/paul-young-md-mph-mss-fasma-58561442/ "}],"media":[],"id":48457}],"timeband_id":891,"links":[],"end":"2022-08-12T19:00:00.000-0000","id":49014,"begin_timestamp":{"seconds":1660329000,"nanoseconds":0},"village_id":5,"tag_ids":[40277,45329,45373,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48457}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Laughlin I,II,III (Biohacking Village)","hotel":"","short_name":"Laughlin I,II,III (Biohacking Village)","id":45405},"spans_timebands":"N","updated":"2022-07-29T15:18:00.000-0000","begin":"2022-08-12T18:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Scoping and Triage\r\nYou can't analyze what you don't know, learn to prepare yourself for any investigation no matter the subject.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nYou can't analyze what you don't know, learn to prepare yourself for any investigation no matter the subject.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","title":"Obsidian: IR - It all starts here, scoping the incident","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#97ab92","name":"Blue Team Village","id":45376},"android_description":"Scoping and Triage\r\nYou can't analyze what you don't know, learn to prepare yourself for any investigation no matter the subject.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nYou can't analyze what you don't know, learn to prepare yourself for any investigation no matter the subject.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","end_timestamp":{"seconds":1660332600,"nanoseconds":0},"updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48918,48935,48928],"conference_id":65,"event_ids":[48919,48929,48935],"name":"ChocolateCoat","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48375}],"timeband_id":891,"links":[],"end":"2022-08-12T19:30:00.000-0000","id":48935,"village_id":7,"begin_timestamp":{"seconds":1660329000,"nanoseconds":0},"tag_ids":[40250,45332,45373,45376,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48375}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person)","hotel":"","short_name":"BTV Project Obsidian: Track 0x41 (In-person)","id":45471},"updated":"2022-07-28T21:38:00.000-0000","begin":"2022-08-12T18:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"This module covers:\r\n\r\n- Direction & Planning: Overview of CTI stakeholders and intelligence requirements\r\n- Collection: CTI analysts role during an incident\r\n- Processing: Intrusion data & information\r\n- Analysis & Production: Elements to include in a report\r\n- Dissemination: Sharing the report with stakeholders\r\n- Feedback & Evaluation: Methods for receiving feedback\r\n\r\nThe objective is to demonstrate the critical role CTI plays both during and after an incident.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nThis session presents an overview of how threat intelligence can be generated from an incident and shared with various stakeholders. We'll run through an incident and demonstrate how the CTI team plays a critical role by performing research and providing insights based on stakeholder requirements.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","type":{"conference_id":65,"conference":"DEFCON30","color":"#97ab92","updated_at":"2024-06-07T03:39+0000","name":"Blue Team Village","id":45376},"title":"Obsidian CTI: Generating Threat Intelligence from an Incident","end_timestamp":{"seconds":1660332600,"nanoseconds":0},"android_description":"This module covers:\r\n\r\n- Direction & Planning: Overview of CTI stakeholders and intelligence requirements\r\n- Collection: CTI analysts role during an incident\r\n- Processing: Intrusion data & information\r\n- Analysis & Production: Elements to include in a report\r\n- Dissemination: Sharing the report with stakeholders\r\n- Feedback & Evaluation: Methods for receiving feedback\r\n\r\nThe objective is to demonstrate the critical role CTI plays both during and after an incident.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nThis session presents an overview of how threat intelligence can be generated from an incident and shared with various stakeholders. We'll run through an incident and demonstrate how the CTI team plays a critical role by performing research and providing insights based on stakeholder requirements.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48907,48929],"conference_id":65,"event_ids":[48909,48930],"name":"ttheveii0x","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48323},{"content_ids":[48907,48929],"conference_id":65,"event_ids":[48909,48930],"name":"Stephanie G.","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48328},{"content_ids":[48907,48929],"conference_id":65,"event_ids":[48909,48930],"name":"l00sid","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48331}],"timeband_id":891,"links":[],"end":"2022-08-12T19:30:00.000-0000","id":48909,"begin_timestamp":{"seconds":1660329000,"nanoseconds":0},"village_id":7,"tag_ids":[40250,45332,45373,45376,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48328},{"tag_id":565,"sort_order":1,"person_id":48331},{"tag_id":565,"sort_order":1,"person_id":48323}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person)","hotel":"","short_name":"BTV Project Obsidian: Track 0x42 (In-person)","id":45472},"updated":"2022-07-28T21:38:00.000-0000","begin":"2022-08-12T18:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Code Integrity is a threat protection feature first introduced by Microsoft over 15 years ago. On x64-based versions of Windows, kernel drivers must be digitally signed and checked each time they are loaded into memory. This is also referred to as Driver Signature Enforcement (DSE).\n \nThe passing year showed high-profile APT groups kept leveraging the well-known tampering technique to disable DSE on runtime. Meanwhile, Microsoft rolled out new mitigations: driver blocklists and Kernel Data Protection (KDP), a new platform security technology for preventing data-oriented attacks.\n \nSince using blocklist only narrows the attack vector, we focused on how KDP was applied in this case to eliminate the attack surface.\n \nWe found two novel data-based attacks to bypass KDP-protected DSE, one of which is feasible in real-world scenarios. Furthermore, they work on all Windows versions, starting with the first release of DSE. We’ll present each method and run them on live machines.\n \nWe’ll discuss why KDP is an ineffective mitigation. As it didn’t raise the bar against DSE tampering, we looked for a different approach to mitigate it. We’ll talk about how defenders can take a page out of attackers’ playbook to cope with the issue until HVCI becomes prevalent and really eliminates this attack surface.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"title":"Running Rootkits Like A Nation-State Hacker","end_timestamp":{"seconds":1660330200,"nanoseconds":0},"android_description":"Code Integrity is a threat protection feature first introduced by Microsoft over 15 years ago. On x64-based versions of Windows, kernel drivers must be digitally signed and checked each time they are loaded into memory. This is also referred to as Driver Signature Enforcement (DSE).\n \nThe passing year showed high-profile APT groups kept leveraging the well-known tampering technique to disable DSE on runtime. Meanwhile, Microsoft rolled out new mitigations: driver blocklists and Kernel Data Protection (KDP), a new platform security technology for preventing data-oriented attacks.\n \nSince using blocklist only narrows the attack vector, we focused on how KDP was applied in this case to eliminate the attack surface.\n \nWe found two novel data-based attacks to bypass KDP-protected DSE, one of which is feasible in real-world scenarios. Furthermore, they work on all Windows versions, starting with the first release of DSE. We’ll present each method and run them on live machines.\n \nWe’ll discuss why KDP is an ineffective mitigation. As it didn’t raise the bar against DSE tampering, we looked for a different approach to mitigate it. We’ll talk about how defenders can take a page out of attackers’ playbook to cope with the issue until HVCI becomes prevalent and really eliminates this attack surface.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48508],"conference_id":65,"event_ids":[48577],"name":"Omri Misgav","affiliations":[{"organization":"","title":"CTO, Security Research Group Fortinet"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"linkedin.com/in/omri-misgav"}],"pronouns":null,"media":[],"id":47899,"title":"CTO, Security Research Group Fortinet"}],"timeband_id":891,"end":"2022-08-12T18:50:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241940"}],"id":48577,"tag_ids":[45241,45279,45281,45375,45450],"begin_timestamp":{"seconds":1660329000,"nanoseconds":0},"village_id":null,"includes":"Tool, Demo","people":[{"tag_id":565,"sort_order":1,"person_id":47899}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"spans_timebands":"N","begin":"2022-08-12T18:30:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"A Policy Fireside Chat with the National Cyber Director","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"end_timestamp":{"seconds":1660331700,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659452820,"nanoseconds":0},"speakers":[{"content_ids":[48507],"conference_id":65,"event_ids":[48541],"name":"Chris Inglis","affiliations":[{"organization":"","title":"National Cyber Director at the White House "}],"links":[],"pronouns":null,"media":[],"id":48706,"title":"National Cyber Director at the White House"},{"content_ids":[48507],"conference_id":65,"event_ids":[48541],"name":"Kim Zetter","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48707}],"timeband_id":891,"links":[],"end":"2022-08-12T19:15:00.000-0000","id":48541,"tag_ids":[45241,45375,45450],"village_id":null,"begin_timestamp":{"seconds":1660329000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48706},{"tag_id":565,"sort_order":1,"person_id":48707}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 106-110, 138-139 (Track 2)","hotel":"","short_name":"106-110, 138-139 (Track 2)","id":45373},"updated":"2022-08-02T15:07:00.000-0000","begin":"2022-08-12T18:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"As developers, we do ensure that we put security into consideration but while doing that, how much data security and privacy of our users do we put into considerations? are we aware of the users' data rights? how many users data do we collect? How do we really need all the user data we collect? Do we really have a user data recovery plan? Join me in this session as we dissect this topic and answer these questions. Some other talk points include data anonymization, data protection, data storage and data disposal.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#5978bc","name":"AppSec Village","id":45378},"title":"Data security and privacy in application security","end_timestamp":{"seconds":1660335300,"nanoseconds":0},"android_description":"As developers, we do ensure that we put security into consideration but while doing that, how much data security and privacy of our users do we put into considerations? are we aware of the users' data rights? how many users data do we collect? How do we really need all the user data we collect? Do we really have a user data recovery plan? Join me in this session as we dissect this topic and answer these questions. Some other talk points include data anonymization, data protection, data storage and data disposal.","updated_timestamp":{"seconds":1659917160,"nanoseconds":0},"speakers":[{"content_ids":[49638],"conference_id":65,"event_ids":[49822],"name":"Eyitayo Alimi","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/alimieyitayo/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/alimieyitayo"}],"pronouns":null,"media":[],"id":49004}],"timeband_id":891,"links":[],"end":"2022-08-12T20:15:00.000-0000","id":49822,"village_id":4,"tag_ids":[40278,45332,45345,45378,45451],"begin_timestamp":{"seconds":1660328100,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49004}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45421,"name":"Flamingo - Twilight Ballroom - AppSec Village - Main Stage","hotel":"","short_name":"Main Stage","id":45517},"begin":"2022-08-12T18:15:00.000-0000","updated":"2022-08-08T00:06:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"2022 has brought us cyberwar, cybercrime, and other malicious activities by a host of actors that have required many organizations to reassess their cybersecurity postures. In this session we’ll look at the latest attack trends we’ve seen used by malicious actors around the world and how they’re targeting organizations. We’ll also discuss cybersecurity strategies that can help minimize the risk of a successful attack or the time an attacker is within the network.\n\n\n","title":"Cyber Attack Trends in 2022","type":{"conference_id":65,"conference":"DEFCON30","color":"#74a6bb","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Groups VR","id":45449},"android_description":"2022 has brought us cyberwar, cybercrime, and other malicious activities by a host of actors that have required many organizations to reassess their cybersecurity postures. In this session we’ll look at the latest attack trends we’ve seen used by malicious actors around the world and how they’re targeting organizations. We’ll also discuss cybersecurity strategies that can help minimize the risk of a successful attack or the time an attacker is within the network.","end_timestamp":{"seconds":1660330800,"nanoseconds":0},"updated_timestamp":{"seconds":1660257060,"nanoseconds":0},"speakers":[{"content_ids":[49747],"conference_id":65,"event_ids":[49945],"name":"Jon Clay","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jonlclay"}],"media":[],"id":49085}],"timeband_id":891,"end":"2022-08-12T19:00:00.000-0000","links":[{"label":"URL","type":"link","url":"https://account.altvr.com/events/2059997537997160822"}],"id":49945,"tag_ids":[45374,45449],"village_id":null,"begin_timestamp":{"seconds":1660327200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49085}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - DEF CON Groups VR","hotel":"","short_name":"DEF CON Groups VR","id":45523},"spans_timebands":"N","begin":"2022-08-12T18:00:00.000-0000","updated":"2022-08-11T22:31:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Meet Lucy, an 8-Qubit quantum computer; she’s British, super cool, and looking for the best quantum algorithms to partner with.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#aae997","name":"Quantum Village","id":45382},"title":"Meet Lucy","end_timestamp":{"seconds":1660330800,"nanoseconds":0},"android_description":"Meet Lucy, an 8-Qubit quantum computer; she’s British, super cool, and looking for the best quantum algorithms to partner with.","updated_timestamp":{"seconds":1660333080,"nanoseconds":0},"speakers":[{"content_ids":[49700],"conference_id":65,"event_ids":[49890],"name":"Jamie Friel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49058}],"timeband_id":891,"links":[],"end":"2022-08-12T19:00:00.000-0000","id":49890,"begin_timestamp":{"seconds":1660327200,"nanoseconds":0},"village_id":24,"tag_ids":[40266,45340,45373,45382,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49058}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 217 (Quantum Village)","hotel":"","short_name":"217 (Quantum Village)","id":45403},"updated":"2022-08-12T19:38:00.000-0000","begin":"2022-08-12T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Schemaverse [skee-muh vurs] is a space battleground that lives inside a PostgreSQL database. Mine the hell out of resources and build up your fleet of ships, all while trying to protect your home planet. Once you're ready, head out and conquer the map from other DEF CON rivals.\r\n\r\nThis unique game gives you direct access to the database that governs the rules. Write SQL queries directly by connecting with any supported PostgreSQL client or use your favourite language to write AI that plays on your behalf. This is DEF CON of course so start working on your SQL Injections - anything goes!\n\n\n","title":"The Schemaverse Championship - Practice Round","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"end_timestamp":{"seconds":1660413600,"nanoseconds":0},"android_description":"The Schemaverse [skee-muh vurs] is a space battleground that lives inside a PostgreSQL database. Mine the hell out of resources and build up your fleet of ships, all while trying to protect your home planet. Once you're ready, head out and conquer the map from other DEF CON rivals.\r\n\r\nThis unique game gives you direct access to the database that governs the rules. Write SQL queries directly by connecting with any supported PostgreSQL client or use your favourite language to write AI that plays on your behalf. This is DEF CON of course so start working on your SQL Injections - anything goes!","updated_timestamp":{"seconds":1659988980,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/240965"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711644182116040784"},{"label":"Twitter","type":"link","url":"https://twitter.com/schemaverse"},{"label":"Website","type":"link","url":"https://schemaverse.com"}],"end":"2022-08-13T18:00:00.000-0000","id":49766,"begin_timestamp":{"seconds":1660327200,"nanoseconds":0},"tag_ids":[45360,45374],"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45476},"spans_timebands":"Y","begin":"2022-08-12T18:00:00.000-0000","updated":"2022-08-08T20:03:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Red Team Village Keynote Panel","type":{"conference_id":65,"conference":"DEFCON30","color":"#ada5dd","updated_at":"2024-06-07T03:39+0000","name":"Red Team Village","id":45385},"end_timestamp":{"seconds":1660330800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659679380,"nanoseconds":0},"speakers":[{"content_ids":[49445],"conference_id":65,"event_ids":[49649],"name":"Alh4zr3d","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Alh4zr3d"}],"media":[],"id":48817},{"content_ids":[49445],"conference_id":65,"event_ids":[49649],"name":"John Hammond","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/_JohnHammond"}],"media":[],"id":48822},{"content_ids":[49445],"conference_id":65,"event_ids":[49649],"name":"Ryan M. Montgomery","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/0dayCTF"}],"pronouns":null,"media":[],"id":48827}],"timeband_id":891,"links":[],"end":"2022-08-12T19:00:00.000-0000","id":49649,"village_id":27,"tag_ids":[40269,45367,45373,45385,45451],"begin_timestamp":{"seconds":1660327200,"nanoseconds":0},"includes":"","people":[{"tag_id":45290,"sort_order":1,"person_id":48817},{"tag_id":45290,"sort_order":1,"person_id":48822},{"tag_id":45290,"sort_order":1,"person_id":48827}],"tags":"Panel","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Mesquite Ballroom (Red Team Village)","hotel":"","short_name":"Mesquite Ballroom (Red Team Village)","id":45404},"begin":"2022-08-12T18:00:00.000-0000","updated":"2022-08-05T06:03:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"It's DEFCON 30 and the world is a tumultuous place. Maybe Putan has invaded NATO. Maybe China has invaded Taiwan or doubled down on its bid to claim the oddly sack-shaped \"\"nine dash line\"\". I think Pooh Bear may be trying to compensate for something. Whatever the current events, I'm going to claim WWIII is right around the corner and you should be prepared! Prepared to chill your beverage that is. If the world is ending, do you really want to see it out with a warm beverage!? I thought not! If I'm going out in a nuclear hellfire I want it to be with ice cold suds. So come on down and let's get prepped!\r\n\r\n** NOTE: Some DEF CON floor plans indicated that BCCC was to be outside Caesars Forum; this is incorrect. BCCC is happening inside the Contest Area, inside Caesars Forum. **\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"title":"Beverage Cooling Contraption Contest (BCCC)","end_timestamp":{"seconds":1660341600,"nanoseconds":0},"android_description":"It's DEFCON 30 and the world is a tumultuous place. Maybe Putan has invaded NATO. Maybe China has invaded Taiwan or doubled down on its bid to claim the oddly sack-shaped \"\"nine dash line\"\". I think Pooh Bear may be trying to compensate for something. Whatever the current events, I'm going to claim WWIII is right around the corner and you should be prepared! Prepared to chill your beverage that is. If the world is ending, do you really want to see it out with a warm beverage!? I thought not! If I'm going out in a nuclear hellfire I want it to be with ice cold suds. So come on down and let's get prepped!\r\n\r\n** NOTE: Some DEF CON floor plans indicated that BCCC was to be outside Caesars Forum; this is incorrect. BCCC is happening inside the Contest Area, inside Caesars Forum. **","updated_timestamp":{"seconds":1659666840,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241413"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/864186853241913364"}],"end":"2022-08-12T22:00:00.000-0000","id":49573,"tag_ids":[45360,45373,45450],"village_id":null,"begin_timestamp":{"seconds":1660327200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"begin":"2022-08-12T18:00:00.000-0000","updated":"2022-08-05T02:34:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Explain how the CHV badge can generate CAN waveforms (and other digital protocols) with different errors to disrupt vehicle networks. More than an ARB, the generation can be interactive - where the waveform can change based on the response of the network. The talk will focus on the Raspberry Pi rp2040 in the CHV badge and its hacker potential.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#b9b1c5","name":"Car Hacking Village","id":45352},"title":"Getting naughty on CAN bus with CHV Badge","android_description":"Explain how the CHV badge can generate CAN waveforms (and other digital protocols) with different errors to disrupt vehicle networks. More than an ARB, the generation can be interactive - where the waveform can change based on the response of the network. The talk will focus on the Raspberry Pi rp2040 in the CHV badge and its hacker potential.","end_timestamp":{"seconds":1660329600,"nanoseconds":0},"updated_timestamp":{"seconds":1659587040,"nanoseconds":0},"speakers":[{"content_ids":[49383],"conference_id":65,"event_ids":[49530],"name":"evadsnibor","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48790}],"timeband_id":891,"links":[],"end":"2022-08-12T18:40:00.000-0000","id":49530,"village_id":8,"tag_ids":[40251,45340,45348,45352,45374],"begin_timestamp":{"seconds":1660327200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48790}],"tags":"Talk, Pre-Recorded Content","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - Car Hacking Village","hotel":"","short_name":"Car Hacking Village","id":45487},"spans_timebands":"N","begin":"2022-08-12T18:00:00.000-0000","updated":"2022-08-04T04:24:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"‍\r\nThe lack of OT-specific resources readily available to the industrial infrastructure community creates a serious gap in securing industrial infrastructure. The gap is especially critical among small and medium sized businesses that often have limited expertise and resources to address ICS/OT cybersecurity risks. This presentation details a new free cybersecurity resource: Dragos OT-CERT (Operational Technology - Cyber Emergency Readiness Team). OT-CERT helps industrial asset owners and operators – especially under-resourced organizations - build their OT cybersecurity programs, improve their security postures, and reduce OT risk. Member organizations have free access to OT cybersecurity best practices, cybersecurity maturity assessments, training, workshops, tabletop exercises, webinars, and more. Although OT-CERT focuses on small and medium sized businesses, organizations of all sizes are eligible for OT-CERT membership. Larger organizations will benefit from free resources such as OT best-practices blogs and OT vulnerability disclosures from Dragos’s industry-leading Threat Intelligence team. Dragos OT-CERT will also aid large companies by helping to improve the security posture of smaller organizations in their supply chain that can pose a risk to their business operations.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#81f8bf","name":"ICS Village","id":45369},"title":"Closing a Security Gap in the Industrial Infrastructure Ecosystem: Under-Resourced Organizations","end_timestamp":{"seconds":1660329000,"nanoseconds":0},"android_description":"‍\r\nThe lack of OT-specific resources readily available to the industrial infrastructure community creates a serious gap in securing industrial infrastructure. The gap is especially critical among small and medium sized businesses that often have limited expertise and resources to address ICS/OT cybersecurity risks. This presentation details a new free cybersecurity resource: Dragos OT-CERT (Operational Technology - Cyber Emergency Readiness Team). OT-CERT helps industrial asset owners and operators – especially under-resourced organizations - build their OT cybersecurity programs, improve their security postures, and reduce OT risk. Member organizations have free access to OT cybersecurity best practices, cybersecurity maturity assessments, training, workshops, tabletop exercises, webinars, and more. Although OT-CERT focuses on small and medium sized businesses, organizations of all sizes are eligible for OT-CERT membership. Larger organizations will benefit from free resources such as OT best-practices blogs and OT vulnerability disclosures from Dragos’s industry-leading Threat Intelligence team. Dragos OT-CERT will also aid large companies by helping to improve the security posture of smaller organizations in their supply chain that can pose a risk to their business operations.","updated_timestamp":{"seconds":1659472320,"nanoseconds":0},"speakers":[{"content_ids":[49331],"conference_id":65,"event_ids":[49431],"name":"Dawn Cappelli","affiliations":[{"organization":"Dragos","title":"Director, OT-CERT"}],"links":[],"pronouns":null,"media":[],"id":48753,"title":"Director, OT-CERT at Dragos"}],"timeband_id":891,"links":[],"end":"2022-08-12T18:30:00.000-0000","id":49431,"begin_timestamp":{"seconds":1660327200,"nanoseconds":0},"tag_ids":[40258,45340,45369,45375],"village_id":15,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48753}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"ICS Village Virtual","hotel":"","short_name":"ICS Village","id":45492},"begin":"2022-08-12T18:00:00.000-0000","updated":"2022-08-02T20:32:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In this workshop, James will be going over the mechanics of picking pockets as well as the psychological principles which allow this centuries old technique to persist to this day.\n\n\n","title":"Picking Pockets, Picked Apart","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#569d6e","name":"Rogues Village","id":45368},"android_description":"In this workshop, James will be going over the mechanics of picking pockets as well as the psychological principles which allow this centuries old technique to persist to this day.","end_timestamp":{"seconds":1660330800,"nanoseconds":0},"updated_timestamp":{"seconds":1659467340,"nanoseconds":0},"speakers":[{"content_ids":[49319,49327],"conference_id":65,"event_ids":[49419,49427],"name":"James Harrison","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/PickpocketJames"},{"description":"","title":"Website","sort_order":0,"url":"https://www.pickpocketmagic.com/"}],"pronouns":null,"media":[],"id":48741}],"timeband_id":891,"links":[],"end":"2022-08-12T19:00:00.000-0000","id":49419,"village_id":29,"tag_ids":[40271,45332,45368,45453],"begin_timestamp":{"seconds":1660327200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48741}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Evolution (Rogues Village)","hotel":"","short_name":"Evolution (Rogues Village)","id":45407},"spans_timebands":"N","updated":"2022-08-02T19:09:00.000-0000","begin":"2022-08-12T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Workshop geared to participation in CTF's\n\n\n","title":"Workshop: Intro to CTF","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#c497fa","name":"Girls Hack Village","id":45361},"end_timestamp":{"seconds":1660332600,"nanoseconds":0},"android_description":"Workshop geared to participation in CTF's","updated_timestamp":{"seconds":1659465180,"nanoseconds":0},"speakers":[{"content_ids":[49296],"conference_id":65,"event_ids":[49395],"name":"Professor Rogers","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Linkedin","sort_order":0,"url":"https://www.linkedin.com/in/rogerwhytenyc/"}],"media":[],"id":48732}],"timeband_id":891,"links":[],"end":"2022-08-12T19:30:00.000-0000","id":49395,"village_id":12,"tag_ids":[40255,45332,45361,45451],"begin_timestamp":{"seconds":1660327200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48732}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City III (Girls Hack Village)","hotel":"","short_name":"Virginia City III (Girls Hack Village)","id":45400},"spans_timebands":"N","begin":"2022-08-12T18:00:00.000-0000","updated":"2022-08-02T18:33:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Rethinking a 100 year old exploit. This talk will be describing and demonstrating an awesome attack on one of the most used high security locks in the country.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#856899","updated_at":"2024-06-07T03:39+0000","name":"Lock Pick Village","id":45362},"title":"Medeco cam lock exploit \"an old attack made new again\"","end_timestamp":{"seconds":1660329000,"nanoseconds":0},"android_description":"Rethinking a 100 year old exploit. This talk will be describing and demonstrating an awesome attack on one of the most used high security locks in the country.","updated_timestamp":{"seconds":1659420120,"nanoseconds":0},"speakers":[{"content_ids":[49272,49278],"conference_id":65,"event_ids":[49352,49358],"name":"N∅thing","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48698}],"timeband_id":891,"links":[],"end":"2022-08-12T18:30:00.000-0000","id":49352,"village_id":17,"tag_ids":[40259,45340,45362,45373,45450],"begin_timestamp":{"seconds":1660327200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48698}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 203-204, 235 (Lock Pick Village)","hotel":"","short_name":"203-204, 235 (Lock Pick Village)","id":45399},"updated":"2022-08-02T06:02:00.000-0000","begin":"2022-08-12T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Hacking Product Security Interviews\r\nCybersecurity is a complex, multi-faceted field and pursuing a career in it requires the acquisition of a number of different skill sets. Product Security interviews can be particularly challenging due to the expectation that candidates possess both hacking AND software engineering intuition and skills. \r\n\r\nZoox will take a software engineering perspective and unpack this topic in an interactive talk. They focus on big-picture as well as tactical insights that will help you invest your time when preparing for your dream Product Security job. This is an interactive group activity!\n\n\n","title":"Hacking Product Security Interviews","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d17648","name":"IoT Village","id":45356},"end_timestamp":{"seconds":1660329000,"nanoseconds":0},"android_description":"Hacking Product Security Interviews\r\nCybersecurity is a complex, multi-faceted field and pursuing a career in it requires the acquisition of a number of different skill sets. Product Security interviews can be particularly challenging due to the expectation that candidates possess both hacking AND software engineering intuition and skills. \r\n\r\nZoox will take a software engineering perspective and unpack this topic in an interactive talk. They focus on big-picture as well as tactical insights that will help you invest your time when preparing for your dream Product Security job. This is an interactive group activity!","updated_timestamp":{"seconds":1659392040,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-12T18:30:00.000-0000","id":49324,"village_id":16,"begin_timestamp":{"seconds":1660327200,"nanoseconds":0},"tag_ids":[40275,45332,45356,45450],"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 311, 320 (IoT Village)","hotel":"","short_name":"311, 320 (IoT Village)","id":45424},"spans_timebands":"N","updated":"2022-08-01T22:14:00.000-0000","begin":"2022-08-12T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Outer space has changed, and changed our lives, since the first DEF CON in 1993. This informational talk explores the industry trends we have seen over the last 30 years, growing threats we face to our satellites, and why everyone needs to be informed about the ultimate man-in-the-middle: space.\n\n\n","title":"That's No Moon -- A Look at the Space Threat Environment","type":{"conference_id":65,"conference":"DEFCON30","color":"#f5eab2","updated_at":"2024-06-07T03:39+0000","name":"Aerospace Village","id":45357},"android_description":"Outer space has changed, and changed our lives, since the first DEF CON in 1993. This informational talk explores the industry trends we have seen over the last 30 years, growing threats we face to our satellites, and why everyone needs to be informed about the ultimate man-in-the-middle: space.","end_timestamp":{"seconds":1660328700,"nanoseconds":0},"updated_timestamp":{"seconds":1659379320,"nanoseconds":0},"speakers":[{"content_ids":[49224],"conference_id":65,"event_ids":[49267],"name":"Mike Campanelli","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48682}],"timeband_id":891,"links":[],"end":"2022-08-12T18:25:00.000-0000","id":49267,"village_id":2,"begin_timestamp":{"seconds":1660327200,"nanoseconds":0},"tag_ids":[40247,45340,45357,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48682}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"begin":"2022-08-12T18:00:00.000-0000","updated":"2022-08-01T18:42:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"No Starch Press - Book Signing - Craig Smith, The Car Hacker's Handbook","type":{"conference_id":65,"conference":"DEFCON30","color":"#a68c60","updated_at":"2024-06-07T03:39+0000","name":"Vendor Event","id":45354},"android_description":"","end_timestamp":{"seconds":1660327200,"nanoseconds":0},"updated_timestamp":{"seconds":1659306360,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-12T18:00:00.000-0000","id":49246,"begin_timestamp":{"seconds":1660327200,"nanoseconds":0},"tag_ids":[45354,45373,45450],"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 130-132, 134 (Vendors)","hotel":"","short_name":"130-132, 134 (Vendors)","id":45448},"spans_timebands":"N","begin":"2022-08-12T18:00:00.000-0000","updated":"2022-07-31T22:26:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Creating More Black Hackers: Growth Systems for Cybersecurity Enthusiasts","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#8dc784","name":"BIC Village","id":45353},"end_timestamp":{"seconds":1660330800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659305220,"nanoseconds":0},"speakers":[{"content_ids":[49196],"conference_id":65,"event_ids":[49237],"name":"Segun Ebenezer Olaniyan ","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48662}],"timeband_id":891,"links":[],"end":"2022-08-12T19:00:00.000-0000","id":49237,"village_id":6,"tag_ids":[40249,45348,45353,45374],"begin_timestamp":{"seconds":1660327200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48662}],"tags":"Pre-Recorded Content","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - BIC Village","hotel":"","short_name":"BIC Village","id":45488},"updated":"2022-07-31T22:07:00.000-0000","begin":"2022-08-12T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Steganography has long been used to counter forensic investigation. This use of steganography as an anti-forensics technique is becoming more widespread. This requires forensic examiners to have additional tools to more effectively detect steganography. In this talk we introduce a new software concept specifically designed to allow the digital forensics professional to clearly identify and attribute instances of least significant bit (LSB) image steganography by using the original cover image in side-by-side comparison with a suspected steganographic payload image. This technique is embodied in a software implementation named CounterSteg.\r\n\r\nThe CounterSteg software allows detailed analysis and comparison of both the original cover image and any modified image, using sophisticated bit- and color-channel visual depiction graphics. In certain cases, the steganographic software used for message transmission can be identified by the forensic analysis of LSB and other changes in the payload image. This paper demonstrates usage and typical forensic analysis with eight commonly available steganographic programs.\r\n\r\nFuture work will attempt to automate the typical types of analysis and detection. This is important, as currently there is a steep rise in the use of image LSB steganographic techniques to hide the payload code used by malware and viruses, and for the purposes of data exfiltration. This results because of the fact that the hidden code and/or data can more easily bypass virus and malware signature detection in such a manner as being surreptitiously hidden in an otherwise innocuous image file.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#ff88ea","updated_at":"2024-06-07T03:39+0000","name":"Crypto & Privacy Village","id":45347},"title":"Positive Identification of Least Significant Bit Image Steganography","end_timestamp":{"seconds":1660329000,"nanoseconds":0},"android_description":"Steganography has long been used to counter forensic investigation. This use of steganography as an anti-forensics technique is becoming more widespread. This requires forensic examiners to have additional tools to more effectively detect steganography. In this talk we introduce a new software concept specifically designed to allow the digital forensics professional to clearly identify and attribute instances of least significant bit (LSB) image steganography by using the original cover image in side-by-side comparison with a suspected steganographic payload image. This technique is embodied in a software implementation named CounterSteg.\r\n\r\nThe CounterSteg software allows detailed analysis and comparison of both the original cover image and any modified image, using sophisticated bit- and color-channel visual depiction graphics. In certain cases, the steganographic software used for message transmission can be identified by the forensic analysis of LSB and other changes in the payload image. This paper demonstrates usage and typical forensic analysis with eight commonly available steganographic programs.\r\n\r\nFuture work will attempt to automate the typical types of analysis and detection. This is important, as currently there is a steep rise in the use of image LSB steganographic techniques to hide the payload code used by malware and viruses, and for the purposes of data exfiltration. This results because of the fact that the hidden code and/or data can more easily bypass virus and malware signature detection in such a manner as being surreptitiously hidden in an otherwise innocuous image file.","updated_timestamp":{"seconds":1659213420,"nanoseconds":0},"speakers":[{"content_ids":[49139],"conference_id":65,"event_ids":[49175],"name":"Michael Pelosi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48603}],"timeband_id":891,"links":[],"end":"2022-08-12T18:30:00.000-0000","id":49175,"tag_ids":[40253,45347,45451],"begin_timestamp":{"seconds":1660327200,"nanoseconds":0},"village_id":10,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48603}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"updated":"2022-07-30T20:37:00.000-0000","begin":"2022-08-12T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"If you have a ounce of desire and a sprinkle of creativity then you can make fun electronic tchotchkes! \r\n\r\nYou will take a journey through the software and hardware tools often used to make small electronic gadgets like DEFCON SAOs, electronic pins, and annoying blinky-beepy gifts for parties and holidays. The skills covered will also serve as the stepping off point for your own badgelife creation … should you dare.\r\n\r\nYou will see how to take your personal strengths - be it art, maths, engineering, or fabrication - and build out to other skills.\r\n\r\nYou won’t learn everything there is to know about completing your dream project but you will have learned the steps involved and where to get help along the way!\n\n\n","title":"From Zero To Sao … Or, How Far Does This Rabbit Hole Go?","type":{"conference_id":65,"conference":"DEFCON30","color":"#dc99bf","updated_at":"2024-06-07T03:39+0000","name":"Hardware Hacking Village","id":45338},"android_description":"If you have a ounce of desire and a sprinkle of creativity then you can make fun electronic tchotchkes! \r\n\r\nYou will take a journey through the software and hardware tools often used to make small electronic gadgets like DEFCON SAOs, electronic pins, and annoying blinky-beepy gifts for parties and holidays. The skills covered will also serve as the stepping off point for your own badgelife creation … should you dare.\r\n\r\nYou will see how to take your personal strengths - be it art, maths, engineering, or fabrication - and build out to other skills.\r\n\r\nYou won’t learn everything there is to know about completing your dream project but you will have learned the steps involved and where to get help along the way!","end_timestamp":{"seconds":1660329900,"nanoseconds":0},"updated_timestamp":{"seconds":1659142200,"nanoseconds":0},"speakers":[{"content_ids":[49101],"conference_id":65,"event_ids":[49131],"name":"Bradán Lane ","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48541}],"timeband_id":891,"links":[],"end":"2022-08-12T18:45:00.000-0000","id":49131,"begin_timestamp":{"seconds":1660327200,"nanoseconds":0},"village_id":14,"tag_ids":[40257,45338,45340,45373,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48541}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45440,"name":"Flamingo - Exec Conf Ctr - Red Rock VI, VII, VII (Hardware Hacking Village)","hotel":"","short_name":"Red Rock VI, VII, VII (Hardware Hacking Village)","id":45422},"spans_timebands":"N","begin":"2022-08-12T18:00:00.000-0000","updated":"2022-07-30T00:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"User and Entity Behavior Analysis (UEBA) has been an active area of research in cybersecurity for years now. Advancements in unsupervised machine learning methodologies have made UEBA models effective in detecting anomalous drifts from baseline behavior. But when collecting user generated systems data from a cluster of machines in the cloud or from an endpoint, the data scientist gets access to human generated raw features, which keys are typed when, and what are those. This starts off as acceptable but wades into the grey area of almost keylogging users which is dangerous.\r\n\r\nIn this talk, we will go through a real example of how a user behavior experiment was set up, right from building the features to running the data collection script within containers to flushing the raw data regularly and the users sending only aggregated metrics to the data scientists for model building and analysis. We’ll go through the entire setup from data collection and data flushing to model building by creating weak labels and further analysis.\n\n\n","title":"I’m not Keylogging you! Just some benign data collection for User Behavior Modeling","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#7692ac","name":"AI Village","id":45330},"android_description":"User and Entity Behavior Analysis (UEBA) has been an active area of research in cybersecurity for years now. Advancements in unsupervised machine learning methodologies have made UEBA models effective in detecting anomalous drifts from baseline behavior. But when collecting user generated systems data from a cluster of machines in the cloud or from an endpoint, the data scientist gets access to human generated raw features, which keys are typed when, and what are those. This starts off as acceptable but wades into the grey area of almost keylogging users which is dangerous.\r\n\r\nIn this talk, we will go through a real example of how a user behavior experiment was set up, right from building the features to running the data collection script within containers to flushing the raw data regularly and the users sending only aggregated metrics to the data scientists for model building and analysis. We’ll go through the entire setup from data collection and data flushing to model building by creating weak labels and further analysis.","end_timestamp":{"seconds":1660330200,"nanoseconds":0},"updated_timestamp":{"seconds":1659292440,"nanoseconds":0},"speakers":[{"content_ids":[49032],"conference_id":65,"event_ids":[49035],"name":"Harini Kannan ","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48465}],"timeband_id":891,"links":[],"end":"2022-08-12T18:50:00.000-0000","id":49035,"begin_timestamp":{"seconds":1660327200,"nanoseconds":0},"village_id":3,"tag_ids":[40248,45330,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48465}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (AI Village)","hotel":"","short_name":"220->236 (AI Village)","id":45410},"updated":"2022-07-31T18:34:00.000-0000","begin":"2022-08-12T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Where there's a kiosk, there's an escape","type":{"conference_id":65,"conference":"DEFCON30","color":"#a67a60","updated_at":"2024-06-07T03:39+0000","name":"Biohacking Village","id":45329},"android_description":"","end_timestamp":{"seconds":1660330800,"nanoseconds":0},"updated_timestamp":{"seconds":1659107880,"nanoseconds":0},"speakers":[{"content_ids":[49010],"conference_id":65,"event_ids":[49013],"name":"Michael Aguilar (v3ga)","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/v3ga_hax"}],"media":[],"id":48453}],"timeband_id":891,"links":[],"end":"2022-08-12T19:00:00.000-0000","id":49013,"village_id":5,"tag_ids":[40277,45329,45373,45451],"begin_timestamp":{"seconds":1660327200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48453}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Laughlin I,II,III (Biohacking Village)","hotel":"","short_name":"Laughlin I,II,III (Biohacking Village)","id":45405},"spans_timebands":"N","updated":"2022-07-29T15:18:00.000-0000","begin":"2022-08-12T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Using no existing external infrastructure we dive into the successes and failures as we crossed wires, consoled, and dial-in to real Hyosung ATMs in an effort to become a payment processor. This talk explores the approaches and techniques behind the efforts of hacking ATM systems.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#c3a2fb","name":"Retail Hacking Village","id":45327},"title":"Rock the Cash Box","android_description":"Using no existing external infrastructure we dive into the successes and failures as we crossed wires, consoled, and dial-in to real Hyosung ATMs in an effort to become a payment processor. This talk explores the approaches and techniques behind the efforts of hacking ATM systems.","end_timestamp":{"seconds":1660330800,"nanoseconds":0},"updated_timestamp":{"seconds":1659067140,"nanoseconds":0},"speakers":[{"content_ids":[48995],"conference_id":65,"event_ids":[48997],"name":"Spicy Wasabi","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/spiceywasabi"}],"pronouns":null,"media":[],"id":48433}],"timeband_id":891,"links":[],"end":"2022-08-12T19:00:00.000-0000","id":48997,"village_id":28,"tag_ids":[40270,45327,45340,45348,45373,45450],"begin_timestamp":{"seconds":1660327200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48433}],"tags":"Talk, Pre-Recorded Content","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 310, 320 (Retail Hacking Village)","hotel":"","short_name":"310, 320 (Retail Hacking Village)","id":45408},"spans_timebands":"N","begin":"2022-08-12T18:00:00.000-0000","updated":"2022-07-29T03:59:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The workshop will start by taking everyone over why we should focus on the dark web for research and why it is important to collect data from the dark web. We will explore the importance of data collection with some examples. The second part of the workshop will cover some dark web OSINT tools that one can use to start with dark web data collection/hunting. Attendees will learn how these tools work and what different categories of these dark web OSINT tools one can utilize in their research. The third part of the workshop will cover tools and libraries to create your dark web hunting platform. We will explore writing code and automating dark web data collection. This part includes a live lab demo and code explanation. The workshop will end with a few tips on OpSec practices and resources to start with dark web hunting.\r\n\r\nTakeaways from the workshop:\r\n\r\n1. Understanding why darkerb research is important\r\n2. Darkweb OSINT tools collection to start your research\r\n3. Basic understanding of automated dark web data hunting\r\n4. Python Codebase to start with your dark web data collection\n\n\nHow can you effectively hunt data from the dark web using scripts? How can you circumvent scraping defenses on the dark web? If you are curious about the answers to these questions and want to learn how to effectively write automated scripts for this task, then this workshop is for you. In this workshop, you will learn why collecting data from the dark web is essential, how you can create your tools & scripts, and automate your scripts for effective collection. The workshop's primary focus will be on circumventing defenses put by forums on the dark web against scraping.","type":{"conference_id":65,"conference":"DEFCON30","color":"#97ab92","updated_at":"2024-06-07T03:39+0000","name":"Blue Team Village","id":45376},"title":"Practical Dark Web Hunting using Automated Scripts","android_description":"The workshop will start by taking everyone over why we should focus on the dark web for research and why it is important to collect data from the dark web. We will explore the importance of data collection with some examples. The second part of the workshop will cover some dark web OSINT tools that one can use to start with dark web data collection/hunting. Attendees will learn how these tools work and what different categories of these dark web OSINT tools one can utilize in their research. The third part of the workshop will cover tools and libraries to create your dark web hunting platform. We will explore writing code and automating dark web data collection. This part includes a live lab demo and code explanation. The workshop will end with a few tips on OpSec practices and resources to start with dark web hunting.\r\n\r\nTakeaways from the workshop:\r\n\r\n1. Understanding why darkerb research is important\r\n2. Darkweb OSINT tools collection to start your research\r\n3. Basic understanding of automated dark web data hunting\r\n4. Python Codebase to start with your dark web data collection\n\n\nHow can you effectively hunt data from the dark web using scripts? How can you circumvent scraping defenses on the dark web? If you are curious about the answers to these questions and want to learn how to effectively write automated scripts for this task, then this workshop is for you. In this workshop, you will learn why collecting data from the dark web is essential, how you can create your tools & scripts, and automate your scripts for effective collection. The workshop's primary focus will be on circumventing defenses put by forums on the dark web against scraping.","end_timestamp":{"seconds":1660332600,"nanoseconds":0},"updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48923],"conference_id":65,"event_ids":[48924],"name":"Apurv Singh Gautam","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48324}],"timeband_id":891,"links":[],"end":"2022-08-12T19:30:00.000-0000","id":48924,"village_id":7,"tag_ids":[40250,45365,45373,45376,45451],"begin_timestamp":{"seconds":1660327200,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48324}],"tags":"Walkthrough Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45475,"name":"Virtual - BlueTeam Village - Workshops","hotel":"","short_name":"Workshops","id":45474},"updated":"2022-07-28T21:38:00.000-0000","begin":"2022-08-12T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"One of the most important aspects of threat intelligence is the attribution of threat actors—identifying the entity behind an attack, their motivations, or the ultimate sponsor of the attack. Attribution is one of the most complicated aspects of cybersecurity, and it is easy to make mistakes because the underlying architecture of the internet offers numerous ways for attackers to hide their tracks. Threat actors can use false flags to deceive the security community about their identity, and natural human bias can lead researchers in the wrong direction. In this presentation, I will discuss three of the biggest lessons I’ve learned with regards to attribution—and how researchers can avoid making the same errors.\r\n \r\nThe first mistake is related to perception bias. The Olympic Destroyer was a cyber-sabotage attack that happened during the PyeongChang Winter Olympic in 2018. Many security vendors published information about the substance of the attack alongside unclear speculation about who was ultimately behind it. During the early stage of my Olympic Destroyer research, I strongly believed a North Korea-linked threat actor was behind the attack. Looking back, I’m overwhelmed by my confirmation bias at that time. The relationship between North Korea and South Korea was relatively stable during the Olympics, but North Korea sometimes attacked South Korea regardless. Therefore, I assumed the attack was associated with a North Korean threat actor that wanted to sow chaos during the Olympic season. However, my colleague discovered a fascinating rich header false flag designed to disguise the fact that this attack was carried out by an unrelated threat actor. Also, I confirmed that the threat actor behind this attack utilized a totally different modus operandi than the presumed North Korean threat actor after an in-depth, onsite investigation. I had allowed my perception bias to hinder my attribution efforts.\r\n\r\nThe second mistake occurred as a result of an over-reliance on third-party functions.\r\nResearchers are often inclined to rely on too many third-party tools, and occasionally this blind faith causes mistakes. One day, I discovered that one Korean-speaking threat actor utilized a 0-day exploit embedded in a Word document. Based on the metadata of the malicious document, I used Virustotal to find additional documents with similar metadata. All of them had the same language code page, which made me even more biased. From then, I started going in the wrong direction. I totally believed that those documents were created by the same threat actor. However, I later discovered that the documents were created by two different actors with very similar characteristics. Both of them are Korean-speaking actors, who, historically, attack the same target. Eventually, I uncovered the difference between the two and was able to reach the right conclusion—but this required going beyond what my tools told me was the correct answer.\r\n\r\nThe last mistake occurred as a result of impatience. When I investigated one cryptocurrency exchange incident, I noticed that the cryptocurrency trading application was compromised and had been delivered with a malicious file. Without any doubt, I concluded that the supply chain of this company was compromised, and contacted them via email to notify them of this incident. But, as soon as I contacted them, their websites went offline and the application disappeared from the website. After a closer examination of their infrastructure, I recognized that everything was fake, including the company website, application, and 24/7 support team. Later, we named this attack Operation AppleJeus, which a US-CERT also mentioned when they indicted three North Korean hackers. In my haste to conclude my research, I failed to notice an operation aspect of the operation.\r\n\r\nThreat Intelligence is a high-profile industry with numerous stories that have major geopolitical ramifications. Not only is attribution one of the hardest aspects of this field—it’s the one that carries the most significant consequences if not done correctly. Unfortunately, human intuition and bias interfere with proper attribution, leading to mistakes. By sharing my own struggles with attribution, it is my hope other researchers in the security community can carry out their own investigations with greater accuracy.\n\n\nThe threat intelligence industry suffers from the flow of inaccurate information. This symptom is because of irresponsible announcements and different perceptions of each vendor. In this presentation, I would like to share how we can quickly go to the wrong decisions and what attitude we need to prevent these failures.","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#97ab92","name":"Blue Team Village","id":45376},"title":"Attribution and Bias: My terrible mistakes in threat intelligence attribution","end_timestamp":{"seconds":1660329000,"nanoseconds":0},"android_description":"One of the most important aspects of threat intelligence is the attribution of threat actors—identifying the entity behind an attack, their motivations, or the ultimate sponsor of the attack. Attribution is one of the most complicated aspects of cybersecurity, and it is easy to make mistakes because the underlying architecture of the internet offers numerous ways for attackers to hide their tracks. Threat actors can use false flags to deceive the security community about their identity, and natural human bias can lead researchers in the wrong direction. In this presentation, I will discuss three of the biggest lessons I’ve learned with regards to attribution—and how researchers can avoid making the same errors.\r\n \r\nThe first mistake is related to perception bias. The Olympic Destroyer was a cyber-sabotage attack that happened during the PyeongChang Winter Olympic in 2018. Many security vendors published information about the substance of the attack alongside unclear speculation about who was ultimately behind it. During the early stage of my Olympic Destroyer research, I strongly believed a North Korea-linked threat actor was behind the attack. Looking back, I’m overwhelmed by my confirmation bias at that time. The relationship between North Korea and South Korea was relatively stable during the Olympics, but North Korea sometimes attacked South Korea regardless. Therefore, I assumed the attack was associated with a North Korean threat actor that wanted to sow chaos during the Olympic season. However, my colleague discovered a fascinating rich header false flag designed to disguise the fact that this attack was carried out by an unrelated threat actor. Also, I confirmed that the threat actor behind this attack utilized a totally different modus operandi than the presumed North Korean threat actor after an in-depth, onsite investigation. I had allowed my perception bias to hinder my attribution efforts.\r\n\r\nThe second mistake occurred as a result of an over-reliance on third-party functions.\r\nResearchers are often inclined to rely on too many third-party tools, and occasionally this blind faith causes mistakes. One day, I discovered that one Korean-speaking threat actor utilized a 0-day exploit embedded in a Word document. Based on the metadata of the malicious document, I used Virustotal to find additional documents with similar metadata. All of them had the same language code page, which made me even more biased. From then, I started going in the wrong direction. I totally believed that those documents were created by the same threat actor. However, I later discovered that the documents were created by two different actors with very similar characteristics. Both of them are Korean-speaking actors, who, historically, attack the same target. Eventually, I uncovered the difference between the two and was able to reach the right conclusion—but this required going beyond what my tools told me was the correct answer.\r\n\r\nThe last mistake occurred as a result of impatience. When I investigated one cryptocurrency exchange incident, I noticed that the cryptocurrency trading application was compromised and had been delivered with a malicious file. Without any doubt, I concluded that the supply chain of this company was compromised, and contacted them via email to notify them of this incident. But, as soon as I contacted them, their websites went offline and the application disappeared from the website. After a closer examination of their infrastructure, I recognized that everything was fake, including the company website, application, and 24/7 support team. Later, we named this attack Operation AppleJeus, which a US-CERT also mentioned when they indicted three North Korean hackers. In my haste to conclude my research, I failed to notice an operation aspect of the operation.\r\n\r\nThreat Intelligence is a high-profile industry with numerous stories that have major geopolitical ramifications. Not only is attribution one of the hardest aspects of this field—it’s the one that carries the most significant consequences if not done correctly. Unfortunately, human intuition and bias interfere with proper attribution, leading to mistakes. By sharing my own struggles with attribution, it is my hope other researchers in the security community can carry out their own investigations with greater accuracy.\n\n\nThe threat intelligence industry suffers from the flow of inaccurate information. This symptom is because of irresponsible announcements and different perceptions of each vendor. In this presentation, I would like to share how we can quickly go to the wrong decisions and what attitude we need to prevent these failures.","updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48933],"conference_id":65,"event_ids":[48901],"name":"Seongsu Park","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48376}],"timeband_id":891,"links":[],"end":"2022-08-12T18:30:00.000-0000","id":48901,"begin_timestamp":{"seconds":1660327200,"nanoseconds":0},"village_id":7,"tag_ids":[40250,45332,45373,45376,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48376}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45475,"name":"Virtual - BlueTeam Village - Talks","hotel":"","short_name":"Talks","id":45473},"updated":"2022-07-28T21:38:00.000-0000","begin":"2022-08-12T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"What do you get when you cross pointer authentication with microarchitectural side channels?\n\nThe PACMAN attack is a new attack technique that can bruteforce the pointer authentication code (PAC) for an arbitrary kernel pointer without causing any crashes using microarchitectural side channels. We demonstrate the PACMAN attack against the Apple M1 CPU.\n\n\n","title":"The PACMAN Attack: Breaking PAC on the Apple M1 with Hardware Attacks","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"android_description":"What do you get when you cross pointer authentication with microarchitectural side channels?\n\nThe PACMAN attack is a new attack technique that can bruteforce the pointer authentication code (PAC) for an arbitrary kernel pointer without causing any crashes using microarchitectural side channels. We demonstrate the PACMAN attack against the Apple M1 CPU.","end_timestamp":{"seconds":1660329900,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48505],"conference_id":65,"event_ids":[48550],"name":"Joseph Ravichandran","affiliations":[{"organization":"","title":"First year PhD Student working with Dr. Mengjia Yan at MIT"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/0xjprx"}],"media":[],"id":47928,"title":"First year PhD Student working with Dr. Mengjia Yan at MIT"}],"timeband_id":891,"end":"2022-08-12T18:45:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241938"}],"id":48550,"tag_ids":[45241,45279,45280,45281,45375,45450],"village_id":null,"begin_timestamp":{"seconds":1660327200,"nanoseconds":0},"includes":"Tool, Demo, Exploit","people":[{"tag_id":565,"sort_order":1,"person_id":47928}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 401-410, 421 (Track 3)","hotel":"","short_name":"401-410, 421 (Track 3)","id":45374},"spans_timebands":"N","updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-12T18:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Dark Tangent welcomes you to DEF CON and introduces the DEF CON 30 badge makers Mkfactor, they discuss the labor of love that went into producing the DEF CON 30 Badge.\n\n\n","title":"The Dark Tangent & Mkfactor - Welcome to DEF CON & The Making of the DEF CON Badge","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"end_timestamp":{"seconds":1660329900,"nanoseconds":0},"android_description":"The Dark Tangent welcomes you to DEF CON and introduces the DEF CON 30 badge makers Mkfactor, they discuss the labor of love that went into producing the DEF CON 30 Badge.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48506],"conference_id":65,"event_ids":[48504],"name":"Michael Whiteley (Mkfactor)","affiliations":[{"organization":"Mkfactor","title":""}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/compukidmike"},{"description":"","title":"Website","sort_order":0,"url":"https://mkfactor.com/"}],"media":[],"id":47853,"title":"Mkfactor"},{"content_ids":[48506,48593,48501,48534],"conference_id":65,"event_ids":[48594,48504,48523,48540],"name":"The Dark Tangent","affiliations":[{"organization":"","title":"DEF CON "}],"links":[],"pronouns":null,"media":[],"id":47869,"title":"DEF CON"},{"content_ids":[48506],"conference_id":65,"event_ids":[48504],"name":"Katie Whiteley (Mkfactor)","affiliations":[{"organization":"Mkfactor","title":""}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ktjgeekmom"},{"description":"","title":"Website","sort_order":0,"url":"https://mkfactor.com/"}],"pronouns":null,"media":[],"id":48670,"title":"Mkfactor"}],"timeband_id":891,"links":[],"end":"2022-08-12T18:45:00.000-0000","id":48504,"begin_timestamp":{"seconds":1660327200,"nanoseconds":0},"tag_ids":[45241,45375,45450],"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48670},{"tag_id":565,"sort_order":1,"person_id":47853},{"tag_id":565,"sort_order":1,"person_id":47869}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 104-105, 135-136 (Track 1)","hotel":"","short_name":"104-105, 135-136 (Track 1)","id":45372},"begin":"2022-08-12T18:00:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In 2022 Russia invaded Ukraine. The manner in which this happened and the tactics used on all sides to frame this invasion cut deep to how we perceive media and information across the worldwide. This information confrontation is something the west is ill prepared to combat whereas this has been the operation for Russia for a long time. This however is also a background for the confrontation taking place in the networks across Europe and likely the East of the world. We are seeing joined up operations of Kinetic, Information, and Cyber warfare being conducted from all levels of the military. No longer can we ignore the power of joint operations and multi domain warfare. The focus of this talk will be information gathering and extrapolation\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#bab7d9","updated_at":"2024-06-07T03:39+0000","name":"Recon Village","id":45384},"title":"Information Confrontation 2022 – A loud war and a quiet enemy","end_timestamp":{"seconds":1660329300,"nanoseconds":0},"android_description":"In 2022 Russia invaded Ukraine. The manner in which this happened and the tactics used on all sides to frame this invasion cut deep to how we perceive media and information across the worldwide. This information confrontation is something the west is ill prepared to combat whereas this has been the operation for Russia for a long time. This however is also a background for the confrontation taking place in the networks across Europe and likely the East of the world. We are seeing joined up operations of Kinetic, Information, and Cyber warfare being conducted from all levels of the military. No longer can we ignore the power of joint operations and multi domain warfare. The focus of this talk will be information gathering and extrapolation","updated_timestamp":{"seconds":1659974940,"nanoseconds":0},"speakers":[{"content_ids":[49064,49717],"conference_id":65,"event_ids":[49067,49907],"name":"Luke Richards (Wbbigdave)","affiliations":[{"organization":"Independent ","title":""}],"links":[],"pronouns":null,"media":[],"id":48486,"title":"Independent"}],"timeband_id":891,"links":[],"end":"2022-08-12T18:35:00.000-0000","id":49907,"tag_ids":[40268,45340,45373,45384,45453],"begin_timestamp":{"seconds":1660326600,"nanoseconds":0},"village_id":26,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48486}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social B and C (Recon Village)","hotel":"","short_name":"Social B and C (Recon Village)","id":45415},"spans_timebands":"N","updated":"2022-08-08T16:09:00.000-0000","begin":"2022-08-12T17:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Microsoft Cloud bug bounty programs are one of the most well-paid programs, including Microsoft Identity program. This program covers cloud-related Elevation of Privilege vulnerabilities, having bounties up to $100,000! But as all vulnerabilities are not worth 100k, it's good to know how to make most of the low-bounty vulnerabilities.\r\n\r\nIn this talk, I'll share my experiences on the Microsoft bounty programs from 2021, when I made $65k in bounties with six vulnerabilities. I'll show how I turned a vulnerability initially categorized as 'by-design' to $40k in bounties and how I tripled the initial $5k bounty by reporting similar findings smartly.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#7caa57","name":"Cloud Village","id":45350},"title":"Making the most of Microsoft cloud bug bounty programs: How I made in $65,000 USD in bounties in 2021","end_timestamp":{"seconds":1660329000,"nanoseconds":0},"android_description":"Microsoft Cloud bug bounty programs are one of the most well-paid programs, including Microsoft Identity program. This program covers cloud-related Elevation of Privilege vulnerabilities, having bounties up to $100,000! But as all vulnerabilities are not worth 100k, it's good to know how to make most of the low-bounty vulnerabilities.\r\n\r\nIn this talk, I'll share my experiences on the Microsoft bounty programs from 2021, when I made $65k in bounties with six vulnerabilities. I'll show how I turned a vulnerability initially categorized as 'by-design' to $40k in bounties and how I tripled the initial $5k bounty by reporting similar findings smartly.","updated_timestamp":{"seconds":1659282900,"nanoseconds":0},"speakers":[{"content_ids":[48726,49169],"conference_id":65,"event_ids":[48758,49205],"name":"Nestori Syynimaa","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/DrAzureAD"}],"media":[],"id":48055}],"timeband_id":891,"links":[],"end":"2022-08-12T18:30:00.000-0000","id":49205,"tag_ids":[40252,45340,45350,45451],"village_id":9,"begin_timestamp":{"seconds":1660326600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48055}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Cloud Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Cloud Village)","id":45431},"spans_timebands":"N","begin":"2022-08-12T17:50:00.000-0000","updated":"2022-07-31T15:55:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"There are two types of organizations, those that were breached and those that are not ware yet...\r\n\r\nFor most organizations, it is easier to buy blinky lightboxes and tick various compliance boxes (ISO27001 looking at you!) than improve their security posture.\r\n\r\nWe repeatedly see in the field that the vast majority of incidents could have been contained or even prevented if the effort had been spent in the right place.\r\n\r\nWe have some good statistics on what works, what can help, and what is generally a waste of effort with hundreds of incidents handled.\r\n\r\nMost of the organizations that we see get breached are not Fortune 500 companies; they don't have colossal security budgets - but they do have a dedicated team that is doing their best to make a difference.\r\n\r\nIn this talk, we will cover some of our experience in what works in the real world and how you can focus your efforts on getting the correct data to respond and close incidents fast.\r\n\r\nInvariably, the goal is not to have 100% security (no one will fund that!) but to get the business back on its feet ASAP and resume business operations. Planning for that takes dedication and focus - but it can be done! \r\n\r\nwe will focus in our talk on the pillars that would make your incident response plan work:\r\nGetting the right team in place\r\nCommunication!\r\nData collection, access to systems\r\nAccess to forensics and response tools when you need them\r\n\r\nThis talk will outline common gaps and compare examples of these two types of organizations from actual incidents to highlight the real-life implications of lack of preparation, which affects the outcome of an incident.\n\n\n","title":"Hundreds of incidents, what can we share?","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#a8c24b","name":"Skytalk","id":45291},"end_timestamp":{"seconds":1660328700,"nanoseconds":0},"android_description":"There are two types of organizations, those that were breached and those that are not ware yet...\r\n\r\nFor most organizations, it is easier to buy blinky lightboxes and tick various compliance boxes (ISO27001 looking at you!) than improve their security posture.\r\n\r\nWe repeatedly see in the field that the vast majority of incidents could have been contained or even prevented if the effort had been spent in the right place.\r\n\r\nWe have some good statistics on what works, what can help, and what is generally a waste of effort with hundreds of incidents handled.\r\n\r\nMost of the organizations that we see get breached are not Fortune 500 companies; they don't have colossal security budgets - but they do have a dedicated team that is doing their best to make a difference.\r\n\r\nIn this talk, we will cover some of our experience in what works in the real world and how you can focus your efforts on getting the correct data to respond and close incidents fast.\r\n\r\nInvariably, the goal is not to have 100% security (no one will fund that!) but to get the business back on its feet ASAP and resume business operations. Planning for that takes dedication and focus - but it can be done! \r\n\r\nwe will focus in our talk on the pillars that would make your incident response plan work:\r\nGetting the right team in place\r\nCommunication!\r\nData collection, access to systems\r\nAccess to forensics and response tools when you need them\r\n\r\nThis talk will outline common gaps and compare examples of these two types of organizations from actual incidents to highlight the real-life implications of lack of preparation, which affects the outcome of an incident.","updated_timestamp":{"seconds":1658865360,"nanoseconds":0},"speakers":[{"content_ids":[48710],"conference_id":65,"event_ids":[48717],"name":"Guy Barnhart-Magen","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/barnhartguy"}],"pronouns":null,"media":[],"id":47997},{"content_ids":[48710],"conference_id":65,"event_ids":[48717],"name":"Brenton Morris","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/_scrapbird"}],"media":[],"id":48007}],"timeband_id":891,"links":[],"end":"2022-08-12T18:25:00.000-0000","id":48717,"begin_timestamp":{"seconds":1660325700,"nanoseconds":0},"tag_ids":[40272,45291,45340,45373,45453],"village_id":30,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48007},{"tag_id":565,"sort_order":1,"person_id":47997}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45438,"name":"LINQ - BLOQ (SkyTalks 303)","hotel":"","short_name":"BLOQ (SkyTalks 303)","id":45413},"begin":"2022-08-12T17:35:00.000-0000","updated":"2022-07-26T19:56:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Join the RF Hackers for a presentation on how to RF CTF. All are welcome for this free to play game, documentation online for virtual players. https://github.com/rfhs/rfhs-wiki/wiki/RF-CTF-Virtual-HowToGetStarted\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8826b","name":"Radio Frequency Village","id":45383},"title":"RF CTF Kick Off Day 1","android_description":"Join the RF Hackers for a presentation on how to RF CTF. All are welcome for this free to play game, documentation online for virtual players. https://github.com/rfhs/rfhs-wiki/wiki/RF-CTF-Virtual-HowToGetStarted","end_timestamp":{"seconds":1660329000,"nanoseconds":0},"updated_timestamp":{"seconds":1659928380,"nanoseconds":0},"speakers":[{"content_ids":[49654,49655,49656],"conference_id":65,"event_ids":[49842,49843,49844],"name":"RF Hackers Village Staff","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/rfhackers"},{"description":"","title":"Website","sort_order":0,"url":"https://rfhackers.com"}],"media":[],"id":49024}],"timeband_id":891,"links":[],"end":"2022-08-12T18:30:00.000-0000","id":49842,"tag_ids":[40267,45340,45373,45383,45451],"village_id":25,"begin_timestamp":{"seconds":1660325400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49024}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Eldorado Ballroom (Radio Frequency Village)","hotel":"","short_name":"Eldorado Ballroom (Radio Frequency Village)","id":45427},"spans_timebands":"N","updated":"2022-08-08T03:13:00.000-0000","begin":"2022-08-12T17:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Tim MalcomVetter will be doing the keynote talk at Adversary Village this year!\n\n\n","title":"How to be the Best Adversary Simulator","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#54ab76","name":"Adversary Village","id":45377},"end_timestamp":{"seconds":1660328100,"nanoseconds":0},"android_description":"Tim MalcomVetter will be doing the keynote talk at Adversary Village this year!","updated_timestamp":{"seconds":1659888180,"nanoseconds":0},"speakers":[{"content_ids":[49573],"conference_id":65,"event_ids":[49785],"name":"Tim MalcomVetter","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/malcomvetter/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/malcomvetter"}],"pronouns":null,"media":[],"id":48910}],"timeband_id":891,"links":[],"end":"2022-08-12T18:15:00.000-0000","id":49785,"tag_ids":[40246,45340,45377,45451],"begin_timestamp":{"seconds":1660325400,"nanoseconds":0},"village_id":1,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48910}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"spans_timebands":"N","updated":"2022-08-07T16:03:00.000-0000","begin":"2022-08-12T17:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#c497fa","name":"Girls Hack Village","id":45361},"title":"Pause…Push,Pass, Pivot","end_timestamp":{"seconds":1660327200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659465120,"nanoseconds":0},"speakers":[{"content_ids":[49295],"conference_id":65,"event_ids":[49394],"name":"Mary Chaney","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/marynchaney/"}],"media":[],"id":48729}],"timeband_id":891,"links":[],"end":"2022-08-12T18:00:00.000-0000","id":49394,"tag_ids":[40255,45340,45361,45451],"begin_timestamp":{"seconds":1660325400,"nanoseconds":0},"village_id":12,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48729}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City III (Girls Hack Village)","hotel":"","short_name":"Virginia City III (Girls Hack Village)","id":45400},"spans_timebands":"N","begin":"2022-08-12T17:30:00.000-0000","updated":"2022-08-02T18:32:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Capture The Packet is returning to DEF CON! Our legendary cyber defense competition has been a Black Badge contest for over 10 years! Glory and prizes await. Follow this event on Twitter at @Capturetp for the latest information on competition dates and times, as well as prizes. \r\n\r\nLast round for Friday kicks off at 16:00.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"title":"Capture The Packet Preliminaries","android_description":"Capture The Packet is returning to DEF CON! Our legendary cyber defense competition has been a Black Badge contest for over 10 years! Glory and prizes await. Follow this event on Twitter at @Capturetp for the latest information on competition dates and times, as well as prizes. \r\n\r\nLast round for Friday kicks off at 16:00.","end_timestamp":{"seconds":1660354200,"nanoseconds":0},"updated_timestamp":{"seconds":1659455520,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[{"label":"Website","type":"link","url":"https://capturethepacket.com"},{"label":"Twitter","type":"link","url":"https://twitter.com/Capturetp"}],"end":"2022-08-13T01:30:00.000-0000","id":49371,"village_id":19,"tag_ids":[40261,45359,45360,45373,45450],"begin_timestamp":{"seconds":1660325400,"nanoseconds":0},"includes":"","people":[],"tags":"Competition","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"spans_timebands":"N","updated":"2022-08-02T15:52:00.000-0000","begin":"2022-08-12T17:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"\r\nRSA is the Gold Standard for public key crypto, there is still no other algorithm known as broadly as RSA, so in this talk I will provide a deep review of RSA with even some fun math so we can grasp the fundamentals of RSA and understand its beauty. Along the way I will provide some examples with Python and command line tools in Linux! The goal of this talk is for you to fully understand how RSA works once this talk is over!\n\n\n","title":"Back to School! Hello RSA... and beyond!","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#ff88ea","name":"Crypto & Privacy Village","id":45347},"android_description":"RSA is the Gold Standard for public key crypto, there is still no other algorithm known as broadly as RSA, so in this talk I will provide a deep review of RSA with even some fun math so we can grasp the fundamentals of RSA and understand its beauty. Along the way I will provide some examples with Python and command line tools in Linux! The goal of this talk is for you to fully understand how RSA works once this talk is over!","end_timestamp":{"seconds":1660327200,"nanoseconds":0},"updated_timestamp":{"seconds":1659213420,"nanoseconds":0},"speakers":[{"content_ids":[49138],"conference_id":65,"event_ids":[49174],"name":"Mike Guirao","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48604}],"timeband_id":891,"links":[],"end":"2022-08-12T18:00:00.000-0000","id":49174,"tag_ids":[40253,45347,45451],"village_id":10,"begin_timestamp":{"seconds":1660325400,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48604}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"spans_timebands":"N","begin":"2022-08-12T17:30:00.000-0000","updated":"2022-07-30T20:37:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"A Capitalist approach to hospital security","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#a67a60","name":"Biohacking Village","id":45329},"end_timestamp":{"seconds":1660327200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659107820,"nanoseconds":0},"speakers":[{"content_ids":[48716,49009],"conference_id":65,"event_ids":[48723,49012],"name":"Eirick Luraas","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/tyercel"}],"pronouns":null,"media":[],"id":48001}],"timeband_id":891,"links":[],"end":"2022-08-12T18:00:00.000-0000","id":49012,"begin_timestamp":{"seconds":1660325400,"nanoseconds":0},"tag_ids":[40277,45329,45373,45451],"village_id":5,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48001}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Laughlin I,II,III (Biohacking Village)","hotel":"","short_name":"Laughlin I,II,III (Biohacking Village)","id":45405},"begin":"2022-08-12T17:30:00.000-0000","updated":"2022-07-29T15:17:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Incident Response: This is a live walkthrough of a real world incident focused on the first half of incident response. We will be breaking down scoping, triage, and communication aspects of incident handling into digestible and actionable recommendations.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nIncident Response: This is a live walkthrough of a real world incident focused on the first half of incident response. We will be breaking down scoping, triage, and communication aspects of incident handling into digestible and actionable recommendations.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","type":{"conference_id":65,"conference":"DEFCON30","color":"#97ab92","updated_at":"2024-06-07T03:39+0000","name":"Blue Team Village","id":45376},"title":"Obsidian Live: Eating the Elephant 1 byte at a Time","end_timestamp":{"seconds":1660329000,"nanoseconds":0},"android_description":"Incident Response: This is a live walkthrough of a real world incident focused on the first half of incident response. We will be breaking down scoping, triage, and communication aspects of incident handling into digestible and actionable recommendations.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nIncident Response: This is a live walkthrough of a real world incident focused on the first half of incident response. We will be breaking down scoping, triage, and communication aspects of incident handling into digestible and actionable recommendations.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48918,48928,48915],"conference_id":65,"event_ids":[48917,48919,48929],"name":"aviditas","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48370},{"content_ids":[48918,48935,48928],"conference_id":65,"event_ids":[48919,48929,48935],"name":"ChocolateCoat","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48375}],"timeband_id":891,"links":[],"end":"2022-08-12T18:30:00.000-0000","id":48919,"begin_timestamp":{"seconds":1660325400,"nanoseconds":0},"tag_ids":[40250,45340,45348,45374,45376],"village_id":7,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48375},{"tag_id":565,"sort_order":1,"person_id":48370}],"tags":"Talk, Pre-Recorded Content","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Main Stage (In-person)","hotel":"","short_name":"BTV Main Stage (In-person)","id":45470},"updated":"2022-07-28T21:38:00.000-0000","begin":"2022-08-12T17:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Come take a dive into the data lake and cast some queries to find proof that users have run files from malicious actors. How can we prove the existence of troublesome activity in the environment? We will take a journey as if we are a new member of the Magnum Tempus Financial Security Team and proceed through a Threat Hunt through the eyes of a newbie in the field of Threat Hunting.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nCome take a dive into the data lake and cast some queries to find proof that users have run files from malicious actors. How can we prove the existence of troublesome activity in the environment? We will take a journey as if we are a new member of the Magnum Tempus Financial Security Team and proceed through a Threat Hunt through the eyes of a newbie in the field of Threat Hunting.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience.","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#97ab92","name":"Blue Team Village","id":45376},"title":"Obsidian CTH: Go Phish: Visualizing Basic Malice","android_description":"Come take a dive into the data lake and cast some queries to find proof that users have run files from malicious actors. How can we prove the existence of troublesome activity in the environment? We will take a journey as if we are a new member of the Magnum Tempus Financial Security Team and proceed through a Threat Hunt through the eyes of a newbie in the field of Threat Hunting.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nCome take a dive into the data lake and cast some queries to find proof that users have run files from malicious actors. How can we prove the existence of troublesome activity in the environment? We will take a journey as if we are a new member of the Magnum Tempus Financial Security Team and proceed through a Threat Hunt through the eyes of a newbie in the field of Threat Hunting.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience.","end_timestamp":{"seconds":1660329000,"nanoseconds":0},"updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48913],"conference_id":65,"event_ids":[48915],"name":"SamunoskeX","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48344}],"timeband_id":891,"links":[],"end":"2022-08-12T18:30:00.000-0000","id":48915,"village_id":7,"begin_timestamp":{"seconds":1660325400,"nanoseconds":0},"tag_ids":[40250,45332,45374,45376],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48344}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x42 (In-person)","hotel":"","short_name":"BTV Project Obsidian: Track 0x42 (In-person)","id":45472},"updated":"2022-07-28T21:38:00.000-0000","begin":"2022-08-12T17:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Obsidian Forensics Station: In this pre-recorded presentation we will walk through the artifacts and analysis of the Obsidian Kill Chain 1 using forensics artifacts found on the affected Endpoints.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nObsidian Forensics Station: Kill Chain 1 Endpoint Forensics Walkthrough\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","type":{"conference_id":65,"conference":"DEFCON30","color":"#97ab92","updated_at":"2024-06-07T03:39+0000","name":"Blue Team Village","id":45376},"title":"Obsidian Forensics: Kill Chain 1 Endpoint Forensics Walkthrough","end_timestamp":{"seconds":1660329000,"nanoseconds":0},"android_description":"Obsidian Forensics Station: In this pre-recorded presentation we will walk through the artifacts and analysis of the Obsidian Kill Chain 1 using forensics artifacts found on the affected Endpoints.\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).\n\n\nObsidian Forensics Station: Kill Chain 1 Endpoint Forensics Walkthrough\r\n\r\nBlue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Reverse Engineering Malware (REM), Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH).","updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[{"content_ids":[48909,48906,48924,48932,48910],"conference_id":65,"event_ids":[48908,48911,48912,48925,48933],"name":"Omenscan","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48341}],"timeband_id":891,"links":[],"end":"2022-08-12T18:30:00.000-0000","id":48908,"village_id":7,"begin_timestamp":{"seconds":1660325400,"nanoseconds":0},"tag_ids":[40250,45340,45348,45374,45376],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48341}],"tags":"Talk, Pre-Recorded Content","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Project Obsidian: Track 0x41 (In-person)","hotel":"","short_name":"BTV Project Obsidian: Track 0x41 (In-person)","id":45471},"begin":"2022-08-12T17:30:00.000-0000","updated":"2022-07-28T21:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Advanced Persistent Threat groups invest in developing their arsenal of exploits and malware to stay below the radar and persist on the target machines for as long as possible. We were curious if the same efforts are invested in the operation security of these campaigns.\nWe started a journey researching active campaigns from the Middle East to the Far East including the Palestinian Authority, Turkey, and Iran, Russia, China, and North Korea. These campaigns were both state-sponsored, surveillance-targeted attacks and large-scale financially-motivated attacks.\nWe analyzed every technology used throughout the attack chain: Windows (Go-lang/.Net/Delphi) and Android malware; both on Windows and Linux-based C2 servers. \nWe found unbelievable mistakes which allow us to discover new advanced TTPs used by attackers, for example: bypassing iCloud two-factor authentication' and crypto wallet and NFT stealing methods. We were able to join the attackers' internal groups, view their chats, bank accounts and crypto wallets. In some cases, we were able to take down the entire campaign.\nWe will present our latest breakthroughs from our seven-year mind-game against the sophisticated Infy threat actor who successfully ran a 15-year active campaign using the most secured opSec attack chain we've encountered. We will explain how they improved their opSec over the years and how we recently managed to monitor their activity and could even cause a large-scale misinformation counterattack.\nWe will conclude by explaining how organizations can better defend themselves.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"title":"OopsSec -The bad, the worst and the ugly of APT’s operations security","android_description":"Advanced Persistent Threat groups invest in developing their arsenal of exploits and malware to stay below the radar and persist on the target machines for as long as possible. We were curious if the same efforts are invested in the operation security of these campaigns.\nWe started a journey researching active campaigns from the Middle East to the Far East including the Palestinian Authority, Turkey, and Iran, Russia, China, and North Korea. These campaigns were both state-sponsored, surveillance-targeted attacks and large-scale financially-motivated attacks.\nWe analyzed every technology used throughout the attack chain: Windows (Go-lang/.Net/Delphi) and Android malware; both on Windows and Linux-based C2 servers. \nWe found unbelievable mistakes which allow us to discover new advanced TTPs used by attackers, for example: bypassing iCloud two-factor authentication' and crypto wallet and NFT stealing methods. We were able to join the attackers' internal groups, view their chats, bank accounts and crypto wallets. In some cases, we were able to take down the entire campaign.\nWe will present our latest breakthroughs from our seven-year mind-game against the sophisticated Infy threat actor who successfully ran a 15-year active campaign using the most secured opSec attack chain we've encountered. We will explain how they improved their opSec over the years and how we recently managed to monitor their activity and could even cause a large-scale misinformation counterattack.\nWe will conclude by explaining how organizations can better defend themselves.","end_timestamp":{"seconds":1660328100,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48504],"conference_id":65,"event_ids":[48576],"name":"Tomer Bar","affiliations":[{"organization":"","title":"Director of Security Research at SafeBreach"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/tomer-bar-878a348b"},{"description":"","title":"http://safebreach.com/","sort_order":0,"url":"http://safebreach.com/"}],"pronouns":null,"media":[],"id":47923,"title":"Director of Security Research at SafeBreach"}],"timeband_id":891,"end":"2022-08-12T18:15:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241836"}],"id":48576,"tag_ids":[45241,45279,45281,45375,45450],"begin_timestamp":{"seconds":1660325400,"nanoseconds":0},"village_id":null,"includes":"Demo, Tool","people":[{"tag_id":565,"sort_order":1,"person_id":47923}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"spans_timebands":"N","begin":"2022-08-12T17:30:00.000-0000","updated":"2022-07-21T03:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#54ab76","name":"Adversary Village","id":45377},"title":"Welcome and Introduction ","android_description":"","end_timestamp":{"seconds":1660325400,"nanoseconds":0},"updated_timestamp":{"seconds":1659888480,"nanoseconds":0},"speakers":[{"content_ids":[49579],"conference_id":65,"event_ids":[49791],"name":"Abhijith B R","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://in.linkedin.com/in/abhijith-b-r"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/abhijithbr"}],"media":[],"id":48945}],"timeband_id":891,"links":[],"end":"2022-08-12T17:30:00.000-0000","id":49791,"village_id":1,"begin_timestamp":{"seconds":1660324500,"nanoseconds":0},"tag_ids":[40246,45341,45373,45377,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48945}],"tags":"Village Event","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Adversary Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Adversary Village)","id":45411},"begin":"2022-08-12T17:15:00.000-0000","updated":"2022-08-07T16:08:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#856899","updated_at":"2024-06-07T03:39+0000","name":"Lock Pick Village","id":45362},"title":"Intro to Lockpicking","android_description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.","end_timestamp":{"seconds":1660326300,"nanoseconds":0},"updated_timestamp":{"seconds":1659419820,"nanoseconds":0},"speakers":[{"content_ids":[49271],"conference_id":65,"event_ids":[49344,49345,49346,49347,49348,49349,49350,49351],"name":"TOOOL","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48697}],"timeband_id":891,"links":[],"end":"2022-08-12T17:45:00.000-0000","id":49344,"village_id":17,"begin_timestamp":{"seconds":1660324500,"nanoseconds":0},"tag_ids":[40259,45340,45362,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48697}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 203-204, 235 (Lock Pick Village)","hotel":"","short_name":"203-204, 235 (Lock Pick Village)","id":45399},"updated":"2022-08-02T05:57:00.000-0000","begin":"2022-08-12T17:15:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Microsoft's Azure cloud platform has over 200 services available to use, so why are we picking on just one? Automation Accounts are used in almost every Azure subscription and have been the source of two different CVEs in the last year, including one issue that exposed credentials between tenants. Given the credentials and access that are often associated with Automation Accounts, they're an easy target for attackers in an Azure subscription. In this talk, we will go over how Automation Accounts function within Azure, and how attackers can abuse built-in functionality to gain access to credentials, privileged identities, and sensitive information. Furthermore, we will do a deep dive on four vulnerabilities from the last year that all apply to Azure Automation Accounts.\n\n\n","title":"Automating Insecurity in Azure","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#7caa57","name":"Cloud Village","id":45350},"end_timestamp":{"seconds":1660326600,"nanoseconds":0},"android_description":"Microsoft's Azure cloud platform has over 200 services available to use, so why are we picking on just one? Automation Accounts are used in almost every Azure subscription and have been the source of two different CVEs in the last year, including one issue that exposed credentials between tenants. Given the credentials and access that are often associated with Automation Accounts, they're an easy target for attackers in an Azure subscription. In this talk, we will go over how Automation Accounts function within Azure, and how attackers can abuse built-in functionality to gain access to credentials, privileged identities, and sensitive information. Furthermore, we will do a deep dive on four vulnerabilities from the last year that all apply to Azure Automation Accounts.","updated_timestamp":{"seconds":1659282840,"nanoseconds":0},"speakers":[{"content_ids":[49168],"conference_id":65,"event_ids":[49204],"name":"Karl Fosaaen","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/kfosaaen"}],"pronouns":null,"media":[],"id":48626}],"timeband_id":891,"links":[],"end":"2022-08-12T17:50:00.000-0000","id":49204,"tag_ids":[40252,45340,45350,45451],"begin_timestamp":{"seconds":1660324200,"nanoseconds":0},"village_id":9,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48626}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Cloud Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Cloud Village)","id":45431},"spans_timebands":"N","begin":"2022-08-12T17:10:00.000-0000","updated":"2022-07-31T15:54:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Show up with your dangerous things purchase, and our professional body mod artist will implant them for you.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#c3a2fb","name":"Retail Hacking Village","id":45327},"title":"Human Chip Implants","android_description":"Show up with your dangerous things purchase, and our professional body mod artist will implant them for you.","end_timestamp":{"seconds":1660338000,"nanoseconds":0},"updated_timestamp":{"seconds":1660267740,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-12T21:00:00.000-0000","id":49972,"village_id":28,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"tag_ids":[40270,45327,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 310, 320 (Retail Hacking Village)","hotel":"","short_name":"310, 320 (Retail Hacking Village)","id":45408},"spans_timebands":"N","begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-12T01:29:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"An amazing keynote by Jayson. You'll just have to come and see for yourself.\n\n\n","title":"Keynote","type":{"conference_id":65,"conference":"DEFCON30","color":"#74a6bb","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Groups VR","id":45449},"end_timestamp":{"seconds":1660327200,"nanoseconds":0},"android_description":"An amazing keynote by Jayson. You'll just have to come and see for yourself.","updated_timestamp":{"seconds":1660257000,"nanoseconds":0},"speakers":[{"content_ids":[49746],"conference_id":65,"event_ids":[49944],"name":"Jayson E. Street","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jaysonstreet"}],"media":[],"id":49084}],"timeband_id":891,"links":[{"label":"URL","type":"link","url":"https://account.altvr.com/events/2059997537997160822"}],"end":"2022-08-12T18:00:00.000-0000","id":49944,"village_id":null,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"tag_ids":[45374,45449],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49084}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - DEF CON Groups VR","hotel":"","short_name":"DEF CON Groups VR","id":45523},"begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-11T22:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"SpaceX is developing a low latency broadband internet system known as Starlink, to provide satellite internet access to people around the planet - especially people in rural or remote areas with limited internet infrastructure. Starlink has provided service to individuals and nations in need, including recently for Ukraine. The SpaceX Starlink team will be at the RF Village with Starlink kits (user terminals and routers) as well as PCBA's. Come connect to the Starlink network and check out the service for yourself!\n\n\n","title":"SpaceX & Starlink Satellite Internet","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8826b","name":"Radio Frequency Village","id":45383},"android_description":"SpaceX is developing a low latency broadband internet system known as Starlink, to provide satellite internet access to people around the planet - especially people in rural or remote areas with limited internet infrastructure. Starlink has provided service to individuals and nations in need, including recently for Ukraine. The SpaceX Starlink team will be at the RF Village with Starlink kits (user terminals and routers) as well as PCBA's. Come connect to the Starlink network and check out the service for yourself!","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"updated_timestamp":{"seconds":1660011420,"nanoseconds":0},"speakers":[{"content_ids":[49736],"conference_id":65,"event_ids":[49928,49929],"name":"Starlink","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@SpaceX"},{"description":"","title":"Website","sort_order":0,"url":"https://www.starlink.com/"}],"pronouns":null,"media":[],"id":49071}],"timeband_id":891,"end":"2022-08-13T01:00:00.000-0000","links":[{"label":"Website","type":"link","url":"https://starlink.com"},{"label":"Twitter","type":"link","url":"https://twitter.com/SpaceX"}],"id":49928,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"village_id":25,"tag_ids":[40267,45279,45373,45383,45451],"includes":"Demo","people":[{"tag_id":565,"sort_order":1,"person_id":49071}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Eldorado Ballroom (Radio Frequency Village)","hotel":"","short_name":"Eldorado Ballroom (Radio Frequency Village)","id":45427},"spans_timebands":"N","updated":"2022-08-09T02:17:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The OSINT field is evolving at an incredible rate! Each day investigators and hobbyists access the latest images from military conflicts around the world. OSINT analysts use automated processes to generate false personas and to collect data from an ever-increasing number of social media platforms. Private digital records are released to the public internet and we use this data to help solve the questions posed to us, the OSINT researchers of today.\r\n\r\nThis is now. A time when OSINT communities are connecting and supporting their members. A time when we have thousands and thousands of hours of podcasts and online videos, blog posts and start.me pages that teach us skills and point us to resources.\r\n\r\nSo, what does the future look like for the OSINT field? What are the new areas of \"hotness\"? How do we help to move the field forward? Come join Micah Hoffman as he discusses where the OSINT field is and what the future of OSINT could look like.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#bab7d9","name":"Recon Village","id":45384},"title":"The Future of Collecting Data from the Past: OSINT Now and Beyond","android_description":"The OSINT field is evolving at an incredible rate! Each day investigators and hobbyists access the latest images from military conflicts around the world. OSINT analysts use automated processes to generate false personas and to collect data from an ever-increasing number of social media platforms. Private digital records are released to the public internet and we use this data to help solve the questions posed to us, the OSINT researchers of today.\r\n\r\nThis is now. A time when OSINT communities are connecting and supporting their members. A time when we have thousands and thousands of hours of podcasts and online videos, blog posts and start.me pages that teach us skills and point us to resources.\r\n\r\nSo, what does the future look like for the OSINT field? What are the new areas of \"hotness\"? How do we help to move the field forward? Come join Micah Hoffman as he discusses where the OSINT field is and what the future of OSINT could look like.","end_timestamp":{"seconds":1660326600,"nanoseconds":0},"updated_timestamp":{"seconds":1659975000,"nanoseconds":0},"speakers":[{"content_ids":[49716],"conference_id":65,"event_ids":[49906],"name":"Micah Hoffman","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/webbreacher"}],"pronouns":null,"media":[],"id":49066}],"timeband_id":891,"links":[],"end":"2022-08-12T17:50:00.000-0000","id":49906,"village_id":26,"tag_ids":[40268,45340,45373,45384,45453],"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49066}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social B and C (Recon Village)","hotel":"","short_name":"Social B and C (Recon Village)","id":45415},"begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-08T16:10:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#aae997","updated_at":"2024-06-07T03:39+0000","name":"Quantum Village","id":45382},"title":"Quantum Village Opening Ceremony","end_timestamp":{"seconds":1660327200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659972960,"nanoseconds":0},"speakers":[{"content_ids":[49698,49715],"conference_id":65,"event_ids":[49905,49888],"name":"Quantum Village Team","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49053}],"timeband_id":891,"links":[],"end":"2022-08-12T18:00:00.000-0000","id":49888,"tag_ids":[40266,45340,45373,45382,45450],"village_id":24,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49053}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 217 (Quantum Village)","hotel":"","short_name":"217 (Quantum Village)","id":45403},"begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-08T15:36:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Opulent Voice Opulent Voice is an open source high bitrate digital voice (and data) protocol. It's intended to be useful for both space and terrestrial deployments. We’re getting nice clear 16kbps OPUS audio out of the demodulator. See and hear a demonstration at the ORI exhibit in RF Village. We’ll be using COBS protocol within Opulent Voice. If you’re unfamiliar with COBS, please read about it here: https://en.wikipedia.org/wiki/Consistent_Overhead_Byte_Stuffing Authentication and authorization is built in and optional. There is no separate “packet mode”. Things are designed to “just work” and get out of your way whether or not you’re sending voice or data. Based on Mobilinkd codebase that implemented M17, the Opulent Voice development implementation can be found here: https://github.com/phase4ground/opv-cxx-demod Authentication and Authorization functions will be summarized in a poster presentation. Find out more about this work here: https://github.com/phase4ground/documents/tree/master/Engineering/AAAAA Ribbit Ribbit is an open source SMS data mode that leverages smart phone hardware. The free Android app produces digital audio that you transmit over your HT or any other audio coupled device. There will be poster explaining the architecture and you can pick up a Ribbit sticker with QR code for the free Android app at ORI's exhibit in RF Village. Regulatory Interested in being able to do more with open source satellites? We have some landmark regulatory results that solve a big problem for those of us in the US that have wanted to do open source satellite work without fear. See our poster in RF Village and find out more at the following link: https://github.com/phase4ground/documents/tree/master/Regulatory OpenRTX OpenRTX is a team based in Italy that specializes in open source firmware for a variety of platforms in the VHF/UHF digital voice world. They work on DMR and M17 implementations for the MD-380, and more. Pick up a business card and see a demonstration of OpenRTX's work at ORI's exhibit in RF Village. Tiny CTF We'll have the World's Smallest Wireless CTF! Come and find it and get a mission patch for successful solves of the challenge. More! There's plenty more. If you see a Volcano and friendly people, you've found the right place.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8826b","updated_at":"2024-06-07T03:39+0000","name":"Radio Frequency Village","id":45383},"title":"DEFCON Demonstrations and Presentations by Open Research Institute at RF Village","android_description":"Opulent Voice Opulent Voice is an open source high bitrate digital voice (and data) protocol. It's intended to be useful for both space and terrestrial deployments. We’re getting nice clear 16kbps OPUS audio out of the demodulator. See and hear a demonstration at the ORI exhibit in RF Village. We’ll be using COBS protocol within Opulent Voice. If you’re unfamiliar with COBS, please read about it here: https://en.wikipedia.org/wiki/Consistent_Overhead_Byte_Stuffing Authentication and authorization is built in and optional. There is no separate “packet mode”. Things are designed to “just work” and get out of your way whether or not you’re sending voice or data. Based on Mobilinkd codebase that implemented M17, the Opulent Voice development implementation can be found here: https://github.com/phase4ground/opv-cxx-demod Authentication and Authorization functions will be summarized in a poster presentation. Find out more about this work here: https://github.com/phase4ground/documents/tree/master/Engineering/AAAAA Ribbit Ribbit is an open source SMS data mode that leverages smart phone hardware. The free Android app produces digital audio that you transmit over your HT or any other audio coupled device. There will be poster explaining the architecture and you can pick up a Ribbit sticker with QR code for the free Android app at ORI's exhibit in RF Village. Regulatory Interested in being able to do more with open source satellites? We have some landmark regulatory results that solve a big problem for those of us in the US that have wanted to do open source satellite work without fear. See our poster in RF Village and find out more at the following link: https://github.com/phase4ground/documents/tree/master/Regulatory OpenRTX OpenRTX is a team based in Italy that specializes in open source firmware for a variety of platforms in the VHF/UHF digital voice world. They work on DMR and M17 implementations for the MD-380, and more. Pick up a business card and see a demonstration of OpenRTX's work at ORI's exhibit in RF Village. Tiny CTF We'll have the World's Smallest Wireless CTF! Come and find it and get a mission patch for successful solves of the challenge. More! There's plenty more. If you see a Volcano and friendly people, you've found the right place.","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"updated_timestamp":{"seconds":1659928140,"nanoseconds":0},"speakers":[{"content_ids":[49653],"conference_id":65,"event_ids":[49839,49840,49841],"name":"Open Research Institute","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/company/open-research-institute-inc/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/OpenResearchIns"},{"description":"","title":"Website","sort_order":0,"url":"https://www.openresearch.institute/"}],"pronouns":null,"media":[],"id":49023}],"timeband_id":891,"links":[{"label":"Getting Started","type":"link","url":"https://openresearch.institute/getting-started"}],"end":"2022-08-13T01:00:00.000-0000","id":49839,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"tag_ids":[40267,45349,45373,45383,45451],"village_id":25,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49023}],"tags":"Tool Demo","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Eldorado Ballroom (Radio Frequency Village)","hotel":"","short_name":"Eldorado Ballroom (Radio Frequency Village)","id":45427},"updated":"2022-08-08T03:09:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Stop by anytime we're open for 1:1 or small-group teaching about tamper-evident hardware, such as mechanical seals, adhesive seals, electronic seals, and mail tampering.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#b24887","updated_at":"2024-06-07T03:39+0000","name":"Tamper-Evident Village","id":45386},"title":"Learn at Tamper-Evident Village","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"Stop by anytime we're open for 1:1 or small-group teaching about tamper-evident hardware, such as mechanical seals, adhesive seals, electronic seals, and mail tampering.","updated_timestamp":{"seconds":1659924660,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49836,"tag_ids":[40276,45364,45373,45386,45450],"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"village_id":33,"includes":"","people":[],"tags":"Educational Event","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 203-204, 235 (Tamper Evident Village)","hotel":"","short_name":"203-204, 235 (Tamper Evident Village)","id":45412},"spans_timebands":"N","begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-08T02:11:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In today's high-tech industries, security is struggling to keep up with rapidly changing production systems and the chaos that agile development introduces into workflows. Application security (AppSec) teams are fighting an uphill battle to gain visibility and control over their environments. Rather than invest their time in critical activities, teams are overwhelmed by gaps in visibility and tools to govern the process. As a result, many digital services remain improperly protected. To catch up, AppSec must adopt a model of agility that is compatible with software development.\r\n\r\nThe agile process continuously integrates small changes and collects meaningful feedback along the way, allowing an ever-progressing evolution of software. With small steps, you pay less for mistakes and learn a lot along the way. This approach, powered by continuous integration/continuous deployment (CI/CD), source code management (SCM), and an amazing array of collaboration tools, makes the software industry fast and powerful.\r\n\r\nAppSec teams are charged with making sure software is safe. Yet, as the industry's productivity multiplied, AppSec experienced shortages in resources to cover basics like penetration testing and threat modeling. The AppSec community developed useful methodologies and tools — but outnumbered 100 to 1 by developers, AppSec simply cannot cover it all.\r\n\r\nSoftware security (like all software engineering) is a highly complex process built upon layers of time-consuming, detail-oriented tasks. To move forward, AppSec must develop its own approach to organize, prioritize, measure, and scale its activity.\r\n\r\nIn this talk, we plan to address and discuss the current state of AppSec, and point out a few common failure points. Afterwards we plan to discuss what agile AppSec looks like, and how a reorganization, and a shift in management strategy could greatly transform the field, and allow business to truly address the risk of under-protected software.\r\n\n\n\n","title":"Agility Broke AppSec. Now It's Going to Fix It.","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#5978bc","name":"AppSec Village","id":45378},"end_timestamp":{"seconds":1660328100,"nanoseconds":0},"android_description":"In today's high-tech industries, security is struggling to keep up with rapidly changing production systems and the chaos that agile development introduces into workflows. Application security (AppSec) teams are fighting an uphill battle to gain visibility and control over their environments. Rather than invest their time in critical activities, teams are overwhelmed by gaps in visibility and tools to govern the process. As a result, many digital services remain improperly protected. To catch up, AppSec must adopt a model of agility that is compatible with software development.\r\n\r\nThe agile process continuously integrates small changes and collects meaningful feedback along the way, allowing an ever-progressing evolution of software. With small steps, you pay less for mistakes and learn a lot along the way. This approach, powered by continuous integration/continuous deployment (CI/CD), source code management (SCM), and an amazing array of collaboration tools, makes the software industry fast and powerful.\r\n\r\nAppSec teams are charged with making sure software is safe. Yet, as the industry's productivity multiplied, AppSec experienced shortages in resources to cover basics like penetration testing and threat modeling. The AppSec community developed useful methodologies and tools — but outnumbered 100 to 1 by developers, AppSec simply cannot cover it all.\r\n\r\nSoftware security (like all software engineering) is a highly complex process built upon layers of time-consuming, detail-oriented tasks. To move forward, AppSec must develop its own approach to organize, prioritize, measure, and scale its activity.\r\n\r\nIn this talk, we plan to address and discuss the current state of AppSec, and point out a few common failure points. Afterwards we plan to discuss what agile AppSec looks like, and how a reorganization, and a shift in management strategy could greatly transform the field, and allow business to truly address the risk of under-protected software.","updated_timestamp":{"seconds":1659917160,"nanoseconds":0},"speakers":[{"content_ids":[49639],"conference_id":65,"event_ids":[49823],"name":"Roy Erlich","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48998},{"content_ids":[49639],"conference_id":65,"event_ids":[49823],"name":"Jim Manico","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48999},{"content_ids":[49639],"conference_id":65,"event_ids":[49823],"name":"Emil Vaagland","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/emilvaagland"}],"pronouns":null,"media":[],"id":49015},{"content_ids":[49639],"conference_id":65,"event_ids":[49823],"name":"Seth Kirschner","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://linkedin.com/in/sethkirschner"}],"pronouns":null,"media":[],"id":49016}],"timeband_id":891,"links":[],"end":"2022-08-12T18:15:00.000-0000","id":49823,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"tag_ids":[40278,45345,45367,45378,45451],"village_id":4,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":49015},{"tag_id":565,"sort_order":1,"person_id":48999},{"tag_id":565,"sort_order":1,"person_id":48998},{"tag_id":565,"sort_order":1,"person_id":49016}],"tags":"Panel","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45421,"name":"Flamingo - Twilight Ballroom - AppSec Village - Main Stage","hotel":"","short_name":"Main Stage","id":45517},"begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-08T00:06:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Election Cyber Security in the National Guard","type":{"conference_id":65,"conference":"DEFCON30","color":"#9d9a7e","updated_at":"2024-06-07T03:39+0000","name":"Voting Village","id":45387},"end_timestamp":{"seconds":1660325400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1660150860,"nanoseconds":0},"speakers":[{"content_ids":[49599],"conference_id":65,"event_ids":[49813],"name":"Brigadier General Teri (Terin) D. Williams","affiliations":[{"organization":"National Guard Bureau","title":"Vice Director of Operations (Cyber)"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/terin-williams-b5476075"},{"description":"","title":"Website","sort_order":0,"url":"https://www.nationalguard.mil/Leadership/Joint-Staff/Special-Staff/Senior-Leader-Management-Office/General-Officer-Management/bio-show/4055/"}],"media":[],"id":48948,"title":"Vice Director of Operations (Cyber) at National Guard Bureau"}],"timeband_id":891,"links":[{"label":"YouTube","type":"link","url":"https://m.youtube.com/channel/UCnDevqsxt3sO8chqS5MGvwg"},{"label":"Twitch","type":"link","url":"https://www.twitch.tv/votingvillagedc"}],"end":"2022-08-12T17:30:00.000-0000","id":49813,"village_id":34,"tag_ids":[40279,45340,45348,45374,45387,45450],"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48948}],"tags":"Pre-Recorded Content, Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 313-314, 320 (Voting Village)","hotel":"","short_name":"313-314, 320 (Voting Village)","id":45416},"begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-10T17:01:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Hack the Plan[e]t Capture the Flag (CTF) contest will feature Howdy Neighbor and the Industrial Control System (ICS) Range. This first of its kind CTF will integrate both Internet of Things (IoT) and ICS environments with interactive components for competitors to test their skills and knowledge.\r\n\r\nHowdy Neighbor is an interactive IoT CTF challenge where competitors can test their hacking skills and learn about common oversights made in development, configuration, and setup of IoT devices. Howdy Neighbor is a miniature home - made to be “smart” from basement to garage. It’s a test-bed for reverse engineering and hacking distinct consumerfocused smart devices, and to understand how the (in)security of individual devices can implicate the safety of your home or office, and ultimately your family or business. Within Howdy Neighbor there are over 25 emulated or real devices and over 50 vulnerabilities that have been staged as challenges. Each of the challenges are of varying levels to test a competitors ability to find vulnerabilities in an IoT environment. Howdy Neighbor’s challenges are composed of a real and simulated devices controlled by an App or Network interface and additional hardware sensors; each Howdy Neighbor device contains 1 to 3 staged vulnerabilities which when solved present a key for scoring/reporting that it was discovered.\r\n\r\nIn the same vein, this CTF challenge will also leverage the ICS Village’s ICS Ranges including physical and virtual environments to provide an additional testbed for more advanced challenges in critical infrastructure and ICS environments. There will be integrated elements from DHS/CISA with their ranges that are realistically miniaturized assets (ie operational oil and natural gas pipeline, etc.).\n\n\n","title":"Hack the Plan[e]t CTF","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#81f8bf","name":"ICS Village","id":45369},"end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"Hack the Plan[e]t Capture the Flag (CTF) contest will feature Howdy Neighbor and the Industrial Control System (ICS) Range. This first of its kind CTF will integrate both Internet of Things (IoT) and ICS environments with interactive components for competitors to test their skills and knowledge.\r\n\r\nHowdy Neighbor is an interactive IoT CTF challenge where competitors can test their hacking skills and learn about common oversights made in development, configuration, and setup of IoT devices. Howdy Neighbor is a miniature home - made to be “smart” from basement to garage. It’s a test-bed for reverse engineering and hacking distinct consumerfocused smart devices, and to understand how the (in)security of individual devices can implicate the safety of your home or office, and ultimately your family or business. Within Howdy Neighbor there are over 25 emulated or real devices and over 50 vulnerabilities that have been staged as challenges. Each of the challenges are of varying levels to test a competitors ability to find vulnerabilities in an IoT environment. Howdy Neighbor’s challenges are composed of a real and simulated devices controlled by an App or Network interface and additional hardware sensors; each Howdy Neighbor device contains 1 to 3 staged vulnerabilities which when solved present a key for scoring/reporting that it was discovered.\r\n\r\nIn the same vein, this CTF challenge will also leverage the ICS Village’s ICS Ranges including physical and virtual environments to provide an additional testbed for more advanced challenges in critical infrastructure and ICS environments. There will be integrated elements from DHS/CISA with their ranges that are realistically miniaturized assets (ie operational oil and natural gas pipeline, etc.).","updated_timestamp":{"seconds":1659891840,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49810,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"village_id":15,"tag_ids":[40258,45358,45369,45373,45450],"includes":"","people":[],"tags":"CTF","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45430,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village) - ICS CTF Area","hotel":"","short_name":"316 - 317 ICS CTF Area","id":45503},"updated":"2022-08-07T17:04:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"pTFS is a hacker collective that has been competing in various DEF CON contests for almost 15 years.\r\n\r\nOutside the Box is a fun and interactive jeopardy style CTF contest. Don't worry if you don't know what that means. Winning will require demonstrating a wide range of hacking skills, but participating is encouraged for all ability levels. Challenges range from simple puzzles, to challenging crypto problems, to truly outside the box hijinks.\r\n\r\nMayhem Industries, a big multinational corporation, runs energy extraction and private military contracting all over the world. Our game begins with a tip that they're Up To Something on an oil rig in the Black Sea off the coast of Egypt. But what are they up to? How do you even hack an oil rig? Is this box with flashing light, exposed ports, and locked doors and ancient relic or of some extraterrestrial origin‽ Join us at DEF CON 30 to find out.\r\n\r\nFk Gl Hlnvgsrmt\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"title":"pTFS Presents: Mayhem Industries - Outside the Box","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"pTFS is a hacker collective that has been competing in various DEF CON contests for almost 15 years.\r\n\r\nOutside the Box is a fun and interactive jeopardy style CTF contest. Don't worry if you don't know what that means. Winning will require demonstrating a wide range of hacking skills, but participating is encouraged for all ability levels. Challenges range from simple puzzles, to challenging crypto problems, to truly outside the box hijinks.\r\n\r\nMayhem Industries, a big multinational corporation, runs energy extraction and private military contracting all over the world. Our game begins with a tip that they're Up To Something on an oil rig in the Black Sea off the coast of Egypt. But what are they up to? How do you even hack an oil rig? Is this box with flashing light, exposed ports, and locked doors and ancient relic or of some extraterrestrial origin‽ Join us at DEF CON 30 to find out.\r\n\r\nFk Gl Hlnvgsrmt","updated_timestamp":{"seconds":1660259940,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[{"label":"Twitter","type":"link","url":"https://twitter.com/Mayhem_Ind"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/996933488735440966"},{"label":"Contest","type":"link","url":"https://mayhem-industries.net/"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/240978"}],"end":"2022-08-13T01:00:00.000-0000","id":49775,"village_id":null,"tag_ids":[45360,45375,45450],"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-11T23:19:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Trace Labs Search Party CTF is a non theoretical, gamified effort that allows for the crowdsourcing of contestants to perform a single task: Conduct open source intelligence operations to help find missing persons\r\n \r\nYou can have teams of 1-4 people, 4 person teams provide many benefits which include the coaching of more junior members. Often a great learning opportunity if you are able to pair up with OSINT veterans. Get your team together and join us in our Discord group to get started here: https://tracelabs.org/discord\n\n\n","title":"Trace Labs OSINT Search Party CTF - Sign-ups","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"The Trace Labs Search Party CTF is a non theoretical, gamified effort that allows for the crowdsourcing of contestants to perform a single task: Conduct open source intelligence operations to help find missing persons\r\n \r\nYou can have teams of 1-4 people, 4 person teams provide many benefits which include the coaching of more junior members. Often a great learning opportunity if you are able to pair up with OSINT veterans. Get your team together and join us in our Discord group to get started here: https://tracelabs.org/discord","updated_timestamp":{"seconds":1659989160,"nanoseconds":0},"speakers":[],"timeband_id":891,"end":"2022-08-13T01:00:00.000-0000","links":[{"label":"Twitter","type":"link","url":"https://twitter.com/tracelabs"},{"label":"Website","type":"link","url":"https://www.tracelabs.org/blog/dc-ctf"},{"label":"Discord","type":"link","url":"https://tracelabs.org/discord"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/240969"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/864188734291705856"}],"id":49768,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"tag_ids":[45360,45375,45450],"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"updated":"2022-08-08T20:06:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Love puzzles? Need a place to exercise your classical and modern cryptography skills? This puzzle will keep you intrigued and busy throughout Defcon - and questioning how deep the layers of cryptography go. The Gold Bug an annual Defcon puzzle hunt, focused on cryptography. You can learn about Caesar ciphers, brush up your understanding of how Enigma machines or key exchanges work, and try to crack harder modern crypto. Accessible to all - and drop by for some kids’ puzzles too!PELCGBTENCUL VF UNEQ\r\n\r\nThis puzzle can be done virtually, but if you’re on-site, you’re welcome to stop by the village to discuss it as well!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"title":"The Gold Bug – Crypto and Privacy Village Puzzle ","android_description":"Love puzzles? Need a place to exercise your classical and modern cryptography skills? This puzzle will keep you intrigued and busy throughout Defcon - and questioning how deep the layers of cryptography go. The Gold Bug an annual Defcon puzzle hunt, focused on cryptography. You can learn about Caesar ciphers, brush up your understanding of how Enigma machines or key exchanges work, and try to crack harder modern crypto. Accessible to all - and drop by for some kids’ puzzles too!PELCGBTENCUL VF UNEQ\r\n\r\nThis puzzle can be done virtually, but if you’re on-site, you’re welcome to stop by the village to discuss it as well!","end_timestamp":{"seconds":1660496400,"nanoseconds":0},"updated_timestamp":{"seconds":1660105620,"nanoseconds":0},"speakers":[],"timeband_id":891,"end":"2022-08-14T17:00:00.000-0000","links":[{"label":"Twitter","type":"link","url":"https://twitter.com/CryptoVillage"},{"label":"Website","type":"link","url":"https://goldbug.cryptovillage.org/"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241391"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711644108837486602"}],"id":49764,"village_id":null,"tag_ids":[45360,45375,45451],"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Vista Ballroom (Crypto Privacy Village)","hotel":"","short_name":"Sunset-Vista Ballroom (Crypto Privacy Village)","id":45429},"spans_timebands":"Y","updated":"2022-08-10T04:27:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Hospital Under Siege is a scenario-driven Capture the Flag contest run by the Biohacking Village, pitting teams of participants against adversaries and against a clock, to protect human life and public safety. Participants will compete against each other on both real and simulated medical devices, in the fully immersive Biohacking Village: Device Lab, laid out as a working hospital. Teams of any size are welcome, as are players from all backgrounds and skill levels. Challenges will be tailored for all skill levels and draw from expertise areas including forensics, RF hacking, network exploitation techniques, web security, protocol reverse engineering, hardware hacking, and others.\r\n\r\nYou will hack actual medical devices and play with protocols like DICOM, HL7 and FHIR.\r\n\r\nVisit https://www.villageb.io/capturetheflag for more information.\n\n\n","title":"Hospital Under Siege ","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"Hospital Under Siege is a scenario-driven Capture the Flag contest run by the Biohacking Village, pitting teams of participants against adversaries and against a clock, to protect human life and public safety. Participants will compete against each other on both real and simulated medical devices, in the fully immersive Biohacking Village: Device Lab, laid out as a working hospital. Teams of any size are welcome, as are players from all backgrounds and skill levels. Challenges will be tailored for all skill levels and draw from expertise areas including forensics, RF hacking, network exploitation techniques, web security, protocol reverse engineering, hardware hacking, and others.\r\n\r\nYou will hack actual medical devices and play with protocols like DICOM, HL7 and FHIR.\r\n\r\nVisit https://www.villageb.io/capturetheflag for more information.","updated_timestamp":{"seconds":1659746700,"nanoseconds":0},"speakers":[],"timeband_id":891,"end":"2022-08-13T01:00:00.000-0000","links":[{"label":"Website & Rules","type":"link","url":"https://www.villageb.io/capturetheflag"},{"label":"CTFd","type":"link","url":"https://bhv.ctfd.io"},{"label":"Twitter","type":"link","url":"https://twitter.com/DC_BHV"}],"id":49657,"village_id":5,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"tag_ids":[40277,45360,45375,45451],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Laughlin I,II,III (Biohacking Village)","hotel":"","short_name":"Laughlin I,II,III (Biohacking Village)","id":45405},"updated":"2022-08-06T00:45:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Are you the next Octopus Champion? Find out at DEF CON 30! Enter here: https://www.mirolabs.info/octopusgame\r\n\r\nOnce entered, contestants are provided a random opponent. Locate your opponent and challenge them to a contest: rock-paper-scissors, Ddakji, staring contest, etc. Winners receive their opponents’ targets and the game continues until we reach the top 4. The Octopus Champion is then decided at a special tournament with events designed by the Octopus Master.\r\n\r\nPhases: \r\n\r\nRecruitment/Registration: until Friday Aug 12 10:00\r\nMandatory On-site Sign-in: Friday Aug 12 10:00 - 12:00\r\nIndividual Phase: Friday Aug 12 12:00 - Sunday Aug 14 10:00\r\nFinal 8 Phase: Sunday Aug 14 10:00 - 11:00\n\n\n","title":"Octopus Game - On-site Sign-in (Mandatory)","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"android_description":"Are you the next Octopus Champion? Find out at DEF CON 30! Enter here: https://www.mirolabs.info/octopusgame\r\n\r\nOnce entered, contestants are provided a random opponent. Locate your opponent and challenge them to a contest: rock-paper-scissors, Ddakji, staring contest, etc. Winners receive their opponents’ targets and the game continues until we reach the top 4. The Octopus Champion is then decided at a special tournament with events designed by the Octopus Master.\r\n\r\nPhases: \r\n\r\nRecruitment/Registration: until Friday Aug 12 10:00\r\nMandatory On-site Sign-in: Friday Aug 12 10:00 - 12:00\r\nIndividual Phase: Friday Aug 12 12:00 - Sunday Aug 14 10:00\r\nFinal 8 Phase: Sunday Aug 14 10:00 - 11:00","end_timestamp":{"seconds":1660330800,"nanoseconds":0},"updated_timestamp":{"seconds":1659741180,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[{"label":"Twitter","type":"link","url":"https://twitter.com/OctopusGameDC"},{"label":"Website","type":"link","url":"https://www.mirolabs.info/octopusgame"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241373"}],"end":"2022-08-12T19:00:00.000-0000","id":49654,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"tag_ids":[45360,45373,45450],"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"spans_timebands":"N","updated":"2022-08-05T23:13:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Once again this year’s DEF CON Red Team CTF will be hosted by Threat Simulations! We have an amazing, immersive scenario that stresses strong red team skills as players traverse through an enterprise network. This event is not for the faint of heart, first you will battle with hundreds of teams in a jeopardy board style ctf, then the top teams will enter the finals where your Red Team skills will be tested in a full Active Directory environment. Your team will compete against some of the best red teamers in the world as you exploit, pivot, and loot the target environment.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"title":"Red Team Village CTF Qualifiers Part 1","end_timestamp":{"seconds":1660348800,"nanoseconds":0},"android_description":"Once again this year’s DEF CON Red Team CTF will be hosted by Threat Simulations! We have an amazing, immersive scenario that stresses strong red team skills as players traverse through an enterprise network. This event is not for the faint of heart, first you will battle with hundreds of teams in a jeopardy board style ctf, then the top teams will enter the finals where your Red Team skills will be tested in a full Active Directory environment. Your team will compete against some of the best red teamers in the world as you exploit, pivot, and loot the target environment.","updated_timestamp":{"seconds":1659678180,"nanoseconds":0},"speakers":[],"timeband_id":891,"end":"2022-08-13T00:00:00.000-0000","links":[{"label":"Twitter","type":"link","url":"https://twitter.com/RedTeamVillage_"},{"label":"Website","type":"link","url":"https://redteamvillage.io/ctf.html"}],"id":49592,"village_id":27,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"tag_ids":[40269,45360,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"spans_timebands":"N","updated":"2022-08-05T05:43:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The RF CTF will be hybrid this year, everyone worldwide is free to play.\r\n\r\n***** \r\n\r\nDo you have what it takes to hack WiFi, Bluetooth, and Software Defined Radio (SDR)?\r\n\r\nRF Hackers Sanctuary (the group formerly known as Wireless Village) is once again holding the Radio Frequency Capture the Flag (RFCTF) at DEF CON 30. RFHS runs this game to teach security concepts and to give people a safe and legal way to practice attacks against new and old wireless technologies.\r\n\r\nWe cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The RFCTF can be played with a little knowledge, a pen tester’s determination, and $0 to $$$$$ worth of special equipment. Our new virtual RFCTF can be played completely remotely without needing any specialized equipment at all, just using your web browser! The key is to read the clues, determine the goal of each challenge, and have fun learning.\r\n\r\nThere will be clues everywhere, and we will provide periodic updates via discord and twitter. Make sure you pay attention to what’s happening at the RFCTF desk, #rfctf on our discord, on Twitter @rf_ctf, @rfhackers, and the interwebz, etc. If you have a question - ASK! We may or may not answer, at our discretion.\r\n\r\nFOR THE NEW FOLKS\r\n\r\nOur virtual RFCTF environment is played remotely over ssh or through a web browser. It may help to have additional tools installed on your local machine, but it isn’t required.\r\n\r\nRead the presentations at: https://rfhackers.com/resources\r\n\r\nHybrid Fun\r\n\r\nFor DEF CON 30 we will be running in “Hybrid” mode. That means we will have both a physical presence AND the virtual game. All of the challenges we have perfected in the last 2 years in our virtual game will be up and running, available to anyone all over the world (including at the conference), free of charge. In addition to the virtual challenges, we will also have a large number of “in person” only challenges. These “in-person” only challenges will include our traditional fox hunts, hide and seeks, and king of the hill challenges. Additionally, we will have many challenges which we simply haven’t had time or ability to virtualize. It should be clear that playing only the virtual game will put you in a severe available point disadvantage. Please don’t expect to place if you play virtual only, consider the game an opportunity to learn, practice, hone your skills, and still get on the scoreboard. The virtual challenges which are available will have the same flags as the in-person challenges, allowing physical attendees the choice of hacking those challenges using either (or both) methods of access.\r\n\r\nTHE GAME\r\n\r\nTo score you will need to submit flags which will range from decoding transmissions in the spectrum, passphrases used to gain access to wireless access points, or even files located on servers. Once you capture the flag, submit it to the scoreboard right away, if you are confident it is worth *positive* points. Some flags will be worth more points the earlier they are submitted, and others will be negative. Offense and defense are fully in play by the participants, the RFCTF organizers, and the Conference itself. Play nice, and we might also play nice.\r\n\r\nTo play our game at DEF CON 30 join SSID: RFCTF_Contestant with password: iluvpentoo\r\n\n\n\n","title":"Radio Frequency Capture the Flag","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"end_timestamp":{"seconds":1660510800,"nanoseconds":0},"android_description":"The RF CTF will be hybrid this year, everyone worldwide is free to play.\r\n\r\n***** \r\n\r\nDo you have what it takes to hack WiFi, Bluetooth, and Software Defined Radio (SDR)?\r\n\r\nRF Hackers Sanctuary (the group formerly known as Wireless Village) is once again holding the Radio Frequency Capture the Flag (RFCTF) at DEF CON 30. RFHS runs this game to teach security concepts and to give people a safe and legal way to practice attacks against new and old wireless technologies.\r\n\r\nWe cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The RFCTF can be played with a little knowledge, a pen tester’s determination, and $0 to $$$$$ worth of special equipment. Our new virtual RFCTF can be played completely remotely without needing any specialized equipment at all, just using your web browser! The key is to read the clues, determine the goal of each challenge, and have fun learning.\r\n\r\nThere will be clues everywhere, and we will provide periodic updates via discord and twitter. Make sure you pay attention to what’s happening at the RFCTF desk, #rfctf on our discord, on Twitter @rf_ctf, @rfhackers, and the interwebz, etc. If you have a question - ASK! We may or may not answer, at our discretion.\r\n\r\nFOR THE NEW FOLKS\r\n\r\nOur virtual RFCTF environment is played remotely over ssh or through a web browser. It may help to have additional tools installed on your local machine, but it isn’t required.\r\n\r\nRead the presentations at: https://rfhackers.com/resources\r\n\r\nHybrid Fun\r\n\r\nFor DEF CON 30 we will be running in “Hybrid” mode. That means we will have both a physical presence AND the virtual game. All of the challenges we have perfected in the last 2 years in our virtual game will be up and running, available to anyone all over the world (including at the conference), free of charge. In addition to the virtual challenges, we will also have a large number of “in person” only challenges. These “in-person” only challenges will include our traditional fox hunts, hide and seeks, and king of the hill challenges. Additionally, we will have many challenges which we simply haven’t had time or ability to virtualize. It should be clear that playing only the virtual game will put you in a severe available point disadvantage. Please don’t expect to place if you play virtual only, consider the game an opportunity to learn, practice, hone your skills, and still get on the scoreboard. The virtual challenges which are available will have the same flags as the in-person challenges, allowing physical attendees the choice of hacking those challenges using either (or both) methods of access.\r\n\r\nTHE GAME\r\n\r\nTo score you will need to submit flags which will range from decoding transmissions in the spectrum, passphrases used to gain access to wireless access points, or even files located on servers. Once you capture the flag, submit it to the scoreboard right away, if you are confident it is worth *positive* points. Some flags will be worth more points the earlier they are submitted, and others will be negative. Offense and defense are fully in play by the participants, the RFCTF organizers, and the Conference itself. Play nice, and we might also play nice.\r\n\r\nTo play our game at DEF CON 30 join SSID: RFCTF_Contestant with password: iluvpentoo","updated_timestamp":{"seconds":1659926880,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[{"label":"Website","type":"link","url":"http://rfhackers.com"},{"label":"Getting Started Guide","type":"link","url":"https://github.com/rfhs/rfhs-wiki/wiki/RF-CTF-Virtual-HowToGetStarted"},{"label":"Support Ticketing System","type":"link","url":"https://github.com/rfhs/rfctf-support/issues"},{"label":"Twitter - rfhackers","type":"link","url":"https://twitter.com/rfhackers"},{"label":"GitHub","type":"link","url":"https://github.com/rfhs"},{"label":"Discord Server","type":"link","url":"https://discordapp.com/invite/JjPQhKy"},{"label":"Helpful files (in-brief, wordlist, resources)","type":"link","url":"https://github.com/rfhs/wctf-files"},{"label":"Twitter - rf_ctf","type":"link","url":"https://twitter.com/rf_ctf"}],"end":"2022-08-14T21:00:00.000-0000","id":49588,"village_id":null,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"tag_ids":[45360,45375,45451],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Eldorado Ballroom (Radio Frequency Village)","hotel":"","short_name":"Eldorado Ballroom (Radio Frequency Village)","id":45427},"spans_timebands":"Y","begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-08T02:48:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The DEF CON Kubernetes Capture the Flag (CTF) contest features a Kubernetes-based CTF challenge, where teams and individuals can build and test their Kubernetes hacking skills. Each team/individual is given access to a single Kubernetes cluster that contains a set of serial challenges, winning flags and points as they progress. Later flags pose more difficulty, but count for more points.\r\n\r\nA scoreboard tracks the teams’ current and final scores. In the event of a tie, the first team to achieve the score wins that tie.\r\n\r\nFriday: 10:00-20:00\r\nSaturday: 10:00-17:00\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"title":"Kubernetes Capture The Flag","android_description":"The DEF CON Kubernetes Capture the Flag (CTF) contest features a Kubernetes-based CTF challenge, where teams and individuals can build and test their Kubernetes hacking skills. Each team/individual is given access to a single Kubernetes cluster that contains a set of serial challenges, winning flags and points as they progress. Later flags pose more difficulty, but count for more points.\r\n\r\nA scoreboard tracks the teams’ current and final scores. In the event of a tie, the first team to achieve the score wins that tie.\r\n\r\nFriday: 10:00-20:00\r\nSaturday: 10:00-17:00","end_timestamp":{"seconds":1660359600,"nanoseconds":0},"updated_timestamp":{"seconds":1659669780,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/792884058354745354"},{"label":"Twitter","type":"link","url":"https://twitter.com/ctfsecurity"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241018"},{"label":"Website","type":"link","url":"https://containersecurityctf.com/"}],"end":"2022-08-13T03:00:00.000-0000","id":49586,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"village_id":null,"tag_ids":[45360,45374],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45476},"begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-05T03:23:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In the world of amateur radio, groups of hams will often put together a transmitter hunt (also called “fox hunting”) in order to hone their radio direction finding skills to locate one or more hidden radio transmitters broadcasting. The Defcon Ham Radio Fox Hunt will require participants to locate a number of hidden radio transmitters broadcasting at very low power which are hidden throughout the conference. A map with rough search areas will be given to participants to guide them on their hunt. Additional hints and tips will be provided throughout Defcon at the contest table to help people who find themselves stuck. This contest is designed to be an introduction to ham radio fox hunting and as such will be simple to participate in and all people who participate will be guided towards successful completion!\r\n\r\nFriday: 10:00-20:00\r\nSaturday: 10:00-20:00\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"title":"DC30 Ham Radio Fox Hunt Contest","android_description":"In the world of amateur radio, groups of hams will often put together a transmitter hunt (also called “fox hunting”) in order to hone their radio direction finding skills to locate one or more hidden radio transmitters broadcasting. The Defcon Ham Radio Fox Hunt will require participants to locate a number of hidden radio transmitters broadcasting at very low power which are hidden throughout the conference. A map with rough search areas will be given to participants to guide them on their hunt. Additional hints and tips will be provided throughout Defcon at the contest table to help people who find themselves stuck. This contest is designed to be an introduction to ham radio fox hunting and as such will be simple to participate in and all people who participate will be guided towards successful completion!\r\n\r\nFriday: 10:00-20:00\r\nSaturday: 10:00-20:00","end_timestamp":{"seconds":1660359600,"nanoseconds":0},"updated_timestamp":{"seconds":1659668040,"nanoseconds":0},"speakers":[],"timeband_id":891,"end":"2022-08-13T03:00:00.000-0000","links":[{"label":"Twitter","type":"link","url":"https://twitter.com/richsentme"},{"label":"Website","type":"link","url":"https://defcon27foxhunt.com"}],"id":49582,"village_id":null,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"tag_ids":[45360,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-05T02:54:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Threat Modeling is arguably the single most important activity in an application security program and if performed early can identify a wide range of potential flaws before a single line of code has been written. While being so critically important there is no single correct way to perform Threat Modeling, many techniques, methodologies and/or tools exist. \r\n\r\nAs part of our challenge we will present contestants with the exact same design and compare the outputs they produce against a number of categories in order to identify a winner and crown DEF CON’s Next Top Threat Model(er).\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"title":"DEF CON’s Next Top Threat Model","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"Threat Modeling is arguably the single most important activity in an application security program and if performed early can identify a wide range of potential flaws before a single line of code has been written. While being so critically important there is no single correct way to perform Threat Modeling, many techniques, methodologies and/or tools exist. \r\n\r\nAs part of our challenge we will present contestants with the exact same design and compare the outputs they produce against a number of categories in order to identify a winner and crown DEF CON’s Next Top Threat Model(er).","updated_timestamp":{"seconds":1659667860,"nanoseconds":0},"speakers":[],"timeband_id":891,"end":"2022-08-13T01:00:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/240973"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/864187569247354900"}],"id":49580,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"tag_ids":[45360,45375,45450],"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"updated":"2022-08-05T02:51:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The DEF CON Scavenger Hunt is back for the 25th hunt. We are gearing up to once again catch Las Vegas with its pants down #pantslessvillage. This year, we return to in-person only operations with up to 5 people per team and table submissions.\r\n\r\nFor those new to DEF CON, or otherwise uninitiated, the DEF CON Scavenger Hunt is regarded by many as the best way to interact with the con. We do our best to encourage you to challenge your comfort zone, meet people, and otherwise see and do a bit of everything that DEF CON 30 has to offer. For those who have aspirations to become more involved with DEF CON in the future, many of our veteran contestants include goons, speakers, and contest organizers.\r\n\r\nSo, how does a scavenger hunt run for 25 years? As this is DEF CON, this is not your ordinary scavenger hunt. The list is open to interpretation, it is a hacker con after all, so hack the list. Because how you interpret the list is entirely out of our hands, we have posted trigger warnings. You will be finding and doing a variety of things, it is up to you to convince the judges whatever you are turning in meets the criteria and is worth the points.\r\n\r\nYou don’t have to devote all of your time to play and have fun, come turn in a couple items and enjoy yourself. If you want to win however, you will have to scavenge as much as you can over the weekend. While the hunt starts on Friday morning, with determination and a lack of sleep, we have seen people start at 2AM on Saturday night and place. Likewise, if you don’t play well with others, we have seen single-players also place. In other words, we work very hard to keep the barrier to entry as low as possible. You don’t need to be some binary reversing wizard, and there’s no qualifier to compete, you can just show up and win if you want it enough.\r\n\r\nThe hunt was started by Pinguino at DEF CON 5 simply to avoid being bored; there was no hunt at DEF CON 8, for those doing math. In the intervening years, to further avoid boredom, we have been out scavenging and went from having a simple cardboard sign to a truly mesmerizing table.\r\n\r\nSo come to the scav hunt table in the contest area (it’s hard to miss us) with a team name ready. Once you get a list, your assignment is to turn in as many items as you can before noon on Sunday. The team with the most points wins. Items are worth more points the sooner you turn them in, so come on down and turn in frequently.\r\n\r\nWe want to thank Pinguino, Grifter, Siviak , Salem, all of the judges, and all of the players that have made it possible for us to host the 25th DEF CON Scavenger Hunt.\r\n\r\nThe DEF CON 30 Scavenger Hunt is brought to you by DualD, EvilMoFo, Kaybz, Sconce, Shazbot, Zhora.\r\n\r\nTHE RULES:\r\n\r\n1: the judges are always right\r\n2: not our problem\r\n3: make it weird\r\n4: don’t disappoint the judge(s)\r\n5: team name, item number, present your item\r\n\r\nIf you capture pictures or video of items from our list happening, or have some from previous years, please send it to us via email scavlist@gmail.com.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"title":"DEF CON Scavenger Hunt","android_description":"The DEF CON Scavenger Hunt is back for the 25th hunt. We are gearing up to once again catch Las Vegas with its pants down #pantslessvillage. This year, we return to in-person only operations with up to 5 people per team and table submissions.\r\n\r\nFor those new to DEF CON, or otherwise uninitiated, the DEF CON Scavenger Hunt is regarded by many as the best way to interact with the con. We do our best to encourage you to challenge your comfort zone, meet people, and otherwise see and do a bit of everything that DEF CON 30 has to offer. For those who have aspirations to become more involved with DEF CON in the future, many of our veteran contestants include goons, speakers, and contest organizers.\r\n\r\nSo, how does a scavenger hunt run for 25 years? As this is DEF CON, this is not your ordinary scavenger hunt. The list is open to interpretation, it is a hacker con after all, so hack the list. Because how you interpret the list is entirely out of our hands, we have posted trigger warnings. You will be finding and doing a variety of things, it is up to you to convince the judges whatever you are turning in meets the criteria and is worth the points.\r\n\r\nYou don’t have to devote all of your time to play and have fun, come turn in a couple items and enjoy yourself. If you want to win however, you will have to scavenge as much as you can over the weekend. While the hunt starts on Friday morning, with determination and a lack of sleep, we have seen people start at 2AM on Saturday night and place. Likewise, if you don’t play well with others, we have seen single-players also place. In other words, we work very hard to keep the barrier to entry as low as possible. You don’t need to be some binary reversing wizard, and there’s no qualifier to compete, you can just show up and win if you want it enough.\r\n\r\nThe hunt was started by Pinguino at DEF CON 5 simply to avoid being bored; there was no hunt at DEF CON 8, for those doing math. In the intervening years, to further avoid boredom, we have been out scavenging and went from having a simple cardboard sign to a truly mesmerizing table.\r\n\r\nSo come to the scav hunt table in the contest area (it’s hard to miss us) with a team name ready. Once you get a list, your assignment is to turn in as many items as you can before noon on Sunday. The team with the most points wins. Items are worth more points the sooner you turn them in, so come on down and turn in frequently.\r\n\r\nWe want to thank Pinguino, Grifter, Siviak , Salem, all of the judges, and all of the players that have made it possible for us to host the 25th DEF CON Scavenger Hunt.\r\n\r\nThe DEF CON 30 Scavenger Hunt is brought to you by DualD, EvilMoFo, Kaybz, Sconce, Shazbot, Zhora.\r\n\r\nTHE RULES:\r\n\r\n1: the judges are always right\r\n2: not our problem\r\n3: make it weird\r\n4: don’t disappoint the judge(s)\r\n5: team name, item number, present your item\r\n\r\nIf you capture pictures or video of items from our list happening, or have some from previous years, please send it to us via email scavlist@gmail.com.","end_timestamp":{"seconds":1660330800,"nanoseconds":0},"updated_timestamp":{"seconds":1659667740,"nanoseconds":0},"speakers":[],"timeband_id":891,"end":"2022-08-12T19:00:00.000-0000","links":[{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711049278163779605"},{"label":"Website","type":"link","url":"http://defconscavhunt.com"},{"label":"Twitter","type":"link","url":"https://twitter.com/DefConScavHunt"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/240992"}],"id":49579,"village_id":null,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"tag_ids":[45360,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-05T02:49:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Darknet-NG is an In-Person Massively Multiplayer Online Role Playing Game (MMO-RPG), where the players take on the Persona of an Agent who is sent on Quests to learn real skills and gain in-game points. If this is your first time at DEF CON, this is a great place to start, because we assume no prior knowledge. Building from basic concepts, we teach agents about a range of topics from Lock-picking, to using and decoding ciphers, to Electronics 101, just to name a few, all while also helping to connect them to the larger DEF CON Community. The “Learning Quests” help the agent gather knowledge from all across the other villages at the conference, while the “Challenge Quests” help hone their skills! Sunday Morning there is a BOSS FIGHT where the Agents must use their combined skills as a community and take on that year’s challenge! There is a whole skill tree of personal knowledge to obtain, community to connect with and memories to make! To get started, check out our site https://darknet-ng.network and join our growing Discord Community!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"title":"DARKNET-NG","end_timestamp":{"seconds":1660359600,"nanoseconds":0},"android_description":"Darknet-NG is an In-Person Massively Multiplayer Online Role Playing Game (MMO-RPG), where the players take on the Persona of an Agent who is sent on Quests to learn real skills and gain in-game points. If this is your first time at DEF CON, this is a great place to start, because we assume no prior knowledge. Building from basic concepts, we teach agents about a range of topics from Lock-picking, to using and decoding ciphers, to Electronics 101, just to name a few, all while also helping to connect them to the larger DEF CON Community. The “Learning Quests” help the agent gather knowledge from all across the other villages at the conference, while the “Challenge Quests” help hone their skills! Sunday Morning there is a BOSS FIGHT where the Agents must use their combined skills as a community and take on that year’s challenge! There is a whole skill tree of personal knowledge to obtain, community to connect with and memories to make! To get started, check out our site https://darknet-ng.network and join our growing Discord Community!","updated_timestamp":{"seconds":1659667380,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/741049958182158387"},{"label":"Website","type":"link","url":"https://darknet-ng.network/"},{"label":"Twitter","type":"link","url":"https://twitter.com/DarknetNg"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/240975"}],"end":"2022-08-13T03:00:00.000-0000","id":49575,"village_id":null,"tag_ids":[45360,45375,45450],"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"spans_timebands":"N","updated":"2022-08-05T02:43:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"CMD+CTRL Cyber Range is an interactive learning and hacking platform where development, security, IT, and other roles come together to build an appreciation for protecting the enterprise. Players learn security techniques in a real-world environment where they compete to find vulnerabilities. Real-time scoring keeps participants engaged and creates friendly competition. Our Cloud and App Cyber Ranges incorporate authentic, fully functioning applications and vulnerabilities often found in commercial web platforms.\r\n\r\nLearn to see web applications and services from an attacker's perspective. CMD+CTRL is a hacking game designed to teach the fundamentals of web application security. Explore vulnerable web applications, discover security flaws, and exploit those flaws to earn points and climb up the scoreboard. After attacking an application for yourself, you'll have a better understanding of the vulnerabilities that put real applications at risk - and you'll be better prepared to find and fix those vulnerabilities in your own code.\r\n\r\nAt DEF CON 30: We will be debuting our latest Cloud Cyber Range, which focuses on exploiting a modern email marketing platform comprised of web applications, services, and a variety of cloud resources. Inspired by the latest trends and real world exploits, try your hands at bypassing a WAF, HTTP Desync, postMessage XSS, RCE, MFA bypass, and so, so much more! With twice as many challenges as our past Cloud Ranges do you think you can complete them all?\r\n\r\nThis year we are happy to announce that we will be returning to DEF CON in person. We will be running this event both on site and online via Discord. Join us Friday (8/12) through Saturday (8/13) for this invite-only CTF by signing up with the registration form below. This event is limited to 250 players, so save your seat now!\r\n\r\nRegister here: https://forms. gle/3TbT4JWsTfWVwr6r9\r\n\r\nMore info: http://defcon30.cmdnctrl.net\r\n\r\nTwitter: @cmdnctrl_defcon\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"title":"CMD+CTRL","end_timestamp":{"seconds":1660438800,"nanoseconds":0},"android_description":"CMD+CTRL Cyber Range is an interactive learning and hacking platform where development, security, IT, and other roles come together to build an appreciation for protecting the enterprise. Players learn security techniques in a real-world environment where they compete to find vulnerabilities. Real-time scoring keeps participants engaged and creates friendly competition. Our Cloud and App Cyber Ranges incorporate authentic, fully functioning applications and vulnerabilities often found in commercial web platforms.\r\n\r\nLearn to see web applications and services from an attacker's perspective. CMD+CTRL is a hacking game designed to teach the fundamentals of web application security. Explore vulnerable web applications, discover security flaws, and exploit those flaws to earn points and climb up the scoreboard. After attacking an application for yourself, you'll have a better understanding of the vulnerabilities that put real applications at risk - and you'll be better prepared to find and fix those vulnerabilities in your own code.\r\n\r\nAt DEF CON 30: We will be debuting our latest Cloud Cyber Range, which focuses on exploiting a modern email marketing platform comprised of web applications, services, and a variety of cloud resources. Inspired by the latest trends and real world exploits, try your hands at bypassing a WAF, HTTP Desync, postMessage XSS, RCE, MFA bypass, and so, so much more! With twice as many challenges as our past Cloud Ranges do you think you can complete them all?\r\n\r\nThis year we are happy to announce that we will be returning to DEF CON in person. We will be running this event both on site and online via Discord. Join us Friday (8/12) through Saturday (8/13) for this invite-only CTF by signing up with the registration form below. This event is limited to 250 players, so save your seat now!\r\n\r\nRegister here: https://forms. gle/3TbT4JWsTfWVwr6r9\r\n\r\nMore info: http://defcon30.cmdnctrl.net\r\n\r\nTwitter: @cmdnctrl_defcon","updated_timestamp":{"seconds":1659667080,"nanoseconds":0},"speakers":[],"timeband_id":891,"end":"2022-08-14T01:00:00.000-0000","links":[{"label":"Twitter","type":"link","url":"https://twitter.com/cmdnctrl_defcon"},{"label":"Registration","type":"link","url":"https://forms.gle/3TbT4JWsTfWVwr6r9"},{"label":"Website","type":"link","url":"http://defcon30.cmdnctrl.net"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711643642388807800"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/240958"}],"id":49574,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"village_id":null,"tag_ids":[45360,45375,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-05T02:38:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"What happens when you take an ACM style programming contest, smash it head long into a drinking game, throw in a mix of our most distracting helpers, then shove the resulting chaos incarnate onto a stage? You get the contest known as Crash and Compile.\r\n\r\nTeams are given programming challenges and have to solve them with code. If your code fails to compile? Take a drink. Segfault? Take a drink. Did your code fail to produce the correct answer when you ran it? Take a drink. We set you against the clock and the other teams. And because our \"\"Team Distraction\"\" think watching people simply code is boring, they have taken it upon themselves to be creative in hindering you from programming, much to the enjoyment of the audience. At the end of the night, one team will have proven their ability, and walk away with the coveted Crash and Compile trophy.\r\n\r\nCrash and Compile is looking for the top programmers to test their skills in our contest. Can you complete our challenges? Can you do so with style that sets your team ahead of the others? To play our game you must first complete our qualifying round. Gather your team and see if you have the coding chops to secure your place as one of the top teams to move on to the main contest.\r\n\r\nQualifications for Crash and Compile will take place Friday from 10am to 3pm on-site and online at https://crashandcompile.org.\r\n\r\nYou may have up to two people per team. (Having two people on a team is highly suggested)\r\n\r\nOf the qualifiers, nine teams will move on to compete head to head on the contest stage.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"title":"Crash and Compile - Qualifications","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"What happens when you take an ACM style programming contest, smash it head long into a drinking game, throw in a mix of our most distracting helpers, then shove the resulting chaos incarnate onto a stage? You get the contest known as Crash and Compile.\r\n\r\nTeams are given programming challenges and have to solve them with code. If your code fails to compile? Take a drink. Segfault? Take a drink. Did your code fail to produce the correct answer when you ran it? Take a drink. We set you against the clock and the other teams. And because our \"\"Team Distraction\"\" think watching people simply code is boring, they have taken it upon themselves to be creative in hindering you from programming, much to the enjoyment of the audience. At the end of the night, one team will have proven their ability, and walk away with the coveted Crash and Compile trophy.\r\n\r\nCrash and Compile is looking for the top programmers to test their skills in our contest. Can you complete our challenges? Can you do so with style that sets your team ahead of the others? To play our game you must first complete our qualifying round. Gather your team and see if you have the coding chops to secure your place as one of the top teams to move on to the main contest.\r\n\r\nQualifications for Crash and Compile will take place Friday from 10am to 3pm on-site and online at https://crashandcompile.org.\r\n\r\nYou may have up to two people per team. (Having two people on a team is highly suggested)\r\n\r\nOf the qualifiers, nine teams will move on to compete head to head on the contest stage.","updated_timestamp":{"seconds":1659666540,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[{"label":"Website","type":"link","url":"https://crashandcompile.org"}],"end":"2022-08-13T01:00:00.000-0000","id":49570,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"village_id":null,"tag_ids":[45360,45375,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"spans_timebands":"N","begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-05T02:29:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Physical Security Village (formerly known as the Lock Bypass Village) explores the world of hardware bypasses and techniques generally outside of the realm of cyber security and lockpicking. Come learn some of these bypasses, how to fix them, and have the opportunity to try them out for yourself! \r\n\r\nWe'll be covering the basics, including the under-the-door-tool and latch slipping attacks, as well as an in-depth look at more complicated bypasses. Learn about elevator hacking, try out alarm system attacks at the sensor and communication line, and have an inside look at common hardware to see how it works.\r\n\r\nNo prior experience or skills necessary - drop in and learn as much or as little as you'd like!\r\n\r\nLooking for a challenge? Show us you can use lock bypass to escape from a pair of standard handcuffs in under 30 seconds and receive a prize!\n\n\n","title":"Physical Security Village","type":{"conference_id":65,"conference":"DEFCON30","color":"#61ba95","updated_at":"2024-06-07T03:39+0000","name":"Physical Security Village","id":45381},"end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"The Physical Security Village (formerly known as the Lock Bypass Village) explores the world of hardware bypasses and techniques generally outside of the realm of cyber security and lockpicking. Come learn some of these bypasses, how to fix them, and have the opportunity to try them out for yourself! \r\n\r\nWe'll be covering the basics, including the under-the-door-tool and latch slipping attacks, as well as an in-depth look at more complicated bypasses. Learn about elevator hacking, try out alarm system attacks at the sensor and communication line, and have an inside look at common hardware to see how it works.\r\n\r\nNo prior experience or skills necessary - drop in and learn as much or as little as you'd like!\r\n\r\nLooking for a challenge? Show us you can use lock bypass to escape from a pair of standard handcuffs in under 30 seconds and receive a prize!","updated_timestamp":{"seconds":1659624480,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49550,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"village_id":22,"tag_ids":[40264,45341,45373,45381,45450],"includes":"","people":[],"tags":"Village Event","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 201-202 (Physical Security Village)","hotel":"","short_name":"201-202 (Physical Security Village)","id":45428},"spans_timebands":"N","begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-04T14:48:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Biometric systems such as face recognition, voice-print identification is extensively used for personal identification. In recent years more and more vehicle makers are implemented the facial recognition systems into the modern vehicle. However, how secure these systems really are? \r\n\r\nIn this talk, we will present some of simple yet very practical attack methods, to bypass the face recognition systems found on some modern vehicles, in order to login or even start the engine. \r\n\r\nWe will also diving into the journey of how to spoof the voiceprint based system. To trick the Smart speakers authentication mechanism to shopping online. Or generated a \"unharmed\" song with a specific command secretly embedded within. eg. \"Open the car window\"\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#b9b1c5","updated_at":"2024-06-07T03:39+0000","name":"Car Hacking Village","id":45352},"title":"Biometrics system hacking in the age of the smart vehicle","end_timestamp":{"seconds":1660326000,"nanoseconds":0},"android_description":"Biometric systems such as face recognition, voice-print identification is extensively used for personal identification. In recent years more and more vehicle makers are implemented the facial recognition systems into the modern vehicle. However, how secure these systems really are? \r\n\r\nIn this talk, we will present some of simple yet very practical attack methods, to bypass the face recognition systems found on some modern vehicles, in order to login or even start the engine. \r\n\r\nWe will also diving into the journey of how to spoof the voiceprint based system. To trick the Smart speakers authentication mechanism to shopping online. Or generated a \"unharmed\" song with a specific command secretly embedded within. eg. \"Open the car window\"","updated_timestamp":{"seconds":1659586980,"nanoseconds":0},"speakers":[{"content_ids":[49382],"conference_id":65,"event_ids":[49529],"name":"Huajiang \"Kevin2600\" Chen","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/kevin2600"}],"media":[],"id":48788},{"content_ids":[49382],"conference_id":65,"event_ids":[49529],"name":"Li Siwei","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48789}],"timeband_id":891,"links":[],"end":"2022-08-12T17:40:00.000-0000","id":49529,"village_id":8,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"tag_ids":[40251,45340,45348,45352,45374],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48788},{"tag_id":565,"sort_order":1,"person_id":48789}],"tags":"Pre-Recorded Content, Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - Car Hacking Village","hotel":"","short_name":"Car Hacking Village","id":45487},"begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-04T04:23:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Car Hacking Village CTF is a fun interactive challenge which gives contestants first hand experience to interact with automotive technologies. We work with multiple automotive OE's and suppliers to ensure our challenges give a real-world experience to hacking cars. We understand car hacking can be expensive, so please come check out our village and flex your skills in hacking automotive technologies.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"title":"Car Hacking Village CTF","android_description":"The Car Hacking Village CTF is a fun interactive challenge which gives contestants first hand experience to interact with automotive technologies. We work with multiple automotive OE's and suppliers to ensure our challenges give a real-world experience to hacking cars. We understand car hacking can be expensive, so please come check out our village and flex your skills in hacking automotive technologies.","end_timestamp":{"seconds":1660350600,"nanoseconds":0},"updated_timestamp":{"seconds":1659586560,"nanoseconds":0},"speakers":[],"timeband_id":891,"end":"2022-08-13T00:30:00.000-0000","links":[{"label":"CTFd","type":"link","url":"https://ctf.carhackingvillage.com/"},{"label":"Guidelines","type":"link","url":"https://www.carhackingvillage.com/ctf-rules-2022"}],"id":49526,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"village_id":8,"tag_ids":[40251,45358,45360,45375,45450],"includes":"","people":[],"tags":"CTF","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 124-128 (Car Hacking Village)","hotel":"","short_name":"124-128 (Car Hacking Village)","id":45420},"spans_timebands":"N","begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-04T04:16:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"CISA and Idaho National Lab invite you to participate in an immersive Escape Room adventure to test your cybersecurity and infrastructure protection skills. This Escape Room will challenge you and your Team through a series of traditional time-bound Escape Room challenges mixed with cybersecurity elements. Participant’s skills will be confronted with cybersecurity puzzles involving wireless technologies, Open Source Intelligence (OSINT) analysis, database exploitation, network discovery, industrial control systems, cryptography, Arduino backed puzzles, and more. With the mix of traditional escape room puzzles, there is enough to do for everyone regardless of the level of their cyber skills. Come have fun while learning more about cybersecurity with CISA and Idaho National Lab.\r\n\r\n** Swing by the ICS Village to reserve a time for your team. **\r\n\r\nEscape Room Scenario: A disgruntled employee, Bob, has been plotting to bring down the company where he works. In retaliation for his perceived mistreatment, Bob has created an electromagnetic pulse device (EMP) to take out sensitive industrial control systems in the area. Thanks to a few diligent and observant company employees, Bob was taken into custody but not before the timer on the device could be activated! The EMP device has been armed and the clock is ticking. CISA needs your help in protecting our critical infrastructure by following the clues found in Bob’s office to help CISA to disarm the EMP device before it is too late.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#81f8bf","updated_at":"2024-06-07T03:39+0000","name":"ICS Village","id":45369},"title":"CISA and Idaho National Lab Escape Room","android_description":"CISA and Idaho National Lab invite you to participate in an immersive Escape Room adventure to test your cybersecurity and infrastructure protection skills. This Escape Room will challenge you and your Team through a series of traditional time-bound Escape Room challenges mixed with cybersecurity elements. Participant’s skills will be confronted with cybersecurity puzzles involving wireless technologies, Open Source Intelligence (OSINT) analysis, database exploitation, network discovery, industrial control systems, cryptography, Arduino backed puzzles, and more. With the mix of traditional escape room puzzles, there is enough to do for everyone regardless of the level of their cyber skills. Come have fun while learning more about cybersecurity with CISA and Idaho National Lab.\r\n\r\n** Swing by the ICS Village to reserve a time for your team. **\r\n\r\nEscape Room Scenario: A disgruntled employee, Bob, has been plotting to bring down the company where he works. In retaliation for his perceived mistreatment, Bob has created an electromagnetic pulse device (EMP) to take out sensitive industrial control systems in the area. Thanks to a few diligent and observant company employees, Bob was taken into custody but not before the timer on the device could be activated! The EMP device has been armed and the clock is ticking. CISA needs your help in protecting our critical infrastructure by following the clues found in Bob’s office to help CISA to disarm the EMP device before it is too late.","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"updated_timestamp":{"seconds":1659584820,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49522,"village_id":15,"tag_ids":[40258,45359,45369,45373,45450],"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"includes":"","people":[],"tags":"Competition","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45430,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village) - ICS CISA Escape Room","hotel":"","short_name":"319 ICS CISA Escape Room","id":45505},"begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-04T03:47:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Microgrids are pretty high maintenance, and like satellites, primarily built for survivability, not security. As the Department of Defense marches toward deploying microgrids at scale to shore up mission resilience in response to the challenges presented by climate change, hackers are gonna hack.\r\n\r\nIn this lab, you’ll learn the basics of microgrid design – from what they are, how they work, and how they regulate themselves. Then, you’ll be able to use this knowledge to then attempt to take over and shut down a mock microgrid by hacking its weather data system and sensor input network to generate chaos.\r\n\r\n(first-come-first-seated kind of event, essentially when a seat is free you are allowed to join)\n\n\n","title":"DDS Hack-the-Microgrid","type":{"conference_id":65,"conference":"DEFCON30","color":"#81f8bf","updated_at":"2024-06-07T03:39+0000","name":"ICS Village","id":45369},"android_description":"Microgrids are pretty high maintenance, and like satellites, primarily built for survivability, not security. As the Department of Defense marches toward deploying microgrids at scale to shore up mission resilience in response to the challenges presented by climate change, hackers are gonna hack.\r\n\r\nIn this lab, you’ll learn the basics of microgrid design – from what they are, how they work, and how they regulate themselves. Then, you’ll be able to use this knowledge to then attempt to take over and shut down a mock microgrid by hacking its weather data system and sensor input network to generate chaos.\r\n\r\n(first-come-first-seated kind of event, essentially when a seat is free you are allowed to join)","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"updated_timestamp":{"seconds":1659584100,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49517,"village_id":15,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"tag_ids":[40258,45332,45369,45373,45450],"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45430,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village) - ICS Workshop Area","hotel":"","short_name":"314 ICS Workshop Area","id":45504},"spans_timebands":"N","begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-04T03:35:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Contestants will be able to try their hand and compete in a point based Capture the Flag hacking competition based around 3 Maritime consoles. The consoles involved will be Navigation systems, Steering and Propulsion systems, and Ballast systems. These systems provide a relative experience of the actual systems found aboard a naval vessel.\r\n\r\nThis is a registration required based CTF https://www.sea-tf.com/registration First come first serve basis on time slots.\n\n\n","title":"Fantom5 SeaTF CTF","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#81f8bf","name":"ICS Village","id":45369},"end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"Contestants will be able to try their hand and compete in a point based Capture the Flag hacking competition based around 3 Maritime consoles. The consoles involved will be Navigation systems, Steering and Propulsion systems, and Ballast systems. These systems provide a relative experience of the actual systems found aboard a naval vessel.\r\n\r\nThis is a registration required based CTF https://www.sea-tf.com/registration First come first serve basis on time slots.","updated_timestamp":{"seconds":1659584640,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49514,"tag_ids":[40258,45358,45369,45373,45450],"village_id":15,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"includes":"","people":[],"tags":"CTF","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45430,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village) - ICS CTF Area","hotel":"","short_name":"316 - 317 ICS CTF Area","id":45503},"spans_timebands":"N","begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-04T03:44:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Our Memorial Room is returning this year. A bit more space and more to participate & honoring our community and friends. In FLAMINGO – Carson City 2. \r\n\r\nTake some time to remember and honor our friends that are no longer with us. You can share your stories and adventures across the many years of DEFCON and our hacker community. If this is your first year – you are welcome to come and experience the depth of our community. \r\n\r\nAdd names of friends no longer with us to our books or create some art that you feel is right. It is all your choice. We know that being at DEFCON often brings up memories and feeling about past highlights and this is the place to come and let those thoughts, feelings, and memories flow. DEFCON is an international community, and it is your community.\r\n\r\nLast year we were sort of set up to print photos from your phones – we have a few glitches – a ask about it when you drop by. BUT we think we are set to go!\r\n\r\nEmail the photos – with name or handle if you have it – to memorial@defconmusic.org and of course you can load them in when you are in the room. We have some really nice printers so they look good. And you can place them in the room. And we have lots of other ways to celebrate our family that is no longer with us.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#77d8b8","updated_at":"2024-06-07T03:39+0000","name":"Misc","id":45342},"title":"Memorial Room Open","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"Our Memorial Room is returning this year. A bit more space and more to participate & honoring our community and friends. In FLAMINGO – Carson City 2. \r\n\r\nTake some time to remember and honor our friends that are no longer with us. You can share your stories and adventures across the many years of DEFCON and our hacker community. If this is your first year – you are welcome to come and experience the depth of our community. \r\n\r\nAdd names of friends no longer with us to our books or create some art that you feel is right. It is all your choice. We know that being at DEFCON often brings up memories and feeling about past highlights and this is the place to come and let those thoughts, feelings, and memories flow. DEFCON is an international community, and it is your community.\r\n\r\nLast year we were sort of set up to print photos from your phones – we have a few glitches – a ask about it when you drop by. BUT we think we are set to go!\r\n\r\nEmail the photos – with name or handle if you have it – to memorial@defconmusic.org and of course you can load them in when you are in the room. We have some really nice printers so they look good. And you can place them in the room. And we have lots of other ways to celebrate our family that is no longer with us.","updated_timestamp":{"seconds":1659558060,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49511,"tag_ids":[45342,45373,45451],"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Carson City II (Memorial Room)","hotel":"","short_name":"Carson City II (Memorial Room)","id":45478},"begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-03T20:21:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The industrial cybersecurity workforce continues to have a significant shortage of professionals within the OT and IT work centers. Traditionally, training pipelines within the utilities sectors tend to focus on bringing outside trained cybersecurity professionals into very specific and specialized work classifications. For example gas and electric employees have years of experience and thousands of hours both on the job and in the field having worked directly with, and seeing first-hand system mechanics and vulnerabilities. A utility apprenticeship provides an established and tested platform on which to build experience towards a cybersecurity role, benefitting the existing employee, employer and customer protections. A strong argument can be made for utilizing FTE’s who have the unique industry knowledge and perspective as subject matter experts. Doing so would provide these employees the additional tools to take their highly skilled existing apprenticeship (relay tech) and enhance their effectiveness by adding the much needed additional skills of a registered cyber security pathway. This panel will discuss how the apprenticeship process is very unique, share lessons learned, and how this program could be replicated.‍\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#81f8bf","updated_at":"2024-06-07T03:39+0000","name":"ICS Village","id":45369},"title":"Ohm, how do I get into ICS?","end_timestamp":{"seconds":1660327200,"nanoseconds":0},"android_description":"The industrial cybersecurity workforce continues to have a significant shortage of professionals within the OT and IT work centers. Traditionally, training pipelines within the utilities sectors tend to focus on bringing outside trained cybersecurity professionals into very specific and specialized work classifications. For example gas and electric employees have years of experience and thousands of hours both on the job and in the field having worked directly with, and seeing first-hand system mechanics and vulnerabilities. A utility apprenticeship provides an established and tested platform on which to build experience towards a cybersecurity role, benefitting the existing employee, employer and customer protections. A strong argument can be made for utilizing FTE’s who have the unique industry knowledge and perspective as subject matter experts. Doing so would provide these employees the additional tools to take their highly skilled existing apprenticeship (relay tech) and enhance their effectiveness by adding the much needed additional skills of a registered cyber security pathway. This panel will discuss how the apprenticeship process is very unique, share lessons learned, and how this program could be replicated.‍","updated_timestamp":{"seconds":1659472440,"nanoseconds":0},"speakers":[{"content_ids":[49332],"conference_id":65,"event_ids":[49432],"name":"Dennis Skarr","affiliations":[{"organization":"Everett Community College","title":"Information Technology Instructor"}],"links":[],"pronouns":null,"media":[],"id":48754,"title":"Information Technology Instructor at Everett Community College"},{"content_ids":[49332],"conference_id":65,"event_ids":[49432],"name":"Josephine Hollandbeck","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48755},{"content_ids":[49332],"conference_id":65,"event_ids":[49432],"name":"Kairie Pierce","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48756},{"content_ids":[49332],"conference_id":65,"event_ids":[49432],"name":"Erin Cornelius","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48757},{"content_ids":[49332],"conference_id":65,"event_ids":[49432],"name":"Christine Reid","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48758}],"timeband_id":891,"links":[],"end":"2022-08-12T18:00:00.000-0000","id":49432,"village_id":15,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"tag_ids":[40258,45367,45369,45375,45450],"includes":"","people":[{"tag_id":45290,"sort_order":1,"person_id":48758},{"tag_id":45290,"sort_order":1,"person_id":48754},{"tag_id":45290,"sort_order":1,"person_id":48757},{"tag_id":45290,"sort_order":1,"person_id":48755},{"tag_id":45290,"sort_order":1,"person_id":48756}],"tags":"Panel","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 314 - 319 (ICS Village)","hotel":"","short_name":"314 - 319 (ICS Village)","id":45430},"spans_timebands":"N","updated":"2022-08-02T20:34:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","color":"#c497fa","updated_at":"2024-06-07T03:39+0000","name":"Girls Hack Village","id":45361},"title":"Girls Hack Village Introduction","end_timestamp":{"seconds":1660325400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659465120,"nanoseconds":0},"speakers":[{"content_ids":[49294,49298,49300,49309],"conference_id":65,"event_ids":[49393,49397,49399,49409],"name":"Tennisha Martin","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"www.linkedin.com/in/tennisha"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/misstennisha"},{"description":"","title":"Website","sort_order":0,"url":"https://tennisha.com"}],"pronouns":null,"media":[],"id":48713}],"timeband_id":891,"links":[],"end":"2022-08-12T17:30:00.000-0000","id":49393,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"village_id":12,"tag_ids":[40255,45361,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48713}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Virginia City III (Girls Hack Village)","hotel":"","short_name":"Virginia City III (Girls Hack Village)","id":45400},"spans_timebands":"N","updated":"2022-08-02T18:32:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"New at DEF CON: come play our newest Packet Hacking Village game, HardWired! Don't know how to make a network cable and want to learn? Has it been years? Or do you think you're a pro? Come test your skills against the clock, and make the best cable at con!\n\n\n","title":"HardWired","type":{"conference_id":65,"conference":"DEFCON30","color":"#d68a9d","updated_at":"2024-06-07T03:39+0000","name":"Packet Hacking Village","id":45363},"android_description":"New at DEF CON: come play our newest Packet Hacking Village game, HardWired! Don't know how to make a network cable and want to learn? Has it been years? Or do you think you're a pro? Come test your skills against the clock, and make the best cable at con!","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"updated_timestamp":{"seconds":1659455460,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49370,"village_id":19,"tag_ids":[40261,45363,45365,45373,45450],"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"includes":"","people":[],"tags":"Walkthrough Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-02T15:51:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"What is a botnet and how does it work? Come to the Packet Hacking Village and we'll teach you! Our workshop covers the basics of setup, operation, and shenanigans. Learn a skill useful for offense and defense in infosec!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d68a9d","name":"Packet Hacking Village","id":45363},"title":"Botnet Workshop","android_description":"What is a botnet and how does it work? Come to the Packet Hacking Village and we'll teach you! Our workshop covers the basics of setup, operation, and shenanigans. Learn a skill useful for offense and defense in infosec!","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"updated_timestamp":{"seconds":1659455400,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49369,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"village_id":19,"tag_ids":[40261,45363,45365,45373,45450],"includes":"","people":[],"tags":"Walkthrough Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"spans_timebands":"N","begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-02T15:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"New this year at DEF CON! Are you new to hacking? Want to learn Linux? We have a workshop for you! Interactive style training will teach you the basics of this operating system step by step so you can start your journey.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d68a9d","name":"Packet Hacking Village","id":45363},"title":"Linux Trainer","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"New this year at DEF CON! Are you new to hacking? Want to learn Linux? We have a workshop for you! Interactive style training will teach you the basics of this operating system step by step so you can start your journey.","updated_timestamp":{"seconds":1659455400,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49368,"village_id":19,"tag_ids":[40261,45363,45365,45373,45450],"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"includes":"","people":[],"tags":"Walkthrough Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"spans_timebands":"N","begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-02T15:50:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Is regex a mystery to you? We've got your back at the Packet Hacking Village. Our new interactive REGEX Trainer will walk you through learning then doing, giving you a full understanding of how Regular Expressions work.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d68a9d","updated_at":"2024-06-07T03:39+0000","name":"Packet Hacking Village","id":45363},"title":"RegEx Trainer","android_description":"Is regex a mystery to you? We've got your back at the Packet Hacking Village. Our new interactive REGEX Trainer will walk you through learning then doing, giving you a full understanding of how Regular Expressions work.","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"updated_timestamp":{"seconds":1659455340,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49367,"village_id":19,"tag_ids":[40261,45363,45365,45373,45450],"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"includes":"","people":[],"tags":"Walkthrough Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"spans_timebands":"N","begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-02T15:49:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The NetworkOS workshop takes you into the mysterious world underpinning modern computing and global communication: the network itself. Step by step, you'll learn all the basics you need. No experience needed: must know how to type and copy/paste.\n\n\n","title":"NetworkOS Workshop","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d68a9d","name":"Packet Hacking Village","id":45363},"end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"The NetworkOS workshop takes you into the mysterious world underpinning modern computing and global communication: the network itself. Step by step, you'll learn all the basics you need. No experience needed: must know how to type and copy/paste.","updated_timestamp":{"seconds":1659455340,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49366,"village_id":19,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"tag_ids":[40261,45363,45365,45373,45450],"includes":"","people":[],"tags":"Walkthrough Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"updated":"2022-08-02T15:49:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Think you know your way around a honeypot? Come to the Packet Hacking Village for a friendly, fun, low-pressure DEFCON challenge that's open to all! This game is designed for users of all experience levels: bring your own laptop, SSH in, and explore the adventure.\n\n\n","title":"Honey Pot Workshop","type":{"conference_id":65,"conference":"DEFCON30","color":"#d68a9d","updated_at":"2024-06-07T03:39+0000","name":"Packet Hacking Village","id":45363},"end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"Think you know your way around a honeypot? Come to the Packet Hacking Village for a friendly, fun, low-pressure DEFCON challenge that's open to all! This game is designed for users of all experience levels: bring your own laptop, SSH in, and explore the adventure.","updated_timestamp":{"seconds":1659455340,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49365,"tag_ids":[40261,45363,45365,45373,45450],"village_id":19,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"includes":"","people":[],"tags":"Walkthrough Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"spans_timebands":"N","updated":"2022-08-02T15:49:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Ready to upgrade your skills at the Packet Hacking Village? It’s time to play Packet Detective. A step up in difficulty from Packet Investigator, Packet Detective will test your network hunting abilities at the intermediate level. Come learn some new tricks!\n\n\n","title":"Packet Detective","type":{"conference_id":65,"conference":"DEFCON30","color":"#d68a9d","updated_at":"2024-06-07T03:39+0000","name":"Packet Hacking Village","id":45363},"android_description":"Ready to upgrade your skills at the Packet Hacking Village? It’s time to play Packet Detective. A step up in difficulty from Packet Investigator, Packet Detective will test your network hunting abilities at the intermediate level. Come learn some new tricks!","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"updated_timestamp":{"seconds":1659455280,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49364,"tag_ids":[40261,45363,45366,45373,45450],"village_id":19,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"includes":"","people":[],"tags":"Challenge","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"spans_timebands":"N","begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-02T15:48:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"New to packet-fu? Don't know a pcap from a bottle cap? Packet Inspector is the game for you! We provide the laptops and all necessary tools for you to learn the basics of network analysis, sniffing, and forensics.\n\n\n","title":"Packet Inspector","type":{"conference_id":65,"conference":"DEFCON30","color":"#d68a9d","updated_at":"2024-06-07T03:39+0000","name":"Packet Hacking Village","id":45363},"android_description":"New to packet-fu? Don't know a pcap from a bottle cap? Packet Inspector is the game for you! We provide the laptops and all necessary tools for you to learn the basics of network analysis, sniffing, and forensics.","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"updated_timestamp":{"seconds":1659455280,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49363,"village_id":19,"tag_ids":[40261,45363,45366,45373,45450],"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"includes":"","people":[],"tags":"Challenge","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"updated":"2022-08-02T15:48:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"We passively monitor the #DEFCON network looking for insecure network traffic. Drop by and see just how easy it can be! We strive to educate the “sheep” we catch: a friendly reminder that security matters.\n\n\n","title":"Wall of Sheep","type":{"conference_id":65,"conference":"DEFCON30","color":"#d68a9d","updated_at":"2024-06-07T03:39+0000","name":"Packet Hacking Village","id":45363},"end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"We passively monitor the #DEFCON network looking for insecure network traffic. Drop by and see just how easy it can be! We strive to educate the “sheep” we catch: a friendly reminder that security matters.","updated_timestamp":{"seconds":1659455220,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49362,"tag_ids":[40261,45363,45364,45373,45450],"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"village_id":19,"includes":"","people":[],"tags":"Educational Event","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 411-414, 420 (Packet Hacking Village)","hotel":"","short_name":"411-414, 420 (Packet Hacking Village)","id":45409},"spans_timebands":"N","updated":"2022-08-02T15:47:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"A handcrafted IoT challenge that will put your skills to the test. Be prepared to hack devices over bluetooth low energy, break into Wi-Fi networks, and exploit binaries. If you avoid the deadly sharks and laser beams you may be able to access smart locks, conduct electronic warfare, and fly drones.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d17648","name":"IoT Village","id":45356},"title":"Drone Hack","android_description":"A handcrafted IoT challenge that will put your skills to the test. Be prepared to hack devices over bluetooth low energy, break into Wi-Fi networks, and exploit binaries. If you avoid the deadly sharks and laser beams you may be able to access smart locks, conduct electronic warfare, and fly drones.","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"updated_timestamp":{"seconds":1659392100,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49325,"village_id":16,"tag_ids":[40275,45332,45356,45450],"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 311, 320 (IoT Village)","hotel":"","short_name":"311, 320 (IoT Village)","id":45424},"spans_timebands":"N","begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-01T22:15:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Hardware hacking with Rapid7! Rapid7 guided exercises will lead you through the hands-on hardware hacking process to gain root level access to embedded IoT technology. This series of exercises will cover multiple steps including embedded multimedia controller (eMMC) interaction, making binary images copies of flash, interaction with read only squash files systems to unpack and repack systems, and altering startup files systems within the devices’ file system to allow you to eventually gain root level access over SSH.\n\n\n","title":"Hands on Hardware Hacking – eMMC to Root","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d17648","name":"IoT Village","id":45356},"android_description":"Hardware hacking with Rapid7! Rapid7 guided exercises will lead you through the hands-on hardware hacking process to gain root level access to embedded IoT technology. This series of exercises will cover multiple steps including embedded multimedia controller (eMMC) interaction, making binary images copies of flash, interaction with read only squash files systems to unpack and repack systems, and altering startup files systems within the devices’ file system to allow you to eventually gain root level access over SSH.","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"updated_timestamp":{"seconds":1659391980,"nanoseconds":0},"speakers":[{"content_ids":[49262],"conference_id":65,"event_ids":[49323,49333,49334],"name":"Deral Heiland","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48692}],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49323,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"village_id":16,"tag_ids":[40275,45332,45356,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48692}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 311, 320 (IoT Village)","hotel":"","short_name":"311, 320 (IoT Village)","id":45424},"begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-01T22:13:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"IoT Hacking 101 is a set of quick, hands-on labs developed to teach the tools techniques for discovering and exploiting some of the common weaknesses found in loT devices today. Whether you're a pentester that has never hacked loT devices or even someone that has never hacked anything (!), these self-guided labs will walk you through all the steps in order to successfully pwn loT.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d17648","updated_at":"2024-06-07T03:39+0000","name":"IoT Village","id":45356},"title":"Hands on hacking labs","android_description":"IoT Hacking 101 is a set of quick, hands-on labs developed to teach the tools techniques for discovering and exploiting some of the common weaknesses found in loT devices today. Whether you're a pentester that has never hacked loT devices or even someone that has never hacked anything (!), these self-guided labs will walk you through all the steps in order to successfully pwn loT.","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"updated_timestamp":{"seconds":1659391920,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49321,"tag_ids":[40275,45332,45356,45450],"village_id":16,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 311, 320 (IoT Village)","hotel":"","short_name":"311, 320 (IoT Village)","id":45424},"spans_timebands":"N","begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-01T22:12:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Dive into hacking challenges with HTB at the IoT Village DEFCON 30 CTF. “House Edge” is a themed CTF challenge that aims to have the players travel through a mission inside a space casino with the final goal of accessing a safe box to retrieve its contents. Each challenge is a standalone and does not require to have solved any other challenges. That said, the content is structured in a specific order that helps facilitate the scenario, which at a high level can be broken down into the following side-tasks of the mission:\r\n\r\nGain access to the main security system to avoid being identified\r\nSteal RFID credentials of the reads in the open areas to gain access to restricted areas\r\nDisable the additional motion sensors in the restricted areas to avoid triggering an alarm\r\nOpen a safe box and retrieve its contents.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d17648","name":"IoT Village","id":45356},"title":"IoT Village CTF Challenges","android_description":"Dive into hacking challenges with HTB at the IoT Village DEFCON 30 CTF. “House Edge” is a themed CTF challenge that aims to have the players travel through a mission inside a space casino with the final goal of accessing a safe box to retrieve its contents. Each challenge is a standalone and does not require to have solved any other challenges. That said, the content is structured in a specific order that helps facilitate the scenario, which at a high level can be broken down into the following side-tasks of the mission:\r\n\r\nGain access to the main security system to avoid being identified\r\nSteal RFID credentials of the reads in the open areas to gain access to restricted areas\r\nDisable the additional motion sensors in the restricted areas to avoid triggering an alarm\r\nOpen a safe box and retrieve its contents.","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"updated_timestamp":{"seconds":1659403440,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49320,"tag_ids":[40275,45356,45358,45450],"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"village_id":16,"includes":"","people":[],"tags":"CTF","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 311, 320 (IoT Village)","hotel":"","short_name":"311, 320 (IoT Village)","id":45424},"updated":"2022-08-02T01:24:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The IoT Village CTF has over 30+ devices and challenges to find and exploit vulnerabilities in real IoT devices. Players, or teams up to 6 people, can register and compete against one another to win great prizes!. With an overall focus on real-life consequences, this year's CTF is the newest and best IoT Village CTF yet! The challenges will require creative thinking, knowledge in networking, and competency in exploit development to claim the top prize. Prizes will be awarded to the top 3 teams/players at the end of the event\r\n\r\n*****\r\n\r\nIoT Village Hacking CTF is hosted in IoT Village, teams of 1-6 players access a local network filled with IoT devices primed to be exploited. You will compete against others by successfully exploiting real IoT products and finding the hidden flags in each. The hacking contest features more than 30 real-world, vulnerable IoT devices.\r\n\r\nThis event has been redesigned to include challenges which highlight tangible impacts when exploiting real vulnerabilities on real IoT devices. Hidden in the network are devices which require advanced skills to exploit or require creative attack chaining to find the flag. Players will encounter unique hacking scenarios like, exfiltrating files off a NAS to find “clues” or bypassing a router firewall to access a camera on a hidden network to “see” a flag. Prepare to outwit, see, sneak, move, and listen your way through these hidden scenarios which have a cyber-physical effect.\r\n\r\nThe IoT devices in the contest are not simulated and do not contain contrived/made-up vulnerabilities. Competitors must figure out what real-world vulnerabilities exist in these devices and exploit them to get a shell and find the flag. This is what makes the IoT Village CTF special.\r\n\r\nThis 3-time DEF CON Black Badge awarded contest CTF is open to anyone! Our contest provides a wonderful experience to learn more about security and test your skills, and the IoT CTF provides the most realistic hacking experience around!\r\n\r\nA few devices are approachable for entry level people to experience getting their first root shell, but to win this CTF your team must perform detailed network reconnaissance, lateral pivoting, vulnerability research, hardware hacking, firmware analysis, reverse engineering, and exploit development.\r\n\r\nSo, join a team (or even by yourself) and compete for fun and prizes! Exploit as many as you can during the con and the top three teams will be rewarded.\n\n\n","title":"IoT Village CTF (the CTF formally known as SOHOplessly Broken)","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"The IoT Village CTF has over 30+ devices and challenges to find and exploit vulnerabilities in real IoT devices. Players, or teams up to 6 people, can register and compete against one another to win great prizes!. With an overall focus on real-life consequences, this year's CTF is the newest and best IoT Village CTF yet! The challenges will require creative thinking, knowledge in networking, and competency in exploit development to claim the top prize. Prizes will be awarded to the top 3 teams/players at the end of the event\r\n\r\n*****\r\n\r\nIoT Village Hacking CTF is hosted in IoT Village, teams of 1-6 players access a local network filled with IoT devices primed to be exploited. You will compete against others by successfully exploiting real IoT products and finding the hidden flags in each. The hacking contest features more than 30 real-world, vulnerable IoT devices.\r\n\r\nThis event has been redesigned to include challenges which highlight tangible impacts when exploiting real vulnerabilities on real IoT devices. Hidden in the network are devices which require advanced skills to exploit or require creative attack chaining to find the flag. Players will encounter unique hacking scenarios like, exfiltrating files off a NAS to find “clues” or bypassing a router firewall to access a camera on a hidden network to “see” a flag. Prepare to outwit, see, sneak, move, and listen your way through these hidden scenarios which have a cyber-physical effect.\r\n\r\nThe IoT devices in the contest are not simulated and do not contain contrived/made-up vulnerabilities. Competitors must figure out what real-world vulnerabilities exist in these devices and exploit them to get a shell and find the flag. This is what makes the IoT Village CTF special.\r\n\r\nThis 3-time DEF CON Black Badge awarded contest CTF is open to anyone! Our contest provides a wonderful experience to learn more about security and test your skills, and the IoT CTF provides the most realistic hacking experience around!\r\n\r\nA few devices are approachable for entry level people to experience getting their first root shell, but to win this CTF your team must perform detailed network reconnaissance, lateral pivoting, vulnerability research, hardware hacking, firmware analysis, reverse engineering, and exploit development.\r\n\r\nSo, join a team (or even by yourself) and compete for fun and prizes! Exploit as many as you can during the con and the top three teams will be rewarded.","updated_timestamp":{"seconds":1659669300,"nanoseconds":0},"speakers":[],"timeband_id":891,"end":"2022-08-13T01:00:00.000-0000","links":[{"label":"Website","type":"link","url":"https://www.iotvillage.org/#yolo"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/240953"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711644307597164665"},{"label":"Twitter","type":"link","url":"https://twitter.com/IoTvillage"}],"id":49319,"village_id":16,"tag_ids":[40275,45358,45360,45450],"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"includes":"","people":[],"tags":"CTF","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 311, 320 (IoT Village)","hotel":"","short_name":"311, 320 (IoT Village)","id":45424},"updated":"2022-08-05T03:15:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Can you restore the Aerospace Village runway lighting system? IntelliGenesis will be holding a mini-Hack the Airport that is designed to showcase the impact of a cyber-attack on critical infrastructure commercial or government facilities; specifically, Aviation Control Systems. Transportation Systems is one of the 16 Cybersecurity and Infrastructure Agency Critical Infrastructure Sectors for the US. There is a hyper focus on cybersecurity surrounding airports and the critical infrastructure systems supporting aviation operations. Come on over and give it an attempt, there will be 4 stages culminating in restoring the lighting system so that the village can begin landing and launching aircraft. All levels of experience can participate.\r\n\r\nSignups: beginning Monday 8/8 – but not required to participate\n\n\n","title":"Hack the Airport with Intelligenesis","type":{"conference_id":65,"conference":"DEFCON30","color":"#f5eab2","updated_at":"2024-06-07T03:39+0000","name":"Aerospace Village","id":45357},"android_description":"Can you restore the Aerospace Village runway lighting system? IntelliGenesis will be holding a mini-Hack the Airport that is designed to showcase the impact of a cyber-attack on critical infrastructure commercial or government facilities; specifically, Aviation Control Systems. Transportation Systems is one of the 16 Cybersecurity and Infrastructure Agency Critical Infrastructure Sectors for the US. There is a hyper focus on cybersecurity surrounding airports and the critical infrastructure systems supporting aviation operations. Come on over and give it an attempt, there will be 4 stages culminating in restoring the lighting system so that the village can begin landing and launching aircraft. All levels of experience can participate.\r\n\r\nSignups: beginning Monday 8/8 – but not required to participate","end_timestamp":{"seconds":1660348800,"nanoseconds":0},"updated_timestamp":{"seconds":1659379260,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T00:00:00.000-0000","id":49298,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"tag_ids":[40247,45357,45358,45450],"village_id":2,"includes":"","people":[],"tags":"CTF","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-01T18:41:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Red Balloon Security will provide satellite modems as well as a small satellite for the modems to communicate with. We will provide support and training at the event to help people work through all steps of the challenges using OFRAK. OFRAK (Open Firmware Reverse Analysis Konsole) combines the ability to unpack, analyze, modify, and repack binaries & firmware in a single application. PWNSAT CHALLENGE \r\nParticipants will analyze and modify the modem firmware with the goal of successfully patching in shellcode to send malicious commands to the CubeSat to make it spin. Modifications may include – disabling firewall, finding credentials, and shellcode writing + injection. Winners with the most interesting CubeSat spin results will be rewarded with a prize. \r\n\r\nSAFE SPACE: SATELLITE CONTROL PATCHING \r\nIn this challenge, participants will have the opportunity to construct and apply a patch modeled after a real world bug detected in spacecrafts. The challenge will be to understand and patch code that’s trying to solve an equation, but has a bug that makes the satellite unusable. We provide guidance on how to identify the mistake and present multiple approaches in increasing degrees of patching complexity.\n\n\n","title":"Red Balloon Failsat Challenges","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#f5eab2","name":"Aerospace Village","id":45357},"end_timestamp":{"seconds":1660345200,"nanoseconds":0},"android_description":"Red Balloon Security will provide satellite modems as well as a small satellite for the modems to communicate with. We will provide support and training at the event to help people work through all steps of the challenges using OFRAK. OFRAK (Open Firmware Reverse Analysis Konsole) combines the ability to unpack, analyze, modify, and repack binaries & firmware in a single application. PWNSAT CHALLENGE \r\nParticipants will analyze and modify the modem firmware with the goal of successfully patching in shellcode to send malicious commands to the CubeSat to make it spin. Modifications may include – disabling firewall, finding credentials, and shellcode writing + injection. Winners with the most interesting CubeSat spin results will be rewarded with a prize. \r\n\r\nSAFE SPACE: SATELLITE CONTROL PATCHING \r\nIn this challenge, participants will have the opportunity to construct and apply a patch modeled after a real world bug detected in spacecrafts. The challenge will be to understand and patch code that’s trying to solve an equation, but has a bug that makes the satellite unusable. We provide guidance on how to identify the mistake and present multiple approaches in increasing degrees of patching complexity.","updated_timestamp":{"seconds":1659379260,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-12T23:00:00.000-0000","id":49297,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"tag_ids":[40247,45357,45359,45450],"village_id":2,"includes":"","people":[],"tags":"Competition","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"updated":"2022-08-01T18:41:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Satellite communications are used by millions of people every day. From television broadcasts to internet services, satellites bring connectivity beyond the reach of wired infrastructure. In this lab, you’ll learn about one of the most popular satellite communications protocols – DVB-S (Digital Video Broadcasting for Satellite) – and how anyone with inexpensive radio equipment and freely available software can intercept and listen to these signals.\r\n\r\nRequired gear: none!\n\n\n","title":"Satellite Eavesdropping with DDS","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#f5eab2","name":"Aerospace Village","id":45357},"end_timestamp":{"seconds":1660348800,"nanoseconds":0},"android_description":"Satellite communications are used by millions of people every day. From television broadcasts to internet services, satellites bring connectivity beyond the reach of wired infrastructure. In this lab, you’ll learn about one of the most popular satellite communications protocols – DVB-S (Digital Video Broadcasting for Satellite) – and how anyone with inexpensive radio equipment and freely available software can intercept and listen to these signals.\r\n\r\nRequired gear: none!","updated_timestamp":{"seconds":1659379260,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T00:00:00.000-0000","id":49294,"tag_ids":[40247,45332,45357,45450],"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"village_id":2,"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-01T18:41:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Hack the Airfield is broken down into two primary components, the aircraft and the system used to locate and find them.\r\n\r\nBRICKS IN THE AIR\r\nLearn how avionics systems work in a safe and fun way in our Bricks in the Air workshop that simulates an environment requiring similar approaches to hacking on actual aviation buses without using any of the real hardware, protocols, or commands. Challengers can freely play and develop skills without worrying about legalities or sensitivities of real systems.\r\n\r\nSPOOFING ADS-B\r\nADS-B is the latest version of Identify Friend or Foe (IFF), which is the common name for cooperative radar surveillance of aircraft. Unlike traditional IFF, in ADS-B the aircraft periodically sends a broadcast out roughly every half second to alert all nearby receivers of its current location. These broadcasts are unencrypted and fairly easy to spoof, allowing anyone to create as many aircraft as they want. Stop by the workshop and learn what it takes to spoof fake aircraft into the system used to track them.\r\n\r\nRequired gear: none!\n\n\n","title":"Hack the Airfield with DDS","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#f5eab2","name":"Aerospace Village","id":45357},"android_description":"Hack the Airfield is broken down into two primary components, the aircraft and the system used to locate and find them.\r\n\r\nBRICKS IN THE AIR\r\nLearn how avionics systems work in a safe and fun way in our Bricks in the Air workshop that simulates an environment requiring similar approaches to hacking on actual aviation buses without using any of the real hardware, protocols, or commands. Challengers can freely play and develop skills without worrying about legalities or sensitivities of real systems.\r\n\r\nSPOOFING ADS-B\r\nADS-B is the latest version of Identify Friend or Foe (IFF), which is the common name for cooperative radar surveillance of aircraft. Unlike traditional IFF, in ADS-B the aircraft periodically sends a broadcast out roughly every half second to alert all nearby receivers of its current location. These broadcasts are unencrypted and fairly easy to spoof, allowing anyone to create as many aircraft as they want. Stop by the workshop and learn what it takes to spoof fake aircraft into the system used to track them.\r\n\r\nRequired gear: none!","end_timestamp":{"seconds":1660348800,"nanoseconds":0},"updated_timestamp":{"seconds":1659379260,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T00:00:00.000-0000","id":49293,"tag_ids":[40247,45332,45357,45450],"village_id":2,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-01T18:41:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Jams are immersive engagements that encourage you to up-level your security and coding skills on AWS through the use of hands-on real-world scenarios. The scenarios have varying level of difficulty and points associated with them. Jam engagements allow you to identify strengths, areas of improvement, and the ability to work together in team or individual challenges. Participating will help you advance your cloud cyber skills, hone your problem-solving abilities, and better understand and appreciate the complex set of threat vectors that the aerospace and satellite community confront every day. You will gain experience with a wide range of AWS services in a series of prepared scenarios across aerospace and satellite use cases and operational tasks. Come prepared to stop threat actors from laterally moving through your virtual flight operations center. Detect manipulated imagery in your satellite imagery analysis pipeline. Defend against a DDOS attack on your satellite ground station receiver network. Harden your virtual twin Mars rover against Internet of Things (IoT) attacks. There’s never a dull moment to work in space! \r\n\r\nRequired gear: Laptop and connection required to access the jam environment, set up DEF CON WiFi in advance!\n\n\n","title":"Amazon Web Services Aerospace and Satellite Jam","type":{"conference_id":65,"conference":"DEFCON30","color":"#f5eab2","updated_at":"2024-06-07T03:39+0000","name":"Aerospace Village","id":45357},"end_timestamp":{"seconds":1660348800,"nanoseconds":0},"android_description":"Jams are immersive engagements that encourage you to up-level your security and coding skills on AWS through the use of hands-on real-world scenarios. The scenarios have varying level of difficulty and points associated with them. Jam engagements allow you to identify strengths, areas of improvement, and the ability to work together in team or individual challenges. Participating will help you advance your cloud cyber skills, hone your problem-solving abilities, and better understand and appreciate the complex set of threat vectors that the aerospace and satellite community confront every day. You will gain experience with a wide range of AWS services in a series of prepared scenarios across aerospace and satellite use cases and operational tasks. Come prepared to stop threat actors from laterally moving through your virtual flight operations center. Detect manipulated imagery in your satellite imagery analysis pipeline. Defend against a DDOS attack on your satellite ground station receiver network. Harden your virtual twin Mars rover against Internet of Things (IoT) attacks. There’s never a dull moment to work in space! \r\n\r\nRequired gear: Laptop and connection required to access the jam environment, set up DEF CON WiFi in advance!","updated_timestamp":{"seconds":1659379260,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T00:00:00.000-0000","id":49292,"village_id":2,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"tag_ids":[40247,45332,45357,45450],"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-01T18:41:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Hack-A-Sat team is working hard to build the next competition platform for the Hack-A-Sat 3 (HAS3) Finals competition, where space math, hacking, and satellite operations are interwoven into a realistic space CTF environment. We will be demoing the HAS3 digital twin satellite in the Aerospace Village for participants to experience basic satellite command & control operations and flight software exploitation with two challenges created specifically for DEF CON. This year’s digital twin brings new tools, processor architecture, and physics simulation capabilities that we will be unveiling for the first time.\r\n\r\nRequired gear: We are hosting the demo on our own hardware so all you need to bring is your own desire to “Learn. Space. Faster”.\r\n\r\nSignups: first come first serve, come by the Aerospace Village during its normal operating hours!\n\n\n","title":"Hack-A-Sat Digital Twin Workshop","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#f5eab2","name":"Aerospace Village","id":45357},"android_description":"The Hack-A-Sat team is working hard to build the next competition platform for the Hack-A-Sat 3 (HAS3) Finals competition, where space math, hacking, and satellite operations are interwoven into a realistic space CTF environment. We will be demoing the HAS3 digital twin satellite in the Aerospace Village for participants to experience basic satellite command & control operations and flight software exploitation with two challenges created specifically for DEF CON. This year’s digital twin brings new tools, processor architecture, and physics simulation capabilities that we will be unveiling for the first time.\r\n\r\nRequired gear: We are hosting the demo on our own hardware so all you need to bring is your own desire to “Learn. Space. Faster”.\r\n\r\nSignups: first come first serve, come by the Aerospace Village during its normal operating hours!","end_timestamp":{"seconds":1660348800,"nanoseconds":0},"updated_timestamp":{"seconds":1659379200,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T00:00:00.000-0000","id":49290,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"tag_ids":[40247,45332,45357,45450],"village_id":2,"includes":"","people":[],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-01T18:40:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Boeing Test & Evaluation (T&E) has developed two modules to provide an interactive learning environment and engagement opportunity on ARINC 429 data bus. Three modules will be offered, including a 10-15 minute guided discussion on the basics of ARINC 429, highlighting the key components necessary to participate in the two interactive modules. Boeing will provide an interactive learning environment to improve situational awareness of ARINC 429 data bus and promote discussion on Cyber T&E across the aviation industry. After completing the basics guided tour, participants may engage in one or both of events, the Airplane Challenge and CTF.\r\n\r\nIn order to get participants familiar with ARINC 429 concepts, there will be a presentation introducing 429 and the challenge environment at 10:30 and 13:00 both days.\r\n\r\nEvent #1 – Airplane Challenge (“AC”): during this event the user is presented with a user interface to send their own crafted 429 messages. The participant will be assigned an airplane on a map with the objectives of navigating the airplane to a win condition.\r\n\r\nEvent #2 – Capture The Flag (CTF): The participants will connect into the CTF to take on challenges involving protocol and message manipulation. The participant will be able to validate each flag found in order to complete the event!\r\n\r\nRequired gear: for the AC, you will need a mobile phone and/or Laptop with ability to connect to WiFi. For the CTF you will need a laptop and ethernet cable\r\n\r\nSignups: first come first serve!\n\n\n","title":"Boeing ARINC 429 Airplane Challenge and CTF","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#f5eab2","name":"Aerospace Village","id":45357},"android_description":"Boeing Test & Evaluation (T&E) has developed two modules to provide an interactive learning environment and engagement opportunity on ARINC 429 data bus. Three modules will be offered, including a 10-15 minute guided discussion on the basics of ARINC 429, highlighting the key components necessary to participate in the two interactive modules. Boeing will provide an interactive learning environment to improve situational awareness of ARINC 429 data bus and promote discussion on Cyber T&E across the aviation industry. After completing the basics guided tour, participants may engage in one or both of events, the Airplane Challenge and CTF.\r\n\r\nIn order to get participants familiar with ARINC 429 concepts, there will be a presentation introducing 429 and the challenge environment at 10:30 and 13:00 both days.\r\n\r\nEvent #1 – Airplane Challenge (“AC”): during this event the user is presented with a user interface to send their own crafted 429 messages. The participant will be assigned an airplane on a map with the objectives of navigating the airplane to a win condition.\r\n\r\nEvent #2 – Capture The Flag (CTF): The participants will connect into the CTF to take on challenges involving protocol and message manipulation. The participant will be able to validate each flag found in order to complete the event!\r\n\r\nRequired gear: for the AC, you will need a mobile phone and/or Laptop with ability to connect to WiFi. For the CTF you will need a laptop and ethernet cable\r\n\r\nSignups: first come first serve!","end_timestamp":{"seconds":1660345200,"nanoseconds":0},"updated_timestamp":{"seconds":1659379200,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-12T23:00:00.000-0000","id":49289,"tag_ids":[40247,45357,45358,45450],"village_id":2,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"includes":"","people":[],"tags":"CTF","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-01T18:40:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Come take the controls of Pen Test Partners’ immersive A320 simulator. Experience the effects of tampered electronic flight bag data on take-off and landing, TCAS spoofing and more all in the safety of the sim. You’ll see how experienced pilots would deal with these incidents and mitigate risk to passengers and the airplane.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#f5eab2","name":"Aerospace Village","id":45357},"title":"Pen Test Partners A320 Simulator","end_timestamp":{"seconds":1660330800,"nanoseconds":0},"android_description":"Come take the controls of Pen Test Partners’ immersive A320 simulator. Experience the effects of tampered electronic flight bag data on take-off and landing, TCAS spoofing and more all in the safety of the sim. You’ll see how experienced pilots would deal with these incidents and mitigate risk to passengers and the airplane.","updated_timestamp":{"seconds":1659379200,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-12T19:00:00.000-0000","id":49288,"village_id":2,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"tag_ids":[40247,45341,45357,45450],"includes":"","people":[],"tags":"Village Event","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"updated":"2022-08-01T18:40:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Hack-A-Sat (HAS) is an Air Force/Space Force satellite hacking CTF, now in its 3rd year. This talk will: 1) educate the audience on the HAS series of competitions, 2) review challenges/solves from the HAS3 qualifiers in May 2022, 3) preview the HAS3 Finals (Oct 2022) including the 8 finalist teams vying for $100K prize pool, 4) talk about Moonlighter, a cubesat designed and built as a hacking sandbox in space. Moonlighter will be the platform for HAS4, the world’s first CTF in space.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#f5eab2","name":"Aerospace Village","id":45357},"title":"Hack-A-Sat Team","end_timestamp":{"seconds":1660326600,"nanoseconds":0},"android_description":"Hack-A-Sat (HAS) is an Air Force/Space Force satellite hacking CTF, now in its 3rd year. This talk will: 1) educate the audience on the HAS series of competitions, 2) review challenges/solves from the HAS3 qualifiers in May 2022, 3) preview the HAS3 Finals (Oct 2022) including the 8 finalist teams vying for $100K prize pool, 4) talk about Moonlighter, a cubesat designed and built as a hacking sandbox in space. Moonlighter will be the platform for HAS4, the world’s first CTF in space.","updated_timestamp":{"seconds":1659379200,"nanoseconds":0},"speakers":[{"content_ids":[49223],"conference_id":65,"event_ids":[49266],"name":"Steve Colenzo","affiliations":[{"organization":"Air Force Research Laboratory","title":""}],"links":[],"pronouns":null,"media":[],"id":48809,"title":"Air Force Research Laboratory"},{"content_ids":[49223],"conference_id":65,"event_ids":[49266],"name":"Rachel Mann","affiliations":[{"organization":"Air Force Research Laboratory","title":""}],"links":[],"pronouns":null,"media":[],"id":48810,"title":"Air Force Research Laboratory"},{"content_ids":[49223],"conference_id":65,"event_ids":[49266],"name":"Capt Elijah Williams","affiliations":[{"organization":"Space Systems Command","title":""}],"links":[],"pronouns":null,"media":[],"id":48811,"title":"Space Systems Command"},{"content_ids":[49223],"conference_id":65,"event_ids":[49266],"name":"1st Lt Kevin Bernert","affiliations":[{"organization":"Space Systems Command","title":""}],"links":[],"pronouns":null,"media":[],"id":48812,"title":"Space Systems Command"},{"content_ids":[49223],"conference_id":65,"event_ids":[49266],"name":"Mark Werremeyer","affiliations":[{"organization":"Cromulence","title":""}],"links":[],"pronouns":null,"media":[],"id":48813,"title":"Cromulence"},{"content_ids":[49223],"conference_id":65,"event_ids":[49266],"name":"Mike Walker","affiliations":[{"organization":"Cromulence","title":""}],"links":[],"pronouns":null,"media":[],"id":48814,"title":"Cromulence"},{"content_ids":[49223],"conference_id":65,"event_ids":[49266],"name":"Jordan Wiens","affiliations":[{"organization":"Vector 35","title":""}],"links":[],"pronouns":null,"media":[],"id":48815,"title":"Vector 35"},{"content_ids":[49223],"conference_id":65,"event_ids":[49266],"name":"Aaron Myrick","affiliations":[{"organization":"Aerospace Corp","title":""}],"links":[],"pronouns":null,"media":[],"id":48816,"title":"Aerospace Corp"}],"timeband_id":891,"links":[],"end":"2022-08-12T17:50:00.000-0000","id":49266,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"village_id":2,"tag_ids":[40247,45340,45357,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48812},{"tag_id":565,"sort_order":1,"person_id":48816},{"tag_id":565,"sort_order":1,"person_id":48811},{"tag_id":565,"sort_order":1,"person_id":48815},{"tag_id":565,"sort_order":1,"person_id":48813},{"tag_id":565,"sort_order":1,"person_id":48814},{"tag_id":565,"sort_order":1,"person_id":48810},{"tag_id":565,"sort_order":1,"person_id":48809}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"spans_timebands":"N","updated":"2022-08-01T18:40:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"The GACWR Story: Building a Black Owned Cyber Range","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#8dc784","name":"BIC Village","id":45353},"end_timestamp":{"seconds":1660325400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659305160,"nanoseconds":0},"speakers":[{"content_ids":[49194,49202],"conference_id":65,"event_ids":[49235,49243],"name":"GACWR Team ","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48655},{"content_ids":[49194,49202],"conference_id":65,"event_ids":[49235,49243],"name":"Jovonni Pharr","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48656}],"timeband_id":891,"links":[],"end":"2022-08-12T17:30:00.000-0000","id":49235,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"tag_ids":[40249,45340,45353,45373,45451],"village_id":6,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48655},{"tag_id":565,"sort_order":1,"person_id":48656}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Twilight Ballroom (Blacks In Cybersecurity Village)","hotel":"","short_name":"Sunset-Twilight Ballroom (Blacks In Cybersecurity Village)","id":45401},"updated":"2022-07-31T22:06:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"These are the *general* operating hours for villages, across all locations. Refer to each village's location to see their specific hours or activities.\n\n\n","title":"Village Areas Open (Generally)","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#77d8b8","name":"Misc","id":45342},"end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"These are the *general* operating hours for villages, across all locations. Refer to each village's location to see their specific hours or activities.","updated_timestamp":{"seconds":1659313320,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49231,"village_id":null,"tag_ids":[45342,45373],"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Other/See Description","hotel":"","short_name":"Other/See Description","id":45329},"spans_timebands":"N","begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-01T00:22:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"This is when you can go visit our awesome vendors. \r\n\r\nWe don't know whether they will be accepting cash or cards. That's up to each vendor, and we do not have a list.\n\n\n","title":"Vendor Area Open","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#77d8b8","name":"Misc","id":45342},"end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"This is when you can go visit our awesome vendors. \r\n\r\nWe don't know whether they will be accepting cash or cards. That's up to each vendor, and we do not have a list.","updated_timestamp":{"seconds":1660320240,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49228,"village_id":null,"tag_ids":[45342,45373,45450],"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 130-132, 134 (Vendors)","hotel":"","short_name":"130-132, 134 (Vendors)","id":45448},"updated":"2022-08-12T16:04:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Cloud Village Opening Note","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#7caa57","name":"Cloud Village","id":45350},"android_description":"","end_timestamp":{"seconds":1660324200,"nanoseconds":0},"updated_timestamp":{"seconds":1659284040,"nanoseconds":0},"speakers":[{"content_ids":[49190,49191],"conference_id":65,"event_ids":[49226,49227],"name":"Jayesh Singh Chauhan","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48647}],"timeband_id":891,"links":[],"end":"2022-08-12T17:10:00.000-0000","id":49226,"tag_ids":[40252,45341,45350,45451],"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"village_id":9,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48647}],"tags":"Village Event","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Sunset-Scenic Ballroom (Cloud Village)","hotel":"","short_name":"Sunset-Scenic Ballroom (Cloud Village)","id":45431},"begin":"2022-08-12T17:00:00.000-0000","updated":"2022-07-31T16:14:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#c5e58e","name":"Soldering Skills Village","id":45339},"title":"Solder Skills Village - Open","android_description":"","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"updated_timestamp":{"seconds":1659142500,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49140,"tag_ids":[40274,45339,45341,45373,45451],"village_id":32,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"includes":"","people":[],"tags":"Village Event","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45440,"name":"Flamingo - Exec Conf Ctr - Red Rock I, II, III, IV, V (Solder Skills Village)","hotel":"","short_name":"Red Rock I, II, III, IV, V (Solder Skills Village)","id":45425},"begin":"2022-08-12T17:00:00.000-0000","updated":"2022-07-30T00:55:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Hardware Hacking Village - Open","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#dc99bf","name":"Hardware Hacking Village","id":45338},"end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1659142440,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49137,"village_id":14,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"tag_ids":[40257,45338,45341,45373,45451],"includes":"","people":[],"tags":"Village Event","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45440,"name":"Flamingo - Exec Conf Ctr - Red Rock VI, VII, VII (Hardware Hacking Village)","hotel":"","short_name":"Red Rock VI, VII, VII (Hardware Hacking Village)","id":45422},"updated":"2022-07-30T00:54:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"UWB has been available for nearly 20 years now but never took off the way it was meant to. Every use-case designed or considered for UWB had been taken over by other protocols such as Bluetooth, and like the VR tech, UWB did not become a widespread way of communication for a long time. \r\n\r\nDuring this talk, we will look at the standards, current applications, and possible attack vectors alongside the available hardware that we can utilize to discover these vectors. This session will be a primer for anyone interested in the current UWB landscape and will try to provide the basis for security research.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#dc99bf","name":"Hardware Hacking Village","id":45338},"title":"Uwb Security Primer: Rise Of A Dusty Protocol","android_description":"UWB has been available for nearly 20 years now but never took off the way it was meant to. Every use-case designed or considered for UWB had been taken over by other protocols such as Bluetooth, and like the VR tech, UWB did not become a widespread way of communication for a long time. \r\n\r\nDuring this talk, we will look at the standards, current applications, and possible attack vectors alongside the available hardware that we can utilize to discover these vectors. This session will be a primer for anyone interested in the current UWB landscape and will try to provide the basis for security research.","end_timestamp":{"seconds":1660326300,"nanoseconds":0},"updated_timestamp":{"seconds":1659142200,"nanoseconds":0},"speakers":[{"content_ids":[49100],"conference_id":65,"event_ids":[49130],"name":"Göktay Kaykusuz ","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48540}],"timeband_id":891,"links":[],"end":"2022-08-12T17:45:00.000-0000","id":49130,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"tag_ids":[40257,45338,45340,45373,45451],"village_id":14,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48540}],"tags":"Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45440,"name":"Flamingo - Exec Conf Ctr - Red Rock VI, VII, VII (Hardware Hacking Village)","hotel":"","short_name":"Red Rock VI, VII, VII (Hardware Hacking Village)","id":45422},"spans_timebands":"N","updated":"2022-07-30T00:50:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The workshop has dealt with some of the main disinformation characteristics that conspiracy news has in common in relation to health issues and the communication strategies that some Autocratic States have\n\n\n","title":"The hybrid strategies of autocratic states: narrative characteristics of disinformation campaigns in relation to issues of a scientific-health nature","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d5f67c","name":"Misinformation Village","id":45335},"end_timestamp":{"seconds":1660329000,"nanoseconds":0},"android_description":"The workshop has dealt with some of the main disinformation characteristics that conspiracy news has in common in relation to health issues and the communication strategies that some Autocratic States have","updated_timestamp":{"seconds":1660363740,"nanoseconds":0},"speakers":[{"content_ids":[49051],"conference_id":65,"event_ids":[49054],"name":"Carlos Galán","affiliations":[{"organization":"FutureSpaces","title":""}],"links":[],"pronouns":null,"media":[],"id":48479,"title":"FutureSpaces"}],"timeband_id":891,"links":[],"end":"2022-08-12T18:30:00.000-0000","id":49054,"tag_ids":[40260,45332,45335,45450],"village_id":18,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48479}],"tags":"Workshop","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (Misinformation Village)","hotel":"","short_name":"220->236 (Misinformation Village)","id":45402},"spans_timebands":"N","begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-13T04:09:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Opening Remarks on the State of AI & Security ","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#7692ac","name":"AI Village","id":45330},"android_description":"","end_timestamp":{"seconds":1660325400,"nanoseconds":0},"updated_timestamp":{"seconds":1659110760,"nanoseconds":0},"speakers":[{"content_ids":[49030,49049],"conference_id":65,"event_ids":[49033,49052],"name":"Brian Pendleton","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/yaganub"}],"pronouns":null,"media":[],"id":48648},{"content_ids":[49030,49049],"conference_id":65,"event_ids":[49033,49052],"name":"Sven Cattell","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/comathematician"}],"pronouns":null,"media":[],"id":48649}],"timeband_id":891,"links":[],"end":"2022-08-12T17:30:00.000-0000","id":49033,"village_id":3,"tag_ids":[40248,45330,45450],"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48648},{"tag_id":565,"sort_order":1,"person_id":48649}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (AI Village)","hotel":"","short_name":"220->236 (AI Village)","id":45410},"spans_timebands":"N","updated":"2022-07-29T16:06:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Healthcare Policy != Policy","type":{"conference_id":65,"conference":"DEFCON30","color":"#a67a60","updated_at":"2024-06-07T03:39+0000","name":"Biohacking Village","id":45329},"android_description":"","end_timestamp":{"seconds":1660325400,"nanoseconds":0},"updated_timestamp":{"seconds":1659747660,"nanoseconds":0},"speakers":[{"content_ids":[49008],"conference_id":65,"event_ids":[49011],"name":"Nina Alli","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/headinthebooth"}],"media":[],"id":48455}],"timeband_id":891,"links":[],"end":"2022-08-12T17:30:00.000-0000","id":49011,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"village_id":5,"tag_ids":[40277,45329,45373,45451],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48455}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Laughlin I,II,III (Biohacking Village)","hotel":"","short_name":"Laughlin I,II,III (Biohacking Village)","id":45405},"begin":"2022-08-12T17:00:00.000-0000","updated":"2022-08-06T01:01:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"We reopen and accept drives until we reach capacity (usually late Friday or early Saturday).  Then we copy and copy all the things until we just can't copy any more - first come, first served.  We run around the clock until we run out of time on Sunday morning with the last possible pickup being before 11:00am on Sunday.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#ef47d8","updated_at":"2024-06-07T03:39+0000","name":"Data Duplication Village","id":45328},"title":"DDV open and accepting drives for duplication","end_timestamp":{"seconds":1660348800,"nanoseconds":0},"android_description":"We reopen and accept drives until we reach capacity (usually late Friday or early Saturday).  Then we copy and copy all the things until we just can't copy any more - first come, first served.  We run around the clock until we run out of time on Sunday morning with the last possible pickup being before 11:00am on Sunday.","updated_timestamp":{"seconds":1659070140,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[{"label":"https://dcddv.org","type":"link","url":"https://dcddv.org"}],"end":"2022-08-13T00:00:00.000-0000","id":49001,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"village_id":11,"tag_ids":[40254,45328,45373,45451],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45440,"name":"Flamingo - Exec Conf Ctr - Lake Meade and Valley of Fire (Data Duplication Village)","hotel":"","short_name":"Lake Meade and Valley of Fire (Data Duplication Village)","id":45423},"spans_timebands":"N","updated":"2022-07-29T04:49:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Blue Team Village Opening Ceremony\n\n\nBlue Team Village Opening Ceremony","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#97ab92","name":"Blue Team Village","id":45376},"title":"Blue Team Village Opening Ceremony","end_timestamp":{"seconds":1660325400,"nanoseconds":0},"android_description":"Blue Team Village Opening Ceremony\n\n\nBlue Team Village Opening Ceremony","updated_timestamp":{"seconds":1659044280,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-12T17:30:00.000-0000","id":48905,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"village_id":7,"tag_ids":[40250,45340,45348,45374,45376],"includes":"","people":[],"tags":"Pre-Recorded Content, Talk","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45398,"name":"Flamingo - Savoy Ballroom - BTV Main Stage (In-person)","hotel":"","short_name":"BTV Main Stage (In-person)","id":45470},"spans_timebands":"N","updated":"2022-07-28T21:38:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Vajra (Your Weapon to Cloud) is a framework capable of validating the cloud security posture of the target environment. In Indian mythology, the word Vajra refers to the Weapon of God Indra (God of Thunder and Storms). Because it is cloud-connected, it is an ideal name for the tool. Vajra supports multi-cloud environments and a variety of attack and enumeration strategies for both AWS and Azure. It features an intuitive web-based user interface built with the Python Flask module for a better user experience. The primary focus of this tool is to have different attacking and enumerating techniques all in one place with web UI interfaces so that it can be accessed anywhere by just hosting it on your server. The following modules are currently available: • Azure - Attacking 1. OAuth Based Phishing (Illicit Consent Grant Attack) - Exfiltrate Data - Enumerate Environment - Deploy Backdoors - Send mails/Create Rules 2. Password Spray 3. Password Brute Force - Enumeration 1. Users 2. Subdomain 3. Azure Ad 4. Azure Services - Specific Service 1. Storage Accounts • AWS - Enumeration 1. IAM Enumeration 2. S3 Scanner - Misconfiguration\n\nAudience: Security Professional Cloud Engineer\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#b3b0b6","updated_at":"2024-06-07T03:39+0000","name":"Demo Lab","id":45292},"title":"Vajra - Your Weapon To Cloud","android_description":"Vajra (Your Weapon to Cloud) is a framework capable of validating the cloud security posture of the target environment. In Indian mythology, the word Vajra refers to the Weapon of God Indra (God of Thunder and Storms). Because it is cloud-connected, it is an ideal name for the tool. Vajra supports multi-cloud environments and a variety of attack and enumeration strategies for both AWS and Azure. It features an intuitive web-based user interface built with the Python Flask module for a better user experience. The primary focus of this tool is to have different attacking and enumerating techniques all in one place with web UI interfaces so that it can be accessed anywhere by just hosting it on your server. The following modules are currently available: • Azure - Attacking 1. OAuth Based Phishing (Illicit Consent Grant Attack) - Exfiltrate Data - Enumerate Environment - Deploy Backdoors - Send mails/Create Rules 2. Password Spray 3. Password Brute Force - Enumeration 1. Users 2. Subdomain 3. Azure Ad 4. Azure Services - Specific Service 1. Storage Accounts • AWS - Enumeration 1. IAM Enumeration 2. S3 Scanner - Misconfiguration\n\nAudience: Security Professional Cloud Engineer","end_timestamp":{"seconds":1660330500,"nanoseconds":0},"updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48746],"conference_id":65,"event_ids":[48755],"name":"Raunak Parmar","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48063}],"timeband_id":891,"links":[],"end":"2022-08-12T18:55:00.000-0000","id":48755,"tag_ids":[45292,45373,45450],"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48063}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Committee Boardroom (Demo Labs)","hotel":"","short_name":"Committee Boardroom (Demo Labs)","id":45444},"spans_timebands":"N","updated":"2022-07-27T05:31:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The current C2s ecosystem has rapidly grown in order to adapt to modern red team operations and diverse needs (further information on C2 selection can be found here). This comes with a lot of overhead work for Offensive Security professionals everywhere. Creating a C2 is already a demanding task, and most C2s available lack an intuitive and easy to use web interface. Most Red Teams must independently administer and understand each C2 in their infrastructure. Zuthaka presents a simplified API for fast and clear integration of C2s and provides a centralized management for multiple C2 instances through a unified interface for Red Team operations. A collaborative free open-source Command & Control development framework that allows developers to concentrate on the core function and goal of their C2. Zuthaka is more than just a collection of C2s, it is also a solid foundation that can be built upon and easily customized to meet the needs of the exercise that needs to be accomplished. This integration framework for C2 allows developers to concentrate on a unique target environment and not have to reinvent the wheel. After we first presented Zuthakas' MVP at Black hat USA 2021 and DEFCON demo labs, we are now presenting the first release with updated post-exploitation modules to support text based modules, as well as file based ones. With a lab populated of commonly used C2s and its out-of-the-box integrations.\n\nAudience: Red team operators, wishing a centralized place to handle all C2s instances. C2 developers, wishing to save the effort of writing the Frontend. Hackers, wishing a strong infrastructure to run C2s.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#b3b0b6","updated_at":"2024-06-07T03:39+0000","name":"Demo Lab","id":45292},"title":"Zuthaka: A Command & Controls (C2s) integration framework","android_description":"The current C2s ecosystem has rapidly grown in order to adapt to modern red team operations and diverse needs (further information on C2 selection can be found here). This comes with a lot of overhead work for Offensive Security professionals everywhere. Creating a C2 is already a demanding task, and most C2s available lack an intuitive and easy to use web interface. Most Red Teams must independently administer and understand each C2 in their infrastructure. Zuthaka presents a simplified API for fast and clear integration of C2s and provides a centralized management for multiple C2 instances through a unified interface for Red Team operations. A collaborative free open-source Command & Control development framework that allows developers to concentrate on the core function and goal of their C2. Zuthaka is more than just a collection of C2s, it is also a solid foundation that can be built upon and easily customized to meet the needs of the exercise that needs to be accomplished. This integration framework for C2 allows developers to concentrate on a unique target environment and not have to reinvent the wheel. After we first presented Zuthakas' MVP at Black hat USA 2021 and DEFCON demo labs, we are now presenting the first release with updated post-exploitation modules to support text based modules, as well as file based ones. With a lab populated of commonly used C2s and its out-of-the-box integrations.\n\nAudience: Red team operators, wishing a centralized place to handle all C2s instances. C2 developers, wishing to save the effort of writing the Frontend. Hackers, wishing a strong infrastructure to run C2s.","end_timestamp":{"seconds":1660330500,"nanoseconds":0},"updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48741],"conference_id":65,"event_ids":[48750],"name":"Alberto Herrera","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48044},{"content_ids":[48741],"conference_id":65,"event_ids":[48750],"name":"Lucas Bonastre","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48047}],"timeband_id":891,"links":[],"end":"2022-08-12T18:55:00.000-0000","id":48750,"tag_ids":[45292,45373,45450],"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48044},{"tag_id":565,"sort_order":1,"person_id":48047}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Society Boardroom (Demo Labs)","hotel":"","short_name":"Society Boardroom (Demo Labs)","id":45393},"begin":"2022-08-12T17:00:00.000-0000","updated":"2022-07-27T05:31:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"FISSURE is an open-source RF and reverse engineering framework designed for all skill levels with hooks for signal detection and classification, protocol discovery, attack execution, IQ manipulation, vulnerability analysis, automation, and AI/ML. The framework was built to promote the rapid integration of software modules, radios, protocols, signal data, scripts, flow graphs, reference material, and third-party tools. FISSURE is a workflow enabler that keeps software in one location and allows teams to effortlessly get up to speed while sharing the same proven baseline configuration for specific Linux distributions. The framework and tools included with FISSURE are designed to detect the presence of RF energy, understand the characteristics of a signal, collect and analyze samples, develop transmit and/or injection techniques, and craft custom payloads or messages. FISSURE contains a growing library of protocol and signal information to assist in identification, packet crafting, and fuzzing. Online archive capabilities exist to download signal files and build playlists to simulate traffic and test systems.\n\nAudience: RF, Wireless, SDR, Offense, Defense\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#b3b0b6","updated_at":"2024-06-07T03:39+0000","name":"Demo Lab","id":45292},"title":"FISSURE: The RF Framework","android_description":"FISSURE is an open-source RF and reverse engineering framework designed for all skill levels with hooks for signal detection and classification, protocol discovery, attack execution, IQ manipulation, vulnerability analysis, automation, and AI/ML. The framework was built to promote the rapid integration of software modules, radios, protocols, signal data, scripts, flow graphs, reference material, and third-party tools. FISSURE is a workflow enabler that keeps software in one location and allows teams to effortlessly get up to speed while sharing the same proven baseline configuration for specific Linux distributions. The framework and tools included with FISSURE are designed to detect the presence of RF energy, understand the characteristics of a signal, collect and analyze samples, develop transmit and/or injection techniques, and craft custom payloads or messages. FISSURE contains a growing library of protocol and signal information to assist in identification, packet crafting, and fuzzing. Online archive capabilities exist to download signal files and build playlists to simulate traffic and test systems.\n\nAudience: RF, Wireless, SDR, Offense, Defense","end_timestamp":{"seconds":1660330500,"nanoseconds":0},"updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48730],"conference_id":65,"event_ids":[48744],"name":"Christopher Poore","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48057}],"timeband_id":891,"links":[],"end":"2022-08-12T18:55:00.000-0000","id":48744,"village_id":null,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"tag_ids":[45292,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48057}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Council Boardroom (Demo Labs)","hotel":"","short_name":"Council Boardroom (Demo Labs)","id":45443},"spans_timebands":"N","updated":"2022-07-27T05:31:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"TheAllCommander is an open-source tool which offers red teams and blue teams a framework to rapidly prototype and model malware communications, as well as associated client-side indicators of compromise. The framework provides a structured, documented, and object-oriented API for both the client and server, allowing anyone to quickly implement a novel communications protocol between a simulated malware daemon and its command and control server. For Blue Teamers, this allows rapid modeling of emerging threats and comprehensive testing in a controlled manner to develop reliable detection models. For Red Teamers, this framework allows rapid iteration and development of new protocols and communications schemes with an easy to use Python interface. The framework has many tools or techniques used by red teams built in, such as a SOCKS5 proxy, which then use the implemented communication scheme. This allows comprehensive testing of the detection and functional capability of the communication scheme, allowing for efficient design and development choices to be made before committing to production tool development. To facilitate this goal, TheAllCommander includes a Java based command and control server with a simple API to allow new plug-ins for server-side control. There is a python-based emulation client, which can be easily extended using the API to allow new client side communications code. Several reference implementations for covert malware communication are provided to allow out-of-the-box modeling, including emulated client browser HTTPS traffic, DNS queries, and email traffic. The tool chain includes support for several common Red Team tactics, such as Remote Desktop tunneling and FODHelper UAC bypass. This implementation effectively generates both client side and network traffic indicators of compromise.\n\nAudience: Offense, Defense\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#b3b0b6","updated_at":"2024-06-07T03:39+0000","name":"Demo Lab","id":45292},"title":"TheAllCommander","end_timestamp":{"seconds":1660330500,"nanoseconds":0},"android_description":"TheAllCommander is an open-source tool which offers red teams and blue teams a framework to rapidly prototype and model malware communications, as well as associated client-side indicators of compromise. The framework provides a structured, documented, and object-oriented API for both the client and server, allowing anyone to quickly implement a novel communications protocol between a simulated malware daemon and its command and control server. For Blue Teamers, this allows rapid modeling of emerging threats and comprehensive testing in a controlled manner to develop reliable detection models. For Red Teamers, this framework allows rapid iteration and development of new protocols and communications schemes with an easy to use Python interface. The framework has many tools or techniques used by red teams built in, such as a SOCKS5 proxy, which then use the implemented communication scheme. This allows comprehensive testing of the detection and functional capability of the communication scheme, allowing for efficient design and development choices to be made before committing to production tool development. To facilitate this goal, TheAllCommander includes a Java based command and control server with a simple API to allow new plug-ins for server-side control. There is a python-based emulation client, which can be easily extended using the API to allow new client side communications code. Several reference implementations for covert malware communication are provided to allow out-of-the-box modeling, including emulated client browser HTTPS traffic, DNS queries, and email traffic. The tool chain includes support for several common Red Team tactics, such as Remote Desktop tunneling and FODHelper UAC bypass. This implementation effectively generates both client side and network traffic indicators of compromise.\n\nAudience: Offense, Defense","updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48732],"conference_id":65,"event_ids":[48738],"name":"Matthew Handy","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48021}],"timeband_id":891,"links":[],"end":"2022-08-12T18:55:00.000-0000","id":48738,"tag_ids":[45292,45373,45450],"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48021}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Accord Boardroom (Demo Labs)","hotel":"","short_name":"Accord Boardroom (Demo Labs)","id":45395},"begin":"2022-08-12T17:00:00.000-0000","updated":"2022-07-27T05:31:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Access Undenied on AWS analyzes AWS CloudTrail AccessDenied events – it scans the environment to identify and explain the reasons for which access was denied. When the reason is an explicit deny statement, AccessUndenied identifies the exact statement. When the reason is a missing allow statement, AccessUndenied offers a least-privilege policy that facilitates access.\n\nAudience: Cloud Security, Defense.\n\n\n","title":"Access Undenied on AWS","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#b3b0b6","name":"Demo Lab","id":45292},"end_timestamp":{"seconds":1660330500,"nanoseconds":0},"android_description":"Access Undenied on AWS analyzes AWS CloudTrail AccessDenied events – it scans the environment to identify and explain the reasons for which access was denied. When the reason is an explicit deny statement, AccessUndenied identifies the exact statement. When the reason is a missing allow statement, AccessUndenied offers a least-privilege policy that facilitates access.\n\nAudience: Cloud Security, Defense.","updated_timestamp":{"seconds":1658899860,"nanoseconds":0},"speakers":[{"content_ids":[48724,49170,49186],"conference_id":65,"event_ids":[48734,49222,49206],"name":"Noam Dahan","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/NoamDahan"}],"media":[],"id":48054}],"timeband_id":891,"links":[],"end":"2022-08-12T18:55:00.000-0000","id":48734,"village_id":null,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"tag_ids":[45292,45373,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48054}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Caucus Boardroom (Demo Labs)","hotel":"","short_name":"Caucus Boardroom (Demo Labs)","id":45442},"updated":"2022-07-27T05:31:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The Russia-Ukraine war has seen a lot of computer hacking, on both sides, by nations, haxor collectives, and random citizens, to steal, deny, alter, destroy, and amplify information. Satellite comms have gone down. Railway traffic has been stymied. Doxing is a weapon. Fake personas and false flags are expected. Every major platform has had issues with confidentiality, integrity, and availability. Hacked social media and TV have been a hall of mirrors and PSYOP. Russian comms are unreliable, so Ukrainian nets have become honeypots. Hackers have been shot in the kneecaps. Talking heads have called for a RUNET shutdown. The Ukrainian government has appealed for hacker volunteers – just send your expertise, experience, and a reference. The Great Powers are hacking from afar, while defending their own critical infrastructure, including nuclear command-and-control. Ukraine has many hacker allies, while Russian hackers are fleeing their country in record numbers. Some lessons so far: connectivity is stronger than we thought, info ops are stealing the day, drones are the future, and it is always time for the next hack.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"title":"Computer Hacks in the Russia-Ukraine War","android_description":"The Russia-Ukraine war has seen a lot of computer hacking, on both sides, by nations, haxor collectives, and random citizens, to steal, deny, alter, destroy, and amplify information. Satellite comms have gone down. Railway traffic has been stymied. Doxing is a weapon. Fake personas and false flags are expected. Every major platform has had issues with confidentiality, integrity, and availability. Hacked social media and TV have been a hall of mirrors and PSYOP. Russian comms are unreliable, so Ukrainian nets have become honeypots. Hackers have been shot in the kneecaps. Talking heads have called for a RUNET shutdown. The Ukrainian government has appealed for hacker volunteers – just send your expertise, experience, and a reference. The Great Powers are hacking from afar, while defending their own critical infrastructure, including nuclear command-and-control. Ukraine has many hacker allies, while Russian hackers are fleeing their country in record numbers. Some lessons so far: connectivity is stronger than we thought, info ops are stealing the day, drones are the future, and it is always time for the next hack.","end_timestamp":{"seconds":1660324800,"nanoseconds":0},"updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48503],"conference_id":65,"event_ids":[48590],"name":"Kenneth Geers","affiliations":[{"organization":"","title":"Very Good Security / NATO Cyber Centre / Atlantic Council"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/KennethGeers"}],"pronouns":null,"media":[],"id":47856,"title":"Very Good Security / NATO Cyber Centre / Atlantic Council"}],"timeband_id":891,"end":"2022-08-12T17:20:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241831"}],"id":48590,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"village_id":null,"tag_ids":[45241,45375,45450],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47856}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 301-309, 321 (Track 4)","hotel":"","short_name":"301-309, 321 (Track 4)","id":45375},"spans_timebands":"N","updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Why looking into a 30 years old \"malicious\" software make sense in 2022? Because this little \"jewels\", written in a bunch of bytes, reached a level of complexity surprisingly high. With no other reason than pranking people or show off technical knowledge, this software show how much you can do with very limited resources: this is inspiring for us, looking at modern malicious software, looking at how things are done and how the same things could have been done instead.\n\n\n","title":"Old Malware, New tools: Ghidra and Commodore 64, why understanding old malicious software still matters","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"end_timestamp":{"seconds":1660326300,"nanoseconds":0},"android_description":"Why looking into a 30 years old \"malicious\" software make sense in 2022? Because this little \"jewels\", written in a bunch of bytes, reached a level of complexity surprisingly high. With no other reason than pranking people or show off technical knowledge, this software show how much you can do with very limited resources: this is inspiring for us, looking at modern malicious software, looking at how things are done and how the same things could have been done instead.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48502],"conference_id":65,"event_ids":[48545],"name":"Cesare Pizzi","affiliations":[{"organization":"","title":"Hacker"}],"pronouns":null,"links":[{"description":"","title":"GitHub","sort_order":0,"url":"https://github.com/cecio/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/red5heep"}],"media":[],"id":47930,"title":"Hacker"}],"timeband_id":891,"end":"2022-08-12T17:45:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241926"}],"id":48545,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"village_id":null,"tag_ids":[45241,45281,45375,45450],"includes":"Tool","people":[{"tag_id":565,"sort_order":1,"person_id":47930}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45433,"name":"Caesars Forum - Academy 401-410, 421 (Track 3)","hotel":"","short_name":"401-410, 421 (Track 3)","id":45374},"updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The nature of global power has changed. Cybersecurity is national security, economic stability, and public safety. Hackers - and the DEF CON community - sit at the intersection of technology and public policy. Policymakers seek our counsel and many of us have become regulars in policy discussions around the world. The DEF CON Policy Department creates a high-trust, high-collaboration forum unlike any other in the world for hackers and policymakers to come together.\r\n\r\nJoin this session to hear the vision for public policy at DEF CON, including where we’ve been, where we are, and where we’re going - as well as how you can be a part of it. Guest speakers will describe the history of hacking and hackers in public policy and provide a preview of this year’s sessions.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#d8bac6","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Official Talk","id":45241},"title":"Panel - DEF CON Policy Dept - What is it, and what are we trying to do for hackers in the policy world?","android_description":"The nature of global power has changed. Cybersecurity is national security, economic stability, and public safety. Hackers - and the DEF CON community - sit at the intersection of technology and public policy. Policymakers seek our counsel and many of us have become regulars in policy discussions around the world. The DEF CON Policy Department creates a high-trust, high-collaboration forum unlike any other in the world for hackers and policymakers to come together.\r\n\r\nJoin this session to hear the vision for public policy at DEF CON, including where we’ve been, where we are, and where we’re going - as well as how you can be a part of it. Guest speakers will describe the history of hacking and hackers in public policy and provide a preview of this year’s sessions.","end_timestamp":{"seconds":1660328100,"nanoseconds":0},"updated_timestamp":{"seconds":1659451020,"nanoseconds":0},"speakers":[{"content_ids":[48506,48593,48501,48534],"conference_id":65,"event_ids":[48594,48504,48523,48540],"name":"The Dark Tangent","affiliations":[{"organization":"","title":"DEF CON "}],"links":[],"pronouns":null,"media":[],"id":47869,"title":"DEF CON"},{"content_ids":[48501],"conference_id":65,"event_ids":[48523],"name":"DEF CON Policy Dept","affiliations":[],"links":[],"pronouns":null,"media":[],"id":47910}],"timeband_id":891,"links":[],"end":"2022-08-12T18:15:00.000-0000","id":48523,"tag_ids":[45241,45375,45450],"village_id":null,"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47910},{"tag_id":565,"sort_order":1,"person_id":47869}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 106-110, 138-139 (Track 2)","hotel":"","short_name":"106-110, 138-139 (Track 2)","id":45373},"updated":"2022-08-02T14:37:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Panel - \"So It's your first DEF CON\" - How to get the most out of DEF CON, What NOT to do. This talk is a guide to enjoying DEF CON. We hope to talk about how to get the most out of your first con and asnwer questions live from the audience. Feel free to come meet some long time goons, attendees, and DEF CON staff as we discuss how to navigate Las Vegas hotels with 30k hackers surrounding around you.\n\n\n","title":"Panel - \"So It's your first DEF CON\" - How to get the most out of DEF CON, What NOT to do.","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d8bac6","name":"DEF CON Official Talk","id":45241},"end_timestamp":{"seconds":1660326300,"nanoseconds":0},"android_description":"Panel - \"So It's your first DEF CON\" - How to get the most out of DEF CON, What NOT to do. This talk is a guide to enjoying DEF CON. We hope to talk about how to get the most out of your first con and asnwer questions live from the audience. Feel free to come meet some long time goons, attendees, and DEF CON staff as we discuss how to navigate Las Vegas hotels with 30k hackers surrounding around you.","updated_timestamp":{"seconds":1658375400,"nanoseconds":0},"speakers":[{"content_ids":[48500],"conference_id":65,"event_ids":[48505],"name":"DEF CON Goons","affiliations":[],"links":[],"pronouns":null,"media":[],"id":47841}],"timeband_id":891,"links":[],"end":"2022-08-12T17:45:00.000-0000","id":48505,"village_id":null,"tag_ids":[45241,45375,45450],"begin_timestamp":{"seconds":1660323600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47841}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 104-105, 135-136 (Track 1)","hotel":"","short_name":"104-105, 135-136 (Track 1)","id":45372},"updated":"2022-07-21T03:50:00.000-0000","begin":"2022-08-12T17:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Today, over a quarter of security products for detection have some form of machine learning built in. However, “machine learning” is nothing more than a mysterious buzzword for many security analysts. In order to properly deploy and manage these products, analysts will need to understand how the machine learning components operate to ensure they are working efficiently. In this talk, we will dive head first into building and training our own security-related models using the 7-step machine learning process. No environment setup is necessary, but Python experience is strongly encouraged.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#7692ac","updated_at":"2024-06-07T03:39+0000","name":"AI Village","id":45330},"title":"Automate Detection with Machine Learning ","android_description":"Today, over a quarter of security products for detection have some form of machine learning built in. However, “machine learning” is nothing more than a mysterious buzzword for many security analysts. In order to properly deploy and manage these products, analysts will need to understand how the machine learning components operate to ensure they are working efficiently. In this talk, we will dive head first into building and training our own security-related models using the 7-step machine learning process. No environment setup is necessary, but Python experience is strongly encouraged.","end_timestamp":{"seconds":1660326600,"nanoseconds":0},"updated_timestamp":{"seconds":1659290340,"nanoseconds":0},"speakers":[{"content_ids":[49031,49045],"conference_id":65,"event_ids":[49034,49048],"name":"Gavin Klondike ","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48464}],"timeband_id":891,"links":[],"end":"2022-08-12T17:50:00.000-0000","id":49034,"village_id":3,"tag_ids":[40248,45330,45450],"begin_timestamp":{"seconds":1660321800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48464}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 220->236 (AI Village)","hotel":"","short_name":"220->236 (AI Village)","id":45410},"updated":"2022-07-31T17:59:00.000-0000","begin":"2022-08-12T16:30:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The techniques and tactics used against cyber adversaries can be effective against perpetrators of sexual violence. Join the representatives from the Cabal hacker collective as they chart their success in attributing online behavior, creating intelligence pipelines, and survivor outreach in the wake of the growing threat of cyber sexual abuse. The featured case studies are real-life scenarios where familiar infosec operations ended up making a huge impact in cases against cyberstalkers, sex criminals, and hackers.\n\n\n","title":"Combatting sexual abuse with threat intelligence techniques","type":{"conference_id":65,"conference":"DEFCON30","color":"#a8c24b","updated_at":"2024-06-07T03:39+0000","name":"Skytalk","id":45291},"end_timestamp":{"seconds":1660324800,"nanoseconds":0},"android_description":"The techniques and tactics used against cyber adversaries can be effective against perpetrators of sexual violence. Join the representatives from the Cabal hacker collective as they chart their success in attributing online behavior, creating intelligence pipelines, and survivor outreach in the wake of the growing threat of cyber sexual abuse. The featured case studies are real-life scenarios where familiar infosec operations ended up making a huge impact in cases against cyberstalkers, sex criminals, and hackers.","updated_timestamp":{"seconds":1658865300,"nanoseconds":0},"speakers":[{"content_ids":[48707],"conference_id":65,"event_ids":[48714],"name":"Aaron DeVera","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/aaronsdevera"}],"pronouns":null,"media":[],"id":47990}],"timeband_id":891,"links":[],"end":"2022-08-12T17:20:00.000-0000","id":48714,"tag_ids":[40272,45291,45340,45373,45453],"village_id":30,"begin_timestamp":{"seconds":1660321800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":47990}],"tags":"Talk","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45438,"name":"LINQ - BLOQ (SkyTalks 303)","hotel":"","short_name":"BLOQ (SkyTalks 303)","id":45413},"begin":"2022-08-12T16:30:00.000-0000","updated":"2022-07-26T19:55:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Jump the linecon, and cyber straight away in AltSpaceVR. We're in https://account.altvr.com/events/2059997537997160822\n\n\n","title":"DCGVR - Welcome reception 👋","type":{"conference_id":65,"conference":"DEFCON30","color":"#74a6bb","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Groups VR","id":45449},"android_description":"Jump the linecon, and cyber straight away in AltSpaceVR. We're in https://account.altvr.com/events/2059997537997160822","end_timestamp":{"seconds":1660323600,"nanoseconds":0},"updated_timestamp":{"seconds":1660256640,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[{"label":"URL","type":"link","url":"https://account.altvr.com/events/2059997537997160822"}],"end":"2022-08-12T17:00:00.000-0000","id":49941,"tag_ids":[45374,45449],"village_id":null,"begin_timestamp":{"seconds":1660320000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - DEF CON Groups VR","hotel":"","short_name":"DEF CON Groups VR","id":45523},"spans_timebands":"N","begin":"2022-08-12T16:00:00.000-0000","updated":"2022-08-11T22:24:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Overview\r\n\r\nLast year, we organized the AutoDriving CTF as an official contest of DEF CON 29 (https://forum.defcon.org/node/237292) and did reasonably well: more than 100 teams participated and 93 teams had valid scores. Last year, due to the pandemic, the contest was online only with on-site demonstrations. All the challenges were deployed in 3D simulators. This year, we propose a hybrid event with in-person challenges on-site. We also plan to introduce some new challenges with real vehicles involved, in addition to those based on autonomous driving simulators. We hope to continue the engagement with the hacking community to raise the awareness of real-world security challenges in autonomous driving.\r\n\r\nThe AutoDriving CTF contest focuses on the emerging security challenges in autonomous driving systems. Various levels of self-driving functionalities, such as AI-powered perception, sensor fusion and route planning, are entering the product portfolio of automobile companies. From the security perspective, these AI-powered components not only contain common security problems such as memory safety bugs, but also introduce new threats such as physical adversarial attacks and sensor manipulations. Two popular examples of physical adversarial attacks are camouflage stickers that interfere with vehicle detection systems, and road graffitis that disturb lane keeping systems. The AI-powered navigation and control relies on the fusion of multiple sensor inputs, and many of the sensor inputs can be manipulated by malicious attackers. These manipulations combined with logical bugs in autonomous driving systems pose severe threats to road safety.\r\n\r\nWe design autonomous driving CTF (AutoDriving CTF) contests around the security challenges specific to these self-driving functions and components.\r\n\r\nThe goals of the AutoDriving CTF are the followings:\r\n\r\n- Demonstrate security risks of poorly designed autonomous driving systems through hands-on challenges, increase the awareness of such risks in security professionals, and encourage them to propose defense solutions and tools to detect such risks.\r\n- Provide CTF challenges that allow players to learn attack and defense practices related to autonomous driving in a well-controlled, repeatable, and visible environment.\r\n- Build a set of vulnerable autonomous driving components that can be used for security research and defense evaluation.\r\n\r\nThe contest is based on a Jeopardy style of CTF game with a set of independent challenges. A typical contest challenge includes a backend that runs autonomous driving components in simulated or real environments, and a frontend that interacts with the players. This year's contest will follow the style of last year and includes the following types of challenges:\r\n- “attack”: such as constructing adversarial patches and spoofing fake sensor inputs,\r\n- “forensics”: such as investigating a security incident related to autonomous driving,\r\n- “detection”: such as detecting spoofed sensor inputs and fake obstacles,\r\n- “crashme on road!”: such as creating dangerous traffic patterns to expose logical errors in autonomous driving systems.\r\n\r\nMost of these challenges will be developed using game-engine based autonomous driving simulators, such as CARLA and SVL. \r\nThe following link containssome challenge videos from AutoDriving CTF at DEF CON 29\r\nhttps://www.youtube.com/channel/UCPPsKbVpxwk-464KIzr8xKw\r\n\r\nWhat's new in 2022\r\n\r\nThis year, we will unlock new security-critical driving scenarios such as stop-controlled and signalized intersections. New difficulty levels will be added to challenges in such scenarios by integrating real downstream AI modules such as object tracking from open-source autonomous driving software like Apollo, Autoware and OpenPilot. For example, players will be required to generate adversarial masks which will be overlayed on the surface of a stop sign to prevent the self-driving vehicle from stopping. The self-driving vehicle is equipped with a tracking component so merely hiding the stop sign in several frames will not work.\r\n\r\nA video demonstrating an attacked scenario is available at\r\nhttps://youtu.be/4aedG1GNfRw\r\n\r\nIn addition to the simulation challenges, we will add challenges with real vehicles in the loop. In this setup, the vehicle under attack will be placed on a rack and the driving environment will be displayed on a monitor in front of the windshield camera. We will have the real vehicle running in a lab and players and players will interact with the vehicle by remotely manipulating the virtual surrounding environments (such as the projected road signs in front of the vehicle). The attack results will be judged based on systems logs (for open-source systems, such as openpilot) or dashboard visualizations (for closed-source vehicles).\r\n\r\nThe following URL shows some specifications about the real vehicles\r\nhttps://docs.google.com/document/d/1oFC5Swn-UQ3hqIBA_Pw511o8WZqToU4TcQCb3UYocFc/edit?usp=sharing\r\n\r\nIn order to enable the audience to experience the challenges more directly, we plan to set up a vehicle wheel controller on site this year. Audiences can drive themselves to compete with the self-driving vehicle in some of the challenges.\r\n\r\nFor players\r\n\r\n- What do players need to do to participate AutoDriving CTF?\r\nMost of the challenges do not require domain knowledge of autonomous driving software or adversarial machine learning, although knowledge of those helps. For example, the players can generate images the way they like (e.g., drawing, photoshopping) to fool the AI-components or write a short python script to control the vehicle. Some challenges, such as incident forensics likely would require players to learn domain knowledge such as sensor information format and how fusion works.\r\n\r\n- What do we expect players to learn through the CTF event?\r\nPlayers can (1) gain a deep understanding of real-world autonomous driving systems' design, implementation, and their corresponding security properties and characteristics; and (2) learn the attack and defense practices related to autonomous driving in a well-controlled, repeatable, visible, and engaging environment.\r\n\r\nAdditional information\r\n\r\nBelow are some materials from our first AutoDriving CTF at DEF CON 29 in 2021, which includes some challenge videos (Warning: the videos files could be large in google drive), a summary of the event and some links reporting the events.\r\n\r\nhttps://drive.google.com/drive/folders/1cr3qlX1mC7vGPzqqEZ900ZDiEQdbzGo4?usp=sharing\r\n\r\nhttp://www.buffalo.edu/ubnow/stories/2021/11/team-cacti-capture-flag.html\r\n\r\nhttps://medium.com/@asguard.research/invisible-truck-gps-hacking-mad-racing-first-person-view-of-worlds-first-ever-autonomous-9b2d5903672a\r\n\r\nhttps://netsec.ccert.edu.cn/eng/hacking/2021-08-06-autodrive-defcon\r\n\r\nhttps://cactilab.github.io/ctf.html\n\n\n","title":"AutoDriving CTF","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"end_timestamp":{"seconds":1660406400,"nanoseconds":0},"android_description":"Overview\r\n\r\nLast year, we organized the AutoDriving CTF as an official contest of DEF CON 29 (https://forum.defcon.org/node/237292) and did reasonably well: more than 100 teams participated and 93 teams had valid scores. Last year, due to the pandemic, the contest was online only with on-site demonstrations. All the challenges were deployed in 3D simulators. This year, we propose a hybrid event with in-person challenges on-site. We also plan to introduce some new challenges with real vehicles involved, in addition to those based on autonomous driving simulators. We hope to continue the engagement with the hacking community to raise the awareness of real-world security challenges in autonomous driving.\r\n\r\nThe AutoDriving CTF contest focuses on the emerging security challenges in autonomous driving systems. Various levels of self-driving functionalities, such as AI-powered perception, sensor fusion and route planning, are entering the product portfolio of automobile companies. From the security perspective, these AI-powered components not only contain common security problems such as memory safety bugs, but also introduce new threats such as physical adversarial attacks and sensor manipulations. Two popular examples of physical adversarial attacks are camouflage stickers that interfere with vehicle detection systems, and road graffitis that disturb lane keeping systems. The AI-powered navigation and control relies on the fusion of multiple sensor inputs, and many of the sensor inputs can be manipulated by malicious attackers. These manipulations combined with logical bugs in autonomous driving systems pose severe threats to road safety.\r\n\r\nWe design autonomous driving CTF (AutoDriving CTF) contests around the security challenges specific to these self-driving functions and components.\r\n\r\nThe goals of the AutoDriving CTF are the followings:\r\n\r\n- Demonstrate security risks of poorly designed autonomous driving systems through hands-on challenges, increase the awareness of such risks in security professionals, and encourage them to propose defense solutions and tools to detect such risks.\r\n- Provide CTF challenges that allow players to learn attack and defense practices related to autonomous driving in a well-controlled, repeatable, and visible environment.\r\n- Build a set of vulnerable autonomous driving components that can be used for security research and defense evaluation.\r\n\r\nThe contest is based on a Jeopardy style of CTF game with a set of independent challenges. A typical contest challenge includes a backend that runs autonomous driving components in simulated or real environments, and a frontend that interacts with the players. This year's contest will follow the style of last year and includes the following types of challenges:\r\n- “attack”: such as constructing adversarial patches and spoofing fake sensor inputs,\r\n- “forensics”: such as investigating a security incident related to autonomous driving,\r\n- “detection”: such as detecting spoofed sensor inputs and fake obstacles,\r\n- “crashme on road!”: such as creating dangerous traffic patterns to expose logical errors in autonomous driving systems.\r\n\r\nMost of these challenges will be developed using game-engine based autonomous driving simulators, such as CARLA and SVL. \r\nThe following link containssome challenge videos from AutoDriving CTF at DEF CON 29\r\nhttps://www.youtube.com/channel/UCPPsKbVpxwk-464KIzr8xKw\r\n\r\nWhat's new in 2022\r\n\r\nThis year, we will unlock new security-critical driving scenarios such as stop-controlled and signalized intersections. New difficulty levels will be added to challenges in such scenarios by integrating real downstream AI modules such as object tracking from open-source autonomous driving software like Apollo, Autoware and OpenPilot. For example, players will be required to generate adversarial masks which will be overlayed on the surface of a stop sign to prevent the self-driving vehicle from stopping. The self-driving vehicle is equipped with a tracking component so merely hiding the stop sign in several frames will not work.\r\n\r\nA video demonstrating an attacked scenario is available at\r\nhttps://youtu.be/4aedG1GNfRw\r\n\r\nIn addition to the simulation challenges, we will add challenges with real vehicles in the loop. In this setup, the vehicle under attack will be placed on a rack and the driving environment will be displayed on a monitor in front of the windshield camera. We will have the real vehicle running in a lab and players and players will interact with the vehicle by remotely manipulating the virtual surrounding environments (such as the projected road signs in front of the vehicle). The attack results will be judged based on systems logs (for open-source systems, such as openpilot) or dashboard visualizations (for closed-source vehicles).\r\n\r\nThe following URL shows some specifications about the real vehicles\r\nhttps://docs.google.com/document/d/1oFC5Swn-UQ3hqIBA_Pw511o8WZqToU4TcQCb3UYocFc/edit?usp=sharing\r\n\r\nIn order to enable the audience to experience the challenges more directly, we plan to set up a vehicle wheel controller on site this year. Audiences can drive themselves to compete with the self-driving vehicle in some of the challenges.\r\n\r\nFor players\r\n\r\n- What do players need to do to participate AutoDriving CTF?\r\nMost of the challenges do not require domain knowledge of autonomous driving software or adversarial machine learning, although knowledge of those helps. For example, the players can generate images the way they like (e.g., drawing, photoshopping) to fool the AI-components or write a short python script to control the vehicle. Some challenges, such as incident forensics likely would require players to learn domain knowledge such as sensor information format and how fusion works.\r\n\r\n- What do we expect players to learn through the CTF event?\r\nPlayers can (1) gain a deep understanding of real-world autonomous driving systems' design, implementation, and their corresponding security properties and characteristics; and (2) learn the attack and defense practices related to autonomous driving in a well-controlled, repeatable, visible, and engaging environment.\r\n\r\nAdditional information\r\n\r\nBelow are some materials from our first AutoDriving CTF at DEF CON 29 in 2021, which includes some challenge videos (Warning: the videos files could be large in google drive), a summary of the event and some links reporting the events.\r\n\r\nhttps://drive.google.com/drive/folders/1cr3qlX1mC7vGPzqqEZ900ZDiEQdbzGo4?usp=sharing\r\n\r\nhttp://www.buffalo.edu/ubnow/stories/2021/11/team-cacti-capture-flag.html\r\n\r\nhttps://medium.com/@asguard.research/invisible-truck-gps-hacking-mad-racing-first-person-view-of-worlds-first-ever-autonomous-9b2d5903672a\r\n\r\nhttps://netsec.ccert.edu.cn/eng/hacking/2021-08-06-autodrive-defcon\r\n\r\nhttps://cactilab.github.io/ctf.html","updated_timestamp":{"seconds":1659666300,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[{"label":"Twitter","type":"link","url":"https://twitter.com/autodrivingctf"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/864186660107059230"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241379"},{"label":"Website","type":"link","url":"https://autodrivingctf.org/"}],"end":"2022-08-13T16:00:00.000-0000","id":49569,"village_id":null,"tag_ids":[45360,45375,45450],"begin_timestamp":{"seconds":1660320000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"begin":"2022-08-12T16:00:00.000-0000","updated":"2022-08-05T02:25:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Try yourself in ATM, Online bank, POS and Cards hacking challenges.\r\n\r\nPlease join the DEF CON Discord and see the #payv-labs-text channel for more information. \n\n\n","title":"Payment Hacking Challenge","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cad46b","name":"Payment Village","id":45380},"end_timestamp":{"seconds":1660338000,"nanoseconds":0},"android_description":"Try yourself in ATM, Online bank, POS and Cards hacking challenges.\r\n\r\nPlease join the DEF CON Discord and see the #payv-labs-text channel for more information.","updated_timestamp":{"seconds":1660259820,"nanoseconds":0},"speakers":[],"timeband_id":891,"end":"2022-08-12T21:00:00.000-0000","links":[{"label":"Discord #payv-labs-text","type":"link","url":"https://discord.com/channels/708208267699945503/732733473558626314"}],"id":49560,"begin_timestamp":{"seconds":1660320000,"nanoseconds":0},"tag_ids":[40263,45366,45374,45380],"village_id":21,"includes":"","people":[],"tags":"Challenge","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - Payment Village","hotel":"","short_name":"Payment Village","id":45414},"spans_timebands":"N","updated":"2022-08-11T23:17:00.000-0000","begin":"2022-08-12T16:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In this competition, teams go toe to toe by placing live vishing (voice phishing) phone calls in front of the Social Engineering Community audience at DEF CON. These calls showcase the duality of ease and complexity of the craft against the various levels of preparedness and defenses by actual companies.\r\n\r\nTeams can consist of 1-3 individuals, which we hope allows for teams to utilize novel techniques to implement different Social Engineering tactics. Each team is provided limited time to place as many calls as possible from a soundproof booth. During that time, their goal is to elicit from the receiver as many objectives as possible. Whether you’re an attacker, defender, business executive, or brand new to this community, you can learn by witnessing firsthand how easy it is for some competitors to schmooze their way to their goals and how well prepared some companies are to shut down those competitors!\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#504dd0","updated_at":"2024-06-07T03:39+0000","name":"Social Engineering Community Village","id":45370},"title":"Vishing Competition (SECVC) - LIVE CALLS","end_timestamp":{"seconds":1660330800,"nanoseconds":0},"android_description":"In this competition, teams go toe to toe by placing live vishing (voice phishing) phone calls in front of the Social Engineering Community audience at DEF CON. These calls showcase the duality of ease and complexity of the craft against the various levels of preparedness and defenses by actual companies.\r\n\r\nTeams can consist of 1-3 individuals, which we hope allows for teams to utilize novel techniques to implement different Social Engineering tactics. Each team is provided limited time to place as many calls as possible from a soundproof booth. During that time, their goal is to elicit from the receiver as many objectives as possible. Whether you’re an attacker, defender, business executive, or brand new to this community, you can learn by witnessing firsthand how easy it is for some competitors to schmooze their way to their goals and how well prepared some companies are to shut down those competitors!","updated_timestamp":{"seconds":1659671340,"nanoseconds":0},"speakers":[],"timeband_id":891,"end":"2022-08-12T19:00:00.000-0000","links":[{"label":"Website","type":"link","url":"https://www.se.community/events/vishing-competition/"},{"label":"Twitter","type":"link","url":"https://twitter.com/sec_defcon"}],"id":49485,"village_id":31,"tag_ids":[40273,45359,45370,45453],"begin_timestamp":{"seconds":1660320000,"nanoseconds":0},"includes":"","people":[],"tags":"Competition","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social A (Social Engineering Community)","hotel":"","short_name":"Social A (Social Engineering Community)","id":45418},"spans_timebands":"N","begin":"2022-08-12T16:00:00.000-0000","updated":"2022-08-05T03:49:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"CALLING ALL KIDS! Come use your VS super skills and powers to work with a team of heroes SE COMMUNITY YOUTH CHALLENGE or villains.\r\n\r\nThe balance of good and evil will be determined by individual participants completing various challenges in this ‘Choose Your Own Adventure’ style event. By participating in this event, you will have opportunities to interact and learn from many other incredible villages at DEF CON while at the same time improving your Social Engineering abilities. If successful, you may even have the chance to help your team prevail and become the ultimate Superhero or Supervillain!\n\n\n","title":"Heroes vs Villians, a SEC Youth Challenge","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#504dd0","name":"Social Engineering Community Village","id":45370},"end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"CALLING ALL KIDS! Come use your VS super skills and powers to work with a team of heroes SE COMMUNITY YOUTH CHALLENGE or villains.\r\n\r\nThe balance of good and evil will be determined by individual participants completing various challenges in this ‘Choose Your Own Adventure’ style event. By participating in this event, you will have opportunities to interact and learn from many other incredible villages at DEF CON while at the same time improving your Social Engineering abilities. If successful, you may even have the chance to help your team prevail and become the ultimate Superhero or Supervillain!","updated_timestamp":{"seconds":1659670980,"nanoseconds":0},"speakers":[],"timeband_id":891,"end":"2022-08-13T01:00:00.000-0000","links":[{"label":"Twitter","type":"link","url":"https://twitter.com/sec_defcon"},{"label":"Website","type":"link","url":"https://www.se.community/events/youth-challenge/"}],"id":49484,"tag_ids":[40273,45366,45370,45453],"village_id":31,"begin_timestamp":{"seconds":1660320000,"nanoseconds":0},"includes":"","people":[],"tags":"Challenge","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social A (Social Engineering Community)","hotel":"","short_name":"Social A (Social Engineering Community)","id":45418},"updated":"2022-08-05T03:43:00.000-0000","begin":"2022-08-12T16:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there. \r\n\r\nAll chillout lounges are planned to be open 09:00 - 18:00 for chillout purposes. Each may be open at other times for parties, meetups, etc.\r\n\r\nEntertainment schedule:\r\n\r\n09:00 to 12:00 - Pie & Darren\r\n12:00 to 13:30 - Kampf\r\n13:30 to 14:30 - s1gnsofl1fe\r\n14:30 to 15:30 - Merin MC\r\n15:30 to 16:30 - Rusty\r\n16:30 to 18:00 - djdead\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#9b8b77","name":"Entertainment","id":45326},"title":"Chillout Lounge (with entertainment)","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there. \r\n\r\nAll chillout lounges are planned to be open 09:00 - 18:00 for chillout purposes. Each may be open at other times for parties, meetups, etc.\r\n\r\nEntertainment schedule:\r\n\r\n09:00 to 12:00 - Pie & Darren\r\n12:00 to 13:30 - Kampf\r\n13:30 to 14:30 - s1gnsofl1fe\r\n14:30 to 15:30 - Merin MC\r\n15:30 to 16:30 - Rusty\r\n16:30 to 18:00 - djdead","updated_timestamp":{"seconds":1659477660,"nanoseconds":0},"speakers":[{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Pie & Darren","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48409},{"content_ids":[48987],"conference_id":65,"event_ids":[49461,48988,48987,48989,49455,49457,49459,49467,49469],"name":"Kampf","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48410},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"s1gnsofl1fe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48411},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Merin MC","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48412},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Rusty","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48413},{"content_ids":[48987],"conference_id":65,"event_ids":[49461,48988,48987,48989,49455,49457,49459,49467,49469],"name":"djdead","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48414}],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49467,"begin_timestamp":{"seconds":1660320000,"nanoseconds":0},"tag_ids":[45326,45373,45450,45451,45453],"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48410},{"tag_id":565,"sort_order":1,"person_id":48412},{"tag_id":565,"sort_order":1,"person_id":48409},{"tag_id":565,"sort_order":1,"person_id":48413},{"tag_id":565,"sort_order":1,"person_id":48414},{"tag_id":565,"sort_order":1,"person_id":48411}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Reno I Ballroom (Chillout Lounge)","hotel":"","short_name":"Reno I Ballroom (Chillout Lounge)","id":45493},"begin":"2022-08-12T16:00:00.000-0000","updated":"2022-08-02T22:01:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there. \r\n\r\nAll chillout lounges are planned to be open 09:00 - 18:00 for chillout purposes. Each may be open at other times for parties, meetups, etc.\r\n\r\nEntertainment schedule:\r\n\r\n09:00 to 12:00 - Pie & Darren\r\n12:00 to 13:30 - Kampf\r\n13:30 to 14:30 - s1gnsofl1fe\r\n14:30 to 15:30 - Merin MC\r\n15:30 to 16:30 - Rusty\r\n16:30 to 18:00 - djdead\n\n\n","title":"Chillout Lounge (with entertainment)","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#9b8b77","name":"Entertainment","id":45326},"end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there. \r\n\r\nAll chillout lounges are planned to be open 09:00 - 18:00 for chillout purposes. Each may be open at other times for parties, meetups, etc.\r\n\r\nEntertainment schedule:\r\n\r\n09:00 to 12:00 - Pie & Darren\r\n12:00 to 13:30 - Kampf\r\n13:30 to 14:30 - s1gnsofl1fe\r\n14:30 to 15:30 - Merin MC\r\n15:30 to 16:30 - Rusty\r\n16:30 to 18:00 - djdead","updated_timestamp":{"seconds":1659477660,"nanoseconds":0},"speakers":[{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Pie & Darren","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48409},{"content_ids":[48987],"conference_id":65,"event_ids":[49461,48988,48987,48989,49455,49457,49459,49467,49469],"name":"Kampf","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48410},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"s1gnsofl1fe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48411},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Merin MC","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48412},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Rusty","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48413},{"content_ids":[48987],"conference_id":65,"event_ids":[49461,48988,48987,48989,49455,49457,49459,49467,49469],"name":"djdead","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48414}],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49459,"village_id":null,"begin_timestamp":{"seconds":1660320000,"nanoseconds":0},"tag_ids":[45326,45373,45450,45451,45453],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48410},{"tag_id":565,"sort_order":1,"person_id":48412},{"tag_id":565,"sort_order":1,"person_id":48409},{"tag_id":565,"sort_order":1,"person_id":48413},{"tag_id":565,"sort_order":1,"person_id":48414},{"tag_id":565,"sort_order":1,"person_id":48411}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Chillout","hotel":"","short_name":"Chillout","id":45449},"spans_timebands":"N","updated":"2022-08-02T22:01:00.000-0000","begin":"2022-08-12T16:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there. \r\n\r\nAll chillout lounges are planned to be open 09:00 - 18:00 for chillout purposes. Each may be open at other times for parties, meetups, etc.\r\n\r\nEntertainment schedule:\r\n\r\n09:00 to 12:00 - Pie & Darren\r\n12:00 to 13:30 - Kampf\r\n13:30 to 14:30 - s1gnsofl1fe\r\n14:30 to 15:30 - Merin MC\r\n15:30 to 16:30 - Rusty\r\n16:30 to 18:00 - djdead\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#9b8b77","name":"Entertainment","id":45326},"title":"Chillout Lounge (with entertainment)","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there. \r\n\r\nAll chillout lounges are planned to be open 09:00 - 18:00 for chillout purposes. Each may be open at other times for parties, meetups, etc.\r\n\r\nEntertainment schedule:\r\n\r\n09:00 to 12:00 - Pie & Darren\r\n12:00 to 13:30 - Kampf\r\n13:30 to 14:30 - s1gnsofl1fe\r\n14:30 to 15:30 - Merin MC\r\n15:30 to 16:30 - Rusty\r\n16:30 to 18:00 - djdead","updated_timestamp":{"seconds":1659477660,"nanoseconds":0},"speakers":[{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Pie & Darren","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48409},{"content_ids":[48987],"conference_id":65,"event_ids":[49461,48988,48987,48989,49455,49457,49459,49467,49469],"name":"Kampf","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48410},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"s1gnsofl1fe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48411},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Merin MC","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48412},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Rusty","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48413},{"content_ids":[48987],"conference_id":65,"event_ids":[49461,48988,48987,48989,49455,49457,49459,49467,49469],"name":"djdead","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48414}],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":49455,"begin_timestamp":{"seconds":1660320000,"nanoseconds":0},"village_id":null,"tag_ids":[45326,45373,45450,45451,45453],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48410},{"tag_id":565,"sort_order":1,"person_id":48412},{"tag_id":565,"sort_order":1,"person_id":48409},{"tag_id":565,"sort_order":1,"person_id":48413},{"tag_id":565,"sort_order":1,"person_id":48414},{"tag_id":565,"sort_order":1,"person_id":48411}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45445,"name":"Flamingo - Carson City I (Chillout)","hotel":"","short_name":"Carson City I (Chillout)","id":45477},"begin":"2022-08-12T16:00:00.000-0000","updated":"2022-08-02T22:01:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The DEF CON participants will be learning how the convergence of cybersecurity and space connect! The gamified satellite cybercrime scenario, “Mission Kolluxium Z-85-0” is ready for the next Space Captain! This is a beginner challenge. Unity based game that explores Space, Orbital Mechanics, Satellite Hacking, Deep Space Networks, Digital Forensics, Python, Wireshark, Blockchain, and Ethics! This is a great chance for a CyberNaut to learn something new! \r\n\r\nPlease register here and look for an email close to the competition day for instructions: https://www.cognitoforms.com/CCI17/SpaceGrandChallengeAEROSPACEVILLAGEDEFCON2022\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#f5eab2","updated_at":"2024-06-07T03:39+0000","name":"Aerospace Village","id":45357},"title":"California CyberSecurity Institute Space Grand Challenge","end_timestamp":{"seconds":1660435200,"nanoseconds":0},"android_description":"The DEF CON participants will be learning how the convergence of cybersecurity and space connect! The gamified satellite cybercrime scenario, “Mission Kolluxium Z-85-0” is ready for the next Space Captain! This is a beginner challenge. Unity based game that explores Space, Orbital Mechanics, Satellite Hacking, Deep Space Networks, Digital Forensics, Python, Wireshark, Blockchain, and Ethics! This is a great chance for a CyberNaut to learn something new! \r\n\r\nPlease register here and look for an email close to the competition day for instructions: https://www.cognitoforms.com/CCI17/SpaceGrandChallengeAEROSPACEVILLAGEDEFCON2022","updated_timestamp":{"seconds":1659379140,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-14T00:00:00.000-0000","id":49299,"begin_timestamp":{"seconds":1660320000,"nanoseconds":0},"tag_ids":[40247,45341,45357,45450],"village_id":2,"includes":"","people":[],"tags":"Village Event","conference_id":65,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 112-117 (Aerospace Village)","hotel":"","short_name":"112-117 (Aerospace Village)","id":45417},"updated":"2022-08-01T18:39:00.000-0000","begin":"2022-08-12T16:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"All merch sales are USD CASH ONLY. No cards will be accepted.\r\n\r\nThe published hours for the merch area are only an approximation: supplies are limited, and when merch is sold out, the merch area will close. (We intend to update this schedule to reflect their true operating status, but this is strictly best-effort.)\n\n\n","title":"Merch (formerly swag) Area Open -- README","type":{"conference_id":65,"conference":"DEFCON30","color":"#77d8b8","updated_at":"2024-06-07T03:39+0000","name":"Misc","id":45342},"android_description":"All merch sales are USD CASH ONLY. No cards will be accepted.\r\n\r\nThe published hours for the merch area are only an approximation: supplies are limited, and when merch is sold out, the merch area will close. (We intend to update this schedule to reflect their true operating status, but this is strictly best-effort.)","end_timestamp":{"seconds":1660345200,"nanoseconds":0},"updated_timestamp":{"seconds":1660233480,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-12T23:00:00.000-0000","id":49263,"village_id":null,"tag_ids":[45342,45373,45450],"begin_timestamp":{"seconds":1660320000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 229 (Merch)","hotel":"","short_name":"229 (Merch)","id":45446},"begin":"2022-08-12T16:00:00.000-0000","updated":"2022-08-11T15:58:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Using cryptography is often a subtle practice and mistakes can result in significant vulnerabilities. This workshop will cover many of these vulnerabilities which have shown up in the real world, including CVE-2020-0601. This will be a hands-on workshop where you will implement the attacks after each one is explained. I will provide a VM with Python dependencies and skeleton code included so you can focus on implementing the attack. A good way to determine if this workshop is for you is to look at the challenges at cryptopals.com and see if those look interesting, but you could use in person help understanding the attacks. While not a strict subset of those challenges, there is significant overlap.\n\nMaterials:\nA laptop with VMWare or VirtualBox installed and capable of running a VM.\n\nPrereq:\nStudents should be comfortable with modular arithmetic and the properties of XOR. Experience in Python or other similar language will be a plus.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#eab14f","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Workshop (Sold Out)","id":45336},"title":"Introduction to Cryptographic Attacks","android_description":"Using cryptography is often a subtle practice and mistakes can result in significant vulnerabilities. This workshop will cover many of these vulnerabilities which have shown up in the real world, including CVE-2020-0601. This will be a hands-on workshop where you will implement the attacks after each one is explained. I will provide a VM with Python dependencies and skeleton code included so you can focus on implementing the attack. A good way to determine if this workshop is for you is to look at the challenges at cryptopals.com and see if those look interesting, but you could use in person help understanding the attacks. While not a strict subset of those challenges, there is significant overlap.\n\nMaterials:\nA laptop with VMWare or VirtualBox installed and capable of running a VM.\n\nPrereq:\nStudents should be comfortable with modular arithmetic and the properties of XOR. Experience in Python or other similar language will be a plus.","end_timestamp":{"seconds":1660334400,"nanoseconds":0},"updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[49121,49164],"conference_id":65,"event_ids":[49200,49172],"name":"Matt Cheung","affiliations":[{"organization":"","title":"Hacker"}],"links":[],"pronouns":null,"media":[],"id":48568,"title":"Hacker"}],"timeband_id":891,"links":[],"end":"2022-08-12T20:00:00.000-0000","id":49172,"begin_timestamp":{"seconds":1660320000,"nanoseconds":0},"village_id":null,"tag_ids":[45336,45344,45373,45452],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48568}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Ely (Workshops)","hotel":"","short_name":"Ely (Workshops)","id":45486},"begin":"2022-08-12T16:00:00.000-0000","updated":"2022-07-30T05:13:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Threat actors go to great lengths to bypass enterprise security to deliver malware, avoid detection after the initial intrusion, and maintain persistence to compromise an organization. To achieve this, threat actors employ a wide variety of obfuscation and anti-analysis techniques at each phase of an attack. Often, Malware-as-a-Service (MaaS) is leveraged. In this workshop, you will get hands-on experience with real-world malware and learn how to identify key indicators of compromise (IOCs), apply analysis to enhance security products to protect users and infrastructure, and gain a deeper understanding of malware behavior through reverse engineering.\n\nOur workshop focuses on MaaS samples and their prevalence in attacks. We will break down various MaaS samples and show how they function. We will review attacker-controlled infrastructure to show how Command and Control (C2) features are successful within YOUR (hopefully not YOUR!) environment. We will conclude with an analysis of the world’s #1 C2 infrastructure: Cobalt Strike (CS). We will break down the CS infrastructure, show how Malleable C2 profiles function, and show you how to extract and analyze profile configurations from script- and PE-based payloads alike.\n\nStudents will be provided with all the lab material used throughout the course in a digital format. This includes all lab material, lab guides, and virtual machines used for training. The material provided will help to ensure that students have the ability to continue learning well after the course ends and maximize the knowledge gained from this course. Whatever isn’t covered during the class, or whatever the student wants to focus on later, will be available.\n\nMaterials:\nLinux/Windows/Mac desktop environment\nA laptop with the ability to run virtualization software such as VMWare or VirtualBox\nAccess to the system BIOS to enable virtualization, if disabled via the chipset\nAbility to temporarily disable anti-virus or white-list folders/files associated with lab material\nA laptop that the attendee is comfortable handling live malware on\nEnough disk space to store at least two 40 GB VMs, although more VMs may be used\n16GB of RAM preferred to run all VMs simultaneously \n\nPrereq:\nThe primary requirement for this course is a desire to learn and the determination to tackle challenging problems. In addition, having some familiarization with the following topics will help students maximize their time in this course:\n- A general background in Digital Forensics & Incident Response (DFIR)\n- Familiarity with blue team-oriented tools\n- An understanding of general networking concepts\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#eab14f","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Workshop (Sold Out)","id":45336},"title":"The Art of Modern Malware Analysis: Initial Infection Malware, Infrastructure, and C2 Frameworks","end_timestamp":{"seconds":1660334400,"nanoseconds":0},"android_description":"Threat actors go to great lengths to bypass enterprise security to deliver malware, avoid detection after the initial intrusion, and maintain persistence to compromise an organization. To achieve this, threat actors employ a wide variety of obfuscation and anti-analysis techniques at each phase of an attack. Often, Malware-as-a-Service (MaaS) is leveraged. In this workshop, you will get hands-on experience with real-world malware and learn how to identify key indicators of compromise (IOCs), apply analysis to enhance security products to protect users and infrastructure, and gain a deeper understanding of malware behavior through reverse engineering.\n\nOur workshop focuses on MaaS samples and their prevalence in attacks. We will break down various MaaS samples and show how they function. We will review attacker-controlled infrastructure to show how Command and Control (C2) features are successful within YOUR (hopefully not YOUR!) environment. We will conclude with an analysis of the world’s #1 C2 infrastructure: Cobalt Strike (CS). We will break down the CS infrastructure, show how Malleable C2 profiles function, and show you how to extract and analyze profile configurations from script- and PE-based payloads alike.\n\nStudents will be provided with all the lab material used throughout the course in a digital format. This includes all lab material, lab guides, and virtual machines used for training. The material provided will help to ensure that students have the ability to continue learning well after the course ends and maximize the knowledge gained from this course. Whatever isn’t covered during the class, or whatever the student wants to focus on later, will be available.\n\nMaterials:\nLinux/Windows/Mac desktop environment\nA laptop with the ability to run virtualization software such as VMWare or VirtualBox\nAccess to the system BIOS to enable virtualization, if disabled via the chipset\nAbility to temporarily disable anti-virus or white-list folders/files associated with lab material\nA laptop that the attendee is comfortable handling live malware on\nEnough disk space to store at least two 40 GB VMs, although more VMs may be used\n16GB of RAM preferred to run all VMs simultaneously \n\nPrereq:\nThe primary requirement for this course is a desire to learn and the determination to tackle challenging problems. In addition, having some familiarization with the following topics will help students maximize their time in this course:\n- A general background in Digital Forensics & Incident Response (DFIR)\n- Familiarity with blue team-oriented tools\n- An understanding of general networking concepts","updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[49122],"conference_id":65,"event_ids":[49166],"name":"Aaron Rosenmund","affiliations":[{"organization":"","title":"Threat Emulation and Detection Operator"}],"pronouns":null,"links":[{"description":"","title":"AaronRosenmund.com","sort_order":0,"url":"https://www.AaronRosenmund.com"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/arosenmund"}],"media":[],"id":48546,"title":"Threat Emulation and Detection Operator"},{"content_ids":[49122],"conference_id":65,"event_ids":[49166],"name":"Josh Stroschein","affiliations":[{"organization":"","title":"Malware Analyst"}],"links":[],"pronouns":null,"media":[],"id":48563,"title":"Malware Analyst"},{"content_ids":[49122],"conference_id":65,"event_ids":[49166],"name":"Ryan J Chapman","affiliations":[{"organization":"","title":"IR Practitioner"}],"links":[],"pronouns":null,"media":[],"id":48582,"title":"IR Practitioner"}],"timeband_id":891,"links":[],"end":"2022-08-12T20:00:00.000-0000","id":49166,"begin_timestamp":{"seconds":1660320000,"nanoseconds":0},"village_id":null,"tag_ids":[45336,45344,45373,45452],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48546},{"tag_id":565,"sort_order":1,"person_id":48563},{"tag_id":565,"sort_order":1,"person_id":48582}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Lake Tahoe (Workshops)","hotel":"","short_name":"Lake Tahoe (Workshops)","id":45481},"spans_timebands":"N","begin":"2022-08-12T16:00:00.000-0000","updated":"2022-07-30T05:13:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Ever wondered what it is like being a cybersecurity or incident response analyst? Are you new to investigation or want to take your analysis to the next level? If you answered yes, here is your chance to experience an exciting 4-hour class taught by mR_F0r3n51c5 and S3curityNerd. In today's threat landscape, malware continues to be used by all various types of threat actors. This class teaches students how to investigate a compromised Windows system using forensic and malware analysis fundamentals.\n\nUpon successful class completion, students will be able to:\n- Build analysis skills that leverage complex scenarios and improve comprehension.\n- Practically acquire data in a forensically sound manner.\n- Identify common areas of malware persistence.\n- Gather evidence and create a timeline to characterize how the system was compromised.\n- Participate in a hand to keyboard combat capstone. Students are given an image of a compromised Windows system and demonstrate how to analyze it.\n\nMaterials:\nStudents will be required to download a virtual machine (OVA file). Students will be given a URL for download access. \nRegarding the downloaded virtual machine, this will be imported into your virtual machine software and ready before the start of class. If any additional technical support is needed, the instructors will make themselves available online. \nStudents must have a laptop that meets the following requirements:\nA 64 bit CPU running at 2GHz or more. The students will be running a virtual machine on their host laptop.\nHave the ability to update BIOS settings. Specifically, enable virtualization technology such as \"Intel-VT.\"\nThe student must be able to access their system's BIOS if it is password protected. This is in case of changes being necessary.\n8 GB (Gigabytes) of RAM or higher\nAt least one open and working USB Type-A port\n50 Gigabytes of free hard drive space, allowing you the ability to host the VMs we distribute\nStudents must have Local Administrator Access on their system. \nWireless 802.11 Capability\nA host operating system that is running Windows 10+, Linux, or macOS 10.4 or later.\nVirtualization software is required. The supplied VM has been built for out-of-the-box comparability with VMWare Workstation or Player. Students may use other software if they choose, but they may have to troubleshoot unpredictable issues.\nAt a minimum, the following VM features will be needed:\nNATted networking from VM to Internet\nCopy Paste of text and files between the Host machine and VM\n\nPrereq:\nAlthough no prerequisites are required, experience with using virtual machines will be helpful.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#eab14f","name":"DEF CON Workshop (Sold Out)","id":45336},"title":"DFIR Against the Digital Darkness: An Intro to Forensicating Evil","android_description":"Ever wondered what it is like being a cybersecurity or incident response analyst? Are you new to investigation or want to take your analysis to the next level? If you answered yes, here is your chance to experience an exciting 4-hour class taught by mR_F0r3n51c5 and S3curityNerd. In today's threat landscape, malware continues to be used by all various types of threat actors. This class teaches students how to investigate a compromised Windows system using forensic and malware analysis fundamentals.\n\nUpon successful class completion, students will be able to:\n- Build analysis skills that leverage complex scenarios and improve comprehension.\n- Practically acquire data in a forensically sound manner.\n- Identify common areas of malware persistence.\n- Gather evidence and create a timeline to characterize how the system was compromised.\n- Participate in a hand to keyboard combat capstone. Students are given an image of a compromised Windows system and demonstrate how to analyze it.\n\nMaterials:\nStudents will be required to download a virtual machine (OVA file). Students will be given a URL for download access. \nRegarding the downloaded virtual machine, this will be imported into your virtual machine software and ready before the start of class. If any additional technical support is needed, the instructors will make themselves available online. \nStudents must have a laptop that meets the following requirements:\nA 64 bit CPU running at 2GHz or more. The students will be running a virtual machine on their host laptop.\nHave the ability to update BIOS settings. Specifically, enable virtualization technology such as \"Intel-VT.\"\nThe student must be able to access their system's BIOS if it is password protected. This is in case of changes being necessary.\n8 GB (Gigabytes) of RAM or higher\nAt least one open and working USB Type-A port\n50 Gigabytes of free hard drive space, allowing you the ability to host the VMs we distribute\nStudents must have Local Administrator Access on their system. \nWireless 802.11 Capability\nA host operating system that is running Windows 10+, Linux, or macOS 10.4 or later.\nVirtualization software is required. The supplied VM has been built for out-of-the-box comparability with VMWare Workstation or Player. Students may use other software if they choose, but they may have to troubleshoot unpredictable issues.\nAt a minimum, the following VM features will be needed:\nNATted networking from VM to Internet\nCopy Paste of text and files between the Host machine and VM\n\nPrereq:\nAlthough no prerequisites are required, experience with using virtual machines will be helpful.","end_timestamp":{"seconds":1660334400,"nanoseconds":0},"updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[49123],"conference_id":65,"event_ids":[49155],"name":"Michael Register","affiliations":[{"organization":"","title":"Threat Hunter"}],"links":[],"pronouns":null,"media":[],"id":48570,"title":"Threat Hunter"},{"content_ids":[49123],"conference_id":65,"event_ids":[49155],"name":"Michael Solomon","affiliations":[{"organization":"","title":"Threat Hunter"}],"links":[],"pronouns":null,"media":[],"id":48571,"title":"Threat Hunter"}],"timeband_id":891,"links":[],"end":"2022-08-12T20:00:00.000-0000","id":49155,"begin_timestamp":{"seconds":1660320000,"nanoseconds":0},"tag_ids":[45336,45344,45373,45452],"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48570},{"tag_id":565,"sort_order":1,"person_id":48571}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Reno (Workshops)","hotel":"","short_name":"Reno (Workshops)","id":45482},"begin":"2022-08-12T16:00:00.000-0000","updated":"2022-07-30T05:13:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Many people are interested in finding vulnerabilities but don't know where to start. This workshop is aimed at providing details on how to use fuzzing to find software vulnerabilities. We will discuss what is fuzzing, different types of fuzzers and how to use them.\n\nThis training will start with a basic introduction to different types of vulnerabilities which are very common in softwares. Later on during the training we will first start with fuzzing a simple C program which contains these vulnerabilities. After that we will see how we fuzz real world open source softwares using fuzzers like AFL,libfuzzer and honggfuzz etc.\n\nThis talk will also provide details on how AFL works, what are the different mutation strategies it uses. basics of compile time instrumentation, how to collect corpus for fuzzing and how to minimize it,crash triage and finding root cause.\n\nKey takeaways from this workshop will be:\n1. Understanding of common types of security vulnerabilities like buffer overflow/heap overflow/use after free/double free/Out of bound read/write/memory leaks etc.\n2. Understanding how to use various fuzzers like AFL,LibFuzzer, Hongfuzz etc.\n3. How to fuzz various open source softwares on linux.\n4. How to do basic debugging to find the root cause of vulnerabilities for linux.\n5. How to write secure software by having an understanding of common types of vulnerabilities.\n\nMaterials:\nA laptop with at least 16GB RAM, min 4 core processor, virtualbox or vmware. I will be sharing a linux VM based on kali which will have all the tools required for the workshop.\n\nPrereq:\nBasic knowledge of C,C++, basic knowledge of linux and windows.\n\n\n","title":"Finding Security Vulnerabilities Through Fuzzing","type":{"conference_id":65,"conference":"DEFCON30","color":"#eab14f","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Workshop (Sold Out)","id":45336},"end_timestamp":{"seconds":1660334400,"nanoseconds":0},"android_description":"Many people are interested in finding vulnerabilities but don't know where to start. This workshop is aimed at providing details on how to use fuzzing to find software vulnerabilities. We will discuss what is fuzzing, different types of fuzzers and how to use them.\n\nThis training will start with a basic introduction to different types of vulnerabilities which are very common in softwares. Later on during the training we will first start with fuzzing a simple C program which contains these vulnerabilities. After that we will see how we fuzz real world open source softwares using fuzzers like AFL,libfuzzer and honggfuzz etc.\n\nThis talk will also provide details on how AFL works, what are the different mutation strategies it uses. basics of compile time instrumentation, how to collect corpus for fuzzing and how to minimize it,crash triage and finding root cause.\n\nKey takeaways from this workshop will be:\n1. Understanding of common types of security vulnerabilities like buffer overflow/heap overflow/use after free/double free/Out of bound read/write/memory leaks etc.\n2. Understanding how to use various fuzzers like AFL,LibFuzzer, Hongfuzz etc.\n3. How to fuzz various open source softwares on linux.\n4. How to do basic debugging to find the root cause of vulnerabilities for linux.\n5. How to write secure software by having an understanding of common types of vulnerabilities.\n\nMaterials:\nA laptop with at least 16GB RAM, min 4 core processor, virtualbox or vmware. I will be sharing a linux VM based on kali which will have all the tools required for the workshop.\n\nPrereq:\nBasic knowledge of C,C++, basic knowledge of linux and windows.","updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[49119],"conference_id":65,"event_ids":[49152],"name":"Hardik Shah","affiliations":[{"organization":"","title":"Security Researcher"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/hardik05"},{"description":"","title":"https://news.sophos.com/en-us/author/hardik-shah/","sort_order":0,"url":"https://news.sophos.com/en-us/author/hardik-shah/"},{"description":"","title":"https://www.mcafee.com/blogs/author/hardik-shah","sort_order":0,"url":"https://www.mcafee.com/blogs/author/hardik-shah"}],"media":[],"id":48560,"title":"Security Researcher"}],"timeband_id":891,"links":[],"end":"2022-08-12T20:00:00.000-0000","id":49152,"begin_timestamp":{"seconds":1660320000,"nanoseconds":0},"tag_ids":[45336,45343,45373,45452],"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48560}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Elko (Workshops)","hotel":"","short_name":"Elko (Workshops)","id":45484},"spans_timebands":"N","updated":"2022-07-30T05:13:00.000-0000","begin":"2022-08-12T16:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"CI/CD pipelines are increasingly becoming part of the standard infrastructure within dev teams and with the rise of solutions such as Infrastructure as Code, the sensitivity level of such pipelines is escalating. In case of compromise, it is not just the applications that are at risk but the underlying systems themselves and sometimes the whole information systems.\nAttackers are beginning to exploit those weaknesses both for supply chains attacks but also to escalate their privileges within the victim IS.\n \nWelcome to DataLeek company, after several decades of V-cycle development we have now decided to adopt the \"agile\" methodology. To do so, our IT teams have set up a CI/CD pipeline that rely on the most advanced and state-of-the-art tools available on the market.\nHowever, for some reasons, our CISO seems to doubt the security level of this brand new infrastructure and insist to perform a pentest on it.\n \nYour mission, should you choose to accept it, is to evaluate the security level of this CI/CD pipeline and offer solutions to fix the issues identified.\n \nIn this fully hands-on workshop, we’ll guide you through multiple vulnerabilities that we witnessed during numerous penetration tests. You’ll learn how to:\n \n- Get a foothold within a CI/CD pipeline\n- Find interesting secrets and other information within code repositories\n- How to pivot and exploit weak configuration on the orchestrator\n- Compromise building nodes in order to add backdoors to artifacts\n- Pivot on cloud infrastructure\n- Escape Kubernetes thanks to common misconfiguration\n- Perform a privilege escalation in AWS\n \nHand-on exercises will be performed on our lab environment with a wide variety of tools. For each attack, we will also focus on prevention, mitigation techniques and potential way to detect exploitations.\n\nMaterials:\nAll attendees will need to bring a laptop capable of running virtual machines (8GB of RAM is a minimum) and an up-to-date RDP client.\n\nPrereq:\nThis training is aimed at security professionals or developers willing to understand the risks of a poorly secured CI/CD pipeline.\n\n\n","title":"CICD security: A new eldorado","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#eab14f","name":"DEF CON Workshop (Sold Out)","id":45336},"end_timestamp":{"seconds":1660334400,"nanoseconds":0},"android_description":"CI/CD pipelines are increasingly becoming part of the standard infrastructure within dev teams and with the rise of solutions such as Infrastructure as Code, the sensitivity level of such pipelines is escalating. In case of compromise, it is not just the applications that are at risk but the underlying systems themselves and sometimes the whole information systems.\nAttackers are beginning to exploit those weaknesses both for supply chains attacks but also to escalate their privileges within the victim IS.\n \nWelcome to DataLeek company, after several decades of V-cycle development we have now decided to adopt the \"agile\" methodology. To do so, our IT teams have set up a CI/CD pipeline that rely on the most advanced and state-of-the-art tools available on the market.\nHowever, for some reasons, our CISO seems to doubt the security level of this brand new infrastructure and insist to perform a pentest on it.\n \nYour mission, should you choose to accept it, is to evaluate the security level of this CI/CD pipeline and offer solutions to fix the issues identified.\n \nIn this fully hands-on workshop, we’ll guide you through multiple vulnerabilities that we witnessed during numerous penetration tests. You’ll learn how to:\n \n- Get a foothold within a CI/CD pipeline\n- Find interesting secrets and other information within code repositories\n- How to pivot and exploit weak configuration on the orchestrator\n- Compromise building nodes in order to add backdoors to artifacts\n- Pivot on cloud infrastructure\n- Escape Kubernetes thanks to common misconfiguration\n- Perform a privilege escalation in AWS\n \nHand-on exercises will be performed on our lab environment with a wide variety of tools. For each attack, we will also focus on prevention, mitigation techniques and potential way to detect exploitations.\n\nMaterials:\nAll attendees will need to bring a laptop capable of running virtual machines (8GB of RAM is a minimum) and an up-to-date RDP client.\n\nPrereq:\nThis training is aimed at security professionals or developers willing to understand the risks of a poorly secured CI/CD pipeline.","updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[49120],"conference_id":65,"event_ids":[49151],"name":"Gauthier Sebaux","affiliations":[{"organization":"","title":"Penetration Tester"}],"links":[],"pronouns":null,"media":[],"id":48557,"title":"Penetration Tester"},{"content_ids":[49120],"conference_id":65,"event_ids":[49151],"name":"Remi Escourrou","affiliations":[{"organization":"","title":"Red Team Lead"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/remiescourrou"}],"pronouns":null,"media":[],"id":48577,"title":"Red Team Lead"},{"content_ids":[49120],"conference_id":65,"event_ids":[49151],"name":"Xavier Gerondeau","affiliations":[{"organization":"","title":"Penetration Tester"}],"links":[],"pronouns":null,"media":[],"id":48587,"title":"Penetration Tester"}],"timeband_id":891,"links":[],"end":"2022-08-12T20:00:00.000-0000","id":49151,"begin_timestamp":{"seconds":1660320000,"nanoseconds":0},"tag_ids":[45336,45344,45373,45452],"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48557},{"tag_id":565,"sort_order":1,"person_id":48577},{"tag_id":565,"sort_order":1,"person_id":48587}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Copper (Workshops)","hotel":"","short_name":"Copper (Workshops)","id":45483},"spans_timebands":"N","begin":"2022-08-12T16:00:00.000-0000","updated":"2022-07-30T05:13:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there. \r\n\r\nAll chillout lounges are planned to be open 09:00 - 18:00 for chillout purposes. Each may be open at other times for parties, meetups, etc.\r\n\r\nEntertainment schedule:\r\n\r\n09:00 to 12:00 - Pie & Darren\r\n12:00 to 13:30 - Kampf\r\n13:30 to 14:30 - s1gnsofl1fe\r\n14:30 to 15:30 - Merin MC\r\n15:30 to 16:30 - Rusty\r\n16:30 to 18:00 - djdead\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#9b8b77","updated_at":"2024-06-07T03:39+0000","name":"Entertainment","id":45326},"title":"Chillout Lounge (with entertainment)","end_timestamp":{"seconds":1660352400,"nanoseconds":0},"android_description":"The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there. \r\n\r\nAll chillout lounges are planned to be open 09:00 - 18:00 for chillout purposes. Each may be open at other times for parties, meetups, etc.\r\n\r\nEntertainment schedule:\r\n\r\n09:00 to 12:00 - Pie & Darren\r\n12:00 to 13:30 - Kampf\r\n13:30 to 14:30 - s1gnsofl1fe\r\n14:30 to 15:30 - Merin MC\r\n15:30 to 16:30 - Rusty\r\n16:30 to 18:00 - djdead","updated_timestamp":{"seconds":1659477660,"nanoseconds":0},"speakers":[{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Pie & Darren","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48409},{"content_ids":[48987],"conference_id":65,"event_ids":[49461,48988,48987,48989,49455,49457,49459,49467,49469],"name":"Kampf","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48410},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"s1gnsofl1fe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48411},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Merin MC","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48412},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Rusty","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48413},{"content_ids":[48987],"conference_id":65,"event_ids":[49461,48988,48987,48989,49455,49457,49459,49467,49469],"name":"djdead","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48414}],"timeband_id":891,"links":[],"end":"2022-08-13T01:00:00.000-0000","id":48988,"begin_timestamp":{"seconds":1660320000,"nanoseconds":0},"tag_ids":[45326,45373,45450,45451,45453],"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48410},{"tag_id":565,"sort_order":1,"person_id":48412},{"tag_id":565,"sort_order":1,"person_id":48409},{"tag_id":565,"sort_order":1,"person_id":48413},{"tag_id":565,"sort_order":1,"person_id":48414},{"tag_id":565,"sort_order":1,"person_id":48411}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 120-123, 129, 137 (Chillout)","hotel":"","short_name":"120-123, 129, 137 (Chillout)","id":45397},"spans_timebands":"N","begin":"2022-08-12T16:00:00.000-0000","updated":"2022-08-02T22:01:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Social Engineering Community Village opens - morning welcome and introduction","type":{"conference_id":65,"conference":"DEFCON30","color":"#504dd0","updated_at":"2024-06-07T03:39+0000","name":"Social Engineering Community Village","id":45370},"android_description":"","end_timestamp":{"seconds":1660320000,"nanoseconds":0},"updated_timestamp":{"seconds":1659503820,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-12T16:00:00.000-0000","id":49483,"tag_ids":[40273,45341,45370,45453],"begin_timestamp":{"seconds":1660318200,"nanoseconds":0},"village_id":31,"includes":"","people":[],"tags":"Village Event","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45490,"name":"LINQ - 3rd flr - Social A (Social Engineering Community)","hotel":"","short_name":"Social A (Social Engineering Community)","id":45418},"spans_timebands":"N","begin":"2022-08-12T15:30:00.000-0000","updated":"2022-08-03T05:17:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"If you find something that seems to have been lost, please take that item to the nearest infobooth. The item will enter the DEF CON Lost & Found system. \r\n\r\nIf you've lost something, the only way to check on it (or reclaim it) is by going to the Lost & Found department yourself. The Lost & Found department is in the room behind the infobooth that is in Caesars Forum, closest to Track 3 (across from rooms 222 and 407). If the infobooth is operating when you arrive, ask any on-duty goon for assistance. If the infobooth is closed, knock on the door behind the desk.\n\n\n","title":"Lost and Found Department Open (Generally)","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#77d8b8","name":"Misc","id":45342},"android_description":"If you find something that seems to have been lost, please take that item to the nearest infobooth. The item will enter the DEF CON Lost & Found system. \r\n\r\nIf you've lost something, the only way to check on it (or reclaim it) is by going to the Lost & Found department yourself. The Lost & Found department is in the room behind the infobooth that is in Caesars Forum, closest to Track 3 (across from rooms 222 and 407). If the infobooth is operating when you arrive, ask any on-duty goon for assistance. If the infobooth is closed, knock on the door behind the desk.","end_timestamp":{"seconds":1660370400,"nanoseconds":0},"updated_timestamp":{"seconds":1660318080,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T06:00:00.000-0000","id":49973,"tag_ids":[45342,45373,45450],"begin_timestamp":{"seconds":1660316400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45432,"name":"Caesars Forum - Summit Pre-Function 4 (Lost & Found)","hotel":"","short_name":"Summit Pre-Function 4 (Lost & Found)","id":45525},"spans_timebands":"N","begin":"2022-08-12T15:00:00.000-0000","updated":"2022-08-12T15:28:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Human Registration Open","type":{"conference_id":65,"conference":"DEFCON30","color":"#77d8b8","updated_at":"2024-06-07T03:39+0000","name":"Misc","id":45342},"android_description":"","end_timestamp":{"seconds":1660356000,"nanoseconds":0},"updated_timestamp":{"seconds":1659150840,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[],"end":"2022-08-13T02:00:00.000-0000","id":49143,"village_id":null,"begin_timestamp":{"seconds":1660316400,"nanoseconds":0},"tag_ids":[45342,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 102","hotel":"","short_name":"102","id":45522},"begin":"2022-08-12T15:00:00.000-0000","updated":"2022-07-30T03:14:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"At 6am on Friday, the cycle_override crew will be hosting the 10th Defcon Bikeride. We miscounted last year which was really the 9th. We'll meet at a local bikeshop, get some rental bicycles, and about 7am will make the ride out to Red Rocks. It's about a 15 mile ride, all downhill on the return journey. So, if you are crazy enough to join us, get some water, and head over to cycleoverride.org for more info. See at 6am Friday! jp_bourget gdead heidishmoo. Go to cycleoverride.org for more info. In the event that there is no on site Defcon, we will do a virtual ride during Defcon.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#697bd0","name":"Event","id":45293},"title":"DEF CON Bike Ride \"CycleOverride\"","end_timestamp":{"seconds":1660309200,"nanoseconds":0},"android_description":"At 6am on Friday, the cycle_override crew will be hosting the 10th Defcon Bikeride. We miscounted last year which was really the 9th. We'll meet at a local bikeshop, get some rental bicycles, and about 7am will make the ride out to Red Rocks. It's about a 15 mile ride, all downhill on the return journey. So, if you are crazy enough to join us, get some water, and head over to cycleoverride.org for more info. See at 6am Friday! jp_bourget gdead heidishmoo. Go to cycleoverride.org for more info. In the event that there is no on site Defcon, we will do a virtual ride during Defcon.","updated_timestamp":{"seconds":1658905980,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241416"},{"label":"DEF CON Discord","type":"link","url":"https://discord.com/channels/708208267699945503/864187460547248189"}],"end":"2022-08-12T13:00:00.000-0000","id":48759,"begin_timestamp":{"seconds":1660309200,"nanoseconds":0},"village_id":null,"tag_ids":[45293,45373],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Other/See Description","hotel":"","short_name":"Other/See Description","id":45329},"spans_timebands":"N","begin":"2022-08-12T13:00:00.000-0000","updated":"2022-07-27T07:13:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Multi User Dungeons or MUD's are the text based precursors to MMO's. THe DEFCON MUD is an intentionally vulnerable game written in a language called LPC. The theme every year varies. This year we will be going back to the original engine as featured in DEFCON 27. All new areas will be built to frustrate players. The game will launch 2 weeks before DEFCON and will run until DEFCON Sunday.\r\n\r\nCan you beat the game, can you find the sword of 1000 truths, can you find the exploits? \r\n\r\nGame opens 2 weeks before DEFCON to allow people time to explore and play. There will be a formal scoring system which will be released Thursday evening. On site activity will be related to shenanigans and powerful item drops at random locations.\r\n\r\nFriday: 24 hours\r\nSaturday: 24 hours\r\nSunday: 24 hours (scoring cutoff at noon)\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"title":"DEF CON MUD","end_timestamp":{"seconds":1660503600,"nanoseconds":0},"android_description":"Multi User Dungeons or MUD's are the text based precursors to MMO's. THe DEFCON MUD is an intentionally vulnerable game written in a language called LPC. The theme every year varies. This year we will be going back to the original engine as featured in DEFCON 27. All new areas will be built to frustrate players. The game will launch 2 weeks before DEFCON and will run until DEFCON Sunday.\r\n\r\nCan you beat the game, can you find the sword of 1000 truths, can you find the exploits? \r\n\r\nGame opens 2 weeks before DEFCON to allow people time to explore and play. There will be a formal scoring system which will be released Thursday evening. On site activity will be related to shenanigans and powerful item drops at random locations.\r\n\r\nFriday: 24 hours\r\nSaturday: 24 hours\r\nSunday: 24 hours (scoring cutoff at noon)","updated_timestamp":{"seconds":1659667620,"nanoseconds":0},"speakers":[],"timeband_id":891,"links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241405"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/728707998796480590"},{"label":"CTFd","type":"link","url":"https://ctf.mog.ninja"},{"label":"Website","type":"link","url":"https://mog.ninja"}],"end":"2022-08-14T19:00:00.000-0000","id":49578,"village_id":null,"begin_timestamp":{"seconds":1660287600,"nanoseconds":0},"tag_ids":[45360,45375,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"spans_timebands":"Y","begin":"2022-08-12T07:00:00.000-0000","updated":"2022-08-05T02:47:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"21:00 - 22:00: heckseven\r\n22:00 - 23:00: DotOrNot\r\n23:00 - 00:00: Tavoo\r\n00:00 - 01:00: CodexMafia\r\n01:00 - 02:00: PankleDank\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#9b8b77","name":"Entertainment","id":45326},"title":"Hallway Monitor Party - Entertainment","android_description":"21:00 - 22:00: heckseven\r\n22:00 - 23:00: DotOrNot\r\n23:00 - 00:00: Tavoo\r\n00:00 - 01:00: CodexMafia\r\n01:00 - 02:00: PankleDank","end_timestamp":{"seconds":1660294800,"nanoseconds":0},"updated_timestamp":{"seconds":1659059520,"nanoseconds":0},"speakers":[{"content_ids":[48990],"conference_id":65,"event_ids":[48992],"name":"CodexMafia","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48389},{"content_ids":[48990],"conference_id":65,"event_ids":[48992],"name":"DotOrNot","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48394},{"content_ids":[48990],"conference_id":65,"event_ids":[48992],"name":"Heckseven","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48397},{"content_ids":[48990],"conference_id":65,"event_ids":[48992],"name":"PankleDank","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48403},{"content_ids":[48990],"conference_id":65,"event_ids":[48992],"name":"Tavoo","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48407}],"timeband_id":890,"links":[],"end":"2022-08-12T09:00:00.000-0000","id":48992,"village_id":null,"tag_ids":[45326,45373,45450],"begin_timestamp":{"seconds":1660276800,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48389},{"tag_id":565,"sort_order":1,"person_id":48394},{"tag_id":565,"sort_order":1,"person_id":48397},{"tag_id":565,"sort_order":1,"person_id":48403},{"tag_id":565,"sort_order":1,"person_id":48407}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45432,"name":"Caesars Forum - Skybridge Entrance","hotel":"","short_name":"Skybridge Entrance","id":45469},"spans_timebands":"Y","begin":"2022-08-12T04:00:00.000-0000","updated":"2022-07-29T01:52:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"18:00 - 19:00: Hildebrand Magic\r\n19:00 - 20:00: NPC Collective\r\n20:00 - 21:00: Archwisp\r\n21:00 - 22:00: Dr. McGrew\r\n22:00 - 23:00: DJ St3rling\r\n23:00 - 00:00: ytcracker\r\n00:00 - 01:00: TRIODE\r\n01:00 - 02:00: FuzzyNop\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#9b8b77","updated_at":"2024-06-07T03:39+0000","name":"Entertainment","id":45326},"title":"Thursday Opening Party - Entertainment","android_description":"18:00 - 19:00: Hildebrand Magic\r\n19:00 - 20:00: NPC Collective\r\n20:00 - 21:00: Archwisp\r\n21:00 - 22:00: Dr. McGrew\r\n22:00 - 23:00: DJ St3rling\r\n23:00 - 00:00: ytcracker\r\n00:00 - 01:00: TRIODE\r\n01:00 - 02:00: FuzzyNop","end_timestamp":{"seconds":1660294800,"nanoseconds":0},"updated_timestamp":{"seconds":1659059460,"nanoseconds":0},"speakers":[{"content_ids":[48989],"conference_id":65,"event_ids":[48991],"name":"Archwisp","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48386},{"content_ids":[48989,48991,48994],"conference_id":65,"event_ids":[48991,48993,48996],"name":"Magician Kody Hildebrand","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48400},{"content_ids":[48989],"conference_id":65,"event_ids":[48991],"name":"NPC Collective","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48402},{"content_ids":[48989],"conference_id":65,"event_ids":[48991],"name":"TRIODE","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48406},{"content_ids":[48989],"conference_id":65,"event_ids":[48991],"name":"Ytcracker","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48408},{"content_ids":[48989],"conference_id":65,"event_ids":[48991],"name":"DJ St3rling","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48415},{"content_ids":[48989],"conference_id":65,"event_ids":[48991],"name":"Dr. McGrew","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48420},{"content_ids":[48989],"conference_id":65,"event_ids":[48991],"name":"FuzzyNop","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48421}],"timeband_id":890,"links":[],"end":"2022-08-12T09:00:00.000-0000","id":48991,"village_id":null,"tag_ids":[45326,45373,45450],"begin_timestamp":{"seconds":1660266000,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48386},{"tag_id":565,"sort_order":1,"person_id":48415},{"tag_id":565,"sort_order":1,"person_id":48420},{"tag_id":565,"sort_order":1,"person_id":48421},{"tag_id":565,"sort_order":1,"person_id":48400},{"tag_id":565,"sort_order":1,"person_id":48402},{"tag_id":565,"sort_order":1,"person_id":48406},{"tag_id":565,"sort_order":1,"person_id":48408}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 120-123, 129, 137 (Chillout)","hotel":"","short_name":"120-123, 129, 137 (Chillout)","id":45397},"begin":"2022-08-12T01:00:00.000-0000","updated":"2022-07-29T01:51:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Join DC702 for a Pwnagotchi party. The DC702 team will be auctioning off kits and donating the proceeds to the EFF, as well as providing instructions and guidance for assembly. Everyone is welcome to come by, and if you have your own assembled or unassembled kit, feel free to bring it!\n\n\n","title":"DC702 Pwnagotchi Party","type":{"conference_id":65,"conference":"DEFCON30","color":"#d1c366","updated_at":"2024-06-07T03:39+0000","name":"Meetup","id":45288},"end_timestamp":{"seconds":1660276800,"nanoseconds":0},"android_description":"Join DC702 for a Pwnagotchi party. The DC702 team will be auctioning off kits and donating the proceeds to the EFF, as well as providing instructions and guidance for assembly. Everyone is welcome to come by, and if you have your own assembled or unassembled kit, feel free to bring it!","updated_timestamp":{"seconds":1658811240,"nanoseconds":0},"speakers":[],"timeband_id":890,"links":[],"end":"2022-08-12T04:00:00.000-0000","id":48699,"village_id":null,"tag_ids":[45288,45373,45450],"begin_timestamp":{"seconds":1660266000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 211-213 (Teacher's Lounge)","hotel":"","short_name":"211-213 (Teacher's Lounge)","id":45466},"spans_timebands":"N","updated":"2022-07-26T04:54:00.000-0000","begin":"2022-08-12T01:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun.\r\n\r\nPlease note: the Caesars Forum Unity Ballroom is at the \"front\" of Caesars Forum, beside Demo Labs, across from room 216 (the Contest-CTF area).\n\n\n","title":"Friends of Bill W","type":{"conference_id":65,"conference":"DEFCON30","color":"#d1c366","updated_at":"2024-06-07T03:39+0000","name":"Meetup","id":45288},"end_timestamp":{"seconds":1660262400,"nanoseconds":0},"android_description":"For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun.\r\n\r\nPlease note: the Caesars Forum Unity Ballroom is at the \"front\" of Caesars Forum, beside Demo Labs, across from room 216 (the Contest-CTF area).","updated_timestamp":{"seconds":1659541740,"nanoseconds":0},"speakers":[],"timeband_id":890,"links":[],"end":"2022-08-12T00:00:00.000-0000","id":48704,"tag_ids":[45288,45373,45450],"begin_timestamp":{"seconds":1660262400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Unity Boardroom","hotel":"","short_name":"Unity Boardroom","id":45394},"spans_timebands":"N","begin":"2022-08-12T00:00:00.000-0000","updated":"2022-08-03T15:49:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"https://dcddv.org","description":"We start taking drives at 4:00pm local time on Thursday, August 11th. We'll keep accepting drives until we reach capacity (usually late Friday or early Saturday).  Then we copy and copy all the things until we just can't copy any more - first come, first served.  We run around the clock until we run out of time on Sunday morning with the last possible pickup being before 11:00am on Sunday.\n\n\n","title":"DDV (Data Duplication Village) starts accepting drives for duplication","type":{"conference_id":65,"conference":"DEFCON30","color":"#ef47d8","updated_at":"2024-06-07T03:39+0000","name":"Data Duplication Village","id":45328},"end_timestamp":{"seconds":1660269600,"nanoseconds":0},"android_description":"We start taking drives at 4:00pm local time on Thursday, August 11th. We'll keep accepting drives until we reach capacity (usually late Friday or early Saturday).  Then we copy and copy all the things until we just can't copy any more - first come, first served.  We run around the clock until we run out of time on Sunday morning with the last possible pickup being before 11:00am on Sunday.","updated_timestamp":{"seconds":1660270560,"nanoseconds":0},"speakers":[],"timeband_id":890,"end":"2022-08-12T02:00:00.000-0000","links":[{"label":"link","type":"link","url":"https://dcddv.org"}],"id":49000,"begin_timestamp":{"seconds":1660258800,"nanoseconds":0},"tag_ids":[40254,45328,45373,45451],"village_id":11,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45440,"name":"Flamingo - Exec Conf Ctr - Lake Meade and Valley of Fire (Data Duplication Village)","hotel":"","short_name":"Lake Meade and Valley of Fire (Data Duplication Village)","id":45423},"updated":"2022-08-12T02:16:00.000-0000","begin":"2022-08-11T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"16:00- 22:00 Thursday, Off-site at Sunset Park, Pavilion F, (36.0636, -115.1178)\r\n\r\nThe humans of Vegas invite you to the 16th in-carne-tion of this unofficial welcome party. Go AFK 4 BBQ off-Strip and make us the first stop on your DC30 reunion tour. Burgers and dogs are provided; attendees are encouraged to pitch in with more food, drinks, volunteer labor, rides, and and everything that makes this cookout something to remember.\r\n\r\nGrab flyers from an Info Booth after Linecon, check out https://www.toxicbbq.org for the history of this event, and watch #ToxicBBQ on Twitter for the latest news.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#697bd0","updated_at":"2024-06-07T03:39+0000","name":"Event","id":45293},"title":"Toxic BBQ","end_timestamp":{"seconds":1660280400,"nanoseconds":0},"android_description":"16:00- 22:00 Thursday, Off-site at Sunset Park, Pavilion F, (36.0636, -115.1178)\r\n\r\nThe humans of Vegas invite you to the 16th in-carne-tion of this unofficial welcome party. Go AFK 4 BBQ off-Strip and make us the first stop on your DC30 reunion tour. Burgers and dogs are provided; attendees are encouraged to pitch in with more food, drinks, volunteer labor, rides, and and everything that makes this cookout something to remember.\r\n\r\nGrab flyers from an Info Booth after Linecon, check out https://www.toxicbbq.org for the history of this event, and watch #ToxicBBQ on Twitter for the latest news.","updated_timestamp":{"seconds":1658906520,"nanoseconds":0},"speakers":[],"timeband_id":890,"end":"2022-08-12T05:00:00.000-0000","links":[{"label":"DEF CON Discord","type":"link","url":"https://discord.com/channels/708208267699945503/864188639709495316"},{"label":"Website","type":"link","url":"https://www.toxicbbq.org"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/240980"},{"label":"Google Maps Pin","type":"link","url":"https://goo.gl/maps/VaYa9HpMaKX2avdj7"}],"id":48762,"village_id":null,"tag_ids":[45293,45373],"begin_timestamp":{"seconds":1660258800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Other/See Description","hotel":"","short_name":"Other/See Description","id":45329},"updated":"2022-07-27T07:22:00.000-0000","begin":"2022-08-11T23:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The lgbtqia+ community in InfoSec is throwing a party to bring our folk together and have a good time. Meet others like you or hang out with those you’ve met over the years. This is a safe and inclusive space meant to make you feel comfortable and help you socialize with others like you.\n\n\n","title":"Queercon Mixer","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#d1c366","name":"Meetup","id":45288},"end_timestamp":{"seconds":1660266000,"nanoseconds":0},"android_description":"The lgbtqia+ community in InfoSec is throwing a party to bring our folk together and have a good time. Meet others like you or hang out with those you’ve met over the years. This is a safe and inclusive space meant to make you feel comfortable and help you socialize with others like you.","updated_timestamp":{"seconds":1658810760,"nanoseconds":0},"speakers":[],"timeband_id":890,"links":[],"end":"2022-08-12T01:00:00.000-0000","id":48690,"village_id":null,"begin_timestamp":{"seconds":1660258800,"nanoseconds":0},"tag_ids":[45288,45373,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 120-123, 129, 137 (Chillout)","hotel":"","short_name":"120-123, 129, 137 (Chillout)","id":45397},"begin":"2022-08-11T23:00:00.000-0000","updated":"2022-07-26T04:46:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Do you want to learn how to hack Industrial Control Systems? Let’s participate in the one and only CTF in which you really have to capture a flag, by hacking PLCs and taking control of a robotic arm!\nWe’ll start by explaining the basics of Industrial Control Systems : what are the components, how they work, the protocols they use…\nWe’ll learn how PLC work, how to program them, and how to communicate with them using Modbus, S7comm and OPCUA.\n\nThen we’ll start hacking! Your goal will be to take control of a model train and robotic arms to capture a real flag!\nThe CTF will be guided so that everyone learns something and gets a chance to get most flags!\n\nMaterials:\nJust a laptop with a modern web browser. Students will be provided with cloud VMs to perform the exercises.\n\nPrereq:\nNone\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#eab14f","name":"DEF CON Workshop (Sold Out)","id":45336},"title":"Pentesting Industrial Control Systems 101: Capture the Flag!","android_description":"Do you want to learn how to hack Industrial Control Systems? Let’s participate in the one and only CTF in which you really have to capture a flag, by hacking PLCs and taking control of a robotic arm!\nWe’ll start by explaining the basics of Industrial Control Systems : what are the components, how they work, the protocols they use…\nWe’ll learn how PLC work, how to program them, and how to communicate with them using Modbus, S7comm and OPCUA.\n\nThen we’ll start hacking! Your goal will be to take control of a model train and robotic arms to capture a real flag!\nThe CTF will be guided so that everyone learns something and gets a chance to get most flags!\n\nMaterials:\nJust a laptop with a modern web browser. Students will be provided with cloud VMs to perform the exercises.\n\nPrereq:\nNone","end_timestamp":{"seconds":1660266000,"nanoseconds":0},"updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[49125,49117],"conference_id":65,"event_ids":[49171,49173],"name":"Alexandrine Torrents","affiliations":[{"organization":"","title":"Security Consultant"}],"links":[],"pronouns":null,"media":[],"id":48548,"title":"Security Consultant"},{"content_ids":[49125,49117],"conference_id":65,"event_ids":[49171,49173],"name":"Arnaud Soullie","affiliations":[{"organization":"","title":"Senior Manager "}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/arnaudsoullie"}],"media":[],"id":48549,"title":"Senior Manager"}],"timeband_id":890,"links":[],"end":"2022-08-12T01:00:00.000-0000","id":49171,"begin_timestamp":{"seconds":1660251600,"nanoseconds":0},"tag_ids":[45336,45344,45373,45452],"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48548},{"tag_id":565,"sort_order":1,"person_id":48549}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Ely (Workshops)","hotel":"","short_name":"Ely (Workshops)","id":45486},"spans_timebands":"N","begin":"2022-08-11T21:00:00.000-0000","updated":"2022-07-30T05:13:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In recent times, Azure has become one of the dominant cloud service providers. Most enterprises today have some infrastructure if not all deployed on the cloud and attackers are constantly on the hunt for finding a way into the infrastructure.\n\nAmong the recent cloud hacks, around 97 percent are due to misconfigurations and various surveys suggest that in most cases, people were not aware of how misconfiguration can happen in various circumstances. Azure security is a mammoth in itself and a lot of people struggle in getting started with it, for the same reason many cloud administrators and developers are not aware of how misconfigurations and vulnerable applications can be leveraged to get a foothold on the account.\n\nThis workshop is a power course for Azure security, we will first cover the fundamentals and building blocks of Azure then we will take a look at the threatscape and attack vectors.\n\nMaterials:\nA laptop with the latest web browser and network connectivity\nA Kali VM (Virtual Box, VMWare, WSL)\n\nPrereq:\nBasic knowledge of Linux and Networking\n\n\n","title":"Introduction to Azure Security","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#eab14f","name":"DEF CON Workshop (Sold Out)","id":45336},"end_timestamp":{"seconds":1660266000,"nanoseconds":0},"android_description":"In recent times, Azure has become one of the dominant cloud service providers. Most enterprises today have some infrastructure if not all deployed on the cloud and attackers are constantly on the hunt for finding a way into the infrastructure.\n\nAmong the recent cloud hacks, around 97 percent are due to misconfigurations and various surveys suggest that in most cases, people were not aware of how misconfiguration can happen in various circumstances. Azure security is a mammoth in itself and a lot of people struggle in getting started with it, for the same reason many cloud administrators and developers are not aware of how misconfigurations and vulnerable applications can be leveraged to get a foothold on the account.\n\nThis workshop is a power course for Azure security, we will first cover the fundamentals and building blocks of Azure then we will take a look at the threatscape and attack vectors.\n\nMaterials:\nA laptop with the latest web browser and network connectivity\nA Kali VM (Virtual Box, VMWare, WSL)\n\nPrereq:\nBasic knowledge of Linux and Networking","updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[48727,49115],"conference_id":65,"event_ids":[48757,49163],"name":"Nishant Sharma","affiliations":[{"organization":"","title":"Security Research Manager"}],"links":[],"pronouns":null,"media":[],"id":48045,"title":"Security Research Manager"},{"content_ids":[48725,49115],"conference_id":65,"event_ids":[48733,49163],"name":"Jeswin Mathai","affiliations":[{"organization":"","title":"Senior Security Researcher"}],"links":[],"pronouns":null,"media":[],"id":48050,"title":"Senior Security Researcher"}],"timeband_id":890,"links":[],"end":"2022-08-12T01:00:00.000-0000","id":49163,"begin_timestamp":{"seconds":1660251600,"nanoseconds":0},"village_id":null,"tag_ids":[45336,45344,45373,45452],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48050},{"tag_id":565,"sort_order":1,"person_id":48045}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Silver (Workshops)","hotel":"","short_name":"Silver (Workshops)","id":45480},"spans_timebands":"N","updated":"2022-07-30T05:13:00.000-0000","begin":"2022-08-11T21:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"\n\nMaterials:\nLaptop with enough power for a moderately sized Linux VM \nAdministrative access to the laptop\n8GB RAM minimum\n30GB harddrive space\nVirtualbox or another virtualization platform installed\n\nPrereq:\nBasic computer science background (x86_64 assembly, stack, programming skills in C & Python)\nBasic binary exploitation skills (buffer overflow exploitation, ROP, ASLR, etc.) \n- Familiar with Linux developer tools such as the command line, Python scripting and GDB.\n\n\n","title":"House of Heap Exploitation","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#eab14f","name":"DEF CON Workshop (Sold Out)","id":45336},"android_description":"Materials:\nLaptop with enough power for a moderately sized Linux VM \nAdministrative access to the laptop\n8GB RAM minimum\n30GB harddrive space\nVirtualbox or another virtualization platform installed\n\nPrereq:\nBasic computer science background (x86_64 assembly, stack, programming skills in C & Python)\nBasic binary exploitation skills (buffer overflow exploitation, ROP, ASLR, etc.) \n- Familiar with Linux developer tools such as the command line, Python scripting and GDB.","end_timestamp":{"seconds":1660266000,"nanoseconds":0},"updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[48542,49114],"conference_id":65,"event_ids":[48583,49160],"name":"Zachary Minneker","affiliations":[{"organization":"","title":"Senior Security Engineer, Security Innovation"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/seiranib"}],"media":[],"id":47922,"title":"Senior Security Engineer, Security Innovation"},{"content_ids":[49114],"conference_id":65,"event_ids":[49160],"name":"Maxwell Dulin","affiliations":[{"organization":"","title":"Security Engineer"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Dooflin5"},{"description":"","title":"maxwelldulin.com","sort_order":0,"url":"https://maxwelldulin.com/"}],"media":[],"id":48523,"title":"Security Engineer"},{"content_ids":[49114],"conference_id":65,"event_ids":[49160],"name":"Kenzie Dolan","affiliations":[{"organization":"","title":"Security Engineer"}],"links":[],"pronouns":null,"media":[],"id":48566,"title":"Security Engineer"},{"content_ids":[49114],"conference_id":65,"event_ids":[49160],"name":"Nathan Kirkland","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48572}],"timeband_id":890,"links":[],"end":"2022-08-12T01:00:00.000-0000","id":49160,"tag_ids":[45336,45345,45373,45452],"begin_timestamp":{"seconds":1660251600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48566},{"tag_id":565,"sort_order":1,"person_id":48523},{"tag_id":565,"sort_order":1,"person_id":48572},{"tag_id":565,"sort_order":1,"person_id":47922}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Goldfield + Tonopah (Workshops)","hotel":"","short_name":"Goldfield + Tonopah (Workshops)","id":45485},"spans_timebands":"N","begin":"2022-08-11T21:00:00.000-0000","updated":"2022-07-30T05:13:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"This class is a beginner's introduction to practical Software Defined Radio (SDR) applications and development with an emphasis on hands-on learning. If you have ever been curious about the invisible world of radio waves and signals all around you, but didn’t know where to begin, then this workshop is for you. Students can expect to learn about basic RF theory and SDR architecture before moving on to hands-on development with real radios. The instructor will guide students through progressively more complicated RF concepts and waveforms, culminating in a small capstone exercise. For this workshop, you must provide your own laptop and SDR. You can either purchase a RTL-SDR dongle kit which includes an antenna, small tripod, and a receive-only USB SDR for this class beforehand and bring it to the conference, or use a commercial SDR you already own. VMs will be made available to students to download before class, along with an OS setup guide for those that prefer a bare-metal install. The VM/OS will have all the required drivers and frameworks to interface with the radio hardware. My intent for this class is to lower the barrier of entry associated with RF topics, and for that reason I would like to emphasize that the workshop is geared toward complete beginner students with no prior experience working with SDRs; DEF CON attendees who already have experience with SDRs will likely find this course too simple.\n\nMaterials:\n Students will need to come with the following:\nA laptop capable of running an Ubuntu VM (or an install of Ubuntu). The VM/OS installation guide will be given out before Defcon. Digital Signals Processing is typically very computationally intensive, so I recommend a laptop with a 4 core processor and 8GB of RAM.\n\nA Software Defined Radio, as this workshop is bring-your-own-device. I highly recommend a RTL2832 chip based kit that comes with a USB-powered SDR and an antenna mount. Two brands to consider are RTL-SDR and Nooelec. They are essentially the same, and I would pick whatever SDR is in stock at the time. Make sure to pick the kit that comes with the antenna accessories and not just the USB dongle. It should be between $40 to $50 USD:\nhttps://www.rtl-sdr.com/buy-rtl-sdr-dvb-t-dongles/\nhttps://www.nooelec.com/store/sdr/sdr-receivers/nesdr-smart.html\n\nIf you already own a SDR (like a HackRF or one of the RTL-chip dongles) you can also use that. Just make sure to bring/buy an antenna.\n\nDue to supply-chain issues, if you need to purchase a SDR for this workshop I highly recommend doing so ASAP.\n\nPrereq:\nNone, this is a workshop for complete beginners, although having some basic python knowledge would be a plus\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#eab14f","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Workshop (Sold Out)","id":45336},"title":"Introduction to Software Defined Radios and RF Hacking","android_description":"This class is a beginner's introduction to practical Software Defined Radio (SDR) applications and development with an emphasis on hands-on learning. If you have ever been curious about the invisible world of radio waves and signals all around you, but didn’t know where to begin, then this workshop is for you. Students can expect to learn about basic RF theory and SDR architecture before moving on to hands-on development with real radios. The instructor will guide students through progressively more complicated RF concepts and waveforms, culminating in a small capstone exercise. For this workshop, you must provide your own laptop and SDR. You can either purchase a RTL-SDR dongle kit which includes an antenna, small tripod, and a receive-only USB SDR for this class beforehand and bring it to the conference, or use a commercial SDR you already own. VMs will be made available to students to download before class, along with an OS setup guide for those that prefer a bare-metal install. The VM/OS will have all the required drivers and frameworks to interface with the radio hardware. My intent for this class is to lower the barrier of entry associated with RF topics, and for that reason I would like to emphasize that the workshop is geared toward complete beginner students with no prior experience working with SDRs; DEF CON attendees who already have experience with SDRs will likely find this course too simple.\n\nMaterials:\n Students will need to come with the following:\nA laptop capable of running an Ubuntu VM (or an install of Ubuntu). The VM/OS installation guide will be given out before Defcon. Digital Signals Processing is typically very computationally intensive, so I recommend a laptop with a 4 core processor and 8GB of RAM.\n\nA Software Defined Radio, as this workshop is bring-your-own-device. I highly recommend a RTL2832 chip based kit that comes with a USB-powered SDR and an antenna mount. Two brands to consider are RTL-SDR and Nooelec. They are essentially the same, and I would pick whatever SDR is in stock at the time. Make sure to pick the kit that comes with the antenna accessories and not just the USB dongle. It should be between $40 to $50 USD:\nhttps://www.rtl-sdr.com/buy-rtl-sdr-dvb-t-dongles/\nhttps://www.nooelec.com/store/sdr/sdr-receivers/nesdr-smart.html\n\nIf you already own a SDR (like a HackRF or one of the RTL-chip dongles) you can also use that. Just make sure to bring/buy an antenna.\n\nDue to supply-chain issues, if you need to purchase a SDR for this workshop I highly recommend doing so ASAP.\n\nPrereq:\nNone, this is a workshop for complete beginners, although having some basic python knowledge would be a plus","end_timestamp":{"seconds":1660266000,"nanoseconds":0},"updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[49118],"conference_id":65,"event_ids":[49150],"name":"Rich","affiliations":[{"organization":"","title":"Research Scientist"}],"links":[],"pronouns":null,"media":[],"id":48578,"title":"Research Scientist"}],"timeband_id":890,"links":[],"end":"2022-08-12T01:00:00.000-0000","id":49150,"village_id":null,"tag_ids":[45336,45343,45373,45452],"begin_timestamp":{"seconds":1660251600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48578}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Elko (Workshops)","hotel":"","short_name":"Elko (Workshops)","id":45484},"spans_timebands":"N","begin":"2022-08-11T21:00:00.000-0000","updated":"2022-07-30T05:13:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Love puzzles? Need a place to exercise your classical and modern cryptography skills? This puzzle will keep you intrigued and busy throughout Defcon - and questioning how deep the layers of cryptography go. The Gold Bug an annual Defcon puzzle hunt, focused on cryptography. You can learn about Caesar ciphers, brush up your understanding of how Enigma machines or key exchanges work, and try to crack harder modern crypto. Accessible to all - and drop by for some kids’ puzzles too!PELCGBTENCUL VF UNEQ\r\n\r\nThis puzzle can be done virtually, but if you’re on-site, you’re welcome to stop by the village to discuss it as well!\n\n\n","title":"The Gold Bug – Crypto and Privacy Village Puzzle ","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cf74e1","name":"Contest","id":45360},"android_description":"Love puzzles? Need a place to exercise your classical and modern cryptography skills? This puzzle will keep you intrigued and busy throughout Defcon - and questioning how deep the layers of cryptography go. The Gold Bug an annual Defcon puzzle hunt, focused on cryptography. You can learn about Caesar ciphers, brush up your understanding of how Enigma machines or key exchanges work, and try to crack harder modern crypto. Accessible to all - and drop by for some kids’ puzzles too!PELCGBTENCUL VF UNEQ\r\n\r\nThis puzzle can be done virtually, but if you’re on-site, you’re welcome to stop by the village to discuss it as well!","end_timestamp":{"seconds":1660323600,"nanoseconds":0},"updated_timestamp":{"seconds":1660105620,"nanoseconds":0},"speakers":[],"timeband_id":890,"links":[{"label":"Twitter","type":"link","url":"https://twitter.com/CryptoVillage"},{"label":"Website","type":"link","url":"https://goldbug.cryptovillage.org/"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241391"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711644108837486602"}],"end":"2022-08-12T17:00:00.000-0000","id":49940,"tag_ids":[45360,45375,45451],"begin_timestamp":{"seconds":1660244400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45476},"begin":"2022-08-11T19:00:00.000-0000","updated":"2022-08-10T04:27:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun.\r\n\r\nPlease note: the Caesars Forum Unity Ballroom is at the \"front\" of Caesars Forum, beside Demo Labs, across from room 216 (the Contest-CTF area).\n\n\n","title":"Friends of Bill W","type":{"conference_id":65,"conference":"DEFCON30","color":"#d1c366","updated_at":"2024-06-07T03:39+0000","name":"Meetup","id":45288},"android_description":"For all those Friends of Bill W. looking for a meeting or just a quiet moment to regroup, we have you covered with meetings throughout #DEFCON - Noon & 5pm Thurs-Sat, Noon Sun.\r\n\r\nPlease note: the Caesars Forum Unity Ballroom is at the \"front\" of Caesars Forum, beside Demo Labs, across from room 216 (the Contest-CTF area).","end_timestamp":{"seconds":1660244400,"nanoseconds":0},"updated_timestamp":{"seconds":1659541740,"nanoseconds":0},"speakers":[],"timeband_id":890,"links":[],"end":"2022-08-11T19:00:00.000-0000","id":48702,"tag_ids":[45288,45373,45450],"begin_timestamp":{"seconds":1660244400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45441,"name":"Caesars Forum - Unity Boardroom","hotel":"","short_name":"Unity Boardroom","id":45394},"begin":"2022-08-11T19:00:00.000-0000","updated":"2022-08-03T15:49:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Try yourself in ATM, Online bank, POS and Cards hacking challenges.\r\n\r\nPlease join the DEF CON Discord and see the #payv-labs-text channel for more information. \n\n\n","title":"Payment Hacking Challenge","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#cad46b","name":"Payment Village","id":45380},"android_description":"Try yourself in ATM, Online bank, POS and Cards hacking challenges.\r\n\r\nPlease join the DEF CON Discord and see the #payv-labs-text channel for more information.","end_timestamp":{"seconds":1660251600,"nanoseconds":0},"updated_timestamp":{"seconds":1660259820,"nanoseconds":0},"speakers":[],"timeband_id":890,"links":[{"label":"Discord #payv-labs-text","type":"link","url":"https://discord.com/channels/708208267699945503/732733473558626314"}],"end":"2022-08-11T21:00:00.000-0000","id":49559,"begin_timestamp":{"seconds":1660233600,"nanoseconds":0},"tag_ids":[40263,45366,45374,45380],"village_id":21,"includes":"","people":[],"tags":"Challenge","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45476,"name":"Virtual - Payment Village","hotel":"","short_name":"Payment Village","id":45414},"spans_timebands":"N","begin":"2022-08-11T16:00:00.000-0000","updated":"2022-08-11T23:17:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Come learn how to hack networks without needing to piss off your local coffee shop, housemates, or the Feds! Bring your laptop and by the end of this workshop, everyone can walk away having intercepted some packets and popped some reverse shells.\n\nIn the workshop you’ll solve a series of challenges, each in a contained virtualized network where it’s just you and your targets. We’ll start with a networking crash course to introduce you to packets and their layers, as well as how to use Wireshark to dig in and explore further. We'll practice network sniffing and scanning to find your targets, and of course how to execute a man-in-the-middle attack via ARP spoofing to intercept local network traffic. With those techniques, we'll go through challenges including extracting plaintext passwords, TCP session hijacking, DNS poisoning, and SMTP TLS downgrade. All together, this workshop aims to give you the tools you need to start attacking systems at the network layer.\n\nMaterials:\nA laptop with Linux or a Linux VM (MacOS can also work, but have a VM installed as a backup).\nThese software tools (detailed installation instructions will be provided in the materials ahead of DEFCON):\n - OpenVPN: Connect to the challenges you will be hacking\n - Wireshark (tcpdump also works): Capture and dissect network traffic\n - netcat (nc): Swiss-army-knife of networking\n - nmap: Scan and search for vulnerable targets\n - bettercap: Man-in-the-middle attack tool and network attack platform\n - python3 (optional): Build new attack tools\n\nPrereq:\nBasic experience with Linux command-line tools\n\nBasic familiarity with networking (e.g. you know what IP and MAC addresses are, you could set up your home router, and host a LAN party)\n\n\n","title":"Network Hacking 101","type":{"conference_id":65,"conference":"DEFCON30","color":"#eab14f","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Workshop (Sold Out)","id":45336},"end_timestamp":{"seconds":1660248000,"nanoseconds":0},"android_description":"Come learn how to hack networks without needing to piss off your local coffee shop, housemates, or the Feds! Bring your laptop and by the end of this workshop, everyone can walk away having intercepted some packets and popped some reverse shells.\n\nIn the workshop you’ll solve a series of challenges, each in a contained virtualized network where it’s just you and your targets. We’ll start with a networking crash course to introduce you to packets and their layers, as well as how to use Wireshark to dig in and explore further. We'll practice network sniffing and scanning to find your targets, and of course how to execute a man-in-the-middle attack via ARP spoofing to intercept local network traffic. With those techniques, we'll go through challenges including extracting plaintext passwords, TCP session hijacking, DNS poisoning, and SMTP TLS downgrade. All together, this workshop aims to give you the tools you need to start attacking systems at the network layer.\n\nMaterials:\nA laptop with Linux or a Linux VM (MacOS can also work, but have a VM installed as a backup).\nThese software tools (detailed installation instructions will be provided in the materials ahead of DEFCON):\n - OpenVPN: Connect to the challenges you will be hacking\n - Wireshark (tcpdump also works): Capture and dissect network traffic\n - netcat (nc): Swiss-army-knife of networking\n - nmap: Scan and search for vulnerable targets\n - bettercap: Man-in-the-middle attack tool and network attack platform\n - python3 (optional): Build new attack tools\n\nPrereq:\nBasic experience with Linux command-line tools\n\nBasic familiarity with networking (e.g. you know what IP and MAC addresses are, you could set up your home router, and host a LAN party)","updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[49112],"conference_id":65,"event_ids":[49169],"name":"Ben Kurtz","affiliations":[{"organization":"","title":"Hacker"}],"links":[],"pronouns":null,"media":[],"id":48551,"title":"Hacker"},{"content_ids":[49112],"conference_id":65,"event_ids":[49169],"name":"Victor Graf","affiliations":[{"organization":"","title":"Hacker"}],"links":[],"pronouns":null,"media":[],"id":48585,"title":"Hacker"}],"timeband_id":890,"links":[],"end":"2022-08-11T20:00:00.000-0000","id":49169,"village_id":null,"tag_ids":[45336,45343,45373,45452],"begin_timestamp":{"seconds":1660233600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48551},{"tag_id":565,"sort_order":1,"person_id":48585}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Ely (Workshops)","hotel":"","short_name":"Ely (Workshops)","id":45486},"spans_timebands":"N","updated":"2022-07-30T05:13:00.000-0000","begin":"2022-08-11T16:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Let's break out Wireshark and dig deep in to the TCP and IP protocols. This skill is critical for anyone interested in any area of cybersecurity, no matter the color of the hat. Almost all enumeration, scans, incident response, and traffic forensics require the analyst to dig into and interpret TCP conversations. When enumerating an environment, identifying key TCP/IP indicators in protocol headers can also help when passively fingerprinting systems.\n\nIn this workshop we will roll back our sleeves and learn how TCP/IP really works - the handshake, options, sequence/ack numbers, retransmissions, TTL, and much more. This workshop welcomes all cybersecurity and wireshark experience levels.\n\nMaterials:\nJust a laptop with a copy of Wireshark. I will provide the sample pcaps for analysis.\n\nPrereq:\nNone\n\n\n","title":"Hands-On TCP/IP Deep Dive with Wireshark - How this stuff really works","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#eab14f","name":"DEF CON Workshop (Sold Out)","id":45336},"android_description":"Let's break out Wireshark and dig deep in to the TCP and IP protocols. This skill is critical for anyone interested in any area of cybersecurity, no matter the color of the hat. Almost all enumeration, scans, incident response, and traffic forensics require the analyst to dig into and interpret TCP conversations. When enumerating an environment, identifying key TCP/IP indicators in protocol headers can also help when passively fingerprinting systems.\n\nIn this workshop we will roll back our sleeves and learn how TCP/IP really works - the handshake, options, sequence/ack numbers, retransmissions, TTL, and much more. This workshop welcomes all cybersecurity and wireshark experience levels.\n\nMaterials:\nJust a laptop with a copy of Wireshark. I will provide the sample pcaps for analysis.\n\nPrereq:\nNone","end_timestamp":{"seconds":1660248000,"nanoseconds":0},"updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[49081,49113],"conference_id":65,"event_ids":[49149,49084,49106],"name":"Chris Greer","affiliations":[{"organization":"","title":"Network Analyst & Wireshark Instructor"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/cgreer/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/packetpioneer"},{"description":"","title":"YouTube","sort_order":0,"url":"https://www.youtube.com/c/ChrisGreer"}],"pronouns":null,"media":[],"id":48506,"title":"Network Analyst & Wireshark Instructor"}],"timeband_id":890,"links":[],"end":"2022-08-11T20:00:00.000-0000","id":49149,"village_id":null,"tag_ids":[45336,45344,45373,45452],"begin_timestamp":{"seconds":1660233600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48506}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Reno (Workshops)","hotel":"","short_name":"Reno (Workshops)","id":45482},"spans_timebands":"N","updated":"2022-07-30T05:13:00.000-0000","begin":"2022-08-11T16:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"In this workshop, we will learn how to use Fleet and osquery to ensure systems are protected, detect suspicious activity, hunt for attackers, and respond to incidents. First, we'll see how to deploy Fleet to manage osquery agents. Then, we will use shared Fleet instances to track the security posture of systems, inventory vulnerable applications, and perform threat hunting. These Fleet instances will be connected to a shared Slack workspace, where we will generate custom alerts to ensure insecure systems can be dealt with. These shared Fleet instances will output data to centralized logging (Graylog), which we will use to create dashboards as well as alerting for suspicious activity. At the end of this workshop, you'll know how to use Fleet and osquery to ensure your workstations and servers are secure, to quickly find vulnerable systems as well as discover attackers performing techniques such as establishing persistence and privilege escalation.\n\nMaterials:\nA laptop with internet access, a web browser, virtualization app such as VirtualBox or VMware, and Docker (on main OS or in a VM). We recommend bringing at least one or two VMs (Mac, Windows or Linux) ready to use as osquery clients.\n\nPrereq:\nBasic understanding of operating systems and networking. No knowledge of Fleet or osquery itself is needed.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#eab14f","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Workshop (Sold Out)","id":45336},"title":"Protect/hunt/respond with Fleet and osquery","android_description":"In this workshop, we will learn how to use Fleet and osquery to ensure systems are protected, detect suspicious activity, hunt for attackers, and respond to incidents. First, we'll see how to deploy Fleet to manage osquery agents. Then, we will use shared Fleet instances to track the security posture of systems, inventory vulnerable applications, and perform threat hunting. These Fleet instances will be connected to a shared Slack workspace, where we will generate custom alerts to ensure insecure systems can be dealt with. These shared Fleet instances will output data to centralized logging (Graylog), which we will use to create dashboards as well as alerting for suspicious activity. At the end of this workshop, you'll know how to use Fleet and osquery to ensure your workstations and servers are secure, to quickly find vulnerable systems as well as discover attackers performing techniques such as establishing persistence and privilege escalation.\n\nMaterials:\nA laptop with internet access, a web browser, virtualization app such as VirtualBox or VMware, and Docker (on main OS or in a VM). We recommend bringing at least one or two VMs (Mac, Windows or Linux) ready to use as osquery clients.\n\nPrereq:\nBasic understanding of operating systems and networking. No knowledge of Fleet or osquery itself is needed.","end_timestamp":{"seconds":1660248000,"nanoseconds":0},"updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[49110],"conference_id":65,"event_ids":[49148],"name":"Guillaume Ross","affiliations":[{"organization":"","title":"Head of Security"}],"links":[],"pronouns":null,"media":[],"id":48559,"title":"Head of Security"},{"content_ids":[49110],"conference_id":65,"event_ids":[49148],"name":"Kathy Satterlee","affiliations":[{"organization":"","title":"Developer Advocate"}],"links":[],"pronouns":null,"media":[],"id":48565,"title":"Developer Advocate"}],"timeband_id":890,"links":[],"end":"2022-08-11T20:00:00.000-0000","id":49148,"begin_timestamp":{"seconds":1660233600,"nanoseconds":0},"village_id":null,"tag_ids":[45336,45344,45373,45452],"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48559},{"tag_id":565,"sort_order":1,"person_id":48565}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Goldfield + Tonopah (Workshops)","hotel":"","short_name":"Goldfield + Tonopah (Workshops)","id":45485},"begin":"2022-08-11T16:00:00.000-0000","updated":"2022-07-30T05:13:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"This workshop merges offensive and defensive lab exercises to provide attendees hands-on experience on custom malware development as well as live malware analysis and response. The workshop has a total of 5 hands-on exercises and each contains a Red and a Blue section. In the Red section attendees write custom payloads using C# and C++ with different techniques to obtain a reverse shell on a Windows victim endpoint. In the Blue section attendees investigate the infection by reviewing events and logs using open source static and dynamic malware analysis tools like CFFExplorer, Pe-Studio, dnSpy, Process Explorer, Process Monitor, Sysmon, Frida, Velociraptor, etc.. \n\nMaterials:\nLaptop with virtualization software.\nA Windows virtual machine\nA Kali Linux Virtual Machine.\n\nPrereq:\nBeginner to intermediate programming/scripting skills. Prior experience with C# helps but not required.\nBeginner static and dynamic malware analysis skills.\n\n\n","type":{"conference_id":65,"conference":"DEFCON30","color":"#eab14f","updated_at":"2024-06-07T03:39+0000","name":"DEF CON Workshop (Sold Out)","id":45336},"title":"The Purple Malware Development Approach","android_description":"This workshop merges offensive and defensive lab exercises to provide attendees hands-on experience on custom malware development as well as live malware analysis and response. The workshop has a total of 5 hands-on exercises and each contains a Red and a Blue section. In the Red section attendees write custom payloads using C# and C++ with different techniques to obtain a reverse shell on a Windows victim endpoint. In the Blue section attendees investigate the infection by reviewing events and logs using open source static and dynamic malware analysis tools like CFFExplorer, Pe-Studio, dnSpy, Process Explorer, Process Monitor, Sysmon, Frida, Velociraptor, etc.. \n\nMaterials:\nLaptop with virtualization software.\nA Windows virtual machine\nA Kali Linux Virtual Machine.\n\nPrereq:\nBeginner to intermediate programming/scripting skills. Prior experience with C# helps but not required.\nBeginner static and dynamic malware analysis skills.","end_timestamp":{"seconds":1660248000,"nanoseconds":0},"updated_timestamp":{"seconds":1659157980,"nanoseconds":0},"speakers":[{"content_ids":[49111],"conference_id":65,"event_ids":[49147],"name":"Mauricio Velazco","affiliations":[{"organization":"","title":"Principal Threat Research Engineer"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/mvelazco"}],"media":[],"id":48569,"title":"Principal Threat Research Engineer"},{"content_ids":[49111],"conference_id":65,"event_ids":[49147],"name":"Olaf Hartong","affiliations":[{"organization":"","title":"Defensive Specialist"}],"links":[],"pronouns":null,"media":[],"id":48574,"title":"Defensive Specialist"}],"timeband_id":890,"links":[],"end":"2022-08-11T20:00:00.000-0000","id":49147,"begin_timestamp":{"seconds":1660233600,"nanoseconds":0},"tag_ids":[45336,45344,45373,45452],"village_id":null,"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48569},{"tag_id":565,"sort_order":1,"person_id":48574}],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45439,"name":"Harrah's - Elko (Workshops)","hotel":"","short_name":"Elko (Workshops)","id":45484},"spans_timebands":"N","updated":"2022-07-30T05:13:00.000-0000","begin":"2022-08-11T16:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there. \r\n\r\nAll chillout lounges are planned to be open 09:00 - 18:00 for chillout purposes. Each may be open at other times for parties, meetups, etc.\r\n\r\nEntertainment schedule:\r\n\r\n09:00 to 12:00 - Pie & Darren\r\n12:00 to 13:30 - Kampf\r\n13:30 to 14:30 - s1gnsofl1fe\r\n14:30 to 15:30 - Merin MC\r\n15:30 to 16:30 - Rusty\r\n16:30 to 18:00 - djdead\n\n\n","title":"Chillout Lounge (with entertainment)","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#9b8b77","name":"Entertainment","id":45326},"android_description":"The chillout lounge in Caesars Forum will have live music; all other chillout lounges will have music live-streamed from there. \r\n\r\nAll chillout lounges are planned to be open 09:00 - 18:00 for chillout purposes. Each may be open at other times for parties, meetups, etc.\r\n\r\nEntertainment schedule:\r\n\r\n09:00 to 12:00 - Pie & Darren\r\n12:00 to 13:30 - Kampf\r\n13:30 to 14:30 - s1gnsofl1fe\r\n14:30 to 15:30 - Merin MC\r\n15:30 to 16:30 - Rusty\r\n16:30 to 18:00 - djdead","end_timestamp":{"seconds":1660266000,"nanoseconds":0},"updated_timestamp":{"seconds":1659477660,"nanoseconds":0},"speakers":[{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Pie & Darren","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48409},{"content_ids":[48987],"conference_id":65,"event_ids":[49461,48988,48987,48989,49455,49457,49459,49467,49469],"name":"Kampf","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48410},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"s1gnsofl1fe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48411},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Merin MC","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48412},{"content_ids":[48987,48988],"conference_id":65,"event_ids":[49461,49466,48988,48987,48989,48990,49455,49457,49458,49459,49467,49469,49470],"name":"Rusty","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48413},{"content_ids":[48987],"conference_id":65,"event_ids":[49461,48988,48987,48989,49455,49457,49459,49467,49469],"name":"djdead","affiliations":[],"links":[],"pronouns":null,"media":[],"id":48414}],"timeband_id":890,"links":[],"end":"2022-08-12T01:00:00.000-0000","id":48987,"tag_ids":[45326,45373,45450,45451,45453],"village_id":null,"begin_timestamp":{"seconds":1660233600,"nanoseconds":0},"includes":"","people":[{"tag_id":565,"sort_order":1,"person_id":48410},{"tag_id":565,"sort_order":1,"person_id":48412},{"tag_id":565,"sort_order":1,"person_id":48409},{"tag_id":565,"sort_order":1,"person_id":48413},{"tag_id":565,"sort_order":1,"person_id":48414},{"tag_id":565,"sort_order":1,"person_id":48411}],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 120-123, 129, 137 (Chillout)","hotel":"","short_name":"120-123, 129, 137 (Chillout)","id":45397},"begin":"2022-08-11T16:00:00.000-0000","updated":"2022-08-02T22:01:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"All merch sales are USD CASH ONLY. No cards will be accepted.\r\n\r\nThe published hours for the merch area are only an approximation: supplies are limited, and when merch is sold out, the merch area will close. (We intend to update this schedule to reflect their true operating status, but this is strictly best-effort.)\n\n\n","title":"Merch (formerly swag) Area Open -- README","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#77d8b8","name":"Misc","id":45342},"end_timestamp":{"seconds":1660253400,"nanoseconds":0},"android_description":"All merch sales are USD CASH ONLY. No cards will be accepted.\r\n\r\nThe published hours for the merch area are only an approximation: supplies are limited, and when merch is sold out, the merch area will close. (We intend to update this schedule to reflect their true operating status, but this is strictly best-effort.)","updated_timestamp":{"seconds":1660233480,"nanoseconds":0},"speakers":[],"timeband_id":890,"links":[],"end":"2022-08-11T21:30:00.000-0000","id":49938,"village_id":null,"tag_ids":[45342,45373,45450],"begin_timestamp":{"seconds":1660230000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 229 (Merch)","hotel":"","short_name":"229 (Merch)","id":45446},"spans_timebands":"N","begin":"2022-08-11T15:00:00.000-0000","updated":"2022-08-11T15:58:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"","title":"Human Registration Open","type":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","color":"#77d8b8","name":"Misc","id":45342},"android_description":"","end_timestamp":{"seconds":1660273200,"nanoseconds":0},"updated_timestamp":{"seconds":1659150840,"nanoseconds":0},"speakers":[],"timeband_id":890,"links":[],"end":"2022-08-12T03:00:00.000-0000","id":49234,"tag_ids":[45342,45373,45450],"village_id":null,"begin_timestamp":{"seconds":1660226400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45435,"name":"Caesars Forum - Forum 104-105, 135-136 (Track 1)","hotel":"","short_name":"104-105, 135-136 (Track 1)","id":45372},"spans_timebands":"N","updated":"2022-07-30T03:14:00.000-0000","begin":"2022-08-11T14:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Greetings, humans and inhumans! A brief note from your HackerTracker data-wrangler.\r\n\r\nAccepted contests not yet posted on HackerTracker (or info.defcon.org):\r\n\r\nCrack Me If You Can (CMIYC) \r\nTelechallenge  \r\nThe Hack-n-Attack Hacker Homecoming Heist\r\nTin Foil Hat Contest \r\n\r\nThe above contests have been accepted and (to the best of my knowledge) will happen at DEF CON 30, but I'm missing crucial information required for the publishing process. If you are a contest organizer and you have Basecamp access, please reach out to me (@aNullValue) as soon as possible. If you do not have Basecamp access, please reach out to the DEF CON department lead or goon that is your primary point of contact.\n\n\n","title":"⚠️ Not all contests listed (yet) ⚠️","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"android_description":"Greetings, humans and inhumans! A brief note from your HackerTracker data-wrangler.\r\n\r\nAccepted contests not yet posted on HackerTracker (or info.defcon.org):\r\n\r\nCrack Me If You Can (CMIYC) \r\nTelechallenge  \r\nThe Hack-n-Attack Hacker Homecoming Heist\r\nTin Foil Hat Contest \r\n\r\nThe above contests have been accepted and (to the best of my knowledge) will happen at DEF CON 30, but I'm missing crucial information required for the publishing process. If you are a contest organizer and you have Basecamp access, please reach out to me (@aNullValue) as soon as possible. If you do not have Basecamp access, please reach out to the DEF CON department lead or goon that is your primary point of contact.","end_timestamp":{"seconds":1660521600,"nanoseconds":0},"updated_timestamp":{"seconds":1660239420,"nanoseconds":0},"speakers":[],"timeband_id":890,"links":[],"end":"2022-08-15T00:00:00.000-0000","id":49656,"begin_timestamp":{"seconds":1660201200,"nanoseconds":0},"village_id":null,"tag_ids":[45360,45375,45450],"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45436,"name":"Caesars Forum - Summit 206-208, 238, 237, 234 (Contest Area)","hotel":"","short_name":"206-208, 238, 237, 234 (Contest Area)","id":45468},"spans_timebands":"Y","begin":"2022-08-11T07:00:00.000-0000","updated":"2022-08-11T17:37:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Are you the next Octopus Champion? Find out at DEF CON 30! Enter here: https://www.mirolabs.info/octopusgame\r\n\r\nOnce entered, contestants are provided a random opponent. Locate your opponent and challenge them to a contest: rock-paper-scissors, Ddakji, staring contest, etc. Winners receive their opponents’ targets and the game continues until we reach the top 4. The Octopus Champion is then decided at a special tournament with events designed by the Octopus Master.\r\n\r\nPhases: \r\n\r\nRecruitment/Registration: until Friday Aug 12 10:00\r\nMandatory On-site Sign-in: Friday Aug 12 10:00 - 12:00\r\nIndividual Phase: Friday Aug 12 12:00 - Sunday Aug 14 10:00\r\nFinal 8 Phase: Sunday Aug 14 10:00 - 11:00\n\n\n","title":"Octopus Game - Recruitment/Registration","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"android_description":"Are you the next Octopus Champion? Find out at DEF CON 30! Enter here: https://www.mirolabs.info/octopusgame\r\n\r\nOnce entered, contestants are provided a random opponent. Locate your opponent and challenge them to a contest: rock-paper-scissors, Ddakji, staring contest, etc. Winners receive their opponents’ targets and the game continues until we reach the top 4. The Octopus Champion is then decided at a special tournament with events designed by the Octopus Master.\r\n\r\nPhases: \r\n\r\nRecruitment/Registration: until Friday Aug 12 10:00\r\nMandatory On-site Sign-in: Friday Aug 12 10:00 - 12:00\r\nIndividual Phase: Friday Aug 12 12:00 - Sunday Aug 14 10:00\r\nFinal 8 Phase: Sunday Aug 14 10:00 - 11:00","end_timestamp":{"seconds":1660323600,"nanoseconds":0},"updated_timestamp":{"seconds":1659742740,"nanoseconds":0},"speakers":[],"timeband_id":890,"links":[{"label":"Website","type":"link","url":"https://www.mirolabs.info/octopusgame"},{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/241373"},{"label":"Twitter","type":"link","url":"https://twitter.com/OctopusGameDC"}],"end":"2022-08-12T17:00:00.000-0000","id":49655,"tag_ids":[45360,45373],"village_id":null,"begin_timestamp":{"seconds":1660201200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":65,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":0,"name":"Other/See Description","hotel":"","short_name":"Other/See Description","id":45329},"updated":"2022-08-05T23:39:00.000-0000","begin":"2022-08-11T07:00:00.000-0000"},{"conference":"DEFCON30","timezone":"America/Los_Angeles","link":"","description":"Got a cool new exploit on an IoT device and don’t know what to do with it? The CTF Creators Contest is just the thing! Show us your research, put the device in the CTF and see if others can pop it. Oh, and did we mention the great prizes? Check out the IoT Village website for submission criteria https://iotvillage.org/defcon.html#ctfCreatorsContest\n\n\n","title":"IoT Village CTF Creator's Contest","type":{"conference_id":65,"conference":"DEFCON30","color":"#cf74e1","updated_at":"2024-06-07T03:39+0000","name":"Contest","id":45360},"android_description":"Got a cool new exploit on an IoT device and don’t know what to do with it? The CTF Creators Contest is just the thing! Show us your research, put the device in the CTF and see if others can pop it. Oh, and did we mention the great prizes? Check out the IoT Village website for submission criteria https://iotvillage.org/defcon.html#ctfCreatorsContest","end_timestamp":{"seconds":1660345200,"nanoseconds":0},"updated_timestamp":{"seconds":1659403500,"nanoseconds":0},"speakers":[],"timeband_id":890,"end":"2022-08-12T23:00:00.000-0000","links":[{"label":"DEF CON Forum","type":"link","url":"https://forum.defcon.org/node/240955"},{"label":"Website","type":"link","url":"https://iotvillage.org/defcon.html#ctfCreatorsContest"},{"label":"Twitter","type":"link","url":"https://twitter.com/IoTvillage"}],"id":49318,"tag_ids":[40275,45358,45360,45450],"begin_timestamp":{"seconds":1660201200,"nanoseconds":0},"village_id":16,"includes":"","people":[],"tags":"CTF","conference_id":65,"links_antiquated":[],"location":{"conference_id":65,"conference":"DEFCON30","updated_at":"2024-06-07T03:39+0000","parent_id":45434,"name":"Caesars Forum - Alliance 311, 320 (IoT Village)","hotel":"","short_name":"311, 320 (IoT Village)","id":45424},"spans_timebands":"Y","begin":"2022-08-11T07:00:00.000-0000","updated":"2022-08-02T01:25:00.000-0000"}] \ No newline at end of file diff --git a/public/ht/conferences/DEFCON31/events.json b/public/ht/conferences/DEFCON31/events.json new file mode 100644 index 0000000..c3c2626 --- /dev/null +++ b/public/ht/conferences/DEFCON31/events.json @@ -0,0 +1 @@ +[{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Teach students how to identify vulnerabilities in web applications and digital assets from an external perspective.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#767daa","name":"Paid Training","id":45641},"title":"Hacking Organizations: Phishing Not Required","end_timestamp":{"seconds":1692144000,"nanoseconds":0},"android_description":"Teach students how to identify vulnerabilities in web applications and digital assets from an external perspective.","updated_timestamp":{"seconds":1691979180,"nanoseconds":0},"speakers":[{"content_ids":[50592,51070,51977,52424],"conference_id":96,"event_ids":[52729,50857,52730,51103,52171],"name":"Ben \"NahamSec\" Sadeghipour","affiliations":[{"organization":"NahamSec","title":"Hacker & Content Creator"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/nahamsec"}],"pronouns":"she/her","media":[],"id":49825,"title":"Hacker & Content Creator at NahamSec"}],"timeband_id":1091,"links":[],"end":"2023-08-16T00:00:00.000-0000","id":52730,"begin_timestamp":{"seconds":1692111600,"nanoseconds":0},"tag_ids":[45641],"village_id":null,"includes":"","people":[{"tag_id":45878,"sort_order":1,"person_id":49825}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45722},"spans_timebands":"N","updated":"2023-08-14T02:13:00.000-0000","begin":"2023-08-15T15:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Most organisations utilise web applications. Due to the exposed nature of web applications and complex business logic they contain, they are a valuable target for attackers. Throughout this course focus will be placed on the various vulnerabilities that could affect web applications.\r\n\r\nThis course will teach you how to analyse web applications for vulnerabilities and teach you how to exploit them in order improve your understanding of the inner workings and the associated risks.\r\n\r\n Practical exposure to hacking web application will provide developers a deeper understanding of the potential threats and issues that could find its way into the development lifecycle and furthermore ensure that penetration testers are well versed with the discovery and exploitation of web related issues.\r\n\r\n Key Points:\r\n\r\n* Greater understanding of the risks associated with web applications\r\n\r\n* A good understanding of the tools and techniques for examining web applications\r\n\r\n* Practical skills to exploit a wide variety of web application vulnerabilities\r\n\r\n We have been conducting penetration tests against web applications for nearly two decades have pulled out the most relevant and fun hacks we could find into this course.\r\n\r\nCome join us and hack hard!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#767daa","name":"Paid Training","id":45641},"title":"Web Hacking Bootcamp","android_description":"Most organisations utilise web applications. Due to the exposed nature of web applications and complex business logic they contain, they are a valuable target for attackers. Throughout this course focus will be placed on the various vulnerabilities that could affect web applications.\r\n\r\nThis course will teach you how to analyse web applications for vulnerabilities and teach you how to exploit them in order improve your understanding of the inner workings and the associated risks.\r\n\r\n Practical exposure to hacking web application will provide developers a deeper understanding of the potential threats and issues that could find its way into the development lifecycle and furthermore ensure that penetration testers are well versed with the discovery and exploitation of web related issues.\r\n\r\n Key Points:\r\n\r\n* Greater understanding of the risks associated with web applications\r\n\r\n* A good understanding of the tools and techniques for examining web applications\r\n\r\n* Practical skills to exploit a wide variety of web application vulnerabilities\r\n\r\n We have been conducting penetration tests against web applications for nearly two decades have pulled out the most relevant and fun hacks we could find into this course.\r\n\r\nCome join us and hack hard!","end_timestamp":{"seconds":1692144000,"nanoseconds":0},"updated_timestamp":{"seconds":1691979120,"nanoseconds":0},"speakers":[{"content_ids":[52423],"conference_id":96,"event_ids":[52727,52728],"name":"Szymon Ziolkowski","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/TH3_GOAT_FARM3R"}],"media":[],"id":51643}],"timeband_id":1091,"links":[],"end":"2023-08-16T00:00:00.000-0000","id":52728,"tag_ids":[45641,45743],"village_id":null,"begin_timestamp":{"seconds":1692111600,"nanoseconds":0},"includes":"","people":[{"tag_id":45878,"sort_order":1,"person_id":51643}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45722},"spans_timebands":"N","begin":"2023-08-15T15:00:00.000-0000","updated":"2023-08-14T02:12:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Introduction to APIs, Engaging and exploring APIs, Enumerate the API Attack Surface, Demystifying the OWASP Top 10 for APIs, Exploring GraphQL, Capture The Flag Exercise\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#767daa","updated_at":"2024-06-07T03:38+0000","name":"Paid Training","id":45641},"title":"API Exploration and Exploitation","android_description":"Introduction to APIs, Engaging and exploring APIs, Enumerate the API Attack Surface, Demystifying the OWASP Top 10 for APIs, Exploring GraphQL, Capture The Flag Exercise","end_timestamp":{"seconds":1692144000,"nanoseconds":0},"updated_timestamp":{"seconds":1691979000,"nanoseconds":0},"speakers":[{"content_ids":[52422],"conference_id":96,"event_ids":[52725,52726],"name":"Aubrey Labuschagne (William)","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51642}],"timeband_id":1091,"links":[],"end":"2023-08-16T00:00:00.000-0000","id":52726,"tag_ids":[45641,45743],"village_id":null,"begin_timestamp":{"seconds":1692111600,"nanoseconds":0},"includes":"","people":[{"tag_id":45878,"sort_order":1,"person_id":51642}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45722},"updated":"2023-08-14T02:10:00.000-0000","begin":"2023-08-15T15:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Domain object relationships and their abuse, Kerberos protocol and its abuse, Active Directory Certificate services and their abuse.\n\n\n","title":"Advanced Active Directory Manipulation","type":{"conference_id":96,"conference":"DEFCON31","color":"#767daa","updated_at":"2024-06-07T03:38+0000","name":"Paid Training","id":45641},"android_description":"Domain object relationships and their abuse, Kerberos protocol and its abuse, Active Directory Certificate services and their abuse.","end_timestamp":{"seconds":1692144000,"nanoseconds":0},"updated_timestamp":{"seconds":1691978880,"nanoseconds":0},"speakers":[{"content_ids":[52421],"conference_id":96,"event_ids":[52723,52724],"name":"John Iatridis","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/xpirabit"}],"pronouns":null,"media":[],"id":51641}],"timeband_id":1091,"links":[],"end":"2023-08-16T00:00:00.000-0000","id":52724,"tag_ids":[45641,45743],"village_id":null,"begin_timestamp":{"seconds":1692111600,"nanoseconds":0},"includes":"","people":[{"tag_id":45878,"sort_order":1,"person_id":51641}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45722},"updated":"2023-08-14T02:08:00.000-0000","begin":"2023-08-15T15:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This course introduces a proven methodology and framework for performing a secure code review, as well as addressing common challenges in modern secure code review.\n\n\n","title":"Practical Code Review","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#767daa","name":"Paid Training","id":45641},"end_timestamp":{"seconds":1692144000,"nanoseconds":0},"android_description":"This course introduces a proven methodology and framework for performing a secure code review, as well as addressing common challenges in modern secure code review.","updated_timestamp":{"seconds":1691978700,"nanoseconds":0},"speakers":[{"content_ids":[52420],"conference_id":96,"event_ids":[52721,52722],"name":"Seth Law","affiliations":[{"organization":"Absolute AppSec Podcast","title":"Cohost"},{"organization":"Redpoint Security","title":"Founder"},{"organization":"HackerTracker","title":"Developer"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/sethlaw"}],"pronouns":null,"id":50513,"media":[{"hash_sha256":"a47f43ec6b6d8f26231ae7e2aef8ed0253c9f3f2e20980acd73c634ccde2230d","filetype":"image/jpeg","hash_md5":"b866889e63c6f192a87413b4bc86691b","name":"seth_law.jpg","hash_crc32c":"5f4bd2e7","asset_id":274,"filesize":41192,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/DEFCON31%2Fseth_law.jpg?alt=media","person_id":50513}],"title":"Developer at HackerTracker"},{"content_ids":[52420],"conference_id":96,"event_ids":[52721,52722],"name":"Ken Johnson","affiliations":[],"links":[],"pronouns":"he/him","media":[],"id":51640}],"timeband_id":1091,"links":[],"end":"2023-08-16T00:00:00.000-0000","id":52722,"tag_ids":[45641,45743],"village_id":null,"begin_timestamp":{"seconds":1692111600,"nanoseconds":0},"includes":"","people":[{"tag_id":45878,"sort_order":1,"person_id":51640},{"tag_id":45878,"sort_order":1,"person_id":50513}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45722},"updated":"2023-08-14T02:05:00.000-0000","begin":"2023-08-15T15:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"We’re going to rip open pcaps with Wireshark and learn how this protocol really works.\n\n\n","title":"TCP/IP Deep Dive for Ethical Hackers – Featuring Wireshark","type":{"conference_id":96,"conference":"DEFCON31","color":"#767daa","updated_at":"2024-06-07T03:38+0000","name":"Paid Training","id":45641},"android_description":"We’re going to rip open pcaps with Wireshark and learn how this protocol really works.","end_timestamp":{"seconds":1692144000,"nanoseconds":0},"updated_timestamp":{"seconds":1691978520,"nanoseconds":0},"speakers":[{"content_ids":[50616,52419],"conference_id":96,"event_ids":[52719,52720,50724],"name":"Chris Greer","affiliations":[{"organization":"Packet Pioneer","title":"Network Analyst and Wireshark Instructor"}],"links":[],"pronouns":null,"media":[],"id":49865,"title":"Network Analyst and Wireshark Instructor at Packet Pioneer"}],"timeband_id":1091,"links":[],"end":"2023-08-16T00:00:00.000-0000","id":52720,"village_id":null,"begin_timestamp":{"seconds":1692111600,"nanoseconds":0},"tag_ids":[45641,45743],"includes":"","people":[{"tag_id":45878,"sort_order":1,"person_id":49865}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45722},"updated":"2023-08-14T02:02:00.000-0000","begin":"2023-08-15T15:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Cryptography is everywhere, whether you like it or not. Our laptops, phones, printers, cars, bank cards and washing machines use cryptography to authenticate, keep things confidential and make sure messages aren’t tampered with. However, very often developers, pentesters, system designers and code auditors are confronted with cryptography without having the gear to properly assess security of a specific use case.\r\n\r\nDuring this training we'll deep-dive into modern cryptography. We'll learn how it works, how it is often times misused and how that leads to exploitable bugs. Moreover, participants will learn how common cryptography screwups can be exploited. To foster skills, participants will write their own exploits and use them on real world systems provided by us.\r\n\r\nThe first day will prepare you for (ab)using cryptography in products and services by going over the basic terminology, explaining modern primitives and showing common misuses of those primitives. You'll learn about tools and techniques to abuse such misuses along the way. On day two, we'll move on to more advanced primitives used in asymmetric cryptography and see how everything we have learned is employed in protocols and standards (such as TLS, JWT and FIDO).\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#767daa","updated_at":"2024-06-07T03:38+0000","name":"Paid Training","id":45641},"title":"Hacking Cryptography","end_timestamp":{"seconds":1692144000,"nanoseconds":0},"android_description":"Cryptography is everywhere, whether you like it or not. Our laptops, phones, printers, cars, bank cards and washing machines use cryptography to authenticate, keep things confidential and make sure messages aren’t tampered with. However, very often developers, pentesters, system designers and code auditors are confronted with cryptography without having the gear to properly assess security of a specific use case.\r\n\r\nDuring this training we'll deep-dive into modern cryptography. We'll learn how it works, how it is often times misused and how that leads to exploitable bugs. Moreover, participants will learn how common cryptography screwups can be exploited. To foster skills, participants will write their own exploits and use them on real world systems provided by us.\r\n\r\nThe first day will prepare you for (ab)using cryptography in products and services by going over the basic terminology, explaining modern primitives and showing common misuses of those primitives. You'll learn about tools and techniques to abuse such misuses along the way. On day two, we'll move on to more advanced primitives used in asymmetric cryptography and see how everything we have learned is employed in protocols and standards (such as TLS, JWT and FIDO).","updated_timestamp":{"seconds":1691978460,"nanoseconds":0},"speakers":[{"content_ids":[52418],"conference_id":96,"event_ids":[52717,52718],"name":"Ruben Gonzalez","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51638},{"content_ids":[52418],"conference_id":96,"event_ids":[52717,52718],"name":"Tim Schmidt","affiliations":[],"links":[],"pronouns":"he/him","media":[],"id":51639}],"timeband_id":1091,"links":[],"end":"2023-08-16T00:00:00.000-0000","id":52718,"village_id":null,"tag_ids":[45641,45743],"begin_timestamp":{"seconds":1692111600,"nanoseconds":0},"includes":"","people":[{"tag_id":45878,"sort_order":1,"person_id":51638},{"tag_id":45878,"sort_order":1,"person_id":51639}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45722},"spans_timebands":"N","updated":"2023-08-14T02:01:00.000-0000","begin":"2023-08-15T15:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Identify vulnerabilities in Smart Contracts written in Solidity\n\n\n","title":"Hackable.sol: Smart Contract Hacking in Solidity","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#767daa","name":"Paid Training","id":45641},"android_description":"Identify vulnerabilities in Smart Contracts written in Solidity","end_timestamp":{"seconds":1692144000,"nanoseconds":0},"updated_timestamp":{"seconds":1691977800,"nanoseconds":0},"speakers":[{"content_ids":[52417],"conference_id":96,"event_ids":[52715,52716],"name":"Davide Cioccia","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51637}],"timeband_id":1091,"links":[],"end":"2023-08-16T00:00:00.000-0000","id":52716,"begin_timestamp":{"seconds":1692111600,"nanoseconds":0},"village_id":null,"tag_ids":[45641,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51637}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45722},"begin":"2023-08-15T15:00:00.000-0000","updated":"2023-08-14T01:50:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Tactics, Techniques, and Procedures (TTPs) to attack and assess Kubernetes clusters environments at different layers.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#767daa","updated_at":"2024-06-07T03:38+0000","name":"Paid Training","id":45641},"title":"A Practical Approach to Breaking & Pwning Kubernetes Clusters","end_timestamp":{"seconds":1692144000,"nanoseconds":0},"android_description":"Tactics, Techniques, and Procedures (TTPs) to attack and assess Kubernetes clusters environments at different layers.","updated_timestamp":{"seconds":1691977740,"nanoseconds":0},"speakers":[{"content_ids":[52416],"conference_id":96,"event_ids":[52713,52714],"name":"Madhu Akula","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51636}],"timeband_id":1091,"links":[],"end":"2023-08-16T00:00:00.000-0000","id":52714,"village_id":null,"begin_timestamp":{"seconds":1692111600,"nanoseconds":0},"tag_ids":[45641,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51636}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45722},"updated":"2023-08-14T01:49:00.000-0000","begin":"2023-08-15T15:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This course presents the fundamentals of cyber threat intelligence (CTI) and guides analysts in the application of intelligence to enable proactive defensive operations and support incident response.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#767daa","name":"Paid Training","id":45641},"title":"Cyber Threat Intelligence Analysis Course","end_timestamp":{"seconds":1692057600,"nanoseconds":0},"android_description":"This course presents the fundamentals of cyber threat intelligence (CTI) and guides analysts in the application of intelligence to enable proactive defensive operations and support incident response.","updated_timestamp":{"seconds":1691979720,"nanoseconds":0},"speakers":[{"content_ids":[52430],"conference_id":96,"event_ids":[52736],"name":"Bobby Thomas","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51651},{"content_ids":[52430],"conference_id":96,"event_ids":[52736],"name":"Nathan Johnson","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51652},{"content_ids":[52430],"conference_id":96,"event_ids":[52736],"name":"Matthew Lamanna","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51653},{"content_ids":[52430],"conference_id":96,"event_ids":[52736],"name":"Kyle Smathers","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51654}],"timeband_id":1090,"links":[],"end":"2023-08-15T00:00:00.000-0000","id":52736,"tag_ids":[45641,45743],"begin_timestamp":{"seconds":1692025200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45878,"sort_order":1,"person_id":51651},{"tag_id":45878,"sort_order":1,"person_id":51654},{"tag_id":45878,"sort_order":1,"person_id":51653},{"tag_id":45878,"sort_order":1,"person_id":51652}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45722},"spans_timebands":"N","updated":"2023-08-14T02:22:00.000-0000","begin":"2023-08-14T15:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Attendees will learn how adversaries can attack in non-traditional ways.\n\n\n","title":"Simulated Adversary - Tactics & Tools Training","type":{"conference_id":96,"conference":"DEFCON31","color":"#767daa","updated_at":"2024-06-07T03:38+0000","name":"Paid Training","id":45641},"end_timestamp":{"seconds":1692057600,"nanoseconds":0},"android_description":"Attendees will learn how adversaries can attack in non-traditional ways.","updated_timestamp":{"seconds":1691979600,"nanoseconds":0},"speakers":[{"content_ids":[52195,52429],"conference_id":96,"event_ids":[52735,52445],"name":"Jayson E. Street","affiliations":[],"pronouns":null,"links":[{"description":"","title":"","sort_order":0,"url":"https://jaysonestreet.com/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jaysonstreet"}],"media":[],"id":51440}],"timeband_id":1090,"links":[],"end":"2023-08-15T00:00:00.000-0000","id":52735,"village_id":null,"begin_timestamp":{"seconds":1692025200,"nanoseconds":0},"tag_ids":[45641,45743],"includes":"","people":[{"tag_id":45878,"sort_order":1,"person_id":51440}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45722},"updated":"2023-08-14T02:20:00.000-0000","begin":"2023-08-14T15:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Hands-on incident response in the cloud — Microsoft edition","type":{"conference_id":96,"conference":"DEFCON31","color":"#767daa","updated_at":"2024-06-07T03:38+0000","name":"Paid Training","id":45641},"android_description":"","end_timestamp":{"seconds":1692057600,"nanoseconds":0},"updated_timestamp":{"seconds":1691979540,"nanoseconds":0},"speakers":[{"content_ids":[52428],"conference_id":96,"event_ids":[52734],"name":"Korstiaan Stam","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51650}],"timeband_id":1090,"links":[],"end":"2023-08-15T00:00:00.000-0000","id":52734,"tag_ids":[45641,45743],"begin_timestamp":{"seconds":1692025200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45878,"sort_order":1,"person_id":51650}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45722},"spans_timebands":"N","begin":"2023-08-14T15:00:00.000-0000","updated":"2023-08-14T02:19:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"As IoT becomes more integrated and integral into personal and work lives, there is a growing need to understand the inner workings of IoT devices and ensure these devices are secure. This course teaches security professionals and hackers how to identify and exploit security vulnerabilities in IoT devices. Participants will learn to interact with hardware debug capabilities, communicate with memory devices, and virtualize and analyze firmware. The course also covers various hardware attacks including glitching and side channel attacks, as well as diving into communications protocols, including Bluetooth, Zigbee, Thread and Matter. Participants will gain hands-on experience with industry tools and techniques. This course is suitable for security professionals, penetration testers, and hackers with basic programming and computer system knowledge, and equips them with skills to discover new vulnerabilities in IoT devices.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#767daa","updated_at":"2024-06-07T03:38+0000","name":"Paid Training","id":45641},"title":"Offensive IoT Exploitation","end_timestamp":{"seconds":1692057600,"nanoseconds":0},"android_description":"As IoT becomes more integrated and integral into personal and work lives, there is a growing need to understand the inner workings of IoT devices and ensure these devices are secure. This course teaches security professionals and hackers how to identify and exploit security vulnerabilities in IoT devices. Participants will learn to interact with hardware debug capabilities, communicate with memory devices, and virtualize and analyze firmware. The course also covers various hardware attacks including glitching and side channel attacks, as well as diving into communications protocols, including Bluetooth, Zigbee, Thread and Matter. Participants will gain hands-on experience with industry tools and techniques. This course is suitable for security professionals, penetration testers, and hackers with basic programming and computer system knowledge, and equips them with skills to discover new vulnerabilities in IoT devices.","updated_timestamp":{"seconds":1691979480,"nanoseconds":0},"speakers":[{"content_ids":[50572,52427],"conference_id":96,"event_ids":[50810,52733],"name":"Trevor \"t1v0\" Stevado","affiliations":[{"organization":"Loudmouth Security","title":"Founding Partner/Hacker"}],"links":[],"pronouns":"he/him","media":[],"id":49792,"title":"Founding Partner/Hacker at Loudmouth Security"},{"content_ids":[52427],"conference_id":96,"event_ids":[52733],"name":"Trevor Hough","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51647},{"content_ids":[52427],"conference_id":96,"event_ids":[52733],"name":"Nicholas Coad","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51648},{"content_ids":[52427],"conference_id":96,"event_ids":[52733],"name":"Patrick Ross","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51649}],"timeband_id":1090,"links":[],"end":"2023-08-15T00:00:00.000-0000","id":52733,"begin_timestamp":{"seconds":1692025200,"nanoseconds":0},"tag_ids":[45641,45743],"village_id":null,"includes":"","people":[{"tag_id":45878,"sort_order":1,"person_id":51648},{"tag_id":45878,"sort_order":1,"person_id":51649},{"tag_id":45878,"sort_order":1,"person_id":49792},{"tag_id":45878,"sort_order":1,"person_id":51647}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45722},"spans_timebands":"N","begin":"2023-08-14T15:00:00.000-0000","updated":"2023-08-14T02:18:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This course will provide students with extensive hands-on exercises and labs that emulate real-life security operation center tasks and related technologies.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#767daa","name":"Paid Training","id":45641},"title":"SOC 101 - SOC 1 Analyst Bootcamp","end_timestamp":{"seconds":1692057600,"nanoseconds":0},"android_description":"This course will provide students with extensive hands-on exercises and labs that emulate real-life security operation center tasks and related technologies.","updated_timestamp":{"seconds":1691979360,"nanoseconds":0},"speakers":[{"content_ids":[52426],"conference_id":96,"event_ids":[52732],"name":"Rod Soto","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51645}],"timeband_id":1090,"links":[],"end":"2023-08-15T00:00:00.000-0000","id":52732,"begin_timestamp":{"seconds":1692025200,"nanoseconds":0},"village_id":null,"tag_ids":[45641,45743],"includes":"","people":[{"tag_id":45878,"sort_order":1,"person_id":51645}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45722},"spans_timebands":"N","begin":"2023-08-14T15:00:00.000-0000","updated":"2023-08-14T02:16:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This is a unique course that is on the cloud and for the cloud. It helps train individuals on cloud terminologies and enables them to build scalable defense mechanisms for their services running in the public cloud. The training explicitly focuses on threat detection, Incident response, malware investigations, and forensic analysis of cloud infrastructure which is still a very less known domain in the market. The training will not use cloud-native security tools, but will focus more on building generic analysis pipelines that can be implemented in any cloud environment.\r\n\r\n- Using cloud native technologies to build your own security services for your applications and services running in the cloud.\r\n- Building real-time detection, monitoring and response capabilities for threat tracking and intelligence gathering. \r\n- Building Advanced automated pipelines through Detection-as-code features to defend public cloud infrastructures.\r\n\r\n## Who Should Take This Course:\r\n\r\n- Red Team members\r\n- Blue team and Purple team members\r\n- Cloud Security Teams \r\n- Incident responders, Analysts\r\n- Malware investigators and Analysts \r\n- Threat intelligence analysts and Responders\n\n\n","title":"Cloud Security Masterclass Defender's Guide to Securing AWS & Azure Infrastructure","type":{"conference_id":96,"conference":"DEFCON31","color":"#767daa","updated_at":"2024-06-07T03:38+0000","name":"Paid Training","id":45641},"end_timestamp":{"seconds":1692057600,"nanoseconds":0},"android_description":"This is a unique course that is on the cloud and for the cloud. It helps train individuals on cloud terminologies and enables them to build scalable defense mechanisms for their services running in the public cloud. The training explicitly focuses on threat detection, Incident response, malware investigations, and forensic analysis of cloud infrastructure which is still a very less known domain in the market. The training will not use cloud-native security tools, but will focus more on building generic analysis pipelines that can be implemented in any cloud environment.\r\n\r\n- Using cloud native technologies to build your own security services for your applications and services running in the cloud.\r\n- Building real-time detection, monitoring and response capabilities for threat tracking and intelligence gathering. \r\n- Building Advanced automated pipelines through Detection-as-code features to defend public cloud infrastructures.\r\n\r\n## Who Should Take This Course:\r\n\r\n- Red Team members\r\n- Blue team and Purple team members\r\n- Cloud Security Teams \r\n- Incident responders, Analysts\r\n- Malware investigators and Analysts \r\n- Threat intelligence analysts and Responders","updated_timestamp":{"seconds":1691979240,"nanoseconds":0},"speakers":[],"timeband_id":1090,"links":[],"end":"2023-08-15T00:00:00.000-0000","id":52731,"begin_timestamp":{"seconds":1692025200,"nanoseconds":0},"tag_ids":[45641,45743],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45722},"updated":"2023-08-14T02:14:00.000-0000","begin":"2023-08-14T15:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Teach students how to identify vulnerabilities in web applications and digital assets from an external perspective.\n\n\n","title":"Hacking Organizations: Phishing Not Required","type":{"conference_id":96,"conference":"DEFCON31","color":"#767daa","updated_at":"2024-06-07T03:38+0000","name":"Paid Training","id":45641},"android_description":"Teach students how to identify vulnerabilities in web applications and digital assets from an external perspective.","end_timestamp":{"seconds":1692057600,"nanoseconds":0},"updated_timestamp":{"seconds":1691979180,"nanoseconds":0},"speakers":[{"content_ids":[50592,51070,51977,52424],"conference_id":96,"event_ids":[52729,50857,52730,51103,52171],"name":"Ben \"NahamSec\" Sadeghipour","affiliations":[{"organization":"NahamSec","title":"Hacker & Content Creator"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/nahamsec"}],"pronouns":"she/her","media":[],"id":49825,"title":"Hacker & Content Creator at NahamSec"}],"timeband_id":1090,"links":[],"end":"2023-08-15T00:00:00.000-0000","id":52729,"tag_ids":[45641],"begin_timestamp":{"seconds":1692025200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45878,"sort_order":1,"person_id":49825}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45722},"spans_timebands":"N","updated":"2023-08-14T02:13:00.000-0000","begin":"2023-08-14T15:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Most organisations utilise web applications. Due to the exposed nature of web applications and complex business logic they contain, they are a valuable target for attackers. Throughout this course focus will be placed on the various vulnerabilities that could affect web applications.\r\n\r\nThis course will teach you how to analyse web applications for vulnerabilities and teach you how to exploit them in order improve your understanding of the inner workings and the associated risks.\r\n\r\n Practical exposure to hacking web application will provide developers a deeper understanding of the potential threats and issues that could find its way into the development lifecycle and furthermore ensure that penetration testers are well versed with the discovery and exploitation of web related issues.\r\n\r\n Key Points:\r\n\r\n* Greater understanding of the risks associated with web applications\r\n\r\n* A good understanding of the tools and techniques for examining web applications\r\n\r\n* Practical skills to exploit a wide variety of web application vulnerabilities\r\n\r\n We have been conducting penetration tests against web applications for nearly two decades have pulled out the most relevant and fun hacks we could find into this course.\r\n\r\nCome join us and hack hard!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#767daa","name":"Paid Training","id":45641},"title":"Web Hacking Bootcamp","end_timestamp":{"seconds":1692057600,"nanoseconds":0},"android_description":"Most organisations utilise web applications. Due to the exposed nature of web applications and complex business logic they contain, they are a valuable target for attackers. Throughout this course focus will be placed on the various vulnerabilities that could affect web applications.\r\n\r\nThis course will teach you how to analyse web applications for vulnerabilities and teach you how to exploit them in order improve your understanding of the inner workings and the associated risks.\r\n\r\n Practical exposure to hacking web application will provide developers a deeper understanding of the potential threats and issues that could find its way into the development lifecycle and furthermore ensure that penetration testers are well versed with the discovery and exploitation of web related issues.\r\n\r\n Key Points:\r\n\r\n* Greater understanding of the risks associated with web applications\r\n\r\n* A good understanding of the tools and techniques for examining web applications\r\n\r\n* Practical skills to exploit a wide variety of web application vulnerabilities\r\n\r\n We have been conducting penetration tests against web applications for nearly two decades have pulled out the most relevant and fun hacks we could find into this course.\r\n\r\nCome join us and hack hard!","updated_timestamp":{"seconds":1691979120,"nanoseconds":0},"speakers":[{"content_ids":[52423],"conference_id":96,"event_ids":[52727,52728],"name":"Szymon Ziolkowski","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/TH3_GOAT_FARM3R"}],"pronouns":null,"media":[],"id":51643}],"timeband_id":1090,"links":[],"end":"2023-08-15T00:00:00.000-0000","id":52727,"tag_ids":[45641,45743],"village_id":null,"begin_timestamp":{"seconds":1692025200,"nanoseconds":0},"includes":"","people":[{"tag_id":45878,"sort_order":1,"person_id":51643}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45722},"spans_timebands":"N","begin":"2023-08-14T15:00:00.000-0000","updated":"2023-08-14T02:12:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Introduction to APIs, Engaging and exploring APIs, Enumerate the API Attack Surface, Demystifying the OWASP Top 10 for APIs, Exploring GraphQL, Capture The Flag Exercise\n\n\n","title":"API Exploration and Exploitation","type":{"conference_id":96,"conference":"DEFCON31","color":"#767daa","updated_at":"2024-06-07T03:38+0000","name":"Paid Training","id":45641},"end_timestamp":{"seconds":1692057600,"nanoseconds":0},"android_description":"Introduction to APIs, Engaging and exploring APIs, Enumerate the API Attack Surface, Demystifying the OWASP Top 10 for APIs, Exploring GraphQL, Capture The Flag Exercise","updated_timestamp":{"seconds":1691979000,"nanoseconds":0},"speakers":[{"content_ids":[52422],"conference_id":96,"event_ids":[52725,52726],"name":"Aubrey Labuschagne (William)","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51642}],"timeband_id":1090,"links":[],"end":"2023-08-15T00:00:00.000-0000","id":52725,"tag_ids":[45641,45743],"village_id":null,"begin_timestamp":{"seconds":1692025200,"nanoseconds":0},"includes":"","people":[{"tag_id":45878,"sort_order":1,"person_id":51642}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45722},"begin":"2023-08-14T15:00:00.000-0000","updated":"2023-08-14T02:10:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Domain object relationships and their abuse, Kerberos protocol and its abuse, Active Directory Certificate services and their abuse.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#767daa","name":"Paid Training","id":45641},"title":"Advanced Active Directory Manipulation","android_description":"Domain object relationships and their abuse, Kerberos protocol and its abuse, Active Directory Certificate services and their abuse.","end_timestamp":{"seconds":1692057600,"nanoseconds":0},"updated_timestamp":{"seconds":1691978880,"nanoseconds":0},"speakers":[{"content_ids":[52421],"conference_id":96,"event_ids":[52723,52724],"name":"John Iatridis","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/xpirabit"}],"media":[],"id":51641}],"timeband_id":1090,"links":[],"end":"2023-08-15T00:00:00.000-0000","id":52723,"begin_timestamp":{"seconds":1692025200,"nanoseconds":0},"tag_ids":[45641,45743],"village_id":null,"includes":"","people":[{"tag_id":45878,"sort_order":1,"person_id":51641}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45722},"spans_timebands":"N","updated":"2023-08-14T02:08:00.000-0000","begin":"2023-08-14T15:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This course introduces a proven methodology and framework for performing a secure code review, as well as addressing common challenges in modern secure code review.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#767daa","name":"Paid Training","id":45641},"title":"Practical Code Review","android_description":"This course introduces a proven methodology and framework for performing a secure code review, as well as addressing common challenges in modern secure code review.","end_timestamp":{"seconds":1692057600,"nanoseconds":0},"updated_timestamp":{"seconds":1691978700,"nanoseconds":0},"speakers":[{"content_ids":[52420],"conference_id":96,"event_ids":[52721,52722],"name":"Seth Law","affiliations":[{"organization":"Absolute AppSec Podcast","title":"Cohost"},{"organization":"Redpoint Security","title":"Founder"},{"organization":"HackerTracker","title":"Developer"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/sethlaw"}],"pronouns":null,"media":[{"hash_sha256":"a47f43ec6b6d8f26231ae7e2aef8ed0253c9f3f2e20980acd73c634ccde2230d","filetype":"image/jpeg","hash_md5":"b866889e63c6f192a87413b4bc86691b","name":"seth_law.jpg","hash_crc32c":"5f4bd2e7","asset_id":274,"filesize":41192,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/DEFCON31%2Fseth_law.jpg?alt=media","person_id":50513}],"id":50513,"title":"Developer at HackerTracker"},{"content_ids":[52420],"conference_id":96,"event_ids":[52721,52722],"name":"Ken Johnson","affiliations":[],"links":[],"pronouns":"he/him","media":[],"id":51640}],"timeband_id":1090,"links":[],"end":"2023-08-15T00:00:00.000-0000","id":52721,"begin_timestamp":{"seconds":1692025200,"nanoseconds":0},"tag_ids":[45641,45743],"village_id":null,"includes":"","people":[{"tag_id":45878,"sort_order":1,"person_id":51640},{"tag_id":45878,"sort_order":1,"person_id":50513}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45722},"spans_timebands":"N","begin":"2023-08-14T15:00:00.000-0000","updated":"2023-08-14T02:05:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"We’re going to rip open pcaps with Wireshark and learn how this protocol really works.\n\n\n","title":"TCP/IP Deep Dive for Ethical Hackers – Featuring Wireshark","type":{"conference_id":96,"conference":"DEFCON31","color":"#767daa","updated_at":"2024-06-07T03:38+0000","name":"Paid Training","id":45641},"end_timestamp":{"seconds":1692057600,"nanoseconds":0},"android_description":"We’re going to rip open pcaps with Wireshark and learn how this protocol really works.","updated_timestamp":{"seconds":1691978520,"nanoseconds":0},"speakers":[{"content_ids":[50616,52419],"conference_id":96,"event_ids":[52719,52720,50724],"name":"Chris Greer","affiliations":[{"organization":"Packet Pioneer","title":"Network Analyst and Wireshark Instructor"}],"links":[],"pronouns":null,"media":[],"id":49865,"title":"Network Analyst and Wireshark Instructor at Packet Pioneer"}],"timeband_id":1090,"links":[],"end":"2023-08-15T00:00:00.000-0000","id":52719,"village_id":null,"tag_ids":[45641,45743],"begin_timestamp":{"seconds":1692025200,"nanoseconds":0},"includes":"","people":[{"tag_id":45878,"sort_order":1,"person_id":49865}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45722},"updated":"2023-08-14T02:02:00.000-0000","begin":"2023-08-14T15:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Cryptography is everywhere, whether you like it or not. Our laptops, phones, printers, cars, bank cards and washing machines use cryptography to authenticate, keep things confidential and make sure messages aren’t tampered with. However, very often developers, pentesters, system designers and code auditors are confronted with cryptography without having the gear to properly assess security of a specific use case.\r\n\r\nDuring this training we'll deep-dive into modern cryptography. We'll learn how it works, how it is often times misused and how that leads to exploitable bugs. Moreover, participants will learn how common cryptography screwups can be exploited. To foster skills, participants will write their own exploits and use them on real world systems provided by us.\r\n\r\nThe first day will prepare you for (ab)using cryptography in products and services by going over the basic terminology, explaining modern primitives and showing common misuses of those primitives. You'll learn about tools and techniques to abuse such misuses along the way. On day two, we'll move on to more advanced primitives used in asymmetric cryptography and see how everything we have learned is employed in protocols and standards (such as TLS, JWT and FIDO).\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#767daa","name":"Paid Training","id":45641},"title":"Hacking Cryptography","end_timestamp":{"seconds":1692057600,"nanoseconds":0},"android_description":"Cryptography is everywhere, whether you like it or not. Our laptops, phones, printers, cars, bank cards and washing machines use cryptography to authenticate, keep things confidential and make sure messages aren’t tampered with. However, very often developers, pentesters, system designers and code auditors are confronted with cryptography without having the gear to properly assess security of a specific use case.\r\n\r\nDuring this training we'll deep-dive into modern cryptography. We'll learn how it works, how it is often times misused and how that leads to exploitable bugs. Moreover, participants will learn how common cryptography screwups can be exploited. To foster skills, participants will write their own exploits and use them on real world systems provided by us.\r\n\r\nThe first day will prepare you for (ab)using cryptography in products and services by going over the basic terminology, explaining modern primitives and showing common misuses of those primitives. You'll learn about tools and techniques to abuse such misuses along the way. On day two, we'll move on to more advanced primitives used in asymmetric cryptography and see how everything we have learned is employed in protocols and standards (such as TLS, JWT and FIDO).","updated_timestamp":{"seconds":1691978460,"nanoseconds":0},"speakers":[{"content_ids":[52418],"conference_id":96,"event_ids":[52717,52718],"name":"Ruben Gonzalez","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51638},{"content_ids":[52418],"conference_id":96,"event_ids":[52717,52718],"name":"Tim Schmidt","affiliations":[],"links":[],"pronouns":"he/him","media":[],"id":51639}],"timeband_id":1090,"links":[],"end":"2023-08-15T00:00:00.000-0000","id":52717,"tag_ids":[45641,45743],"begin_timestamp":{"seconds":1692025200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45878,"sort_order":1,"person_id":51638},{"tag_id":45878,"sort_order":1,"person_id":51639}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45722},"begin":"2023-08-14T15:00:00.000-0000","updated":"2023-08-14T02:01:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Identify vulnerabilities in Smart Contracts written in Solidity\n\n\n","title":"Hackable.sol: Smart Contract Hacking in Solidity","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#767daa","name":"Paid Training","id":45641},"end_timestamp":{"seconds":1692057600,"nanoseconds":0},"android_description":"Identify vulnerabilities in Smart Contracts written in Solidity","updated_timestamp":{"seconds":1691977800,"nanoseconds":0},"speakers":[{"content_ids":[52417],"conference_id":96,"event_ids":[52715,52716],"name":"Davide Cioccia","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51637}],"timeband_id":1090,"links":[],"end":"2023-08-15T00:00:00.000-0000","id":52715,"tag_ids":[45641,45743],"village_id":null,"begin_timestamp":{"seconds":1692025200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51637}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45722},"spans_timebands":"N","updated":"2023-08-14T01:50:00.000-0000","begin":"2023-08-14T15:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Tactics, Techniques, and Procedures (TTPs) to attack and assess Kubernetes clusters environments at different layers.\n\n\n","title":"A Practical Approach to Breaking & Pwning Kubernetes Clusters","type":{"conference_id":96,"conference":"DEFCON31","color":"#767daa","updated_at":"2024-06-07T03:38+0000","name":"Paid Training","id":45641},"android_description":"Tactics, Techniques, and Procedures (TTPs) to attack and assess Kubernetes clusters environments at different layers.","end_timestamp":{"seconds":1692057600,"nanoseconds":0},"updated_timestamp":{"seconds":1691977740,"nanoseconds":0},"speakers":[{"content_ids":[52416],"conference_id":96,"event_ids":[52713,52714],"name":"Madhu Akula","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51636}],"timeband_id":1090,"links":[],"end":"2023-08-15T00:00:00.000-0000","id":52713,"tag_ids":[45641,45743],"begin_timestamp":{"seconds":1692025200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51636}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45722},"spans_timebands":"N","updated":"2023-08-14T01:49:00.000-0000","begin":"2023-08-14T15:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This class is a beginner's introduction to practical Software Defined Radio (SDR) applications and development with an emphasis on hands-on learning. If you have ever been curious about the invisible world of radio waves and signals all around you, but didn't know where to begin, then this course is for you. Students can expect to learn about basic RF theory and SDR architecture before moving on to hands-on development with real radios. Over the two-day course, the instructor will guide students through progressively more complicated RF concepts and waveforms, culminating in a small capstone CTF exercise. Students will be provided with a HackRF SDR for the duration of the class but will need to bring their own laptop to interface with the radio. VMs will be made available to students to download before class, along with an OS setup guide for those that prefer a bare-metal install. The VM/OS will have all the required drivers and frameworks to interface with the radio hardware, allowing us to jump right into hands-on exercises. My intent for this course is to lower the barrier of entry associated with RF hacking and give beginning students a practical understanding of RF and DSP applications with SDRs.\n\n\n","title":"Software Defined Radios 101","type":{"conference_id":96,"conference":"DEFCON31","color":"#767daa","updated_at":"2024-06-07T03:38+0000","name":"Paid Training","id":45641},"end_timestamp":{"seconds":1692057600,"nanoseconds":0},"android_description":"This class is a beginner's introduction to practical Software Defined Radio (SDR) applications and development with an emphasis on hands-on learning. If you have ever been curious about the invisible world of radio waves and signals all around you, but didn't know where to begin, then this course is for you. Students can expect to learn about basic RF theory and SDR architecture before moving on to hands-on development with real radios. Over the two-day course, the instructor will guide students through progressively more complicated RF concepts and waveforms, culminating in a small capstone CTF exercise. Students will be provided with a HackRF SDR for the duration of the class but will need to bring their own laptop to interface with the radio. VMs will be made available to students to download before class, along with an OS setup guide for those that prefer a bare-metal install. The VM/OS will have all the required drivers and frameworks to interface with the radio hardware, allowing us to jump right into hands-on exercises. My intent for this course is to lower the barrier of entry associated with RF hacking and give beginning students a practical understanding of RF and DSP applications with SDRs.","updated_timestamp":{"seconds":1691977620,"nanoseconds":0},"speakers":[{"content_ids":[52415],"conference_id":96,"event_ids":[52712],"name":"Richard","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51635}],"timeband_id":1090,"links":[],"end":"2023-08-15T00:00:00.000-0000","id":52712,"tag_ids":[45641,45743],"village_id":null,"begin_timestamp":{"seconds":1692025200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51635}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Caesars Forum","hotel":"","short_name":"Caesars Forum","id":45722},"spans_timebands":"N","updated":"2023-08-14T01:47:00.000-0000","begin":"2023-08-14T15:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The end is here! DEF CON 31 is at a close and we want to thank everyone who participated, contributed, retired, promoted, and won contests. DEF CON departments will share stats, info, and data collected throughout the weekend related to the network, code of conduct transparency, stats on attendee participation in events, and more. This is the ceremony where we also announce the contestants who've won a prestige UBER badge for select contests.\n\n\n","title":"DEF CON Closing Ceremonies & Awards","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691973000,"nanoseconds":0},"android_description":"The end is here! DEF CON 31 is at a close and we want to thank everyone who participated, contributed, retired, promoted, and won contests. DEF CON departments will share stats, info, and data collected throughout the weekend related to the network, code of conduct transparency, stats on attendee participation in events, and more. This is the ceremony where we also announce the contestants who've won a prestige UBER badge for select contests.","updated_timestamp":{"seconds":1690862700,"nanoseconds":0},"speakers":[{"content_ids":[50593,50677,50679,50680],"conference_id":96,"event_ids":[50780,50790,50799,50852],"name":"Jeff \"The Dark Tangent\" Moss","affiliations":[{"organization":"DEF CON Communications","title":""}],"links":[{"description":"","title":"Mastodon (@thedarktangent@defcon.social)","sort_order":0,"url":"https://defcon.social/@thedarktangent"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/thedarktangent"}],"pronouns":"he/him","id":49741,"media":[{"hash_sha256":"f53ed4086958b3703d597c50fe74eef1800cf474aa3d17c0895bf89d6c05716f","filetype":"image/jpeg","hash_md5":"8104a1f4b82a4241208b7f6b9112ebf2","name":"thedarktangent_avatar.jpeg","hash_crc32c":"4ae7af86","asset_id":273,"filesize":2064,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/DEFCON31%2Fthedarktangent_avatar.jpeg?alt=media","person_id":49741}],"title":"DEF CON Communications"}],"timeband_id":992,"links":[],"end":"2023-08-14T00:30:00.000-0000","id":50780,"begin_timestamp":{"seconds":1691965800,"nanoseconds":0},"village_id":null,"tag_ids":[45589,45646,45766],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49741}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 105, 135-136, 108-119, 138-139 - Tracks 1 & 2","hotel":"","short_name":"Forum - Tracks 1 & 2","id":45800},"spans_timebands":"N","updated":"2023-08-01T04:05:00.000-0000","begin":"2023-08-13T22:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"SUNDAY CANCELED: Bypass 102","android_description":"","end_timestamp":{"seconds":1691964000,"nanoseconds":0},"updated_timestamp":{"seconds":1691957700,"nanoseconds":0},"speakers":[{"content_ids":[52388,52392,52397],"conference_id":96,"event_ids":[52688,52679,52683],"name":"Ege","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51607}],"timeband_id":992,"links":[],"end":"2023-08-13T22:00:00.000-0000","id":52688,"begin_timestamp":{"seconds":1691962200,"nanoseconds":0},"tag_ids":[40290,45645,45647,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51607}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Carson City - Physical Security Village","hotel":"","short_name":"Carson City - Physical Security Village","id":45679},"spans_timebands":"N","begin":"2023-08-13T21:30:00.000-0000","updated":"2023-08-13T20:15:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"SUNDAY CANCELED: Bypass 101","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691962200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691957700,"nanoseconds":0},"speakers":[{"content_ids":[52391,52396],"conference_id":96,"event_ids":[52682,52687],"name":"Terry","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51608}],"timeband_id":992,"links":[],"end":"2023-08-13T21:30:00.000-0000","id":52687,"village_id":null,"begin_timestamp":{"seconds":1691960400,"nanoseconds":0},"tag_ids":[40290,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51608}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Carson City - Physical Security Village","hotel":"","short_name":"Carson City - Physical Security Village","id":45679},"spans_timebands":"N","updated":"2023-08-13T20:15:00.000-0000","begin":"2023-08-13T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Be a member of the jury as two lawyers prosecute and defend a hacker (live on the stand) in a made up scenario. You, the audience, will decide if the hacker was caught in the act, or if the attribution was all a false flag. Learn through the trial what evidence you don’t want to leave behind in an op, what D&R can and should collect, and how criminals who conduct cybercrime actually get prosecuted.\r\n\r\nREFERENCES: \r\nhttps://www.cnet.com/tech/services-and-software/use-cnet-shopping-to-seek-out-the-best-deals/ \r\nhttps://www.steptoecyberblog.com/files/2012/11/ccmanual1.pdf \r\nhttps://www.justice.gov/sites/default/files/criminal-ccips/legacy/2015/03/26/forensics_chart.pdf \r\nhttps://www.justice.gov/archives/opa/blog/important-court-opinion-holds-lawful-warrants-can-be-used-obtain-evidence-us-internet \r\nhttps://www.19thcircuitcourt.state.il.us/1610/Guide-to-Conducting-Mock-Trials\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"title":"Panel: Hacker Court - Interactive Scenario","end_timestamp":{"seconds":1691964900,"nanoseconds":0},"android_description":"Be a member of the jury as two lawyers prosecute and defend a hacker (live on the stand) in a made up scenario. You, the audience, will decide if the hacker was caught in the act, or if the attribution was all a false flag. Learn through the trial what evidence you don’t want to leave behind in an op, what D&R can and should collect, and how criminals who conduct cybercrime actually get prosecuted.\r\n\r\nREFERENCES: \r\nhttps://www.cnet.com/tech/services-and-software/use-cnet-shopping-to-seek-out-the-best-deals/ \r\nhttps://www.steptoecyberblog.com/files/2012/11/ccmanual1.pdf \r\nhttps://www.justice.gov/sites/default/files/criminal-ccips/legacy/2015/03/26/forensics_chart.pdf \r\nhttps://www.justice.gov/archives/opa/blog/important-court-opinion-holds-lawful-warrants-can-be-used-obtain-evidence-us-internet \r\nhttps://www.19thcircuitcourt.state.il.us/1610/Guide-to-Conducting-Mock-Trials","updated_timestamp":{"seconds":1688181060,"nanoseconds":0},"speakers":[{"content_ids":[50657],"conference_id":96,"event_ids":[50848],"name":"winn0na","affiliations":[{"organization":"Policy @DEFCON","title":"Hacker"}],"links":[],"pronouns":"she/her","media":[],"id":49947,"title":"Hacker at Policy @DEFCON"}],"timeband_id":992,"end":"2023-08-13T22:15:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246110"}],"id":50848,"tag_ids":[45589,45646,45766],"village_id":null,"begin_timestamp":{"seconds":1691960400,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49947}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 407-410 - Track 4","hotel":"","short_name":"Academy - 407-410 - Track 4","id":45799},"spans_timebands":"N","begin":"2023-08-13T21:00:00.000-0000","updated":"2023-07-01T03:11:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In this talk we will discuss the radio jailbreaking journey that enabled us to perform the first public disclosure and analysis of the proprietary cryptography used in TETRA (Terrestrial Trunked Radio): a standard used globally by government agencies, police, prisons, and military operators as well as critical infrastructure such as SCADA telecontrol of oil rigs, pipelines, transportation and electric and water utilities.\r\n\r\nFor decades, the underlying algorithms have remained secret under restrictive NDAs prohibiting public scrutiny of this critical technology. In this talk, we will make public the TETRA cipher suites (TEA and TAA1 to be precise), one of the last bastions of widely deployed secret crypto, and discuss in-depth how we managed to obtain them.\r\n\r\nWe will discuss several different flaws we uncovered allowing passive or active adversaries to intercept and manipulate TETRA traffic, including details of a backdoored stream cipher.\r\n\r\nThis journey involved reverse-engineering and exploiting multiple 0-day vulnerabilities in the popular Motorola MTM5x00 radio and its TI OMAP-L138 TEE and covers everything from side-channel attacks on DSPs to writing your own decompilers. We will also discuss how we gained code execution on and instrumented a Motorola MBTS TETRA base station for research purposes.\r\n\r\nREFERENCES: \r\n - Daniel J Bernstein. Cache-timing attacks on AES. 2005.\r\n - Shuwen Duan. Security analysis of TETRA. Master’s thesis, Institutt for telematikk, 2013.\r\n - Jonas Olofsson. Design and implementation of SIM functionality for TETRA-system on a smart card, 2012.\r\n - Yong-Seok Park, Choon-Soo Kim, and Jae-Cheol Ryou. The vulnerability analysis and improvement of the TETRA authentication protocol. 2010\r\n - Martin Pfeiffer, Jan-Pascal Kwiotek, Jiska Classen, Robin Klose,and Matthias Hollick. Analyzing TETRA location privacy and network availability. 2016\r\n - Marek Sebera Tomáš Suchan. TETRA networks security, 2015.\r\n - Zhi-Hui Zhang and Yi-Xian Yang. Research on endto-end encryption of TETRA. 2006\r\n - Müller, Uwe ; Hauck, Eicke ; Welz, Timm ; Classen, Jiska ; Hollick, Matthias. Dinosaur Resurrection: PowerPC Binary Patching for Base Station Analysis. 2021\r\n\n\n\n","title":"TETRA tour de force: Jailbreaking digital radios and base stations for fun and secrets","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691964900,"nanoseconds":0},"android_description":"In this talk we will discuss the radio jailbreaking journey that enabled us to perform the first public disclosure and analysis of the proprietary cryptography used in TETRA (Terrestrial Trunked Radio): a standard used globally by government agencies, police, prisons, and military operators as well as critical infrastructure such as SCADA telecontrol of oil rigs, pipelines, transportation and electric and water utilities.\r\n\r\nFor decades, the underlying algorithms have remained secret under restrictive NDAs prohibiting public scrutiny of this critical technology. In this talk, we will make public the TETRA cipher suites (TEA and TAA1 to be precise), one of the last bastions of widely deployed secret crypto, and discuss in-depth how we managed to obtain them.\r\n\r\nWe will discuss several different flaws we uncovered allowing passive or active adversaries to intercept and manipulate TETRA traffic, including details of a backdoored stream cipher.\r\n\r\nThis journey involved reverse-engineering and exploiting multiple 0-day vulnerabilities in the popular Motorola MTM5x00 radio and its TI OMAP-L138 TEE and covers everything from side-channel attacks on DSPs to writing your own decompilers. We will also discuss how we gained code execution on and instrumented a Motorola MBTS TETRA base station for research purposes.\r\n\r\nREFERENCES: \r\n - Daniel J Bernstein. Cache-timing attacks on AES. 2005.\r\n - Shuwen Duan. Security analysis of TETRA. Master’s thesis, Institutt for telematikk, 2013.\r\n - Jonas Olofsson. Design and implementation of SIM functionality for TETRA-system on a smart card, 2012.\r\n - Yong-Seok Park, Choon-Soo Kim, and Jae-Cheol Ryou. The vulnerability analysis and improvement of the TETRA authentication protocol. 2010\r\n - Martin Pfeiffer, Jan-Pascal Kwiotek, Jiska Classen, Robin Klose,and Matthias Hollick. Analyzing TETRA location privacy and network availability. 2016\r\n - Marek Sebera Tomáš Suchan. TETRA networks security, 2015.\r\n - Zhi-Hui Zhang and Yi-Xian Yang. Research on endto-end encryption of TETRA. 2006\r\n - Müller, Uwe ; Hauck, Eicke ; Welz, Timm ; Classen, Jiska ; Hollick, Matthias. Dinosaur Resurrection: PowerPC Binary Patching for Base Station Analysis. 2021","updated_timestamp":{"seconds":1690263180,"nanoseconds":0},"speakers":[{"content_ids":[50581],"conference_id":96,"event_ids":[50812],"name":"Carlo Meijer","affiliations":[{"organization":"Midnight Blue","title":"Founding Partner and Security Researcher"}],"links":[],"pronouns":"he/him","media":[],"id":49806,"title":"Founding Partner and Security Researcher at Midnight Blue"},{"content_ids":[50581],"conference_id":96,"event_ids":[50812],"name":"Wouter Bokslag","affiliations":[{"organization":"Midnight Blue","title":"Founding Partner and Security Researcher"}],"links":[],"pronouns":"he/him","media":[],"id":49807,"title":"Founding Partner and Security Researcher at Midnight Blue"},{"content_ids":[50581],"conference_id":96,"event_ids":[50812],"name":"Jos Wetzels","affiliations":[{"organization":"Midnight Blue","title":"Founding Partner and Security Researcher"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/s4mvartaka"}],"media":[],"id":49808,"title":"Founding Partner and Security Researcher at Midnight Blue"}],"timeband_id":992,"end":"2023-08-13T22:15:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245752"}],"id":50812,"begin_timestamp":{"seconds":1691960400,"nanoseconds":0},"village_id":null,"tag_ids":[45589,45592,45629,45630,45646,45766],"includes":"Tool 🛠, Demo 💻, Exploit 🪲","people":[{"tag_id":45590,"sort_order":1,"person_id":49806},{"tag_id":45590,"sort_order":1,"person_id":49808},{"tag_id":45590,"sort_order":1,"person_id":49807}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 130-134 - Track 3","hotel":"","short_name":"Forum - 130-134 - Track 3","id":45798},"updated":"2023-07-25T05:33:00.000-0000","begin":"2023-08-13T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Contests announce winners, discuss game play and the outcome of some of the [sixty-five different contests held at DEF CON 31](https://forum.defcon.org/node/244766).\r\n\r\nBlack Badge (UBER) Winners will be announced at the DEF CON Closing ceremonies & awards, immediately following this session. \r\n\n\n\n","title":"Contest Closing Ceremonies & Awards","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691964900,"nanoseconds":0},"android_description":"Contests announce winners, discuss game play and the outcome of some of the [sixty-five different contests held at DEF CON 31](https://forum.defcon.org/node/244766).\r\n\r\nBlack Badge (UBER) Winners will be announced at the DEF CON Closing ceremonies & awards, immediately following this session.","updated_timestamp":{"seconds":1690588380,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T22:15:00.000-0000","id":50779,"village_id":null,"tag_ids":[45589,45646,45766],"begin_timestamp":{"seconds":1691960400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 105, 135-136, 108-119, 138-139 - Tracks 1 & 2","hotel":"","short_name":"Forum - Tracks 1 & 2","id":45800},"spans_timebands":"N","begin":"2023-08-13T21:00:00.000-0000","updated":"2023-07-28T23:53:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Developing firmware is an essential skill that cyber security professionals should be familiar with to gain a deeper understanding of the foundation of most systems that are being relied on. Additionally, a fundamental understanding of firmware development is a valuable asset in the realm of firmware reverse engineering. This hands-on workshop aims to tackle both directions of firmware (development/reversing) to give the audience a better understanding of the intricacies with each process. The firmware development portion of the workshop will walk the audience through a guided activity that performs the basic steps to deploy a firmware application on an embedded microcontroller (STM32). The application will be developed in such a way that it is intended to be reversed. The second half of the workshop deals with the firmware binary and the steps necessary to fully recover the firmware as much as possible. An important note is that these tools and firmware will be open-source and therefore the audience can attempt this work on their own. Takeaways from this talk include an understanding of bare metal development environments, embedded C code, memory mapping and peripherals, as well as an intermediate understanding of Ghidra.\n\n\n","title":"Bare Metal Firmware Development and Reverse Engineering","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"Developing firmware is an essential skill that cyber security professionals should be familiar with to gain a deeper understanding of the foundation of most systems that are being relied on. Additionally, a fundamental understanding of firmware development is a valuable asset in the realm of firmware reverse engineering. This hands-on workshop aims to tackle both directions of firmware (development/reversing) to give the audience a better understanding of the intricacies with each process. The firmware development portion of the workshop will walk the audience through a guided activity that performs the basic steps to deploy a firmware application on an embedded microcontroller (STM32). The application will be developed in such a way that it is intended to be reversed. The second half of the workshop deals with the firmware binary and the steps necessary to fully recover the firmware as much as possible. An important note is that these tools and firmware will be open-source and therefore the audience can attempt this work on their own. Takeaways from this talk include an understanding of bare metal development environments, embedded C code, memory mapping and peripherals, as well as an intermediate understanding of Ghidra.","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"updated_timestamp":{"seconds":1689117600,"nanoseconds":0},"speakers":[{"content_ids":[51040,51058],"conference_id":96,"event_ids":[51072,51090],"name":"Caleb Davis","affiliations":[{"organization":"Protiviti","title":""}],"links":[],"pronouns":null,"media":[],"id":50223,"title":"Protiviti"},{"content_ids":[51040,51058],"conference_id":96,"event_ids":[51072,51090],"name":"Nathan Smith","affiliations":[{"organization":"Protiviti","title":""}],"links":[],"pronouns":null,"media":[],"id":50224,"title":"Protiviti"}],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":51090,"tag_ids":[45645,45647,45717],"village_id":68,"begin_timestamp":{"seconds":1691958000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50223},{"tag_id":45590,"sort_order":1,"person_id":50224}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Laughlin I,II,III - Biohacking Village","hotel":"","short_name":"Laughlin I,II,III - Biohacking Village","id":45663},"updated":"2023-07-11T23:20:00.000-0000","begin":"2023-08-13T20:20:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Jeff & Logan, Security Engineers at GitHub, share best practices they’ve learned regarding building and operating Bug Bounty programs based on their experiences working at and with multiple companies. Come and learn from their mistakes and successes so that you can be set up for success, attract researchers to your program, and keep them coming back!\n\n\n","title":"Scoping for Success (Building a Great Bug Bounty program)","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"Jeff & Logan, Security Engineers at GitHub, share best practices they’ve learned regarding building and operating Bug Bounty programs based on their experiences working at and with multiple companies. Come and learn from their mistakes and successes so that you can be set up for success, attract researchers to your program, and keep them coming back!","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52140],"conference_id":96,"event_ids":[52359],"name":"Jeffrey Guerra","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/jeffrey-guerra"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/s2jeff_gh"}],"pronouns":null,"media":[],"id":51348},{"content_ids":[52140],"conference_id":96,"event_ids":[52359],"name":"Logan MacLaren","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/loganmaclaren/"}],"pronouns":null,"media":[],"id":51359}],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52359,"begin_timestamp":{"seconds":1691957700,"nanoseconds":0},"tag_ids":[40297,45645,45647,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51348},{"tag_id":45590,"sort_order":1,"person_id":51359}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Main Stage","hotel":"","short_name":"AppSec Village - Main Stage","id":45960},"begin":"2023-08-13T20:15:00.000-0000","updated":"2023-08-03T15:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"SUNDAY CANCELED: Access Control Vulnerabilities: Breaking Into Buildings With Computers","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691960400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691957700,"nanoseconds":0},"speakers":[{"content_ids":[52385,52387,52395],"conference_id":96,"event_ids":[52676,52678,52686],"name":"Chad","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51604},{"content_ids":[52385,52387,52395],"conference_id":96,"event_ids":[52676,52678,52686],"name":"Shortman","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51609}],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52686,"tag_ids":[40290,45645,45647,45743],"village_id":null,"begin_timestamp":{"seconds":1691956800,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51604},{"tag_id":45590,"sort_order":1,"person_id":51609}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Carson City - Physical Security Village","hotel":"","short_name":"Carson City - Physical Security Village","id":45679},"spans_timebands":"N","updated":"2023-08-13T20:15:00.000-0000","begin":"2023-08-13T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.\n\n\n","title":"Intro to Lockpicking","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"android_description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.","end_timestamp":{"seconds":1691958600,"nanoseconds":0},"updated_timestamp":{"seconds":1691288580,"nanoseconds":0},"speakers":[{"content_ids":[52282],"conference_id":96,"event_ids":[52546,52553,52554,52555,52556,52557,52558],"name":"TOOOL","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51513}],"timeband_id":992,"links":[],"end":"2023-08-13T20:30:00.000-0000","id":52558,"tag_ids":[40309,45649,45743,45775],"begin_timestamp":{"seconds":1691956800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51513}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45753,"name":"LINQ - 5th Floor / BLOQ - Lockpick Village","hotel":"","short_name":"5th Floor / BLOQ - Lockpick Village","id":45873},"spans_timebands":"N","updated":"2023-08-06T02:23:00.000-0000","begin":"2023-08-13T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The intersection of the space and cyber domains presents a complex emerging challenge to cybersecurity and space professionals. This talk covers an introduction to satellites and space operations, the attacks that space assets face, and the vectors used to facilitate malicious activity. It discusses adversarial campaigns against space vehicles at a micro and macro scale and outlines the foundational issues to securing-space resident attack surfaces.\n\n\n","title":"Hacking Satellites: Houston, We Have a Problem","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691959800,"nanoseconds":0},"android_description":"The intersection of the space and cyber domains presents a complex emerging challenge to cybersecurity and space professionals. This talk covers an introduction to satellites and space operations, the attacks that space assets face, and the vectors used to facilitate malicious activity. It discusses adversarial campaigns against space vehicles at a micro and macro scale and outlines the foundational issues to securing-space resident attack surfaces.","updated_timestamp":{"seconds":1691101440,"nanoseconds":0},"speakers":[{"content_ids":[52167],"conference_id":96,"event_ids":[52397],"name":"Jacob Oakley","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51413}],"timeband_id":992,"links":[],"end":"2023-08-13T20:50:00.000-0000","id":52397,"begin_timestamp":{"seconds":1691956800,"nanoseconds":0},"village_id":null,"tag_ids":[40280,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51413}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"begin":"2023-08-13T20:00:00.000-0000","updated":"2023-08-03T22:24:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"How mathematical implementation issues lead to cryptographic vulnerabilities","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691959500,"nanoseconds":0},"updated_timestamp":{"seconds":1691026020,"nanoseconds":0},"speakers":[{"content_ids":[52039],"conference_id":96,"event_ids":[52255],"name":"Bing Shi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51248}],"timeband_id":992,"links":[],"end":"2023-08-13T20:45:00.000-0000","id":52255,"begin_timestamp":{"seconds":1691956800,"nanoseconds":0},"village_id":null,"tag_ids":[40308,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51248}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset - Vista - Crypto & Privacy Village","hotel":"","short_name":"Sunset - Vista - Crypto & Privacy Village","id":45702},"spans_timebands":"N","updated":"2023-08-03T01:27:00.000-0000","begin":"2023-08-13T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"As cyber threats continue to evolve, attackers constantly develop new methods for exploiting system vulnerabilities and evading detection. In this presentation, we will delve into cutting-edge techniques for manipulating Linux memory in highly constrained environments, such as read-only, no-exec, and distroless setups. These techniques can be utilized by sophisticated malware to remain stealthy and evade traditional security mechanisms.\r\n\r\nWe will begin by providing an overview of the unique challenges faced in these limited environments and discuss the reasons behind their increasing prevalence. Next, we will explore how attackers can exploit vulnerabilities within these constraints and demonstrate several novel methods for manipulating Linux memory.\r\n\r\nThroughout the presentation, we will showcase real-world examples and provide step-by-step explanations for each technique, enabling attendees to gain a deeper understanding of how they can be employed by adversaries. Additionally, we will discuss potential countermeasures and mitigation strategies to help security professionals better defend against these emerging threats.\r\n\r\nBy attending this presentation, participants will gain valuable insights into the latest advancements in Linux memory manipulation and acquire the knowledge needed to anticipate and counter stealthy attacks in constrained environments. Whether you are a security researcher, a system administrator, or an ethical hacker, this session will equip you with the expertise necessary to stay ahead of the curve in the ever-evolving world of cybersecurity.\r\n\r\nREFERENCES:\r\nMost of the parts of the developed technique for this presentation is just based on our knowledge and experience. However, it's true that some previous research was done in this topic by sektor7 in https://blog.sektor7.net/#!res/2020/meterp-inject-yt.md and David Buchanan in https://twitter.com/David3141593/status/1386663070991360001\n\n\n","title":"Exploring Linux Memory Manipulation for Stealth and Evasion: Strategies to bypass Read-Only, No-Exec, and Distroless Environments","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691959500,"nanoseconds":0},"android_description":"As cyber threats continue to evolve, attackers constantly develop new methods for exploiting system vulnerabilities and evading detection. In this presentation, we will delve into cutting-edge techniques for manipulating Linux memory in highly constrained environments, such as read-only, no-exec, and distroless setups. These techniques can be utilized by sophisticated malware to remain stealthy and evade traditional security mechanisms.\r\n\r\nWe will begin by providing an overview of the unique challenges faced in these limited environments and discuss the reasons behind their increasing prevalence. Next, we will explore how attackers can exploit vulnerabilities within these constraints and demonstrate several novel methods for manipulating Linux memory.\r\n\r\nThroughout the presentation, we will showcase real-world examples and provide step-by-step explanations for each technique, enabling attendees to gain a deeper understanding of how they can be employed by adversaries. Additionally, we will discuss potential countermeasures and mitigation strategies to help security professionals better defend against these emerging threats.\r\n\r\nBy attending this presentation, participants will gain valuable insights into the latest advancements in Linux memory manipulation and acquire the knowledge needed to anticipate and counter stealthy attacks in constrained environments. Whether you are a security researcher, a system administrator, or an ethical hacker, this session will equip you with the expertise necessary to stay ahead of the curve in the ever-evolving world of cybersecurity.\r\n\r\nREFERENCES:\r\nMost of the parts of the developed technique for this presentation is just based on our knowledge and experience. However, it's true that some previous research was done in this topic by sektor7 in https://blog.sektor7.net/#!res/2020/meterp-inject-yt.md and David Buchanan in https://twitter.com/David3141593/status/1386663070991360001","updated_timestamp":{"seconds":1687136220,"nanoseconds":0},"speakers":[{"content_ids":[50548],"conference_id":96,"event_ids":[50829],"name":"Carlos Polop","affiliations":[{"organization":"Halborn","title":"Web, Mobile & Cloud Pentesting Team Leader"}],"links":[{"description":"","title":"Github","sort_order":0,"url":"https://github.com/carlospolop"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/hacktricks_live"},{"description":"","title":"Website","sort_order":0,"url":"book.hacktricks.xyz"}],"pronouns":"he/him","media":[],"id":49757,"title":"Web, Mobile & Cloud Pentesting Team Leader at Halborn"},{"content_ids":[50548],"conference_id":96,"event_ids":[50829],"name":"Yago Gutierrez","affiliations":[{"organization":"Mollitiam Industries","title":"Offensive Security Researcher"}],"pronouns":"he/him","links":[{"description":"","title":"Github","sort_order":0,"url":"https://github.com/arget13"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/arget1313"}],"media":[],"id":49758,"title":"Offensive Security Researcher at Mollitiam Industries"}],"timeband_id":992,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245717"}],"end":"2023-08-13T20:45:00.000-0000","id":50829,"begin_timestamp":{"seconds":1691956800,"nanoseconds":0},"village_id":null,"tag_ids":[45589,45592,45630,45646,45766],"includes":"Tool 🛠, Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49757},{"tag_id":45590,"sort_order":1,"person_id":49758}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 407-410 - Track 4","hotel":"","short_name":"Academy - 407-410 - Track 4","id":45799},"begin":"2023-08-13T20:00:00.000-0000","updated":"2023-06-19T00:57:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Public transportation payment systems have undergone significant changes over the years. Recently, mobile payment solutions have become increasingly popular, allowing passengers to pay for their fare using their smartphones or other mobile devices.\r\n\r\nThe evolution of public transportation payment systems has been driven by the need for faster, more convenient, and more secure payment methods, and this trend is likely to continue in the years to come, But how secure are mobile payment solutions for public transportation?\r\n\r\nIn this presentation, we will examine the security risks associated with transportation applications, using Moovit as a case study. Moovit is a widely used transportation app operating in over 100 countries and 5000+ cities. Through our investigation of the app's API, including SSL-encrypted data, we discovered specific vulnerabilities, which we will discuss. We will also demonstrate a custom user interface that can obtain a \"free ticket\" and cause someone else to pay. Furthermore, we will explain how an attacker could gain unauthorized access to and exfiltrate Personal Identifiable Information (PII) of registered users. Our findings offer practical recommendations to improve the security of transportation apps.\r\n\r\nREFERENCES:\r\nhttps://github.com/httptoolkit/frida-android-unpinning/blob/main/frida-script.js\r\nhttps://moovit.com/\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"title":"The Price of Convenience: How Security Vulnerabilities in Global Transportation Payment Systems Can Cost You","android_description":"Public transportation payment systems have undergone significant changes over the years. Recently, mobile payment solutions have become increasingly popular, allowing passengers to pay for their fare using their smartphones or other mobile devices.\r\n\r\nThe evolution of public transportation payment systems has been driven by the need for faster, more convenient, and more secure payment methods, and this trend is likely to continue in the years to come, But how secure are mobile payment solutions for public transportation?\r\n\r\nIn this presentation, we will examine the security risks associated with transportation applications, using Moovit as a case study. Moovit is a widely used transportation app operating in over 100 countries and 5000+ cities. Through our investigation of the app's API, including SSL-encrypted data, we discovered specific vulnerabilities, which we will discuss. We will also demonstrate a custom user interface that can obtain a \"free ticket\" and cause someone else to pay. Furthermore, we will explain how an attacker could gain unauthorized access to and exfiltrate Personal Identifiable Information (PII) of registered users. Our findings offer practical recommendations to improve the security of transportation apps.\r\n\r\nREFERENCES:\r\nhttps://github.com/httptoolkit/frida-android-unpinning/blob/main/frida-script.js\r\nhttps://moovit.com/","end_timestamp":{"seconds":1691959500,"nanoseconds":0},"updated_timestamp":{"seconds":1688183400,"nanoseconds":0},"speakers":[{"content_ids":[50566,50672],"conference_id":96,"event_ids":[50824,50834],"name":"Omer Attias","affiliations":[{"organization":"SafeBreach Labs","title":"Security Researcher"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/omer-attias-209a9a127/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@omerat21"}],"media":[],"id":49782,"title":"Security Researcher at SafeBreach Labs"}],"timeband_id":992,"end":"2023-08-13T20:45:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246125"}],"id":50824,"begin_timestamp":{"seconds":1691956800,"nanoseconds":0},"tag_ids":[45589,45592,45630,45646,45766],"village_id":null,"includes":"Tool 🛠, Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49782}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 130-134 - Track 3","hotel":"","short_name":"Forum - 130-134 - Track 3","id":45798},"spans_timebands":"N","begin":"2023-08-13T20:00:00.000-0000","updated":"2023-07-01T03:50:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":".\n\n\nBlue Team Village Closing Ceremony","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Blue Team Village Closing Ceremony","end_timestamp":{"seconds":1691959500,"nanoseconds":0},"android_description":".\n\n\nBlue Team Village Closing Ceremony","updated_timestamp":{"seconds":1691247540,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T20:45:00.000-0000","id":52478,"tag_ids":[40282,45645,45647,45743],"begin_timestamp":{"seconds":1691955900,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45645,"name":"Flamingo - Sunset - Scenic - Blue Team Village - Main Stage","hotel":"","short_name":"BTV Main Stage","id":45969},"begin":"2023-08-13T19:45:00.000-0000","updated":"2023-08-05T14:59:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"CNAPPGoat is a CLI tool designed to deploy intentionally vulnerable-by-design cloud infrastructure. It provides a useful playground for defenders to test their protective strategies, tools, and procedures and for offensive professionals to refine their skills and tooling. This tool deploys diverse infrastructures, including those with misconfigurations, IAM issues, network exposure, and those conducive to lateral movement attacks. While other (excellent) tools are designed to deploy tailored capture-the-flag scenarios, CNAPPGoat takes a broader approach by deploying a wide array of environments with diverse misconfigurations, providing a comprehensive perspective.\r\n\r\nCNAPPGoat supports modular deployment of various vulnerable environments and is a multi-cloud tool. CNAPPGoat is built on Pulumi and supports multiple programming languages. It operates as a CLI tool, requiring no specific IaC expertise, enabling a wide range of professionals to deploy and monitor environments.\r\n\r\nThe tool enables defenders to test detection, prevention, and control mechanisms against vulnerabilities and misconfigurations, while aiding offensive professionals by providing practice environments. Demonstrations will include tool showcasing, deployment and remediation of a scenario, practical exploitation for learning, and guidance on building modules to customize CNAPPGoat.\n\n\n","title":"CNAPPGoat - A multicloud vulnerable-by-design infrastructure deployment tool","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"CNAPPGoat is a CLI tool designed to deploy intentionally vulnerable-by-design cloud infrastructure. It provides a useful playground for defenders to test their protective strategies, tools, and procedures and for offensive professionals to refine their skills and tooling. This tool deploys diverse infrastructures, including those with misconfigurations, IAM issues, network exposure, and those conducive to lateral movement attacks. While other (excellent) tools are designed to deploy tailored capture-the-flag scenarios, CNAPPGoat takes a broader approach by deploying a wide array of environments with diverse misconfigurations, providing a comprehensive perspective.\r\n\r\nCNAPPGoat supports modular deployment of various vulnerable environments and is a multi-cloud tool. CNAPPGoat is built on Pulumi and supports multiple programming languages. It operates as a CLI tool, requiring no specific IaC expertise, enabling a wide range of professionals to deploy and monitor environments.\r\n\r\nThe tool enables defenders to test detection, prevention, and control mechanisms against vulnerabilities and misconfigurations, while aiding offensive professionals by providing practice environments. Demonstrations will include tool showcasing, deployment and remediation of a scenario, practical exploitation for learning, and guidance on building modules to customize CNAPPGoat.","end_timestamp":{"seconds":1691957400,"nanoseconds":0},"updated_timestamp":{"seconds":1690921740,"nanoseconds":0},"speakers":[{"content_ids":[50999,51995],"conference_id":96,"event_ids":[51037,52189],"name":"Noam Dahan","affiliations":[{"organization":"Ermetic","title":"Senior Security Researcher"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/NoamDahan"}],"media":[],"id":50176,"title":"Senior Security Researcher at Ermetic"},{"content_ids":[50999,51995],"conference_id":96,"event_ids":[51037,52189],"name":"Igal Gofman","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/IgalGofman"}],"media":[],"id":50177}],"timeband_id":992,"links":[],"end":"2023-08-13T20:10:00.000-0000","id":52189,"begin_timestamp":{"seconds":1691955600,"nanoseconds":0},"village_id":null,"tag_ids":[40284,45592,45645,45647,45743],"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50177},{"tag_id":45590,"sort_order":1,"person_id":50176}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Mesquite - Cloud Village","hotel":"","short_name":"Mesquite - Cloud Village","id":45653},"spans_timebands":"N","begin":"2023-08-13T19:40:00.000-0000","updated":"2023-08-01T20:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Forcible Entry 101","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691956800,"nanoseconds":0},"updated_timestamp":{"seconds":1691565240,"nanoseconds":0},"speakers":[{"content_ids":[52394],"conference_id":96,"event_ids":[52685],"name":"Bill Graydon","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51606}],"timeband_id":992,"links":[],"end":"2023-08-13T20:00:00.000-0000","id":52685,"tag_ids":[40290,45645,45647,45743],"village_id":null,"begin_timestamp":{"seconds":1691955000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51606}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Carson City - Physical Security Village","hotel":"","short_name":"Carson City - Physical Security Village","id":45679},"begin":"2023-08-13T19:30:00.000-0000","updated":"2023-08-09T07:14:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In this session, attendees will explore the combined power of ChatGPT and Copilot to transform application security across the SDLC. Learn how these AI tools can streamline threat modeling, identify and remediate vulnerabilities, and educate developers to enforce secure coding practices. They will also discover how Copilot delivers real-time code suggestions that comply to secure coding rules and also generates security-focused test cases. Attendees will leave equipped with practical applications and insights into AI-driven application security, ready to integrate these tools into their security engineering practices with precaution.\n\n\n","title":"Unveiling the Dual Nature of ChatGPT and Copilot in Secure Development","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691957700,"nanoseconds":0},"android_description":"In this session, attendees will explore the combined power of ChatGPT and Copilot to transform application security across the SDLC. Learn how these AI tools can streamline threat modeling, identify and remediate vulnerabilities, and educate developers to enforce secure coding practices. They will also discover how Copilot delivers real-time code suggestions that comply to secure coding rules and also generates security-focused test cases. Attendees will leave equipped with practical applications and insights into AI-driven application security, ready to integrate these tools into their security engineering practices with precaution.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52131],"conference_id":96,"event_ids":[52351],"name":"Kalyani Pawar","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/kalyani-pawar5/"}],"pronouns":null,"media":[],"id":51354}],"timeband_id":992,"links":[],"end":"2023-08-13T20:15:00.000-0000","id":52351,"village_id":null,"tag_ids":[40297,45645,45647,45743],"begin_timestamp":{"seconds":1691955000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51354}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Main Stage","hotel":"","short_name":"AppSec Village - Main Stage","id":45960},"spans_timebands":"N","begin":"2023-08-13T19:30:00.000-0000","updated":"2023-08-03T15:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Is China Prepping an “Unforgettable Humiliation for GPS & America\" [VIRTUAL]","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691956800,"nanoseconds":0},"updated_timestamp":{"seconds":1690423140,"nanoseconds":0},"speakers":[{"content_ids":[51498],"conference_id":96,"event_ids":[51654],"name":"Dana Goward","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50546}],"timeband_id":992,"links":[],"end":"2023-08-13T20:00:00.000-0000","id":51654,"village_id":null,"tag_ids":[40306,45645,45646,45743],"begin_timestamp":{"seconds":1691955000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50546}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 313-319 - ICS Village","hotel":"","short_name":"Alliance - 313-319 - ICS Village","id":45869},"begin":"2023-08-13T19:30:00.000-0000","updated":"2023-07-27T01:59:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Combining sound with latest Ai / ML technology that helps tune the Human Bio-Field, extending years of industry experts research, quantum leaping works from Eileen Day Mckusick and Dr. Jerry Tennant to name a few. We will demonstrate our new prototype technology, The Ai Bio-Field Tuner.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Tuning the human Bio-Field – proven classics forged with AI IOMT","android_description":"Combining sound with latest Ai / ML technology that helps tune the Human Bio-Field, extending years of industry experts research, quantum leaping works from Eileen Day Mckusick and Dr. Jerry Tennant to name a few. We will demonstrate our new prototype technology, The Ai Bio-Field Tuner.","end_timestamp":{"seconds":1691958000,"nanoseconds":0},"updated_timestamp":{"seconds":1689117540,"nanoseconds":0},"speakers":[{"content_ids":[51057],"conference_id":96,"event_ids":[51089],"name":"Wayne Burke and Team","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50251}],"timeband_id":992,"links":[],"end":"2023-08-13T20:20:00.000-0000","id":51089,"tag_ids":[45645,45647,45717],"begin_timestamp":{"seconds":1691954400,"nanoseconds":0},"village_id":68,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50251}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Laughlin I,II,III - Biohacking Village","hotel":"","short_name":"Laughlin I,II,III - Biohacking Village","id":45663},"begin":"2023-08-13T19:20:00.000-0000","updated":"2023-07-11T23:19:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Join us into this collaborative game of OWASP Cornucopia! Over the course of two hours we will create a Threat Model of an example target infrastructure using the OWASP Cornucopia game! Winner keeps the deck!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Threat modelling fun session with OWASP Cornucopia","android_description":"Join us into this collaborative game of OWASP Cornucopia! Over the course of two hours we will create a Threat Model of an example target infrastructure using the OWASP Cornucopia game! Winner keeps the deck!","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"updated_timestamp":{"seconds":1691081700,"nanoseconds":0},"speakers":[{"content_ids":[52099,51000],"conference_id":96,"event_ids":[52706,51038,52304,52373],"name":"Spyros Gasteratos","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/spyr/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/0xfde"}],"pronouns":null,"media":[],"id":51376}],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52706,"begin_timestamp":{"seconds":1691953200,"nanoseconds":0},"village_id":null,"tag_ids":[40297,45647,45743,45775],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51376}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Savoy - AppSec Village","hotel":"","short_name":"Savoy - AppSec Village","id":45712},"begin":"2023-08-13T19:00:00.000-0000","updated":"2023-08-03T16:55:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Amateur radio websites / web applications are notorious for terrible / non-existence information security practices and there's normally no budget to get professional help. Meanwhile, there's a large overlap in the Venn Diagram circles of infosec talent and amateur radio licensees. Leveraging our callsigns as AuthN and establishing mutual trust, we've developed a loose framework for how the hacker community can provide infosec consulting as a volunteer service, helping the hobby level up their security practices (or at least clean up some of the low hanging fruit). This talk walks through an example where this concept was applied, what was learned in the process, and reflections on how this could be leveraged by the broader community.\n\n\n","title":"My Callsign Is My Passport - Responsible Testing And Disclosure Of Amateur Radio Websites","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"Amateur radio websites / web applications are notorious for terrible / non-existence information security practices and there's normally no budget to get professional help. Meanwhile, there's a large overlap in the Venn Diagram circles of infosec talent and amateur radio licensees. Leveraging our callsigns as AuthN and establishing mutual trust, we've developed a loose framework for how the hacker community can provide infosec consulting as a volunteer service, helping the hobby level up their security practices (or at least clean up some of the low hanging fruit). This talk walks through an example where this concept was applied, what was learned in the process, and reflections on how this could be leveraged by the broader community.","end_timestamp":{"seconds":1691955000,"nanoseconds":0},"updated_timestamp":{"seconds":1691471220,"nanoseconds":0},"speakers":[{"content_ids":[52360],"conference_id":96,"event_ids":[52648],"name":"Lucas Gahler","affiliations":[{"organization":"ICF","title":""}],"links":[],"pronouns":null,"media":[],"id":51564,"title":"ICF"},{"content_ids":[52360],"conference_id":96,"event_ids":[52648],"name":"Dan Norte","affiliations":[{"organization":"NetSPI","title":""}],"links":[],"pronouns":null,"media":[],"id":51565,"title":"NetSPI"}],"timeband_id":992,"links":[],"end":"2023-08-13T19:30:00.000-0000","id":52648,"tag_ids":[40286,45645,45647,45743],"village_id":null,"begin_timestamp":{"seconds":1691953200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51565},{"tag_id":45590,"sort_order":1,"person_id":51564}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Virginia City - Ham Radio Village","hotel":"","short_name":"Virginia City - Ham Radio Village","id":45724},"begin":"2023-08-13T19:00:00.000-0000","updated":"2023-08-08T05:07:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d1c366","name":"Meetup","id":45639},"title":"SUNDAY CANCELED: HDA / Accessibility Area Open","android_description":"","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"updated_timestamp":{"seconds":1691955960,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52589,"village_id":null,"begin_timestamp":{"seconds":1691953200,"nanoseconds":0},"tag_ids":[45639,45648,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Studio 2-4 - HDA Community","hotel":"","short_name":"Studio 2-4 - HDA Community","id":45728},"updated":"2023-08-13T19:46:00.000-0000","begin":"2023-08-13T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Hands on experience with learning techniques to manipulate mechanical safe locks\n\n\n","title":"Officially Unofficial Safecracking Tournament","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691958600,"nanoseconds":0},"android_description":"Hands on experience with learning techniques to manipulate mechanical safe locks","updated_timestamp":{"seconds":1691288820,"nanoseconds":0},"speakers":[{"content_ids":[52287,52288],"conference_id":96,"event_ids":[52551,52552],"name":"Jared Dygert","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51517}],"timeband_id":992,"links":[],"end":"2023-08-13T20:30:00.000-0000","id":52552,"village_id":null,"tag_ids":[40309,45649,45743,45775],"begin_timestamp":{"seconds":1691953200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51517}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45753,"name":"LINQ - 5th Floor / BLOQ - Lockpick Village","hotel":"","short_name":"5th Floor / BLOQ - Lockpick Village","id":45873},"begin":"2023-08-13T19:00:00.000-0000","updated":"2023-08-06T02:27:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"With this year’s Q-CTF coming to a close, we will announce our winners!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"QOLOSSUS; Quantum CTF - Results!","end_timestamp":{"seconds":1691956800,"nanoseconds":0},"android_description":"With this year’s Q-CTF coming to a close, we will announce our winners!","updated_timestamp":{"seconds":1691109060,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T20:00:00.000-0000","id":52440,"tag_ids":[40291,45645,45649,45743],"village_id":null,"begin_timestamp":{"seconds":1691953200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Quantum Village","hotel":"","short_name":"Quantum Village","id":45741},"begin":"2023-08-13T19:00:00.000-0000","updated":"2023-08-04T00:31:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Hack-A-Sat 4 is quite simply the world's first CTF in space. Now in its 4th year, the Hack-A-Sat competition series aims to enable security researchers of all levels to focus their skills and creativity on solving cyber security challenges on space systems and incentivize innovation in securing these systems. Stop by and witness the 5 finalist teams compete for $100K in prizes, learn more about the history of Hack-A-Sat, and the Moonlighter satellite hosting this year's competition. The competition culminates with the HAS4 Award Ceremony on Sunday at 12 pm PT.\n\n\n","title":"Hack-A-Sat 4 Awards Ceremony","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"Hack-A-Sat 4 is quite simply the world's first CTF in space. Now in its 4th year, the Hack-A-Sat competition series aims to enable security researchers of all levels to focus their skills and creativity on solving cyber security challenges on space systems and incentivize innovation in securing these systems. Stop by and witness the 5 finalist teams compete for $100K in prizes, learn more about the history of Hack-A-Sat, and the Moonlighter satellite hosting this year's competition. The competition culminates with the HAS4 Award Ceremony on Sunday at 12 pm PT.","end_timestamp":{"seconds":1691956200,"nanoseconds":0},"updated_timestamp":{"seconds":1691101440,"nanoseconds":0},"speakers":[{"content_ids":[52148,52166],"conference_id":96,"event_ids":[52378,52396,52398],"name":"Hack-A-Sat 4 Team","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51410}],"timeband_id":992,"links":[],"end":"2023-08-13T19:50:00.000-0000","id":52396,"tag_ids":[40280,45645,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691953200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51410}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"updated":"2023-08-03T22:24:00.000-0000","begin":"2023-08-13T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"How to Hide Behavior from Security Tools","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691960400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52113],"conference_id":96,"event_ids":[52337,52361,52362],"name":"Deepfactor","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51332}],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52362,"begin_timestamp":{"seconds":1691953200,"nanoseconds":0},"village_id":null,"tag_ids":[40297,45647,45743,45775],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51332}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 3","hotel":"","short_name":"AppSec Village - Pod 3","id":45964},"updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-13T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Faking GitHub Reputation","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52128,52123],"conference_id":96,"event_ids":[52348,52308,52360],"name":"Checkmarx","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51329}],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52360,"village_id":null,"begin_timestamp":{"seconds":1691953200,"nanoseconds":0},"tag_ids":[40297,45647,45743,45775],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51329}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 4","hotel":"","short_name":"AppSec Village - Pod 4","id":45965},"updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-13T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"AMA - Jim Manico","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691960400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52127,52136],"conference_id":96,"event_ids":[52347,52356],"name":"Jim Manico","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/jmanico"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/manicode"}],"pronouns":null,"media":[],"id":51349}],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52356,"begin_timestamp":{"seconds":1691953200,"nanoseconds":0},"tag_ids":[40297,45647,45743,45775],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51349}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 2","hotel":"","short_name":"AppSec Village - Pod 2","id":45963},"spans_timebands":"N","updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-13T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Want to learn how to stop hackers in their tracks?\r\nCome to the Secure From Scratch coding workshop.\r\nLearn what you need to know to write secure code from the very first line of code.\r\nIt's surprisingly easy!\r\n\r\n(Some coding experience in either C#, Java, Python or C++ required. You need to know loops, if, arrays and functions).\n\n\n","title":"Secure from Scratch: Secure Code Workshop","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"android_description":"Want to learn how to stop hackers in their tracks?\r\nCome to the Secure From Scratch coding workshop.\r\nLearn what you need to know to write secure code from the very first line of code.\r\nIt's surprisingly easy!\r\n\r\n(Some coding experience in either C#, Java, Python or C++ required. You need to know loops, if, arrays and functions).","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52111,52134],"conference_id":96,"event_ids":[52335,52354],"name":"Or Sahar","affiliations":[],"pronouns":null,"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/securylight/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/securylight"}],"media":[],"id":51368}],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52354,"village_id":null,"tag_ids":[40297,45647,45719,45743],"begin_timestamp":{"seconds":1691953200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51368}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Workshop","hotel":"","short_name":"AppSec Village - Workshop","id":45961},"spans_timebands":"N","begin":"2023-08-13T19:00:00.000-0000","updated":"2023-08-03T15:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Cloud providers' ecosystems have brought a lot of new challenges to the Security Operations Center (SOC). We now have a lot of attack vectors that create known and still unknown attack vectors, generating a considerable need for further research and detection in this field.\r\n\r\nSpecifically, in AWS, we are talking about more than three hundred (300+) services that an attacker could have their specific attack path to achieve their goal. Considering that chaotic scenario and leading a Detection Engineering Team that monitors hundreds of customers, we developed new and innovative ways to improve customer detection in three paths:\r\n\r\nFirst, the largest market for cloud security is associated with Cloud Security Posture Management (CSPM), a tool that monitors misconfigurations in cloud accounts. We converted the top 10 results based on the CSPM vendor's statistics reports. The findings are prioritized from informational to critical, helping to fix the misconfiguration and making the attacker path more difficult.\r\n\r\nSecond, we examined the standard tools' behavior and built detections based on those. In particular, PACU (comprehensive AWS security-testing toolkit designed for offensive security practitioners), Endgame, and Cloudfox. The main goal is to have tool-agnostic detections using a combination of them to better fit into the AWS scenario.\r\n\r\nThird, and just as important, are uncommon paths that abuse services that are not commonly used or have enough research on it but could lead to data exfiltration, resource exposure, privilege escalation, and so on.\r\n\r\nBy the end of this talk, attendees will be able to acquire new detection ideas, improve their cloud security posture, and mitigate attack surfaces.\n\n\n","title":"Tales from a detection engineering in AWSland","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691955600,"nanoseconds":0},"android_description":"Cloud providers' ecosystems have brought a lot of new challenges to the Security Operations Center (SOC). We now have a lot of attack vectors that create known and still unknown attack vectors, generating a considerable need for further research and detection in this field.\r\n\r\nSpecifically, in AWS, we are talking about more than three hundred (300+) services that an attacker could have their specific attack path to achieve their goal. Considering that chaotic scenario and leading a Detection Engineering Team that monitors hundreds of customers, we developed new and innovative ways to improve customer detection in three paths:\r\n\r\nFirst, the largest market for cloud security is associated with Cloud Security Posture Management (CSPM), a tool that monitors misconfigurations in cloud accounts. We converted the top 10 results based on the CSPM vendor's statistics reports. The findings are prioritized from informational to critical, helping to fix the misconfiguration and making the attacker path more difficult.\r\n\r\nSecond, we examined the standard tools' behavior and built detections based on those. In particular, PACU (comprehensive AWS security-testing toolkit designed for offensive security practitioners), Endgame, and Cloudfox. The main goal is to have tool-agnostic detections using a combination of them to better fit into the AWS scenario.\r\n\r\nThird, and just as important, are uncommon paths that abuse services that are not commonly used or have enough research on it but could lead to data exfiltration, resource exposure, privilege escalation, and so on.\r\n\r\nBy the end of this talk, attendees will be able to acquire new detection ideas, improve their cloud security posture, and mitigate attack surfaces.","updated_timestamp":{"seconds":1690921380,"nanoseconds":0},"speakers":[{"content_ids":[51989,50617],"conference_id":96,"event_ids":[50725,52183],"name":"Rodrigo Montoro","affiliations":[{"organization":"Clavis Security","title":"Head of Threat & Detection Research"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/spookerlabs"}],"media":[],"id":51196,"title":"Head of Threat & Detection Research at Clavis Security"}],"timeband_id":992,"links":[],"end":"2023-08-13T19:40:00.000-0000","id":52183,"begin_timestamp":{"seconds":1691953200,"nanoseconds":0},"village_id":null,"tag_ids":[40284,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51196}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Mesquite - Cloud Village","hotel":"","short_name":"Mesquite - Cloud Village","id":45653},"begin":"2023-08-13T19:00:00.000-0000","updated":"2023-08-01T20:23:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"See who won in our village! During this time we’ll present the Youth Challenge winner, the #SECVC 1st and 2nd place winners, as well as the much-coveted Dundies! Then stick around as we have a panel interview with the winners to hear their story about their path to victory!\n\n\n","title":"SECV - Awards & Competitor Panel","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"See who won in our village! During this time we’ll present the Youth Challenge winner, the #SECVC 1st and 2nd place winners, as well as the much-coveted Dundies! Then stick around as we have a panel interview with the winners to hear their story about their path to victory!","end_timestamp":{"seconds":1691958600,"nanoseconds":0},"updated_timestamp":{"seconds":1690590600,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T20:30:00.000-0000","id":51705,"village_id":null,"begin_timestamp":{"seconds":1691953200,"nanoseconds":0},"tag_ids":[40302,45645,45649,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social A - Social Engineering Community","hotel":"","short_name":"Social A - Social Engineering Community","id":45736},"spans_timebands":"N","updated":"2023-07-29T00:30:00.000-0000","begin":"2023-08-13T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"The War is Coming: Why Securing OPC-UA is more critical than ever","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691955000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1690423080,"nanoseconds":0},"speakers":[{"content_ids":[51495,51497],"conference_id":96,"event_ids":[51651,51653],"name":"Hank Chen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50551}],"timeband_id":992,"links":[],"end":"2023-08-13T19:30:00.000-0000","id":51653,"begin_timestamp":{"seconds":1691953200,"nanoseconds":0},"village_id":null,"tag_ids":[40306,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50551}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 313-319 - ICS Village","hotel":"","short_name":"Alliance - 313-319 - ICS Village","id":45869},"updated":"2023-07-27T01:58:00.000-0000","begin":"2023-08-13T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"SUNDAY CANCELED: HDA Community Meetups","type":{"conference_id":96,"conference":"DEFCON31","color":"#d1c366","updated_at":"2024-06-07T03:38+0000","name":"Meetup","id":45639},"end_timestamp":{"seconds":1691960400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691955960,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":51583,"village_id":null,"tag_ids":[45639,45648,45743],"begin_timestamp":{"seconds":1691953200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Studio 2-4 - HDA Community","hotel":"","short_name":"Studio 2-4 - HDA Community","id":45728},"spans_timebands":"N","begin":"2023-08-13T19:00:00.000-0000","updated":"2023-08-13T19:46:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"A place to remember hackers that are no longer with us. Come to share stories and celebrate their life.\r\n\r\nPlease send photos of our fallen hacker comrades to [defconmemorial@protonmail.com](mailto:defconmemorial@protonmail.com), to be printed and displayed on the memorial wall here at DEF CON.\n\n\n","title":"SUNDAY CANCELED: Hacker Memorial","type":{"conference_id":96,"conference":"DEFCON31","color":"#d1c366","updated_at":"2024-06-07T03:38+0000","name":"Meetup","id":45639},"end_timestamp":{"seconds":1691960400,"nanoseconds":0},"android_description":"A place to remember hackers that are no longer with us. Come to share stories and celebrate their life.\r\n\r\nPlease send photos of our fallen hacker comrades to [defconmemorial@protonmail.com](mailto:defconmemorial@protonmail.com), to be printed and displayed on the memorial wall here at DEF CON.","updated_timestamp":{"seconds":1691955900,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":51580,"tag_ids":[45639,45648,45743],"village_id":null,"begin_timestamp":{"seconds":1691953200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Copper - Memorial Room","hotel":"","short_name":"Copper - Memorial Room","id":45688},"spans_timebands":"N","updated":"2023-08-13T19:45:00.000-0000","begin":"2023-08-13T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Thursday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nFriday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSaturday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSunday\r\n12:00 -13:00\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d1c366","updated_at":"2024-06-07T03:38+0000","name":"Meetup","id":45639},"title":"Friends of Bill W","end_timestamp":{"seconds":1691956800,"nanoseconds":0},"android_description":"Thursday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nFriday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSaturday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSunday\r\n12:00 -13:00","updated_timestamp":{"seconds":1690131120,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T20:00:00.000-0000","id":51577,"tag_ids":[45639,45648,45743],"village_id":null,"begin_timestamp":{"seconds":1691953200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Studio 1 - Friends of Bill W","hotel":"","short_name":"Studio 1 - Friends of Bill W","id":45707},"begin":"2023-08-13T19:00:00.000-0000","updated":"2023-07-23T16:52:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"SUNDAY CANCELED: DCG Meetups","type":{"conference_id":96,"conference":"DEFCON31","color":"#d1c366","updated_at":"2024-06-07T03:38+0000","name":"Meetup","id":45639},"end_timestamp":{"seconds":1691960400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691955960,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":51570,"village_id":null,"begin_timestamp":{"seconds":1691953200,"nanoseconds":0},"tag_ids":[45639,45648,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Silver - DEF CON Groups","hotel":"","short_name":"Silver - DEF CON Groups","id":45733},"updated":"2023-08-13T19:46:00.000-0000","begin":"2023-08-13T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This event is the closing ceremony for the Hack-A-Sat 4 (HAS4) contest.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"Hack-A-Sat 4 (HAS4) -- Closing Ceremony","end_timestamp":{"seconds":1691958600,"nanoseconds":0},"android_description":"This event is the closing ceremony for the Hack-A-Sat 4 (HAS4) contest.","updated_timestamp":{"seconds":1690059300,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245316"}],"end":"2023-08-13T20:30:00.000-0000","id":51473,"village_id":null,"begin_timestamp":{"seconds":1691953200,"nanoseconds":0},"tag_ids":[45635,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"begin":"2023-08-13T19:00:00.000-0000","updated":"2023-07-22T20:55:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Large Language Models are already revolutionizing the software development landscape. As hackers we can only do what we've always done, embrace the machine and use it to do our bidding.\r\n\r\nThere are many valid criticisms of GPT models for writing code like the tendency to hallucinate functions, not being able to reason about architecture, training done on amateur code, limited context due to token length, and more. None of which are particularly important when writing fuzz tests. This presentation will delve into the integration of LLMs into fuzz testing, providing attendees with the insights and tools necessary to transform and automate their security assessment strategies.\r\n\r\nThe presentation will kick off with an introduction to LLMs; how they work, the potential use cases and challenges for hackers, prompt writing tips, and the deficiencies of current models. We will then provide a high level overview explaining the purpose, goals, and obstacles of fuzzing, why this research was undertaken, and why we chose to start with 'memory safe' Python. We will then explore efficient usage of LLMs for coding, and the primary benefits LLMs offer for security work, paving the way for a comprehensive understanding of how LLMs can automate tasks traditionally performed by humans in fuzz testing engagements.\r\n\r\nWe will then introduce FuzzForest, an open source tool that harnesses the power of LLMs to automatically write, fix, and triage fuzz tests on Python code. A thorough discussion on the workings of FuzzForest will follow, with a focus on the challenges faced during development and our solutions. The highlight of the talk will showcase the results of running the tool on the 20 most popular open-source Python libraries which resulted in identifying dozens of bugs.\r\n\r\nWe will end the talk with an analysis of efficacy and question if we'll all be replaced with a SecurityGPT model soon.\r\n\r\nTo maximize the benefits of this talk, attendees should possess a fundamental understanding of fuzz testing, programming languages, and basic AI concepts. However, a high-level refresher will be provided to ensure a smooth experience for all participants.\r\n\r\nREFERENCES:\r\nMy original blog post that sparked the idea:\r\nhttps://infiniteforest.org/LLMs+to+Write+Fuzzers\r\n \r\nBlogs:\r\nhttps://comby.dev/blog/2022/04/11/comby-decomposer-compiler-fuzzing\r\nhttps://martinfowler.com/articles/2023-chatgpt-xu-hao.html\r\n\r\nResearch Papers:\r\nhttps://arxiv.org/abs/2212.14834\r\nhttps://embed.cs.utah.edu/csmith/\r\nhttps://www.usenix.org/system/files/sec23fall-prepub-446-fu.pdf\r\n\r\nTools:\r\nhttps://github.com/google/atheris\r\nhttps://github.com/mpaepper/llm_agents\r\n\r\nPrompt Course:\r\nhttps://www.deeplearning.ai/short-courses/chatgpt-prompt-engineering-for-developers/\n\n\n","title":"LLMs at the Forefront: Pioneering the Future of Fuzz Testing in a Rapidly Changing World","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691955900,"nanoseconds":0},"android_description":"Large Language Models are already revolutionizing the software development landscape. As hackers we can only do what we've always done, embrace the machine and use it to do our bidding.\r\n\r\nThere are many valid criticisms of GPT models for writing code like the tendency to hallucinate functions, not being able to reason about architecture, training done on amateur code, limited context due to token length, and more. None of which are particularly important when writing fuzz tests. This presentation will delve into the integration of LLMs into fuzz testing, providing attendees with the insights and tools necessary to transform and automate their security assessment strategies.\r\n\r\nThe presentation will kick off with an introduction to LLMs; how they work, the potential use cases and challenges for hackers, prompt writing tips, and the deficiencies of current models. We will then provide a high level overview explaining the purpose, goals, and obstacles of fuzzing, why this research was undertaken, and why we chose to start with 'memory safe' Python. We will then explore efficient usage of LLMs for coding, and the primary benefits LLMs offer for security work, paving the way for a comprehensive understanding of how LLMs can automate tasks traditionally performed by humans in fuzz testing engagements.\r\n\r\nWe will then introduce FuzzForest, an open source tool that harnesses the power of LLMs to automatically write, fix, and triage fuzz tests on Python code. A thorough discussion on the workings of FuzzForest will follow, with a focus on the challenges faced during development and our solutions. The highlight of the talk will showcase the results of running the tool on the 20 most popular open-source Python libraries which resulted in identifying dozens of bugs.\r\n\r\nWe will end the talk with an analysis of efficacy and question if we'll all be replaced with a SecurityGPT model soon.\r\n\r\nTo maximize the benefits of this talk, attendees should possess a fundamental understanding of fuzz testing, programming languages, and basic AI concepts. However, a high-level refresher will be provided to ensure a smooth experience for all participants.\r\n\r\nREFERENCES:\r\nMy original blog post that sparked the idea:\r\nhttps://infiniteforest.org/LLMs+to+Write+Fuzzers\r\n \r\nBlogs:\r\nhttps://comby.dev/blog/2022/04/11/comby-decomposer-compiler-fuzzing\r\nhttps://martinfowler.com/articles/2023-chatgpt-xu-hao.html\r\n\r\nResearch Papers:\r\nhttps://arxiv.org/abs/2212.14834\r\nhttps://embed.cs.utah.edu/csmith/\r\nhttps://www.usenix.org/system/files/sec23fall-prepub-446-fu.pdf\r\n\r\nTools:\r\nhttps://github.com/google/atheris\r\nhttps://github.com/mpaepper/llm_agents\r\n\r\nPrompt Course:\r\nhttps://www.deeplearning.ai/short-courses/chatgpt-prompt-engineering-for-developers/","updated_timestamp":{"seconds":1687139760,"nanoseconds":0},"speakers":[{"content_ids":[50598],"conference_id":96,"event_ids":[50840],"name":"X","affiliations":[{"organization":"","title":"Hacker"}],"pronouns":"he/him","links":[{"description":"","title":"Website","sort_order":0,"url":"https://infiniteforest.org"}],"media":[],"id":49834,"title":"Hacker"}],"timeband_id":992,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245769"}],"end":"2023-08-13T19:45:00.000-0000","id":50840,"village_id":null,"tag_ids":[45589,45629,45630,45646,45766],"begin_timestamp":{"seconds":1691953200,"nanoseconds":0},"includes":"Tool 🛠, Exploit 🪲","people":[{"tag_id":45590,"sort_order":1,"person_id":49834}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 407-410 - Track 4","hotel":"","short_name":"Academy - 407-410 - Track 4","id":45799},"updated":"2023-06-19T01:56:00.000-0000","begin":"2023-08-13T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"It can be very difficult for those new to hacking to learn about vulnerability discovery and exploit development on modern operating systems and software. The complexity of a modern computing environment, developer awareness of security risks, and the iterative development of exploit mitigations over the past three decades has put up an intimidating wall in front of those who would be interested in learning about vulnerability research. Vintage computing environments can provide an interesting and fun playground environment for learning and experimenting with reverse engineering, vulnerability discovery, and exploit development.\r\n \r\nIn this talk, Wesley will discuss the setup of a complete environment for hacking software for the Commodore Amiga line of computers, a 16/32 bit computing platform of the late 80s and early 90s (not to mention a dedicated following of users and software today). He will describe the hardware environment, OS architecture, and the practically endless library of software that can be used as interesting targets of research. On-system development and debugging software will be described, as well as using the modern Ghidra disassembler. A case study of identifying and exploiting a vulnerability in a 1994 vintage FTP client will be discussed in technical detail. \r\n\r\nREFERENCES:\r\n\r\n- Vintage Computing preservation\r\n - https://www.tosecdev.org/ - TOSEC catalogs all known software\r\n and documentation for many vintage computing platforms\r\n - https://archive.org/ - Hosts tremendous archives of vintage\r\n documentation, magazines, software, etc\r\n - Books (largely available on archive.org)\r\n - The AmigaDOS Manual, 3rd Edition\r\n - Lance Leventhal - 68000 Assembly Language Programming,\r\n Second Edition\r\n - M68000 Programmer's Reference Manual\r\n - Amiga ROM Kernel Reference Manual, 3rd Edition, Volumes:\r\n - Libraries\r\n - Devices\r\n - Hardware Reference Manual\r\n - Devpac 3 for the Amiga - User Manual\r\n - SAS/C Development System User's Guide (vol. 1 & 2)\r\n - Development Kit Documentation\r\n - Amiga OS NDK 3.2 - https://www.hyperion-entertainment.com/index.php/downloads?view=files&parent=40\r\n - Amiga Developer CD 1.2 (1998, available on archive.org)\r\n - Previous talks that involved vintage computing\r\n - DC30 - Tristan Miller - Reversing the Original Xbox Live\r\n Protocols\r\n - DC30 - Cesare Pizzi - Old Malware, New tools: Ghidra and\r\n Commodore 64\n\n\n","title":"Retro Exploitation: Using Vintage Computing Platforms as a Vulnerability Research Playground and Learning Environment","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691955900,"nanoseconds":0},"android_description":"It can be very difficult for those new to hacking to learn about vulnerability discovery and exploit development on modern operating systems and software. The complexity of a modern computing environment, developer awareness of security risks, and the iterative development of exploit mitigations over the past three decades has put up an intimidating wall in front of those who would be interested in learning about vulnerability research. Vintage computing environments can provide an interesting and fun playground environment for learning and experimenting with reverse engineering, vulnerability discovery, and exploit development.\r\n \r\nIn this talk, Wesley will discuss the setup of a complete environment for hacking software for the Commodore Amiga line of computers, a 16/32 bit computing platform of the late 80s and early 90s (not to mention a dedicated following of users and software today). He will describe the hardware environment, OS architecture, and the practically endless library of software that can be used as interesting targets of research. On-system development and debugging software will be described, as well as using the modern Ghidra disassembler. A case study of identifying and exploiting a vulnerability in a 1994 vintage FTP client will be discussed in technical detail. \r\n\r\nREFERENCES:\r\n\r\n- Vintage Computing preservation\r\n - https://www.tosecdev.org/ - TOSEC catalogs all known software\r\n and documentation for many vintage computing platforms\r\n - https://archive.org/ - Hosts tremendous archives of vintage\r\n documentation, magazines, software, etc\r\n - Books (largely available on archive.org)\r\n - The AmigaDOS Manual, 3rd Edition\r\n - Lance Leventhal - 68000 Assembly Language Programming,\r\n Second Edition\r\n - M68000 Programmer's Reference Manual\r\n - Amiga ROM Kernel Reference Manual, 3rd Edition, Volumes:\r\n - Libraries\r\n - Devices\r\n - Hardware Reference Manual\r\n - Devpac 3 for the Amiga - User Manual\r\n - SAS/C Development System User's Guide (vol. 1 & 2)\r\n - Development Kit Documentation\r\n - Amiga OS NDK 3.2 - https://www.hyperion-entertainment.com/index.php/downloads?view=files&parent=40\r\n - Amiga Developer CD 1.2 (1998, available on archive.org)\r\n - Previous talks that involved vintage computing\r\n - DC30 - Tristan Miller - Reversing the Original Xbox Live\r\n Protocols\r\n - DC30 - Cesare Pizzi - Old Malware, New tools: Ghidra and\r\n Commodore 64","updated_timestamp":{"seconds":1687877880,"nanoseconds":0},"speakers":[{"content_ids":[50559,50619],"conference_id":96,"event_ids":[50727,50805],"name":"Wesley McGrew","affiliations":[{"organization":"MartinFed","title":"Senior Cyber Fellow"}],"pronouns":"he/him","links":[{"description":"","title":"Mastodon (@mcgrew@defcon.social)","sort_order":0,"url":"https://defcon.social/@mcgrew"},{"description":"","title":"Mixcloud","sort_order":0,"url":"https://www.mixcloud.com/wesmcgrew/stream/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/McGrewSecurity"}],"media":[],"id":49770,"title":"Senior Cyber Fellow at MartinFed"}],"timeband_id":992,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245730"}],"end":"2023-08-13T19:45:00.000-0000","id":50805,"begin_timestamp":{"seconds":1691953200,"nanoseconds":0},"tag_ids":[45589,45592,45629,45630,45646,45766],"village_id":null,"includes":"Exploit 🪲, Demo 💻, Tool 🛠","people":[{"tag_id":45590,"sort_order":1,"person_id":49770}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 130-134 - Track 3","hotel":"","short_name":"Forum - 130-134 - Track 3","id":45798},"spans_timebands":"N","updated":"2023-06-27T14:58:00.000-0000","begin":"2023-08-13T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"It is 60 years since the first publication of the ASCII standard, something we now very much take for granted. ASCII introduced the Escape character; something we still use but maybe don't think about very much. The terminal is a tool all of us use. It's a way to interact with nearly every modern operating system. Underneath it uses escape codes defined in standards, some of which date back to the 1970s.\r\n \r\nLike anything which deals with untrusted user input, it has an attack surface. 20 years ago HD Moore wrote a paper on terminal vulnerabilities, finding multiple CVEs in the process. I decided it was time to revisit this class of vulnerability.\r\n \r\nIn this talk I'll look at the history of terminals and then detail the issues I found in half a dozen different terminals. Even Microsoft who historically haven't had strong terminal support didn't escape a CVE. In order to exploit these vulnerabilities they often need to be combined with a vulnerability in something else. I'll cover how to exploit these vulnerabilities in multiple ways.\r\n \r\nOverall this research found multiple remote code execution vulnerabilities across nearly all platforms and new unique ways to deliver the exploits. \r\n\r\nREFERENCES: \r\nKey citations:\r\n - HD Moore, 2003, \"Terminal Emulator Security Issues\";\r\n https://marc.info/?l=bugtraq&m=104612710031920&w=2\r\n - Eviatar Gerzi, 2022; \"Don't Trust This Title: Abusing Terminal\r\n Emulators with ANSI Escape Characters\"\r\n https://www.cyberark.com/resources/threat-research-blog/dont-trust-this-title-abusing-terminal-emulators-with-ansi-escape-characters\r\n - Phrack, 1994, #46 file 4 \"Line Noise\" - flash.c;\r\n http://phrack.org/issues/46/4.html\r\n - Mitre; CWE-150; https://cwe.mitre.org/data/definitions/150.html\r\n - Paul Szabo, 2008, CVE-2008-2383;\r\n https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030\r\n \r\n Other interesting sources:\r\n - Nicholas Boucher and Ross Anderson, 2021, \"Trojan Source: Invisible\r\n Vulnerabilities\"; https://trojansource.codes/\r\n - Thomas Dickey, 2023, \"XTerm Control Sequences\";\r\n https://invisible-island.net/xterm/ctlseqs/ctlseqs.html\r\n - Bob Bemer, \"That Powerful ESCAPE Character\",\r\n https://web.archive.org/web/20010411103243/http://www.bobbemer.com/ESCAPE.HTM\r\n - Lear Siegler, 1979, \"ADM-3A Operator's Manual\";\r\n https://vt100.net/lsi/adm3a-om.pdf\r\n - Digital Equipment Corporation, 1994, \"VT520/VT525 Video Terminal\r\n Programmer Information\";\r\n http://web.mit.edu/dosathena/doc/www/ek-vt520-rm.pdf\r\n - Paul Flo Williams, \"A parser for DEC's ANSI-compatible video\r\n terminals.\" VT100.net; https://vt100.net/emu/dec_ansi_parser\r\n - Konstantinos Foutzopoulos, 2021, \"Sixel for terminal graphics\";\r\n https://konfou.xyz/posts/sixel-for-terminal-graphics/\r\n - https://agimcami.files.wordpress.com/2019/07/control-characters-in-ascii-and-unicode-aivisto-com.pdf,\r\n unknown origin, but good references\r\n - Unicode Consortium, Mark Davis et al., 2014; Unicode Technical\r\n Report #36; https://unicode.org/reports/tr36/\r\n - Unicode Consortium, Robin Leroy, et al., 2023; Draft Unicode\r\n Technical Standard #55; https://www.unicode.org/reports/tr55/\r\n \r\n My posts to oss-security so far:\r\n - rxvt-unicode CVE-2022-4170;\r\n https://www.openwall.com/lists/oss-security/2022/12/05/1\r\n - xterm CVE-2022-45063; https://www.openwall.com/lists/oss-security/2022/11/10/1\r\n - less CVE-2022-46663; https://www.openwall.com/lists/oss-security/2023/02/07/7\n\n\n","title":"Terminally Owned - 60 years of escaping","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"android_description":"It is 60 years since the first publication of the ASCII standard, something we now very much take for granted. ASCII introduced the Escape character; something we still use but maybe don't think about very much. The terminal is a tool all of us use. It's a way to interact with nearly every modern operating system. Underneath it uses escape codes defined in standards, some of which date back to the 1970s.\r\n \r\nLike anything which deals with untrusted user input, it has an attack surface. 20 years ago HD Moore wrote a paper on terminal vulnerabilities, finding multiple CVEs in the process. I decided it was time to revisit this class of vulnerability.\r\n \r\nIn this talk I'll look at the history of terminals and then detail the issues I found in half a dozen different terminals. Even Microsoft who historically haven't had strong terminal support didn't escape a CVE. In order to exploit these vulnerabilities they often need to be combined with a vulnerability in something else. I'll cover how to exploit these vulnerabilities in multiple ways.\r\n \r\nOverall this research found multiple remote code execution vulnerabilities across nearly all platforms and new unique ways to deliver the exploits. \r\n\r\nREFERENCES: \r\nKey citations:\r\n - HD Moore, 2003, \"Terminal Emulator Security Issues\";\r\n https://marc.info/?l=bugtraq&m=104612710031920&w=2\r\n - Eviatar Gerzi, 2022; \"Don't Trust This Title: Abusing Terminal\r\n Emulators with ANSI Escape Characters\"\r\n https://www.cyberark.com/resources/threat-research-blog/dont-trust-this-title-abusing-terminal-emulators-with-ansi-escape-characters\r\n - Phrack, 1994, #46 file 4 \"Line Noise\" - flash.c;\r\n http://phrack.org/issues/46/4.html\r\n - Mitre; CWE-150; https://cwe.mitre.org/data/definitions/150.html\r\n - Paul Szabo, 2008, CVE-2008-2383;\r\n https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030\r\n \r\n Other interesting sources:\r\n - Nicholas Boucher and Ross Anderson, 2021, \"Trojan Source: Invisible\r\n Vulnerabilities\"; https://trojansource.codes/\r\n - Thomas Dickey, 2023, \"XTerm Control Sequences\";\r\n https://invisible-island.net/xterm/ctlseqs/ctlseqs.html\r\n - Bob Bemer, \"That Powerful ESCAPE Character\",\r\n https://web.archive.org/web/20010411103243/http://www.bobbemer.com/ESCAPE.HTM\r\n - Lear Siegler, 1979, \"ADM-3A Operator's Manual\";\r\n https://vt100.net/lsi/adm3a-om.pdf\r\n - Digital Equipment Corporation, 1994, \"VT520/VT525 Video Terminal\r\n Programmer Information\";\r\n http://web.mit.edu/dosathena/doc/www/ek-vt520-rm.pdf\r\n - Paul Flo Williams, \"A parser for DEC's ANSI-compatible video\r\n terminals.\" VT100.net; https://vt100.net/emu/dec_ansi_parser\r\n - Konstantinos Foutzopoulos, 2021, \"Sixel for terminal graphics\";\r\n https://konfou.xyz/posts/sixel-for-terminal-graphics/\r\n - https://agimcami.files.wordpress.com/2019/07/control-characters-in-ascii-and-unicode-aivisto-com.pdf,\r\n unknown origin, but good references\r\n - Unicode Consortium, Mark Davis et al., 2014; Unicode Technical\r\n Report #36; https://unicode.org/reports/tr36/\r\n - Unicode Consortium, Robin Leroy, et al., 2023; Draft Unicode\r\n Technical Standard #55; https://www.unicode.org/reports/tr55/\r\n \r\n My posts to oss-security so far:\r\n - rxvt-unicode CVE-2022-4170;\r\n https://www.openwall.com/lists/oss-security/2022/12/05/1\r\n - xterm CVE-2022-45063; https://www.openwall.com/lists/oss-security/2022/11/10/1\r\n - less CVE-2022-46663; https://www.openwall.com/lists/oss-security/2023/02/07/7","end_timestamp":{"seconds":1691955900,"nanoseconds":0},"updated_timestamp":{"seconds":1687137900,"nanoseconds":0},"speakers":[{"content_ids":[50570],"conference_id":96,"event_ids":[50786],"name":"David Leadbeater","affiliations":[{"organization":"G-Research","title":"Open Source Engineer"}],"links":[{"description":"","title":"Mastodon (@dgl@infosec.exchange)","sort_order":0,"url":"https://infosec.exchange/@dgl"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/davidgl"},{"description":"","title":"Website","sort_order":0,"url":"https://dgl.cx"}],"pronouns":"he/him","media":[],"id":49788,"title":"Open Source Engineer at G-Research"}],"timeband_id":992,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245741"}],"end":"2023-08-13T19:45:00.000-0000","id":50786,"tag_ids":[45589,45629,45646,45766],"begin_timestamp":{"seconds":1691953200,"nanoseconds":0},"village_id":null,"includes":"Exploit 🪲","people":[{"tag_id":45590,"sort_order":1,"person_id":49788}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"spans_timebands":"N","begin":"2023-08-13T19:00:00.000-0000","updated":"2023-06-19T01:25:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Privilege escalation is a common attack vector in the Windows OS.\r\n\r\nToday, there are multiple offensive tools in the wild that can execute code as “NT AUTHORITY\\SYSTEM” (Meterpreter, CobaltStrike, Potato tools), and they all usually do so by duplicating tokens and manipulating services in some way or another. This talk will show an evasive and undetected privilege escalation technique that abuses the Windows Filtering Platform (WFP). This platform processes network traffic and allow configuring filters that permit or block communication.\r\n\r\nIt is built-in component of the operating system since Windows Vista, and doesn’t require an installation. My research started from reverse-engineering a single RPC method in an OS service and ended with several techniques to abuse a system kernel component, that allow executing programs as “NT AUTHORITY\\SYSTEM”, as well as other users that are logged on the the machine without triggering any traditional detection algorithms.\r\n\r\nThe various components of the Windows Filtering Platform will be analyzed, such as the Basic Filtering Engine, the TCPIP driver and the IPSec protocol, while focusing on how to abuse them and extract valuable data from them. \r\n\r\nREFERENCES\r\n- https://googleprojectzero.blogspot.com/2021/08/understanding-network-access-windows-app.html\r\n- https://scorpiosoftware.net/2022/12/25/introduction-to-the-windows-filtering-platform/\r\n- https://learn.microsoft.com/en-us/windows/win32/fwp/windows-filtering-platform-architecture-overview\r\n- https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc759130(v=ws.10)\n\n\n","title":"#NoFilter: Abusing Windows Filtering Platform for privilege escalation","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691955900,"nanoseconds":0},"android_description":"Privilege escalation is a common attack vector in the Windows OS.\r\n\r\nToday, there are multiple offensive tools in the wild that can execute code as “NT AUTHORITY\\SYSTEM” (Meterpreter, CobaltStrike, Potato tools), and they all usually do so by duplicating tokens and manipulating services in some way or another. This talk will show an evasive and undetected privilege escalation technique that abuses the Windows Filtering Platform (WFP). This platform processes network traffic and allow configuring filters that permit or block communication.\r\n\r\nIt is built-in component of the operating system since Windows Vista, and doesn’t require an installation. My research started from reverse-engineering a single RPC method in an OS service and ended with several techniques to abuse a system kernel component, that allow executing programs as “NT AUTHORITY\\SYSTEM”, as well as other users that are logged on the the machine without triggering any traditional detection algorithms.\r\n\r\nThe various components of the Windows Filtering Platform will be analyzed, such as the Basic Filtering Engine, the TCPIP driver and the IPSec protocol, while focusing on how to abuse them and extract valuable data from them. \r\n\r\nREFERENCES\r\n- https://googleprojectzero.blogspot.com/2021/08/understanding-network-access-windows-app.html\r\n- https://scorpiosoftware.net/2022/12/25/introduction-to-the-windows-filtering-platform/\r\n- https://learn.microsoft.com/en-us/windows/win32/fwp/windows-filtering-platform-architecture-overview\r\n- https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc759130(v=ws.10)","updated_timestamp":{"seconds":1687140360,"nanoseconds":0},"speakers":[{"content_ids":[50608],"conference_id":96,"event_ids":[50774],"name":"Ron Ben-Yizhak","affiliations":[{"organization":"Deep Instinct","title":"Security Researcher"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/RonB_Y"}],"media":[],"id":49848,"title":"Security Researcher at Deep Instinct"}],"timeband_id":992,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245779"}],"end":"2023-08-13T19:45:00.000-0000","id":50774,"tag_ids":[45589,45592,45629,45630,45646,45766],"begin_timestamp":{"seconds":1691953200,"nanoseconds":0},"village_id":null,"includes":"Demo 💻, Tool 🛠, Exploit 🪲","people":[{"tag_id":45590,"sort_order":1,"person_id":49848}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 105,135,136 - Track 1","hotel":"","short_name":"Forum - 105,135,136 - Track 1","id":45796},"spans_timebands":"N","begin":"2023-08-13T19:00:00.000-0000","updated":"2023-06-19T02:06:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"As mobile devices have become increasingly prevalent, the security of Android applications has become a critical concern. \r\nPentesting is an essential process for identifying and mitigating potential vulnerabilities in these applications, but Android app hacking is a specialized area that is less well-documented than other pentesting techniques. \r\nIn this session, the focus will be on how to pentest Android apps and their APIs. \r\n\r\nThe presentation will address key questions such as what Android pentesting is, how to set up an Android App pentest lab, and how to pentest an Android App and its APIs from start to finish. \r\n\r\nParticipants will leave the session with tips and resources for learning, practicing, and setting up a complete set of tools for Android application pentesting, including detailed examples on a purposefully vulnerable application. \r\nThe goal is to equip attendees with the knowledge and skills necessary to conduct thorough and effective pentests of Android applications.\r\n\n\n\n","title":"Android Applications and APIs hacking","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691955000,"nanoseconds":0},"android_description":"As mobile devices have become increasingly prevalent, the security of Android applications has become a critical concern. \r\nPentesting is an essential process for identifying and mitigating potential vulnerabilities in these applications, but Android app hacking is a specialized area that is less well-documented than other pentesting techniques. \r\nIn this session, the focus will be on how to pentest Android apps and their APIs. \r\n\r\nThe presentation will address key questions such as what Android pentesting is, how to set up an Android App pentest lab, and how to pentest an Android App and its APIs from start to finish. \r\n\r\nParticipants will leave the session with tips and resources for learning, practicing, and setting up a complete set of tools for Android application pentesting, including detailed examples on a purposefully vulnerable application. \r\nThe goal is to equip attendees with the knowledge and skills necessary to conduct thorough and effective pentests of Android applications.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52133,51091],"conference_id":96,"event_ids":[51122,52353],"name":"Gabrielle Botbol","affiliations":[],"pronouns":null,"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/gabriellebotbol/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/Gabrielle_BGB"}],"media":[],"id":51339}],"timeband_id":992,"links":[],"end":"2023-08-13T19:30:00.000-0000","id":52353,"begin_timestamp":{"seconds":1691952300,"nanoseconds":0},"village_id":null,"tag_ids":[40297,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51339}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Main Stage","hotel":"","short_name":"AppSec Village - Main Stage","id":45960},"spans_timebands":"N","updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-13T18:45:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Elevators 101","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"updated_timestamp":{"seconds":1691565180,"nanoseconds":0},"speakers":[{"content_ids":[52383,52384,52393],"conference_id":96,"event_ids":[52674,52675,52684],"name":"Karen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51605}],"timeband_id":992,"links":[],"end":"2023-08-13T19:00:00.000-0000","id":52684,"tag_ids":[40290,45645,45647,45743],"village_id":null,"begin_timestamp":{"seconds":1691951400,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51605}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Carson City - Physical Security Village","hotel":"","short_name":"Carson City - Physical Security Village","id":45679},"begin":"2023-08-13T18:30:00.000-0000","updated":"2023-08-09T07:13:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Misinfo Village Closing / Panel / Summary / Feedback","type":{"conference_id":96,"conference":"DEFCON31","color":"#d653b1","updated_at":"2024-06-07T03:38+0000","name":"Village Panel","id":45771},"android_description":"","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"updated_timestamp":{"seconds":1691284320,"nanoseconds":0},"speakers":[{"content_ids":[52261,52262,52264,52275,52297],"conference_id":96,"event_ids":[52525,52526,52539,52528,52569],"name":"Misinformation Village Staff","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51509}],"timeband_id":992,"links":[],"end":"2023-08-13T19:00:00.000-0000","id":52525,"village_id":null,"begin_timestamp":{"seconds":1691951400,"nanoseconds":0},"tag_ids":[40305,45646,45743,45771],"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51509}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 224 - Misinfo Village","hotel":"","short_name":"Summit - 224 - Misinfo Village","id":45856},"begin":"2023-08-13T18:30:00.000-0000","updated":"2023-08-06T01:12:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Hunting Aberrant Maritime Network Traffic with Open-Source Software and Hardware","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1690423080,"nanoseconds":0},"speakers":[{"content_ids":[51461,51496],"conference_id":96,"event_ids":[51617,51652],"name":"Chet Hosmer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50519}],"timeband_id":992,"links":[],"end":"2023-08-13T19:00:00.000-0000","id":51652,"village_id":null,"tag_ids":[40306,45645,45646,45743],"begin_timestamp":{"seconds":1691951400,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50519}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 313-319 - ICS Village","hotel":"","short_name":"Alliance - 313-319 - ICS Village","id":45869},"begin":"2023-08-13T18:30:00.000-0000","updated":"2023-07-27T01:58:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Security Operations in the cloud can be thought as a data problem. If you can immediately and easily answer questions of what, how and who has done an action attackers can be uncovered and dealt with much quicker.\r\n\r\nBuilding the infrastructure to do this however can easily become very expensive and there are some big trade-offs to consider when building a security logging pipeline.\r\n\r\nThis talk will explain the different logging patterns that you can find in public clouds like AWS, GCP and Azure and the pitfalls and experience from building and rebuilding the security logging at different scale levels.\r\n\r\nThis talk should give any attendees protecting a company with a big cloud exposure valuable insights that could be applied to building a new security logging function and also how to improve their current security pipelines.\n\n\n","title":"Security Logging in the cloud, trade-offs to consider and patterns to maximise the effectiveness of security data pipelines","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691953200,"nanoseconds":0},"android_description":"Security Operations in the cloud can be thought as a data problem. If you can immediately and easily answer questions of what, how and who has done an action attackers can be uncovered and dealt with much quicker.\r\n\r\nBuilding the infrastructure to do this however can easily become very expensive and there are some big trade-offs to consider when building a security logging pipeline.\r\n\r\nThis talk will explain the different logging patterns that you can find in public clouds like AWS, GCP and Azure and the pitfalls and experience from building and rebuilding the security logging at different scale levels.\r\n\r\nThis talk should give any attendees protecting a company with a big cloud exposure valuable insights that could be applied to building a new security logging function and also how to improve their current security pipelines.","updated_timestamp":{"seconds":1690921320,"nanoseconds":0},"speakers":[{"content_ids":[51988],"conference_id":96,"event_ids":[52182],"name":"Marco Mancini","affiliations":[{"organization":"Thought Machine","title":"Tech Lead for the Detection Engineering"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ManciniJ"}],"media":[],"id":51195,"title":"Tech Lead for the Detection Engineering at Thought Machine"}],"timeband_id":992,"links":[],"end":"2023-08-13T19:00:00.000-0000","id":52182,"village_id":null,"begin_timestamp":{"seconds":1691950800,"nanoseconds":0},"tag_ids":[40284,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51195}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Mesquite - Cloud Village","hotel":"","short_name":"Mesquite - Cloud Village","id":45653},"begin":"2023-08-13T18:20:00.000-0000","updated":"2023-08-01T20:22:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"AI Village Closing Remarks","end_timestamp":{"seconds":1691952300,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691030940,"nanoseconds":0},"speakers":[{"content_ids":[52044,52064],"conference_id":96,"event_ids":[52263,52283],"name":"AI Village Organizers","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51277}],"timeband_id":992,"links":[],"end":"2023-08-13T18:45:00.000-0000","id":52283,"begin_timestamp":{"seconds":1691950500,"nanoseconds":0},"village_id":null,"tag_ids":[40299,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51277}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 401-406 - AI Village","hotel":"","short_name":"Academy - 401-406 - AI Village","id":45870},"spans_timebands":"N","updated":"2023-08-03T02:49:00.000-0000","begin":"2023-08-13T18:15:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Pacific Northwest National Laboratory (PNNL) has developed and operates modeled physical environments for training and demonstrating cyber security for DHS CISA as part of their ICS Control Environment Laboratory Resource (CELR). To expose a broader audience at conferences and industry venues, CISA is implementing an XR interface to enable remote users to have a visceral experience as if they are in the same room as the CELR models. The CISA CELR team is developing cutting-edge data pipelines with the Depthkit software and developers at Scatter that can record and transmit accurate 3D renderings of objects and people in near real-time to an XR headset (HoloLens 2). Depthkit combines the data streams from up to 10 Microsoft Azure Kinect cameras and combines them into a calibrated photorealistic 3D video. This video can be exported into the Unity game engine and embedded as recordings or live streams into an XR application. The demonstration planned for Defcon will be for the Rail sector systems including an AR overview of the skid model with some pre-recorded videos of failure scenarios and some VR exploration of rail sector subsystems including a locomotive cab, wayside controller, and regional dispatch display. Conference attendees will learn more about the rail sector and its use of cyber components and the potential risks of cyber based failures.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Off the Rails: A demo with Pacific Northwest National Labs","android_description":"Pacific Northwest National Laboratory (PNNL) has developed and operates modeled physical environments for training and demonstrating cyber security for DHS CISA as part of their ICS Control Environment Laboratory Resource (CELR). To expose a broader audience at conferences and industry venues, CISA is implementing an XR interface to enable remote users to have a visceral experience as if they are in the same room as the CELR models. The CISA CELR team is developing cutting-edge data pipelines with the Depthkit software and developers at Scatter that can record and transmit accurate 3D renderings of objects and people in near real-time to an XR headset (HoloLens 2). Depthkit combines the data streams from up to 10 Microsoft Azure Kinect cameras and combines them into a calibrated photorealistic 3D video. This video can be exported into the Unity game engine and embedded as recordings or live streams into an XR application. The demonstration planned for Defcon will be for the Rail sector systems including an AR overview of the skid model with some pre-recorded videos of failure scenarios and some VR exploration of rail sector subsystems including a locomotive cab, wayside controller, and regional dispatch display. Conference attendees will learn more about the rail sector and its use of cyber components and the potential risks of cyber based failures.","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"updated_timestamp":{"seconds":1691357160,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T19:00:00.000-0000","id":52579,"begin_timestamp":{"seconds":1691949600,"nanoseconds":0},"village_id":null,"tag_ids":[40311,45646,45743,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 206 - XR Village","hotel":"","short_name":"Summit - 206 - XR Village","id":45860},"spans_timebands":"N","begin":"2023-08-13T18:00:00.000-0000","updated":"2023-08-06T21:26:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This talk covers the workings of mechanical combination safe locks, their vulnerabilities, and how to manipulate them.\n\n\n","title":"Safecracking for Everyone","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691953200,"nanoseconds":0},"android_description":"This talk covers the workings of mechanical combination safe locks, their vulnerabilities, and how to manipulate them.","updated_timestamp":{"seconds":1691288760,"nanoseconds":0},"speakers":[{"content_ids":[52287,52288],"conference_id":96,"event_ids":[52551,52552],"name":"Jared Dygert","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51517}],"timeband_id":992,"links":[],"end":"2023-08-13T19:00:00.000-0000","id":52551,"village_id":null,"begin_timestamp":{"seconds":1691949600,"nanoseconds":0},"tag_ids":[40309,45645,45649,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51517}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45753,"name":"LINQ - 5th Floor / BLOQ - Lockpick Village","hotel":"","short_name":"5th Floor / BLOQ - Lockpick Village","id":45873},"updated":"2023-08-06T02:26:00.000-0000","begin":"2023-08-13T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"War Driver Meetup","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"android_description":"","end_timestamp":{"seconds":1691956800,"nanoseconds":0},"updated_timestamp":{"seconds":1691260020,"nanoseconds":0},"speakers":[{"content_ids":[52257],"conference_id":96,"event_ids":[52518],"name":"RF Village Staff","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51494}],"timeband_id":992,"links":[],"end":"2023-08-13T20:00:00.000-0000","id":52518,"tag_ids":[40292,45647,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691949600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51494}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Eldorado - Radio Frequency Village","hotel":"","short_name":"Eldorado - Radio Frequency Village","id":45714},"spans_timebands":"N","updated":"2023-08-05T18:27:00.000-0000","begin":"2023-08-13T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"Telecom Village CTF","android_description":"","end_timestamp":{"seconds":1691956800,"nanoseconds":0},"updated_timestamp":{"seconds":1691257260,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T20:00:00.000-0000","id":52499,"tag_ids":[40304,45647,45743,45775],"village_id":72,"begin_timestamp":{"seconds":1691949600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Virginia City - Telecom Village","hotel":"","short_name":"Virginia City - Telecom Village","id":45723},"updated":"2023-08-05T17:41:00.000-0000","begin":"2023-08-13T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":".\n\n\nProject Obsidian panel discussion: Who, What, When, Where, and How","title":"Project Obsidian Panel","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691951400,"nanoseconds":0},"android_description":".\n\n\nProject Obsidian panel discussion: Who, What, When, Where, and How","updated_timestamp":{"seconds":1691245140,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T18:30:00.000-0000","id":52475,"village_id":null,"begin_timestamp":{"seconds":1691949600,"nanoseconds":0},"tag_ids":[40282,45647,45743,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45645,"name":"Flamingo - Sunset - Scenic - Blue Team Village - Main Stage","hotel":"","short_name":"BTV Main Stage","id":45969},"updated":"2023-08-05T14:19:00.000-0000","begin":"2023-08-13T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"We present our second open session on what Quantum Life might look like in the future! Join our experts, enthusiasts, and other community members to discover what this quantum future could all be about…\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Quantum Life - An open mic space discussing the possible futures granted by quantum technologies","android_description":"We present our second open session on what Quantum Life might look like in the future! Join our experts, enthusiasts, and other community members to discover what this quantum future could all be about…","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"updated_timestamp":{"seconds":1691109060,"nanoseconds":0},"speakers":[{"content_ids":[52033,52176,52178,52182,52188,52190,52191],"conference_id":96,"event_ids":[52249,52424,52426,52430,52436,52438,52439],"name":"Mark Carney","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51260},{"content_ids":[52176,52191],"conference_id":96,"event_ids":[52424,52439],"name":"Victoria Kumaran","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51424}],"timeband_id":992,"links":[],"end":"2023-08-13T19:00:00.000-0000","id":52439,"begin_timestamp":{"seconds":1691949600,"nanoseconds":0},"tag_ids":[40291,45645,45649,45743],"village_id":null,"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":51260},{"tag_id":45633,"sort_order":1,"person_id":51424}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Quantum Village","hotel":"","short_name":"Quantum Village","id":45741},"spans_timebands":"N","begin":"2023-08-13T18:00:00.000-0000","updated":"2023-08-04T00:31:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Application security reviews are performed to proactively discover and mitigate vulnerabilities in applications and services being developed or deployed in order to reduce risk. It includes any or all of these activities: threat modeling, in-depth secure code review and dynamic testing.\r\n\r\nIn a fast-paced and engineering-heavy organizations, these are typically non-blocking and can be seen as a security pipeline defining roles and responsibilities, scope of the review, a priority queue based on business risk profiling, expected outcomes and risk findings across the application.\r\n\r\nWe start with a strong foundation for secure design by performing a security design review focused on threat modeling to derive security requirements and test plans. This is followed by an in-depth secure code review and dynamic testing / validation. \r\n\r\nAs we progress through the application lifecycle, if secure code reviews uncover high risk code changes and vulnerabilities or penetration testing results point to exploitable findings this indicates a need to do better threat modeling.\r\n\r\nThe success of this in terms of scaling and maturity depends on three factors working in tandem: tools, processes and people. Therefore, we need to leverage a security pipeline approach for well defined structure and automation.. \r\n\r\nIn this talk, we will cover:\r\n- creating a structure for these reviews based on their scope and priority\r\n- calibrating reviews as a team and organization\r\n- leveraging partnerships like security champions (engineers) as key players who are not responsible for the pipeline but help move the pipeline further\r\n- capturing key risk and remediation metrics\r\n- building automation and tooling centered around for threat modeling in a complete security assessment\r\n\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Threat modeling-based application security pipeline","end_timestamp":{"seconds":1691952300,"nanoseconds":0},"android_description":"Application security reviews are performed to proactively discover and mitigate vulnerabilities in applications and services being developed or deployed in order to reduce risk. It includes any or all of these activities: threat modeling, in-depth secure code review and dynamic testing.\r\n\r\nIn a fast-paced and engineering-heavy organizations, these are typically non-blocking and can be seen as a security pipeline defining roles and responsibilities, scope of the review, a priority queue based on business risk profiling, expected outcomes and risk findings across the application.\r\n\r\nWe start with a strong foundation for secure design by performing a security design review focused on threat modeling to derive security requirements and test plans. This is followed by an in-depth secure code review and dynamic testing / validation. \r\n\r\nAs we progress through the application lifecycle, if secure code reviews uncover high risk code changes and vulnerabilities or penetration testing results point to exploitable findings this indicates a need to do better threat modeling.\r\n\r\nThe success of this in terms of scaling and maturity depends on three factors working in tandem: tools, processes and people. Therefore, we need to leverage a security pipeline approach for well defined structure and automation.. \r\n\r\nIn this talk, we will cover:\r\n- creating a structure for these reviews based on their scope and priority\r\n- calibrating reviews as a team and organization\r\n- leveraging partnerships like security champions (engineers) as key players who are not responsible for the pipeline but help move the pipeline further\r\n- capturing key risk and remediation metrics\r\n- building automation and tooling centered around for threat modeling in a complete security assessment","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52132],"conference_id":96,"event_ids":[52352],"name":"Larkins Carvalho","affiliations":[],"pronouns":null,"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://linkedin.com/in/larkinscarvalho"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/larkinscarvalho"}],"media":[],"id":51358},{"content_ids":[52132],"conference_id":96,"event_ids":[52352],"name":"Nielet D'mello","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/nieletdmello/"}],"pronouns":null,"media":[],"id":51367}],"timeband_id":992,"links":[],"end":"2023-08-13T18:45:00.000-0000","id":52352,"village_id":null,"tag_ids":[40297,45645,45647,45743],"begin_timestamp":{"seconds":1691949600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51358},{"tag_id":45590,"sort_order":1,"person_id":51367}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Main Stage","hotel":"","short_name":"AppSec Village - Main Stage","id":45960},"begin":"2023-08-13T18:00:00.000-0000","updated":"2023-08-03T15:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Come down to the Policy track on Sunday morning and test your knowledge of all the most trivial aspects of tech policy! Bring a team or ride solo, and see if your deep knowledge of cybersecurity and tech policy is the best of the best. We’ll have a short quiz on tech law, policy, security and privacy topics that will blow your mind. Or what’s left of your mind after those shenanigans you got up to on Saturday night. BYO Bloody Mary.\r\n\r\nKurt Opsahl will be your most masterful and hungover Trivia Master, joined by three surprise judges.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2ec300","name":"Vendor Event","id":45769},"title":"Hangover Trivia: Cyber Policy Edition","android_description":"Come down to the Policy track on Sunday morning and test your knowledge of all the most trivial aspects of tech policy! Bring a team or ride solo, and see if your deep knowledge of cybersecurity and tech policy is the best of the best. We’ll have a short quiz on tech law, policy, security and privacy topics that will blow your mind. Or what’s left of your mind after those shenanigans you got up to on Saturday night. BYO Bloody Mary.\r\n\r\nKurt Opsahl will be your most masterful and hungover Trivia Master, joined by three surprise judges.","end_timestamp":{"seconds":1691952600,"nanoseconds":0},"updated_timestamp":{"seconds":1690431960,"nanoseconds":0},"speakers":[{"content_ids":[50571,51526],"conference_id":96,"event_ids":[50809,51682],"name":"Kurt Opsahl","affiliations":[{"organization":"Filecoin Foundation","title":"Associate General Counsel for Cybersecurity and Civil Liberties Policy"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/KurtOpsahl"}],"media":[],"id":49790,"title":"Associate General Counsel for Cybersecurity and Civil Liberties Policy at Filecoin Foundation"}],"timeband_id":992,"end":"2023-08-13T18:50:00.000-0000","links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"id":51682,"village_id":null,"tag_ids":[40310,45646,45743,45769],"begin_timestamp":{"seconds":1691949600,"nanoseconds":0},"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":49790}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 218-219 - Policy Rotunda","hotel":"","short_name":"Summit - 218-219 - Policy Rotunda","id":45824},"spans_timebands":"N","updated":"2023-07-27T04:26:00.000-0000","begin":"2023-08-13T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"The Flaws in Cloud-based ICS Ecosystem","android_description":"","end_timestamp":{"seconds":1691951400,"nanoseconds":0},"updated_timestamp":{"seconds":1690423080,"nanoseconds":0},"speakers":[{"content_ids":[51495,51497],"conference_id":96,"event_ids":[51651,51653],"name":"Hank Chen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50551}],"timeband_id":992,"links":[],"end":"2023-08-13T18:30:00.000-0000","id":51651,"begin_timestamp":{"seconds":1691949600,"nanoseconds":0},"village_id":null,"tag_ids":[40306,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50551}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 313-319 - ICS Village","hotel":"","short_name":"Alliance - 313-319 - ICS Village","id":45869},"spans_timebands":"N","updated":"2023-07-27T01:58:00.000-0000","begin":"2023-08-13T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"CANCELED: Will be released later: Most Meta - Live Meta Quest2 Hack","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691953200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691951640,"nanoseconds":0},"speakers":[{"content_ids":[51474],"conference_id":96,"event_ids":[51630],"name":"David \"Icer\" Maynor","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50520}],"timeband_id":992,"links":[],"end":"2023-08-13T19:00:00.000-0000","id":51630,"village_id":null,"tag_ids":[40311,45645,45646,45743],"begin_timestamp":{"seconds":1691949600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50520}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 232-233 - Shared Stage","hotel":"","short_name":"Summit - 232-233 - Shared Stage","id":45900},"updated":"2023-08-13T18:34:00.000-0000","begin":"2023-08-13T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Take the test to join what has been considered to be one of the first hacker communities, amateur radio! The Ham Radio Village is back at DEF CON 31 to offer free amateur radio license exams to anyone who wishes to get their ham radio license. Examinees are encouraged to study on [ham.study](https://ham.study/), and may sign up for this time slot [here](https://ham.study/sessions/64bc92f0f1d18834466defba/1).\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"Free Amateur Radio License Exams","android_description":"Take the test to join what has been considered to be one of the first hacker communities, amateur radio! The Ham Radio Village is back at DEF CON 31 to offer free amateur radio license exams to anyone who wishes to get their ham radio license. Examinees are encouraged to study on [ham.study](https://ham.study/), and may sign up for this time slot [here](https://ham.study/sessions/64bc92f0f1d18834466defba/1).","end_timestamp":{"seconds":1691956800,"nanoseconds":0},"updated_timestamp":{"seconds":1690088520,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[{"label":"Twitter (@HamRadioVillage)","type":"link","url":"https://twitter.com/HamRadioVillage"},{"label":"Register for this time slot","type":"link","url":"https://ham.study/sessions/64bc92f0f1d18834466defba/1"},{"label":"Mastodon (@HamRadioVillage@defcon.social)","type":"link","url":"https://defcon.social/@HamRadioVillage"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245338"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/732733631667372103"},{"label":"Website","type":"link","url":"https://hamvillage.org/"}],"end":"2023-08-13T20:00:00.000-0000","id":51538,"village_id":47,"begin_timestamp":{"seconds":1691949600,"nanoseconds":0},"tag_ids":[40286,45635,45647,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Virginia City - Ham Radio Village","hotel":"","short_name":"Virginia City - Ham Radio Village","id":45724},"updated":"2023-07-23T05:02:00.000-0000","begin":"2023-08-13T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Storfield Methodology focuses on three main questions: Where am I? Where is the DC? Where are the high-value targets? The Storfield Methodology is meant to be repeatable during every engagement. When following this method the steps should be the same regardless of the security controls implemented in a particular network.\n\n\n","title":"Storfield: A Quiet Methodology to Create Attacks in Mature Networks","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691953200,"nanoseconds":0},"android_description":"The Storfield Methodology focuses on three main questions: Where am I? Where is the DC? Where are the high-value targets? The Storfield Methodology is meant to be repeatable during every engagement. When following this method the steps should be the same regardless of the security controls implemented in a particular network.","updated_timestamp":{"seconds":1689358620,"nanoseconds":0},"speakers":[{"content_ids":[51086,51096],"conference_id":96,"event_ids":[51117,51127,51160],"name":"Cory Wolff","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/cwolff411"}],"pronouns":null,"media":[],"id":50260}],"timeband_id":992,"links":[],"end":"2023-08-13T19:00:00.000-0000","id":51160,"begin_timestamp":{"seconds":1691949600,"nanoseconds":0},"tag_ids":[40294,45647,45719],"village_id":60,"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50260}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 4","hotel":"","short_name":"Area 4","id":45828},"updated":"2023-07-14T18:17:00.000-0000","begin":"2023-08-13T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Welcome to the Open Source Intelligence Skills Lab Challenge CTF! There are 3 challenge sets, each with their own challenges. As you progress through each set, the difficulty will progressively increase. Answering a \"flag\" correctly will net you points, with a maximum possible score of 560.\n\n\n","title":"OSINT Skills Lab Challenge","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"android_description":"Welcome to the Open Source Intelligence Skills Lab Challenge CTF! There are 3 challenge sets, each with their own challenges. As you progress through each set, the difficulty will progressively increase. Answering a \"flag\" correctly will net you points, with a maximum possible score of 560.","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"updated_timestamp":{"seconds":1689358200,"nanoseconds":0},"speakers":[{"content_ids":[51075,51084],"conference_id":96,"event_ids":[51116,51145,51107,51146,51147,51148,51149],"name":"Lee McWhorter","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/tleemcjr"}],"pronouns":null,"media":[],"id":50269},{"content_ids":[51075,51084],"conference_id":96,"event_ids":[51116,51145,51107,51146,51147,51148,51149],"name":"Sandra Stibbards","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Camelotinv"}],"media":[],"id":50281}],"timeband_id":992,"links":[],"end":"2023-08-13T19:00:00.000-0000","id":51149,"tag_ids":[40294,45647,45719],"village_id":60,"begin_timestamp":{"seconds":1691949600,"nanoseconds":0},"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50269},{"tag_id":45633,"sort_order":1,"person_id":50281}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 1","hotel":"","short_name":"Area 1","id":45825},"begin":"2023-08-13T18:00:00.000-0000","updated":"2023-07-14T18:10:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This workshop is intended for cybersecurity professionals, system administrators, software developers, and anyone interested in learning about the art of hacking web applications and API security. It is an immersive, hands-on experience that provides comprehensive knowledge about different web application and API vulnerabilities, and, most importantly, effective hacking methodologies.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"Hacking Web Apps and APIs with WebSploit Labs","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"android_description":"This workshop is intended for cybersecurity professionals, system administrators, software developers, and anyone interested in learning about the art of hacking web applications and API security. It is an immersive, hands-on experience that provides comprehensive knowledge about different web application and API vulnerabilities, and, most importantly, effective hacking methodologies.","updated_timestamp":{"seconds":1689358260,"nanoseconds":0},"speakers":[{"content_ids":[51078,51080],"conference_id":96,"event_ids":[51110,51129,51112,51132,51133,51134,51135],"name":"Omar Santos","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/santosomar"}],"media":[],"id":50276}],"timeband_id":992,"links":[],"end":"2023-08-13T19:00:00.000-0000","id":51135,"tag_ids":[40294,45647,45719],"begin_timestamp":{"seconds":1691949600,"nanoseconds":0},"village_id":60,"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50276}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 6","hotel":"","short_name":"Area 6","id":45830},"updated":"2023-07-14T18:11:00.000-0000","begin":"2023-08-13T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In March 2023, journalists and investigators released analysis of “the Vulkan files.” Consisting of documents associated with a Russian company working with intelligence and military authorities, the papers revealed a variety of ambitious programs such as “Scan-V” and“Amezit.” Both programs, in the sense that they offer capabilities to acquire, maintain, and task infrastructure for cyber and information operations at scale, are deeply concerning, indicating a significant advancement in Russian-linked network warfare and related actions.\r\n\r\nPlacing these items in context reveals a far more troubling picture.After reviewing the capabilities of Amezit and Scan-V, we can see glimpses of historical programs in the advertised efficacy of these projects. We will consider other items that have leaked over the years offering similar capabilities, albeit in different circumstances.Examples include Russia’s SORM framework for domestic operations,China’s Great Firewall and (more significantly) Great Cannon programs, and items that emerged in the Snowden leaks such as the US’s alleged “Quantum” program.\r\n\r\nBy analyzing these additional projects, we will observe a decade’s long trend in the systematization and scaling of cyber programs, especially with respect to automated exploitation and infrastructure management. Vulkan and related items, as significant as they are, represent a culmination of operational evolution and an example of the proliferation of capabilities following disclosure. With programs such as Scan-V exposed, we should anticipate other entities seeking to mirror such capabilities, progressing beyond botnets and other distributed systems to effective management of dispersed capabilities for signals intelligence and cyber operations.\r\n\r\nREFERENCES:\r\n- https://www.spiegel.de/thema/vulkanfiles/?d=1680188834\r\n- https://www.spiegel.de/international/world/the-vulkan-files-a-look-inside-putin-s-secret-plans-for-cyber-warfare-a-4324e76f-cb20-4312-96c8-1101c5655236\r\n- https://www.theguardian.com/technology/2023/mar/30/vulkan-files-leak-reveals-putins-global-and-domestic-cyberwarfare-tactics\r\n- https://citizenlab.ca/2015/04/chinas-great-cannon/\r\n- https://resources.infosecinstitute.com/topic/turbine-quantum-implants-arsenal-nsa/\r\n- https://theintercept.com/2014/03/12/nsa-plans-infect-millions-computers-malware/\r\n- https://www.wired.com/2014/03/quantum/\r\n- https://www.domaintools.com/resources/blog/centreon-to-exim-and-back-on-the-trail-of-sandworm/\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"title":"Burrowing Through The Network: Contextualizing The Vulkan Leaks & Historical State-Sponsored Offensive Operations","end_timestamp":{"seconds":1691952300,"nanoseconds":0},"android_description":"In March 2023, journalists and investigators released analysis of “the Vulkan files.” Consisting of documents associated with a Russian company working with intelligence and military authorities, the papers revealed a variety of ambitious programs such as “Scan-V” and“Amezit.” Both programs, in the sense that they offer capabilities to acquire, maintain, and task infrastructure for cyber and information operations at scale, are deeply concerning, indicating a significant advancement in Russian-linked network warfare and related actions.\r\n\r\nPlacing these items in context reveals a far more troubling picture.After reviewing the capabilities of Amezit and Scan-V, we can see glimpses of historical programs in the advertised efficacy of these projects. We will consider other items that have leaked over the years offering similar capabilities, albeit in different circumstances.Examples include Russia’s SORM framework for domestic operations,China’s Great Firewall and (more significantly) Great Cannon programs, and items that emerged in the Snowden leaks such as the US’s alleged “Quantum” program.\r\n\r\nBy analyzing these additional projects, we will observe a decade’s long trend in the systematization and scaling of cyber programs, especially with respect to automated exploitation and infrastructure management. Vulkan and related items, as significant as they are, represent a culmination of operational evolution and an example of the proliferation of capabilities following disclosure. With programs such as Scan-V exposed, we should anticipate other entities seeking to mirror such capabilities, progressing beyond botnets and other distributed systems to effective management of dispersed capabilities for signals intelligence and cyber operations.\r\n\r\nREFERENCES:\r\n- https://www.spiegel.de/thema/vulkanfiles/?d=1680188834\r\n- https://www.spiegel.de/international/world/the-vulkan-files-a-look-inside-putin-s-secret-plans-for-cyber-warfare-a-4324e76f-cb20-4312-96c8-1101c5655236\r\n- https://www.theguardian.com/technology/2023/mar/30/vulkan-files-leak-reveals-putins-global-and-domestic-cyberwarfare-tactics\r\n- https://citizenlab.ca/2015/04/chinas-great-cannon/\r\n- https://resources.infosecinstitute.com/topic/turbine-quantum-implants-arsenal-nsa/\r\n- https://theintercept.com/2014/03/12/nsa-plans-infect-millions-computers-malware/\r\n- https://www.wired.com/2014/03/quantum/\r\n- https://www.domaintools.com/resources/blog/centreon-to-exim-and-back-on-the-trail-of-sandworm/","updated_timestamp":{"seconds":1688176200,"nanoseconds":0},"speakers":[{"content_ids":[50641,51481],"conference_id":96,"event_ids":[50842,51637],"name":"Joe Slowik","affiliations":[{"organization":"Huntress","title":"Threat Intelligence Manager"}],"links":[{"description":"","title":"Website","sort_order":0,"url":"https://pylos.co/"}],"pronouns":"he/him","media":[],"id":49917,"title":"Threat Intelligence Manager at Huntress"}],"timeband_id":992,"end":"2023-08-13T18:45:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246095"}],"id":50842,"tag_ids":[45589,45646,45766],"begin_timestamp":{"seconds":1691949600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49917}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 407-410 - Track 4","hotel":"","short_name":"Academy - 407-410 - Track 4","id":45799},"begin":"2023-08-13T18:00:00.000-0000","updated":"2023-07-01T01:50:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Wifi chips contain general purpose processors. Even though these are powerful processors, their firmware is closed source and does not allow modifications. This talk explores how the firmware of modern Xtensa based Qualcomm Wifi chips can be modified to allow extending its indented functionality. Such modifications can even be for example leveraged by security researchers to find vulnerabilities in an otherwise closed source Wifi code. During the talk we will also dive into the architecture of Qualcomms Wifi chips as well as the structure of the firmware used withing these chips. We will release a modified version of the Nexmon framework to enable patching of Xtensa based firmware and show all the steps involved to create such patches. \r\n\r\nREFERENCES:\r\n- http://problemkaputt.de/gbatek-dsi-atheros-wifi-bmi-bootloader-commands.htm\r\n- https://nstarke.github.io/firmware/wifi/linux/kernel/2021/08/11/dev-coredump-and-firmware-images.html\r\n- https://sachin0x18.github.io/posts/demystifying-xtensa-isa/\r\n- https://nexmon.org\n\n\n","title":"Unlocking hidden powers in Xtensa based Qualcomm Wifi chips","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691952300,"nanoseconds":0},"android_description":"Wifi chips contain general purpose processors. Even though these are powerful processors, their firmware is closed source and does not allow modifications. This talk explores how the firmware of modern Xtensa based Qualcomm Wifi chips can be modified to allow extending its indented functionality. Such modifications can even be for example leveraged by security researchers to find vulnerabilities in an otherwise closed source Wifi code. During the talk we will also dive into the architecture of Qualcomms Wifi chips as well as the structure of the firmware used withing these chips. We will release a modified version of the Nexmon framework to enable patching of Xtensa based firmware and show all the steps involved to create such patches. \r\n\r\nREFERENCES:\r\n- http://problemkaputt.de/gbatek-dsi-atheros-wifi-bmi-bootloader-commands.htm\r\n- https://nstarke.github.io/firmware/wifi/linux/kernel/2021/08/11/dev-coredump-and-firmware-images.html\r\n- https://sachin0x18.github.io/posts/demystifying-xtensa-isa/\r\n- https://nexmon.org","updated_timestamp":{"seconds":1687140120,"nanoseconds":0},"speakers":[{"content_ids":[50604],"conference_id":96,"event_ids":[50818],"name":"Daniel Wegemer","affiliations":[{"organization":"","title":"Hacker"}],"links":[],"pronouns":"he/him","media":[],"id":49844,"title":"Hacker"}],"timeband_id":992,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245775"}],"end":"2023-08-13T18:45:00.000-0000","id":50818,"begin_timestamp":{"seconds":1691949600,"nanoseconds":0},"tag_ids":[45589,45592,45630,45646,45766],"village_id":null,"includes":"Demo 💻, Tool 🛠","people":[{"tag_id":45590,"sort_order":1,"person_id":49844}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 130-134 - Track 3","hotel":"","short_name":"Forum - 130-134 - Track 3","id":45798},"spans_timebands":"N","begin":"2023-08-13T18:00:00.000-0000","updated":"2023-06-19T02:02:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"C2 servers of mobile and Windows malware are usually left to their own fate after they have been discovered and the malware is no longer effective. We are going to take a deep dive into the rabbit hole of attacking and owning C2 servers, exposing details about their infrastructure, code bases, and the identity of the companies and individuals that operate and profit from them.\r\n\r\nWhile understanding and reversing malware is a highly skilled procedure, attacking the C2 itself rarely requires a lot of technical skills. Most of the C2 servers have the same typical HTTP problems that can be detected by off-the-shelf vulnerability scanners.\r\n\r\nBy exploiting low-hanging fruit vulnerabilities, an attacker can obtain unauthorized access to administrative functions, allowing them to command thousands of devices and further explore other attack vectors. This can give them access to administrator panels and malware source code, and result in the identity of threat actors being exposed.\r\n\r\nREFERENCES:\r\n\r\nHarly malware: https://www.kaspersky.com/blog/harly-trojan-subscriber/45573/\r\nClipper malware: https://www.welivesecurity.com/2023/03/16/not-so-private-messaging-trojanized-whatsapp-telegram-cryptocurrency-wallets/\r\nNexus malware: https://www.techrepublic.com/article/nexus-android-malware-finance-targets/\r\nAurora malware: https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"title":"The Art of Compromising C2 Servers: A Web Application Vulnerabilities Perspective","android_description":"C2 servers of mobile and Windows malware are usually left to their own fate after they have been discovered and the malware is no longer effective. We are going to take a deep dive into the rabbit hole of attacking and owning C2 servers, exposing details about their infrastructure, code bases, and the identity of the companies and individuals that operate and profit from them.\r\n\r\nWhile understanding and reversing malware is a highly skilled procedure, attacking the C2 itself rarely requires a lot of technical skills. Most of the C2 servers have the same typical HTTP problems that can be detected by off-the-shelf vulnerability scanners.\r\n\r\nBy exploiting low-hanging fruit vulnerabilities, an attacker can obtain unauthorized access to administrative functions, allowing them to command thousands of devices and further explore other attack vectors. This can give them access to administrator panels and malware source code, and result in the identity of threat actors being exposed.\r\n\r\nREFERENCES:\r\n\r\nHarly malware: https://www.kaspersky.com/blog/harly-trojan-subscriber/45573/\r\nClipper malware: https://www.welivesecurity.com/2023/03/16/not-so-private-messaging-trojanized-whatsapp-telegram-cryptocurrency-wallets/\r\nNexus malware: https://www.techrepublic.com/article/nexus-android-malware-finance-targets/\r\nAurora malware: https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/","end_timestamp":{"seconds":1691952300,"nanoseconds":0},"updated_timestamp":{"seconds":1688183040,"nanoseconds":0},"speakers":[{"content_ids":[50669],"conference_id":96,"event_ids":[50798],"name":"Vangelis Stykas","affiliations":[{"organization":"Tremau","title":"CTO"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@evstykas"},{"description":"","title":"Website","sort_order":0,"url":"https://stykas.com"}],"media":[],"id":49967,"title":"CTO at Tremau"}],"timeband_id":992,"end":"2023-08-13T18:45:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246122"}],"id":50798,"begin_timestamp":{"seconds":1691949600,"nanoseconds":0},"village_id":null,"tag_ids":[45589,45629,45646,45766],"includes":"Exploit 🪲","people":[{"tag_id":45590,"sort_order":1,"person_id":49967}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"updated":"2023-07-01T03:44:00.000-0000","begin":"2023-08-13T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This research provides innovative contributions to return-oriented programming (ROP), not seen before. We introduce ROP ROCKET, a cutting-edge ROP framework, to be released at DEF CON. With ROCKET, when attacking 32-bit applications, we can switch between x86 and x64 at will, by invoking a special ROP Heaven's Gate technique, thereby expanding the attack surface. We will discuss the ramifications of this novel approach.\r\n\r\nBypassing DEP via ROP is typically straightforward, using WinAPIs such as VirualProtect and VirtualAlloc. We demonstrate an alternative: using Windows syscalls. In fact, ROCKET provides automatic ROP chain construction to bypass ROP using Windows syscalls. While extremely trendy, Windows syscalls are only very rarely used in ROP.\r\n\r\nOne problem with automatic chain construction is bad chars or bad bytes. We demonstrate how ROCKET allows us to use virtulally any gadget whose address contains bad bytes. With this approach, automatic ROP chain construction is far less likely to fail. Thus, we overcome one of the major obstacles when creating a ROP chain: bad bytes, which reduces the attack surface needlessly. In fact, if one wanted, they could use ROCKET to \"obfuscate\" any gadget, obscuring what is being done.\r\n\r\nThis presentation will do the seemingly impossible - and surprise even veteran users of ROP.\r\n\r\nREFERENCES: \r\n1. Brizendine, B., Babcock, A.: A Novel Method for the Automatic Generation of JOP Chain Exploits. In: National Cyber Summit. pp. 77–92 (2021)\r\n2. Min, J.W., Jung, S.M., Lee, D.Y., Chung, T.M.: Jump oriented programming on windows platform (on the x86). Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics). 7335 LNCS, 376–390 (2012). https://doi.org/10.1007/978-3-642-31137-6_29\r\n3. Erdodi, L.: Attacking x86 windows binaries by jump oriented programming. INES 2013 - IEEE 17th Int. Conf. Intell. Eng. Syst. Proc. 333–338 (2013). https://doi.org/10.1109/INES.2013.6632837\r\n4. Brizendine, B., Babcock, A.: Pre-built JOP Chains with the JOP ROCKET: Bypassing DEP without ROP. Black Hat Asia. (2021)\r\n5. One, A.: Smashing the stack for fun and profit. Phrack Mag. 7, 14–16 (1996)\r\n6. Designer, S.: “Return-to-libc” attack., https://seclists.org/bugtraq/1997/Aug/63\r\n7. Shacham, H.: The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). Proc. ACM Conf. Comput. Commun. Secur. 552–561 (2007). https://doi.org/10.1145/1315245.1315313\r\n8. Roemer, R., Buchanan, E., Shacham, H., Savage, S.: Return-Oriented Programming : Systems , Languages , and Applications. ACM Trans. Inf. Syst. Secur. 15, 1–36 (2012)\r\n9. Buchanan, E., Roemer, R., Savage, S., Shacham, H.: Return-oriented programming: Exploitation without code injection. Black Hat. 8, (2008)\r\n10. PaX, T.: PaX address space layout randomization (ASLR). http//pax. grsecurity. net/docs/aslr. txt. (2003)\r\n11. Mark E, R., Alex, I., others: Windows Internals, Part 2, (2012)\r\n12. Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: Proceedings of the 11th ACM conference on Computer and communications security. pp. 298–307 (2004)\r\n13. Vreugdenhil, P.: Pwn2Own 2010 Windows 7 Internet Explorer 8 exploit.\r\n14. Gawlik, R., Holz, T.: ${$SoK$}$: Make ${$JIT-Spray$}$ Great Again. In: 12th USENIX Workshop on Offensive Technologies (WOOT 18) (2018)\r\n15. Göktas, E., Kollenda, B., Koppe, P., Bosman, E., Portokalidis, G., Holz, T., Bos, H., Giuffrida, C.: Position-independent code reuse: On the effectiveness of aslr in the absence of information disclosure. In: 2018 IEEE European Symposium on Security and Privacy (EuroS&P). pp. 227–242 (2018)\r\n16. Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A.R., Shacham, H., Winandy, M.: Return-oriented programming without returns. Proc. ACM Conf. Comput. Commun. Secur. 559–572 (2010). https://doi.org/10.1145/1866307.1866370\r\n17. Bletsch, T., Jiang, X., Freeh, V.W.: Jump-oriented programming: a new class of code-reuse attack. Proc. 6th Int. Symp. Information, Comput. Commun. Secur. ASIACCS 2011. (2011)\r\n18. Brizendine, B.: JOP ROCKET repository, https://github.com/Bw3ll/JOP_ROCKET/\r\n19. Babcock, A.: IcoFX 2.6 - “.ico” Buffer Overflow SEH + DEP Bypass using JOP, https://www.exploit-db.com/exploits/49959\r\n20. Specter: Sony Playstation 4 (PS4) 5.05 - BPF Double Free Kernel Exploit Writeup, https://www.exploit-db.com/exploits/45045\r\n21. Brizendine, B., Babcock, A., Kramer, A.: Move Over, ROP: Towards a Practical Approach to Jump-Oriented Programming. HITBMag. 121–152 (2021)\r\n22. Intel Corporation: Control-flow Enforcement Technology Preview, https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf\r\n23. Schuster, F., Tendyck, T., Liebchen, C., Davi, L., Sadeghi, A.-R., Holz, T.: Counterfeit object-oriented programming: On the difficulty of preventing code reuse attacks in C++ applications. In: 2015 IEEE Symposium on Security and Privacy. pp. 745–762 (2015)\r\n24. Brizendine, B. Windows Syscalls in Shellcode: Advanced Techniques for Malicious Functionality. Hack in the Box Amsterdam (2023).\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"title":"Advanced ROP Framework: Pushing ROP to Its Limits","end_timestamp":{"seconds":1691952300,"nanoseconds":0},"android_description":"This research provides innovative contributions to return-oriented programming (ROP), not seen before. We introduce ROP ROCKET, a cutting-edge ROP framework, to be released at DEF CON. With ROCKET, when attacking 32-bit applications, we can switch between x86 and x64 at will, by invoking a special ROP Heaven's Gate technique, thereby expanding the attack surface. We will discuss the ramifications of this novel approach.\r\n\r\nBypassing DEP via ROP is typically straightforward, using WinAPIs such as VirualProtect and VirtualAlloc. We demonstrate an alternative: using Windows syscalls. In fact, ROCKET provides automatic ROP chain construction to bypass ROP using Windows syscalls. While extremely trendy, Windows syscalls are only very rarely used in ROP.\r\n\r\nOne problem with automatic chain construction is bad chars or bad bytes. We demonstrate how ROCKET allows us to use virtulally any gadget whose address contains bad bytes. With this approach, automatic ROP chain construction is far less likely to fail. Thus, we overcome one of the major obstacles when creating a ROP chain: bad bytes, which reduces the attack surface needlessly. In fact, if one wanted, they could use ROCKET to \"obfuscate\" any gadget, obscuring what is being done.\r\n\r\nThis presentation will do the seemingly impossible - and surprise even veteran users of ROP.\r\n\r\nREFERENCES: \r\n1. Brizendine, B., Babcock, A.: A Novel Method for the Automatic Generation of JOP Chain Exploits. In: National Cyber Summit. pp. 77–92 (2021)\r\n2. Min, J.W., Jung, S.M., Lee, D.Y., Chung, T.M.: Jump oriented programming on windows platform (on the x86). Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics). 7335 LNCS, 376–390 (2012). https://doi.org/10.1007/978-3-642-31137-6_29\r\n3. Erdodi, L.: Attacking x86 windows binaries by jump oriented programming. INES 2013 - IEEE 17th Int. Conf. Intell. Eng. Syst. Proc. 333–338 (2013). https://doi.org/10.1109/INES.2013.6632837\r\n4. Brizendine, B., Babcock, A.: Pre-built JOP Chains with the JOP ROCKET: Bypassing DEP without ROP. Black Hat Asia. (2021)\r\n5. One, A.: Smashing the stack for fun and profit. Phrack Mag. 7, 14–16 (1996)\r\n6. Designer, S.: “Return-to-libc” attack., https://seclists.org/bugtraq/1997/Aug/63\r\n7. Shacham, H.: The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). Proc. ACM Conf. Comput. Commun. Secur. 552–561 (2007). https://doi.org/10.1145/1315245.1315313\r\n8. Roemer, R., Buchanan, E., Shacham, H., Savage, S.: Return-Oriented Programming : Systems , Languages , and Applications. ACM Trans. Inf. Syst. Secur. 15, 1–36 (2012)\r\n9. Buchanan, E., Roemer, R., Savage, S., Shacham, H.: Return-oriented programming: Exploitation without code injection. Black Hat. 8, (2008)\r\n10. PaX, T.: PaX address space layout randomization (ASLR). http//pax. grsecurity. net/docs/aslr. txt. (2003)\r\n11. Mark E, R., Alex, I., others: Windows Internals, Part 2, (2012)\r\n12. Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: Proceedings of the 11th ACM conference on Computer and communications security. pp. 298–307 (2004)\r\n13. Vreugdenhil, P.: Pwn2Own 2010 Windows 7 Internet Explorer 8 exploit.\r\n14. Gawlik, R., Holz, T.: ${$SoK$}$: Make ${$JIT-Spray$}$ Great Again. In: 12th USENIX Workshop on Offensive Technologies (WOOT 18) (2018)\r\n15. Göktas, E., Kollenda, B., Koppe, P., Bosman, E., Portokalidis, G., Holz, T., Bos, H., Giuffrida, C.: Position-independent code reuse: On the effectiveness of aslr in the absence of information disclosure. In: 2018 IEEE European Symposium on Security and Privacy (EuroS&P). pp. 227–242 (2018)\r\n16. Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A.R., Shacham, H., Winandy, M.: Return-oriented programming without returns. Proc. ACM Conf. Comput. Commun. Secur. 559–572 (2010). https://doi.org/10.1145/1866307.1866370\r\n17. Bletsch, T., Jiang, X., Freeh, V.W.: Jump-oriented programming: a new class of code-reuse attack. Proc. 6th Int. Symp. Information, Comput. Commun. Secur. ASIACCS 2011. (2011)\r\n18. Brizendine, B.: JOP ROCKET repository, https://github.com/Bw3ll/JOP_ROCKET/\r\n19. Babcock, A.: IcoFX 2.6 - “.ico” Buffer Overflow SEH + DEP Bypass using JOP, https://www.exploit-db.com/exploits/49959\r\n20. Specter: Sony Playstation 4 (PS4) 5.05 - BPF Double Free Kernel Exploit Writeup, https://www.exploit-db.com/exploits/45045\r\n21. Brizendine, B., Babcock, A., Kramer, A.: Move Over, ROP: Towards a Practical Approach to Jump-Oriented Programming. HITBMag. 121–152 (2021)\r\n22. Intel Corporation: Control-flow Enforcement Technology Preview, https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf\r\n23. Schuster, F., Tendyck, T., Liebchen, C., Davi, L., Sadeghi, A.-R., Holz, T.: Counterfeit object-oriented programming: On the difficulty of preventing code reuse attacks in C++ applications. In: 2015 IEEE Symposium on Security and Privacy. pp. 745–762 (2015)\r\n24. Brizendine, B. Windows Syscalls in Shellcode: Advanced Techniques for Malicious Functionality. Hack in the Box Amsterdam (2023).","updated_timestamp":{"seconds":1687139580,"nanoseconds":0},"speakers":[{"content_ids":[50595,50650],"conference_id":96,"event_ids":[50770,50845],"name":"Bramwell Brizendine, Dr.","affiliations":[{"organization":"University of Alabama in Huntsville","title":"Assistant Professor"}],"links":[],"pronouns":"he/him","media":[],"id":49830,"title":"Assistant Professor at University of Alabama in Huntsville"},{"content_ids":[50595],"conference_id":96,"event_ids":[50770],"name":"Shiva Shashank Kusuma","affiliations":[{"organization":"University of Alabama in Huntsville","title":"Master's Student"}],"links":[],"pronouns":"he/him","media":[],"id":50512,"title":"Master's Student at University of Alabama in Huntsville"}],"timeband_id":992,"end":"2023-08-13T18:45:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245766"}],"id":50770,"tag_ids":[45589,45592,45630,45646,45766],"village_id":null,"begin_timestamp":{"seconds":1691949600,"nanoseconds":0},"includes":"Demo 💻, Tool 🛠","people":[{"tag_id":45590,"sort_order":1,"person_id":49830},{"tag_id":45590,"sort_order":1,"person_id":50512}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 105,135,136 - Track 1","hotel":"","short_name":"Forum - 105,135,136 - Track 1","id":45796},"spans_timebands":"N","updated":"2023-06-19T01:53:00.000-0000","begin":"2023-08-13T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"GRT Report Out","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691951400,"nanoseconds":0},"updated_timestamp":{"seconds":1691030940,"nanoseconds":0},"speakers":[{"content_ids":[50651,52063],"conference_id":96,"event_ids":[50846,52282],"name":"Sven Cattell","affiliations":[{"organization":"nbhd.ai & AI Village","title":"Founder"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@comathematician"}],"media":[],"id":49937,"title":"Founder at nbhd.ai & AI Village"}],"timeband_id":992,"links":[],"end":"2023-08-13T18:30:00.000-0000","id":52282,"tag_ids":[40299,45645,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691948700,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49937}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 401-406 - AI Village","hotel":"","short_name":"Academy - 401-406 - AI Village","id":45870},"spans_timebands":"N","updated":"2023-08-03T02:49:00.000-0000","begin":"2023-08-13T17:45:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Within Cloud environments, the approach to securing networks and resources has shifted. An organisation's security perimeter has become blurred, with resources increasingly exposed, making it harder to clearly establish their attack surface. Components of network and security controls have been abstracted away, including the specific on how they are implemented. One of these abstractions is through Azure Service Tags, a feature that we frequently see being used, and one that often results in resources being more exposed than intended.\r\n\r\nIn this talk, we will explore Service Tags in Azure, a common method for modern organisations to use pre-defined network ranges to be allow-listed for inbound and outbound network traffic. Although a useful means to simplify configuration to allow service-to-service communication, its usage can lead to unintentional cross-tenant access to Azure resources. The aim of the talk is to highlight several novel methods by which attackers can get access to a corporate environment. These will range from:\r\n\r\n - Accessing internal resources via an attacker controlled VM in a different tenant\r\n - Abusing Azure Logic Apps functionality to interact with internal APIs\r\n - Using SaaS services such as Azure DevOps to modify pipelines within a misconfigured target organisation\r\n\r\nFundamentally, this is the service working as intended. Service Tags are *supposed* to cover Azure service network ranges and these *do*, by design, include other organisations' environments. The issue mostly lies in the lack of detailed documentation and the lack of awareness around the breadth of coverage, and the potential impact of these controls. Where documentation is available that highlights some of these components, it is inconsistent in outlining the risks and potential impact. Through our work at a consultancy, we have worked with a range of organisations from large enterprises to medium sized companies. Based on our observations, this is a common issue that is present in different production Azure environments.\r\n\r\nListeners of the talk will come out with an understanding of:\r\n\r\n - Service Tags and their use cases\r\n - Attack methods to take advantage of Service Tags\r\n - Practical recommendations for Service Tag usage\n\n\n","title":"Tag, You're Exposed: Exploring Azure Service Tags and their Impact on your Security Boundary","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691950800,"nanoseconds":0},"android_description":"Within Cloud environments, the approach to securing networks and resources has shifted. An organisation's security perimeter has become blurred, with resources increasingly exposed, making it harder to clearly establish their attack surface. Components of network and security controls have been abstracted away, including the specific on how they are implemented. One of these abstractions is through Azure Service Tags, a feature that we frequently see being used, and one that often results in resources being more exposed than intended.\r\n\r\nIn this talk, we will explore Service Tags in Azure, a common method for modern organisations to use pre-defined network ranges to be allow-listed for inbound and outbound network traffic. Although a useful means to simplify configuration to allow service-to-service communication, its usage can lead to unintentional cross-tenant access to Azure resources. The aim of the talk is to highlight several novel methods by which attackers can get access to a corporate environment. These will range from:\r\n\r\n - Accessing internal resources via an attacker controlled VM in a different tenant\r\n - Abusing Azure Logic Apps functionality to interact with internal APIs\r\n - Using SaaS services such as Azure DevOps to modify pipelines within a misconfigured target organisation\r\n\r\nFundamentally, this is the service working as intended. Service Tags are *supposed* to cover Azure service network ranges and these *do*, by design, include other organisations' environments. The issue mostly lies in the lack of detailed documentation and the lack of awareness around the breadth of coverage, and the potential impact of these controls. Where documentation is available that highlights some of these components, it is inconsistent in outlining the risks and potential impact. Through our work at a consultancy, we have worked with a range of organisations from large enterprises to medium sized companies. Based on our observations, this is a common issue that is present in different production Azure environments.\r\n\r\nListeners of the talk will come out with an understanding of:\r\n\r\n - Service Tags and their use cases\r\n - Attack methods to take advantage of Service Tags\r\n - Practical recommendations for Service Tag usage","updated_timestamp":{"seconds":1690921320,"nanoseconds":0},"speakers":[{"content_ids":[51987],"conference_id":96,"event_ids":[52181],"name":"Aled Mehta","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/x_delfino"}],"pronouns":null,"media":[],"id":51193},{"content_ids":[51987],"conference_id":96,"event_ids":[52181],"name":"Christian Philipov","affiliations":[{"organization":"WithSecure","title":"Senior Security Consultant"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/chrispy_sec"}],"media":[],"id":51194,"title":"Senior Security Consultant at WithSecure"}],"timeband_id":992,"links":[],"end":"2023-08-13T18:20:00.000-0000","id":52181,"begin_timestamp":{"seconds":1691948400,"nanoseconds":0},"village_id":null,"tag_ids":[40284,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51193},{"tag_id":45590,"sort_order":1,"person_id":51194}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Mesquite - Cloud Village","hotel":"","short_name":"Mesquite - Cloud Village","id":45653},"updated":"2023-08-01T20:22:00.000-0000","begin":"2023-08-13T17:40:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"All the things, all the time: Lifting the veil on security in the global mobile industry and how it works with hackers","android_description":"","end_timestamp":{"seconds":1691949600,"nanoseconds":0},"updated_timestamp":{"seconds":1691512860,"nanoseconds":0},"speakers":[{"content_ids":[52363],"conference_id":96,"event_ids":[52651],"name":"James Moran","affiliations":[{"organization":"GSMA","title":"Head of Security"}],"links":[],"pronouns":null,"media":[],"id":51568,"title":"Head of Security at GSMA"}],"timeband_id":992,"links":[],"end":"2023-08-13T18:00:00.000-0000","id":52651,"village_id":null,"tag_ids":[40304,45645,45647,45743],"begin_timestamp":{"seconds":1691947800,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51568}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Virginia City - Telecom Village","hotel":"","short_name":"Virginia City - Telecom Village","id":45723},"spans_timebands":"N","updated":"2023-08-08T16:41:00.000-0000","begin":"2023-08-13T17:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Satellite communication has gained importance in our mobile and hyper-connected society, but end users are exposed to various security threats that are often not well understood. In this talk, I will present several practical attacks targeting the security and privacy of satellite end users. These attacks target satellite systems such as DVB-S, Inmarsat, Iridium, and GPS. The attacks have been developed and performed in our satellite security research labs at the Swiss Cyber-Defence Campus.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"The Looming Perils for End Users in Satellite Communications","android_description":"Satellite communication has gained importance in our mobile and hyper-connected society, but end users are exposed to various security threats that are often not well understood. In this talk, I will present several practical attacks targeting the security and privacy of satellite end users. These attacks target satellite systems such as DVB-S, Inmarsat, Iridium, and GPS. The attacks have been developed and performed in our satellite security research labs at the Swiss Cyber-Defence Campus.","end_timestamp":{"seconds":1691950800,"nanoseconds":0},"updated_timestamp":{"seconds":1691101440,"nanoseconds":0},"speakers":[{"content_ids":[52165],"conference_id":96,"event_ids":[52395],"name":"Vincent Lenders","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51422}],"timeband_id":992,"links":[],"end":"2023-08-13T18:20:00.000-0000","id":52395,"begin_timestamp":{"seconds":1691947800,"nanoseconds":0},"tag_ids":[40280,45645,45646,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51422}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"updated":"2023-08-03T22:24:00.000-0000","begin":"2023-08-13T17:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Intro to Ciphers","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"android_description":"","end_timestamp":{"seconds":1691948700,"nanoseconds":0},"updated_timestamp":{"seconds":1691026020,"nanoseconds":0},"speakers":[{"content_ids":[52022,52029,52030,52031,52037,52040,52043],"conference_id":96,"event_ids":[52238,52247,52246,52245,52253,52259,52256,52260,52261,52262],"name":"CPV Staff","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51254}],"timeband_id":992,"links":[],"end":"2023-08-13T17:45:00.000-0000","id":52262,"begin_timestamp":{"seconds":1691947800,"nanoseconds":0},"village_id":null,"tag_ids":[40308,45647,45719,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51254}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset - Vista - Crypto & Privacy Village","hotel":"","short_name":"Sunset - Vista - Crypto & Privacy Village","id":45702},"spans_timebands":"N","updated":"2023-08-03T01:27:00.000-0000","begin":"2023-08-13T17:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Vulnerability instead of security: How we managed to hack a PSIM system","android_description":"","end_timestamp":{"seconds":1691949600,"nanoseconds":0},"updated_timestamp":{"seconds":1690423080,"nanoseconds":0},"speakers":[{"content_ids":[51494],"conference_id":96,"event_ids":[51650],"name":"Lukas Sokefeld","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50557}],"timeband_id":992,"links":[],"end":"2023-08-13T18:00:00.000-0000","id":51650,"village_id":null,"tag_ids":[40306,45645,45646,45743],"begin_timestamp":{"seconds":1691947800,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50557}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 313-319 - ICS Village","hotel":"","short_name":"Alliance - 313-319 - ICS Village","id":45869},"begin":"2023-08-13T17:30:00.000-0000","updated":"2023-07-27T01:58:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.\n\n\n","title":"Intro to Lockpicking","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691948700,"nanoseconds":0},"android_description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.","updated_timestamp":{"seconds":1691288580,"nanoseconds":0},"speakers":[{"content_ids":[52282],"conference_id":96,"event_ids":[52546,52553,52554,52555,52556,52557,52558],"name":"TOOOL","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51513}],"timeband_id":992,"links":[],"end":"2023-08-13T17:45:00.000-0000","id":52557,"tag_ids":[40309,45649,45743,45775],"begin_timestamp":{"seconds":1691946900,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51513}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45753,"name":"LINQ - 5th Floor / BLOQ - Lockpick Village","hotel":"","short_name":"5th Floor / BLOQ - Lockpick Village","id":45873},"updated":"2023-08-06T02:23:00.000-0000","begin":"2023-08-13T17:15:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"More organizations are applying a DevOps methodology to optimize software development. One of the main tools used in this process is a continuous integration (CI) tool that automates code changes from multiple developers working on the same project. Multiple CI tools are available today, Jenkins, CircleCI, TravisCI, GitLab CI, and now GitHub Actions. In 2019, GitHub released its own CI tool called GitHub Actions (GHA). According to GitHub, GitHub Actions help you automate tasks within your software development life cycle, and it has been gaining a lot of adoption from developers. \r\n\r\nThis presentation results from detailed research on the topic where the author investigated abuse case scenarios, such as how attackers leveraged this free service to mine cryptocurrencies on their behalf and behalf of other users, among other attack vectors. We'll also demonstrate how to perform interactive commands to the Runner servers via reverse shell, which is technically not allowed via traditional means. Ultimately, we'll show the problem of third-party dependencies via the GitHub Actions Marketplace. Finally, we'll demonstrate how easy creating and publishing a fake GitHub Action on the GitHub Marketplace is. And if used unwillingly by other projects, it can compromise the victim's Runners to act as bots, target other victims, and even be used in supply-chain attacks by tampering with the result of the pipeline or even creating a botnet of crypto miners inside Azure.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Hacking GitHub Actions: Abusing GitHub and Azure for fun and profit","end_timestamp":{"seconds":1691949600,"nanoseconds":0},"android_description":"More organizations are applying a DevOps methodology to optimize software development. One of the main tools used in this process is a continuous integration (CI) tool that automates code changes from multiple developers working on the same project. Multiple CI tools are available today, Jenkins, CircleCI, TravisCI, GitLab CI, and now GitHub Actions. In 2019, GitHub released its own CI tool called GitHub Actions (GHA). According to GitHub, GitHub Actions help you automate tasks within your software development life cycle, and it has been gaining a lot of adoption from developers. \r\n\r\nThis presentation results from detailed research on the topic where the author investigated abuse case scenarios, such as how attackers leveraged this free service to mine cryptocurrencies on their behalf and behalf of other users, among other attack vectors. We'll also demonstrate how to perform interactive commands to the Runner servers via reverse shell, which is technically not allowed via traditional means. Ultimately, we'll show the problem of third-party dependencies via the GitHub Actions Marketplace. Finally, we'll demonstrate how easy creating and publishing a fake GitHub Action on the GitHub Marketplace is. And if used unwillingly by other projects, it can compromise the victim's Runners to act as bots, target other victims, and even be used in supply-chain attacks by tampering with the result of the pipeline or even creating a botnet of crypto miners inside Azure.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52085,52139],"conference_id":96,"event_ids":[52358,52311],"name":"Magno Logan","affiliations":[],"pronouns":null,"links":[{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/magnologan"}],"media":[],"id":51362}],"timeband_id":992,"links":[],"end":"2023-08-13T18:00:00.000-0000","id":52358,"begin_timestamp":{"seconds":1691946900,"nanoseconds":0},"tag_ids":[40297,45645,45647,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51362}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Main Stage","hotel":"","short_name":"AppSec Village - Main Stage","id":45960},"begin":"2023-08-13T17:15:00.000-0000","updated":"2023-08-03T15:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Come join us at Carson City I and II for some hands on physical security bypass exhibits! Try your hand on bypassing elevators, deadlocks, deadlatches, shopping cart locks, building intercoms or more! Challenge yourself by trying to get out of handcuffs using only a bobby pin, and win a real police handcuff key! In addition, meet some of our external partners. You can augment yourself by injecting your hand with a mini RFID/NFC chip implant, and play around with our RFID displays! We also have returning the physical RFID wall of sheep where you can learn about long distance RFID cloning!\n\n\n","title":"Physical Security Village Activities","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"android_description":"Come join us at Carson City I and II for some hands on physical security bypass exhibits! Try your hand on bypassing elevators, deadlocks, deadlatches, shopping cart locks, building intercoms or more! Challenge yourself by trying to get out of handcuffs using only a bobby pin, and win a real police handcuff key! In addition, meet some of our external partners. You can augment yourself by injecting your hand with a mini RFID/NFC chip implant, and play around with our RFID displays! We also have returning the physical RFID wall of sheep where you can learn about long distance RFID cloning!","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"updated_timestamp":{"seconds":1691655000,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52694,"village_id":null,"tag_ids":[40290,45647,45743,45775],"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Carson City - Physical Security Village","hotel":"","short_name":"Carson City - Physical Security Village","id":45679},"spans_timebands":"N","updated":"2023-08-10T08:10:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Capture The Packet is returning to DEF CON! Our legendary cyber defense competition has been a Black Badge contest for over 10 years! Glory and prizes await. Follow this event on Twitter at @Capturetp for the latest information on competition dates and times, as well as prizes.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"Capture The Packet FINALS","android_description":"Capture The Packet is returning to DEF CON! Our legendary cyber defense competition has been a Black Badge contest for over 10 years! Glory and prizes await. Follow this event on Twitter at @Capturetp for the latest information on competition dates and times, as well as prizes.","end_timestamp":{"seconds":1691956800,"nanoseconds":0},"updated_timestamp":{"seconds":1691375940,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T20:00:00.000-0000","id":52594,"tag_ids":[40288,45635,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"spans_timebands":"N","begin":"2023-08-13T17:00:00.000-0000","updated":"2023-08-07T02:39:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Contest Area Open","type":{"conference_id":96,"conference":"DEFCON31","color":"#77d8b8","updated_at":"2024-06-07T03:38+0000","name":"Misc","id":45640},"android_description":"","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"updated_timestamp":{"seconds":1691357880,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52586,"tag_ids":[45640,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"begin":"2023-08-13T17:00:00.000-0000","updated":"2023-08-06T21:38:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Explore emerging technology, hardware and experiences in the XR Village Playground. Meet and learn from technologists, futurists, and artists in the XR (VR / AR) space. Sponsored by BadVR and in collaboration with ICS Village, Red Team Village, Adversary Village and Policy Village.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"XR Village Playground","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"android_description":"Explore emerging technology, hardware and experiences in the XR Village Playground. Meet and learn from technologists, futurists, and artists in the XR (VR / AR) space. Sponsored by BadVR and in collaboration with ICS Village, Red Team Village, Adversary Village and Policy Village.","updated_timestamp":{"seconds":1691357160,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T19:00:00.000-0000","id":52581,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"tag_ids":[40311,45646,45743,45775],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 206 - XR Village","hotel":"","short_name":"Summit - 206 - XR Village","id":45860},"spans_timebands":"N","begin":"2023-08-13T17:00:00.000-0000","updated":"2023-08-06T21:26:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Want to tinker with locks and tools the likes of which you've only seen in movies featuring secret agents, daring heists, or covert entry teams?\r\n\r\nThen come on by the Lockpick Village, run by The Open Organization Of Lockpickers, where you will have the opportunity to learn hands-on how the fundamental hardware of physical security operates and how it can be compromised.\r\n\r\nThe Lockpick Village is a physical security demonstration and participation area. Visitors can learn about the vulnerabilities of various locking devices, techniques used to exploit these vulnerabilities, and practice on locks of various levels of difficultly to try it themselves.\r\n\r\nExperts will be on hand to demonstrate and plenty of trial locks, pick tools, and other devices will be available for you to handle. By exploring the faults and flaws in many popular lock designs, you can not only learn about the fun hobby of sport-picking, but also gain a much stronger knowledge about the best methods and practices for protecting your own property.\r\n\r\n--\r\n\r\nA popular spot for new lock pickers! Highly recommended you stop by. The Lockpick Village is always kid friendly and welcomes folks of all ages. We do require that the parents stay with the kids.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Lockpick Village Activities","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"android_description":"Want to tinker with locks and tools the likes of which you've only seen in movies featuring secret agents, daring heists, or covert entry teams?\r\n\r\nThen come on by the Lockpick Village, run by The Open Organization Of Lockpickers, where you will have the opportunity to learn hands-on how the fundamental hardware of physical security operates and how it can be compromised.\r\n\r\nThe Lockpick Village is a physical security demonstration and participation area. Visitors can learn about the vulnerabilities of various locking devices, techniques used to exploit these vulnerabilities, and practice on locks of various levels of difficultly to try it themselves.\r\n\r\nExperts will be on hand to demonstrate and plenty of trial locks, pick tools, and other devices will be available for you to handle. By exploring the faults and flaws in many popular lock designs, you can not only learn about the fun hobby of sport-picking, but also gain a much stronger knowledge about the best methods and practices for protecting your own property.\r\n\r\n--\r\n\r\nA popular spot for new lock pickers! Highly recommended you stop by. The Lockpick Village is always kid friendly and welcomes folks of all ages. We do require that the parents stay with the kids.","updated_timestamp":{"seconds":1691296860,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52568,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"tag_ids":[40309,45649,45743,45764,45775],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45753,"name":"LINQ - 5th Floor / BLOQ - Lockpick Village","hotel":"","short_name":"5th Floor / BLOQ - Lockpick Village","id":45873},"begin":"2023-08-13T17:00:00.000-0000","updated":"2023-08-06T04:41:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Participate in a Jeopardy-style CTFs competition that challenges you to break through the guardrails within 8 different LLMs. In your 50-minute session, execute prompt injections, find internal inconsistencies, and identify issues in information integrity, privacy, and societal harm. Compete for points and take home the prize, or just have fun coming up with novel attacks.\r\n\r\nThis exercise, first of its kind, will allow the best and brightest minds in the security industry to join diverse voices new and veteran to the AI scene in pursuit of making AI and machine learning safer.\n\n\n","title":"AI Village Generative Red Team Challenge","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"android_description":"Participate in a Jeopardy-style CTFs competition that challenges you to break through the guardrails within 8 different LLMs. In your 50-minute session, execute prompt injections, find internal inconsistencies, and identify issues in information integrity, privacy, and societal harm. Compete for points and take home the prize, or just have fun coming up with novel attacks.\r\n\r\nThis exercise, first of its kind, will allow the best and brightest minds in the security industry to join diverse voices new and veteran to the AI scene in pursuit of making AI and machine learning safer.","end_timestamp":{"seconds":1691956800,"nanoseconds":0},"updated_timestamp":{"seconds":1691291160,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T20:00:00.000-0000","id":52563,"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"tag_ids":[40299,45646,45743,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 401-406 - AI Village","hotel":"","short_name":"Academy - 401-406 - AI Village","id":45870},"spans_timebands":"N","updated":"2023-08-06T03:06:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"\n\n\n","title":"Hackathon result's presentation","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691951400,"nanoseconds":0},"updated_timestamp":{"seconds":1691284620,"nanoseconds":0},"speakers":[{"content_ids":[52261,52262,52264,52275,52297],"conference_id":96,"event_ids":[52525,52526,52539,52528,52569],"name":"Misinformation Village Staff","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51509}],"timeband_id":992,"links":[],"end":"2023-08-13T18:30:00.000-0000","id":52539,"tag_ids":[40305,45645,45646,45743],"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51509}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 224 - Misinfo Village","hotel":"","short_name":"Summit - 224 - Misinfo Village","id":45856},"updated":"2023-08-06T01:17:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Have you ever fused metal to create electronic mayhem? Do you want to learn? Travel too far to take your solder tools with you? Hotel take your irons cause they thought it was a fire risk? Come on over to the Solder Skills village. We have irons and supplies. Volunteers (and some attendees) help teach, advise or just put out fires. We aim to grow the skill-set of the community and overcome inhibitions to this most basic skill to make electronic dreams happen.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"Soldering Skills Village Activities","end_timestamp":{"seconds":1691956800,"nanoseconds":0},"android_description":"Have you ever fused metal to create electronic mayhem? Do you want to learn? Travel too far to take your solder tools with you? Hotel take your irons cause they thought it was a fire risk? Come on over to the Solder Skills village. We have irons and supplies. Volunteers (and some attendees) help teach, advise or just put out fires. We aim to grow the skill-set of the community and overcome inhibitions to this most basic skill to make electronic dreams happen.","updated_timestamp":{"seconds":1691281860,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T20:00:00.000-0000","id":52522,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"tag_ids":[40303,45646,45743,45775],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 311-312 - Hardware/Soldering Vlgs","hotel":"","short_name":"Alliance - 311-312 - Hardware/Soldering Vlgs","id":45868},"updated":"2023-08-06T00:31:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"**ESV Badge**\r\nThe ESV Badge is a cool-looking shard PCB that will fit into the DEF CON badge shard holder, but also doubles as a hardware debugger with a built-in USB-Serial adapter. On sale at the village for $60, but also available for free to CTF players that score a minimum number of points. \r\n\r\n**Embedded CTF**\r\nAn approachable yet challenging CTF competition with a wide range of embedded devices and attacks. \r\n\r\nCategories include: \r\n\r\n - Physical\r\n - Network\r\n - RF\r\n - Mobile (Powered by Corellium)\r\n - Firmware\r\n - Badge - custom challenges built into the ESV badge\r\n\r\n**101 Labs**\r\nA series of computer-based workshops that will guide you through the basics of hacking embedded devices. From extracting and analyzing firmware, exploiting command injections and more, these labs will introduce even the most noob to the world of embedded device hacking.\r\n\r\n**Hands-on Hardware Hacking**\r\nWe've raided our local thrift stores and electronics recyclers and brought a whole bunch of embedded systems for you to try out the ESV badge on. Come pull memory chips off PCBs, dump memory, connect to UART consoles, and see what was left behind on these devices!\r\n\r\n**LoRA Labs**\r\nA hands-on and interactive lab using LoRa gateways where you will discover the noisy 915 MHz radio spectrum world.\n\n\n","title":"Embedded Systems Village Activities","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691960400,"nanoseconds":0},"android_description":"**ESV Badge**\r\nThe ESV Badge is a cool-looking shard PCB that will fit into the DEF CON badge shard holder, but also doubles as a hardware debugger with a built-in USB-Serial adapter. On sale at the village for $60, but also available for free to CTF players that score a minimum number of points. \r\n\r\n**Embedded CTF**\r\nAn approachable yet challenging CTF competition with a wide range of embedded devices and attacks. \r\n\r\nCategories include: \r\n\r\n - Physical\r\n - Network\r\n - RF\r\n - Mobile (Powered by Corellium)\r\n - Firmware\r\n - Badge - custom challenges built into the ESV badge\r\n\r\n**101 Labs**\r\nA series of computer-based workshops that will guide you through the basics of hacking embedded devices. From extracting and analyzing firmware, exploiting command injections and more, these labs will introduce even the most noob to the world of embedded device hacking.\r\n\r\n**Hands-on Hardware Hacking**\r\nWe've raided our local thrift stores and electronics recyclers and brought a whole bunch of embedded systems for you to try out the ESV badge on. Come pull memory chips off PCBs, dump memory, connect to UART consoles, and see what was left behind on these devices!\r\n\r\n**LoRA Labs**\r\nA hands-on and interactive lab using LoRa gateways where you will discover the noisy 915 MHz radio spectrum world.","updated_timestamp":{"seconds":1691282220,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52507,"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"tag_ids":[40300,45649,45743,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Evolution - Embedded Systems Village","hotel":"","short_name":"Evolution - Embedded Systems Village","id":45735},"updated":"2023-08-06T00:37:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"\"Tamper-evident\" refers to a physical security technology that provides evidence of tampering (access, damage, repair, or replacement) to determine authenticity or integrity of a container or object(s). In practical terms, this can be a piece of tape that closes an envelope, a plastic detainer that secures a hasp, or an ink used to identify a legitimate document. The goal of the Tamper Evident Village is to teach attendees how these technologies work and how many can be tampered with without leaving evidence. The village includes hands-on areas for mechanical seals, cargo seals, adhesive seals, mail and shipping seals, as well as a collection of demos, contests, and events to participate in.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Tamper Evident Village Activities","android_description":"\"Tamper-evident\" refers to a physical security technology that provides evidence of tampering (access, damage, repair, or replacement) to determine authenticity or integrity of a container or object(s). In practical terms, this can be a piece of tape that closes an envelope, a plastic detainer that secures a hasp, or an ink used to identify a legitimate document. The goal of the Tamper Evident Village is to teach attendees how these technologies work and how many can be tampered with without leaving evidence. The village includes hands-on areas for mechanical seals, cargo seals, adhesive seals, mail and shipping seals, as well as a collection of demos, contests, and events to participate in.","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"updated_timestamp":{"seconds":1691258220,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52504,"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"tag_ids":[40307,45649,45743,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45753,"name":"LINQ - 5th Floor / BLOQ - Tamper Evident Village","hotel":"","short_name":"5th Floor / BLOQ - Tamper Evident Village","id":45874},"updated":"2023-08-05T17:57:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"RF in the Middle Earth- Fallen 5G","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691947800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691471460,"nanoseconds":0},"speakers":[{"content_ids":[52240],"conference_id":96,"event_ids":[52495],"name":"Utku Y","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51526}],"timeband_id":992,"links":[],"end":"2023-08-13T17:30:00.000-0000","id":52495,"tag_ids":[40304,45645,45647,45743],"village_id":72,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51526}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Virginia City - Telecom Village","hotel":"","short_name":"Virginia City - Telecom Village","id":45723},"spans_timebands":"N","updated":"2023-08-08T05:11:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The DEF CON Hardware Hacking Village CTF is back again! Come put your skills to the test against other hackers. The contest is structured so that everyone should be able to gain some flags, and even the experienced will sweet a few drops to get them all.\r\n\r\nHeat up your soldering iron and freshen the batteries in your multimeter! The Hardware Hacking Village (HHV) is hosting their first official DEF CON Capture the Flag (CTF). This is a jeopardy style CTF, designed to challenge participants in various aspects of hardware hacking. Whether you're new to hardware hacking or experienced and just looking for something to do while you wait for your fault injection to trigger, all are welcome and challenges range from beginner to advanced.\n\n\n","title":"Hardware Hacking Village CTF","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"end_timestamp":{"seconds":1691953200,"nanoseconds":0},"android_description":"The DEF CON Hardware Hacking Village CTF is back again! Come put your skills to the test against other hackers. The contest is structured so that everyone should be able to gain some flags, and even the experienced will sweet a few drops to get them all.\r\n\r\nHeat up your soldering iron and freshen the batteries in your multimeter! The Hardware Hacking Village (HHV) is hosting their first official DEF CON Capture the Flag (CTF). This is a jeopardy style CTF, designed to challenge participants in various aspects of hardware hacking. Whether you're new to hardware hacking or experienced and just looking for something to do while you wait for your fault injection to trigger, all are welcome and challenges range from beginner to advanced.","updated_timestamp":{"seconds":1691252160,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[{"label":"Details","type":"link","url":"https://dchhv.org/challenges/dc31.html"},{"label":"Twitter (@dc_hhv)","type":"link","url":"https://twitter.com/@dc_hhv"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245343"}],"end":"2023-08-13T19:00:00.000-0000","id":52489,"tag_ids":[40287,45635,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 311-312 - Hardware/Soldering Vlgs","hotel":"","short_name":"Alliance - 311-312 - Hardware/Soldering Vlgs","id":45868},"spans_timebands":"N","updated":"2023-08-05T16:16:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"A little to shy to own the ring in open battle? Come play! There will be robots available to program, sample code, a ring and many opportunities to discover some of the fun of robotics.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"RoboSumo Play Time","android_description":"A little to shy to own the ring in open battle? Come play! There will be robots available to program, sample code, a ring and many opportunities to discover some of the fun of robotics.","end_timestamp":{"seconds":1691956800,"nanoseconds":0},"updated_timestamp":{"seconds":1691250660,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T20:00:00.000-0000","id":52484,"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"tag_ids":[40287,45646,45743,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 311-312 - Hardware/Soldering Vlgs","hotel":"","short_name":"Alliance - 311-312 - Hardware/Soldering Vlgs","id":45868},"spans_timebands":"N","updated":"2023-08-05T15:51:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":".\n\n\nGame session","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"Blue Team Village Game Session","end_timestamp":{"seconds":1691948700,"nanoseconds":0},"android_description":".\n\n\nGame session","updated_timestamp":{"seconds":1691247540,"nanoseconds":0},"speakers":[{"content_ids":[52207,52210],"conference_id":96,"event_ids":[52458,52463],"name":"aviditas","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51468}],"timeband_id":992,"links":[],"end":"2023-08-13T17:45:00.000-0000","id":52458,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"tag_ids":[40282,45647,45743,45775],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51468}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45645,"name":"Flamingo - Sunset - Scenic - Blue Team Village - Main Stage","hotel":"","short_name":"BTV Main Stage","id":45969},"spans_timebands":"N","updated":"2023-08-05T14:59:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Password Village provides training, discussion, and hands-on access to hardware and techniques utilized in modern password cracking, with an emphasis on how password cracking relates to your job function and the real world . No laptop? No problem! Feel free to use one of our terminals to access a pre-configured GPGPU environment to run password attacks against simulated real-world passwords. Village staff and expert volunteers will be standing by to assist you with on-the-spot training and introductions to Hashcat, as well as other FOSS cracking applications.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"Password Village Activities","android_description":"The Password Village provides training, discussion, and hands-on access to hardware and techniques utilized in modern password cracking, with an emphasis on how password cracking relates to your job function and the real world . No laptop? No problem! Feel free to use one of our terminals to access a pre-configured GPGPU environment to run password attacks against simulated real-world passwords. Village staff and expert volunteers will be standing by to assist you with on-the-spot training and introductions to Hashcat, as well as other FOSS cracking applications.","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"updated_timestamp":{"seconds":1691190660,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52444,"tag_ids":[40289,45646,45743,45775],"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 236 - Password Village","hotel":"","short_name":"Summit - 236 - Password Village","id":45862},"spans_timebands":"N","updated":"2023-08-04T23:11:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Quantum mechanics is quite hard, mathematically speaking. But Quantum information theory needs remarkably few resources! Inspired by the work of others, Mark will present a short introductory lecture with minimal pain but mathematical gain - getting you from tense to tensors, suspicious to superposition, and enraged to entangled in no time!\n\n\n","title":"Math for Quantum","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"Quantum mechanics is quite hard, mathematically speaking. But Quantum information theory needs remarkably few resources! Inspired by the work of others, Mark will present a short introductory lecture with minimal pain but mathematical gain - getting you from tense to tensors, suspicious to superposition, and enraged to entangled in no time!","end_timestamp":{"seconds":1691949600,"nanoseconds":0},"updated_timestamp":{"seconds":1691109000,"nanoseconds":0},"speakers":[{"content_ids":[52033,52176,52178,52182,52188,52190,52191],"conference_id":96,"event_ids":[52249,52424,52426,52430,52436,52438,52439],"name":"Mark Carney","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51260}],"timeband_id":992,"links":[],"end":"2023-08-13T18:00:00.000-0000","id":52438,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"tag_ids":[40291,45645,45649,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51260}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Quantum Village","hotel":"","short_name":"Quantum Village","id":45741},"begin":"2023-08-13T17:00:00.000-0000","updated":"2023-08-04T00:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"PTP Flight Challenge\r\n\r\nPen Test Partners\r\n\r\nCome try your hand at flying our immersive Airbus A320 simulator and see if you can stick our landing challenge! We'll also be talking about electronic flight bags, how their data integrity is relied upon by pilots to assist with a safe landing, and demonstrate the impacts in a safe environment.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"PTP Flight Challenge","android_description":"PTP Flight Challenge\r\n\r\nPen Test Partners\r\n\r\nCome try your hand at flying our immersive Airbus A320 simulator and see if you can stick our landing challenge! We'll also be talking about electronic flight bags, how their data integrity is relied upon by pilots to assist with a safe landing, and demonstrate the impacts in a safe environment.","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"updated_timestamp":{"seconds":1691101560,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52422,"tag_ids":[40280,45646,45743,45775],"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"updated":"2023-08-03T22:26:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Ask Me Anything About Cybersecurity in Aerospace\r\n\r\nAIAA\r\n\r\nWe have added a special feature to this year’s activities during DEF CON 31. This will be on Friday and Saturday from 11AM - 5PM.\r\n\r\nOur friends at AIAA are helping us host “Ask Me Anything” sessions on Friday and Saturday. It’s an opportunity to meet Aerospace Village members and partners who are experts in the field. Bring your questions about getting into cybersecurity, aviation, space, likes/dislikes, you name it!\r\n\r\n - A chance to ask all your questions, get their perspective, and hear some great stories.\r\n - A low-key sharing of experiences and a way to make new friends without having to make small talk.\r\n - Note: This is NOT a recruiting activity. Ask career questions if you have them, but think of this more as a chance for general \"speed mentoring.\"\n\n\n","title":"Ask Me Anything About Cybersecurity in Aerospace","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691960400,"nanoseconds":0},"android_description":"Ask Me Anything About Cybersecurity in Aerospace\r\n\r\nAIAA\r\n\r\nWe have added a special feature to this year’s activities during DEF CON 31. This will be on Friday and Saturday from 11AM - 5PM.\r\n\r\nOur friends at AIAA are helping us host “Ask Me Anything” sessions on Friday and Saturday. It’s an opportunity to meet Aerospace Village members and partners who are experts in the field. Bring your questions about getting into cybersecurity, aviation, space, likes/dislikes, you name it!\r\n\r\n - A chance to ask all your questions, get their perspective, and hear some great stories.\r\n - A low-key sharing of experiences and a way to make new friends without having to make small talk.\r\n - Note: This is NOT a recruiting activity. Ask career questions if you have them, but think of this more as a chance for general \"speed mentoring.\"","updated_timestamp":{"seconds":1691101560,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52420,"tag_ids":[40280,45646,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"spans_timebands":"N","updated":"2023-08-03T22:26:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Hack The Airport\r\n\r\nIntelliGenesis and IG Labs\r\n\r\nIG Labs will be bringing our Runway Lighting System in a box as part of our Hack The Airport CTF. Participants will be able to attempt to get hands on with practical OT and IT cyber security environment in a mobile converged environment with real-world hardware and protocols.\n\n\n","title":"Hack The Airport","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"android_description":"Hack The Airport\r\n\r\nIntelliGenesis and IG Labs\r\n\r\nIG Labs will be bringing our Runway Lighting System in a box as part of our Hack The Airport CTF. Participants will be able to attempt to get hands on with practical OT and IT cyber security environment in a mobile converged environment with real-world hardware and protocols.","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"updated_timestamp":{"seconds":1691101560,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52417,"village_id":null,"tag_ids":[40280,45646,45743,45775],"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"spans_timebands":"N","updated":"2023-08-03T22:26:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Discover the exciting world of cybersecurity and unmanned aerial systems (UAS)! Learn how to safeguard UAS from all angles with a comprehensive platform security perspective.\r\n\r\nEngage in some fun and challenging CTF adventures where you can put your skills to the test. See firsthand how your actions affect our UAS demonstrator. The UAS demonstrator contains all the sensors from our Mobile Optical Ultrasonic Sensor Explorer, or MOUSE for short. The MOUSE represents a small Unmanned Aircraft System (sUAS) comprising a pan/tilt object recognition camera, navigation camera, temperature & humidity sensor, ultrasonic sensor, and drive system powering four motors.\r\n\r\nYou won't need to worry about any complicated registration process; all you need is your personal laptop to join in the excitement. Earn enough points in the challenge, and you could be the proud owner of a CT Cubed SAO, a special prize while supplies last. Get ready to embark on this fascinating journey and prove your cybersecurity prowess!\n\n\n","title":"Unmanned Aerial Systems – Platform Security","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"android_description":"Discover the exciting world of cybersecurity and unmanned aerial systems (UAS)! Learn how to safeguard UAS from all angles with a comprehensive platform security perspective.\r\n\r\nEngage in some fun and challenging CTF adventures where you can put your skills to the test. See firsthand how your actions affect our UAS demonstrator. The UAS demonstrator contains all the sensors from our Mobile Optical Ultrasonic Sensor Explorer, or MOUSE for short. The MOUSE represents a small Unmanned Aircraft System (sUAS) comprising a pan/tilt object recognition camera, navigation camera, temperature & humidity sensor, ultrasonic sensor, and drive system powering four motors.\r\n\r\nYou won't need to worry about any complicated registration process; all you need is your personal laptop to join in the excitement. Earn enough points in the challenge, and you could be the proud owner of a CT Cubed SAO, a special prize while supplies last. Get ready to embark on this fascinating journey and prove your cybersecurity prowess!","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"updated_timestamp":{"seconds":1691166900,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52416,"tag_ids":[40280,45646,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"spans_timebands":"N","begin":"2023-08-13T17:00:00.000-0000","updated":"2023-08-04T16:35:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Challenge\r\n\r\nLockheed Martin\r\n\r\n**Laptop Needed**\r\n\r\nThis is your chance to demonstrate your superior aviation hacking knowledge and skills. This contest requires you to keep your eyes open in the Aerospace Village, a personal device to access the contest webpage, and various other technical skills that are useful in the Aerospace industry. A laptop will be helpful for binary analysis and packet decoding. The final flag is an RF replay attack, so you will need to bring or borrow a device capable of rebroadcasting a signal. If you get stuck on any the challenges help can likely be found in some of the other villages. No pre-registration is required and it is OK to work in teams. The first to finish will receive a 1/48 scale model of an F-35B as well as the prestige of being the first ever winner of this challenging contest. A second model will be awarded based on a random drawing of all other people who successfully solve the final flag. The Aerospace Village CTF starts when the village opens on Friday and ends when the village closes Sunday at 2.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"The Challenge - Lockheed Martin","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"android_description":"The Challenge\r\n\r\nLockheed Martin\r\n\r\n**Laptop Needed**\r\n\r\nThis is your chance to demonstrate your superior aviation hacking knowledge and skills. This contest requires you to keep your eyes open in the Aerospace Village, a personal device to access the contest webpage, and various other technical skills that are useful in the Aerospace industry. A laptop will be helpful for binary analysis and packet decoding. The final flag is an RF replay attack, so you will need to bring or borrow a device capable of rebroadcasting a signal. If you get stuck on any the challenges help can likely be found in some of the other villages. No pre-registration is required and it is OK to work in teams. The first to finish will receive a 1/48 scale model of an F-35B as well as the prestige of being the first ever winner of this challenging contest. A second model will be awarded based on a random drawing of all other people who successfully solve the final flag. The Aerospace Village CTF starts when the village opens on Friday and ends when the village closes Sunday at 2.","updated_timestamp":{"seconds":1691101620,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52414,"tag_ids":[40280,45646,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"updated":"2023-08-03T22:27:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"A-ISAC CTF\r\n\r\nA-ISAC and Embry-Riddle Aeronautical University - Prescott\r\n\r\n**Laptop Needed**\r\n\r\nA variety of aviation infrastructure have been compromised. Immerse yourself into challenges where you are tasked with identifying attacks/attackers, stopping attacks, and restoring normal operations. As a participant your first step is to register ahead and read the rules at: https://aisac.cyberskyline.com/events/aisac-defcon and bring your own laptop to the venue. You can participate in the virtual challenges from Friday, but the more critical in-person challenges are only available at certain times during Village open hours!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"A-ISAC CTF","android_description":"A-ISAC CTF\r\n\r\nA-ISAC and Embry-Riddle Aeronautical University - Prescott\r\n\r\n**Laptop Needed**\r\n\r\nA variety of aviation infrastructure have been compromised. Immerse yourself into challenges where you are tasked with identifying attacks/attackers, stopping attacks, and restoring normal operations. As a participant your first step is to register ahead and read the rules at: https://aisac.cyberskyline.com/events/aisac-defcon and bring your own laptop to the venue. You can participate in the virtual challenges from Friday, but the more critical in-person challenges are only available at certain times during Village open hours!","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"updated_timestamp":{"seconds":1691101620,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52412,"tag_ids":[40280,45646,45743,45775],"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"spans_timebands":"N","begin":"2023-08-13T17:00:00.000-0000","updated":"2023-08-03T22:27:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Bricks in the Air\r\n\r\nAerospace Village\r\n\r\nBricks in the Air is a hands-on demo to teach the basics of low level protocols seen in aviation. The demo uses the I2C protocol and does not reveal actual security vulnerabilities in avionics or other systems in aviation. The attendees are not required to have any prerequisite knowledge. No equipment is needed for attendees.\n\n\n","title":"Bricks in the Air","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"android_description":"Bricks in the Air\r\n\r\nAerospace Village\r\n\r\nBricks in the Air is a hands-on demo to teach the basics of low level protocols seen in aviation. The demo uses the I2C protocol and does not reveal actual security vulnerabilities in avionics or other systems in aviation. The attendees are not required to have any prerequisite knowledge. No equipment is needed for attendees.","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"updated_timestamp":{"seconds":1691101680,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52410,"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"tag_ids":[40280,45646,45743,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"spans_timebands":"N","updated":"2023-08-03T22:28:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"ARINC 615a CTF\r\n\r\nBoeing\r\n\r\n**Laptop Needed**\r\n\r\nBoeing will be hosting an ARINC 615a dataload CTF broken into two major modules. The first module will focus on decomposing and analyzing a PCAP capture of a simulated dataload between an airplane dataload server and an avionics component. The second module will allow participants to execute a dataload against simulated avionics to help improve understanding and awareness of how software is loaded onto airplanes. Additionally, Boeing is aiming to increase its cyber outreach into the STEM community by offering an additional challenge centered on an operational system and the impact of that system on the overall airplane. The challenge will walk participants through how the operational system functions, how it can be negatively impacted, the results of tampering with the system while it’s in flight, and how the system can secured via CIA and PKI.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"ARINC 615a CTF","android_description":"ARINC 615a CTF\r\n\r\nBoeing\r\n\r\n**Laptop Needed**\r\n\r\nBoeing will be hosting an ARINC 615a dataload CTF broken into two major modules. The first module will focus on decomposing and analyzing a PCAP capture of a simulated dataload between an airplane dataload server and an avionics component. The second module will allow participants to execute a dataload against simulated avionics to help improve understanding and awareness of how software is loaded onto airplanes. Additionally, Boeing is aiming to increase its cyber outreach into the STEM community by offering an additional challenge centered on an operational system and the impact of that system on the overall airplane. The challenge will walk participants through how the operational system functions, how it can be negatively impacted, the results of tampering with the system while it’s in flight, and how the system can secured via CIA and PKI.","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"updated_timestamp":{"seconds":1691101680,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52408,"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"tag_ids":[40280,45646,45743,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"updated":"2023-08-03T22:28:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Join us into this collaborative game of OWASP Cornucopia! Over the course of two hours we will create a Threat Model of an example target infrastructure using the OWASP Cornucopia game! Winner keeps the deck!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"Threat modelling fun session with OWASP Cornucopia","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"android_description":"Join us into this collaborative game of OWASP Cornucopia! Over the course of two hours we will create a Threat Model of an example target infrastructure using the OWASP Cornucopia game! Winner keeps the deck!","updated_timestamp":{"seconds":1691081700,"nanoseconds":0},"speakers":[{"content_ids":[52099,51000],"conference_id":96,"event_ids":[52706,51038,52304,52373],"name":"Spyros Gasteratos","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/spyr/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/0xfde"}],"pronouns":null,"media":[],"id":51376}],"timeband_id":992,"links":[],"end":"2023-08-13T19:00:00.000-0000","id":52373,"village_id":null,"tag_ids":[40297,45647,45743,45775],"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51376}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 1","hotel":"","short_name":"AppSec Village - Pod 1","id":45962},"spans_timebands":"N","updated":"2023-08-03T16:55:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Put on your blue team hat and learn to detect and remediate compromises in your software delivery pipeline. Whether you have a beginner, intermediate, or advanced level, we have challenges catered for you! Using honeytokens, uncover ongoing application security attacks and map the attack surface. Gain hands-on experience prioritizing threats and enhancing your defensive skills. Receive feedback and recommendations for improvement. Plus, participants will receive a cool T-shirt! Take advantage of this exciting and educational opportunity.\n\n\n","title":"Hunt the Hacker - Detect compromises in your repositories!","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691953200,"nanoseconds":0},"android_description":"Put on your blue team hat and learn to detect and remediate compromises in your software delivery pipeline. Whether you have a beginner, intermediate, or advanced level, we have challenges catered for you! Using honeytokens, uncover ongoing application security attacks and map the attack surface. Gain hands-on experience prioritizing threats and enhancing your defensive skills. Receive feedback and recommendations for improvement. Plus, participants will receive a cool T-shirt! Take advantage of this exciting and educational opportunity.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52105],"conference_id":96,"event_ids":[52330,52363,52364,52365],"name":"GitGuardian","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51342}],"timeband_id":992,"links":[],"end":"2023-08-13T19:00:00.000-0000","id":52365,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"village_id":null,"tag_ids":[40297,45647,45743,45775],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51342}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 2","hotel":"","short_name":"AppSec Village - Pod 2","id":45963},"begin":"2023-08-13T17:00:00.000-0000","updated":"2023-08-03T15:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Enables forwarding mixed trusted/untrusted concatenated data that can be sanitized at the point of use, when the sanitization requirements are known, instead of at the point of input.\r\n\r\nExamples: \r\nWith Pasteur this classic sql injection code\r\nsql << pstr / \"select email from demo.useremails where username = \" + name + \" and type=\" + emailType;\r\nis *automatically* converted into a parameterized sql query\r\n\r\nThis os injection code\r\nSystem(pstr / \"ping \" + hostname)\r\nautomatically sanitizes the hostname parameter.\r\n\r\nSee more at https://github.com/SecureFromScratch/pasteur\n\n\n","title":"Pasteur - A C++ library to eliminate injections","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"android_description":"Enables forwarding mixed trusted/untrusted concatenated data that can be sanitized at the point of use, when the sanitization requirements are known, instead of at the point of input.\r\n\r\nExamples: \r\nWith Pasteur this classic sql injection code\r\nsql << pstr / \"select email from demo.useremails where username = \" + name + \" and type=\" + emailType;\r\nis *automatically* converted into a parameterized sql query\r\n\r\nThis os injection code\r\nSystem(pstr / \"ping \" + hostname)\r\nautomatically sanitizes the hostname parameter.\r\n\r\nSee more at https://github.com/SecureFromScratch/pasteur","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52111,52130],"conference_id":96,"event_ids":[52335,52350],"name":"Yariv Tal","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/yarivt/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/YarivDevMentor"}],"pronouns":null,"media":[],"id":51387}],"timeband_id":992,"links":[],"end":"2023-08-13T19:00:00.000-0000","id":52350,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"village_id":null,"tag_ids":[40297,45647,45743,45775],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51387}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 3","hotel":"","short_name":"AppSec Village - Pod 3","id":45964},"spans_timebands":"N","begin":"2023-08-13T17:00:00.000-0000","updated":"2023-08-03T15:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Secure Code Review Challenge","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"android_description":"","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52128,52123],"conference_id":96,"event_ids":[52348,52308,52360],"name":"Checkmarx","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51329}],"timeband_id":992,"links":[],"end":"2023-08-13T19:00:00.000-0000","id":52348,"tag_ids":[40297,45647,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51329}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 1","hotel":"","short_name":"AppSec Village - Pod 1","id":45962},"updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"As we explore the digital world, client-side security risks, such as Cross-Site Scripting (XSS) and unintended privileged information leaks, remain significant concerns. These challenges have long troubled web application developers, underscoring the need for evolving security practices.\r\n\r\nReactJS, a prominent framework in today's tech landscape, has taken strides to mitigate such threats, offering automatic defenses against Cross-Site Scripting. However, building secure ReactJS applications requires in-depth knowledge and specialized expertise.\r\n\r\nIn this presentation, we will delve into the realm of general-purpose Cross-Site Scripting defense and various client-side security strategies within the ReactJS framework. ReactJS developers of all levels are invited to join us as we explore advanced techniques and practical recommendations that can elevate your approach to ReactJS security.\r\n\r\nOur discussion will cover several important topics:\r\n\r\n* Understanding the React Component Attack Surface\r\n* Handling Unescaped Props and Types\r\n* Exploring the Use of dangerouslySetInnerHTML\r\n* Properly Handling JavaScript URLs in the React Context\r\n* Integrating CSS Styled-Components with React\r\n* Navigating JSON Embedding and React\r\n* Unraveling React's Automatic Defenses\r\n* Mastering Manual Defense Techniques in React\r\n* Understanding React Lazy Loading and Access Control\r\n* Investigating React Template Injection\r\n* Exploring Server-side Rendering in React\r\n\r\nJoin us for an informative session that aims to enhance your skill set and bolster your defense strategies for creating more secure ReactJS applications. Let's navigate the intricacies of ReactJS security together, empowering ourselves with advanced defense techniques to foster a secure environment for application development.\r\n\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"Enhancing Security for ReactJS Applications: Exploring Advanced Defense Techniques","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"android_description":"As we explore the digital world, client-side security risks, such as Cross-Site Scripting (XSS) and unintended privileged information leaks, remain significant concerns. These challenges have long troubled web application developers, underscoring the need for evolving security practices.\r\n\r\nReactJS, a prominent framework in today's tech landscape, has taken strides to mitigate such threats, offering automatic defenses against Cross-Site Scripting. However, building secure ReactJS applications requires in-depth knowledge and specialized expertise.\r\n\r\nIn this presentation, we will delve into the realm of general-purpose Cross-Site Scripting defense and various client-side security strategies within the ReactJS framework. ReactJS developers of all levels are invited to join us as we explore advanced techniques and practical recommendations that can elevate your approach to ReactJS security.\r\n\r\nOur discussion will cover several important topics:\r\n\r\n* Understanding the React Component Attack Surface\r\n* Handling Unescaped Props and Types\r\n* Exploring the Use of dangerouslySetInnerHTML\r\n* Properly Handling JavaScript URLs in the React Context\r\n* Integrating CSS Styled-Components with React\r\n* Navigating JSON Embedding and React\r\n* Unraveling React's Automatic Defenses\r\n* Mastering Manual Defense Techniques in React\r\n* Understanding React Lazy Loading and Access Control\r\n* Investigating React Template Injection\r\n* Exploring Server-side Rendering in React\r\n\r\nJoin us for an informative session that aims to enhance your skill set and bolster your defense strategies for creating more secure ReactJS applications. Let's navigate the intricacies of ReactJS security together, empowering ourselves with advanced defense techniques to foster a secure environment for application development.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52127,52136],"conference_id":96,"event_ids":[52347,52356],"name":"Jim Manico","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/jmanico"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/manicode"}],"pronouns":null,"media":[],"id":51349}],"timeband_id":992,"links":[],"end":"2023-08-13T19:00:00.000-0000","id":52347,"tag_ids":[40297,45647,45719,45743],"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51349}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Workshop","hotel":"","short_name":"AppSec Village - Workshop","id":45961},"updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The complexity of neural networks often renders them opaque to thorough introspection, thus leading to potential vulnerabilities. This talk introduces program analysis techniques, explicitly fuzzing and symbolic execution, as tools to probe and uncover these hidden weak spots in neural networks. Symbolic execution and fuzzing have played a big part in vulnerability discovery. Tools like Radamsa and AFL are familiar to many vulnerability research and exploit developers. However, how these tools help evaluate and assess machine learning models could be more well-known. So, I will share how I use fuzzing for robustness testing, equivalence checking, and general bug discovery and property invalidation. I will share how I wrote a tool that will take in deep learning models, such as the latest transformed-based language models, generate inputs that cause floating-point computation errors, divergent behavior between quantized and unquantized models, and discover inputs that cause language models to misbehave. This talk shows how familiar concepts can be reused to evaluate machine learning models. While gradient-based methods are powerful for understanding and exploiting the behavior of neural networks, an approach using fuzzing and symbolic execution offers a few unique advantages:\r\n\r\n1. Black-Box Compatibility: Unlike gradient-based methods, which typically require access to the model's internal parameters, fuzzing and symbolic execution can be applied to black-box models where such information is unavailable.\r\n\r\n2. Different Error Detection: These methods can uncover a different set of potential issues that may not be readily discovered or expressed using gradient-based techniques, such as floating point errors, numerical instabilities, and discrepancies between quantized and unquantized models.\r\n\n\n\n","title":"Fuzzing and Symbolic Execution: Offensive Techniques to Unmask Vulnerabilities in Neural Networks","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691947500,"nanoseconds":0},"android_description":"The complexity of neural networks often renders them opaque to thorough introspection, thus leading to potential vulnerabilities. This talk introduces program analysis techniques, explicitly fuzzing and symbolic execution, as tools to probe and uncover these hidden weak spots in neural networks. Symbolic execution and fuzzing have played a big part in vulnerability discovery. Tools like Radamsa and AFL are familiar to many vulnerability research and exploit developers. However, how these tools help evaluate and assess machine learning models could be more well-known. So, I will share how I use fuzzing for robustness testing, equivalence checking, and general bug discovery and property invalidation. I will share how I wrote a tool that will take in deep learning models, such as the latest transformed-based language models, generate inputs that cause floating-point computation errors, divergent behavior between quantized and unquantized models, and discover inputs that cause language models to misbehave. This talk shows how familiar concepts can be reused to evaluate machine learning models. While gradient-based methods are powerful for understanding and exploiting the behavior of neural networks, an approach using fuzzing and symbolic execution offers a few unique advantages:\r\n\r\n1. Black-Box Compatibility: Unlike gradient-based methods, which typically require access to the model's internal parameters, fuzzing and symbolic execution can be applied to black-box models where such information is unavailable.\r\n\r\n2. Different Error Detection: These methods can uncover a different set of potential issues that may not be readily discovered or expressed using gradient-based techniques, such as floating point errors, numerical instabilities, and discrepancies between quantized and unquantized models.","updated_timestamp":{"seconds":1691031540,"nanoseconds":0},"speakers":[{"content_ids":[52062],"conference_id":96,"event_ids":[52281],"name":"Rafael Turner","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51291}],"timeband_id":992,"links":[],"end":"2023-08-13T17:25:00.000-0000","id":52281,"tag_ids":[40299,45645,45646,45743],"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51291}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 401-406 - AI Village","hotel":"","short_name":"Academy - 401-406 - AI Village","id":45870},"spans_timebands":"N","updated":"2023-08-03T02:59:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"CPV Welcome - Day 3","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691946300,"nanoseconds":0},"updated_timestamp":{"seconds":1691025960,"nanoseconds":0},"speakers":[{"content_ids":[52022,52029,52030,52031,52037,52040,52043],"conference_id":96,"event_ids":[52238,52247,52246,52245,52253,52259,52256,52260,52261,52262],"name":"CPV Staff","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51254}],"timeband_id":992,"links":[],"end":"2023-08-13T17:05:00.000-0000","id":52253,"tag_ids":[40308,45645,45647,45743],"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51254}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset - Vista - Crypto & Privacy Village","hotel":"","short_name":"Sunset - Vista - Crypto & Privacy Village","id":45702},"spans_timebands":"N","updated":"2023-08-03T01:26:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Hardware Hacking Your Kitchen: bug bounty is back! Join us for the opportunity to live hack into some of the most popular home kitchen devices, right in the IoT Village!\n\n\n","title":"Hardware Hacking Your Kitchen","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691960400,"nanoseconds":0},"android_description":"Hardware Hacking Your Kitchen: bug bounty is back! Join us for the opportunity to live hack into some of the most popular home kitchen devices, right in the IoT Village!","updated_timestamp":{"seconds":1691000640,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52237,"tag_ids":[40296,45646,45743,45775],"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"updated":"2023-08-02T18:24:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Want to put your MIPS shellcode skills to the test for a chance to win a prize? Learn to dump flash from our custom-built PCB that we use to teach our Hardware Hacking Workshop. Hone your dynamic analysis skills and exploit a WPS pin generation algorithm used in a popular Real Time Operating System.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"Perform Memory Extraction, Emulation and Shellcode","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"android_description":"Want to put your MIPS shellcode skills to the test for a chance to win a prize? Learn to dump flash from our custom-built PCB that we use to teach our Hardware Hacking Workshop. Hone your dynamic analysis skills and exploit a WPS pin generation algorithm used in a popular Real Time Operating System.","updated_timestamp":{"seconds":1691000640,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52235,"tag_ids":[40296,45646,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"spans_timebands":"N","updated":"2023-08-02T18:24:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Embedded Device Security Workshops: two hands-on workshops showcasing common security vulnerabilities present in IoT/OT devices. These workshops will give you an opportunity to use a variety of device hacking tools and techniques to attack multiple components at varying layers of the stack, enabling a deeper understanding of device security.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Embedded Device Security Workshops","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"android_description":"Embedded Device Security Workshops: two hands-on workshops showcasing common security vulnerabilities present in IoT/OT devices. These workshops will give you an opportunity to use a variety of device hacking tools and techniques to attack multiple components at varying layers of the stack, enabling a deeper understanding of device security.","updated_timestamp":{"seconds":1691000580,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52233,"tag_ids":[40296,45646,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"spans_timebands":"N","begin":"2023-08-13T17:00:00.000-0000","updated":"2023-08-02T18:23:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"From Memory Manipulation to Root Access: In this year's exercises, we will be guiding the attendees through another multistep process to gain root access to a targeted IoT device via UART by first extracting the firmware to gain access to the root password and identifying memory offsets that allow attendees to alter U-Boot running memory to disable filters blocking needed changes to device boot environment variables. This series of exercises will cover steps including U-boot interaction, firmware extraction process, altering memory style attack, binwalk to extract cramfs filesystem, hexedit to identify memory offsets, and cracking of extracted password hashes.\n\n\n","title":"IoT Village Hardware Hacking Exercises 2023","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691960400,"nanoseconds":0},"android_description":"From Memory Manipulation to Root Access: In this year's exercises, we will be guiding the attendees through another multistep process to gain root access to a targeted IoT device via UART by first extracting the firmware to gain access to the root password and identifying memory offsets that allow attendees to alter U-Boot running memory to disable filters blocking needed changes to device boot environment variables. This series of exercises will cover steps including U-boot interaction, firmware extraction process, altering memory style attack, binwalk to extract cramfs filesystem, hexedit to identify memory offsets, and cracking of extracted password hashes.","updated_timestamp":{"seconds":1691000580,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52231,"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"tag_ids":[40296,45646,45743,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"begin":"2023-08-13T17:00:00.000-0000","updated":"2023-08-02T18:23:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Bluetooth Hacking: Hands-on exercises provide insights into powerful Bluetooth, WiFi, and IoT Security Assessment tools to unleash your hacking potential. Talk with security researchers on Bluetooth, WiFi, and 5G research; learn about firmware analysis and fuzzing. Walk away knowing the tools and lab equipment you need to perform IoT research.\n\n\n","title":"The IoT Kill Zone","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"android_description":"Bluetooth Hacking: Hands-on exercises provide insights into powerful Bluetooth, WiFi, and IoT Security Assessment tools to unleash your hacking potential. Talk with security researchers on Bluetooth, WiFi, and 5G research; learn about firmware analysis and fuzzing. Walk away knowing the tools and lab equipment you need to perform IoT research.","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"updated_timestamp":{"seconds":1691000580,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52229,"tag_ids":[40296,45646,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"spans_timebands":"N","begin":"2023-08-13T17:00:00.000-0000","updated":"2023-08-02T18:23:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Take Control of Your xIoT Don your white coat, and step into the Mobile xIoT Security Lab at IoT Village during DefCon 31 for a hands-on experience allowing you to Find, Fix, and Monitor an array of IoT, OT, IIoT, and IoMT devices. Brace yourself for the thrill of controlling real-world devices with known CVEs and safely automating fixes. Accompanied by our expert guide, witness live hacking demonstrations showcasing the alarming simplicity behind breaching and controlling banned xIoT devices. And for the cherry on top, be among the first 100 attendees to receive an exclusive, limited edition \"Secure Your Things\" T-shirt as a token of our appreciation.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Secure or Surrender","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"android_description":"Take Control of Your xIoT Don your white coat, and step into the Mobile xIoT Security Lab at IoT Village during DefCon 31 for a hands-on experience allowing you to Find, Fix, and Monitor an array of IoT, OT, IIoT, and IoMT devices. Brace yourself for the thrill of controlling real-world devices with known CVEs and safely automating fixes. Accompanied by our expert guide, witness live hacking demonstrations showcasing the alarming simplicity behind breaching and controlling banned xIoT devices. And for the cherry on top, be among the first 100 attendees to receive an exclusive, limited edition \"Secure Your Things\" T-shirt as a token of our appreciation.","updated_timestamp":{"seconds":1691000580,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52227,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"tag_ids":[40296,45646,45743,45775],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"updated":"2023-08-02T18:23:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Join for hands-on content and labs exploiting critical IoT and network infrastructure. Participate in initial public disclosure of new vulnerabilities with our team of experts, explore the 0-day development process, and power up your reverse engineering skills by \"living off the land\" like a pro using simple, free tools!Want to hack an Emergency Alert System unit, extract network traffic from recycled phone systems & routers, or exploit security controls in firewalls & proxies?\r\n\r\nBring a laptop, your favorite intercepting proxy, and a *lot* of caffeine.\n\n\n","title":"Critical Infrastructure & IoT Exploitation","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"android_description":"Join for hands-on content and labs exploiting critical IoT and network infrastructure. Participate in initial public disclosure of new vulnerabilities with our team of experts, explore the 0-day development process, and power up your reverse engineering skills by \"living off the land\" like a pro using simple, free tools!Want to hack an Emergency Alert System unit, extract network traffic from recycled phone systems & routers, or exploit security controls in firewalls & proxies?\r\n\r\nBring a laptop, your favorite intercepting proxy, and a *lot* of caffeine.","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"updated_timestamp":{"seconds":1691000580,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52225,"tag_ids":[40296,45646,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"updated":"2023-08-02T18:23:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"IoT Village Hacking Playground: The IoT Village Hacking Playground is a set of hands-on labs developed to teach the tools and techniques for discovering and exploiting some of the common weaknesses found in IoT devices in just a few minutes. Whether you're a penetration tester that has never hacked IoT devices, or even someone that has never hacked anything, these self-guided labs will introduce the audience to the world of IoT and the security issues that can plague these devices. Work at your own pace following our IoT Hacking guides and if you get stuck, our instructors are on hand to provide assistance and answer any questions.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"IoT Village Hacking Playground","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"android_description":"IoT Village Hacking Playground: The IoT Village Hacking Playground is a set of hands-on labs developed to teach the tools and techniques for discovering and exploiting some of the common weaknesses found in IoT devices in just a few minutes. Whether you're a penetration tester that has never hacked IoT devices, or even someone that has never hacked anything, these self-guided labs will introduce the audience to the world of IoT and the security issues that can plague these devices. Work at your own pace following our IoT Hacking guides and if you get stuck, our instructors are on hand to provide assistance and answer any questions.","updated_timestamp":{"seconds":1691000520,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52223,"tag_ids":[40296,45646,45743,45775],"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"updated":"2023-08-02T18:22:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"We have three challenges this year!\r\n\r\n1. A CTF for which there is no equipment is required. \r\n\r\n2. Card Hacking Challenge for which you will need an Android phone with NFC and a special Card Hacking Challenge card (grab one on the booth):\r\n\r\n3. Easter egg hunt. Use your brain!\r\n\r\nWe have a tonne of cool prizes to be won, such as custom mugs, numbered challenge coins with atc numbers, key rings, embroidered patches and more!\n\n\n","title":"Payment Village Challenges/CTF","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691960400,"nanoseconds":0},"android_description":"We have three challenges this year!\r\n\r\n1. A CTF for which there is no equipment is required. \r\n\r\n2. Card Hacking Challenge for which you will need an Android phone with NFC and a special Card Hacking Challenge card (grab one on the booth):\r\n\r\n3. Easter egg hunt. Use your brain!\r\n\r\nWe have a tonne of cool prizes to be won, such as custom mugs, numbered challenge coins with atc numbers, key rings, embroidered patches and more!","updated_timestamp":{"seconds":1690995480,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52210,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"village_id":null,"tag_ids":[40301,45647,45743,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Virginia City - Payment Village","hotel":"","short_name":"Virginia City - Payment Village","id":45654},"updated":"2023-08-02T16:58:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"UI confusion, ACL limitations, and default product behaviors in Google Cloud Platform (GCP) have created a scenario in which it is very easy to accidentally expose sensitive Google Container Registry (GCR) Docker images to the public. To try and determine the frequency of this misconfiguration, and the resulting value of leaked Docker images to attackers, we built a scanner to help find GCP projects with mis-configured GCR repositories. The results were surprising: scores of open image repositories with sensitive source code and a multitude of active secrets to cloud environments, build systems, and external vendors.\r\n\r\nIn this presentation, I'll explain the common cause of the GCR misconfiguration and how other GCP service defaults can widen the exposure. We'll also discuss our scanner's approach in narrowing down potential target projects and avoiding GCP abuse mitigation. Finally, we'll go over the common mistakes I found in image builds and applications that allowed simple image exposure to cascade into privilege escalation and direct production system access.\n\n\n","title":"Call Me Phishmael: Hunting Sensitive Docker Images in Google Container Registry Leaks","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691948400,"nanoseconds":0},"android_description":"UI confusion, ACL limitations, and default product behaviors in Google Cloud Platform (GCP) have created a scenario in which it is very easy to accidentally expose sensitive Google Container Registry (GCR) Docker images to the public. To try and determine the frequency of this misconfiguration, and the resulting value of leaked Docker images to attackers, we built a scanner to help find GCP projects with mis-configured GCR repositories. The results were surprising: scores of open image repositories with sensitive source code and a multitude of active secrets to cloud environments, build systems, and external vendors.\r\n\r\nIn this presentation, I'll explain the common cause of the GCR misconfiguration and how other GCP service defaults can widen the exposure. We'll also discuss our scanner's approach in narrowing down potential target projects and avoiding GCP abuse mitigation. Finally, we'll go over the common mistakes I found in image builds and applications that allowed simple image exposure to cascade into privilege escalation and direct production system access.","updated_timestamp":{"seconds":1690921140,"nanoseconds":0},"speakers":[{"content_ids":[51983],"conference_id":96,"event_ids":[52177],"name":"Ian Dillon","affiliations":[{"organization":"New York Times","title":"Staff Security Engineer"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/amenbreakpoint"}],"media":[],"id":51188,"title":"Staff Security Engineer at New York Times"}],"timeband_id":992,"links":[],"end":"2023-08-13T17:40:00.000-0000","id":52177,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"village_id":null,"tag_ids":[40284,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51188}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Mesquite - Cloud Village","hotel":"","short_name":"Mesquite - Cloud Village","id":45653},"spans_timebands":"N","begin":"2023-08-13T17:00:00.000-0000","updated":"2023-08-01T20:19:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This is when you can go visit our awesome exhibitors.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#77d8b8","updated_at":"2024-06-07T03:38+0000","name":"Misc","id":45640},"title":"Exhibitor Area Open","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"android_description":"This is when you can go visit our awesome exhibitors.","updated_timestamp":{"seconds":1690758060,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":52166,"tag_ids":[45640,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 124-126 - Exhibitors","hotel":"","short_name":"Forum - 124-126 - Exhibitors","id":45823},"spans_timebands":"N","updated":"2023-07-30T23:01:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This is when you can go visit our awesome vendors. \r\n\r\nWe don't know whether they will be accepting cash or cards. That's up to each vendor, and we do not have a list.\r\n\r\nWe also don't know if/when vendors will sell out of anything they may be selling.\n\n\n","title":"Vendor Area Open","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#77d8b8","name":"Misc","id":45640},"android_description":"This is when you can go visit our awesome vendors. \r\n\r\nWe don't know whether they will be accepting cash or cards. That's up to each vendor, and we do not have a list.\r\n\r\nWe also don't know if/when vendors will sell out of anything they may be selling.","end_timestamp":{"seconds":1691967600,"nanoseconds":0},"updated_timestamp":{"seconds":1690758060,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T23:00:00.000-0000","id":52163,"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"tag_ids":[45640,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 305-306 - Vendors","hotel":"","short_name":"Alliance - 305-306 - Vendors","id":45866},"updated":"2023-07-30T23:01:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Cold Calls give attendees a walk-up opportunity to make a short call to get a feel for both the contest and the world of Social Engineering through vishing but without the contest elements.\r\n\r\nThis is on a first-come, first-served basis. Please see the \"More Information\" link.\n\n\n","title":"Cold Calls","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691951400,"nanoseconds":0},"android_description":"Cold Calls give attendees a walk-up opportunity to make a short call to get a feel for both the contest and the world of Social Engineering through vishing but without the contest elements.\r\n\r\nThis is on a first-come, first-served basis. Please see the \"More Information\" link.","updated_timestamp":{"seconds":1690590660,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[{"label":"More Information","type":"link","url":"https://www.se.community/cold-calls/"}],"end":"2023-08-13T18:30:00.000-0000","id":51717,"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"tag_ids":[40302,45649,45743,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social A - Social Engineering Community","hotel":"","short_name":"Social A - Social Engineering Community","id":45736},"updated":"2023-07-29T00:31:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"SECV Village Open","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"android_description":"","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"updated_timestamp":{"seconds":1690590960,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":51715,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"tag_ids":[40302,45649,45743,45775],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social A - Social Engineering Community","hotel":"","short_name":"Social A - Social Engineering Community","id":45736},"spans_timebands":"N","updated":"2023-07-29T00:36:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Many parents and guardians bring their children to DEF CON to allow them to experience the same learning, networking, and community that they enjoy. As parents and educators ourselves, we want to help make this experience even more memorable with our Youth Challenge!\r\n\r\nPlease see the \"More Information\" link.\n\n\n","title":"SECV - Youth Challenge","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"android_description":"Many parents and guardians bring their children to DEF CON to allow them to experience the same learning, networking, and community that they enjoy. As parents and educators ourselves, we want to help make this experience even more memorable with our Youth Challenge!\r\n\r\nPlease see the \"More Information\" link.","end_timestamp":{"seconds":1691949600,"nanoseconds":0},"updated_timestamp":{"seconds":1690591380,"nanoseconds":0},"speakers":[],"timeband_id":992,"end":"2023-08-13T18:00:00.000-0000","links":[{"label":"More Information","type":"link","url":"https://www.se.community/youth-challenge/"}],"id":51713,"village_id":null,"tag_ids":[40302,45649,45743,45764,45775],"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social A - Social Engineering Community","hotel":"","short_name":"Social A - Social Engineering Community","id":45736},"updated":"2023-07-29T00:43:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Extremely **IMPORTANT** notes regarding human registration:\r\n - These notes apply to human registration only. You are a human if you are not a goon, official speaker, village staff, press, black badge holder, or similar. (If you are one of those, you need to register separately. If you don't know how, see an NFO goon (infobooth).)\r\n - Badges are required for everyone ages 8 and older.\r\n - If you pre-registered, please ensure that your QR code is readily accessible. If you will be presenting it on a smartphone, please ensure that your display is set to maximum brightness as you near the front of the line. \r\n - If you did not pre-register, all badge sales are CASH ONLY! No checks, money orders, credit cards, IOUs, or anything else will be accepted. Please have exact change ready as you near the front of the line.\r\n - To reiterate, **please have exact change ready**.\r\n - If you purchase a DEF CON badge from BlackHat, please get your badge from BlackHat before they close.\r\n - If you lose your badge, there is no way for us to replace it. You'll have to buy a replacement at full price.\r\n - If you are being accompanied by a full-time caretaker (such as someone who will push your wheelchair, and will accompany you at all times), please ask to speak to a Registration Goon. Your caretaker will receive a paper badge that will permit them to accompany you everywhere you go.\r\n - A generic receipt for the cash sale of a badge will be made available on media.defcon.org after the conference. You are welcome to print your own copy of the receipt, if you need a receipt. Printed receipts are not available at the time of purchase.\r\n - Please help us make this a great experience for everyone: **follow directions given by goons** and get in the correct line. Note that there may be one line for all of registration, or there may be two lines (pre-registration vs cash) -- this may change over time, based on available staffing and necessary crowd control.\r\n - Please be patient. The time listed here for the beginning of registration is approximate. We will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; this may be earlier or later than the scheduled time.\r\n - There are no refunds given for cash sales. If you have any doubt, do not buy the badge.\r\n - If you have questions about anything regarding registration, that are not addressed here, please ask to speak to a Registration Goon.\r\n\n\n\n","title":"Human Registration Open","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#77d8b8","name":"Misc","id":45640},"android_description":"Extremely **IMPORTANT** notes regarding human registration:\r\n - These notes apply to human registration only. You are a human if you are not a goon, official speaker, village staff, press, black badge holder, or similar. (If you are one of those, you need to register separately. If you don't know how, see an NFO goon (infobooth).)\r\n - Badges are required for everyone ages 8 and older.\r\n - If you pre-registered, please ensure that your QR code is readily accessible. If you will be presenting it on a smartphone, please ensure that your display is set to maximum brightness as you near the front of the line. \r\n - If you did not pre-register, all badge sales are CASH ONLY! No checks, money orders, credit cards, IOUs, or anything else will be accepted. Please have exact change ready as you near the front of the line.\r\n - To reiterate, **please have exact change ready**.\r\n - If you purchase a DEF CON badge from BlackHat, please get your badge from BlackHat before they close.\r\n - If you lose your badge, there is no way for us to replace it. You'll have to buy a replacement at full price.\r\n - If you are being accompanied by a full-time caretaker (such as someone who will push your wheelchair, and will accompany you at all times), please ask to speak to a Registration Goon. Your caretaker will receive a paper badge that will permit them to accompany you everywhere you go.\r\n - A generic receipt for the cash sale of a badge will be made available on media.defcon.org after the conference. You are welcome to print your own copy of the receipt, if you need a receipt. Printed receipts are not available at the time of purchase.\r\n - Please help us make this a great experience for everyone: **follow directions given by goons** and get in the correct line. Note that there may be one line for all of registration, or there may be two lines (pre-registration vs cash) -- this may change over time, based on available staffing and necessary crowd control.\r\n - Please be patient. The time listed here for the beginning of registration is approximate. We will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; this may be earlier or later than the scheduled time.\r\n - There are no refunds given for cash sales. If you have any doubt, do not buy the badge.\r\n - If you have questions about anything regarding registration, that are not addressed here, please ask to speak to a Registration Goon.","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"updated_timestamp":{"seconds":1691559000,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":51698,"tag_ids":[45640,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 101-103 - Reg","hotel":"","short_name":"Forum - 101-103 - Reg","id":45853},"spans_timebands":"N","updated":"2023-08-09T05:30:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This is your last chance to pickup your drives whether they're finished or not. Get here between 10:00 and 11:00 on Sunday as any drives left behind are considered donations. Please leave the 8TB ones - we need them for next year.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#697bd0","name":"Event","id":45638},"title":"Last chance to pick up drives at the DDV","end_timestamp":{"seconds":1691949600,"nanoseconds":0},"android_description":"This is your last chance to pickup your drives whether they're finished or not. Get here between 10:00 and 11:00 on Sunday as any drives left behind are considered donations. Please leave the 8TB ones - we need them for next year.","updated_timestamp":{"seconds":1690512600,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T18:00:00.000-0000","id":51694,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"village_id":null,"tag_ids":[40285,45638,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 231 - Data Dupe Vlg","hotel":"","short_name":"Summit - 231 - Data Dupe Vlg","id":45858},"updated":"2023-07-28T02:50:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Are you interested in discussing the future of “shifting liability for software products and services to promote secure development practices”? If so, join a guided discussion led by law and engineering Prof. Andrea Matwyshyn on Pillar 3 of the Biden-Harris National Cybersecurity Strategy. After a brief introduction to the history of software liability and what (various forms of) “security liability” already exist, we will engage in structured legal exercises intended to help us discuss, crystalize, and clarify the relevant variables that courts, regulators, and policymakers will consider in deciding how to generate the next generation of security liability. We will talk through what the legal future is likely to hold (and assess what we think it should hold). We will debate the edge cases and try to generate some consensus, as well as perhaps a master list of concerns that can help further inform policymakers’ thinking on the future of security and software liability policy.\n\n\n","title":"Putting Your Money Where Your Cyber Is: A Guided Discussion of Software Liability and Security","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691949000,"nanoseconds":0},"android_description":"Are you interested in discussing the future of “shifting liability for software products and services to promote secure development practices”? If so, join a guided discussion led by law and engineering Prof. Andrea Matwyshyn on Pillar 3 of the Biden-Harris National Cybersecurity Strategy. After a brief introduction to the history of software liability and what (various forms of) “security liability” already exist, we will engage in structured legal exercises intended to help us discuss, crystalize, and clarify the relevant variables that courts, regulators, and policymakers will consider in deciding how to generate the next generation of security liability. We will talk through what the legal future is likely to hold (and assess what we think it should hold). We will debate the edge cases and try to generate some consensus, as well as perhaps a master list of concerns that can help further inform policymakers’ thinking on the future of security and software liability policy.","updated_timestamp":{"seconds":1690431900,"nanoseconds":0},"speakers":[{"content_ids":[51525],"conference_id":96,"event_ids":[51681],"name":"Andrea Matwyshyn","affiliations":[{"organization":"Penn State Law & Penn State Engineering","title":"Professor"}],"links":[],"pronouns":null,"media":[],"id":50572,"title":"Professor at Penn State Law & Penn State Engineering"}],"timeband_id":992,"links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"end":"2023-08-13T17:50:00.000-0000","id":51681,"village_id":null,"tag_ids":[40310,45645,45646,45743,45836],"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50572}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 221-222 - Policy Atrium","hotel":"","short_name":"Summit - 221-222 - Policy Atrium","id":45878},"updated":"2023-07-27T04:25:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Let's Talk about Voice","end_timestamp":{"seconds":1691947800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1690423080,"nanoseconds":0},"speakers":[{"content_ids":[51493],"conference_id":96,"event_ids":[51649],"name":"Travis Juhr","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50567}],"timeband_id":992,"links":[],"end":"2023-08-13T17:30:00.000-0000","id":51649,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"tag_ids":[40306,45645,45646,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50567}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 313-319 - ICS Village","hotel":"","short_name":"Alliance - 313-319 - ICS Village","id":45869},"begin":"2023-08-13T17:00:00.000-0000","updated":"2023-07-27T01:58:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Virtual reality and augmented reality present exceedingly complex privacy issues because of the enhanced user experience and reality-based models. Unlike the issues presented by traditional gaming and social media, immersive technology poses inherent risks, which our legal understanding of biometrics and online harassment is simply not prepared to address. Explore these topics in depth with Brittan and Liz in collaboration with DEF CON Policy Village.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Watching Androids Dream of Electric Sheep: Immersive Technology, Biometrics and the Law in collaboration with DEF CON Policy Village","end_timestamp":{"seconds":1691949600,"nanoseconds":0},"android_description":"Virtual reality and augmented reality present exceedingly complex privacy issues because of the enhanced user experience and reality-based models. Unlike the issues presented by traditional gaming and social media, immersive technology poses inherent risks, which our legal understanding of biometrics and online harassment is simply not prepared to address. Explore these topics in depth with Brittan and Liz in collaboration with DEF CON Policy Village.","updated_timestamp":{"seconds":1690945080,"nanoseconds":0},"speakers":[{"content_ids":[51473],"conference_id":96,"event_ids":[51629],"name":"Brittan Heller","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50518},{"content_ids":[51473],"conference_id":96,"event_ids":[51629],"name":"Liz \"LawyerLiz\" Wharton","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50529}],"timeband_id":992,"links":[],"end":"2023-08-13T18:00:00.000-0000","id":51629,"tag_ids":[40311,45645,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50518},{"tag_id":45590,"sort_order":1,"person_id":50529}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 232-233 - Shared Stage","hotel":"","short_name":"Summit - 232-233 - Shared Stage","id":45900},"updated":"2023-08-02T02:58:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"CMD+CTRL Cyber Range is an interactive learning and hacking platform where development, security, IT, and other roles come together to build an appreciation for protecting the enterprise. Players learn security techniques in a real-world environment where they compete to find vulnerabilities. Real-time scoring keeps participants engaged and creates friendly competition. Our Cloud and App Cyber Ranges incorporate authentic, fully functioning applications and vulnerabilities often found in commercial web platforms.\r\n\r\nLearn to see web applications and services from an attacker's perspective. CMD+CTRL is a hacking game designed to teach the fundamentals of web application security. Explore vulnerable web applications, discover security flaws, and exploit those flaws to earn points and climb up the scoreboard. After attacking an application for yourself, you'll have a better understanding of the vulnerabilities that put real applications at risk - and you'll be better prepared to find and fix those vulnerabilities in your own code.\r\n\r\nAt DEF CON 31: We will be debuting our latest Cyber Range, which focuses on exploiting a modern health record management system, dubbed ShadowHealth. Inspired by the latest trends and real world exploits, try your hands exploiting: SSRF, Log4Shell, reverse engineering, local privilege escalation, password cracking, XXS, and so much more! With over 35 challenges do you think you can complete them all?\r\n\r\n-----\r\n\r\nCMD+CTRL will have two different games happening: free play, and the competition. Both require a code to join, and the best way to get a code is to go to the CMD+CTRL booth in the contest area. Codes to join free play may be given in Discord, on Thursday. Questions and such will also only be answered at the booth; Discord will not be staffed this year, aside from free play codes on Thursday. Once you have a code, you can play online, from anywhere -- you do not have to be in the contest area.\n\n\n","title":"CMD+CTRL at DEF CON 31 - Booth Open","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"end_timestamp":{"seconds":1691953200,"nanoseconds":0},"android_description":"CMD+CTRL Cyber Range is an interactive learning and hacking platform where development, security, IT, and other roles come together to build an appreciation for protecting the enterprise. Players learn security techniques in a real-world environment where they compete to find vulnerabilities. Real-time scoring keeps participants engaged and creates friendly competition. Our Cloud and App Cyber Ranges incorporate authentic, fully functioning applications and vulnerabilities often found in commercial web platforms.\r\n\r\nLearn to see web applications and services from an attacker's perspective. CMD+CTRL is a hacking game designed to teach the fundamentals of web application security. Explore vulnerable web applications, discover security flaws, and exploit those flaws to earn points and climb up the scoreboard. After attacking an application for yourself, you'll have a better understanding of the vulnerabilities that put real applications at risk - and you'll be better prepared to find and fix those vulnerabilities in your own code.\r\n\r\nAt DEF CON 31: We will be debuting our latest Cyber Range, which focuses on exploiting a modern health record management system, dubbed ShadowHealth. Inspired by the latest trends and real world exploits, try your hands exploiting: SSRF, Log4Shell, reverse engineering, local privilege escalation, password cracking, XXS, and so much more! With over 35 challenges do you think you can complete them all?\r\n\r\n-----\r\n\r\nCMD+CTRL will have two different games happening: free play, and the competition. Both require a code to join, and the best way to get a code is to go to the CMD+CTRL booth in the contest area. Codes to join free play may be given in Discord, on Thursday. Questions and such will also only be answered at the booth; Discord will not be staffed this year, aside from free play codes on Thursday. Once you have a code, you can play online, from anywhere -- you do not have to be in the contest area.","updated_timestamp":{"seconds":1690308120,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[{"label":"Twitter (@cmdnctrl_defcon)","type":"link","url":"https://twitter.com/cmdnctrl_defcon"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245229"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711643642388807800"}],"end":"2023-08-13T19:00:00.000-0000","id":51600,"tag_ids":[45635,45646,45743],"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"begin":"2023-08-13T17:00:00.000-0000","updated":"2023-07-25T18:02:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Through interfacing with reality you are defining that reality. Rethink your senses and test your limits. Solve the five layers and discover a hidden treasure. Each layer yields its own reward, but few will make it to the end of the hunt. For each of your senses, you will need to set aside preconceptions and look to the underlying patterns within the data.\n\n\n","title":"venator aurum - A Treasure Hunt","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"end_timestamp":{"seconds":1691953200,"nanoseconds":0},"android_description":"Through interfacing with reality you are defining that reality. Rethink your senses and test your limits. Solve the five layers and discover a hidden treasure. Each layer yields its own reward, but few will make it to the end of the hunt. For each of your senses, you will need to set aside preconceptions and look to the underlying patterns within the data.","updated_timestamp":{"seconds":1690068240,"nanoseconds":0},"speakers":[],"timeband_id":992,"end":"2023-08-13T19:00:00.000-0000","links":[{"label":"Website","type":"link","url":"https://venatoraurum.org"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245428"}],"id":51532,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"village_id":null,"tag_ids":[45635,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","begin":"2023-08-13T17:00:00.000-0000","updated":"2023-07-22T23:24:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Are you looking for a good time? Are you trying to get lucky? Did you already get lucky by finding a Lonely Hard Drive in Vegas? Satisfy your curiosity by visiting the contest hall to get started or encounter one of the Lonely Hard Drives hidden around the conference! Contained within is a maze of puzzles and challenges that increase in difficulty the further you progress. There are flags to find and points to earn towards the leaderboard to win prizes at DEF CON 31! Act now! Limited time offer! The Lonely Hard Drive is waiting for you!\n\n\n","title":"The Lonely Hard Drive","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"end_timestamp":{"seconds":1691956800,"nanoseconds":0},"android_description":"Are you looking for a good time? Are you trying to get lucky? Did you already get lucky by finding a Lonely Hard Drive in Vegas? Satisfy your curiosity by visiting the contest hall to get started or encounter one of the Lonely Hard Drives hidden around the conference! Contained within is a maze of puzzles and challenges that increase in difficulty the further you progress. There are flags to find and points to earn towards the leaderboard to win prizes at DEF CON 31! Act now! Limited time offer! The Lonely Hard Drive is waiting for you!","updated_timestamp":{"seconds":1690066920,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245413"},{"label":"Twitter (@LonelyHardDrive)","type":"link","url":"https://twitter.com/@LonelyHardDrive"}],"end":"2023-08-13T20:00:00.000-0000","id":51526,"tag_ids":[45635,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-07-22T23:02:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Love puzzles? Need a place to exercise your classical and modern cryptography skills? This puzzle will keep you intrigued and busy throughout Defcon - and questioning how deep the layers of cryptography go.\r\n\r\nThe Gold Bug an annual Defcon puzzle hunt, focused on cryptography. You can learn about Caesar ciphers, brush up your understanding of how Enigma machines or key exchanges work, and try to crack harder modern crypto. Accessible to all - and drop by for some kids’ puzzles too!\r\n\r\n:‡?( 8*;(: .‡6*; 6) 5; 3‡0†2?3 †‡; -(:.;‡¶600538 †‡; ‡(3\r\n\r\nThe CPV and Goldbug contest are always kid friendly. We will have \"junior cryptographer\" puzzle sheet hand outs for kids and those new to the field.\n\n\n","title":"The Gold Bug Challenge","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"android_description":"Love puzzles? Need a place to exercise your classical and modern cryptography skills? This puzzle will keep you intrigued and busy throughout Defcon - and questioning how deep the layers of cryptography go.\r\n\r\nThe Gold Bug an annual Defcon puzzle hunt, focused on cryptography. You can learn about Caesar ciphers, brush up your understanding of how Enigma machines or key exchanges work, and try to crack harder modern crypto. Accessible to all - and drop by for some kids’ puzzles too!\r\n\r\n:‡?( 8*;(: .‡6*; 6) 5; 3‡0†2?3 †‡; -(:.;‡¶600538 †‡; ‡(3\r\n\r\nThe CPV and Goldbug contest are always kid friendly. We will have \"junior cryptographer\" puzzle sheet hand outs for kids and those new to the field.","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"updated_timestamp":{"seconds":1691289900,"nanoseconds":0},"speakers":[],"timeband_id":992,"end":"2023-08-13T19:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245407"},{"label":"Website","type":"link","url":"https://goldbug.cryptovillage.org/"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711644108837486602"},{"label":"Twitter (@CryptoVillage)","type":"link","url":"https://twitter.com/@CryptoVillage"}],"id":51523,"tag_ids":[45635,45646,45765,45766],"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-08-06T02:45:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Dark Tangent Look A-like Contest is a creative opportunity for DEF CON attendees to put their non-technical hacking skills to the test. As a contestant in The Dark Tangent Look A-like Contest, you will be judged based on your appearance, mannerisms, efforts, and overall persuasiveness. Can you assume another identity? Can you look, walk, talk, and act like Dark Tangent? Can you become THE DARK TANGENT?\n\n\n","title":"The Dark Tangent Look-Alike Contest","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"end_timestamp":{"seconds":1691953200,"nanoseconds":0},"android_description":"The Dark Tangent Look A-like Contest is a creative opportunity for DEF CON attendees to put their non-technical hacking skills to the test. As a contestant in The Dark Tangent Look A-like Contest, you will be judged based on your appearance, mannerisms, efforts, and overall persuasiveness. Can you assume another identity? Can you look, walk, talk, and act like Dark Tangent? Can you become THE DARK TANGENT?","updated_timestamp":{"seconds":1690066680,"nanoseconds":0},"speakers":[],"timeband_id":992,"end":"2023-08-13T19:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245402"}],"id":51520,"tag_ids":[45635,45646,45743,45763],"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-07-22T22:58:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The TeleChallenge is a fast-paced, fully immersive, and epic battle of wits and skill. The highest level of commitment is required, and this is one of the hardest contests in the world to win, but you don't need any special technical skills to play: just a touch-tone phone. And remember: the best way to ascend into the Phoniverse is to get others involved in the TeleChallenge opportunity, so bring a team!\r\n\r\n--\r\n\r\nRated PG-13. It's a level of challenge that is probably most suited to high school students and up, but anyone can play and we try to make it fun even if you're not competitive to win. :)\n\n\n","title":"TeleChallenge","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"android_description":"The TeleChallenge is a fast-paced, fully immersive, and epic battle of wits and skill. The highest level of commitment is required, and this is one of the hardest contests in the world to win, but you don't need any special technical skills to play: just a touch-tone phone. And remember: the best way to ascend into the Phoniverse is to get others involved in the TeleChallenge opportunity, so bring a team!\r\n\r\n--\r\n\r\nRated PG-13. It's a level of challenge that is probably most suited to high school students and up, but anyone can play and we try to make it fun even if you're not competitive to win. :)","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"updated_timestamp":{"seconds":1691289900,"nanoseconds":0},"speakers":[],"timeband_id":992,"end":"2023-08-13T19:00:00.000-0000","links":[{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711644470063399012"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245391"},{"label":"Twitter (@telechallenge)","type":"link","url":"https://twitter.com/@telechallenge"},{"label":"Website","type":"link","url":"https://www.telechallenge.org"},{"label":"Mastodon (@telechallenge@defcon.social)","type":"link","url":"https://defcon.social/@telechallenge"}],"id":51516,"village_id":null,"tag_ids":[45635,45646,45763,45766],"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-08-06T02:45:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Red Team Capture the Flag (CTF) competition at DEFCON is a challenging and exciting event that tests the skills of participants in offensive security. The objective of the Red Team CTF is for teams to successfully breach the security of a simulated target network.\r\n \r\n The Red Team CTF is designed to simulate real-world scenarios in which attackers attempt to penetrate the security of a network or system. Participants are expected to use a wide range of hacking techniques, tools, and skills to identify and exploit vulnerabilities in the target network.\r\n \r\n Teams are typically composed of experienced hackers, penetration testers, and security researchers who have a deep understanding of the latest cybersecurity threats and attack techniques. They must work together to uncover and exploit vulnerabilities in the target network, while also evading detection and countermeasures put in place by the Blue Team.\r\n \r\n The Red Team CTF at DEFCON is considered one of the most challenging and prestigious CTF competitions in the world, with participants coming from all over the globe to compete. It is a high-pressure, high-stakes event that tests the limits of participants' technical and strategic abilities, and offers a unique opportunity to showcase their skills and knowledge in front of a global audience of Hackers.\n\n\n","title":"Red Team CTF","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"end_timestamp":{"seconds":1691953200,"nanoseconds":0},"android_description":"The Red Team Capture the Flag (CTF) competition at DEFCON is a challenging and exciting event that tests the skills of participants in offensive security. The objective of the Red Team CTF is for teams to successfully breach the security of a simulated target network.\r\n \r\n The Red Team CTF is designed to simulate real-world scenarios in which attackers attempt to penetrate the security of a network or system. Participants are expected to use a wide range of hacking techniques, tools, and skills to identify and exploit vulnerabilities in the target network.\r\n \r\n Teams are typically composed of experienced hackers, penetration testers, and security researchers who have a deep understanding of the latest cybersecurity threats and attack techniques. They must work together to uncover and exploit vulnerabilities in the target network, while also evading detection and countermeasures put in place by the Blue Team.\r\n \r\n The Red Team CTF at DEFCON is considered one of the most challenging and prestigious CTF competitions in the world, with participants coming from all over the globe to compete. It is a high-pressure, high-stakes event that tests the limits of participants' technical and strategic abilities, and offers a unique opportunity to showcase their skills and knowledge in front of a global audience of Hackers.","updated_timestamp":{"seconds":1690065960,"nanoseconds":0},"speakers":[],"timeband_id":992,"end":"2023-08-13T19:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245378"},{"label":"Website","type":"link","url":"https://threatsims.com/redteam-2023.html"}],"id":51510,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"tag_ids":[45635,45646,45766],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","updated":"2023-07-22T22:46:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Red Alert ICS CTF is a competition for Hackers by Hackers. The event exclusively focuses on having the participants break through several layers of security in our virtual SCADA environment and eventually take over complete control of the SCADA system.\r\n \r\n The contest would house actual ICS (Industrial Control System) devices from various vendors on a testbed showcasing different sectors of critical infrastructure. The participants would be able to view and engage with the devices in real time and understand how each of them control each of the aspects of the testbed and leverage this to compromise the devices.\r\n \r\n Red Alert ICS CTF is back with a ton of fun challenges after successfully running the CTF at DEF CON 30, DEF CON 29, DEF CON 27 and DEF CON 26 (Black Badge).\r\n \r\n Highlights of the previous Red Alert ICS CTF is available at: https://www.youtube.com/watch?v=dz7hNnavHaY and https://youtu.be/AanKdrrQ0u0\n\n\n","title":"Red Alert ICS CTF","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"end_timestamp":{"seconds":1691953200,"nanoseconds":0},"android_description":"Red Alert ICS CTF is a competition for Hackers by Hackers. The event exclusively focuses on having the participants break through several layers of security in our virtual SCADA environment and eventually take over complete control of the SCADA system.\r\n \r\n The contest would house actual ICS (Industrial Control System) devices from various vendors on a testbed showcasing different sectors of critical infrastructure. The participants would be able to view and engage with the devices in real time and understand how each of them control each of the aspects of the testbed and leverage this to compromise the devices.\r\n \r\n Red Alert ICS CTF is back with a ton of fun challenges after successfully running the CTF at DEF CON 30, DEF CON 29, DEF CON 27 and DEF CON 26 (Black Badge).\r\n \r\n Highlights of the previous Red Alert ICS CTF is available at: https://www.youtube.com/watch?v=dz7hNnavHaY and https://youtu.be/AanKdrrQ0u0","updated_timestamp":{"seconds":1690065600,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[{"label":"Twitter (@icsctf)","type":"link","url":"https://twitter.com/icsctf"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245372"}],"end":"2023-08-13T19:00:00.000-0000","id":51507,"tag_ids":[45635,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","begin":"2023-08-13T17:00:00.000-0000","updated":"2023-07-22T22:40:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Do you have what it takes to hack WiFi, Bluetooth, and Software Defined Radio (SDR)?\r\n\r\nRF Hackers Sanctuary (the group formerly known as Wireless Village) is once again holding the Radio Frequency Capture the Flag (RFCTF) at DEF CON 31. RFHS runs this game to teach security concepts and to give people a safe and legal way to practice attacks against new and old wireless technologies.\r\n\r\nWe cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The RFCTF can be played with a little knowledge, a pen tester’s determination, and $0 to $$$$$ worth of special equipment. Our new virtual RFCTF can be played completely remotely without needing any specialized equipment at all, just using your web browser! The key is to read the clues, determine the goal of each challenge, and have fun learning.\r\n\r\nThere will be clues everywhere, and we will provide periodic updates via discord and twitter. Make sure you pay attention to what’s happening at the RFCTF desk, #rfctf on our discord, on Twitter @rf_ctf, @rfhackers, and the interwebz, etc. If you have a question - ASK! We may or may not answer, at our discretion.\r\n\r\nFOR THE NEW FOLKS\r\n\r\nOur virtual RFCTF environment is played remotely over ssh or through a web browser. It may help to have additional tools installed on your local machine, but it is not required.\r\n\r\nRead the presentations at: https://rfhackers.com/resources\r\n\r\nHybrid Fun\r\n\r\nFor DEF CON 31 we will be running in “Hybrid” mode. That means we will have both a physical presence AND the virtual game running simultaneously. All of the challenges we have perfected in the last 2 years in our virtual game will be up and running, available to anyone all over the world (including at the conference), entirely free. In addition to the virtual challenges, we will also have a large number of “in person” only challenges, which do require valid conference admission. These “in-person” only challenges will include our traditional fox hunts, hide and seeks, and king of the hill challenges. Additionally, we will have many challenges which we simply haven’t had time or ability to virtualize. Playing only the virtual game will severely limit the maximum available points which you can score, therefore don’t expect to place. If you play virtual only, consider the game an opportunity to learn, practice, hone your skills, and still get on the scoreboard for bragging rights. The virtual challenges which are available will have the same flags as the in-person challenges, allowing physical attendees the choice of hacking those challenges using either (or both) methods of access.\r\n\r\nTHE GAME\r\n\r\nTo score you will need to submit flags which will range from decoding transmissions in the spectrum, passphrases used to gain access to wireless access points, or even files located on servers. Once you capture the flag, submit it to the scoreboard right away, if you are confident it is correct. Flags will be worth less points the more often they are solved. Offense and defense are fully in play by the participants, the RFCTF organizers, and the Conference itself. Play nice, and we might also play nice.\r\n\r\nGetting started guide: https://github.com/rfhs/rfhs-wiki/wiki\r\n\r\nHelpful files (in-brief, wordlist, resources) can be found at https://github.com/rfhs/rfctf-files\r\n\r\nSupport tickets may be opened at https://github.com/rfhs/rfctf-support/issues\r\n\r\nOur whole game is also open source and available at: https://github.com/rfhs/rfctf-container\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"Radio Frequency Capture the Flag","end_timestamp":{"seconds":1691956800,"nanoseconds":0},"android_description":"Do you have what it takes to hack WiFi, Bluetooth, and Software Defined Radio (SDR)?\r\n\r\nRF Hackers Sanctuary (the group formerly known as Wireless Village) is once again holding the Radio Frequency Capture the Flag (RFCTF) at DEF CON 31. RFHS runs this game to teach security concepts and to give people a safe and legal way to practice attacks against new and old wireless technologies.\r\n\r\nWe cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The RFCTF can be played with a little knowledge, a pen tester’s determination, and $0 to $$$$$ worth of special equipment. Our new virtual RFCTF can be played completely remotely without needing any specialized equipment at all, just using your web browser! The key is to read the clues, determine the goal of each challenge, and have fun learning.\r\n\r\nThere will be clues everywhere, and we will provide periodic updates via discord and twitter. Make sure you pay attention to what’s happening at the RFCTF desk, #rfctf on our discord, on Twitter @rf_ctf, @rfhackers, and the interwebz, etc. If you have a question - ASK! We may or may not answer, at our discretion.\r\n\r\nFOR THE NEW FOLKS\r\n\r\nOur virtual RFCTF environment is played remotely over ssh or through a web browser. It may help to have additional tools installed on your local machine, but it is not required.\r\n\r\nRead the presentations at: https://rfhackers.com/resources\r\n\r\nHybrid Fun\r\n\r\nFor DEF CON 31 we will be running in “Hybrid” mode. That means we will have both a physical presence AND the virtual game running simultaneously. All of the challenges we have perfected in the last 2 years in our virtual game will be up and running, available to anyone all over the world (including at the conference), entirely free. In addition to the virtual challenges, we will also have a large number of “in person” only challenges, which do require valid conference admission. These “in-person” only challenges will include our traditional fox hunts, hide and seeks, and king of the hill challenges. Additionally, we will have many challenges which we simply haven’t had time or ability to virtualize. Playing only the virtual game will severely limit the maximum available points which you can score, therefore don’t expect to place. If you play virtual only, consider the game an opportunity to learn, practice, hone your skills, and still get on the scoreboard for bragging rights. The virtual challenges which are available will have the same flags as the in-person challenges, allowing physical attendees the choice of hacking those challenges using either (or both) methods of access.\r\n\r\nTHE GAME\r\n\r\nTo score you will need to submit flags which will range from decoding transmissions in the spectrum, passphrases used to gain access to wireless access points, or even files located on servers. Once you capture the flag, submit it to the scoreboard right away, if you are confident it is correct. Flags will be worth less points the more often they are solved. Offense and defense are fully in play by the participants, the RFCTF organizers, and the Conference itself. Play nice, and we might also play nice.\r\n\r\nGetting started guide: https://github.com/rfhs/rfhs-wiki/wiki\r\n\r\nHelpful files (in-brief, wordlist, resources) can be found at https://github.com/rfhs/rfctf-files\r\n\r\nSupport tickets may be opened at https://github.com/rfhs/rfctf-support/issues\r\n\r\nOur whole game is also open source and available at: https://github.com/rfhs/rfctf-container","updated_timestamp":{"seconds":1690939380,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[{"label":"Website","type":"link","url":"http://rfhackers.com"},{"label":"Twitter (@rf_ctf)","type":"link","url":"https://twitter.com/@rf_ctf"},{"label":"Support","type":"link","url":"https://github.com/rfhs/rfctf-support/issues"},{"label":"Discord","type":"link","url":"https://discordapp.com/invite/JjPQhKy"},{"label":"Twitter (@rfhackers)","type":"link","url":"https://twitter.com/@rfhackers"},{"label":"Github","type":"link","url":"https://github.com/rfhs"}],"end":"2023-08-13T20:00:00.000-0000","id":51504,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"tag_ids":[40292,45635,45647,45766],"village_id":58,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Eldorado - Radio Frequency Village","hotel":"","short_name":"Eldorado - Radio Frequency Village","id":45714},"spans_timebands":"N","begin":"2023-08-13T17:00:00.000-0000","updated":"2023-08-02T01:23:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Octopus Game is back for a second year! This contest is a battle royale style competition where fun and friendship is the goal. This year players will meet together in various locations at the same time for group competition through through fun games. 128 players will enter, but only 1 will be crowned the Octopus CHAMPION. Join us, make some new friends and remember: only the best will prevail!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"Octopus Game","android_description":"Octopus Game is back for a second year! This contest is a battle royale style competition where fun and friendship is the goal. This year players will meet together in various locations at the same time for group competition through through fun games. 128 players will enter, but only 1 will be crowned the Octopus CHAMPION. Join us, make some new friends and remember: only the best will prevail!","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"updated_timestamp":{"seconds":1690062240,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245213"},{"label":"Mastodon (@OctopusGame@defcon.social)","type":"link","url":"https://defcon.social/@OctopusGame"},{"label":"Twitter (@OctopusGameDC)","type":"link","url":"https://twitter.com/OctopusGameDC"},{"label":"Website","type":"link","url":"https://www.mirolabs.info/octopusgamedc31"}],"end":"2023-08-13T19:00:00.000-0000","id":51499,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"village_id":null,"tag_ids":[45635,45646,45743,45763],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","updated":"2023-07-22T21:44:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Maps of the Digital Lands is an all-ages contest that challenges participants to merge their artistic talents with their technical expertise. Contestants will be provided with a diverse array of written business designs and must hand-draw a network diagram illustrating the structure and interconnectivity of each business's infrastructure. Judging will be based on accuracy, adherence to best practices, and artistic prowess. In addition, a captivating Capture the Flag scenario will be available for extra points, employing a digital tool to elevate the challenge. Participants of all skill levels are encouraged to join this immersive experience, compete for assorted prizes, and showcase their unique ability to blend artistry with network engineering excellence. Network engineering is a crucial yet frequently overlooked aspect of hacking, forming the backbone of a secure and efficient cyber ecosystem. By honing their network engineering skills, participants can elevate their abilities beyond mere script kiddie status, gaining a comprehensive understanding of system vulnerabilities and strengthening their overall hacking prowess.\n\n\n","title":"Maps of the digital lands","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"android_description":"Maps of the Digital Lands is an all-ages contest that challenges participants to merge their artistic talents with their technical expertise. Contestants will be provided with a diverse array of written business designs and must hand-draw a network diagram illustrating the structure and interconnectivity of each business's infrastructure. Judging will be based on accuracy, adherence to best practices, and artistic prowess. In addition, a captivating Capture the Flag scenario will be available for extra points, employing a digital tool to elevate the challenge. Participants of all skill levels are encouraged to join this immersive experience, compete for assorted prizes, and showcase their unique ability to blend artistry with network engineering excellence. Network engineering is a crucial yet frequently overlooked aspect of hacking, forming the backbone of a secure and efficient cyber ecosystem. By honing their network engineering skills, participants can elevate their abilities beyond mere script kiddie status, gaining a comprehensive understanding of system vulnerabilities and strengthening their overall hacking prowess.","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"updated_timestamp":{"seconds":1690062060,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[{"label":"Booking CTF Slots","type":"link","url":"https://alienvualt.com/ctf"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245357"},{"label":"AlienVault","type":"link","url":"https://alienvualt.com"}],"end":"2023-08-13T19:00:00.000-0000","id":51496,"village_id":null,"tag_ids":[45635,45646,45743],"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-07-22T21:41:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Hosted in IoT Village, teams of 1-6 players compete against one another by exploiting off-the-shelf IoT devices. This has been completely redesigned from previous contests, and features real-world devices that all have real-world vulnerabilities with real-world impacts. \r\n \r\n This CTF is open to anyone! It is approachable for entry level people to experience getting their first root shell on IoT, but to really advance in this CTF teams will need to perform detailed vulnerability research, hardware hacking, firmware analysis, reverse engineering, and limited exploit development. \r\n \r\n CTFs are a great experience to learn more about security and test your skills, and the IoT CTF provides the most realistic hacking experience around! So, join up in a team (or even by yourself) and compete for fun and prizes! Exploit as many as you can during the con and the top three teams will be rewarded.\n\n\n","title":"IoT Village CTF","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"android_description":"Hosted in IoT Village, teams of 1-6 players compete against one another by exploiting off-the-shelf IoT devices. This has been completely redesigned from previous contests, and features real-world devices that all have real-world vulnerabilities with real-world impacts. \r\n \r\n This CTF is open to anyone! It is approachable for entry level people to experience getting their first root shell on IoT, but to really advance in this CTF teams will need to perform detailed vulnerability research, hardware hacking, firmware analysis, reverse engineering, and limited exploit development. \r\n \r\n CTFs are a great experience to learn more about security and test your skills, and the IoT CTF provides the most realistic hacking experience around! So, join up in a team (or even by yourself) and compete for fun and prizes! Exploit as many as you can during the con and the top three teams will be rewarded.","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"updated_timestamp":{"seconds":1690061880,"nanoseconds":0},"speakers":[],"timeband_id":992,"end":"2023-08-13T21:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245348"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711644307597164665"},{"label":"Scoreboard","type":"link","url":"https://scoreboard.iotvillage.org/"}],"id":51491,"village_id":66,"tag_ids":[45635,45646,45743],"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"updated":"2023-07-22T21:38:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In the world of amateur radio, groups of hams will often put together a transmitter hunt (also called \"fox hunting\") in order to hone their radio direction finding skills to locate one or more hidden radio transmitters broadcasting. The Defcon Fox Hunt will require participants to locate a number of hidden radio transmitters broadcasting at very low power which are hidden throughout the conference. Each transmitter will provide a clue or code which will prove the player found the fox transmitter. A map with rough search areas will be given to participants to guide them on their hunt. Additional hints and tips will be provided throughout Defcon at the contest table to help people who find themselves stuck. A small prize to be determined will be given to each participant who locates all of the foxes each day.\r\n\r\nExpanded this year with increased difficulty each day. Friday: Foxes in a small area, non moving Saturday: Foxes in a larger area, with one moving. Sunday: Foxes are on the move. The hunt is on!\r\n\r\nThere will also be a beginner friendly, no radio required, Infrared LED Fox Hunt running everyday which participants can use their cameras on their phones to find!\r\n\r\n--\r\n\r\nWe have had many kids participate and complete the contest over the years... and they've all had a blast doing so.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"Ham Radio Fox Hunting Contest","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"android_description":"In the world of amateur radio, groups of hams will often put together a transmitter hunt (also called \"fox hunting\") in order to hone their radio direction finding skills to locate one or more hidden radio transmitters broadcasting. The Defcon Fox Hunt will require participants to locate a number of hidden radio transmitters broadcasting at very low power which are hidden throughout the conference. Each transmitter will provide a clue or code which will prove the player found the fox transmitter. A map with rough search areas will be given to participants to guide them on their hunt. Additional hints and tips will be provided throughout Defcon at the contest table to help people who find themselves stuck. A small prize to be determined will be given to each participant who locates all of the foxes each day.\r\n\r\nExpanded this year with increased difficulty each day. Friday: Foxes in a small area, non moving Saturday: Foxes in a larger area, with one moving. Sunday: Foxes are on the move. The hunt is on!\r\n\r\nThere will also be a beginner friendly, no radio required, Infrared LED Fox Hunt running everyday which participants can use their cameras on their phones to find!\r\n\r\n--\r\n\r\nWe have had many kids participate and complete the contest over the years... and they've all had a blast doing so.","updated_timestamp":{"seconds":1691289840,"nanoseconds":0},"speakers":[],"timeband_id":992,"end":"2023-08-13T19:00:00.000-0000","links":[{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711645275902574633"},{"label":"Twitter (@Evil_mog)","type":"link","url":"https://twitter.com/@Evil_mog"},{"label":"Website","type":"link","url":"https://defcon31foxhunt.com"}],"id":51482,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"village_id":null,"tag_ids":[45635,45646,45743,45764],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-08-06T02:44:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Embedded systems are everywhere in our daily lives, from the smart devices in our homes to the systems that control critical infrastructure. These systems exist at the intersection of hardware and software, built to accomplish a specific task. However, unlike general-purpose computers, embedded systems are typically designed for a particular use case and have limited resources. This makes them both challenging and fascinating to work with, especially from a security perspective.\r\n\r\nThe Embedded CTF contest is an exciting opportunity to explore the intricacies of these systems and test your skills in a competitive environment. Contestants are challenged to find vulnerabilities in the firmware or hardware and exploit them to gain access or control over the device. The contest offers a unique opportunity to explore embedded devices' inner workings and understand their design's security implications.\r\n\r\nNew devices will be dramatically introduced at set intervals throughout the competition, and point values will decrease over time. This keeps contestants guessing and on their toes, forcing them to adapt and use their skills to tackle new challenges. It also offers a chance to learn about different types of devices and how they function, broadening participants' knowledge and experience.\r\n\r\nBy participating in the contest, teams of up to 6 contestants can develop a deep understanding of how these systems operate and how to secure them against potential attacks. Additionally, the contest encourages participants to think outside the box and approach problems creatively, honing their problem-solving skills.\r\n\r\nWith the increasing integration of technology in our daily lives, embedded devices are becoming more ubiquitous. Whether you're a seasoned security professional or just starting in the field, this contest offers a chance to learn, test your skills, and have fun in a dynamic and competitive environment.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"Embedded CTF","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"android_description":"Embedded systems are everywhere in our daily lives, from the smart devices in our homes to the systems that control critical infrastructure. These systems exist at the intersection of hardware and software, built to accomplish a specific task. However, unlike general-purpose computers, embedded systems are typically designed for a particular use case and have limited resources. This makes them both challenging and fascinating to work with, especially from a security perspective.\r\n\r\nThe Embedded CTF contest is an exciting opportunity to explore the intricacies of these systems and test your skills in a competitive environment. Contestants are challenged to find vulnerabilities in the firmware or hardware and exploit them to gain access or control over the device. The contest offers a unique opportunity to explore embedded devices' inner workings and understand their design's security implications.\r\n\r\nNew devices will be dramatically introduced at set intervals throughout the competition, and point values will decrease over time. This keeps contestants guessing and on their toes, forcing them to adapt and use their skills to tackle new challenges. It also offers a chance to learn about different types of devices and how they function, broadening participants' knowledge and experience.\r\n\r\nBy participating in the contest, teams of up to 6 contestants can develop a deep understanding of how these systems operate and how to secure them against potential attacks. Additionally, the contest encourages participants to think outside the box and approach problems creatively, honing their problem-solving skills.\r\n\r\nWith the increasing integration of technology in our daily lives, embedded devices are becoming more ubiquitous. Whether you're a seasoned security professional or just starting in the field, this contest offers a chance to learn, test your skills, and have fun in a dynamic and competitive environment.","updated_timestamp":{"seconds":1690058820,"nanoseconds":0},"speakers":[],"timeband_id":992,"end":"2023-08-13T21:00:00.000-0000","links":[{"label":"Twitter (@EmbeddedVillage)","type":"link","url":"https://twitter.com/@EmbeddedVillage"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245307"}],"id":51469,"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"tag_ids":[45635,45649,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Evolution - Embedded Systems Village","hotel":"","short_name":"Evolution - Embedded Systems Village","id":45735},"spans_timebands":"N","updated":"2023-07-22T20:47:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The DEFCON MUD is back, this time you can only access it over dumb terminals or serial terminals hosted by the DEFCON SCAV Hunt. Flags will be hosted inside the mud, good luck, have fun, and oh yes the game has exploits, can you find them all?\r\n\r\n--\r\n\r\nRated PG-13.\r\n\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"DEFCON MUD DUMB TERMINAL EDITION","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"android_description":"The DEFCON MUD is back, this time you can only access it over dumb terminals or serial terminals hosted by the DEFCON SCAV Hunt. Flags will be hosted inside the mud, good luck, have fun, and oh yes the game has exploits, can you find them all?\r\n\r\n--\r\n\r\nRated PG-13.","updated_timestamp":{"seconds":1691289540,"nanoseconds":0},"speakers":[],"timeband_id":992,"end":"2023-08-13T19:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245270"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/728707998796480590"}],"id":51464,"tag_ids":[45635,45646,45743,45764],"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","updated":"2023-08-06T02:39:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Are you tired of being an NPC, mindlessly standing in line at a hacker con? Do you want to be involved and improve the hacker community? The DEF CON Scavenger Hunt is here to encourage you to interact with goons and attendees alike; to be an active participant of DEF CON itself.\r\n \r\n Come visit the DEF CON Scavenger Hunt table in the contest area and get a list, register your team of 1 to 5 players, and gather or accomplish as many items from the list as you can. Items are submitted at the table, better than average submissions shall be awarded bonus points. The team who turns in the most points by Sunday at noon will win the admiration of your like-minded peers.\r\n \r\n The DEF CON Scavenger Hunt is one of the longest running contests at DEF CON, visit https://defconscavhunt.com for a history lesson.\r\n \r\n If you capture pictures or video of items from our list, or have in the past, please send them to us via email scavlist@gmail.com.\r\n\r\n--\r\n\r\nThe scavenger hunt list is open to interpretation and we are not responsible for how list items are interpreted. We have had a number of pre-teens and teenagers play the scavenger hunt over the years, primarily with their parents but occasionally alone. The team that won at DC24 included a teenager with their parents. Parental Guidance Recommended.\r\n\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"DEF CON Scavenger Hunt","android_description":"Are you tired of being an NPC, mindlessly standing in line at a hacker con? Do you want to be involved and improve the hacker community? The DEF CON Scavenger Hunt is here to encourage you to interact with goons and attendees alike; to be an active participant of DEF CON itself.\r\n \r\n Come visit the DEF CON Scavenger Hunt table in the contest area and get a list, register your team of 1 to 5 players, and gather or accomplish as many items from the list as you can. Items are submitted at the table, better than average submissions shall be awarded bonus points. The team who turns in the most points by Sunday at noon will win the admiration of your like-minded peers.\r\n \r\n The DEF CON Scavenger Hunt is one of the longest running contests at DEF CON, visit https://defconscavhunt.com for a history lesson.\r\n \r\n If you capture pictures or video of items from our list, or have in the past, please send them to us via email scavlist@gmail.com.\r\n\r\n--\r\n\r\nThe scavenger hunt list is open to interpretation and we are not responsible for how list items are interpreted. We have had a number of pre-teens and teenagers play the scavenger hunt over the years, primarily with their parents but occasionally alone. The team that won at DC24 included a teenager with their parents. Parental Guidance Recommended.","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"updated_timestamp":{"seconds":1691289780,"nanoseconds":0},"speakers":[],"timeband_id":992,"end":"2023-08-13T19:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245255"},{"label":"Twitter (@defconscavhunt)","type":"link","url":"https://twitter.com/@defconscavhunt"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711049278163779605"}],"id":51461,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"village_id":null,"tag_ids":[45635,45646,45743,45763],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"begin":"2023-08-13T17:00:00.000-0000","updated":"2023-08-06T02:43:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Darknet-NG is an In-Person Massively Multiplayer Online Role Playing Game (MMO-RPG), where the players take on the Persona of an Agent who is sent on Quests to learn real skills and gain in-game points. If this is your first time at DEF CON, this is a great place to start, because we assume no prior knowledge. Building from basic concepts, we teach agents about a range of topics from Lock-picking, to using and decoding ciphers, to Electronics 101, just to name a few, all while also helping to connect them to the larger DEF CON Community. The \"Learning Quests\" help the agent gather knowledge from all across the other villages at the conference, while the \"Challenge Quests\" help hone their skills! Sunday Morning there is a BOSS FIGHT where the Agents must use their combined skills as a community and take on that year's challenge! There is a whole skill tree of personal knowledge to obtain, community to connect with and memories to make! To get started, check out our site https://darknet-ng.network and join our growing Discord Community!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"Darknet-NG","android_description":"Darknet-NG is an In-Person Massively Multiplayer Online Role Playing Game (MMO-RPG), where the players take on the Persona of an Agent who is sent on Quests to learn real skills and gain in-game points. If this is your first time at DEF CON, this is a great place to start, because we assume no prior knowledge. Building from basic concepts, we teach agents about a range of topics from Lock-picking, to using and decoding ciphers, to Electronics 101, just to name a few, all while also helping to connect them to the larger DEF CON Community. The \"Learning Quests\" help the agent gather knowledge from all across the other villages at the conference, while the \"Challenge Quests\" help hone their skills! Sunday Morning there is a BOSS FIGHT where the Agents must use their combined skills as a community and take on that year's challenge! There is a whole skill tree of personal knowledge to obtain, community to connect with and memories to make! To get started, check out our site https://darknet-ng.network and join our growing Discord Community!","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"updated_timestamp":{"seconds":1690058160,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[{"label":"Website","type":"link","url":"https://darknet-ng.network"},{"label":"Twitter (@DarknetNg)","type":"link","url":"https://twitter.com/DarknetNg"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245234"},{"label":"Mastodon (@DarknetNG@defcon.social)","type":"link","url":"https://defcon.social/@DarknetNG"}],"end":"2023-08-13T19:00:00.000-0000","id":51454,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"tag_ids":[45635,45646,45743,45764],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","begin":"2023-08-13T17:00:00.000-0000","updated":"2023-07-22T20:36:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The premiere password cracking contest \"CrackMeIfYouCan\" is back again. Passwords so two-thousand and late. Remember, remember, the cracks of November.\r\n\r\nWe're preparing hashes from easy to hard, so there'll be something for you if you want to compete casually as a Street team, or go all out in Pro.\r\n\r\nWhere we're going, we don't need roads. Purely a penchant for puzzles, perhaps a plethora of processors.\r\n\r\nCheck out past years' contests at https://contest.korelogic.com/ , and the Password Village at https://passwordvillage.org/\n\n\n","title":"CrackMeIfYouCan","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"android_description":"The premiere password cracking contest \"CrackMeIfYouCan\" is back again. Passwords so two-thousand and late. Remember, remember, the cracks of November.\r\n\r\nWe're preparing hashes from easy to hard, so there'll be something for you if you want to compete casually as a Street team, or go all out in Pro.\r\n\r\nWhere we're going, we don't need roads. Purely a penchant for puzzles, perhaps a plethora of processors.\r\n\r\nCheck out past years' contests at https://contest.korelogic.com/ , and the Password Village at https://passwordvillage.org/","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"updated_timestamp":{"seconds":1690057740,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[{"label":"Website","type":"link","url":"https://contest.korelogic.com"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711644827053457478"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245299"},{"label":"Password Village Website","type":"link","url":"https://passwordvillage.org/"}],"end":"2023-08-13T19:00:00.000-0000","id":51451,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"tag_ids":[45635,45646,45743],"village_id":53,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-07-22T20:29:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"If you ever wanted to break stuff on the cloud, or if you like rabbit holes that take you places you did not think you would go to, follow complicated story lines to only find you could have reached to the flag without scratching your head so much - then this CTF is for you!\r\n\r\nOur CTF is a three days jeopardy style contest where we have a bunch of challenges hosted across multiple Cloud providers across multiple categories of difficulty.\r\n\r\nYou can register as teams or go solo, use hints or stay away from them, in the end it will be all for glory or nothing. Plus the prizes. Did we not mention the prizes? :D\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"Cloud Village CTF","android_description":"If you ever wanted to break stuff on the cloud, or if you like rabbit holes that take you places you did not think you would go to, follow complicated story lines to only find you could have reached to the flag without scratching your head so much - then this CTF is for you!\r\n\r\nOur CTF is a three days jeopardy style contest where we have a bunch of challenges hosted across multiple Cloud providers across multiple categories of difficulty.\r\n\r\nYou can register as teams or go solo, use hints or stay away from them, in the end it will be all for glory or nothing. Plus the prizes. Did we not mention the prizes? :D","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"updated_timestamp":{"seconds":1690057260,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[{"label":"Village Website","type":"link","url":"https://cloud-village.org"},{"label":"Twitter (@cloudvillage_dc)","type":"link","url":"https://twitter.com/@cloudvillage_dc"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245467"}],"end":"2023-08-13T19:00:00.000-0000","id":51446,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"tag_ids":[40284,45635,45744],"village_id":43,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45749},"spans_timebands":"N","updated":"2023-07-22T20:21:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Car Hacking Village CTF is a fun interactive challenge which gives contestants first hand experience to interact with automotive technologies. We work with multiple automotive OEM's and suppliers to ensure our challenges give a real-world experience to car hacking. We understand hacking cars can be expensive, so please come check out our village and flex your skills in hacking automotive technologies.\r\n\r\nWith the largest collection of hackers in one area, there's no better way to understand the security state of an industry without bringing it to security professionals to break. Over the past 9 years, the Car Hacking Village has been the focal point of interest for new hackers entering the automotive industry to learn, be a part of and actually test out automotive technologies. Our contest at the village, in combination with many automotive OEMs, Suppliers, etc., is used to give people first hand experience on cutting edge and at times expensive technologies. We plan to use this event to keep drawing attention to the automotive security industry through hands-on challenges.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"Car Hacking Village CTF","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"android_description":"The Car Hacking Village CTF is a fun interactive challenge which gives contestants first hand experience to interact with automotive technologies. We work with multiple automotive OEM's and suppliers to ensure our challenges give a real-world experience to car hacking. We understand hacking cars can be expensive, so please come check out our village and flex your skills in hacking automotive technologies.\r\n\r\nWith the largest collection of hackers in one area, there's no better way to understand the security state of an industry without bringing it to security professionals to break. Over the past 9 years, the Car Hacking Village has been the focal point of interest for new hackers entering the automotive industry to learn, be a part of and actually test out automotive technologies. Our contest at the village, in combination with many automotive OEMs, Suppliers, etc., is used to give people first hand experience on cutting edge and at times expensive technologies. We plan to use this event to keep drawing attention to the automotive security industry through hands-on challenges.","updated_timestamp":{"seconds":1690055760,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711643596658311229"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/244786"},{"label":"Twitter (@CarHackVillage)","type":"link","url":"https://twitter.com/CarHackVillage/"},{"label":"Village Website","type":"link","url":"https://www.carhackingvillage.com"}],"end":"2023-08-13T19:00:00.000-0000","id":51442,"tag_ids":[45635,45646,45743],"village_id":42,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-07-22T19:56:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Battle of The Bots presents a new twist on traditional “King-of-The-Hill” style Capture the Flag events by incorporating exploit development, vulnerability analysis, reverse engineering and software development in the form of developing computer worms aka “bots”. BOTBs requires competitors to develop proof-of-concept exploits against varying misconfigured or vulnerable network services. To maximize points scored, the competitor’s bot must automatically scan and compromise network services in the competition environment autonomously. Services that are harder to exploit (ex: requiring memory corruption exploits opposed to misconfigured databases) will result in a higher point score for the competitor. \r\n \r\n The vulnerable network services will include real world vulnerable services where a competitor can adopt off the shelf proof-of-concepts vulnerabilities from an offensive security resource (ex: Metasploit Framework, exploit-db, packetstorm, etc…) into their bot to achieve access to said vulnerable services. Additionally, custom built vulnerable services informed by OWASP Top 10 security bugs as well as CVEs will influence challenge development resulting in a competitor to have the experience of reverse engineering new applications to identify vulnerabilities based on historically significant pain points in Software Engineering as well as infamous historical CVEs. Battle of The Bots will give competitors of all skill levels an opportunity to develop proof-of-concept exploits. Network services will be developed in a variety of compiled and interpreted languages with varying associated vulnerabilities and points. The variety of languages will provide opportunities for those less experienced with reverse engineering to analyze vulnerable Python code to find hidden API endpoints that lead to shell execution for example, rather than reverse engineer compiled binaries.\r\n \r\n Finally, the BOTBs team will be capturing network traffic from the competition environment to later be shared with the wider community. The BOTBs team believes that this unique dataset of network service attacks can act as a unique resource for academic researchers, SOC analysts assessing their defenses and training events where having attack data for SIEM analysis. The data will be released under the Apache 2.0 License and hosted publicly on a yet to be determined platform.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"Battle of The Bots","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"android_description":"Battle of The Bots presents a new twist on traditional “King-of-The-Hill” style Capture the Flag events by incorporating exploit development, vulnerability analysis, reverse engineering and software development in the form of developing computer worms aka “bots”. BOTBs requires competitors to develop proof-of-concept exploits against varying misconfigured or vulnerable network services. To maximize points scored, the competitor’s bot must automatically scan and compromise network services in the competition environment autonomously. Services that are harder to exploit (ex: requiring memory corruption exploits opposed to misconfigured databases) will result in a higher point score for the competitor. \r\n \r\n The vulnerable network services will include real world vulnerable services where a competitor can adopt off the shelf proof-of-concepts vulnerabilities from an offensive security resource (ex: Metasploit Framework, exploit-db, packetstorm, etc…) into their bot to achieve access to said vulnerable services. Additionally, custom built vulnerable services informed by OWASP Top 10 security bugs as well as CVEs will influence challenge development resulting in a competitor to have the experience of reverse engineering new applications to identify vulnerabilities based on historically significant pain points in Software Engineering as well as infamous historical CVEs. Battle of The Bots will give competitors of all skill levels an opportunity to develop proof-of-concept exploits. Network services will be developed in a variety of compiled and interpreted languages with varying associated vulnerabilities and points. The variety of languages will provide opportunities for those less experienced with reverse engineering to analyze vulnerable Python code to find hidden API endpoints that lead to shell execution for example, rather than reverse engineer compiled binaries.\r\n \r\n Finally, the BOTBs team will be capturing network traffic from the competition environment to later be shared with the wider community. The BOTBs team believes that this unique dataset of network service attacks can act as a unique resource for academic researchers, SOC analysts assessing their defenses and training events where having attack data for SIEM analysis. The data will be released under the Apache 2.0 License and hosted publicly on a yet to be determined platform.","updated_timestamp":{"seconds":1690053720,"nanoseconds":0},"speakers":[],"timeband_id":992,"end":"2023-08-13T19:00:00.000-0000","links":[{"label":"Website","type":"link","url":"https://battleofthebots.github.io"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245282"}],"id":51433,"tag_ids":[45635,45646,45766],"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","updated":"2023-07-22T19:22:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Adversary Village proudly presents \"Adversary Wars CTF,\" a cutting-edge capture the flag competition that revolves around adversary attack simulation, adversary-threat actor emulation, purple team tactics and adversary tradecraft. This unique competition is designed to replicate enterprise infrastructure and present participants with challenges that encourage the adoption of various techniques, tactics, and procedures (TTPs) employed by real adversaries and threat actors, all within a defined time frame.\r\n\r\nAdversary Village is a community-driven initiative that prioritizes adversary simulation, emulation, breach and attack simulation, adversary tactics, offensive/adversary tradecraft, philosophy, and purple teaming.\r\n\r\nOur objective is to establish a Capture the Flag competition dedicated to adversary simulation, purple teaming and knowledge sharing. Adversary Wars offers unique opportunities for “adversaries” aka participants to simulate attacks, explore new attack vectors, gain insights into threat actor profiles, master TTPs, and refine offensive tradecraft. With a range of adversary simulation exercises at different difficulty levels, this CTF promises real-world attack simulation scenarios and challenges.\r\n\r\nPrevious versions of the Adversary Wars CTF were hosted as part of Adversary Village, during DEF CON 29 and DEF CON 30. We are excited to be back at DEF CON as an official contest this year. Adversary Wars CTF will be located in the contest area for DEF CON 31.​\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"Adversary Wars CTF","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"android_description":"Adversary Village proudly presents \"Adversary Wars CTF,\" a cutting-edge capture the flag competition that revolves around adversary attack simulation, adversary-threat actor emulation, purple team tactics and adversary tradecraft. This unique competition is designed to replicate enterprise infrastructure and present participants with challenges that encourage the adoption of various techniques, tactics, and procedures (TTPs) employed by real adversaries and threat actors, all within a defined time frame.\r\n\r\nAdversary Village is a community-driven initiative that prioritizes adversary simulation, emulation, breach and attack simulation, adversary tactics, offensive/adversary tradecraft, philosophy, and purple teaming.\r\n\r\nOur objective is to establish a Capture the Flag competition dedicated to adversary simulation, purple teaming and knowledge sharing. Adversary Wars offers unique opportunities for “adversaries” aka participants to simulate attacks, explore new attack vectors, gain insights into threat actor profiles, master TTPs, and refine offensive tradecraft. With a range of adversary simulation exercises at different difficulty levels, this CTF promises real-world attack simulation scenarios and challenges.\r\n\r\nPrevious versions of the Adversary Wars CTF were hosted as part of Adversary Village, during DEF CON 29 and DEF CON 30. We are excited to be back at DEF CON as an official contest this year. Adversary Wars CTF will be located in the contest area for DEF CON 31.​","updated_timestamp":{"seconds":1690053600,"nanoseconds":0},"speakers":[],"timeband_id":992,"end":"2023-08-13T19:00:00.000-0000","links":[{"label":"Twitter","type":"link","url":"https://twitter.com/AdversaryVillag/"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245457"},{"label":"Website","type":"link","url":"https://adversaryvillage.org/adversary-events/DEFCON-31/"}],"id":51430,"tag_ids":[45635,45646,45743],"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","begin":"2023-08-13T17:00:00.000-0000","updated":"2023-07-22T19:20:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"AND!XOR creates electronic badges that are filled with challenges. We love doing this, especially coming up with unique ways for hackers to earn them. We are excited to re-introduce the newest member of our hacker-fam... 5n4ck3y (Snackey). 5n4ck3y is a vending machine hardware hacking project, retrofitted into an IoT CTF based badge dispensing machine, complete with bling. To earn a badge, you must find a flag on our web hosted CTF platform. Once you have found a flag, you will be given a 5n4ck3y dispense code. Enter the code into the vending machine and a badge will be dispensed to you! There are a variety of challenges to earn a badge, as well as challenges to continue working on the badge itself once obtained. These span from hardware hacking, reverse engineering, OSINT, OS & network security to name a few. Hardware hacking is our passion and we want people to learn on badges. But more importantly, there is a lot to learn at DEF CON, so our challenge will hopefully serve a desire to learn something new and meet new friends while trying to earn a badge and hack it further. We hope you enjoy 5n4ck3y and all that it has to offer!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"5n4ck3y","android_description":"AND!XOR creates electronic badges that are filled with challenges. We love doing this, especially coming up with unique ways for hackers to earn them. We are excited to re-introduce the newest member of our hacker-fam... 5n4ck3y (Snackey). 5n4ck3y is a vending machine hardware hacking project, retrofitted into an IoT CTF based badge dispensing machine, complete with bling. To earn a badge, you must find a flag on our web hosted CTF platform. Once you have found a flag, you will be given a 5n4ck3y dispense code. Enter the code into the vending machine and a badge will be dispensed to you! There are a variety of challenges to earn a badge, as well as challenges to continue working on the badge itself once obtained. These span from hardware hacking, reverse engineering, OSINT, OS & network security to name a few. Hardware hacking is our passion and we want people to learn on badges. But more importantly, there is a lot to learn at DEF CON, so our challenge will hopefully serve a desire to learn something new and meet new friends while trying to earn a badge and hack it further. We hope you enjoy 5n4ck3y and all that it has to offer!","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"updated_timestamp":{"seconds":1690142100,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[{"label":"Twitter","type":"link","url":"https://twitter.com/ANDnXOR"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245450"}],"end":"2023-08-13T19:00:00.000-0000","id":51427,"tag_ids":[45635,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","begin":"2023-08-13T17:00:00.000-0000","updated":"2023-07-23T19:55:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Are you ready to put your problem-solving skills to the test?\r\n\r\nThis year, we are proud to introduce a brand new contest, designed to push your limits and awaken your curiosity.\r\n\r\nThe ? Cube Challenge is not for the faint-hearted. It is a multi-layered, complex puzzle that requires you to use all your hacking and analytical skills to solve it.\r\n\r\nThe cube is loaded with riddles and puzzles that must be solved one by one to progress further towards the ultimate goal.\r\n\r\nThis challenge is not just about solving a puzzle, it's about exploring your curiosity and pushing the boundaries of your knowledge.\r\n\r\nIt's about putting your hacker mindset to work and seeing how far you can go.\r\n\r\nWith each step, you'll be one step closer to unlocking the secrets of the ? Cube Challenge.We know that Defcon attendees are always looking for the next big challenge, and we have created the ? Cube Challenge with that in mind.\r\n\r\nIt is a contest that will test your limits, engage your creativity, and push your curiosity to the next level.So come and join us at Defcon 31 and take on the ultimate challenge! Who knows, you might just walk away with the title of ? Cub Champion and the admiration of your fellow hackers. Are you ready to take the challenge?\r\n\r\nThe above was totally written by ChatGPT. I don't want to give out too much information, but basically there is going to be a big cube like object that contestants will have to deconstruct to find the hidden awesomeness. I hope to have challenges spread across multiple domains, both online in a jeopardy style ctf as well as the physical puzzle of the cube which will be module in nature, with each physical puzzle tying to the next.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"? Cube","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"android_description":"Are you ready to put your problem-solving skills to the test?\r\n\r\nThis year, we are proud to introduce a brand new contest, designed to push your limits and awaken your curiosity.\r\n\r\nThe ? Cube Challenge is not for the faint-hearted. It is a multi-layered, complex puzzle that requires you to use all your hacking and analytical skills to solve it.\r\n\r\nThe cube is loaded with riddles and puzzles that must be solved one by one to progress further towards the ultimate goal.\r\n\r\nThis challenge is not just about solving a puzzle, it's about exploring your curiosity and pushing the boundaries of your knowledge.\r\n\r\nIt's about putting your hacker mindset to work and seeing how far you can go.\r\n\r\nWith each step, you'll be one step closer to unlocking the secrets of the ? Cube Challenge.We know that Defcon attendees are always looking for the next big challenge, and we have created the ? Cube Challenge with that in mind.\r\n\r\nIt is a contest that will test your limits, engage your creativity, and push your curiosity to the next level.So come and join us at Defcon 31 and take on the ultimate challenge! Who knows, you might just walk away with the title of ? Cub Champion and the admiration of your fellow hackers. Are you ready to take the challenge?\r\n\r\nThe above was totally written by ChatGPT. I don't want to give out too much information, but basically there is going to be a big cube like object that contestants will have to deconstruct to find the hidden awesomeness. I hope to have challenges spread across multiple domains, both online in a jeopardy style ctf as well as the physical puzzle of the cube which will be module in nature, with each physical puzzle tying to the next.","updated_timestamp":{"seconds":1690053300,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/244817"},{"label":"Website","type":"link","url":"http://0x3fcube.com/"}],"end":"2023-08-13T19:00:00.000-0000","id":51424,"tag_ids":[45635,45646,45766],"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","updated":"2023-07-22T19:15:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The workshop is designed to provide attendees with comprehensive knowledge and hands-on experience in the realm of offensive security. In today's digital landscape, where passwords remain a significant line of defense for organizations, understanding their vulnerabilities is crucial for both offensive and defensive purposes. This workshop aims to equip participants with the skills required to identify weak passwords, crack hashes, and perform credential-based attacks effectively.\n\n\n","title":"Passwords Argh Us","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"android_description":"The workshop is designed to provide attendees with comprehensive knowledge and hands-on experience in the realm of offensive security. In today's digital landscape, where passwords remain a significant line of defense for organizations, understanding their vulnerabilities is crucial for both offensive and defensive purposes. This workshop aims to equip participants with the skills required to identify weak passwords, crack hashes, and perform credential-based attacks effectively.","end_timestamp":{"seconds":1691949600,"nanoseconds":0},"updated_timestamp":{"seconds":1689358500,"nanoseconds":0},"speakers":[{"content_ids":[51089],"conference_id":96,"event_ids":[51120,51150,51151,51152],"name":"Traveler","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/traveler19/"}],"pronouns":null,"media":[],"id":50285}],"timeband_id":992,"links":[],"end":"2023-08-13T18:00:00.000-0000","id":51152,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"tag_ids":[40294,45647,45719],"village_id":60,"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50285}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 3","hotel":"","short_name":"Area 3","id":45827},"updated":"2023-07-14T18:15:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In order to threat hunt, in order to create threat intelligence, one must first identify the what before the where, the where, before the why, the why before the who, and then you’ll know who attacked you…maybe 🙂 In this CTF style threat hunt, you are placed in two seats. In one you are the attacker, the other, you are the defender. Somewhere in between, you have to realize that you are also the malware author, reverse engineer, network analyst, etc…however your path may be, you will need to find all of the IOCs before time runs out and the real adversary is not found.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"title":"IOCs + APTs = \"Let's play a game!\" - Hack your way through a hunt!","android_description":"In order to threat hunt, in order to create threat intelligence, one must first identify the what before the where, the where, before the why, the why before the who, and then you’ll know who attacked you…maybe 🙂 In this CTF style threat hunt, you are placed in two seats. In one you are the attacker, the other, you are the defender. Somewhere in between, you have to realize that you are also the malware author, reverse engineer, network analyst, etc…however your path may be, you will need to find all of the IOCs before time runs out and the real adversary is not found.","end_timestamp":{"seconds":1691949600,"nanoseconds":0},"updated_timestamp":{"seconds":1689358140,"nanoseconds":0},"speakers":[{"content_ids":[51073],"conference_id":96,"event_ids":[51106,51140,51141,51142],"name":"Leo Cruz","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/cruzleo/"}],"pronouns":null,"media":[],"id":50270}],"timeband_id":992,"links":[],"end":"2023-08-13T18:00:00.000-0000","id":51142,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"tag_ids":[40294,45647,45719],"village_id":60,"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50270}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 1","hotel":"","short_name":"Area 1","id":45825},"updated":"2023-07-14T18:09:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Medical Records, Procurement, and Manufacturing have always been a major part of the biomedical, pharmaceutical, and laboratory technology industry and critical infrastructure. As we edge closer to the regulatory timelines, we need to look at the current landscape and its issues. If you enjoy thrillers, data, crime, and international espionage, Welcome to the 'Choose your own adventure: Healthcare and the International Syndicate of Turbulence' or 'Septic Homeostasis'.\n\n\n","title":"Table Top","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691954400,"nanoseconds":0},"android_description":"Medical Records, Procurement, and Manufacturing have always been a major part of the biomedical, pharmaceutical, and laboratory technology industry and critical infrastructure. As we edge closer to the regulatory timelines, we need to look at the current landscape and its issues. If you enjoy thrillers, data, crime, and international espionage, Welcome to the 'Choose your own adventure: Healthcare and the International Syndicate of Turbulence' or 'Septic Homeostasis'.","updated_timestamp":{"seconds":1689117540,"nanoseconds":0},"speakers":[{"content_ids":[51054,51056,52229],"conference_id":96,"event_ids":[51086,51088,52479],"name":"Nathan Case","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50235},{"content_ids":[51056],"conference_id":96,"event_ids":[51088],"name":"Felicity Milman","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50249},{"content_ids":[51056],"conference_id":96,"event_ids":[51088],"name":"Jorge Acevedo Canabal","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50250}],"timeband_id":992,"links":[],"end":"2023-08-13T19:20:00.000-0000","id":51088,"tag_ids":[45645,45647,45717],"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"village_id":68,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50249},{"tag_id":45590,"sort_order":1,"person_id":50250},{"tag_id":45590,"sort_order":1,"person_id":50235}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Laughlin I,II,III - Biohacking Village","hotel":"","short_name":"Laughlin I,II,III - Biohacking Village","id":45663},"spans_timebands":"N","updated":"2023-07-11T23:19:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"A series of panels and talks that are not recorded and off the record, the AMA's are meant to encourage thought provoking questions from the audience.\n\n\n","title":"CANCELED: War Stories Off The Record AMA","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#47c64e","name":"DEF CON War Story","id":45844},"end_timestamp":{"seconds":1691953200,"nanoseconds":0},"android_description":"A series of panels and talks that are not recorded and off the record, the AMA's are meant to encourage thought provoking questions from the audience.","updated_timestamp":{"seconds":1691946540,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T19:00:00.000-0000","id":50864,"tag_ids":[45648,45844],"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45666,"name":"Harrah's - Nevada Ballroom - Lake Tahoe & Reno - War Stories - Off the Record","hotel":"","short_name":"War Stories - Off the Record","id":45802},"spans_timebands":"N","updated":"2023-08-13T17:09:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Exactly 5 years ago we were presenting ways to hack and root vacuum robots. Since then, many things have changed. Back then we were looking into ways to use the robots' \"dumb\" sensors to spy on the user (e.g. by using the ultrasonic sensor). But all our predictions were exceeded by the reality: today's robots bring multiple cameras and microphones with them. AI is used to detect objects and rooms. But can it be trusted? Where will pictures of your cat end up?\r\n\r\nIn this talk we will look at the security and privacy of current devices. We will show that their flaws pose a huge privacy risk and that certification of devices cannot be trusted. Not to worry, though - we will also show you how to protect yourself (and your data) from your robot friends.\r\n\r\nYou will learn on how you can get root access to current flagship models of 4 different vendors. Come with us on a journey of having fun hacking interesting devices while preventing them from breaching your privacy. We will also discuss the risks of used devices, for both old and new users.\r\n\r\nFinally, we will talk about the challenges of documenting vacuum robots and developing custom software for them. While our primary goal is to disconnect the robots from the cloud, it is also for users to repair their devices - pwning to own in a wholesome way.\r\n\r\nREFERENCES: \r\n\r\nRobots with lasers and cameras (but no security): Liberating your vacuum from the cloud\r\nhttps://dontvacuum.me/talks/DEFCON29/DEFCON29-Robots_with_lasers_and_cameras.html\r\n \r\nUnleash your smart-home devices: Vacuum Cleaning Robot Hacking (34C3)\r\nhttps://dontvacuum.me/talks/34c3-2017/34c3.html\r\n \r\nHaving fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices\r\nhttps://dontvacuum.me/talks/DEFCON26/DEFCON26-Having_fun_with_IoT-Xiaomi.html\r\n \r\nhttps://www.technologyreview.com/2022/12/19/1065306/roomba-irobot-robot-vacuums-artificial-intelligence-training-data-privacy/\r\n \r\nhttps://linux-sunxi.org/Main_Page\n\n\n","title":"Vacuum robot security and privacy - prevent your robot from sucking your data","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"android_description":"Exactly 5 years ago we were presenting ways to hack and root vacuum robots. Since then, many things have changed. Back then we were looking into ways to use the robots' \"dumb\" sensors to spy on the user (e.g. by using the ultrasonic sensor). But all our predictions were exceeded by the reality: today's robots bring multiple cameras and microphones with them. AI is used to detect objects and rooms. But can it be trusted? Where will pictures of your cat end up?\r\n\r\nIn this talk we will look at the security and privacy of current devices. We will show that their flaws pose a huge privacy risk and that certification of devices cannot be trusted. Not to worry, though - we will also show you how to protect yourself (and your data) from your robot friends.\r\n\r\nYou will learn on how you can get root access to current flagship models of 4 different vendors. Come with us on a journey of having fun hacking interesting devices while preventing them from breaching your privacy. We will also discuss the risks of used devices, for both old and new users.\r\n\r\nFinally, we will talk about the challenges of documenting vacuum robots and developing custom software for them. While our primary goal is to disconnect the robots from the cloud, it is also for users to repair their devices - pwning to own in a wholesome way.\r\n\r\nREFERENCES: \r\n\r\nRobots with lasers and cameras (but no security): Liberating your vacuum from the cloud\r\nhttps://dontvacuum.me/talks/DEFCON29/DEFCON29-Robots_with_lasers_and_cameras.html\r\n \r\nUnleash your smart-home devices: Vacuum Cleaning Robot Hacking (34C3)\r\nhttps://dontvacuum.me/talks/34c3-2017/34c3.html\r\n \r\nHaving fun with IoT: Reverse Engineering and Hacking of Xiaomi IoT Devices\r\nhttps://dontvacuum.me/talks/DEFCON26/DEFCON26-Having_fun_with_IoT-Xiaomi.html\r\n \r\nhttps://www.technologyreview.com/2022/12/19/1065306/roomba-irobot-robot-vacuums-artificial-intelligence-training-data-privacy/\r\n \r\nhttps://linux-sunxi.org/Main_Page","end_timestamp":{"seconds":1691948700,"nanoseconds":0},"updated_timestamp":{"seconds":1687139520,"nanoseconds":0},"speakers":[{"content_ids":[50594,51026],"conference_id":96,"event_ids":[50839,51064],"name":"Dennis Giese","affiliations":[{"organization":"","title":"Hacker"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/dgi_DE"},{"description":"","title":"Website","sort_order":0,"url":"https://valetudo.cloud"},{"description":"","title":"Website","sort_order":0,"url":"https://dontvacuum.me"}],"media":[],"id":49829,"title":"Hacker"}],"timeband_id":992,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245765"}],"end":"2023-08-13T17:45:00.000-0000","id":50839,"village_id":null,"tag_ids":[45589,45592,45629,45630,45646,45766],"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"includes":"Tool 🛠, Exploit 🪲, Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49829}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 407-410 - Track 4","hotel":"","short_name":"Academy - 407-410 - Track 4","id":45799},"updated":"2023-06-19T01:52:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Cellular networks form large complex compounds for roaming purposes. Thus, geographically-spread testbeds for masurements and rapid exploit verification are needed to do justice to the technology's unique structure and global scope. Additionally, such measurements suffer from a combinatorial explosion of operators, mobile plans, and services. To cope with these challenges, we are releasing an open-source framework that geographically decouples the SIM (subscription) from the cellular modem by selectively connecting both remotely. This allows testing any subscriber with any operator at any modem location within seconds without moving parts. The resulting measurement and testbed platform \"MobileAtlas\" offers a scalable, controlled experimentation environment. It is fully open-sourced and allows other researchers to contribute locations, SIM cards, and measurement scripts.\r\n\r\nUsing the above framework, our international experiments in commercial networks revealed exploitable inconsistencies in traffic metering, leading to multiple data \"phreaking\" opportunities (\"free-ride\"). We also expose problematic IPv6 firewall configurations, hidden SIM card communication to the home network, and fingerprint dial progress tones to track victims across different roaming networks and countries with voice calls.\r\n\r\nREFERENCES: \r\n \r\nGabriel K. Gegenhuber, Wilfried Mayer, and Edgar Weippl. Zero-Rating, One Big Mess: Analyzing Differential Pricing Practices of European MNOs. In IEEE Global Communications Conference (GLOBECOM), 2022\r\nGabriel K. Gegenhuber, Wilfried Mayer, Edgar Weippl, Adrian Dabrowski. MobileAtlas: Geographically Decoupled Measurements in Cellular Networks for Security and Privacy Research., 2023, In proceedings of the 32th USENIX Security Symposium 2023.\r\nDavid Allen Burgess. What is AT&T doing at 1111340002? Welcome to the magical world of proac-tive SIMs., 2021. https://medium.com/telecom-expert/what-is-at-t-doing-at-1111340002-c418876c212c\r\nDavid Allen Burgess. More Proactive SIMs., 2021. https://medium.com/telecom-expert/more-proactive-sims-f8da2ef8b189\r\nOSMOCOM. Simtrace 2. https://osmocom.org/projects/simtrace2/wiki\r\nosmocom.org. pySim-prog - Utility for programmable SIM/USIM-Cards. https://osmocom.org/projects/pysim/wiki\r\nThe MONROE Alliance. Measuring Mobile Broadband Networks in Europe. https://www.monroe-project.eu\n\n\n","title":"Cellular carriers hate this trick: Using SIM tunneling to travel at light speed","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691948700,"nanoseconds":0},"android_description":"Cellular networks form large complex compounds for roaming purposes. Thus, geographically-spread testbeds for masurements and rapid exploit verification are needed to do justice to the technology's unique structure and global scope. Additionally, such measurements suffer from a combinatorial explosion of operators, mobile plans, and services. To cope with these challenges, we are releasing an open-source framework that geographically decouples the SIM (subscription) from the cellular modem by selectively connecting both remotely. This allows testing any subscriber with any operator at any modem location within seconds without moving parts. The resulting measurement and testbed platform \"MobileAtlas\" offers a scalable, controlled experimentation environment. It is fully open-sourced and allows other researchers to contribute locations, SIM cards, and measurement scripts.\r\n\r\nUsing the above framework, our international experiments in commercial networks revealed exploitable inconsistencies in traffic metering, leading to multiple data \"phreaking\" opportunities (\"free-ride\"). We also expose problematic IPv6 firewall configurations, hidden SIM card communication to the home network, and fingerprint dial progress tones to track victims across different roaming networks and countries with voice calls.\r\n\r\nREFERENCES: \r\n \r\nGabriel K. Gegenhuber, Wilfried Mayer, and Edgar Weippl. Zero-Rating, One Big Mess: Analyzing Differential Pricing Practices of European MNOs. In IEEE Global Communications Conference (GLOBECOM), 2022\r\nGabriel K. Gegenhuber, Wilfried Mayer, Edgar Weippl, Adrian Dabrowski. MobileAtlas: Geographically Decoupled Measurements in Cellular Networks for Security and Privacy Research., 2023, In proceedings of the 32th USENIX Security Symposium 2023.\r\nDavid Allen Burgess. What is AT&T doing at 1111340002? Welcome to the magical world of proac-tive SIMs., 2021. https://medium.com/telecom-expert/what-is-at-t-doing-at-1111340002-c418876c212c\r\nDavid Allen Burgess. More Proactive SIMs., 2021. https://medium.com/telecom-expert/more-proactive-sims-f8da2ef8b189\r\nOSMOCOM. Simtrace 2. https://osmocom.org/projects/simtrace2/wiki\r\nosmocom.org. pySim-prog - Utility for programmable SIM/USIM-Cards. https://osmocom.org/projects/pysim/wiki\r\nThe MONROE Alliance. Measuring Mobile Broadband Networks in Europe. https://www.monroe-project.eu","updated_timestamp":{"seconds":1688082240,"nanoseconds":0},"speakers":[{"content_ids":[50602],"conference_id":96,"event_ids":[50791],"name":"Adrian \"atrox\" Dabrowski","affiliations":[{"organization":"CISPA Helmholtz Center for Cybersecurity","title":""}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/atrox_at"},{"description":"","title":"Website","sort_order":0,"url":"https://www.ics.uci.edu/~dabrowsa/"}],"pronouns":"he/him","media":[],"id":49839,"title":"CISPA Helmholtz Center for Cybersecurity"},{"content_ids":[50602],"conference_id":96,"event_ids":[50791],"name":"Gabriel K. Gegenhuber","affiliations":[{"organization":"University of Vienna & SBA Research","title":""}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/GGegenhuber"},{"description":"","title":"Website","sort_order":0,"url":"https://informatik.univie.ac.at/Gabriel%20Karl.Gegenhuber"}],"pronouns":"he/him","media":[],"id":49840,"title":"University of Vienna & SBA Research"}],"timeband_id":992,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245773"}],"end":"2023-08-13T17:45:00.000-0000","id":50791,"tag_ids":[45589,45629,45630,45646,45766],"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"village_id":null,"includes":"Exploit 🪲, Tool 🛠","people":[{"tag_id":45590,"sort_order":1,"person_id":49839},{"tag_id":45590,"sort_order":1,"person_id":49840}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"spans_timebands":"N","begin":"2023-08-13T17:00:00.000-0000","updated":"2023-06-29T23:44:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The rapid advancement of cyber defense products has led to an increase in sophisticated memory evasion techniques employed by Red Teaming and Malware Development communities. These techniques aim to bypass the detection of malicious code by concealing its presence in a target process's memory. Among these methods, \"Thread Stack Spoofing\" is a technique that hides malicious calls in the stack by replacing arbitrary stack frames with fake ones.\r\n\r\nIn this talk, we present two novel approaches, \"Full Moon\" and \"Half Moon,\" for tampering with call stacks in a manner that is both opaque and difficult to detect. These techniques manipulate the call stack to produce unwinding or logically valid stacks, thwarting conventional detection methods.\r\n\r\nWe also introduce a detection algorithm, Eclipse, designed to identify instances of these tampering techniques. This algorithm extends the functionality of RtlVirtualUnwind to perform strict checks on specific instructions and call sequences, enabling the detection of tampered call stacks. We evaluate the efficacy of Eclipse against both Full Moon and Half Moon techniques and discuss its performance and limitations.\r\n\r\nAdditionally, we explore the possibility of combining these techniques to create an even more robust method for call stack tampering that is resistant to detection. Our study contributes to the growing body of knowledge in the field of call stack tampering and detection and provides valuable insights for researchers and security professionals aiming to mitigate such threats.\r\n\r\nREFERENCES:\r\n\r\nnamazso. 2019. x64 return address spoofing (source + explanation). UnKnoWnCheaTs - Multiplayer Game Hacking and Cheats. Retrieved April 4, 2023 from https://www.unknowncheats.me/forum/anti-cheat-bypass/268039-x64-return-address-spoofing-source-explanation.html\r\nMariusz Banach. 2023. Thread Stack Spoofing / Call Stack Spoofing PoC. Retrieved April 3, 2023 from https://github.com/mgeeky/ThreadStackSpoofer\r\nWilliam Burgess. Behind the Mask: Spoofing Call Stacks Dynamically with Timers | Cobalt Strike Blog. Fortra. Retrieved April 3, 2023 from https://www.cobaltstrike.com/blog/behind-the-mask-spoofing-call-stacks-dynamically-with-timers/\r\nWilliam Burgess. Spoofing Call Stacks To Confuse EDRs. Retrieved April 4, 2023 from https://labs.withsecure.com/publications/spoofing-call-stacks-to-confuse-edrs\r\nMicrosoft Corp. 2021. x64 prolog and epilog. Retrieved April 3, 2023 from https://learn.microsoft.com/en-us/cpp/build/prolog-and-epilog\r\nMicrosoft Corp. 2022. x64 exception handling. Retrieved April 3, 2023 from https://learn.microsoft.com/en-us/cpp/build/exception-handling-x64\r\nCodeMachine. 2021. x64 Deep Dive. Retrieved April 3, 2023 from https://www.codemachine.com/article_x64deepdive.html\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"title":"StackMoonwalk: A Novel approach to stack spoofing on Windows x64","end_timestamp":{"seconds":1691948700,"nanoseconds":0},"android_description":"The rapid advancement of cyber defense products has led to an increase in sophisticated memory evasion techniques employed by Red Teaming and Malware Development communities. These techniques aim to bypass the detection of malicious code by concealing its presence in a target process's memory. Among these methods, \"Thread Stack Spoofing\" is a technique that hides malicious calls in the stack by replacing arbitrary stack frames with fake ones.\r\n\r\nIn this talk, we present two novel approaches, \"Full Moon\" and \"Half Moon,\" for tampering with call stacks in a manner that is both opaque and difficult to detect. These techniques manipulate the call stack to produce unwinding or logically valid stacks, thwarting conventional detection methods.\r\n\r\nWe also introduce a detection algorithm, Eclipse, designed to identify instances of these tampering techniques. This algorithm extends the functionality of RtlVirtualUnwind to perform strict checks on specific instructions and call sequences, enabling the detection of tampered call stacks. We evaluate the efficacy of Eclipse against both Full Moon and Half Moon techniques and discuss its performance and limitations.\r\n\r\nAdditionally, we explore the possibility of combining these techniques to create an even more robust method for call stack tampering that is resistant to detection. Our study contributes to the growing body of knowledge in the field of call stack tampering and detection and provides valuable insights for researchers and security professionals aiming to mitigate such threats.\r\n\r\nREFERENCES:\r\n\r\nnamazso. 2019. x64 return address spoofing (source + explanation). UnKnoWnCheaTs - Multiplayer Game Hacking and Cheats. Retrieved April 4, 2023 from https://www.unknowncheats.me/forum/anti-cheat-bypass/268039-x64-return-address-spoofing-source-explanation.html\r\nMariusz Banach. 2023. Thread Stack Spoofing / Call Stack Spoofing PoC. Retrieved April 3, 2023 from https://github.com/mgeeky/ThreadStackSpoofer\r\nWilliam Burgess. Behind the Mask: Spoofing Call Stacks Dynamically with Timers | Cobalt Strike Blog. Fortra. Retrieved April 3, 2023 from https://www.cobaltstrike.com/blog/behind-the-mask-spoofing-call-stacks-dynamically-with-timers/\r\nWilliam Burgess. Spoofing Call Stacks To Confuse EDRs. Retrieved April 4, 2023 from https://labs.withsecure.com/publications/spoofing-call-stacks-to-confuse-edrs\r\nMicrosoft Corp. 2021. x64 prolog and epilog. Retrieved April 3, 2023 from https://learn.microsoft.com/en-us/cpp/build/prolog-and-epilog\r\nMicrosoft Corp. 2022. x64 exception handling. Retrieved April 3, 2023 from https://learn.microsoft.com/en-us/cpp/build/exception-handling-x64\r\nCodeMachine. 2021. x64 Deep Dive. Retrieved April 3, 2023 from https://www.codemachine.com/article_x64deepdive.html","updated_timestamp":{"seconds":1688182740,"nanoseconds":0},"speakers":[{"content_ids":[50667],"conference_id":96,"event_ids":[50776],"name":"Alessandro \"klezVirus\" Magnosi","affiliations":[{"organization":"BSI","title":"Principal Security Consultant"}],"pronouns":null,"links":[{"description":"","title":"","sort_order":0,"url":"https://klezvirus.github.io"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@klezVirus"}],"media":[],"id":49962,"title":"Principal Security Consultant at BSI"},{"content_ids":[50667],"conference_id":96,"event_ids":[50776],"name":"Arash \"waldo-irc\" Parsa","affiliations":[{"organization":"","title":"Cybersecurity Professional"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@waldoirc"},{"description":"","title":"Website","sort_order":0,"url":"https://www.arashparsa.com/"}],"pronouns":null,"media":[],"id":49963,"title":"Cybersecurity Professional"},{"content_ids":[50667],"conference_id":96,"event_ids":[50776],"name":"Athanasios \"trickster0\" Tserpelis","affiliations":[{"organization":"","title":"Red Teamer and Malware Developer"}],"links":[{"description":"","title":"Link","sort_order":0,"url":"https://trickster0.github.io/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/trickster012"}],"pronouns":null,"media":[],"id":50165,"title":"Red Teamer and Malware Developer"}],"timeband_id":992,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246120"}],"end":"2023-08-13T17:45:00.000-0000","id":50776,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"tag_ids":[45589,45630,45646,45766],"village_id":null,"includes":"Tool 🛠","people":[{"tag_id":45590,"sort_order":1,"person_id":49962},{"tag_id":45590,"sort_order":1,"person_id":49963},{"tag_id":45590,"sort_order":1,"person_id":50165}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 105,135,136 - Track 1","hotel":"","short_name":"Forum - 105,135,136 - Track 1","id":45796},"spans_timebands":"N","updated":"2023-07-01T03:39:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"BLE devices are now all the rage. What makes a purpose built tracking device like the AirTag all that different from the majority of BLE devices that have a fixed address? With the rise of IoT we're also seeing a rise in government and corporate BLE surveillance systems. We'll look at tools that normal people can use to find out if their favorite IoT gear is easily trackable. If headphones and GoPro's use fixed addresses, what about stun guns and bodycams? We'll take a look at IoT gear used by authorities and how it may be detectedable over long durations, just like an AirTag.\r\n\r\nREFERENCES:\r\nHandoff All Your Privacy – A Review of Apple’s Bluetooth Low Energy Continuity Protocol\r\nFreqy DEFCON 29 RF Village - \"Basics of Breaking BLE\"\r\nHandoff All Your Privacy – A Review of Apple’s Bluetooth Low Energy Continuity Protocol\r\nDEF CON 26 - Damien virtualabs Cauquil - You had better secure your BLE devices\r\nMike Spicer - I Know What U Did Last Summer 3 Yrs Wireless Monitoring DEFCON - DEF CON 27 Conference\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#47c64e","updated_at":"2024-06-07T03:38+0000","name":"DEF CON War Story","id":45844},"title":"Snoop unto them, as they snoop unto us","end_timestamp":{"seconds":1691947200,"nanoseconds":0},"android_description":"BLE devices are now all the rage. What makes a purpose built tracking device like the AirTag all that different from the majority of BLE devices that have a fixed address? With the rise of IoT we're also seeing a rise in government and corporate BLE surveillance systems. We'll look at tools that normal people can use to find out if their favorite IoT gear is easily trackable. If headphones and GoPro's use fixed addresses, what about stun guns and bodycams? We'll take a look at IoT gear used by authorities and how it may be detectedable over long durations, just like an AirTag.\r\n\r\nREFERENCES:\r\nHandoff All Your Privacy – A Review of Apple’s Bluetooth Low Energy Continuity Protocol\r\nFreqy DEFCON 29 RF Village - \"Basics of Breaking BLE\"\r\nHandoff All Your Privacy – A Review of Apple’s Bluetooth Low Energy Continuity Protocol\r\nDEF CON 26 - Damien virtualabs Cauquil - You had better secure your BLE devices\r\nMike Spicer - I Know What U Did Last Summer 3 Yrs Wireless Monitoring DEFCON - DEF CON 27 Conference","updated_timestamp":{"seconds":1691100660,"nanoseconds":0},"speakers":[{"content_ids":[50599],"conference_id":96,"event_ids":[50749],"name":"nullagent","affiliations":[{"organization":"Dataparty","title":"Member"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/nullagent"}],"pronouns":"he/him","media":[],"id":49835,"title":"Member at Dataparty"},{"content_ids":[50599],"conference_id":96,"event_ids":[50749],"name":"Rekcahdam","affiliations":[{"organization":"","title":"Hacker"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/rekcahdam"},{"description":"","title":"Website","sort_order":0,"url":"https://www.rekcahdam.com"}],"media":[],"id":49836,"title":"Hacker"},{"content_ids":[50599],"conference_id":96,"event_ids":[50749],"name":"Michaud \"5@\\/@g3\" Savage","affiliations":[{"organization":"Dataparty","title":"Apprentice"}],"links":[],"pronouns":null,"media":[],"id":51401,"title":"Apprentice at Dataparty"}],"timeband_id":992,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245770"}],"end":"2023-08-13T17:20:00.000-0000","id":50749,"village_id":null,"begin_timestamp":{"seconds":1691946000,"nanoseconds":0},"tag_ids":[45592,45629,45630,45646,45844],"includes":"Demo 💻, Exploit 🪲, Tool 🛠","people":[{"tag_id":45590,"sort_order":1,"person_id":51401},{"tag_id":45590,"sort_order":1,"person_id":49836},{"tag_id":45590,"sort_order":1,"person_id":49835}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 130-134 - Track 3","hotel":"","short_name":"Forum - 130-134 - Track 3","id":45798},"spans_timebands":"N","updated":"2023-08-03T22:11:00.000-0000","begin":"2023-08-13T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The WAF. The world's most beloved security tool after antiviruses and password complexity requirements. The speakers spent the last five years working on making them suck less and operating one at a global scale. By sharing war stories, mistakes and discoveries, we will provide the audience with tools and strategies to make their WAF experience more palatable. Whether you're a WAF operator, user or vendor, you will get actionable takeaways from our ordeal^W^W^W experience.\r\n\r\nFirst, we will share our learnings on creating a generic set of rules with low noise. This will go from a better understanding of real world attacks to common false positive patterns. We will also cover strategies to catch issues in rules at scale and expand the coverage of new unknown attacks.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"WAF: Making a Problematic Security Tool Suck Less","android_description":"The WAF. The world's most beloved security tool after antiviruses and password complexity requirements. The speakers spent the last five years working on making them suck less and operating one at a global scale. By sharing war stories, mistakes and discoveries, we will provide the audience with tools and strategies to make their WAF experience more palatable. Whether you're a WAF operator, user or vendor, you will get actionable takeaways from our ordeal^W^W^W experience.\r\n\r\nFirst, we will share our learnings on creating a generic set of rules with low noise. This will go from a better understanding of real world attacks to common false positive patterns. We will also cover strategies to catch issues in rules at scale and expand the coverage of new unknown attacks.","end_timestamp":{"seconds":1691946900,"nanoseconds":0},"updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52126],"conference_id":96,"event_ids":[52309],"name":"Emile Spir","affiliations":[],"pronouns":null,"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/ehspir/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/Taiki__San"}],"media":[],"id":51335},{"content_ids":[52126],"conference_id":96,"event_ids":[52309],"name":"Emmanuelle Lejeail","affiliations":[],"pronouns":null,"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/emmanuelle-lejeail/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/ManuLejeail"}],"media":[],"id":51336}],"timeband_id":992,"links":[],"end":"2023-08-13T17:15:00.000-0000","id":52309,"begin_timestamp":{"seconds":1691944200,"nanoseconds":0},"tag_ids":[40297,45645,45647,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51335},{"tag_id":45590,"sort_order":1,"person_id":51336}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Main Stage","hotel":"","short_name":"AppSec Village - Main Stage","id":45960},"updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-13T16:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"We passively monitor the #DEFCON network looking for insecure network traffic. Drop by and see just how easy it can be! We strive to educate the “sheep” we catch: a friendly reminder that security matters.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Wall of Sheep","end_timestamp":{"seconds":1691956800,"nanoseconds":0},"android_description":"We passively monitor the #DEFCON network looking for insecure network traffic. Drop by and see just how easy it can be! We strive to educate the “sheep” we catch: a friendly reminder that security matters.","updated_timestamp":{"seconds":1691375400,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T20:00:00.000-0000","id":52592,"begin_timestamp":{"seconds":1691942400,"nanoseconds":0},"tag_ids":[40288,45646,45743,45775],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"spans_timebands":"N","begin":"2023-08-13T16:00:00.000-0000","updated":"2023-08-07T02:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Shell On Demand Appliance Machine (S.O.D.A. Machine) at DEF CON provided by the National Upcycled Computing Collective, Inc. (NUCC).\r\n\r\nSo, what's the S.O.D.A. Machine all about? \r\n\r\nPicture this:\r\n\r\nYou're at DEF CON, thirsty for some hacking. You're looking for a virtual machine (VM) to play with but don't want to be chained to your laptop.\r\n\r\nEnter the Shell On Demand Appliance:\r\n\r\nThis heavily modified VM is your gateway to an anonymous VM, available in the Chillout Lounge and accessible over the DEF CON network. \r\n\r\nA fusion of hardware, software, art, and hacking, all encapsulated in a project derived from recycled materials. The S.O.D.A. Machine provides a way for Humans to experience the DEF CON network in a way the secure WiFi won't allow, because the datacenter is inside the S.O.D.A. Machine and directly connected to the NOC.\r\n\r\nSimply insert cash or coins into the bill or coin acceptor to get started. The lights on the buttons will change color depending on availibility.\r\n\r\nA green light means the VM is available and ready.\r\n\r\nAn amber light requests the user to insert more money to ensure fair distribution according to current resources.\r\n\r\nA red light denotes the selection is unavailable.\r\n\r\nOnce you make a selection, the system will deploy the VM to the network and a receipt will be printed.\r\n\r\nOn the receipt, login credentials are provided for you to access your virtual machine via remote shell. You are then able to change the password, install whatever tools and applications you need, making the VM your own.\r\n\r\nWhat you do with the VM is up to you. Should you choose to share your virtual machine with someone outside of the DEF CON network, a Tor address is provided as well.\r\n\r\nAll proceeds go to the National Upcycled Computing Collective, Inc., a 501(c)(3) nonprofit organization helping further research and education in computer science, technology and engineering as an (NTEE U41) Research Institute.\r\n\r\nWe accept donations: https://www.paypal.com/paypalme/NUCC\r\n\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#77d8b8","updated_at":"2024-06-07T03:38+0000","name":"Misc","id":45640},"title":"Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)","android_description":"The Shell On Demand Appliance Machine (S.O.D.A. Machine) at DEF CON provided by the National Upcycled Computing Collective, Inc. (NUCC).\r\n\r\nSo, what's the S.O.D.A. Machine all about? \r\n\r\nPicture this:\r\n\r\nYou're at DEF CON, thirsty for some hacking. You're looking for a virtual machine (VM) to play with but don't want to be chained to your laptop.\r\n\r\nEnter the Shell On Demand Appliance:\r\n\r\nThis heavily modified VM is your gateway to an anonymous VM, available in the Chillout Lounge and accessible over the DEF CON network. \r\n\r\nA fusion of hardware, software, art, and hacking, all encapsulated in a project derived from recycled materials. The S.O.D.A. Machine provides a way for Humans to experience the DEF CON network in a way the secure WiFi won't allow, because the datacenter is inside the S.O.D.A. Machine and directly connected to the NOC.\r\n\r\nSimply insert cash or coins into the bill or coin acceptor to get started. The lights on the buttons will change color depending on availibility.\r\n\r\nA green light means the VM is available and ready.\r\n\r\nAn amber light requests the user to insert more money to ensure fair distribution according to current resources.\r\n\r\nA red light denotes the selection is unavailable.\r\n\r\nOnce you make a selection, the system will deploy the VM to the network and a receipt will be printed.\r\n\r\nOn the receipt, login credentials are provided for you to access your virtual machine via remote shell. You are then able to change the password, install whatever tools and applications you need, making the VM your own.\r\n\r\nWhat you do with the VM is up to you. Should you choose to share your virtual machine with someone outside of the DEF CON network, a Tor address is provided as well.\r\n\r\nAll proceeds go to the National Upcycled Computing Collective, Inc., a 501(c)(3) nonprofit organization helping further research and education in computer science, technology and engineering as an (NTEE U41) Research Institute.\r\n\r\nWe accept donations: https://www.paypal.com/paypalme/NUCC","end_timestamp":{"seconds":1691965800,"nanoseconds":0},"updated_timestamp":{"seconds":1690997580,"nanoseconds":0},"speakers":[],"timeband_id":992,"end":"2023-08-13T22:30:00.000-0000","links":[{"label":"Twitter (@ShellsOnDemand)","type":"link","url":"https://twitter.com/ShellsOnDemand"},{"label":"Mastodon (@soda@defcon.social)","type":"link","url":"https://defcon.social/@soda"}],"id":52212,"village_id":null,"begin_timestamp":{"seconds":1691942400,"nanoseconds":0},"tag_ids":[45640,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 121-123, 129, 137 - Chillout","hotel":"","short_name":"Forum - 121-123, 129, 137 - Chillout","id":45854},"updated":"2023-08-02T17:33:00.000-0000","begin":"2023-08-13T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Ready to upgrade your skills at the Packet Hacking Village? It’s time to play Packet Detective. A step up in difficulty from Packet Investigator, Packet Detective will test your network hunting abilities at the intermediate level. Come learn some new tricks!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"Packet Detective","android_description":"Ready to upgrade your skills at the Packet Hacking Village? It’s time to play Packet Detective. A step up in difficulty from Packet Investigator, Packet Detective will test your network hunting abilities at the intermediate level. Come learn some new tricks!","end_timestamp":{"seconds":1691956800,"nanoseconds":0},"updated_timestamp":{"seconds":1691375460,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T20:00:00.000-0000","id":51749,"village_id":null,"tag_ids":[40288,45646,45743,45775],"begin_timestamp":{"seconds":1691942400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"spans_timebands":"N","updated":"2023-08-07T02:31:00.000-0000","begin":"2023-08-13T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"New to packet-fu? Don't know a pcap from a bottle cap? Packet Inspector is the game for you! We provide the laptops and all necessary tools for you to learn the basics of network analysis, sniffing, and forensics.\n\n\n","title":"Packet Inspector","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"android_description":"New to packet-fu? Don't know a pcap from a bottle cap? Packet Inspector is the game for you! We provide the laptops and all necessary tools for you to learn the basics of network analysis, sniffing, and forensics.","end_timestamp":{"seconds":1691960400,"nanoseconds":0},"updated_timestamp":{"seconds":1691375460,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T21:00:00.000-0000","id":51748,"begin_timestamp":{"seconds":1691942400,"nanoseconds":0},"tag_ids":[40288,45646,45743,45775],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"updated":"2023-08-07T02:31:00.000-0000","begin":"2023-08-13T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Fleet is an open-core, cross-platform solution that provides real-time insights using osquery and GitOps-driven management for all your devices, including Mac, Windows, Linux, and ChromeOS. Join the adventure and explore a wonderland of data!\n\n\n","title":"Fleet DefCon 31 Workshop","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691956800,"nanoseconds":0},"android_description":"Fleet is an open-core, cross-platform solution that provides real-time insights using osquery and GitOps-driven management for all your devices, including Mac, Windows, Linux, and ChromeOS. Join the adventure and explore a wonderland of data!","updated_timestamp":{"seconds":1691375760,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T20:00:00.000-0000","id":51747,"village_id":null,"begin_timestamp":{"seconds":1691942400,"nanoseconds":0},"tag_ids":[40288,45646,45719,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"spans_timebands":"N","updated":"2023-08-07T02:36:00.000-0000","begin":"2023-08-13T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In this workshop, you'll learn real-world penetration testing techniques for guessing passwords using Hydra, xHydra, and Hashcat.\n\n\n","title":"Password Lab","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691956800,"nanoseconds":0},"android_description":"In this workshop, you'll learn real-world penetration testing techniques for guessing passwords using Hydra, xHydra, and Hashcat.","updated_timestamp":{"seconds":1691375700,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T20:00:00.000-0000","id":51746,"begin_timestamp":{"seconds":1691942400,"nanoseconds":0},"tag_ids":[40288,45646,45719,45743],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"begin":"2023-08-13T16:00:00.000-0000","updated":"2023-08-07T02:35:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Is regex a mystery to you? We've got your back at the Packet Hacking Village. Our new interactive REGEX Trainer will walk you through learning then doing, giving you a full understanding of how Regular Expressions work. \n\n\n","title":"RegEx Trainer","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"android_description":"Is regex a mystery to you? We've got your back at the Packet Hacking Village. Our new interactive REGEX Trainer will walk you through learning then doing, giving you a full understanding of how Regular Expressions work.","end_timestamp":{"seconds":1691956800,"nanoseconds":0},"updated_timestamp":{"seconds":1691375640,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T20:00:00.000-0000","id":51745,"begin_timestamp":{"seconds":1691942400,"nanoseconds":0},"village_id":null,"tag_ids":[40288,45646,45719,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"begin":"2023-08-13T16:00:00.000-0000","updated":"2023-08-07T02:34:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The NetworkOS workshop takes you into the mysterious world underpinning modern computing and global communication: the network itself. Step by step, you'll learn all the basics you need. No experience needed: must know how to type and copy/paste. \n\n\n","title":"NetworkOS: Be The Cloud","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691956800,"nanoseconds":0},"android_description":"The NetworkOS workshop takes you into the mysterious world underpinning modern computing and global communication: the network itself. Step by step, you'll learn all the basics you need. No experience needed: must know how to type and copy/paste.","updated_timestamp":{"seconds":1691375700,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T20:00:00.000-0000","id":51744,"village_id":null,"tag_ids":[40288,45646,45719,45743],"begin_timestamp":{"seconds":1691942400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"updated":"2023-08-07T02:35:00.000-0000","begin":"2023-08-13T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Are you new to hacking? Want to learn Linux? We have a workshop for you! Interactive style training will teach you the basics of this operating system step by step so you can start your journey.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"title":"Linux Trainer Workshop","end_timestamp":{"seconds":1691956800,"nanoseconds":0},"android_description":"Are you new to hacking? Want to learn Linux? We have a workshop for you! Interactive style training will teach you the basics of this operating system step by step so you can start your journey.","updated_timestamp":{"seconds":1691375580,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T20:00:00.000-0000","id":51743,"village_id":null,"begin_timestamp":{"seconds":1691942400,"nanoseconds":0},"tag_ids":[40288,45646,45719,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"spans_timebands":"N","updated":"2023-08-07T02:33:00.000-0000","begin":"2023-08-13T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"BYOB is intended to be a beginner friendly workshop dive into how botnets work. Attendees will use a web application to create a \"dropper\" file. (It is a tiny file whose only purposes is to fetch and execute the next stage of code). Then put the dropper file on another computer to obfuscate the command computer. The dropper is heavily obfuscated and compressed, and is a small python script. Attendees will learn how bot command and control works and cause several bots to probe a potential next target to gain access.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"Build Your Own Botnet","android_description":"BYOB is intended to be a beginner friendly workshop dive into how botnets work. Attendees will use a web application to create a \"dropper\" file. (It is a tiny file whose only purposes is to fetch and execute the next stage of code). Then put the dropper file on another computer to obfuscate the command computer. The dropper is heavily obfuscated and compressed, and is a small python script. Attendees will learn how bot command and control works and cause several bots to probe a potential next target to gain access.","end_timestamp":{"seconds":1691956800,"nanoseconds":0},"updated_timestamp":{"seconds":1691375760,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T20:00:00.000-0000","id":51742,"begin_timestamp":{"seconds":1691942400,"nanoseconds":0},"village_id":null,"tag_ids":[40288,45646,45719,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"spans_timebands":"N","begin":"2023-08-13T16:00:00.000-0000","updated":"2023-08-07T02:36:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Think you know your way around a honeypot? Come to the Packet Hacking Village for a friendly, fun, low-pressure DEFCON challenge that's open to all! This game is designed for users of all experience levels: bring your own laptop, SSH in, and explore the adventure.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"title":"Honey Pot Workshop","android_description":"Think you know your way around a honeypot? Come to the Packet Hacking Village for a friendly, fun, low-pressure DEFCON challenge that's open to all! This game is designed for users of all experience levels: bring your own laptop, SSH in, and explore the adventure.","end_timestamp":{"seconds":1691956800,"nanoseconds":0},"updated_timestamp":{"seconds":1691375580,"nanoseconds":0},"speakers":[],"timeband_id":992,"links":[],"end":"2023-08-13T20:00:00.000-0000","id":51741,"begin_timestamp":{"seconds":1691942400,"nanoseconds":0},"tag_ids":[40288,45646,45719,45743],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"spans_timebands":"N","begin":"2023-08-13T16:00:00.000-0000","updated":"2023-08-07T02:33:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Don't know how to make a network cable and want to learn? Has it been years? Or do you think you're a pro? Come test your skills against the clock, and make the best cable at con!\n\n\n","title":"HardWired","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"end_timestamp":{"seconds":1691956800,"nanoseconds":0},"android_description":"Don't know how to make a network cable and want to learn? Has it been years? Or do you think you're a pro? Come test your skills against the clock, and make the best cable at con!","updated_timestamp":{"seconds":1691375520,"nanoseconds":0},"speakers":[],"timeband_id":992,"end":"2023-08-13T20:00:00.000-0000","links":[{"label":"Aries Security","type":"link","url":"https://www.ariessecurity.com"},{"label":"Capture the Packet","type":"link","url":"https://www.capturethepacket.com"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245293"},{"label":"Twitter (@wallofsheep)","type":"link","url":"https://twitter.com/@wallofsheep"},{"label":"Twitter (@capturetp)","type":"link","url":"https://twitter.com/@capturetp"}],"id":51487,"tag_ids":[40288,45635,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691942400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"spans_timebands":"N","updated":"2023-08-07T02:32:00.000-0000","begin":"2023-08-13T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Developing offensive thinking is the highlight of this training, you’ll be able to create different strategies to send some attacks and know how you can deliver that, and so on. Participants will have the experience of learning to execute several efficiency and detection tests in your lab environment, bringing the result of the defensive security analysis with an offensive mindset performed some types of the attacks that are used in cybercrime and being able to take practical actions to identify these threats. Understanding how Cyber Kill Chain works, learning Static and Dynamic Analysis of some types of files, and executing your own attacks...\n\n\n","title":"Malware Hunting an Offensive Approach","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"android_description":"Developing offensive thinking is the highlight of this training, you’ll be able to create different strategies to send some attacks and know how you can deliver that, and so on. Participants will have the experience of learning to execute several efficiency and detection tests in your lab environment, bringing the result of the defensive security analysis with an offensive mindset performed some types of the attacks that are used in cybercrime and being able to take practical actions to identify these threats. Understanding how Cyber Kill Chain works, learning Static and Dynamic Analysis of some types of files, and executing your own attacks...","end_timestamp":{"seconds":1691946000,"nanoseconds":0},"updated_timestamp":{"seconds":1689358500,"nanoseconds":0},"speakers":[{"content_ids":[51088],"conference_id":96,"event_ids":[51119,51143,51144],"name":"Filipi Pires","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/FilipiPires"}],"media":[],"id":50262}],"timeband_id":992,"links":[],"end":"2023-08-13T17:00:00.000-0000","id":51144,"tag_ids":[40294,45647,45719],"village_id":60,"begin_timestamp":{"seconds":1691942400,"nanoseconds":0},"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50262}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 1","hotel":"","short_name":"Area 1","id":45825},"spans_timebands":"N","updated":"2023-07-14T18:15:00.000-0000","begin":"2023-08-13T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Robust red team practices generate multiple findings gradually; defenders struggle to keep up with remediations and detections. All red team findings are critical, but if everything is a priority, then nothing is. Organizations cannot feasibly defend against all ATT&CK techniques. They have more findings than they can optimally assign resources to and focus on the critical ones; they need a system to help them make this task manageable. This Workshop introduces CRTFSS: A methodology to prioritize red team findings using adversary behaviors observed in real-world threat intelligence and mapped to the MITRE ATT&CK based on the most frequent TTPs that score each finding based on the complexity of remediation and exploitability.\n\n\n","title":"How to prioritize Red Team Findings? Presenting CRTFSS: Common Red Team Findings Score System Ver. 1.0","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"android_description":"Robust red team practices generate multiple findings gradually; defenders struggle to keep up with remediations and detections. All red team findings are critical, but if everything is a priority, then nothing is. Organizations cannot feasibly defend against all ATT&CK techniques. They have more findings than they can optimally assign resources to and focus on the critical ones; they need a system to help them make this task manageable. This Workshop introduces CRTFSS: A methodology to prioritize red team findings using adversary behaviors observed in real-world threat intelligence and mapped to the MITRE ATT&CK based on the most frequent TTPs that score each finding based on the complexity of remediation and exploitability.","end_timestamp":{"seconds":1691946000,"nanoseconds":0},"updated_timestamp":{"seconds":1689358320,"nanoseconds":0},"speakers":[{"content_ids":[51082],"conference_id":96,"event_ids":[51114,51137,51138],"name":"Guillermo Buendia","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/bym0m0"}],"media":[],"id":50264}],"timeband_id":992,"links":[],"end":"2023-08-13T17:00:00.000-0000","id":51138,"village_id":60,"begin_timestamp":{"seconds":1691942400,"nanoseconds":0},"tag_ids":[40294,45647,45719],"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50264}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 3","hotel":"","short_name":"Area 3","id":45827},"spans_timebands":"N","updated":"2023-07-14T18:12:00.000-0000","begin":"2023-08-13T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The integration of artificial intelligence (AI) into red team operations has revolutionized the way cybersecurity professionals approach their work. This workshop will equip participants with the necessary skills and understanding to leverage AI tools effectively throughout different stages of red team operations.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"Artificial Intelligence for Red Team Operations","end_timestamp":{"seconds":1691949600,"nanoseconds":0},"android_description":"The integration of artificial intelligence (AI) into red team operations has revolutionized the way cybersecurity professionals approach their work. This workshop will equip participants with the necessary skills and understanding to leverage AI tools effectively throughout different stages of red team operations.","updated_timestamp":{"seconds":1689358620,"nanoseconds":0},"speakers":[{"content_ids":[51094],"conference_id":96,"event_ids":[51125,51130],"name":"Peter Halberg","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/MiloSilo_Hacks"}],"media":[],"id":50278}],"timeband_id":992,"links":[],"end":"2023-08-13T18:00:00.000-0000","id":51130,"village_id":60,"begin_timestamp":{"seconds":1691942400,"nanoseconds":0},"tag_ids":[40294,45647,45719],"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50278}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 4","hotel":"","short_name":"Area 4","id":45828},"spans_timebands":"N","begin":"2023-08-13T16:00:00.000-0000","updated":"2023-07-14T18:17:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Adversaries, red teamer's, and bug bounty hunters share some common TTPs, they all do extensive recon on their targets. Join Jason in this 2hour workshop as he goes through tools and techniques when targeting an organization and its' people. Jason will cover email acquisition, technology profiling, external attack surface (cloud, mobile, ++), historical data mining for endpoints, and much, much more. Jason will walk through each tool in the toolchain, live, for the students while he reveals his own personal tips and tricks in each section. The workshop will be performed on LIVE targets, so fasten your seatbelts! This workshop is a must-see for anyone in the offensive security space.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"Recon for Red Teamers and Bug Hunters 2.0","android_description":"Adversaries, red teamer's, and bug bounty hunters share some common TTPs, they all do extensive recon on their targets. Join Jason in this 2hour workshop as he goes through tools and techniques when targeting an organization and its' people. Jason will cover email acquisition, technology profiling, external attack surface (cloud, mobile, ++), historical data mining for endpoints, and much, much more. Jason will walk through each tool in the toolchain, live, for the students while he reveals his own personal tips and tricks in each section. The workshop will be performed on LIVE targets, so fasten your seatbelts! This workshop is a must-see for anyone in the offensive security space.","end_timestamp":{"seconds":1691949600,"nanoseconds":0},"updated_timestamp":{"seconds":1689358680,"nanoseconds":0},"speakers":[{"content_ids":[51097,51303,51307,51998,52118],"conference_id":96,"event_ids":[51128,51365,51369,52192,52342],"name":"Jason Haddix","affiliations":[{"organization":"BuddoBot","title":"CISO and “Hacker in Charge”"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jhaddix"}],"pronouns":null,"media":[],"id":50266,"title":"CISO and “Hacker in Charge” at BuddoBot"}],"timeband_id":992,"links":[],"end":"2023-08-13T18:00:00.000-0000","id":51128,"village_id":60,"begin_timestamp":{"seconds":1691942400,"nanoseconds":0},"tag_ids":[40294,45647,45719],"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50266}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 6","hotel":"","short_name":"Area 6","id":45830},"spans_timebands":"N","begin":"2023-08-13T16:00:00.000-0000","updated":"2023-07-14T18:18:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"IF the future is coming and it is! Then you're going to need to run! Get started at defcon.run!\r\n\r\nDefcon.run is an evolution of the now long running Defcon 4x5K running event. But now it's bigger and more fun! Due to stupendous growth, we’ve been forced to change up the format. This year's activity will look to match up folks for fun runs, and rucks (!), in smaller distributed groups around Las Vegas. It’s the same old event but at a distributed scale! Show up in the morning to beat the heat, go for a run with folks, have a good time!\r\n\r\nWe’ll have a full set of routes for people to choose from from simple 5Ks to more ambitious distances.\r\n\r\nYou can register to log your distance, we'll have a leader board, and shenanigans! Full Information at https://defcon.run\r\n\r\nInterested parties should rally at Harrah's Goldfield at 06:00, but be sure to check [defcon.run](https://defcon.run) for any updates.\n\n\n","title":"Defcon.run","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#697bd0","name":"Event","id":45638},"android_description":"IF the future is coming and it is! Then you're going to need to run! Get started at defcon.run!\r\n\r\nDefcon.run is an evolution of the now long running Defcon 4x5K running event. But now it's bigger and more fun! Due to stupendous growth, we’ve been forced to change up the format. This year's activity will look to match up folks for fun runs, and rucks (!), in smaller distributed groups around Las Vegas. It’s the same old event but at a distributed scale! Show up in the morning to beat the heat, go for a run with folks, have a good time!\r\n\r\nWe’ll have a full set of routes for people to choose from from simple 5Ks to more ambitious distances.\r\n\r\nYou can register to log your distance, we'll have a leader board, and shenanigans! Full Information at https://defcon.run\r\n\r\nInterested parties should rally at Harrah's Goldfield at 06:00, but be sure to check [defcon.run](https://defcon.run) for any updates.","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"updated_timestamp":{"seconds":1690671360,"nanoseconds":0},"speakers":[],"timeband_id":992,"end":"2023-08-13T19:00:00.000-0000","links":[{"label":"Website","type":"link","url":"https://defcon.run"},{"label":"Twitter","type":"link","url":"https://twitter.com/defcon_run"},{"label":"Mastodon (@run@defcon.social)","type":"link","url":"https://defcon.social/@run"}],"id":51595,"begin_timestamp":{"seconds":1691931600,"nanoseconds":0},"tag_ids":[45638],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Other/See Description","hotel":"","short_name":"Other/See Description","id":45750},"updated":"2023-07-29T22:56:00.000-0000","begin":"2023-08-13T13:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Want to hang out without the loud music so that you can actually have a conversation? Put on your raddest 80s gear and join the Social Engineering Community for a themed get-together for a chance to hang out and meet new people! We'll have a cash bar with both boozy and booze-free options.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#bfb17d","name":"Party","id":45642},"title":"Social Engineering Community Party","end_timestamp":{"seconds":1691910000,"nanoseconds":0},"android_description":"Want to hang out without the loud music so that you can actually have a conversation? Put on your raddest 80s gear and join the Social Engineering Community for a themed get-together for a chance to hang out and meet new people! We'll have a cash bar with both boozy and booze-free options.","updated_timestamp":{"seconds":1690129320,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T07:00:00.000-0000","id":51554,"village_id":null,"tag_ids":[40302,45642,45646,45743],"begin_timestamp":{"seconds":1691902800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 117-118","hotel":"","short_name":"Forum - 117-118","id":45887},"spans_timebands":"Y","begin":"2023-08-13T05:00:00.000-0000","updated":"2023-07-23T16:22:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This year it is **80's themed** so be sure to dress up (although we'll have some accessories if you forget yours).\r\n\r\nThe party will be in the Forums (room 117/118), not our village, Saturday from 2100-2359. Cash bar with boozy and booze-free options.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#bfb17d","updated_at":"2024-06-07T03:38+0000","name":"Party","id":45642},"title":"SECV - 80's Themed Party!","android_description":"This year it is **80's themed** so be sure to dress up (although we'll have some accessories if you forget yours).\r\n\r\nThe party will be in the Forums (room 117/118), not our village, Saturday from 2100-2359. Cash bar with boozy and booze-free options.","end_timestamp":{"seconds":1691910000,"nanoseconds":0},"updated_timestamp":{"seconds":1690590540,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T07:00:00.000-0000","id":51704,"begin_timestamp":{"seconds":1691899200,"nanoseconds":0},"tag_ids":[40302,45642,45646,45743],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 117-118","hotel":"","short_name":"Forum - 117-118","id":45887},"updated":"2023-07-29T00:29:00.000-0000","begin":"2023-08-13T04:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Join us Saturday night (Aug 12) at the SYN Stage in Caesars Forum for \"Yarrrrgh Pirate Night\", which is our answer to last year's Night of the Ninjas. \r\n\r\nAt 23:00, we feature the pirate rock band O'Craven.\r\n\r\nContest - Win the cost of a DEF CON Badge - $440!\r\n\r\nIt's your turn to participate! We seek the best dressed as a pirate! Dust off your costume or make a new one -- just show up -- it's supposed to be fun! The winner will receive a cash prize equal to the cost of the DEF CON 31 badge. The pirate band will judge the costumes and help choose a winner. Contest on the stage immediately following O'Craven at 00:00.\r\n\r\nFeaturing performances by:\r\n - 21:00 – 22:00 – FuzzyNop\r\n - 22:00 – 23:00 – Skittish & Bus\r\n - 23:00 – 00:15 – O’Craven Pirate Band\r\n - 00:00 - 00:15 – Costume Contest\r\n - 00:15 – 01:00 – Miss Jackalope\r\n - 01:00 – 02:00 – Ninjula\r\n\r\nContent from this stage will be streamed to https://www.twitch.tv/defconorg_entertainment\r\n\n\n\n","title":"Yarrrrgh Pirate Night - Music Set / Entertainment (Saturday, SYN Stage)","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#9b8b77","name":"Entertainment","id":45637},"end_timestamp":{"seconds":1691917200,"nanoseconds":0},"android_description":"Join us Saturday night (Aug 12) at the SYN Stage in Caesars Forum for \"Yarrrrgh Pirate Night\", which is our answer to last year's Night of the Ninjas. \r\n\r\nAt 23:00, we feature the pirate rock band O'Craven.\r\n\r\nContest - Win the cost of a DEF CON Badge - $440!\r\n\r\nIt's your turn to participate! We seek the best dressed as a pirate! Dust off your costume or make a new one -- just show up -- it's supposed to be fun! The winner will receive a cash prize equal to the cost of the DEF CON 31 badge. The pirate band will judge the costumes and help choose a winner. Contest on the stage immediately following O'Craven at 00:00.\r\n\r\nFeaturing performances by:\r\n - 21:00 – 22:00 – FuzzyNop\r\n - 22:00 – 23:00 – Skittish & Bus\r\n - 23:00 – 00:15 – O’Craven Pirate Band\r\n - 00:00 - 00:15 – Costume Contest\r\n - 00:15 – 01:00 – Miss Jackalope\r\n - 01:00 – 02:00 – Ninjula\r\n\r\nContent from this stage will be streamed to https://www.twitch.tv/defconorg_entertainment","updated_timestamp":{"seconds":1690497900,"nanoseconds":0},"speakers":[{"content_ids":[51534],"conference_id":96,"event_ids":[51690],"name":"FuzzyNop","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Website","sort_order":0,"url":"https://fuzzy.place/"}],"media":[],"id":50657},{"content_ids":[51534,51417],"conference_id":96,"event_ids":[51546,51690],"name":"Miss Jackalope","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitch","sort_order":0,"url":"https://www.twitch.tv/missjackalope"}],"media":[],"id":50667},{"content_ids":[51534],"conference_id":96,"event_ids":[51690],"name":"Ninjula","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/countninjula"}],"pronouns":null,"media":[],"id":50671},{"content_ids":[51534],"conference_id":96,"event_ids":[51690],"name":"O'Craven Pirate Band","affiliations":[],"links":[{"description":"","title":"Website","sort_order":0,"url":"https://www.ocraven.com/"}],"pronouns":null,"media":[],"id":50673},{"content_ids":[51534,51417],"conference_id":96,"event_ids":[51546,51690],"name":"Skittish & Bus","affiliations":[],"links":[{"description":"","title":"Twitch","sort_order":0,"url":"https://twitch.tv/skittishandbus"}],"pronouns":null,"media":[],"id":50678}],"timeband_id":991,"end":"2023-08-13T09:00:00.000-0000","links":[{"label":"Stream","type":"link","url":"https://www.twitch.tv/defconorg_entertainment"}],"id":51690,"tag_ids":[45637,45646,45766],"village_id":null,"begin_timestamp":{"seconds":1691899200,"nanoseconds":0},"includes":"","people":[{"tag_id":45774,"sort_order":1,"person_id":50657},{"tag_id":45774,"sort_order":1,"person_id":50667},{"tag_id":45774,"sort_order":1,"person_id":50671},{"tag_id":45774,"sort_order":1,"person_id":50673},{"tag_id":45774,"sort_order":1,"person_id":50678}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 121-123, 129, 137 - Chillout","hotel":"","short_name":"Forum - 121-123, 129, 137 - Chillout","id":45854},"updated":"2023-07-27T22:45:00.000-0000","begin":"2023-08-13T04:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"University of Advancing Technology will be hosting a pub in the DEF CON pub crawl. Grab a cocktail and meet the UAT staff!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#bfb17d","updated_at":"2024-06-07T03:38+0000","name":"Party","id":45642},"title":"University of Advancing Technology, Pub Crawl","end_timestamp":{"seconds":1691913600,"nanoseconds":0},"android_description":"University of Advancing Technology will be hosting a pub in the DEF CON pub crawl. Grab a cocktail and meet the UAT staff!","updated_timestamp":{"seconds":1690128960,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-13T08:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245852"},{"label":"Website","type":"link","url":"https://www.uat.edu/"},{"label":"Twitter (@UATedu)","type":"link","url":"https://twitter.com/@UATedu"}],"id":51551,"begin_timestamp":{"seconds":1691899200,"nanoseconds":0},"village_id":null,"tag_ids":[45642,45646,45743,45768],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 115-116","hotel":"","short_name":"Forum - 115-116","id":45886},"spans_timebands":"Y","begin":"2023-08-13T04:00:00.000-0000","updated":"2023-07-23T16:16:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Capitol Tech University will be a hosting a pub in the DEF CON pub crawl. Swing by for a chat and a beer!\n\n\n","title":"Capitol Tech University, Pub Crawl","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#bfb17d","name":"Party","id":45642},"android_description":"Capitol Tech University will be a hosting a pub in the DEF CON pub crawl. Swing by for a chat and a beer!","end_timestamp":{"seconds":1691913600,"nanoseconds":0},"updated_timestamp":{"seconds":1690128840,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-13T08:00:00.000-0000","links":[{"label":"Twitter (@captechu)","type":"link","url":"https://twitter.com/@captechu"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245854"},{"label":"Website","type":"link","url":"https://www.captechu.edu/"}],"id":51550,"begin_timestamp":{"seconds":1691899200,"nanoseconds":0},"tag_ids":[45642,45646,45743,45767],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 113-114","hotel":"","short_name":"Forum - 113-114","id":45884},"begin":"2023-08-13T04:00:00.000-0000","updated":"2023-07-23T16:14:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Hack The Box will be hosting a pub in the DEF CON pub crawl. Come socialize and have a drink!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#bfb17d","name":"Party","id":45642},"title":"Hack The Box, Pub Crawl","android_description":"Hack The Box will be hosting a pub in the DEF CON pub crawl. Come socialize and have a drink!","end_timestamp":{"seconds":1691913600,"nanoseconds":0},"updated_timestamp":{"seconds":1690128540,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-13T08:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245856"},{"label":"Website","type":"link","url":"https://www.hackthebox.com"},{"label":"Twitter (@hackthebox_eu)","type":"link","url":"https://twitter.com/@hackthebox_eu"}],"id":51549,"tag_ids":[45642,45646,45718,45743],"begin_timestamp":{"seconds":1691899200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 111-112","hotel":"","short_name":"Forum - 111-112","id":45882},"updated":"2023-07-23T16:09:00.000-0000","begin":"2023-08-13T04:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"🔊 Attention all Veterans, Cyber Warriors, AI buffs, and Skynet skeptics! VETCON is calling you to action! 📢\r\n\r\nJoin us on August 12, 2023, at Caesars Forum Rooms 105,136 in Las Vegas for a mission of a different kind. Transition into the cyber frontline, network with comrades-in-arms, and engage in some good old military humor that even a drill sergeant can't resist!\r\n\r\nNavy, it's after you've mistaken the hotel pool for the high seas. Marines, we'll see you post-crayon snack but pre-attempting to conquer the casino. Air Force, try to fit us in between your gourmet meals and five-star luxuries. Army, no amount of camouflage can hide your poker face!\r\n\r\nCoast Guard, be prepared to rescue any Navy personnel lost en route. And Space Force, we promise the gravity of the situation isn't too intense.\r\n\r\nFor our veterans and active-duty heroes looking to transition into cybersecurity, this is your chance to become the most unique people of the cyber world. For the general public, come meet the superstars ready to defend your cyberspace!\r\n\r\nThis mission is all fun, games, and camaraderie until someone loses at poker. So, gear up, report for duty, and let's show AI how the military does humor! 🤣🎖️\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#bfb17d","updated_at":"2024-06-07T03:38+0000","name":"Party","id":45642},"title":"VetCon","end_timestamp":{"seconds":1691917200,"nanoseconds":0},"android_description":"🔊 Attention all Veterans, Cyber Warriors, AI buffs, and Skynet skeptics! VETCON is calling you to action! 📢\r\n\r\nJoin us on August 12, 2023, at Caesars Forum Rooms 105,136 in Las Vegas for a mission of a different kind. Transition into the cyber frontline, network with comrades-in-arms, and engage in some good old military humor that even a drill sergeant can't resist!\r\n\r\nNavy, it's after you've mistaken the hotel pool for the high seas. Marines, we'll see you post-crayon snack but pre-attempting to conquer the casino. Air Force, try to fit us in between your gourmet meals and five-star luxuries. Army, no amount of camouflage can hide your poker face!\r\n\r\nCoast Guard, be prepared to rescue any Navy personnel lost en route. And Space Force, we promise the gravity of the situation isn't too intense.\r\n\r\nFor our veterans and active-duty heroes looking to transition into cybersecurity, this is your chance to become the most unique people of the cyber world. For the general public, come meet the superstars ready to defend your cyberspace!\r\n\r\nThis mission is all fun, games, and camaraderie until someone loses at poker. So, gear up, report for duty, and let's show AI how the military does humor! 🤣🎖️","updated_timestamp":{"seconds":1690135380,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-13T09:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/244840"}],"id":51542,"village_id":null,"begin_timestamp":{"seconds":1691899200,"nanoseconds":0},"tag_ids":[45642,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-110, 139","hotel":"","short_name":"Forum - 109-110, 139","id":45888},"spans_timebands":"Y","begin":"2023-08-13T04:00:00.000-0000","updated":"2023-07-23T18:03:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Arcade Party is back! Come play your favorite classic arcade games while jamming out to Keith Myers DJing. Your favorite custom built 16 player LED foosball table will be ready for some competitive games. This epic party, free for DEF CON 31 attendees to enjoy and play, is hosted by the Military Cyber Professionals Association (a tech ed charity) and friends. \n\n\n","title":"Arcade Party","type":{"conference_id":96,"conference":"DEFCON31","color":"#bfb17d","updated_at":"2024-06-07T03:38+0000","name":"Party","id":45642},"android_description":"The Arcade Party is back! Come play your favorite classic arcade games while jamming out to Keith Myers DJing. Your favorite custom built 16 player LED foosball table will be ready for some competitive games. This epic party, free for DEF CON 31 attendees to enjoy and play, is hosted by the Military Cyber Professionals Association (a tech ed charity) and friends.","end_timestamp":{"seconds":1691917200,"nanoseconds":0},"updated_timestamp":{"seconds":1690135320,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-13T09:00:00.000-0000","links":[{"label":"Website","type":"link","url":"https://ArcadeParty.org"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/244838"}],"id":51541,"village_id":null,"begin_timestamp":{"seconds":1691899200,"nanoseconds":0},"tag_ids":[45642,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 232-233 - Shared Stage","hotel":"","short_name":"Summit - 232-233 - Shared Stage","id":45900},"spans_timebands":"Y","begin":"2023-08-13T04:00:00.000-0000","updated":"2023-07-23T18:02:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"After Hours Social / Hang out with DEF CON Group members and DCG VR Staff","type":{"conference_id":96,"conference":"DEFCON31","color":"#74a6bb","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Groups VR","id":45643},"android_description":"","end_timestamp":{"seconds":1691899800,"nanoseconds":0},"updated_timestamp":{"seconds":1691203200,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Website","type":"link","url":"https://dcgvr.org/"},{"label":"Join via DCGVR","type":"link","url":"https://dcgvr.org/join"}],"end":"2023-08-13T04:10:00.000-0000","id":52455,"tag_ids":[45643,45744],"begin_timestamp":{"seconds":1691896200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45749},"spans_timebands":"N","updated":"2023-08-05T02:40:00.000-0000","begin":"2023-08-13T03:10:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#74a6bb","name":"DEF CON Groups VR","id":45643},"title":"DCGVR Closing","end_timestamp":{"seconds":1691896200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691203200,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Join via DCGVR","type":"link","url":"https://dcgvr.org/join"},{"label":"Website","type":"link","url":"https://dcgvr.org/"}],"end":"2023-08-13T03:10:00.000-0000","id":52454,"village_id":null,"tag_ids":[45643,45744],"begin_timestamp":{"seconds":1691895900,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45749},"spans_timebands":"N","begin":"2023-08-13T03:05:00.000-0000","updated":"2023-08-05T02:40:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"For those who love to sing and perform in front of others, we are celebrating our 15th year of Love, Laughter, and Song from 19:30 – 02:00 Friday and Saturday night.\r\n\r\nWe are open to everyone of any age, and singing is not required.\n\n\n","title":"Hacker Karaoke 15","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#bfb17d","name":"Party","id":45642},"android_description":"For those who love to sing and perform in front of others, we are celebrating our 15th year of Love, Laughter, and Song from 19:30 – 02:00 Friday and Saturday night.\r\n\r\nWe are open to everyone of any age, and singing is not required.","end_timestamp":{"seconds":1691917200,"nanoseconds":0},"updated_timestamp":{"seconds":1690137780,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Twitter (@hackerkaraoke)","type":"link","url":"https://twitter.com/@hackerkaraoke"},{"label":"Mastodon (@hackerkaraoke@defcon.social)","type":"link","url":"https://defcon.social/@hackerkaraoke"},{"label":"Website","type":"link","url":"https://hackerkaraoke.org"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245326"}],"end":"2023-08-13T09:00:00.000-0000","id":51548,"village_id":null,"begin_timestamp":{"seconds":1691895600,"nanoseconds":0},"tag_ids":[45642,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 216","hotel":"","short_name":"Summit - 216","id":45895},"spans_timebands":"Y","updated":"2023-07-23T18:43:00.000-0000","begin":"2023-08-13T03:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"BlanketFort Con: Come for the chill vibes and diversity, stay for the Blanket Fort Building, Cool Lights, Music, and Kid Friendly\\Safe environment. Now with less Gluten and more animal onesies! \n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#bfb17d","name":"Party","id":45642},"title":"BlanketFort Con","android_description":"BlanketFort Con: Come for the chill vibes and diversity, stay for the Blanket Fort Building, Cool Lights, Music, and Kid Friendly\\Safe environment. Now with less Gluten and more animal onesies!","end_timestamp":{"seconds":1691913600,"nanoseconds":0},"updated_timestamp":{"seconds":1690135860,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Twitter (@blanketfortcon)","type":"link","url":"https://twitter.com/@blanketfortcon"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245835"}],"end":"2023-08-13T08:00:00.000-0000","id":51545,"begin_timestamp":{"seconds":1691895600,"nanoseconds":0},"tag_ids":[45642,45646,45743],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 130","hotel":"","short_name":"Forum - 130","id":45892},"spans_timebands":"Y","updated":"2023-07-23T18:11:00.000-0000","begin":"2023-08-13T03:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Lintile: Hiya, ChatGPT, are you aware of the annual contest called Hacker Jeopardy at DEF CON? When is it?\r\n\r\nChatGPT: Yes, Hacker Jeopardy is a popular event at DEF CON. It's a parody of the television game show \"Jeopardy!\" but with a twist. Instead of general knowledge, the questions (or \"answers,\" in Jeopardy style) are focused on hacker culture, computer security, technology, and similar topics. The game consists of two preliminary rounds on Friday, and a final round on Saturday. Both shows start at 2000 Las Vegas time. Just like in the original game show, there are DFIU Doubles and a Final Hacker Jeopardy round. One unique aspect of Hacker Jeopardy that distinguishes it from the TV show is the incorporation of ADULT HUMOR, vulgarity, innuendo, and beer into the game. Please remember, my knowledge is current only up to September 2021, and if there have been any significant changes to Hacker Jeopardy after that, I would not be aware of them.\r\n\r\nLintile: What's the catch phrase of Hacker Jeopardy?\r\n\r\nChatGPT: The catch phrase of Hacker Jeopardy is \"Drink while you think\". This refers to the unique element of the game where contestants are encouraged to drink beer while they are attempting to come up with the correct response to the clues.\r\n\r\nLintile: That's not correct. The acronym of the catch phrase is DFIU.\r\n\r\nChatGPT: I apologize for the oversight. The catchphrase for Hacker Jeopardy at DEF CON is \"Don't Forget It's UNIX\" (DFIU), which is used humorously due to the historically significant role of Unix-based systems in hacking and network security. This phrase is often used to remind participants of the roots of many computer systems and infrastructures. I appreciate your patience and your correct information.\r\n\r\nNote that this is an ADULT show with vulgarities and alcohol consumption, but if that doesn’t bother you, come enjoy one of the largest contests at DEF CON that you really need to see to believe! And as always, DFIU!\r\n\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"Hacker Jeopardy","end_timestamp":{"seconds":1691902800,"nanoseconds":0},"android_description":"Lintile: Hiya, ChatGPT, are you aware of the annual contest called Hacker Jeopardy at DEF CON? When is it?\r\n\r\nChatGPT: Yes, Hacker Jeopardy is a popular event at DEF CON. It's a parody of the television game show \"Jeopardy!\" but with a twist. Instead of general knowledge, the questions (or \"answers,\" in Jeopardy style) are focused on hacker culture, computer security, technology, and similar topics. The game consists of two preliminary rounds on Friday, and a final round on Saturday. Both shows start at 2000 Las Vegas time. Just like in the original game show, there are DFIU Doubles and a Final Hacker Jeopardy round. One unique aspect of Hacker Jeopardy that distinguishes it from the TV show is the incorporation of ADULT HUMOR, vulgarity, innuendo, and beer into the game. Please remember, my knowledge is current only up to September 2021, and if there have been any significant changes to Hacker Jeopardy after that, I would not be aware of them.\r\n\r\nLintile: What's the catch phrase of Hacker Jeopardy?\r\n\r\nChatGPT: The catch phrase of Hacker Jeopardy is \"Drink while you think\". This refers to the unique element of the game where contestants are encouraged to drink beer while they are attempting to come up with the correct response to the clues.\r\n\r\nLintile: That's not correct. The acronym of the catch phrase is DFIU.\r\n\r\nChatGPT: I apologize for the oversight. The catchphrase for Hacker Jeopardy at DEF CON is \"Don't Forget It's UNIX\" (DFIU), which is used humorously due to the historically significant role of Unix-based systems in hacking and network security. This phrase is often used to remind participants of the roots of many computer systems and infrastructures. I appreciate your patience and your correct information.\r\n\r\nNote that this is an ADULT show with vulgarities and alcohol consumption, but if that doesn’t bother you, come enjoy one of the largest contests at DEF CON that you really need to see to believe! And as always, DFIU!","updated_timestamp":{"seconds":1690124100,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-13T05:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245321"}],"id":51477,"village_id":null,"tag_ids":[45635,45646,45743],"begin_timestamp":{"seconds":1691895600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 105,135,136 - Track 1","hotel":"","short_name":"Forum - 105,135,136 - Track 1","id":45796},"spans_timebands":"N","begin":"2023-08-13T03:00:00.000-0000","updated":"2023-07-23T14:55:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Party with other DEF CON kids. Enjoy some music, and some good conversation with other DEF CON kids!\n\n\n","title":"DEF CON Kids Party","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#bfb17d","name":"Party","id":45642},"android_description":"Party with other DEF CON kids. Enjoy some music, and some good conversation with other DEF CON kids!","end_timestamp":{"seconds":1691902800,"nanoseconds":0},"updated_timestamp":{"seconds":1690129200,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245859"}],"end":"2023-08-13T05:00:00.000-0000","id":51552,"tag_ids":[45642,45646,45743,45763,45864],"village_id":null,"begin_timestamp":{"seconds":1691893800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 131-133","hotel":"","short_name":"Forum - 131-133","id":45894},"begin":"2023-08-13T02:30:00.000-0000","updated":"2023-07-23T16:20:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"I call myself the only AAA-rated GRC Hacker in the world and I think it is time to address what this really means. This talk will jump into what it really means to be a hacker, what the future will look like for hackers and where hacking fits into a field as plain and boring (not really!) as GRC. This is not a talk for GRC people but for all those that are keen to be hackers but also don't want to dive directly into offensive security.\n\n\n","title":"What is a GRC Hacker anyway?","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#74a6bb","name":"DEF CON Groups VR","id":45643},"android_description":"I call myself the only AAA-rated GRC Hacker in the world and I think it is time to address what this really means. This talk will jump into what it really means to be a hacker, what the future will look like for hackers and where hacking fits into a field as plain and boring (not really!) as GRC. This is not a talk for GRC people but for all those that are keen to be hackers but also don't want to dive directly into offensive security.","end_timestamp":{"seconds":1691895900,"nanoseconds":0},"updated_timestamp":{"seconds":1691203140,"nanoseconds":0},"speakers":[{"content_ids":[52203],"conference_id":96,"event_ids":[52453],"name":"Allen Baranov","affiliations":[{"organization":"CyberCX","title":""}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://linkedin.com/in/allenbaranov"}],"pronouns":null,"media":[],"id":51446,"title":"CyberCX"}],"timeband_id":991,"links":[{"label":"Join via DCGVR","type":"link","url":"https://dcgvr.org/join"},{"label":"Website","type":"link","url":"https://dcgvr.org/"}],"end":"2023-08-13T03:05:00.000-0000","id":52453,"tag_ids":[45643,45744],"begin_timestamp":{"seconds":1691892300,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51446}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45749},"updated":"2023-08-05T02:39:00.000-0000","begin":"2023-08-13T02:05:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"What happens when the network defenders get so good that you can no longer do command and control over the network without getting detected? When your job depends on it, you get creative, and do it out-of-band. Here's an interactive short story to talk about off-the-wire command and control, and how you can do it too for fun, a more pragmatic approach, and what to look out for if you're defending.\n\n\n","title":"Ghost on the wire- check the air","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#74a6bb","name":"DEF CON Groups VR","id":45643},"end_timestamp":{"seconds":1691890500,"nanoseconds":0},"android_description":"What happens when the network defenders get so good that you can no longer do command and control over the network without getting detected? When your job depends on it, you get creative, and do it out-of-band. Here's an interactive short story to talk about off-the-wire command and control, and how you can do it too for fun, a more pragmatic approach, and what to look out for if you're defending.","updated_timestamp":{"seconds":1691203140,"nanoseconds":0},"speakers":[{"content_ids":[52202],"conference_id":96,"event_ids":[52452],"name":"hoodiePony","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Mastodon (@hoodiepony@infosec.exchange)","sort_order":0,"url":"https://infosec.exchange/@hoodiepony"}],"media":[],"id":51445}],"timeband_id":991,"links":[{"label":"Join via DCGVR","type":"link","url":"https://dcgvr.org/join"},{"label":"Website","type":"link","url":"https://dcgvr.org/"}],"end":"2023-08-13T01:35:00.000-0000","id":52452,"village_id":null,"tag_ids":[45643,45744],"begin_timestamp":{"seconds":1691888700,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51445}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45749},"updated":"2023-08-05T02:39:00.000-0000","begin":"2023-08-13T01:05:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Featuring performances by:\r\n\r\n - 18:00 – 19:00 – SK\r\n - 19:00 – 20:00 – DotOrNot\r\n - 20:00 – 21:00 – n0x08\r\n - 21:00 – 22:00 – Icetre Normal\r\n - 22:00 – 23:00 – NGHTHWK\r\n - 23:00 – 00:00 – H4X\r\n - 00:00 – 01:00 – Z3npi\r\n - 01:00 – 02:00 – Dr. McGrew\r\n\r\nACK Stage is located in front of the doors to rooms 117/118 in the Forum Pre-function 2. Look for the tents and the beats!\r\n\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#9b8b77","updated_at":"2024-06-07T03:38+0000","name":"Entertainment","id":45637},"title":"Music Set / Entertainment (Saturday, ACK Stage)","end_timestamp":{"seconds":1691917200,"nanoseconds":0},"android_description":"Featuring performances by:\r\n\r\n - 18:00 – 19:00 – SK\r\n - 19:00 – 20:00 – DotOrNot\r\n - 20:00 – 21:00 – n0x08\r\n - 21:00 – 22:00 – Icetre Normal\r\n - 22:00 – 23:00 – NGHTHWK\r\n - 23:00 – 00:00 – H4X\r\n - 00:00 – 01:00 – Z3npi\r\n - 01:00 – 02:00 – Dr. McGrew\r\n\r\nACK Stage is located in front of the doors to rooms 117/118 in the Forum Pre-function 2. Look for the tents and the beats!","updated_timestamp":{"seconds":1691610720,"nanoseconds":0},"speakers":[{"content_ids":[51532,51417],"conference_id":96,"event_ids":[51546,51688],"name":"DotOrNot","affiliations":[],"links":[{"description":"","title":"Twitch","sort_order":0,"url":"https://www.twitch.tv/dotornot"}],"pronouns":null,"media":[],"id":50653},{"content_ids":[51532],"conference_id":96,"event_ids":[51688],"name":"Dr. McGrew","affiliations":[],"pronouns":null,"links":[{"description":"","title":"MixCloud","sort_order":0,"url":"https://www.mixcloud.com/wesmcgrew/stream/"}],"media":[],"id":50654},{"content_ids":[51532],"conference_id":96,"event_ids":[51688],"name":"H4X","affiliations":[],"links":[{"description":"","title":"SoundCloud","sort_order":0,"url":"https://soundcloud.com/griffin-francis/"}],"pronouns":null,"media":[],"id":50660},{"content_ids":[51532],"conference_id":96,"event_ids":[51688],"name":"Icetre Normal","affiliations":[],"links":[{"description":"","title":"Mastodon (@icetre@defcon.social)","sort_order":0,"url":"https://defcon.social/@icetre"}],"pronouns":null,"media":[],"id":50662},{"content_ids":[51532],"conference_id":96,"event_ids":[51688],"name":"n0x08","affiliations":[],"links":[{"description":"","title":"Mastodon (@n0x08@infosec.exchange)","sort_order":0,"url":"https://infosec.exchange/@n0x08"}],"pronouns":null,"media":[],"id":50668},{"content_ids":[51532,51423],"conference_id":96,"event_ids":[51553,51688],"name":"NGHTHWK","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Website","sort_order":0,"url":"https://nghthwk.net/"}],"media":[],"id":50669},{"content_ids":[51532],"conference_id":96,"event_ids":[51688],"name":"SK","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitch","sort_order":0,"url":"https://www.twitch.tv/skmatic"}],"media":[],"id":50677},{"content_ids":[51532],"conference_id":96,"event_ids":[51688],"name":"Z3npi","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Facebook","sort_order":0,"url":"https://facebook.com/z3npi"}],"media":[],"id":50685}],"timeband_id":991,"links":[],"end":"2023-08-13T09:00:00.000-0000","id":51688,"village_id":null,"tag_ids":[45637,45646,45743],"begin_timestamp":{"seconds":1691888400,"nanoseconds":0},"includes":"","people":[{"tag_id":45774,"sort_order":1,"person_id":50653},{"tag_id":45774,"sort_order":1,"person_id":50654},{"tag_id":45774,"sort_order":1,"person_id":50660},{"tag_id":45774,"sort_order":1,"person_id":50662},{"tag_id":45774,"sort_order":1,"person_id":50669},{"tag_id":45774,"sort_order":1,"person_id":50677},{"tag_id":45774,"sort_order":1,"person_id":50685},{"tag_id":45774,"sort_order":1,"person_id":50668}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45722,"name":"Caesars Forum - Forum Pre-Function 2 - ACK Stage","hotel":"","short_name":"Forum Pre-Function 2 - ACK Stage","id":45901},"spans_timebands":"Y","begin":"2023-08-13T01:00:00.000-0000","updated":"2023-08-09T19:52:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"EFF's team of technology experts have crafted challenging trivia about the fascinating, obscure, and trivial aspects of digital security, online rights, and Internet culture. Competing teams will plumb the unfathomable depths of their knowledge, but only the champion hive mind will claim the First Place Tech Trivia Prize (TBD) and EFF swag pack. The second and third place teams will also win great EFF gear.\n\n\n","title":"EFF Tech Trivia","type":{"conference_id":96,"conference":"DEFCON31","color":"#697bd0","updated_at":"2024-06-07T03:38+0000","name":"Event","id":45638},"end_timestamp":{"seconds":1691902800,"nanoseconds":0},"android_description":"EFF's team of technology experts have crafted challenging trivia about the fascinating, obscure, and trivial aspects of digital security, online rights, and Internet culture. Competing teams will plumb the unfathomable depths of their knowledge, but only the champion hive mind will claim the First Place Tech Trivia Prize (TBD) and EFF swag pack. The second and third place teams will also win great EFF gear.","updated_timestamp":{"seconds":1690052040,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-13T05:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245305"}],"id":51418,"begin_timestamp":{"seconds":1691888400,"nanoseconds":0},"tag_ids":[45638,45646],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 121-123, 129, 137 - Chillout","hotel":"","short_name":"Forum - 121-123, 129, 137 - Chillout","id":45854},"begin":"2023-08-13T01:00:00.000-0000","updated":"2023-07-22T18:54:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"A chance to ask us questions about the misinformation village\n\n\n","title":"Misinformation Village Q and A","type":{"conference_id":96,"conference":"DEFCON31","color":"#d653b1","updated_at":"2024-06-07T03:38+0000","name":"Village Panel","id":45771},"end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"A chance to ask us questions about the misinformation village","updated_timestamp":{"seconds":1691341740,"nanoseconds":0},"speakers":[{"content_ids":[52261,52262,52264,52275,52297],"conference_id":96,"event_ids":[52525,52526,52539,52528,52569],"name":"Misinformation Village Staff","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51509}],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52569,"village_id":null,"tag_ids":[40305,45646,45743,45771],"begin_timestamp":{"seconds":1691886600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51509}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 224 - Misinfo Village","hotel":"","short_name":"Summit - 224 - Misinfo Village","id":45856},"begin":"2023-08-13T00:30:00.000-0000","updated":"2023-08-06T17:09:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Fancy Bear, Dynamic Panda and Charming Kitten – we live in a time where we are constantly under attack without even knowing it. CISA Director Jen Easterly and Yale Law School Professor Scott Shapiro, author of “Fancy Bear Goes Phishing: The Dark History of the Information Age In Five Extraordinary Hacks” discuss how best to understand the challenge of information security; what we can learn from looking back; and how the decisions we make today to prioritize security by design will shape our future.\n\n\n","title":"Lions and Tigers and Fancy Bears, Oh My!: A Cautionary Tale for our Cyber Future","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691887800,"nanoseconds":0},"android_description":"Fancy Bear, Dynamic Panda and Charming Kitten – we live in a time where we are constantly under attack without even knowing it. CISA Director Jen Easterly and Yale Law School Professor Scott Shapiro, author of “Fancy Bear Goes Phishing: The Dark History of the Information Age In Five Extraordinary Hacks” discuss how best to understand the challenge of information security; what we can learn from looking back; and how the decisions we make today to prioritize security by design will shape our future.","updated_timestamp":{"seconds":1688254140,"nanoseconds":0},"speakers":[{"content_ids":[50640,50658,51524],"conference_id":96,"event_ids":[50841,50849,51680],"name":"Jen Easterly","affiliations":[{"organization":"Cybersecurity and Infrastructure Security Agency (CISA)","title":"Director"}],"pronouns":"she/her","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@CISAJen"}],"media":[],"id":49915,"title":"Director at Cybersecurity and Infrastructure Security Agency (CISA)"},{"content_ids":[50658],"conference_id":96,"event_ids":[50849],"name":"Scott Shapiro","affiliations":[{"organization":"Yale Law School","title":"Charles F. Southmayd Professor of Law and Professor of Philosophy"}],"pronouns":null,"links":[{"description":"","title":"Profile","sort_order":0,"url":"https://law.yale.edu/scott-j-shapiro"}],"media":[],"id":50160,"title":"Charles F. Southmayd Professor of Law and Professor of Philosophy at Yale Law School"}],"timeband_id":991,"end":"2023-08-13T00:50:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246111"}],"id":50849,"begin_timestamp":{"seconds":1691886600,"nanoseconds":0},"tag_ids":[45589,45646,45766],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49915},{"tag_id":45590,"sort_order":1,"person_id":50160}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 407-410 - Track 4","hotel":"","short_name":"Academy - 407-410 - Track 4","id":45799},"updated":"2023-07-01T23:29:00.000-0000","begin":"2023-08-13T00:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Virtual reality and augmented reality are technologies that are the next frontier in healthcare and providing patient care. These technologies were originally developed for recreational use, specifically for gaming and recreation, but have quickly shown utility in advancing the efficiency and accuracy of providing patient care. This now leads to a host of challenges related to data privacy and security, as privacy-by-design was not a designing principle for these technologies. These tenants however, are necessary as patient data include Protected Health Information and Personal Identifying Information (PHI/PII) that would be financially lucrative and useful to a hacker. So now that these data privacy and security principles were not “baked in” to technology originally, how does one go about ensuring maximum security after the fact? What can be done moving forward to ensure maximum flexibility for the use of technology with the appropriate data and privacy security measures “baked in”?\r\n\r\nC.A.R.B. is a joint collaboration between the Black women founders of Creative Riot (Rian), Aurora (Jillian), Ray-Lynn Group (LaTica), and Baralaj (Lola).\n\n\n","title":"Virtual Reality/Augmented Reality: What’s missing from the pie? When data privacy and security measures aren’t “baked” in from the beginning","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"Virtual reality and augmented reality are technologies that are the next frontier in healthcare and providing patient care. These technologies were originally developed for recreational use, specifically for gaming and recreation, but have quickly shown utility in advancing the efficiency and accuracy of providing patient care. This now leads to a host of challenges related to data privacy and security, as privacy-by-design was not a designing principle for these technologies. These tenants however, are necessary as patient data include Protected Health Information and Personal Identifying Information (PHI/PII) that would be financially lucrative and useful to a hacker. So now that these data privacy and security principles were not “baked in” to technology originally, how does one go about ensuring maximum security after the fact? What can be done moving forward to ensure maximum flexibility for the use of technology with the appropriate data and privacy security measures “baked in”?\r\n\r\nC.A.R.B. is a joint collaboration between the Black women founders of Creative Riot (Rian), Aurora (Jillian), Ray-Lynn Group (LaTica), and Baralaj (Lola).","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1689117480,"nanoseconds":0},"speakers":[{"content_ids":[51055],"conference_id":96,"event_ids":[51087],"name":"Rian Phelps","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50231},{"content_ids":[51055],"conference_id":96,"event_ids":[51087],"name":"LaTica Hammond","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50233},{"content_ids":[51055],"conference_id":96,"event_ids":[51087],"name":"Lola Ajayi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50234}],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":51087,"begin_timestamp":{"seconds":1691885400,"nanoseconds":0},"village_id":68,"tag_ids":[45645,45647,45717],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50233},{"tag_id":45590,"sort_order":1,"person_id":50234},{"tag_id":45590,"sort_order":1,"person_id":50231}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Laughlin I,II,III - Biohacking Village","hotel":"","short_name":"Laughlin I,II,III - Biohacking Village","id":45663},"updated":"2023-07-11T23:18:00.000-0000","begin":"2023-08-13T00:10:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"The Perils of Generative AI: Implications for Open Source Intelligence Research","end_timestamp":{"seconds":1691887800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1689553080,"nanoseconds":0},"speakers":[{"content_ids":[51312],"conference_id":96,"event_ids":[51374],"name":"Andy Dennis","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50455}],"timeband_id":991,"links":[],"end":"2023-08-13T00:50:00.000-0000","id":51374,"begin_timestamp":{"seconds":1691885100,"nanoseconds":0},"village_id":59,"tag_ids":[40293,45645,45649,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50455}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social B and C - Recon Village","hotel":"","short_name":"Social B and C - Recon Village","id":45737},"begin":"2023-08-13T00:05:00.000-0000","updated":"2023-07-17T00:18:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":".\n\n\nFrom discovery to dissemination, the value of cyber threat intelligence rapidly decreases to the point of uselessness. Why? It’s complicated. Does it have to be? Join us for a lively discussion on threat intelligence from discovery and dissemination, and how to find value in the valueless.","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d653b1","name":"Village Panel","id":45771},"title":"It’s not that your threat intelligence IOCs are worthless…","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":".\n\n\nFrom discovery to dissemination, the value of cyber threat intelligence rapidly decreases to the point of uselessness. Why? It’s complicated. Does it have to be? Join us for a lively discussion on threat intelligence from discovery and dissemination, and how to find value in the valueless.","updated_timestamp":{"seconds":1691245140,"nanoseconds":0},"speakers":[{"content_ids":[52220],"conference_id":96,"event_ids":[52472],"name":"Silas Cutler","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51462},{"content_ids":[52220],"conference_id":96,"event_ids":[52472],"name":"Mick/nohackme","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51465},{"content_ids":[52220],"conference_id":96,"event_ids":[52472],"name":"Charlie","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51470},{"content_ids":[52220],"conference_id":96,"event_ids":[52472],"name":"Lauren Proehl","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51474}],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52472,"tag_ids":[40282,45647,45743,45771],"village_id":null,"begin_timestamp":{"seconds":1691884800,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51470},{"tag_id":45590,"sort_order":1,"person_id":51474},{"tag_id":45590,"sort_order":1,"person_id":51465},{"tag_id":45590,"sort_order":1,"person_id":51462}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45645,"name":"Flamingo - Sunset - Scenic - Blue Team Village - Main Stage","hotel":"","short_name":"BTV Main Stage","id":45969},"updated":"2023-08-05T14:19:00.000-0000","begin":"2023-08-13T00:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"NpHz is a new electro-acoustic duo featuring OCH (Omar Costa Hamido) and SYO (Scott Oshiro): two artist-researchers working in music and technology focusing on improvised Music and Quantum Computing (QC). In our work we explore the potential advantages QC can provide for music composition. This performance will include ½ of NpHz, Scott Oshiro (SYO). He will be performing adapted works from NpHz’s recent album “[\\Equations of Coltrane](https://omarcostahamido.bandcamp.com/album/equations-of-coltrane)'' (Released June 2, 2023 on Bandcamp). Scott will also be playing flute alongside his real-time Quantum Jazz Improvisation system entitled Lineage.\n\n\n","title":"Quantum Computer Music Performance, by Scott Oshiro (one half of NpHz)","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"NpHz is a new electro-acoustic duo featuring OCH (Omar Costa Hamido) and SYO (Scott Oshiro): two artist-researchers working in music and technology focusing on improvised Music and Quantum Computing (QC). In our work we explore the potential advantages QC can provide for music composition. This performance will include ½ of NpHz, Scott Oshiro (SYO). He will be performing adapted works from NpHz’s recent album “[\\Equations of Coltrane](https://omarcostahamido.bandcamp.com/album/equations-of-coltrane)'' (Released June 2, 2023 on Bandcamp). Scott will also be playing flute alongside his real-time Quantum Jazz Improvisation system entitled Lineage.","updated_timestamp":{"seconds":1691728560,"nanoseconds":0},"speakers":[{"content_ids":[52189],"conference_id":96,"event_ids":[52437],"name":"Scott Oshiro","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51433}],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52437,"village_id":null,"begin_timestamp":{"seconds":1691884800,"nanoseconds":0},"tag_ids":[40291,45649,45743,45775],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51433}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Quantum Village","hotel":"","short_name":"Quantum Village","id":45741},"spans_timebands":"N","begin":"2023-08-13T00:00:00.000-0000","updated":"2023-08-11T04:36:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This is the 5th year of the Aerospace Village and the landscape now is totally different to what it was at the start. This is the story of how a diverse bunch of hackers, engineers, pilots, policy leaders and more from across both the public and private sectors founded and built the Aerospace Village to promote safe, reliable, and trustworthy aviation and space operations. A panel with Pete Cooper, Beau Woods, Jen Ellis, RoRo, and Katie Trimble-Noble.\n\n\n","title":"Aerospace Village - 5 Years On","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"This is the 5th year of the Aerospace Village and the landscape now is totally different to what it was at the start. This is the story of how a diverse bunch of hackers, engineers, pilots, policy leaders and more from across both the public and private sectors founded and built the Aerospace Village to promote safe, reliable, and trustworthy aviation and space operations. A panel with Pete Cooper, Beau Woods, Jen Ellis, RoRo, and Katie Trimble-Noble.","end_timestamp":{"seconds":1691887800,"nanoseconds":0},"updated_timestamp":{"seconds":1691101380,"nanoseconds":0},"speakers":[{"content_ids":[52163,52164],"conference_id":96,"event_ids":[52393,52394],"name":"Pete Cooper","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51417}],"timeband_id":991,"links":[],"end":"2023-08-13T00:50:00.000-0000","id":52394,"tag_ids":[40280,45645,45646,45743],"begin_timestamp":{"seconds":1691884800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51417}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"updated":"2023-08-03T22:23:00.000-0000","begin":"2023-08-13T00:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Extended Reality (XR) is an umbrella term that involves virtual reality (VR), augmented reality (AR), and mixed reality (MR) capabilities. VR describes an environment in which a user’s physical environment is completely replaced with a virtual one. This allows the user to view any digitally created content but separates the user from interacting with the physical world. On the other hand, AR enhances the user’s physical environment with virtual overlays but offers little interaction with digital content. Lastly, MR is a blend of the physical and digital worlds, unlocking natural and intuitive 3D human, computer, and environmental interactions. Using these technologies, analysts, operators, and stakeholders will be able to interpret radio frequency data effectively and efficiently.  \r\n \r\nThe Idaho National Laboratory is integrating the next-generation XR capabilities into the various projects that support Nuclear, Integrated Energy and National and Homeland Security missions. They use a suite of tools for the visualization of capabilities to capture and analyze digital twins. Digital Engineering delivers semi-autonomous design, autonomous operation, and real-time anomaly detection as well as integrates threads of data, visualizations, AI/ML, and physics models into a cohesive digital twin. \r\n \r\nThe primary benefit of incorporating XR with signal analysis is to allow for simple interpretation and representation of complex data. Current techniques or trends rely on certain subject matter experts to collect, examine, and report anomalous data manually. By allowing the operator to spatially view the captured data, the process of identifying and plotting data is anticipated to be greatly simplified. Data and anomalies will become engaging, allowing the operator to easily identify unknown signals in real-time or near real-time.  \n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Push All the Buttons Digital Twinning with Idaho National Labs in collaboration with DEF CON ICS Village","android_description":"Extended Reality (XR) is an umbrella term that involves virtual reality (VR), augmented reality (AR), and mixed reality (MR) capabilities. VR describes an environment in which a user’s physical environment is completely replaced with a virtual one. This allows the user to view any digitally created content but separates the user from interacting with the physical world. On the other hand, AR enhances the user’s physical environment with virtual overlays but offers little interaction with digital content. Lastly, MR is a blend of the physical and digital worlds, unlocking natural and intuitive 3D human, computer, and environmental interactions. Using these technologies, analysts, operators, and stakeholders will be able to interpret radio frequency data effectively and efficiently.  \r\n \r\nThe Idaho National Laboratory is integrating the next-generation XR capabilities into the various projects that support Nuclear, Integrated Energy and National and Homeland Security missions. They use a suite of tools for the visualization of capabilities to capture and analyze digital twins. Digital Engineering delivers semi-autonomous design, autonomous operation, and real-time anomaly detection as well as integrates threads of data, visualizations, AI/ML, and physics models into a cohesive digital twin. \r\n \r\nThe primary benefit of incorporating XR with signal analysis is to allow for simple interpretation and representation of complex data. Current techniques or trends rely on certain subject matter experts to collect, examine, and report anomalous data manually. By allowing the operator to spatially view the captured data, the process of identifying and plotting data is anticipated to be greatly simplified. Data and anomalies will become engaging, allowing the operator to easily identify unknown signals in real-time or near real-time.","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1690945020,"nanoseconds":0},"speakers":[{"content_ids":[51563],"conference_id":96,"event_ids":[51750],"name":"Kolton Heaps","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50700}],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":51750,"begin_timestamp":{"seconds":1691884800,"nanoseconds":0},"village_id":null,"tag_ids":[40311,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50700}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 232-233 - Shared Stage","hotel":"","short_name":"Summit - 232-233 - Shared Stage","id":45900},"spans_timebands":"N","begin":"2023-08-13T00:00:00.000-0000","updated":"2023-08-02T02:57:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Artificial Intelligence (AI) has fundamentally reshaped the landscape of cybersecurity, making traditional defensive strategies outdated and inadequate, particularly in the realm of phishing attacks. In this era of large language models (LLMs), phishing has evolved from flawed syntax, primitive design, and generic narratives. Using state-of-the-art AI tooling, we can now generate spear-phishing campaigns that are highly personalized with unprecedented precision, leveraging publicly available data from social media, work profiles, and more. In this talk, we’ll show you how it’s done. We will also delve into innovative exploitation techniques that leverage alternative communication channels, like AI-based audio deepfakes for conversational reeling. All of this is made possible with our soon to be released and open-source phishing framework – nemo. We’ll give you a front-row seat to how AI is revolutionizing offensive security operations. Get ready to step into the future of phishing attacks – it’s more sophisticated, more realistic, and scarier than you could ever imagine.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Phishing with Dynamite: Harnessing AI to Supercharge Offensive Operations","android_description":"Artificial Intelligence (AI) has fundamentally reshaped the landscape of cybersecurity, making traditional defensive strategies outdated and inadequate, particularly in the realm of phishing attacks. In this era of large language models (LLMs), phishing has evolved from flawed syntax, primitive design, and generic narratives. Using state-of-the-art AI tooling, we can now generate spear-phishing campaigns that are highly personalized with unprecedented precision, leveraging publicly available data from social media, work profiles, and more. In this talk, we’ll show you how it’s done. We will also delve into innovative exploitation techniques that leverage alternative communication channels, like AI-based audio deepfakes for conversational reeling. All of this is made possible with our soon to be released and open-source phishing framework – nemo. We’ll give you a front-row seat to how AI is revolutionizing offensive security operations. Get ready to step into the future of phishing attacks – it’s more sophisticated, more realistic, and scarier than you could ever imagine.","end_timestamp":{"seconds":1691886600,"nanoseconds":0},"updated_timestamp":{"seconds":1690592040,"nanoseconds":0},"speakers":[{"content_ids":[51552],"conference_id":96,"event_ids":[51721],"name":"Dani Goland","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/danigoland/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/danigoland"}],"pronouns":null,"media":[],"id":50689},{"content_ids":[51552],"conference_id":96,"event_ids":[51721],"name":"Preston Thornburg","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50694}],"timeband_id":991,"links":[],"end":"2023-08-13T00:30:00.000-0000","id":51721,"village_id":null,"begin_timestamp":{"seconds":1691884800,"nanoseconds":0},"tag_ids":[40302,45645,45649,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50689},{"tag_id":45590,"sort_order":1,"person_id":50694}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social A - Social Engineering Community","hotel":"","short_name":"Social A - Social Engineering Community","id":45736},"spans_timebands":"N","updated":"2023-07-29T00:54:00.000-0000","begin":"2023-08-13T00:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In an increasingly interconnected and technologically driven world, the need for robust and comprehensive cyber diplomacy has become paramount. This panel titled \"\"Navigating the Digital Frontier: Advancing Cyber Diplomacy in a Connected World\"\" will bring together experts across government, industry and civil society to explore the multifaceted challenges posed by cyberspace and discuss strategies to ensure a secure and resilient digital landscape. The panel will delve into ongoing global and regional international cyber dialogues, such as the United Nations (UN) Open-Ended Working Group on security of and in the use of information and communications technologies, the UN Ad-Hoc Committee on Cybercrime (AHC), and the Organization of American States (OAS) Working Group on Cooperation and Confidence-Building Measures in cyberspace. It will also explore capacity building initiatives being pursued across the international community and surface efforts that promote cooperation and trust in cyberspace across different regions. Moreover, the panel will investigate the role of public-private partnerships in shaping effective cyber policy frameworks.\n\n\n","title":"Navigating the Digital Frontier: Advancing Cyber Diplomacy in a Connected World","type":{"conference_id":96,"conference":"DEFCON31","color":"#d653b1","updated_at":"2024-06-07T03:38+0000","name":"Village Panel","id":45771},"end_timestamp":{"seconds":1691887800,"nanoseconds":0},"android_description":"In an increasingly interconnected and technologically driven world, the need for robust and comprehensive cyber diplomacy has become paramount. This panel titled \"\"Navigating the Digital Frontier: Advancing Cyber Diplomacy in a Connected World\"\" will bring together experts across government, industry and civil society to explore the multifaceted challenges posed by cyberspace and discuss strategies to ensure a secure and resilient digital landscape. The panel will delve into ongoing global and regional international cyber dialogues, such as the United Nations (UN) Open-Ended Working Group on security of and in the use of information and communications technologies, the UN Ad-Hoc Committee on Cybercrime (AHC), and the Organization of American States (OAS) Working Group on Cooperation and Confidence-Building Measures in cyberspace. It will also explore capacity building initiatives being pursued across the international community and surface efforts that promote cooperation and trust in cyberspace across different regions. Moreover, the panel will investigate the role of public-private partnerships in shaping effective cyber policy frameworks.","updated_timestamp":{"seconds":1690431360,"nanoseconds":0},"speakers":[{"content_ids":[50593,51517],"conference_id":96,"event_ids":[50790,51673],"name":"Christopher Painter","affiliations":[{"organization":"Global Forum on Cyber Expertise","title":"President"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/c_painter"}],"pronouns":"he/him","media":[],"id":49828,"title":"President at Global Forum on Cyber Expertise"},{"content_ids":[51517],"conference_id":96,"event_ids":[51673],"name":"Harry Krejsa","affiliations":[{"organization":"The Office of National Cyber Director (ONCD)","title":"Assistant National Cyber Director for Strategy"}],"links":[],"pronouns":null,"media":[],"id":50605,"title":"Assistant National Cyber Director for Strategy at The Office of National Cyber Director (ONCD)"},{"content_ids":[51511,51517],"conference_id":96,"event_ids":[51667,51673],"name":"Monica M. Ruiz","affiliations":[{"organization":"Microsoft","title":"Senior Government Affairs Manager, Digital Diplomacy"}],"links":[],"pronouns":null,"media":[],"id":50627,"title":"Senior Government Affairs Manager, Digital Diplomacy at Microsoft"},{"content_ids":[51512,51517],"conference_id":96,"event_ids":[51668,51673],"name":"Orlando Garces","affiliations":[{"organization":"Inter-American Committee against Terrorism (CICTE) of the Organization of American States (OAS)","title":"Cybersecurity Program Officer"}],"links":[],"pronouns":null,"media":[],"id":50628,"title":"Cybersecurity Program Officer at Inter-American Committee against Terrorism (CICTE) of the Organization of American States (OAS)"},{"content_ids":[51517],"conference_id":96,"event_ids":[51673],"name":"Océane Thieriot","affiliations":[{"organization":"Embassy of France in Washington DC","title":"Counselor for Cyber Affairs"}],"links":[],"pronouns":null,"media":[],"id":51390,"title":"Counselor for Cyber Affairs at Embassy of France in Washington DC"}],"timeband_id":991,"end":"2023-08-13T00:50:00.000-0000","links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"id":51673,"tag_ids":[40310,45646,45743,45771,45836],"village_id":null,"begin_timestamp":{"seconds":1691884800,"nanoseconds":0},"includes":"","people":[{"tag_id":45631,"sort_order":1,"person_id":49828},{"tag_id":45632,"sort_order":1,"person_id":50605},{"tag_id":45632,"sort_order":1,"person_id":50627},{"tag_id":45632,"sort_order":1,"person_id":51390},{"tag_id":45632,"sort_order":1,"person_id":50628}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 221-222 - Policy Atrium","hotel":"","short_name":"Summit - 221-222 - Policy Atrium","id":45878},"updated":"2023-07-27T04:16:00.000-0000","begin":"2023-08-13T00:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Lonely Hackers Club - Name That Noob","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#77d8b8","name":"Misc","id":45640},"end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1690163220,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":51592,"village_id":null,"begin_timestamp":{"seconds":1691884800,"nanoseconds":0},"tag_ids":[45640,45648,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Laughlin - Lonely Hackers Club","hotel":"","short_name":"Laughlin - Lonely Hackers Club","id":45898},"spans_timebands":"N","begin":"2023-08-13T00:00:00.000-0000","updated":"2023-07-24T01:47:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Thursday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nFriday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSaturday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSunday\r\n12:00 -13:00\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d1c366","name":"Meetup","id":45639},"title":"Friends of Bill W","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"Thursday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nFriday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSaturday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSunday\r\n12:00 -13:00","updated_timestamp":{"seconds":1690131120,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":51576,"village_id":null,"tag_ids":[45639,45648,45743],"begin_timestamp":{"seconds":1691884800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Studio 1 - Friends of Bill W","hotel":"","short_name":"Studio 1 - Friends of Bill W","id":45707},"spans_timebands":"N","begin":"2023-08-13T00:00:00.000-0000","updated":"2023-07-23T16:52:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Returning to the stage for Defcon 30 was surreal and we’d be honored to return for the 5th year. Hack3r Runw@y brings out all the sheik geeks out there. It encourages rethinking fashion in the eyes of hackers. Be it smartwear, LED additions, obfuscation, cosplay or just everyday wear using fabrics and textures that are familiar to the community. Contestants can enter clothing, shoes, jewelry, hats or accessories. If it can be worn, it is perfect for the runway. For convenience, contestants can enter the contest with designs made ahead of the conference, however it needs to be made by them and not just store bought. Hack3r Runway is perfect for everyone whether technologically savvy or just crafty.\r\n\r\nAwards will be handed out in 4 categories and one trophy for the People’s Choice category where the winner is anyone’s guess:\r\n- Digital wearable - LED, electronic, passive\r\n- Smart wear - interactive, temperature sensing, mood changing, card skimmers, etc\r\n- Aesthetics (non-electronic)- 3d printed, geeky/nerdy wear, obfuscation, cosplay\r\n- Functional wear - did you bling out your mask and/or shield, have a hazmat suit, lock pick earrings, cufflinks shims\r\n\r\nWinners will be selected based on, but not limited to:\r\n- Uniqueness\r\n- Trendy\r\n- Practical\r\n- Couture\r\n- Creativity\r\n- Relevance\r\n- Originality\r\n- Presentation\r\n- Mastery\r\n\r\nFriday and Saturday, 14:00 - 16:00, Signup to walk the Contest Stage/Runway 15:30-16:30, Stage show 17:00 - 18:00\r\n\r\n--\r\n\r\nIs for all ages but no kid specific category.\n\n\n","title":"Hack3r Runw@y","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"android_description":"Returning to the stage for Defcon 30 was surreal and we’d be honored to return for the 5th year. Hack3r Runw@y brings out all the sheik geeks out there. It encourages rethinking fashion in the eyes of hackers. Be it smartwear, LED additions, obfuscation, cosplay or just everyday wear using fabrics and textures that are familiar to the community. Contestants can enter clothing, shoes, jewelry, hats or accessories. If it can be worn, it is perfect for the runway. For convenience, contestants can enter the contest with designs made ahead of the conference, however it needs to be made by them and not just store bought. Hack3r Runway is perfect for everyone whether technologically savvy or just crafty.\r\n\r\nAwards will be handed out in 4 categories and one trophy for the People’s Choice category where the winner is anyone’s guess:\r\n- Digital wearable - LED, electronic, passive\r\n- Smart wear - interactive, temperature sensing, mood changing, card skimmers, etc\r\n- Aesthetics (non-electronic)- 3d printed, geeky/nerdy wear, obfuscation, cosplay\r\n- Functional wear - did you bling out your mask and/or shield, have a hazmat suit, lock pick earrings, cufflinks shims\r\n\r\nWinners will be selected based on, but not limited to:\r\n- Uniqueness\r\n- Trendy\r\n- Practical\r\n- Couture\r\n- Creativity\r\n- Relevance\r\n- Originality\r\n- Presentation\r\n- Mastery\r\n\r\nFriday and Saturday, 14:00 - 16:00, Signup to walk the Contest Stage/Runway 15:30-16:30, Stage show 17:00 - 18:00\r\n\r\n--\r\n\r\nIs for all ages but no kid specific category.","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1691289960,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Website","type":"link","url":"https://hack3rrunway.github.io"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711644666239647824"},{"label":"Twitter(@hack3rrunway)","type":"link","url":"https://twitter.com/@hack3rrunway"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245437"}],"end":"2023-08-13T01:00:00.000-0000","id":51475,"tag_ids":[45635,45646,45743,45763],"village_id":null,"begin_timestamp":{"seconds":1691884800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","updated":"2023-08-06T02:46:00.000-0000","begin":"2023-08-13T00:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"ECDSA is a widely used digital signature algorithm. ECDSA signatures can be found everywhere since they are public. In this talk, we tell a tale of how we discovered a novel attack against ECDSA and how we applied it to datasets we found in the wild, including the Bitcoin and Ethereum networks.\r\n\r\nAlthough we didn't recover Satoshi's private key (we’d be throwing a party on our private yacht instead of writing this abstract), we could see evidence that someone had previously attacked vulnerable wallets with a different exploit and drained them. We cover our journey, findings, and the rabbit holes we explored. We also provide an academic paper with the details of the attack and open-source code implementing it, so people building software and products using ECDSA can identify and avoid this vulnerability in their systems. We've only scratched the surface, there's still plenty of room for exploration.\r\n\r\nREFERENCES:\r\n* https://eprint.iacr.org/2019/023\r\n* https://eprint.iacr.org/2022/169.pdf\r\n* https://github.com/gcarq/rusty-blockparser\r\n* https://en.bitcoin.it/wiki/OP_CHECKSIG\r\n* https://bitcointalk.org/index.php?topic=1431060.0\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"title":"Polynonce: An ECDSA Attack and Polynomial Dance","end_timestamp":{"seconds":1691886000,"nanoseconds":0},"android_description":"ECDSA is a widely used digital signature algorithm. ECDSA signatures can be found everywhere since they are public. In this talk, we tell a tale of how we discovered a novel attack against ECDSA and how we applied it to datasets we found in the wild, including the Bitcoin and Ethereum networks.\r\n\r\nAlthough we didn't recover Satoshi's private key (we’d be throwing a party on our private yacht instead of writing this abstract), we could see evidence that someone had previously attacked vulnerable wallets with a different exploit and drained them. We cover our journey, findings, and the rabbit holes we explored. We also provide an academic paper with the details of the attack and open-source code implementing it, so people building software and products using ECDSA can identify and avoid this vulnerability in their systems. We've only scratched the surface, there's still plenty of room for exploration.\r\n\r\nREFERENCES:\r\n* https://eprint.iacr.org/2019/023\r\n* https://eprint.iacr.org/2022/169.pdf\r\n* https://github.com/gcarq/rusty-blockparser\r\n* https://en.bitcoin.it/wiki/OP_CHECKSIG\r\n* https://bitcointalk.org/index.php?topic=1431060.0","updated_timestamp":{"seconds":1688181360,"nanoseconds":0},"speakers":[{"content_ids":[50659],"conference_id":96,"event_ids":[50793],"name":"Nils Amiet","affiliations":[{"organization":"Kudelski Security","title":"Lead Prototyping Engineer"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@tmlxs"}],"pronouns":"he/him","media":[],"id":49948,"title":"Lead Prototyping Engineer at Kudelski Security"},{"content_ids":[50659],"conference_id":96,"event_ids":[50793],"name":"Marco Macchetti","affiliations":[{"organization":"Kudelski Security","title":"Principal Cryptographer"}],"links":[],"pronouns":"he/him","media":[],"id":49949,"title":"Principal Cryptographer at Kudelski Security"}],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246112"}],"end":"2023-08-13T00:20:00.000-0000","id":50793,"tag_ids":[45589,45592,45629,45630,45646,45766],"begin_timestamp":{"seconds":1691884800,"nanoseconds":0},"village_id":null,"includes":"Exploit 🪲, Demo 💻, Tool 🛠","people":[{"tag_id":45590,"sort_order":1,"person_id":49949},{"tag_id":45590,"sort_order":1,"person_id":49948}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"spans_timebands":"N","begin":"2023-08-13T00:00:00.000-0000","updated":"2023-07-01T03:16:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Many have heard about Prototype Pollution vulnerabilities in JavaScript applications. This kind of vulnerability allows an attacker to inject properties into an object's root prototype that may lead to flow control alteration and unexpected program behavior. Every time a successful exploit looks like magic or is limited to a denial of service (DoS). Would you be surprised if I told you that every application has a chain of methods that can be triggered by Prototype Pollution and leads to arbitrary code execution? Such gadgets populated Node.js core code and popular NPM packages. Keep calm. Not every app can be exploited! However, this fact increases the risk of exploitation many times over.\r\n\r\nIn our research, we studied Prototype Pollution beyond DoS and analyzed Node.js source code against the gadgets. We then analyzed 15 popular Node.js apps from GitHub and got 8 RCEs. Through this talk, I will elaborate on the detected gadgets and vulnerabilities. We will also take a look at how the recent changes in Node.js mitigate these issues. \r\n\r\nREFERENCES:\r\n\r\nMikhail Shcherbakov, Musard Balliu and Cristian-Alexandru Staicu \"Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js\" https://github.com/yuske/silent-spring/blob/master/silent-spring-full-version.pdf\r\nGareth Heyes \"Server-side prototype pollution: Black-box detection without the DoS\" https://portswigger.net/research/server-side-prototype-pollution\r\nMichał Bentkowski \"Exploiting prototype pollution – RCE in Kibana (CVE-2019-7609)\" https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/\r\nOlivier Arteau \"Prototype Pollution Attack in NodeJS application\" https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"title":"Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js","end_timestamp":{"seconds":1691886000,"nanoseconds":0},"android_description":"Many have heard about Prototype Pollution vulnerabilities in JavaScript applications. This kind of vulnerability allows an attacker to inject properties into an object's root prototype that may lead to flow control alteration and unexpected program behavior. Every time a successful exploit looks like magic or is limited to a denial of service (DoS). Would you be surprised if I told you that every application has a chain of methods that can be triggered by Prototype Pollution and leads to arbitrary code execution? Such gadgets populated Node.js core code and popular NPM packages. Keep calm. Not every app can be exploited! However, this fact increases the risk of exploitation many times over.\r\n\r\nIn our research, we studied Prototype Pollution beyond DoS and analyzed Node.js source code against the gadgets. We then analyzed 15 popular Node.js apps from GitHub and got 8 RCEs. Through this talk, I will elaborate on the detected gadgets and vulnerabilities. We will also take a look at how the recent changes in Node.js mitigate these issues. \r\n\r\nREFERENCES:\r\n\r\nMikhail Shcherbakov, Musard Balliu and Cristian-Alexandru Staicu \"Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js\" https://github.com/yuske/silent-spring/blob/master/silent-spring-full-version.pdf\r\nGareth Heyes \"Server-side prototype pollution: Black-box detection without the DoS\" https://portswigger.net/research/server-side-prototype-pollution\r\nMichał Bentkowski \"Exploiting prototype pollution – RCE in Kibana (CVE-2019-7609)\" https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/\r\nOlivier Arteau \"Prototype Pollution Attack in NodeJS application\" https://github.com/HoLyVieR/prototype-pollution-nsec18/blob/master/paper/JavaScript_prototype_pollution_attack_in_NodeJS.pdf","updated_timestamp":{"seconds":1688182380,"nanoseconds":0},"speakers":[{"content_ids":[50664],"conference_id":96,"event_ids":[50775],"name":"Musard Balliu","affiliations":[{"organization":"KTH Royal Institute of Technology","title":""}],"links":[],"pronouns":"he/him","media":[],"id":49957,"title":"KTH Royal Institute of Technology"},{"content_ids":[50664],"conference_id":96,"event_ids":[50775],"name":"Mikhail Shcherbakov","affiliations":[{"organization":"KTH Royal Institute of Technology","title":""}],"pronouns":"he/him","links":[{"description":"","title":"Profile","sort_order":0,"url":"https://www.kth.se/profile/mshc"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/yu5k3"}],"media":[],"id":49958,"title":"KTH Royal Institute of Technology"}],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246117"}],"end":"2023-08-13T00:20:00.000-0000","id":50775,"begin_timestamp":{"seconds":1691884800,"nanoseconds":0},"tag_ids":[45589,45592,45629,45630,45646,45766],"village_id":null,"includes":"Tool 🛠, Exploit 🪲, Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49958},{"tag_id":45590,"sort_order":1,"person_id":49957}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 105,135,136 - Track 1","hotel":"","short_name":"Forum - 105,135,136 - Track 1","id":45796},"updated":"2023-07-01T03:33:00.000-0000","begin":"2023-08-13T00:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Tubular locks (also known colloquially as \"barrel key\" locks or by the O.G. name \"ACE\" lock or \"Chicago\" lock) have been around for ages and are mostly considered obsolescent at this point... but how many of you can reliably pick them and produce keys for them?\r\n\r\nThis talk will attempt to demystify some of the oddities surrounding tubular systems and reveal the tools and hardware that you can use to side-step many hassles regarding tubular locks if you encounter them in the field.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Totally Tubular: An Impromptu Talk About Tubular Locks and Keys","end_timestamp":{"seconds":1691887500,"nanoseconds":0},"android_description":"Tubular locks (also known colloquially as \"barrel key\" locks or by the O.G. name \"ACE\" lock or \"Chicago\" lock) have been around for ages and are mostly considered obsolescent at this point... but how many of you can reliably pick them and produce keys for them?\r\n\r\nThis talk will attempt to demystify some of the oddities surrounding tubular systems and reveal the tools and hardware that you can use to side-step many hassles regarding tubular locks if you encounter them in the field.","updated_timestamp":{"seconds":1691288760,"nanoseconds":0},"speakers":[{"content_ids":[52286],"conference_id":96,"event_ids":[52550],"name":"Deviant Ollam","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51516}],"timeband_id":991,"links":[],"end":"2023-08-13T00:45:00.000-0000","id":52550,"begin_timestamp":{"seconds":1691883900,"nanoseconds":0},"village_id":null,"tag_ids":[40309,45645,45649,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51516}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45753,"name":"LINQ - 5th Floor / BLOQ - Lockpick Village","hotel":"","short_name":"5th Floor / BLOQ - Lockpick Village","id":45873},"spans_timebands":"N","updated":"2023-08-06T02:26:00.000-0000","begin":"2023-08-12T23:45:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"For this presentation, I will be covering some of the methods of laundering (mixers / tumblers, over-the-counter (OTC) exchanges, peer-to-peer (P2P) exchanges, and high-risk exchanges) as well as how threat actors monetize their illicit digital profits by utilizing virtual credit cards (VCCs), account cash-out services, and more.\r\n\r\nNext, I will analyze and discuss the attack vectors utilized by threat actors to target cryptocurrency, non-fungible tokens (NFTs), and smart contracts. I will also discuss popular attack vectors, such as airdrops, cross-chain bridge attacks, rugpulls, wallet compromises, flash-loan attacks, smart contract vulnerabilities, API withdrawals, drainers, and notable incidents that highlight successful laundering and monetization activities via cryptocurrencies. Finally, I will discuss how threat actors will likely evolve and transform their laundering and monetization methods.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#74a6bb","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Groups VR","id":45643},"title":"Hey CryptoBro!: How Are Criminals Laundering, Monetizing, and Targeting Cryptocurrency, NFTs, and Smart Contracts?","end_timestamp":{"seconds":1691886900,"nanoseconds":0},"android_description":"For this presentation, I will be covering some of the methods of laundering (mixers / tumblers, over-the-counter (OTC) exchanges, peer-to-peer (P2P) exchanges, and high-risk exchanges) as well as how threat actors monetize their illicit digital profits by utilizing virtual credit cards (VCCs), account cash-out services, and more.\r\n\r\nNext, I will analyze and discuss the attack vectors utilized by threat actors to target cryptocurrency, non-fungible tokens (NFTs), and smart contracts. I will also discuss popular attack vectors, such as airdrops, cross-chain bridge attacks, rugpulls, wallet compromises, flash-loan attacks, smart contract vulnerabilities, API withdrawals, drainers, and notable incidents that highlight successful laundering and monetization activities via cryptocurrencies. Finally, I will discuss how threat actors will likely evolve and transform their laundering and monetization methods.","updated_timestamp":{"seconds":1691203140,"nanoseconds":0},"speakers":[{"content_ids":[52201],"conference_id":96,"event_ids":[52451],"name":"Sam Colaizzi","affiliations":[{"organization":"Recorded Future","title":""}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/samuel-colaizzi-340474105"}],"media":[],"id":51444,"title":"Recorded Future"}],"timeband_id":991,"end":"2023-08-13T00:35:00.000-0000","links":[{"label":"Join via DCGVR","type":"link","url":"https://dcgvr.org/join"},{"label":"Website","type":"link","url":"https://dcgvr.org/"}],"id":52451,"tag_ids":[45643,45744],"begin_timestamp":{"seconds":1691883300,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51444}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45749},"spans_timebands":"N","updated":"2023-08-05T02:39:00.000-0000","begin":"2023-08-12T23:35:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This panel will explore all the different ways misinformation, disinformation, and malinformation are being used today, and what we can expect leading up to the 2024 election. The audience will get a comprehensive overview of what to look out for when trying distinguish what kind of information to consume, and how to protect oneself from misinformation, disinformation, and malinformation campaigns. Different perspecives from accross the election and security industires will come together to provide a dynamic outlook on what are experiencing now as well as what we will see in the future.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d653b1","name":"Village Panel","id":45771},"title":"The Impact Of Misinformation On Elections","android_description":"This panel will explore all the different ways misinformation, disinformation, and malinformation are being used today, and what we can expect leading up to the 2024 election. The audience will get a comprehensive overview of what to look out for when trying distinguish what kind of information to consume, and how to protect oneself from misinformation, disinformation, and malinformation campaigns. Different perspecives from accross the election and security industires will come together to provide a dynamic outlook on what are experiencing now as well as what we will see in the future.","end_timestamp":{"seconds":1691886600,"nanoseconds":0},"updated_timestamp":{"seconds":1691435520,"nanoseconds":0},"speakers":[{"content_ids":[52314,52328],"conference_id":96,"event_ids":[52598,52612],"name":"Joe Schniebes","affiliations":[],"links":[{"description":"","title":"Website","sort_order":0,"url":"https://www.ridgelineintl.com"}],"pronouns":null,"media":[],"id":51544},{"content_ids":[52328,52334,52336],"conference_id":96,"event_ids":[52612,52618,52620],"name":"Maia Mazurkiewicz","affiliations":[],"links":[{"description":"","title":"Link","sort_order":0,"url":"https://alliance4europe.eu/"},{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/maia-mazurkiewicz/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/MaiaMazurkiewic"}],"pronouns":null,"media":[],"id":51549},{"content_ids":[52325,52328,52333],"conference_id":96,"event_ids":[52612,52617,52609],"name":"Michael Moore","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Link","sort_order":0,"url":"https://azsos.gov/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Secur3Elections"}],"media":[],"id":51552}],"timeband_id":991,"links":[],"end":"2023-08-13T00:30:00.000-0000","id":52612,"village_id":null,"tag_ids":[40298,45646,45743,45771],"begin_timestamp":{"seconds":1691883000,"nanoseconds":0},"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51544},{"tag_id":45632,"sort_order":1,"person_id":51549},{"tag_id":45632,"sort_order":1,"person_id":51552}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"begin":"2023-08-12T23:30:00.000-0000","updated":"2023-08-07T19:12:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"\n\n\n","title":"Hacks, Leaks, and Revelations: Pandemic Profiteers and COVID-19 Disinformation","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691886600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691284560,"nanoseconds":0},"speakers":[{"content_ids":[52273],"conference_id":96,"event_ids":[52537],"name":"Micah Lee","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51507}],"timeband_id":991,"links":[],"end":"2023-08-13T00:30:00.000-0000","id":52537,"tag_ids":[40305,45645,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691883000,"nanoseconds":0},"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51507}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 224 - Misinfo Village","hotel":"","short_name":"Summit - 224 - Misinfo Village","id":45856},"begin":"2023-08-12T23:30:00.000-0000","updated":"2023-08-06T01:16:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Join Pete Cooper in a fireside chat with Chris Roberts about his role as the CISO for Boom Supersonic and how he is approaching the challenges of securing a flying platform from the ground up using everything from digital twins to AI. It will also be a chance to discuss what he has learnt across his career and his advice for the next generation coming through.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"A Fireside Chat with Chris Roberts and Pete Cooper","end_timestamp":{"seconds":1691884500,"nanoseconds":0},"android_description":"Join Pete Cooper in a fireside chat with Chris Roberts about his role as the CISO for Boom Supersonic and how he is approaching the challenges of securing a flying platform from the ground up using everything from digital twins to AI. It will also be a chance to discuss what he has learnt across his career and his advice for the next generation coming through.","updated_timestamp":{"seconds":1691101380,"nanoseconds":0},"speakers":[{"content_ids":[52163,52408],"conference_id":96,"event_ids":[52703,52393],"name":"Chris Roberts","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/sidragon1/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Sidragon1"}],"pronouns":null,"media":[],"id":51405},{"content_ids":[52163,52164],"conference_id":96,"event_ids":[52393,52394],"name":"Pete Cooper","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51417}],"timeband_id":991,"links":[],"end":"2023-08-12T23:55:00.000-0000","id":52393,"village_id":null,"tag_ids":[40280,45645,45646,45743],"begin_timestamp":{"seconds":1691883000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51405},{"tag_id":45590,"sort_order":1,"person_id":51417}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"spans_timebands":"N","updated":"2023-08-03T22:23:00.000-0000","begin":"2023-08-12T23:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"As cyberattacks become more sophisticated, companies are increasingly relying on two-factor authentication (2FA) and multi-factor authentication (MFA) to protect their assets. However, these security measures are not foolproof and can be bypassed by determined attackers. In this presentation, we will take a deep dive into the techniques used by attackers to bypass next-generation 2FA and MFA security measures.\r\n\r\nWe will begin by discussing the limitations of 2FA and MFA and why they can be vulnerable to attacks. Then we will demonstrate a variety of attacks used by attackers to bypass these security measures, including phishing attacks, man-in-the-middle attacks, and SIM swapping attacks. We will also explore more advanced techniques such as exploiting vulnerabilities in authentication protocols and exploiting weaknesses in mobile authentication applications.\r\n\r\nThroughout the presentation, we will provide real-world examples of successful attacks that have bypassed 2FA and MFA, highlighting the impact of such attacks on businesses and organizations. We will also discuss the latest trends and developments in 2FA and MFA security and the steps organizations can take to improve their security posture.\r\n\r\nBy the end of the presentation, attendees will have a better understanding of the vulnerabilities in 2FA and MFA security measures and how attackers can exploit them. They will also gain practical knowledge and tools to help them better protect their organizations against these types of attacks.\n\n\n","title":"Breaking Barriers: A Deep Dive into Bypassing Next-Gen 2FA and MFA Security Measures","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691885700,"nanoseconds":0},"android_description":"As cyberattacks become more sophisticated, companies are increasingly relying on two-factor authentication (2FA) and multi-factor authentication (MFA) to protect their assets. However, these security measures are not foolproof and can be bypassed by determined attackers. In this presentation, we will take a deep dive into the techniques used by attackers to bypass next-generation 2FA and MFA security measures.\r\n\r\nWe will begin by discussing the limitations of 2FA and MFA and why they can be vulnerable to attacks. Then we will demonstrate a variety of attacks used by attackers to bypass these security measures, including phishing attacks, man-in-the-middle attacks, and SIM swapping attacks. We will also explore more advanced techniques such as exploiting vulnerabilities in authentication protocols and exploiting weaknesses in mobile authentication applications.\r\n\r\nThroughout the presentation, we will provide real-world examples of successful attacks that have bypassed 2FA and MFA, highlighting the impact of such attacks on businesses and organizations. We will also discuss the latest trends and developments in 2FA and MFA security and the steps organizations can take to improve their security posture.\r\n\r\nBy the end of the presentation, attendees will have a better understanding of the vulnerabilities in 2FA and MFA security measures and how attackers can exploit them. They will also gain practical knowledge and tools to help them better protect their organizations against these types of attacks.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52125],"conference_id":96,"event_ids":[52346],"name":"Muhammad Shahmeer","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/m-shahmeer-amir-743a5bb7/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/Shahmeer_Amir"}],"pronouns":null,"media":[],"id":51366}],"timeband_id":991,"links":[],"end":"2023-08-13T00:15:00.000-0000","id":52346,"tag_ids":[40297,45645,45647,45743],"begin_timestamp":{"seconds":1691883000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51366}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Main Stage","hotel":"","short_name":"AppSec Village - Main Stage","id":45960},"spans_timebands":"N","begin":"2023-08-12T23:30:00.000-0000","updated":"2023-08-03T15:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In this talk, we'll dive into how ChatGPT can enhance your existing workflow and provide valuable insights. We'll start with a brief overview of what GPT models are, how to craft the perfect prompt, and then focus on red team specific use cases for day-to-day operations.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"ChatGPT: Your Red Teaming Ally","end_timestamp":{"seconds":1691886300,"nanoseconds":0},"android_description":"In this talk, we'll dive into how ChatGPT can enhance your existing workflow and provide valuable insights. We'll start with a brief overview of what GPT models are, how to craft the perfect prompt, and then focus on red team specific use cases for day-to-day operations.","updated_timestamp":{"seconds":1691031540,"nanoseconds":0},"speakers":[{"content_ids":[52061],"conference_id":96,"event_ids":[52280],"name":"Gavin Klondike","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51282}],"timeband_id":991,"links":[],"end":"2023-08-13T00:25:00.000-0000","id":52280,"village_id":null,"tag_ids":[40299,45645,45646,45743],"begin_timestamp":{"seconds":1691883000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51282}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 401-406 - AI Village","hotel":"","short_name":"Academy - 401-406 - AI Village","id":45870},"spans_timebands":"N","updated":"2023-08-03T02:59:00.000-0000","begin":"2023-08-12T23:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Lessons learned when building a Maritime Systems Security Laboratory Testbench","end_timestamp":{"seconds":1691884800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1690423020,"nanoseconds":0},"speakers":[{"content_ids":[51492],"conference_id":96,"event_ids":[51648],"name":"Brien Croteau","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50543}],"timeband_id":991,"links":[],"end":"2023-08-13T00:00:00.000-0000","id":51648,"tag_ids":[40306,45645,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691883000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50543}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 313-319 - ICS Village","hotel":"","short_name":"Alliance - 313-319 - ICS Village","id":45869},"spans_timebands":"N","begin":"2023-08-12T23:30:00.000-0000","updated":"2023-07-27T01:57:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Just like there's more than one way to peel a banana, there’s more than one way to protect a computer network from being pwned. Cyber threats against America’s pipelines, railroads and aviation system are increasing, and the Transportation Security Administration – with support from the White House, the Cybersecurity and Infrastructure Security Agency and Congress – is hacking traditional cybersecurity policy to improve resiliency for the growing connected transportation sector. How? TSA isn’t telling regulated parties exactly the ways they should secure their own systems. Instead, the agency is asking them to produce and provide plans for ensuring they protect their critical assets.\r\n\r\nAmerica’s adversaries are sophisticated, and TSA needs help from the hacking community to think creatively about future attacks, to identify new vulnerabilities, and to provide innovative new ways of measuring success. This talk will tell you what TSA is seeing, gives you a chance to offer us advice, and to learn specific ways in which you can contribute to new projects. Because always in motion the future is.\n\n\n","title":"All information looks like noise until you break the code: Futureproofing the transportation sector","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691885700,"nanoseconds":0},"android_description":"Just like there's more than one way to peel a banana, there’s more than one way to protect a computer network from being pwned. Cyber threats against America’s pipelines, railroads and aviation system are increasing, and the Transportation Security Administration – with support from the White House, the Cybersecurity and Infrastructure Security Agency and Congress – is hacking traditional cybersecurity policy to improve resiliency for the growing connected transportation sector. How? TSA isn’t telling regulated parties exactly the ways they should secure their own systems. Instead, the agency is asking them to produce and provide plans for ensuring they protect their critical assets.\r\n\r\nAmerica’s adversaries are sophisticated, and TSA needs help from the hacking community to think creatively about future attacks, to identify new vulnerabilities, and to provide innovative new ways of measuring success. This talk will tell you what TSA is seeing, gives you a chance to offer us advice, and to learn specific ways in which you can contribute to new projects. Because always in motion the future is.","updated_timestamp":{"seconds":1688175960,"nanoseconds":0},"speakers":[{"content_ids":[50640,52153],"conference_id":96,"event_ids":[50841,52383],"name":"David Pekoske","affiliations":[{"organization":"Transportation Security Administration (TSA)","title":"Administrator"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/TSA_Pekoske"}],"pronouns":"he/him","media":[],"id":49914,"title":"Administrator at Transportation Security Administration (TSA)"},{"content_ids":[50640,50658,51524],"conference_id":96,"event_ids":[50841,50849,51680],"name":"Jen Easterly","affiliations":[{"organization":"Cybersecurity and Infrastructure Security Agency (CISA)","title":"Director"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@CISAJen"}],"pronouns":"she/her","media":[],"id":49915,"title":"Director at Cybersecurity and Infrastructure Security Agency (CISA)"},{"content_ids":[50640],"conference_id":96,"event_ids":[50841],"name":"Kevin Collier","affiliations":[{"organization":"NBC","title":""}],"links":[],"pronouns":null,"media":[],"id":50687,"title":"NBC"}],"timeband_id":991,"links":[{"label":"TSA Security Roadmap","type":"link","url":"https://www.tsa.gov/sites/default/files/tsa_cybersecurity_roadmap.pdf"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246094"},{"label":"TSA Security Directives and Emergency Amendments","type":"link","url":"https://www.tsa.gov/sd-and-ea"}],"end":"2023-08-13T00:15:00.000-0000","id":50841,"begin_timestamp":{"seconds":1691883000,"nanoseconds":0},"tag_ids":[45589,45646,45766],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49914},{"tag_id":45590,"sort_order":1,"person_id":49915},{"tag_id":45631,"sort_order":2,"person_id":50687}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 407-410 - Track 4","hotel":"","short_name":"Academy - 407-410 - Track 4","id":45799},"begin":"2023-08-12T23:30:00.000-0000","updated":"2023-07-01T01:46:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In the year since the Supreme Court overturned federal legal protections for reproductive rights, people seeking, providing, and supporting reproductive healthcare are grappling with the challenges of digital surveillance. Multiple services and apps track our movements and communications, and that data can be used by law enforcement and private parties to police and punish abortion access. Lawsuits and prosecutions are already underway and are likely to increase as states continue to pass or expand anti-abortion laws and undermine legal protections for online expression and privacy.\r\n\r\nBut the fight is far from over. At the state and federal level, lawmakers, activists, and technologists are taking steps to establish and shore up legal and practical protections for secure and private healthcare access.\r\n\r\nThis panel brings together legal and security experts to lead a discussion about defending reproductive justice in the digital age Ð what has already been accomplished, whatÕs coming, and how hackers can help. It will build on and update a discussion held last year, also led by EFF and DDF.\r\n\r\nREFERENCES:\r\nhttps://www.eff.org/issues/reproductive-rights\r\nhttps://www.eff.org/deeplinks/2023/03/texas-bill-would-systematically-silence-anyone-who-dares-talk-about-abortion-pills\r\nhttps://www.eff.org/deeplinks/2023/02/eff-backs-california-bill-protect-people-seeking-abortion-and-gender-affirming\r\nhttps://www.eff.org/deeplinks/2022/09/automated-license-plate-readers-threaten-abortion-access-heres-how-policymakers\r\nhttps://www.eff.org/deeplinks/2022/08/nonprofit-websites-are-full-of-trackers-that-should-change\r\nhttps://www.ifwhenhow.org/resources/self-care-criminalized-preliminary-findings/\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"title":"Abortion Access in the Age of Surveillance","android_description":"In the year since the Supreme Court overturned federal legal protections for reproductive rights, people seeking, providing, and supporting reproductive healthcare are grappling with the challenges of digital surveillance. Multiple services and apps track our movements and communications, and that data can be used by law enforcement and private parties to police and punish abortion access. Lawsuits and prosecutions are already underway and are likely to increase as states continue to pass or expand anti-abortion laws and undermine legal protections for online expression and privacy.\r\n\r\nBut the fight is far from over. At the state and federal level, lawmakers, activists, and technologists are taking steps to establish and shore up legal and practical protections for secure and private healthcare access.\r\n\r\nThis panel brings together legal and security experts to lead a discussion about defending reproductive justice in the digital age Ð what has already been accomplished, whatÕs coming, and how hackers can help. It will build on and update a discussion held last year, also led by EFF and DDF.\r\n\r\nREFERENCES:\r\nhttps://www.eff.org/issues/reproductive-rights\r\nhttps://www.eff.org/deeplinks/2023/03/texas-bill-would-systematically-silence-anyone-who-dares-talk-about-abortion-pills\r\nhttps://www.eff.org/deeplinks/2023/02/eff-backs-california-bill-protect-people-seeking-abortion-and-gender-affirming\r\nhttps://www.eff.org/deeplinks/2022/09/automated-license-plate-readers-threaten-abortion-access-heres-how-policymakers\r\nhttps://www.eff.org/deeplinks/2022/08/nonprofit-websites-are-full-of-trackers-that-should-change\r\nhttps://www.ifwhenhow.org/resources/self-care-criminalized-preliminary-findings/","end_timestamp":{"seconds":1691885700,"nanoseconds":0},"updated_timestamp":{"seconds":1690041960,"nanoseconds":0},"speakers":[{"content_ids":[50639,50661],"conference_id":96,"event_ids":[50819,50822],"name":"Corynne McSherry","affiliations":[{"organization":"Electronic Frontier Foundation","title":"Legal Director"}],"pronouns":"she/her","links":[{"description":"","title":"About","sort_order":0,"url":"https://www.eff.org/about/staff/corynne-mcsherry"},{"description":"","title":"Mastodon (@cmcsherr@sfba.social)","sort_order":0,"url":"https://sfba.social/@cmcsherr"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/cmcsherr"}],"media":[],"id":49908,"title":"Legal Director at Electronic Frontier Foundation"},{"content_ids":[50661],"conference_id":96,"event_ids":[50822],"name":"Kate Bertash","affiliations":[{"organization":"Digital Defense Fund","title":"Founder"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@katerosebee"}],"pronouns":"she/her","media":[],"id":49952,"title":"Founder at Digital Defense Fund"},{"content_ids":[50661],"conference_id":96,"event_ids":[50822],"name":"Daly Barnett","affiliations":[{"organization":"Electronic Frontier Foundation","title":"Staff Technologist"}],"links":[],"pronouns":"she/her","media":[],"id":49953,"title":"Staff Technologist at Electronic Frontier Foundation"},{"content_ids":[50661,51513],"conference_id":96,"event_ids":[50822,51669],"name":"India McKinney","affiliations":[{"organization":"Electronic Frontier Foundation","title":"Director of Federal Affairs"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@imck82"}],"pronouns":"she/her","media":[],"id":49954,"title":"Director of Federal Affairs at Electronic Frontier Foundation"}],"timeband_id":991,"end":"2023-08-13T00:15:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246114"},{"label":"Digital Defense Fund","type":"link","url":"https://www.digitaldefensefund.org"},{"label":"EFF","type":"link","url":"https://www.eff.org"}],"id":50822,"village_id":null,"begin_timestamp":{"seconds":1691883000,"nanoseconds":0},"tag_ids":[45589,45646,45766],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49908},{"tag_id":45590,"sort_order":1,"person_id":49953},{"tag_id":45590,"sort_order":1,"person_id":49954},{"tag_id":45590,"sort_order":1,"person_id":49952}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 130-134 - Track 3","hotel":"","short_name":"Forum - 130-134 - Track 3","id":45798},"begin":"2023-08-12T23:30:00.000-0000","updated":"2023-07-22T16:06:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"What can a website do? So many things these days. But, have you ever considered that it can port scan your LAN? It will fingerprint you with pinpoint precision and uncover hidden internal devices. Surely, a browser wouldn't allow that?\r\n\r\nWith this presentation, I will introduce a short primer on timing-based, browser-based port scanning using Fetch. Based on this primer, I will discuss three techniques that can scan open ports on the localhost, a NAT router’s presence on the LAN, and open ports of the clients on the LAN. A demo of the proof of concept exploit will be provided, with closing remarks on possible mitigation strategies.\r\n\r\nREFERENCES:\r\n\r\n[1] https://blog.nem.ec/2020/05/24/ebay-port-scanning/\r\n[2] https://www.bleepingcomputer.com/news/security/list-of-well-known-web-sites-that-port-scan-their-visitors/\r\n[3] https://www.crunchbase.com/organization/threatmetrix\r\n[4] https://coveryourtracks.eff.org/learn\r\n[5] https://web.archive.org/web/20060813034434/http://www.spidynamics.com/assets/documents/JSportscan.pdf\r\n[6] https://github.com/Flu1dTeam/PortScanner\r\n[7] https://medium.com/tenable-techblog/using-webrtc-ice-servers-for-port-scanning-in-chrome-ce17b19dd474\r\n[8] https://www.incolumitas.com/2021/01/10/browser-based-port-scanning/\r\n[9] https://docs.google.com/document/d/1a8sUFQsbN5uve7ziW61ATkrFr3o9A-Tiyw8ig6T3puA/edit\r\n[10] https://developer.chrome.com/articles/cors-rfc1918-feedback/\r\n[11] https://wicg.github.io/local-network-access/\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"title":"Your Clocks Have Ears — Timing-Based Browser-Based Local Network Port Scanner","android_description":"What can a website do? So many things these days. But, have you ever considered that it can port scan your LAN? It will fingerprint you with pinpoint precision and uncover hidden internal devices. Surely, a browser wouldn't allow that?\r\n\r\nWith this presentation, I will introduce a short primer on timing-based, browser-based port scanning using Fetch. Based on this primer, I will discuss three techniques that can scan open ports on the localhost, a NAT router’s presence on the LAN, and open ports of the clients on the LAN. A demo of the proof of concept exploit will be provided, with closing remarks on possible mitigation strategies.\r\n\r\nREFERENCES:\r\n\r\n[1] https://blog.nem.ec/2020/05/24/ebay-port-scanning/\r\n[2] https://www.bleepingcomputer.com/news/security/list-of-well-known-web-sites-that-port-scan-their-visitors/\r\n[3] https://www.crunchbase.com/organization/threatmetrix\r\n[4] https://coveryourtracks.eff.org/learn\r\n[5] https://web.archive.org/web/20060813034434/http://www.spidynamics.com/assets/documents/JSportscan.pdf\r\n[6] https://github.com/Flu1dTeam/PortScanner\r\n[7] https://medium.com/tenable-techblog/using-webrtc-ice-servers-for-port-scanning-in-chrome-ce17b19dd474\r\n[8] https://www.incolumitas.com/2021/01/10/browser-based-port-scanning/\r\n[9] https://docs.google.com/document/d/1a8sUFQsbN5uve7ziW61ATkrFr3o9A-Tiyw8ig6T3puA/edit\r\n[10] https://developer.chrome.com/articles/cors-rfc1918-feedback/\r\n[11] https://wicg.github.io/local-network-access/","end_timestamp":{"seconds":1691884200,"nanoseconds":0},"updated_timestamp":{"seconds":1688183940,"nanoseconds":0},"speakers":[{"content_ids":[50676],"conference_id":96,"event_ids":[50778],"name":"Dongsung “Donny” Kim","affiliations":[{"organization":"Security Office part of Truesec","title":"IT-Security Expert"}],"pronouns":"they/them","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@kid1ng"},{"description":"","title":"Website","sort_order":0,"url":"https://kidi.ng"}],"media":[],"id":49974,"title":"IT-Security Expert at Security Office part of Truesec"}],"timeband_id":991,"end":"2023-08-12T23:50:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246129"}],"id":50778,"tag_ids":[45589,45592,45629,45630,45646,45766],"begin_timestamp":{"seconds":1691883000,"nanoseconds":0},"village_id":null,"includes":"Exploit 🪲, Demo 💻, Tool 🛠","people":[{"tag_id":45590,"sort_order":1,"person_id":49974}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 105,135,136 - Track 1","hotel":"","short_name":"Forum - 105,135,136 - Track 1","id":45796},"spans_timebands":"N","begin":"2023-08-12T23:30:00.000-0000","updated":"2023-07-01T03:59:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Riding with the Chollimas: Our 100-Day Quest to Identify a North Korean State-Sponsored Threat Actor","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691885100,"nanoseconds":0},"updated_timestamp":{"seconds":1689553080,"nanoseconds":0},"speakers":[{"content_ids":[51311],"conference_id":96,"event_ids":[51373],"name":"Mauro Eldritch","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@mauroeldritch"}],"pronouns":null,"media":[],"id":50463}],"timeband_id":991,"links":[],"end":"2023-08-13T00:05:00.000-0000","id":51373,"tag_ids":[40293,45645,45649,45743],"begin_timestamp":{"seconds":1691882400,"nanoseconds":0},"village_id":59,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50463}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social B and C - Recon Village","hotel":"","short_name":"Social B and C - Recon Village","id":45737},"spans_timebands":"N","updated":"2023-07-17T00:18:00.000-0000","begin":"2023-08-12T23:20:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"I will discuss real-world equipment hacks caused by nation-state actors attacking humans and ways to mitigate similar impacts. Examples will cover a range of laboratory equipment, including research labs and industrial manufacturing facilities. In this talk, we will explore the common causes of laboratory and OT equipment breaches caused by human error, including misconfiguration, misuse, and malicious actions. We will examine the potential consequences of such failures, including data loss, damage to equipment, and even injury. I will also present a range of strategies for preventing such issues, including implementing standard operating procedures with a security focus, using equipment monitoring systems, and adopting best practices for equipment architecture.\n\n\n","title":"FaFo: Laboratory Physical and ICS (Warning: not for the faint of heart)","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"I will discuss real-world equipment hacks caused by nation-state actors attacking humans and ways to mitigate similar impacts. Examples will cover a range of laboratory equipment, including research labs and industrial manufacturing facilities. In this talk, we will explore the common causes of laboratory and OT equipment breaches caused by human error, including misconfiguration, misuse, and malicious actions. We will examine the potential consequences of such failures, including data loss, damage to equipment, and even injury. I will also present a range of strategies for preventing such issues, including implementing standard operating procedures with a security focus, using equipment monitoring systems, and adopting best practices for equipment architecture.","end_timestamp":{"seconds":1691885400,"nanoseconds":0},"updated_timestamp":{"seconds":1689117300,"nanoseconds":0},"speakers":[{"content_ids":[51054,51056,52229],"conference_id":96,"event_ids":[51086,51088,52479],"name":"Nathan Case","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50235}],"timeband_id":991,"links":[],"end":"2023-08-13T00:10:00.000-0000","id":51086,"begin_timestamp":{"seconds":1691881800,"nanoseconds":0},"village_id":68,"tag_ids":[45645,45647,45717],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50235}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Laughlin I,II,III - Biohacking Village","hotel":"","short_name":"Laughlin I,II,III - Biohacking Village","id":45663},"spans_timebands":"N","updated":"2023-07-11T23:15:00.000-0000","begin":"2023-08-12T23:10:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Glad Scientist (Daniel Sabio) is a Puerto Rican conceptual new media artist and creative technologist living and working in Barcelona, ES.\r\n\r\nMost well-known for their audiovisual performances, their work ranges from VR modular synth performances and multichannel sound installations to brain/heart controlled artworks and video game experiences, with the chosen medium being a reflection of the concept.\r\n\r\nFor nearly 10 years, the artist’s work has been welcomed at diverse festivals including Ars Electronica, ISEA, SXSW, Bass Coast, VRHAM!, FILE, LEV, and DreamHack, among others. It has been awarded placement in Oculus Launchpad, Art Omi: Music Fellowship, Berlin Sessions Residency, UNCSA METL Immersive Storytelling Residency, ARTnSHELTER Residency, and Zoo Labs Music Accelerator.\r\n\r\nAs a local organizer they founded Art in Tech Atlanta and are a founding member of Volta Laboratory Social Club, a music label and cornerstone in the Atlanta underground music scene. They have been invited to speak at Google DevFest, IAM Weekend, Chaos Communication Congress, and Tate Modern.\r\n\r\nIn professional realms they are a former member of Envoy Chicago (Leviathan), Cosmic Lab in Osaka, IMRSV in Berlin, and contribute as needed to Ommatidium Studios in Edmonton.\n\n\n","title":"Glad Scientist | Village Vibes Immersive Performance, a data-driven real time audiovisual VR performance","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691881200,"nanoseconds":0},"android_description":"The Glad Scientist (Daniel Sabio) is a Puerto Rican conceptual new media artist and creative technologist living and working in Barcelona, ES.\r\n\r\nMost well-known for their audiovisual performances, their work ranges from VR modular synth performances and multichannel sound installations to brain/heart controlled artworks and video game experiences, with the chosen medium being a reflection of the concept.\r\n\r\nFor nearly 10 years, the artist’s work has been welcomed at diverse festivals including Ars Electronica, ISEA, SXSW, Bass Coast, VRHAM!, FILE, LEV, and DreamHack, among others. It has been awarded placement in Oculus Launchpad, Art Omi: Music Fellowship, Berlin Sessions Residency, UNCSA METL Immersive Storytelling Residency, ARTnSHELTER Residency, and Zoo Labs Music Accelerator.\r\n\r\nAs a local organizer they founded Art in Tech Atlanta and are a founding member of Volta Laboratory Social Club, a music label and cornerstone in the Atlanta underground music scene. They have been invited to speak at Google DevFest, IAM Weekend, Chaos Communication Congress, and Tate Modern.\r\n\r\nIn professional realms they are a former member of Envoy Chicago (Leviathan), Cosmic Lab in Osaka, IMRSV in Berlin, and contribute as needed to Ommatidium Studios in Edmonton.","updated_timestamp":{"seconds":1691357100,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-12T23:00:00.000-0000","id":52582,"tag_ids":[40311,45646,45743,45775],"begin_timestamp":{"seconds":1691881200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 206 - XR Village","hotel":"","short_name":"Summit - 206 - XR Village","id":45860},"begin":"2023-08-12T23:00:00.000-0000","updated":"2023-08-06T21:25:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.\n\n\n","title":"Intro to Lockpicking","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691883000,"nanoseconds":0},"android_description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.","updated_timestamp":{"seconds":1691288580,"nanoseconds":0},"speakers":[{"content_ids":[52282],"conference_id":96,"event_ids":[52546,52553,52554,52555,52556,52557,52558],"name":"TOOOL","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51513}],"timeband_id":991,"links":[],"end":"2023-08-12T23:30:00.000-0000","id":52556,"tag_ids":[40309,45649,45743,45775],"begin_timestamp":{"seconds":1691881200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51513}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45753,"name":"LINQ - 5th Floor / BLOQ - Lockpick Village","hotel":"","short_name":"5th Floor / BLOQ - Lockpick Village","id":45873},"updated":"2023-08-06T02:23:00.000-0000","begin":"2023-08-12T23:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Diameter CTF","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691257260,"nanoseconds":0},"speakers":[{"content_ids":[52238,52239,52241,52242],"conference_id":96,"event_ids":[52493,52494,52496,52497,52500,52501],"name":"Zibran Sayyed","affiliations":[{"organization":"","title":"Sr. Security Consultant Telecom"}],"links":[],"pronouns":null,"media":[],"id":51522,"title":"Sr. Security Consultant Telecom"},{"content_ids":[52243,52238,52239,52241,52242],"conference_id":96,"event_ids":[52493,52494,52496,52497,52500,52501,52498],"name":"Akib Sayyed","affiliations":[{"organization":"Matrix Shell Technologies Prviate Limited","title":"Director"}],"links":[],"pronouns":null,"media":[],"id":51524,"title":"Director at Matrix Shell Technologies Prviate Limited"}],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52497,"begin_timestamp":{"seconds":1691881200,"nanoseconds":0},"village_id":72,"tag_ids":[40304,45647,45743,45775],"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":51524},{"tag_id":45633,"sort_order":1,"person_id":51522}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Virginia City - Telecom Village","hotel":"","short_name":"Virginia City - Telecom Village","id":45723},"spans_timebands":"N","updated":"2023-08-05T17:41:00.000-0000","begin":"2023-08-12T23:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"We announce winners for the Make Your Own Use, and Hardware Hacking Rube Goldberg Machine contests and hand out prizes.\n\n\n","title":"Hardware Hacking Village Prize Ceremony","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691883000,"nanoseconds":0},"android_description":"We announce winners for the Make Your Own Use, and Hardware Hacking Rube Goldberg Machine contests and hand out prizes.","updated_timestamp":{"seconds":1691252220,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-12T23:30:00.000-0000","id":52490,"begin_timestamp":{"seconds":1691881200,"nanoseconds":0},"tag_ids":[40287,45645,45646,45743],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 311-312 - Hardware/Soldering Vlgs","hotel":"","short_name":"Alliance - 311-312 - Hardware/Soldering Vlgs","id":45868},"spans_timebands":"N","updated":"2023-08-05T16:17:00.000-0000","begin":"2023-08-12T23:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Quantum Music is a new paradigm of art, part of the new wave of ‘Quantum Art’ that we shall be showcasing with a live performance from Scott Oshiro! In the run up to this, Mark will show us how to embed quantum simulators (and quantum computer connections) into everyday musical apparatus… from quantum enabled MIDI to a quantum stylophone and more!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"Quantum Music Workshop: Build Your Own Quantum Synthesizer!","end_timestamp":{"seconds":1691884800,"nanoseconds":0},"android_description":"Quantum Music is a new paradigm of art, part of the new wave of ‘Quantum Art’ that we shall be showcasing with a live performance from Scott Oshiro! In the run up to this, Mark will show us how to embed quantum simulators (and quantum computer connections) into everyday musical apparatus… from quantum enabled MIDI to a quantum stylophone and more!","updated_timestamp":{"seconds":1691108940,"nanoseconds":0},"speakers":[{"content_ids":[52033,52176,52178,52182,52188,52190,52191],"conference_id":96,"event_ids":[52249,52424,52426,52430,52436,52438,52439],"name":"Mark Carney","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51260}],"timeband_id":991,"links":[],"end":"2023-08-13T00:00:00.000-0000","id":52436,"village_id":null,"tag_ids":[40291,45649,45743,45775],"begin_timestamp":{"seconds":1691881200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51260}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Quantum Village","hotel":"","short_name":"Quantum Village","id":45741},"spans_timebands":"N","begin":"2023-08-12T23:00:00.000-0000","updated":"2023-08-04T00:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Cocktail hour for the Quantum curious and creative.\r\n\r\nCome and join us for some complimentary drinks with like-minded hackers. Come along and listen to - or even make! - quantum music.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Quantini Time! Cocktail hour for the Quantum curious and creative","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"Cocktail hour for the Quantum curious and creative.\r\n\r\nCome and join us for some complimentary drinks with like-minded hackers. Come along and listen to - or even make! - quantum music.","updated_timestamp":{"seconds":1691108880,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52435,"tag_ids":[40291,45649,45743,45775],"begin_timestamp":{"seconds":1691881200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Quantum Village","hotel":"","short_name":"Quantum Village","id":45741},"spans_timebands":"N","begin":"2023-08-12T23:00:00.000-0000","updated":"2023-08-04T00:28:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"“What are the legal risks to a user/security enthusiast when performing prompt injection attacks?” That is the question this talk attempts to answer.\r\n\r\nPrompt injection has frequently been compared to SQL injection or remote code execution. This comparison is warranted because the adversary in prompt injection is exploiting that the input to the LLM does not explicitly bound the data and the instruction: it is all garbled in natural language. So, if SQL injection is prohibited by the law in most circumstances, what about prompt injection?\r\n\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Ignore the Law: The Legal Risks of Prompt Injection Attacks on Large Language Models","end_timestamp":{"seconds":1691882700,"nanoseconds":0},"android_description":"“What are the legal risks to a user/security enthusiast when performing prompt injection attacks?” That is the question this talk attempts to answer.\r\n\r\nPrompt injection has frequently been compared to SQL injection or remote code execution. This comparison is warranted because the adversary in prompt injection is exploiting that the input to the LLM does not explicitly bound the data and the instruction: it is all garbled in natural language. So, if SQL injection is prohibited by the law in most circumstances, what about prompt injection?","updated_timestamp":{"seconds":1691031540,"nanoseconds":0},"speakers":[{"content_ids":[52051,52060],"conference_id":96,"event_ids":[52270,52279],"name":"Ram Shankar Siva Kumar","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51292}],"timeband_id":991,"links":[],"end":"2023-08-12T23:25:00.000-0000","id":52279,"tag_ids":[40299,45645,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691881200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51292}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 401-406 - AI Village","hotel":"","short_name":"Academy - 401-406 - AI Village","id":45870},"spans_timebands":"N","begin":"2023-08-12T23:00:00.000-0000","updated":"2023-08-03T02:59:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Come on over to join a full takeover of the CPV space, take cute selfies everywhere, and see all our old and new faces for a two hour celebration at CPV!!! We'll see what we can pull off.\r\n\r\nWe have speakers and microphones so we'll make usage of them, maybe we'll sort people by what year they joined us because it's fun, who knows? We just want to see everyone's lovely faces, we wish we could see you all more often! A group photo with people who want to be part of one perhaps?\r\n\r\nLogistics: Sadly, we can't offer food or drink for many reasons including hotel. Eat beforehand or afterwards! We'll try to not demolish the CPV Stage chairs (too much) so talks can continue after.","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"CPV Ten Year Anniversary Gathering","android_description":"Come on over to join a full takeover of the CPV space, take cute selfies everywhere, and see all our old and new faces for a two hour celebration at CPV!!! We'll see what we can pull off.\r\n\r\nWe have speakers and microphones so we'll make usage of them, maybe we'll sort people by what year they joined us because it's fun, who knows? We just want to see everyone's lovely faces, we wish we could see you all more often! A group photo with people who want to be part of one perhaps?\r\n\r\nLogistics: Sadly, we can't offer food or drink for many reasons including hotel. Eat beforehand or afterwards! We'll try to not demolish the CPV Stage chairs (too much) so talks can continue after.","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1691026260,"nanoseconds":0},"speakers":[{"content_ids":[52022,52029,52030,52031,52037,52040,52043],"conference_id":96,"event_ids":[52238,52247,52246,52245,52253,52259,52256,52260,52261,52262],"name":"CPV Staff","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51254}],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52259,"tag_ids":[40308,45647,45743,45775],"begin_timestamp":{"seconds":1691881200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51254}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset - Vista - Crypto & Privacy Village","hotel":"","short_name":"Sunset - Vista - Crypto & Privacy Village","id":45702},"updated":"2023-08-03T01:31:00.000-0000","begin":"2023-08-12T23:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Join me as I share my tech journey!\r\n\r\nI will share a brief insight of my origin, what sparked my interest in technology and the path that led me to where I am today! I'll reveal some of the exciting hacks and experiences I've had with friends along the way. I'll take you behind the scenes, sharing where and how I spend countless hours connecting and learning about Cybersecurity.\r\n\r\nI will also share my exciting growing community \"OWLsec\", which came to life with the help of amazing individuals!\n\n\n","title":"BIC Village Closing Keynote","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691884200,"nanoseconds":0},"android_description":"Join me as I share my tech journey!\r\n\r\nI will share a brief insight of my origin, what sparked my interest in technology and the path that led me to where I am today! I'll reveal some of the exciting hacks and experiences I've had with friends along the way. I'll take you behind the scenes, sharing where and how I spend countless hours connecting and learning about Cybersecurity.\r\n\r\nI will also share my exciting growing community \"OWLsec\", which came to life with the help of amazing individuals!","updated_timestamp":{"seconds":1690937820,"nanoseconds":0},"speakers":[{"content_ids":[52009],"conference_id":96,"event_ids":[52204],"name":"Kevin Roberts","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51216}],"timeband_id":991,"links":[],"end":"2023-08-12T23:50:00.000-0000","id":52204,"tag_ids":[40281,45645,45646,45743],"begin_timestamp":{"seconds":1691881200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51216}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 301-304 - Blacks in Cyber Village","hotel":"","short_name":"Alliance - 301-304 - Blacks in Cyber Village","id":45865},"updated":"2023-08-02T00:57:00.000-0000","begin":"2023-08-12T23:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"With most cyber attacks and incidents involving social engineering, security culture is hugely influential in cyber security prevention and response. Your security culture is the foundation of your security posture, influencing whether people value cyber security, engage in awareness-raising training and report incidents and concerns. In this panel discussion, we will explore:\r\n\r\n - What cyber security culture is\r\n - How you can build an effective awareness-raising program\r\n - Different ways to approach phishing simulations\r\n - Practical steps to positively influence cyber security behaviors\r\n\r\nJoin us as we debate how to best protect the number one vector in cyber attacks: people.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d653b1","updated_at":"2024-06-07T03:38+0000","name":"Village Panel","id":45771},"title":"Building an Effective Security Culture Program","android_description":"With most cyber attacks and incidents involving social engineering, security culture is hugely influential in cyber security prevention and response. Your security culture is the foundation of your security posture, influencing whether people value cyber security, engage in awareness-raising training and report incidents and concerns. In this panel discussion, we will explore:\r\n\r\n - What cyber security culture is\r\n - How you can build an effective awareness-raising program\r\n - Different ways to approach phishing simulations\r\n - Practical steps to positively influence cyber security behaviors\r\n\r\nJoin us as we debate how to best protect the number one vector in cyber attacks: people.","end_timestamp":{"seconds":1691884800,"nanoseconds":0},"updated_timestamp":{"seconds":1690591620,"nanoseconds":0},"speakers":[{"content_ids":[51549],"conference_id":96,"event_ids":[51718],"name":"Jessica Barker","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/jessica-barker/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/drjessicabarker"},{"description":"","title":"YouTube","sort_order":0,"url":"https://www.youtube.com/@drjessicabarker"}],"pronouns":null,"media":[],"id":50691},{"content_ids":[51549],"conference_id":96,"event_ids":[51718],"name":"Maxie Reynolds","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/maxiereynolds/"}],"media":[],"id":50693},{"content_ids":[51549],"conference_id":96,"event_ids":[51718],"name":"Rebecca Markwick","affiliations":[{"organization":"","title":"Enterprise Cyber Security Awareness and Culture Lead"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/rebecca-markwick/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/BexMarkwick"}],"pronouns":null,"media":[],"id":50695,"title":"Enterprise Cyber Security Awareness and Culture Lead"},{"content_ids":[51549],"conference_id":96,"event_ids":[51718],"name":"Sam Davison","affiliations":[{"organization":"Etsy","title":"Head of Security and Privacy Engineering"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Sam_E_Davison"}],"media":[],"id":50696,"title":"Head of Security and Privacy Engineering at Etsy"}],"timeband_id":991,"links":[{"label":"More Information","type":"link","url":"https://www.se.community/presentations/#barker"}],"end":"2023-08-13T00:00:00.000-0000","id":51718,"tag_ids":[40302,45649,45743,45771],"village_id":null,"begin_timestamp":{"seconds":1691881200,"nanoseconds":0},"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":50691},{"tag_id":45632,"sort_order":1,"person_id":50693},{"tag_id":45632,"sort_order":1,"person_id":50695},{"tag_id":45632,"sort_order":1,"person_id":50696}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social A - Social Engineering Community","hotel":"","short_name":"Social A - Social Engineering Community","id":45736},"spans_timebands":"N","begin":"2023-08-12T23:00:00.000-0000","updated":"2023-07-29T00:47:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Join us at DEF CON to mingle and network with privacy and security professionals. Also, consider becoming part of the WISP Tandems Mentoring program. It's our peer-to-peer mentorship program, which connects you with a partner who has a different background, expertise, and a different network. Why? We believe that you bring unique value to your women peers, no matter which career stage you're at. Knowledge is fluent, and leadership manifests at every career level. You can find your Tandem partner right here and sign up to be matched in our next round of the program!\n\n\n","title":"WISP Peer-to-Peer Mentoring and Networking","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d1c366","name":"Meetup","id":45639},"end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"Join us at DEF CON to mingle and network with privacy and security professionals. Also, consider becoming part of the WISP Tandems Mentoring program. It's our peer-to-peer mentorship program, which connects you with a partner who has a different background, expertise, and a different network. Why? We believe that you bring unique value to your women peers, no matter which career stage you're at. Knowledge is fluent, and leadership manifests at every career level. You can find your Tandem partner right here and sign up to be matched in our next round of the program!","updated_timestamp":{"seconds":1690576920,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":51700,"village_id":null,"begin_timestamp":{"seconds":1691881200,"nanoseconds":0},"tag_ids":[45639,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 217 - WISP","hotel":"","short_name":"Summit - 217 - WISP","id":45861},"spans_timebands":"N","updated":"2023-07-28T20:42:00.000-0000","begin":"2023-08-12T23:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Open source software is the backbone of the Internet. As a public good, open source software has enabled tremendous innovations -- and our government and companies alike have a role to play in sustaining it. In this fireside chat, White House Assistant National Cyber Director Anjana Rajan and CISA Senior Technical Advisor Jack Cable will present an overview of the US government's strategy on open source software security. The Federal government is the biggest user of open source software in the world, and we recognize that we must do our part in contributing back to the open source community. Priority areas for the U.S. government include advancing the adoption of memory-safe programming languages, reforming CVE, understanding software prevalence, and building a software developer workforce of the future by integrating security into computer science curricula. As part of this, we need your help in getting it right. How can the government best support OSS community efforts? What should the government NOT be doing? It's all on the table, and we look to work with you to ensure a secure, sustainable, and resilient OSS future.\n\n\n","title":"We're From the Government and We're Here to Help Secure Open Source Software","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d653b1","name":"Village Panel","id":45771},"end_timestamp":{"seconds":1691887800,"nanoseconds":0},"android_description":"Open source software is the backbone of the Internet. As a public good, open source software has enabled tremendous innovations -- and our government and companies alike have a role to play in sustaining it. In this fireside chat, White House Assistant National Cyber Director Anjana Rajan and CISA Senior Technical Advisor Jack Cable will present an overview of the US government's strategy on open source software security. The Federal government is the biggest user of open source software in the world, and we recognize that we must do our part in contributing back to the open source community. Priority areas for the U.S. government include advancing the adoption of memory-safe programming languages, reforming CVE, understanding software prevalence, and building a software developer workforce of the future by integrating security into computer science curricula. As part of this, we need your help in getting it right. How can the government best support OSS community efforts? What should the government NOT be doing? It's all on the table, and we look to work with you to ensure a secure, sustainable, and resilient OSS future.","updated_timestamp":{"seconds":1690431780,"nanoseconds":0},"speakers":[{"content_ids":[51523],"conference_id":96,"event_ids":[51679],"name":"Anjana Rajan","affiliations":[{"organization":"The White House","title":"Assistant National Cyber Director for Technology Security"}],"links":[],"pronouns":null,"media":[],"id":50574,"title":"Assistant National Cyber Director for Technology Security at The White House"},{"content_ids":[51523],"conference_id":96,"event_ids":[51679],"name":"Brian Behlendorf","affiliations":[{"organization":"Open Source Security Foundation","title":""}],"links":[],"pronouns":null,"media":[],"id":50582,"title":"Open Source Security Foundation"},{"content_ids":[51502,51510,51523],"conference_id":96,"event_ids":[51658,51666,51679],"name":"Charlie Gladstone","affiliations":[{"organization":"UK Department for Science, Innovation, and Technology","title":""}],"links":[],"pronouns":null,"media":[],"id":50588,"title":"UK Department for Science, Innovation, and Technology"},{"content_ids":[51503,51523,51524],"conference_id":96,"event_ids":[51659,51679,51680],"name":"Jack Cable","affiliations":[{"organization":"Cybersecurity and Infrastructure Security Agency (CISA)","title":"Senior Technical Advisor"}],"links":[],"pronouns":null,"media":[],"id":50609,"title":"Senior Technical Advisor at Cybersecurity and Infrastructure Security Agency (CISA)"}],"timeband_id":991,"end":"2023-08-13T00:50:00.000-0000","links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"id":51679,"begin_timestamp":{"seconds":1691881200,"nanoseconds":0},"tag_ids":[40310,45646,45743,45771],"village_id":null,"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":50574},{"tag_id":45632,"sort_order":1,"person_id":50582},{"tag_id":45632,"sort_order":1,"person_id":50588},{"tag_id":45632,"sort_order":1,"person_id":50609}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 218-219 - Policy Rotunda","hotel":"","short_name":"Summit - 218-219 - Policy Rotunda","id":45824},"spans_timebands":"N","updated":"2023-07-27T04:23:00.000-0000","begin":"2023-08-12T23:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"2023 is a significant year for the IoT, with the Cyber Resilience Act in the EU and the Product Security and Telecommunications Infrastructure Bill in the UK, as well as labelling approaches in the US and Singapore. With new regulation, there is always a threat that the 'floor' will become a 'ceiling' in the levels of security. This panel will feature speakers from across policy, industry and the hacker community to discuss what steps policy makers should take to address this live challenge.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d653b1","name":"Village Panel","id":45771},"title":"How do you solve a problem like Mirai - establishing a policy baseline for the IoT around the world","android_description":"2023 is a significant year for the IoT, with the Cyber Resilience Act in the EU and the Product Security and Telecommunications Infrastructure Bill in the UK, as well as labelling approaches in the US and Singapore. With new regulation, there is always a threat that the 'floor' will become a 'ceiling' in the levels of security. This panel will feature speakers from across policy, industry and the hacker community to discuss what steps policy makers should take to address this live challenge.","end_timestamp":{"seconds":1691884200,"nanoseconds":0},"updated_timestamp":{"seconds":1690430820,"nanoseconds":0},"speakers":[{"content_ids":[51509],"conference_id":96,"event_ids":[51665],"name":"Kat Megas","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50614},{"content_ids":[51509,51514,51500],"conference_id":96,"event_ids":[51656,51670,51665],"name":"Peter Stephens","affiliations":[{"organization":"OECD","title":""}],"links":[],"pronouns":null,"media":[],"id":50630,"title":"OECD"}],"timeband_id":991,"end":"2023-08-12T23:50:00.000-0000","links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"id":51665,"begin_timestamp":{"seconds":1691881200,"nanoseconds":0},"tag_ids":[40310,45646,45743,45771],"village_id":null,"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":50614},{"tag_id":45632,"sort_order":1,"person_id":50630}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 221-222 - Policy Atrium","hotel":"","short_name":"Summit - 221-222 - Policy Atrium","id":45878},"spans_timebands":"N","begin":"2023-08-12T23:00:00.000-0000","updated":"2023-07-27T04:07:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"The Unlikely Romance: Critical Infrastructure Edition","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691883000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1690423020,"nanoseconds":0},"speakers":[{"content_ids":[51491,51515],"conference_id":96,"event_ids":[51647,51671],"name":"Casey Ellis","affiliations":[{"organization":"Disclose.io","title":""},{"organization":"Bugcrowd","title":""}],"links":[],"pronouns":null,"media":[],"id":50544,"title":"Bugcrowd"}],"timeband_id":991,"links":[],"end":"2023-08-12T23:30:00.000-0000","id":51647,"tag_ids":[40306,45645,45646,45743],"begin_timestamp":{"seconds":1691881200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50544}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 313-319 - ICS Village","hotel":"","short_name":"Alliance - 313-319 - ICS Village","id":45869},"spans_timebands":"N","begin":"2023-08-12T23:00:00.000-0000","updated":"2023-07-27T01:57:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Cybersecurity professionals spend an huge amount of time attempting to use a visual medium to communicate complicated concepts in a simple yet information-dense manner. However if you ask 10 analysts to map out the same incident, you'll get 10 divergent diagrams. In this presentation we present a method of leveling-up your cybersecurity-related arts and crafts skills: effectively diagramming incidents, threat reports, threat intel, and reporting to support full-spectrum ThreatOps.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"The Importance of Arts and Crafts in ThreatOps","android_description":"Cybersecurity professionals spend an huge amount of time attempting to use a visual medium to communicate complicated concepts in a simple yet information-dense manner. However if you ask 10 analysts to map out the same incident, you'll get 10 divergent diagrams. In this presentation we present a method of leveling-up your cybersecurity-related arts and crafts skills: effectively diagramming incidents, threat reports, threat intel, and reporting to support full-spectrum ThreatOps.","end_timestamp":{"seconds":1691884200,"nanoseconds":0},"updated_timestamp":{"seconds":1691375280,"nanoseconds":0},"speakers":[{"content_ids":[51472],"conference_id":96,"event_ids":[51628],"name":"Pete Hay","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50532}],"timeband_id":991,"links":[],"end":"2023-08-12T23:50:00.000-0000","id":51628,"village_id":null,"tag_ids":[40288,45645,45646,45743],"begin_timestamp":{"seconds":1691881200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50532}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 232-233 - Shared Stage","hotel":"","short_name":"Summit - 232-233 - Shared Stage","id":45900},"spans_timebands":"N","updated":"2023-08-07T02:28:00.000-0000","begin":"2023-08-12T23:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"No Starch Press - Book Signing - Fotios Chantzis, Paulino Calderon, & Beau Woods, Practical IoT Hacking","type":{"conference_id":96,"conference":"DEFCON31","color":"#2ec300","updated_at":"2024-06-07T03:38+0000","name":"Vendor Event","id":45769},"android_description":"","end_timestamp":{"seconds":1691884800,"nanoseconds":0},"updated_timestamp":{"seconds":1690416240,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T00:00:00.000-0000","id":51614,"village_id":null,"begin_timestamp":{"seconds":1691881200,"nanoseconds":0},"tag_ids":[45646,45743,45769,45770],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 305-306 - Vendors","hotel":"","short_name":"Alliance - 305-306 - Vendors","id":45866},"spans_timebands":"N","begin":"2023-08-12T23:00:00.000-0000","updated":"2023-07-27T00:04:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"A great way to meet other like-minded folk in this safe and inclusive environment. An informal meet-up of the lgbtqia+ community to network and unwind.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d1c366","updated_at":"2024-06-07T03:38+0000","name":"Meetup","id":45639},"title":"Queercon Mixers","android_description":"A great way to meet other like-minded folk in this safe and inclusive environment. An informal meet-up of the lgbtqia+ community to network and unwind.","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1690137840,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Twitter (@Queercon)","type":"link","url":"https://twitter.com/@Queercon"},{"label":"Discord","type":"link","url":"https://discord.com/invite/jeG6Bh5"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/244991"}],"end":"2023-08-13T01:00:00.000-0000","id":51567,"begin_timestamp":{"seconds":1691881200,"nanoseconds":0},"village_id":null,"tag_ids":[45639,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 129 - Chillout","hotel":"","short_name":"Forum - 129 - Chillout","id":45890},"updated":"2023-07-23T18:44:00.000-0000","begin":"2023-08-12T23:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Welcome to the Open Source Intelligence Skills Lab Challenge CTF! There are 3 challenge sets, each with their own challenges. As you progress through each set, the difficulty will progressively increase. Answering a \"flag\" correctly will net you points, with a maximum possible score of 560.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"OSINT Skills Lab Challenge","android_description":"Welcome to the Open Source Intelligence Skills Lab Challenge CTF! There are 3 challenge sets, each with their own challenges. As you progress through each set, the difficulty will progressively increase. Answering a \"flag\" correctly will net you points, with a maximum possible score of 560.","end_timestamp":{"seconds":1691884800,"nanoseconds":0},"updated_timestamp":{"seconds":1689358200,"nanoseconds":0},"speakers":[{"content_ids":[51075,51084],"conference_id":96,"event_ids":[51116,51145,51107,51146,51147,51148,51149],"name":"Lee McWhorter","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/tleemcjr"}],"pronouns":null,"media":[],"id":50269},{"content_ids":[51075,51084],"conference_id":96,"event_ids":[51116,51145,51107,51146,51147,51148,51149],"name":"Sandra Stibbards","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Camelotinv"}],"media":[],"id":50281}],"timeband_id":991,"links":[],"end":"2023-08-13T00:00:00.000-0000","id":51148,"tag_ids":[40294,45647,45719],"begin_timestamp":{"seconds":1691881200,"nanoseconds":0},"village_id":60,"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50269},{"tag_id":45633,"sort_order":1,"person_id":50281}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 3","hotel":"","short_name":"Area 3","id":45827},"spans_timebands":"N","begin":"2023-08-12T23:00:00.000-0000","updated":"2023-07-14T18:10:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Robust red team practices generate multiple findings gradually; defenders struggle to keep up with remediations and detections. All red team findings are critical, but if everything is a priority, then nothing is. Organizations cannot feasibly defend against all ATT&CK techniques. They have more findings than they can optimally assign resources to and focus on the critical ones; they need a system to help them make this task manageable. This Workshop introduces CRTFSS: A methodology to prioritize red team findings using adversary behaviors observed in real-world threat intelligence and mapped to the MITRE ATT&CK based on the most frequent TTPs that score each finding based on the complexity of remediation and exploitability.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"How to prioritize Red Team Findings? Presenting CRTFSS: Common Red Team Findings Score System Ver. 1.0","end_timestamp":{"seconds":1691884800,"nanoseconds":0},"android_description":"Robust red team practices generate multiple findings gradually; defenders struggle to keep up with remediations and detections. All red team findings are critical, but if everything is a priority, then nothing is. Organizations cannot feasibly defend against all ATT&CK techniques. They have more findings than they can optimally assign resources to and focus on the critical ones; they need a system to help them make this task manageable. This Workshop introduces CRTFSS: A methodology to prioritize red team findings using adversary behaviors observed in real-world threat intelligence and mapped to the MITRE ATT&CK based on the most frequent TTPs that score each finding based on the complexity of remediation and exploitability.","updated_timestamp":{"seconds":1689358320,"nanoseconds":0},"speakers":[{"content_ids":[51082],"conference_id":96,"event_ids":[51114,51137,51138],"name":"Guillermo Buendia","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/bym0m0"}],"media":[],"id":50264}],"timeband_id":991,"links":[],"end":"2023-08-13T00:00:00.000-0000","id":51137,"tag_ids":[40294,45647,45719],"begin_timestamp":{"seconds":1691881200,"nanoseconds":0},"village_id":60,"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50264}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 2","hotel":"","short_name":"Area 2","id":45826},"spans_timebands":"N","updated":"2023-07-14T18:12:00.000-0000","begin":"2023-08-12T23:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This workshop is intended for cybersecurity professionals, system administrators, software developers, and anyone interested in learning about the art of hacking web applications and API security. It is an immersive, hands-on experience that provides comprehensive knowledge about different web application and API vulnerabilities, and, most importantly, effective hacking methodologies.\n\n\n","title":"Hacking Web Apps and APIs with WebSploit Labs","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"android_description":"This workshop is intended for cybersecurity professionals, system administrators, software developers, and anyone interested in learning about the art of hacking web applications and API security. It is an immersive, hands-on experience that provides comprehensive knowledge about different web application and API vulnerabilities, and, most importantly, effective hacking methodologies.","end_timestamp":{"seconds":1691884800,"nanoseconds":0},"updated_timestamp":{"seconds":1689358260,"nanoseconds":0},"speakers":[{"content_ids":[51078,51080],"conference_id":96,"event_ids":[51110,51129,51112,51132,51133,51134,51135],"name":"Omar Santos","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/santosomar"}],"pronouns":null,"media":[],"id":50276}],"timeband_id":991,"links":[],"end":"2023-08-13T00:00:00.000-0000","id":51134,"begin_timestamp":{"seconds":1691881200,"nanoseconds":0},"village_id":60,"tag_ids":[40294,45647,45719],"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50276}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 4","hotel":"","short_name":"Area 4","id":45828},"updated":"2023-07-14T18:11:00.000-0000","begin":"2023-08-12T23:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Windows Active Directory authority and the MIT/Heimdal Kerberos stacks found on Linux/Unix based hosts often coexist in harmony within the same Kerberos realm. This talk and tool demonstration will show how this marriage is a match made in hell. Microsoft's Kerberos stack relies on non standard data to identify it's users. MIT/Heimdal Kerberos stacks do not support this non standard way of identifying users. We will look at how Active Directory configuration weaknesses can be abused to escalate privileges on *inux based hosts joined to the same Active Directory authority. This will also introduce an updated version of Rubeus to take advantage of some of these weaknesses.\r\n\r\n\r\nREFERENCES:\r\n* https://techcommunity.microsoft.com/t5/security-compliance-and-identity/sam-name-impersonation/ba-p/3042699\r\n* https://www.catalyst.net.nz/blog/stay-curious-dollar-ticket-security-issue\r\n* https://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html\r\n* https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-kile/6435d3fb-8cf6-4df5-a156-1277690ed59c\r\n\n\n\n","title":"A Broken Marriage: Abusing Mixed Vendor Kerberos Stacks","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"android_description":"The Windows Active Directory authority and the MIT/Heimdal Kerberos stacks found on Linux/Unix based hosts often coexist in harmony within the same Kerberos realm. This talk and tool demonstration will show how this marriage is a match made in hell. Microsoft's Kerberos stack relies on non standard data to identify it's users. MIT/Heimdal Kerberos stacks do not support this non standard way of identifying users. We will look at how Active Directory configuration weaknesses can be abused to escalate privileges on *inux based hosts joined to the same Active Directory authority. This will also introduce an updated version of Rubeus to take advantage of some of these weaknesses.\r\n\r\n\r\nREFERENCES:\r\n* https://techcommunity.microsoft.com/t5/security-compliance-and-identity/sam-name-impersonation/ba-p/3042699\r\n* https://www.catalyst.net.nz/blog/stay-curious-dollar-ticket-security-issue\r\n* https://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html\r\n* https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-kile/6435d3fb-8cf6-4df5-a156-1277690ed59c","end_timestamp":{"seconds":1691882400,"nanoseconds":0},"updated_timestamp":{"seconds":1687135560,"nanoseconds":0},"speakers":[{"content_ids":[50539],"conference_id":96,"event_ids":[50827],"name":"Ceri Coburn","affiliations":[{"organization":"Pen Test Partners","title":"Red Team Operator & Offensive Security Dev"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/_EthicalChaos_"},{"description":"","title":"Website","sort_order":0,"url":"https://ethicalchaos.dev/"}],"media":[],"id":49746,"title":"Red Team Operator & Offensive Security Dev at Pen Test Partners"}],"timeband_id":991,"end":"2023-08-12T23:20:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245708"}],"id":50827,"village_id":null,"tag_ids":[45589,45592,45630,45646,45766],"begin_timestamp":{"seconds":1691881200,"nanoseconds":0},"includes":"Demo 💻, Tool 🛠","people":[{"tag_id":45590,"sort_order":1,"person_id":49746}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 407-410 - Track 4","hotel":"","short_name":"Academy - 407-410 - Track 4","id":45799},"spans_timebands":"N","begin":"2023-08-12T23:00:00.000-0000","updated":"2023-06-19T00:46:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Android malware creators constantly struggle to devise innovative methods to obscure apps and impede reverse engineering. As numerous standard techniques have lost efficacy, I'll unveil the next frontier in Android obfuscation: runtime manipulation. Runtime manipulation alters standard application flow-of-control to bypass decompilers and emulators.\r\n\r\nIn this talk, I'll reveal my strategy for pinpointing manipulation targets in Android's source code. I will describe how I craft manipulators in native C++ once a suitable target has been located. This is accomplished by hooking Java methods via the Java Native Interface (JNI) and typecasting the handle to a C-style pointer. Runtime manipulation can entirely remove traces of ClassLoader calls which are unavoidable for standard Dalvik Executable (DEX) packing, but are also easily discovered and hooked. This technique also effectively breaks cross-reference calculations within all Android decompilers.\r\n\r\nI will demonstrate and equip attendees with a custom Android library for devices running Android 13, providing a new tool that enables runtime manipulation experimentation. In addition, I'll demonstrate my methodology for pinpointing Java targets and modifying their underlying native data structures.\r\n\r\nREFERENCES:\r\nhttps://security.csl.toronto.edu/wp-content/uploads/2018/06/mwong-usenixsec2018-tiro.pdf\r\n\r\nArtMethod hooking: https://github.com/PAGalaxyLab/YAHFA\r\nmCookie manipulation: https://github.com/woxihuannisja/Bangcle\r\nDexFile.java: https://cs.android.com/android/platform/superproject/+/master:libcore/dalvik/src/main/java/dalvik/system/DexFile.java\r\ndex_file.h: https://cs.android.com/android/platform/superproject/+/refs/heads/master:art/libdexfile/dex/dex_file.h\r\nart_method.h: https://cs.android.com/android/platform/superproject/+/master:art/runtime/art_method.h;bpv=0;bpt=0\r\nExecutable.java – contains artMethod field: https://cs.android.com/android/platform/superproject/+/master:libcore/ojluni/src/main/java/java/lang/reflect/Executable.java;l=582?q=artMethod&ss=android%2Fplatform%2Fsuperproject\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"title":"Runtime Riddles: Abusing Manipulation Points in the Android Source","android_description":"Android malware creators constantly struggle to devise innovative methods to obscure apps and impede reverse engineering. As numerous standard techniques have lost efficacy, I'll unveil the next frontier in Android obfuscation: runtime manipulation. Runtime manipulation alters standard application flow-of-control to bypass decompilers and emulators.\r\n\r\nIn this talk, I'll reveal my strategy for pinpointing manipulation targets in Android's source code. I will describe how I craft manipulators in native C++ once a suitable target has been located. This is accomplished by hooking Java methods via the Java Native Interface (JNI) and typecasting the handle to a C-style pointer. Runtime manipulation can entirely remove traces of ClassLoader calls which are unavoidable for standard Dalvik Executable (DEX) packing, but are also easily discovered and hooked. This technique also effectively breaks cross-reference calculations within all Android decompilers.\r\n\r\nI will demonstrate and equip attendees with a custom Android library for devices running Android 13, providing a new tool that enables runtime manipulation experimentation. In addition, I'll demonstrate my methodology for pinpointing Java targets and modifying their underlying native data structures.\r\n\r\nREFERENCES:\r\nhttps://security.csl.toronto.edu/wp-content/uploads/2018/06/mwong-usenixsec2018-tiro.pdf\r\n\r\nArtMethod hooking: https://github.com/PAGalaxyLab/YAHFA\r\nmCookie manipulation: https://github.com/woxihuannisja/Bangcle\r\nDexFile.java: https://cs.android.com/android/platform/superproject/+/master:libcore/dalvik/src/main/java/dalvik/system/DexFile.java\r\ndex_file.h: https://cs.android.com/android/platform/superproject/+/refs/heads/master:art/libdexfile/dex/dex_file.h\r\nart_method.h: https://cs.android.com/android/platform/superproject/+/master:art/runtime/art_method.h;bpv=0;bpt=0\r\nExecutable.java – contains artMethod field: https://cs.android.com/android/platform/superproject/+/master:libcore/ojluni/src/main/java/java/lang/reflect/Executable.java;l=582?q=artMethod&ss=android%2Fplatform%2Fsuperproject","end_timestamp":{"seconds":1691883900,"nanoseconds":0},"updated_timestamp":{"seconds":1688182080,"nanoseconds":0},"speakers":[{"content_ids":[50662],"conference_id":96,"event_ids":[50794],"name":"Laurie Kirk","affiliations":[{"organization":"Microsoft","title":"Security Researcher"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@LaurieWired"},{"description":"","title":"Website","sort_order":0,"url":"http://lauriewired.com/"},{"description":"","title":"YouTube","sort_order":0,"url":"https://www.youtube.com/@lauriewired"}],"pronouns":"she/her","media":[],"id":49955,"title":"Security Researcher at Microsoft"}],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246115"}],"end":"2023-08-12T23:45:00.000-0000","id":50794,"tag_ids":[45589,45592,45630,45646,45766],"village_id":null,"begin_timestamp":{"seconds":1691881200,"nanoseconds":0},"includes":"Demo 💻, Tool 🛠","people":[{"tag_id":45590,"sort_order":1,"person_id":49955}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"spans_timebands":"N","begin":"2023-08-12T23:00:00.000-0000","updated":"2023-07-01T03:28:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Finding Hidden Gems In Temporary Mail Services","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691882400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1689553080,"nanoseconds":0},"speakers":[{"content_ids":[51310],"conference_id":96,"event_ids":[51372],"name":"Berk Can Geyikci","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50456}],"timeband_id":991,"links":[],"end":"2023-08-12T23:20:00.000-0000","id":51372,"tag_ids":[40293,45645,45649,45743],"village_id":59,"begin_timestamp":{"seconds":1691880900,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50456}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social B and C - Recon Village","hotel":"","short_name":"Social B and C - Recon Village","id":45737},"begin":"2023-08-12T22:55:00.000-0000","updated":"2023-07-17T00:18:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":".\n\n\nJoin three of our seasoned (and sometimes crispy) Digital Forensics and Incident Response heavy hitters as they relay their tales from the front lines fighting against active threat actors, insider oopsies, and general misconfigurations. The catch? A holistic approach to security can involve lighting some fires of your own. The discussion will cover how the hot, hot flames of an incident touch everyone -- from C-levels to admins, intel to the red team. Come bask in the warm glow (while enjoying the cool Vegas AC), and be sure to stay for the Q & A!","title":"Arson Herders: An IR Guide to Fighting and Lighting Fires","type":{"conference_id":96,"conference":"DEFCON31","color":"#d653b1","updated_at":"2024-06-07T03:38+0000","name":"Village Panel","id":45771},"android_description":".\n\n\nJoin three of our seasoned (and sometimes crispy) Digital Forensics and Incident Response heavy hitters as they relay their tales from the front lines fighting against active threat actors, insider oopsies, and general misconfigurations. The catch? A holistic approach to security can involve lighting some fires of your own. The discussion will cover how the hot, hot flames of an incident touch everyone -- from C-levels to admins, intel to the red team. Come bask in the warm glow (while enjoying the cool Vegas AC), and be sure to stay for the Q & A!","end_timestamp":{"seconds":1691883900,"nanoseconds":0},"updated_timestamp":{"seconds":1691245140,"nanoseconds":0},"speakers":[{"content_ids":[52221],"conference_id":96,"event_ids":[52473],"name":"Matt \"dis0wn\" Wagenknecht","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51453},{"content_ids":[52221,52229],"conference_id":96,"event_ids":[52473,52479],"name":"Litmoose","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51456},{"content_ids":[52221],"conference_id":96,"event_ids":[52473],"name":"Unnamed user","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51466},{"content_ids":[52221],"conference_id":96,"event_ids":[52473],"name":"Tina \"Mugwump Jones\" Velez","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51479}],"timeband_id":991,"links":[],"end":"2023-08-12T23:45:00.000-0000","id":52473,"tag_ids":[40282,45647,45743,45771],"village_id":null,"begin_timestamp":{"seconds":1691880300,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51456},{"tag_id":45590,"sort_order":1,"person_id":51453},{"tag_id":45590,"sort_order":1,"person_id":51479},{"tag_id":45590,"sort_order":1,"person_id":51466}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45645,"name":"Flamingo - Sunset - Scenic - Blue Team Village - Main Stage","hotel":"","short_name":"BTV Main Stage","id":45969},"spans_timebands":"N","updated":"2023-08-05T14:19:00.000-0000","begin":"2023-08-12T22:45:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Finding complex vulnerabilities is important, but for companies, it can be more important to mitigate against vulnerabilities that are relatively less difficult to exploit.\r\n\r\nWe are going to discuss vulnerabilities exposed on the internet, that are easily missed but can have a big impact. We will talk about ways to identify front-end attack surfaces, the impact they can have, and methods for securing the endpoint of applications.\n\n\n","title":"Securing the Front Lines: Protecting Front-End Applications from Overlooked Vulnerabilities","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691883000,"nanoseconds":0},"android_description":"Finding complex vulnerabilities is important, but for companies, it can be more important to mitigate against vulnerabilities that are relatively less difficult to exploit.\r\n\r\nWe are going to discuss vulnerabilities exposed on the internet, that are easily missed but can have a big impact. We will talk about ways to identify front-end attack surfaces, the impact they can have, and methods for securing the endpoint of applications.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52124],"conference_id":96,"event_ids":[52345],"name":"Dohyeon Kim","affiliations":[],"pronouns":null,"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/dohyeon-kim-kr/"}],"media":[],"id":51334},{"content_ids":[52124],"conference_id":96,"event_ids":[52345],"name":"WooWon Kang","affiliations":[],"pronouns":null,"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/woowon-kang-72a31b173"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/wooeong337"}],"media":[],"id":51386}],"timeband_id":991,"links":[],"end":"2023-08-12T23:30:00.000-0000","id":52345,"village_id":null,"begin_timestamp":{"seconds":1691880300,"nanoseconds":0},"tag_ids":[40297,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51334},{"tag_id":45590,"sort_order":1,"person_id":51386}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Main Stage","hotel":"","short_name":"AppSec Village - Main Stage","id":45960},"spans_timebands":"N","updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-12T22:45:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The internet and modern technologies have changed the way the world works. They have made it easier to communicate, buy and sell things, and to scale your business. But, those benefits come at a cost. The cost of convenience is your privacy. Who else is benefiting from your sensitive data? Joe Schniebs has developed a training framework that analyzes risks related to our inadvertent digital identities and the stories our data patterns tell across the devices. In this talk, Joe delves into the mechanics of how we are perceived online, who uses our data, how it impacts society, and what this means for political outcomes. He further emphasizes what we can do to exercise choice in the data sharing economy, and shares some key tips and tricks to technically safeguarding your communications data. Joe is adamant in empowering users to reclaim their digital voices and believes that entities entrusted with our data must uphold higher standards of responsibility. In the meantime, the least you can do is protect your data output.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Influencing Voters Through Social Media, ADTECH, Big Data, and AI","end_timestamp":{"seconds":1691882100,"nanoseconds":0},"android_description":"The internet and modern technologies have changed the way the world works. They have made it easier to communicate, buy and sell things, and to scale your business. But, those benefits come at a cost. The cost of convenience is your privacy. Who else is benefiting from your sensitive data? Joe Schniebs has developed a training framework that analyzes risks related to our inadvertent digital identities and the stories our data patterns tell across the devices. In this talk, Joe delves into the mechanics of how we are perceived online, who uses our data, how it impacts society, and what this means for political outcomes. He further emphasizes what we can do to exercise choice in the data sharing economy, and shares some key tips and tricks to technically safeguarding your communications data. Joe is adamant in empowering users to reclaim their digital voices and believes that entities entrusted with our data must uphold higher standards of responsibility. In the meantime, the least you can do is protect your data output.","updated_timestamp":{"seconds":1691435100,"nanoseconds":0},"speakers":[{"content_ids":[52314,52328],"conference_id":96,"event_ids":[52598,52612],"name":"Joe Schniebes","affiliations":[],"links":[{"description":"","title":"Website","sort_order":0,"url":"https://www.ridgelineintl.com"}],"pronouns":null,"media":[],"id":51544}],"timeband_id":991,"links":[],"end":"2023-08-12T23:15:00.000-0000","id":52598,"tag_ids":[40298,45645,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691879700,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51544}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"begin":"2023-08-12T22:35:00.000-0000","updated":"2023-08-07T19:05:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Where is your PHI flowing? This talk provides a brief overview of hospital information systems, what goes into gender-inclusive care features, and how these features integrate across various systems in the HIS. This talk will explore a unique risk to transgender healthcare.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#74a6bb","name":"DEF CON Groups VR","id":45643},"title":"Gender Inclusive Features Across the Health Information System","android_description":"Where is your PHI flowing? This talk provides a brief overview of hospital information systems, what goes into gender-inclusive care features, and how these features integrate across various systems in the HIS. This talk will explore a unique risk to transgender healthcare.","end_timestamp":{"seconds":1691881500,"nanoseconds":0},"updated_timestamp":{"seconds":1691203080,"nanoseconds":0},"speakers":[{"content_ids":[52200],"conference_id":96,"event_ids":[52450],"name":"Squiddy","affiliations":[],"links":[{"description":"","title":"Mastodon (@teuthida@defcon.social)","sort_order":0,"url":"https://defcon.social/@teuthida"}],"pronouns":null,"media":[],"id":51443}],"timeband_id":991,"links":[{"label":"Join via DCGVR","type":"link","url":"https://dcgvr.org/join"},{"label":"Website","type":"link","url":"https://dcgvr.org/"}],"end":"2023-08-12T23:05:00.000-0000","id":52450,"tag_ids":[45643,45744],"begin_timestamp":{"seconds":1691879700,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51443}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45749},"spans_timebands":"N","begin":"2023-08-12T22:35:00.000-0000","updated":"2023-08-05T02:38:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Trace Labs Search Party CTF is a non theoretical, gamified effort that allows for the crowdsourcing of contestants to perform a single task: Conduct open source intelligence operations to help find missing persons.\r\n\r\nYou can have teams of 1-4 people, 4 person teams provide many benefits which include the coaching of more junior members. Often a great learning opportunity if you are able to pair up with OSINT veterans. Get your team together and join us in our [Discord group](https://tracelabs.org/discord) to get started.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"Trace Labs OSINT Search Party CTF - Announce CTF Grand Prize Winners","end_timestamp":{"seconds":1691879400,"nanoseconds":0},"android_description":"The Trace Labs Search Party CTF is a non theoretical, gamified effort that allows for the crowdsourcing of contestants to perform a single task: Conduct open source intelligence operations to help find missing persons.\r\n\r\nYou can have teams of 1-4 people, 4 person teams provide many benefits which include the coaching of more junior members. Often a great learning opportunity if you are able to pair up with OSINT veterans. Get your team together and join us in our [Discord group](https://tracelabs.org/discord) to get started.","updated_timestamp":{"seconds":1691512740,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-12T22:30:00.000-0000","id":52650,"village_id":null,"begin_timestamp":{"seconds":1691879400,"nanoseconds":0},"tag_ids":[45635,45646,45766],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"begin":"2023-08-12T22:30:00.000-0000","updated":"2023-08-08T16:39:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This panel is a comprehensive overview on the most pressing threats to public confidence in 2024 election outcomes. The panel is intended to answer questions such as, “What threats since 2020 still remain? How have they evolved? What new threats have emerged that were not present before? And how might the 2024 elections face challenges different from the past? What should voters, election officials, journalists and tech platforms be paying attention to?” The panel will address infrastructure foundations in election administration (election officials; voting technology);  foreign threats; the disinformation ecosystem; and new technologies such as generative AI.\n\n\n","title":"2024 Election Threat Landscape","type":{"conference_id":96,"conference":"DEFCON31","color":"#d653b1","updated_at":"2024-06-07T03:38+0000","name":"Village Panel","id":45771},"end_timestamp":{"seconds":1691882400,"nanoseconds":0},"android_description":"This panel is a comprehensive overview on the most pressing threats to public confidence in 2024 election outcomes. The panel is intended to answer questions such as, “What threats since 2020 still remain? How have they evolved? What new threats have emerged that were not present before? And how might the 2024 elections face challenges different from the past? What should voters, election officials, journalists and tech platforms be paying attention to?” The panel will address infrastructure foundations in election administration (election officials; voting technology);  foreign threats; the disinformation ecosystem; and new technologies such as generative AI.","updated_timestamp":{"seconds":1691435580,"nanoseconds":0},"speakers":[{"content_ids":[52329,52334,52337],"conference_id":96,"event_ids":[52613,52618,52621,52622],"name":"Catherine Terranova","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/catherine-terranova-8b209826a"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/catlovesvoting"},{"description":"","title":"Village Website","sort_order":0,"url":"https://votingvillage.org"}],"pronouns":null,"media":[],"id":51533},{"content_ids":[52329,52332],"conference_id":96,"event_ids":[52613,52616],"name":"Hallie Stern","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/halliejstern"}],"media":[],"id":51541},{"content_ids":[52329],"conference_id":96,"event_ids":[52613],"name":"Rebecca Scott Thein","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/bex-ecutor"}],"media":[],"id":51554},{"content_ids":[52329,52334],"conference_id":96,"event_ids":[52613,52618],"name":"Sandra Khalil","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/khalilsandra"}],"pronouns":null,"media":[],"id":51555},{"content_ids":[52329],"conference_id":96,"event_ids":[52613],"name":"Sarah Amos","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/sarah3amos"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/sarah3amos"}],"pronouns":null,"media":[],"id":51556}],"timeband_id":991,"links":[],"end":"2023-08-12T23:20:00.000-0000","id":52613,"begin_timestamp":{"seconds":1691879400,"nanoseconds":0},"tag_ids":[40298,45646,45743,45771],"village_id":null,"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51533},{"tag_id":45632,"sort_order":1,"person_id":51541},{"tag_id":45632,"sort_order":1,"person_id":51554},{"tag_id":45632,"sort_order":1,"person_id":51555},{"tag_id":45632,"sort_order":1,"person_id":51556}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"begin":"2023-08-12T22:30:00.000-0000","updated":"2023-08-07T19:13:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In April 2023, Sarah Bils was revealed to be one of the main people behind the DonbassDevushka social media \"personality\", posting pro-Russian propaganda to a variety of social media accounts since 2014. One of the main accounts, the PeImeniPusha Twitter account has been active since 2015. Ms. Bils has claimed that there was a team of at least a dozen people responsible for the Donbass Devushka personality. I have leveraged a number of open source tools, along with original methodology and tools, to analyze data collected from the PeImeniPusha Twitter account and several other sources. Primary areas of research and analysis have included identification of authorship clusters, as well as analysis of changes to content posted, with a focus on identifying changes to account content that are linked to current events, such as the Russian invasion of Ukraine. In this session, I will share the results of this research and analysis for the first time, and will include an exploration of methodologies used (including successes and failures) and a discussion of applications of this work to the analysis of other disinformation actors.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"IVY HAUL: A Computational Linguistics Analysis of a Disinformation Actor","end_timestamp":{"seconds":1691883000,"nanoseconds":0},"android_description":"In April 2023, Sarah Bils was revealed to be one of the main people behind the DonbassDevushka social media \"personality\", posting pro-Russian propaganda to a variety of social media accounts since 2014. One of the main accounts, the PeImeniPusha Twitter account has been active since 2015. Ms. Bils has claimed that there was a team of at least a dozen people responsible for the Donbass Devushka personality. I have leveraged a number of open source tools, along with original methodology and tools, to analyze data collected from the PeImeniPusha Twitter account and several other sources. Primary areas of research and analysis have included identification of authorship clusters, as well as analysis of changes to content posted, with a focus on identifying changes to account content that are linked to current events, such as the Russian invasion of Ukraine. In this session, I will share the results of this research and analysis for the first time, and will include an exploration of methodologies used (including successes and failures) and a discussion of applications of this work to the analysis of other disinformation actors.","updated_timestamp":{"seconds":1691284500,"nanoseconds":0},"speakers":[{"content_ids":[52229,52272],"conference_id":96,"event_ids":[52536,52479],"name":"Shea Nangle","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51463}],"timeband_id":991,"links":[],"end":"2023-08-12T23:30:00.000-0000","id":52536,"village_id":null,"tag_ids":[40305,45645,45646,45743],"begin_timestamp":{"seconds":1691879400,"nanoseconds":0},"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51463}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 224 - Misinfo Village","hotel":"","short_name":"Summit - 224 - Misinfo Village","id":45856},"begin":"2023-08-12T22:30:00.000-0000","updated":"2023-08-06T01:15:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In January 2023, Attack Research was invited to perform an on-wing penetration test of a Boeing 737NG that was being decommissioned. Come, listen, and be taken on a journey through this little-explored realm of aviation security. Discover some of our secrets from the decades of combined experience working on in-flight entertainment systems and various aircraft as well as the reasons why airlines and OEMs are urged to open their minds to external expertise and embrace the insights presented.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Wingin' It - Pentesting a 737","android_description":"In January 2023, Attack Research was invited to perform an on-wing penetration test of a Boeing 737NG that was being decommissioned. Come, listen, and be taken on a journey through this little-explored realm of aviation security. Discover some of our secrets from the decades of combined experience working on in-flight entertainment systems and various aircraft as well as the reasons why airlines and OEMs are urged to open their minds to external expertise and embrace the insights presented.","end_timestamp":{"seconds":1691882400,"nanoseconds":0},"updated_timestamp":{"seconds":1691101380,"nanoseconds":0},"speakers":[{"content_ids":[52162],"conference_id":96,"event_ids":[52392],"name":"Alexander Dodd","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51403}],"timeband_id":991,"links":[],"end":"2023-08-12T23:20:00.000-0000","id":52392,"begin_timestamp":{"seconds":1691879400,"nanoseconds":0},"village_id":null,"tag_ids":[40280,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51403}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"spans_timebands":"N","updated":"2023-08-03T22:23:00.000-0000","begin":"2023-08-12T22:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In this presentation, we unpack various prompt injection and hijacking techniques in the context of the Hackaprompt 2023 competition, the world’s first prompt injection/hacking competition. Starting from exploiting AI's ignorance in simple prompt injections to evading catch-all defenses in task-oriented attacks, we explore complex techniques like output manipulation, input filtering, and password leak exploits. Further, we delve into dictionary attacks and gaslighting AI models, manipulations of proxy prompts, formatting strategies, and maneuvering past redundant defenses. The talk culminates in tackling the challenge of 'Slash Hell', where we exploit max token limits and prompt language models to interpret hidden meanings, thus emphasizing the need for robust AI defense mechanisms and ongoing AI education.\n\n\n","title":"Hackaprompt 2023: Trials and Tribulations","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691880900,"nanoseconds":0},"android_description":"In this presentation, we unpack various prompt injection and hijacking techniques in the context of the Hackaprompt 2023 competition, the world’s first prompt injection/hacking competition. Starting from exploiting AI's ignorance in simple prompt injections to evading catch-all defenses in task-oriented attacks, we explore complex techniques like output manipulation, input filtering, and password leak exploits. Further, we delve into dictionary attacks and gaslighting AI models, manipulations of proxy prompts, formatting strategies, and maneuvering past redundant defenses. The talk culminates in tackling the challenge of 'Slash Hell', where we exploit max token limits and prompt language models to interpret hidden meanings, thus emphasizing the need for robust AI defense mechanisms and ongoing AI education.","updated_timestamp":{"seconds":1691031480,"nanoseconds":0},"speakers":[{"content_ids":[52059],"conference_id":96,"event_ids":[52278],"name":"Kenneth Yeung","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51285}],"timeband_id":991,"links":[],"end":"2023-08-12T22:55:00.000-0000","id":52278,"village_id":null,"tag_ids":[40299,45645,45646,45743],"begin_timestamp":{"seconds":1691879400,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51285}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 401-406 - AI Village","hotel":"","short_name":"Academy - 401-406 - AI Village","id":45870},"spans_timebands":"N","updated":"2023-08-03T02:58:00.000-0000","begin":"2023-08-12T22:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Improving the Speed of Cybersecurity: Seven Cyber Metrics for Maritime Owners and Operators","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691881200,"nanoseconds":0},"updated_timestamp":{"seconds":1690423020,"nanoseconds":0},"speakers":[{"content_ids":[51490],"conference_id":96,"event_ids":[51646],"name":"Tyson Meadors","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50568}],"timeband_id":991,"links":[],"end":"2023-08-12T23:00:00.000-0000","id":51646,"tag_ids":[40306,45645,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691879400,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50568}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 313-319 - ICS Village","hotel":"","short_name":"Alliance - 313-319 - ICS Village","id":45869},"spans_timebands":"N","updated":"2023-07-27T01:57:00.000-0000","begin":"2023-08-12T22:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This paper presents a novel methodology that combines red team and blue team exercises to enhance cybersecurity resilience in the Brazilian healthcare sector. The methodology is designed to go beyond the traditional roles of red teams and blue teams. It incorporates threat injection exercises with a newly created prioritization method, training the Red Team to assist the CSIRT in responding to incidents and creating a new role for the Red Team. Additionally, a new technique called Offensive Intel monitors the threat landscape of competitors and provides insights on how to protect our own landscape. The methodology also incorporates techniques to deal with VIP patient data and policies to control staff curiosity. Some real-life use cases will be presented to evidence the effectiveness of the methodology. One such use case involved an almost successful attempt to destroy medical equipment during a penetration testing exercise and how to not do it again. Another one presents vulnerabilities identified in air conditioning controllers, EMR systems, and exam results systems that are used in the entire country. And two incidents that were successfully contained with the help of threat injection and offensive intel. The methodology's effectiveness also led to the inference of the Brazilian TOP 10 Vulnerabilities in the Healthcare Sector, based on findings across systems used throughout the country. The list provides insights into the most critical vulnerabilities facing healthcare institutions in Brazil and will be presented at the conference. The vulnerabilities were categorized by the degree of harm they can inflict on patients and the impact on healthcare services. The methodology's results also drove to the development of a tool that assists other cybersecurity teams in conducting safe red and blue team exercises in the healthcare sector. The tool augments cybersecurity resilience by improving the capabilities of CSIRT and threat intel teams and is valuable to other cybersecurity professionals in the industry. In conclusion, the novel methodology provides a unique approach to enhancing cybersecurity resilience in the Brazilian healthcare sector. The incorporation of threat injection exercises, Offensive Intel, and a new role for the Red Team offers a comprehensive and effective approach that goes beyond traditional red team exercises. The methodology and tool can be replicated and the approach's effectiveness has been demonstrated through real-life use cases and the creation of the TOP 10 Vulnerabilities in the Healthcare Sector in Brazil. By adopting this methodology, healthcare institutions in Brazil and around the world can better protect patient data and improve cybersecurity resilience.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Enhancing Cybersecurity Resilience in the Brazilian Healthcare Sector: A Novel Red Team and Blue Team Methodology","android_description":"This paper presents a novel methodology that combines red team and blue team exercises to enhance cybersecurity resilience in the Brazilian healthcare sector. The methodology is designed to go beyond the traditional roles of red teams and blue teams. It incorporates threat injection exercises with a newly created prioritization method, training the Red Team to assist the CSIRT in responding to incidents and creating a new role for the Red Team. Additionally, a new technique called Offensive Intel monitors the threat landscape of competitors and provides insights on how to protect our own landscape. The methodology also incorporates techniques to deal with VIP patient data and policies to control staff curiosity. Some real-life use cases will be presented to evidence the effectiveness of the methodology. One such use case involved an almost successful attempt to destroy medical equipment during a penetration testing exercise and how to not do it again. Another one presents vulnerabilities identified in air conditioning controllers, EMR systems, and exam results systems that are used in the entire country. And two incidents that were successfully contained with the help of threat injection and offensive intel. The methodology's effectiveness also led to the inference of the Brazilian TOP 10 Vulnerabilities in the Healthcare Sector, based on findings across systems used throughout the country. The list provides insights into the most critical vulnerabilities facing healthcare institutions in Brazil and will be presented at the conference. The vulnerabilities were categorized by the degree of harm they can inflict on patients and the impact on healthcare services. The methodology's results also drove to the development of a tool that assists other cybersecurity teams in conducting safe red and blue team exercises in the healthcare sector. The tool augments cybersecurity resilience by improving the capabilities of CSIRT and threat intel teams and is valuable to other cybersecurity professionals in the industry. In conclusion, the novel methodology provides a unique approach to enhancing cybersecurity resilience in the Brazilian healthcare sector. The incorporation of threat injection exercises, Offensive Intel, and a new role for the Red Team offers a comprehensive and effective approach that goes beyond traditional red team exercises. The methodology and tool can be replicated and the approach's effectiveness has been demonstrated through real-life use cases and the creation of the TOP 10 Vulnerabilities in the Healthcare Sector in Brazil. By adopting this methodology, healthcare institutions in Brazil and around the world can better protect patient data and improve cybersecurity resilience.","end_timestamp":{"seconds":1691881800,"nanoseconds":0},"updated_timestamp":{"seconds":1689117300,"nanoseconds":0},"speakers":[{"content_ids":[51053],"conference_id":96,"event_ids":[51085],"name":"Arthur Paixão","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50236},{"content_ids":[51053],"conference_id":96,"event_ids":[51085],"name":"Diego Mariano","affiliations":[{"organization":"Albert Einstein Hospital","title":"CISO"}],"links":[],"pronouns":null,"media":[],"id":50237,"title":"CISO at Albert Einstein Hospital"}],"timeband_id":991,"links":[],"end":"2023-08-12T23:10:00.000-0000","id":51085,"village_id":68,"tag_ids":[45645,45647,45717],"begin_timestamp":{"seconds":1691879400,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50236},{"tag_id":45590,"sort_order":1,"person_id":50237}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Laughlin I,II,III - Biohacking Village","hotel":"","short_name":"Laughlin I,II,III - Biohacking Village","id":45663},"begin":"2023-08-12T22:30:00.000-0000","updated":"2023-07-11T23:15:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Chromium is not only the most popular browser in the world but also one of the most widely integrated supply chain components. Nowadays, a large number of popular software is built on frameworks based on Chromium, such as CEF and Electron. This means that vulnerabilities in Chromium will directly affect popular software. In addition, according to Google's vulnerability disclosure policy, most of the details of Chromium vulnerabilities will be publicly disclosed 14 weeks after being fixed, and many of these vulnerabilities are high-impact and may lead to RCE. Unfortunately, we have found that much downstream software is unable to timely fix the Chromium vulnerabilities. This creates a window of opportunity for attackers to carry out RCE attacks on popular software. The cost for attackers to exploit these vulnerabilities during this window is relatively low, as it falls between the time of the Chromium vulnerability disclosure and the completion of fixes for popular software. We refer to this window as the \"RCE window period\".\r\n\r\nIn this topic, we will first evaluate the \"RCE window period\" of more than 20 popular software. In the upcoming section, we will showcase how to transform Chromium nday vulnerabilities into popular software 0day vulnerabilities in a low-cost manner within the \"RCE window period\". To illustrate this process, we will use over 10 RCE 0day vulnerabilities in popular software that we have discovered as examples. Some software will attempt to enable sandbox to mitigate this problem, so we will also provide examples of how to bypass the sandbox by exploiting vulnerabilities in the software itself rather than a Chromium sandbox bug.\r\n\r\nFinally, we will discuss the reasons for the existence of the RCE window period and the lessons learned from it, hoping to help software developers improve the security of their products.\r\n\r\nREFERENCES:\r\n\r\n[1] https://googleprojectzero.blogspot.com/2022/06/2022-0-day-in-wild-exploitationso-far.html\r\n[2] https://bugs.chromium.org/p/chromium/issues/list?q=Type%3DBug-Security&can=2\r\n[3] https://bitbucket.org/chromiumembedded/cef/wiki/GeneralUsage\r\n[4] https://www.electronjs.org/docs/latest/\r\n[5] https://media.defcon.org/DEF%20CON%2027/DEF%20CON%2027%20presentations/DEFCON-27-Junyu-Zhou-and-Ce-Qin-and-Jianing-Wang-Web2Own-Attacking-Desktop-Apps-From-Web-Securitys-Perspective.pdf\r\n[6] https://i.blackhat.com/USA-22/Thursday/US-22-Purani-ElectroVolt-Pwning-Popular-Desktop-Apps.pdf\r\n[7] https://plugins.jetbrains.com/docs/intellij/jcef.html\r\n[8] https://medium.com/@ethicalkid/recent-burp-rce-zeroday-df39b1b24230\r\n[9] https://crbug.com/1307610\r\n[10] https://cs.android.com/android/platform/superproject/+/master:external/selinux/libselinux/src/android/android_seapp.c\r\n[11] https://security.googleblog.com/2021/07/protecting-more-with-site-isolation.html\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"title":"ndays are also 0days: Can hackers launch 0day RCE attack on popular softwares only with chromium ndays?","end_timestamp":{"seconds":1691882100,"nanoseconds":0},"android_description":"Chromium is not only the most popular browser in the world but also one of the most widely integrated supply chain components. Nowadays, a large number of popular software is built on frameworks based on Chromium, such as CEF and Electron. This means that vulnerabilities in Chromium will directly affect popular software. In addition, according to Google's vulnerability disclosure policy, most of the details of Chromium vulnerabilities will be publicly disclosed 14 weeks after being fixed, and many of these vulnerabilities are high-impact and may lead to RCE. Unfortunately, we have found that much downstream software is unable to timely fix the Chromium vulnerabilities. This creates a window of opportunity for attackers to carry out RCE attacks on popular software. The cost for attackers to exploit these vulnerabilities during this window is relatively low, as it falls between the time of the Chromium vulnerability disclosure and the completion of fixes for popular software. We refer to this window as the \"RCE window period\".\r\n\r\nIn this topic, we will first evaluate the \"RCE window period\" of more than 20 popular software. In the upcoming section, we will showcase how to transform Chromium nday vulnerabilities into popular software 0day vulnerabilities in a low-cost manner within the \"RCE window period\". To illustrate this process, we will use over 10 RCE 0day vulnerabilities in popular software that we have discovered as examples. Some software will attempt to enable sandbox to mitigate this problem, so we will also provide examples of how to bypass the sandbox by exploiting vulnerabilities in the software itself rather than a Chromium sandbox bug.\r\n\r\nFinally, we will discuss the reasons for the existence of the RCE window period and the lessons learned from it, hoping to help software developers improve the security of their products.\r\n\r\nREFERENCES:\r\n\r\n[1] https://googleprojectzero.blogspot.com/2022/06/2022-0-day-in-wild-exploitationso-far.html\r\n[2] https://bugs.chromium.org/p/chromium/issues/list?q=Type%3DBug-Security&can=2\r\n[3] https://bitbucket.org/chromiumembedded/cef/wiki/GeneralUsage\r\n[4] https://www.electronjs.org/docs/latest/\r\n[5] https://media.defcon.org/DEF%20CON%2027/DEF%20CON%2027%20presentations/DEFCON-27-Junyu-Zhou-and-Ce-Qin-and-Jianing-Wang-Web2Own-Attacking-Desktop-Apps-From-Web-Securitys-Perspective.pdf\r\n[6] https://i.blackhat.com/USA-22/Thursday/US-22-Purani-ElectroVolt-Pwning-Popular-Desktop-Apps.pdf\r\n[7] https://plugins.jetbrains.com/docs/intellij/jcef.html\r\n[8] https://medium.com/@ethicalkid/recent-burp-rce-zeroday-df39b1b24230\r\n[9] https://crbug.com/1307610\r\n[10] https://cs.android.com/android/platform/superproject/+/master:external/selinux/libselinux/src/android/android_seapp.c\r\n[11] https://security.googleblog.com/2021/07/protecting-more-with-site-isolation.html","updated_timestamp":{"seconds":1688180640,"nanoseconds":0},"speakers":[{"content_ids":[50654],"conference_id":96,"event_ids":[50821],"name":"Bohan Liu","affiliations":[{"organization":"Tencent Security Xuanwu Lab","title":"Senior Security Researcher"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@P4nda20371774"}],"media":[],"id":49941,"title":"Senior Security Researcher at Tencent Security Xuanwu Lab"},{"content_ids":[50654],"conference_id":96,"event_ids":[50821],"name":"GuanCheng Li","affiliations":[{"organization":"Tencent Security Xuanwu Lab","title":"Senior Security Researcher"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@atuml1"}],"media":[],"id":49942,"title":"Senior Security Researcher at Tencent Security Xuanwu Lab"},{"content_ids":[50654],"conference_id":96,"event_ids":[50821],"name":"Zheng Wang","affiliations":[{"organization":"Tencent Security Xuanwu Lab","title":"Senior Security Researcher"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@xmzyshypnc"}],"pronouns":null,"media":[],"id":49943,"title":"Senior Security Researcher at Tencent Security Xuanwu Lab"}],"timeband_id":991,"end":"2023-08-12T23:15:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246107"}],"id":50821,"tag_ids":[45589,45592,45629,45646,45766],"begin_timestamp":{"seconds":1691879400,"nanoseconds":0},"village_id":null,"includes":"Exploit 🪲, Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49941},{"tag_id":45590,"sort_order":1,"person_id":49942},{"tag_id":45590,"sort_order":1,"person_id":49943}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 130-134 - Track 3","hotel":"","short_name":"Forum - 130-134 - Track 3","id":45798},"spans_timebands":"N","updated":"2023-07-01T03:04:00.000-0000","begin":"2023-08-12T22:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Baseboard Management Controller (BMC) is a specialized microcontroller embedded on the motherboard, typically used in servers and other enterprise-level hardware. The security of the BMC is critical to the overall security of the system, as it provides a privileged level of access and control over the hardware components of the system, including the ability to perform firmware updates, and even power the system on and off remotely. \r\n \r\nWhen the internal offensive security research team was analyzing one of the NVIDIA hardware, they detected several remotely exploitable bugs in AMI MegaRAC BMC. Moreover, various elevations of privileges and \"change of scope\" bugs have been identified, many of which may be chained together resulting in a highest severity security issue. During this talk we would like to take you on the journey of the whole attack sequence: from having zero knowledge about a remote AMI BMC with enabled IPMI (yeah, right) to flashing a persistent firmware implant to the server SPI flash. The chain will be about a dozen bugs long, so buckle up. \r\n \r\nREFERENCES:\r\n\r\n* Dan Farmer \"File under... et tu, ipmi 2.0 specification?\" http://fish2.com/ipmi/remote-pw-cracking.html\r\n* Waisman, Soler \"The Unbearable Lightness of BMC\" https://i.blackhat.com/us-18/Wed-August-8/us-18-Waisman-Soler-The-Unbearable-Lightness-of-BMC.pdf\r\n* Eclypsium, Inc. \"Vulnerable firmware in the supply chain of enterprise servers\" https://eclypsium.com/wp-content/uploads/2019/07/Vulnerable-Firmware-in-the-Supply-Chain.pdf\r\n* Eclypsium, Inc. \"Quanta Servers (Still) Vulnerable to Pantsdown\" https://eclypsium.com/2022/05/26/quanta-servers-still-vulnerable-to-pantsdown/\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"title":"Breaking BMC: The Forgotten Key to the Kingdom","end_timestamp":{"seconds":1691882100,"nanoseconds":0},"android_description":"The Baseboard Management Controller (BMC) is a specialized microcontroller embedded on the motherboard, typically used in servers and other enterprise-level hardware. The security of the BMC is critical to the overall security of the system, as it provides a privileged level of access and control over the hardware components of the system, including the ability to perform firmware updates, and even power the system on and off remotely. \r\n \r\nWhen the internal offensive security research team was analyzing one of the NVIDIA hardware, they detected several remotely exploitable bugs in AMI MegaRAC BMC. Moreover, various elevations of privileges and \"change of scope\" bugs have been identified, many of which may be chained together resulting in a highest severity security issue. During this talk we would like to take you on the journey of the whole attack sequence: from having zero knowledge about a remote AMI BMC with enabled IPMI (yeah, right) to flashing a persistent firmware implant to the server SPI flash. The chain will be about a dozen bugs long, so buckle up. \r\n \r\nREFERENCES:\r\n\r\n* Dan Farmer \"File under... et tu, ipmi 2.0 specification?\" http://fish2.com/ipmi/remote-pw-cracking.html\r\n* Waisman, Soler \"The Unbearable Lightness of BMC\" https://i.blackhat.com/us-18/Wed-August-8/us-18-Waisman-Soler-The-Unbearable-Lightness-of-BMC.pdf\r\n* Eclypsium, Inc. \"Vulnerable firmware in the supply chain of enterprise servers\" https://eclypsium.com/wp-content/uploads/2019/07/Vulnerable-Firmware-in-the-Supply-Chain.pdf\r\n* Eclypsium, Inc. \"Quanta Servers (Still) Vulnerable to Pantsdown\" https://eclypsium.com/2022/05/26/quanta-servers-still-vulnerable-to-pantsdown/","updated_timestamp":{"seconds":1687135980,"nanoseconds":0},"speakers":[{"content_ids":[50545],"conference_id":96,"event_ids":[50762],"name":"Alex Tereshkin","affiliations":[{"organization":"NVIDIA","title":"Principal System Software Engineer (Offensive Security)"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/AlexTereshkin"}],"media":[],"id":49753,"title":"Principal System Software Engineer (Offensive Security) at NVIDIA"},{"content_ids":[50545],"conference_id":96,"event_ids":[50762],"name":"Adam Zabrocki","affiliations":[{"organization":"NVIDIA","title":"Distinguished Engineer (Offensive Security)"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Adam_pi3"},{"description":"","title":"Website","sort_order":0,"url":"http://pi3.com.pl"}],"media":[],"id":49754,"title":"Distinguished Engineer (Offensive Security) at NVIDIA"}],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245714"}],"end":"2023-08-12T23:15:00.000-0000","id":50762,"tag_ids":[45589,45592,45646,45766],"begin_timestamp":{"seconds":1691879400,"nanoseconds":0},"village_id":null,"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49754},{"tag_id":45590,"sort_order":1,"person_id":49753}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 105,135,136 - Track 1","hotel":"","short_name":"Forum - 105,135,136 - Track 1","id":45796},"begin":"2023-08-12T22:30:00.000-0000","updated":"2023-06-19T00:53:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Unlocking the Power of OWASP Amass: Introducing the Open Asset Model for Comprehensive Attack Surface Mapping","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691880900,"nanoseconds":0},"updated_timestamp":{"seconds":1689553020,"nanoseconds":0},"speakers":[{"content_ids":[51077,51309],"conference_id":96,"event_ids":[51109,51159,51371],"name":"Jeff Foley","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jeff_foley"}],"pronouns":null,"media":[],"id":50267}],"timeband_id":991,"links":[],"end":"2023-08-12T22:55:00.000-0000","id":51371,"tag_ids":[40293,45645,45649,45743],"begin_timestamp":{"seconds":1691878200,"nanoseconds":0},"village_id":59,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50267}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social B and C - Recon Village","hotel":"","short_name":"Social B and C - Recon Village","id":45737},"spans_timebands":"N","begin":"2023-08-12T22:10:00.000-0000","updated":"2023-07-17T00:17:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Join us on the rooftop hangout at the flamingo as we set up and operate a protable HF radio rig!\n\n\n","title":"HF Radio Demonstration","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691883000,"nanoseconds":0},"android_description":"Join us on the rooftop hangout at the flamingo as we set up and operate a protable HF radio rig!","updated_timestamp":{"seconds":1691782800,"nanoseconds":0},"speakers":[{"content_ids":[52406],"conference_id":96,"event_ids":[52710,52701],"name":"KitKat","affiliations":[],"links":[{"description":"","title":"Mastodon (@kitkat@defcon.social)","sort_order":0,"url":"https://defcon.social/@kitkat"}],"pronouns":null,"media":[],"id":51627}],"timeband_id":991,"links":[],"end":"2023-08-12T23:30:00.000-0000","id":52710,"village_id":null,"tag_ids":[40286,45743,45775],"begin_timestamp":{"seconds":1691877600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51627}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Virginia City - Ham Radio Village","hotel":"","short_name":"Virginia City - Ham Radio Village","id":45724},"updated":"2023-08-11T19:40:00.000-0000","begin":"2023-08-12T22:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"\n\n\n","title":"Misinformation As A Service: Social Engineering techniques applied in service contexts.","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691879400,"nanoseconds":0},"updated_timestamp":{"seconds":1691284500,"nanoseconds":0},"speakers":[{"content_ids":[52271],"conference_id":96,"event_ids":[52535],"name":"Daniel Isler","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51499}],"timeband_id":991,"links":[],"end":"2023-08-12T22:30:00.000-0000","id":52535,"village_id":null,"tag_ids":[40305,45645,45646,45743],"begin_timestamp":{"seconds":1691877600,"nanoseconds":0},"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51499}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 224 - Misinfo Village","hotel":"","short_name":"Summit - 224 - Misinfo Village","id":45856},"updated":"2023-08-06T01:15:00.000-0000","begin":"2023-08-12T22:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"GPS Jamming and Anti-Jamming\r\nHow to modify GPS antennas to reduce jammer signals\r\nDirection Finding\r\nSome results for the Ukraine on DF'ing on GPS hammers.\r\nMight include DFing on artillery counterfire Radars\r\nQuick overview of general RF monitoring\r\nSome history of Code Breaking\r\nSchematics of an Enigma and the Polish Spread Sheets of find the set up.\r\nCommon setups (Enigma had a 6 letter setup, Brits quickly found HITLER BERLIN LONDON would decode many messages)\r\nOn to Lorenz 12 rotor machine for teletype machines\r\nCOLOSSUS The first programmable computer ENIAC was not num 1, it was number 11!\r\nUsed to find the Key to a Lorenz message.\r\nHistory books are wrong because after WWII Colossus worked against US and Soviet code machines. Secret until the 1970's\r\n\r\nMay need to tweak this for the list.\n\n\n","title":"Antennas","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691878800,"nanoseconds":0},"android_description":"GPS Jamming and Anti-Jamming\r\nHow to modify GPS antennas to reduce jammer signals\r\nDirection Finding\r\nSome results for the Ukraine on DF'ing on GPS hammers.\r\nMight include DFing on artillery counterfire Radars\r\nQuick overview of general RF monitoring\r\nSome history of Code Breaking\r\nSchematics of an Enigma and the Polish Spread Sheets of find the set up.\r\nCommon setups (Enigma had a 6 letter setup, Brits quickly found HITLER BERLIN LONDON would decode many messages)\r\nOn to Lorenz 12 rotor machine for teletype machines\r\nCOLOSSUS The first programmable computer ENIAC was not num 1, it was number 11!\r\nUsed to find the Key to a Lorenz message.\r\nHistory books are wrong because after WWII Colossus worked against US and Soviet code machines. Secret until the 1970's\r\n\r\nMay need to tweak this for the list.","updated_timestamp":{"seconds":1691259960,"nanoseconds":0},"speakers":[{"content_ids":[52256],"conference_id":96,"event_ids":[52517],"name":"Kent","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51492}],"timeband_id":991,"links":[],"end":"2023-08-12T22:20:00.000-0000","id":52517,"village_id":null,"tag_ids":[40292,45645,45647,45743],"begin_timestamp":{"seconds":1691877600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51492}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Eldorado - Radio Frequency Village","hotel":"","short_name":"Eldorado - Radio Frequency Village","id":45714},"spans_timebands":"N","updated":"2023-08-05T18:26:00.000-0000","begin":"2023-08-12T22:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Quantum Sensing is a new paradigm of technology that allows us to use quantum-level effects for macro-level sensing outputs. Join Ben as he demonstrates how to use off-the-shelf components to build a quantum sensor; using just a HackRF, a Raspberry Pi, and some high-quality oscillators being the primary ingredients! \r\n\r\nTime shifts are used to test special and general relativity, they are used for navigation and they shed light on things like quantum field theory and quantum gravity. In special relativity, a moving clock will have a time shift with respect to a stationary clock. This is typically very small and requires extremely fast moving objects to really see a difference. On the other hand an accelerated clock adds something new. Rather than just seeing a change in the passage of time the accelerated observer sees a change in the speed of light for other observers. To measure this we shall make use of the Rindler frame; an artefact of \"Special Relativity\" rather than \"General Relativity\".\r\n\r\nBy utilising these effects and a little quantum field theory, we can use the fact that in the Rindler frame, time shifts would manifest as phase shifts, hence a very sensitive measurement of phase could detect the acceleration based time shifts giving us a new kind of quantum sensor.. All of which can be done on off-the-shelf components, as Ben shall be building and demonstrating during the village!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Quantum Technologies on a Raspberry Pi (and HackRF one)","end_timestamp":{"seconds":1691881200,"nanoseconds":0},"android_description":"Quantum Sensing is a new paradigm of technology that allows us to use quantum-level effects for macro-level sensing outputs. Join Ben as he demonstrates how to use off-the-shelf components to build a quantum sensor; using just a HackRF, a Raspberry Pi, and some high-quality oscillators being the primary ingredients! \r\n\r\nTime shifts are used to test special and general relativity, they are used for navigation and they shed light on things like quantum field theory and quantum gravity. In special relativity, a moving clock will have a time shift with respect to a stationary clock. This is typically very small and requires extremely fast moving objects to really see a difference. On the other hand an accelerated clock adds something new. Rather than just seeing a change in the passage of time the accelerated observer sees a change in the speed of light for other observers. To measure this we shall make use of the Rindler frame; an artefact of \"Special Relativity\" rather than \"General Relativity\".\r\n\r\nBy utilising these effects and a little quantum field theory, we can use the fact that in the Rindler frame, time shifts would manifest as phase shifts, hence a very sensitive measurement of phase could detect the acceleration based time shifts giving us a new kind of quantum sensor.. All of which can be done on off-the-shelf components, as Ben shall be building and demonstrating during the village!","updated_timestamp":{"seconds":1691108700,"nanoseconds":0},"speakers":[{"content_ids":[52178,52186],"conference_id":96,"event_ids":[52426,52434],"name":"Ben Varcoe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51425}],"timeband_id":991,"links":[],"end":"2023-08-12T23:00:00.000-0000","id":52434,"begin_timestamp":{"seconds":1691877600,"nanoseconds":0},"tag_ids":[40291,45645,45649,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51425}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Quantum Village","hotel":"","short_name":"Quantum Village","id":45741},"begin":"2023-08-12T22:00:00.000-0000","updated":"2023-08-04T00:25:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Many US interests heavily depend on space assets. With the rapid development of space technology, security is often overlooked. This talk covers a range of space-based attack scenarios, developed via extensive threat modeling efforts (attack trees, PnGs, etc). The paper being produced from this research effort will be presented to the National Space Council. By addressing these issues, the US can strengthen its resilience in space and ensure the security of critical space-based infrastructures.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Space Pirates on the Loose! - Space-Based Threats to US Interests","android_description":"Many US interests heavily depend on space assets. With the rapid development of space technology, security is often overlooked. This talk covers a range of space-based attack scenarios, developed via extensive threat modeling efforts (attack trees, PnGs, etc). The paper being produced from this research effort will be presented to the National Space Council. By addressing these issues, the US can strengthen its resilience in space and ensure the security of critical space-based infrastructures.","end_timestamp":{"seconds":1691879100,"nanoseconds":0},"updated_timestamp":{"seconds":1691101320,"nanoseconds":0},"speakers":[{"content_ids":[52161],"conference_id":96,"event_ids":[52391],"name":"Henry Danielson","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51411},{"content_ids":[52161],"conference_id":96,"event_ids":[52391],"name":"Sage Meadows","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51419}],"timeband_id":991,"links":[],"end":"2023-08-12T22:25:00.000-0000","id":52391,"tag_ids":[40280,45645,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691877600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51411},{"tag_id":45590,"sort_order":1,"person_id":51419}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"begin":"2023-08-12T22:00:00.000-0000","updated":"2023-08-03T22:22:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The popularity of cheap and DIY drones has made them a target for attackers using radiofrequency (RF) signals. Frequency hopping is a technique that can be used to mitigate the risks associated with RF warfare. However, implementing frequency hopping in cheap and DIY drones presents several technical challenges, such as the need for a stable clock and synchronization between the transmitter and receiver without rising hardware costs. Despite these challenges, frequency hopping can significantly enhance the security of consumer and DIY drones making much more challenging or even useless anti-drone systems’ role.\n\n\n","title":"Generating Rf With Stock Hardware For Drones","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"The popularity of cheap and DIY drones has made them a target for attackers using radiofrequency (RF) signals. Frequency hopping is a technique that can be used to mitigate the risks associated with RF warfare. However, implementing frequency hopping in cheap and DIY drones presents several technical challenges, such as the need for a stable clock and synchronization between the transmitter and receiver without rising hardware costs. Despite these challenges, frequency hopping can significantly enhance the security of consumer and DIY drones making much more challenging or even useless anti-drone systems’ role.","end_timestamp":{"seconds":1691880600,"nanoseconds":0},"updated_timestamp":{"seconds":1691079660,"nanoseconds":0},"speakers":[{"content_ids":[50666,52146],"conference_id":96,"event_ids":[50851,52371],"name":"David Melendez","affiliations":[{"organization":"","title":"R&D Embedded Software Engineer"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/david-melendez-cano-0b195712/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@taiksontexas"},{"description":"","title":"Website","sort_order":0,"url":"http://taiksonprojects.blogspot.com/ "}],"media":[],"id":49960,"title":"R&D Embedded Software Engineer"}],"timeband_id":991,"links":[],"end":"2023-08-12T22:50:00.000-0000","id":52371,"tag_ids":[40287,45645,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691877600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49960}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 311-312 - Hardware/Soldering Vlgs","hotel":"","short_name":"Alliance - 311-312 - Hardware/Soldering Vlgs","id":45868},"updated":"2023-08-03T16:21:00.000-0000","begin":"2023-08-12T22:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Put on your blue team hat and learn to detect and remediate compromises in your software delivery pipeline. Whether you have a beginner, intermediate, or advanced level, we have challenges catered for you! Using honeytokens, uncover ongoing application security attacks and map the attack surface. Gain hands-on experience prioritizing threats and enhancing your defensive skills. Receive feedback and recommendations for improvement. Plus, participants will receive a cool T-shirt! Take advantage of this exciting and educational opportunity.\n\n\n","title":"Hunt the Hacker - Detect compromises in your repositories!","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691884800,"nanoseconds":0},"android_description":"Put on your blue team hat and learn to detect and remediate compromises in your software delivery pipeline. Whether you have a beginner, intermediate, or advanced level, we have challenges catered for you! Using honeytokens, uncover ongoing application security attacks and map the attack surface. Gain hands-on experience prioritizing threats and enhancing your defensive skills. Receive feedback and recommendations for improvement. Plus, participants will receive a cool T-shirt! Take advantage of this exciting and educational opportunity.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52105],"conference_id":96,"event_ids":[52330,52363,52364,52365],"name":"GitGuardian","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51342}],"timeband_id":991,"links":[],"end":"2023-08-13T00:00:00.000-0000","id":52364,"begin_timestamp":{"seconds":1691877600,"nanoseconds":0},"village_id":null,"tag_ids":[40297,45647,45743,45775],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51342}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 1","hotel":"","short_name":"AppSec Village - Pod 1","id":45962},"spans_timebands":"N","updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-12T22:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"How to Hide Behavior from Security Tools","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"android_description":"","end_timestamp":{"seconds":1691884800,"nanoseconds":0},"updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52113],"conference_id":96,"event_ids":[52337,52361,52362],"name":"Deepfactor","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51332}],"timeband_id":991,"links":[],"end":"2023-08-13T00:00:00.000-0000","id":52361,"tag_ids":[40297,45647,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691877600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51332}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 2","hotel":"","short_name":"AppSec Village - Pod 2","id":45963},"updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-12T22:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Find a security vulnerability in an app and get a score when you effectively fix it. The winner of the competition is the first person who fixes the vulnerability.\n\n\n","title":"Fix The Flag - Battle Challenge","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691884800,"nanoseconds":0},"android_description":"Find a security vulnerability in an app and get a score when you effectively fix it. The winner of the competition is the first person who fixes the vulnerability.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52101,52122],"conference_id":96,"event_ids":[52326,52344],"name":"Pedram Hayati","affiliations":[],"pronouns":null,"links":[{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/pi3ch"}],"media":[],"id":51369}],"timeband_id":991,"links":[],"end":"2023-08-13T00:00:00.000-0000","id":52344,"tag_ids":[40297,45647,45743,45775],"begin_timestamp":{"seconds":1691877600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51369}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 3","hotel":"","short_name":"AppSec Village - Pod 3","id":45964},"updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-12T22:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"SusParams is a testing dataset for offensive security folk assessing web technologies. Years ago, I released a tool called HUNT at DEF CON and Blackhat Arsenal. The secret sauce was a dataset of commonly vulnerable parameters to certain web vulnerability types. This dataset was created using statistical analysis of over 18,000 parameters. Jhaddix and Gunnar have extended this research to over 40,000 parameters. Our data sources have expanded into hackerone hacktivity, 5 years of recent CVE data, XSSed.com, and more!\r\n\r\nJoin us as we release this epic tool and helper scripts to supercharge your offensive web hacking.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"SusParams: Hypercharge your web testing with DATA","end_timestamp":{"seconds":1691880300,"nanoseconds":0},"android_description":"SusParams is a testing dataset for offensive security folk assessing web technologies. Years ago, I released a tool called HUNT at DEF CON and Blackhat Arsenal. The secret sauce was a dataset of commonly vulnerable parameters to certain web vulnerability types. This dataset was created using statistical analysis of over 18,000 parameters. Jhaddix and Gunnar have extended this research to over 40,000 parameters. Our data sources have expanded into hackerone hacktivity, 5 years of recent CVE data, XSSed.com, and more!\r\n\r\nJoin us as we release this epic tool and helper scripts to supercharge your offensive web hacking.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[51097,51303,51307,51998,52118],"conference_id":96,"event_ids":[51128,51365,51369,52192,52342],"name":"Jason Haddix","affiliations":[{"organization":"BuddoBot","title":"CISO and “Hacker in Charge”"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jhaddix"}],"media":[],"id":50266,"title":"CISO and “Hacker in Charge” at BuddoBot"}],"timeband_id":991,"links":[],"end":"2023-08-12T22:45:00.000-0000","id":52342,"tag_ids":[40297,45645,45647,45743],"village_id":null,"begin_timestamp":{"seconds":1691877600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50266}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Main Stage","hotel":"","short_name":"AppSec Village - Main Stage","id":45960},"spans_timebands":"N","updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-12T22:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Faking GitHub Reputation","android_description":"","end_timestamp":{"seconds":1691884800,"nanoseconds":0},"updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52128,52123],"conference_id":96,"event_ids":[52348,52308,52360],"name":"Checkmarx","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51329}],"timeband_id":991,"links":[],"end":"2023-08-13T00:00:00.000-0000","id":52308,"tag_ids":[40297,45647,45743,45775],"begin_timestamp":{"seconds":1691877600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51329}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 4","hotel":"","short_name":"AppSec Village - Pod 4","id":45965},"begin":"2023-08-12T22:00:00.000-0000","updated":"2023-08-03T15:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The way in which Android applications talk to each other is often misunderstood, and it is entirely too common to see apps whose sensitive functionality is completely open to anyone who asks nicely.\r\n\r\nThis workshop will cover several case studies of overly permissive apps/devices found in the wild, including an OEM's voice recorder application that could be made to start and stop voice recordings without the user's knowledge.\r\n\r\nWe will go over common implementation flaws, play around with exploiting them from the perspective of an unprivileged application, and explore how an understanding of Android permissions could help us avoid these mistakes.\n\n\n","title":"Per-mission Impossible: Exploring the Android Permission Model and Intents","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"android_description":"The way in which Android applications talk to each other is often misunderstood, and it is entirely too common to see apps whose sensitive functionality is completely open to anyone who asks nicely.\r\n\r\nThis workshop will cover several case studies of overly permissive apps/devices found in the wild, including an OEM's voice recorder application that could be made to start and stop voice recordings without the user's knowledge.\r\n\r\nWe will go over common implementation flaws, play around with exploiting them from the perspective of an unprivileged application, and explore how an understanding of Android permissions could help us avoid these mistakes.","end_timestamp":{"seconds":1691884800,"nanoseconds":0},"updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52119],"conference_id":96,"event_ids":[52306],"name":"Miłosz Gaczkowski","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/milosz-gaczkowski/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/cyberMilosz"}],"pronouns":null,"media":[],"id":51365},{"content_ids":[52119],"conference_id":96,"event_ids":[52306],"name":"William Taylor","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51385}],"timeband_id":991,"links":[],"end":"2023-08-13T00:00:00.000-0000","id":52306,"begin_timestamp":{"seconds":1691877600,"nanoseconds":0},"village_id":null,"tag_ids":[40297,45647,45719,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51365},{"tag_id":45590,"sort_order":1,"person_id":51385}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Workshop","hotel":"","short_name":"AppSec Village - Workshop","id":45961},"spans_timebands":"N","updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-12T22:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"A case study in using Huggingface and machine learning models for supply chain style attacks in red team operations. Machine learning models execute by necessity within a businesses most sensitive environment with high level access to crown jewels, making it a perfect target. Learn the ways in which these attacks can be performed, how to avoid detection and what you can expect to find or do with your newfound ML environment access as a red teamer.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"you sound confused, anyways - thanks for the jewels.","end_timestamp":{"seconds":1691879100,"nanoseconds":0},"android_description":"A case study in using Huggingface and machine learning models for supply chain style attacks in red team operations. Machine learning models execute by necessity within a businesses most sensitive environment with high level access to crown jewels, making it a perfect target. Learn the ways in which these attacks can be performed, how to avoid detection and what you can expect to find or do with your newfound ML environment access as a red teamer.","updated_timestamp":{"seconds":1691031480,"nanoseconds":0},"speakers":[{"content_ids":[50634,52054],"conference_id":96,"event_ids":[50742,52273],"name":"Adrian \"threlfall\" Wood","affiliations":[{"organization":"Dropbox","title":""}],"links":[],"pronouns":null,"media":[],"id":49896,"title":"Dropbox"}],"timeband_id":991,"links":[],"end":"2023-08-12T22:25:00.000-0000","id":52273,"tag_ids":[40299,45645,45646,45743],"begin_timestamp":{"seconds":1691877600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49896}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 401-406 - AI Village","hotel":"","short_name":"Academy - 401-406 - AI Village","id":45870},"begin":"2023-08-12T22:00:00.000-0000","updated":"2023-08-03T02:58:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"title":"Cryptosploit Workshop","android_description":"","end_timestamp":{"seconds":1691880300,"nanoseconds":0},"updated_timestamp":{"seconds":1691025900,"nanoseconds":0},"speakers":[{"content_ids":[50636,52034],"conference_id":96,"event_ids":[50744,52250],"name":"Matt Cheung","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49900}],"timeband_id":991,"links":[],"end":"2023-08-12T22:45:00.000-0000","id":52250,"tag_ids":[40308,45647,45719,45743],"begin_timestamp":{"seconds":1691877600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49900}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset - Vista - Crypto & Privacy Village","hotel":"","short_name":"Sunset - Vista - Crypto & Privacy Village","id":45702},"begin":"2023-08-12T22:00:00.000-0000","updated":"2023-08-03T01:25:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In this captivating talk, I will share my personal journey of obtaining my first CVE (Common Vulnerabilities and Exposures) identification. I will take you through the thrilling experience of finding a security vulnerability, navigating the responsible disclosure process, and the ultimate achievement of receiving a CVE identifier.\r\n\r\nDuring my talk, I will discuss the challenges I faced during my research, highlighting the technical skills and methodologies I employed to identify the vulnerability. I will delve into the intricacies of responsible disclosure, including engaging with vendors, coordinating patches, and collaborating with the security community.\r\n\r\nFurthermore, I will reflect on the significance of receiving a CVE and how it has impacted my career and professional development. By attending my talk, you will gain insights into the rewards and growth opportunities that come with contributing to the cybersecurity community.\r\n\r\nJoin me for an inspiring journey as I share my experiences, provide valuable insights into obtaining a CVE, and showcase the personal and professional achievements it can bring.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Unveiling My Journey to My First CVE: A Tale of Discovery and Achievement","android_description":"In this captivating talk, I will share my personal journey of obtaining my first CVE (Common Vulnerabilities and Exposures) identification. I will take you through the thrilling experience of finding a security vulnerability, navigating the responsible disclosure process, and the ultimate achievement of receiving a CVE identifier.\r\n\r\nDuring my talk, I will discuss the challenges I faced during my research, highlighting the technical skills and methodologies I employed to identify the vulnerability. I will delve into the intricacies of responsible disclosure, including engaging with vendors, coordinating patches, and collaborating with the security community.\r\n\r\nFurthermore, I will reflect on the significance of receiving a CVE and how it has impacted my career and professional development. By attending my talk, you will gain insights into the rewards and growth opportunities that come with contributing to the cybersecurity community.\r\n\r\nJoin me for an inspiring journey as I share my experiences, provide valuable insights into obtaining a CVE, and showcase the personal and professional achievements it can bring.","end_timestamp":{"seconds":1691880600,"nanoseconds":0},"updated_timestamp":{"seconds":1690937820,"nanoseconds":0},"speakers":[{"content_ids":[52008],"conference_id":96,"event_ids":[52203],"name":"Gaspard Baye","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51215}],"timeband_id":991,"links":[],"end":"2023-08-12T22:50:00.000-0000","id":52203,"begin_timestamp":{"seconds":1691877600,"nanoseconds":0},"village_id":null,"tag_ids":[40281,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51215}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 301-304 - Blacks in Cyber Village","hotel":"","short_name":"Alliance - 301-304 - Blacks in Cyber Village","id":45865},"spans_timebands":"N","begin":"2023-08-12T22:00:00.000-0000","updated":"2023-08-02T00:57:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"If you've ever looked into the current standard software for many different packet radio operations, you've probably experienced the 90s interfaces, weird and wacky undocumented configuration, and general lack of consideration for open source. Modern Packet Message Manager hopes to put an end to that situation by either creating or collecting a full open-source stack of software to facilitate digital packet messaging, with a focus on modularity, open source, and modern interfaces.\n\n\n","title":"Modernizing AX.25 packet radio with Modern Packet Message Manager","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"If you've ever looked into the current standard software for many different packet radio operations, you've probably experienced the 90s interfaces, weird and wacky undocumented configuration, and general lack of consideration for open source. Modern Packet Message Manager hopes to put an end to that situation by either creating or collecting a full open-source stack of software to facilitate digital packet messaging, with a focus on modularity, open source, and modern interfaces.","end_timestamp":{"seconds":1691879400,"nanoseconds":0},"updated_timestamp":{"seconds":1690767360,"nanoseconds":0},"speakers":[{"content_ids":[50998,51976],"conference_id":96,"event_ids":[51036,52170],"name":"Jeremy Banker","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Github","sort_order":0,"url":"https://github.com/loredous"}],"media":[],"id":50175}],"timeband_id":991,"links":[],"end":"2023-08-12T22:30:00.000-0000","id":52170,"village_id":null,"begin_timestamp":{"seconds":1691877600,"nanoseconds":0},"tag_ids":[40286,45592,45645,45647,45743],"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50175}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Virginia City - Ham Radio Village","hotel":"","short_name":"Virginia City - Ham Radio Village","id":45724},"begin":"2023-08-12T22:00:00.000-0000","updated":"2023-07-31T01:36:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This panel explores the presence and actions of non-state actors in the Russia-Ukraine conflict. With a focus on volunteerist cyber actors in the conflict, such as patriotic hackers and hacktivist collectives, individual volunteers - or even the private sector -, the panel explores the conduct of these actors during the conflict, as well as how the cyber criminal landscape has evolved during the course of the conflict. Bringing together a set of diverse perspectives from across the policy, operational, legal, and security community spheres, both within, and outside of government, including the NGO space, it focuses on the implications of these actions: can these indeed be considered altruistic actions in cyberspace? Or do they hold more complex implications than we are prepared to admit? This panel intends to demonstrate the ways in which the actions of non-state actors challenge some of our basic assumptions about cyberspace as a domain of operations – but also how adversaries might understand this behaviour too. Ultimately, it argues that the unique space that non-state actors occupy within the cyber elements of the conflict requires much deeper consideration, and complex, considered thought from the wider international security community.\n\n\n","title":"Non-State Actors in the Russia/Ukraine Conflict","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d653b1","name":"Village Panel","id":45771},"end_timestamp":{"seconds":1691880600,"nanoseconds":0},"android_description":"This panel explores the presence and actions of non-state actors in the Russia-Ukraine conflict. With a focus on volunteerist cyber actors in the conflict, such as patriotic hackers and hacktivist collectives, individual volunteers - or even the private sector -, the panel explores the conduct of these actors during the conflict, as well as how the cyber criminal landscape has evolved during the course of the conflict. Bringing together a set of diverse perspectives from across the policy, operational, legal, and security community spheres, both within, and outside of government, including the NGO space, it focuses on the implications of these actions: can these indeed be considered altruistic actions in cyberspace? Or do they hold more complex implications than we are prepared to admit? This panel intends to demonstrate the ways in which the actions of non-state actors challenge some of our basic assumptions about cyberspace as a domain of operations – but also how adversaries might understand this behaviour too. Ultimately, it argues that the unique space that non-state actors occupy within the cyber elements of the conflict requires much deeper consideration, and complex, considered thought from the wider international security community.","updated_timestamp":{"seconds":1690431600,"nanoseconds":0},"speakers":[{"content_ids":[51522],"conference_id":96,"event_ids":[51678],"name":"Marc Rogers","affiliations":[{"organization":"nbhd.ai","title":"CTO and Cofounder"},{"organization":"Institute for Security and Technology","title":"Senior Adjunct Advisor"}],"links":[],"pronouns":null,"media":[],"id":50619,"title":"Senior Adjunct Advisor at Institute for Security and Technology"},{"content_ids":[51512,51522],"conference_id":96,"event_ids":[51668,51678],"name":"Mauro Vignati","affiliations":[{"organization":"ICRC","title":""}],"links":[],"pronouns":null,"media":[],"id":50624,"title":"ICRC"},{"content_ids":[51522],"conference_id":96,"event_ids":[51678],"name":"Stefanie Metka","affiliations":[{"organization":"NATO","title":""}],"links":[],"pronouns":null,"media":[],"id":50637,"title":"NATO"},{"content_ids":[51522],"conference_id":96,"event_ids":[51678],"name":"Dan Grobarcik","affiliations":[{"organization":"Cyber and Innovation Policy Institute at the U.S. Naval War College","title":"Research Associate"}],"links":[],"pronouns":null,"media":[],"id":51435,"title":"Research Associate at Cyber and Innovation Policy Institute at the U.S. Naval War College"}],"timeband_id":991,"links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"end":"2023-08-12T22:50:00.000-0000","id":51678,"village_id":null,"tag_ids":[40310,45646,45743,45771],"begin_timestamp":{"seconds":1691877600,"nanoseconds":0},"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51435},{"tag_id":45632,"sort_order":1,"person_id":50619},{"tag_id":45632,"sort_order":1,"person_id":50624},{"tag_id":45632,"sort_order":1,"person_id":50637}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 218-219 - Policy Rotunda","hotel":"","short_name":"Summit - 218-219 - Policy Rotunda","id":45824},"spans_timebands":"N","begin":"2023-08-12T22:00:00.000-0000","updated":"2023-07-27T04:20:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"What happens when a vulnerability is submitted to a programme? Why do some disclosures take forever? What are governments doing about vulnerability disclosure and why are they so bothered about it? Why do people not understand what the words “vulnerability disclosure” mean and why can’t policy makers quite get their heads around 0 days? Why are companies in some sectors just not adopting CVD even though governments are passing it into law? Have we got RAS or can we think of anymore TLAs to add to the CRA, NIS and VDP? What are countries and regions around the world doing and how do they differ? And yes, what the heck is an equities process?\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d653b1","name":"Village Panel","id":45771},"title":"All Your Vulns are Belong to Terms & Conditions","end_timestamp":{"seconds":1691880600,"nanoseconds":0},"android_description":"What happens when a vulnerability is submitted to a programme? Why do some disclosures take forever? What are governments doing about vulnerability disclosure and why are they so bothered about it? Why do people not understand what the words “vulnerability disclosure” mean and why can’t policy makers quite get their heads around 0 days? Why are companies in some sectors just not adopting CVD even though governments are passing it into law? Have we got RAS or can we think of anymore TLAs to add to the CRA, NIS and VDP? What are countries and regions around the world doing and how do they differ? And yes, what the heck is an equities process?","updated_timestamp":{"seconds":1690431240,"nanoseconds":0},"speakers":[{"content_ids":[50571,50614,51515,51499],"conference_id":96,"event_ids":[50722,50809,51655,51671],"name":"Harley Geiger","affiliations":[{"organization":"Venable LLP","title":"Counsel"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/HarleyGeiger"}],"media":[],"id":49789,"title":"Counsel at Venable LLP"},{"content_ids":[51491,51515],"conference_id":96,"event_ids":[51647,51671],"name":"Casey Ellis","affiliations":[{"organization":"Disclose.io","title":""},{"organization":"Bugcrowd","title":""}],"links":[],"pronouns":null,"media":[],"id":50544,"title":"Bugcrowd"},{"content_ids":[51515,51510,51502,52243],"conference_id":96,"event_ids":[52498,51658,51666,51671],"name":"David Rogers","affiliations":[{"organization":"Copper Horse","title":"CEO"}],"links":[],"pronouns":null,"media":[],"id":50598,"title":"CEO at Copper Horse"},{"content_ids":[51515],"conference_id":96,"event_ids":[51671],"name":"Katie Trimble-Noble","affiliations":[{"organization":"A Tech Company","title":"Director, PSIRT and Bug Bounty"}],"links":[],"pronouns":null,"media":[],"id":50615,"title":"Director, PSIRT and Bug Bounty at A Tech Company"}],"timeband_id":991,"end":"2023-08-12T22:50:00.000-0000","links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"id":51671,"tag_ids":[40310,45646,45743,45771,45836],"village_id":null,"begin_timestamp":{"seconds":1691877600,"nanoseconds":0},"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":50544},{"tag_id":45632,"sort_order":1,"person_id":50598},{"tag_id":45632,"sort_order":1,"person_id":49789},{"tag_id":45632,"sort_order":1,"person_id":50615}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 221-222 - Policy Atrium","hotel":"","short_name":"Summit - 221-222 - Policy Atrium","id":45878},"updated":"2023-07-27T04:14:00.000-0000","begin":"2023-08-12T22:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Your Ship is Leaking... How Social Media Plays a Role in the Uncovering of Critical Maritime Systems","android_description":"","end_timestamp":{"seconds":1691879400,"nanoseconds":0},"updated_timestamp":{"seconds":1690423020,"nanoseconds":0},"speakers":[{"content_ids":[51489],"conference_id":96,"event_ids":[51645],"name":"Rae Baker","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50562}],"timeband_id":991,"links":[],"end":"2023-08-12T22:30:00.000-0000","id":51645,"village_id":null,"begin_timestamp":{"seconds":1691877600,"nanoseconds":0},"tag_ids":[40306,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50562}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 313-319 - ICS Village","hotel":"","short_name":"Alliance - 313-319 - ICS Village","id":45869},"spans_timebands":"N","updated":"2023-07-27T01:57:00.000-0000","begin":"2023-08-12T22:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The growing popularity of playing AAA Windows video games on Linux has increased the compatibility of tools such as WINE and Proton. These same platforms that enable the latest games to run also can be used to execute the latest Malware. This talk will walk through configuring an environment to rapidly collect IoCs from unknown samples without having to use expensive sandboxes. Learn how to leverage your favorite UNIX tools to awk, grep, and pipe your way to extracting valuable forensic evidence without submitting your samples to $VENDOR. More on the offensive side? Come see how to shorten the feedback loop from idea generation, to testing and finally deployment!\n\n\n","title":"WINE Pairing with Malware","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691880600,"nanoseconds":0},"android_description":"The growing popularity of playing AAA Windows video games on Linux has increased the compatibility of tools such as WINE and Proton. These same platforms that enable the latest games to run also can be used to execute the latest Malware. This talk will walk through configuring an environment to rapidly collect IoCs from unknown samples without having to use expensive sandboxes. Learn how to leverage your favorite UNIX tools to awk, grep, and pipe your way to extracting valuable forensic evidence without submitting your samples to $VENDOR. More on the offensive side? Come see how to shorten the feedback loop from idea generation, to testing and finally deployment!","updated_timestamp":{"seconds":1691375280,"nanoseconds":0},"speakers":[{"content_ids":[51471],"conference_id":96,"event_ids":[51627],"name":"Jared Stroud","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50525}],"timeband_id":991,"links":[],"end":"2023-08-12T22:50:00.000-0000","id":51627,"begin_timestamp":{"seconds":1691877600,"nanoseconds":0},"village_id":null,"tag_ids":[40288,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50525}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 232-233 - Shared Stage","hotel":"","short_name":"Summit - 232-233 - Shared Stage","id":45900},"spans_timebands":"N","begin":"2023-08-12T22:00:00.000-0000","updated":"2023-08-07T02:28:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#2ec300","updated_at":"2024-06-07T03:38+0000","name":"Vendor Event","id":45769},"title":"No Starch Press - Book Signing - Jon DiMaggio, The Art of Cyberwarfare","end_timestamp":{"seconds":1691881200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1690416240,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-12T23:00:00.000-0000","id":51613,"begin_timestamp":{"seconds":1691877600,"nanoseconds":0},"tag_ids":[45646,45743,45769,45770],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 305-306 - Vendors","hotel":"","short_name":"Alliance - 305-306 - Vendors","id":45866},"begin":"2023-08-12T22:00:00.000-0000","updated":"2023-07-27T00:04:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Twitter: @defconchess\r\n\r\nFor early registration, please send your name and rating to: defconchess@gmail.com​\r\n\r\nChess, computers, and hacking go way back. In the 18th century, the Mechanical Turk appeared to play a good game, but there was a human ghost hiding in the shell. Some of the first computer software was written to play chess. In 1997, world champion Garry Kasparov lost to the program Deep Blue, but after the match he accused IBM of cheating, alleging that only a rival grandmaster could have made certain moves.\r\n\r\nAt DEF CON 31, we will run a human chess tournament. The games will have a “blitz” time control of 5 minutes on each player’s clock, for a maximum total game time of 10 minutes. The tournament will have a Swiss-system format, with a fixed number of rounds. The match pairing for each round is done after the previous round has ended, and depends on its results. Each player is paired with another player who has a similar running score.\r\n\r\nTo determine the winner, the Swiss system is considered highly effective, even when there is a large number of competitors and a small number of rounds. Every player gets to play the full tournament, and the winner has the highest aggregate score when all rounds are over.\r\n\r\nThere will be trophies and prizes for the top three players.\r\n\r\nThe tournament mechanics will be managed by the Las Vegas Chess Center (LVCC), which has many years of experience in organizing royal game tournaments for all strength levels and ages. LVCC has professional coaches, and grandmasters are frequent visitors.​\r\n\r\nMax players: 100. In order to crown the best chess player at DEF CON, we will register the highest-rated players first.​ \n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":" DEF CON Chess Tournament","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"Twitter: @defconchess\r\n\r\nFor early registration, please send your name and rating to: defconchess@gmail.com​\r\n\r\nChess, computers, and hacking go way back. In the 18th century, the Mechanical Turk appeared to play a good game, but there was a human ghost hiding in the shell. Some of the first computer software was written to play chess. In 1997, world champion Garry Kasparov lost to the program Deep Blue, but after the match he accused IBM of cheating, alleging that only a rival grandmaster could have made certain moves.\r\n\r\nAt DEF CON 31, we will run a human chess tournament. The games will have a “blitz” time control of 5 minutes on each player’s clock, for a maximum total game time of 10 minutes. The tournament will have a Swiss-system format, with a fixed number of rounds. The match pairing for each round is done after the previous round has ended, and depends on its results. Each player is paired with another player who has a similar running score.\r\n\r\nTo determine the winner, the Swiss system is considered highly effective, even when there is a large number of competitors and a small number of rounds. Every player gets to play the full tournament, and the winner has the highest aggregate score when all rounds are over.\r\n\r\nThere will be trophies and prizes for the top three players.\r\n\r\nThe tournament mechanics will be managed by the Las Vegas Chess Center (LVCC), which has many years of experience in organizing royal game tournaments for all strength levels and ages. LVCC has professional coaches, and grandmasters are frequent visitors.​\r\n\r\nMax players: 100. In order to crown the best chess player at DEF CON, we will register the highest-rated players first.​","updated_timestamp":{"seconds":1690140480,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245485"},{"label":"Twitter (@defconchess)","type":"link","url":"https://twitter.com/@defconchess"}],"end":"2023-08-13T01:00:00.000-0000","id":51443,"tag_ids":[45635,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691877600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"begin":"2023-08-12T22:00:00.000-0000","updated":"2023-07-23T19:28:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Welcome to our Red Team workshop where we will be discussing the hottest Tactics, Techniques, and Procedures (TTPs) used by Red Teams today. As cyber threats become more sophisticated, it is essential for Red Teams to stay up-to-date with the latest TTPs to ensure their organizations are well-prepared and protected against potential attacks. In this workshop, we will explore the latest TTPs used by Red Teams, including social engineering, post-exploitation, and other malicious techniques that are currently being employed in “advanced” attacks. By the end of this workshop, you will have a better understanding of the latest TTPs, how to use them, and be better equipped to defend against them. Let's get started!\n\n\n","title":"Red Hot (Red Team TTPs)","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691881200,"nanoseconds":0},"android_description":"Welcome to our Red Team workshop where we will be discussing the hottest Tactics, Techniques, and Procedures (TTPs) used by Red Teams today. As cyber threats become more sophisticated, it is essential for Red Teams to stay up-to-date with the latest TTPs to ensure their organizations are well-prepared and protected against potential attacks. In this workshop, we will explore the latest TTPs used by Red Teams, including social engineering, post-exploitation, and other malicious techniques that are currently being employed in “advanced” attacks. By the end of this workshop, you will have a better understanding of the latest TTPs, how to use them, and be better equipped to defend against them. Let's get started!","updated_timestamp":{"seconds":1689358200,"nanoseconds":0},"speakers":[{"content_ids":[51076],"conference_id":96,"event_ids":[51108,51153,51154,51155,51156],"name":"Ralph May","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ralphte1"}],"pronouns":null,"media":[],"id":50279},{"content_ids":[51076],"conference_id":96,"event_ids":[51108,51153,51154,51155,51156],"name":"Steve Borosh","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/424f424f"}],"pronouns":null,"media":[],"id":50284}],"timeband_id":991,"links":[],"end":"2023-08-12T23:00:00.000-0000","id":51156,"tag_ids":[40294,45647,45719],"village_id":60,"begin_timestamp":{"seconds":1691877600,"nanoseconds":0},"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50279},{"tag_id":45633,"sort_order":1,"person_id":50284}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 2","hotel":"","short_name":"Area 2","id":45826},"spans_timebands":"N","updated":"2023-07-14T18:10:00.000-0000","begin":"2023-08-12T22:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Welcome to the Open Source Intelligence Skills Lab Challenge CTF! There are 3 challenge sets, each with their own challenges. As you progress through each set, the difficulty will progressively increase. Answering a \"flag\" correctly will net you points, with a maximum possible score of 560.\n\n\n","title":"OSINT Skills Lab Challenge","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691881200,"nanoseconds":0},"android_description":"Welcome to the Open Source Intelligence Skills Lab Challenge CTF! There are 3 challenge sets, each with their own challenges. As you progress through each set, the difficulty will progressively increase. Answering a \"flag\" correctly will net you points, with a maximum possible score of 560.","updated_timestamp":{"seconds":1689358200,"nanoseconds":0},"speakers":[{"content_ids":[51075,51084],"conference_id":96,"event_ids":[51116,51145,51107,51146,51147,51148,51149],"name":"Lee McWhorter","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/tleemcjr"}],"media":[],"id":50269},{"content_ids":[51075,51084],"conference_id":96,"event_ids":[51116,51145,51107,51146,51147,51148,51149],"name":"Sandra Stibbards","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Camelotinv"}],"pronouns":null,"media":[],"id":50281}],"timeband_id":991,"links":[],"end":"2023-08-12T23:00:00.000-0000","id":51147,"village_id":60,"tag_ids":[40294,45647,45719],"begin_timestamp":{"seconds":1691877600,"nanoseconds":0},"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50269},{"tag_id":45633,"sort_order":1,"person_id":50281}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 3","hotel":"","short_name":"Area 3","id":45827},"spans_timebands":"N","updated":"2023-07-14T18:10:00.000-0000","begin":"2023-08-12T22:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Developing offensive thinking is the highlight of this training, you’ll be able to create different strategies to send some attacks and know how you can deliver that, and so on. Participants will have the experience of learning to execute several efficiency and detection tests in your lab environment, bringing the result of the defensive security analysis with an offensive mindset performed some types of the attacks that are used in cybercrime and being able to take practical actions to identify these threats. Understanding how Cyber Kill Chain works, learning Static and Dynamic Analysis of some types of files, and executing your own attacks...\n\n\n","title":"Malware Hunting an Offensive Approach","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691881200,"nanoseconds":0},"android_description":"Developing offensive thinking is the highlight of this training, you’ll be able to create different strategies to send some attacks and know how you can deliver that, and so on. Participants will have the experience of learning to execute several efficiency and detection tests in your lab environment, bringing the result of the defensive security analysis with an offensive mindset performed some types of the attacks that are used in cybercrime and being able to take practical actions to identify these threats. Understanding how Cyber Kill Chain works, learning Static and Dynamic Analysis of some types of files, and executing your own attacks...","updated_timestamp":{"seconds":1689358500,"nanoseconds":0},"speakers":[{"content_ids":[51088],"conference_id":96,"event_ids":[51119,51143,51144],"name":"Filipi Pires","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/FilipiPires"}],"media":[],"id":50262}],"timeband_id":991,"links":[],"end":"2023-08-12T23:00:00.000-0000","id":51143,"tag_ids":[40294,45647,45719],"village_id":60,"begin_timestamp":{"seconds":1691877600,"nanoseconds":0},"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50262}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 4","hotel":"","short_name":"Area 4","id":45828},"spans_timebands":"N","updated":"2023-07-14T18:15:00.000-0000","begin":"2023-08-12T22:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The esoteric art of patching ELF binaries has a long and fascinating history who's roots are deep within the hacking subculture; from ELF viruses to kernel rootkits. Silvio's 1997 \"UNIX Viruses\" paper taught us how to insert parasitic code into a page aligned text padding region. Many backdooring and hooking techniques have been revealed to us over the last 20 years-- perfect for hacking and injecting small patches and backdoors but on their own these techniques are limited, clunky and do not support the complexities of real-world patching problems in todays industry. Developers often need to fix complex bugs that exist within legacy ELF Binaries, no source code is available or the program cannot be recompiled.\r\n\r\nLet me introduce you to Shiva. Shiva is a JIT binary patching system for ELF; A custom ELF interpreter that loads and links ELF relocatable patches at runtime. Shiva allows developers to write patches in rich C code to naturally express the rewriting of binary code at runtime, in a high level language. ELF binary patching solutions over the past two decades have been scarce; some notable research: Katana and ERESI come to mind as pioneers in the early examples of custom ELF linkers and binary patchers.\r\n\r\nShiva is a next-level solution that allows developers to quickly write patches in C with little to no reversing knowledge. Born out of 16 years of ELF research into virus design, binary patching, and extensive experience with writing custom linkers and loaders.\r\n\r\nIn this talk we will discuss foundations of ELF binary patching and it's close relationship with ELF linkers, loaders and even ELF virus technology. This passionate body of research is combined and imbued into Shiva to create a highly innovative and powerful product that helps bridge the gap between Developers and Reverse engineers in modern binary patching solutions for ELF. A new workflow for maintaning insecure legacy software with modular patching capabilities is on the rise!\r\n \r\nPrepare for an indepth discussion of incredible new ELF hacking techniques and extensions. Old concepts such as userland-exec() brought back to life, and entirely new concepts such as \"Linker chaining\" to bring multiple dynamic linkers into a single process image. We will demonstrate complex patching scenarios, function splicing, program transformation, and even the weaponization of Shiva for writing sophisticated in-memory backdoors. Shiva; the ultimate ELF Binary hacker... aiming to solve the worlds most challenging binary patching problems today.\r\n\r\nREFERENCES:\r\n --Papers--\r\n Grugq - userland execve: https://grugq.github.io/docs/ul_exec.txt\r\n Mayhem - Cerberus ELF interface: http://phrack.org/issues/61/8.html\r\n Silvio - UNIX Viruses and parasites: https://vxug.fakedoma.in/archive/VxHeaven/lib/vsc02.html\r\n James Oakley & Sergey Bratus - Katana: A hot patching framework: https://ieeexplore.ieee.org/document/5438048\r\n James Oakley & Sergey Bratus - Exploiting the hard working DWARF: https://www.cs.dartmouth.edu/~sergey/battleaxe/hackito_2011_oakley_bratus.pdf\r\n Mlaurenzano - PEBIL (An ELF patching framework) - https://github.com/mlaurenzano/PEBIL\r\n sd & devik - Linux on-the-fly kernel patching without LKM: phrack.org/issues/58/7.html\r\n jbtzhm - static kernel patching - https://phrack.org/issues/60/8.html\r\n Elfmaster - Modern ELF infection techniques of SCOP binaries (POC||GTFO: 20:07)\r\n Elfmaster - Preloading the linker for fun and profit: https://tmpout.sh/2/6.html (This paper presents the nucleus of Shiva)\r\n Mayhem - IA32 Advanced function hooking: http://phrack.org/issues/58/8.html\r\n Richinseattle - Hooking the ELF loader: http://phrack.org/issues/58/8.html\r\n Silvio - Shared library call redirection via PLT infection: http://phrack.org/issues/56/7.html\r\n Elfmaster - Kernel instrumentation using kprobes: http://phrack.org/issues/56/7.html\r\n Mayhem - Next generation ELF debuggers: https://www.blackhat.com/presentations/bh-europe-07/ERSI/Presentation/bh-eu-07-ersi-apr19.pdf\r\n\r\n --A note on the illustrious tmp.0ut zine: https://tmpout.sh\r\n \r\n The crew at tmp.0ut are a tightly formed group ELF hackers and reversing enthusiasts who are continuing to research and publish awesome ELF research on a regular basis. I highly recommend their content, and am grateful for their many new contributions keeping the spirit of ELF hacking alive. Translated into nine different languages currently.\r\n \r\n --Source code--\r\n \r\n https://github.com/torvalds/linux/blob/master/fs/binfmt_elf.c (Source for Linux ELF loader)\r\n https://www.gnu.org/software/binutils (Source for for ELF /bin/ld)\r\n https://sourceware.org/git/glibc.git (Source code for ld-linux.so)\r\n https://github.com/elfmaster (My own ELF hacking related research)\r\n https://github.com/elfmaster/linker_preloading_virus (My first custom ELF interpreter)\r\n https://musl.libc.org/\r\n https://github.com/bminor/binutils-gdb <- These GDB guys really don't get enough credit.\r\n \r\n --Books--\r\n \r\n Understanding the Linux kernel (Great book on kernel internals)\r\n Learning Linux binary analysis (elfmaster)\r\n Advanced programming in the UNIX environment (Richard Stevenson)\r\n Turbo C (Old book from the 80s I learned C from)\n\n\n","title":"Revolutionizing ELF binary patching with Shiva: A JIT binary patching system for Linux","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"android_description":"The esoteric art of patching ELF binaries has a long and fascinating history who's roots are deep within the hacking subculture; from ELF viruses to kernel rootkits. Silvio's 1997 \"UNIX Viruses\" paper taught us how to insert parasitic code into a page aligned text padding region. Many backdooring and hooking techniques have been revealed to us over the last 20 years-- perfect for hacking and injecting small patches and backdoors but on their own these techniques are limited, clunky and do not support the complexities of real-world patching problems in todays industry. Developers often need to fix complex bugs that exist within legacy ELF Binaries, no source code is available or the program cannot be recompiled.\r\n\r\nLet me introduce you to Shiva. Shiva is a JIT binary patching system for ELF; A custom ELF interpreter that loads and links ELF relocatable patches at runtime. Shiva allows developers to write patches in rich C code to naturally express the rewriting of binary code at runtime, in a high level language. ELF binary patching solutions over the past two decades have been scarce; some notable research: Katana and ERESI come to mind as pioneers in the early examples of custom ELF linkers and binary patchers.\r\n\r\nShiva is a next-level solution that allows developers to quickly write patches in C with little to no reversing knowledge. Born out of 16 years of ELF research into virus design, binary patching, and extensive experience with writing custom linkers and loaders.\r\n\r\nIn this talk we will discuss foundations of ELF binary patching and it's close relationship with ELF linkers, loaders and even ELF virus technology. This passionate body of research is combined and imbued into Shiva to create a highly innovative and powerful product that helps bridge the gap between Developers and Reverse engineers in modern binary patching solutions for ELF. A new workflow for maintaning insecure legacy software with modular patching capabilities is on the rise!\r\n \r\nPrepare for an indepth discussion of incredible new ELF hacking techniques and extensions. Old concepts such as userland-exec() brought back to life, and entirely new concepts such as \"Linker chaining\" to bring multiple dynamic linkers into a single process image. We will demonstrate complex patching scenarios, function splicing, program transformation, and even the weaponization of Shiva for writing sophisticated in-memory backdoors. Shiva; the ultimate ELF Binary hacker... aiming to solve the worlds most challenging binary patching problems today.\r\n\r\nREFERENCES:\r\n --Papers--\r\n Grugq - userland execve: https://grugq.github.io/docs/ul_exec.txt\r\n Mayhem - Cerberus ELF interface: http://phrack.org/issues/61/8.html\r\n Silvio - UNIX Viruses and parasites: https://vxug.fakedoma.in/archive/VxHeaven/lib/vsc02.html\r\n James Oakley & Sergey Bratus - Katana: A hot patching framework: https://ieeexplore.ieee.org/document/5438048\r\n James Oakley & Sergey Bratus - Exploiting the hard working DWARF: https://www.cs.dartmouth.edu/~sergey/battleaxe/hackito_2011_oakley_bratus.pdf\r\n Mlaurenzano - PEBIL (An ELF patching framework) - https://github.com/mlaurenzano/PEBIL\r\n sd & devik - Linux on-the-fly kernel patching without LKM: phrack.org/issues/58/7.html\r\n jbtzhm - static kernel patching - https://phrack.org/issues/60/8.html\r\n Elfmaster - Modern ELF infection techniques of SCOP binaries (POC||GTFO: 20:07)\r\n Elfmaster - Preloading the linker for fun and profit: https://tmpout.sh/2/6.html (This paper presents the nucleus of Shiva)\r\n Mayhem - IA32 Advanced function hooking: http://phrack.org/issues/58/8.html\r\n Richinseattle - Hooking the ELF loader: http://phrack.org/issues/58/8.html\r\n Silvio - Shared library call redirection via PLT infection: http://phrack.org/issues/56/7.html\r\n Elfmaster - Kernel instrumentation using kprobes: http://phrack.org/issues/56/7.html\r\n Mayhem - Next generation ELF debuggers: https://www.blackhat.com/presentations/bh-europe-07/ERSI/Presentation/bh-eu-07-ersi-apr19.pdf\r\n\r\n --A note on the illustrious tmp.0ut zine: https://tmpout.sh\r\n \r\n The crew at tmp.0ut are a tightly formed group ELF hackers and reversing enthusiasts who are continuing to research and publish awesome ELF research on a regular basis. I highly recommend their content, and am grateful for their many new contributions keeping the spirit of ELF hacking alive. Translated into nine different languages currently.\r\n \r\n --Source code--\r\n \r\n https://github.com/torvalds/linux/blob/master/fs/binfmt_elf.c (Source for Linux ELF loader)\r\n https://www.gnu.org/software/binutils (Source for for ELF /bin/ld)\r\n https://sourceware.org/git/glibc.git (Source code for ld-linux.so)\r\n https://github.com/elfmaster (My own ELF hacking related research)\r\n https://github.com/elfmaster/linker_preloading_virus (My first custom ELF interpreter)\r\n https://musl.libc.org/\r\n https://github.com/bminor/binutils-gdb <- These GDB guys really don't get enough credit.\r\n \r\n --Books--\r\n \r\n Understanding the Linux kernel (Great book on kernel internals)\r\n Learning Linux binary analysis (elfmaster)\r\n Advanced programming in the UNIX environment (Richard Stevenson)\r\n Turbo C (Old book from the 80s I learned C from)","end_timestamp":{"seconds":1691880300,"nanoseconds":0},"updated_timestamp":{"seconds":1687140420,"nanoseconds":0},"speakers":[{"content_ids":[50554],"conference_id":96,"event_ids":[50832],"name":"Ryan \"ElfMaster\" O'Neill","affiliations":[{"organization":"Arcana Technologies","title":"CTO"}],"pronouns":null,"links":[{"description":"","title":"Github","sort_order":0,"url":"https://github.com/elfmaster"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ryan_elfmaster"}],"media":[],"id":49766,"title":"CTO at Arcana Technologies"}],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245723"}],"end":"2023-08-12T22:45:00.000-0000","id":50832,"tag_ids":[45589,45592,45630,45646,45766],"begin_timestamp":{"seconds":1691877600,"nanoseconds":0},"village_id":null,"includes":"Tool 🛠, Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49766}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 407-410 - Track 4","hotel":"","short_name":"Academy - 407-410 - Track 4","id":45799},"updated":"2023-06-19T02:07:00.000-0000","begin":"2023-08-12T22:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Spooky authentication at a distance outlines a new and innovative post-exploitation technique to proxy common authentication protocols used in Windows environments remotely and with no elevated privileges required. This allows security professionals to perform complete impersonation of the target user on their own machine without executing any further code on the target machine besides the agent itself. This talk will also demonstrate the applicability of this new technique by performing no-interaction, full domain takeover using a malicious peripheral in a simulated restricted environment. \r\n\r\nREFERENCES:\r\n Tools which will be showed in the demos:\r\n [AioSMB] https://github.com/skelsec/aiosmb\r\n [MSLDAP] https://github.com/skelsec/msldap\r\n [WSNet] https://github.com/skelsec/wsnet\r\n [OctoPwn] https://community.octopwn.com\r\n [Asyauth] https://github.com/skelsec/asyauth\r\n [Aardwolf] https://github.com/skelsec/aardwolf\r\n \r\n My previous talk on [OctoPwn] the in-browser pentest suite can be found here: https://youtu.be/jStdrDHTmD4​\r\n \r\n Related tools:\r\n [PYODIDE] Octopwn uses Pyodide framework to run in the browser. https://github.com/pyodide/pyodide\r\n [LDAP3] The MSLDAP project used code parts from this project. https://ldap3.readthedocs.io/en/latest/\r\n [RDPY] The Aardwolf RDP clinet is based on this tool. https://github.com/citronneur/rdpy\r\n [BLOODHOUND] Jackdaw was based on this tool. https://github.com/BloodHoundAD/BloodHound\r\n [IMPACKET] aioSMB libraries were based partially on this tool. https://github.com/fortra/impacket\r\n [LsaRelayX] Future extension https://github.com/CCob/lsarelayx\r\n [duckencoder] To automate keystrokes on the embedded system https://github.com/mame82/duckencoder.py\n\n\n","title":"Spooky authentication at a distance","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691880300,"nanoseconds":0},"android_description":"Spooky authentication at a distance outlines a new and innovative post-exploitation technique to proxy common authentication protocols used in Windows environments remotely and with no elevated privileges required. This allows security professionals to perform complete impersonation of the target user on their own machine without executing any further code on the target machine besides the agent itself. This talk will also demonstrate the applicability of this new technique by performing no-interaction, full domain takeover using a malicious peripheral in a simulated restricted environment. \r\n\r\nREFERENCES:\r\n Tools which will be showed in the demos:\r\n [AioSMB] https://github.com/skelsec/aiosmb\r\n [MSLDAP] https://github.com/skelsec/msldap\r\n [WSNet] https://github.com/skelsec/wsnet\r\n [OctoPwn] https://community.octopwn.com\r\n [Asyauth] https://github.com/skelsec/asyauth\r\n [Aardwolf] https://github.com/skelsec/aardwolf\r\n \r\n My previous talk on [OctoPwn] the in-browser pentest suite can be found here: https://youtu.be/jStdrDHTmD4​\r\n \r\n Related tools:\r\n [PYODIDE] Octopwn uses Pyodide framework to run in the browser. https://github.com/pyodide/pyodide\r\n [LDAP3] The MSLDAP project used code parts from this project. https://ldap3.readthedocs.io/en/latest/\r\n [RDPY] The Aardwolf RDP clinet is based on this tool. https://github.com/citronneur/rdpy\r\n [BLOODHOUND] Jackdaw was based on this tool. https://github.com/BloodHoundAD/BloodHound\r\n [IMPACKET] aioSMB libraries were based partially on this tool. https://github.com/fortra/impacket\r\n [LsaRelayX] Future extension https://github.com/CCob/lsarelayx\r\n [duckencoder] To automate keystrokes on the embedded system https://github.com/mame82/duckencoder.py","updated_timestamp":{"seconds":1689192780,"nanoseconds":0},"speakers":[{"content_ids":[50665],"conference_id":96,"event_ids":[50796],"name":"Tamas \"SkelSec\" Jos","affiliations":[{"organization":"Sec-Consult AG","title":"Principal Security Consultant"}],"links":[{"description":"","title":"Github","sort_order":0,"url":"https://github.com/skelsec/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/skelsec"}],"pronouns":"he/him","media":[],"id":49959,"title":"Principal Security Consultant at Sec-Consult AG"}],"timeband_id":991,"end":"2023-08-12T22:45:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246118"}],"id":50796,"village_id":null,"tag_ids":[45589,45592,45630,45646,45766],"begin_timestamp":{"seconds":1691877600,"nanoseconds":0},"includes":"Tool 🛠, Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49959}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"spans_timebands":"N","updated":"2023-07-12T20:13:00.000-0000","begin":"2023-08-12T22:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Threat modeling the human security risk, or as others might call it, Security Misconfigurations in the cloud and all the fun attack vectors they create. Yep, it's clobberin time and this is what makes this job fun - helping others to find their own security problems before others do!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"The Human Threat Factor - Cloud Security Misconfigurations","end_timestamp":{"seconds":1691879700,"nanoseconds":0},"android_description":"Threat modeling the human security risk, or as others might call it, Security Misconfigurations in the cloud and all the fun attack vectors they create. Yep, it's clobberin time and this is what makes this job fun - helping others to find their own security problems before others do!","updated_timestamp":{"seconds":1691813340,"nanoseconds":0},"speakers":[{"content_ids":[52413],"conference_id":96,"event_ids":[52709],"name":"Kat Fitzgerald","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/rnbwkat"}],"media":[],"id":51632}],"timeband_id":991,"links":[],"end":"2023-08-12T22:35:00.000-0000","id":52709,"begin_timestamp":{"seconds":1691877000,"nanoseconds":0},"tag_ids":[40284,45645,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51632}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Mesquite - Cloud Village","hotel":"","short_name":"Mesquite - Cloud Village","id":45653},"spans_timebands":"N","begin":"2023-08-12T21:50:00.000-0000","updated":"2023-08-12T04:09:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Our goal is to develop household or personal technologies that contain, cultivate, and regulate bioengineered microecosystems. Our self-sustaining systems are designed to offer a host of functions that solve everyday problems for people. Our debut device, a biological candle called ‘Lanteryn’, will start with the core functions of light production, fragrance generation, and insect-control. Future directions would include wearable biotechnologies, such as a “Bio-Watch” that can convey time via light color, produce odorants compatible with the user’s body scent, and generate antimicrobial substances for sanitation. Many of these functionalities are indeed innate capabilities of our chosen micro-organism. Genetic editing technologies will be employed to modify them and ensure their safety while optimizing their desirable properties. Previous attempts to utilize bioluminescent species either (1) introduced light generating genes into organisms that did not possess the physiology compatible with the energetic demand of light generation, (2) used organisms that were exceedingly sensitive to contamination or fluctuations in environmental conditions, or (3) used organisms with specialized light organs that cultivate glowing bacteria and cannot glow otherwise. The concepts we are proposing redefine the term ‘biotechnology’. Without a preceding, successful framework by which we can base our designs on, the burden of proof rests on us. Therefore, considerable time and effort must be placed into demonstrating that our vision is realistic, effective, and safe to the public. With our technology, the future is ever-glowing.\n\n\n","title":"Lanteryn: Blue Energy","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691879400,"nanoseconds":0},"android_description":"Our goal is to develop household or personal technologies that contain, cultivate, and regulate bioengineered microecosystems. Our self-sustaining systems are designed to offer a host of functions that solve everyday problems for people. Our debut device, a biological candle called ‘Lanteryn’, will start with the core functions of light production, fragrance generation, and insect-control. Future directions would include wearable biotechnologies, such as a “Bio-Watch” that can convey time via light color, produce odorants compatible with the user’s body scent, and generate antimicrobial substances for sanitation. Many of these functionalities are indeed innate capabilities of our chosen micro-organism. Genetic editing technologies will be employed to modify them and ensure their safety while optimizing their desirable properties. Previous attempts to utilize bioluminescent species either (1) introduced light generating genes into organisms that did not possess the physiology compatible with the energetic demand of light generation, (2) used organisms that were exceedingly sensitive to contamination or fluctuations in environmental conditions, or (3) used organisms with specialized light organs that cultivate glowing bacteria and cannot glow otherwise. The concepts we are proposing redefine the term ‘biotechnology’. Without a preceding, successful framework by which we can base our designs on, the burden of proof rests on us. Therefore, considerable time and effort must be placed into demonstrating that our vision is realistic, effective, and safe to the public. With our technology, the future is ever-glowing.","updated_timestamp":{"seconds":1689117240,"nanoseconds":0},"speakers":[{"content_ids":[51052],"conference_id":96,"event_ids":[51084],"name":"Del de Zela","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50238}],"timeband_id":991,"links":[],"end":"2023-08-12T22:30:00.000-0000","id":51084,"tag_ids":[45645,45647,45717],"begin_timestamp":{"seconds":1691877000,"nanoseconds":0},"village_id":68,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50238}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Laughlin I,II,III - Biohacking Village","hotel":"","short_name":"Laughlin I,II,III - Biohacking Village","id":45663},"spans_timebands":"N","updated":"2023-07-11T23:14:00.000-0000","begin":"2023-08-12T21:50:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"What does it mean to be an American today? In a world where innovation outpaces regulatory progress; principles of law, technology, and policy collide to create a nation of unprecedented conflict. But when it’s all said and done what is left of our Democracy? Institutions structured to protect our democratic way of life such as voting and the vehicles used to carry out voting have become increasingly difficult to protect. Yet, those most effected are often too inundated with every day life to engage in activity likely to contribute to meaningful change. Maybe democracy has become too hard to uphold, or maybe it’s become too hard to be an American.\n\n\n","title":"Democracy, Are You Citizen Or Subject?","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"What does it mean to be an American today? In a world where innovation outpaces regulatory progress; principles of law, technology, and policy collide to create a nation of unprecedented conflict. But when it’s all said and done what is left of our Democracy? Institutions structured to protect our democratic way of life such as voting and the vehicles used to carry out voting have become increasingly difficult to protect. Yet, those most effected are often too inundated with every day life to engage in activity likely to contribute to meaningful change. Maybe democracy has become too hard to uphold, or maybe it’s become too hard to be an American.","end_timestamp":{"seconds":1691879400,"nanoseconds":0},"updated_timestamp":{"seconds":1691435160,"nanoseconds":0},"speakers":[{"content_ids":[52315,52336],"conference_id":96,"event_ids":[52599,52620],"name":"Kendall Spencer","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/kendallspencerpubspeak"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Kspencer24"},{"description":"","title":"Website","sort_order":0,"url":"https://www.foley.com/en/people/s/spencer-kendall"}],"pronouns":null,"media":[],"id":51548}],"timeband_id":991,"links":[],"end":"2023-08-12T22:30:00.000-0000","id":52599,"tag_ids":[40298,45645,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691876400,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51548}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"spans_timebands":"N","begin":"2023-08-12T21:40:00.000-0000","updated":"2023-08-07T19:06:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Enhancing vulnerability research through the use of virtual reality workspaces. This talk will provide an overview of my set-up for performing vulnerability research within virtual reality and some of the benefits I have observed. Examples of my particular setup available [here](https://twitter.com/datalocaltmp/status/1620643279657390082). Additionally I will cover visualization of Android native code execution within Ghidra and how virtual reality has allowed me to better navigate the function graphs while reverse engineering. An example of my particular setup for function graph navigation in VR available [here](https://twitter.com/datalocaltmp/status/1666964834334785536).\n\n\n","title":"Enhancing vulnerability research through the use of virtual reality workspaces.","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#74a6bb","name":"DEF CON Groups VR","id":45643},"android_description":"Enhancing vulnerability research through the use of virtual reality workspaces. This talk will provide an overview of my set-up for performing vulnerability research within virtual reality and some of the benefits I have observed. Examples of my particular setup available [here](https://twitter.com/datalocaltmp/status/1620643279657390082). Additionally I will cover visualization of Android native code execution within Ghidra and how virtual reality has allowed me to better navigate the function graphs while reverse engineering. An example of my particular setup for function graph navigation in VR available [here](https://twitter.com/datalocaltmp/status/1666964834334785536).","end_timestamp":{"seconds":1691878800,"nanoseconds":0},"updated_timestamp":{"seconds":1691203080,"nanoseconds":0},"speakers":[{"content_ids":[52199],"conference_id":96,"event_ids":[52449],"name":"datalocaltmp","affiliations":[],"links":[{"description":"","title":"Blog","sort_order":0,"url":"https://datalocaltmp.github.io/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/datalocaltmp"}],"pronouns":null,"media":[],"id":51442}],"timeband_id":991,"links":[{"label":"Website","type":"link","url":"https://dcgvr.org/"},{"label":"Join via DCGVR","type":"link","url":"https://dcgvr.org/join"}],"end":"2023-08-12T22:20:00.000-0000","id":52449,"begin_timestamp":{"seconds":1691876100,"nanoseconds":0},"tag_ids":[45643,45744],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51442}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45749},"updated":"2023-08-05T02:38:00.000-0000","begin":"2023-08-12T21:35:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Lock Bypass 102","end_timestamp":{"seconds":1691877600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691565180,"nanoseconds":0},"speakers":[{"content_ids":[52388,52392,52397],"conference_id":96,"event_ids":[52688,52679,52683],"name":"Ege","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51607}],"timeband_id":991,"links":[],"end":"2023-08-12T22:00:00.000-0000","id":52683,"village_id":null,"begin_timestamp":{"seconds":1691875800,"nanoseconds":0},"tag_ids":[40290,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51607}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Carson City - Physical Security Village","hotel":"","short_name":"Carson City - Physical Security Village","id":45679},"spans_timebands":"N","updated":"2023-08-09T07:13:00.000-0000","begin":"2023-08-12T21:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This panel explores the pivotal role of technology in shaping voter outcomes, drawing insights from the perspectives of the defense community. The discussion delves into how various technological advancements, including data analytics, digital marketing, and cybersecurity, influence the democratic process. By assessing the role of technology in shaping voter engagement, perception, and decision-making, the panel seeks to deepen our understanding of the evolving dynamics between technology and democratic governance. The aim is to generate informed discussions and policy considerations to preserve the integrity and fairness of democratic elections. Join us for an illuminating session as we uncover the opportunities and challenges presented by technological interventions in the electoral landscape.\n\n\n","title":"Defense Community","type":{"conference_id":96,"conference":"DEFCON31","color":"#d653b1","updated_at":"2024-06-07T03:38+0000","name":"Village Panel","id":45771},"android_description":"This panel explores the pivotal role of technology in shaping voter outcomes, drawing insights from the perspectives of the defense community. The discussion delves into how various technological advancements, including data analytics, digital marketing, and cybersecurity, influence the democratic process. By assessing the role of technology in shaping voter engagement, perception, and decision-making, the panel seeks to deepen our understanding of the evolving dynamics between technology and democratic governance. The aim is to generate informed discussions and policy considerations to preserve the integrity and fairness of democratic elections. Join us for an illuminating session as we uncover the opportunities and challenges presented by technological interventions in the electoral landscape.","end_timestamp":{"seconds":1691878800,"nanoseconds":0},"updated_timestamp":{"seconds":1691435580,"nanoseconds":0},"speakers":[{"content_ids":[52330],"conference_id":96,"event_ids":[52614],"name":"Brian Stearns","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51530},{"content_ids":[52311,52330],"conference_id":96,"event_ids":[52595,52614],"name":"Charles Smith","affiliations":[],"links":[{"description":"","title":"","sort_order":0,"url":"http://linkedin.com/in/charles-alexander-smith"}],"pronouns":null,"media":[],"id":51534},{"content_ids":[52332,52330],"conference_id":96,"event_ids":[52614,52616],"name":"Eric Davis","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/ericdavis1"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ericdavis"}],"media":[],"id":51539},{"content_ids":[52330],"conference_id":96,"event_ids":[52614],"name":"Glenn Borskey","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/glennb6"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/GlennBorsky"}],"media":[],"id":51540},{"content_ids":[52330],"conference_id":96,"event_ids":[52614],"name":"Jon A.","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51547}],"timeband_id":991,"links":[],"end":"2023-08-12T22:20:00.000-0000","id":52614,"village_id":null,"begin_timestamp":{"seconds":1691875800,"nanoseconds":0},"tag_ids":[40298,45646,45743,45771],"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51530},{"tag_id":45632,"sort_order":1,"person_id":51534},{"tag_id":45632,"sort_order":1,"person_id":51539},{"tag_id":45632,"sort_order":1,"person_id":51540},{"tag_id":45632,"sort_order":1,"person_id":51547}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"begin":"2023-08-12T21:30:00.000-0000","updated":"2023-08-07T19:13:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"No Starch Press - Book Signing - Cory Doctorow, Red Team Blues & Chokepoint Capitalism","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2ec300","name":"Vendor Event","id":45769},"android_description":"","end_timestamp":{"seconds":1691877600,"nanoseconds":0},"updated_timestamp":{"seconds":1691348520,"nanoseconds":0},"speakers":[{"content_ids":[50686,52299],"conference_id":96,"event_ids":[50826,52571],"name":"Cory Doctorow","affiliations":[],"links":[{"description":"","title":"Bio","sort_order":0,"url":"http://craphound.com/bio"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@doctorow"}],"pronouns":null,"media":[],"id":49978}],"timeband_id":991,"links":[],"end":"2023-08-12T22:00:00.000-0000","id":52571,"tag_ids":[45646,45743,45769,45770],"village_id":null,"begin_timestamp":{"seconds":1691875800,"nanoseconds":0},"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":49978}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 305-306 - Vendors","hotel":"","short_name":"Alliance - 305-306 - Vendors","id":45866},"begin":"2023-08-12T21:30:00.000-0000","updated":"2023-08-06T19:02:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In the era of digitalization, the world has witnessed an unprecedented increase in cyber threats, particularly during crucial events such as elections. Today, we delve into a significant case study that shook the Brazilian political landscape and shed light on the immense challenges posed by social phishing cyberattacks.\r\n\r\nAs we all know, Brazil's elections are not only a matter of national importance but also hold global significance. The ability to conduct free and fair elections is the cornerstone of any democratic society. However, in recent years, cybercriminals have exploited the vulnerability of social media platforms and unleashed sophisticated phishing attacks to manipulate public opinion and disrupt the democratic process.\r\n\r\nIn this presentation, we focus on the largest social phishing cyberattacks ever recorded during Brazil's election, where a staggering 156 million individuals were specifically targeted. These attacks, meticulously orchestrated and strategically timed, aimed to deceive and manipulate voters by spreading disinformation, creating confusion, and influencing their decision-making process.\r\n\r\nWe will explore the modus operandi of the cybercriminals behind these attacks, the techniques they employed to infiltrate the social media landscape, and the sophisticated psychological tactics utilized to exploit the vulnerabilities of the unsuspecting public. Moreover, we will analyze the significant consequences of these cyberattacks on the political climate, public trust, and the overall integrity of the electoral process.\r\n\r\nThroughout this presentation, we will also discuss the challenges faced by government authorities, law enforcement agencies, and technology companies in countering such threats. From advanced artificial intelligence algorithms to public awareness campaigns, we will explore various strategies implemented to mitigate the impact of social phishing cyberattacks and safeguard the democratic principles that Brazil holds dear.\r\n\r\nBy examining this case study, we aim to shed light on the growing need for enhanced cybersecurity measures, international collaboration, and comprehensive policies to prevent the recurrence of such incidents in future elections, not only in Brazil but also across the globe. It is essential for all stakeholders to understand the gravity of these threats and work together to fortify our digital ecosystems against cybercriminals seeking to undermine the very foundations of democracy.\n\n\n","title":"156 million targeted: Biggest social phishing cyberattacks during Brazil´s election","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691877600,"nanoseconds":0},"android_description":"In the era of digitalization, the world has witnessed an unprecedented increase in cyber threats, particularly during crucial events such as elections. Today, we delve into a significant case study that shook the Brazilian political landscape and shed light on the immense challenges posed by social phishing cyberattacks.\r\n\r\nAs we all know, Brazil's elections are not only a matter of national importance but also hold global significance. The ability to conduct free and fair elections is the cornerstone of any democratic society. However, in recent years, cybercriminals have exploited the vulnerability of social media platforms and unleashed sophisticated phishing attacks to manipulate public opinion and disrupt the democratic process.\r\n\r\nIn this presentation, we focus on the largest social phishing cyberattacks ever recorded during Brazil's election, where a staggering 156 million individuals were specifically targeted. These attacks, meticulously orchestrated and strategically timed, aimed to deceive and manipulate voters by spreading disinformation, creating confusion, and influencing their decision-making process.\r\n\r\nWe will explore the modus operandi of the cybercriminals behind these attacks, the techniques they employed to infiltrate the social media landscape, and the sophisticated psychological tactics utilized to exploit the vulnerabilities of the unsuspecting public. Moreover, we will analyze the significant consequences of these cyberattacks on the political climate, public trust, and the overall integrity of the electoral process.\r\n\r\nThroughout this presentation, we will also discuss the challenges faced by government authorities, law enforcement agencies, and technology companies in countering such threats. From advanced artificial intelligence algorithms to public awareness campaigns, we will explore various strategies implemented to mitigate the impact of social phishing cyberattacks and safeguard the democratic principles that Brazil holds dear.\r\n\r\nBy examining this case study, we aim to shed light on the growing need for enhanced cybersecurity measures, international collaboration, and comprehensive policies to prevent the recurrence of such incidents in future elections, not only in Brazil but also across the globe. It is essential for all stakeholders to understand the gravity of these threats and work together to fortify our digital ecosystems against cybercriminals seeking to undermine the very foundations of democracy.","updated_timestamp":{"seconds":1691284500,"nanoseconds":0},"speakers":[{"content_ids":[52270],"conference_id":96,"event_ids":[52534],"name":"Douglas Bernardini","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51501}],"timeband_id":991,"links":[],"end":"2023-08-12T22:00:00.000-0000","id":52534,"village_id":null,"begin_timestamp":{"seconds":1691875800,"nanoseconds":0},"tag_ids":[40305,45645,45646,45743],"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51501}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 224 - Misinfo Village","hotel":"","short_name":"Summit - 224 - Misinfo Village","id":45856},"spans_timebands":"N","updated":"2023-08-06T01:15:00.000-0000","begin":"2023-08-12T21:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"Diameter Workshop","android_description":"","end_timestamp":{"seconds":1691881200,"nanoseconds":0},"updated_timestamp":{"seconds":1691257200,"nanoseconds":0},"speakers":[{"content_ids":[52238,52239,52241,52242],"conference_id":96,"event_ids":[52493,52494,52496,52497,52500,52501],"name":"Zibran Sayyed","affiliations":[{"organization":"","title":"Sr. Security Consultant Telecom"}],"links":[],"pronouns":null,"media":[],"id":51522,"title":"Sr. Security Consultant Telecom"},{"content_ids":[52243,52238,52239,52241,52242],"conference_id":96,"event_ids":[52493,52494,52496,52497,52500,52501,52498],"name":"Akib Sayyed","affiliations":[{"organization":"Matrix Shell Technologies Prviate Limited","title":"Director"}],"links":[],"pronouns":null,"media":[],"id":51524,"title":"Director at Matrix Shell Technologies Prviate Limited"}],"timeband_id":991,"links":[],"end":"2023-08-12T23:00:00.000-0000","id":52501,"begin_timestamp":{"seconds":1691875800,"nanoseconds":0},"tag_ids":[40304,45647,45719,45743],"village_id":72,"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":51524},{"tag_id":45633,"sort_order":1,"person_id":51522}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Virginia City - Telecom Village","hotel":"","short_name":"Virginia City - Telecom Village","id":45723},"begin":"2023-08-12T21:30:00.000-0000","updated":"2023-08-05T17:40:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Aeronautics Cyber Range performs penetration testing on DoD aviation weapons systems. Since becoming operational in 2019, the team has accumulated many lessons learned and best practices to support testing of aerospace embedded systems. This talk details how to deal with fundamental challenges of operating this type of facility. Brace yourselves for an incredible journey filled with the obstacles we encountered and the strategies and tactics you can use to avoid our growing pains.\n\n\n","title":"Stories from the Trenches: Operating a Aeronautics Cyber Range","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"The Aeronautics Cyber Range performs penetration testing on DoD aviation weapons systems. Since becoming operational in 2019, the team has accumulated many lessons learned and best practices to support testing of aerospace embedded systems. This talk details how to deal with fundamental challenges of operating this type of facility. Brace yourselves for an incredible journey filled with the obstacles we encountered and the strategies and tactics you can use to avoid our growing pains.","end_timestamp":{"seconds":1691877300,"nanoseconds":0},"updated_timestamp":{"seconds":1691101320,"nanoseconds":0},"speakers":[{"content_ids":[52160],"conference_id":96,"event_ids":[52390],"name":"Christopher Ottesen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51406}],"timeband_id":991,"links":[],"end":"2023-08-12T21:55:00.000-0000","id":52390,"tag_ids":[40280,45645,45646,45743],"begin_timestamp":{"seconds":1691875800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51406}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"spans_timebands":"N","begin":"2023-08-12T21:30:00.000-0000","updated":"2023-08-03T22:22:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"We conducted a research to assess the current security of NFC payment readers that are present in most of the major ATM brands, portable point of sales, gas stations, vending machines, transportation and other kind of point of sales in the US, Europe and worldwide. In particular, we found code execution vulnerabilities exploitable through NFC when handling a special application protocol data unit (APDU) that affect most NFC payment vendors. The vulnerabilities affect baremetal firmware devices and Android/Linux devices as well.\r\n\r\nAfter waiting more than 1 year and a half once we disclosed it to all the affected vendors, we are ready to disclose all the technical details to the public. This research was covered in the media by wired.com but without the technical details that we can share now\r\nhttps://www.wired.com/story/atm-hack-nfc-bugs-point-of-sale/\r\n\r\nSome of the affected vendors are:\r\nIDtech - https://idtechproducts.com/\r\nIngenico - https://www.ingenico.com/\r\nVerifone - https://www.verifone.com/\r\nCPI - https://www.cranepi.com/\r\nBBPOS - https://www.bbpos.com/\r\nWiseasy - https://www.wiseasy.com/\r\nNexgo - https://www.nexgoglobal.com/\r\n\r\nIn this presentation we will describe the vulnerabilities and also demo how the readers can be compromised, using a special Android app we created, by just tapping an Android phone to the reader. We will discuss the consequences such as financial impact in reader’s users/owners and card data stealing once the firmware is compromised. Also, we will show how to compromise the host that is connected to the reader through USB by manipulating the reader’s firmware, chaining stack buffer overflow vulnerabilities in the SDK provided by the vendor that is running in the host machine.\r\n\r\nFinally, since one of the affected vendors (IDtech) is present in most ATM brands in the world, the talk will cover different scenarios of how possible can be jackpotting ATMs just tapping a smartphone into the reader of the ATM. We have many years of experience jackpotting all brands of ATMs in multiple different ways and we will show how this is technically possible.\n\n\n","title":"Contactless Overflow: Code execution in payment terminals and ATM’s over NFC","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691878500,"nanoseconds":0},"android_description":"We conducted a research to assess the current security of NFC payment readers that are present in most of the major ATM brands, portable point of sales, gas stations, vending machines, transportation and other kind of point of sales in the US, Europe and worldwide. In particular, we found code execution vulnerabilities exploitable through NFC when handling a special application protocol data unit (APDU) that affect most NFC payment vendors. The vulnerabilities affect baremetal firmware devices and Android/Linux devices as well.\r\n\r\nAfter waiting more than 1 year and a half once we disclosed it to all the affected vendors, we are ready to disclose all the technical details to the public. This research was covered in the media by wired.com but without the technical details that we can share now\r\nhttps://www.wired.com/story/atm-hack-nfc-bugs-point-of-sale/\r\n\r\nSome of the affected vendors are:\r\nIDtech - https://idtechproducts.com/\r\nIngenico - https://www.ingenico.com/\r\nVerifone - https://www.verifone.com/\r\nCPI - https://www.cranepi.com/\r\nBBPOS - https://www.bbpos.com/\r\nWiseasy - https://www.wiseasy.com/\r\nNexgo - https://www.nexgoglobal.com/\r\n\r\nIn this presentation we will describe the vulnerabilities and also demo how the readers can be compromised, using a special Android app we created, by just tapping an Android phone to the reader. We will discuss the consequences such as financial impact in reader’s users/owners and card data stealing once the firmware is compromised. Also, we will show how to compromise the host that is connected to the reader through USB by manipulating the reader’s firmware, chaining stack buffer overflow vulnerabilities in the SDK provided by the vendor that is running in the host machine.\r\n\r\nFinally, since one of the affected vendors (IDtech) is present in most ATM brands in the world, the talk will cover different scenarios of how possible can be jackpotting ATMs just tapping a smartphone into the reader of the ATM. We have many years of experience jackpotting all brands of ATMs in multiple different ways and we will show how this is technically possible.","updated_timestamp":{"seconds":1687140420,"nanoseconds":0},"speakers":[{"content_ids":[50569],"conference_id":96,"event_ids":[50808],"name":"Josep Pi Rodriguez","affiliations":[{"organization":"IOActive","title":"Principal Security Consultant"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Josep_pi"}],"pronouns":null,"media":[],"id":49787,"title":"Principal Security Consultant at IOActive"}],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245740"}],"end":"2023-08-12T22:15:00.000-0000","id":50808,"village_id":null,"tag_ids":[45589,45592,45629,45646,45766],"begin_timestamp":{"seconds":1691875800,"nanoseconds":0},"includes":"Demo 💻, Exploit 🪲","people":[{"tag_id":45590,"sort_order":1,"person_id":49787}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 130-134 - Track 3","hotel":"","short_name":"Forum - 130-134 - Track 3","id":45798},"spans_timebands":"N","begin":"2023-08-12T21:30:00.000-0000","updated":"2023-06-19T02:07:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"OPC-UA is the most popular protocol today in ICS/SCADA and IoT environments for data exchanges from sensors to on-premises or cloud applications. OPC-UA is therefore the bridge between different OT trust zones and a crown jewel for attacks attempting to break security zones and crossover from the industrial to corporate networks.\r\n \r\nWe have been researching during the past two years dozens of OPC-UA protocol stack implementations being used in millions of industrial products. We focused on two main attack vectors: attacking OPC-UA servers and protocol gateways, and attacking OPC-UA clients. The research yielded unique attack techniques that targeted specific OPC-UA protocol specification pitfalls that enabled us to create a wide range of vulns ranging from denial of service to remote code execution.\r\n \r\nFor example, we explored OPC-UA features such as method call processing, chunking mechanisms, certification handling, complex variant structures, monitored items, race-conditions, and many more. For each part of the specification, we tried to understand its caveats and exploit them to achieve RCE, information leaks, or denial of service attacks.\r\n \r\nIn this talk, we will share our journey, methods, and release an open-source framework with all of our techniques and vulnerabilities to exploit modern OPC-UA protocol stacks. ,\r\nNoam Moshe is a vulnerability researcher at Claroty Team82. Noam specializes in vulnerability research, web applications pentesting, malware analysis, network forensics and ICS/SCADA security. In addition, Noam presented in well-known Hacking conferences like Blackhat Europe, as well as won Master of Pwn at Pwn2Own Miami 2023.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"title":"Exploiting OPC-UA in Every Possible Way: Practical Attacks Against Modern OPC-UA Architectures","end_timestamp":{"seconds":1691878500,"nanoseconds":0},"android_description":"OPC-UA is the most popular protocol today in ICS/SCADA and IoT environments for data exchanges from sensors to on-premises or cloud applications. OPC-UA is therefore the bridge between different OT trust zones and a crown jewel for attacks attempting to break security zones and crossover from the industrial to corporate networks.\r\n \r\nWe have been researching during the past two years dozens of OPC-UA protocol stack implementations being used in millions of industrial products. We focused on two main attack vectors: attacking OPC-UA servers and protocol gateways, and attacking OPC-UA clients. The research yielded unique attack techniques that targeted specific OPC-UA protocol specification pitfalls that enabled us to create a wide range of vulns ranging from denial of service to remote code execution.\r\n \r\nFor example, we explored OPC-UA features such as method call processing, chunking mechanisms, certification handling, complex variant structures, monitored items, race-conditions, and many more. For each part of the specification, we tried to understand its caveats and exploit them to achieve RCE, information leaks, or denial of service attacks.\r\n \r\nIn this talk, we will share our journey, methods, and release an open-source framework with all of our techniques and vulnerabilities to exploit modern OPC-UA protocol stacks. ,\r\nNoam Moshe is a vulnerability researcher at Claroty Team82. Noam specializes in vulnerability research, web applications pentesting, malware analysis, network forensics and ICS/SCADA security. In addition, Noam presented in well-known Hacking conferences like Blackhat Europe, as well as won Master of Pwn at Pwn2Own Miami 2023.","updated_timestamp":{"seconds":1687137060,"nanoseconds":0},"speakers":[{"content_ids":[50541,50556],"conference_id":96,"event_ids":[50758,50765],"name":"Noam Moshe","affiliations":[{"organization":"Claroty Team82","title":"Vulnerability Researcher"}],"links":[],"pronouns":"he/him","media":[],"id":49748,"title":"Vulnerability Researcher at Claroty Team82"},{"content_ids":[50541,50556],"conference_id":96,"event_ids":[50758,50765],"name":"Sharon Brizinov","affiliations":[{"organization":"Claroty Team82","title":"Director of Security Research"}],"links":[],"pronouns":"he/him","media":[],"id":49749,"title":"Director of Security Research at Claroty Team82"}],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245727"}],"end":"2023-08-12T22:15:00.000-0000","id":50765,"begin_timestamp":{"seconds":1691875800,"nanoseconds":0},"village_id":null,"tag_ids":[45589,45592,45629,45630,45646,45766],"includes":"Demo 💻, Exploit 🪲, Tool 🛠","people":[{"tag_id":45590,"sort_order":1,"person_id":49748},{"tag_id":45590,"sort_order":1,"person_id":49749}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 105,135,136 - Track 1","hotel":"","short_name":"Forum - 105,135,136 - Track 1","id":45796},"spans_timebands":"N","begin":"2023-08-12T21:30:00.000-0000","updated":"2023-06-19T01:11:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Azure AD recon with OSINT tools","end_timestamp":{"seconds":1691878200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1689553020,"nanoseconds":0},"speakers":[{"content_ids":[50649,51308],"conference_id":96,"event_ids":[50844,51370],"name":"Nestori Syynimaa","affiliations":[{"organization":"Secureworks","title":"Senior Principal Security Researcher"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/DrAzureAD"}],"media":[],"id":49933,"title":"Senior Principal Security Researcher at Secureworks"}],"timeband_id":991,"links":[],"end":"2023-08-12T22:10:00.000-0000","id":51370,"village_id":59,"begin_timestamp":{"seconds":1691875500,"nanoseconds":0},"tag_ids":[40293,45645,45649,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49933}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social B and C - Recon Village","hotel":"","short_name":"Social B and C - Recon Village","id":45737},"begin":"2023-08-12T21:25:00.000-0000","updated":"2023-07-17T00:17:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"MitmWs is a pentesting HTTP proxy created specifically for testing applications that use websockets. Websocket applications present unique challenges to pentesters. The the asynchronous nature of the conversation, the often times statefulness of the conversation and the sometimes tricky timing requirements of specific messages are all challenges that MitmWs helps mitigate.\n\n\n","title":"MitmWs: A new way to pentest websocket applications","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691877600,"nanoseconds":0},"android_description":"MitmWs is a pentesting HTTP proxy created specifically for testing applications that use websockets. Websocket applications present unique challenges to pentesters. The the asynchronous nature of the conversation, the often times statefulness of the conversation and the sometimes tricky timing requirements of specific messages are all challenges that MitmWs helps mitigate.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52117],"conference_id":96,"event_ids":[52341],"name":"Jon F","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51353}],"timeband_id":991,"links":[],"end":"2023-08-12T22:00:00.000-0000","id":52341,"tag_ids":[40297,45645,45647,45743],"village_id":null,"begin_timestamp":{"seconds":1691874900,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51353}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Main Stage","hotel":"","short_name":"AppSec Village - Main Stage","id":45960},"spans_timebands":"N","updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-12T21:15:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"During my transition from a conventional malware research position to a detection engineering role within a technology company, I encountered significant difficulties in acquiring actionable and timely intelligence regarding cloud-based threat actors. Subsequently, when I assumed a new position on an offensive security team, I faced similar challenges due to the scarcity of threat intelligence necessary for effective adversary emulation.\r\n\r\nRecently, I had the opportunity to publish my research on [AlienFox](https://www.sentinelone.com/labs/dissecting-alienfox-the-cloud-spammers-swiss-army-knife/), a communally-developed cloud spamming toolset. As a curator of cloud intelligence, I am confronted with the arduous task of providing defenders with actionable threat intelligence in situations where the tools employed by attackers remain confined within their own systems. In targeted service environments, the utilization of payloads is considerably reduced, with the absence of prominent features such as Cobalt Strike beacons or Meterpreter. Additionally, the intricacies of DLL injection and registry modifications are rendered obsolete. Instead, cloud attackers harness robust and extensively documented APIs developed by the respective service providers, eliminating the need for complex shellcode encoders.\r\n\r\nGiven these limitations, how can defenders effectively operate? These attacks invariably leave behind artifacts in the form of configurations, such as the creation of new user profiles, which can be traced through API logs. Ultimately, if approached with an open mind and a willingness to adapt forensic methodologies, these techniques can be extrapolated from the realm of endpoint security. This talk will discuss how to approach detection of several familiar techniques--such as privilege escalation and persistence--ported to the cloud realm.\n\n\n","title":"Bridging the Gap: Cloud Threat Intelligence for Detection and Offensive Security Practitioners","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"During my transition from a conventional malware research position to a detection engineering role within a technology company, I encountered significant difficulties in acquiring actionable and timely intelligence regarding cloud-based threat actors. Subsequently, when I assumed a new position on an offensive security team, I faced similar challenges due to the scarcity of threat intelligence necessary for effective adversary emulation.\r\n\r\nRecently, I had the opportunity to publish my research on [AlienFox](https://www.sentinelone.com/labs/dissecting-alienfox-the-cloud-spammers-swiss-army-knife/), a communally-developed cloud spamming toolset. As a curator of cloud intelligence, I am confronted with the arduous task of providing defenders with actionable threat intelligence in situations where the tools employed by attackers remain confined within their own systems. In targeted service environments, the utilization of payloads is considerably reduced, with the absence of prominent features such as Cobalt Strike beacons or Meterpreter. Additionally, the intricacies of DLL injection and registry modifications are rendered obsolete. Instead, cloud attackers harness robust and extensively documented APIs developed by the respective service providers, eliminating the need for complex shellcode encoders.\r\n\r\nGiven these limitations, how can defenders effectively operate? These attacks invariably leave behind artifacts in the form of configurations, such as the creation of new user profiles, which can be traced through API logs. Ultimately, if approached with an open mind and a willingness to adapt forensic methodologies, these techniques can be extrapolated from the realm of endpoint security. This talk will discuss how to approach detection of several familiar techniques--such as privilege escalation and persistence--ported to the cloud realm.","end_timestamp":{"seconds":1691877000,"nanoseconds":0},"updated_timestamp":{"seconds":1690920840,"nanoseconds":0},"speakers":[{"content_ids":[51980],"conference_id":96,"event_ids":[52174],"name":"Alex Delamotte","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/spiderspiders_"}],"pronouns":null,"media":[],"id":51185}],"timeband_id":991,"links":[],"end":"2023-08-12T21:50:00.000-0000","id":52174,"begin_timestamp":{"seconds":1691874600,"nanoseconds":0},"village_id":null,"tag_ids":[40284,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51185}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Mesquite - Cloud Village","hotel":"","short_name":"Mesquite - Cloud Village","id":45653},"spans_timebands":"N","begin":"2023-08-12T21:10:00.000-0000","updated":"2023-08-01T20:14:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Lock Bypass 101","android_description":"","end_timestamp":{"seconds":1691875800,"nanoseconds":0},"updated_timestamp":{"seconds":1691565180,"nanoseconds":0},"speakers":[{"content_ids":[52391,52396],"conference_id":96,"event_ids":[52682,52687],"name":"Terry","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51608}],"timeband_id":991,"links":[],"end":"2023-08-12T21:30:00.000-0000","id":52682,"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"tag_ids":[40290,45645,45647,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51608}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Carson City - Physical Security Village","hotel":"","short_name":"Carson City - Physical Security Village","id":45679},"updated":"2023-08-09T07:13:00.000-0000","begin":"2023-08-12T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Kids free play chess for an hour before the main chess tournament (which is also kid friendly). Kids open play is 14:00 to 15:00 Saturday, forum contest area.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#697bd0","name":"Event","id":45638},"title":"DEF CON Chess Kids Free-Play","android_description":"Kids free play chess for an hour before the main chess tournament (which is also kid friendly). Kids open play is 14:00 to 15:00 Saturday, forum contest area.","end_timestamp":{"seconds":1691877600,"nanoseconds":0},"updated_timestamp":{"seconds":1691290800,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-12T22:00:00.000-0000","id":52559,"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"village_id":null,"tag_ids":[45638,45646,45743,45763,45864],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"begin":"2023-08-12T21:00:00.000-0000","updated":"2023-08-06T03:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"A summary of wardriving beyond the wigle app (hardware rigs) will be discussed with the main example/inspiration documenting the process of the WigleBottleV2 build. Topics include (chronologically): a short history of wardriving and what it is, the sub-genre of hardware rig building (and introduction of design specs), the WigleBottleV2 design goal, and some “gotchas” (power/redundant power, single board computer selection (Pi4 in V1 to the Pi3B in V2 and why the downgrade), GPS receivers (tie in/link to wytshadow’s GPS talk), and general clock timing). In selecting the single board computer (which dictates power/redundant power options), a side story will be discussed on the heat produced, and what to think about for case design. The V1 bottle used a Pi4, however uses 1W more power than the Pi3B, also radiating more heat (not too good for a bottle build). For the GPS receivers, a few were experimented with, and yielded vast differences in wigle upload data. Also, a consequence of USB 3.0 on poorly shielded cables is increased electromagnetic interference right in the GPS band (show a short video clip using a common SDR, and what to look for when diagnosing). Lastly on specific topics, with using a Pi, go into the design of a real-time clock, along with some of the configuration of the pi software to keep timing in order (pulse per second and chronyc -- and the accuracy to UTC it brings). Conclusion will showcase the hardware design process from the WigleBottleV1 and what went wrong in last year’s WWWD (with screenshots of trilateration gone wrong), to the version 2 design. References will link to resources others can use (as well as the hardware printed circuit boards used for this project).\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Wardriving 102: Moving Beyond the Wigle App","android_description":"A summary of wardriving beyond the wigle app (hardware rigs) will be discussed with the main example/inspiration documenting the process of the WigleBottleV2 build. Topics include (chronologically): a short history of wardriving and what it is, the sub-genre of hardware rig building (and introduction of design specs), the WigleBottleV2 design goal, and some “gotchas” (power/redundant power, single board computer selection (Pi4 in V1 to the Pi3B in V2 and why the downgrade), GPS receivers (tie in/link to wytshadow’s GPS talk), and general clock timing). In selecting the single board computer (which dictates power/redundant power options), a side story will be discussed on the heat produced, and what to think about for case design. The V1 bottle used a Pi4, however uses 1W more power than the Pi3B, also radiating more heat (not too good for a bottle build). For the GPS receivers, a few were experimented with, and yielded vast differences in wigle upload data. Also, a consequence of USB 3.0 on poorly shielded cables is increased electromagnetic interference right in the GPS band (show a short video clip using a common SDR, and what to look for when diagnosing). Lastly on specific topics, with using a Pi, go into the design of a real-time clock, along with some of the configuration of the pi software to keep timing in order (pulse per second and chronyc -- and the accuracy to UTC it brings). Conclusion will showcase the hardware design process from the WigleBottleV1 and what went wrong in last year’s WWWD (with screenshots of trilateration gone wrong), to the version 2 design. References will link to resources others can use (as well as the hardware printed circuit boards used for this project).","end_timestamp":{"seconds":1691877600,"nanoseconds":0},"updated_timestamp":{"seconds":1691259960,"nanoseconds":0},"speakers":[{"content_ids":[52255],"conference_id":96,"event_ids":[52516],"name":"bkobe","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@kobeski1906"}],"media":[],"id":51489}],"timeband_id":991,"links":[],"end":"2023-08-12T22:00:00.000-0000","id":52516,"tag_ids":[40292,45645,45647,45743],"village_id":null,"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51489}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Eldorado - Radio Frequency Village","hotel":"","short_name":"Eldorado - Radio Frequency Village","id":45714},"spans_timebands":"N","begin":"2023-08-12T21:00:00.000-0000","updated":"2023-08-05T18:26:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Almost all existing tutorials in the applied quantum world are focused on quantum programming languages & how to interact with a QPU – until now. OpenQuantum is a fully open-source, mostly 3D printable blueprint for a hardware platform that allows for the cooling, trapping and manipulation of rubidium atoms, an ideal platform for quantum engineering. This workshop will cover the history of the field, the operational principles of the apparatus, and technical details on the open-source devices we have designed to make this science more accessible.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"OpenQuantum: open-source hardware for quantum engineering via trapped atoms","android_description":"Almost all existing tutorials in the applied quantum world are focused on quantum programming languages & how to interact with a QPU – until now. OpenQuantum is a fully open-source, mostly 3D printable blueprint for a hardware platform that allows for the cooling, trapping and manipulation of rubidium atoms, an ideal platform for quantum engineering. This workshop will cover the history of the field, the operational principles of the apparatus, and technical details on the open-source devices we have designed to make this science more accessible.","end_timestamp":{"seconds":1691877600,"nanoseconds":0},"updated_timestamp":{"seconds":1691108640,"nanoseconds":0},"speakers":[{"content_ids":[52185],"conference_id":96,"event_ids":[52433],"name":"Max Shirokawa Aalto","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51431}],"timeband_id":991,"links":[],"end":"2023-08-12T22:00:00.000-0000","id":52433,"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"tag_ids":[40291,45645,45649,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51431}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Quantum Village","hotel":"","short_name":"Quantum Village","id":45741},"updated":"2023-08-04T00:24:00.000-0000","begin":"2023-08-12T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Over the past 10 years, armasusisse Science + Technology has been successfully conducting open security research with real avionics hardware, working closely with industry and regulators. The talk will cover our technical results as well as our approach to building trust with regulators and the industry by working as responsibly as possible while still maintaining the openness required to obtain the necessary results and drive change in the wider ecosystem.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Labs and Trust: How to build a successful aviation cybersecurity research programme","end_timestamp":{"seconds":1691875500,"nanoseconds":0},"android_description":"Over the past 10 years, armasusisse Science + Technology has been successfully conducting open security research with real avionics hardware, working closely with industry and regulators. The talk will cover our technical results as well as our approach to building trust with regulators and the industry by working as responsibly as possible while still maintaining the openness required to obtain the necessary results and drive change in the wider ecosystem.","updated_timestamp":{"seconds":1691101320,"nanoseconds":0},"speakers":[{"content_ids":[52158,52159],"conference_id":96,"event_ids":[52388,52389],"name":"Martin Strohmeier","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51415}],"timeband_id":991,"links":[],"end":"2023-08-12T21:25:00.000-0000","id":52389,"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"tag_ids":[40280,45645,45646,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51415}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"spans_timebands":"N","updated":"2023-08-03T22:22:00.000-0000","begin":"2023-08-12T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Exploring the Impact of PQC on Cryptographic Key Management","android_description":"","end_timestamp":{"seconds":1691876700,"nanoseconds":0},"updated_timestamp":{"seconds":1691025900,"nanoseconds":0},"speakers":[{"content_ids":[52033],"conference_id":96,"event_ids":[52249],"name":"Deirdre Connolly","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51256},{"content_ids":[52033],"conference_id":96,"event_ids":[52249],"name":"James Howe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51258},{"content_ids":[52033,52176,52178,52182,52188,52190,52191],"conference_id":96,"event_ids":[52249,52424,52426,52430,52436,52438,52439],"name":"Mark Carney","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51260},{"content_ids":[52033],"conference_id":96,"event_ids":[52249],"name":"Ryan Hurst","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51267},{"content_ids":[52033],"conference_id":96,"event_ids":[52249],"name":"Sandra Guasch Castello","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51268},{"content_ids":[52033],"conference_id":96,"event_ids":[52249],"name":"Sofi Celi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51269}],"timeband_id":991,"links":[],"end":"2023-08-12T21:45:00.000-0000","id":52249,"village_id":null,"tag_ids":[40308,45645,45647,45743],"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51256},{"tag_id":45590,"sort_order":1,"person_id":51258},{"tag_id":45590,"sort_order":1,"person_id":51260},{"tag_id":45590,"sort_order":1,"person_id":51267},{"tag_id":45590,"sort_order":1,"person_id":51268},{"tag_id":45590,"sort_order":1,"person_id":51269}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset - Vista - Crypto & Privacy Village","hotel":"","short_name":"Sunset - Vista - Crypto & Privacy Village","id":45702},"updated":"2023-08-03T01:25:00.000-0000","begin":"2023-08-12T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Come relax with us in a quiet space! Grab a non-alcoholic drink and check out this year’s WISP swag.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d1c366","updated_at":"2024-06-07T03:38+0000","name":"Meetup","id":45639},"title":"WISP Chill Out Space with Refreshments","end_timestamp":{"seconds":1691881200,"nanoseconds":0},"android_description":"Come relax with us in a quiet space! Grab a non-alcoholic drink and check out this year’s WISP swag.","updated_timestamp":{"seconds":1690576980,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-12T23:00:00.000-0000","id":51702,"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"village_id":null,"tag_ids":[45639,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 217 - WISP","hotel":"","short_name":"Summit - 217 - WISP","id":45861},"updated":"2023-07-28T20:43:00.000-0000","begin":"2023-08-12T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Authoritarian regimes abuse technology as a tool to suppress critics, journalists, human rights defenders, and more. Often, they exploit security weaknesses in common Internet technologies in their attempts to censor information and communication and curtail freedom of expression. ONCD and the State Department will talk about how authoritarian regimes censor their populations, U.S. Government efforts to increase security while combatting authoritarian censorship and repression, and how to help.\r\n\r\nThe lack of security and resilience throughout the network stack creates opportunities for authoritarian regimes to repress or censor at scale. We will talk through how regimes have historically taken advantage of protocols, internet infrastructure, and lack of encryption to do just that. We’ll then talk about how the U.S. Government is approaching this problem.\r\n\r\nBut most technology, development, and internet services are in the private sector, not the government. So we'll talk about how the community can help: from protocols that need more research and testing, to implementing known security practices, attendees will learn how they can contribute to Internet freedom!\n\n\n","title":"Abating the Eye of Sauron: Help Combat Authoritarian Censorship","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#1e45a5","name":"Village Roundtable","id":45772},"end_timestamp":{"seconds":1691880600,"nanoseconds":0},"android_description":"Authoritarian regimes abuse technology as a tool to suppress critics, journalists, human rights defenders, and more. Often, they exploit security weaknesses in common Internet technologies in their attempts to censor information and communication and curtail freedom of expression. ONCD and the State Department will talk about how authoritarian regimes censor their populations, U.S. Government efforts to increase security while combatting authoritarian censorship and repression, and how to help.\r\n\r\nThe lack of security and resilience throughout the network stack creates opportunities for authoritarian regimes to repress or censor at scale. We will talk through how regimes have historically taken advantage of protocols, internet infrastructure, and lack of encryption to do just that. We’ll then talk about how the U.S. Government is approaching this problem.\r\n\r\nBut most technology, development, and internet services are in the private sector, not the government. So we'll talk about how the community can help: from protocols that need more research and testing, to implementing known security practices, attendees will learn how they can contribute to Internet freedom!","updated_timestamp":{"seconds":1690432080,"nanoseconds":0},"speakers":[{"content_ids":[51528,51499],"conference_id":96,"event_ids":[51655,51684],"name":"Michaela Lee","affiliations":[{"organization":"The Office of National Cyber Director (ONCD)","title":"Director for Strategy and Research"}],"links":[],"pronouns":null,"media":[],"id":50626,"title":"Director for Strategy and Research at The Office of National Cyber Director (ONCD)"},{"content_ids":[51528],"conference_id":96,"event_ids":[51684],"name":"David Houston","affiliations":[{"organization":"U.S. Department of State","title":"International Relations Officer, Bureau of Democracy, Human Rights, and Labor"}],"links":[],"pronouns":null,"media":[],"id":51603,"title":"International Relations Officer, Bureau of Democracy, Human Rights, and Labor at U.S. Department of State"}],"timeband_id":991,"end":"2023-08-12T22:50:00.000-0000","links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"id":51684,"tag_ids":[40310,45646,45743,45772],"village_id":null,"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51603},{"tag_id":45632,"sort_order":1,"person_id":50626}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 220 - Policy NOT-A-SCIF","hotel":"","short_name":"Summit - 220 - Policy NOT-A-SCIF","id":45879},"updated":"2023-07-27T04:28:00.000-0000","begin":"2023-08-12T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"There are currently 7.4 billion people living on Earth and more than half of those people live in a metropolitan area. Urbanization is accelerating - demand for infrastructure is expected to increase by 100% by 2060. City planners are rapidly turning to digital technology to meet the growing demands of urban life.\r\n\r\nEnter the “smart city” – the promise that equitable, safe, and sustainable urban life can be achieved through digitization. However, digitization also comes with digital risks. Malicious cyber actors have attacked 222 local government entities and 62 public safety agencies between 2021 and 2023. Malicious actors know our communities are target-rich environments and public policy is often slow to respond. \r\n\r\nDoes this mean humanity is doomed to a Cyberpunk 2077-like future with urban life marred by constant cyber-attacks? The Department of Homeland Security and city officials believe this need not be the case, but it all starts with good governance. In this workshop, DHS will introduce a draft of the Connected Communities Governance Toolkit – a series of guides for connected community governance developed in collaboration with cities across the US. DHS will host a collaborative workshop to examine the implications of a city considering a digital transformation using the Governance Toolkit as a guide.\n\n\n","title":"Let Night City Sleep - Governance Against a Cyberpunk Future","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"There are currently 7.4 billion people living on Earth and more than half of those people live in a metropolitan area. Urbanization is accelerating - demand for infrastructure is expected to increase by 100% by 2060. City planners are rapidly turning to digital technology to meet the growing demands of urban life.\r\n\r\nEnter the “smart city” – the promise that equitable, safe, and sustainable urban life can be achieved through digitization. However, digitization also comes with digital risks. Malicious cyber actors have attacked 222 local government entities and 62 public safety agencies between 2021 and 2023. Malicious actors know our communities are target-rich environments and public policy is often slow to respond. \r\n\r\nDoes this mean humanity is doomed to a Cyberpunk 2077-like future with urban life marred by constant cyber-attacks? The Department of Homeland Security and city officials believe this need not be the case, but it all starts with good governance. In this workshop, DHS will introduce a draft of the Connected Communities Governance Toolkit – a series of guides for connected community governance developed in collaboration with cities across the US. DHS will host a collaborative workshop to examine the implications of a city considering a digital transformation using the Governance Toolkit as a guide.","end_timestamp":{"seconds":1691877000,"nanoseconds":0},"updated_timestamp":{"seconds":1690431480,"nanoseconds":0},"speakers":[{"content_ids":[51520],"conference_id":96,"event_ids":[51676],"name":"Cameron Byrd","affiliations":[{"organization":"Office of Cyber, Infrastructure, Risk, and Resilience Policy, U.S. Department of Homeland Security","title":"Cyber Policy Analyst"}],"links":[],"pronouns":null,"media":[],"id":50584,"title":"Cyber Policy Analyst at Office of Cyber, Infrastructure, Risk, and Resilience Policy, U.S. Department of Homeland Security"},{"content_ids":[51520],"conference_id":96,"event_ids":[51676],"name":"Clayton Dixon","affiliations":[{"organization":"Department of Homeland Security","title":"Cyber Policy Advisor to the Assistant Secretary of Cyber, Infrastructure, Risk, and Resilience"}],"links":[],"pronouns":null,"media":[],"id":50594,"title":"Cyber Policy Advisor to the Assistant Secretary of Cyber, Infrastructure, Risk, and Resilience at Department of Homeland Security"}],"timeband_id":991,"end":"2023-08-12T21:50:00.000-0000","links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"id":51676,"village_id":null,"tag_ids":[40310,45645,45646,45743],"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50584},{"tag_id":45590,"sort_order":1,"person_id":50594}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 218-219 - Policy Rotunda","hotel":"","short_name":"Summit - 218-219 - Policy Rotunda","id":45824},"begin":"2023-08-12T21:00:00.000-0000","updated":"2023-07-27T04:18:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"For decades, the US has led the way when it comes to involving hackers with policy making. From l0pht appearing before the US Congress in 1998, to the first Policy@DEFCON sessions, DEF CON has shown how hackers and feds can work together to improve the legal landscape for all of us. As Europe tackles big technology issues like privacy, reigning in Big Tech, and encouraging startups and innovation, there is a danger that hackers will be left out of contributing. What lessons can we learn from the different groups in the US who have come together to get hackers involved in policy making?\n\n\n","title":"How can we encourage more hackers to engage with policy makers?","type":{"conference_id":96,"conference":"DEFCON31","color":"#d653b1","updated_at":"2024-06-07T03:38+0000","name":"Village Panel","id":45771},"end_timestamp":{"seconds":1691877000,"nanoseconds":0},"android_description":"For decades, the US has led the way when it comes to involving hackers with policy making. From l0pht appearing before the US Congress in 1998, to the first Policy@DEFCON sessions, DEF CON has shown how hackers and feds can work together to improve the legal landscape for all of us. As Europe tackles big technology issues like privacy, reigning in Big Tech, and encouraging startups and innovation, there is a danger that hackers will be left out of contributing. What lessons can we learn from the different groups in the US who have come together to get hackers involved in policy making?","updated_timestamp":{"seconds":1690431240,"nanoseconds":0},"speakers":[{"content_ids":[51509,51514,51500],"conference_id":96,"event_ids":[51656,51670,51665],"name":"Peter Stephens","affiliations":[{"organization":"OECD","title":""}],"links":[],"pronouns":null,"media":[],"id":50630,"title":"OECD"},{"content_ids":[51514],"conference_id":96,"event_ids":[51670],"name":"Thomas Kranz","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50639}],"timeband_id":991,"links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"end":"2023-08-12T21:50:00.000-0000","id":51670,"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"village_id":null,"tag_ids":[40310,45646,45743,45771,45836],"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":50630},{"tag_id":45632,"sort_order":1,"person_id":50639}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 221-222 - Policy Atrium","hotel":"","short_name":"Summit - 221-222 - Policy Atrium","id":45878},"spans_timebands":"N","begin":"2023-08-12T21:00:00.000-0000","updated":"2023-07-27T04:14:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In this discussion XR village Executive Director Starr Brown interviews Bob Gourley, whose site OODAloop.com has been tracking XR topics since 2003. Bob has leveraged his experience as a cybersecurity professional and an enterprise CTO to produce research and reporting on XR that points to a future of incredible potential, if we can mitigate the new threats this emerging technology brings with it. Starr Brown is a security professional with a knack for using collaboration and innovation to meet both compliance and security needs and was early in identifying the unique security and risk mitigation needs of XR, making her the perfect person to extract insights from Bob in this fireside chat.\n\n\n","title":"The of History XR From Fiction to Reality","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691877600,"nanoseconds":0},"android_description":"In this discussion XR village Executive Director Starr Brown interviews Bob Gourley, whose site OODAloop.com has been tracking XR topics since 2003. Bob has leveraged his experience as a cybersecurity professional and an enterprise CTO to produce research and reporting on XR that points to a future of incredible potential, if we can mitigate the new threats this emerging technology brings with it. Starr Brown is a security professional with a knack for using collaboration and innovation to meet both compliance and security needs and was early in identifying the unique security and risk mitigation needs of XR, making her the perfect person to extract insights from Bob in this fireside chat.","updated_timestamp":{"seconds":1691528940,"nanoseconds":0},"speakers":[{"content_ids":[51470],"conference_id":96,"event_ids":[51626],"name":"Bob Gourley","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/robertgourley/"},{"description":"","title":"Twitter (@bobgourley)","sort_order":0,"url":"https://twitter.com/@bobgourley"},{"description":"","title":"Website","sort_order":0,"url":"https://www.oodaloop.com/"}],"pronouns":null,"media":[],"id":50517},{"content_ids":[51470],"conference_id":96,"event_ids":[51626],"name":"Starr Brown","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter (@starrdlux)","sort_order":0,"url":"https://twitter.com/@starrdlux"}],"media":[],"id":50535}],"timeband_id":991,"links":[],"end":"2023-08-12T22:00:00.000-0000","id":51626,"village_id":null,"tag_ids":[40311,45645,45646,45743],"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50517},{"tag_id":45590,"sort_order":1,"person_id":50535}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 232-233 - Shared Stage","hotel":"","short_name":"Summit - 232-233 - Shared Stage","id":45900},"spans_timebands":"N","begin":"2023-08-12T21:00:00.000-0000","updated":"2023-08-08T21:09:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2ec300","name":"Vendor Event","id":45769},"title":"No Starch Press - Book Signing - Micah Lee, Hacks, Leaks and Revelations","end_timestamp":{"seconds":1691877600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1690416240,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-12T22:00:00.000-0000","id":51612,"tag_ids":[45646,45743,45769,45770],"village_id":null,"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 305-306 - Vendors","hotel":"","short_name":"Alliance - 305-306 - Vendors","id":45866},"spans_timebands":"N","updated":"2023-07-27T00:04:00.000-0000","begin":"2023-08-12T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Held every year since DEF CON 19 in 2011 (R.I.P. Riviera), (Except during that COVID thing - but we are not going to talk about that COVID thing), the DEF CON Beard and Mustache Contest highlights the intersection of facial hair and hacker culture.\r\n \r\nFor 2023 there will be three categories for the competition:\r\n - Full beard: Self-explanatory, for the truly bearded.\r\n - Partial Beard or Mustache only (combined this year): For those sporting Van Dykes, Goatees, Mutton Chops, and other partial beard styles -or- Mustache only: Judging on the mustache only, even if bearded. Bring your Handlebars, Fu Manchus, or whatever adorns your upper lip.\r\n - Freestyle: Anything goes, including fake and creatively adorned beards. Creative women often do well in the Freestyle category.\n\n\n","title":"DEF CON 31 Beard and Mustache Contest","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"end_timestamp":{"seconds":1691881200,"nanoseconds":0},"android_description":"Held every year since DEF CON 19 in 2011 (R.I.P. Riviera), (Except during that COVID thing - but we are not going to talk about that COVID thing), the DEF CON Beard and Mustache Contest highlights the intersection of facial hair and hacker culture.\r\n \r\nFor 2023 there will be three categories for the competition:\r\n - Full beard: Self-explanatory, for the truly bearded.\r\n - Partial Beard or Mustache only (combined this year): For those sporting Van Dykes, Goatees, Mutton Chops, and other partial beard styles -or- Mustache only: Judging on the mustache only, even if bearded. Bring your Handlebars, Fu Manchus, or whatever adorns your upper lip.\r\n - Freestyle: Anything goes, including fake and creatively adorned beards. Creative women often do well in the Freestyle category.","updated_timestamp":{"seconds":1690317600,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Twitter (@DCBeardContest)","type":"link","url":"https://twitter.com/@DCBeardContest"},{"label":"Website","type":"link","url":"https://dcbeard.net"}],"end":"2023-08-12T23:00:00.000-0000","id":51602,"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"tag_ids":[45635,45646,45743],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","updated":"2023-07-25T20:40:00.000-0000","begin":"2023-08-12T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Lonely Hackers Club - Badgelife & Sticker Swap","type":{"conference_id":96,"conference":"DEFCON31","color":"#77d8b8","updated_at":"2024-06-07T03:38+0000","name":"Misc","id":45640},"end_timestamp":{"seconds":1691884800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1690163160,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T00:00:00.000-0000","id":51590,"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"tag_ids":[45640,45648,45743],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Laughlin - Lonely Hackers Club","hotel":"","short_name":"Laughlin - Lonely Hackers Club","id":45898},"spans_timebands":"N","updated":"2023-07-24T01:46:00.000-0000","begin":"2023-08-12T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Easy EASM - the zero dollar attack surface management tool","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691875500,"nanoseconds":0},"updated_timestamp":{"seconds":1689553020,"nanoseconds":0},"speakers":[{"content_ids":[51097,51303,51307,51998,52118],"conference_id":96,"event_ids":[51128,51365,51369,52192,52342],"name":"Jason Haddix","affiliations":[{"organization":"BuddoBot","title":"CISO and “Hacker in Charge”"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jhaddix"}],"media":[],"id":50266,"title":"CISO and “Hacker in Charge” at BuddoBot"}],"timeband_id":991,"links":[],"end":"2023-08-12T21:25:00.000-0000","id":51369,"tag_ids":[40293,45645,45649,45743],"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"village_id":59,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50266}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social B and C - Recon Village","hotel":"","short_name":"Social B and C - Recon Village","id":45737},"spans_timebands":"N","begin":"2023-08-12T21:00:00.000-0000","updated":"2023-07-17T00:17:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In order to threat hunt, in order to create threat intelligence, one must first identify the what before the where, the where, before the why, the why before the who, and then you’ll know who attacked you…maybe 🙂 In this CTF style threat hunt, you are placed in two seats. In one you are the attacker, the other, you are the defender. Somewhere in between, you have to realize that you are also the malware author, reverse engineer, network analyst, etc…however your path may be, you will need to find all of the IOCs before time runs out and the real adversary is not found.\n\n\n","title":"IOCs + APTs = \"Let's play a game!\" - Hack your way through a hunt!","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"android_description":"In order to threat hunt, in order to create threat intelligence, one must first identify the what before the where, the where, before the why, the why before the who, and then you’ll know who attacked you…maybe 🙂 In this CTF style threat hunt, you are placed in two seats. In one you are the attacker, the other, you are the defender. Somewhere in between, you have to realize that you are also the malware author, reverse engineer, network analyst, etc…however your path may be, you will need to find all of the IOCs before time runs out and the real adversary is not found.","end_timestamp":{"seconds":1691877600,"nanoseconds":0},"updated_timestamp":{"seconds":1689358140,"nanoseconds":0},"speakers":[{"content_ids":[51073],"conference_id":96,"event_ids":[51106,51140,51141,51142],"name":"Leo Cruz","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/cruzleo/"}],"pronouns":null,"media":[],"id":50270}],"timeband_id":991,"links":[],"end":"2023-08-12T22:00:00.000-0000","id":51141,"tag_ids":[40294,45647,45719],"village_id":60,"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50270}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 3","hotel":"","short_name":"Area 3","id":45827},"updated":"2023-07-14T18:09:00.000-0000","begin":"2023-08-12T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Artificial Intelligence (AI) has paved its way into many fields, and cybersecurity is no exception. AI can significantly augment red team operations by enhancing the learning process of key tools like Python and Scapy. Let's delve into how AI can act as an indispensable co-pilot in mastering these crucial tools for cybersecurity tasks.\n\n\n","title":"AI-Driven Hacker's Toolkit: Using AI to Learn Python and Scapy for Exploitation and Post-Exploitation Techniques","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"android_description":"Artificial Intelligence (AI) has paved its way into many fields, and cybersecurity is no exception. AI can significantly augment red team operations by enhancing the learning process of key tools like Python and Scapy. Let's delve into how AI can act as an indispensable co-pilot in mastering these crucial tools for cybersecurity tasks.","end_timestamp":{"seconds":1691877600,"nanoseconds":0},"updated_timestamp":{"seconds":1689358200,"nanoseconds":0},"speakers":[{"content_ids":[51078,51080],"conference_id":96,"event_ids":[51110,51129,51112,51132,51133,51134,51135],"name":"Omar Santos","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/santosomar"}],"media":[],"id":50276}],"timeband_id":991,"links":[],"end":"2023-08-12T22:00:00.000-0000","id":51129,"village_id":60,"tag_ids":[40294,45647,45719],"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50276}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 5","hotel":"","short_name":"Area 5","id":45829},"spans_timebands":"N","begin":"2023-08-12T21:00:00.000-0000","updated":"2023-07-14T18:10:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"VirusTotal serves as a popular platform for aggregating malware information submitted by Anti-Virus (AV) software providers, which can be searched using parameters such as hashes (SHA-1, SHA-256, MD5), file names, and malicious web links. In order to enhance and automate the process of malware intelligence gathering, we introduce ThreatScraper, a Python-based tool that automates free API queries and rescanning tasks on VirusTotal. ThreatScraper is designed to periodically request reports on specified files and save the results in a local database or Excel file. It allows users to pull and aggregate malicious file reports from multiple AV vendors over time, providing insights into the adoption of malware detection across providers. Easily implemented from any Windows command line, ThreatScraper can rescan a file, pull a report, and then sleep until the next designated time identified by the user.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#b3b0b6","updated_at":"2024-06-07T03:38+0000","name":"Demo Lab","id":45636},"title":"ThreatScraper: Automated Threat Intelligence Gathering and Analysis for VirusTotal","android_description":"VirusTotal serves as a popular platform for aggregating malware information submitted by Anti-Virus (AV) software providers, which can be searched using parameters such as hashes (SHA-1, SHA-256, MD5), file names, and malicious web links. In order to enhance and automate the process of malware intelligence gathering, we introduce ThreatScraper, a Python-based tool that automates free API queries and rescanning tasks on VirusTotal. ThreatScraper is designed to periodically request reports on specified files and save the results in a local database or Excel file. It allows users to pull and aggregate malicious file reports from multiple AV vendors over time, providing insights into the adoption of malware detection across providers. Easily implemented from any Windows command line, ThreatScraper can rescan a file, pull a report, and then sleep until the next designated time identified by the user.","end_timestamp":{"seconds":1691880900,"nanoseconds":0},"updated_timestamp":{"seconds":1688878260,"nanoseconds":0},"speakers":[{"content_ids":[51024],"conference_id":96,"event_ids":[51062],"name":"Aaron \"AJ\" Morath","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50213},{"content_ids":[51024],"conference_id":96,"event_ids":[51062],"name":"Scott Graham","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50214}],"timeband_id":991,"links":[],"end":"2023-08-12T22:55:00.000-0000","id":51062,"village_id":null,"tag_ids":[45592,45636,45646,45743],"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50213},{"tag_id":45590,"sort_order":1,"person_id":50214}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Accord Boardroom - Demo Labs","hotel":"","short_name":"Accord Boardroom - Demo Labs","id":45695},"updated":"2023-07-09T04:51:00.000-0000","begin":"2023-08-12T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The RuleProcessorY and Gramify tools are new tools that support password-cracking efforts. RuleProcessorY offers a method of optimizing hashcat rule-files so that you can prevent duplicates across multiple attacks better, leading to a shorter runtime. Additionally it can process rules as hashcat would with an additional support for multi-byte/multi-character rules (inserts & replace primarily). Gramify offers an easy method to create base words and candidates to utilize with wordlist and combination attacks by splitting data by words, characters, or character-set. This can help with password phrases, quotes, sentences, combinator attacks, and extracting base-words from passwordlists.\n\n\n","title":"RuleProcessorY & Gramify - Rule Optimization & Password Analysis tools","type":{"conference_id":96,"conference":"DEFCON31","color":"#b3b0b6","updated_at":"2024-06-07T03:38+0000","name":"Demo Lab","id":45636},"android_description":"The RuleProcessorY and Gramify tools are new tools that support password-cracking efforts. RuleProcessorY offers a method of optimizing hashcat rule-files so that you can prevent duplicates across multiple attacks better, leading to a shorter runtime. Additionally it can process rules as hashcat would with an additional support for multi-byte/multi-character rules (inserts & replace primarily). Gramify offers an easy method to create base words and candidates to utilize with wordlist and combination attacks by splitting data by words, characters, or character-set. This can help with password phrases, quotes, sentences, combinator attacks, and extracting base-words from passwordlists.","end_timestamp":{"seconds":1691880900,"nanoseconds":0},"updated_timestamp":{"seconds":1688877720,"nanoseconds":0},"speakers":[{"content_ids":[51016],"conference_id":96,"event_ids":[51054],"name":"Niels Loozekoot","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50202}],"timeband_id":991,"links":[],"end":"2023-08-12T22:55:00.000-0000","id":51054,"village_id":null,"tag_ids":[45592,45636,45646,45743],"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50202}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Caucus Boardroom - Demo Labs","hotel":"","short_name":"Caucus Boardroom - Demo Labs","id":45696},"begin":"2023-08-12T21:00:00.000-0000","updated":"2023-07-09T04:42:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Nuclei is used to send requests across targets based on a YAML template, leading to fewer false positives and providing fast scanning on a large number of hosts. Nuclei offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc. With powerful and flexible templating, Nuclei can be used to model all kinds of security checks. Nuclei is a valuable tool for bug bounty hunters, pen testers, developers looking to add more security into their CI/CD pipelines, and more.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#b3b0b6","name":"Demo Lab","id":45636},"title":"ProjectDiscovery Nuclei","android_description":"Nuclei is used to send requests across targets based on a YAML template, leading to fewer false positives and providing fast scanning on a large number of hosts. Nuclei offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc. With powerful and flexible templating, Nuclei can be used to model all kinds of security checks. Nuclei is a valuable tool for bug bounty hunters, pen testers, developers looking to add more security into their CI/CD pipelines, and more.","end_timestamp":{"seconds":1691880900,"nanoseconds":0},"updated_timestamp":{"seconds":1688877660,"nanoseconds":0},"speakers":[{"content_ids":[51014],"conference_id":96,"event_ids":[51052],"name":"Brendan O'Leary","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50199},{"content_ids":[51014],"conference_id":96,"event_ids":[51052],"name":"Pj Metz","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50200}],"timeband_id":991,"links":[],"end":"2023-08-12T22:55:00.000-0000","id":51052,"village_id":null,"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"tag_ids":[45592,45636,45646,45743],"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50199},{"tag_id":45590,"sort_order":1,"person_id":50200}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Council Boardroom - Demo Labs","hotel":"","short_name":"Council Boardroom - Demo Labs","id":45699},"begin":"2023-08-12T21:00:00.000-0000","updated":"2023-07-09T04:41:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Microsoft ICS Forensics Tools is an open source forensic toolkit for analyzing Industrial PLC metadata and project files. Microsoft ICS Forensics Tools enables investigators to identify suspicious artifacts on ICS environment for detection of compromised devices during incident response or manual check. Microsoft ICS Forensics Tools is open source, which allows investigators to verify the actions of the tool or customize it to specific needs, currently support Siemens S7 via Snap7.\n\n\n","title":"ICS Forensics tool","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#b3b0b6","name":"Demo Lab","id":45636},"end_timestamp":{"seconds":1691880900,"nanoseconds":0},"android_description":"Microsoft ICS Forensics Tools is an open source forensic toolkit for analyzing Industrial PLC metadata and project files. Microsoft ICS Forensics Tools enables investigators to identify suspicious artifacts on ICS environment for detection of compromised devices during incident response or manual check. Microsoft ICS Forensics Tools is open source, which allows investigators to verify the actions of the tool or customize it to specific needs, currently support Siemens S7 via Snap7.","updated_timestamp":{"seconds":1688876580,"nanoseconds":0},"speakers":[{"content_ids":[51006],"conference_id":96,"event_ids":[51044],"name":"Maayan Shaul","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50186},{"content_ids":[51006],"conference_id":96,"event_ids":[51044],"name":"Ori Perez","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50187}],"timeband_id":991,"links":[],"end":"2023-08-12T22:55:00.000-0000","id":51044,"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"tag_ids":[45592,45636,45646,45743],"village_id":null,"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50186},{"tag_id":45590,"sort_order":1,"person_id":50187}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Society Boardroom - Demo Labs","hotel":"","short_name":"Society Boardroom - Demo Labs","id":45700},"begin":"2023-08-12T21:00:00.000-0000","updated":"2023-07-09T04:23:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"HardHat is a multi-platform, multi-user, .NET command and control framework written in C# designed to aid in red team operations and penetration testing. HardHat aims to improve the quality-of-life of operators by providing an easy-to-use but formidable C2 framework by incorporating robust features, ease of data access, and modern UI upgrades to a high-level language that is easily extensible.\n\n\n","title":"HardHat Command & Control Framework","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#b3b0b6","name":"Demo Lab","id":45636},"end_timestamp":{"seconds":1691880900,"nanoseconds":0},"android_description":"HardHat is a multi-platform, multi-user, .NET command and control framework written in C# designed to aid in red team operations and penetration testing. HardHat aims to improve the quality-of-life of operators by providing an easy-to-use but formidable C2 framework by incorporating robust features, ease of data access, and modern UI upgrades to a high-level language that is easily extensible.","updated_timestamp":{"seconds":1688876520,"nanoseconds":0},"speakers":[{"content_ids":[51005],"conference_id":96,"event_ids":[51043],"name":"Jonathan Owens","affiliations":[],"links":[{"description":"","title":"Github","sort_order":0,"url":"https://github.com/dragoqcc"}],"pronouns":null,"media":[],"id":50185}],"timeband_id":991,"links":[],"end":"2023-08-12T22:55:00.000-0000","id":51043,"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"village_id":null,"tag_ids":[45592,45636,45646,45743],"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50185}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Committee Boardroom - Demo Labs","hotel":"","short_name":"Committee Boardroom - Demo Labs","id":45698},"spans_timebands":"N","begin":"2023-08-12T21:00:00.000-0000","updated":"2023-07-09T04:22:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"BLE CTF is a series of Bluetooth Low Energy challenges in a capture the flag format. It was created to teach the fundamentals of interacting with and hacking Bluetooth Low Energy services. Each exercise, or flag, aims to interactively introduce a new concept to the user. Over the past few years, BLE CTF has expanded to support multiple platforms and skill levels. Various books, workshops, trainings, and conferences have utilized it as an educational platform and CTF. As an open source, low cost of entry, and expandable education solution, BLE CTF has helped progress Bluetooth security research.\n\n\n","title":"BLE CTF","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#b3b0b6","name":"Demo Lab","id":45636},"end_timestamp":{"seconds":1691880900,"nanoseconds":0},"android_description":"BLE CTF is a series of Bluetooth Low Energy challenges in a capture the flag format. It was created to teach the fundamentals of interacting with and hacking Bluetooth Low Energy services. Each exercise, or flag, aims to interactively introduce a new concept to the user. Over the past few years, BLE CTF has expanded to support multiple platforms and skill levels. Various books, workshops, trainings, and conferences have utilized it as an educational platform and CTF. As an open source, low cost of entry, and expandable education solution, BLE CTF has helped progress Bluetooth security research.","updated_timestamp":{"seconds":1688875920,"nanoseconds":0},"speakers":[{"content_ids":[50621,50997],"conference_id":96,"event_ids":[50729,51035],"name":"Ryan Holeman","affiliations":[{"organization":"Strike","title":"CISO"}],"links":[],"pronouns":null,"media":[],"id":49870,"title":"CISO at Strike"},{"content_ids":[50997],"conference_id":96,"event_ids":[51035],"name":"Alek Amrani","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50174}],"timeband_id":991,"links":[],"end":"2023-08-12T22:55:00.000-0000","id":51035,"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"tag_ids":[45592,45636,45646,45743],"village_id":null,"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50174},{"tag_id":45590,"sort_order":1,"person_id":49870}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Unity Boardroom - Demo Labs","hotel":"","short_name":"Unity Boardroom - Demo Labs","id":45706},"spans_timebands":"N","begin":"2023-08-12T21:00:00.000-0000","updated":"2023-07-09T04:12:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#47c64e","updated_at":"2024-06-07T03:38+0000","name":"DEF CON War Story","id":45844},"title":"Off the record war story talks - Signs Ups On Site","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691091120,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":50865,"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"tag_ids":[45648,45844],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45666,"name":"Harrah's - Nevada Ballroom - Lake Tahoe & Reno - War Stories - Off the Record","hotel":"","short_name":"War Stories - Off the Record","id":45802},"updated":"2023-08-03T19:32:00.000-0000","begin":"2023-08-12T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Our current administration lists \"Defend Critical Infrastructure\" as the #1 item in the 2023 National Cybersecurity Strategy. At the intersection of governmental and corporate concerns is data center security, a trend that is bound to continue as more and more operations move to the cloud. This talk details our findings in the domain of power management, the first category in a broader effort to investigate the security of critical data center components. We will reveal nine vulnerabilities in two integral data center appliances: a Power Distribution Unit (PDU) and a Data Center Infrastructure Management (DCIM) system. Continuing, we will delve into the technical details of the most impactful vulnerabilities and highlight the potential impact on their respective operations. The talk will challenge the misconception that data centers are inherently more secure than on-prem by exposing how attackers could leverage these vulnerabilities. This presentation will be valuable to data center professionals, security researchers, and anyone interested in understanding the characteristic vulnerabilities associated with modern data centers. \r\n\r\nREFERENCES: \r\nContributing Researcher - Philippe Laulheret\r\nClaroty Research - https://claroty.com/team82/research/jumping-nat-to-shut-down-electric-devices\r\nNational Cybersecurity Strategy - https://www.whitehouse.gov/briefing-room/statements-releases/2023/03/02/fact-sheet-biden-harris-administration-announces-national-cybersecurity-strategy/\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"title":"Power Corrupts; Corrupt It Back! Hacking Power Management in Data Centers","android_description":"Our current administration lists \"Defend Critical Infrastructure\" as the #1 item in the 2023 National Cybersecurity Strategy. At the intersection of governmental and corporate concerns is data center security, a trend that is bound to continue as more and more operations move to the cloud. This talk details our findings in the domain of power management, the first category in a broader effort to investigate the security of critical data center components. We will reveal nine vulnerabilities in two integral data center appliances: a Power Distribution Unit (PDU) and a Data Center Infrastructure Management (DCIM) system. Continuing, we will delve into the technical details of the most impactful vulnerabilities and highlight the potential impact on their respective operations. The talk will challenge the misconception that data centers are inherently more secure than on-prem by exposing how attackers could leverage these vulnerabilities. This presentation will be valuable to data center professionals, security researchers, and anyone interested in understanding the characteristic vulnerabilities associated with modern data centers. \r\n\r\nREFERENCES: \r\nContributing Researcher - Philippe Laulheret\r\nClaroty Research - https://claroty.com/team82/research/jumping-nat-to-shut-down-electric-devices\r\nNational Cybersecurity Strategy - https://www.whitehouse.gov/briefing-room/statements-releases/2023/03/02/fact-sheet-biden-harris-administration-announces-national-cybersecurity-strategy/","end_timestamp":{"seconds":1691876700,"nanoseconds":0},"updated_timestamp":{"seconds":1687138680,"nanoseconds":0},"speakers":[{"content_ids":[50583],"conference_id":96,"event_ids":[50837],"name":"Sam Quinn","affiliations":[{"organization":"Trellix Advanced Research Center","title":"Sr. Security Researcher"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/eAyeP"}],"pronouns":"he/him","media":[],"id":49810,"title":"Sr. Security Researcher at Trellix Advanced Research Center"},{"content_ids":[50583],"conference_id":96,"event_ids":[50837],"name":"Jesse Chick","affiliations":[{"organization":"Trellix Advanced Research Center","title":"Security Researcher"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ravenousbytes"}],"pronouns":"he/him","media":[],"id":49811,"title":"Security Researcher at Trellix Advanced Research Center"}],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245754"}],"end":"2023-08-12T21:45:00.000-0000","id":50837,"tag_ids":[45589,45592,45629,45646,45766],"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"village_id":null,"includes":"Exploit 🪲, Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49811},{"tag_id":45590,"sort_order":1,"person_id":49810}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 407-410 - Track 4","hotel":"","short_name":"Academy - 407-410 - Track 4","id":45799},"spans_timebands":"N","begin":"2023-08-12T21:00:00.000-0000","updated":"2023-06-19T01:38:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Digital signatures are fundamental for verifying the authenticity and integrity of untrusted data in the digital world. They ensure that software, firmware, and other digital content are not tampered with during transmission or at rest. Code signing certificates are significantly more challenging to obtain when compared to alternatives like SSL or S/MIME certificates. The latter only has a single criterion- proof of control over a domain, while the former requires significant validation of the publisher itself.\r\n\r\nThis project uncovered a systemic vulnerability present in numerous signature validation implementations, enabling attackers to exploit valid certificates in an unintended manner. Vulnerable implementations mistakenly perceive files signed with incompatible certificates as legitimate, violating their respective specifications and allowing threat actors to sign untrusted code at little to no cost. In this talk, we will explore the problem at all levels, ranging from the fundamental theory to its application across multiple formats and real-world situations.\r\n\r\nREFERENCES:\r\n- Boeyen, Sharon, et al. “Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile.” IETF, 1 May 2008, datatracker.ietf.org/doc/html/rfc5280.\r\n- Housley, Russ. “Cryptographic Message Syntax (CMS).” IETF, 5 Sept. 2002, datatracker.ietf.org/doc/html/rfc3369.\r\n- “Windows Authenticode Portable Executable Signature Format.” Microsoft.com, Microsoft, 21 Mar. 2008, download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/authenticode_pe.docx.\r\n- “PE Format - Win32 Apps.” Learn.microsoft.com, Microsoft, 31 Mar. 2021, learn.microsoft.com/en-us/windows/win32/debug/pe-format.\r\n- “Trusted Root Certification Authorities Certificate Store.” Learn.microsoft.com, Microsoft, 14 Dec. 2021, learn.microsoft.com/en-us/windows-hardware/drivers/install/trusted-root-certification-authorities-certificate-store.\r\n- “What’s the Difference between DV, OV & EV SSL Certificates?” Www.digicert.com, DigiCert, 23 Aug. 2022, www.digicert.com/difference-between-dv-ov-and-ev-ssl-certificates.\r\n- The OpenSSL Project. OpenSSL: The Open Source Toolkit for SSL/TLS. Apr. 2003.\r\n- Brubaker, Chad, et al. “Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations.” 2014 IEEE Symposium on Security and Privacy, 18 May 2014, www.cs.cornell.edu/~shmat/shmat_oak14.pdf, https://doi.org/10.1109/sp.2014.15.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"title":"A SSLippery Slope: Unraveling the Hidden Dangers of Certificate Misuse","android_description":"Digital signatures are fundamental for verifying the authenticity and integrity of untrusted data in the digital world. They ensure that software, firmware, and other digital content are not tampered with during transmission or at rest. Code signing certificates are significantly more challenging to obtain when compared to alternatives like SSL or S/MIME certificates. The latter only has a single criterion- proof of control over a domain, while the former requires significant validation of the publisher itself.\r\n\r\nThis project uncovered a systemic vulnerability present in numerous signature validation implementations, enabling attackers to exploit valid certificates in an unintended manner. Vulnerable implementations mistakenly perceive files signed with incompatible certificates as legitimate, violating their respective specifications and allowing threat actors to sign untrusted code at little to no cost. In this talk, we will explore the problem at all levels, ranging from the fundamental theory to its application across multiple formats and real-world situations.\r\n\r\nREFERENCES:\r\n- Boeyen, Sharon, et al. “Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile.” IETF, 1 May 2008, datatracker.ietf.org/doc/html/rfc5280.\r\n- Housley, Russ. “Cryptographic Message Syntax (CMS).” IETF, 5 Sept. 2002, datatracker.ietf.org/doc/html/rfc3369.\r\n- “Windows Authenticode Portable Executable Signature Format.” Microsoft.com, Microsoft, 21 Mar. 2008, download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/authenticode_pe.docx.\r\n- “PE Format - Win32 Apps.” Learn.microsoft.com, Microsoft, 31 Mar. 2021, learn.microsoft.com/en-us/windows/win32/debug/pe-format.\r\n- “Trusted Root Certification Authorities Certificate Store.” Learn.microsoft.com, Microsoft, 14 Dec. 2021, learn.microsoft.com/en-us/windows-hardware/drivers/install/trusted-root-certification-authorities-certificate-store.\r\n- “What’s the Difference between DV, OV & EV SSL Certificates?” Www.digicert.com, DigiCert, 23 Aug. 2022, www.digicert.com/difference-between-dv-ov-and-ev-ssl-certificates.\r\n- The OpenSSL Project. OpenSSL: The Open Source Toolkit for SSL/TLS. Apr. 2003.\r\n- Brubaker, Chad, et al. “Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations.” 2014 IEEE Symposium on Security and Privacy, 18 May 2014, www.cs.cornell.edu/~shmat/shmat_oak14.pdf, https://doi.org/10.1109/sp.2014.15.","end_timestamp":{"seconds":1691876700,"nanoseconds":0},"updated_timestamp":{"seconds":1688176320,"nanoseconds":0},"speakers":[{"content_ids":[50642],"conference_id":96,"event_ids":[50792],"name":"Bill Demirkapi","affiliations":[{"organization":"Microsoft Security Response Center","title":""}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/BillDemirkapi"},{"description":"","title":"Website","sort_order":0,"url":"https://billdemirkapi.me"}],"pronouns":"he/him","media":[],"id":49913,"title":"Microsoft Security Response Center"}],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246093"}],"end":"2023-08-12T21:45:00.000-0000","id":50792,"village_id":null,"tag_ids":[45589,45592,45629,45646,45766],"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"includes":"Exploit 🪲, Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49913}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"spans_timebands":"N","updated":"2023-07-01T01:52:00.000-0000","begin":"2023-08-12T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Are you ready to step into the shoes of a cybersecurity or incident response analyst? Whether you're new to investigation or looking to take your analysis skills to the next level, we've got an exciting opportunity for you! Join mR_F0r3n51c5 and S3curityNerd for a four-hour class that will take you on a journey through the world of malware analysis and investigation.\r\n\r\nIn today's ever-evolving threat landscape, malware continues to be a weapon of choice for various types of threat actors. Our class leverages forensic and malware analysis fundamentals to teach students how to investigate a compromised Windows system. To ensure the most up-to-date learning experience, the class authors have carefully selected fresh malware samples trending in 2023.\r\n\r\nBy the end of this class, you'll have the skills to:\r\n- Build analysis skills that leverage complex scenarios and improve comprehension\r\n- Practically acquire data in a forensically sound manner\r\n- Identify common areas of malware persistence\r\n- Gather evidence and create a timeline to characterize how the system was compromised\r\n- Participate in a hand-to-keyboard combat capstone where you'll be given an image of a compromised Windows system and demonstrate your newly acquired analysis skills.\r\n\r\nDon't miss this opportunity to gain hands-on experience and take your analysis skills to the next level. Join us and discover the exciting world of forensic analysis and investigation!\r\n\r\nSkill Level: Intermediate\r\n\r\nPrerequisites for students:\r\n- Not defined\r\n\r\nMaterials or Equipment students will need to bring to participate:\r\n- Students will be required to download material (e.g., Virtual Machine). Students will be given a URL for download access.\r\n- Regarding the downloaded virtual machines, these should be imported into your virtual machine software and ready before the start of class. If any additional technical support is needed, the instructors will make themselves available online.\r\n- Students must have a laptop that meets the following requirements:\r\n- A 64-bit CPU running at 2GHz or more. The students will be running one virtual machine on their host laptop.\r\n- Have the ability to update BIOS settings. Specifically, enable virtualization technology such as \"Intel-VT.\"\r\n- The student must be able to access their system's BIOS if it is password protected. This is in case of changes being necessary.\r\n- 8 GB (Gigabytes) of RAM or higher\r\n- At least one open and working USB Type-A port\r\n- 50 Gigabytes of free hard drive space, allowing you the ability to host the VMs we distribute\r\n- Students must have Local Administrator Access on their system.\r\n- Wireless 802.11 Capability\r\n- A host operating system that is running Windows 10+, Linux, or macOS 10.4 or later.\r\n- Virtualization software is required. The supplied VMs have been built for out-of-the-box comparability with VMWare Workstation or Player. Students may use other software if they choose, but they may have to troubleshoot unpredictable issues. Instructors cannot guarantee compatibility with all virtualization software suites. At a minimum, the following VM features will be needed:\r\n- NATted networking from VM to Internet\r\n- Copy and Paste of text and files between the Host machine and VM\n\n\n","title":"Digital Forensics and Incident Response Against the Digital Darkness: An Intro to Forensicating Evil (Pre-Registration Required)","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#eab14f","name":"DEF CON Workshop","id":45634},"end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"Are you ready to step into the shoes of a cybersecurity or incident response analyst? Whether you're new to investigation or looking to take your analysis skills to the next level, we've got an exciting opportunity for you! Join mR_F0r3n51c5 and S3curityNerd for a four-hour class that will take you on a journey through the world of malware analysis and investigation.\r\n\r\nIn today's ever-evolving threat landscape, malware continues to be a weapon of choice for various types of threat actors. Our class leverages forensic and malware analysis fundamentals to teach students how to investigate a compromised Windows system. To ensure the most up-to-date learning experience, the class authors have carefully selected fresh malware samples trending in 2023.\r\n\r\nBy the end of this class, you'll have the skills to:\r\n- Build analysis skills that leverage complex scenarios and improve comprehension\r\n- Practically acquire data in a forensically sound manner\r\n- Identify common areas of malware persistence\r\n- Gather evidence and create a timeline to characterize how the system was compromised\r\n- Participate in a hand-to-keyboard combat capstone where you'll be given an image of a compromised Windows system and demonstrate your newly acquired analysis skills.\r\n\r\nDon't miss this opportunity to gain hands-on experience and take your analysis skills to the next level. Join us and discover the exciting world of forensic analysis and investigation!\r\n\r\nSkill Level: Intermediate\r\n\r\nPrerequisites for students:\r\n- Not defined\r\n\r\nMaterials or Equipment students will need to bring to participate:\r\n- Students will be required to download material (e.g., Virtual Machine). Students will be given a URL for download access.\r\n- Regarding the downloaded virtual machines, these should be imported into your virtual machine software and ready before the start of class. If any additional technical support is needed, the instructors will make themselves available online.\r\n- Students must have a laptop that meets the following requirements:\r\n- A 64-bit CPU running at 2GHz or more. The students will be running one virtual machine on their host laptop.\r\n- Have the ability to update BIOS settings. Specifically, enable virtualization technology such as \"Intel-VT.\"\r\n- The student must be able to access their system's BIOS if it is password protected. This is in case of changes being necessary.\r\n- 8 GB (Gigabytes) of RAM or higher\r\n- At least one open and working USB Type-A port\r\n- 50 Gigabytes of free hard drive space, allowing you the ability to host the VMs we distribute\r\n- Students must have Local Administrator Access on their system.\r\n- Wireless 802.11 Capability\r\n- A host operating system that is running Windows 10+, Linux, or macOS 10.4 or later.\r\n- Virtualization software is required. The supplied VMs have been built for out-of-the-box comparability with VMWare Workstation or Player. Students may use other software if they choose, but they may have to troubleshoot unpredictable issues. Instructors cannot guarantee compatibility with all virtualization software suites. At a minimum, the following VM features will be needed:\r\n- NATted networking from VM to Internet\r\n- Copy and Paste of text and files between the Host machine and VM","updated_timestamp":{"seconds":1688058300,"nanoseconds":0},"speakers":[{"content_ids":[50638],"conference_id":96,"event_ids":[50746],"name":"Michael \"mR_F0r3n51c5\" Solomon","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49903},{"content_ids":[50638],"conference_id":96,"event_ids":[50746],"name":"Michael \"S3curityNerd\" Register","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49904}],"timeband_id":991,"links":[{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/michael-solomon-michael-register-an-intro-to-forensicating-evil-tickets-668399921157?aff=oddtdtcreator"}],"end":"2023-08-13T01:00:00.000-0000","id":50746,"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"village_id":null,"tag_ids":[45634,45654,45743,45877],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49904},{"tag_id":45590,"sort_order":1,"person_id":49903}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"spans_timebands":"N","updated":"2023-06-29T17:05:00.000-0000","begin":"2023-08-12T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"While it can be intimidating to \"get into\" software reverse engineering (RE), it can be very rewarding. Reverse engineering skills will serve you well in malicious software analysis, vulnerability discovery, exploit development, bypassing host-based protection, and in approaching many other interesting and useful problems in hacking. Being able to study how software works, without source code or documentation, will give you the confidence that there is nothing about a computer system you can't understand, if you simply apply enough time and effort. Beyond all of this: it's fun. Every malicious program becomes a new and interesting puzzle to \"solve\".\r\n\r\nThe purpose of this workshop is to introduce software reverse engineering to the attendees, using static and dynamic techniques with the Ghidra disassembler and WinDbg debugger. No prior experience in reverse engineering is necessary. There will be few slides--concepts and techniques will be illustrated within the Ghidra and WinDbg environments, and attendees can follow along with their own laptops and virtual environments. We will cover the following topics:\r\n\r\n- Software Reverse Engineering concepts and terminology\r\n- Setting up WinDbg and Ghidra\r\n- The execution environment (CPU, Virtual Memory, Linking and Loading)\r\n- C constructs, as seen in disassembled code\r\n- Combining static and dynamic analysis to understand and document compiled binary code\r\n- Methodology and approaches for reverse engineering large programs\r\n- Hands-on malware analysis\r\n- How to approach a \"new-to-you\" architecture\r\n\r\nSkill Level: Beginner\r\n\r\nPrerequisites for students: \r\n- No previous reverse engineering experience required. \r\n- Basic familiarity with programming in a high-level language is necessary (C preferred, Scripting languages like Python would be okay).\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- A laptop with a fresh Windows 10 Virtual Machine.\r\n- Being able to dedicate 8GB RAM to the VM (meaning, you probably have 16GB in your laptop) will make the experience smoother, but you can get by with 4GB\r\n- 10 GB storage free in the VM (after installing Windows)\r\n- Administrative privileges\r\n- Ability to copy exercise files from USB\r\n\r\nWe will be working with live malware samples. Depending on your comfort level with this, bring a \"burner\" laptop, use a clean drive, or plan on doing a clean install before and after the workshop.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#eab14f","name":"DEF CON Workshop","id":45634},"title":"The Joy of Reverse Engineering: Learning With Ghidra and WinDbg (Pre-Registration Required)","android_description":"While it can be intimidating to \"get into\" software reverse engineering (RE), it can be very rewarding. Reverse engineering skills will serve you well in malicious software analysis, vulnerability discovery, exploit development, bypassing host-based protection, and in approaching many other interesting and useful problems in hacking. Being able to study how software works, without source code or documentation, will give you the confidence that there is nothing about a computer system you can't understand, if you simply apply enough time and effort. Beyond all of this: it's fun. Every malicious program becomes a new and interesting puzzle to \"solve\".\r\n\r\nThe purpose of this workshop is to introduce software reverse engineering to the attendees, using static and dynamic techniques with the Ghidra disassembler and WinDbg debugger. No prior experience in reverse engineering is necessary. There will be few slides--concepts and techniques will be illustrated within the Ghidra and WinDbg environments, and attendees can follow along with their own laptops and virtual environments. We will cover the following topics:\r\n\r\n- Software Reverse Engineering concepts and terminology\r\n- Setting up WinDbg and Ghidra\r\n- The execution environment (CPU, Virtual Memory, Linking and Loading)\r\n- C constructs, as seen in disassembled code\r\n- Combining static and dynamic analysis to understand and document compiled binary code\r\n- Methodology and approaches for reverse engineering large programs\r\n- Hands-on malware analysis\r\n- How to approach a \"new-to-you\" architecture\r\n\r\nSkill Level: Beginner\r\n\r\nPrerequisites for students: \r\n- No previous reverse engineering experience required. \r\n- Basic familiarity with programming in a high-level language is necessary (C preferred, Scripting languages like Python would be okay).\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- A laptop with a fresh Windows 10 Virtual Machine.\r\n- Being able to dedicate 8GB RAM to the VM (meaning, you probably have 16GB in your laptop) will make the experience smoother, but you can get by with 4GB\r\n- 10 GB storage free in the VM (after installing Windows)\r\n- Administrative privileges\r\n- Ability to copy exercise files from USB\r\n\r\nWe will be working with live malware samples. Depending on your comfort level with this, bring a \"burner\" laptop, use a clean drive, or plan on doing a clean install before and after the workshop.","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1688054160,"nanoseconds":0},"speakers":[{"content_ids":[50559,50619],"conference_id":96,"event_ids":[50727,50805],"name":"Wesley McGrew","affiliations":[{"organization":"MartinFed","title":"Senior Cyber Fellow"}],"pronouns":"he/him","links":[{"description":"","title":"Mastodon (@mcgrew@defcon.social)","sort_order":0,"url":"https://defcon.social/@mcgrew"},{"description":"","title":"Mixcloud","sort_order":0,"url":"https://www.mixcloud.com/wesmcgrew/stream/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/McGrewSecurity"}],"media":[],"id":49770,"title":"Senior Cyber Fellow at MartinFed"}],"timeband_id":991,"end":"2023-08-13T01:00:00.000-0000","links":[{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/wes-mcgrew-the-joy-of-reverse-engineering-learning-with-ghidra-and-windb-tickets-668400352447"}],"id":50727,"village_id":null,"tag_ids":[45634,45652,45743,45877],"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49770}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"begin":"2023-08-12T21:00:00.000-0000","updated":"2023-06-29T15:56:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Let's break out Wireshark and dig deep in to the TCP and IP protocols. This skill is critical for anyone interested in any area of cybersecurity, no matter the color of the hat. Almost all enumeration, scans, incident response, and traffic forensics require the analyst to dig into and interpret TCP conversations. When enumerating an environment, identifying key TCP/IP indicators in protocol headers can also help when passively fingerprinting systems.\r\n\r\nIn this workshop we will roll back our sleeves and learn how TCP/IP really works - the handshake, options, sequence/ack numbers, retransmissions, TTL, and much more. This workshop welcomes all cybersecurity and wireshark experience levels.\r\n\r\nSkill Level: Beginner to Intermediate\r\n\r\nPrerequisites for students: \r\n- Just a laptop with a copy of Wireshark. \r\n- I will provide the sample pcaps for analysis.\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- Laptop\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#eab14f","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Workshop","id":45634},"title":"Hands-On TCP/IP Deep Dive with Wireshark - How this stuff really works (Pre-Registration Required)","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"Let's break out Wireshark and dig deep in to the TCP and IP protocols. This skill is critical for anyone interested in any area of cybersecurity, no matter the color of the hat. Almost all enumeration, scans, incident response, and traffic forensics require the analyst to dig into and interpret TCP conversations. When enumerating an environment, identifying key TCP/IP indicators in protocol headers can also help when passively fingerprinting systems.\r\n\r\nIn this workshop we will roll back our sleeves and learn how TCP/IP really works - the handshake, options, sequence/ack numbers, retransmissions, TTL, and much more. This workshop welcomes all cybersecurity and wireshark experience levels.\r\n\r\nSkill Level: Beginner to Intermediate\r\n\r\nPrerequisites for students: \r\n- Just a laptop with a copy of Wireshark. \r\n- I will provide the sample pcaps for analysis.\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- Laptop","updated_timestamp":{"seconds":1688053800,"nanoseconds":0},"speakers":[{"content_ids":[50616,52419],"conference_id":96,"event_ids":[52719,52720,50724],"name":"Chris Greer","affiliations":[{"organization":"Packet Pioneer","title":"Network Analyst and Wireshark Instructor"}],"links":[],"pronouns":null,"media":[],"id":49865,"title":"Network Analyst and Wireshark Instructor at Packet Pioneer"}],"timeband_id":991,"links":[{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/chris-greer-hands-on-tcpip-deep-dive-with-wireshark-tickets-668399369507?aff=oddtdtcreator"}],"end":"2023-08-13T01:00:00.000-0000","id":50724,"village_id":null,"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"tag_ids":[45634,45653,45743,45877],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49865}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"spans_timebands":"N","updated":"2023-06-29T15:50:00.000-0000","begin":"2023-08-12T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Learn how to take control of Windows and Linux servers running vulnerable software, in a hands-on CTF-style workshop. We begin with easy command injections and SQL injections, and proceed through binary exploits including buffer overflows on the stack and the heap, format string vulnerabilities, and race conditions.\r\n\r\nWe will exploit 32-bit and 64-bit Intel and ARM systems, and software in PHP, Python, C++, and DOT NET. We will examine modern Windows defenses in detail, including ASLR, DEP, stack cookies, and SEHOP. We will also write Rust programs and see how they prevent memory corruption vulnerabilities.\r\n\r\nPrevious experience with C and assembly language is helpful but not required. Participants will need a laptop that can run VMware or VirtualBox virtual machines.\r\n\r\nAll materials and challenges are freely available at samsclass.info, and will remain available after the workshop ends.\r\n\r\nSkill Level: Intermediate\r\n\r\nPrerequisites for students: \r\n- Familiarity with C programming and assembly language is helpful, but not essential.\r\n\r\nMaterials or Equipment students will need to bring to participate:\r\n- A laptop capable of running a virtual machine in VMware or VirtualBox.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#eab14f","name":"DEF CON Workshop","id":45634},"title":"Introduction to Exploit Development (Pre-Registration Required)","android_description":"Learn how to take control of Windows and Linux servers running vulnerable software, in a hands-on CTF-style workshop. We begin with easy command injections and SQL injections, and proceed through binary exploits including buffer overflows on the stack and the heap, format string vulnerabilities, and race conditions.\r\n\r\nWe will exploit 32-bit and 64-bit Intel and ARM systems, and software in PHP, Python, C++, and DOT NET. We will examine modern Windows defenses in detail, including ASLR, DEP, stack cookies, and SEHOP. We will also write Rust programs and see how they prevent memory corruption vulnerabilities.\r\n\r\nPrevious experience with C and assembly language is helpful but not required. Participants will need a laptop that can run VMware or VirtualBox virtual machines.\r\n\r\nAll materials and challenges are freely available at samsclass.info, and will remain available after the workshop ends.\r\n\r\nSkill Level: Intermediate\r\n\r\nPrerequisites for students: \r\n- Familiarity with C programming and assembly language is helpful, but not essential.\r\n\r\nMaterials or Equipment students will need to bring to participate:\r\n- A laptop capable of running a virtual machine in VMware or VirtualBox.","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1688053140,"nanoseconds":0},"speakers":[{"content_ids":[50612,50613],"conference_id":96,"event_ids":[50720,50721],"name":"Sam Bowne","affiliations":[{"organization":"Infosec Decoded, Inc","title":"Founder"}],"links":[],"pronouns":null,"media":[],"id":49858,"title":"Founder at Infosec Decoded, Inc"},{"content_ids":[50612,50613],"conference_id":96,"event_ids":[50720,50721],"name":"Elizabeth Biddlecome","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49859},{"content_ids":[50612,50613],"conference_id":96,"event_ids":[50720,50721],"name":"Kaitlyn Handelman","affiliations":[{"organization":"Amazon","title":"Offensive Security Engineer"}],"links":[],"pronouns":null,"media":[],"id":49860,"title":"Offensive Security Engineer at Amazon"},{"content_ids":[50612,50613],"conference_id":96,"event_ids":[50720,50721],"name":"Irvin Lemus","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49861}],"timeband_id":991,"links":[{"label":"Materials","type":"link","url":"https://samsclass.info"},{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/sam-bowne-introduction-to-exploit-development-tickets-668398837917?aff=oddtdtcreator"}],"end":"2023-08-13T01:00:00.000-0000","id":50720,"tag_ids":[45634,45654,45743,45877],"village_id":null,"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49859},{"tag_id":45590,"sort_order":1,"person_id":49861},{"tag_id":45590,"sort_order":1,"person_id":49860},{"tag_id":45590,"sort_order":1,"person_id":49858}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"updated":"2023-06-29T15:39:00.000-0000","begin":"2023-08-12T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Security teams are overwhelmed with data. How does a user account relate to a server, an application? Does this vulnerability put this important data at risk, or does it simply expose a few systems we care about much less? Who really has access to these files? This is vulnerable, but the firewall won’t let traffic to the service, or will it?\r\n\r\nThese types of questions are very difficult to answer in a vacuum as they require context. With the power of graphs, and Starbase, an open source graph security analysis tool, we will be able to import the data that allows us to answer them using the graph.\r\n\r\nJohn Lambert said “Defenders think in lists, attackers think in graphs”. Join us, so we can get a lot more people thinking in graphs!\r\n\r\nSkill Level: Intermediate\r\n\r\nPrerequisites for students:\r\n\r\nAbility to use Docker when provided with commands. Basic understanding of IT and security issues in cloud environments.\r\n\r\nMaterials or Equipment students will need to bring to participate: A laptop with Docker as well as a few docker images pulled in advance.\r\n\r\nDue to the brittle nature of conference Wi-Fi, we’ll send instructions in advance, so as many people as possible will have downloaded it.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#eab14f","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Workshop","id":45634},"title":"Starbase: open source graph security analysis (Pre-Registration Required)","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"Security teams are overwhelmed with data. How does a user account relate to a server, an application? Does this vulnerability put this important data at risk, or does it simply expose a few systems we care about much less? Who really has access to these files? This is vulnerable, but the firewall won’t let traffic to the service, or will it?\r\n\r\nThese types of questions are very difficult to answer in a vacuum as they require context. With the power of graphs, and Starbase, an open source graph security analysis tool, we will be able to import the data that allows us to answer them using the graph.\r\n\r\nJohn Lambert said “Defenders think in lists, attackers think in graphs”. Join us, so we can get a lot more people thinking in graphs!\r\n\r\nSkill Level: Intermediate\r\n\r\nPrerequisites for students:\r\n\r\nAbility to use Docker when provided with commands. Basic understanding of IT and security issues in cloud environments.\r\n\r\nMaterials or Equipment students will need to bring to participate: A laptop with Docker as well as a few docker images pulled in advance.\r\n\r\nDue to the brittle nature of conference Wi-Fi, we’ll send instructions in advance, so as many people as possible will have downloaded it.","updated_timestamp":{"seconds":1688052420,"nanoseconds":0},"speakers":[{"content_ids":[50609],"conference_id":96,"event_ids":[50717],"name":"Guillaume Ross","affiliations":[{"organization":"JupiterOne","title":""}],"links":[],"pronouns":null,"media":[],"id":49849,"title":"JupiterOne"},{"content_ids":[50609],"conference_id":96,"event_ids":[50717],"name":"Austin Kelleher","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49850},{"content_ids":[50609],"conference_id":96,"event_ids":[50717],"name":"Adam Pierson","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49851}],"timeband_id":991,"end":"2023-08-13T01:00:00.000-0000","links":[{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/guillaume-ross-starbase-open-source-graph-security-analysis-tickets-668402769677?aff=oddtdtcreator"}],"id":50717,"begin_timestamp":{"seconds":1691874000,"nanoseconds":0},"tag_ids":[45634,45654,45743,45877],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49850},{"tag_id":45590,"sort_order":2,"person_id":49851},{"tag_id":45590,"sort_order":3,"person_id":49849}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"updated":"2023-06-29T15:27:00.000-0000","begin":"2023-08-12T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"What are the root causes of today’s politically charged and polarized environment? Conventional wisdom likes to point the finger at social media and middle class immiseration but is there more to the story? A few researchers were able to accurately predict the current trends toward populism and political polarization, decades ago. A new field of study that combines big data and historical analysis was created in the early 2000s. What do these perspectives have to say about the current political crisis? Our geopolitical environment has changed significantly in the last few decades as well. Authoritarian states actively seek to delegitimize democratic systems. What are their motivations and what types of vulnerabilities in the liberal democratic order might they try to exploit? Come experience a whirlwind tour of multi-model geopolitical forecasting. What do some of the most well researched and respected economic, political and historical models have to say about the current state of politics in the U.S? Have we been here before and what are the implications of these perspectives for the next election?\n\n\n","title":"Political Polarization","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"What are the root causes of today’s politically charged and polarized environment? Conventional wisdom likes to point the finger at social media and middle class immiseration but is there more to the story? A few researchers were able to accurately predict the current trends toward populism and political polarization, decades ago. A new field of study that combines big data and historical analysis was created in the early 2000s. What do these perspectives have to say about the current political crisis? Our geopolitical environment has changed significantly in the last few decades as well. Authoritarian states actively seek to delegitimize democratic systems. What are their motivations and what types of vulnerabilities in the liberal democratic order might they try to exploit? Come experience a whirlwind tour of multi-model geopolitical forecasting. What do some of the most well researched and respected economic, political and historical models have to say about the current state of politics in the U.S? Have we been here before and what are the implications of these perspectives for the next election?","end_timestamp":{"seconds":1691876100,"nanoseconds":0},"updated_timestamp":{"seconds":1691435220,"nanoseconds":0},"speakers":[{"content_ids":[52318],"conference_id":96,"event_ids":[52602],"name":"Constantine Nicolaidis","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51536}],"timeband_id":991,"links":[],"end":"2023-08-12T21:35:00.000-0000","id":52602,"begin_timestamp":{"seconds":1691873700,"nanoseconds":0},"village_id":null,"tag_ids":[40298,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51536}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"spans_timebands":"N","begin":"2023-08-12T20:55:00.000-0000","updated":"2023-08-07T19:07:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Full Stack Disclosures","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691877000,"nanoseconds":0},"updated_timestamp":{"seconds":1689116940,"nanoseconds":0},"speakers":[{"content_ids":[51051],"conference_id":96,"event_ids":[51083],"name":"Edison Alvarez","affiliations":[{"organization":"BD","title":"Senior Director in Regulatory Affairs"}],"links":[],"pronouns":null,"media":[],"id":50239,"title":"Senior Director in Regulatory Affairs at BD"},{"content_ids":[51051],"conference_id":96,"event_ids":[51083],"name":"Alex Mastrov","affiliations":[{"organization":"Binarly","title":"Founder and CEO"}],"links":[],"pronouns":null,"media":[],"id":50240,"title":"Founder and CEO at Binarly"},{"content_ids":[51051],"conference_id":96,"event_ids":[51083],"name":"Matias Katz","affiliations":[{"organization":"Byos","title":"Founder and CEO"}],"links":[],"pronouns":null,"media":[],"id":50241,"title":"Founder and CEO at Byos"}],"timeband_id":991,"links":[],"end":"2023-08-12T21:50:00.000-0000","id":51083,"begin_timestamp":{"seconds":1691873400,"nanoseconds":0},"village_id":68,"tag_ids":[45645,45647,45717],"includes":"","people":[{"tag_id":45631,"sort_order":1,"person_id":50239},{"tag_id":45632,"sort_order":2,"person_id":50240},{"tag_id":45632,"sort_order":2,"person_id":50241}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Laughlin I,II,III - Biohacking Village","hotel":"","short_name":"Laughlin I,II,III - Biohacking Village","id":45663},"updated":"2023-07-11T23:09:00.000-0000","begin":"2023-08-12T20:50:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Have you ever attempted to register a domain for your trademark only to find it's already registered? Has a domain squatters attempted to extort you for relevant domains at exorbitant fees? Has a threat actor attempted to register look-alike domains and commence phishing attacks? This talks seeks to document a process for abusing URDP to obtain desirable domains when the opposition's operational security is lacking. Discussion will include covering URDP (Uniform Domain-Name Dispute-Resolution Policy) and the criteria required to initiate a domain successful takedown request. We will document in detail scenarios, which can be abused in order to produce evidence, which will lead to a successful domain takedown, regardless of the registering parties initiatives. Finally we will provide security guidance to threat actors, blue teamers and domain squatters to strengthen their portfolio and ensure URDP cannot be abused in this manner.\n\n\n","title":"Bootsquad: Stomping out squatters","type":{"conference_id":96,"conference":"DEFCON31","color":"#74a6bb","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Groups VR","id":45643},"end_timestamp":{"seconds":1691874300,"nanoseconds":0},"android_description":"Have you ever attempted to register a domain for your trademark only to find it's already registered? Has a domain squatters attempted to extort you for relevant domains at exorbitant fees? Has a threat actor attempted to register look-alike domains and commence phishing attacks? This talks seeks to document a process for abusing URDP to obtain desirable domains when the opposition's operational security is lacking. Discussion will include covering URDP (Uniform Domain-Name Dispute-Resolution Policy) and the criteria required to initiate a domain successful takedown request. We will document in detail scenarios, which can be abused in order to produce evidence, which will lead to a successful domain takedown, regardless of the registering parties initiatives. Finally we will provide security guidance to threat actors, blue teamers and domain squatters to strengthen their portfolio and ensure URDP cannot be abused in this manner.","updated_timestamp":{"seconds":1691203020,"nanoseconds":0},"speakers":[{"content_ids":[52198],"conference_id":96,"event_ids":[52448],"name":"Joe Mast","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://linkedin.com/in/josephgmast "}],"media":[],"id":51441}],"timeband_id":991,"end":"2023-08-12T21:05:00.000-0000","links":[{"label":"Website","type":"link","url":"https://dcgvr.org/"},{"label":"Join via DCGVR","type":"link","url":"https://dcgvr.org/join"}],"id":52448,"tag_ids":[45643,45744],"begin_timestamp":{"seconds":1691872500,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51441}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45749},"spans_timebands":"N","updated":"2023-08-05T02:37:00.000-0000","begin":"2023-08-12T20:35:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Technology companies with social media platforms have the potential to be a powerful ally in civil society’s work to build an open, free, and democratic Internet. They have the ability to provide safe and accessible mechanisms for all people to participate in democracy, especially in closed information spaces. Continued, active engagement with technology companies is required to properly convey the stories and experiences of democratic activists. Online violence and cyber threats against women in politics and public life (OVAW-P) poses a deepening challenge to democracy, serving as a key tool of illiberalism and democratic backsliding across the globe. OVAW-P encompasses all forms of aggression, coercion, and intimidation seeking to exclude women from politics simply because they are women. This online behavior seeks to achieve political outcomes: targeting individual women to harm them or drive them out of public life, while also sending a message that women in general should not be involved in politics. This online violence has a chilling effect on the political ambitions and engagement of women and girls, decreasing their presence and agency in politics and public life. Stopping gender-based attacks online is a solvable problem, and it is the fastest and clearest investment toward building an internet that enables everyone to be politically engaged. To address this issue, the National Democratic Institute developed a set of solutions-based interventions for technology platforms to end online violence against women in politics and public life. The interventions were developed in collaboration with a global network of women survivors. In order to more successfully advocate for the implementation of these interventions, research and advocacy efforts are needed to demonstrate the power and profitability of providing a safe space for women to politically engage online. \n\n\n","title":"Interventions To Address Technology-Facilitated Violence in Democracy","type":{"conference_id":96,"conference":"DEFCON31","color":"#d653b1","updated_at":"2024-06-07T03:38+0000","name":"Village Panel","id":45771},"end_timestamp":{"seconds":1691875200,"nanoseconds":0},"android_description":"Technology companies with social media platforms have the potential to be a powerful ally in civil society’s work to build an open, free, and democratic Internet. They have the ability to provide safe and accessible mechanisms for all people to participate in democracy, especially in closed information spaces. Continued, active engagement with technology companies is required to properly convey the stories and experiences of democratic activists. Online violence and cyber threats against women in politics and public life (OVAW-P) poses a deepening challenge to democracy, serving as a key tool of illiberalism and democratic backsliding across the globe. OVAW-P encompasses all forms of aggression, coercion, and intimidation seeking to exclude women from politics simply because they are women. This online behavior seeks to achieve political outcomes: targeting individual women to harm them or drive them out of public life, while also sending a message that women in general should not be involved in politics. This online violence has a chilling effect on the political ambitions and engagement of women and girls, decreasing their presence and agency in politics and public life. Stopping gender-based attacks online is a solvable problem, and it is the fastest and clearest investment toward building an internet that enables everyone to be politically engaged. To address this issue, the National Democratic Institute developed a set of solutions-based interventions for technology platforms to end online violence against women in politics and public life. The interventions were developed in collaboration with a global network of women survivors. In order to more successfully advocate for the implementation of these interventions, research and advocacy efforts are needed to demonstrate the power and profitability of providing a safe space for women to politically engage online.","updated_timestamp":{"seconds":1691435640,"nanoseconds":0},"speakers":[{"content_ids":[52332,52330],"conference_id":96,"event_ids":[52614,52616],"name":"Eric Davis","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/ericdavis1"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ericdavis"}],"media":[],"id":51539},{"content_ids":[52329,52332],"conference_id":96,"event_ids":[52613,52616],"name":"Hallie Stern","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/halliejstern"}],"pronouns":null,"media":[],"id":51541},{"content_ids":[52332],"conference_id":96,"event_ids":[52616],"name":"Omri Preiss","affiliations":[],"links":[{"description":"","title":"Link","sort_order":0,"url":"https://alliance4europe.eu/team-board"},{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/omri-preiss-3583a426/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/OmriPreiss"}],"pronouns":null,"media":[],"id":51553},{"content_ids":[52332],"conference_id":96,"event_ids":[52616],"name":"Theodora Skeadas","affiliations":[],"links":[{"description":"","title":"Link","sort_order":0,"url":"https://elections.harvard.edu/people/theodora-skeadas"},{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/theodora-skeadas"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/theodoraskeadas"}],"pronouns":null,"media":[],"id":51558}],"timeband_id":991,"links":[],"end":"2023-08-12T21:20:00.000-0000","id":52616,"tag_ids":[40298,45646,45743,45771],"village_id":null,"begin_timestamp":{"seconds":1691872200,"nanoseconds":0},"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51539},{"tag_id":45632,"sort_order":1,"person_id":51541},{"tag_id":45632,"sort_order":1,"person_id":51553},{"tag_id":45632,"sort_order":1,"person_id":51558}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"begin":"2023-08-12T20:30:00.000-0000","updated":"2023-08-07T19:14:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The participatory paper presents the usual functioning of the Russian propaganda and disinformation ecosystem, as well as the possible indicators exhibited both by the Russian unofficial media and by its journalists/researchers, in those narratives especially focused on the Spanish-speaking public, showing concrete examples from several Latin American countries of this modus operandi.\n\n\n","title":"Main features of Russia's disinformation and propaganda ecosystem in Spanish-speaking countries","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691875800,"nanoseconds":0},"android_description":"The participatory paper presents the usual functioning of the Russian propaganda and disinformation ecosystem, as well as the possible indicators exhibited both by the Russian unofficial media and by its journalists/researchers, in those narratives especially focused on the Spanish-speaking public, showing concrete examples from several Latin American countries of this modus operandi.","updated_timestamp":{"seconds":1691284740,"nanoseconds":0},"speakers":[{"content_ids":[52281],"conference_id":96,"event_ids":[52545],"name":"Carlos Galán","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51498}],"timeband_id":991,"links":[],"end":"2023-08-12T21:30:00.000-0000","id":52545,"begin_timestamp":{"seconds":1691872200,"nanoseconds":0},"tag_ids":[40305,45646,45719,45743],"village_id":null,"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51498}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 224 - Misinfo Village","hotel":"","short_name":"Summit - 224 - Misinfo Village","id":45856},"updated":"2023-08-06T01:19:00.000-0000","begin":"2023-08-12T20:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":".\n\n\nA brief view into the odd world of Operational Technology (OT) and why so many OT Security Engineers drink like they hate themselves. This will cover the realities of their tech stack, business risk considerations, control systems recovery and how incident response is conducted within the environment. We will briefly cover how this environment was emulated for the Project Obsidian attack chain and how it differs from the physical environments.","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"Why OT Cybersecurity Engineers Drink So Much","android_description":".\n\n\nA brief view into the odd world of Operational Technology (OT) and why so many OT Security Engineers drink like they hate themselves. This will cover the realities of their tech stack, business risk considerations, control systems recovery and how incident response is conducted within the environment. We will briefly cover how this environment was emulated for the Project Obsidian attack chain and how it differs from the physical environments.","end_timestamp":{"seconds":1691875800,"nanoseconds":0},"updated_timestamp":{"seconds":1691245140,"nanoseconds":0},"speakers":[{"content_ids":[52208,52230],"conference_id":96,"event_ids":[52459,52480],"name":"ThatDeadGuy","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51458}],"timeband_id":991,"links":[],"end":"2023-08-12T21:30:00.000-0000","id":52480,"village_id":null,"tag_ids":[40282,45647,45743,45775],"begin_timestamp":{"seconds":1691872200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51458}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45645,"name":"Flamingo - Sunset - Scenic - Blue Team Village - Project Obsidian: Kill Chain Track (0x42)","hotel":"","short_name":"BTV Project Obsidian: Kill Chain Track (0x42)","id":45968},"spans_timebands":"N","updated":"2023-08-05T14:19:00.000-0000","begin":"2023-08-12T20:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This CTH 101 session includes three modules.\r\n\r\nPart III: Threat Hunting Techniques: A look into various hunting techniques.\r\nPart IV: Case Studies and Labs: What we can learn from case studies and how to get started with labs.\r\nPart V: Conclusion and Next Steps: Where to go next to learn more.\n\n\nCTH 101: Threat Hunting Techniques, Case Studies and Labs, Conclusion and Next Steps","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"CTH 101: Part III, IV, V","android_description":"This CTH 101 session includes three modules.\r\n\r\nPart III: Threat Hunting Techniques: A look into various hunting techniques.\r\nPart IV: Case Studies and Labs: What we can learn from case studies and how to get started with labs.\r\nPart V: Conclusion and Next Steps: Where to go next to learn more.\n\n\nCTH 101: Threat Hunting Techniques, Case Studies and Labs, Conclusion and Next Steps","end_timestamp":{"seconds":1691874000,"nanoseconds":0},"updated_timestamp":{"seconds":1691245140,"nanoseconds":0},"speakers":[{"content_ids":[52212,52215,52226],"conference_id":96,"event_ids":[52456,52467,52477],"name":"Cyb3rhawk","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51460}],"timeband_id":991,"links":[],"end":"2023-08-12T21:00:00.000-0000","id":52477,"begin_timestamp":{"seconds":1691872200,"nanoseconds":0},"village_id":null,"tag_ids":[40282,45647,45743,45775],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51460}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45645,"name":"Flamingo - Sunset - Scenic - Blue Team Village - Project Obsidian: 101 Track (0x41)","hotel":"","short_name":"BTV Project Obsidian: 101 Track (0x41)","id":45967},"updated":"2023-08-05T14:19:00.000-0000","begin":"2023-08-12T20:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Security is nothing without visibility, join a group of practitioners as they outline ways to get you started in detection engineering.\n\n\nSecurity is nothing without visibility, join a group of practitioners as they outline ways to get you started in detection engineering.","title":"So you want to become a Detection Engineer","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"android_description":"Security is nothing without visibility, join a group of practitioners as they outline ways to get you started in detection engineering.\n\n\nSecurity is nothing without visibility, join a group of practitioners as they outline ways to get you started in detection engineering.","end_timestamp":{"seconds":1691875800,"nanoseconds":0},"updated_timestamp":{"seconds":1691245140,"nanoseconds":0},"speakers":[{"content_ids":[52218,52209],"conference_id":96,"event_ids":[52470,52460],"name":"kobaltfox","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51448},{"content_ids":[52209,52210,52222],"conference_id":96,"event_ids":[52460,52463,52474],"name":"plug","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51473},{"content_ids":[52209],"conference_id":96,"event_ids":[52460],"name":"Ben Bornholm","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51481},{"content_ids":[52217,52209],"conference_id":96,"event_ids":[52460,52469],"name":"CerealKiller","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51482}],"timeband_id":991,"links":[],"end":"2023-08-12T21:30:00.000-0000","id":52460,"village_id":null,"tag_ids":[40282,45647,45743,45775],"begin_timestamp":{"seconds":1691872200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51481},{"tag_id":45590,"sort_order":1,"person_id":51482},{"tag_id":45590,"sort_order":1,"person_id":51448},{"tag_id":45590,"sort_order":1,"person_id":51473}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45645,"name":"Flamingo - Sunset - Scenic - Blue Team Village - Main Stage","hotel":"","short_name":"BTV Main Stage","id":45969},"updated":"2023-08-05T14:19:00.000-0000","begin":"2023-08-12T20:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In 2022, aviation tracking privacy (or the lack thereof) has truly entered the global mainstream, with operational security and climate shaming of private jets suddenly discussed all over the world. Following up on previous work presented at the Aerospace Village, we will conduct a deep dive into how we arrived in this position, why nothing has worked so far, and how we need to change our thinking in order to achieve any meaningful privacy in aviation.\n\n\n","title":"Elon, Twitter and the PIA: How not to achieve privacy in aviation","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691873700,"nanoseconds":0},"android_description":"In 2022, aviation tracking privacy (or the lack thereof) has truly entered the global mainstream, with operational security and climate shaming of private jets suddenly discussed all over the world. Following up on previous work presented at the Aerospace Village, we will conduct a deep dive into how we arrived in this position, why nothing has worked so far, and how we need to change our thinking in order to achieve any meaningful privacy in aviation.","updated_timestamp":{"seconds":1691101320,"nanoseconds":0},"speakers":[{"content_ids":[52158,52159],"conference_id":96,"event_ids":[52388,52389],"name":"Martin Strohmeier","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51415}],"timeband_id":991,"links":[],"end":"2023-08-12T20:55:00.000-0000","id":52388,"village_id":null,"begin_timestamp":{"seconds":1691872200,"nanoseconds":0},"tag_ids":[40280,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51415}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"updated":"2023-08-03T22:22:00.000-0000","begin":"2023-08-12T20:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Content Security Policy (CSP) has been in support by most modern browsers for a while now. The RFC of the first version was released in 2014. Almost 10 years later, and with version 3 recently released, a far-reaching study of CSP deployment across the Internet was due.\r\n\r\nThe top one million most popular sites were scanned and their CSP related headers were stored. The values of the CSP headers were analysed to answer several questions. How popular is this security measure nowadays. What are common pitfalls and misconfigurations within CSP headers. How often do sites enable reporting of violations to take a more proactive approach? Do sites blindly trust third parties such as content delivery networks and how can this trust be abused.\r\n\r\nThis talk will cover the results of the analysis against real world data and answer the previous questions. Additionally, it will present practical exploitation examples and provide with effective hardening and mitigation to the detected weaknesses.\n\n\n","title":"Dress Code - Analysis of the current status of the Content Security Policy","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"Content Security Policy (CSP) has been in support by most modern browsers for a while now. The RFC of the first version was released in 2014. Almost 10 years later, and with version 3 recently released, a far-reaching study of CSP deployment across the Internet was due.\r\n\r\nThe top one million most popular sites were scanned and their CSP related headers were stored. The values of the CSP headers were analysed to answer several questions. How popular is this security measure nowadays. What are common pitfalls and misconfigurations within CSP headers. How often do sites enable reporting of violations to take a more proactive approach? Do sites blindly trust third parties such as content delivery networks and how can this trust be abused.\r\n\r\nThis talk will cover the results of the analysis against real world data and answer the previous questions. Additionally, it will present practical exploitation examples and provide with effective hardening and mitigation to the detected weaknesses.","end_timestamp":{"seconds":1691874900,"nanoseconds":0},"updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52116],"conference_id":96,"event_ids":[52340],"name":"Felipe Molina","affiliations":[],"pronouns":null,"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/felipemolinadelatorre/"},{"description":null,"title":"Twitter","sort_order":0,"url":"http://twitter.com/felmoltor"}],"media":[],"id":51337}],"timeband_id":991,"links":[],"end":"2023-08-12T21:15:00.000-0000","id":52340,"tag_ids":[40297,45645,45647,45743],"begin_timestamp":{"seconds":1691872200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51337}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Main Stage","hotel":"","short_name":"AppSec Village - Main Stage","id":45960},"spans_timebands":"N","begin":"2023-08-12T20:30:00.000-0000","updated":"2023-08-03T15:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Rapid advancements in AI have enabled large language models (LLMs) and generative technologies to fuse their outputs, creating a new level of diverse, synthetic content that can deceive on an unprecedented scale. This chilling union of AI capabilities opens the door to the generation of entire scam campaigns, blurring the boundary between reality and fiction.\r\n\r\nMany people are already aware of how LLMs can help with basic writing and coding. In this talk, we go beyond simple LLM-assisted ploys and automatically orchestrate unprecedented credential-stealing scam campaigns that combine code, text, images, and audio to build dozens of websites, product catalogs, testimonials, and social media advertisements. We discuss how the barriers to entry have decreased for criminals with minimal knowledge of AI, the scale that automation can achieve, and the current shortcomings that still require human intervention.\r\n\n\n\n","title":"The Sinister Synergy of Advanced AI: Automatically Orchestrating Large-scale Scam Campaigns with Large Generative Models","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691875500,"nanoseconds":0},"android_description":"Rapid advancements in AI have enabled large language models (LLMs) and generative technologies to fuse their outputs, creating a new level of diverse, synthetic content that can deceive on an unprecedented scale. This chilling union of AI capabilities opens the door to the generation of entire scam campaigns, blurring the boundary between reality and fiction.\r\n\r\nMany people are already aware of how LLMs can help with basic writing and coding. In this talk, we go beyond simple LLM-assisted ploys and automatically orchestrate unprecedented credential-stealing scam campaigns that combine code, text, images, and audio to build dozens of websites, product catalogs, testimonials, and social media advertisements. We discuss how the barriers to entry have decreased for criminals with minimal knowledge of AI, the scale that automation can achieve, and the current shortcomings that still require human intervention.","updated_timestamp":{"seconds":1691031480,"nanoseconds":0},"speakers":[{"content_ids":[52058],"conference_id":96,"event_ids":[52277],"name":"Ben Gelman","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51279},{"content_ids":[52058],"conference_id":96,"event_ids":[52277],"name":"Younghoo Lee","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51298}],"timeband_id":991,"links":[],"end":"2023-08-12T21:25:00.000-0000","id":52277,"begin_timestamp":{"seconds":1691872200,"nanoseconds":0},"tag_ids":[40299,45645,45646,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51279},{"tag_id":45590,"sort_order":1,"person_id":51298}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 401-406 - AI Village","hotel":"","short_name":"Academy - 401-406 - AI Village","id":45870},"begin":"2023-08-12T20:30:00.000-0000","updated":"2023-08-03T02:58:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Domain Fronting Through Microsoft Azure and CloudFlare: How to Identify Viable Domain Fronting Proxies","android_description":"","end_timestamp":{"seconds":1691874000,"nanoseconds":0},"updated_timestamp":{"seconds":1691025960,"nanoseconds":0},"speakers":[{"content_ids":[52036],"conference_id":96,"event_ids":[52252],"name":"Charles Miller","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51251},{"content_ids":[52036],"conference_id":96,"event_ids":[52252],"name":"Michael Brown","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51263},{"content_ids":[52036],"conference_id":96,"event_ids":[52252],"name":"Michael Pelosi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51264}],"timeband_id":991,"links":[],"end":"2023-08-12T21:00:00.000-0000","id":52252,"tag_ids":[40308,45645,45647,45743],"begin_timestamp":{"seconds":1691872200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51251},{"tag_id":45590,"sort_order":1,"person_id":51263},{"tag_id":45590,"sort_order":1,"person_id":51264}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset - Vista - Crypto & Privacy Village","hotel":"","short_name":"Sunset - Vista - Crypto & Privacy Village","id":45702},"updated":"2023-08-03T01:26:00.000-0000","begin":"2023-08-12T20:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"As organizations have evolved from the \"Lift and Shift\" cloud migration strategy to building \"Cloud Native\" applications, there has been a significant increase in the usage of Platform as a Service (PaaS) services in the cloud. The Azure Function App service is a commonly used resource in this space, as it provides simple and easy to deploy application hosting. While the serverless service offers a wide variety of convenient features, it also comes with its own security challenges.\r\n\r\nWe will be discussing how the service is utilized by Azure customers and some of the architecture design flaws that can lead to privilege escalation scenarios. Additionally, we will be covering a recently remediated privilege escalation issue that resulted in the Azure “Reader” RBAC role gaining code execution privileges in Function App containers.\r\n\r\nWe will also be releasing a tool that automates the exploitation of write access on a Function App's Storage Account. The tool will allow you to gain cleartext access to the Function App keys, and will generate Managed Identity tokens that can be used to pivot to the Function App’s identity. Finally, we will also include best practices and recommendations on how defenders can implement policy and configuration changes that help mitigate these issues.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"What the Function: A Deep Dive into Azure Function App Security","android_description":"As organizations have evolved from the \"Lift and Shift\" cloud migration strategy to building \"Cloud Native\" applications, there has been a significant increase in the usage of Platform as a Service (PaaS) services in the cloud. The Azure Function App service is a commonly used resource in this space, as it provides simple and easy to deploy application hosting. While the serverless service offers a wide variety of convenient features, it also comes with its own security challenges.\r\n\r\nWe will be discussing how the service is utilized by Azure customers and some of the architecture design flaws that can lead to privilege escalation scenarios. Additionally, we will be covering a recently remediated privilege escalation issue that resulted in the Azure “Reader” RBAC role gaining code execution privileges in Function App containers.\r\n\r\nWe will also be releasing a tool that automates the exploitation of write access on a Function App's Storage Account. The tool will allow you to gain cleartext access to the Function App keys, and will generate Managed Identity tokens that can be used to pivot to the Function App’s identity. Finally, we will also include best practices and recommendations on how defenders can implement policy and configuration changes that help mitigate these issues.","end_timestamp":{"seconds":1691874600,"nanoseconds":0},"updated_timestamp":{"seconds":1690921200,"nanoseconds":0},"speakers":[{"content_ids":[51985],"conference_id":96,"event_ids":[52179],"name":"Karl Fosaaen","affiliations":[{"organization":"NetSPI","title":"VP of Research"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/kfosaaen"}],"media":[],"id":51190,"title":"VP of Research at NetSPI"},{"content_ids":[51985],"conference_id":96,"event_ids":[52179],"name":"Thomas Elling","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51191}],"timeband_id":991,"links":[],"end":"2023-08-12T21:10:00.000-0000","id":52179,"begin_timestamp":{"seconds":1691872200,"nanoseconds":0},"tag_ids":[40284,45645,45647,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51190},{"tag_id":45590,"sort_order":1,"person_id":51191}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Mesquite - Cloud Village","hotel":"","short_name":"Mesquite - Cloud Village","id":45653},"updated":"2023-08-01T20:20:00.000-0000","begin":"2023-08-12T20:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Cold Calls give attendees a walk-up opportunity to make a short call to get a feel for both the contest and the world of Social Engineering through vishing but without the contest elements.\r\n\r\nThis is on a first-come, first-served basis. Please see the \"More Information\" link.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Cold Calls","android_description":"Cold Calls give attendees a walk-up opportunity to make a short call to get a feel for both the contest and the world of Social Engineering through vishing but without the contest elements.\r\n\r\nThis is on a first-come, first-served basis. Please see the \"More Information\" link.","end_timestamp":{"seconds":1691879400,"nanoseconds":0},"updated_timestamp":{"seconds":1690590660,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-12T22:30:00.000-0000","links":[{"label":"More Information","type":"link","url":"https://www.se.community/cold-calls/"}],"id":51716,"village_id":null,"tag_ids":[40302,45649,45743,45775],"begin_timestamp":{"seconds":1691872200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social A - Social Engineering Community","hotel":"","short_name":"Social A - Social Engineering Community","id":45736},"begin":"2023-08-12T20:30:00.000-0000","updated":"2023-07-29T00:31:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Panel Discussion -- Designing and Deploying NOC/SOC in a Mobile, Limited Bandwidth Maritime Environment","type":{"conference_id":96,"conference":"DEFCON31","color":"#d653b1","updated_at":"2024-06-07T03:38+0000","name":"Village Panel","id":45771},"android_description":"","end_timestamp":{"seconds":1691877600,"nanoseconds":0},"updated_timestamp":{"seconds":1690422960,"nanoseconds":0},"speakers":[{"content_ids":[51488],"conference_id":96,"event_ids":[51644],"name":"Brad Proctor","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50542},{"content_ids":[51488],"conference_id":96,"event_ids":[51644],"name":"Danny Joslin","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50547},{"content_ids":[51488],"conference_id":96,"event_ids":[51644],"name":"Peter Dreyer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50561},{"content_ids":[51488],"conference_id":96,"event_ids":[51644],"name":"Tom Stites","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50565},{"content_ids":[51501,51488],"conference_id":96,"event_ids":[51644,51657],"name":"Cliff Neve","affiliations":[{"organization":"US Coast Guard","title":""}],"links":[],"pronouns":null,"media":[],"id":50595,"title":"US Coast Guard"}],"timeband_id":991,"links":[],"end":"2023-08-12T22:00:00.000-0000","id":51644,"village_id":null,"tag_ids":[40306,45646,45743,45771],"begin_timestamp":{"seconds":1691872200,"nanoseconds":0},"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":50542},{"tag_id":45632,"sort_order":1,"person_id":50595},{"tag_id":45632,"sort_order":1,"person_id":50547},{"tag_id":45632,"sort_order":1,"person_id":50561},{"tag_id":45632,"sort_order":1,"person_id":50565}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 313-319 - ICS Village","hotel":"","short_name":"Alliance - 313-319 - ICS Village","id":45869},"spans_timebands":"N","begin":"2023-08-12T20:30:00.000-0000","updated":"2023-07-27T01:56:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"GitHub is the most popular platform to host Open Source projects therefore, the popularity of their CI/CD platform - GitHub Actions is rising, which makes it an attractive target for attackers.\r\n\r\nIn this talk I’ll show you how an attacker can take advantage of the Custom GitHub Actions ecosystem by infecting one Action to spread malicious code to other Actions and projects by showing you a demo of POC worm.\r\n\r\nWe will start by exploring the ways in which Actions are loosely and implicitly dependent on other Actions. This will allow us to create a dependency tree of Actions that starts from a project that we want to attack and hopefully ends in a vulnerable Action that we can take control of.\r\n\r\nWe will then dive down to how GitHub Actions is working under the hood and I’ll show you how an attacker that is in control of an Action can utilize the mechanism of the GitHub Actions Runner to infect other Actions that are dependent on their Action and eventually infect the targeted project.\r\n\r\nFinally, after we’ve gained all of the theoretical knowledge I’ll show you a demo with POC malware that is spreading through Actions and we will talk on how to defend against this kind of attack.\r\n\r\nREFERENCES:\r\nhttps://karimrahal.com/2023/01/05/github-actions-leaking-secrets/\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"title":"The GitHub Actions Worm: Compromising GitHub repositories through the Actions dependency tree","android_description":"GitHub is the most popular platform to host Open Source projects therefore, the popularity of their CI/CD platform - GitHub Actions is rising, which makes it an attractive target for attackers.\r\n\r\nIn this talk I’ll show you how an attacker can take advantage of the Custom GitHub Actions ecosystem by infecting one Action to spread malicious code to other Actions and projects by showing you a demo of POC worm.\r\n\r\nWe will start by exploring the ways in which Actions are loosely and implicitly dependent on other Actions. This will allow us to create a dependency tree of Actions that starts from a project that we want to attack and hopefully ends in a vulnerable Action that we can take control of.\r\n\r\nWe will then dive down to how GitHub Actions is working under the hood and I’ll show you how an attacker that is in control of an Action can utilize the mechanism of the GitHub Actions Runner to infect other Actions that are dependent on their Action and eventually infect the targeted project.\r\n\r\nFinally, after we’ve gained all of the theoretical knowledge I’ll show you a demo with POC malware that is spreading through Actions and we will talk on how to defend against this kind of attack.\r\n\r\nREFERENCES:\r\nhttps://karimrahal.com/2023/01/05/github-actions-leaking-secrets/","end_timestamp":{"seconds":1691874900,"nanoseconds":0},"updated_timestamp":{"seconds":1688183160,"nanoseconds":0},"speakers":[{"content_ids":[50670],"conference_id":96,"event_ids":[50823],"name":"Asi Greenholts","affiliations":[{"organization":"Palo Alto Networks","title":"Security Researcher"}],"pronouns":"he/him","links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://il.linkedin.com/in/asi-greenholts"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@TupleType"}],"media":[],"id":49968,"title":"Security Researcher at Palo Alto Networks"}],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246123"}],"end":"2023-08-12T21:15:00.000-0000","id":50823,"begin_timestamp":{"seconds":1691872200,"nanoseconds":0},"tag_ids":[45589,45592,45646,45766],"village_id":null,"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49968}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 130-134 - Track 3","hotel":"","short_name":"Forum - 130-134 - Track 3","id":45798},"begin":"2023-08-12T20:30:00.000-0000","updated":"2023-07-01T03:46:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Meduza is an independent international Russian- and English-language publication that still reaches millions of people inside Russia. The newsroom is operating from exile for 8 years now with headquarters in Latvia. Despite being completely outlawed and banned by the Kremlin, Meduza continues to work even under such enormously tough circumstances and still delivers the truths about the war in Ukraine along with an unbiased reporting on the situation inside Russia.\r\n \r\nBut at DEF CON Meduza will not be presented as a media. The team tries to resist the total state control of the Internet in Russia and fight not only for the freedom of speech, but for the freedom of information for millions of people.\r\n\r\nMeduza CTO will explain how one of the most free internet has become one of the most regulated and censored ones within just a couple of years. Alex will share the practical experience of resisting censorship along with his (pessimistic) forecast for the future of the Internet in Russia (a new \"Iron Curtain')'. He will describe how the authorities were once again able to “deceive the people'' (before all that happened, there were no abrupt blockings in Russia and the habit of using VPN was not formed among internet users). This is important to not to let this scenario be repeated in whatever part of the world. \r\n\r\nTech Dept has always been an important part of Meduza newsroom, but in 2022 the tech guys became an even more crucial part of it. It is thanks to their work that the newsroom is able to successfully bypass blocking and retain the audience in Russia. And to protect the journalists and to repel various DDoS attacks on the infrastructure and products.\r\n\r\nREFERENCES: \r\n\r\nWe don’t have many references that will be used in the presentation. And according to our Code of Conduct in our ordinary life we try to write about the news, and not to be the newsmakers ourselves. Here are a couple links that might be helpful to understand more about our work and values.\r\n \r\n Meduza\r\n https://meduza.io/\r\n \r\n Meduza English-language edition\r\n https://meduza.io/en\r\n \r\n The awards:\r\n https://frittord.no/en/news/speeches-at-the-awarding-of-the-fritt-ord-foundation-prize-2022\r\n \r\n https://cpj.org/2022/03/calling-the-war-war-meduzas-galina-timchenko-bucks-russias-censorship-on-ukraine/\r\n \r\n https://fgpj.eu/portfolio-items/preistraeger-2022/?portfolioCats=98\r\n \r\n More about us:\r\n https://rsf.org/en/rsf-creates-mirror-leading-russian-exile-news-site-blocked-kremlin\r\n https://www.cloudflare.com/innovator-spotlights/\r\n https://www.bloomberg.com/news/articles/2022-05-10/putin-s-crackdown-pushes-independent-russian-media-into-crypto?leadSource=uverify%20wall\r\n https://www.washingtonpost.com/media/2022/03/17/meduza-russia-sanctions/\r\n https://www.vox.com/future-perfect/22955885/donate-ukraine\r\n \r\n Several examples of the most important articles:\r\n \r\n Fact сhecking piece with a video that proved the massacre in Bucha. Meduza’s source provided us with a video that was filmed during the “entrance” to Bucha. We gave the video to two independent experts (an astronomer and a mathematician) in order to verify when the videos were shot, using chronolocation techniques. Their findings allowed us to confirm that the times in the metadata matches the actual times when the footage was recorded, and that the first video of the bodies couldn’t have been filmed after March 26, 2022, which proved that the horrific civilian killings in Bucha took place before Russian troops retreated from the town\r\n \r\n\r\n https://meduza.io/en/feature/2022/04/09/verified-video-appears-to-show-ukrainian-troops-killing-russian-captives-here-s-what-we-know-about-it\r\n \r\n An investigation of war crimes in Bogdanovka\r\n https://meduza.io/en/feature/2022/04/18/i-can-do-whatever-i-want-to-you\r\n \r\n How Russia's full-scale invasion of Ukraine split the company Yandex\r\n https://meduza.io/en/feature/2022/05/06/toxic-assets\r\n \r\n An investigation on Elvira Nabiullina, the chairwoman of Russia’s Central Bank\r\n https://meduza.io/en/feature/2022/07/07/the-banker-s-dilemma\r\n \r\n Meduza tells the story of the first openly transgender woman in the Russian army. She is going to be sent to war with Ukraine (and that's not the whole story\r\n \r\n https://meduza.io/feature/2022/11/09/pust-luchshe-ona-tam-gde-nibud-umret\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"title":"Meduza: How an exiled pirate media outlet breaks through the Kremlin's propaganda firewall","android_description":"Meduza is an independent international Russian- and English-language publication that still reaches millions of people inside Russia. The newsroom is operating from exile for 8 years now with headquarters in Latvia. Despite being completely outlawed and banned by the Kremlin, Meduza continues to work even under such enormously tough circumstances and still delivers the truths about the war in Ukraine along with an unbiased reporting on the situation inside Russia.\r\n \r\nBut at DEF CON Meduza will not be presented as a media. The team tries to resist the total state control of the Internet in Russia and fight not only for the freedom of speech, but for the freedom of information for millions of people.\r\n\r\nMeduza CTO will explain how one of the most free internet has become one of the most regulated and censored ones within just a couple of years. Alex will share the practical experience of resisting censorship along with his (pessimistic) forecast for the future of the Internet in Russia (a new \"Iron Curtain')'. He will describe how the authorities were once again able to “deceive the people'' (before all that happened, there were no abrupt blockings in Russia and the habit of using VPN was not formed among internet users). This is important to not to let this scenario be repeated in whatever part of the world. \r\n\r\nTech Dept has always been an important part of Meduza newsroom, but in 2022 the tech guys became an even more crucial part of it. It is thanks to their work that the newsroom is able to successfully bypass blocking and retain the audience in Russia. And to protect the journalists and to repel various DDoS attacks on the infrastructure and products.\r\n\r\nREFERENCES: \r\n\r\nWe don’t have many references that will be used in the presentation. And according to our Code of Conduct in our ordinary life we try to write about the news, and not to be the newsmakers ourselves. Here are a couple links that might be helpful to understand more about our work and values.\r\n \r\n Meduza\r\n https://meduza.io/\r\n \r\n Meduza English-language edition\r\n https://meduza.io/en\r\n \r\n The awards:\r\n https://frittord.no/en/news/speeches-at-the-awarding-of-the-fritt-ord-foundation-prize-2022\r\n \r\n https://cpj.org/2022/03/calling-the-war-war-meduzas-galina-timchenko-bucks-russias-censorship-on-ukraine/\r\n \r\n https://fgpj.eu/portfolio-items/preistraeger-2022/?portfolioCats=98\r\n \r\n More about us:\r\n https://rsf.org/en/rsf-creates-mirror-leading-russian-exile-news-site-blocked-kremlin\r\n https://www.cloudflare.com/innovator-spotlights/\r\n https://www.bloomberg.com/news/articles/2022-05-10/putin-s-crackdown-pushes-independent-russian-media-into-crypto?leadSource=uverify%20wall\r\n https://www.washingtonpost.com/media/2022/03/17/meduza-russia-sanctions/\r\n https://www.vox.com/future-perfect/22955885/donate-ukraine\r\n \r\n Several examples of the most important articles:\r\n \r\n Fact сhecking piece with a video that proved the massacre in Bucha. Meduza’s source provided us with a video that was filmed during the “entrance” to Bucha. We gave the video to two independent experts (an astronomer and a mathematician) in order to verify when the videos were shot, using chronolocation techniques. Their findings allowed us to confirm that the times in the metadata matches the actual times when the footage was recorded, and that the first video of the bodies couldn’t have been filmed after March 26, 2022, which proved that the horrific civilian killings in Bucha took place before Russian troops retreated from the town\r\n \r\n\r\n https://meduza.io/en/feature/2022/04/09/verified-video-appears-to-show-ukrainian-troops-killing-russian-captives-here-s-what-we-know-about-it\r\n \r\n An investigation of war crimes in Bogdanovka\r\n https://meduza.io/en/feature/2022/04/18/i-can-do-whatever-i-want-to-you\r\n \r\n How Russia's full-scale invasion of Ukraine split the company Yandex\r\n https://meduza.io/en/feature/2022/05/06/toxic-assets\r\n \r\n An investigation on Elvira Nabiullina, the chairwoman of Russia’s Central Bank\r\n https://meduza.io/en/feature/2022/07/07/the-banker-s-dilemma\r\n \r\n Meduza tells the story of the first openly transgender woman in the Russian army. She is going to be sent to war with Ukraine (and that's not the whole story\r\n \r\n https://meduza.io/feature/2022/11/09/pust-luchshe-ona-tam-gde-nibud-umret","end_timestamp":{"seconds":1691874900,"nanoseconds":0},"updated_timestamp":{"seconds":1687138080,"nanoseconds":0},"speakers":[{"content_ids":[50574],"conference_id":96,"event_ids":[50767],"name":"Alex","affiliations":[{"organization":"Meduza","title":"CTO"}],"links":[],"pronouns":"he/him","media":[],"id":49796,"title":"CTO at Meduza"}],"timeband_id":991,"end":"2023-08-12T21:15:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245745"}],"id":50767,"tag_ids":[45589,45646,45766],"begin_timestamp":{"seconds":1691872200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49796}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 105,135,136 - Track 1","hotel":"","short_name":"Forum - 105,135,136 - Track 1","id":45796},"begin":"2023-08-12T20:30:00.000-0000","updated":"2023-06-19T01:28:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Free Pokemon Card Bus Passes","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691872200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691565180,"nanoseconds":0},"speakers":[{"content_ids":[52390],"conference_id":96,"event_ids":[52681],"name":"Malcolm","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51611},{"content_ids":[52390],"conference_id":96,"event_ids":[52681],"name":"Jarvis","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51612}],"timeband_id":991,"links":[],"end":"2023-08-12T20:30:00.000-0000","id":52681,"village_id":null,"begin_timestamp":{"seconds":1691871300,"nanoseconds":0},"tag_ids":[40290,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51612},{"tag_id":45590,"sort_order":1,"person_id":51611}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Carson City - Physical Security Village","hotel":"","short_name":"Carson City - Physical Security Village","id":45679},"spans_timebands":"N","begin":"2023-08-12T20:15:00.000-0000","updated":"2023-08-09T07:13:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Amazon Best Selling children's book \"Castle Defenders\" is making its DEFCON debut!\r\n\r\nBring your elementary school-aged kids to learn \"what cyber parents do\" with story time and on-site coloring station.*\r\n\r\n*While supplies last.\n\n\n","title":"For Kids: Castle Defenders","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691877600,"nanoseconds":0},"android_description":"Amazon Best Selling children's book \"Castle Defenders\" is making its DEFCON debut!\r\n\r\nBring your elementary school-aged kids to learn \"what cyber parents do\" with story time and on-site coloring station.*\r\n\r\n*While supplies last.","updated_timestamp":{"seconds":1691788920,"nanoseconds":0},"speakers":[{"content_ids":[52410],"conference_id":96,"event_ids":[52705],"name":"Pentera","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51630}],"timeband_id":991,"links":[],"end":"2023-08-12T22:00:00.000-0000","id":52705,"begin_timestamp":{"seconds":1691870400,"nanoseconds":0},"tag_ids":[40297,45743,45763,45775,45864],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51630}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Savoy - AppSec Village","hotel":"","short_name":"Savoy - AppSec Village","id":45712},"begin":"2023-08-12T20:00:00.000-0000","updated":"2023-08-11T21:22:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"I will demonstrate how to use LF 125-137 khz to make vehicles and their components play nice together. Using LF to make TPMS and Keyfobs spit out their info. We will show how to do this and how to check the responses. Think of being able to make TPMS and Keyfobs spit their data out at will. I will show how to use everything from a Proxmark to a hackrf to make this happen. I'll also demo antennas and hardware mods we recommend.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"125khz the Brown note for Cars","android_description":"I will demonstrate how to use LF 125-137 khz to make vehicles and their components play nice together. Using LF to make TPMS and Keyfobs spit out their info. We will show how to do this and how to check the responses. Think of being able to make TPMS and Keyfobs spit their data out at will. I will show how to use everything from a Proxmark to a hackrf to make this happen. I'll also demo antennas and hardware mods we recommend.","end_timestamp":{"seconds":1691874000,"nanoseconds":0},"updated_timestamp":{"seconds":1691259900,"nanoseconds":0},"speakers":[{"content_ids":[52254],"conference_id":96,"event_ids":[52515],"name":"Woody","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@tb69rr"}],"pronouns":null,"media":[],"id":51490}],"timeband_id":991,"links":[],"end":"2023-08-12T21:00:00.000-0000","id":52515,"village_id":null,"begin_timestamp":{"seconds":1691870400,"nanoseconds":0},"tag_ids":[40292,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51490}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Eldorado - Radio Frequency Village","hotel":"","short_name":"Eldorado - Radio Frequency Village","id":45714},"spans_timebands":"N","updated":"2023-08-05T18:25:00.000-0000","begin":"2023-08-12T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Bring your official Mini Sumo class robots to go head to head in a battle of glory! For rule details see https://dchhv.org/events/robosumo.html Event will last as long as it takes to work through the bracket.\n\n\n","title":"RoboSumo Bracket Competition","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"android_description":"Bring your official Mini Sumo class robots to go head to head in a battle of glory! For rule details see https://dchhv.org/events/robosumo.html Event will last as long as it takes to work through the bracket.","end_timestamp":{"seconds":1691874000,"nanoseconds":0},"updated_timestamp":{"seconds":1691252280,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-12T21:00:00.000-0000","links":[{"label":"Details","type":"link","url":"https://dchhv.org/events/robosumo.html"}],"id":52491,"tag_ids":[40287,45646,45743,45775],"begin_timestamp":{"seconds":1691870400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 311-312 - Hardware/Soldering Vlgs","hotel":"","short_name":"Alliance - 311-312 - Hardware/Soldering Vlgs","id":45868},"spans_timebands":"N","updated":"2023-08-05T16:18:00.000-0000","begin":"2023-08-12T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Quantum neural networks (QNNs) succeed in object recognition, natural language processing, and financial analysis. To maximize the accuracy of a QNN on a Noisy Intermediate Scale Quantum (NISQ) computer, approximate synthesis modifies the QNN circuit by reducing error-prone 2-qubit quantum gates. The success of QNNs motivates adversaries to attack QNNs via backdoors. However, na¨ıvely transplanting backdoors designed for classical neural networks to QNNs yields only low attack success rate, due to the noises and approximate synthesis on NISQ computers. Prior quantum circuit-based backdoors cannot selectively attack some inputs or work with all types of encoding layers of a QNN circuit. Moreover, it is easy to detect both transplanted and circuit-based backdoors in a QNN. \r\n\r\nIn this talk, we introduce a novel and stealthy backdoor attack, QDoor, to achieve high attack success rate in approximately-synthesized QNN circuits by weaponizing unitary differences between uncompiled QNNs and their synthesized counterparts. QDoor trains a QNN behaving normally for all inputs with and without a trigger. However, after approximate synthesis, the QNN circuit always predicts any inputs with a trigger to a predefined class while still acts normally for benign inputs. Compared to prior backdoor attacks, QDoor improves the attack success rate by 13× and the clean data accuracy by 65% on average. Furthermore, prior backdoor detection techniques cannot find QDoor attacks in uncompiled QNN circuits.\n\n\n","title":"QDoor: Exploiting Approximate Synthesis for Backdoor Attacks in Quantum Neural Networks","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691874000,"nanoseconds":0},"android_description":"Quantum neural networks (QNNs) succeed in object recognition, natural language processing, and financial analysis. To maximize the accuracy of a QNN on a Noisy Intermediate Scale Quantum (NISQ) computer, approximate synthesis modifies the QNN circuit by reducing error-prone 2-qubit quantum gates. The success of QNNs motivates adversaries to attack QNNs via backdoors. However, na¨ıvely transplanting backdoors designed for classical neural networks to QNNs yields only low attack success rate, due to the noises and approximate synthesis on NISQ computers. Prior quantum circuit-based backdoors cannot selectively attack some inputs or work with all types of encoding layers of a QNN circuit. Moreover, it is easy to detect both transplanted and circuit-based backdoors in a QNN. \r\n\r\nIn this talk, we introduce a novel and stealthy backdoor attack, QDoor, to achieve high attack success rate in approximately-synthesized QNN circuits by weaponizing unitary differences between uncompiled QNNs and their synthesized counterparts. QDoor trains a QNN behaving normally for all inputs with and without a trigger. However, after approximate synthesis, the QNN circuit always predicts any inputs with a trigger to a predefined class while still acts normally for benign inputs. Compared to prior backdoor attacks, QDoor improves the attack success rate by 13× and the clean data accuracy by 65% on average. Furthermore, prior backdoor detection techniques cannot find QDoor attacks in uncompiled QNN circuits.","updated_timestamp":{"seconds":1691108580,"nanoseconds":0},"speakers":[{"content_ids":[52184],"conference_id":96,"event_ids":[52432],"name":"Lei Jiang","affiliations":[{"organization":"Indiana University Bloomington","title":"Assoc. Prof."}],"links":[],"pronouns":null,"media":[],"id":51430,"title":"Assoc. Prof. at Indiana University Bloomington"}],"timeband_id":991,"links":[],"end":"2023-08-12T21:00:00.000-0000","id":52432,"village_id":null,"tag_ids":[40291,45645,45649,45743],"begin_timestamp":{"seconds":1691870400,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51430}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Quantum Village","hotel":"","short_name":"Quantum Village","id":45741},"begin":"2023-08-12T20:00:00.000-0000","updated":"2023-08-04T00:23:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Ultimate AppSec Trivia Challenge is a fun and educational game that tests your application security knowledge. The game consists of cards with questions ranging from easy to hard, all related to application security. Players can challenge themselves, or each other, to test their knowledge. You can improve your understanding of AppSec and have fun simultaneously. Bring your team or yourself and see where you rank on the leaderboard! Whether you're a beginner or an expert in application security, The Ultimate AppSec Trivia Challenge has something for everyone to learn.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"The Ultimate AppSec Trivia Challenge","end_timestamp":{"seconds":1691877600,"nanoseconds":0},"android_description":"The Ultimate AppSec Trivia Challenge is a fun and educational game that tests your application security knowledge. The game consists of cards with questions ranging from easy to hard, all related to application security. Players can challenge themselves, or each other, to test their knowledge. You can improve your understanding of AppSec and have fun simultaneously. Bring your team or yourself and see where you rank on the leaderboard! Whether you're a beginner or an expert in application security, The Ultimate AppSec Trivia Challenge has something for everyone to learn.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52088],"conference_id":96,"event_ids":[52314,52374,52375,52376],"name":"Probely","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51373}],"timeband_id":991,"links":[],"end":"2023-08-12T22:00:00.000-0000","id":52376,"village_id":null,"begin_timestamp":{"seconds":1691870400,"nanoseconds":0},"tag_ids":[40297,45647,45743,45775],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51373}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 4","hotel":"","short_name":"AppSec Village - Pod 4","id":45965},"spans_timebands":"N","updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-12T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"We want to present in Arsenal. Akto is an open source API Security product. During the session, we will showcase how to:\r\n\r\n1. Automate your API inventory and generate open API spec file \r\n2. We will teach how to write custom test for security testing with live demo of 20+ custom business logic tests.\r\n3. Automate API security testing in CI/CD with GitHub Actions as an example\r\n\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Open Source API Security for devsecops","end_timestamp":{"seconds":1691877600,"nanoseconds":0},"android_description":"We want to present in Arsenal. Akto is an open source API Security product. During the session, we will showcase how to:\r\n\r\n1. Automate your API inventory and generate open API spec file \r\n2. We will teach how to write custom test for security testing with live demo of 20+ custom business logic tests.\r\n3. Automate API security testing in CI/CD with GitHub Actions as an example","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52114],"conference_id":96,"event_ids":[52338],"name":"Ankita Gupta","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/ankita-gupta-89214515/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/ankitaiitr"}],"pronouns":null,"media":[],"id":51325},{"content_ids":[52114],"conference_id":96,"event_ids":[52338],"name":"Ankush Jain","affiliations":[],"pronouns":null,"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/ankushgjain/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/Ankush12389"}],"media":[],"id":51327}],"timeband_id":991,"links":[],"end":"2023-08-12T22:00:00.000-0000","id":52338,"tag_ids":[40297,45647,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691870400,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51325},{"tag_id":45590,"sort_order":1,"person_id":51327}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 3","hotel":"","short_name":"AppSec Village - Pod 3","id":45964},"spans_timebands":"N","updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-12T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"How to Hide Behavior from Security Tools","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"android_description":"","end_timestamp":{"seconds":1691877600,"nanoseconds":0},"updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52113],"conference_id":96,"event_ids":[52337,52361,52362],"name":"Deepfactor","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51332}],"timeband_id":991,"links":[],"end":"2023-08-12T22:00:00.000-0000","id":52337,"village_id":null,"begin_timestamp":{"seconds":1691870400,"nanoseconds":0},"tag_ids":[40297,45647,45743,45775],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51332}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 2","hotel":"","short_name":"AppSec Village - Pod 2","id":45963},"spans_timebands":"N","begin":"2023-08-12T20:00:00.000-0000","updated":"2023-08-03T15:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Want to learn how to stop hackers in their tracks?\r\nCome to the Secure From Scratch coding workshop.\r\nLearn what you need to know to write secure code from the very first line of code.\r\nIt's surprisingly easy!\r\n\r\n(Some coding experience in either C#, Java, Python or C++ required. You need to know loops, if, arrays and functions).\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"title":"Secure from Scratch: Secure Code Workshop for DEF CON Kids","end_timestamp":{"seconds":1691877600,"nanoseconds":0},"android_description":"Want to learn how to stop hackers in their tracks?\r\nCome to the Secure From Scratch coding workshop.\r\nLearn what you need to know to write secure code from the very first line of code.\r\nIt's surprisingly easy!\r\n\r\n(Some coding experience in either C#, Java, Python or C++ required. You need to know loops, if, arrays and functions).","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52111,52134],"conference_id":96,"event_ids":[52335,52354],"name":"Or Sahar","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/securylight/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/securylight"}],"pronouns":null,"media":[],"id":51368},{"content_ids":[52111,52130],"conference_id":96,"event_ids":[52335,52350],"name":"Yariv Tal","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/yarivt/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/YarivDevMentor"}],"pronouns":null,"media":[],"id":51387}],"timeband_id":991,"links":[],"end":"2023-08-12T22:00:00.000-0000","id":52335,"tag_ids":[40297,45647,45719,45743,45765,45864],"begin_timestamp":{"seconds":1691870400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51368},{"tag_id":45590,"sort_order":1,"person_id":51387}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Workshop","hotel":"","short_name":"AppSec Village - Workshop","id":45961},"spans_timebands":"N","updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-12T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Is 2023 the Year of Privacy: How History and States are Posed to Change Privacy?","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691872200,"nanoseconds":0},"updated_timestamp":{"seconds":1691025840,"nanoseconds":0},"speakers":[{"content_ids":[52032],"conference_id":96,"event_ids":[52248],"name":"Anthony Hendricks","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51245}],"timeband_id":991,"links":[],"end":"2023-08-12T20:30:00.000-0000","id":52248,"begin_timestamp":{"seconds":1691870400,"nanoseconds":0},"village_id":null,"tag_ids":[40308,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51245}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset - Vista - Crypto & Privacy Village","hotel":"","short_name":"Sunset - Vista - Crypto & Privacy Village","id":45702},"spans_timebands":"N","updated":"2023-08-03T01:24:00.000-0000","begin":"2023-08-12T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Did you know that TODAY there are 150 neighborhoods in Philadelphia that DO NOT HAVE INTERNET ACCESS?!?! \r\n\r\nLet's talk about why there is such a huge Digital divide between POC's and everyone else -- How historically blacks haven’t had access to the same technology that middle and upper class white families did. \r\n\r\nHence another reason to explain the generational wealth gap, technological restrictions in access, exposure, understanding, and the low percentage of representation in the industry. Let's talk about it!\n\n\n","title":"\"Why don't we have Internet, Daddy?\"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691873400,"nanoseconds":0},"android_description":"Did you know that TODAY there are 150 neighborhoods in Philadelphia that DO NOT HAVE INTERNET ACCESS?!?! \r\n\r\nLet's talk about why there is such a huge Digital divide between POC's and everyone else -- How historically blacks haven’t had access to the same technology that middle and upper class white families did. \r\n\r\nHence another reason to explain the generational wealth gap, technological restrictions in access, exposure, understanding, and the low percentage of representation in the industry. Let's talk about it!","updated_timestamp":{"seconds":1690937760,"nanoseconds":0},"speakers":[{"content_ids":[52007],"conference_id":96,"event_ids":[52202],"name":"Jess Hoffman","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51214}],"timeband_id":991,"links":[],"end":"2023-08-12T20:50:00.000-0000","id":52202,"village_id":null,"tag_ids":[40281,45645,45646,45743],"begin_timestamp":{"seconds":1691870400,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51214}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 301-304 - Blacks in Cyber Village","hotel":"","short_name":"Alliance - 301-304 - Blacks in Cyber Village","id":45865},"spans_timebands":"N","begin":"2023-08-12T20:00:00.000-0000","updated":"2023-08-02T00:56:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"CloudRecon is a suite of tools for red teamers and bug hunters to find ephemeral and development assets in their campaigns and hunts.\r\n\r\nOften, target organizations stand up cloud infrastructure that is not tied to their ASN or related to known infrastructure. Many times these assets are development sites, IT product portals, etc. Sometimes they don't have domains at all but many still need HTTPs.\r\n\r\nCloudRecon is a suite of tools to scan all the cloud providers and find these hidden gems for testers, by inspecting those SSL certificates.\r\n\r\nThe tool suite is three parts in GO:\r\n\r\n - CloudScrape - A LIVE running too to inspect the ranges for a keywork in SSL certs OU, CN, and SN fields in real time.\r\n - CertStan - a tool to retrieve the ranges of AWS, GCP, and Azure, and download all their certs to your box. So you can have your OWN cert.sh database.\r\n - CertSniff - a tool to parse and search through the downloaded certs for keywords.\n\n\n","title":"CloudRecon - finding ephemeral assets in the cloud","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691872200,"nanoseconds":0},"android_description":"CloudRecon is a suite of tools for red teamers and bug hunters to find ephemeral and development assets in their campaigns and hunts.\r\n\r\nOften, target organizations stand up cloud infrastructure that is not tied to their ASN or related to known infrastructure. Many times these assets are development sites, IT product portals, etc. Sometimes they don't have domains at all but many still need HTTPs.\r\n\r\nCloudRecon is a suite of tools to scan all the cloud providers and find these hidden gems for testers, by inspecting those SSL certificates.\r\n\r\nThe tool suite is three parts in GO:\r\n\r\n - CloudScrape - A LIVE running too to inspect the ranges for a keywork in SSL certs OU, CN, and SN fields in real time.\r\n - CertStan - a tool to retrieve the ranges of AWS, GCP, and Azure, and download all their certs to your box. So you can have your OWN cert.sh database.\r\n - CertSniff - a tool to parse and search through the downloaded certs for keywords.","updated_timestamp":{"seconds":1690921860,"nanoseconds":0},"speakers":[{"content_ids":[51097,51303,51307,51998,52118],"conference_id":96,"event_ids":[51128,51365,51369,52192,52342],"name":"Jason Haddix","affiliations":[{"organization":"BuddoBot","title":"CISO and “Hacker in Charge”"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jhaddix"}],"pronouns":null,"media":[],"id":50266,"title":"CISO and “Hacker in Charge” at BuddoBot"},{"content_ids":[51306,51998],"conference_id":96,"event_ids":[51368,52192],"name":"Gunnar Andrews","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@G0LDEN_infosec"}],"media":[],"id":50458}],"timeband_id":991,"links":[],"end":"2023-08-12T20:30:00.000-0000","id":52192,"begin_timestamp":{"seconds":1691870400,"nanoseconds":0},"tag_ids":[40284,45592,45645,45647,45743],"village_id":null,"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50458},{"tag_id":45590,"sort_order":1,"person_id":50266}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Mesquite - Cloud Village","hotel":"","short_name":"Mesquite - Cloud Village","id":45653},"spans_timebands":"N","begin":"2023-08-12T20:00:00.000-0000","updated":"2023-08-01T20:31:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Amateur radio operator Jon Marler, callsign K4CHN, presents a discussion about how to use an SBC for ham radio digital modes in a world without the raspberry pi. There are hundreds of other options now, but which of those meet these requirements: Easy to obtain, cheap, runs Linux, and can run popular ham radio digital mode software. Jon will present his findings and show you how to build out an SBC that can get you on the air, without having to beg, borrow, or steal a raspberry pi.\n\n\n","title":"Using an SBC for ham radio digital modes that isn't a raspberry pi","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691874000,"nanoseconds":0},"android_description":"Amateur radio operator Jon Marler, callsign K4CHN, presents a discussion about how to use an SBC for ham radio digital modes in a world without the raspberry pi. There are hundreds of other options now, but which of those meet these requirements: Easy to obtain, cheap, runs Linux, and can run popular ham radio digital mode software. Jon will present his findings and show you how to build out an SBC that can get you on the air, without having to beg, borrow, or steal a raspberry pi.","updated_timestamp":{"seconds":1690767300,"nanoseconds":0},"speakers":[{"content_ids":[51973,51975],"conference_id":96,"event_ids":[52167,52169],"name":"Jon Marler","affiliations":[],"links":[{"description":"","title":"Github","sort_order":0,"url":"https://github.com/jmarler"}],"pronouns":null,"media":[],"id":51178}],"timeband_id":991,"links":[],"end":"2023-08-12T21:00:00.000-0000","id":52169,"tag_ids":[40286,45592,45645,45647,45743],"begin_timestamp":{"seconds":1691870400,"nanoseconds":0},"village_id":null,"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":51178}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Virginia City - Ham Radio Village","hotel":"","short_name":"Virginia City - Ham Radio Village","id":45724},"updated":"2023-07-31T01:35:00.000-0000","begin":"2023-08-12T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The field of cybersecurity policy is constantly evolving, and as such, the need to think innovatively and critically about policy solutions to address new and emerging threats. “Beyond the Breach: Exploring Cybersecurity Policies with Hacker Perspectives” is a panel that will bring together experts to explore the role of cybersecurity policy hackers in responding to cyber policy challenges that governments and organizations face in this rapidly evolving landscape. The discussion will delve into ongoing processes of elaborating global, regional, and local cyber policies that engage the hacker community. Globally, those discussed in the ICRC Delegation for Cyberspace; regionally, in OAS member states in the Americas; and locally, those in the public and private organizations, such as Computer Security Incident Response Teams (CSIRTs) in Latin America. Additionally, it will explore initiatives to create platforms for hackers’ participation and encourage innovation in cybersecurity policymaking. Furthermore, the panel will also discuss the role of cybersecurity policy hackers in the ongoing evolving landscape of digital investigations and the associated challenges across different regions.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d653b1","updated_at":"2024-06-07T03:38+0000","name":"Village Panel","id":45771},"title":"Beyond the Breach: Exploring Cybersecurity Policies with Hacker Perspectives","android_description":"The field of cybersecurity policy is constantly evolving, and as such, the need to think innovatively and critically about policy solutions to address new and emerging threats. “Beyond the Breach: Exploring Cybersecurity Policies with Hacker Perspectives” is a panel that will bring together experts to explore the role of cybersecurity policy hackers in responding to cyber policy challenges that governments and organizations face in this rapidly evolving landscape. The discussion will delve into ongoing processes of elaborating global, regional, and local cyber policies that engage the hacker community. Globally, those discussed in the ICRC Delegation for Cyberspace; regionally, in OAS member states in the Americas; and locally, those in the public and private organizations, such as Computer Security Incident Response Teams (CSIRTs) in Latin America. Additionally, it will explore initiatives to create platforms for hackers’ participation and encourage innovation in cybersecurity policymaking. Furthermore, the panel will also discuss the role of cybersecurity policy hackers in the ongoing evolving landscape of digital investigations and the associated challenges across different regions.","end_timestamp":{"seconds":1691873400,"nanoseconds":0},"updated_timestamp":{"seconds":1690431060,"nanoseconds":0},"speakers":[{"content_ids":[51512],"conference_id":96,"event_ids":[51668],"name":"Andrés Velázquez","affiliations":[{"organization":"MaTTica","title":"Founder and President"}],"links":[],"pronouns":null,"media":[],"id":50573,"title":"Founder and President at MaTTica"},{"content_ids":[51512],"conference_id":96,"event_ids":[51668],"name":"Isabella Rolz","affiliations":[{"organization":"Inter-American Committee against Terrorism (CICTE) of the Organization of American States (OAS)","title":"Communications Specialist"}],"links":[],"pronouns":null,"media":[],"id":50607,"title":"Communications Specialist at Inter-American Committee against Terrorism (CICTE) of the Organization of American States (OAS)"},{"content_ids":[51512,51522],"conference_id":96,"event_ids":[51668,51678],"name":"Mauro Vignati","affiliations":[{"organization":"ICRC","title":""}],"links":[],"pronouns":null,"media":[],"id":50624,"title":"ICRC"},{"content_ids":[51512,51517],"conference_id":96,"event_ids":[51668,51673],"name":"Orlando Garces","affiliations":[{"organization":"Inter-American Committee against Terrorism (CICTE) of the Organization of American States (OAS)","title":"Cybersecurity Program Officer"}],"links":[],"pronouns":null,"media":[],"id":50628,"title":"Cybersecurity Program Officer at Inter-American Committee against Terrorism (CICTE) of the Organization of American States (OAS)"}],"timeband_id":991,"end":"2023-08-12T20:50:00.000-0000","links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"id":51668,"begin_timestamp":{"seconds":1691870400,"nanoseconds":0},"village_id":null,"tag_ids":[40310,45646,45743,45771,45836],"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":50573},{"tag_id":45632,"sort_order":1,"person_id":50607},{"tag_id":45632,"sort_order":1,"person_id":50624},{"tag_id":45632,"sort_order":1,"person_id":50628}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 221-222 - Policy Atrium","hotel":"","short_name":"Summit - 221-222 - Policy Atrium","id":45878},"spans_timebands":"N","begin":"2023-08-12T20:00:00.000-0000","updated":"2023-07-27T04:11:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"XR implications on Mobile Security","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691874000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1690417980,"nanoseconds":0},"speakers":[{"content_ids":[51469],"conference_id":96,"event_ids":[51625],"name":"Whitney Phillips","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50537}],"timeband_id":991,"links":[],"end":"2023-08-12T21:00:00.000-0000","id":51625,"begin_timestamp":{"seconds":1691870400,"nanoseconds":0},"village_id":null,"tag_ids":[40311,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50537}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 232-233 - Shared Stage","hotel":"","short_name":"Summit - 232-233 - Shared Stage","id":45900},"spans_timebands":"N","begin":"2023-08-12T20:00:00.000-0000","updated":"2023-07-27T00:33:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"No Starch Press - Book Signing - Jos Weyers, Matt Burrough & BandEAtoZ, Locksport","type":{"conference_id":96,"conference":"DEFCON31","color":"#2ec300","updated_at":"2024-06-07T03:38+0000","name":"Vendor Event","id":45769},"android_description":"","end_timestamp":{"seconds":1691874000,"nanoseconds":0},"updated_timestamp":{"seconds":1690416240,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-12T21:00:00.000-0000","id":51611,"tag_ids":[45646,45743,45769,45770],"begin_timestamp":{"seconds":1691870400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 305-306 - Vendors","hotel":"","short_name":"Alliance - 305-306 - Vendors","id":45866},"begin":"2023-08-12T20:00:00.000-0000","updated":"2023-07-27T00:04:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Practice threat modeling on your own design! Be prepared to show off your design and take feedback/findings!\r\n\r\nRegistration required, come by our booth on Friday to sign up for a slot. \n\n\n","title":"DC’s Next Top Threat Model (DCNTTM) - BYODesign Presentation ","type":{"conference_id":96,"conference":"DEFCON31","color":"#697bd0","updated_at":"2024-06-07T03:38+0000","name":"Event","id":45638},"android_description":"Practice threat modeling on your own design! Be prepared to show off your design and take feedback/findings!\r\n\r\nRegistration required, come by our booth on Friday to sign up for a slot.","end_timestamp":{"seconds":1691877600,"nanoseconds":0},"updated_timestamp":{"seconds":1691728080,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-12T22:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245261"},{"label":"Twitter (@ThreatModelUs)","type":"link","url":"https://twitter.com/@ThreatModelUs"}],"id":51458,"begin_timestamp":{"seconds":1691870400,"nanoseconds":0},"village_id":null,"tag_ids":[45638,45646,45743,45764],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-08-11T04:28:00.000-0000","begin":"2023-08-12T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"A red team is defined as a group of cybersecurity professionals that simulate the actions of those who are malicious or adversarial. However, many red teams don’t emulate adversaries as much as they might think. This workshop will discuss adversary types and their motivations, common tooling mistakes that are a dead giveaway you’re a red team, infrastructure mistakes, lack of action on objectives, and more from the perspective of someone who hunts red teams. This workshop is designed for entry level to intermediate level red teamers.\n\n\n","title":"How to [NOT] look like a Red Team","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"android_description":"A red team is defined as a group of cybersecurity professionals that simulate the actions of those who are malicious or adversarial. However, many red teams don’t emulate adversaries as much as they might think. This workshop will discuss adversary types and their motivations, common tooling mistakes that are a dead giveaway you’re a red team, infrastructure mistakes, lack of action on objectives, and more from the perspective of someone who hunts red teams. This workshop is designed for entry level to intermediate level red teamers.","end_timestamp":{"seconds":1691877600,"nanoseconds":0},"updated_timestamp":{"seconds":1689358260,"nanoseconds":0},"speakers":[{"content_ids":[51081],"conference_id":96,"event_ids":[51113,51136],"name":"Michael Wylie","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/themikewylie"}],"pronouns":null,"media":[],"id":50274}],"timeband_id":991,"links":[],"end":"2023-08-12T22:00:00.000-0000","id":51136,"village_id":60,"tag_ids":[40294,45647,45719],"begin_timestamp":{"seconds":1691870400,"nanoseconds":0},"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50274}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 2","hotel":"","short_name":"Area 2","id":45826},"updated":"2023-07-14T18:11:00.000-0000","begin":"2023-08-12T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Storfield Methodology focuses on three main questions: Where am I? Where is the DC? Where are the high-value targets? The Storfield Methodology is meant to be repeatable during every engagement. When following this method the steps should be the same regardless of the security controls implemented in a particular network.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"title":"Storfield: A Quiet Methodology to Create Attacks in Mature Networks","end_timestamp":{"seconds":1691874000,"nanoseconds":0},"android_description":"The Storfield Methodology focuses on three main questions: Where am I? Where is the DC? Where are the high-value targets? The Storfield Methodology is meant to be repeatable during every engagement. When following this method the steps should be the same regardless of the security controls implemented in a particular network.","updated_timestamp":{"seconds":1689358620,"nanoseconds":0},"speakers":[{"content_ids":[51086,51096],"conference_id":96,"event_ids":[51117,51127,51160],"name":"Cory Wolff","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/cwolff411"}],"pronouns":null,"media":[],"id":50260}],"timeband_id":991,"links":[],"end":"2023-08-12T21:00:00.000-0000","id":51127,"village_id":60,"tag_ids":[40294,45647,45719],"begin_timestamp":{"seconds":1691870400,"nanoseconds":0},"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50260}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 3","hotel":"","short_name":"Area 3","id":45827},"updated":"2023-07-14T18:17:00.000-0000","begin":"2023-08-12T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The objective of the workshop is to provide hands-on practical experiences to understand Active Directory risks. The workshop will start with the basics of Active Directory and deep dive into in depth hands on exploitation of multiple vulnerabilities.\n\n\n","title":"How Most Internal Networks are Compromised: A Set of Common Active Directory Attacks and How to Perform Them from Linux","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"android_description":"The objective of the workshop is to provide hands-on practical experiences to understand Active Directory risks. The workshop will start with the basics of Active Directory and deep dive into in depth hands on exploitation of multiple vulnerabilities.","end_timestamp":{"seconds":1691884800,"nanoseconds":0},"updated_timestamp":{"seconds":1689358620,"nanoseconds":0},"speakers":[{"content_ids":[51095],"conference_id":96,"event_ids":[51126],"name":"Scott Brink","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/_sandw1ch"}],"pronouns":null,"media":[],"id":50283}],"timeband_id":991,"links":[],"end":"2023-08-13T00:00:00.000-0000","id":51126,"begin_timestamp":{"seconds":1691870400,"nanoseconds":0},"village_id":60,"tag_ids":[40294,45647,45719],"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50283}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 6","hotel":"","short_name":"Area 6","id":45830},"spans_timebands":"N","begin":"2023-08-12T20:00:00.000-0000","updated":"2023-07-14T18:17:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This presentation will cover a complete exploit chain in Azure B2C, starting with a discovery of cryptographic misuse and leading to full account compromise in any tenant as an unauthenticated attacker.\r\n \r\nPortions of this vulnerability have been released publicly, but several pieces were omitted to provide Microsoft time to remediate the issue and not put Azure B2C environments at unnecessary risk. New details in this talk include steps to reverse engineer and discover the crypto vulnerability along with details of a novel attack for crypto key recovery.\r\n \r\nFor background, Microsoft Azure B2C is an identity and access management service for customer-facing apps. Thousands of organizations use this service, including national/state/local governments, professional societies, and commercial companies. The service is also used in the public Microsoft Security Response Center (MSRC) web portal as the main method for researchers to disclose vulnerabilities as part of Microsoft's bug bounty programs. The full exploit chain was effective against the MSRC and would have allowed an attacker to enumerate details of disclosed but not-yet-patched Microsoft zero day vulnerabilities.\r\n\r\nREFERENCES: \r\n[1] Previous disclosure of portions of this vulnerability: https://www.praetorian.com/blog/azure-b2c-crypto-misuse-and-account-compromise/\r\n[2] Discussion of encryption and signatures in JSON Web Tokens (JWTs): https://www.praetorian.com/blog/signing-and-encrypting-with-json-web-tokens/\r\n[3] Azure B2C Configuration Tutorial: https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-custom-policy\r\n[4] What to Expect When Reporting Vulnerabilities to Microsoft https://msrc.microsoft.com/blog/2020/09/what-to-expect-when-reporting-vulnerabilities-to-microsoft/\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"title":"Azure B2C 0-Day: An Exploit Chain from Public Keys to Microsoft Bug Bounty","end_timestamp":{"seconds":1691873100,"nanoseconds":0},"android_description":"This presentation will cover a complete exploit chain in Azure B2C, starting with a discovery of cryptographic misuse and leading to full account compromise in any tenant as an unauthenticated attacker.\r\n \r\nPortions of this vulnerability have been released publicly, but several pieces were omitted to provide Microsoft time to remediate the issue and not put Azure B2C environments at unnecessary risk. New details in this talk include steps to reverse engineer and discover the crypto vulnerability along with details of a novel attack for crypto key recovery.\r\n \r\nFor background, Microsoft Azure B2C is an identity and access management service for customer-facing apps. Thousands of organizations use this service, including national/state/local governments, professional societies, and commercial companies. The service is also used in the public Microsoft Security Response Center (MSRC) web portal as the main method for researchers to disclose vulnerabilities as part of Microsoft's bug bounty programs. The full exploit chain was effective against the MSRC and would have allowed an attacker to enumerate details of disclosed but not-yet-patched Microsoft zero day vulnerabilities.\r\n\r\nREFERENCES: \r\n[1] Previous disclosure of portions of this vulnerability: https://www.praetorian.com/blog/azure-b2c-crypto-misuse-and-account-compromise/\r\n[2] Discussion of encryption and signatures in JSON Web Tokens (JWTs): https://www.praetorian.com/blog/signing-and-encrypting-with-json-web-tokens/\r\n[3] Azure B2C Configuration Tutorial: https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-custom-policy\r\n[4] What to Expect When Reporting Vulnerabilities to Microsoft https://msrc.microsoft.com/blog/2020/09/what-to-expect-when-reporting-vulnerabilities-to-microsoft/","updated_timestamp":{"seconds":1687138140,"nanoseconds":0},"speakers":[{"content_ids":[50575],"conference_id":96,"event_ids":[50835],"name":"John Novak","affiliations":[{"organization":"Praetorian","title":"Technical Director"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/john-novak-823a267a/"},{"description":"","title":"Mastodon (@novak@infosec.exchange)","sort_order":0,"url":"https://infosec.exchange/@novak"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jwnovak"}],"pronouns":"he/him","media":[],"id":49797,"title":"Technical Director at Praetorian"}],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245746"}],"end":"2023-08-12T20:45:00.000-0000","id":50835,"tag_ids":[45589,45629,45646,45766],"begin_timestamp":{"seconds":1691870400,"nanoseconds":0},"village_id":null,"includes":"Exploit 🪲","people":[{"tag_id":45590,"sort_order":1,"person_id":49797}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 407-410 - Track 4","hotel":"","short_name":"Academy - 407-410 - Track 4","id":45799},"spans_timebands":"N","updated":"2023-06-19T01:29:00.000-0000","begin":"2023-08-12T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The links between science fiction and reality have been demonstrated in numerous research studies. By speculating about the possible future uses of technologies under development, science fiction shows us plausible futures. In this sense, it allows us, as a society, to popularize and debate the consequences (expected or not) of our technological developments. In addition to this not negligible social role science fiction also has an impact on our current developments. We speak here of \"loop-looping\", i.e. there is a feedback loop between what science fiction shows us and what we are then led to actually develop. From this point of view, our imaginations are performative, and this is perhaps the most critical issue: what I see can happen. In the case of hacking and cybersecurity, a particular phenomenon is added: the general public's knowledge of these subjects is mainly through the fictions they watch, read, or listen to. We propose to analyze a corpus of 200 fictional attacks, and 800 real attacks and to compare them to define if the imaginary ones are predictive if they inform us or on the contrary mislead us as for the reality of the current attacks. \r\n\r\nREFERENCES: \r\n\r\nThe subject of imaginaries is a key subject of the work of the Making Tomorrow collective co-founded by Nicolas Minvielle. As such, he has been able to conduct numerous studies aimed at analyzing the impact of science fiction on a given practice.\r\n\r\nA book has been published on the subject and is available online in pdf format:\r\nMinvielle, N. & Wathelet, O. & Lauquin, M. & Audinet, P., Design fiction for your organization, Making Tomorrow (2020), http://making-tomorrow.mkrs.fr/wp-content/uploads/2020/04/Making-Tomorrow-Design-Fiction-and-more-for-your-organization.pdf \r\n\r\nAcademic references on this subject: \r\n \r\nBrake, Mark, and Neil Hook, Different Engines: How Science Drives Fiction and Fiction Drives Science (London New York: Macmillan, 2008)\r\n \r\nCarpenter, C. (2016). Rethinking the Political / -Science- / Fiction Nexus: Global Policy Making and the Campaign to Stop Killer Robots. Perspectives on Politics, 14(1), 53-69. doi:10.1017/S1537592715003229\r\n \r\nJones, C., & Paris, C. (2018). It’s the End of the World and They Know It: How Dystopian Fiction Shapes Political Attitudes. Perspectives on Politics, 16(4), 969-989. doi:10.1017/S1537592718002153\r\n \r\nKevin L Young, Charli Carpenter, Does Science Fiction Affect Political Fact? Yes and No: A Survey Experiment on “Killer Robots”, International Studies Quarterly, Volume 62, Issue 3, September 2018, Pages 562–576, https://doi.org/10.1093/isq/sqy028\r\n \r\nKirby, David A., Lab Coats in Hollywood: Science, Scientists, and Cinema (Cambridge, Mass: MIT Press, 2011)\r\n \r\nMaynard, Andrew D., Films from the Future: The Technology and Morality of Sci-Fi Movies (Coral Gables: Mango Publishing, 2018)\r\n \r\nSeed, David, ed., Future Wars: The Anticipations and the Fears, Liverpool Science Fiction Texts and Studies, 42 (Liverpool: Liverpool Univ. Press, 2012)\r\n \r\nShedroff, Nathan, and Christopher Noessel, Make It so: Interaction Design Lessons from Science Fiction(Brooklyn, N.Y., USA: Rosenfeld Media, 2012)\r\n \r\nTelotte, J. P., Replications: A Robotic History of the Science Fiction Film (Urbana: University of Illinois Press, 1995)\r\n \r\nWestfahl, Gary, Wong Kin Yuen, and Amy Kit-sze Chan, eds., Science Fiction and the Prediction of the Future: Essays on Foresight and Fallacy, Critical Explorations in Science Fiction and Fantasy, 27 (Jefferson, N.C: McFarland, 2011)\r\n \r\nAppadurai, Arjun, ed., The Future as Cultural Fact: Essays on the Global Condition (London: New York : Verso Books, 2013)\r\n \r\nHere, a video (6’30 to 17’) of Xavier Facélina in 2017 inviting a panel to thing about cybersecurity from a different angle ; and with science fiction references (in French) :\r\nhttps://youtu.be/PIVwcu-HhQo\r\n \r\nHere, a video (8’55 to 29’55) of Nicolas Minvielle talking about the impact of science fiction in innovation (in French) : https://www.youtube.com/live/oK-k3AqdXBc?feature=share\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"title":"Looking into the future, what can we learn about hacking in science-fiction?","android_description":"The links between science fiction and reality have been demonstrated in numerous research studies. By speculating about the possible future uses of technologies under development, science fiction shows us plausible futures. In this sense, it allows us, as a society, to popularize and debate the consequences (expected or not) of our technological developments. In addition to this not negligible social role science fiction also has an impact on our current developments. We speak here of \"loop-looping\", i.e. there is a feedback loop between what science fiction shows us and what we are then led to actually develop. From this point of view, our imaginations are performative, and this is perhaps the most critical issue: what I see can happen. In the case of hacking and cybersecurity, a particular phenomenon is added: the general public's knowledge of these subjects is mainly through the fictions they watch, read, or listen to. We propose to analyze a corpus of 200 fictional attacks, and 800 real attacks and to compare them to define if the imaginary ones are predictive if they inform us or on the contrary mislead us as for the reality of the current attacks. \r\n\r\nREFERENCES: \r\n\r\nThe subject of imaginaries is a key subject of the work of the Making Tomorrow collective co-founded by Nicolas Minvielle. As such, he has been able to conduct numerous studies aimed at analyzing the impact of science fiction on a given practice.\r\n\r\nA book has been published on the subject and is available online in pdf format:\r\nMinvielle, N. & Wathelet, O. & Lauquin, M. & Audinet, P., Design fiction for your organization, Making Tomorrow (2020), http://making-tomorrow.mkrs.fr/wp-content/uploads/2020/04/Making-Tomorrow-Design-Fiction-and-more-for-your-organization.pdf \r\n\r\nAcademic references on this subject: \r\n \r\nBrake, Mark, and Neil Hook, Different Engines: How Science Drives Fiction and Fiction Drives Science (London New York: Macmillan, 2008)\r\n \r\nCarpenter, C. (2016). Rethinking the Political / -Science- / Fiction Nexus: Global Policy Making and the Campaign to Stop Killer Robots. Perspectives on Politics, 14(1), 53-69. doi:10.1017/S1537592715003229\r\n \r\nJones, C., & Paris, C. (2018). It’s the End of the World and They Know It: How Dystopian Fiction Shapes Political Attitudes. Perspectives on Politics, 16(4), 969-989. doi:10.1017/S1537592718002153\r\n \r\nKevin L Young, Charli Carpenter, Does Science Fiction Affect Political Fact? Yes and No: A Survey Experiment on “Killer Robots”, International Studies Quarterly, Volume 62, Issue 3, September 2018, Pages 562–576, https://doi.org/10.1093/isq/sqy028\r\n \r\nKirby, David A., Lab Coats in Hollywood: Science, Scientists, and Cinema (Cambridge, Mass: MIT Press, 2011)\r\n \r\nMaynard, Andrew D., Films from the Future: The Technology and Morality of Sci-Fi Movies (Coral Gables: Mango Publishing, 2018)\r\n \r\nSeed, David, ed., Future Wars: The Anticipations and the Fears, Liverpool Science Fiction Texts and Studies, 42 (Liverpool: Liverpool Univ. Press, 2012)\r\n \r\nShedroff, Nathan, and Christopher Noessel, Make It so: Interaction Design Lessons from Science Fiction(Brooklyn, N.Y., USA: Rosenfeld Media, 2012)\r\n \r\nTelotte, J. P., Replications: A Robotic History of the Science Fiction Film (Urbana: University of Illinois Press, 1995)\r\n \r\nWestfahl, Gary, Wong Kin Yuen, and Amy Kit-sze Chan, eds., Science Fiction and the Prediction of the Future: Essays on Foresight and Fallacy, Critical Explorations in Science Fiction and Fantasy, 27 (Jefferson, N.C: McFarland, 2011)\r\n \r\nAppadurai, Arjun, ed., The Future as Cultural Fact: Essays on the Global Condition (London: New York : Verso Books, 2013)\r\n \r\nHere, a video (6’30 to 17’) of Xavier Facélina in 2017 inviting a panel to thing about cybersecurity from a different angle ; and with science fiction references (in French) :\r\nhttps://youtu.be/PIVwcu-HhQo\r\n \r\nHere, a video (8’55 to 29’55) of Nicolas Minvielle talking about the impact of science fiction in innovation (in French) : https://www.youtube.com/live/oK-k3AqdXBc?feature=share","end_timestamp":{"seconds":1691873100,"nanoseconds":0},"updated_timestamp":{"seconds":1687137540,"nanoseconds":0},"speakers":[{"content_ids":[50564],"conference_id":96,"event_ids":[50785],"name":"Nicolas Minvielle","affiliations":[{"organization":"Making Tomorrow","title":""}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/nicolas-minvielle-55026a3/"}],"media":[],"id":49778,"title":"Making Tomorrow"},{"content_ids":[50564],"conference_id":96,"event_ids":[50785],"name":"Xavier Facélina","affiliations":[{"organization":"Seclab","title":""}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/xfacelina/"}],"pronouns":null,"media":[],"id":49779,"title":"Seclab"}],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245735"}],"end":"2023-08-12T20:45:00.000-0000","id":50785,"village_id":null,"tag_ids":[45589,45646,45766],"begin_timestamp":{"seconds":1691870400,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49778},{"tag_id":45590,"sort_order":1,"person_id":49779}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"begin":"2023-08-12T20:00:00.000-0000","updated":"2023-06-19T01:19:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Join us for a timely and important discussion of the vulnerability of Dominion Voting Systems ImageCast X (ICX) ballot-marking devices, used in many states including Georgia--where there was extended illicit access to voting systems and software in 2021. (An ICX is available at Voting Village this year for researchers to explore.) In an unrebutted expert report filed in a federal suit seeking to compel the State of Georgia to reduce reliance on the ICX, Professors J. Alex Halderman and Drew Springall documented security vulnerabilities in the ICX that would allow votes to be altered. CISA issued a vulnerability advisory confirming the principal claims in that report. Dominion Voting Systems contracted with MITRE Corporation, a Federally Funded Contract Research and Development Center (FFRDC), to critique the Halderman/Springall report. Georgia election officials have cited the MITRE report in their decision to use unpatched versions of Dominion’s software in every precinct during the 2024 Presidential Election, despite CISA's warnings.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d653b1","updated_at":"2024-06-07T03:38+0000","name":"Village Panel","id":45771},"title":"Conflicting Security Reports from Halderman-Springalll and from MITRE: Which Is Right?","end_timestamp":{"seconds":1691872800,"nanoseconds":0},"android_description":"Join us for a timely and important discussion of the vulnerability of Dominion Voting Systems ImageCast X (ICX) ballot-marking devices, used in many states including Georgia--where there was extended illicit access to voting systems and software in 2021. (An ICX is available at Voting Village this year for researchers to explore.) In an unrebutted expert report filed in a federal suit seeking to compel the State of Georgia to reduce reliance on the ICX, Professors J. Alex Halderman and Drew Springall documented security vulnerabilities in the ICX that would allow votes to be altered. CISA issued a vulnerability advisory confirming the principal claims in that report. Dominion Voting Systems contracted with MITRE Corporation, a Federally Funded Contract Research and Development Center (FFRDC), to critique the Halderman/Springall report. Georgia election officials have cited the MITRE report in their decision to use unpatched versions of Dominion’s software in every precinct during the 2024 Presidential Election, despite CISA's warnings.","updated_timestamp":{"seconds":1691767260,"nanoseconds":0},"speakers":[{"content_ids":[52331,52405],"conference_id":96,"event_ids":[52615,52700],"name":"David Jefferson","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/drjefferson"}],"media":[],"id":51602},{"content_ids":[52405],"conference_id":96,"event_ids":[52700],"name":"Drew Springall","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/_aaspring_"},{"description":"","title":"Website","sort_order":0,"url":"https://aaspring.com/"}],"media":[],"id":51624},{"content_ids":[52405],"conference_id":96,"event_ids":[52700],"name":"Richard DeMillo","affiliations":[],"links":[{"description":"","title":"Profile","sort_order":0,"url":"https://www.cc.gatech.edu/people/richard-demillo"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/rad_atl"}],"pronouns":null,"media":[],"id":51625}],"timeband_id":991,"links":[],"end":"2023-08-12T20:40:00.000-0000","id":52700,"tag_ids":[40298,45646,45743,45771],"village_id":null,"begin_timestamp":{"seconds":1691870100,"nanoseconds":0},"includes":"","people":[{"tag_id":45631,"sort_order":1,"person_id":51602},{"tag_id":45632,"sort_order":1,"person_id":51624},{"tag_id":45632,"sort_order":1,"person_id":51625}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"spans_timebands":"N","begin":"2023-08-12T19:55:00.000-0000","updated":"2023-08-11T15:21:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Siemens Healthineers leans into technology to bring medical devices closer to clinicians and more accessible for those that need the best medical attention.\r\n\r\nThrough our medical device cybersecurity program and our Virtual Reality training platform we can do just that. \r\n\r\nFor this session we will briefly talk about our programs and let interested individuals navigate our Virtual world or get hands on access to a mobile X-Ray system.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Medical VR","end_timestamp":{"seconds":1691873400,"nanoseconds":0},"android_description":"Siemens Healthineers leans into technology to bring medical devices closer to clinicians and more accessible for those that need the best medical attention.\r\n\r\nThrough our medical device cybersecurity program and our Virtual Reality training platform we can do just that. \r\n\r\nFor this session we will briefly talk about our programs and let interested individuals navigate our Virtual world or get hands on access to a mobile X-Ray system.","updated_timestamp":{"seconds":1689116880,"nanoseconds":0},"speakers":[{"content_ids":[51050],"conference_id":96,"event_ids":[51082],"name":"David Nathans","affiliations":[{"organization":"Siemens Healthcare","title":"Product Security Manager"}],"links":[],"pronouns":null,"media":[],"id":50243,"title":"Product Security Manager at Siemens Healthcare"},{"content_ids":[51050],"conference_id":96,"event_ids":[51082],"name":"Ernest Liu","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50244}],"timeband_id":991,"links":[],"end":"2023-08-12T20:50:00.000-0000","id":51082,"tag_ids":[45645,45647,45717],"village_id":68,"begin_timestamp":{"seconds":1691869200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50243},{"tag_id":45590,"sort_order":1,"person_id":50244}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Laughlin I,II,III - Biohacking Village","hotel":"","short_name":"Laughlin I,II,III - Biohacking Village","id":45663},"updated":"2023-07-11T23:08:00.000-0000","begin":"2023-08-12T19:40:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Terminals are ancient and dangerous beasts. While performing a routine code auditing, our team has discovered several vulnerabilities in ncurses, present on multiple operating systems. In this talk we will discuss those vulnerabilities and the dangers they pose, as well as discuss oss security in general.\n\n\n","title":"The Curse of Ncurses","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#74a6bb","name":"DEF CON Groups VR","id":45643},"android_description":"Terminals are ancient and dangerous beasts. While performing a routine code auditing, our team has discovered several vulnerabilities in ncurses, present on multiple operating systems. In this talk we will discuss those vulnerabilities and the dangers they pose, as well as discuss oss security in general.","end_timestamp":{"seconds":1691871600,"nanoseconds":0},"updated_timestamp":{"seconds":1691203020,"nanoseconds":0},"speakers":[{"content_ids":[50567,52197],"conference_id":96,"event_ids":[50807,52447],"name":"Jonathan Bar Or","affiliations":[{"organization":"Microsoft","title":"Security Researcher"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/yo_yo_yo_jbo"}],"pronouns":"he/him","media":[],"id":49783,"title":"Security Researcher at Microsoft"}],"timeband_id":991,"links":[{"label":"Join via DCGVR","type":"link","url":"https://dcgvr.org/join"},{"label":"Website","type":"link","url":"https://dcgvr.org/"}],"end":"2023-08-12T20:20:00.000-0000","id":52447,"begin_timestamp":{"seconds":1691868900,"nanoseconds":0},"tag_ids":[45643,45744],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49783}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45749},"spans_timebands":"N","updated":"2023-08-05T02:37:00.000-0000","begin":"2023-08-12T19:35:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Physical pentesting in a post-covid world","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691871300,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691565120,"nanoseconds":0},"speakers":[{"content_ids":[52389],"conference_id":96,"event_ids":[52680],"name":"Brian Halbach","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51610}],"timeband_id":991,"links":[],"end":"2023-08-12T20:15:00.000-0000","id":52680,"tag_ids":[40290,45645,45647,45743],"begin_timestamp":{"seconds":1691868600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51610}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Carson City - Physical Security Village","hotel":"","short_name":"Carson City - Physical Security Village","id":45679},"updated":"2023-08-09T07:12:00.000-0000","begin":"2023-08-12T19:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Voting Village will review it's initial analysis from the high-profile unboxing from the day before.\n\n\n","title":"Review: Surprise Unboxing","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"The Voting Village will review it's initial analysis from the high-profile unboxing from the day before.","end_timestamp":{"seconds":1691871600,"nanoseconds":0},"updated_timestamp":{"seconds":1691435100,"nanoseconds":0},"speakers":[{"content_ids":[52313,52327,52337,52331],"conference_id":96,"event_ids":[52597,52611,52615,52621,52622],"name":"Harri Hursti","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/hhursti"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/harrihursti"},{"description":"","title":"Village Website","sort_order":0,"url":"https://votingvillage.org"}],"media":[],"id":51542}],"timeband_id":991,"links":[],"end":"2023-08-12T20:20:00.000-0000","id":52597,"tag_ids":[40298,45645,45646,45743],"begin_timestamp":{"seconds":1691868600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51542}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"begin":"2023-08-12T19:30:00.000-0000","updated":"2023-08-07T19:05:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Andrea Downing and Eric Perakslis co-published evidence of health data leaking illegally from medical institutions via cross-site trackers such as Meta Pixel. Since publication, follow-up investigations have uncovered a historic data breach currently at 61 million patients and counting as of May 2023. This research has catalyzed unprecedented enforcement of the Health Breach Notification Rule by the Federal Trade Commission, and is now expanding to show whether health tech companies and clinical sites are complying with the law.\n\n\n","title":"Patient Zero Day: The Leaking of Patients' Private Health Data Contributed To A Medical Infodemic","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691872200,"nanoseconds":0},"android_description":"Andrea Downing and Eric Perakslis co-published evidence of health data leaking illegally from medical institutions via cross-site trackers such as Meta Pixel. Since publication, follow-up investigations have uncovered a historic data breach currently at 61 million patients and counting as of May 2023. This research has catalyzed unprecedented enforcement of the Health Breach Notification Rule by the Federal Trade Commission, and is now expanding to show whether health tech companies and clinical sites are complying with the law.","updated_timestamp":{"seconds":1691284500,"nanoseconds":0},"speakers":[{"content_ids":[52269],"conference_id":96,"event_ids":[52533],"name":"Andrea Downing","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51496}],"timeband_id":991,"links":[],"end":"2023-08-12T20:30:00.000-0000","id":52533,"village_id":null,"tag_ids":[40305,45645,45646,45743],"begin_timestamp":{"seconds":1691868600,"nanoseconds":0},"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51496}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 224 - Misinfo Village","hotel":"","short_name":"Summit - 224 - Misinfo Village","id":45856},"spans_timebands":"N","begin":"2023-08-12T19:30:00.000-0000","updated":"2023-08-06T01:15:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Will demonstrate how to use SPARTA to develop attack chains against space systems. This presentation will present pre-existing attack chains (e.g., CySat 2023, Hack-a-Sat 3, etc.) that have been performed as well as new attack chains leveraging the SPARTA TTPs. The presentation will include a demonstration of at least one attack chain using a digital twin simulation.\n\n\n","title":"Building Space Attack Chains using SPARTA","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"Will demonstrate how to use SPARTA to develop attack chains against space systems. This presentation will present pre-existing attack chains (e.g., CySat 2023, Hack-a-Sat 3, etc.) that have been performed as well as new attack chains leveraging the SPARTA TTPs. The presentation will include a demonstration of at least one attack chain using a digital twin simulation.","end_timestamp":{"seconds":1691871600,"nanoseconds":0},"updated_timestamp":{"seconds":1691101260,"nanoseconds":0},"speakers":[{"content_ids":[52157],"conference_id":96,"event_ids":[52387],"name":"Brandon Bailey","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51404}],"timeband_id":991,"links":[],"end":"2023-08-12T20:20:00.000-0000","id":52387,"tag_ids":[40280,45645,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691868600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51404}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"updated":"2023-08-03T22:21:00.000-0000","begin":"2023-08-12T19:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Metaverse is the Most Powerful, Addictive Reality Distortion Machine Ever Conceived… and it Can Predict the Future.\r\n \r\nThe metaverse is an evolving storytelling environment in which humans have congregated for millennia to experience alternate, immersive, and simulated realities, with or without technology. Storytelling is designed to influence mental and physical perceptions suiting the purposes of the content creators.\r\n \r\nMetawar is the art of applying science to create and defend against the influence of alternate realities in the metaverse.\r\n \r\nMy research into Metawar initially focused on metaversal technologies. Unexpectedly, it morphed into an intensely personal experience, triggering my own Metanoia, which had a profound impact on the entire Metawar Thesis.\r\n \r\nImmersive Experience = > Reality Distortion => Disinformation = >> Manipulation => Reward => Addiction => Compliance\r\n \r\nMy Metanoia has been integral to the evolution of thinking about the synthesis of carbon-silicon technologies and the Venn of objective-subjective reality perception. Please, bring your thoughts so we can talk about what being human even means as increasingly immersive metaverse experiences bend our sense of reality.\r\n \r\nWARNING: There may be some maths.\n\n\n","title":"Metawar","type":{"conference_id":96,"conference":"DEFCON31","color":"#47c64e","updated_at":"2024-06-07T03:38+0000","name":"DEF CON War Story","id":45844},"end_timestamp":{"seconds":1691872200,"nanoseconds":0},"android_description":"The Metaverse is the Most Powerful, Addictive Reality Distortion Machine Ever Conceived… and it Can Predict the Future.\r\n \r\nThe metaverse is an evolving storytelling environment in which humans have congregated for millennia to experience alternate, immersive, and simulated realities, with or without technology. Storytelling is designed to influence mental and physical perceptions suiting the purposes of the content creators.\r\n \r\nMetawar is the art of applying science to create and defend against the influence of alternate realities in the metaverse.\r\n \r\nMy research into Metawar initially focused on metaversal technologies. Unexpectedly, it morphed into an intensely personal experience, triggering my own Metanoia, which had a profound impact on the entire Metawar Thesis.\r\n \r\nImmersive Experience = > Reality Distortion => Disinformation = >> Manipulation => Reward => Addiction => Compliance\r\n \r\nMy Metanoia has been integral to the evolution of thinking about the synthesis of carbon-silicon technologies and the Venn of objective-subjective reality perception. Please, bring your thoughts so we can talk about what being human even means as increasingly immersive metaverse experiences bend our sense of reality.\r\n \r\nWARNING: There may be some maths.","updated_timestamp":{"seconds":1691091300,"nanoseconds":0},"speakers":[{"content_ids":[52147],"conference_id":96,"event_ids":[52377],"name":"Winn","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51400}],"timeband_id":991,"links":[],"end":"2023-08-12T20:30:00.000-0000","id":52377,"begin_timestamp":{"seconds":1691868600,"nanoseconds":0},"village_id":null,"tag_ids":[45648,45743,45837,45844],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51400}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45666,"name":"Harrah's - Nevada Ballroom - Lake Tahoe & Reno - War Stories - Off the Record","hotel":"","short_name":"War Stories - Off the Record","id":45802},"spans_timebands":"N","updated":"2023-08-03T19:35:00.000-0000","begin":"2023-08-12T19:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In today's threat landscape, security teams are overwhelmed with the number of alerts generated by their security stack. However, not all alerts are equally critical, and it's essential to prioritize them based on their severity and context impact on the organization. In this panel discussion, our AppSec experts will share their experiences and insights on how to effectively prioritize alerts and reduce alert fatigue. They will discuss best practices for triaging alerts, techniques to automate the process, and strategies to ensure that the most critical alerts receive immediate attention. Join us to learn from the experts on how to effectively manage security alerts and improve your organization's security posture.\r\n\n\n\n","title":"Not All Alerts Are Born Equal: Insights from AppSec Experts on Prioritizing Security Alerts","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691872200,"nanoseconds":0},"android_description":"In today's threat landscape, security teams are overwhelmed with the number of alerts generated by their security stack. However, not all alerts are equally critical, and it's essential to prioritize them based on their severity and context impact on the organization. In this panel discussion, our AppSec experts will share their experiences and insights on how to effectively prioritize alerts and reduce alert fatigue. They will discuss best practices for triaging alerts, techniques to automate the process, and strategies to ensure that the most critical alerts receive immediate attention. Join us to learn from the experts on how to effectively manage security alerts and improve your organization's security posture.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52110],"conference_id":96,"event_ids":[52334],"name":"Joe Christian","affiliations":[],"pronouns":null,"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/joechristian1/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/Jo3Ram"}],"media":[],"id":51351},{"content_ids":[52110],"conference_id":96,"event_ids":[52334],"name":"Kunal Bhattacharya","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/kunal-bhattacharya/"}],"pronouns":null,"media":[],"id":51357},{"content_ids":[52110],"conference_id":96,"event_ids":[52334],"name":"Shahar Man","affiliations":[],"pronouns":null,"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/shaharman/"}],"media":[],"id":51375},{"content_ids":[52110],"conference_id":96,"event_ids":[52334],"name":"Trupti Shiralkar","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/tru-shiralkar-0a085a8"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/tshiralkar"}],"pronouns":null,"media":[],"id":51381}],"timeband_id":991,"links":[],"end":"2023-08-12T20:30:00.000-0000","id":52334,"tag_ids":[40297,45645,45647,45743],"village_id":null,"begin_timestamp":{"seconds":1691868600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51351},{"tag_id":45590,"sort_order":1,"person_id":51357},{"tag_id":45590,"sort_order":1,"person_id":51375},{"tag_id":45590,"sort_order":1,"person_id":51381}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Main Stage","hotel":"","short_name":"AppSec Village - Main Stage","id":45960},"spans_timebands":"N","begin":"2023-08-12T19:30:00.000-0000","updated":"2023-08-03T15:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The California Privacy Rights Act (CPRA), the Colorado Privacy Act (CPA), the Virginia Consumer Data Protection Act (VCDPA), and the Connecticut Data Privacy Act (CTDPA) empower consumers with the option to withdraw from the processing of their personal data for profiling objectives, establishing regulations that influence automated decision-making. As organizations, including legal firms, are adopting large language models (LLMs) more frequently for various purposes, addressing issues related to privacy and security becomes critical. This talk will explore tactics and best practices implemented by King & Spalding to mitigate risks connected with LLMs. The conversation will particularly emphasize de-identification tools, terms of service, and the potential risk of client confidential data breaches. Attendees will be updated about recent privacy and security regulations, along with methodologies to ensure regulatory adherence and uphold trust.\n\n\n","title":"LLM Legal Risk Management, and Use Case Development Strategies to Minimize Risk","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691871900,"nanoseconds":0},"android_description":"The California Privacy Rights Act (CPRA), the Colorado Privacy Act (CPA), the Virginia Consumer Data Protection Act (VCDPA), and the Connecticut Data Privacy Act (CTDPA) empower consumers with the option to withdraw from the processing of their personal data for profiling objectives, establishing regulations that influence automated decision-making. As organizations, including legal firms, are adopting large language models (LLMs) more frequently for various purposes, addressing issues related to privacy and security becomes critical. This talk will explore tactics and best practices implemented by King & Spalding to mitigate risks connected with LLMs. The conversation will particularly emphasize de-identification tools, terms of service, and the potential risk of client confidential data breaches. Attendees will be updated about recent privacy and security regulations, along with methodologies to ensure regulatory adherence and uphold trust.","updated_timestamp":{"seconds":1691031420,"nanoseconds":0},"speakers":[{"content_ids":[52057],"conference_id":96,"event_ids":[52276],"name":"Nick Maietta","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51290},{"content_ids":[52057],"conference_id":96,"event_ids":[52276],"name":"Robert Hudock","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51293}],"timeband_id":991,"links":[],"end":"2023-08-12T20:25:00.000-0000","id":52276,"begin_timestamp":{"seconds":1691868600,"nanoseconds":0},"tag_ids":[40299,45645,45646,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51290},{"tag_id":45590,"sort_order":1,"person_id":51293}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 401-406 - AI Village","hotel":"","short_name":"Academy - 401-406 - AI Village","id":45870},"spans_timebands":"N","updated":"2023-08-03T02:57:00.000-0000","begin":"2023-08-12T19:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The enshittification of the internet follows a predictable trajectory: first, platforms are good to their users; then they abuse their users to make things better for their business customers; finally, they abuse those business customers to claw back all the value for themselves. Then, they die.\r\n\r\nIt doesn't have to be this way. Enshittification occurs when companies gobble each other up in an orgy of mergers and acquisitions, reducing the internet to \"five giant websites filled with screenshots of text from the other four\" (credit to Tom Eastman!), which lets them endlessly tweak their back-ends to continue to shift value from users and business-customers to themselves. The government gets in on the act by banning tweaking by users - reverse-engineering, scraping, bots and other user-side self-help measures - leaving users helpless before the march of enshittification.\r\n\r\nWe don't have to accept this! Disenshittifying the internet will require antitrust, limits on corporate tweaking - through privacy laws and other protections - and aggressive self-help measures from alternative app stores to ad blockers and beyond!\n\n\n","title":"An Audacious Plan to Halt the Internet's Enshittification","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"android_description":"The enshittification of the internet follows a predictable trajectory: first, platforms are good to their users; then they abuse their users to make things better for their business customers; finally, they abuse those business customers to claw back all the value for themselves. Then, they die.\r\n\r\nIt doesn't have to be this way. Enshittification occurs when companies gobble each other up in an orgy of mergers and acquisitions, reducing the internet to \"five giant websites filled with screenshots of text from the other four\" (credit to Tom Eastman!), which lets them endlessly tweak their back-ends to continue to shift value from users and business-customers to themselves. The government gets in on the act by banning tweaking by users - reverse-engineering, scraping, bots and other user-side self-help measures - leaving users helpless before the march of enshittification.\r\n\r\nWe don't have to accept this! Disenshittifying the internet will require antitrust, limits on corporate tweaking - through privacy laws and other protections - and aggressive self-help measures from alternative app stores to ad blockers and beyond!","end_timestamp":{"seconds":1691871300,"nanoseconds":0},"updated_timestamp":{"seconds":1688251680,"nanoseconds":0},"speakers":[{"content_ids":[50686,52299],"conference_id":96,"event_ids":[50826,52571],"name":"Cory Doctorow","affiliations":[],"links":[{"description":"","title":"Bio","sort_order":0,"url":"http://craphound.com/bio"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@doctorow"}],"pronouns":null,"media":[],"id":49978}],"timeband_id":991,"end":"2023-08-12T20:15:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246135"}],"id":50826,"tag_ids":[45589,45646,45766],"village_id":null,"begin_timestamp":{"seconds":1691868600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49978}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 130-134 - Track 3","hotel":"","short_name":"Forum - 130-134 - Track 3","id":45798},"updated":"2023-07-01T22:48:00.000-0000","begin":"2023-08-12T19:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In this talk, we present video-based cryptanalysis, a new method to recover secret keys from a non-compromised device by analyzing video footage obtained from a device’s power LED. We show that cryptographic computations performed by the device’s CPU change the power consumption of the device which affects the brightness/color of the device’s power LED. The changes in the brightness can be detected at a sufficient sampling rate for cryptanalysis by obtaining video footage from a device’s power LED (by filling the frame with the LED) and exploiting the video camera’s rolling shutter, to increase the sampling rate by three orders of magnitude. The frames of the video footage are analyzed in the RGB space, and the RGB values are used to recover the secret key. We demonstrate the recovery of: (1) a 256- bit ECDSA key from a smartcard using video footage obtained from the power LED of the smartcard reader via a hijacked Internet-connected security camera located 16 meters away from the smartcard reader, and (2) a 378-bit SIKE key from a Samsung Galaxy S8 using video footage obtained from the power LED of Logitech Z120 USB speakers (that were connected to the same USB Hub of the Galaxy S8) via iPhone 12.\r\n\r\nWe discuss countermeasures, limitations, and the future of video-based cryptanalysis.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"title":"Video-based Cryptanalysis: Extracting Secret Keys from Power LEDs of Various Non-compromised Devices Using a Video Camera","end_timestamp":{"seconds":1691871300,"nanoseconds":0},"android_description":"In this talk, we present video-based cryptanalysis, a new method to recover secret keys from a non-compromised device by analyzing video footage obtained from a device’s power LED. We show that cryptographic computations performed by the device’s CPU change the power consumption of the device which affects the brightness/color of the device’s power LED. The changes in the brightness can be detected at a sufficient sampling rate for cryptanalysis by obtaining video footage from a device’s power LED (by filling the frame with the LED) and exploiting the video camera’s rolling shutter, to increase the sampling rate by three orders of magnitude. The frames of the video footage are analyzed in the RGB space, and the RGB values are used to recover the secret key. We demonstrate the recovery of: (1) a 256- bit ECDSA key from a smartcard using video footage obtained from the power LED of the smartcard reader via a hijacked Internet-connected security camera located 16 meters away from the smartcard reader, and (2) a 378-bit SIKE key from a Samsung Galaxy S8 using video footage obtained from the power LED of Logitech Z120 USB speakers (that were connected to the same USB Hub of the Galaxy S8) via iPhone 12.\r\n\r\nWe discuss countermeasures, limitations, and the future of video-based cryptanalysis.","updated_timestamp":{"seconds":1687138320,"nanoseconds":0},"speakers":[{"content_ids":[50578],"conference_id":96,"event_ids":[50768],"name":"Ben Nassi","affiliations":[{"organization":"Ben-Gurion University of the Negev","title":"Postdoctoral Researcher"}],"links":[{"description":"","title":"","sort_order":0,"url":"https://www.nassiben.com"},{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/ben-nassi-68a743115/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ben_nassi"}],"pronouns":null,"media":[],"id":49801,"title":"Postdoctoral Researcher at Ben-Gurion University of the Negev"},{"content_ids":[50578],"conference_id":96,"event_ids":[50768],"name":"Ofek Vayner","affiliations":[{"organization":"Ben-Gurion University of the Negev","title":"M.Sc. Student"}],"links":[],"pronouns":null,"media":[],"id":49802,"title":"M.Sc. Student at Ben-Gurion University of the Negev"}],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245749"}],"end":"2023-08-12T20:15:00.000-0000","id":50768,"begin_timestamp":{"seconds":1691868600,"nanoseconds":0},"tag_ids":[45589,45592,45629,45646,45766],"village_id":null,"includes":"Exploit 🪲, Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49801},{"tag_id":45590,"sort_order":1,"person_id":49802}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 105,135,136 - Track 1","hotel":"","short_name":"Forum - 105,135,136 - Track 1","id":45796},"updated":"2023-06-19T01:32:00.000-0000","begin":"2023-08-12T19:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In 2010, the FBI arrested a group of 10 Russian spies that were posing as Americans to gather intelligence. They spent decades building legitimacy in the US all towards the goal of getting jobs at big banks, consulting firms and tech companies.\r\n\r\nThese Russian spies didn’t know it back then, but there was a shortcut to influential positions in US society: becoming an elected official of a private organization.\r\n\r\nPrivate elections are elections for leadership positions of organizations like unions, NGOs, universities, boards, pension funds, etc.\r\n\r\nFor a foreign adversary, private elections are a goldmine of powerful positions at the state and national level. Unlike civil elections, these elections have no paper trail, often little oversight and minimal technical safeguards against vote tampering.\r\n\r\nAnd as we'll see in this talk: they're highly hackable.\n\n\n","title":"US private elections: the easy way in for foreign adversaries.","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"In 2010, the FBI arrested a group of 10 Russian spies that were posing as Americans to gather intelligence. They spent decades building legitimacy in the US all towards the goal of getting jobs at big banks, consulting firms and tech companies.\r\n\r\nThese Russian spies didn’t know it back then, but there was a shortcut to influential positions in US society: becoming an elected official of a private organization.\r\n\r\nPrivate elections are elections for leadership positions of organizations like unions, NGOs, universities, boards, pension funds, etc.\r\n\r\nFor a foreign adversary, private elections are a goldmine of powerful positions at the state and national level. Unlike civil elections, these elections have no paper trail, often little oversight and minimal technical safeguards against vote tampering.\r\n\r\nAnd as we'll see in this talk: they're highly hackable.","end_timestamp":{"seconds":1691869800,"nanoseconds":0},"updated_timestamp":{"seconds":1691867700,"nanoseconds":0},"speakers":[{"content_ids":[52414],"conference_id":96,"event_ids":[52711],"name":"Scheme","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51634}],"timeband_id":991,"links":[],"end":"2023-08-12T19:50:00.000-0000","id":52711,"begin_timestamp":{"seconds":1691868000,"nanoseconds":0},"tag_ids":[40298,45645,45646,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51634}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"spans_timebands":"N","updated":"2023-08-12T19:15:00.000-0000","begin":"2023-08-12T19:20:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Vulnerability research is sometimes perceived as a glamorous pursuit, where researchers constantly uncover security flaws and find critical exploits that can lead to catastrophic results. In this talk, we show you what it's really like behind the scenes of cloud vulnerability research.\r\n\r\nWe discuss the lessons learned while dealing with the barriers and challenges that arise when searching for and reporting new vulnerabilities to the biggest cloud vendors. We will present the mindset we embrace to find common ground in major services, and the importance of a responsible disclosure process. We debate why we, the researchers, are accountable for our findings and how we should push the cloud vendor for the best bug resolution.\r\n\r\nOften, vulnerability talks are about the researcher's greatest success stories. This talk also explores the unexpected benefits of coming up short in vulnerability research. We argue that these \"\"losses\"\" can provide valuable insights into security research, allowing us to better understand a system's strengths and weaknesses and its security stack.\r\n\r\nThe session draws on real-world examples, including a major vulnerability we uncovered that affected multiple Azure web services, exploitation of internal communication channels across various CSPs, and our go-to approach when exploring new unfamiliar cloud services. We close the session by discussing each vendor's unique approach to fixing reported security issues.\r\n\r\nJoin us for this thought-provoking talk and discover the hidden side of vulnerability research. You'll come away with a new appreciation for the challenges and rewards of this fascinating field and a deeper understanding of its role in keeping us all safe and secure.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"The Rocky Balboa Guide to Security Research: Getting Back Up When You Get Knocked Down","android_description":"Vulnerability research is sometimes perceived as a glamorous pursuit, where researchers constantly uncover security flaws and find critical exploits that can lead to catastrophic results. In this talk, we show you what it's really like behind the scenes of cloud vulnerability research.\r\n\r\nWe discuss the lessons learned while dealing with the barriers and challenges that arise when searching for and reporting new vulnerabilities to the biggest cloud vendors. We will present the mindset we embrace to find common ground in major services, and the importance of a responsible disclosure process. We debate why we, the researchers, are accountable for our findings and how we should push the cloud vendor for the best bug resolution.\r\n\r\nOften, vulnerability talks are about the researcher's greatest success stories. This talk also explores the unexpected benefits of coming up short in vulnerability research. We argue that these \"\"losses\"\" can provide valuable insights into security research, allowing us to better understand a system's strengths and weaknesses and its security stack.\r\n\r\nThe session draws on real-world examples, including a major vulnerability we uncovered that affected multiple Azure web services, exploitation of internal communication channels across various CSPs, and our go-to approach when exploring new unfamiliar cloud services. We close the session by discussing each vendor's unique approach to fixing reported security issues.\r\n\r\nJoin us for this thought-provoking talk and discover the hidden side of vulnerability research. You'll come away with a new appreciation for the challenges and rewards of this fascinating field and a deeper understanding of its role in keeping us all safe and secure.","end_timestamp":{"seconds":1691870400,"nanoseconds":0},"updated_timestamp":{"seconds":1690921140,"nanoseconds":0},"speakers":[{"content_ids":[51984],"conference_id":96,"event_ids":[52178],"name":"Liv Matan","affiliations":[{"organization":"Ermetic","title":"Cloud Security Researcher"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/terminatorLM"}],"media":[],"id":51189,"title":"Cloud Security Researcher at Ermetic"}],"timeband_id":991,"links":[],"end":"2023-08-12T20:00:00.000-0000","id":52178,"village_id":null,"begin_timestamp":{"seconds":1691868000,"nanoseconds":0},"tag_ids":[40284,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51189}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Mesquite - Cloud Village","hotel":"","short_name":"Mesquite - Cloud Village","id":45653},"updated":"2023-08-01T20:19:00.000-0000","begin":"2023-08-12T19:20:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"How I Built Recon to Scale with Serverless Architecture","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691869800,"nanoseconds":0},"updated_timestamp":{"seconds":1689553020,"nanoseconds":0},"speakers":[{"content_ids":[51306,51998],"conference_id":96,"event_ids":[51368,52192],"name":"Gunnar Andrews","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@G0LDEN_infosec"}],"pronouns":null,"media":[],"id":50458}],"timeband_id":991,"links":[],"end":"2023-08-12T19:50:00.000-0000","id":51368,"begin_timestamp":{"seconds":1691867100,"nanoseconds":0},"village_id":59,"tag_ids":[40293,45645,45649,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50458}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social B and C - Recon Village","hotel":"","short_name":"Social B and C - Recon Village","id":45737},"begin":"2023-08-12T19:05:00.000-0000","updated":"2023-07-17T00:17:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"RFID Hacking","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691868600,"nanoseconds":0},"updated_timestamp":{"seconds":1691565120,"nanoseconds":0},"speakers":[{"content_ids":[52388,52392,52397],"conference_id":96,"event_ids":[52688,52679,52683],"name":"Ege","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51607}],"timeband_id":991,"links":[],"end":"2023-08-12T19:30:00.000-0000","id":52679,"tag_ids":[40290,45645,45647,45743],"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51607}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Carson City - Physical Security Village","hotel":"","short_name":"Carson City - Physical Security Village","id":45679},"begin":"2023-08-12T19:00:00.000-0000","updated":"2023-08-09T07:12:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Capture The Packet is returning to DEF CON! Our legendary cyber defense competition has been a Black Badge contest for over 10 years! Glory and prizes await. Follow this event on Twitter at @Capturetp for the latest information on competition dates and times, as well as prizes.\n\n\n","title":"Capture The Packet Main Rounds","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"android_description":"Capture The Packet is returning to DEF CON! Our legendary cyber defense competition has been a Black Badge contest for over 10 years! Glory and prizes await. Follow this event on Twitter at @Capturetp for the latest information on competition dates and times, as well as prizes.","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1691375940,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52593,"village_id":null,"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"tag_ids":[40288,45635,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"begin":"2023-08-12T19:00:00.000-0000","updated":"2023-08-07T02:39:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"SUNDAY CANCELED: HDA / Accessibility Area Open","type":{"conference_id":96,"conference":"DEFCON31","color":"#d1c366","updated_at":"2024-06-07T03:38+0000","name":"Meetup","id":45639},"end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691955960,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52588,"tag_ids":[45639,45648,45743],"village_id":null,"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Studio 2-4 - HDA Community","hotel":"","short_name":"Studio 2-4 - HDA Community","id":45728},"begin":"2023-08-12T19:00:00.000-0000","updated":"2023-08-13T19:46:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"\"After designing a miniature PCB based on jhewitt's ESP32 Wardriver design, a friend across the country showed interest in obtaining one of the boards. The idea came up that the hardware could be shipped along with a battery and the results could be analyzed and uploaded to Wigle.net after the fact. \r\n\r\nThis talk goes over the hardware used, the safety considerations, testing methodologies, and criteria needed to be met before proceeding. The results will be analyzed and compared to the shipping service’s tracking methods, with visualizations on a map to show shipping progress.\"\n\n\n","title":"Shipping Wardriving Hardware - Cross-country Wigle on the Cheap","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691868000,"nanoseconds":0},"android_description":"\"After designing a miniature PCB based on jhewitt's ESP32 Wardriver design, a friend across the country showed interest in obtaining one of the boards. The idea came up that the hardware could be shipped along with a battery and the results could be analyzed and uploaded to Wigle.net after the fact. \r\n\r\nThis talk goes over the hardware used, the safety considerations, testing methodologies, and criteria needed to be met before proceeding. The results will be analyzed and compared to the shipping service’s tracking methods, with visualizations on a map to show shipping progress.\"","updated_timestamp":{"seconds":1691259900,"nanoseconds":0},"speakers":[{"content_ids":[52253],"conference_id":96,"event_ids":[52514],"name":"Segfault","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/CoD_Segfault"}],"pronouns":null,"media":[],"id":51491}],"timeband_id":991,"links":[],"end":"2023-08-12T19:20:00.000-0000","id":52514,"village_id":null,"tag_ids":[40292,45645,45647,45743],"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51491}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Eldorado - Radio Frequency Village","hotel":"","short_name":"Eldorado - Radio Frequency Village","id":45714},"spans_timebands":"N","updated":"2023-08-05T18:25:00.000-0000","begin":"2023-08-12T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Weather balloons’ radiosondes measure and transmit weather data. Besides weather models and forecasts, radiosondes are also important for gathering weather data for satellite launches and human spaceflights. I’ll present a simulation framework for the most popular radiosonde model and present simulations of a jamming attack and a spoofing attack on a receiver. I'll talk about the shortcomings of the military variant of the radiosonde model and suggest a simple way to cope with spoofing attacks.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"CON trolling the weather","end_timestamp":{"seconds":1691868300,"nanoseconds":0},"android_description":"Weather balloons’ radiosondes measure and transmit weather data. Besides weather models and forecasts, radiosondes are also important for gathering weather data for satellite launches and human spaceflights. I’ll present a simulation framework for the most popular radiosonde model and present simulations of a jamming attack and a spoofing attack on a receiver. I'll talk about the shortcomings of the military variant of the radiosonde model and suggest a simple way to cope with spoofing attacks.","updated_timestamp":{"seconds":1691101260,"nanoseconds":0},"speakers":[{"content_ids":[50546,52156],"conference_id":96,"event_ids":[50853,52386],"name":"Paz Hameiri","affiliations":[{"organization":"","title":"Hacker"}],"pronouns":"he/him","links":[{"description":"","title":"","sort_order":0,"url":"https://il.linkedin.com/in/paz-hameiri-251b11143"}],"media":[],"id":49755,"title":"Hacker"}],"timeband_id":991,"links":[],"end":"2023-08-12T19:25:00.000-0000","id":52386,"tag_ids":[40280,45645,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49755}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"updated":"2023-08-03T22:21:00.000-0000","begin":"2023-08-12T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"About Face! Beginner Intro to Facial Recognition","android_description":"","end_timestamp":{"seconds":1691868600,"nanoseconds":0},"updated_timestamp":{"seconds":1691026080,"nanoseconds":0},"speakers":[{"content_ids":[52041,52042],"conference_id":96,"event_ids":[52257,52258],"name":"Kate","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51259}],"timeband_id":991,"links":[],"end":"2023-08-12T19:30:00.000-0000","id":52258,"tag_ids":[40308,45647,45719,45743],"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51259}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset - Vista - Crypto & Privacy Village","hotel":"","short_name":"Sunset - Vista - Crypto & Privacy Village","id":45702},"updated":"2023-08-03T01:28:00.000-0000","begin":"2023-08-12T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Ten Years of CPV - The Gold Bug Challenge","end_timestamp":{"seconds":1691870400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691025780,"nanoseconds":0},"speakers":[{"content_ids":[52022,52029,52030,52031,52037,52040,52043],"conference_id":96,"event_ids":[52238,52247,52246,52245,52253,52259,52256,52260,52261,52262],"name":"CPV Staff","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51254},{"content_ids":[52029],"conference_id":96,"event_ids":[52245],"name":"Gold Bug Challenge Team","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51423}],"timeband_id":991,"links":[],"end":"2023-08-12T20:00:00.000-0000","id":52245,"tag_ids":[40308,45645,45647,45743],"village_id":null,"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51254},{"tag_id":45590,"sort_order":1,"person_id":51423}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset - Vista - Crypto & Privacy Village","hotel":"","short_name":"Sunset - Vista - Crypto & Privacy Village","id":45702},"spans_timebands":"N","updated":"2023-08-03T01:23:00.000-0000","begin":"2023-08-12T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"A major cyber incident has occurred. How will you respond? \r\n\r\nA war game but make it cyber. In groups of 3-4 people, hackers and policymakers at the village will respond to a cybersecurity crisis scenario with far reaching impacts on the public but especially vulnerable communities. Groups of 3-4 participants will develop responses to mitigate the crisis and present these to the larger group. Participants may take on specific roles based on the storyline of the crisis (e.g. CISA, the White House, CVD coordinating bodies, OT security researchers, and more).\n\n\n","title":"Hands On a Cyber Policy Crisis: Testing Assumptions and Navigating Challenges through a Cyber Simulation","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"A major cyber incident has occurred. How will you respond? \r\n\r\nA war game but make it cyber. In groups of 3-4 people, hackers and policymakers at the village will respond to a cybersecurity crisis scenario with far reaching impacts on the public but especially vulnerable communities. Groups of 3-4 participants will develop responses to mitigate the crisis and present these to the larger group. Participants may take on specific roles based on the storyline of the crisis (e.g. CISA, the White House, CVD coordinating bodies, OT security researchers, and more).","end_timestamp":{"seconds":1691873400,"nanoseconds":0},"updated_timestamp":{"seconds":1690431480,"nanoseconds":0},"speakers":[{"content_ids":[51504,51519],"conference_id":96,"event_ids":[51660,51675],"name":"Safa Shahwan Edwards","affiliations":[{"organization":"Atlantic Council","title":"Deputy Director, Cyber Statecraft Initiative"}],"links":[],"pronouns":null,"media":[],"id":50634,"title":"Deputy Director, Cyber Statecraft Initiative at Atlantic Council"}],"timeband_id":991,"links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"end":"2023-08-12T20:50:00.000-0000","id":51675,"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"tag_ids":[40310,45645,45646,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50634}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 218-219 - Policy Rotunda","hotel":"","short_name":"Summit - 218-219 - Policy Rotunda","id":45824},"begin":"2023-08-12T19:00:00.000-0000","updated":"2023-07-27T04:18:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In recent years, lawmakers around the world have proposed legislation aimed at ending encryption, under the guise of ending child exploitation. In the first half of 2023, we have already seen two serious legislative proposals in the Senate that would result in potentially disastrous legal risks for any company that provides encrypted messages. \r\n\r\nCome join us to get an update about the government’s efforts to break encryption – again. We’ll talk about what is different from the last Encryption Wars, what the conversation sounds like right now in DC*, and we’ve been doing to fight back. Most important, we’ll talk about what technologists can do to protect encryption and everyone who uses it. \r\n\r\n*when you read this, EARN IT and the STOP CSAM Act, both bills designed to break encryption, will have been marked up and passed out of the Senate Judiciary Committee. What happens after that is entirely dependent on many factors outside my control. The FBI is super gearing up to double down on their position, though.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"The Coming War on Encryption, Part 3 (and how you can fight back)","android_description":"In recent years, lawmakers around the world have proposed legislation aimed at ending encryption, under the guise of ending child exploitation. In the first half of 2023, we have already seen two serious legislative proposals in the Senate that would result in potentially disastrous legal risks for any company that provides encrypted messages. \r\n\r\nCome join us to get an update about the government’s efforts to break encryption – again. We’ll talk about what is different from the last Encryption Wars, what the conversation sounds like right now in DC*, and we’ve been doing to fight back. Most important, we’ll talk about what technologists can do to protect encryption and everyone who uses it. \r\n\r\n*when you read this, EARN IT and the STOP CSAM Act, both bills designed to break encryption, will have been marked up and passed out of the Senate Judiciary Committee. What happens after that is entirely dependent on many factors outside my control. The FBI is super gearing up to double down on their position, though.","end_timestamp":{"seconds":1691869800,"nanoseconds":0},"updated_timestamp":{"seconds":1690431120,"nanoseconds":0},"speakers":[{"content_ids":[50661,51513],"conference_id":96,"event_ids":[50822,51669],"name":"India McKinney","affiliations":[{"organization":"Electronic Frontier Foundation","title":"Director of Federal Affairs"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@imck82"}],"pronouns":"she/her","media":[],"id":49954,"title":"Director of Federal Affairs at Electronic Frontier Foundation"}],"timeband_id":991,"end":"2023-08-12T19:50:00.000-0000","links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"id":51669,"tag_ids":[40310,45645,45646,45743,45836],"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49954}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 221-222 - Policy Atrium","hotel":"","short_name":"Summit - 221-222 - Policy Atrium","id":45878},"begin":"2023-08-12T19:00:00.000-0000","updated":"2023-07-27T04:12:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Fear and Loathing on Plum Island","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691872200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1690422900,"nanoseconds":0},"speakers":[{"content_ids":[51487],"conference_id":96,"event_ids":[51643],"name":"David Emmerich","affiliations":[{"organization":"University of Illinois Information Trust Institute","title":""}],"links":[],"pronouns":null,"media":[],"id":50548,"title":"University of Illinois Information Trust Institute"},{"content_ids":[51487],"conference_id":96,"event_ids":[51643],"name":"Emma Stewart","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50549},{"content_ids":[51487],"conference_id":96,"event_ids":[51643],"name":"Jeremy Jones","affiliations":[{"organization":"Idaho National Lab","title":""}],"links":[],"pronouns":null,"media":[],"id":50554,"title":"Idaho National Lab"},{"content_ids":[51487],"conference_id":96,"event_ids":[51643],"name":"Joe Minicucci","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50555}],"timeband_id":991,"links":[],"end":"2023-08-12T20:30:00.000-0000","id":51643,"village_id":null,"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"tag_ids":[40306,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50548},{"tag_id":45590,"sort_order":1,"person_id":50549},{"tag_id":45590,"sort_order":1,"person_id":50554},{"tag_id":45631,"sort_order":2,"person_id":50555}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 313-319 - ICS Village","hotel":"","short_name":"Alliance - 313-319 - ICS Village","id":45869},"spans_timebands":"N","updated":"2023-07-27T01:55:00.000-0000","begin":"2023-08-12T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The CAN bus is a traditional communication standard used (not only) in automotive to allow different components to talk to each other over reliable connection. While one of the primary motivators for CAN bus introduction was to reduce the amount of wiring inside vehicles, it became popular for its robustness, flexibility, and ease of implementation for which it is now used in almost every vehicle.As with any other protocol, it is a well-defined standard that enforces all aspects of the communication from the physical media to the message format and its processing. The formal protocol specifications like this are often seen as the source of the absolute truth when working with various transfer protocols. Such specifications are very strict on the format of the messages that belong to the given protocol and thus it is natural that developers that are familiar with it are often relying upon this information when developing their applications.In this talk, we will look at what happens when the attacker decides not to adhere to the protocol specification and uses the available metadata fields within the well-defined message in their own way. Would libraries provided by the device manufacturers handle this situation or is it left to the developer? And could a wrong assumption about the message format lead to a vulnerability?\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Abusing CAN Bus Protocol Specification for Denial of Service in Embedded Systems","end_timestamp":{"seconds":1691870400,"nanoseconds":0},"android_description":"The CAN bus is a traditional communication standard used (not only) in automotive to allow different components to talk to each other over reliable connection. While one of the primary motivators for CAN bus introduction was to reduce the amount of wiring inside vehicles, it became popular for its robustness, flexibility, and ease of implementation for which it is now used in almost every vehicle.As with any other protocol, it is a well-defined standard that enforces all aspects of the communication from the physical media to the message format and its processing. The formal protocol specifications like this are often seen as the source of the absolute truth when working with various transfer protocols. Such specifications are very strict on the format of the messages that belong to the given protocol and thus it is natural that developers that are familiar with it are often relying upon this information when developing their applications.In this talk, we will look at what happens when the attacker decides not to adhere to the protocol specification and uses the available metadata fields within the well-defined message in their own way. Would libraries provided by the device manufacturers handle this situation or is it left to the developer? And could a wrong assumption about the message format lead to a vulnerability?","updated_timestamp":{"seconds":1690860720,"nanoseconds":0},"speakers":[{"content_ids":[51468],"conference_id":96,"event_ids":[51624],"name":"Martin Petran","affiliations":[],"links":[{"description":"","title":"","sort_order":0,"url":"https://cz.linkedin.com/in/martin-petr%C3%A1%C5%88-51745195"},{"description":"","title":"Github","sort_order":0,"url":"https://github.com/Martyx00"}],"pronouns":null,"media":[],"id":50530}],"timeband_id":991,"links":[],"end":"2023-08-12T20:00:00.000-0000","id":51624,"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"village_id":null,"tag_ids":[40283,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50530}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 232-233 - Shared Stage","hotel":"","short_name":"Summit - 232-233 - Shared Stage","id":45900},"spans_timebands":"N","begin":"2023-08-12T19:00:00.000-0000","updated":"2023-08-01T03:32:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#2ec300","updated_at":"2024-06-07T03:38+0000","name":"Vendor Event","id":45769},"title":"No Starch Press - Book Signing - Daniel Reilly, Math for Security","end_timestamp":{"seconds":1691870400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1690416180,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-12T20:00:00.000-0000","id":51610,"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"village_id":null,"tag_ids":[45646,45743,45769,45770],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 305-306 - Vendors","hotel":"","short_name":"Alliance - 305-306 - Vendors","id":45866},"spans_timebands":"N","begin":"2023-08-12T19:00:00.000-0000","updated":"2023-07-27T00:03:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#77d8b8","updated_at":"2024-06-07T03:38+0000","name":"Misc","id":45640},"title":"Lonely Hackers Club - Resume Reviews & Career Advice","end_timestamp":{"seconds":1691874000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1690163100,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-12T21:00:00.000-0000","id":51588,"tag_ids":[45640,45648,45743],"village_id":null,"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Laughlin - Lonely Hackers Club","hotel":"","short_name":"Laughlin - Lonely Hackers Club","id":45898},"begin":"2023-08-12T19:00:00.000-0000","updated":"2023-07-24T01:45:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The LHC, established on Telegram years ago, serves as a warm and inclusive hub for newcomers heading to DefCon for the first time. With over 600 members worldwide, our community has expanded significantly. This year, we're thrilled to provide a space that fosters connections, sharing, and giving back to the DefCon community. Whether you need a resume review, career coaching, or want to participate in sticker & badge trading, we have you covered. And don't miss the exciting 'Name That Noob' event, where our seasoned hackers will help you craft a one-of-a-kind hacker handle. Embrace the welcoming atmosphere and join us for an unforgettable DefCon experience!\r\n\r\nResume reviews & Career Advice 12pm - 2pm \r\nBadgelife / Sticker swap 2-5pm\r\nName That Noob 5-6pm\n\n\n","title":"Lonely Hackers Club Meetup","type":{"conference_id":96,"conference":"DEFCON31","color":"#d1c366","updated_at":"2024-06-07T03:38+0000","name":"Meetup","id":45639},"android_description":"The LHC, established on Telegram years ago, serves as a warm and inclusive hub for newcomers heading to DefCon for the first time. With over 600 members worldwide, our community has expanded significantly. This year, we're thrilled to provide a space that fosters connections, sharing, and giving back to the DefCon community. Whether you need a resume review, career coaching, or want to participate in sticker & badge trading, we have you covered. And don't miss the exciting 'Name That Noob' event, where our seasoned hackers will help you craft a one-of-a-kind hacker handle. Embrace the welcoming atmosphere and join us for an unforgettable DefCon experience!\r\n\r\nResume reviews & Career Advice 12pm - 2pm \r\nBadgelife / Sticker swap 2-5pm\r\nName That Noob 5-6pm","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1690162920,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":51586,"village_id":null,"tag_ids":[45639,45648,45743],"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Laughlin - Lonely Hackers Club","hotel":"","short_name":"Laughlin - Lonely Hackers Club","id":45898},"spans_timebands":"N","updated":"2023-07-24T01:42:00.000-0000","begin":"2023-08-12T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d1c366","name":"Meetup","id":45639},"title":"SUNDAY CANCELED: HDA Community Meetups","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691955960,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":51582,"village_id":null,"tag_ids":[45639,45648,45743],"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Studio 2-4 - HDA Community","hotel":"","short_name":"Studio 2-4 - HDA Community","id":45728},"spans_timebands":"N","updated":"2023-08-13T19:46:00.000-0000","begin":"2023-08-12T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Thursday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nFriday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSaturday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSunday\r\n12:00 -13:00\n\n\n","title":"Friends of Bill W","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d1c366","name":"Meetup","id":45639},"end_timestamp":{"seconds":1691870400,"nanoseconds":0},"android_description":"Thursday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nFriday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSaturday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSunday\r\n12:00 -13:00","updated_timestamp":{"seconds":1690131120,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-12T20:00:00.000-0000","id":51575,"tag_ids":[45639,45648,45743],"village_id":null,"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Studio 1 - Friends of Bill W","hotel":"","short_name":"Studio 1 - Friends of Bill W","id":45707},"begin":"2023-08-12T19:00:00.000-0000","updated":"2023-07-23T16:52:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Have you ever wanted to break out of handcuffs, pick open a closed bag and shoot your buddy in the chest with a nerf gun? So have we, that's why TOOOL presents the Dozer Drill. A fast paced skill based game where you have to free yourself from handcuffs, open a closed bag, and retrieve the nerf gun to be the first to hit the target. Join us Friday for qualifier games, and on Saturday for an official bracket tournament.\r\n\r\n**Important Note**\r\n\r\nIn order to participate in the official bracket tournament on Saturday, you must win a round (against anyone), observed by a village staff member, on Friday. See village staff for details. \n\n\n","title":"TOOOL Dozier Drill Lockpicking Challenge","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"android_description":"Have you ever wanted to break out of handcuffs, pick open a closed bag and shoot your buddy in the chest with a nerf gun? So have we, that's why TOOOL presents the Dozer Drill. A fast paced skill based game where you have to free yourself from handcuffs, open a closed bag, and retrieve the nerf gun to be the first to hit the target. Join us Friday for qualifier games, and on Saturday for an official bracket tournament.\r\n\r\n**Important Note**\r\n\r\nIn order to participate in the official bracket tournament on Saturday, you must win a round (against anyone), observed by a village staff member, on Friday. See village staff for details.","end_timestamp":{"seconds":1691877600,"nanoseconds":0},"updated_timestamp":{"seconds":1691297220,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-12T22:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245424"},{"label":"Twitter (@toool)","type":"link","url":"https://twitter.com/@toool"}],"id":51529,"village_id":null,"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"tag_ids":[40309,45635,45649,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45753,"name":"LINQ - 5th Floor / BLOQ - Lockpick Village","hotel":"","short_name":"5th Floor / BLOQ - Lockpick Village","id":45873},"begin":"2023-08-12T19:00:00.000-0000","updated":"2023-08-06T04:47:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This course is for practitioners who would like to have accurate visibility and results when mapping an organization's external attack surface. We will use the open source tool, provided by the OWASP Amass Project, to better understand how to hunt down assets exposed on the Internet. Many professionals have leveraged the basic Amass features during their red team exercises and other information security efforts, but not extended the capabilities of the engine to implement new features and data sources. We will use hands-on exercises to have you become familiar with the Amass Engine, comfortable extending it, and aware of future directions for the project. Participants are encouraged to complete the exercises by writing the extensions in the Lua programming language. All the examples will be provided for those unfamiliar with the language.\n\n\n","title":"Scripting OWASP Amass for a Customized Experience","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"android_description":"This course is for practitioners who would like to have accurate visibility and results when mapping an organization's external attack surface. We will use the open source tool, provided by the OWASP Amass Project, to better understand how to hunt down assets exposed on the Internet. Many professionals have leveraged the basic Amass features during their red team exercises and other information security efforts, but not extended the capabilities of the engine to implement new features and data sources. We will use hands-on exercises to have you become familiar with the Amass Engine, comfortable extending it, and aware of future directions for the project. Participants are encouraged to complete the exercises by writing the extensions in the Lua programming language. All the examples will be provided for those unfamiliar with the language.","end_timestamp":{"seconds":1691874000,"nanoseconds":0},"updated_timestamp":{"seconds":1689358200,"nanoseconds":0},"speakers":[{"content_ids":[51077,51309],"conference_id":96,"event_ids":[51109,51159,51371],"name":"Jeff Foley","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jeff_foley"}],"pronouns":null,"media":[],"id":50267}],"timeband_id":991,"links":[],"end":"2023-08-12T21:00:00.000-0000","id":51159,"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"tag_ids":[40294,45647,45719],"village_id":60,"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50267}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 4","hotel":"","short_name":"Area 4","id":45828},"spans_timebands":"N","begin":"2023-08-12T19:00:00.000-0000","updated":"2023-07-14T18:10:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Welcome to our Red Team workshop where we will be discussing the hottest Tactics, Techniques, and Procedures (TTPs) used by Red Teams today. As cyber threats become more sophisticated, it is essential for Red Teams to stay up-to-date with the latest TTPs to ensure their organizations are well-prepared and protected against potential attacks. In this workshop, we will explore the latest TTPs used by Red Teams, including social engineering, post-exploitation, and other malicious techniques that are currently being employed in “advanced” attacks. By the end of this workshop, you will have a better understanding of the latest TTPs, how to use them, and be better equipped to defend against them. Let's get started!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"title":"Red Hot (Red Team TTPs)","android_description":"Welcome to our Red Team workshop where we will be discussing the hottest Tactics, Techniques, and Procedures (TTPs) used by Red Teams today. As cyber threats become more sophisticated, it is essential for Red Teams to stay up-to-date with the latest TTPs to ensure their organizations are well-prepared and protected against potential attacks. In this workshop, we will explore the latest TTPs used by Red Teams, including social engineering, post-exploitation, and other malicious techniques that are currently being employed in “advanced” attacks. By the end of this workshop, you will have a better understanding of the latest TTPs, how to use them, and be better equipped to defend against them. Let's get started!","end_timestamp":{"seconds":1691870400,"nanoseconds":0},"updated_timestamp":{"seconds":1689358200,"nanoseconds":0},"speakers":[{"content_ids":[51076],"conference_id":96,"event_ids":[51108,51153,51154,51155,51156],"name":"Ralph May","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ralphte1"}],"media":[],"id":50279},{"content_ids":[51076],"conference_id":96,"event_ids":[51108,51153,51154,51155,51156],"name":"Steve Borosh","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/424f424f"}],"media":[],"id":50284}],"timeband_id":991,"links":[],"end":"2023-08-12T20:00:00.000-0000","id":51155,"village_id":60,"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"tag_ids":[40294,45647,45719],"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50279},{"tag_id":45633,"sort_order":1,"person_id":50284}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 3","hotel":"","short_name":"Area 3","id":45827},"begin":"2023-08-12T19:00:00.000-0000","updated":"2023-07-14T18:10:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This workshop is intended for cybersecurity professionals, system administrators, software developers, and anyone interested in learning about the art of hacking web applications and API security. It is an immersive, hands-on experience that provides comprehensive knowledge about different web application and API vulnerabilities, and, most importantly, effective hacking methodologies.\n\n\n","title":"Hacking Web Apps and APIs with WebSploit Labs","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"android_description":"This workshop is intended for cybersecurity professionals, system administrators, software developers, and anyone interested in learning about the art of hacking web applications and API security. It is an immersive, hands-on experience that provides comprehensive knowledge about different web application and API vulnerabilities, and, most importantly, effective hacking methodologies.","end_timestamp":{"seconds":1691870400,"nanoseconds":0},"updated_timestamp":{"seconds":1689358260,"nanoseconds":0},"speakers":[{"content_ids":[51078,51080],"conference_id":96,"event_ids":[51110,51129,51112,51132,51133,51134,51135],"name":"Omar Santos","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/santosomar"}],"pronouns":null,"media":[],"id":50276}],"timeband_id":991,"links":[],"end":"2023-08-12T20:00:00.000-0000","id":51133,"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"village_id":60,"tag_ids":[40294,45647,45719],"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50276}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 2","hotel":"","short_name":"Area 2","id":45826},"spans_timebands":"N","begin":"2023-08-12T19:00:00.000-0000","updated":"2023-07-14T18:11:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In this demo I will introduce our new open-source tool called Red Wizard. Red Wizard is the result of years of spinning up repeatable infrastructures for Red Teaming operations. It automates a comprehensive infrastructure deployment with redirectors, backend systems, phishing relays, OSINT machines etcetera. But made easy by providing wizards that walk you through the deployments. Additionally, the infrastructure is self-documenting, making the sharing of all relevant details to your team of operators a breeze. The tool is build to make sure to provide you with a resilient setup that is OPSEC-safe. By retrieving all critical key material from the deployed servers, you will be able to rebuild and keep receiving your shells even if one of your servers crashes and burns. The technology used for Red Wizard is mainly based on Ansible and Docker.\n\n\n","title":"Red Wizard: user-friendly Red Teaming infrastructure","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#b3b0b6","name":"Demo Lab","id":45636},"android_description":"In this demo I will introduce our new open-source tool called Red Wizard. Red Wizard is the result of years of spinning up repeatable infrastructures for Red Teaming operations. It automates a comprehensive infrastructure deployment with redirectors, backend systems, phishing relays, OSINT machines etcetera. But made easy by providing wizards that walk you through the deployments. Additionally, the infrastructure is self-documenting, making the sharing of all relevant details to your team of operators a breeze. The tool is build to make sure to provide you with a resilient setup that is OPSEC-safe. By retrieving all critical key material from the deployed servers, you will be able to rebuild and keep receiving your shells even if one of your servers crashes and burns. The technology used for Red Wizard is mainly based on Ansible and Docker.","end_timestamp":{"seconds":1691873700,"nanoseconds":0},"updated_timestamp":{"seconds":1688877720,"nanoseconds":0},"speakers":[{"content_ids":[51015],"conference_id":96,"event_ids":[51053],"name":"Ben Brücker","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50201}],"timeband_id":991,"links":[],"end":"2023-08-12T20:55:00.000-0000","id":51053,"village_id":null,"tag_ids":[45592,45636,45646,45743],"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50201}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Committee Boardroom - Demo Labs","hotel":"","short_name":"Committee Boardroom - Demo Labs","id":45698},"spans_timebands":"N","begin":"2023-08-12T19:00:00.000-0000","updated":"2023-07-09T04:42:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Pcapinator is a powerful and versatile network analysis tool that combines the strengths of TShark and Python to provide comprehensive and efficient packet deconstruction into a format usable for further analysis. Inspired by the Terminator, Pcapinator is designed to relentlessly analyze, decode, and filter network packets using all of the resources a system makes available to it, making it a formidable asset for diving deep into PCAPs. Leveraging the robust capabilities of Wireshark’s TShark tool, Pcapinator parses and extracts vital information from pcap files, while Python's extensive libraries and scripts offer advanced processing and automation options. Pcapinator is built to handle extremely large PCAP files, search for anomalies in those files, and uncover the hard-to-find information in network traffic, making it an essential tool for PCAP analysis.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#b3b0b6","updated_at":"2024-06-07T03:38+0000","name":"Demo Lab","id":45636},"title":"Pcapinator: Rise of the PCAP Machines","end_timestamp":{"seconds":1691873700,"nanoseconds":0},"android_description":"Pcapinator is a powerful and versatile network analysis tool that combines the strengths of TShark and Python to provide comprehensive and efficient packet deconstruction into a format usable for further analysis. Inspired by the Terminator, Pcapinator is designed to relentlessly analyze, decode, and filter network packets using all of the resources a system makes available to it, making it a formidable asset for diving deep into PCAPs. Leveraging the robust capabilities of Wireshark’s TShark tool, Pcapinator parses and extracts vital information from pcap files, while Python's extensive libraries and scripts offer advanced processing and automation options. Pcapinator is built to handle extremely large PCAP files, search for anomalies in those files, and uncover the hard-to-find information in network traffic, making it an essential tool for PCAP analysis.","updated_timestamp":{"seconds":1688877540,"nanoseconds":0},"speakers":[{"content_ids":[51013],"conference_id":96,"event_ids":[51051],"name":"Mike \"d4rkm4tter\" Spicer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50197},{"content_ids":[51013],"conference_id":96,"event_ids":[51051],"name":"Henry Hill","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50198}],"timeband_id":991,"links":[],"end":"2023-08-12T20:55:00.000-0000","id":51051,"tag_ids":[45592,45636,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50198},{"tag_id":45590,"sort_order":1,"person_id":50197}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Unity Boardroom - Demo Labs","hotel":"","short_name":"Unity Boardroom - Demo Labs","id":45706},"spans_timebands":"N","begin":"2023-08-12T19:00:00.000-0000","updated":"2023-07-09T04:39:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion. It supports three technologies (PHP, JSP and ASPX) and its core is developed in Python. Kraken follows the principle of \"avoiding command execution\" by re-implementing it through the functionalities of the programming language in use. Kraken seeks to provide usability, scalability and improve the OPSEC of ongoing operations.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#b3b0b6","name":"Demo Lab","id":45636},"title":"Kraken, a modular multi-language webshell for defense evasion","end_timestamp":{"seconds":1691873700,"nanoseconds":0},"android_description":"Kraken is a modular multi-language webshell focused on web post-exploitation and defense evasion. It supports three technologies (PHP, JSP and ASPX) and its core is developed in Python. Kraken follows the principle of \"avoiding command execution\" by re-implementing it through the functionalities of the programming language in use. Kraken seeks to provide usability, scalability and improve the OPSEC of ongoing operations.","updated_timestamp":{"seconds":1688876700,"nanoseconds":0},"speakers":[{"content_ids":[51008],"conference_id":96,"event_ids":[51046],"name":"Raul Caro","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50189}],"timeband_id":991,"links":[],"end":"2023-08-12T20:55:00.000-0000","id":51046,"village_id":null,"tag_ids":[45592,45636,45646,45743],"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50189}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Society Boardroom - Demo Labs","hotel":"","short_name":"Society Boardroom - Demo Labs","id":45700},"spans_timebands":"N","updated":"2023-07-09T04:25:00.000-0000","begin":"2023-08-12T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"BBOT (Bighuge BLS OSINT Tool) is a new recursive OSINT scanner inspired by Spiderfoot, but designed and optimized for bigger targets and faster scan times. BBOT is open-source and written in Python. Its 80+ modules range in function from subdomain enumeration to cryptographic exploitation. BBOT can map the attack surface of an organization (and sometimes get you RCE) in a single command.\r\n\r\nFeatures include:\r\n- multiple targets\r\n- automatic dependencies w/ ansible\r\n- python API\r\n- subdomain enumeration\r\n- email enumeration\r\n- cloud bucket enumeration\r\n- port scanning\r\n- web service enumeration\r\n- web screenshots\r\n- web spidering\r\n- vulnerability scanning (with nuclei and more)\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#b3b0b6","name":"Demo Lab","id":45636},"title":"BBOT (Bighuge BLS OSINT Tool)","end_timestamp":{"seconds":1691873700,"nanoseconds":0},"android_description":"BBOT (Bighuge BLS OSINT Tool) is a new recursive OSINT scanner inspired by Spiderfoot, but designed and optimized for bigger targets and faster scan times. BBOT is open-source and written in Python. Its 80+ modules range in function from subdomain enumeration to cryptographic exploitation. BBOT can map the attack surface of an organization (and sometimes get you RCE) in a single command.\r\n\r\nFeatures include:\r\n- multiple targets\r\n- automatic dependencies w/ ansible\r\n- python API\r\n- subdomain enumeration\r\n- email enumeration\r\n- cloud bucket enumeration\r\n- port scanning\r\n- web service enumeration\r\n- web screenshots\r\n- web spidering\r\n- vulnerability scanning (with nuclei and more)","updated_timestamp":{"seconds":1688875800,"nanoseconds":0},"speakers":[{"content_ids":[50996],"conference_id":96,"event_ids":[51034],"name":"Joel \"TheTechromancer\" Moore","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50171},{"content_ids":[50996],"conference_id":96,"event_ids":[51034],"name":"Paul Mueller","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50172}],"timeband_id":991,"links":[],"end":"2023-08-12T20:55:00.000-0000","id":51034,"tag_ids":[45592,45636,45646,45743],"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"village_id":null,"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50171},{"tag_id":45590,"sort_order":1,"person_id":50172}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Accord Boardroom - Demo Labs","hotel":"","short_name":"Accord Boardroom - Demo Labs","id":45695},"spans_timebands":"N","updated":"2023-07-09T04:10:00.000-0000","begin":"2023-08-12T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Addressing security vulnerabilities begins with verifying the impact on an environment. Merely having a vulnerable package installed does not guarantee exploitability, as several conditions must align for the vulnerability to be applicable and exploitable. For example: is the operating system in question susceptible to the vulnerability? is the vulnerable component loaded to memory? is the required configuration in place? is there a patch installed? And more... Standard vulnerability scanners simply do not take these factors into account and thus require manual triage in order to answer “Can a vulnerability be exploited in a given environment?”. ‘Am I Exploitable?’ (MI-X), is an open-source tool aimed at effectively determining whether a local host or running container is truly affected by a specific vulnerability by accounting for all factors which affect *actual* exploitability. MI-X also prints out the logical steps it takes in order to reach a decision and can also provide a graphical representation of the validation flow. The tool can therefore help practitioners understand what are the factors that affect exploitability for each of the supported vulnerabilities.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#b3b0b6","name":"Demo Lab","id":45636},"title":"Am I Exploitable? (MI-X)","end_timestamp":{"seconds":1691873700,"nanoseconds":0},"android_description":"Addressing security vulnerabilities begins with verifying the impact on an environment. Merely having a vulnerable package installed does not guarantee exploitability, as several conditions must align for the vulnerability to be applicable and exploitable. For example: is the operating system in question susceptible to the vulnerability? is the vulnerable component loaded to memory? is the required configuration in place? is there a patch installed? And more... Standard vulnerability scanners simply do not take these factors into account and thus require manual triage in order to answer “Can a vulnerability be exploited in a given environment?”. ‘Am I Exploitable?’ (MI-X), is an open-source tool aimed at effectively determining whether a local host or running container is truly affected by a specific vulnerability by accounting for all factors which affect *actual* exploitability. MI-X also prints out the logical steps it takes in order to reach a decision and can also provide a graphical representation of the validation flow. The tool can therefore help practitioners understand what are the factors that affect exploitability for each of the supported vulnerabilities.","updated_timestamp":{"seconds":1688875620,"nanoseconds":0},"speakers":[{"content_ids":[50994],"conference_id":96,"event_ids":[51032],"name":"Ofri Ouzan","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50167},{"content_ids":[50994],"conference_id":96,"event_ids":[51032],"name":"Yotam Perkal","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50168}],"timeband_id":991,"links":[],"end":"2023-08-12T20:55:00.000-0000","id":51032,"village_id":null,"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"tag_ids":[45592,45636,45646,45743],"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50167},{"tag_id":45590,"sort_order":1,"person_id":50168}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Council Boardroom - Demo Labs","hotel":"","short_name":"Council Boardroom - Demo Labs","id":45699},"begin":"2023-08-12T19:00:00.000-0000","updated":"2023-07-09T04:07:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"SQLRecon helps address the post-exploitation tooling gap by modernizing the approach red team operators can take when attacking SQL Servers. The tool was designed to be modular, allowing for ease of extensibility and contributions from the hacker community. SQLRecon is written in C# and is compatible stand-alone or within a diverse set of command and control (C2) frameworks (Cobalt Strike, Nighthawk, Mythic, PoshC2, Sliver, etc). When using the latter, SQLRecon can be executed either in-process, or through traditional fork and run. SQLRecon has over 50 modules which can help facilitate with enumeration, collection, code execution, privilege escalation and lateral movement. It has been designed with operational security and defense evasion in mind.\n\n\n","title":"Abusing Microsoft SQL Server with SQLRecon","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#b3b0b6","name":"Demo Lab","id":45636},"end_timestamp":{"seconds":1691873700,"nanoseconds":0},"android_description":"SQLRecon helps address the post-exploitation tooling gap by modernizing the approach red team operators can take when attacking SQL Servers. The tool was designed to be modular, allowing for ease of extensibility and contributions from the hacker community. SQLRecon is written in C# and is compatible stand-alone or within a diverse set of command and control (C2) frameworks (Cobalt Strike, Nighthawk, Mythic, PoshC2, Sliver, etc). When using the latter, SQLRecon can be executed either in-process, or through traditional fork and run. SQLRecon has over 50 modules which can help facilitate with enumeration, collection, code execution, privilege escalation and lateral movement. It has been designed with operational security and defense evasion in mind.","updated_timestamp":{"seconds":1688875500,"nanoseconds":0},"speakers":[{"content_ids":[50993],"conference_id":96,"event_ids":[51031],"name":"Sanjiv Kawa","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/sanjivkawa"}],"media":[],"id":50166}],"timeband_id":991,"links":[],"end":"2023-08-12T20:55:00.000-0000","id":51031,"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"tag_ids":[45592,45636,45646,45743],"village_id":null,"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50166}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Caucus Boardroom - Demo Labs","hotel":"","short_name":"Caucus Boardroom - Demo Labs","id":45696},"spans_timebands":"N","begin":"2023-08-12T19:00:00.000-0000","updated":"2023-07-09T04:05:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Microsoft SharePoint Online (SPO) is a cloud-based service that helps organizations share and manage content. It is also used as backend file storage for other Microsoft online services, such as Microsoft 365 Groups, OneDrive, and Teams.\r\n\r\nMicrosoft offers tools such as Migration Manager and SharePoint Migration Tool (SPMT) to ease migrating files from on-premises file servers to SPO, OneDrive, and Teams. Both tools use the same background APIs to perform the data migration. Technically, the migration is leveraging the built-in Granular Backup feature of on-premises SharePoint, which allows exporting and importing individual SharePoint sites and lists. The Granular Backup feature is not available in SharePoint Online.\r\n\r\nIn this talk, I'll show how threat actors can leverage SPO migration APIs to break the integrity of all Microsoft online services that use SPO as storage. Threat actors can spoof new content and tamper with existing content, and inject custom code to perform XSS attacks. This, in turn, enables elevation-of-privilege attacks to all Microsoft Online services, including Azure Active Directory. And all this as a regular user.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"title":"From Feature to Weapon: Breaking Microsoft Teams and SharePoint Integrity","end_timestamp":{"seconds":1691869500,"nanoseconds":0},"android_description":"Microsoft SharePoint Online (SPO) is a cloud-based service that helps organizations share and manage content. It is also used as backend file storage for other Microsoft online services, such as Microsoft 365 Groups, OneDrive, and Teams.\r\n\r\nMicrosoft offers tools such as Migration Manager and SharePoint Migration Tool (SPMT) to ease migrating files from on-premises file servers to SPO, OneDrive, and Teams. Both tools use the same background APIs to perform the data migration. Technically, the migration is leveraging the built-in Granular Backup feature of on-premises SharePoint, which allows exporting and importing individual SharePoint sites and lists. The Granular Backup feature is not available in SharePoint Online.\r\n\r\nIn this talk, I'll show how threat actors can leverage SPO migration APIs to break the integrity of all Microsoft online services that use SPO as storage. Threat actors can spoof new content and tamper with existing content, and inject custom code to perform XSS attacks. This, in turn, enables elevation-of-privilege attacks to all Microsoft Online services, including Azure Active Directory. And all this as a regular user.","updated_timestamp":{"seconds":1688179080,"nanoseconds":0},"speakers":[{"content_ids":[50649,51308],"conference_id":96,"event_ids":[50844,51370],"name":"Nestori Syynimaa","affiliations":[{"organization":"Secureworks","title":"Senior Principal Security Researcher"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/DrAzureAD"}],"media":[],"id":49933,"title":"Senior Principal Security Researcher at Secureworks"}],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246102"}],"end":"2023-08-12T19:45:00.000-0000","id":50844,"tag_ids":[45589,45592,45646,45766],"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"village_id":null,"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49933}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 407-410 - Track 4","hotel":"","short_name":"Academy - 407-410 - Track 4","id":45799},"updated":"2023-07-01T02:38:00.000-0000","begin":"2023-08-12T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The internet is still largely centralized, and not every country has strong institutional controls preserving the right to access information or speak freely. Heck, even many \"liberal democracies\" are backsliding. While this may sound like an infosec talk suited for the think tank crowd, these developments are impacting hackers and the results they present at hacker cons.\r\n\r\nInternet freedom tools are about empowering users to have the safety to make their own priorities. While China, Iran, and Russia are obviously key concerns in this space, many other countries are seeking to enact new laws and regulations that impact all types of users -- some with nefarious intent and others just accidentally harmful.\r\n\r\nThis conversation will explore the reasons, the symptoms, and some ideas about how to preserve our ability to set our own priorities. We will offer a holistic and detailed picture of how censorship affects our work and that of our colleagues -- how even if you feel secure in the freedom you have where you are right now, government censorship and surveillance in other places will unquestionably affect us all.\r\n\r\nREFERENCES:\r\n\r\nSome starting points:\r\n \r\n* Articles on general internet censorship in China, Russia, Iran.\r\n* Censorship measurement toolkits like OONI and Censored Planet.\r\n* Last year's Defcon talk, \"How Russia is trying to block Tor\"\r\n* An old but alas still very relevant primer, \"Ten things to look for in a circumvention tool\": https://svn-archive.torproject.org/svn/projects/articles/circumvention-features.html\r\n* Recent terrible laws proposed in England: https://cdt.org/insights/indias-new-cybersecurity-order-drives-vpn-providers-to-leave-chilling-speech-and-subjecting-more-indians-to-government-surveillance\r\n* and in India: https://cdt.org/insights/indias-new-cybersecurity-order-drives-vpn-providers-to-leave-chilling-speech-and-subjecting-more-indians-to-government-surveillance\r\n* The move by the EU to block rt.com: https://www.euronews.com/my-europe/2022/03/08/eu-officials-defend-move-to-ban-rt-and-sputnik-amid-censorship-claims\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"title":"Internet censorship: what governments around the globe have in store for you","end_timestamp":{"seconds":1691869500,"nanoseconds":0},"android_description":"The internet is still largely centralized, and not every country has strong institutional controls preserving the right to access information or speak freely. Heck, even many \"liberal democracies\" are backsliding. While this may sound like an infosec talk suited for the think tank crowd, these developments are impacting hackers and the results they present at hacker cons.\r\n\r\nInternet freedom tools are about empowering users to have the safety to make their own priorities. While China, Iran, and Russia are obviously key concerns in this space, many other countries are seeking to enact new laws and regulations that impact all types of users -- some with nefarious intent and others just accidentally harmful.\r\n\r\nThis conversation will explore the reasons, the symptoms, and some ideas about how to preserve our ability to set our own priorities. We will offer a holistic and detailed picture of how censorship affects our work and that of our colleagues -- how even if you feel secure in the freedom you have where you are right now, government censorship and surveillance in other places will unquestionably affect us all.\r\n\r\nREFERENCES:\r\n\r\nSome starting points:\r\n \r\n* Articles on general internet censorship in China, Russia, Iran.\r\n* Censorship measurement toolkits like OONI and Censored Planet.\r\n* Last year's Defcon talk, \"How Russia is trying to block Tor\"\r\n* An old but alas still very relevant primer, \"Ten things to look for in a circumvention tool\": https://svn-archive.torproject.org/svn/projects/articles/circumvention-features.html\r\n* Recent terrible laws proposed in England: https://cdt.org/insights/indias-new-cybersecurity-order-drives-vpn-providers-to-leave-chilling-speech-and-subjecting-more-indians-to-government-surveillance\r\n* and in India: https://cdt.org/insights/indias-new-cybersecurity-order-drives-vpn-providers-to-leave-chilling-speech-and-subjecting-more-indians-to-government-surveillance\r\n* The move by the EU to block rt.com: https://www.euronews.com/my-europe/2022/03/08/eu-officials-defend-move-to-ban-rt-and-sputnik-amid-censorship-claims","updated_timestamp":{"seconds":1687139460,"nanoseconds":0},"speakers":[{"content_ids":[50593,50677,50679,50680],"conference_id":96,"event_ids":[50780,50790,50799,50852],"name":"Jeff \"The Dark Tangent\" Moss","affiliations":[{"organization":"DEF CON Communications","title":""}],"pronouns":"he/him","links":[{"description":"","title":"Mastodon (@thedarktangent@defcon.social)","sort_order":0,"url":"https://defcon.social/@thedarktangent"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/thedarktangent"}],"media":[{"hash_sha256":"f53ed4086958b3703d597c50fe74eef1800cf474aa3d17c0895bf89d6c05716f","filetype":"image/jpeg","hash_md5":"8104a1f4b82a4241208b7f6b9112ebf2","name":"thedarktangent_avatar.jpeg","hash_crc32c":"4ae7af86","asset_id":273,"filesize":2064,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/DEFCON31%2Fthedarktangent_avatar.jpeg?alt=media","person_id":49741}],"id":49741,"title":"DEF CON Communications"},{"content_ids":[50593],"conference_id":96,"event_ids":[50790],"name":"Roger Dingledine","affiliations":[{"organization":"The Tor Project","title":""}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/RogerDingledine"}],"pronouns":"he/him","media":[],"id":49827,"title":"The Tor Project"},{"content_ids":[50593,51517],"conference_id":96,"event_ids":[50790,51673],"name":"Christopher Painter","affiliations":[{"organization":"Global Forum on Cyber Expertise","title":"President"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/c_painter"}],"pronouns":"he/him","media":[],"id":49828,"title":"President at Global Forum on Cyber Expertise"},{"content_ids":[50593],"conference_id":96,"event_ids":[50790],"name":"Joel Todoroff","affiliations":[{"organization":"Office of the National Cyber Director","title":""}],"links":[],"pronouns":null,"media":[],"id":50161,"title":"Office of the National Cyber Director"}],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245764"}],"end":"2023-08-12T19:45:00.000-0000","id":50790,"village_id":null,"begin_timestamp":{"seconds":1691866800,"nanoseconds":0},"tag_ids":[45589,45646,45766],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49828},{"tag_id":45590,"sort_order":1,"person_id":49741},{"tag_id":45590,"sort_order":1,"person_id":50161},{"tag_id":45590,"sort_order":1,"person_id":49827}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"begin":"2023-08-12T19:00:00.000-0000","updated":"2023-06-19T01:51:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Simple Workspace ATT&CK Tool (SWAT) is a cutting-edge cybersecurity application that serves as an invaluable asset for threat detection rule authors, red team members, and security researchers. Designed with modularity and simplicity at its core, SWAT is an interactive Python shell tool, instrumental in emulating red-teaming behavior specifically against Google Workspace, and acting as a post-compromise tool.\r\n\r\nAt its heart, SWAT is grounded in the MITRE ATT&CK framework, a globally-accessible knowledge base of adversary tactics and techniques. By hosting the ATT&CK enterprise data locally, SWAT significantly reduces lookup times, enhancing the overall user experience while ensuring access to the most relevant and current information.\r\n\r\nA standout feature of SWAT is its inherent modularity, enabling security practitioners to add their custom modules for adversary emulation seamlessly. This flexibility allows the tool to adapt to evolving cybersecurity landscapes, and meet the unique needs of individual use-cases, thereby fostering a collaborative approach to threat detection and response.\r\n\r\nSWAT further enhances its value proposition by integrating a payload known as 'Tango'. Written in Go, Tango functions as a Command and Control (C2) agent, thus adding another layer of realism to red-teaming exercises. This integration encourages a deeper understanding of adversarial behavior and aids in the development of effective defense mechanisms.\r\n\r\nIn addition to its emulation capabilities, SWAT offers functionality to analyze data from Google Workspace. This feature empowers users to inspect and evaluate their current security posture, identify potential vulnerabilities, and proactively take steps to strengthen their defenses.\r\n\r\nFinally, the tool's use extends beyond being a mere testing platform. SWAT can be a vital component in security workflows to model potential threats, formulate countermeasures, and train personnel on various facets of cybersecurity. With the continually evolving threat landscape, SWAT is well-positioned to assist cybersecurity professionals in staying ahead of their adversaries. The simplicity and modularity of SWAT make it a powerful tool in the arsenal of those committed to enhancing cybersecurity.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Google Workspace Red Team Automation with SWAT","end_timestamp":{"seconds":1691868000,"nanoseconds":0},"android_description":"The Simple Workspace ATT&CK Tool (SWAT) is a cutting-edge cybersecurity application that serves as an invaluable asset for threat detection rule authors, red team members, and security researchers. Designed with modularity and simplicity at its core, SWAT is an interactive Python shell tool, instrumental in emulating red-teaming behavior specifically against Google Workspace, and acting as a post-compromise tool.\r\n\r\nAt its heart, SWAT is grounded in the MITRE ATT&CK framework, a globally-accessible knowledge base of adversary tactics and techniques. By hosting the ATT&CK enterprise data locally, SWAT significantly reduces lookup times, enhancing the overall user experience while ensuring access to the most relevant and current information.\r\n\r\nA standout feature of SWAT is its inherent modularity, enabling security practitioners to add their custom modules for adversary emulation seamlessly. This flexibility allows the tool to adapt to evolving cybersecurity landscapes, and meet the unique needs of individual use-cases, thereby fostering a collaborative approach to threat detection and response.\r\n\r\nSWAT further enhances its value proposition by integrating a payload known as 'Tango'. Written in Go, Tango functions as a Command and Control (C2) agent, thus adding another layer of realism to red-teaming exercises. This integration encourages a deeper understanding of adversarial behavior and aids in the development of effective defense mechanisms.\r\n\r\nIn addition to its emulation capabilities, SWAT offers functionality to analyze data from Google Workspace. This feature empowers users to inspect and evaluate their current security posture, identify potential vulnerabilities, and proactively take steps to strengthen their defenses.\r\n\r\nFinally, the tool's use extends beyond being a mere testing platform. SWAT can be a vital component in security workflows to model potential threats, formulate countermeasures, and train personnel on various facets of cybersecurity. With the continually evolving threat landscape, SWAT is well-positioned to assist cybersecurity professionals in staying ahead of their adversaries. The simplicity and modularity of SWAT make it a powerful tool in the arsenal of those committed to enhancing cybersecurity.","updated_timestamp":{"seconds":1690921920,"nanoseconds":0},"speakers":[{"content_ids":[51999],"conference_id":96,"event_ids":[52193],"name":"Justin Ibarra","affiliations":[{"organization":"Elastic","title":"Leader of the Threat Research and Detection Engineering Team"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/br0k3ns0und"}],"media":[],"id":51206,"title":"Leader of the Threat Research and Detection Engineering Team at Elastic"},{"content_ids":[51999],"conference_id":96,"event_ids":[52193],"name":"Terrance DeJesus","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/_xDeJesus"}],"media":[],"id":51207}],"timeband_id":991,"links":[],"end":"2023-08-12T19:20:00.000-0000","id":52193,"village_id":null,"tag_ids":[40284,45592,45645,45647,45743],"begin_timestamp":{"seconds":1691866200,"nanoseconds":0},"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":51206},{"tag_id":45590,"sort_order":1,"person_id":51207}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Mesquite - Cloud Village","hotel":"","short_name":"Mesquite - Cloud Village","id":45653},"spans_timebands":"N","begin":"2023-08-12T18:50:00.000-0000","updated":"2023-08-01T20:32:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In a world full of vulnerabilities, there is an untold story of those libraries that are insecure by design. For example, libraries that by using them in a certain way, the application could be compromised. Not all libraries' security issues are treated as vulnerabilities and addressed with a patch or CVE, hence addressed with minor documentation warnings at best. These vulnerabilities pose a significant risk to organizations as they are nearly impossible to detect, we named them \"Shadow Vulnerabilities\". \r\n\r\nWe discovered a new shadow vulnerable code pattern in a widely used OSS library and wondered who might be vulnerable.\r\n\r\nWe developed a tool that automatically analyzed more than 100k repositories to determine whether each repository is vulnerable and prioritized them based on their potential to create vast damage. We were able to validate the exploitability of hundreds of high-profile targets such as Apache Cassandra, Prometheus, PyTorch, and many more…\r\n\r\nIn this presentation, we will review the discovered vulnerabilities, and discuss the challenges of scaling the triage, validating exploitation, and building a reliable infrastructure. We will use Apache Cassandra to demonstrate how we validated the attack vector for each target, sharing the exploitation details of the critical RCE we found, and its implications on a database-as-a-service used by multiple cloud providers.\r\n\r\nAlthough reporting and working with OSS projects security teams on resolving these issues was addressed quickly, still no CVE was assigned. Both project owners and library owners claimed the responsibility to use it “safely” is on the users themselves. The result is that most users are vulnerable and have no process to fix this or even be aware of it.\r\n\r\nWe believe it is vital to raise community awareness of shadow vulnerabilities, as we only scratched the surface with one example out of many more that are still out there.\n\n\n","title":"Discovering Shadow Vulnerabilities in Popular Open-Source Projects: A Reverse-Fuzzing Journey","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691868600,"nanoseconds":0},"android_description":"In a world full of vulnerabilities, there is an untold story of those libraries that are insecure by design. For example, libraries that by using them in a certain way, the application could be compromised. Not all libraries' security issues are treated as vulnerabilities and addressed with a patch or CVE, hence addressed with minor documentation warnings at best. These vulnerabilities pose a significant risk to organizations as they are nearly impossible to detect, we named them \"Shadow Vulnerabilities\". \r\n\r\nWe discovered a new shadow vulnerable code pattern in a widely used OSS library and wondered who might be vulnerable.\r\n\r\nWe developed a tool that automatically analyzed more than 100k repositories to determine whether each repository is vulnerable and prioritized them based on their potential to create vast damage. We were able to validate the exploitability of hundreds of high-profile targets such as Apache Cassandra, Prometheus, PyTorch, and many more…\r\n\r\nIn this presentation, we will review the discovered vulnerabilities, and discuss the challenges of scaling the triage, validating exploitation, and building a reliable infrastructure. We will use Apache Cassandra to demonstrate how we validated the attack vector for each target, sharing the exploitation details of the critical RCE we found, and its implications on a database-as-a-service used by multiple cloud providers.\r\n\r\nAlthough reporting and working with OSS projects security teams on resolving these issues was addressed quickly, still no CVE was assigned. Both project owners and library owners claimed the responsibility to use it “safely” is on the users themselves. The result is that most users are vulnerable and have no process to fix this or even be aware of it.\r\n\r\nWe believe it is vital to raise community awareness of shadow vulnerabilities, as we only scratched the surface with one example out of many more that are still out there.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52109],"conference_id":96,"event_ids":[52333],"name":"Gal Elbaz","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/gal-elbaz/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/GalElbaz1"}],"pronouns":null,"media":[],"id":51341},{"content_ids":[52109],"conference_id":96,"event_ids":[52333],"name":"Guy Kaplan","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/gkpln3/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/gkpln3"}],"pronouns":null,"media":[],"id":51346}],"timeband_id":991,"links":[],"end":"2023-08-12T19:30:00.000-0000","id":52333,"tag_ids":[40297,45645,45647,45743],"begin_timestamp":{"seconds":1691865900,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51341},{"tag_id":45590,"sort_order":1,"person_id":51346}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Main Stage","hotel":"","short_name":"AppSec Village - Main Stage","id":45960},"updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-12T18:45:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Surgical Physicians and Cybersecurity","android_description":"","end_timestamp":{"seconds":1691869200,"nanoseconds":0},"updated_timestamp":{"seconds":1689116880,"nanoseconds":0},"speakers":[{"content_ids":[51049],"conference_id":96,"event_ids":[51081],"name":"Colin Haines","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50245}],"timeband_id":991,"links":[],"end":"2023-08-12T19:40:00.000-0000","id":51081,"tag_ids":[45645,45647,45717],"village_id":68,"begin_timestamp":{"seconds":1691865600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50245}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Laughlin I,II,III - Biohacking Village","hotel":"","short_name":"Laughlin I,II,III - Biohacking Village","id":45663},"spans_timebands":"N","updated":"2023-07-11T23:08:00.000-0000","begin":"2023-08-12T18:40:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"It will be a comprehensive guide that explores the various types of Denial of Service (DOS) attacks and the latest techniques used to attack applications which can evade the Firewall. Abhijeet will cover the concept of logical attacks, which are a new type of DOS attack that exploits vulnerabilities in an application's logic, making them increasingly difficult to detect.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#74a6bb","name":"DEF CON Groups VR","id":45643},"title":"Taking Down Applications with Logic: A Comprehensive Guide to Modern DOS Attacks","end_timestamp":{"seconds":1691868000,"nanoseconds":0},"android_description":"It will be a comprehensive guide that explores the various types of Denial of Service (DOS) attacks and the latest techniques used to attack applications which can evade the Firewall. Abhijeet will cover the concept of logical attacks, which are a new type of DOS attack that exploits vulnerabilities in an application's logic, making them increasingly difficult to detect.","updated_timestamp":{"seconds":1691202960,"nanoseconds":0},"speakers":[{"content_ids":[52196],"conference_id":96,"event_ids":[52446],"name":"Abhijeet Singh","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Github","sort_order":0,"url":"https://github.com/abhiunix"},{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/abhiunix"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/abhiunix"}],"media":[],"id":51439}],"timeband_id":991,"end":"2023-08-12T19:20:00.000-0000","links":[{"label":"Website","type":"link","url":"https://dcgvr.org/"},{"label":"Join via DCGVR","type":"link","url":"https://dcgvr.org/join"}],"id":52446,"tag_ids":[45643,45744],"village_id":null,"begin_timestamp":{"seconds":1691865300,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51439}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45749},"updated":"2023-08-05T02:36:00.000-0000","begin":"2023-08-12T18:35:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Join the CEO of VOTEC Corporation, our special guest John Medcalf, for a first of its kind presentation where an actual technology systems provider is exposing their technology to public scrutiny at the Voting Village. This is happening for the first time ever at the Voting Village and will be an enriching experince for attendees. Mr. Medcalf will make himself available after the presentation for any questions and inquiries from the audience. We are so excited to have him and cannot wait to examine the systems he is bringing to DEF CON. Please join us for this exciting event.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"VOTEC Corporation","end_timestamp":{"seconds":1691866800,"nanoseconds":0},"android_description":"Join the CEO of VOTEC Corporation, our special guest John Medcalf, for a first of its kind presentation where an actual technology systems provider is exposing their technology to public scrutiny at the Voting Village. This is happening for the first time ever at the Voting Village and will be an enriching experince for attendees. Mr. Medcalf will make himself available after the presentation for any questions and inquiries from the audience. We are so excited to have him and cannot wait to examine the systems he is bringing to DEF CON. Please join us for this exciting event.","updated_timestamp":{"seconds":1691435220,"nanoseconds":0},"speakers":[{"content_ids":[52317,52324],"conference_id":96,"event_ids":[52601,52608],"name":"John Medcalf","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Website","sort_order":0,"url":"https://www.votec.net/index.html"}],"media":[],"id":51545}],"timeband_id":991,"links":[],"end":"2023-08-12T19:00:00.000-0000","id":52601,"begin_timestamp":{"seconds":1691865000,"nanoseconds":0},"tag_ids":[40298,45645,45646,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51545}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"begin":"2023-08-12T18:30:00.000-0000","updated":"2023-08-07T19:07:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Chinese Prototype Review","end_timestamp":{"seconds":1691867700,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691435160,"nanoseconds":0},"speakers":[{"content_ids":[52316],"conference_id":96,"event_ids":[52600],"name":"William Baggett","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51559}],"timeband_id":991,"links":[],"end":"2023-08-12T19:15:00.000-0000","id":52600,"begin_timestamp":{"seconds":1691865000,"nanoseconds":0},"village_id":null,"tag_ids":[40298,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51559}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"begin":"2023-08-12T18:30:00.000-0000","updated":"2023-08-07T19:06:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Navigating the Disinformation Landscape","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691868600,"nanoseconds":0},"updated_timestamp":{"seconds":1691284440,"nanoseconds":0},"speakers":[{"content_ids":[52268],"conference_id":96,"event_ids":[52532],"name":"Eric Curwin","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51502}],"timeband_id":991,"links":[],"end":"2023-08-12T19:30:00.000-0000","id":52532,"tag_ids":[40305,45645,45646,45743],"begin_timestamp":{"seconds":1691865000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51502}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 224 - Misinfo Village","hotel":"","short_name":"Summit - 224 - Misinfo Village","id":45856},"begin":"2023-08-12T18:30:00.000-0000","updated":"2023-08-06T01:14:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":".\n\n\nA review of the detection engineering cycle and a walkthrough taking a threat hunt report and building a SIEM alert.","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"DE: Building a Detection Alert From a Threat Hunt","android_description":".\n\n\nA review of the detection engineering cycle and a walkthrough taking a threat hunt report and building a SIEM alert.","end_timestamp":{"seconds":1691868600,"nanoseconds":0},"updated_timestamp":{"seconds":1691245140,"nanoseconds":0},"speakers":[{"content_ids":[52218,52209],"conference_id":96,"event_ids":[52470,52460],"name":"kobaltfox","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51448}],"timeband_id":991,"links":[],"end":"2023-08-12T19:30:00.000-0000","id":52470,"village_id":null,"tag_ids":[40282,45647,45743,45775],"begin_timestamp":{"seconds":1691865000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51448}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45645,"name":"Flamingo - Sunset - Scenic - Blue Team Village - Project Obsidian: Kill Chain Track (0x42)","hotel":"","short_name":"BTV Project Obsidian: Kill Chain Track (0x42)","id":45968},"updated":"2023-08-05T14:19:00.000-0000","begin":"2023-08-12T18:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This Forensics 101 session includes two modules.\r\n\r\nPart I: General Introduction to Forensics\r\nPart II: General Introduction to Forensics Continued\n\n\nIntroduction to Forensics: Part I & II","title":"Forensics 101 Part I & II","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"android_description":"This Forensics 101 session includes two modules.\r\n\r\nPart I: General Introduction to Forensics\r\nPart II: General Introduction to Forensics Continued\n\n\nIntroduction to Forensics: Part I & II","end_timestamp":{"seconds":1691866800,"nanoseconds":0},"updated_timestamp":{"seconds":1691245140,"nanoseconds":0},"speakers":[{"content_ids":[52227,52216],"conference_id":96,"event_ids":[52462,52468],"name":"Danny D. \"B4nd1t0\" Henderson Jr","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51454},{"content_ids":[52227],"conference_id":96,"event_ids":[52462],"name":"Gyle_dC","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51476}],"timeband_id":991,"links":[],"end":"2023-08-12T19:00:00.000-0000","id":52462,"tag_ids":[40282,45647,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691865000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51454},{"tag_id":45590,"sort_order":1,"person_id":51476}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45645,"name":"Flamingo - Sunset - Scenic - Blue Team Village - Project Obsidian: 101 Track (0x41)","hotel":"","short_name":"BTV Project Obsidian: 101 Track (0x41)","id":45967},"begin":"2023-08-12T18:30:00.000-0000","updated":"2023-08-05T14:19:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Can we find activity within the corporate network that might be suspicious?\n\n\nCan we find activity within the corporate network that might be suspicious?","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"(n)Map Exploration: A Great Time in Remote Destinations","android_description":"Can we find activity within the corporate network that might be suspicious?\n\n\nCan we find activity within the corporate network that might be suspicious?","end_timestamp":{"seconds":1691868600,"nanoseconds":0},"updated_timestamp":{"seconds":1691245140,"nanoseconds":0},"speakers":[{"content_ids":[52206,52225],"conference_id":96,"event_ids":[52457,52461],"name":"SamunoskeX","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51478}],"timeband_id":991,"links":[],"end":"2023-08-12T19:30:00.000-0000","id":52461,"begin_timestamp":{"seconds":1691865000,"nanoseconds":0},"village_id":null,"tag_ids":[40282,45647,45743,45775],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51478}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45645,"name":"Flamingo - Sunset - Scenic - Blue Team Village - Main Stage","hotel":"","short_name":"BTV Main Stage","id":45969},"begin":"2023-08-12T18:30:00.000-0000","updated":"2023-08-05T14:19:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In this panel, three artists from the Algorithmic Resistance Research Group (ARRG!) present creative work and workflows that emerged from attempts to crack AI black boxes open. Aligned with the hacker ethos of exploration, experimentation and creative misuse, this panel presents adversarial, ethical artmaking practices for artificial intelligence systems, including image synthesis and recognition. The panel includes three artists displayed in the AI Village Art Exhibition space: Steph Maj Swanson, creator of Loab, the viral \"latent space cryptid,\" Eryk Salvaggio, an artist who revels in confusing AI systems into making images from error states; and Caroline Sinders, an artist and researcher who recontextualizes these systems into revealing underlying biases and potential harms.\r\n\r\nThis non-technical, but conceptual conversation offers up art alongside possible strategies. It will be of interest for hackers intrigued by the creative potential of these tools, but who may have ethical concerns or doubts about the way these tools are assembled, built, and deployed. The artists will share their work and offer insights into strategies and implications of creative misuse.\r\n\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d653b1","name":"Village Panel","id":45771},"title":"Creative Misuse of AI Systems","end_timestamp":{"seconds":1691868300,"nanoseconds":0},"android_description":"In this panel, three artists from the Algorithmic Resistance Research Group (ARRG!) present creative work and workflows that emerged from attempts to crack AI black boxes open. Aligned with the hacker ethos of exploration, experimentation and creative misuse, this panel presents adversarial, ethical artmaking practices for artificial intelligence systems, including image synthesis and recognition. The panel includes three artists displayed in the AI Village Art Exhibition space: Steph Maj Swanson, creator of Loab, the viral \"latent space cryptid,\" Eryk Salvaggio, an artist who revels in confusing AI systems into making images from error states; and Caroline Sinders, an artist and researcher who recontextualizes these systems into revealing underlying biases and potential harms.\r\n\r\nThis non-technical, but conceptual conversation offers up art alongside possible strategies. It will be of interest for hackers intrigued by the creative potential of these tools, but who may have ethical concerns or doubts about the way these tools are assembled, built, and deployed. The artists will share their work and offer insights into strategies and implications of creative misuse.","updated_timestamp":{"seconds":1691031420,"nanoseconds":0},"speakers":[{"content_ids":[52056],"conference_id":96,"event_ids":[52275],"name":"Eryk Salvaggio","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51281}],"timeband_id":991,"links":[],"end":"2023-08-12T19:25:00.000-0000","id":52275,"begin_timestamp":{"seconds":1691865000,"nanoseconds":0},"tag_ids":[40299,45646,45743,45771],"village_id":null,"includes":"","people":[{"tag_id":45631,"sort_order":1,"person_id":51281}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 401-406 - AI Village","hotel":"","short_name":"Academy - 401-406 - AI Village","id":45870},"spans_timebands":"N","updated":"2023-08-03T02:57:00.000-0000","begin":"2023-08-12T18:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Improv is when two (or more) actors don’t know their lines ahead of time, but both agree on a set of rules and on the goal of getting somewhere together.\r\n\r\nSocial engineering is a form of improv in which two (or more) people come together to reach a goal only one person (the ‘actor’) has knowledge of, using rules the other (the target) defines along the way.\r\n\r\nAt least, that’s how we see it. Led by three facilitators who are both information security professionals and improvisers, this first-time program will give attendees an introduction to improv and its special communication techniques. Parallels will be drawn between improv and social engineering, including examples of how the theories and practices of improv can be applied by social engineers to work with their targets in an effective, ethical, and even collaborative way.\r\n\r\nThis engaging program will consist of demonstrations, explanations, and interactions in which attendees will be invited to try out improvisation* themselves in a safe, participatory “sandbox” to apply the concepts learned.\r\n\r\nCome find out why some of the world’s best social engineers utilize these techniques to improv(e) their game.\r\n\r\n* No requirement to perform in front of people nor to be funny.\r\n\r\nPlease see the \"More Information\" link.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"SE Improv","end_timestamp":{"seconds":1691872200,"nanoseconds":0},"android_description":"Improv is when two (or more) actors don’t know their lines ahead of time, but both agree on a set of rules and on the goal of getting somewhere together.\r\n\r\nSocial engineering is a form of improv in which two (or more) people come together to reach a goal only one person (the ‘actor’) has knowledge of, using rules the other (the target) defines along the way.\r\n\r\nAt least, that’s how we see it. Led by three facilitators who are both information security professionals and improvisers, this first-time program will give attendees an introduction to improv and its special communication techniques. Parallels will be drawn between improv and social engineering, including examples of how the theories and practices of improv can be applied by social engineers to work with their targets in an effective, ethical, and even collaborative way.\r\n\r\nThis engaging program will consist of demonstrations, explanations, and interactions in which attendees will be invited to try out improvisation* themselves in a safe, participatory “sandbox” to apply the concepts learned.\r\n\r\nCome find out why some of the world’s best social engineers utilize these techniques to improv(e) their game.\r\n\r\n* No requirement to perform in front of people nor to be funny.\r\n\r\nPlease see the \"More Information\" link.","updated_timestamp":{"seconds":1690590960,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-12T20:30:00.000-0000","links":[{"label":"More Information","type":"link","url":"https://www.se.community/se-improv/"}],"id":51707,"begin_timestamp":{"seconds":1691865000,"nanoseconds":0},"tag_ids":[40302,45649,45743,45775],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social A - Social Engineering Community","hotel":"","short_name":"Social A - Social Engineering Community","id":45736},"begin":"2023-08-12T18:30:00.000-0000","updated":"2023-07-29T00:36:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Cyber-Physical Detection and Response: A new Paradigm in IACS Monitoring and Security","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691866800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1690422840,"nanoseconds":0},"speakers":[{"content_ids":[51486],"conference_id":96,"event_ids":[51642],"name":"Ryan Heartfield","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50563}],"timeband_id":991,"links":[],"end":"2023-08-12T19:00:00.000-0000","id":51642,"village_id":null,"tag_ids":[40306,45645,45646,45743],"begin_timestamp":{"seconds":1691865000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50563}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 313-319 - ICS Village","hotel":"","short_name":"Alliance - 313-319 - ICS Village","id":45869},"spans_timebands":"N","updated":"2023-07-27T01:54:00.000-0000","begin":"2023-08-12T18:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"I Am The Disinformation Campaign","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691867100,"nanoseconds":0},"updated_timestamp":{"seconds":1689553020,"nanoseconds":0},"speakers":[{"content_ids":[51305],"conference_id":96,"event_ids":[51367],"name":"MasterChen","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@chenb0x"}],"media":[],"id":50461}],"timeband_id":991,"links":[],"end":"2023-08-12T19:05:00.000-0000","id":51367,"begin_timestamp":{"seconds":1691865000,"nanoseconds":0},"tag_ids":[40293,45645,45649,45743],"village_id":59,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50461}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social B and C - Recon Village","hotel":"","short_name":"Social B and C - Recon Village","id":45737},"spans_timebands":"N","begin":"2023-08-12T18:30:00.000-0000","updated":"2023-07-17T00:17:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"\"No one hacks at DEFCON any more.\" is what I've heard. That is, until now. Seedboxes/seedhosts are used by thousands of pirates to download and distribute Movies/TV/Music via USENET and Torrents. The thing is, these systems are horribly insecure. Like, they are wide open. In this talk, I am going to open up a xterm, And a FireFox window, and hack into seedhosts. LIVE. No Demos. No Powerpoint. No introduction slides. Just port scan, attack, 0wn, extract credentials, download all content, obtain other users' credentials, etc. For literally thousands of accounts.\r\n\r\nDid you know people store their Google Drive tokens on seedhosts? Did you know that your seedbox provider has no idea how to properly configure docker? Did you know that your plain-text password is sitting in multiple places on these machines, accessible to all other users? Did you know that administrators for very-large private torrent sites re-use the same password for all their accounts, and leave them on seedhosts? Let's hack.\r\n\r\nThe presenter has been attending DEFCON for ~20 years, and has run various villages and contests for over 10 years. A professional pentester for over 24 years, his previously released research and tools are present in MetaSploit, blog posts, blah blah blah. The hacker is a long-time member of AHA (Austin Hackers Anonymous - takeonme.org ) and is well known for their \"this one time on a pentest\" stories.\r\n\r\nThe thing is though. We aren't going to tell you their handle/name. It's not important. You don't need it. Don't pick a talk by how famous someone is.\r\n\r\nREFERENCES: \r\nhttps://censys.io/\r\nhttps://en.wikipedia.org/wiki/Bash_(Unix_shell)\r\nhttps://nmap.org/\r\nhttps://sonarr.tv/\r\nhttps://radarr.video/\r\nhttps://github.com/Novik/ruTorrent\r\nhttps://rclone.org/\r\nhttps://nzbget.net/\r\nhttps://sabnzbd.org/\r\nhttps://en.wikipedia.org/wiki/Seedbox\n\n\n","title":"Mass Owning of Seedboxes - A Live Hacking Exhibition","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#47c64e","name":"DEF CON War Story","id":45844},"end_timestamp":{"seconds":1691867700,"nanoseconds":0},"android_description":"\"No one hacks at DEFCON any more.\" is what I've heard. That is, until now. Seedboxes/seedhosts are used by thousands of pirates to download and distribute Movies/TV/Music via USENET and Torrents. The thing is, these systems are horribly insecure. Like, they are wide open. In this talk, I am going to open up a xterm, And a FireFox window, and hack into seedhosts. LIVE. No Demos. No Powerpoint. No introduction slides. Just port scan, attack, 0wn, extract credentials, download all content, obtain other users' credentials, etc. For literally thousands of accounts.\r\n\r\nDid you know people store their Google Drive tokens on seedhosts? Did you know that your seedbox provider has no idea how to properly configure docker? Did you know that your plain-text password is sitting in multiple places on these machines, accessible to all other users? Did you know that administrators for very-large private torrent sites re-use the same password for all their accounts, and leave them on seedhosts? Let's hack.\r\n\r\nThe presenter has been attending DEFCON for ~20 years, and has run various villages and contests for over 10 years. A professional pentester for over 24 years, his previously released research and tools are present in MetaSploit, blog posts, blah blah blah. The hacker is a long-time member of AHA (Austin Hackers Anonymous - takeonme.org ) and is well known for their \"this one time on a pentest\" stories.\r\n\r\nThe thing is though. We aren't going to tell you their handle/name. It's not important. You don't need it. Don't pick a talk by how famous someone is.\r\n\r\nREFERENCES: \r\nhttps://censys.io/\r\nhttps://en.wikipedia.org/wiki/Bash_(Unix_shell)\r\nhttps://nmap.org/\r\nhttps://sonarr.tv/\r\nhttps://radarr.video/\r\nhttps://github.com/Novik/ruTorrent\r\nhttps://rclone.org/\r\nhttps://nzbget.net/\r\nhttps://sabnzbd.org/\r\nhttps://en.wikipedia.org/wiki/Seedbox","updated_timestamp":{"seconds":1687139160,"nanoseconds":0},"speakers":[{"content_ids":[50589],"conference_id":96,"event_ids":[50862],"name":"Anon","affiliations":[{"organization":"","title":"Hacker"}],"links":[],"pronouns":"he/him","media":[],"id":49821,"title":"Hacker"}],"timeband_id":991,"end":"2023-08-12T19:15:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245760"}],"id":50862,"begin_timestamp":{"seconds":1691865000,"nanoseconds":0},"village_id":null,"tag_ids":[45592,45630,45648,45844],"includes":"Tool 🛠, Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49821}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45666,"name":"Harrah's - Nevada Ballroom - Lake Tahoe & Reno - War Stories - Off the Record","hotel":"","short_name":"War Stories - Off the Record","id":45802},"spans_timebands":"N","begin":"2023-08-12T18:30:00.000-0000","updated":"2023-06-19T01:46:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In 2021 the FORCEDENTRY sandbox escape introduced the usage of NSPredicate in an iOS exploit. This new technique allowed attackers to sidestep codesigning, ASLR, and all other mitigations to execute arbitrary code on Apple devices. As a result, Apple put in place new restrictions to make NSPredicate less powerful and less useful for exploits. This presentation will cover new research showing that these added restrictions could be completely circumvented in iOS 16, and how NSPredicates could be exploited to gain code execution in many privileged iOS processes. This technical deep dive will be a rare instance of iOS security that anyone can comprehend without years of experience.\r\n \r\nAfter an overview of the classes involved, we will explore the full syntax of NSPredicate and cover how it can be used to script the Objective-C runtime and even call any C function. It will be shown that PAC can still be bypassed 100% reliably with NSPredicates in order to execute any function with arbitrary arguments. A new tool will be unveiled to help craft complex NSPredicates to execute arbitrary code and inject those predicates in any application. Additionally, a demonstration will be given which executes arbitrary code in the highly privileged Preferences app. \r\n \r\nFinally, the talk will cover a bypass of NSPredicateVisitor implementations which allows a malicious process to evaluate any NSPredicate within several system processes including coreduetd, appstored, OSLogService, and SpringBoard. Next there will be a live demo of exploiting SpringBoard to steal a user’s notifications and location data. The presentation will end with some discussion about what can still be done with NSPredicates now that these issues have been fixed, including bypassing App Store Review, and what app developers should know to keep their own apps safe. \r\n\r\nREFERENCES: \r\n\r\nNSPredicate - https://developer.apple.com/documentation/foundation/nspredicate?language=objc\r\nSee No Eval: Runtime Dynamic Code Execution in Objective-C by CodeColorist - https://codecolor.ist/2021/01/16/see-no-eval-runtime-code-execution-objc/\r\nFORCEDENTRY: Sandbox Escape by Ian Beer & Samuel Groß of Google Project Zero - https://googleprojectzero.blogspot.com/2022/03/forcedentry-sandbox-escape.html\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"title":"Apple's Predicament: NSPredicate Exploitation on macOS and iOS","android_description":"In 2021 the FORCEDENTRY sandbox escape introduced the usage of NSPredicate in an iOS exploit. This new technique allowed attackers to sidestep codesigning, ASLR, and all other mitigations to execute arbitrary code on Apple devices. As a result, Apple put in place new restrictions to make NSPredicate less powerful and less useful for exploits. This presentation will cover new research showing that these added restrictions could be completely circumvented in iOS 16, and how NSPredicates could be exploited to gain code execution in many privileged iOS processes. This technical deep dive will be a rare instance of iOS security that anyone can comprehend without years of experience.\r\n \r\nAfter an overview of the classes involved, we will explore the full syntax of NSPredicate and cover how it can be used to script the Objective-C runtime and even call any C function. It will be shown that PAC can still be bypassed 100% reliably with NSPredicates in order to execute any function with arbitrary arguments. A new tool will be unveiled to help craft complex NSPredicates to execute arbitrary code and inject those predicates in any application. Additionally, a demonstration will be given which executes arbitrary code in the highly privileged Preferences app. \r\n \r\nFinally, the talk will cover a bypass of NSPredicateVisitor implementations which allows a malicious process to evaluate any NSPredicate within several system processes including coreduetd, appstored, OSLogService, and SpringBoard. Next there will be a live demo of exploiting SpringBoard to steal a user’s notifications and location data. The presentation will end with some discussion about what can still be done with NSPredicates now that these issues have been fixed, including bypassing App Store Review, and what app developers should know to keep their own apps safe. \r\n\r\nREFERENCES: \r\n\r\nNSPredicate - https://developer.apple.com/documentation/foundation/nspredicate?language=objc\r\nSee No Eval: Runtime Dynamic Code Execution in Objective-C by CodeColorist - https://codecolor.ist/2021/01/16/see-no-eval-runtime-code-execution-objc/\r\nFORCEDENTRY: Sandbox Escape by Ian Beer & Samuel Groß of Google Project Zero - https://googleprojectzero.blogspot.com/2022/03/forcedentry-sandbox-escape.html","end_timestamp":{"seconds":1691867700,"nanoseconds":0},"updated_timestamp":{"seconds":1687137480,"nanoseconds":0},"speakers":[{"content_ids":[50563],"conference_id":96,"event_ids":[50806],"name":"Austin Emmitt","affiliations":[{"organization":"Trellix Advanced Research Center","title":"Senior Security Researcher"}],"pronouns":"he/him","links":[{"description":"","title":"Mastodon (@alkali@infosec.exchange)","sort_order":0,"url":"https://infosec.exchange/@alkali"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/alkalinesec"}],"media":[],"id":49777,"title":"Senior Security Researcher at Trellix Advanced Research Center"}],"timeband_id":991,"end":"2023-08-12T19:15:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245734"}],"id":50806,"begin_timestamp":{"seconds":1691865000,"nanoseconds":0},"village_id":null,"tag_ids":[45589,45592,45629,45630,45646,45766],"includes":"Tool 🛠, Demo 💻, Exploit 🪲","people":[{"tag_id":45590,"sort_order":1,"person_id":49777}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 130-134 - Track 3","hotel":"","short_name":"Forum - 130-134 - Track 3","id":45798},"spans_timebands":"N","updated":"2023-06-19T01:18:00.000-0000","begin":"2023-08-12T18:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Android devices are constantly improving their security to protect against attackers with physical access, with new protection techniques being added year-by-year. This talk aims to demonstrate vulnerabilities in modern Android smartphones that are still viable, despite the mitigations in place.\r\n \r\nIn the first phase of this talk, we will discuss analysis and exploitation of vendor-customised versions of Android's Recovery mode, demonstrating weaknesses that allow for privilege escalation to root, and traversal from Recovery to Android, without Bootloader access, using nothing but a Micro SD card.\r\n \r\nIn the second phase, we will discuss weaknesses in the Secondary Bootloader of devices produced by a popular smartphone manufacturer. We will demonstrate how, using a vulnerability in the core USB stack, code execution can be achieved, and a modified Android image can be booted, without compromising the functionality of the device.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"title":"Physical Attacks Against Smartphones","end_timestamp":{"seconds":1691867700,"nanoseconds":0},"android_description":"Android devices are constantly improving their security to protect against attackers with physical access, with new protection techniques being added year-by-year. This talk aims to demonstrate vulnerabilities in modern Android smartphones that are still viable, despite the mitigations in place.\r\n \r\nIn the first phase of this talk, we will discuss analysis and exploitation of vendor-customised versions of Android's Recovery mode, demonstrating weaknesses that allow for privilege escalation to root, and traversal from Recovery to Android, without Bootloader access, using nothing but a Micro SD card.\r\n \r\nIn the second phase, we will discuss weaknesses in the Secondary Bootloader of devices produced by a popular smartphone manufacturer. We will demonstrate how, using a vulnerability in the core USB stack, code execution can be achieved, and a modified Android image can be booted, without compromising the functionality of the device.","updated_timestamp":{"seconds":1687137600,"nanoseconds":0},"speakers":[{"content_ids":[50565],"conference_id":96,"event_ids":[50766],"name":"Christopher Wade","affiliations":[{"organization":"","title":"Hacker"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Iskuri1"}],"media":[],"id":49780,"title":"Hacker"}],"timeband_id":991,"end":"2023-08-12T19:15:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245736"}],"id":50766,"begin_timestamp":{"seconds":1691865000,"nanoseconds":0},"tag_ids":[45589,45592,45629,45630,45646,45766],"village_id":null,"includes":"Tool 🛠, Demo 💻, Exploit 🪲","people":[{"tag_id":45590,"sort_order":1,"person_id":49780}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 105,135,136 - Track 1","hotel":"","short_name":"Forum - 105,135,136 - Track 1","id":45796},"updated":"2023-06-19T01:20:00.000-0000","begin":"2023-08-12T18:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Enterprise SSO protocols and vendor implementations continue to evolve for the worse, as we've gone from SAML to OAuth to MUVP (Made-Up-Vendor-Protocol).\r\n\r\nAttacks against SSO started with the Golden SAML attack (Cyberark, 11/2017), which used stolen certificates to spoof SAML responses, recently used in the SolarWinds hack in 2020. Recently, OAuth has been used to implement SSO, and new POC identity attacks have been published such as gaining access to a Facebook account that uses Gmail as the SSO identity provider via OAuth 2.0 (Sammouda, 5/2022), utilizing the chaining of traditional web vulnerabilities such as XSS with the design of the OAuth protocol in order to steal OAuth session tokens. AWS's SSO implementation mixes SAML, OAuth, and traditional AWS access keys. And Microsoft and Google also use custom OAuth to implement SSO among their app suites.\r\n\r\nThis protocol soup opens up more areas for abuse by attackers with key benefits: remotely-enabled attacks by design without need for endpoint compromise, near-permanent access, no need to go through MFA challenges, and incomplete controls for in preventing, detecting, and responding to these attacks.\r\n\r\nWe will demonstrate how these attacks work, what's different, how the underlying SSO protocols and features are abused, and where defensive measures fail.\n\n\n","title":"SSO Sloppy, SSO Suspect, SSO Vulnerable","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691866200,"nanoseconds":0},"android_description":"Enterprise SSO protocols and vendor implementations continue to evolve for the worse, as we've gone from SAML to OAuth to MUVP (Made-Up-Vendor-Protocol).\r\n\r\nAttacks against SSO started with the Golden SAML attack (Cyberark, 11/2017), which used stolen certificates to spoof SAML responses, recently used in the SolarWinds hack in 2020. Recently, OAuth has been used to implement SSO, and new POC identity attacks have been published such as gaining access to a Facebook account that uses Gmail as the SSO identity provider via OAuth 2.0 (Sammouda, 5/2022), utilizing the chaining of traditional web vulnerabilities such as XSS with the design of the OAuth protocol in order to steal OAuth session tokens. AWS's SSO implementation mixes SAML, OAuth, and traditional AWS access keys. And Microsoft and Google also use custom OAuth to implement SSO among their app suites.\r\n\r\nThis protocol soup opens up more areas for abuse by attackers with key benefits: remotely-enabled attacks by design without need for endpoint compromise, near-permanent access, no need to go through MFA challenges, and incomplete controls for in preventing, detecting, and responding to these attacks.\r\n\r\nWe will demonstrate how these attacks work, what's different, how the underlying SSO protocols and features are abused, and where defensive measures fail.","updated_timestamp":{"seconds":1690921260,"nanoseconds":0},"speakers":[{"content_ids":[51986],"conference_id":96,"event_ids":[52180],"name":"Jenko Hwong","affiliations":[{"organization":"Netskope","title":"Principal Researcher, Threat Research Team"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jenkohwong"}],"pronouns":null,"media":[],"id":51192,"title":"Principal Researcher, Threat Research Team at Netskope"}],"timeband_id":991,"links":[],"end":"2023-08-12T18:50:00.000-0000","id":52180,"village_id":null,"tag_ids":[40284,45645,45647,45743],"begin_timestamp":{"seconds":1691863800,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51192}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Mesquite - Cloud Village","hotel":"","short_name":"Mesquite - Cloud Village","id":45653},"begin":"2023-08-12T18:10:00.000-0000","updated":"2023-08-01T20:21:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Anatomical medical simulators are an integral part of both medical training and experimentation, as well as implant biohacking. However, commercial models typically range from thousands of dollars for simple one-piece designs to hundreds of thousands of dollars for computer-visualized designs. This cost limits the use of medically accurate training models outside of well-funded medical schools. Using only a 3D printer, silicone, ballistics gel, balloons, and yarn, I’ve built on the work of others to develop DIY methods of mimicking commercial medical simulators for a small fraction of their cost (usually under 10%). These models can include pulsatile arteries, superficial rolling veins, nerves, skin, muscle planes, bones, and articulating joints. They are ultrasound-able, recyclable, and, with the addition of infrared tracking cameras, can be integrated into virtual environments for internal visualization. Projects like this lower the barrier to entry for citizen scientists and less funded biohackers to experiment and explore medical implants, procedures, and ultrasound.\n\n\n","title":"How to build a body in your garage","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"Anatomical medical simulators are an integral part of both medical training and experimentation, as well as implant biohacking. However, commercial models typically range from thousands of dollars for simple one-piece designs to hundreds of thousands of dollars for computer-visualized designs. This cost limits the use of medically accurate training models outside of well-funded medical schools. Using only a 3D printer, silicone, ballistics gel, balloons, and yarn, I’ve built on the work of others to develop DIY methods of mimicking commercial medical simulators for a small fraction of their cost (usually under 10%). These models can include pulsatile arteries, superficial rolling veins, nerves, skin, muscle planes, bones, and articulating joints. They are ultrasound-able, recyclable, and, with the addition of infrared tracking cameras, can be integrated into virtual environments for internal visualization. Projects like this lower the barrier to entry for citizen scientists and less funded biohackers to experiment and explore medical implants, procedures, and ultrasound.","end_timestamp":{"seconds":1691865600,"nanoseconds":0},"updated_timestamp":{"seconds":1689116820,"nanoseconds":0},"speakers":[{"content_ids":[51048],"conference_id":96,"event_ids":[51080],"name":"Brennan Marsh-Armstrong","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50246}],"timeband_id":991,"links":[],"end":"2023-08-12T18:40:00.000-0000","id":51080,"begin_timestamp":{"seconds":1691863800,"nanoseconds":0},"tag_ids":[45645,45647,45717],"village_id":68,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50246}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Laughlin I,II,III - Biohacking Village","hotel":"","short_name":"Laughlin I,II,III - Biohacking Village","id":45663},"begin":"2023-08-12T18:10:00.000-0000","updated":"2023-07-11T23:07:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Pacific Northwest National Laboratory (PNNL) has developed and operates modeled physical environments for training and demonstrating cyber security for DHS CISA as part of their ICS Control Environment Laboratory Resource (CELR). To expose a broader audience at conferences and industry venues, CISA is implementing an XR interface to enable remote users to have a visceral experience as if they are in the same room as the CELR models. The CISA CELR team is developing cutting-edge data pipelines with the Depthkit software and developers at Scatter that can record and transmit accurate 3D renderings of objects and people in near real-time to an XR headset (HoloLens 2). Depthkit combines the data streams from up to 10 Microsoft Azure Kinect cameras and combines them into a calibrated photorealistic 3D video. This video can be exported into the Unity game engine and embedded as recordings or live streams into an XR application. The demonstration planned for Defcon will be for the Rail sector systems including an AR overview of the skid model with some pre-recorded videos of failure scenarios and some VR exploration of rail sector subsystems including a locomotive cab, wayside controller, and regional dispatch display. Conference attendees will learn more about the rail sector and its use of cyber components and the potential risks of cyber based failures.\n\n\n","title":"Off the Rails: A demo with Pacific Northwest National Labs","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"android_description":"Pacific Northwest National Laboratory (PNNL) has developed and operates modeled physical environments for training and demonstrating cyber security for DHS CISA as part of their ICS Control Environment Laboratory Resource (CELR). To expose a broader audience at conferences and industry venues, CISA is implementing an XR interface to enable remote users to have a visceral experience as if they are in the same room as the CELR models. The CISA CELR team is developing cutting-edge data pipelines with the Depthkit software and developers at Scatter that can record and transmit accurate 3D renderings of objects and people in near real-time to an XR headset (HoloLens 2). Depthkit combines the data streams from up to 10 Microsoft Azure Kinect cameras and combines them into a calibrated photorealistic 3D video. This video can be exported into the Unity game engine and embedded as recordings or live streams into an XR application. The demonstration planned for Defcon will be for the Rail sector systems including an AR overview of the skid model with some pre-recorded videos of failure scenarios and some VR exploration of rail sector subsystems including a locomotive cab, wayside controller, and regional dispatch display. Conference attendees will learn more about the rail sector and its use of cyber components and the potential risks of cyber based failures.","end_timestamp":{"seconds":1691884800,"nanoseconds":0},"updated_timestamp":{"seconds":1691357160,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T00:00:00.000-0000","id":52578,"tag_ids":[40311,45646,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 206 - XR Village","hotel":"","short_name":"Summit - 206 - XR Village","id":45860},"spans_timebands":"N","updated":"2023-08-06T21:26:00.000-0000","begin":"2023-08-12T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"No Starch Press - Book Signing - Maria Markstedter, Blue Fox: Arm Assembly Internals and Reverse Engineering","type":{"conference_id":96,"conference":"DEFCON31","color":"#2ec300","updated_at":"2024-06-07T03:38+0000","name":"Vendor Event","id":45769},"android_description":"","end_timestamp":{"seconds":1691866800,"nanoseconds":0},"updated_timestamp":{"seconds":1691348460,"nanoseconds":0},"speakers":[{"content_ids":[52298],"conference_id":96,"event_ids":[52570],"name":"Maria Markstedter","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51520}],"timeband_id":991,"links":[],"end":"2023-08-12T19:00:00.000-0000","id":52570,"tag_ids":[45646,45743,45769,45770],"village_id":null,"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":51520}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 305-306 - Vendors","hotel":"","short_name":"Alliance - 305-306 - Vendors","id":45866},"spans_timebands":"N","updated":"2023-08-06T19:01:00.000-0000","begin":"2023-08-12T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This workshop will delve into the uncharted territory of Uncensored Large Language Models (LLMs) and explore their latent potential. This immersive session invites cybersecurity experts, researchers, and enthusiasts alike to understand the profound capabilities of uncensored LLMs displayed in misinformation and manipulation tactics, and how malicious actors might exploit this capability.\r\n \r\nDuring the workshop, attendees will gain a practical understanding of how LLMs can deploy sophisticated strategies pulled from psychological literature and advertising science. From harnessing cognitive biases and social norms to capitalizing on habit loops, the mechanisms of manipulation are as intriguing as they are unsettling. An uncensored LLM, ripe for exploration, serves as our playground, providing invaluable insights into its interaction patterns.\r\n \r\nBut it's not just about understanding these models; it's about looking beyond the horizon. Participants will also be introduced to the concept of 'shadow prompts,' concealed instructions that a compromised or malicious LLM runs alongside standard user prompts. Unraveling the intricacies of these shadow prompts will reveal how they can stealthily shift the outcomes of LLM interactions.\r\n \r\nThis workshop is more than just a one-off event. All participants will automatically become members of our burgeoning \"\"Evil Digital Twin\"\" community. This membership comes with the opportunity to engage in an ongoing learning journey, unveiling the less-discussed capabilities of LLMs. By fostering a collaborative environment, we aim to empower members to not only understand these evolving digital entities but also devise robust defenses against them within their respective organizations and institutions.\r\n \r\nTwo deep experts in psychology and cybersecurity and the intelligence community will be your guides.\n\n\n","title":"Evil Digital Twin: Learn Psychological Manipulation with an Uncensored LLM","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691866800,"nanoseconds":0},"android_description":"This workshop will delve into the uncharted territory of Uncensored Large Language Models (LLMs) and explore their latent potential. This immersive session invites cybersecurity experts, researchers, and enthusiasts alike to understand the profound capabilities of uncensored LLMs displayed in misinformation and manipulation tactics, and how malicious actors might exploit this capability.\r\n \r\nDuring the workshop, attendees will gain a practical understanding of how LLMs can deploy sophisticated strategies pulled from psychological literature and advertising science. From harnessing cognitive biases and social norms to capitalizing on habit loops, the mechanisms of manipulation are as intriguing as they are unsettling. An uncensored LLM, ripe for exploration, serves as our playground, providing invaluable insights into its interaction patterns.\r\n \r\nBut it's not just about understanding these models; it's about looking beyond the horizon. Participants will also be introduced to the concept of 'shadow prompts,' concealed instructions that a compromised or malicious LLM runs alongside standard user prompts. Unraveling the intricacies of these shadow prompts will reveal how they can stealthily shift the outcomes of LLM interactions.\r\n \r\nThis workshop is more than just a one-off event. All participants will automatically become members of our burgeoning \"\"Evil Digital Twin\"\" community. This membership comes with the opportunity to engage in an ongoing learning journey, unveiling the less-discussed capabilities of LLMs. By fostering a collaborative environment, we aim to empower members to not only understand these evolving digital entities but also devise robust defenses against them within their respective organizations and institutions.\r\n \r\nTwo deep experts in psychology and cybersecurity and the intelligence community will be your guides.","updated_timestamp":{"seconds":1691284680,"nanoseconds":0},"speakers":[{"content_ids":[52280],"conference_id":96,"event_ids":[52544],"name":"Ben D. Sawyer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51497},{"content_ids":[52280],"conference_id":96,"event_ids":[52544],"name":"Matthew Canham","affiliations":[{"organization":"Beyond Layer 7","title":"CEO"}],"links":[],"pronouns":null,"media":[],"id":51506,"title":"CEO at Beyond Layer 7"}],"timeband_id":991,"links":[],"end":"2023-08-12T19:00:00.000-0000","id":52544,"tag_ids":[40305,45646,45719,45743],"village_id":null,"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51497},{"tag_id":45632,"sort_order":1,"person_id":51506}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 224 - Misinfo Village","hotel":"","short_name":"Summit - 224 - Misinfo Village","id":45856},"updated":"2023-08-06T01:18:00.000-0000","begin":"2023-08-12T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"title":"Diameter Workshop","end_timestamp":{"seconds":1691870400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691257200,"nanoseconds":0},"speakers":[{"content_ids":[52238,52239,52241,52242],"conference_id":96,"event_ids":[52493,52494,52496,52497,52500,52501],"name":"Zibran Sayyed","affiliations":[{"organization":"","title":"Sr. Security Consultant Telecom"}],"links":[],"pronouns":null,"media":[],"id":51522,"title":"Sr. Security Consultant Telecom"},{"content_ids":[52243,52238,52239,52241,52242],"conference_id":96,"event_ids":[52493,52494,52496,52497,52500,52501,52498],"name":"Akib Sayyed","affiliations":[{"organization":"Matrix Shell Technologies Prviate Limited","title":"Director"}],"links":[],"pronouns":null,"media":[],"id":51524,"title":"Director at Matrix Shell Technologies Prviate Limited"}],"timeband_id":991,"links":[],"end":"2023-08-12T20:00:00.000-0000","id":52496,"tag_ids":[40304,45647,45719,45743],"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"village_id":72,"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":51524},{"tag_id":45633,"sort_order":1,"person_id":51522}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Virginia City - Telecom Village","hotel":"","short_name":"Virginia City - Telecom Village","id":45723},"spans_timebands":"N","begin":"2023-08-12T18:00:00.000-0000","updated":"2023-08-05T17:40:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In this workshop we will develop quantum algorithms to solve a computer science problem called the shortest lattice problem (SVP). SVP is geometrically simple - given a description of a mathematical lattice (a repeating pattern of points in N-dimensional space), can you find the shortest distance between any two points - i.e. the shortest vector? This problem is NP hard and we believe it is resistant to quantum computers. \r\n\r\nBased upon the results of “Two quantum Ising algorithms for the shortest-vector problem”, we will explain the principle of quantum adiabatic computation, of Hamiltonian minimization, and of how to map mathematical problems into a Hamiltonian ready to be plugged into a quantum computation framework. \r\n\r\nDuring the course of the workshop, participants will fill in functions in a Jupyter notebook to construct lattices, convert them into a Hamiltonian, and describe quantum annealing dynamics. They will then (hopefully) be able to submit these queries to a D-Wave QPU to which will sample short vectors for them, and we will visualize as a group the results returned. \r\n\r\nThis exercise will get participants directly interacting with a QPU, understanding some of the benefits and limitations of annealing-based quantum computation, and will learn about an exciting computer science problem and how it directly feeds into our security architecture, (e.g. Kyber!)\n\n\n","title":"Quantum attacks on next-gen cryptosystems: lattices, annealers, notebooks","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"In this workshop we will develop quantum algorithms to solve a computer science problem called the shortest lattice problem (SVP). SVP is geometrically simple - given a description of a mathematical lattice (a repeating pattern of points in N-dimensional space), can you find the shortest distance between any two points - i.e. the shortest vector? This problem is NP hard and we believe it is resistant to quantum computers. \r\n\r\nBased upon the results of “Two quantum Ising algorithms for the shortest-vector problem”, we will explain the principle of quantum adiabatic computation, of Hamiltonian minimization, and of how to map mathematical problems into a Hamiltonian ready to be plugged into a quantum computation framework. \r\n\r\nDuring the course of the workshop, participants will fill in functions in a Jupyter notebook to construct lattices, convert them into a Hamiltonian, and describe quantum annealing dynamics. They will then (hopefully) be able to submit these queries to a D-Wave QPU to which will sample short vectors for them, and we will visualize as a group the results returned. \r\n\r\nThis exercise will get participants directly interacting with a QPU, understanding some of the benefits and limitations of annealing-based quantum computation, and will learn about an exciting computer science problem and how it directly feeds into our security architecture, (e.g. Kyber!)","end_timestamp":{"seconds":1691868600,"nanoseconds":0},"updated_timestamp":{"seconds":1691108580,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-12T19:30:00.000-0000","id":52431,"tag_ids":[40291,45645,45649,45743],"village_id":null,"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Quantum Village","hotel":"","short_name":"Quantum Village","id":45741},"spans_timebands":"N","updated":"2023-08-04T00:23:00.000-0000","begin":"2023-08-12T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Hack-A-Sat 4 is quite simply the world's first CTF in space. Now in its 4th year, the Hack-A-Sat competition series aims to enable security researchers of all levels to focus their skills and creativity on solving cyber security challenges on space systems and incentivize innovation in securing these systems. Stop by and witness the 5 finalist teams compete for $100K in prizes, learn more about the history of Hack-A-Sat, and the Moonlighter satellite hosting this year's competition. Competition updates will be presented on the AV stage both Friday and Saturday morning at 11 am PT.\n\n\n","title":"Hack-A-Sat 4 Briefing","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691866200,"nanoseconds":0},"android_description":"Hack-A-Sat 4 is quite simply the world's first CTF in space. Now in its 4th year, the Hack-A-Sat competition series aims to enable security researchers of all levels to focus their skills and creativity on solving cyber security challenges on space systems and incentivize innovation in securing these systems. Stop by and witness the 5 finalist teams compete for $100K in prizes, learn more about the history of Hack-A-Sat, and the Moonlighter satellite hosting this year's competition. Competition updates will be presented on the AV stage both Friday and Saturday morning at 11 am PT.","updated_timestamp":{"seconds":1691101080,"nanoseconds":0},"speakers":[{"content_ids":[52148,52166],"conference_id":96,"event_ids":[52378,52396,52398],"name":"Hack-A-Sat 4 Team","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51410}],"timeband_id":991,"links":[],"end":"2023-08-12T18:50:00.000-0000","id":52398,"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"tag_ids":[40280,45645,45646,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51410}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"updated":"2023-08-03T22:18:00.000-0000","begin":"2023-08-12T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Ultimate AppSec Trivia Challenge is a fun and educational game that tests your application security knowledge. The game consists of cards with questions ranging from easy to hard, all related to application security. Players can challenge themselves, or each other, to test their knowledge. You can improve your understanding of AppSec and have fun simultaneously. Bring your team or yourself and see where you rank on the leaderboard! Whether you're a beginner or an expert in application security, The Ultimate AppSec Trivia Challenge has something for everyone to learn.\n\n\n","title":"The Ultimate AppSec Trivia Challenge","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691870400,"nanoseconds":0},"android_description":"The Ultimate AppSec Trivia Challenge is a fun and educational game that tests your application security knowledge. The game consists of cards with questions ranging from easy to hard, all related to application security. Players can challenge themselves, or each other, to test their knowledge. You can improve your understanding of AppSec and have fun simultaneously. Bring your team or yourself and see where you rank on the leaderboard! Whether you're a beginner or an expert in application security, The Ultimate AppSec Trivia Challenge has something for everyone to learn.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52088],"conference_id":96,"event_ids":[52314,52374,52375,52376],"name":"Probely","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51373}],"timeband_id":991,"links":[],"end":"2023-08-12T20:00:00.000-0000","id":52375,"village_id":null,"tag_ids":[40297,45647,45743,45775],"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51373}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 4","hotel":"","short_name":"AppSec Village - Pod 4","id":45965},"begin":"2023-08-12T18:00:00.000-0000","updated":"2023-08-03T15:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Have participants find the true positives out of 5 SQLi. \n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"Spot the True Positives!","end_timestamp":{"seconds":1691870400,"nanoseconds":0},"android_description":"Have participants find the true positives out of 5 SQLi.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52087],"conference_id":96,"event_ids":[52313,52372],"name":"Backslash","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51328}],"timeband_id":991,"links":[],"end":"2023-08-12T20:00:00.000-0000","id":52372,"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"tag_ids":[40297,45647,45743,45775],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51328}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 3","hotel":"","short_name":"AppSec Village - Pod 3","id":45964},"updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-12T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Put on your blue team hat and learn to detect and remediate compromises in your software delivery pipeline. Whether you have a beginner, intermediate, or advanced level, we have challenges catered for you! Using honeytokens, uncover ongoing application security attacks and map the attack surface. Gain hands-on experience prioritizing threats and enhancing your defensive skills. Receive feedback and recommendations for improvement. Plus, participants will receive a cool T-shirt! Take advantage of this exciting and educational opportunity.\n\n\n","title":"Hunt the Hacker - Detect compromises in your repositories!","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691870400,"nanoseconds":0},"android_description":"Put on your blue team hat and learn to detect and remediate compromises in your software delivery pipeline. Whether you have a beginner, intermediate, or advanced level, we have challenges catered for you! Using honeytokens, uncover ongoing application security attacks and map the attack surface. Gain hands-on experience prioritizing threats and enhancing your defensive skills. Receive feedback and recommendations for improvement. Plus, participants will receive a cool T-shirt! Take advantage of this exciting and educational opportunity.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52105],"conference_id":96,"event_ids":[52330,52363,52364,52365],"name":"GitGuardian","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51342}],"timeband_id":991,"links":[],"end":"2023-08-12T20:00:00.000-0000","id":52330,"tag_ids":[40297,45647,45743,45775],"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51342}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 1","hotel":"","short_name":"AppSec Village - Pod 1","id":45962},"begin":"2023-08-12T18:00:00.000-0000","updated":"2023-08-03T15:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Nowadays, JSON Web Tokens are everywhere. They are used as session tokens, OAuth tokens or just to pass information between applications or microservices. By design, JWT contains a high number of security and cryptography pitfalls that creates interesting vulnerabilities. In this workshop, we are going to learn how to exploit some of those issues. \r\n\r\nFirst, we are going to look at the old issues: the none algorithm, guessing/bruteforcing the hmac secret.\r\n\r\nThen we will look at more recent issues like how an RSA public key can be computed from multiple signatures to exploit algorithm confusion and how the same attack can be done with ECDSA. We will also look at leveraging issues with the kid/jku/x5u. And finally how to leverage CVE-2022-21449 to bypass the signature mechanism. \r\n\r\n\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"title":"JWT Parkour","android_description":"Nowadays, JSON Web Tokens are everywhere. They are used as session tokens, OAuth tokens or just to pass information between applications or microservices. By design, JWT contains a high number of security and cryptography pitfalls that creates interesting vulnerabilities. In this workshop, we are going to learn how to exploit some of those issues. \r\n\r\nFirst, we are going to look at the old issues: the none algorithm, guessing/bruteforcing the hmac secret.\r\n\r\nThen we will look at more recent issues like how an RSA public key can be computed from multiple signatures to exploit algorithm confusion and how the same attack can be done with ECDSA. We will also look at leveraging issues with the kid/jku/x5u. And finally how to leverage CVE-2022-21449 to bypass the signature mechanism.","end_timestamp":{"seconds":1691870400,"nanoseconds":0},"updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52104,51071],"conference_id":96,"event_ids":[51104,52329],"name":"Louis Nyffenegger","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/nyffeneggerlouis/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/snyff"}],"pronouns":null,"media":[],"id":51360}],"timeband_id":991,"links":[],"end":"2023-08-12T20:00:00.000-0000","id":52329,"tag_ids":[40297,45647,45719,45743],"village_id":null,"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51360}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Workshop","hotel":"","short_name":"AppSec Village - Workshop","id":45961},"spans_timebands":"N","updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-12T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The talk is about the importance of application security (AppSec) in modern software development due to the increasing number of applications being built, bought, and downloaded. As applications are the main source of security breaches, organizations need to establish strong AppSec programs to ensure weaknesses are identified and resolved early in the development cycle. However, small startups with limited budgets may struggle to establish a dedicated AppSec team, making it important to focus on key areas such as establishing baseline knowledge, implementing basic security controls, prioritizing security based on risk, and continuous monitoring and improvement. The talk will cover ways to build a business case for investing in AppSec programs and establishing benchmarks and metrics for success.\n\n\n","title":"Getting More Bang for your Buck:Appsec on a Limited Budget","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691865900,"nanoseconds":0},"android_description":"The talk is about the importance of application security (AppSec) in modern software development due to the increasing number of applications being built, bought, and downloaded. As applications are the main source of security breaches, organizations need to establish strong AppSec programs to ensure weaknesses are identified and resolved early in the development cycle. However, small startups with limited budgets may struggle to establish a dedicated AppSec team, making it important to focus on key areas such as establishing baseline knowledge, implementing basic security controls, prioritizing security based on risk, and continuous monitoring and improvement. The talk will cover ways to build a business case for investing in AppSec programs and establishing benchmarks and metrics for success.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52083],"conference_id":96,"event_ids":[52310],"name":"Vandana Verma Sehgal","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/vandana-verma/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/InfosecVandana"}],"pronouns":null,"media":[],"id":51383},{"content_ids":[52083],"conference_id":96,"event_ids":[52310],"name":"Viraj Gandhi","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/virajg/"}],"pronouns":null,"media":[],"id":51384}],"timeband_id":991,"links":[],"end":"2023-08-12T18:45:00.000-0000","id":52310,"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"village_id":null,"tag_ids":[40297,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51383},{"tag_id":45590,"sort_order":1,"person_id":51384}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Main Stage","hotel":"","short_name":"AppSec Village - Main Stage","id":45960},"spans_timebands":"N","begin":"2023-08-12T18:00:00.000-0000","updated":"2023-08-03T15:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Secure Code Review Challenge","end_timestamp":{"seconds":1691870400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52106],"conference_id":96,"event_ids":[52305],"name":"Alon Lerner","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51324}],"timeband_id":991,"links":[],"end":"2023-08-12T20:00:00.000-0000","id":52305,"tag_ids":[40297,45647,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51324}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 2","hotel":"","short_name":"AppSec Village - Pod 2","id":45963},"spans_timebands":"N","updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-12T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Ten Years of CPV - Program Committees","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691866800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691025840,"nanoseconds":0},"speakers":[{"content_ids":[52031],"conference_id":96,"event_ids":[52247],"name":"CPV Program Committees","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51253},{"content_ids":[52022,52029,52030,52031,52037,52040,52043],"conference_id":96,"event_ids":[52238,52247,52246,52245,52253,52259,52256,52260,52261,52262],"name":"CPV Staff","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51254}],"timeband_id":991,"links":[],"end":"2023-08-12T19:00:00.000-0000","id":52247,"village_id":null,"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"tag_ids":[40308,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51253},{"tag_id":45590,"sort_order":1,"person_id":51254}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset - Vista - Crypto & Privacy Village","hotel":"","short_name":"Sunset - Vista - Crypto & Privacy Village","id":45702},"spans_timebands":"N","updated":"2023-08-03T01:24:00.000-0000","begin":"2023-08-12T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"We have three challenges this year!\r\n\r\n1. A CTF for which there is no equipment is required. \r\n\r\n2. Card Hacking Challenge for which you will need an Android phone with NFC and a special Card Hacking Challenge card (grab one on the booth):\r\n\r\n3. Easter egg hunt. Use your brain!\r\n\r\nWe have a tonne of cool prizes to be won, such as custom mugs, numbered challenge coins with atc numbers, key rings, embroidered patches and more!\n\n\n","title":"Payment Village Challenges/CTF","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"android_description":"We have three challenges this year!\r\n\r\n1. A CTF for which there is no equipment is required. \r\n\r\n2. Card Hacking Challenge for which you will need an Android phone with NFC and a special Card Hacking Challenge card (grab one on the booth):\r\n\r\n3. Easter egg hunt. Use your brain!\r\n\r\nWe have a tonne of cool prizes to be won, such as custom mugs, numbered challenge coins with atc numbers, key rings, embroidered patches and more!","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1690995480,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52209,"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"village_id":null,"tag_ids":[40301,45647,45743,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Virginia City - Payment Village","hotel":"","short_name":"Virginia City - Payment Village","id":45654},"begin":"2023-08-12T18:00:00.000-0000","updated":"2023-08-02T16:58:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"We have a simple mission, educate the world about payments. We all interact with payment technologies every day, yet how much do we know about them? This is a beginner's course in card payments. This workshop is also helpful for anyone who tries to solve our CTF.\n\n\n","title":"Payment Village Workshop","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691868600,"nanoseconds":0},"android_description":"We have a simple mission, educate the world about payments. We all interact with payment technologies every day, yet how much do we know about them? This is a beginner's course in card payments. This workshop is also helpful for anyone who tries to solve our CTF.","updated_timestamp":{"seconds":1690995240,"nanoseconds":0},"speakers":[{"content_ids":[52011],"conference_id":96,"event_ids":[52206,52207],"name":"Leigh-Anne Galloway","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@L_Agalloway"}],"media":[],"id":51181}],"timeband_id":991,"links":[],"end":"2023-08-12T19:30:00.000-0000","id":52207,"tag_ids":[40301,45647,45719,45743],"village_id":null,"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51181}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Virginia City - Payment Village","hotel":"","short_name":"Virginia City - Payment Village","id":45654},"begin":"2023-08-12T18:00:00.000-0000","updated":"2023-08-02T16:54:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The software language we choose to use has a profound effect on the behavior of a program. Sometimes we reflexively pick a language based on the genre. But some languages are more prone to success in some circumstances and surprises in other cases. Surprises lead to certain types of bugs. Some bugs are vulnerabilities.\r\n\r\nWhether we are learning a new language as a newcomer to hacking or as a seasoned pro, the behaviors of a language can make the difference between a fun time or frustration. Every language has \"\"gotchas\"\". We explore a variety of behaviors and a few beginners' level \"gotchas\" in popular languages.\r\n\r\nWe examine and compare several current languages. There are some basic instructions to get started in running an initial program. Lastly, we explore a few ideas that allow us to craft a future of fewer bugs and vulnerabilities.\r\n\r\nThere are only a few prerequisites to this talk. It is helpful that you have viewed a program source code listing before, that you have an awareness of Compiled programs versus Interpreted programs, and you have a general awareness of using variables in a program.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"General-purpose Languages: What Are Your Habits?","android_description":"The software language we choose to use has a profound effect on the behavior of a program. Sometimes we reflexively pick a language based on the genre. But some languages are more prone to success in some circumstances and surprises in other cases. Surprises lead to certain types of bugs. Some bugs are vulnerabilities.\r\n\r\nWhether we are learning a new language as a newcomer to hacking or as a seasoned pro, the behaviors of a language can make the difference between a fun time or frustration. Every language has \"\"gotchas\"\". We explore a variety of behaviors and a few beginners' level \"gotchas\" in popular languages.\r\n\r\nWe examine and compare several current languages. There are some basic instructions to get started in running an initial program. Lastly, we explore a few ideas that allow us to craft a future of fewer bugs and vulnerabilities.\r\n\r\nThere are only a few prerequisites to this talk. It is helpful that you have viewed a program source code listing before, that you have an awareness of Compiled programs versus Interpreted programs, and you have a general awareness of using variables in a program.","end_timestamp":{"seconds":1691866200,"nanoseconds":0},"updated_timestamp":{"seconds":1690937760,"nanoseconds":0},"speakers":[{"content_ids":[52006],"conference_id":96,"event_ids":[52201],"name":"D.J. Davis","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51213}],"timeband_id":991,"links":[],"end":"2023-08-12T18:50:00.000-0000","id":52201,"tag_ids":[40281,45645,45646,45743],"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51213}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 301-304 - Blacks in Cyber Village","hotel":"","short_name":"Alliance - 301-304 - Blacks in Cyber Village","id":45865},"updated":"2023-08-02T00:56:00.000-0000","begin":"2023-08-12T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Field Day is a great chance to let your competition flag fly. With a few tips and tricks, take it from a sad evening in front of a microphone to having a blast with your fellow hams.\n\n\n","title":"How to Crush Field Day and Win Big Prizes","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"Field Day is a great chance to let your competition flag fly. With a few tips and tricks, take it from a sad evening in front of a microphone to having a blast with your fellow hams.","end_timestamp":{"seconds":1691865000,"nanoseconds":0},"updated_timestamp":{"seconds":1690767300,"nanoseconds":0},"speakers":[{"content_ids":[51974],"conference_id":96,"event_ids":[52168],"name":"Hamster","affiliations":[],"links":[{"description":"","title":"Mastodon (@hamster@fosstodon.org)","sort_order":0,"url":"https://fosstodon.org/@hamster"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/hamster"}],"pronouns":null,"media":[],"id":51179}],"timeband_id":991,"links":[],"end":"2023-08-12T18:30:00.000-0000","id":52168,"village_id":null,"tag_ids":[40286,45645,45647,45743],"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51179}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Virginia City - Ham Radio Village","hotel":"","short_name":"Virginia City - Ham Radio Village","id":45724},"spans_timebands":"N","updated":"2023-07-31T01:35:00.000-0000","begin":"2023-08-12T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In this unique session, come learn about and help shape the US Government’s Secure by Design work. The event will begin with opening remarks by CISA Director Jen Easterly, and feature a panel with representatives from CISA and the White House Office of the National Cyber Director (ONCD). Following that, attendees will be given a draft of CISA’s latest guidance on Secure by Design, and will be able to offer edits, comments, and suggestions to inform the final version of the guidance.\n\n\n","title":"Secure by Design: Ask the Government Anything and Red-Pen Workshop","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691873400,"nanoseconds":0},"android_description":"In this unique session, come learn about and help shape the US Government’s Secure by Design work. The event will begin with opening remarks by CISA Director Jen Easterly, and feature a panel with representatives from CISA and the White House Office of the National Cyber Director (ONCD). Following that, attendees will be given a draft of CISA’s latest guidance on Secure by Design, and will be able to offer edits, comments, and suggestions to inform the final version of the guidance.","updated_timestamp":{"seconds":1690431840,"nanoseconds":0},"speakers":[{"content_ids":[50640,50658,51524],"conference_id":96,"event_ids":[50841,50849,51680],"name":"Jen Easterly","affiliations":[{"organization":"Cybersecurity and Infrastructure Security Agency (CISA)","title":"Director"}],"pronouns":"she/her","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@CISAJen"}],"media":[],"id":49915,"title":"Director at Cybersecurity and Infrastructure Security Agency (CISA)"},{"content_ids":[51524],"conference_id":96,"event_ids":[51680],"name":"Bob Lord","affiliations":[{"organization":"Cybersecurity and Infrastructure Security Agency (CISA)","title":"Senior Technical Advisor"}],"links":[],"pronouns":null,"media":[],"id":50580,"title":"Senior Technical Advisor at Cybersecurity and Infrastructure Security Agency (CISA)"},{"content_ids":[51524],"conference_id":96,"event_ids":[51680],"name":"Cheri Caddy","affiliations":[{"organization":"Office of the National Cyber Director at the White House","title":"Deputy Assistant National Cyber Director for Cyber Technology, Research & Development"}],"links":[],"pronouns":null,"media":[],"id":50589,"title":"Deputy Assistant National Cyber Director for Cyber Technology, Research & Development at Office of the National Cyber Director at the White House"},{"content_ids":[51503,51523,51524],"conference_id":96,"event_ids":[51659,51679,51680],"name":"Jack Cable","affiliations":[{"organization":"Cybersecurity and Infrastructure Security Agency (CISA)","title":"Senior Technical Advisor"}],"links":[],"pronouns":null,"media":[],"id":50609,"title":"Senior Technical Advisor at Cybersecurity and Infrastructure Security Agency (CISA)"},{"content_ids":[51524,51499],"conference_id":96,"event_ids":[51655,51680],"name":"Lauren Zabierek","affiliations":[{"organization":"Cybersecurity and Infrastructure Security Agency (CISA)","title":"Senior Policy Advisor in the Cybersecurity Division"}],"links":[],"pronouns":null,"media":[],"id":50618,"title":"Senior Policy Advisor in the Cybersecurity Division at Cybersecurity and Infrastructure Security Agency (CISA)"},{"content_ids":[51524],"conference_id":96,"event_ids":[51680],"name":"Oumou Ly","affiliations":[{"organization":"The White House","title":"Senior Advisor for Technology and Ecosystem Security"}],"links":[],"pronouns":null,"media":[],"id":50629,"title":"Senior Advisor for Technology and Ecosystem Security at The White House"},{"content_ids":[51524],"conference_id":96,"event_ids":[51680],"name":"Yael Grauer","affiliations":[{"organization":"Consumer Reports","title":""}],"links":[],"pronouns":null,"media":[],"id":50642,"title":"Consumer Reports"}],"timeband_id":991,"end":"2023-08-12T20:50:00.000-0000","links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"id":51680,"tag_ids":[40310,45646,45719,45743],"village_id":null,"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50580},{"tag_id":45590,"sort_order":1,"person_id":50589},{"tag_id":45590,"sort_order":1,"person_id":50609},{"tag_id":45590,"sort_order":1,"person_id":49915},{"tag_id":45590,"sort_order":1,"person_id":50618},{"tag_id":45590,"sort_order":1,"person_id":50629},{"tag_id":45590,"sort_order":1,"person_id":50642}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 220 - Policy NOT-A-SCIF","hotel":"","short_name":"Summit - 220 - Policy NOT-A-SCIF","id":45879},"updated":"2023-07-27T04:24:00.000-0000","begin":"2023-08-12T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"AI is a huge focus for multiple governments and they are keen to get input from the DEF CON community on what they should be considering for policy interventions. \r\n\r\nThis session will be led by Austin Carson, exploring how we can combine the expertise of DEF CON attendees with the political will and specialized knowledge networks in the Administration and around DC to create wise policy for AI. Topics covered will include how the two communities can support each other and create a virtuous cycle of information conveyance and policy progress? What should the next steps of this work be - how do we move beyond the Biden EO? In this session we'll have top experts in policy and the hacker community come together to discuss what that can look like and how to be mutually conscientious of what our experiences and priorities may be.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d653b1","name":"Village Panel","id":45771},"title":"AI Caramba! A DC <> DEF CON interface on machine learning","android_description":"AI is a huge focus for multiple governments and they are keen to get input from the DEF CON community on what they should be considering for policy interventions. \r\n\r\nThis session will be led by Austin Carson, exploring how we can combine the expertise of DEF CON attendees with the political will and specialized knowledge networks in the Administration and around DC to create wise policy for AI. Topics covered will include how the two communities can support each other and create a virtuous cycle of information conveyance and policy progress? What should the next steps of this work be - how do we move beyond the Biden EO? In this session we'll have top experts in policy and the hacker community come together to discuss what that can look like and how to be mutually conscientious of what our experiences and priorities may be.","end_timestamp":{"seconds":1691866200,"nanoseconds":0},"updated_timestamp":{"seconds":1690431540,"nanoseconds":0},"speakers":[{"content_ids":[50651,50652,51521],"conference_id":96,"event_ids":[50846,50847,51677],"name":"Austin Carson","affiliations":[{"organization":"SeedAI","title":"Founder & President"}],"links":[],"pronouns":"he/him","media":[],"id":49938,"title":"Founder & President at SeedAI"},{"content_ids":[51521],"conference_id":96,"event_ids":[51677],"name":"Erick Galinkin","affiliations":[{"organization":"Rapid7","title":"Principal researcher"}],"links":[],"pronouns":null,"media":[],"id":50602,"title":"Principal researcher at Rapid7"},{"content_ids":[51521],"conference_id":96,"event_ids":[51677],"name":"Kellee Wicker","affiliations":[{"organization":"Wilson Center","title":"Director of the Science and Technology Innovation Program"}],"links":[],"pronouns":null,"media":[],"id":50616,"title":"Director of the Science and Technology Innovation Program at Wilson Center"},{"content_ids":[51521,50651],"conference_id":96,"event_ids":[50846,51677],"name":"Rumman Chowdhury","affiliations":[{"organization":"Humane Intelligence","title":"Co-Founder and CEO"}],"links":[{"description":"","title":"Website","sort_order":0,"url":"https://www.rummanchowdhury.com"}],"pronouns":null,"media":[],"id":50633,"title":"Co-Founder and CEO at Humane Intelligence"},{"content_ids":[51521],"conference_id":96,"event_ids":[51677],"name":"Tim Ryder","affiliations":[{"organization":"Office of U.S. Senate Majority Leader Charles E. Schumer","title":"Legislative Assistant"}],"links":[],"pronouns":null,"media":[],"id":50640,"title":"Legislative Assistant at Office of U.S. Senate Majority Leader Charles E. Schumer"}],"timeband_id":991,"end":"2023-08-12T18:50:00.000-0000","links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"id":51677,"village_id":null,"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"tag_ids":[40310,45646,45743,45771],"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":49938},{"tag_id":45632,"sort_order":1,"person_id":50602},{"tag_id":45632,"sort_order":1,"person_id":50616},{"tag_id":45632,"sort_order":1,"person_id":50633},{"tag_id":45632,"sort_order":1,"person_id":50640}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 218-219 - Policy Rotunda","hotel":"","short_name":"Summit - 218-219 - Policy Rotunda","id":45824},"spans_timebands":"N","begin":"2023-08-12T18:00:00.000-0000","updated":"2023-07-27T04:19:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Wrenches, Widgets, and Walkdowns: Unraveling the Tangle of Digital Assets in Industrial Control Systems","android_description":"","end_timestamp":{"seconds":1691865000,"nanoseconds":0},"updated_timestamp":{"seconds":1690422840,"nanoseconds":0},"speakers":[{"content_ids":[51485],"conference_id":96,"event_ids":[51641],"name":"Tony Turner","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50566}],"timeband_id":991,"links":[],"end":"2023-08-12T18:30:00.000-0000","id":51641,"village_id":null,"tag_ids":[40306,45645,45646,45743],"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50566}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 313-319 - ICS Village","hotel":"","short_name":"Alliance - 313-319 - ICS Village","id":45869},"begin":"2023-08-12T18:00:00.000-0000","updated":"2023-07-27T01:54:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Recently, automotive industry is performing USB fuzzing in an inefficient way for automobiles. Usually, fuzzing is performed by commercial media fuzzers, but the fuzzers are not directly connected to the vehicle during fuzzing. So, it requires much manual efforts of testers. \r\n\r\nIn this talk, we propose efficient way to perform USB fuzzing to actual vehicles. We describe how to perform USB fuzzing to kernel area fuzzing as well as media fuzzing by directly connecting the fuzzer and the car with a USB cable. By this method, we found real-world vulnerabilities in Volkswagen Jetta, Renault Zoe, GM Chevrolet Equinox, and AGL. \n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Automotive USB Fuzzing: How to fuzzing USB in vehicles to discover the real-world vulnerabilities","end_timestamp":{"seconds":1691865600,"nanoseconds":0},"android_description":"Recently, automotive industry is performing USB fuzzing in an inefficient way for automobiles. Usually, fuzzing is performed by commercial media fuzzers, but the fuzzers are not directly connected to the vehicle during fuzzing. So, it requires much manual efforts of testers. \r\n\r\nIn this talk, we propose efficient way to perform USB fuzzing to actual vehicles. We describe how to perform USB fuzzing to kernel area fuzzing as well as media fuzzing by directly connecting the fuzzer and the car with a USB cable. By this method, we found real-world vulnerabilities in Volkswagen Jetta, Renault Zoe, GM Chevrolet Equinox, and AGL.","updated_timestamp":{"seconds":1691676660,"nanoseconds":0},"speakers":[{"content_ids":[51467],"conference_id":96,"event_ids":[51623],"name":"Donghyeon Jeong","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50521},{"content_ids":[51467],"conference_id":96,"event_ids":[51623],"name":"Euntae Jang","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50522},{"content_ids":[51467],"conference_id":96,"event_ids":[51623],"name":"Jonghyuk Song","affiliations":[],"pronouns":null,"links":[{"description":"","title":"","sort_order":0,"url":"https://freest4r.github.io/"}],"media":[],"id":50526}],"timeband_id":991,"links":[{"label":"CVE-2023-34733","type":"link","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34733"},{"label":"CVE-2023-28885","type":"link","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28885"},{"label":"CVE-2022-48363","type":"link","url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48363"}],"end":"2023-08-12T18:40:00.000-0000","id":51623,"tag_ids":[40283,45645,45646,45743],"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50521},{"tag_id":45590,"sort_order":1,"person_id":50522},{"tag_id":45590,"sort_order":1,"person_id":50526}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 232-233 - Shared Stage","hotel":"","short_name":"Summit - 232-233 - Shared Stage","id":45900},"spans_timebands":"N","begin":"2023-08-12T18:00:00.000-0000","updated":"2023-08-10T14:11:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"No Starch Press - Book Signing - Patrick Wardle, The Art of Mac Malware","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2ec300","name":"Vendor Event","id":45769},"android_description":"","end_timestamp":{"seconds":1691866800,"nanoseconds":0},"updated_timestamp":{"seconds":1690416180,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-12T19:00:00.000-0000","id":51609,"village_id":null,"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"tag_ids":[45646,45743,45769,45770],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 305-306 - Vendors","hotel":"","short_name":"Alliance - 305-306 - Vendors","id":45866},"begin":"2023-08-12T18:00:00.000-0000","updated":"2023-07-27T00:03:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Take the test to join what has been considered to be one of the first hacker communities, amateur radio! The Ham Radio Village is back at DEF CON 31 to offer free amateur radio license exams to anyone who wishes to get their ham radio license. Examinees are encouraged to study on [ham.study](https://ham.study/), and may sign up for this time slot [here](https://ham.study/sessions/64bc92c66f588492f6063722/1).\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"Free Amateur Radio License Exams","end_timestamp":{"seconds":1691884800,"nanoseconds":0},"android_description":"Take the test to join what has been considered to be one of the first hacker communities, amateur radio! The Ham Radio Village is back at DEF CON 31 to offer free amateur radio license exams to anyone who wishes to get their ham radio license. Examinees are encouraged to study on [ham.study](https://ham.study/), and may sign up for this time slot [here](https://ham.study/sessions/64bc92c66f588492f6063722/1).","updated_timestamp":{"seconds":1690088460,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-13T00:00:00.000-0000","links":[{"label":"Twitter (@HamRadioVillage)","type":"link","url":"https://twitter.com/HamRadioVillage"},{"label":"Website","type":"link","url":"https://hamvillage.org/"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/732733631667372103"},{"label":"Register for this time slot","type":"link","url":"https://ham.study/sessions/64bc92c66f588492f6063722/1"},{"label":"Mastodon (@HamRadioVillage@defcon.social)","type":"link","url":"https://defcon.social/@HamRadioVillage"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245338"}],"id":51537,"tag_ids":[40286,45635,45647,45743],"village_id":47,"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Virginia City - Ham Radio Village","hotel":"","short_name":"Virginia City - Ham Radio Village","id":45724},"spans_timebands":"N","begin":"2023-08-12T18:00:00.000-0000","updated":"2023-07-23T05:01:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The workshop is designed to provide attendees with comprehensive knowledge and hands-on experience in the realm of offensive security. In today's digital landscape, where passwords remain a significant line of defense for organizations, understanding their vulnerabilities is crucial for both offensive and defensive purposes. This workshop aims to equip participants with the skills required to identify weak passwords, crack hashes, and perform credential-based attacks effectively.\n\n\n","title":"Passwords Argh Us","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691866800,"nanoseconds":0},"android_description":"The workshop is designed to provide attendees with comprehensive knowledge and hands-on experience in the realm of offensive security. In today's digital landscape, where passwords remain a significant line of defense for organizations, understanding their vulnerabilities is crucial for both offensive and defensive purposes. This workshop aims to equip participants with the skills required to identify weak passwords, crack hashes, and perform credential-based attacks effectively.","updated_timestamp":{"seconds":1689358500,"nanoseconds":0},"speakers":[{"content_ids":[51089],"conference_id":96,"event_ids":[51120,51150,51151,51152],"name":"Traveler","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/traveler19/"}],"media":[],"id":50285}],"timeband_id":991,"links":[],"end":"2023-08-12T19:00:00.000-0000","id":51151,"village_id":60,"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"tag_ids":[40294,45647,45719],"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50285}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 3","hotel":"","short_name":"Area 3","id":45827},"begin":"2023-08-12T18:00:00.000-0000","updated":"2023-07-14T18:15:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The integration of artificial intelligence (AI) into red team operations has revolutionized the way cybersecurity professionals approach their work. This workshop will equip participants with the necessary skills and understanding to leverage AI tools effectively throughout different stages of red team operations.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"title":"Artificial Intelligence for Red Team Operations","android_description":"The integration of artificial intelligence (AI) into red team operations has revolutionized the way cybersecurity professionals approach their work. This workshop will equip participants with the necessary skills and understanding to leverage AI tools effectively throughout different stages of red team operations.","end_timestamp":{"seconds":1691870400,"nanoseconds":0},"updated_timestamp":{"seconds":1689358620,"nanoseconds":0},"speakers":[{"content_ids":[51094],"conference_id":96,"event_ids":[51125,51130],"name":"Peter Halberg","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/MiloSilo_Hacks"}],"media":[],"id":50278}],"timeband_id":991,"links":[],"end":"2023-08-12T20:00:00.000-0000","id":51125,"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"village_id":60,"tag_ids":[40294,45647,45719],"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50278}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 6","hotel":"","short_name":"Area 6","id":45830},"spans_timebands":"N","begin":"2023-08-12T18:00:00.000-0000","updated":"2023-07-14T18:17:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Our workshop/journey will be called \"(In)direct Syscalls: A Journey from High to Low\". It is a hands-on experience where we start with some Windows internals basics, talk about system calls in Windows OS in general, take a look at Win32 APIs, Native APIs, etc. We also take a look at the concepts of direct syscalls and indirect syscalls. Based on various chapters, each student will build their own indirect syscall shellcode loader step by step and analyze it a bit with x64dbg. Below is an overview of the chapters covered in the workshop.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"(In)Direct Syscalls: A Journey from High to Low","android_description":"Our workshop/journey will be called \"(In)direct Syscalls: A Journey from High to Low\". It is a hands-on experience where we start with some Windows internals basics, talk about system calls in Windows OS in general, take a look at Win32 APIs, Native APIs, etc. We also take a look at the concepts of direct syscalls and indirect syscalls. Based on various chapters, each student will build their own indirect syscall shellcode loader step by step and analyze it a bit with x64dbg. Below is an overview of the chapters covered in the workshop.","end_timestamp":{"seconds":1691884800,"nanoseconds":0},"updated_timestamp":{"seconds":1689358620,"nanoseconds":0},"speakers":[{"content_ids":[51093],"conference_id":96,"event_ids":[51124],"name":"Daniel Feichter","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/VirtualAllocEx"}],"pronouns":null,"media":[],"id":50261}],"timeband_id":991,"links":[],"end":"2023-08-13T00:00:00.000-0000","id":51124,"tag_ids":[40294,45647,45719],"village_id":60,"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50261}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 1","hotel":"","short_name":"Area 1","id":45825},"spans_timebands":"N","begin":"2023-08-12T18:00:00.000-0000","updated":"2023-07-14T18:17:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The popularity of cheap and DIY drones has made them a target for attackers using radiofrequency (RF) signals. Frequency hopping is a technique that can be used to mitigate the risks associated with RF warfare. However, implementing frequency hopping in cheap and DIY drones presents several technical challenges, such as the need for a stable clock and synchronization between the transmitter and receiver without rising hardware costs. Despite these challenges, frequency hopping can significantly enhance the security of consumer and DIY drones making much more challenging or even useless anti-drone systems' role.\r\n\r\nREFERENCES:\r\n\r\nDEF CON 24 - Aaron Luo - Drones Hijacking: Multidimensional attack vectors and countermeasures\r\nDEF CON 25 - Game of Drones - Brown,Latimer\r\nDEF CON 26 - David Melendez Cano - Avoiding antidrone systems with nanodrones.\r\nDEF CON 29 - Steal This Drone - An Aerospace Village Cybersecurity Activity - http://loonwerks.com/publications/pdf/Steal-This-Drone-README.pdf\r\nhttps://unicornriot.ninja/2017/hacking-drones-ultrasonic-pulses/\r\nhttps://en.wikipedia.org/wiki/Tempest_(codename)\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"title":"Spread spectrum techniques in disposable drones for anti drone evasion","end_timestamp":{"seconds":1691865900,"nanoseconds":0},"android_description":"The popularity of cheap and DIY drones has made them a target for attackers using radiofrequency (RF) signals. Frequency hopping is a technique that can be used to mitigate the risks associated with RF warfare. However, implementing frequency hopping in cheap and DIY drones presents several technical challenges, such as the need for a stable clock and synchronization between the transmitter and receiver without rising hardware costs. Despite these challenges, frequency hopping can significantly enhance the security of consumer and DIY drones making much more challenging or even useless anti-drone systems' role.\r\n\r\nREFERENCES:\r\n\r\nDEF CON 24 - Aaron Luo - Drones Hijacking: Multidimensional attack vectors and countermeasures\r\nDEF CON 25 - Game of Drones - Brown,Latimer\r\nDEF CON 26 - David Melendez Cano - Avoiding antidrone systems with nanodrones.\r\nDEF CON 29 - Steal This Drone - An Aerospace Village Cybersecurity Activity - http://loonwerks.com/publications/pdf/Steal-This-Drone-README.pdf\r\nhttps://unicornriot.ninja/2017/hacking-drones-ultrasonic-pulses/\r\nhttps://en.wikipedia.org/wiki/Tempest_(codename)","updated_timestamp":{"seconds":1688182620,"nanoseconds":0},"speakers":[{"content_ids":[50666,52146],"conference_id":96,"event_ids":[50851,52371],"name":"David Melendez","affiliations":[{"organization":"","title":"R&D Embedded Software Engineer"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/david-melendez-cano-0b195712/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@taiksontexas"},{"description":"","title":"Website","sort_order":0,"url":"http://taiksonprojects.blogspot.com/ "}],"media":[],"id":49960,"title":"R&D Embedded Software Engineer"},{"content_ids":[50666],"conference_id":96,"event_ids":[50851],"name":"Gabriela \"Gabs\" García","affiliations":[{"organization":"","title":"Hacker, Professor and Mentor"}],"links":[],"pronouns":"she/her","media":[],"id":49961,"title":"Hacker, Professor and Mentor"}],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246119"}],"end":"2023-08-12T18:45:00.000-0000","id":50851,"village_id":null,"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"tag_ids":[45589,45592,45630,45646,45766],"includes":"Demo 💻, Tool 🛠","people":[{"tag_id":45590,"sort_order":1,"person_id":49960},{"tag_id":45590,"sort_order":1,"person_id":49961}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 407-410 - Track 4","hotel":"","short_name":"Academy - 407-410 - Track 4","id":45799},"begin":"2023-08-12T18:00:00.000-0000","updated":"2023-07-01T03:37:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Logs are a vital component for maintaining application reliability, performance, and security. They serve as a source of information for developers, security teams, and other stakeholders to understand what has happened or gone wrong within an application. However, logs can also be used to compromise the security of an application by injecting malicious content.\r\n \r\nIn this presentation, we will explore how ANSI escape sequences can be used to inject, vandalize, and even weaponize log files of modern applications. We will revisit old terminal injection research and log tampering techniques from the 80-90s. Combine them with new features, to create chaos and mischief in the modern cloud cli’s, mobile, and feature-rich DevOps terminal emulators of today.\r\n\r\nWe will then provide solutions on how to avoid passing on malicious escape sequences into our log files. By doing so, we can ensure that we can trust the data inside our logs, making it safe for operators to use shells to audit files. Enabling responders to quickly and accurately investigate incidents without wasting time cleaning, or having to gather additional data, while reconstructing events.\r\n \r\nWelcome to this \"not so black and white,\" but rather quite colorful ANSI adventure, and learn how to cause, or prevent a forensic nightmare. \r\n\r\nREFERENCES:\r\nThere are multiple references to prior research featured and provided as a part of the storyline in the presentation.\n\n\n","title":"Weaponizing Plain Text: ANSI Escape Sequences as a Forensic Nightmare","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691865900,"nanoseconds":0},"android_description":"Logs are a vital component for maintaining application reliability, performance, and security. They serve as a source of information for developers, security teams, and other stakeholders to understand what has happened or gone wrong within an application. However, logs can also be used to compromise the security of an application by injecting malicious content.\r\n \r\nIn this presentation, we will explore how ANSI escape sequences can be used to inject, vandalize, and even weaponize log files of modern applications. We will revisit old terminal injection research and log tampering techniques from the 80-90s. Combine them with new features, to create chaos and mischief in the modern cloud cli’s, mobile, and feature-rich DevOps terminal emulators of today.\r\n\r\nWe will then provide solutions on how to avoid passing on malicious escape sequences into our log files. By doing so, we can ensure that we can trust the data inside our logs, making it safe for operators to use shells to audit files. Enabling responders to quickly and accurately investigate incidents without wasting time cleaning, or having to gather additional data, while reconstructing events.\r\n \r\nWelcome to this \"not so black and white,\" but rather quite colorful ANSI adventure, and learn how to cause, or prevent a forensic nightmare. \r\n\r\nREFERENCES:\r\nThere are multiple references to prior research featured and provided as a part of the storyline in the presentation.","updated_timestamp":{"seconds":1687138260,"nanoseconds":0},"speakers":[{"content_ids":[50577],"conference_id":96,"event_ids":[50788],"name":"STÖK","affiliations":[{"organization":"Truesec","title":"Hacker / Creative"}],"pronouns":"he/him","links":[{"description":"","title":"Instagram","sort_order":0,"url":"https://instagram.com/stokfredrik"},{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/fredrikalexandersson"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/stokfredrik"},{"description":"","title":"Website","sort_order":0,"url":"https://stokfredrik.com"},{"description":"","title":"YouTube","sort_order":0,"url":"https://youtube.com/stokfredrik"}],"media":[],"id":49800,"title":"Hacker / Creative at Truesec"}],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245748"}],"end":"2023-08-12T18:45:00.000-0000","id":50788,"tag_ids":[45589,45592,45646,45766],"village_id":null,"begin_timestamp":{"seconds":1691863200,"nanoseconds":0},"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49800}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"begin":"2023-08-12T18:00:00.000-0000","updated":"2023-06-19T01:31:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"OSINT Privacy Unmasked: Taking Control of Your Digital Footprint in a Hyper-Connected World","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691865000,"nanoseconds":0},"updated_timestamp":{"seconds":1689552960,"nanoseconds":0},"speakers":[{"content_ids":[51304],"conference_id":96,"event_ids":[51366],"name":"Zoey Selman","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@v3rbaal"}],"pronouns":null,"media":[],"id":50469}],"timeband_id":991,"links":[],"end":"2023-08-12T18:30:00.000-0000","id":51366,"village_id":59,"begin_timestamp":{"seconds":1691862300,"nanoseconds":0},"tag_ids":[40293,45645,45649,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50469}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social B and C - Recon Village","hotel":"","short_name":"Social B and C - Recon Village","id":45737},"begin":"2023-08-12T17:45:00.000-0000","updated":"2023-07-17T00:16:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Trace Labs Search Party CTF is a non theoretical, gamified effort that allows for the crowdsourcing of contestants to perform a single task: Conduct open source intelligence operations to help find missing persons.\r\n\r\nYou can have teams of 1-4 people, 4 person teams provide many benefits which include the coaching of more junior members. Often a great learning opportunity if you are able to pair up with OSINT veterans. Get your team together and join us in our [Discord group](https://tracelabs.org/discord) to get started.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"Trace Labs OSINT Search Party CTF - CTF Platform Open for Submissions","android_description":"The Trace Labs Search Party CTF is a non theoretical, gamified effort that allows for the crowdsourcing of contestants to perform a single task: Conduct open source intelligence operations to help find missing persons.\r\n\r\nYou can have teams of 1-4 people, 4 person teams provide many benefits which include the coaching of more junior members. Often a great learning opportunity if you are able to pair up with OSINT veterans. Get your team together and join us in our [Discord group](https://tracelabs.org/discord) to get started.","end_timestamp":{"seconds":1691875800,"nanoseconds":0},"updated_timestamp":{"seconds":1691512740,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-12T21:30:00.000-0000","id":52649,"tag_ids":[45635,45646,45766],"village_id":null,"begin_timestamp":{"seconds":1691861400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"begin":"2023-08-12T17:30:00.000-0000","updated":"2023-08-08T16:39:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This panel will provide a comprehensive overview of all aspects of internet voting and will also provide critical perspectives on the . We will unpack common misconceptions as well as highlight some of the most vulerable\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d653b1","name":"Village Panel","id":45771},"title":"I Can Shop Securely Online So Why Can't I Vote Online?","android_description":"This panel will provide a comprehensive overview of all aspects of internet voting and will also provide critical perspectives on the . We will unpack common misconceptions as well as highlight some of the most vulerable","end_timestamp":{"seconds":1691864700,"nanoseconds":0},"updated_timestamp":{"seconds":1691544360,"nanoseconds":0},"speakers":[{"content_ids":[52313,52327,52337,52331],"conference_id":96,"event_ids":[52597,52611,52615,52621,52622],"name":"Harri Hursti","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/hhursti"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/harrihursti"},{"description":"","title":"Village Website","sort_order":0,"url":"https://votingvillage.org"}],"media":[],"id":51542},{"content_ids":[52337,52331],"conference_id":96,"event_ids":[52615,52621,52622],"name":"Matt Blaze","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/mattblaze"},{"description":"","title":"Village Website","sort_order":0,"url":"https://votingvillage.org"}],"media":[],"id":51551},{"content_ids":[52331],"conference_id":96,"event_ids":[52615],"name":"Susan Greenhalgh","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51601},{"content_ids":[52331,52405],"conference_id":96,"event_ids":[52615,52700],"name":"David Jefferson","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/drjefferson"}],"media":[],"id":51602}],"timeband_id":991,"links":[],"end":"2023-08-12T18:25:00.000-0000","id":52615,"tag_ids":[40298,45646,45743,45771],"begin_timestamp":{"seconds":1691861400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51602},{"tag_id":45632,"sort_order":1,"person_id":51542},{"tag_id":45632,"sort_order":1,"person_id":51551},{"tag_id":45632,"sort_order":1,"person_id":51601}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"updated":"2023-08-09T01:26:00.000-0000","begin":"2023-08-12T17:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Never hacked a voting machine before? Come check out our First Timers Workshop to give it a try. Don't think you can do it? There is only one way to find out. To try it yourself! Even if you have never hacked anything before, this is the workshop for you. \n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"title":"First Timers Workshop","end_timestamp":{"seconds":1691868600,"nanoseconds":0},"android_description":"Never hacked a voting machine before? Come check out our First Timers Workshop to give it a try. Don't think you can do it? There is only one way to find out. To try it yourself! Even if you have never hacked anything before, this is the workshop for you.","updated_timestamp":{"seconds":1691544480,"nanoseconds":0},"speakers":[{"content_ids":[52312],"conference_id":96,"event_ids":[52596],"name":"Tailor Herrarte","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/tailorherrarte"}],"pronouns":null,"media":[],"id":51557}],"timeband_id":991,"links":[],"end":"2023-08-12T19:30:00.000-0000","id":52596,"tag_ids":[40298,45646,45719,45743],"begin_timestamp":{"seconds":1691861400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":51557}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"spans_timebands":"N","updated":"2023-08-09T01:28:00.000-0000","begin":"2023-08-12T17:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":".\n\n\nCome listen to some grouchy, well worn Incident Responders talk about the planning and reality of staging a live fire DFIR simulation, and how even well planned exercises, just like any other IR never go as planned.","title":"IR/4n6: Obsidian DFIR - Gang aft agley","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691865000,"nanoseconds":0},"android_description":".\n\n\nCome listen to some grouchy, well worn Incident Responders talk about the planning and reality of staging a live fire DFIR simulation, and how even well planned exercises, just like any other IR never go as planned.","updated_timestamp":{"seconds":1691245140,"nanoseconds":0},"speakers":[{"content_ids":[52216,52224],"conference_id":96,"event_ids":[52468,52476],"name":"Omenscan","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51477}],"timeband_id":991,"links":[],"end":"2023-08-12T18:30:00.000-0000","id":52476,"begin_timestamp":{"seconds":1691861400,"nanoseconds":0},"tag_ids":[40282,45647,45743,45775],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51477}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45645,"name":"Flamingo - Sunset - Scenic - Blue Team Village - Main Stage","hotel":"","short_name":"BTV Main Stage","id":45969},"begin":"2023-08-12T17:30:00.000-0000","updated":"2023-08-05T14:19:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The recent Log4j vulnerability has been making headlines and causing significant harm to organizations that rely on Apache Log4j for logging. In this talk, we'll go beyond the headlines and provide a deep dive into threat hunting techniques and their application in detecting vulnerabilities like Log4j. We'll start with the basics of threat hunting and how it can help you stay ahead of emerging threats. From there, we'll explore the technical details of the Log4j vulnerability, including its nature, impact, and how it can be exploited. You'll learn how to analyze and respond to security threats through real-world examples of threat hunting in action. We'll provide hands-on labs that give you the experience you need to implement these techniques in your own organization. Whether you're a security analyst, engineer, or manager, this talk will provide valuable insights into threat hunting and enable you to stay ahead of emerging threats. Join us on this technical journey into the unknown with \"Log4j: The Silent Menace Among Us.\n\n\nThe recent Log4j vulnerability has been making headlines and causing significant harm to organizations that rely on Apache Log4j for logging. In this talk, we'll go beyond the headlines and provide a deep dive into threat hunting techniques and their application in detecting vulnerabilities like Log4j.","title":"CTH: Log4j - The Silent Menace Among Us","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691865000,"nanoseconds":0},"android_description":"The recent Log4j vulnerability has been making headlines and causing significant harm to organizations that rely on Apache Log4j for logging. In this talk, we'll go beyond the headlines and provide a deep dive into threat hunting techniques and their application in detecting vulnerabilities like Log4j. We'll start with the basics of threat hunting and how it can help you stay ahead of emerging threats. From there, we'll explore the technical details of the Log4j vulnerability, including its nature, impact, and how it can be exploited. You'll learn how to analyze and respond to security threats through real-world examples of threat hunting in action. We'll provide hands-on labs that give you the experience you need to implement these techniques in your own organization. Whether you're a security analyst, engineer, or manager, this talk will provide valuable insights into threat hunting and enable you to stay ahead of emerging threats. Join us on this technical journey into the unknown with \"Log4j: The Silent Menace Among Us.\n\n\nThe recent Log4j vulnerability has been making headlines and causing significant harm to organizations that rely on Apache Log4j for logging. In this talk, we'll go beyond the headlines and provide a deep dive into threat hunting techniques and their application in detecting vulnerabilities like Log4j.","updated_timestamp":{"seconds":1691245140,"nanoseconds":0},"speakers":[{"content_ids":[52212,52215,52226],"conference_id":96,"event_ids":[52456,52467,52477],"name":"Cyb3rhawk","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51460}],"timeband_id":991,"links":[],"end":"2023-08-12T18:30:00.000-0000","id":52467,"begin_timestamp":{"seconds":1691861400,"nanoseconds":0},"tag_ids":[40282,45647,45743,45775],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51460}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45645,"name":"Flamingo - Sunset - Scenic - Blue Team Village - Project Obsidian: Kill Chain Track (0x42)","hotel":"","short_name":"BTV Project Obsidian: Kill Chain Track (0x42)","id":45968},"updated":"2023-08-05T14:19:00.000-0000","begin":"2023-08-12T17:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This is a 101 track that takes you through the various aspects of detection engineering and a practitioners process of writing threat content. Its a great place to start for engineers and enthusiasts that might be exploring detection engineering as a career path.\n\n\nThe what, how and process of detection engineering.","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"DE: Breaking the Rule","android_description":"This is a 101 track that takes you through the various aspects of detection engineering and a practitioners process of writing threat content. Its a great place to start for engineers and enthusiasts that might be exploring detection engineering as a career path.\n\n\nThe what, how and process of detection engineering.","end_timestamp":{"seconds":1691865000,"nanoseconds":0},"updated_timestamp":{"seconds":1691245140,"nanoseconds":0},"speakers":[{"content_ids":[52211],"conference_id":96,"event_ids":[52464],"name":"Oldmonk","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51459}],"timeband_id":991,"links":[],"end":"2023-08-12T18:30:00.000-0000","id":52464,"tag_ids":[40282,45647,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691861400,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51459}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45645,"name":"Flamingo - Sunset - Scenic - Blue Team Village - Project Obsidian: 101 Track (0x41)","hotel":"","short_name":"BTV Project Obsidian: 101 Track (0x41)","id":45967},"begin":"2023-08-12T17:30:00.000-0000","updated":"2023-08-05T14:19:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Q-CTF QOLOSSUS Update","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d653b1","name":"Village Panel","id":45771},"android_description":"","end_timestamp":{"seconds":1691863200,"nanoseconds":0},"updated_timestamp":{"seconds":1691108520,"nanoseconds":0},"speakers":[{"content_ids":[52033,52176,52178,52182,52188,52190,52191],"conference_id":96,"event_ids":[52249,52424,52426,52430,52436,52438,52439],"name":"Mark Carney","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51260}],"timeband_id":991,"links":[],"end":"2023-08-12T18:00:00.000-0000","id":52430,"begin_timestamp":{"seconds":1691861400,"nanoseconds":0},"village_id":null,"tag_ids":[40291,45649,45743,45771],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51260}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Quantum Village","hotel":"","short_name":"Quantum Village","id":45741},"spans_timebands":"N","begin":"2023-08-12T17:30:00.000-0000","updated":"2023-08-04T00:22:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Blindly hunting for Mercenaries","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691863200,"nanoseconds":0},"updated_timestamp":{"seconds":1691025960,"nanoseconds":0},"speakers":[{"content_ids":[51300,52035],"conference_id":96,"event_ids":[52423,51362],"name":"Vitor Ventura","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@_vventura"}],"media":[],"id":50468},{"content_ids":[52035],"conference_id":96,"event_ids":[52423],"name":"Asheer Malhotra","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51247}],"timeband_id":991,"links":[],"end":"2023-08-12T18:00:00.000-0000","id":52423,"village_id":null,"begin_timestamp":{"seconds":1691861400,"nanoseconds":0},"tag_ids":[40308,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51247},{"tag_id":45590,"sort_order":1,"person_id":50468}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset - Vista - Crypto & Privacy Village","hotel":"","short_name":"Sunset - Vista - Crypto & Privacy Village","id":45702},"updated":"2023-08-03T01:26:00.000-0000","begin":"2023-08-12T17:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"AI-enabled systems are rapidly being deployed in a wide range of high-stakes environments. These systems are vulnerable to a wide range of attacks that can trigger errors, degrade performance, or disclose sensitive data. This talk will offer a firsthand account and reflect on some lessons learned from Google DeepMind’s AI red team. While research in ensuring the security and privacy of AI-enabled systems is rapidly growing, much of today’s research is focused on lab settings, and a more holistic understanding of how these emerging vulnerabilities can interact with known real-world security vulnerabilities in deployed systems is lacking. As part of this talk we will explore opportunities for the DEFCON community to work together to ensure mission-critical AI systems are battle-tested with the rigor and scrutiny of real-world adversaries.\n\n\n","title":"AI Village Keynote 2: AI red teaming tradecraft: a team of teams approach","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691864700,"nanoseconds":0},"android_description":"AI-enabled systems are rapidly being deployed in a wide range of high-stakes environments. These systems are vulnerable to a wide range of attacks that can trigger errors, degrade performance, or disclose sensitive data. This talk will offer a firsthand account and reflect on some lessons learned from Google DeepMind’s AI red team. While research in ensuring the security and privacy of AI-enabled systems is rapidly growing, much of today’s research is focused on lab settings, and a more holistic understanding of how these emerging vulnerabilities can interact with known real-world security vulnerabilities in deployed systems is lacking. As part of this talk we will explore opportunities for the DEFCON community to work together to ensure mission-critical AI systems are battle-tested with the rigor and scrutiny of real-world adversaries.","updated_timestamp":{"seconds":1691031420,"nanoseconds":0},"speakers":[{"content_ids":[52055],"conference_id":96,"event_ids":[52274],"name":"Daniel Fabian","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51280},{"content_ids":[52055],"conference_id":96,"event_ids":[52274],"name":"Mikel Rodriguez","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51288},{"content_ids":[52055],"conference_id":96,"event_ids":[52274],"name":"Sarah Hodkinson","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51294}],"timeband_id":991,"links":[],"end":"2023-08-12T18:25:00.000-0000","id":52274,"begin_timestamp":{"seconds":1691861400,"nanoseconds":0},"village_id":null,"tag_ids":[40299,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51280},{"tag_id":45590,"sort_order":1,"person_id":51288},{"tag_id":45590,"sort_order":1,"person_id":51294}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 401-406 - AI Village","hotel":"","short_name":"Academy - 401-406 - AI Village","id":45870},"spans_timebands":"N","begin":"2023-08-12T17:30:00.000-0000","updated":"2023-08-03T02:57:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"Intro to Ciphers","android_description":"","end_timestamp":{"seconds":1691862300,"nanoseconds":0},"updated_timestamp":{"seconds":1691026020,"nanoseconds":0},"speakers":[{"content_ids":[52022,52029,52030,52031,52037,52040,52043],"conference_id":96,"event_ids":[52238,52247,52246,52245,52253,52259,52256,52260,52261,52262],"name":"CPV Staff","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51254}],"timeband_id":991,"links":[],"end":"2023-08-12T17:45:00.000-0000","id":52261,"village_id":null,"begin_timestamp":{"seconds":1691861400,"nanoseconds":0},"tag_ids":[40308,45647,45719,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51254}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset - Vista - Crypto & Privacy Village","hotel":"","short_name":"Sunset - Vista - Crypto & Privacy Village","id":45702},"updated":"2023-08-03T01:27:00.000-0000","begin":"2023-08-12T17:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Security monitoring in any environment is made or broken by the signal quality in the event logs.\r\nCloud-based solutions have transformed the computing landscape with advantages like on-demand resource availability, scalability, cost-effectiveness, and enhanced collaboration capabilities. For defenders, this new world offered many benefits: robust identity management, patching at scale, improved incident detection and response, and more.\r\n\r\nCloud providers expose detailed logs that are consumed by security monitoring tools and SOC analysts. One would expect a common, streamlined logging solution to be a clear win in attack detection functionality, but the reality is more complicated.\r\n\r\nWe have spent the last three years studying and monitoring Azure logs and have seen many problems that can complicate incident detection and response. With no alternatives to the provider's logging solution and slow problem mitigation speed, these issues go beyond mere annoyances and can help attackers avoid detection.\r\n\r\nIn this talk, we will examine logging facilities in Azure, concentrating on events generated by Azure AD and Microsoft 365, and discuss multiple problems that we have observed in monitoring them.\r\n\r\nThese include:\r\n\r\n - Blind spots hiding critical security events\r\n - Poorly documented events, attributes and magic values\r\n - Missing important information about user actions\r\n - Bugs in log records\r\n - Unannounced changes that break detection queries\r\n - Log pollution opportunities, potentially leading to RCE\r\n\r\nand more\r\n\r\nFor all these issues, we will:\r\n - examine their impact on defense and monitoring\r\n - discuss how attackers (and red teamers) may take advantage of them\r\n - suggest how defenders can mitigate the negative impact, where possible\r\n - and propose ways the cloud provider can address the problems going forward\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Between a Log and a Hard Place: (mis)Adventures in Azure Logs","android_description":"Security monitoring in any environment is made or broken by the signal quality in the event logs.\r\nCloud-based solutions have transformed the computing landscape with advantages like on-demand resource availability, scalability, cost-effectiveness, and enhanced collaboration capabilities. For defenders, this new world offered many benefits: robust identity management, patching at scale, improved incident detection and response, and more.\r\n\r\nCloud providers expose detailed logs that are consumed by security monitoring tools and SOC analysts. One would expect a common, streamlined logging solution to be a clear win in attack detection functionality, but the reality is more complicated.\r\n\r\nWe have spent the last three years studying and monitoring Azure logs and have seen many problems that can complicate incident detection and response. With no alternatives to the provider's logging solution and slow problem mitigation speed, these issues go beyond mere annoyances and can help attackers avoid detection.\r\n\r\nIn this talk, we will examine logging facilities in Azure, concentrating on events generated by Azure AD and Microsoft 365, and discuss multiple problems that we have observed in monitoring them.\r\n\r\nThese include:\r\n\r\n - Blind spots hiding critical security events\r\n - Poorly documented events, attributes and magic values\r\n - Missing important information about user actions\r\n - Bugs in log records\r\n - Unannounced changes that break detection queries\r\n - Log pollution opportunities, potentially leading to RCE\r\n\r\nand more\r\n\r\nFor all these issues, we will:\r\n - examine their impact on defense and monitoring\r\n - discuss how attackers (and red teamers) may take advantage of them\r\n - suggest how defenders can mitigate the negative impact, where possible\r\n - and propose ways the cloud provider can address the problems going forward","end_timestamp":{"seconds":1691863800,"nanoseconds":0},"updated_timestamp":{"seconds":1690921080,"nanoseconds":0},"speakers":[{"content_ids":[51982],"conference_id":96,"event_ids":[52176],"name":"Dmitriy Beryoza","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/0xd13a"}],"media":[],"id":51187}],"timeband_id":991,"links":[],"end":"2023-08-12T18:10:00.000-0000","id":52176,"village_id":null,"begin_timestamp":{"seconds":1691861400,"nanoseconds":0},"tag_ids":[40284,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51187}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Mesquite - Cloud Village","hotel":"","short_name":"Mesquite - Cloud Village","id":45653},"spans_timebands":"N","updated":"2023-08-01T20:18:00.000-0000","begin":"2023-08-12T17:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"EMBA - From firmware to exploit","end_timestamp":{"seconds":1691863200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1690422840,"nanoseconds":0},"speakers":[{"content_ids":[51484],"conference_id":96,"event_ids":[51640],"name":"Michael Messner","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50559}],"timeband_id":991,"links":[],"end":"2023-08-12T18:00:00.000-0000","id":51640,"village_id":null,"begin_timestamp":{"seconds":1691861400,"nanoseconds":0},"tag_ids":[40306,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50559}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 313-319 - ICS Village","hotel":"","short_name":"Alliance - 313-319 - ICS Village","id":45869},"spans_timebands":"N","updated":"2023-07-27T01:54:00.000-0000","begin":"2023-08-12T17:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Capture The Packet is returning to DEF CON! Our legendary cyber defense competition has been a Black Badge contest for over 10 years! Glory and prizes await. Follow this event on Twitter at @Capturetp for the latest information on competition dates and times, as well as prizes. \n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"Capture The Packet Preliminaries","end_timestamp":{"seconds":1691866800,"nanoseconds":0},"android_description":"Capture The Packet is returning to DEF CON! Our legendary cyber defense competition has been a Black Badge contest for over 10 years! Glory and prizes await. Follow this event on Twitter at @Capturetp for the latest information on competition dates and times, as well as prizes.","updated_timestamp":{"seconds":1691375880,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-12T19:00:00.000-0000","links":[{"label":"Twitter (@wallofsheep)","type":"link","url":"https://twitter.com/@wallofsheep"},{"label":"Aries Security","type":"link","url":"https://www.ariessecurity.com"},{"label":"Twitter (@capturetp)","type":"link","url":"https://twitter.com/@capturetp"},{"label":"Website","type":"link","url":"https://www.capturethepacket.com"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245287"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711643512625430529"}],"id":51438,"tag_ids":[40288,45635,45646,45743],"village_id":52,"begin_timestamp":{"seconds":1691861400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"updated":"2023-08-07T02:38:00.000-0000","begin":"2023-08-12T17:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Blue Team Village CTF is a cyber defense CTF inspired by a mix of trending nation-state actor kill chains and at least one custom insider threat story. You are an incident responder tasked to investigate the recent attacks against our fictitious company: Magnus Tempus Financial. Since Magnus Tempus Financial made a vital acquisition expanding its precious metals portfolio to oil and gas operational technology (OT), you will also investigate their OT environment.\r\n\r\nThe CTF challenges contestants to leverage diverse cyber defense skills, including Incident Response, Forensics, Malware Analysis, Threat Intelligence, and Threat Hunting, to be the first team or individual to answer or solve the challenges presented. \r\n\r\nThe BTV crew developed the CTF to allow anyone, regardless of skill or knowledge, to participate, aiming to sharpen their cyber defense skills. We believe in the idea of choosing your adventure. As a result, participants can download a copy of the required evidence (logs, packets, etc.) or log into any of the 3 SIEMs we provide to hunt on. \r\n\r\nIf you are new to cyber defense, we highly recommend participating in the Blue Team Village Obsidian stations. They will cover many of the topics on the CTF and will help you along the way!\n\n\n","title":"Blue Team Village CTF","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"The Blue Team Village CTF is a cyber defense CTF inspired by a mix of trending nation-state actor kill chains and at least one custom insider threat story. You are an incident responder tasked to investigate the recent attacks against our fictitious company: Magnus Tempus Financial. Since Magnus Tempus Financial made a vital acquisition expanding its precious metals portfolio to oil and gas operational technology (OT), you will also investigate their OT environment.\r\n\r\nThe CTF challenges contestants to leverage diverse cyber defense skills, including Incident Response, Forensics, Malware Analysis, Threat Intelligence, and Threat Hunting, to be the first team or individual to answer or solve the challenges presented. \r\n\r\nThe BTV crew developed the CTF to allow anyone, regardless of skill or knowledge, to participate, aiming to sharpen their cyber defense skills. We believe in the idea of choosing your adventure. As a result, participants can download a copy of the required evidence (logs, packets, etc.) or log into any of the 3 SIEMs we provide to hunt on. \r\n\r\nIf you are new to cyber defense, we highly recommend participating in the Blue Team Village Obsidian stations. They will cover many of the topics on the CTF and will help you along the way!","updated_timestamp":{"seconds":1690055160,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-13T01:00:00.000-0000","links":[{"label":"Twitter","type":"link","url":"https://twitter.com/BlueTeamVillage"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/244798"}],"id":51436,"tag_ids":[40282,45635,45647,45766],"village_id":41,"begin_timestamp":{"seconds":1691861400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset - Scenic - Blue Team Village","hotel":"","short_name":"Sunset - Scenic - Blue Team Village","id":45645},"updated":"2023-07-22T19:46:00.000-0000","begin":"2023-08-12T17:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The archeological record of the past 100,000+ years shows that today's Homo sapiens sapiens (HSS) won out over other Homo sapiens subspecies such as Neanderthals, Denisovans, and possibly others. Nonetheless, many HSS carry genes from older Homo sapiens subspecies. HSS now directs its own evolution. Add the advent of science-based medicine, advanced pharmaceuticals, smart implants, neural interfaces, genetic modification, a healthy(?) dose of artificial intelligence, and a transhumanist philosophy, Homo sapiens sapiens could split back into multiple subspecies. This presentation covers potential paths of future (sub-)speciation (such as Homo sapiens maximus and Homo sapiens nova) that could occur before the end of the 21st century. Will it occur peacefully? Probably not.\r\n\r\nThis is Almost Human's second Biohacking Village talk. (The previous talk focused on the death of genetic privacy.)\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Homo sapiens sapiens to Homo sapiens nova - the coming speciation","android_description":"The archeological record of the past 100,000+ years shows that today's Homo sapiens sapiens (HSS) won out over other Homo sapiens subspecies such as Neanderthals, Denisovans, and possibly others. Nonetheless, many HSS carry genes from older Homo sapiens subspecies. HSS now directs its own evolution. Add the advent of science-based medicine, advanced pharmaceuticals, smart implants, neural interfaces, genetic modification, a healthy(?) dose of artificial intelligence, and a transhumanist philosophy, Homo sapiens sapiens could split back into multiple subspecies. This presentation covers potential paths of future (sub-)speciation (such as Homo sapiens maximus and Homo sapiens nova) that could occur before the end of the 21st century. Will it occur peacefully? Probably not.\r\n\r\nThis is Almost Human's second Biohacking Village talk. (The previous talk focused on the death of genetic privacy.)","end_timestamp":{"seconds":1691863800,"nanoseconds":0},"updated_timestamp":{"seconds":1689116760,"nanoseconds":0},"speakers":[{"content_ids":[51047],"conference_id":96,"event_ids":[51079],"name":"Almost Human (BJ)","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50247}],"timeband_id":991,"links":[],"end":"2023-08-12T18:10:00.000-0000","id":51079,"village_id":68,"begin_timestamp":{"seconds":1691861400,"nanoseconds":0},"tag_ids":[45645,45647,45717],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50247}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Laughlin I,II,III - Biohacking Village","hotel":"","short_name":"Laughlin I,II,III - Biohacking Village","id":45663},"begin":"2023-08-12T17:30:00.000-0000","updated":"2023-07-11T23:06:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Contactless credentials have become increasingly popular for secure authentication and access control systems due to their convenience and efficiency. In this talk, we will discuss a specific weakness in the ISO 14443A protocol that enables replay attacks over moderate latency connections, leading to the potential for long-range relay attacks.\r\n\r\nDuring the presentation, we will delve into the history of contactless credential attacks, how manufacturers have adapted, and discuss why we focused on a relay attack. We will provide an overview of the ISO 14443A protocol and explain how the relay attack is executed and the ‘features’ of the underlying protocol that make it possible. Finally, we will demonstrate and release a new tool to make this relay attack feasible with the Proxmark, as we attempt to unlock a door in Ottawa, ON with a card on-stage in Vegas.\r\n\r\nIn addition, we will discuss the response from HID Global following our responsible disclosure against their SEOS readers and suggest mitigations to prevent these attacks on your access control systems.\n\n\n","title":"Unlocking Doors from Half a Continent Away","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"android_description":"Contactless credentials have become increasingly popular for secure authentication and access control systems due to their convenience and efficiency. In this talk, we will discuss a specific weakness in the ISO 14443A protocol that enables replay attacks over moderate latency connections, leading to the potential for long-range relay attacks.\r\n\r\nDuring the presentation, we will delve into the history of contactless credential attacks, how manufacturers have adapted, and discuss why we focused on a relay attack. We will provide an overview of the ISO 14443A protocol and explain how the relay attack is executed and the ‘features’ of the underlying protocol that make it possible. Finally, we will demonstrate and release a new tool to make this relay attack feasible with the Proxmark, as we attempt to unlock a door in Ottawa, ON with a card on-stage in Vegas.\r\n\r\nIn addition, we will discuss the response from HID Global following our responsible disclosure against their SEOS readers and suggest mitigations to prevent these attacks on your access control systems.","end_timestamp":{"seconds":1691864100,"nanoseconds":0},"updated_timestamp":{"seconds":1687138020,"nanoseconds":0},"speakers":[{"content_ids":[50572,52427],"conference_id":96,"event_ids":[50810,52733],"name":"Trevor \"t1v0\" Stevado","affiliations":[{"organization":"Loudmouth Security","title":"Founding Partner/Hacker"}],"links":[],"pronouns":"he/him","media":[],"id":49792,"title":"Founding Partner/Hacker at Loudmouth Security"},{"content_ids":[50572],"conference_id":96,"event_ids":[50810],"name":"Sam Haskins","affiliations":[{"organization":"Loudmouth Security","title":"Hacker"}],"links":[],"pronouns":"they/them","media":[],"id":49793,"title":"Hacker at Loudmouth Security"}],"timeband_id":991,"end":"2023-08-12T18:15:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245743"}],"id":50810,"begin_timestamp":{"seconds":1691861400,"nanoseconds":0},"village_id":null,"tag_ids":[45589,45592,45629,45630,45646,45766],"includes":"Demo 💻, Exploit 🪲, Tool 🛠","people":[{"tag_id":45590,"sort_order":1,"person_id":49793},{"tag_id":45590,"sort_order":1,"person_id":49792}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 130-134 - Track 3","hotel":"","short_name":"Forum - 130-134 - Track 3","id":45798},"begin":"2023-08-12T17:30:00.000-0000","updated":"2023-06-19T01:27:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"PBX (Private Branch Exchange) and UC (Unified Communications) servers are the big communication brokers in enterprise environments where they love on-prem. They do everything to enable internal and external communications including voice, video, conferencing and messaging. But a broader scope also means a broader attack surface.\r\n\r\nIn this talk, we'll give an overview PBX/UC systems, what kind of attack surface they have, as well as several bugs that we recently found in two popular PBX/UC products. The journey includes deep-diving Java's Runtime.exec(), decrypting encrypted PHP, bypassing license restrictions, pretending to be a phone, and (of course) getting some shells.\r\n\r\nREFERENCES:\r\n* VoIP Wars: Attack of the Cisco Phones (DEF CON 22, Fatih Ozavci)\r\n* Hacking VoIP Exposed (Black Hat USA 2006, David Endler, Mark Collier)\n\n\n","title":"Calling it a 0-Day - Hacking at PBX/UC Systems","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691864100,"nanoseconds":0},"android_description":"PBX (Private Branch Exchange) and UC (Unified Communications) servers are the big communication brokers in enterprise environments where they love on-prem. They do everything to enable internal and external communications including voice, video, conferencing and messaging. But a broader scope also means a broader attack surface.\r\n\r\nIn this talk, we'll give an overview PBX/UC systems, what kind of attack surface they have, as well as several bugs that we recently found in two popular PBX/UC products. The journey includes deep-diving Java's Runtime.exec(), decrypting encrypted PHP, bypassing license restrictions, pretending to be a phone, and (of course) getting some shells.\r\n\r\nREFERENCES:\r\n* VoIP Wars: Attack of the Cisco Phones (DEF CON 22, Fatih Ozavci)\r\n* Hacking VoIP Exposed (Black Hat USA 2006, David Endler, Mark Collier)","updated_timestamp":{"seconds":1687135620,"nanoseconds":0},"speakers":[{"content_ids":[50540],"conference_id":96,"event_ids":[50757],"name":"good_pseudonym","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49747}],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245709"}],"end":"2023-08-12T18:15:00.000-0000","id":50757,"begin_timestamp":{"seconds":1691861400,"nanoseconds":0},"village_id":null,"tag_ids":[45589,45592,45629,45646,45766],"includes":"Demo 💻, Exploit 🪲","people":[{"tag_id":45590,"sort_order":1,"person_id":49747}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 105,135,136 - Track 1","hotel":"","short_name":"Forum - 105,135,136 - Track 1","id":45796},"spans_timebands":"N","updated":"2023-06-19T00:47:00.000-0000","begin":"2023-08-12T17:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"Intro to Lockpicking","android_description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.","end_timestamp":{"seconds":1691862300,"nanoseconds":0},"updated_timestamp":{"seconds":1691288580,"nanoseconds":0},"speakers":[{"content_ids":[52282],"conference_id":96,"event_ids":[52546,52553,52554,52555,52556,52557,52558],"name":"TOOOL","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51513}],"timeband_id":991,"links":[],"end":"2023-08-12T17:45:00.000-0000","id":52555,"village_id":null,"tag_ids":[40309,45649,45743,45775],"begin_timestamp":{"seconds":1691860500,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51513}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45753,"name":"LINQ - 5th Floor / BLOQ - Lockpick Village","hotel":"","short_name":"5th Floor / BLOQ - Lockpick Village","id":45873},"spans_timebands":"N","begin":"2023-08-12T17:15:00.000-0000","updated":"2023-08-06T02:23:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In the journey of life, we all encounter challenges and setbacks that put our resiliency to the test. Resilience, the ability to bounce back from adversity, is a vital trait that empowers individuals to navigate life's trials with grace and strength. At the heart of building this essential attribute lies the power of relationships. As they say, oftentimes trials of life \"take a village.\" The same is true with information security in the digital age.\r\n\r\nThe keynote \"Collaborative Security\" delves into the parallel benefits between the foundational pillars of fostering resilient relationships and cybersecurity principles. How often do organizations suffer from silos across verticals that should be information sharing and collaborating?\r\n\r\nResilient relationships create a supportive ecosystem where teams can learn from failures, adapt to emerging threats, and continuously improve cyber strategies. By breaking down silos and bringing together diverse perspectives, collaborative security fosters a culture of creativity and problem-solving. Witness how collaborative efforts among teams and organizations lead to breakthrough ideas and cutting-edge solutions. As innovation and collaboration intertwine, we see the emergence of more resilient cyber infrastructures and practices.\r\n\r\nAt the end of the day tech and cyber are still people industries. Discover how resilient relationships translate into fortified cyber practices, safeguarding critical assets and bolstering organizational resilience.\r\n\r\nJoin us for an enlightening and inspiring journey into the heart of collaborative security, where resilient relationships fuel innovation, fortify infrastructure, and pave the way for a safer cyber landscape. Together, we will embrace the collaborative spirit and ignite the spark of innovation to protect the digital realm from ever-evolving threats.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"AppSec Village Keynote: Collaborative Security: Fostering Innovation and Resilient Cyber Practices","end_timestamp":{"seconds":1691863200,"nanoseconds":0},"android_description":"In the journey of life, we all encounter challenges and setbacks that put our resiliency to the test. Resilience, the ability to bounce back from adversity, is a vital trait that empowers individuals to navigate life's trials with grace and strength. At the heart of building this essential attribute lies the power of relationships. As they say, oftentimes trials of life \"take a village.\" The same is true with information security in the digital age.\r\n\r\nThe keynote \"Collaborative Security\" delves into the parallel benefits between the foundational pillars of fostering resilient relationships and cybersecurity principles. How often do organizations suffer from silos across verticals that should be information sharing and collaborating?\r\n\r\nResilient relationships create a supportive ecosystem where teams can learn from failures, adapt to emerging threats, and continuously improve cyber strategies. By breaking down silos and bringing together diverse perspectives, collaborative security fosters a culture of creativity and problem-solving. Witness how collaborative efforts among teams and organizations lead to breakthrough ideas and cutting-edge solutions. As innovation and collaboration intertwine, we see the emergence of more resilient cyber infrastructures and practices.\r\n\r\nAt the end of the day tech and cyber are still people industries. Discover how resilient relationships translate into fortified cyber practices, safeguarding critical assets and bolstering organizational resilience.\r\n\r\nJoin us for an enlightening and inspiring journey into the heart of collaborative security, where resilient relationships fuel innovation, fortify infrastructure, and pave the way for a safer cyber landscape. Together, we will embrace the collaborative spirit and ignite the spark of innovation to protect the digital realm from ever-evolving threats.","updated_timestamp":{"seconds":1691788620,"nanoseconds":0},"speakers":[{"content_ids":[52409],"conference_id":96,"event_ids":[52704],"name":"Maril Vernon","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/marilvernon/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/shewhohacks"}],"media":[],"id":51629}],"timeband_id":991,"links":[],"end":"2023-08-12T18:00:00.000-0000","id":52704,"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[40297,45645,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51629}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Savoy - AppSec Village","hotel":"","short_name":"Savoy - AppSec Village","id":45712},"updated":"2023-08-11T21:17:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Want to teach your kid threat modeling? Are you new, yourself?\r\n \r\nStop by our booth, learn what threat modeling is, and get some practice with an introductory non-technical scenario.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#697bd0","updated_at":"2024-06-07T03:38+0000","name":"Event","id":45638},"title":"DC’s Next Top Threat Model (DCNTTM) - Kids - Learn Threat Modeling","end_timestamp":{"seconds":1691866800,"nanoseconds":0},"android_description":"Want to teach your kid threat modeling? Are you new, yourself?\r\n \r\nStop by our booth, learn what threat modeling is, and get some practice with an introductory non-technical scenario.","updated_timestamp":{"seconds":1691728260,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-12T19:00:00.000-0000","links":[{"label":"Website","type":"link","url":"https://www.threatmodel.us"},{"label":"Twitter","type":"link","url":"https://twitter.com/@ThreatModelUs"}],"id":52698,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[45638,45646,45743,45763],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","begin":"2023-08-12T17:00:00.000-0000","updated":"2023-08-11T04:31:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Come join us at Carson City I and II for some hands on physical security bypass exhibits! Try your hand on bypassing elevators, deadlocks, deadlatches, shopping cart locks, building intercoms or more! Challenge yourself by trying to get out of handcuffs using only a bobby pin, and win a real police handcuff key! In addition, meet some of our external partners. You can augment yourself by injecting your hand with a mini RFID/NFC chip implant, and play around with our RFID displays! We also have returning the physical RFID wall of sheep where you can learn about long distance RFID cloning!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"Physical Security Village Activities","android_description":"Come join us at Carson City I and II for some hands on physical security bypass exhibits! Try your hand on bypassing elevators, deadlocks, deadlatches, shopping cart locks, building intercoms or more! Challenge yourself by trying to get out of handcuffs using only a bobby pin, and win a real police handcuff key! In addition, meet some of our external partners. You can augment yourself by injecting your hand with a mini RFID/NFC chip implant, and play around with our RFID displays! We also have returning the physical RFID wall of sheep where you can learn about long distance RFID cloning!","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1691655000,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52693,"tag_ids":[40290,45647,45743,45775],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Carson City - Physical Security Village","hotel":"","short_name":"Carson City - Physical Security Village","id":45679},"begin":"2023-08-12T17:00:00.000-0000","updated":"2023-08-10T08:10:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Threat Modeling is arguably the single most important activity in an application security program and if performed early can identify a wide range of potential flaws before a single line of code has been written. While being so critically important there is no single correct way to perform Threat Modeling, many techniques, methodologies and/or tools exist.\r\n\r\nAs part of our challenge we will present contestants with the exact same design and compare the outputs they produce against a number of categories in order to identify a winner and crown DEF CON’s Next Top Threat Model(er).\n\n\n","title":"DC’s Next Top Threat Model (DCNTTM)","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"Threat Modeling is arguably the single most important activity in an application security program and if performed early can identify a wide range of potential flaws before a single line of code has been written. While being so critically important there is no single correct way to perform Threat Modeling, many techniques, methodologies and/or tools exist.\r\n\r\nAs part of our challenge we will present contestants with the exact same design and compare the outputs they produce against a number of categories in order to identify a winner and crown DEF CON’s Next Top Threat Model(er).","updated_timestamp":{"seconds":1691642460,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52691,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[45635,45646,45764,45766],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"begin":"2023-08-12T17:00:00.000-0000","updated":"2023-08-10T04:41:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Two of the original co-founders of the Voting Village along with the current co-organizer will provide opening remarkers.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Voting Village Opening Remarks","android_description":"Two of the original co-founders of the Voting Village along with the current co-organizer will provide opening remarkers.","end_timestamp":{"seconds":1691861400,"nanoseconds":0},"updated_timestamp":{"seconds":1691435820,"nanoseconds":0},"speakers":[{"content_ids":[52329,52334,52337],"conference_id":96,"event_ids":[52613,52618,52621,52622],"name":"Catherine Terranova","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/catherine-terranova-8b209826a"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/catlovesvoting"},{"description":"","title":"Village Website","sort_order":0,"url":"https://votingvillage.org"}],"pronouns":null,"media":[],"id":51533},{"content_ids":[52313,52327,52337,52331],"conference_id":96,"event_ids":[52597,52611,52615,52621,52622],"name":"Harri Hursti","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/hhursti"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/harrihursti"},{"description":"","title":"Village Website","sort_order":0,"url":"https://votingvillage.org"}],"media":[],"id":51542},{"content_ids":[52337,52331],"conference_id":96,"event_ids":[52615,52621,52622],"name":"Matt Blaze","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/mattblaze"},{"description":"","title":"Village Website","sort_order":0,"url":"https://votingvillage.org"}],"media":[],"id":51551}],"timeband_id":991,"links":[],"end":"2023-08-12T17:30:00.000-0000","id":52622,"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[40298,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51533},{"tag_id":45590,"sort_order":1,"person_id":51542},{"tag_id":45590,"sort_order":1,"person_id":51551}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"spans_timebands":"N","updated":"2023-08-07T19:17:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#77d8b8","name":"Misc","id":45640},"title":"Contest Area Open","android_description":"","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1691357880,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52585,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[45640,45646,45743],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-08-06T21:38:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Open Bug Hunt | Hack the MetaQuest 2 in collaboration with Adversary Village, Red Team Village and sponsored by ThreatSims and Meta. Bug bounties to be reported via Meta Bug Bounty terms & conditions. Please sign up if you plan to participate.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"Haptics Hack-a-Thon","android_description":"Open Bug Hunt | Hack the MetaQuest 2 in collaboration with Adversary Village, Red Team Village and sponsored by ThreatSims and Meta. Bug bounties to be reported via Meta Bug Bounty terms & conditions. Please sign up if you plan to participate.","end_timestamp":{"seconds":1691881200,"nanoseconds":0},"updated_timestamp":{"seconds":1691357040,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-12T23:00:00.000-0000","links":[{"label":"Sign Up","type":"link","url":"https://doslkp0vze4.typeform.com/to/ezak2SyO"}],"id":52583,"tag_ids":[40311,45646,45743,45775],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 206 - XR Village","hotel":"","short_name":"Summit - 206 - XR Village","id":45860},"updated":"2023-08-06T21:24:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Explore emerging technology, hardware and experiences in the XR Village Playground. Meet and learn from technologists, futurists, and artists in the XR (VR / AR) space. Sponsored by BadVR and in collaboration with ICS Village, Red Team Village, Adversary Village and Policy Village.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"XR Village Playground","android_description":"Explore emerging technology, hardware and experiences in the XR Village Playground. Meet and learn from technologists, futurists, and artists in the XR (VR / AR) space. Sponsored by BadVR and in collaboration with ICS Village, Red Team Village, Adversary Village and Policy Village.","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1691357160,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52580,"village_id":null,"tag_ids":[40311,45646,45743,45775],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 206 - XR Village","hotel":"","short_name":"Summit - 206 - XR Village","id":45860},"updated":"2023-08-06T21:26:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Want to tinker with locks and tools the likes of which you've only seen in movies featuring secret agents, daring heists, or covert entry teams?\r\n\r\nThen come on by the Lockpick Village, run by The Open Organization Of Lockpickers, where you will have the opportunity to learn hands-on how the fundamental hardware of physical security operates and how it can be compromised.\r\n\r\nThe Lockpick Village is a physical security demonstration and participation area. Visitors can learn about the vulnerabilities of various locking devices, techniques used to exploit these vulnerabilities, and practice on locks of various levels of difficultly to try it themselves.\r\n\r\nExperts will be on hand to demonstrate and plenty of trial locks, pick tools, and other devices will be available for you to handle. By exploring the faults and flaws in many popular lock designs, you can not only learn about the fun hobby of sport-picking, but also gain a much stronger knowledge about the best methods and practices for protecting your own property.\r\n\r\n--\r\n\r\nA popular spot for new lock pickers! Highly recommended you stop by. The Lockpick Village is always kid friendly and welcomes folks of all ages. We do require that the parents stay with the kids.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Lockpick Village Activities","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"Want to tinker with locks and tools the likes of which you've only seen in movies featuring secret agents, daring heists, or covert entry teams?\r\n\r\nThen come on by the Lockpick Village, run by The Open Organization Of Lockpickers, where you will have the opportunity to learn hands-on how the fundamental hardware of physical security operates and how it can be compromised.\r\n\r\nThe Lockpick Village is a physical security demonstration and participation area. Visitors can learn about the vulnerabilities of various locking devices, techniques used to exploit these vulnerabilities, and practice on locks of various levels of difficultly to try it themselves.\r\n\r\nExperts will be on hand to demonstrate and plenty of trial locks, pick tools, and other devices will be available for you to handle. By exploring the faults and flaws in many popular lock designs, you can not only learn about the fun hobby of sport-picking, but also gain a much stronger knowledge about the best methods and practices for protecting your own property.\r\n\r\n--\r\n\r\nA popular spot for new lock pickers! Highly recommended you stop by. The Lockpick Village is always kid friendly and welcomes folks of all ages. We do require that the parents stay with the kids.","updated_timestamp":{"seconds":1691296860,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52567,"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[40309,45649,45743,45764,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45753,"name":"LINQ - 5th Floor / BLOQ - Lockpick Village","hotel":"","short_name":"5th Floor / BLOQ - Lockpick Village","id":45873},"spans_timebands":"N","begin":"2023-08-12T17:00:00.000-0000","updated":"2023-08-06T04:41:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Participate in a Jeopardy-style CTFs competition that challenges you to break through the guardrails within 8 different LLMs. In your 50-minute session, execute prompt injections, find internal inconsistencies, and identify issues in information integrity, privacy, and societal harm. Compete for points and take home the prize, or just have fun coming up with novel attacks.\r\n\r\nThis exercise, first of its kind, will allow the best and brightest minds in the security industry to join diverse voices new and veteran to the AI scene in pursuit of making AI and machine learning safer.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"AI Village Generative Red Team Challenge","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"Participate in a Jeopardy-style CTFs competition that challenges you to break through the guardrails within 8 different LLMs. In your 50-minute session, execute prompt injections, find internal inconsistencies, and identify issues in information integrity, privacy, and societal harm. Compete for points and take home the prize, or just have fun coming up with novel attacks.\r\n\r\nThis exercise, first of its kind, will allow the best and brightest minds in the security industry to join diverse voices new and veteran to the AI scene in pursuit of making AI and machine learning safer.","updated_timestamp":{"seconds":1691291160,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52562,"tag_ids":[40299,45646,45743,45775],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 401-406 - AI Village","hotel":"","short_name":"Academy - 401-406 - AI Village","id":45870},"begin":"2023-08-12T17:00:00.000-0000","updated":"2023-08-06T03:06:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"What are the economic incentives driving misinformation, and what does the advertisement/engagement business model have to do with it? If we could create a new model for our information ecosystem, how would we ensure civic integrity and security by design?\r\n \r\nJoin this workshop to co-create a new incentive system for open platforms focused on people, not profit. \r\n \r\nIn the workshop, you will modify and improve this new system in two different tracks: integrity and research/design. It will cover a wide range of interests, including trust & safety, cybersecurity, media, content creation, UX, and systems design. You can choose the track most relevant to you and contribute ideas, questions, and feedback that will directly inform the Sparkable roadmap. No previous knowledge is required.\n\n\n","title":"Disincentivizing misinformation: co-create a new platform business model","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691863200,"nanoseconds":0},"android_description":"What are the economic incentives driving misinformation, and what does the advertisement/engagement business model have to do with it? If we could create a new model for our information ecosystem, how would we ensure civic integrity and security by design?\r\n \r\nJoin this workshop to co-create a new incentive system for open platforms focused on people, not profit. \r\n \r\nIn the workshop, you will modify and improve this new system in two different tracks: integrity and research/design. It will cover a wide range of interests, including trust & safety, cybersecurity, media, content creation, UX, and systems design. You can choose the track most relevant to you and contribute ideas, questions, and feedback that will directly inform the Sparkable roadmap. No previous knowledge is required.","updated_timestamp":{"seconds":1691713260,"nanoseconds":0},"speakers":[{"content_ids":[52279],"conference_id":96,"event_ids":[52543],"name":"Vardon Hamdiu","affiliations":[{"organization":"Sparkable","title":"Co-Lead"}],"links":[],"pronouns":null,"media":[],"id":51512,"title":"Co-Lead at Sparkable"}],"timeband_id":991,"links":[],"end":"2023-08-12T18:00:00.000-0000","id":52543,"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[40305,45646,45719,45743],"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51512}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 224 - Misinfo Village","hotel":"","short_name":"Summit - 224 - Misinfo Village","id":45856},"updated":"2023-08-11T00:21:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Have you ever fused metal to create electronic mayhem? Do you want to learn? Travel too far to take your solder tools with you? Hotel take your irons cause they thought it was a fire risk? Come on over to the Solder Skills village. We have irons and supplies. Volunteers (and some attendees) help teach, advise or just put out fires. We aim to grow the skill-set of the community and overcome inhibitions to this most basic skill to make electronic dreams happen.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Soldering Skills Village Activities","android_description":"Have you ever fused metal to create electronic mayhem? Do you want to learn? Travel too far to take your solder tools with you? Hotel take your irons cause they thought it was a fire risk? Come on over to the Solder Skills village. We have irons and supplies. Volunteers (and some attendees) help teach, advise or just put out fires. We aim to grow the skill-set of the community and overcome inhibitions to this most basic skill to make electronic dreams happen.","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1691281860,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52521,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"village_id":null,"tag_ids":[40303,45646,45743,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 311-312 - Hardware/Soldering Vlgs","hotel":"","short_name":"Alliance - 311-312 - Hardware/Soldering Vlgs","id":45868},"spans_timebands":"N","begin":"2023-08-12T17:00:00.000-0000","updated":"2023-08-06T00:31:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"**ESV Badge**\r\nThe ESV Badge is a cool-looking shard PCB that will fit into the DEF CON badge shard holder, but also doubles as a hardware debugger with a built-in USB-Serial adapter. On sale at the village for $60, but also available for free to CTF players that score a minimum number of points. \r\n\r\n**Embedded CTF**\r\nAn approachable yet challenging CTF competition with a wide range of embedded devices and attacks. \r\n\r\nCategories include: \r\n\r\n - Physical\r\n - Network\r\n - RF\r\n - Mobile (Powered by Corellium)\r\n - Firmware\r\n - Badge - custom challenges built into the ESV badge\r\n\r\n**101 Labs**\r\nA series of computer-based workshops that will guide you through the basics of hacking embedded devices. From extracting and analyzing firmware, exploiting command injections and more, these labs will introduce even the most noob to the world of embedded device hacking.\r\n\r\n**Hands-on Hardware Hacking**\r\nWe've raided our local thrift stores and electronics recyclers and brought a whole bunch of embedded systems for you to try out the ESV badge on. Come pull memory chips off PCBs, dump memory, connect to UART consoles, and see what was left behind on these devices!\r\n\r\n**LoRA Labs**\r\nA hands-on and interactive lab using LoRa gateways where you will discover the noisy 915 MHz radio spectrum world.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Embedded Systems Village Activities","android_description":"**ESV Badge**\r\nThe ESV Badge is a cool-looking shard PCB that will fit into the DEF CON badge shard holder, but also doubles as a hardware debugger with a built-in USB-Serial adapter. On sale at the village for $60, but also available for free to CTF players that score a minimum number of points. \r\n\r\n**Embedded CTF**\r\nAn approachable yet challenging CTF competition with a wide range of embedded devices and attacks. \r\n\r\nCategories include: \r\n\r\n - Physical\r\n - Network\r\n - RF\r\n - Mobile (Powered by Corellium)\r\n - Firmware\r\n - Badge - custom challenges built into the ESV badge\r\n\r\n**101 Labs**\r\nA series of computer-based workshops that will guide you through the basics of hacking embedded devices. From extracting and analyzing firmware, exploiting command injections and more, these labs will introduce even the most noob to the world of embedded device hacking.\r\n\r\n**Hands-on Hardware Hacking**\r\nWe've raided our local thrift stores and electronics recyclers and brought a whole bunch of embedded systems for you to try out the ESV badge on. Come pull memory chips off PCBs, dump memory, connect to UART consoles, and see what was left behind on these devices!\r\n\r\n**LoRA Labs**\r\nA hands-on and interactive lab using LoRa gateways where you will discover the noisy 915 MHz radio spectrum world.","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1691282220,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52506,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"village_id":null,"tag_ids":[40300,45649,45743,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Evolution - Embedded Systems Village","hotel":"","short_name":"Evolution - Embedded Systems Village","id":45735},"spans_timebands":"N","begin":"2023-08-12T17:00:00.000-0000","updated":"2023-08-06T00:37:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"\"Tamper-evident\" refers to a physical security technology that provides evidence of tampering (access, damage, repair, or replacement) to determine authenticity or integrity of a container or object(s). In practical terms, this can be a piece of tape that closes an envelope, a plastic detainer that secures a hasp, or an ink used to identify a legitimate document. The goal of the Tamper Evident Village is to teach attendees how these technologies work and how many can be tampered with without leaving evidence. The village includes hands-on areas for mechanical seals, cargo seals, adhesive seals, mail and shipping seals, as well as a collection of demos, contests, and events to participate in.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Tamper Evident Village Activities","android_description":"\"Tamper-evident\" refers to a physical security technology that provides evidence of tampering (access, damage, repair, or replacement) to determine authenticity or integrity of a container or object(s). In practical terms, this can be a piece of tape that closes an envelope, a plastic detainer that secures a hasp, or an ink used to identify a legitimate document. The goal of the Tamper Evident Village is to teach attendees how these technologies work and how many can be tampered with without leaving evidence. The village includes hands-on areas for mechanical seals, cargo seals, adhesive seals, mail and shipping seals, as well as a collection of demos, contests, and events to participate in.","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1691258220,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52503,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"village_id":null,"tag_ids":[40307,45649,45743,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45753,"name":"LINQ - 5th Floor / BLOQ - Tamper Evident Village","hotel":"","short_name":"5th Floor / BLOQ - Tamper Evident Village","id":45874},"spans_timebands":"N","updated":"2023-08-05T17:57:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Gazing into the crystal ball: Hacking and Securing Future Telecoms Networks","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d653b1","name":"Village Panel","id":45771},"android_description":"","end_timestamp":{"seconds":1691863200,"nanoseconds":0},"updated_timestamp":{"seconds":1691257260,"nanoseconds":0},"speakers":[{"content_ids":[51515,51510,51502,52243],"conference_id":96,"event_ids":[52498,51658,51666,51671],"name":"David Rogers","affiliations":[{"organization":"Copper Horse","title":"CEO"}],"links":[],"pronouns":null,"media":[],"id":50598,"title":"CEO at Copper Horse"},{"content_ids":[52243],"conference_id":96,"event_ids":[52498],"name":"Galina Pildush","affiliations":[{"organization":"xG/IoT/MEC Security)","title":"Global Sr. Consulting Engineer"}],"links":[],"pronouns":null,"media":[],"id":51523,"title":"Global Sr. Consulting Engineer at xG/IoT/MEC Security)"},{"content_ids":[52243,52238,52239,52241,52242],"conference_id":96,"event_ids":[52493,52494,52496,52497,52500,52501,52498],"name":"Akib Sayyed","affiliations":[{"organization":"Matrix Shell Technologies Prviate Limited","title":"Director"}],"links":[],"pronouns":null,"media":[],"id":51524,"title":"Director at Matrix Shell Technologies Prviate Limited"},{"content_ids":[52243],"conference_id":96,"event_ids":[52498],"name":"Ajit Hatti","affiliations":[{"organization":"NullCon","title":""}],"links":[],"pronouns":null,"media":[],"id":51566,"title":"NullCon"}],"timeband_id":991,"links":[],"end":"2023-08-12T18:00:00.000-0000","id":52498,"village_id":72,"tag_ids":[40304,45647,45743,45771],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51566},{"tag_id":45632,"sort_order":1,"person_id":51524},{"tag_id":45632,"sort_order":1,"person_id":50598},{"tag_id":45632,"sort_order":1,"person_id":51523}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Virginia City - Telecom Village","hotel":"","short_name":"Virginia City - Telecom Village","id":45723},"begin":"2023-08-12T17:00:00.000-0000","updated":"2023-08-05T17:41:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Have you taken your IoT toaster and created a remote activated fire-alarm tester? How about that old toy your kids (right, it was for the kids?) don’t play with anymore that now fuzzes your neighbor’s drone? Or what about putting that con badge to good use? The Hardware Hacking Village is hosting a “Make Your 0wn Use” contest. Submissions can be a solo or team based project that bend, mend, or repurpose any device and show others how it can be done.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Make Your Own Use","android_description":"Have you taken your IoT toaster and created a remote activated fire-alarm tester? How about that old toy your kids (right, it was for the kids?) don’t play with anymore that now fuzzes your neighbor’s drone? Or what about putting that con badge to good use? The Hardware Hacking Village is hosting a “Make Your 0wn Use” contest. Submissions can be a solo or team based project that bend, mend, or repurpose any device and show others how it can be done.","end_timestamp":{"seconds":1691879400,"nanoseconds":0},"updated_timestamp":{"seconds":1691250780,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Details","type":"link","url":"https://dchhv.org/events/makeyourownuse.html"}],"end":"2023-08-12T22:30:00.000-0000","id":52488,"village_id":null,"tag_ids":[40287,45646,45743,45775],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 311-312 - Hardware/Soldering Vlgs","hotel":"","short_name":"Alliance - 311-312 - Hardware/Soldering Vlgs","id":45868},"begin":"2023-08-12T17:00:00.000-0000","updated":"2023-08-05T15:53:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Hardware Hacking Village (HHV) is hosting a Rube Goldberg Machine (RGM) Event! This idea has been kicking around the HHV volunteer circle in one shape or another since at least DEF CON 20, so it’s about time that it happened! The goal is to create a series of devices that combine to form an end-to-end Rube Goldberg machine for transmitting messages. The hope is that all sorts of creative devices will be connected up to each other to move bits through various complicated and fun analog/digital methods. Ideas have ranged from simply wiring RX to TX — to using radios to bounce the message off the moon!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"Hardware Hacking Rube Goldberg Machine","android_description":"Hardware Hacking Village (HHV) is hosting a Rube Goldberg Machine (RGM) Event! This idea has been kicking around the HHV volunteer circle in one shape or another since at least DEF CON 20, so it’s about time that it happened! The goal is to create a series of devices that combine to form an end-to-end Rube Goldberg machine for transmitting messages. The hope is that all sorts of creative devices will be connected up to each other to move bits through various complicated and fun analog/digital methods. Ideas have ranged from simply wiring RX to TX — to using radios to bounce the message off the moon!","end_timestamp":{"seconds":1691879400,"nanoseconds":0},"updated_timestamp":{"seconds":1691250780,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Details","type":"link","url":"https://dchhv.org/events/hhv_rgb.html"}],"end":"2023-08-12T22:30:00.000-0000","id":52486,"village_id":null,"tag_ids":[40287,45646,45743,45775],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 311-312 - Hardware/Soldering Vlgs","hotel":"","short_name":"Alliance - 311-312 - Hardware/Soldering Vlgs","id":45868},"updated":"2023-08-05T15:53:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"A little to shy to own the ring in open battle? Come play! There will be robots available to program, sample code, a ring and many opportunities to discover some of the fun of robotics.\n\n\n","title":"RoboSumo Play Time","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"A little to shy to own the ring in open battle? Come play! There will be robots available to program, sample code, a ring and many opportunities to discover some of the fun of robotics.","updated_timestamp":{"seconds":1691250660,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52483,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[40287,45646,45743,45775],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 311-312 - Hardware/Soldering Vlgs","hotel":"","short_name":"Alliance - 311-312 - Hardware/Soldering Vlgs","id":45868},"spans_timebands":"N","begin":"2023-08-12T17:00:00.000-0000","updated":"2023-08-05T15:51:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"DEF CON Groups Keynote","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#74a6bb","name":"DEF CON Groups VR","id":45643},"end_timestamp":{"seconds":1691861400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691202960,"nanoseconds":0},"speakers":[{"content_ids":[52195,52429],"conference_id":96,"event_ids":[52735,52445],"name":"Jayson E. Street","affiliations":[],"pronouns":null,"links":[{"description":"","title":"","sort_order":0,"url":"https://jaysonestreet.com/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jaysonstreet"}],"media":[],"id":51440}],"timeband_id":991,"end":"2023-08-12T17:30:00.000-0000","links":[{"label":"Join via DCGVR","type":"link","url":"https://dcgvr.org/join"},{"label":"DCGVR Website","type":"link","url":"https://dcgvr.org/"}],"id":52445,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"village_id":null,"tag_ids":[45643,45744],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51440}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45749},"spans_timebands":"N","begin":"2023-08-12T17:00:00.000-0000","updated":"2023-08-05T02:36:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Password Village provides training, discussion, and hands-on access to hardware and techniques utilized in modern password cracking, with an emphasis on how password cracking relates to your job function and the real world . No laptop? No problem! Feel free to use one of our terminals to access a pre-configured GPGPU environment to run password attacks against simulated real-world passwords. Village staff and expert volunteers will be standing by to assist you with on-the-spot training and introductions to Hashcat, as well as other FOSS cracking applications.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Password Village Activities","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"The Password Village provides training, discussion, and hands-on access to hardware and techniques utilized in modern password cracking, with an emphasis on how password cracking relates to your job function and the real world . No laptop? No problem! Feel free to use one of our terminals to access a pre-configured GPGPU environment to run password attacks against simulated real-world passwords. Village staff and expert volunteers will be standing by to assist you with on-the-spot training and introductions to Hashcat, as well as other FOSS cracking applications.","updated_timestamp":{"seconds":1691190660,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52443,"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[40289,45646,45743,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 236 - Password Village","hotel":"","short_name":"Summit - 236 - Password Village","id":45862},"spans_timebands":"N","begin":"2023-08-12T17:00:00.000-0000","updated":"2023-08-04T23:11:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"PTP Flight Challenge\r\n\r\nPen Test Partners\r\n\r\nCome try your hand at flying our immersive Airbus A320 simulator and see if you can stick our landing challenge! We'll also be talking about electronic flight bags, how their data integrity is relied upon by pilots to assist with a safe landing, and demonstrate the impacts in a safe environment.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"PTP Flight Challenge","android_description":"PTP Flight Challenge\r\n\r\nPen Test Partners\r\n\r\nCome try your hand at flying our immersive Airbus A320 simulator and see if you can stick our landing challenge! We'll also be talking about electronic flight bags, how their data integrity is relied upon by pilots to assist with a safe landing, and demonstrate the impacts in a safe environment.","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1691101560,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52421,"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[40280,45646,45743,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"updated":"2023-08-03T22:26:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Ask Me Anything About Cybersecurity in Aerospace\r\n\r\nAIAA\r\n\r\nWe have added a special feature to this year’s activities during DEF CON 31. This will be on Friday and Saturday from 11AM - 5PM.\r\n\r\nOur friends at AIAA are helping us host “Ask Me Anything” sessions on Friday and Saturday. It’s an opportunity to meet Aerospace Village members and partners who are experts in the field. Bring your questions about getting into cybersecurity, aviation, space, likes/dislikes, you name it!\r\n\r\n - A chance to ask all your questions, get their perspective, and hear some great stories.\r\n - A low-key sharing of experiences and a way to make new friends without having to make small talk.\r\n - Note: This is NOT a recruiting activity. Ask career questions if you have them, but think of this more as a chance for general \"speed mentoring.\"\n\n\n","title":"Ask Me Anything About Cybersecurity in Aerospace","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"Ask Me Anything About Cybersecurity in Aerospace\r\n\r\nAIAA\r\n\r\nWe have added a special feature to this year’s activities during DEF CON 31. This will be on Friday and Saturday from 11AM - 5PM.\r\n\r\nOur friends at AIAA are helping us host “Ask Me Anything” sessions on Friday and Saturday. It’s an opportunity to meet Aerospace Village members and partners who are experts in the field. Bring your questions about getting into cybersecurity, aviation, space, likes/dislikes, you name it!\r\n\r\n - A chance to ask all your questions, get their perspective, and hear some great stories.\r\n - A low-key sharing of experiences and a way to make new friends without having to make small talk.\r\n - Note: This is NOT a recruiting activity. Ask career questions if you have them, but think of this more as a chance for general \"speed mentoring.\"","updated_timestamp":{"seconds":1691101560,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52419,"tag_ids":[40280,45646,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"begin":"2023-08-12T17:00:00.000-0000","updated":"2023-08-03T22:26:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Hack The Airport\r\n\r\nIntelliGenesis and IG Labs\r\n\r\nIG Labs will be bringing our Runway Lighting System in a box as part of our Hack The Airport CTF. Participants will be able to attempt to get hands on with practical OT and IT cyber security environment in a mobile converged environment with real-world hardware and protocols.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Hack The Airport","android_description":"Hack The Airport\r\n\r\nIntelliGenesis and IG Labs\r\n\r\nIG Labs will be bringing our Runway Lighting System in a box as part of our Hack The Airport CTF. Participants will be able to attempt to get hands on with practical OT and IT cyber security environment in a mobile converged environment with real-world hardware and protocols.","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1691101560,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52418,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[40280,45646,45743,45775],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"spans_timebands":"N","updated":"2023-08-03T22:26:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Discover the exciting world of cybersecurity and unmanned aerial systems (UAS)! Learn how to safeguard UAS from all angles with a comprehensive platform security perspective.\r\n\r\nEngage in some fun and challenging CTF adventures where you can put your skills to the test. See firsthand how your actions affect our UAS demonstrator. The UAS demonstrator contains all the sensors from our Mobile Optical Ultrasonic Sensor Explorer, or MOUSE for short. The MOUSE represents a small Unmanned Aircraft System (sUAS) comprising a pan/tilt object recognition camera, navigation camera, temperature & humidity sensor, ultrasonic sensor, and drive system powering four motors.\r\n\r\nYou won't need to worry about any complicated registration process; all you need is your personal laptop to join in the excitement. Earn enough points in the challenge, and you could be the proud owner of a CT Cubed SAO, a special prize while supplies last. Get ready to embark on this fascinating journey and prove your cybersecurity prowess!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Unmanned Aerial Systems – Platform Security","android_description":"Discover the exciting world of cybersecurity and unmanned aerial systems (UAS)! Learn how to safeguard UAS from all angles with a comprehensive platform security perspective.\r\n\r\nEngage in some fun and challenging CTF adventures where you can put your skills to the test. See firsthand how your actions affect our UAS demonstrator. The UAS demonstrator contains all the sensors from our Mobile Optical Ultrasonic Sensor Explorer, or MOUSE for short. The MOUSE represents a small Unmanned Aircraft System (sUAS) comprising a pan/tilt object recognition camera, navigation camera, temperature & humidity sensor, ultrasonic sensor, and drive system powering four motors.\r\n\r\nYou won't need to worry about any complicated registration process; all you need is your personal laptop to join in the excitement. Earn enough points in the challenge, and you could be the proud owner of a CT Cubed SAO, a special prize while supplies last. Get ready to embark on this fascinating journey and prove your cybersecurity prowess!","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1691166900,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52415,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[40280,45646,45743,45775],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"spans_timebands":"N","updated":"2023-08-04T16:35:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Challenge\r\n\r\nLockheed Martin\r\n\r\n**Laptop Needed**\r\n\r\nThis is your chance to demonstrate your superior aviation hacking knowledge and skills. This contest requires you to keep your eyes open in the Aerospace Village, a personal device to access the contest webpage, and various other technical skills that are useful in the Aerospace industry. A laptop will be helpful for binary analysis and packet decoding. The final flag is an RF replay attack, so you will need to bring or borrow a device capable of rebroadcasting a signal. If you get stuck on any the challenges help can likely be found in some of the other villages. No pre-registration is required and it is OK to work in teams. The first to finish will receive a 1/48 scale model of an F-35B as well as the prestige of being the first ever winner of this challenging contest. A second model will be awarded based on a random drawing of all other people who successfully solve the final flag. The Aerospace Village CTF starts when the village opens on Friday and ends when the village closes Sunday at 2.\n\n\n","title":"The Challenge - Lockheed Martin","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"The Challenge\r\n\r\nLockheed Martin\r\n\r\n**Laptop Needed**\r\n\r\nThis is your chance to demonstrate your superior aviation hacking knowledge and skills. This contest requires you to keep your eyes open in the Aerospace Village, a personal device to access the contest webpage, and various other technical skills that are useful in the Aerospace industry. A laptop will be helpful for binary analysis and packet decoding. The final flag is an RF replay attack, so you will need to bring or borrow a device capable of rebroadcasting a signal. If you get stuck on any the challenges help can likely be found in some of the other villages. No pre-registration is required and it is OK to work in teams. The first to finish will receive a 1/48 scale model of an F-35B as well as the prestige of being the first ever winner of this challenging contest. A second model will be awarded based on a random drawing of all other people who successfully solve the final flag. The Aerospace Village CTF starts when the village opens on Friday and ends when the village closes Sunday at 2.","updated_timestamp":{"seconds":1691101620,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52413,"village_id":null,"tag_ids":[40280,45646,45743,45775],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"begin":"2023-08-12T17:00:00.000-0000","updated":"2023-08-03T22:27:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"A-ISAC CTF\r\n\r\nA-ISAC and Embry-Riddle Aeronautical University - Prescott\r\n\r\n**Laptop Needed**\r\n\r\nA variety of aviation infrastructure have been compromised. Immerse yourself into challenges where you are tasked with identifying attacks/attackers, stopping attacks, and restoring normal operations. As a participant your first step is to register ahead and read the rules at: https://aisac.cyberskyline.com/events/aisac-defcon and bring your own laptop to the venue. You can participate in the virtual challenges from Friday, but the more critical in-person challenges are only available at certain times during Village open hours!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"A-ISAC CTF","android_description":"A-ISAC CTF\r\n\r\nA-ISAC and Embry-Riddle Aeronautical University - Prescott\r\n\r\n**Laptop Needed**\r\n\r\nA variety of aviation infrastructure have been compromised. Immerse yourself into challenges where you are tasked with identifying attacks/attackers, stopping attacks, and restoring normal operations. As a participant your first step is to register ahead and read the rules at: https://aisac.cyberskyline.com/events/aisac-defcon and bring your own laptop to the venue. You can participate in the virtual challenges from Friday, but the more critical in-person challenges are only available at certain times during Village open hours!","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1691101620,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52411,"tag_ids":[40280,45646,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"updated":"2023-08-03T22:27:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Bricks in the Air\r\n\r\nAerospace Village\r\n\r\nBricks in the Air is a hands-on demo to teach the basics of low level protocols seen in aviation. The demo uses the I2C protocol and does not reveal actual security vulnerabilities in avionics or other systems in aviation. The attendees are not required to have any prerequisite knowledge. No equipment is needed for attendees.\n\n\n","title":"Bricks in the Air","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"Bricks in the Air\r\n\r\nAerospace Village\r\n\r\nBricks in the Air is a hands-on demo to teach the basics of low level protocols seen in aviation. The demo uses the I2C protocol and does not reveal actual security vulnerabilities in avionics or other systems in aviation. The attendees are not required to have any prerequisite knowledge. No equipment is needed for attendees.","updated_timestamp":{"seconds":1691101680,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52409,"tag_ids":[40280,45646,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"spans_timebands":"N","updated":"2023-08-03T22:28:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"ARINC 615a CTF\r\n\r\nBoeing\r\n\r\n**Laptop Needed**\r\n\r\nBoeing will be hosting an ARINC 615a dataload CTF broken into two major modules. The first module will focus on decomposing and analyzing a PCAP capture of a simulated dataload between an airplane dataload server and an avionics component. The second module will allow participants to execute a dataload against simulated avionics to help improve understanding and awareness of how software is loaded onto airplanes. Additionally, Boeing is aiming to increase its cyber outreach into the STEM community by offering an additional challenge centered on an operational system and the impact of that system on the overall airplane. The challenge will walk participants through how the operational system functions, how it can be negatively impacted, the results of tampering with the system while it’s in flight, and how the system can secured via CIA and PKI.\n\n\n","title":"ARINC 615a CTF","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"ARINC 615a CTF\r\n\r\nBoeing\r\n\r\n**Laptop Needed**\r\n\r\nBoeing will be hosting an ARINC 615a dataload CTF broken into two major modules. The first module will focus on decomposing and analyzing a PCAP capture of a simulated dataload between an airplane dataload server and an avionics component. The second module will allow participants to execute a dataload against simulated avionics to help improve understanding and awareness of how software is loaded onto airplanes. Additionally, Boeing is aiming to increase its cyber outreach into the STEM community by offering an additional challenge centered on an operational system and the impact of that system on the overall airplane. The challenge will walk participants through how the operational system functions, how it can be negatively impacted, the results of tampering with the system while it’s in flight, and how the system can secured via CIA and PKI.","updated_timestamp":{"seconds":1691101680,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52407,"tag_ids":[40280,45646,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"begin":"2023-08-12T17:00:00.000-0000","updated":"2023-08-03T22:28:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"CPV Welcome - Day 2","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691859900,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691025780,"nanoseconds":0},"speakers":[{"content_ids":[52022,52029,52030,52031,52037,52040,52043],"conference_id":96,"event_ids":[52238,52247,52246,52245,52253,52259,52256,52260,52261,52262],"name":"CPV Staff","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51254}],"timeband_id":991,"links":[],"end":"2023-08-12T17:05:00.000-0000","id":52246,"tag_ids":[40308,45645,45647,45743],"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51254}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset - Vista - Crypto & Privacy Village","hotel":"","short_name":"Sunset - Vista - Crypto & Privacy Village","id":45702},"begin":"2023-08-12T17:00:00.000-0000","updated":"2023-08-03T01:23:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Hardware Hacking Your Kitchen: bug bounty is back! Join us for the opportunity to live hack into some of the most popular home kitchen devices, right in the IoT Village!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Hardware Hacking Your Kitchen","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"Hardware Hacking Your Kitchen: bug bounty is back! Join us for the opportunity to live hack into some of the most popular home kitchen devices, right in the IoT Village!","updated_timestamp":{"seconds":1691000640,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52236,"tag_ids":[40296,45646,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"begin":"2023-08-12T17:00:00.000-0000","updated":"2023-08-02T18:24:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Want to put your MIPS shellcode skills to the test for a chance to win a prize? Learn to dump flash from our custom-built PCB that we use to teach our Hardware Hacking Workshop. Hone your dynamic analysis skills and exploit a WPS pin generation algorithm used in a popular Real Time Operating System.\n\n\n","title":"Perform Memory Extraction, Emulation and Shellcode","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"android_description":"Want to put your MIPS shellcode skills to the test for a chance to win a prize? Learn to dump flash from our custom-built PCB that we use to teach our Hardware Hacking Workshop. Hone your dynamic analysis skills and exploit a WPS pin generation algorithm used in a popular Real Time Operating System.","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1691000640,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52234,"tag_ids":[40296,45646,45743,45775],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"begin":"2023-08-12T17:00:00.000-0000","updated":"2023-08-02T18:24:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Embedded Device Security Workshops: two hands-on workshops showcasing common security vulnerabilities present in IoT/OT devices. These workshops will give you an opportunity to use a variety of device hacking tools and techniques to attack multiple components at varying layers of the stack, enabling a deeper understanding of device security.\n\n\n","title":"Embedded Device Security Workshops","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"Embedded Device Security Workshops: two hands-on workshops showcasing common security vulnerabilities present in IoT/OT devices. These workshops will give you an opportunity to use a variety of device hacking tools and techniques to attack multiple components at varying layers of the stack, enabling a deeper understanding of device security.","updated_timestamp":{"seconds":1691000580,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52232,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[40296,45646,45743,45775],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"spans_timebands":"N","updated":"2023-08-02T18:23:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"From Memory Manipulation to Root Access: In this year's exercises, we will be guiding the attendees through another multistep process to gain root access to a targeted IoT device via UART by first extracting the firmware to gain access to the root password and identifying memory offsets that allow attendees to alter U-Boot running memory to disable filters blocking needed changes to device boot environment variables. This series of exercises will cover steps including U-boot interaction, firmware extraction process, altering memory style attack, binwalk to extract cramfs filesystem, hexedit to identify memory offsets, and cracking of extracted password hashes.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"IoT Village Hardware Hacking Exercises 2023","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"From Memory Manipulation to Root Access: In this year's exercises, we will be guiding the attendees through another multistep process to gain root access to a targeted IoT device via UART by first extracting the firmware to gain access to the root password and identifying memory offsets that allow attendees to alter U-Boot running memory to disable filters blocking needed changes to device boot environment variables. This series of exercises will cover steps including U-boot interaction, firmware extraction process, altering memory style attack, binwalk to extract cramfs filesystem, hexedit to identify memory offsets, and cracking of extracted password hashes.","updated_timestamp":{"seconds":1691000580,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52230,"village_id":null,"tag_ids":[40296,45646,45743,45775],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"spans_timebands":"N","updated":"2023-08-02T18:23:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Bluetooth Hacking: Hands-on exercises provide insights into powerful Bluetooth, WiFi, and IoT Security Assessment tools to unleash your hacking potential. Talk with security researchers on Bluetooth, WiFi, and 5G research; learn about firmware analysis and fuzzing. Walk away knowing the tools and lab equipment you need to perform IoT research.\n\n\n","title":"The IoT Kill Zone","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"Bluetooth Hacking: Hands-on exercises provide insights into powerful Bluetooth, WiFi, and IoT Security Assessment tools to unleash your hacking potential. Talk with security researchers on Bluetooth, WiFi, and 5G research; learn about firmware analysis and fuzzing. Walk away knowing the tools and lab equipment you need to perform IoT research.","updated_timestamp":{"seconds":1691000580,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52228,"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[40296,45646,45743,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"spans_timebands":"N","begin":"2023-08-12T17:00:00.000-0000","updated":"2023-08-02T18:23:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Take Control of Your xIoT Don your white coat, and step into the Mobile xIoT Security Lab at IoT Village during DefCon 31 for a hands-on experience allowing you to Find, Fix, and Monitor an array of IoT, OT, IIoT, and IoMT devices. Brace yourself for the thrill of controlling real-world devices with known CVEs and safely automating fixes. Accompanied by our expert guide, witness live hacking demonstrations showcasing the alarming simplicity behind breaching and controlling banned xIoT devices. And for the cherry on top, be among the first 100 attendees to receive an exclusive, limited edition \"Secure Your Things\" T-shirt as a token of our appreciation.\n\n\n","title":"Secure or Surrender","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"Take Control of Your xIoT Don your white coat, and step into the Mobile xIoT Security Lab at IoT Village during DefCon 31 for a hands-on experience allowing you to Find, Fix, and Monitor an array of IoT, OT, IIoT, and IoMT devices. Brace yourself for the thrill of controlling real-world devices with known CVEs and safely automating fixes. Accompanied by our expert guide, witness live hacking demonstrations showcasing the alarming simplicity behind breaching and controlling banned xIoT devices. And for the cherry on top, be among the first 100 attendees to receive an exclusive, limited edition \"Secure Your Things\" T-shirt as a token of our appreciation.","updated_timestamp":{"seconds":1691000580,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52226,"village_id":null,"tag_ids":[40296,45646,45743,45775],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"updated":"2023-08-02T18:23:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Join for hands-on content and labs exploiting critical IoT and network infrastructure. Participate in initial public disclosure of new vulnerabilities with our team of experts, explore the 0-day development process, and power up your reverse engineering skills by \"living off the land\" like a pro using simple, free tools!Want to hack an Emergency Alert System unit, extract network traffic from recycled phone systems & routers, or exploit security controls in firewalls & proxies?\r\n\r\nBring a laptop, your favorite intercepting proxy, and a *lot* of caffeine.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Critical Infrastructure & IoT Exploitation","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"Join for hands-on content and labs exploiting critical IoT and network infrastructure. Participate in initial public disclosure of new vulnerabilities with our team of experts, explore the 0-day development process, and power up your reverse engineering skills by \"living off the land\" like a pro using simple, free tools!Want to hack an Emergency Alert System unit, extract network traffic from recycled phone systems & routers, or exploit security controls in firewalls & proxies?\r\n\r\nBring a laptop, your favorite intercepting proxy, and a *lot* of caffeine.","updated_timestamp":{"seconds":1691000580,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52224,"tag_ids":[40296,45646,45743,45775],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"begin":"2023-08-12T17:00:00.000-0000","updated":"2023-08-02T18:23:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"IoT Village Hacking Playground: The IoT Village Hacking Playground is a set of hands-on labs developed to teach the tools and techniques for discovering and exploiting some of the common weaknesses found in IoT devices in just a few minutes. Whether you're a penetration tester that has never hacked IoT devices, or even someone that has never hacked anything, these self-guided labs will introduce the audience to the world of IoT and the security issues that can plague these devices. Work at your own pace following our IoT Hacking guides and if you get stuck, our instructors are on hand to provide assistance and answer any questions.\n\n\n","title":"IoT Village Hacking Playground","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"android_description":"IoT Village Hacking Playground: The IoT Village Hacking Playground is a set of hands-on labs developed to teach the tools and techniques for discovering and exploiting some of the common weaknesses found in IoT devices in just a few minutes. Whether you're a penetration tester that has never hacked IoT devices, or even someone that has never hacked anything, these self-guided labs will introduce the audience to the world of IoT and the security issues that can plague these devices. Work at your own pace following our IoT Hacking guides and if you get stuck, our instructors are on hand to provide assistance and answer any questions.","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1691000520,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52222,"tag_ids":[40296,45646,45743,45775],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"begin":"2023-08-12T17:00:00.000-0000","updated":"2023-08-02T18:22:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Permission management in AWS can be a daunting task. A single user can have an inline policy, attached managed policies, and be a member of several IAM groups. Not to mention Service Control Policies and permission boundaries!\r\n\r\nIAM-APE, or IAM AWS Policy Evaluator, is an open source, automated tool that was designed to simplify the process of calculating effective permissions for an AWS entity. The tool gathers all the IAM policies present in your account, and then calculates the effective permissions that each entity - User, Group, or Role - has. It presents you with a single policy, summarizing all of their actual permissions\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Introducing IAM-APE","end_timestamp":{"seconds":1691861400,"nanoseconds":0},"android_description":"Permission management in AWS can be a daunting task. A single user can have an inline policy, attached managed policies, and be a member of several IAM groups. Not to mention Service Control Policies and permission boundaries!\r\n\r\nIAM-APE, or IAM AWS Policy Evaluator, is an open source, automated tool that was designed to simplify the process of calculating effective permissions for an AWS entity. The tool gathers all the IAM policies present in your account, and then calculates the effective permissions that each entity - User, Group, or Role - has. It presents you with a single policy, summarizing all of their actual permissions","updated_timestamp":{"seconds":1690921800,"nanoseconds":0},"speakers":[{"content_ids":[51997],"conference_id":96,"event_ids":[52191],"name":"Tohar Braun","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/MaliciousDelish"}],"media":[],"id":51205}],"timeband_id":991,"links":[],"end":"2023-08-12T17:30:00.000-0000","id":52191,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[40284,45592,45645,45647,45743],"village_id":null,"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":51205}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Mesquite - Cloud Village","hotel":"","short_name":"Mesquite - Cloud Village","id":45653},"begin":"2023-08-12T17:00:00.000-0000","updated":"2023-08-01T20:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This is when you can go visit our awesome exhibitors.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#77d8b8","updated_at":"2024-06-07T03:38+0000","name":"Misc","id":45640},"title":"Exhibitor Area Open","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"This is when you can go visit our awesome exhibitors.","updated_timestamp":{"seconds":1690758060,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52165,"tag_ids":[45640,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 124-126 - Exhibitors","hotel":"","short_name":"Forum - 124-126 - Exhibitors","id":45823},"begin":"2023-08-12T17:00:00.000-0000","updated":"2023-07-30T23:01:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This is when you can go visit our awesome vendors. \r\n\r\nWe don't know whether they will be accepting cash or cards. That's up to each vendor, and we do not have a list.\r\n\r\nWe also don't know if/when vendors will sell out of anything they may be selling.\n\n\n","title":"Vendor Area Open","type":{"conference_id":96,"conference":"DEFCON31","color":"#77d8b8","updated_at":"2024-06-07T03:38+0000","name":"Misc","id":45640},"android_description":"This is when you can go visit our awesome vendors. \r\n\r\nWe don't know whether they will be accepting cash or cards. That's up to each vendor, and we do not have a list.\r\n\r\nWe also don't know if/when vendors will sell out of anything they may be selling.","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1690758060,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52162,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[45640,45646,45743],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 305-306 - Vendors","hotel":"","short_name":"Alliance - 305-306 - Vendors","id":45866},"updated":"2023-07-30T23:01:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Cold Calls give attendees a walk-up opportunity to make a short call to get a feel for both the contest and the world of Social Engineering through vishing but without the contest elements.\r\n\r\nThis is on a first-come, first-served basis. Please see the \"More Information\" link.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Cold Calls","end_timestamp":{"seconds":1691865000,"nanoseconds":0},"android_description":"Cold Calls give attendees a walk-up opportunity to make a short call to get a feel for both the contest and the world of Social Engineering through vishing but without the contest elements.\r\n\r\nThis is on a first-come, first-served basis. Please see the \"More Information\" link.","updated_timestamp":{"seconds":1690590660,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-12T18:30:00.000-0000","links":[{"label":"More Information","type":"link","url":"https://www.se.community/cold-calls/"}],"id":51706,"tag_ids":[40302,45649,45743,45775],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social A - Social Engineering Community","hotel":"","short_name":"Social A - Social Engineering Community","id":45736},"spans_timebands":"N","begin":"2023-08-12T17:00:00.000-0000","updated":"2023-07-29T00:31:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"We start taking drives at 4:00pm local time on Thursday - possibly a little earlier. We reopen at 10:00am on Friday, Saturday, and Sunday.\r\n\r\nWe'll keep accepting drives until we reach capacity (usually late Friday or early Saturday).  Then we copy and copy all the things until we just can't copy any more - first come, first served.  We run around the clock until we run out of time on Sunday morning with the last possible pickup being before 11:00am on Sunday.\r\n\r\nMost of the drive information can be found [here](https://dcddv.org/dc31-drive-info). If you have questions that have not yet been answered, you can email [info@dcddv.org](mailto:info@dcddv.org), or visit the [DEF CON Forums](https://forum.defcon.org/node/244903).\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#697bd0","updated_at":"2024-06-07T03:38+0000","name":"Event","id":45638},"title":"DDV open and accepting drives for duplication","android_description":"We start taking drives at 4:00pm local time on Thursday - possibly a little earlier. We reopen at 10:00am on Friday, Saturday, and Sunday.\r\n\r\nWe'll keep accepting drives until we reach capacity (usually late Friday or early Saturday).  Then we copy and copy all the things until we just can't copy any more - first come, first served.  We run around the clock until we run out of time on Sunday morning with the last possible pickup being before 11:00am on Sunday.\r\n\r\nMost of the drive information can be found [here](https://dcddv.org/dc31-drive-info). If you have questions that have not yet been answered, you can email [info@dcddv.org](mailto:info@dcddv.org), or visit the [DEF CON Forums](https://forum.defcon.org/node/244903).","end_timestamp":{"seconds":1691884800,"nanoseconds":0},"updated_timestamp":{"seconds":1691260500,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/244903"},{"label":"Drive Information","type":"link","url":"https://dcddv.org/dc31-drive-info"}],"end":"2023-08-13T00:00:00.000-0000","id":51693,"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[40285,45638,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 231 - Data Dupe Vlg","hotel":"","short_name":"Summit - 231 - Data Dupe Vlg","id":45858},"spans_timebands":"N","begin":"2023-08-12T17:00:00.000-0000","updated":"2023-08-05T18:35:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"For years, the hacker community has fought to try to make technology more secure by exposing weaknesses in the software that underlies our entire society. And now, it seems the US government (USG) - and others around the world - are finally heeding the warnings from the hacker community. \r\n\r\nIn the past two years alone, USG has proposed policies that could shift the burden of security onto software developers, and defined guidance for ‘secure-by-design.’ These efforts, if implemented properly, could create a foundational shift in how software manufacturers build and secure software, and ultimately in the security of tech around the world. \r\n\r\nIn this technical policy talk, CISA’s #1 Cybersecurity Leader, Intel’s Global Cybersecurity Policy Lead, and an experienced security entrepreneur and former USG leader, dissect the buzzwords, policy documents, and implementation details of this wave of policy action, and what it means for software builders and hackers. \r\n\r\nFor the DEF CON / hacker community, this is an opportunity to hear – and inform – what may constitute ‘secure by design’ – from memory safety, to open-source security, vulnerability disclosure programs, and more – and how software suppliers are held accountable for insecure software.\n\n\n","title":"What “Secure by Design” means for software breakers and builders","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d653b1","name":"Village Panel","id":45771},"end_timestamp":{"seconds":1691862600,"nanoseconds":0},"android_description":"For years, the hacker community has fought to try to make technology more secure by exposing weaknesses in the software that underlies our entire society. And now, it seems the US government (USG) - and others around the world - are finally heeding the warnings from the hacker community. \r\n\r\nIn the past two years alone, USG has proposed policies that could shift the burden of security onto software developers, and defined guidance for ‘secure-by-design.’ These efforts, if implemented properly, could create a foundational shift in how software manufacturers build and secure software, and ultimately in the security of tech around the world. \r\n\r\nIn this technical policy talk, CISA’s #1 Cybersecurity Leader, Intel’s Global Cybersecurity Policy Lead, and an experienced security entrepreneur and former USG leader, dissect the buzzwords, policy documents, and implementation details of this wave of policy action, and what it means for software builders and hackers. \r\n\r\nFor the DEF CON / hacker community, this is an opportunity to hear – and inform – what may constitute ‘secure by design’ – from memory safety, to open-source security, vulnerability disclosure programs, and more – and how software suppliers are held accountable for insecure software.","updated_timestamp":{"seconds":1690431420,"nanoseconds":0},"speakers":[{"content_ids":[51518],"conference_id":96,"event_ids":[51674],"name":"Cassie Crossley","affiliations":[{"organization":"Cybersecurity & Product Security Office at Schneider Electric","title":"Vice President, Supply Chain Security"}],"links":[],"pronouns":null,"media":[],"id":50587,"title":"Vice President, Supply Chain Security at Cybersecurity & Product Security Office at Schneider Electric"},{"content_ids":[51518],"conference_id":96,"event_ids":[51674],"name":"Christopher Butera","affiliations":[{"organization":"Cybersecurity and Infrastructure Security Agency (CISA)","title":""}],"links":[],"pronouns":null,"media":[],"id":50592,"title":"Cybersecurity and Infrastructure Security Agency (CISA)"},{"content_ids":[51518],"conference_id":96,"event_ids":[51674],"name":"Daniel Bardenstein","affiliations":[{"organization":"Manifest","title":""}],"links":[],"pronouns":null,"media":[],"id":50596,"title":"Manifest"}],"timeband_id":991,"end":"2023-08-12T17:50:00.000-0000","links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"id":51674,"tag_ids":[40310,45646,45743,45771],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":50587},{"tag_id":45632,"sort_order":1,"person_id":50592},{"tag_id":45632,"sort_order":1,"person_id":50596}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 218-219 - Policy Rotunda","hotel":"","short_name":"Summit - 218-219 - Policy Rotunda","id":45824},"spans_timebands":"N","begin":"2023-08-12T17:00:00.000-0000","updated":"2023-07-27T04:17:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The US cyber workforce consists of 1.2 million professionals, but over half a million jobs in the cybersecurity sector remain vacant, leading to a talent shortage that affects society as a whole, and high-risk communities most particularly. The predicted talent shortage rising to 3.5 million by 2030 suggests that these communities are unlikely to receive the help they need anytime soon.\r\n\r\nThe hacker community has been helping high-risk communities for decades. But how can they do so at scale? How can decision makers around the world, in government but also industry and civil society, work together with hackers to create solutions that build cyber resiliency for high-risk communities? \r\n\r\nThis public session will explore how governments, industry and civil society can work with the hacker community at large, to develop scalable and systemic solutions to protect those no one should ever attack. It will also aim to identify policy solutions and overall recommendations to generate more secure environments for communities at risk.\n\n\n","title":"How hackers can work with government, industry, civil society to protect high-risk communities","type":{"conference_id":96,"conference":"DEFCON31","color":"#d653b1","updated_at":"2024-06-07T03:38+0000","name":"Village Panel","id":45771},"android_description":"The US cyber workforce consists of 1.2 million professionals, but over half a million jobs in the cybersecurity sector remain vacant, leading to a talent shortage that affects society as a whole, and high-risk communities most particularly. The predicted talent shortage rising to 3.5 million by 2030 suggests that these communities are unlikely to receive the help they need anytime soon.\r\n\r\nThe hacker community has been helping high-risk communities for decades. But how can they do so at scale? How can decision makers around the world, in government but also industry and civil society, work together with hackers to create solutions that build cyber resiliency for high-risk communities? \r\n\r\nThis public session will explore how governments, industry and civil society can work with the hacker community at large, to develop scalable and systemic solutions to protect those no one should ever attack. It will also aim to identify policy solutions and overall recommendations to generate more secure environments for communities at risk.","end_timestamp":{"seconds":1691866200,"nanoseconds":0},"updated_timestamp":{"seconds":1690431000,"nanoseconds":0},"speakers":[{"content_ids":[51511],"conference_id":96,"event_ids":[51667],"name":"Adrien Ogee","affiliations":[{"organization":"CyberPeace Institute","title":"Chief Operations Officer"}],"links":[],"pronouns":null,"media":[],"id":50570,"title":"Chief Operations Officer at CyberPeace Institute"},{"content_ids":[51511,51527],"conference_id":96,"event_ids":[51667,51683],"name":"David Forscey","affiliations":[{"organization":"CISA JCDC","title":"Cyber Strategy Planner"}],"links":[],"pronouns":null,"media":[],"id":50597,"title":"Cyber Strategy Planner at CISA JCDC"},{"content_ids":[51511],"conference_id":96,"event_ids":[51667],"name":"Mark E. Schreiber","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50622},{"content_ids":[51511],"conference_id":96,"event_ids":[51667],"name":"Maurice Kent","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50623},{"content_ids":[51511,51517],"conference_id":96,"event_ids":[51667,51673],"name":"Monica M. Ruiz","affiliations":[{"organization":"Microsoft","title":"Senior Government Affairs Manager, Digital Diplomacy"}],"links":[],"pronouns":null,"media":[],"id":50627,"title":"Senior Government Affairs Manager, Digital Diplomacy at Microsoft"},{"content_ids":[51504,51511],"conference_id":96,"event_ids":[51660,51667],"name":"Sarah Powazek","affiliations":[{"organization":"UC Berkeley Center for Long-Term Cybersecurity (CLTC)","title":"Program Director of Public Interest Cybersecurity"}],"links":[],"pronouns":null,"media":[],"id":50635,"title":"Program Director of Public Interest Cybersecurity at UC Berkeley Center for Long-Term Cybersecurity (CLTC)"}],"timeband_id":991,"links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"end":"2023-08-12T18:50:00.000-0000","id":51667,"tag_ids":[40310,45646,45743,45771,45836],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":50570},{"tag_id":45632,"sort_order":1,"person_id":50597},{"tag_id":45632,"sort_order":1,"person_id":50622},{"tag_id":45632,"sort_order":1,"person_id":50623},{"tag_id":45632,"sort_order":1,"person_id":50627},{"tag_id":45632,"sort_order":1,"person_id":50635}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 221-222 - Policy Atrium","hotel":"","short_name":"Summit - 221-222 - Policy Atrium","id":45878},"spans_timebands":"N","updated":"2023-07-27T04:10:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"I am the captain now: Taking remote control of ships engines, helm, azipods, ballasting and plenty more.","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691861400,"nanoseconds":0},"updated_timestamp":{"seconds":1690422840,"nanoseconds":0},"speakers":[{"content_ids":[51483,52155],"conference_id":96,"event_ids":[51639,52385],"name":"Ken Munro","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50556}],"timeband_id":991,"links":[],"end":"2023-08-12T17:30:00.000-0000","id":51639,"village_id":null,"tag_ids":[40306,45645,45646,45743],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50556}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 313-319 - ICS Village","hotel":"","short_name":"Alliance - 313-319 - ICS Village","id":45869},"begin":"2023-08-12T17:00:00.000-0000","updated":"2023-07-27T01:54:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Vehicle Diagnostic Adapters (VDA) do a lot! They plug into automobiles, update ECU firmware,\r\nand pull diagnostic information. Despite their usefulness and high level of access, they get left\r\nbehind: in maintenance garages with insecure update mechanisms, in threat models and our\r\nhearts. In this presentation we will go through some of our own offensive research into VDAs,\r\nand our efforts in decreasing their attack surfaces. We'll also share how we turned this research\r\ninto four problems from the Defcon 30 CHV CTF.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"VDA Shenanigans: Attacking & Defending the Truck Part that Gets Left Behind","android_description":"Vehicle Diagnostic Adapters (VDA) do a lot! They plug into automobiles, update ECU firmware,\r\nand pull diagnostic information. Despite their usefulness and high level of access, they get left\r\nbehind: in maintenance garages with insecure update mechanisms, in threat models and our\r\nhearts. In this presentation we will go through some of our own offensive research into VDAs,\r\nand our efforts in decreasing their attack surfaces. We'll also share how we turned this research\r\ninto four problems from the Defcon 30 CHV CTF.","end_timestamp":{"seconds":1691861100,"nanoseconds":0},"updated_timestamp":{"seconds":1691190480,"nanoseconds":0},"speakers":[{"content_ids":[51466],"conference_id":96,"event_ids":[51622],"name":"Alex Reuter","affiliations":[{"organization":"Red Balloon Security","title":""}],"links":[],"pronouns":null,"media":[],"id":50515,"title":"Red Balloon Security"},{"content_ids":[51466],"conference_id":96,"event_ids":[51622],"name":"Wyatt Ford","affiliations":[{"organization":"Red Balloon Security","title":""}],"links":[],"pronouns":null,"media":[],"id":50539,"title":"Red Balloon Security"}],"timeband_id":991,"links":[],"end":"2023-08-12T17:25:00.000-0000","id":51622,"village_id":null,"tag_ids":[40283,45645,45646,45743],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50515},{"tag_id":45590,"sort_order":1,"person_id":50539}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 232-233 - Shared Stage","hotel":"","short_name":"Summit - 232-233 - Shared Stage","id":45900},"spans_timebands":"N","updated":"2023-08-04T23:08:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"What’s it all about?\r\nThe Book Exchange at DEF CON, will allow for members of the community to drop off a used book that has been kindly read and may be enjoyable by someone else and in return they will be able to select a “new gently used” book from the exchange table. \r\n\r\nWhy?\r\nReading is fundamental. Many of us in the Defcon community have learned and been inspired by books and remain avid readers. The Defcon book exchange will allow community members to drop off a book that they found inspiring and is sitting on their shelf collecting dust and in return they will be able to get a new book which hopefully will continue to expand their knowledge over the next year. This effort will keep used books in circulation.\r\n\r\nWhen and Where:\r\nThe exchange will be held from 10:00 to 16:00, Day(s) to be announced. \r\n\r\nLeft over books will be transported and donated to a used book store in Las Vegas, but the goal will be to have a zero net sum gain.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#697bd0","updated_at":"2024-06-07T03:38+0000","name":"Event","id":45638},"title":"Book Exchange","end_timestamp":{"seconds":1691881200,"nanoseconds":0},"android_description":"What’s it all about?\r\nThe Book Exchange at DEF CON, will allow for members of the community to drop off a used book that has been kindly read and may be enjoyable by someone else and in return they will be able to select a “new gently used” book from the exchange table. \r\n\r\nWhy?\r\nReading is fundamental. Many of us in the Defcon community have learned and been inspired by books and remain avid readers. The Defcon book exchange will allow community members to drop off a book that they found inspiring and is sitting on their shelf collecting dust and in return they will be able to get a new book which hopefully will continue to expand their knowledge over the next year. This effort will keep used books in circulation.\r\n\r\nWhen and Where:\r\nThe exchange will be held from 10:00 to 16:00, Day(s) to be announced. \r\n\r\nLeft over books will be transported and donated to a used book store in Las Vegas, but the goal will be to have a zero net sum gain.","updated_timestamp":{"seconds":1690051740,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/244834"}],"end":"2023-08-12T23:00:00.000-0000","id":51601,"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[45638,45646],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","updated":"2023-07-22T18:49:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"CMD+CTRL Cyber Range is an interactive learning and hacking platform where development, security, IT, and other roles come together to build an appreciation for protecting the enterprise. Players learn security techniques in a real-world environment where they compete to find vulnerabilities. Real-time scoring keeps participants engaged and creates friendly competition. Our Cloud and App Cyber Ranges incorporate authentic, fully functioning applications and vulnerabilities often found in commercial web platforms.\r\n\r\nLearn to see web applications and services from an attacker's perspective. CMD+CTRL is a hacking game designed to teach the fundamentals of web application security. Explore vulnerable web applications, discover security flaws, and exploit those flaws to earn points and climb up the scoreboard. After attacking an application for yourself, you'll have a better understanding of the vulnerabilities that put real applications at risk - and you'll be better prepared to find and fix those vulnerabilities in your own code.\r\n\r\nAt DEF CON 31: We will be debuting our latest Cyber Range, which focuses on exploiting a modern health record management system, dubbed ShadowHealth. Inspired by the latest trends and real world exploits, try your hands exploiting: SSRF, Log4Shell, reverse engineering, local privilege escalation, password cracking, XXS, and so much more! With over 35 challenges do you think you can complete them all?\r\n\r\n-----\r\n\r\nCMD+CTRL will have two different games happening: free play, and the competition. Both require a code to join, and the best way to get a code is to go to the CMD+CTRL booth in the contest area. Codes to join free play may be given in Discord, on Thursday. Questions and such will also only be answered at the booth; Discord will not be staffed this year, aside from free play codes on Thursday. Once you have a code, you can play online, from anywhere -- you do not have to be in the contest area.\n\n\n","title":"CMD+CTRL at DEF CON 31 - Booth Open","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"android_description":"CMD+CTRL Cyber Range is an interactive learning and hacking platform where development, security, IT, and other roles come together to build an appreciation for protecting the enterprise. Players learn security techniques in a real-world environment where they compete to find vulnerabilities. Real-time scoring keeps participants engaged and creates friendly competition. Our Cloud and App Cyber Ranges incorporate authentic, fully functioning applications and vulnerabilities often found in commercial web platforms.\r\n\r\nLearn to see web applications and services from an attacker's perspective. CMD+CTRL is a hacking game designed to teach the fundamentals of web application security. Explore vulnerable web applications, discover security flaws, and exploit those flaws to earn points and climb up the scoreboard. After attacking an application for yourself, you'll have a better understanding of the vulnerabilities that put real applications at risk - and you'll be better prepared to find and fix those vulnerabilities in your own code.\r\n\r\nAt DEF CON 31: We will be debuting our latest Cyber Range, which focuses on exploiting a modern health record management system, dubbed ShadowHealth. Inspired by the latest trends and real world exploits, try your hands exploiting: SSRF, Log4Shell, reverse engineering, local privilege escalation, password cracking, XXS, and so much more! With over 35 challenges do you think you can complete them all?\r\n\r\n-----\r\n\r\nCMD+CTRL will have two different games happening: free play, and the competition. Both require a code to join, and the best way to get a code is to go to the CMD+CTRL booth in the contest area. Codes to join free play may be given in Discord, on Thursday. Questions and such will also only be answered at the booth; Discord will not be staffed this year, aside from free play codes on Thursday. Once you have a code, you can play online, from anywhere -- you do not have to be in the contest area.","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1690308120,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-13T01:00:00.000-0000","links":[{"label":"Twitter (@cmdnctrl_defcon)","type":"link","url":"https://twitter.com/cmdnctrl_defcon"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245229"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711643642388807800"}],"id":51599,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"village_id":null,"tag_ids":[45635,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"begin":"2023-08-12T17:00:00.000-0000","updated":"2023-07-25T18:02:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"A place to remember hackers that are no longer with us. Come to share stories and celebrate their life.\r\n\r\nPlease send photos of our fallen hacker comrades to [defconmemorial@protonmail.com](mailto:defconmemorial@protonmail.com), to be printed and displayed on the memorial wall here at DEF CON.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d1c366","updated_at":"2024-06-07T03:38+0000","name":"Meetup","id":45639},"title":"SUNDAY CANCELED: Hacker Memorial","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"A place to remember hackers that are no longer with us. Come to share stories and celebrate their life.\r\n\r\nPlease send photos of our fallen hacker comrades to [defconmemorial@protonmail.com](mailto:defconmemorial@protonmail.com), to be printed and displayed on the memorial wall here at DEF CON.","updated_timestamp":{"seconds":1691955900,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":51579,"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[45639,45648,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Copper - Memorial Room","hotel":"","short_name":"Copper - Memorial Room","id":45688},"spans_timebands":"N","updated":"2023-08-13T19:45:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"SUNDAY CANCELED: DCG Meetups","type":{"conference_id":96,"conference":"DEFCON31","color":"#d1c366","updated_at":"2024-06-07T03:38+0000","name":"Meetup","id":45639},"end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691955960,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":51569,"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[45639,45648,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Silver - DEF CON Groups","hotel":"","short_name":"Silver - DEF CON Groups","id":45733},"spans_timebands":"N","updated":"2023-08-13T19:46:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Through interfacing with reality you are defining that reality. Rethink your senses and test your limits. Solve the five layers and discover a hidden treasure. Each layer yields its own reward, but few will make it to the end of the hunt. For each of your senses, you will need to set aside preconceptions and look to the underlying patterns within the data.\n\n\n","title":"venator aurum - A Treasure Hunt","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"Through interfacing with reality you are defining that reality. Rethink your senses and test your limits. Solve the five layers and discover a hidden treasure. Each layer yields its own reward, but few will make it to the end of the hunt. For each of your senses, you will need to set aside preconceptions and look to the underlying patterns within the data.","updated_timestamp":{"seconds":1690068240,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Website","type":"link","url":"https://venatoraurum.org"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245428"}],"end":"2023-08-13T01:00:00.000-0000","id":51531,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[45635,45646,45743],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","begin":"2023-08-12T17:00:00.000-0000","updated":"2023-07-22T23:24:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Want to block those pesky 5G microchips coursing through your vaccinated body? Did you anger our new AI overlords, and need to hide? Or do those alien mind control rays just have you down lately? Fear not, for we here at the Tin Foil Hat contest have your back for all of these! Come find us in the contest area, and we'll have you build a tin foil hat which is guaranteed to provide top quality protection for your noggin. How you ask? SCIENCE!\r\n\r\nShow us your skills by building a tin foil hat to shield your subversive thoughts, then test it out for effectiveness.\r\n\r\nThere are 2 categories: stock and unlimited. The hat in each category that causes the most signal attenuation will receive the \"Substance\" award for that category. We all know that hacker culture is all about looking good, though, so a single winner will be selected from each category for \"Style\".\n\n\n","title":"Tinfoil Hat Contest","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"android_description":"Want to block those pesky 5G microchips coursing through your vaccinated body? Did you anger our new AI overlords, and need to hide? Or do those alien mind control rays just have you down lately? Fear not, for we here at the Tin Foil Hat contest have your back for all of these! Come find us in the contest area, and we'll have you build a tin foil hat which is guaranteed to provide top quality protection for your noggin. How you ask? SCIENCE!\r\n\r\nShow us your skills by building a tin foil hat to shield your subversive thoughts, then test it out for effectiveness.\r\n\r\nThere are 2 categories: stock and unlimited. The hat in each category that causes the most signal attenuation will receive the \"Substance\" award for that category. We all know that hacker culture is all about looking good, though, so a single winner will be selected from each category for \"Style\".","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1690067100,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-13T01:00:00.000-0000","links":[{"label":"Twitter (@DC_Tin_Foil_Hat)","type":"link","url":"https://twitter.com/@DC_Tin_Foil_Hat"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245419"}],"id":51528,"village_id":null,"tag_ids":[45635,45646,45743,45763],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-07-22T23:05:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Are you looking for a good time? Are you trying to get lucky? Did you already get lucky by finding a Lonely Hard Drive in Vegas? Satisfy your curiosity by visiting the contest hall to get started or encounter one of the Lonely Hard Drives hidden around the conference! Contained within is a maze of puzzles and challenges that increase in difficulty the further you progress. There are flags to find and points to earn towards the leaderboard to win prizes at DEF CON 31! Act now! Limited time offer! The Lonely Hard Drive is waiting for you!\n\n\n","title":"The Lonely Hard Drive","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"end_timestamp":{"seconds":1691895600,"nanoseconds":0},"android_description":"Are you looking for a good time? Are you trying to get lucky? Did you already get lucky by finding a Lonely Hard Drive in Vegas? Satisfy your curiosity by visiting the contest hall to get started or encounter one of the Lonely Hard Drives hidden around the conference! Contained within is a maze of puzzles and challenges that increase in difficulty the further you progress. There are flags to find and points to earn towards the leaderboard to win prizes at DEF CON 31! Act now! Limited time offer! The Lonely Hard Drive is waiting for you!","updated_timestamp":{"seconds":1690066920,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245413"},{"label":"Twitter (@LonelyHardDrive)","type":"link","url":"https://twitter.com/@LonelyHardDrive"}],"end":"2023-08-13T03:00:00.000-0000","id":51525,"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[45635,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"begin":"2023-08-12T17:00:00.000-0000","updated":"2023-07-22T23:02:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Love puzzles? Need a place to exercise your classical and modern cryptography skills? This puzzle will keep you intrigued and busy throughout Defcon - and questioning how deep the layers of cryptography go.\r\n\r\nThe Gold Bug an annual Defcon puzzle hunt, focused on cryptography. You can learn about Caesar ciphers, brush up your understanding of how Enigma machines or key exchanges work, and try to crack harder modern crypto. Accessible to all - and drop by for some kids’ puzzles too!\r\n\r\n:‡?( 8*;(: .‡6*; 6) 5; 3‡0†2?3 †‡; -(:.;‡¶600538 †‡; ‡(3\r\n\r\nThe CPV and Goldbug contest are always kid friendly. We will have \"junior cryptographer\" puzzle sheet hand outs for kids and those new to the field.\n\n\n","title":"The Gold Bug Challenge","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"Love puzzles? Need a place to exercise your classical and modern cryptography skills? This puzzle will keep you intrigued and busy throughout Defcon - and questioning how deep the layers of cryptography go.\r\n\r\nThe Gold Bug an annual Defcon puzzle hunt, focused on cryptography. You can learn about Caesar ciphers, brush up your understanding of how Enigma machines or key exchanges work, and try to crack harder modern crypto. Accessible to all - and drop by for some kids’ puzzles too!\r\n\r\n:‡?( 8*;(: .‡6*; 6) 5; 3‡0†2?3 †‡; -(:.;‡¶600538 †‡; ‡(3\r\n\r\nThe CPV and Goldbug contest are always kid friendly. We will have \"junior cryptographer\" puzzle sheet hand outs for kids and those new to the field.","updated_timestamp":{"seconds":1691289900,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245407"},{"label":"Website","type":"link","url":"https://goldbug.cryptovillage.org/"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711644108837486602"},{"label":"Twitter (@CryptoVillage)","type":"link","url":"https://twitter.com/@CryptoVillage"}],"end":"2023-08-13T01:00:00.000-0000","id":51522,"tag_ids":[45635,45646,45765,45766],"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"begin":"2023-08-12T17:00:00.000-0000","updated":"2023-08-06T02:45:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Dark Tangent Look A-like Contest is a creative opportunity for DEF CON attendees to put their non-technical hacking skills to the test. As a contestant in The Dark Tangent Look A-like Contest, you will be judged based on your appearance, mannerisms, efforts, and overall persuasiveness. Can you assume another identity? Can you look, walk, talk, and act like Dark Tangent? Can you become THE DARK TANGENT?\n\n\n","title":"The Dark Tangent Look-Alike Contest","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"android_description":"The Dark Tangent Look A-like Contest is a creative opportunity for DEF CON attendees to put their non-technical hacking skills to the test. As a contestant in The Dark Tangent Look A-like Contest, you will be judged based on your appearance, mannerisms, efforts, and overall persuasiveness. Can you assume another identity? Can you look, walk, talk, and act like Dark Tangent? Can you become THE DARK TANGENT?","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1690066680,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245402"}],"end":"2023-08-13T01:00:00.000-0000","id":51519,"tag_ids":[45635,45646,45743,45763],"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","updated":"2023-07-22T22:58:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The TeleChallenge is a fast-paced, fully immersive, and epic battle of wits and skill. The highest level of commitment is required, and this is one of the hardest contests in the world to win, but you don't need any special technical skills to play: just a touch-tone phone. And remember: the best way to ascend into the Phoniverse is to get others involved in the TeleChallenge opportunity, so bring a team!\r\n\r\n--\r\n\r\nRated PG-13. It's a level of challenge that is probably most suited to high school students and up, but anyone can play and we try to make it fun even if you're not competitive to win. :)\n\n\n","title":"TeleChallenge","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"The TeleChallenge is a fast-paced, fully immersive, and epic battle of wits and skill. The highest level of commitment is required, and this is one of the hardest contests in the world to win, but you don't need any special technical skills to play: just a touch-tone phone. And remember: the best way to ascend into the Phoniverse is to get others involved in the TeleChallenge opportunity, so bring a team!\r\n\r\n--\r\n\r\nRated PG-13. It's a level of challenge that is probably most suited to high school students and up, but anyone can play and we try to make it fun even if you're not competitive to win. :)","updated_timestamp":{"seconds":1691289900,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-13T01:00:00.000-0000","links":[{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711644470063399012"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245391"},{"label":"Twitter (@telechallenge)","type":"link","url":"https://twitter.com/@telechallenge"},{"label":"Website","type":"link","url":"https://www.telechallenge.org"},{"label":"Mastodon (@telechallenge@defcon.social)","type":"link","url":"https://defcon.social/@telechallenge"}],"id":51515,"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[45635,45646,45763,45766],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-08-06T02:45:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Red Team Capture the Flag (CTF) competition at DEFCON is a challenging and exciting event that tests the skills of participants in offensive security. The objective of the Red Team CTF is for teams to successfully breach the security of a simulated target network.\r\n \r\n The Red Team CTF is designed to simulate real-world scenarios in which attackers attempt to penetrate the security of a network or system. Participants are expected to use a wide range of hacking techniques, tools, and skills to identify and exploit vulnerabilities in the target network.\r\n \r\n Teams are typically composed of experienced hackers, penetration testers, and security researchers who have a deep understanding of the latest cybersecurity threats and attack techniques. They must work together to uncover and exploit vulnerabilities in the target network, while also evading detection and countermeasures put in place by the Blue Team.\r\n \r\n The Red Team CTF at DEFCON is considered one of the most challenging and prestigious CTF competitions in the world, with participants coming from all over the globe to compete. It is a high-pressure, high-stakes event that tests the limits of participants' technical and strategic abilities, and offers a unique opportunity to showcase their skills and knowledge in front of a global audience of Hackers.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"Red Team CTF","android_description":"The Red Team Capture the Flag (CTF) competition at DEFCON is a challenging and exciting event that tests the skills of participants in offensive security. The objective of the Red Team CTF is for teams to successfully breach the security of a simulated target network.\r\n \r\n The Red Team CTF is designed to simulate real-world scenarios in which attackers attempt to penetrate the security of a network or system. Participants are expected to use a wide range of hacking techniques, tools, and skills to identify and exploit vulnerabilities in the target network.\r\n \r\n Teams are typically composed of experienced hackers, penetration testers, and security researchers who have a deep understanding of the latest cybersecurity threats and attack techniques. They must work together to uncover and exploit vulnerabilities in the target network, while also evading detection and countermeasures put in place by the Blue Team.\r\n \r\n The Red Team CTF at DEFCON is considered one of the most challenging and prestigious CTF competitions in the world, with participants coming from all over the globe to compete. It is a high-pressure, high-stakes event that tests the limits of participants' technical and strategic abilities, and offers a unique opportunity to showcase their skills and knowledge in front of a global audience of Hackers.","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1690065960,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-13T01:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245378"},{"label":"Website","type":"link","url":"https://threatsims.com/redteam-2023.html"}],"id":51509,"tag_ids":[45635,45646,45766],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-07-22T22:46:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Red Alert ICS CTF is a competition for Hackers by Hackers. The event exclusively focuses on having the participants break through several layers of security in our virtual SCADA environment and eventually take over complete control of the SCADA system.\r\n \r\n The contest would house actual ICS (Industrial Control System) devices from various vendors on a testbed showcasing different sectors of critical infrastructure. The participants would be able to view and engage with the devices in real time and understand how each of them control each of the aspects of the testbed and leverage this to compromise the devices.\r\n \r\n Red Alert ICS CTF is back with a ton of fun challenges after successfully running the CTF at DEF CON 30, DEF CON 29, DEF CON 27 and DEF CON 26 (Black Badge).\r\n \r\n Highlights of the previous Red Alert ICS CTF is available at: https://www.youtube.com/watch?v=dz7hNnavHaY and https://youtu.be/AanKdrrQ0u0\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"Red Alert ICS CTF","end_timestamp":{"seconds":1691884800,"nanoseconds":0},"android_description":"Red Alert ICS CTF is a competition for Hackers by Hackers. The event exclusively focuses on having the participants break through several layers of security in our virtual SCADA environment and eventually take over complete control of the SCADA system.\r\n \r\n The contest would house actual ICS (Industrial Control System) devices from various vendors on a testbed showcasing different sectors of critical infrastructure. The participants would be able to view and engage with the devices in real time and understand how each of them control each of the aspects of the testbed and leverage this to compromise the devices.\r\n \r\n Red Alert ICS CTF is back with a ton of fun challenges after successfully running the CTF at DEF CON 30, DEF CON 29, DEF CON 27 and DEF CON 26 (Black Badge).\r\n \r\n Highlights of the previous Red Alert ICS CTF is available at: https://www.youtube.com/watch?v=dz7hNnavHaY and https://youtu.be/AanKdrrQ0u0","updated_timestamp":{"seconds":1690065600,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Twitter (@icsctf)","type":"link","url":"https://twitter.com/icsctf"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245372"}],"end":"2023-08-13T00:00:00.000-0000","id":51506,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"village_id":null,"tag_ids":[45635,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","begin":"2023-08-12T17:00:00.000-0000","updated":"2023-07-22T22:40:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Do you have what it takes to hack WiFi, Bluetooth, and Software Defined Radio (SDR)?\r\n\r\nRF Hackers Sanctuary (the group formerly known as Wireless Village) is once again holding the Radio Frequency Capture the Flag (RFCTF) at DEF CON 31. RFHS runs this game to teach security concepts and to give people a safe and legal way to practice attacks against new and old wireless technologies.\r\n\r\nWe cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The RFCTF can be played with a little knowledge, a pen tester’s determination, and $0 to $$$$$ worth of special equipment. Our new virtual RFCTF can be played completely remotely without needing any specialized equipment at all, just using your web browser! The key is to read the clues, determine the goal of each challenge, and have fun learning.\r\n\r\nThere will be clues everywhere, and we will provide periodic updates via discord and twitter. Make sure you pay attention to what’s happening at the RFCTF desk, #rfctf on our discord, on Twitter @rf_ctf, @rfhackers, and the interwebz, etc. If you have a question - ASK! We may or may not answer, at our discretion.\r\n\r\nFOR THE NEW FOLKS\r\n\r\nOur virtual RFCTF environment is played remotely over ssh or through a web browser. It may help to have additional tools installed on your local machine, but it is not required.\r\n\r\nRead the presentations at: https://rfhackers.com/resources\r\n\r\nHybrid Fun\r\n\r\nFor DEF CON 31 we will be running in “Hybrid” mode. That means we will have both a physical presence AND the virtual game running simultaneously. All of the challenges we have perfected in the last 2 years in our virtual game will be up and running, available to anyone all over the world (including at the conference), entirely free. In addition to the virtual challenges, we will also have a large number of “in person” only challenges, which do require valid conference admission. These “in-person” only challenges will include our traditional fox hunts, hide and seeks, and king of the hill challenges. Additionally, we will have many challenges which we simply haven’t had time or ability to virtualize. Playing only the virtual game will severely limit the maximum available points which you can score, therefore don’t expect to place. If you play virtual only, consider the game an opportunity to learn, practice, hone your skills, and still get on the scoreboard for bragging rights. The virtual challenges which are available will have the same flags as the in-person challenges, allowing physical attendees the choice of hacking those challenges using either (or both) methods of access.\r\n\r\nTHE GAME\r\n\r\nTo score you will need to submit flags which will range from decoding transmissions in the spectrum, passphrases used to gain access to wireless access points, or even files located on servers. Once you capture the flag, submit it to the scoreboard right away, if you are confident it is correct. Flags will be worth less points the more often they are solved. Offense and defense are fully in play by the participants, the RFCTF organizers, and the Conference itself. Play nice, and we might also play nice.\r\n\r\nGetting started guide: https://github.com/rfhs/rfhs-wiki/wiki\r\n\r\nHelpful files (in-brief, wordlist, resources) can be found at https://github.com/rfhs/rfctf-files\r\n\r\nSupport tickets may be opened at https://github.com/rfhs/rfctf-support/issues\r\n\r\nOur whole game is also open source and available at: https://github.com/rfhs/rfctf-container\n\n\n","title":"Radio Frequency Capture the Flag","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"Do you have what it takes to hack WiFi, Bluetooth, and Software Defined Radio (SDR)?\r\n\r\nRF Hackers Sanctuary (the group formerly known as Wireless Village) is once again holding the Radio Frequency Capture the Flag (RFCTF) at DEF CON 31. RFHS runs this game to teach security concepts and to give people a safe and legal way to practice attacks against new and old wireless technologies.\r\n\r\nWe cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The RFCTF can be played with a little knowledge, a pen tester’s determination, and $0 to $$$$$ worth of special equipment. Our new virtual RFCTF can be played completely remotely without needing any specialized equipment at all, just using your web browser! The key is to read the clues, determine the goal of each challenge, and have fun learning.\r\n\r\nThere will be clues everywhere, and we will provide periodic updates via discord and twitter. Make sure you pay attention to what’s happening at the RFCTF desk, #rfctf on our discord, on Twitter @rf_ctf, @rfhackers, and the interwebz, etc. If you have a question - ASK! We may or may not answer, at our discretion.\r\n\r\nFOR THE NEW FOLKS\r\n\r\nOur virtual RFCTF environment is played remotely over ssh or through a web browser. It may help to have additional tools installed on your local machine, but it is not required.\r\n\r\nRead the presentations at: https://rfhackers.com/resources\r\n\r\nHybrid Fun\r\n\r\nFor DEF CON 31 we will be running in “Hybrid” mode. That means we will have both a physical presence AND the virtual game running simultaneously. All of the challenges we have perfected in the last 2 years in our virtual game will be up and running, available to anyone all over the world (including at the conference), entirely free. In addition to the virtual challenges, we will also have a large number of “in person” only challenges, which do require valid conference admission. These “in-person” only challenges will include our traditional fox hunts, hide and seeks, and king of the hill challenges. Additionally, we will have many challenges which we simply haven’t had time or ability to virtualize. Playing only the virtual game will severely limit the maximum available points which you can score, therefore don’t expect to place. If you play virtual only, consider the game an opportunity to learn, practice, hone your skills, and still get on the scoreboard for bragging rights. The virtual challenges which are available will have the same flags as the in-person challenges, allowing physical attendees the choice of hacking those challenges using either (or both) methods of access.\r\n\r\nTHE GAME\r\n\r\nTo score you will need to submit flags which will range from decoding transmissions in the spectrum, passphrases used to gain access to wireless access points, or even files located on servers. Once you capture the flag, submit it to the scoreboard right away, if you are confident it is correct. Flags will be worth less points the more often they are solved. Offense and defense are fully in play by the participants, the RFCTF organizers, and the Conference itself. Play nice, and we might also play nice.\r\n\r\nGetting started guide: https://github.com/rfhs/rfhs-wiki/wiki\r\n\r\nHelpful files (in-brief, wordlist, resources) can be found at https://github.com/rfhs/rfctf-files\r\n\r\nSupport tickets may be opened at https://github.com/rfhs/rfctf-support/issues\r\n\r\nOur whole game is also open source and available at: https://github.com/rfhs/rfctf-container","updated_timestamp":{"seconds":1690939380,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Website","type":"link","url":"http://rfhackers.com"},{"label":"Twitter (@rf_ctf)","type":"link","url":"https://twitter.com/@rf_ctf"},{"label":"Support","type":"link","url":"https://github.com/rfhs/rfctf-support/issues"},{"label":"Discord","type":"link","url":"https://discordapp.com/invite/JjPQhKy"},{"label":"Twitter (@rfhackers)","type":"link","url":"https://twitter.com/@rfhackers"},{"label":"Github","type":"link","url":"https://github.com/rfhs"}],"end":"2023-08-13T01:00:00.000-0000","id":51503,"village_id":58,"tag_ids":[40292,45635,45647,45766],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Eldorado - Radio Frequency Village","hotel":"","short_name":"Eldorado - Radio Frequency Village","id":45714},"spans_timebands":"N","begin":"2023-08-12T17:00:00.000-0000","updated":"2023-08-02T01:23:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Octopus Game is back for a second year! This contest is a battle royale style competition where fun and friendship is the goal. This year players will meet together in various locations at the same time for group competition through through fun games. 128 players will enter, but only 1 will be crowned the Octopus CHAMPION. Join us, make some new friends and remember: only the best will prevail!\n\n\n","title":"Octopus Game","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"android_description":"Octopus Game is back for a second year! This contest is a battle royale style competition where fun and friendship is the goal. This year players will meet together in various locations at the same time for group competition through through fun games. 128 players will enter, but only 1 will be crowned the Octopus CHAMPION. Join us, make some new friends and remember: only the best will prevail!","end_timestamp":{"seconds":1691874000,"nanoseconds":0},"updated_timestamp":{"seconds":1690062240,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245213"},{"label":"Mastodon (@OctopusGame@defcon.social)","type":"link","url":"https://defcon.social/@OctopusGame"},{"label":"Twitter (@OctopusGameDC)","type":"link","url":"https://twitter.com/OctopusGameDC"},{"label":"Website","type":"link","url":"https://www.mirolabs.info/octopusgamedc31"}],"end":"2023-08-12T21:00:00.000-0000","id":51498,"tag_ids":[45635,45646,45743,45763],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","updated":"2023-07-22T21:44:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Maps of the Digital Lands is an all-ages contest that challenges participants to merge their artistic talents with their technical expertise. Contestants will be provided with a diverse array of written business designs and must hand-draw a network diagram illustrating the structure and interconnectivity of each business's infrastructure. Judging will be based on accuracy, adherence to best practices, and artistic prowess. In addition, a captivating Capture the Flag scenario will be available for extra points, employing a digital tool to elevate the challenge. Participants of all skill levels are encouraged to join this immersive experience, compete for assorted prizes, and showcase their unique ability to blend artistry with network engineering excellence. Network engineering is a crucial yet frequently overlooked aspect of hacking, forming the backbone of a secure and efficient cyber ecosystem. By honing their network engineering skills, participants can elevate their abilities beyond mere script kiddie status, gaining a comprehensive understanding of system vulnerabilities and strengthening their overall hacking prowess.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"Maps of the digital lands","android_description":"Maps of the Digital Lands is an all-ages contest that challenges participants to merge their artistic talents with their technical expertise. Contestants will be provided with a diverse array of written business designs and must hand-draw a network diagram illustrating the structure and interconnectivity of each business's infrastructure. Judging will be based on accuracy, adherence to best practices, and artistic prowess. In addition, a captivating Capture the Flag scenario will be available for extra points, employing a digital tool to elevate the challenge. Participants of all skill levels are encouraged to join this immersive experience, compete for assorted prizes, and showcase their unique ability to blend artistry with network engineering excellence. Network engineering is a crucial yet frequently overlooked aspect of hacking, forming the backbone of a secure and efficient cyber ecosystem. By honing their network engineering skills, participants can elevate their abilities beyond mere script kiddie status, gaining a comprehensive understanding of system vulnerabilities and strengthening their overall hacking prowess.","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1690062060,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-13T01:00:00.000-0000","links":[{"label":"Booking CTF Slots","type":"link","url":"https://alienvualt.com/ctf"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245357"},{"label":"AlienVault","type":"link","url":"https://alienvualt.com"}],"id":51495,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[45635,45646,45743],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","begin":"2023-08-12T17:00:00.000-0000","updated":"2023-07-22T21:41:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Your friend called. They had their place raided. They swear it's a setup. But now they're in jail and you're the only hope they have. Can you collect the evidence that will let them walk free? Where should you look? The evidence is everywhere, and it could be anywhere. You might be sitting on it. You might be standing near it. It might be stuck to something. It might be lying in plain sight. Find the disks and bring them to us. All they said to you before they hung up was \"It's in that place where I put that thing that time.\" Good luck.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"It's In That Place Where I Put That Thing That Time","android_description":"Your friend called. They had their place raided. They swear it's a setup. But now they're in jail and you're the only hope they have. Can you collect the evidence that will let them walk free? Where should you look? The evidence is everywhere, and it could be anywhere. You might be sitting on it. You might be standing near it. It might be stuck to something. It might be lying in plain sight. Find the disks and bring them to us. All they said to you before they hung up was \"It's in that place where I put that thing that time.\" Good luck.","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1690062000,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-13T01:00:00.000-0000","links":[{"label":"Twitter (@iitpwiptttt)","type":"link","url":"https://twitter.com/@iitpwiptttt"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245355"}],"id":51493,"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[45635,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","updated":"2023-07-22T21:40:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Hosted in IoT Village, teams of 1-6 players compete against one another by exploiting off-the-shelf IoT devices. This has been completely redesigned from previous contests, and features real-world devices that all have real-world vulnerabilities with real-world impacts. \r\n \r\n This CTF is open to anyone! It is approachable for entry level people to experience getting their first root shell on IoT, but to really advance in this CTF teams will need to perform detailed vulnerability research, hardware hacking, firmware analysis, reverse engineering, and limited exploit development. \r\n \r\n CTFs are a great experience to learn more about security and test your skills, and the IoT CTF provides the most realistic hacking experience around! So, join up in a team (or even by yourself) and compete for fun and prizes! Exploit as many as you can during the con and the top three teams will be rewarded.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"IoT Village CTF","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"Hosted in IoT Village, teams of 1-6 players compete against one another by exploiting off-the-shelf IoT devices. This has been completely redesigned from previous contests, and features real-world devices that all have real-world vulnerabilities with real-world impacts. \r\n \r\n This CTF is open to anyone! It is approachable for entry level people to experience getting their first root shell on IoT, but to really advance in this CTF teams will need to perform detailed vulnerability research, hardware hacking, firmware analysis, reverse engineering, and limited exploit development. \r\n \r\n CTFs are a great experience to learn more about security and test your skills, and the IoT CTF provides the most realistic hacking experience around! So, join up in a team (or even by yourself) and compete for fun and prizes! Exploit as many as you can during the con and the top three teams will be rewarded.","updated_timestamp":{"seconds":1690061880,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245348"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711644307597164665"},{"label":"Scoreboard","type":"link","url":"https://scoreboard.iotvillage.org/"}],"end":"2023-08-13T01:00:00.000-0000","id":51490,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[45635,45646,45743],"village_id":66,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"spans_timebands":"N","begin":"2023-08-12T17:00:00.000-0000","updated":"2023-07-22T21:38:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The DEF CON Hardware Hacking Village CTF is back again! Come put your skills to the test against other hackers. The contest is structured so that everyone should be able to gain some flags, and even the experienced will sweet a few drops to get them all.\r\n\r\nHeat up your soldering iron and freshen the batteries in your multimeter! The Hardware Hacking Village (HHV) is hosting their first official DEF CON Capture the Flag (CTF). This is a jeopardy style CTF, designed to challenge participants in various aspects of hardware hacking. Whether you're new to hardware hacking or experienced and just looking for something to do while you wait for your fault injection to trigger, all are welcome and challenges range from beginner to advanced.\n\n\n","title":"Hardware Hacking Village CTF","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"android_description":"The DEF CON Hardware Hacking Village CTF is back again! Come put your skills to the test against other hackers. The contest is structured so that everyone should be able to gain some flags, and even the experienced will sweet a few drops to get them all.\r\n\r\nHeat up your soldering iron and freshen the batteries in your multimeter! The Hardware Hacking Village (HHV) is hosting their first official DEF CON Capture the Flag (CTF). This is a jeopardy style CTF, designed to challenge participants in various aspects of hardware hacking. Whether you're new to hardware hacking or experienced and just looking for something to do while you wait for your fault injection to trigger, all are welcome and challenges range from beginner to advanced.","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1691252160,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-13T01:00:00.000-0000","links":[{"label":"Details","type":"link","url":"https://dchhv.org/challenges/dc31.html"},{"label":"Twitter (@dc_hhv)","type":"link","url":"https://twitter.com/@dc_hhv"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245343"}],"id":51484,"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[40287,45635,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 311-312 - Hardware/Soldering Vlgs","hotel":"","short_name":"Alliance - 311-312 - Hardware/Soldering Vlgs","id":45868},"spans_timebands":"N","updated":"2023-08-05T16:16:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In the world of amateur radio, groups of hams will often put together a transmitter hunt (also called \"fox hunting\") in order to hone their radio direction finding skills to locate one or more hidden radio transmitters broadcasting. The Defcon Fox Hunt will require participants to locate a number of hidden radio transmitters broadcasting at very low power which are hidden throughout the conference. Each transmitter will provide a clue or code which will prove the player found the fox transmitter. A map with rough search areas will be given to participants to guide them on their hunt. Additional hints and tips will be provided throughout Defcon at the contest table to help people who find themselves stuck. A small prize to be determined will be given to each participant who locates all of the foxes each day.\r\n\r\nExpanded this year with increased difficulty each day. Friday: Foxes in a small area, non moving Saturday: Foxes in a larger area, with one moving. Sunday: Foxes are on the move. The hunt is on!\r\n\r\nThere will also be a beginner friendly, no radio required, Infrared LED Fox Hunt running everyday which participants can use their cameras on their phones to find!\r\n\r\n--\r\n\r\nWe have had many kids participate and complete the contest over the years... and they've all had a blast doing so.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"Ham Radio Fox Hunting Contest","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"In the world of amateur radio, groups of hams will often put together a transmitter hunt (also called \"fox hunting\") in order to hone their radio direction finding skills to locate one or more hidden radio transmitters broadcasting. The Defcon Fox Hunt will require participants to locate a number of hidden radio transmitters broadcasting at very low power which are hidden throughout the conference. Each transmitter will provide a clue or code which will prove the player found the fox transmitter. A map with rough search areas will be given to participants to guide them on their hunt. Additional hints and tips will be provided throughout Defcon at the contest table to help people who find themselves stuck. A small prize to be determined will be given to each participant who locates all of the foxes each day.\r\n\r\nExpanded this year with increased difficulty each day. Friday: Foxes in a small area, non moving Saturday: Foxes in a larger area, with one moving. Sunday: Foxes are on the move. The hunt is on!\r\n\r\nThere will also be a beginner friendly, no radio required, Infrared LED Fox Hunt running everyday which participants can use their cameras on their phones to find!\r\n\r\n--\r\n\r\nWe have had many kids participate and complete the contest over the years... and they've all had a blast doing so.","updated_timestamp":{"seconds":1691289840,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-13T01:00:00.000-0000","links":[{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711645275902574633"},{"label":"Twitter (@Evil_mog)","type":"link","url":"https://twitter.com/@Evil_mog"},{"label":"Website","type":"link","url":"https://defcon31foxhunt.com"}],"id":51481,"village_id":null,"tag_ids":[45635,45646,45743,45764],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-08-06T02:44:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Hackfortress is a unique blend of Team Fortress 2 and a computer security contest. Teams are made up of 6 TF2 players and 4 hackers, TF2 players duke it out while hackers are busy with challenges like application security, network security, social engineering, or reverse engineering. As teams start scoring they can redeem points in the hack fortress store for bonuses. Bonuses range from crits for the TF2, lighting the opposing team on fire, or preventing the other teams hackers from accessing the store. HackFortress challenges range from beginner to advanced, from serious to absurd.\r\n\r\n - Thursday: Once our network is setup and ready, runs until the contest area closes.\r\n - Friday: 10:00 - 18:00 (open play)\r\n - 10 AM: Team Fortress 2 free play\r\n - 3 PM Contest begins\r\n - 5 PM Contest registration closes\r\n - Saturday: 10:00 - 18:00 ( Contest, all day )\r\n\r\n-- \r\n\r\nKid friendly, as long as they want to play a 16 year old FPS.\r\n\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"HackFortress","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"Hackfortress is a unique blend of Team Fortress 2 and a computer security contest. Teams are made up of 6 TF2 players and 4 hackers, TF2 players duke it out while hackers are busy with challenges like application security, network security, social engineering, or reverse engineering. As teams start scoring they can redeem points in the hack fortress store for bonuses. Bonuses range from crits for the TF2, lighting the opposing team on fire, or preventing the other teams hackers from accessing the store. HackFortress challenges range from beginner to advanced, from serious to absurd.\r\n\r\n - Thursday: Once our network is setup and ready, runs until the contest area closes.\r\n - Friday: 10:00 - 18:00 (open play)\r\n - 10 AM: Team Fortress 2 free play\r\n - 3 PM Contest begins\r\n - 5 PM Contest registration closes\r\n - Saturday: 10:00 - 18:00 ( Contest, all day )\r\n\r\n-- \r\n\r\nKid friendly, as long as they want to play a 16 year old FPS.","updated_timestamp":{"seconds":1691606460,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-13T01:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245332"},{"label":"Website","type":"link","url":"https://hackfortress.net"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711643831275225125"},{"label":"Twitter (@tf2shmoo)","type":"link","url":"https://twitter.com/@tf2shmoo"}],"id":51479,"village_id":null,"tag_ids":[45635,45646,45743,45763],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-08-09T18:41:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Department of the Air Force, in collaboration with the security research community, is hosting Hack-A-Sat 4 – the world’s first CTF in space. Hack-A-Sat 4 aims to enable security researchers of all levels to focus their skills and creativity on solving cyber security challenges on space systems and incentivize innovation in securing these systems. Hack-A-Sat 4 will be the first CTF hosted on an on-orbit satellite, called Moonlighter. The satellite has been designed and built to advance the security research community’s skills and knowledge of on-orbit space systems. Note: HAS4 is no longer open to new contestants as the qualifying event took place in April. Attendees stopping by the HAS4 contest area will be able to learn about the history of Hack-A-Sat, Moonlighter and this year’s challenges. The area will have live scoreboards, dashboards and visualizations relaying game status, and live commentary will be provided from the adjacent Aerospace Village throughout the weekend. \r\n \r\n HAS4 Qualifications were held April 1-2, 2023. \r\n Results here: https://quals.2023.hackasat.com/scoreboard/complete\n\n\n","title":"Hack-A-Sat 4 (HAS4)","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"android_description":"The Department of the Air Force, in collaboration with the security research community, is hosting Hack-A-Sat 4 – the world’s first CTF in space. Hack-A-Sat 4 aims to enable security researchers of all levels to focus their skills and creativity on solving cyber security challenges on space systems and incentivize innovation in securing these systems. Hack-A-Sat 4 will be the first CTF hosted on an on-orbit satellite, called Moonlighter. The satellite has been designed and built to advance the security research community’s skills and knowledge of on-orbit space systems. Note: HAS4 is no longer open to new contestants as the qualifying event took place in April. Attendees stopping by the HAS4 contest area will be able to learn about the history of Hack-A-Sat, Moonlighter and this year’s challenges. The area will have live scoreboards, dashboards and visualizations relaying game status, and live commentary will be provided from the adjacent Aerospace Village throughout the weekend. \r\n \r\n HAS4 Qualifications were held April 1-2, 2023. \r\n Results here: https://quals.2023.hackasat.com/scoreboard/complete","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1690059180,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-13T01:00:00.000-0000","links":[{"label":"Qualification Results","type":"link","url":"https://quals.2023.hackasat.com/scoreboard/complete"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245316"}],"id":51472,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[45635,45646,45743],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"begin":"2023-08-12T17:00:00.000-0000","updated":"2023-07-22T20:53:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Embedded systems are everywhere in our daily lives, from the smart devices in our homes to the systems that control critical infrastructure. These systems exist at the intersection of hardware and software, built to accomplish a specific task. However, unlike general-purpose computers, embedded systems are typically designed for a particular use case and have limited resources. This makes them both challenging and fascinating to work with, especially from a security perspective.\r\n\r\nThe Embedded CTF contest is an exciting opportunity to explore the intricacies of these systems and test your skills in a competitive environment. Contestants are challenged to find vulnerabilities in the firmware or hardware and exploit them to gain access or control over the device. The contest offers a unique opportunity to explore embedded devices' inner workings and understand their design's security implications.\r\n\r\nNew devices will be dramatically introduced at set intervals throughout the competition, and point values will decrease over time. This keeps contestants guessing and on their toes, forcing them to adapt and use their skills to tackle new challenges. It also offers a chance to learn about different types of devices and how they function, broadening participants' knowledge and experience.\r\n\r\nBy participating in the contest, teams of up to 6 contestants can develop a deep understanding of how these systems operate and how to secure them against potential attacks. Additionally, the contest encourages participants to think outside the box and approach problems creatively, honing their problem-solving skills.\r\n\r\nWith the increasing integration of technology in our daily lives, embedded devices are becoming more ubiquitous. Whether you're a seasoned security professional or just starting in the field, this contest offers a chance to learn, test your skills, and have fun in a dynamic and competitive environment.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"Embedded CTF","android_description":"Embedded systems are everywhere in our daily lives, from the smart devices in our homes to the systems that control critical infrastructure. These systems exist at the intersection of hardware and software, built to accomplish a specific task. However, unlike general-purpose computers, embedded systems are typically designed for a particular use case and have limited resources. This makes them both challenging and fascinating to work with, especially from a security perspective.\r\n\r\nThe Embedded CTF contest is an exciting opportunity to explore the intricacies of these systems and test your skills in a competitive environment. Contestants are challenged to find vulnerabilities in the firmware or hardware and exploit them to gain access or control over the device. The contest offers a unique opportunity to explore embedded devices' inner workings and understand their design's security implications.\r\n\r\nNew devices will be dramatically introduced at set intervals throughout the competition, and point values will decrease over time. This keeps contestants guessing and on their toes, forcing them to adapt and use their skills to tackle new challenges. It also offers a chance to learn about different types of devices and how they function, broadening participants' knowledge and experience.\r\n\r\nBy participating in the contest, teams of up to 6 contestants can develop a deep understanding of how these systems operate and how to secure them against potential attacks. Additionally, the contest encourages participants to think outside the box and approach problems creatively, honing their problem-solving skills.\r\n\r\nWith the increasing integration of technology in our daily lives, embedded devices are becoming more ubiquitous. Whether you're a seasoned security professional or just starting in the field, this contest offers a chance to learn, test your skills, and have fun in a dynamic and competitive environment.","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1690058820,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-13T01:00:00.000-0000","links":[{"label":"Twitter (@EmbeddedVillage)","type":"link","url":"https://twitter.com/@EmbeddedVillage"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245307"}],"id":51468,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"village_id":null,"tag_ids":[45635,45649,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Evolution - Embedded Systems Village","hotel":"","short_name":"Evolution - Embedded Systems Village","id":45735},"spans_timebands":"N","begin":"2023-08-12T17:00:00.000-0000","updated":"2023-07-22T20:47:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"D@D is a table-top/RPG themed puzzling campaign for teams of 1-4 players. As part of the campaign, teams will unravel crypto challenges, solve physical puzzles, and do other side-quests that will have them interacting with different components of the Defcon community (villages, goons, NPCs, local wildlife, trolls, etc.) to earn points and progress through a narrative. The theme changes each year, but typically is based loosely on a popular table-top game that fits the theme for Defcon. Teams learn how to work cooperatively to solve large puzzles, and learn how to solve puzzles that they may have seen in CTFs, escape rooms, or other puzzle venues. The contest is designed to be accessible to all technical levels and all ages.\r\n \r\n Pre-registration will occur online the week before con (announced via Twitter) as well as Friday morning at 10 in person, first come first served until we have enough teams filled. Contest will start at 12:00 on Friday\r\n\r\n--\r\n\r\nKids are welcome. The first year Dungeons @ DEF CON ran, two kids with the help of their fathers won a black badge. \n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"Dungeons@Defcon","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"D@D is a table-top/RPG themed puzzling campaign for teams of 1-4 players. As part of the campaign, teams will unravel crypto challenges, solve physical puzzles, and do other side-quests that will have them interacting with different components of the Defcon community (villages, goons, NPCs, local wildlife, trolls, etc.) to earn points and progress through a narrative. The theme changes each year, but typically is based loosely on a popular table-top game that fits the theme for Defcon. Teams learn how to work cooperatively to solve large puzzles, and learn how to solve puzzles that they may have seen in CTFs, escape rooms, or other puzzle venues. The contest is designed to be accessible to all technical levels and all ages.\r\n \r\n Pre-registration will occur online the week before con (announced via Twitter) as well as Friday morning at 10 in person, first come first served until we have enough teams filled. Contest will start at 12:00 on Friday\r\n\r\n--\r\n\r\nKids are welcome. The first year Dungeons @ DEF CON ran, two kids with the help of their fathers won a black badge.","updated_timestamp":{"seconds":1691289480,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245277"},{"label":"Website","type":"link","url":"https://www.dungeonsatdefcon.com/"}],"end":"2023-08-13T01:00:00.000-0000","id":51466,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[45635,45646,45763,45766],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","updated":"2023-08-06T02:38:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The DEFCON MUD is back, this time you can only access it over dumb terminals or serial terminals hosted by the DEFCON SCAV Hunt. Flags will be hosted inside the mud, good luck, have fun, and oh yes the game has exploits, can you find them all?\r\n\r\n--\r\n\r\nRated PG-13.\r\n\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"DEFCON MUD DUMB TERMINAL EDITION","android_description":"The DEFCON MUD is back, this time you can only access it over dumb terminals or serial terminals hosted by the DEFCON SCAV Hunt. Flags will be hosted inside the mud, good luck, have fun, and oh yes the game has exploits, can you find them all?\r\n\r\n--\r\n\r\nRated PG-13.","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1691289540,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-13T01:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245270"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/728707998796480590"}],"id":51463,"tag_ids":[45635,45646,45743,45764],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"begin":"2023-08-12T17:00:00.000-0000","updated":"2023-08-06T02:39:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Are you tired of being an NPC, mindlessly standing in line at a hacker con? Do you want to be involved and improve the hacker community? The DEF CON Scavenger Hunt is here to encourage you to interact with goons and attendees alike; to be an active participant of DEF CON itself.\r\n \r\n Come visit the DEF CON Scavenger Hunt table in the contest area and get a list, register your team of 1 to 5 players, and gather or accomplish as many items from the list as you can. Items are submitted at the table, better than average submissions shall be awarded bonus points. The team who turns in the most points by Sunday at noon will win the admiration of your like-minded peers.\r\n \r\n The DEF CON Scavenger Hunt is one of the longest running contests at DEF CON, visit https://defconscavhunt.com for a history lesson.\r\n \r\n If you capture pictures or video of items from our list, or have in the past, please send them to us via email scavlist@gmail.com.\r\n\r\n--\r\n\r\nThe scavenger hunt list is open to interpretation and we are not responsible for how list items are interpreted. We have had a number of pre-teens and teenagers play the scavenger hunt over the years, primarily with their parents but occasionally alone. The team that won at DC24 included a teenager with their parents. Parental Guidance Recommended.\r\n\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"DEF CON Scavenger Hunt","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"Are you tired of being an NPC, mindlessly standing in line at a hacker con? Do you want to be involved and improve the hacker community? The DEF CON Scavenger Hunt is here to encourage you to interact with goons and attendees alike; to be an active participant of DEF CON itself.\r\n \r\n Come visit the DEF CON Scavenger Hunt table in the contest area and get a list, register your team of 1 to 5 players, and gather or accomplish as many items from the list as you can. Items are submitted at the table, better than average submissions shall be awarded bonus points. The team who turns in the most points by Sunday at noon will win the admiration of your like-minded peers.\r\n \r\n The DEF CON Scavenger Hunt is one of the longest running contests at DEF CON, visit https://defconscavhunt.com for a history lesson.\r\n \r\n If you capture pictures or video of items from our list, or have in the past, please send them to us via email scavlist@gmail.com.\r\n\r\n--\r\n\r\nThe scavenger hunt list is open to interpretation and we are not responsible for how list items are interpreted. We have had a number of pre-teens and teenagers play the scavenger hunt over the years, primarily with their parents but occasionally alone. The team that won at DC24 included a teenager with their parents. Parental Guidance Recommended.","updated_timestamp":{"seconds":1691289780,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245255"},{"label":"Twitter (@defconscavhunt)","type":"link","url":"https://twitter.com/@defconscavhunt"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711049278163779605"}],"end":"2023-08-13T01:00:00.000-0000","id":51460,"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[45635,45646,45743,45763],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","updated":"2023-08-06T02:43:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The DEF CON Kubernetes Capture the Flag (CTF) contest features a Kubernetes-based CTF challenge, where teams and individuals can build and test their Kubernetes hacking skills. Each team/individual is given access to a single Kubernetes cluster that contains a set of serial challenges, winning flags and points as they progress. Later flags pose more difficulty, but count for more points.\r\n\r\nA scoreboard tracks the teams’ current and final scores. In the event of a tie, the first team to achieve the score wins that tie.​\n\n\n","title":"DC Kubernetes Capture the Flag (CTF)","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"android_description":"The DEF CON Kubernetes Capture the Flag (CTF) contest features a Kubernetes-based CTF challenge, where teams and individuals can build and test their Kubernetes hacking skills. Each team/individual is given access to a single Kubernetes cluster that contains a set of serial challenges, winning flags and points as they progress. Later flags pose more difficulty, but count for more points.\r\n\r\nA scoreboard tracks the teams’ current and final scores. In the event of a tie, the first team to achieve the score wins that tie.​","end_timestamp":{"seconds":1691884800,"nanoseconds":0},"updated_timestamp":{"seconds":1690058340,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Website","type":"link","url":"https://containersecurityctf.com/"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245244"},{"label":"Twitter (@ctfsecurity)","type":"link","url":"https://twitter.com/@ctfsecurity"}],"end":"2023-08-13T00:00:00.000-0000","id":51456,"tag_ids":[45635,45744],"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45749},"begin":"2023-08-12T17:00:00.000-0000","updated":"2023-07-22T20:39:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Darknet-NG is an In-Person Massively Multiplayer Online Role Playing Game (MMO-RPG), where the players take on the Persona of an Agent who is sent on Quests to learn real skills and gain in-game points. If this is your first time at DEF CON, this is a great place to start, because we assume no prior knowledge. Building from basic concepts, we teach agents about a range of topics from Lock-picking, to using and decoding ciphers, to Electronics 101, just to name a few, all while also helping to connect them to the larger DEF CON Community. The \"Learning Quests\" help the agent gather knowledge from all across the other villages at the conference, while the \"Challenge Quests\" help hone their skills! Sunday Morning there is a BOSS FIGHT where the Agents must use their combined skills as a community and take on that year's challenge! There is a whole skill tree of personal knowledge to obtain, community to connect with and memories to make! To get started, check out our site https://darknet-ng.network and join our growing Discord Community!\n\n\n","title":"Darknet-NG","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"end_timestamp":{"seconds":1691883000,"nanoseconds":0},"android_description":"Darknet-NG is an In-Person Massively Multiplayer Online Role Playing Game (MMO-RPG), where the players take on the Persona of an Agent who is sent on Quests to learn real skills and gain in-game points. If this is your first time at DEF CON, this is a great place to start, because we assume no prior knowledge. Building from basic concepts, we teach agents about a range of topics from Lock-picking, to using and decoding ciphers, to Electronics 101, just to name a few, all while also helping to connect them to the larger DEF CON Community. The \"Learning Quests\" help the agent gather knowledge from all across the other villages at the conference, while the \"Challenge Quests\" help hone their skills! Sunday Morning there is a BOSS FIGHT where the Agents must use their combined skills as a community and take on that year's challenge! There is a whole skill tree of personal knowledge to obtain, community to connect with and memories to make! To get started, check out our site https://darknet-ng.network and join our growing Discord Community!","updated_timestamp":{"seconds":1690058160,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Website","type":"link","url":"https://darknet-ng.network"},{"label":"Twitter (@DarknetNg)","type":"link","url":"https://twitter.com/DarknetNg"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245234"},{"label":"Mastodon (@DarknetNG@defcon.social)","type":"link","url":"https://defcon.social/@DarknetNG"}],"end":"2023-08-12T23:30:00.000-0000","id":51453,"tag_ids":[45635,45646,45743,45764],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","updated":"2023-07-22T20:36:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The premiere password cracking contest \"CrackMeIfYouCan\" is back again. Passwords so two-thousand and late. Remember, remember, the cracks of November.\r\n\r\nWe're preparing hashes from easy to hard, so there'll be something for you if you want to compete casually as a Street team, or go all out in Pro.\r\n\r\nWhere we're going, we don't need roads. Purely a penchant for puzzles, perhaps a plethora of processors.\r\n\r\nCheck out past years' contests at https://contest.korelogic.com/ , and the Password Village at https://passwordvillage.org/\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"CrackMeIfYouCan","android_description":"The premiere password cracking contest \"CrackMeIfYouCan\" is back again. Passwords so two-thousand and late. Remember, remember, the cracks of November.\r\n\r\nWe're preparing hashes from easy to hard, so there'll be something for you if you want to compete casually as a Street team, or go all out in Pro.\r\n\r\nWhere we're going, we don't need roads. Purely a penchant for puzzles, perhaps a plethora of processors.\r\n\r\nCheck out past years' contests at https://contest.korelogic.com/ , and the Password Village at https://passwordvillage.org/","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1690057740,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Website","type":"link","url":"https://contest.korelogic.com"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711644827053457478"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245299"},{"label":"Password Village Website","type":"link","url":"https://passwordvillage.org/"}],"end":"2023-08-13T01:00:00.000-0000","id":51450,"village_id":53,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[45635,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","begin":"2023-08-12T17:00:00.000-0000","updated":"2023-07-22T20:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"If you ever wanted to break stuff on the cloud, or if you like rabbit holes that take you places you did not think you would go to, follow complicated story lines to only find you could have reached to the flag without scratching your head so much - then this CTF is for you!\r\n\r\nOur CTF is a three days jeopardy style contest where we have a bunch of challenges hosted across multiple Cloud providers across multiple categories of difficulty.\r\n\r\nYou can register as teams or go solo, use hints or stay away from them, in the end it will be all for glory or nothing. Plus the prizes. Did we not mention the prizes? :D\n\n\n","title":"Cloud Village CTF","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"If you ever wanted to break stuff on the cloud, or if you like rabbit holes that take you places you did not think you would go to, follow complicated story lines to only find you could have reached to the flag without scratching your head so much - then this CTF is for you!\r\n\r\nOur CTF is a three days jeopardy style contest where we have a bunch of challenges hosted across multiple Cloud providers across multiple categories of difficulty.\r\n\r\nYou can register as teams or go solo, use hints or stay away from them, in the end it will be all for glory or nothing. Plus the prizes. Did we not mention the prizes? :D","updated_timestamp":{"seconds":1690057260,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Village Website","type":"link","url":"https://cloud-village.org"},{"label":"Twitter (@cloudvillage_dc)","type":"link","url":"https://twitter.com/@cloudvillage_dc"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245467"}],"end":"2023-08-13T01:00:00.000-0000","id":51445,"tag_ids":[40284,45635,45744],"village_id":43,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45749},"updated":"2023-07-22T20:21:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Car Hacking Village CTF is a fun interactive challenge which gives contestants first hand experience to interact with automotive technologies. We work with multiple automotive OEM's and suppliers to ensure our challenges give a real-world experience to car hacking. We understand hacking cars can be expensive, so please come check out our village and flex your skills in hacking automotive technologies.\r\n\r\nWith the largest collection of hackers in one area, there's no better way to understand the security state of an industry without bringing it to security professionals to break. Over the past 9 years, the Car Hacking Village has been the focal point of interest for new hackers entering the automotive industry to learn, be a part of and actually test out automotive technologies. Our contest at the village, in combination with many automotive OEMs, Suppliers, etc., is used to give people first hand experience on cutting edge and at times expensive technologies. We plan to use this event to keep drawing attention to the automotive security industry through hands-on challenges.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"Car Hacking Village CTF","android_description":"The Car Hacking Village CTF is a fun interactive challenge which gives contestants first hand experience to interact with automotive technologies. We work with multiple automotive OEM's and suppliers to ensure our challenges give a real-world experience to car hacking. We understand hacking cars can be expensive, so please come check out our village and flex your skills in hacking automotive technologies.\r\n\r\nWith the largest collection of hackers in one area, there's no better way to understand the security state of an industry without bringing it to security professionals to break. Over the past 9 years, the Car Hacking Village has been the focal point of interest for new hackers entering the automotive industry to learn, be a part of and actually test out automotive technologies. Our contest at the village, in combination with many automotive OEMs, Suppliers, etc., is used to give people first hand experience on cutting edge and at times expensive technologies. We plan to use this event to keep drawing attention to the automotive security industry through hands-on challenges.","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1690055760,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-13T01:00:00.000-0000","links":[{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711643596658311229"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/244786"},{"label":"Twitter (@CarHackVillage)","type":"link","url":"https://twitter.com/CarHackVillage/"},{"label":"Village Website","type":"link","url":"https://www.carhackingvillage.com"}],"id":51441,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[45635,45646,45743],"village_id":42,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-07-22T19:56:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Battle of The Bots presents a new twist on traditional “King-of-The-Hill” style Capture the Flag events by incorporating exploit development, vulnerability analysis, reverse engineering and software development in the form of developing computer worms aka “bots”. BOTBs requires competitors to develop proof-of-concept exploits against varying misconfigured or vulnerable network services. To maximize points scored, the competitor’s bot must automatically scan and compromise network services in the competition environment autonomously. Services that are harder to exploit (ex: requiring memory corruption exploits opposed to misconfigured databases) will result in a higher point score for the competitor. \r\n \r\n The vulnerable network services will include real world vulnerable services where a competitor can adopt off the shelf proof-of-concepts vulnerabilities from an offensive security resource (ex: Metasploit Framework, exploit-db, packetstorm, etc…) into their bot to achieve access to said vulnerable services. Additionally, custom built vulnerable services informed by OWASP Top 10 security bugs as well as CVEs will influence challenge development resulting in a competitor to have the experience of reverse engineering new applications to identify vulnerabilities based on historically significant pain points in Software Engineering as well as infamous historical CVEs. Battle of The Bots will give competitors of all skill levels an opportunity to develop proof-of-concept exploits. Network services will be developed in a variety of compiled and interpreted languages with varying associated vulnerabilities and points. The variety of languages will provide opportunities for those less experienced with reverse engineering to analyze vulnerable Python code to find hidden API endpoints that lead to shell execution for example, rather than reverse engineer compiled binaries.\r\n \r\n Finally, the BOTBs team will be capturing network traffic from the competition environment to later be shared with the wider community. The BOTBs team believes that this unique dataset of network service attacks can act as a unique resource for academic researchers, SOC analysts assessing their defenses and training events where having attack data for SIEM analysis. The data will be released under the Apache 2.0 License and hosted publicly on a yet to be determined platform.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"Battle of The Bots","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"Battle of The Bots presents a new twist on traditional “King-of-The-Hill” style Capture the Flag events by incorporating exploit development, vulnerability analysis, reverse engineering and software development in the form of developing computer worms aka “bots”. BOTBs requires competitors to develop proof-of-concept exploits against varying misconfigured or vulnerable network services. To maximize points scored, the competitor’s bot must automatically scan and compromise network services in the competition environment autonomously. Services that are harder to exploit (ex: requiring memory corruption exploits opposed to misconfigured databases) will result in a higher point score for the competitor. \r\n \r\n The vulnerable network services will include real world vulnerable services where a competitor can adopt off the shelf proof-of-concepts vulnerabilities from an offensive security resource (ex: Metasploit Framework, exploit-db, packetstorm, etc…) into their bot to achieve access to said vulnerable services. Additionally, custom built vulnerable services informed by OWASP Top 10 security bugs as well as CVEs will influence challenge development resulting in a competitor to have the experience of reverse engineering new applications to identify vulnerabilities based on historically significant pain points in Software Engineering as well as infamous historical CVEs. Battle of The Bots will give competitors of all skill levels an opportunity to develop proof-of-concept exploits. Network services will be developed in a variety of compiled and interpreted languages with varying associated vulnerabilities and points. The variety of languages will provide opportunities for those less experienced with reverse engineering to analyze vulnerable Python code to find hidden API endpoints that lead to shell execution for example, rather than reverse engineer compiled binaries.\r\n \r\n Finally, the BOTBs team will be capturing network traffic from the competition environment to later be shared with the wider community. The BOTBs team believes that this unique dataset of network service attacks can act as a unique resource for academic researchers, SOC analysts assessing their defenses and training events where having attack data for SIEM analysis. The data will be released under the Apache 2.0 License and hosted publicly on a yet to be determined platform.","updated_timestamp":{"seconds":1690053720,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Website","type":"link","url":"https://battleofthebots.github.io"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245282"}],"end":"2023-08-13T01:00:00.000-0000","id":51432,"village_id":null,"tag_ids":[45635,45646,45766],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-07-22T19:22:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Adversary Village proudly presents \"Adversary Wars CTF,\" a cutting-edge capture the flag competition that revolves around adversary attack simulation, adversary-threat actor emulation, purple team tactics and adversary tradecraft. This unique competition is designed to replicate enterprise infrastructure and present participants with challenges that encourage the adoption of various techniques, tactics, and procedures (TTPs) employed by real adversaries and threat actors, all within a defined time frame.\r\n\r\nAdversary Village is a community-driven initiative that prioritizes adversary simulation, emulation, breach and attack simulation, adversary tactics, offensive/adversary tradecraft, philosophy, and purple teaming.\r\n\r\nOur objective is to establish a Capture the Flag competition dedicated to adversary simulation, purple teaming and knowledge sharing. Adversary Wars offers unique opportunities for “adversaries” aka participants to simulate attacks, explore new attack vectors, gain insights into threat actor profiles, master TTPs, and refine offensive tradecraft. With a range of adversary simulation exercises at different difficulty levels, this CTF promises real-world attack simulation scenarios and challenges.\r\n\r\nPrevious versions of the Adversary Wars CTF were hosted as part of Adversary Village, during DEF CON 29 and DEF CON 30. We are excited to be back at DEF CON as an official contest this year. Adversary Wars CTF will be located in the contest area for DEF CON 31.​\n\n\n","title":"Adversary Wars CTF","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"android_description":"Adversary Village proudly presents \"Adversary Wars CTF,\" a cutting-edge capture the flag competition that revolves around adversary attack simulation, adversary-threat actor emulation, purple team tactics and adversary tradecraft. This unique competition is designed to replicate enterprise infrastructure and present participants with challenges that encourage the adoption of various techniques, tactics, and procedures (TTPs) employed by real adversaries and threat actors, all within a defined time frame.\r\n\r\nAdversary Village is a community-driven initiative that prioritizes adversary simulation, emulation, breach and attack simulation, adversary tactics, offensive/adversary tradecraft, philosophy, and purple teaming.\r\n\r\nOur objective is to establish a Capture the Flag competition dedicated to adversary simulation, purple teaming and knowledge sharing. Adversary Wars offers unique opportunities for “adversaries” aka participants to simulate attacks, explore new attack vectors, gain insights into threat actor profiles, master TTPs, and refine offensive tradecraft. With a range of adversary simulation exercises at different difficulty levels, this CTF promises real-world attack simulation scenarios and challenges.\r\n\r\nPrevious versions of the Adversary Wars CTF were hosted as part of Adversary Village, during DEF CON 29 and DEF CON 30. We are excited to be back at DEF CON as an official contest this year. Adversary Wars CTF will be located in the contest area for DEF CON 31.​","end_timestamp":{"seconds":1691884800,"nanoseconds":0},"updated_timestamp":{"seconds":1690053600,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Twitter","type":"link","url":"https://twitter.com/AdversaryVillag/"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245457"},{"label":"Website","type":"link","url":"https://adversaryvillage.org/adversary-events/DEFCON-31/"}],"end":"2023-08-13T00:00:00.000-0000","id":51429,"tag_ids":[45635,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","updated":"2023-07-22T19:20:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"AND!XOR creates electronic badges that are filled with challenges. We love doing this, especially coming up with unique ways for hackers to earn them. We are excited to re-introduce the newest member of our hacker-fam... 5n4ck3y (Snackey). 5n4ck3y is a vending machine hardware hacking project, retrofitted into an IoT CTF based badge dispensing machine, complete with bling. To earn a badge, you must find a flag on our web hosted CTF platform. Once you have found a flag, you will be given a 5n4ck3y dispense code. Enter the code into the vending machine and a badge will be dispensed to you! There are a variety of challenges to earn a badge, as well as challenges to continue working on the badge itself once obtained. These span from hardware hacking, reverse engineering, OSINT, OS & network security to name a few. Hardware hacking is our passion and we want people to learn on badges. But more importantly, there is a lot to learn at DEF CON, so our challenge will hopefully serve a desire to learn something new and meet new friends while trying to earn a badge and hack it further. We hope you enjoy 5n4ck3y and all that it has to offer!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"5n4ck3y","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"AND!XOR creates electronic badges that are filled with challenges. We love doing this, especially coming up with unique ways for hackers to earn them. We are excited to re-introduce the newest member of our hacker-fam... 5n4ck3y (Snackey). 5n4ck3y is a vending machine hardware hacking project, retrofitted into an IoT CTF based badge dispensing machine, complete with bling. To earn a badge, you must find a flag on our web hosted CTF platform. Once you have found a flag, you will be given a 5n4ck3y dispense code. Enter the code into the vending machine and a badge will be dispensed to you! There are a variety of challenges to earn a badge, as well as challenges to continue working on the badge itself once obtained. These span from hardware hacking, reverse engineering, OSINT, OS & network security to name a few. Hardware hacking is our passion and we want people to learn on badges. But more importantly, there is a lot to learn at DEF CON, so our challenge will hopefully serve a desire to learn something new and meet new friends while trying to earn a badge and hack it further. We hope you enjoy 5n4ck3y and all that it has to offer!","updated_timestamp":{"seconds":1690142100,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Twitter","type":"link","url":"https://twitter.com/ANDnXOR"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245450"}],"end":"2023-08-13T01:00:00.000-0000","id":51426,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[45635,45646,45743],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","begin":"2023-08-12T17:00:00.000-0000","updated":"2023-07-23T19:55:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Are you ready to put your problem-solving skills to the test?\r\n\r\nThis year, we are proud to introduce a brand new contest, designed to push your limits and awaken your curiosity.\r\n\r\nThe ? Cube Challenge is not for the faint-hearted. It is a multi-layered, complex puzzle that requires you to use all your hacking and analytical skills to solve it.\r\n\r\nThe cube is loaded with riddles and puzzles that must be solved one by one to progress further towards the ultimate goal.\r\n\r\nThis challenge is not just about solving a puzzle, it's about exploring your curiosity and pushing the boundaries of your knowledge.\r\n\r\nIt's about putting your hacker mindset to work and seeing how far you can go.\r\n\r\nWith each step, you'll be one step closer to unlocking the secrets of the ? Cube Challenge.We know that Defcon attendees are always looking for the next big challenge, and we have created the ? Cube Challenge with that in mind.\r\n\r\nIt is a contest that will test your limits, engage your creativity, and push your curiosity to the next level.So come and join us at Defcon 31 and take on the ultimate challenge! Who knows, you might just walk away with the title of ? Cub Champion and the admiration of your fellow hackers. Are you ready to take the challenge?\r\n\r\nThe above was totally written by ChatGPT. I don't want to give out too much information, but basically there is going to be a big cube like object that contestants will have to deconstruct to find the hidden awesomeness. I hope to have challenges spread across multiple domains, both online in a jeopardy style ctf as well as the physical puzzle of the cube which will be module in nature, with each physical puzzle tying to the next.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"? Cube","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"Are you ready to put your problem-solving skills to the test?\r\n\r\nThis year, we are proud to introduce a brand new contest, designed to push your limits and awaken your curiosity.\r\n\r\nThe ? Cube Challenge is not for the faint-hearted. It is a multi-layered, complex puzzle that requires you to use all your hacking and analytical skills to solve it.\r\n\r\nThe cube is loaded with riddles and puzzles that must be solved one by one to progress further towards the ultimate goal.\r\n\r\nThis challenge is not just about solving a puzzle, it's about exploring your curiosity and pushing the boundaries of your knowledge.\r\n\r\nIt's about putting your hacker mindset to work and seeing how far you can go.\r\n\r\nWith each step, you'll be one step closer to unlocking the secrets of the ? Cube Challenge.We know that Defcon attendees are always looking for the next big challenge, and we have created the ? Cube Challenge with that in mind.\r\n\r\nIt is a contest that will test your limits, engage your creativity, and push your curiosity to the next level.So come and join us at Defcon 31 and take on the ultimate challenge! Who knows, you might just walk away with the title of ? Cub Champion and the admiration of your fellow hackers. Are you ready to take the challenge?\r\n\r\nThe above was totally written by ChatGPT. I don't want to give out too much information, but basically there is going to be a big cube like object that contestants will have to deconstruct to find the hidden awesomeness. I hope to have challenges spread across multiple domains, both online in a jeopardy style ctf as well as the physical puzzle of the cube which will be module in nature, with each physical puzzle tying to the next.","updated_timestamp":{"seconds":1690053300,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/244817"},{"label":"Website","type":"link","url":"http://0x3fcube.com/"}],"end":"2023-08-13T01:00:00.000-0000","id":51423,"tag_ids":[45635,45646,45766],"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"begin":"2023-08-12T17:00:00.000-0000","updated":"2023-07-22T19:15:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Panel Discussion - Bugs, Bounties, & Breaches - Insider Tales from the Trenches","end_timestamp":{"seconds":1691862300,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1689552960,"nanoseconds":0},"speakers":[{"content_ids":[51097,51303,51307,51998,52118],"conference_id":96,"event_ids":[51128,51365,51369,52192,52342],"name":"Jason Haddix","affiliations":[{"organization":"BuddoBot","title":"CISO and “Hacker in Charge”"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jhaddix"}],"media":[],"id":50266,"title":"CISO and “Hacker in Charge” at BuddoBot"}],"timeband_id":991,"links":[],"end":"2023-08-12T17:45:00.000-0000","id":51365,"tag_ids":[40293,45645,45649,45743],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"village_id":59,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50266}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social B and C - Recon Village","hotel":"","short_name":"Social B and C - Recon Village","id":45737},"spans_timebands":"N","begin":"2023-08-12T17:00:00.000-0000","updated":"2023-07-17T00:16:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"title":"Red Team Labs and Games for Kids","android_description":"","end_timestamp":{"seconds":1691863200,"nanoseconds":0},"updated_timestamp":{"seconds":1689358560,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-12T18:00:00.000-0000","id":51158,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[40294,45647,45719,45743,45764,45864],"village_id":60,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 5","hotel":"","short_name":"Area 5","id":45829},"spans_timebands":"N","updated":"2023-07-14T18:16:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Welcome to our Red Team workshop where we will be discussing the hottest Tactics, Techniques, and Procedures (TTPs) used by Red Teams today. As cyber threats become more sophisticated, it is essential for Red Teams to stay up-to-date with the latest TTPs to ensure their organizations are well-prepared and protected against potential attacks. In this workshop, we will explore the latest TTPs used by Red Teams, including social engineering, post-exploitation, and other malicious techniques that are currently being employed in “advanced” attacks. By the end of this workshop, you will have a better understanding of the latest TTPs, how to use them, and be better equipped to defend against them. Let's get started!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"title":"Red Hot (Red Team TTPs)","android_description":"Welcome to our Red Team workshop where we will be discussing the hottest Tactics, Techniques, and Procedures (TTPs) used by Red Teams today. As cyber threats become more sophisticated, it is essential for Red Teams to stay up-to-date with the latest TTPs to ensure their organizations are well-prepared and protected against potential attacks. In this workshop, we will explore the latest TTPs used by Red Teams, including social engineering, post-exploitation, and other malicious techniques that are currently being employed in “advanced” attacks. By the end of this workshop, you will have a better understanding of the latest TTPs, how to use them, and be better equipped to defend against them. Let's get started!","end_timestamp":{"seconds":1691863200,"nanoseconds":0},"updated_timestamp":{"seconds":1689358200,"nanoseconds":0},"speakers":[{"content_ids":[51076],"conference_id":96,"event_ids":[51108,51153,51154,51155,51156],"name":"Ralph May","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ralphte1"}],"pronouns":null,"media":[],"id":50279},{"content_ids":[51076],"conference_id":96,"event_ids":[51108,51153,51154,51155,51156],"name":"Steve Borosh","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/424f424f"}],"media":[],"id":50284}],"timeband_id":991,"links":[],"end":"2023-08-12T18:00:00.000-0000","id":51154,"tag_ids":[40294,45647,45719],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"village_id":60,"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50279},{"tag_id":45633,"sort_order":1,"person_id":50284}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 3","hotel":"","short_name":"Area 3","id":45827},"spans_timebands":"N","begin":"2023-08-12T17:00:00.000-0000","updated":"2023-07-14T18:10:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This workshop will go through the process of manually identifying applications that can be vulnerable to DLL Sideloading and exploiting them. Attendees will learn how to use Promon to find applications that can be vulnerable to DLL sideloading, identify the correct DLL functions to proxy using CFF Explorer, and write a basic DLL to run shellcode.\n\n\n","title":"Hunting & Exploiting DLL Sideloads","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691863200,"nanoseconds":0},"android_description":"This workshop will go through the process of manually identifying applications that can be vulnerable to DLL Sideloading and exploiting them. Attendees will learn how to use Promon to find applications that can be vulnerable to DLL sideloading, identify the correct DLL functions to proxy using CFF Explorer, and write a basic DLL to run shellcode.","updated_timestamp":{"seconds":1689358260,"nanoseconds":0},"speakers":[{"content_ids":[51079],"conference_id":96,"event_ids":[51139,51111],"name":"Matthew Nickerson","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/turbo_sec"}],"media":[],"id":50272},{"content_ids":[51079],"conference_id":96,"event_ids":[51139,51111],"name":"Nick Swink","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/0xC0rnbread"}],"media":[],"id":50275}],"timeband_id":991,"links":[],"end":"2023-08-12T18:00:00.000-0000","id":51139,"village_id":60,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[40294,45647,45719],"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50272},{"tag_id":45633,"sort_order":1,"person_id":50275}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 1","hotel":"","short_name":"Area 1","id":45825},"spans_timebands":"N","begin":"2023-08-12T17:00:00.000-0000","updated":"2023-07-14T18:11:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Securing the Whole System: Corpal to Corporate","end_timestamp":{"seconds":1691861400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1689116640,"nanoseconds":0},"speakers":[{"content_ids":[51046],"conference_id":96,"event_ids":[51078],"name":"Lee Cyborg","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50248}],"timeband_id":991,"links":[],"end":"2023-08-12T17:30:00.000-0000","id":51078,"tag_ids":[45645,45647,45717],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"village_id":68,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50248}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Laughlin I,II,III - Biohacking Village","hotel":"","short_name":"Laughlin I,II,III - Biohacking Village","id":45663},"spans_timebands":"N","updated":"2023-07-11T23:04:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Veilid is a new, distributed communication protocol developed by Cult of the Dead Cow's Dildog (of BO2K fame). This p2p, E2EE, distributed protocol is being released at Defcon 31, fully open source, and with an example app called Veilid Chat. These demos will cover setting up an identity, connecting to others, deploying heavy nodes to support the network, and contributing to the project.\n\n\n","title":"Veilid","type":{"conference_id":96,"conference":"DEFCON31","color":"#b3b0b6","updated_at":"2024-06-07T03:38+0000","name":"Demo Lab","id":45636},"android_description":"Veilid is a new, distributed communication protocol developed by Cult of the Dead Cow's Dildog (of BO2K fame). This p2p, E2EE, distributed protocol is being released at Defcon 31, fully open source, and with an example app called Veilid Chat. These demos will cover setting up an identity, connecting to others, deploying heavy nodes to support the network, and contributing to the project.","end_timestamp":{"seconds":1691866500,"nanoseconds":0},"updated_timestamp":{"seconds":1688878620,"nanoseconds":0},"speakers":[{"content_ids":[51027],"conference_id":96,"event_ids":[51065],"name":"TC Johnson","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50216},{"content_ids":[51027],"conference_id":96,"event_ids":[51065],"name":"Deth Veggie","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50217}],"timeband_id":991,"links":[],"end":"2023-08-12T18:55:00.000-0000","id":51065,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[45592,45636,45646,45743],"village_id":null,"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50217},{"tag_id":45590,"sort_order":1,"person_id":50216}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Committee Boardroom - Demo Labs","hotel":"","short_name":"Committee Boardroom - Demo Labs","id":45698},"spans_timebands":"N","updated":"2023-07-09T04:57:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"USB spreading malware is still a concern today. Over the past few months, we have witnessed an increase in malicious software exploiting USB drives to bypass security measures, even in air-gapped systems. Whenever we connect our USB drive to an \"untrusted\" system, numerous doubts arise: what happens behind the scenes? Is something accessing, modifying, or encrypting our files? This is where USBvalve comes in. It is an affordable dongle, built using readily available hardware, designed to reveal the true activities occurring when a USB drive is connected to a system. It can also be used to check for \"BADUSB\" (HID) on USB keys before inserting them into our own systems. The best part is that it's as compact as a keychain, making it convenient to carry with us at all times!\n\n\n","title":"USBvalve - Expose USB activity on the fly","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#b3b0b6","name":"Demo Lab","id":45636},"android_description":"USB spreading malware is still a concern today. Over the past few months, we have witnessed an increase in malicious software exploiting USB drives to bypass security measures, even in air-gapped systems. Whenever we connect our USB drive to an \"untrusted\" system, numerous doubts arise: what happens behind the scenes? Is something accessing, modifying, or encrypting our files? This is where USBvalve comes in. It is an affordable dongle, built using readily available hardware, designed to reveal the true activities occurring when a USB drive is connected to a system. It can also be used to check for \"BADUSB\" (HID) on USB keys before inserting them into our own systems. The best part is that it's as compact as a keychain, making it convenient to carry with us at all times!","end_timestamp":{"seconds":1691866500,"nanoseconds":0},"updated_timestamp":{"seconds":1688878320,"nanoseconds":0},"speakers":[{"content_ids":[51025],"conference_id":96,"event_ids":[51063],"name":"Cesare Pizzi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50215}],"timeband_id":991,"links":[],"end":"2023-08-12T18:55:00.000-0000","id":51063,"tag_ids":[45592,45636,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50215}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Unity Boardroom - Demo Labs","hotel":"","short_name":"Unity Boardroom - Demo Labs","id":45706},"spans_timebands":"N","updated":"2023-07-09T04:52:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Wifydra is open source hardware and software used to locate wireless access points for wardriving. The project is a continuation of the work done previously by Mike Spicer (@d4rkm4tter) and his WiFi Cactus and Kraken. It's designed to be a low power and low cost modular way of simultaneously monitoring all 2.4Ghz WiFi channels for AP beacons. By utilizing strictly off the shelf embedded components, the Wifydra is able to keep costs extremely low (~$90) and its footprint extremely small (250 square cm). More importantly, minimal power consumption is maintained, requiring only a USB C battery capable of putting out 10 watts. The Wifydra is modular in nature and supports a multitude of GNSS (Global Navigation Satellite System) options for location tagging. The ESP32-C5 for 5Ghz channel monitoring will also be supported once the hardware becomes available. The version of The Wifydra demoed consists of 14 ESP8266 called sub nodes, an additional ESP32 called the dom node, SD card holder, GNSS module, OLED screen, as well as the Wifydra carrier board that connects all these components. The firmware, BOM, and gerbers are all available in The Wifydra's Github repo: https://github.com/lozaning/The_Wifydra\n\n\n","title":"The Wifydra: Multiheaded RF Panopticon","type":{"conference_id":96,"conference":"DEFCON31","color":"#b3b0b6","updated_at":"2024-06-07T03:38+0000","name":"Demo Lab","id":45636},"android_description":"The Wifydra is open source hardware and software used to locate wireless access points for wardriving. The project is a continuation of the work done previously by Mike Spicer (@d4rkm4tter) and his WiFi Cactus and Kraken. It's designed to be a low power and low cost modular way of simultaneously monitoring all 2.4Ghz WiFi channels for AP beacons. By utilizing strictly off the shelf embedded components, the Wifydra is able to keep costs extremely low (~$90) and its footprint extremely small (250 square cm). More importantly, minimal power consumption is maintained, requiring only a USB C battery capable of putting out 10 watts. The Wifydra is modular in nature and supports a multitude of GNSS (Global Navigation Satellite System) options for location tagging. The ESP32-C5 for 5Ghz channel monitoring will also be supported once the hardware becomes available. The version of The Wifydra demoed consists of 14 ESP8266 called sub nodes, an additional ESP32 called the dom node, SD card holder, GNSS module, OLED screen, as well as the Wifydra carrier board that connects all these components. The firmware, BOM, and gerbers are all available in The Wifydra's Github repo: https://github.com/lozaning/The_Wifydra","end_timestamp":{"seconds":1691866500,"nanoseconds":0},"updated_timestamp":{"seconds":1688878200,"nanoseconds":0},"speakers":[{"content_ids":[51023,52248],"conference_id":96,"event_ids":[52509,51061],"name":"Lozaning","affiliations":[],"links":[],"pronouns":"they/them","media":[],"id":50212}],"timeband_id":991,"end":"2023-08-12T18:55:00.000-0000","links":[{"label":"","type":"link","url":"https://github.com/lozaning/The_Wifydra"}],"id":51061,"village_id":null,"tag_ids":[45592,45636,45646,45743],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50212}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Society Boardroom - Demo Labs","hotel":"","short_name":"Society Boardroom - Demo Labs","id":45700},"spans_timebands":"N","begin":"2023-08-12T17:00:00.000-0000","updated":"2023-07-09T04:50:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This tool is a digital assistant that helps you hack. Under the hood it uses langchain (a way to augment LLMss) that currently uses an SMS / MMS / Phone interface that will allow for basic information retrieval tasks (google search, searching shodan, google places) and has the goal of doing complex offensive and defensive security tasks using anything from a dumb phone to a smartphone. It is preprogramed with tools that it can intelligently use to accomplish certain tasks such as performing a search on shodan given an IP address.\n\n\n","title":"Saturday","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#b3b0b6","name":"Demo Lab","id":45636},"android_description":"This tool is a digital assistant that helps you hack. Under the hood it uses langchain (a way to augment LLMss) that currently uses an SMS / MMS / Phone interface that will allow for basic information retrieval tasks (google search, searching shodan, google places) and has the goal of doing complex offensive and defensive security tasks using anything from a dumb phone to a smartphone. It is preprogramed with tools that it can intelligently use to accomplish certain tasks such as performing a search on shodan given an IP address.","end_timestamp":{"seconds":1691866500,"nanoseconds":0},"updated_timestamp":{"seconds":1688877840,"nanoseconds":0},"speakers":[{"content_ids":[51017],"conference_id":96,"event_ids":[51055],"name":"Joshua Herman","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50203}],"timeband_id":991,"links":[],"end":"2023-08-12T18:55:00.000-0000","id":51055,"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[45592,45636,45646,45743],"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50203}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Council Boardroom - Demo Labs","hotel":"","short_name":"Council Boardroom - Demo Labs","id":45699},"spans_timebands":"N","begin":"2023-08-12T17:00:00.000-0000","updated":"2023-07-09T04:44:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Lupo is a dynamic analysis tool that can be used as a module with the debugger.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#b3b0b6","name":"Demo Lab","id":45636},"title":"Lupo: Malware IOC Extractor","android_description":"Lupo is a dynamic analysis tool that can be used as a module with the debugger.","end_timestamp":{"seconds":1691866500,"nanoseconds":0},"updated_timestamp":{"seconds":1688876820,"nanoseconds":0},"speakers":[{"content_ids":[51010],"conference_id":96,"event_ids":[51048],"name":"Vishal Thakur","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50192}],"timeband_id":991,"links":[],"end":"2023-08-12T18:55:00.000-0000","id":51048,"village_id":null,"tag_ids":[45592,45636,45646,45743],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50192}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Caucus Boardroom - Demo Labs","hotel":"","short_name":"Caucus Boardroom - Demo Labs","id":45696},"begin":"2023-08-12T17:00:00.000-0000","updated":"2023-07-09T04:27:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Organizations can have thousands of lines of code that are stored in Lambda on AWS. This application was built to help reduce the amount of time it takes to review that code. On our last Pen Test, we had so much Lambda code to review it was impossible to parse through all of it in the short amount of time assigned to our test. This lack of time created a necessity to automate the review of that lambda code for secrets. Lambda Looter will take a list of profiles and scan through them and download the code you have access to and then process that code for secrets, outputting any potential secrets to a loot directory. Even though this tool can generate a number of false positives it makes looking for secrets much faster than scanning the code manually.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#b3b0b6","updated_at":"2024-06-07T03:38+0000","name":"Demo Lab","id":45636},"title":"Lambda Looter","android_description":"Organizations can have thousands of lines of code that are stored in Lambda on AWS. This application was built to help reduce the amount of time it takes to review that code. On our last Pen Test, we had so much Lambda code to review it was impossible to parse through all of it in the short amount of time assigned to our test. This lack of time created a necessity to automate the review of that lambda code for secrets. Lambda Looter will take a list of profiles and scan through them and download the code you have access to and then process that code for secrets, outputting any potential secrets to a loot directory. Even though this tool can generate a number of false positives it makes looking for secrets much faster than scanning the code manually.","end_timestamp":{"seconds":1691866500,"nanoseconds":0},"updated_timestamp":{"seconds":1688876760,"nanoseconds":0},"speakers":[{"content_ids":[51009],"conference_id":96,"event_ids":[51047],"name":"Doug Kent","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50190},{"content_ids":[51009],"conference_id":96,"event_ids":[51047],"name":"Rob Ditmer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50191}],"timeband_id":991,"links":[],"end":"2023-08-12T18:55:00.000-0000","id":51047,"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[45592,45636,45646,45743],"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50190},{"tag_id":45590,"sort_order":1,"person_id":50191}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Accord Boardroom - Demo Labs","hotel":"","short_name":"Accord Boardroom - Demo Labs","id":45695},"begin":"2023-08-12T17:00:00.000-0000","updated":"2023-07-09T04:26:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In 2016 a bunch of hackers took a break from DEF CON festivities to gather in a hotel room with a bathtub full of beer and talk about shared interests in a brave new world of connected healthcare. Trailblazers were popping pacemakers and pharmaceutical pumps, and we worried that instead of embracing such efforts as opportunities to make tech safer for patients, folks in charge would repeat mistakes of the past and double down on the status quo.\r\n\r\nFast forward to the 2022 passage of the Omnibus spending bill- the FDA is now locked and loaded with expanded authority to regulate cybersecurity requirements for medical devices. What changed? *Keanu voice:* “Policy. Lots of Policy.” Turns out when we get in with the right people, hackers can help get things done. This is the core of Policy @ DEFCON.\r\n\r\nChallenges persist. We now have threats from state actors and ransomware blasts delaying lifesaving medical care while costing hospitals hundreds of millions of dollars they don’t have (been in an ER lately?). So once again, come join quaddi and r3plicant, your favorite ripper docs, for another round of D0 No H4rm- this time with special guests from Congress, FDA, and the White House as we figure out what policy patches have the best chance to save lives.\r\n\r\nIt starts here, in rooms like this, with hackers like you. And it ends with us changing the world.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#47c64e","updated_at":"2024-06-07T03:38+0000","name":"DEF CON War Story","id":45844},"title":"D0 N0 H4RM: A Healthcare Security Conversation","end_timestamp":{"seconds":1691865900,"nanoseconds":0},"android_description":"In 2016 a bunch of hackers took a break from DEF CON festivities to gather in a hotel room with a bathtub full of beer and talk about shared interests in a brave new world of connected healthcare. Trailblazers were popping pacemakers and pharmaceutical pumps, and we worried that instead of embracing such efforts as opportunities to make tech safer for patients, folks in charge would repeat mistakes of the past and double down on the status quo.\r\n\r\nFast forward to the 2022 passage of the Omnibus spending bill- the FDA is now locked and loaded with expanded authority to regulate cybersecurity requirements for medical devices. What changed? *Keanu voice:* “Policy. Lots of Policy.” Turns out when we get in with the right people, hackers can help get things done. This is the core of Policy @ DEFCON.\r\n\r\nChallenges persist. We now have threats from state actors and ransomware blasts delaying lifesaving medical care while costing hospitals hundreds of millions of dollars they don’t have (been in an ER lately?). So once again, come join quaddi and r3plicant, your favorite ripper docs, for another round of D0 No H4rm- this time with special guests from Congress, FDA, and the White House as we figure out what policy patches have the best chance to save lives.\r\n\r\nIt starts here, in rooms like this, with hackers like you. And it ends with us changing the world.","updated_timestamp":{"seconds":1688177820,"nanoseconds":0},"speakers":[{"content_ids":[50645],"conference_id":96,"event_ids":[50863],"name":"Christian \"quaddi\" Dameff, MD","affiliations":[{"organization":"The University of California San Diego","title":"Physician & Medical Director of Cyber Security"}],"links":[],"pronouns":"he/him","media":[],"id":49923,"title":"Physician & Medical Director of Cyber Security at The University of California San Diego"},{"content_ids":[50645],"conference_id":96,"event_ids":[50863],"name":"Jacqueline Burgette, DMD, PhD","affiliations":[{"organization":"The Office of National Cyber Director (ONCD)","title":"White House Fellow"}],"links":[],"pronouns":"she/her","media":[],"id":49924,"title":"White House Fellow at The Office of National Cyber Director (ONCD)"},{"content_ids":[50645],"conference_id":96,"event_ids":[50863],"name":"Jeff \"r3plicant\" Tully, MD","affiliations":[{"organization":"The University of California San Diego","title":"Anesthesiologist"}],"links":[],"pronouns":"he/him","media":[],"id":49925,"title":"Anesthesiologist at The University of California San Diego"},{"content_ids":[50645],"conference_id":96,"event_ids":[50863],"name":"Nitin Natarajan","affiliations":[{"organization":"Cybersecurity and Infrastructure Security Agency (CISA)","title":"Deputy Director"}],"links":[],"pronouns":"he/him","media":[],"id":49926,"title":"Deputy Director at Cybersecurity and Infrastructure Security Agency (CISA)"},{"content_ids":[50645],"conference_id":96,"event_ids":[50863],"name":"Mark Warner","affiliations":[{"organization":"","title":"Virginia Senator and Chair of the US Cybersecurity Caucus"}],"links":[],"pronouns":"he/him","media":[],"id":49927,"title":"Virginia Senator and Chair of the US Cybersecurity Caucus"},{"content_ids":[50645,51499],"conference_id":96,"event_ids":[50863,51655],"name":"Suzanne Schwartz, MD","affiliations":[{"organization":"FDA’s Center for Devices and Radiological Health (CDRH)","title":"Director of the Office of Strategic Partnerships and Technology Innovation (OST)"}],"links":[],"pronouns":"she/her","media":[],"id":49928,"title":"Director of the Office of Strategic Partnerships and Technology Innovation (OST) at FDA’s Center for Devices and Radiological Health (CDRH)"}],"timeband_id":991,"end":"2023-08-12T18:45:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246098"}],"id":50863,"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[45648,45844],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49923},{"tag_id":45590,"sort_order":1,"person_id":49924},{"tag_id":45590,"sort_order":1,"person_id":49925},{"tag_id":45590,"sort_order":1,"person_id":49927},{"tag_id":45590,"sort_order":1,"person_id":49926},{"tag_id":45590,"sort_order":1,"person_id":49928}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45666,"name":"Harrah's - Nevada Ballroom - Lake Tahoe & Reno - War Stories - Off the Record","hotel":"","short_name":"War Stories - Off the Record","id":45802},"spans_timebands":"N","begin":"2023-08-12T17:00:00.000-0000","updated":"2023-07-01T02:17:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"VPN Always-On is a security control that can be deployed to mobile endpoints that remotely access corporate resources through VPN. It is designed to prevent data leaks and narrow attack surface of enrolled end-user equipment connected to untrusted networks. When it is enforced, the mobile device can only reach the VPN gateway and all connections are tunneled.\r\n\r\nWe will review the relevant Windows API, the practicalities of this feature, look at popular VPN software; we will then consider ridiculously complex exfil methods and... finally bypass it with unexpectedly trivial tricks. We will exploit design, implementation and configuration issues to circumvent this control in offensive scenarios. We will then learn how to fix or harden VPN Always-On deployment to further limit the risks posed by untrusted networks.\r\n\r\nREFERENCES:\r\n\r\nVPN on untrusted networks, captive portals:\r\n- ANSSI (France) Recommandations sur le nomadisme numérique (\"3.4.3 Maîtrise des flux réseaux sur le poste de travail\"): https://www.ssi.gouv.fr/uploads/2018/10/guide_nomadisme_anssi_pa_054_v1.pdf (I will translate the relevant part in my slide)\r\n\r\nUnderstanding \"Windows Filtering Platform\":\r\n- Microsoft documentation : https://learn.microsoft.com/en-us/windows/win32/fwp/windows-filtering-platform-start-page\r\n- Pavel Yosifovich : https://scorpiosoftware.net/2022/12/25/introduction-to-the-windows-filtering-platform/\r\n- Pavel Yosifovich : https://github.com/zodiacon/WFPExplorer\r\n- Sagie Dulce : https://github.com/zeronetworks/wtf-wfp\r\n\r\nReverse Engineering of Windows Filtering Platform and its implementation in Windows VPN agents:\r\n- Ole André V. Ravnas - https://frida.re/\r\n- James Forshaw - https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools/tree/main/NtObjectManager\r\n\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"title":"Defeating VPN Always-On","end_timestamp":{"seconds":1691862300,"nanoseconds":0},"android_description":"VPN Always-On is a security control that can be deployed to mobile endpoints that remotely access corporate resources through VPN. It is designed to prevent data leaks and narrow attack surface of enrolled end-user equipment connected to untrusted networks. When it is enforced, the mobile device can only reach the VPN gateway and all connections are tunneled.\r\n\r\nWe will review the relevant Windows API, the practicalities of this feature, look at popular VPN software; we will then consider ridiculously complex exfil methods and... finally bypass it with unexpectedly trivial tricks. We will exploit design, implementation and configuration issues to circumvent this control in offensive scenarios. We will then learn how to fix or harden VPN Always-On deployment to further limit the risks posed by untrusted networks.\r\n\r\nREFERENCES:\r\n\r\nVPN on untrusted networks, captive portals:\r\n- ANSSI (France) Recommandations sur le nomadisme numérique (\"3.4.3 Maîtrise des flux réseaux sur le poste de travail\"): https://www.ssi.gouv.fr/uploads/2018/10/guide_nomadisme_anssi_pa_054_v1.pdf (I will translate the relevant part in my slide)\r\n\r\nUnderstanding \"Windows Filtering Platform\":\r\n- Microsoft documentation : https://learn.microsoft.com/en-us/windows/win32/fwp/windows-filtering-platform-start-page\r\n- Pavel Yosifovich : https://scorpiosoftware.net/2022/12/25/introduction-to-the-windows-filtering-platform/\r\n- Pavel Yosifovich : https://github.com/zodiacon/WFPExplorer\r\n- Sagie Dulce : https://github.com/zeronetworks/wtf-wfp\r\n\r\nReverse Engineering of Windows Filtering Platform and its implementation in Windows VPN agents:\r\n- Ole André V. Ravnas - https://frida.re/\r\n- James Forshaw - https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools/tree/main/NtObjectManager","updated_timestamp":{"seconds":1688095560,"nanoseconds":0},"speakers":[{"content_ids":[50579],"conference_id":96,"event_ids":[50836],"name":"Maxime Clementz","affiliations":[{"organization":"PwC Luxembourg","title":"Cybersecurity Senior Manager"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/maxime_tz"}],"pronouns":"he/him","media":[],"id":49803,"title":"Cybersecurity Senior Manager at PwC Luxembourg"}],"timeband_id":991,"end":"2023-08-12T17:45:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245750"}],"id":50836,"tag_ids":[45589,45592,45629,45630,45646,45766],"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"village_id":null,"includes":"Demo 💻, Exploit 🪲, Tool 🛠","people":[{"tag_id":45590,"sort_order":1,"person_id":49803}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 407-410 - Track 4","hotel":"","short_name":"Academy - 407-410 - Track 4","id":45799},"spans_timebands":"N","updated":"2023-06-30T03:26:00.000-0000","begin":"2023-08-12T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"To retain a foothold on an infected system, most Mac malware will persist; installing itself in a manner that ensures it will be automatically (re)launched each time the infected system is rebooted.\r\n \r\nIn macOS Ventura, Apple's rearchitected core persistence mechanisms and added a new security mechanism that alerts the user any time an item is persisted. As the former is both undocumented and implemented in a proprietary manner this poses a problem for existing security and forensics tools (that aim to heuristically detect malware via unauthorized persistence events). On the other hand, the latter is problematic to malware authors, who obviously want their malicious creations to persist without an alert being shown to the user.\r\n \r\nIn this talk, we'll indiscriminately provide solutions for all! First, we'll dive into the internals of macOS's Background Task Management (BTM) which, as we'll see, contains a central (albeit proprietary) repository of persistent items. Armed with this information, we'll release open-source code capable of programmatically enumerating all persistent items from BTM, ensuring security and forensics tools regain compatibility. We'll also highlight design weaknesses that malicious code could trivially employ to sidestep the new security features of BTM, such that persistence may still be silently achieved.\r\n\r\nREFERENCES:\r\nhttps://piunikaweb.com/2023/01/30/macos-13-ventura-background-items-added-notification-issue/\r\nhttps://www.sentinelone.com/blog/apples-macos-ventura-7-new-security-changes-to-be-aware-of/\r\n\r\nApple Documentation:\r\nhttps://support.apple.com/guide/deployment/manage-login-items-background-tasks-mac-depdca572563/web\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"title":"Demystifying (& Bypassing) macOS's Background Task Management","android_description":"To retain a foothold on an infected system, most Mac malware will persist; installing itself in a manner that ensures it will be automatically (re)launched each time the infected system is rebooted.\r\n \r\nIn macOS Ventura, Apple's rearchitected core persistence mechanisms and added a new security mechanism that alerts the user any time an item is persisted. As the former is both undocumented and implemented in a proprietary manner this poses a problem for existing security and forensics tools (that aim to heuristically detect malware via unauthorized persistence events). On the other hand, the latter is problematic to malware authors, who obviously want their malicious creations to persist without an alert being shown to the user.\r\n \r\nIn this talk, we'll indiscriminately provide solutions for all! First, we'll dive into the internals of macOS's Background Task Management (BTM) which, as we'll see, contains a central (albeit proprietary) repository of persistent items. Armed with this information, we'll release open-source code capable of programmatically enumerating all persistent items from BTM, ensuring security and forensics tools regain compatibility. We'll also highlight design weaknesses that malicious code could trivially employ to sidestep the new security features of BTM, such that persistence may still be silently achieved.\r\n\r\nREFERENCES:\r\nhttps://piunikaweb.com/2023/01/30/macos-13-ventura-background-items-added-notification-issue/\r\nhttps://www.sentinelone.com/blog/apples-macos-ventura-7-new-security-changes-to-be-aware-of/\r\n\r\nApple Documentation:\r\nhttps://support.apple.com/guide/deployment/manage-login-items-background-tasks-mac-depdca572563/web","end_timestamp":{"seconds":1691862300,"nanoseconds":0},"updated_timestamp":{"seconds":1687137180,"nanoseconds":0},"speakers":[{"content_ids":[50558,50607],"conference_id":96,"event_ids":[50773,50783],"name":"Patrick Wardle","affiliations":[{"organization":"Objective-See Foundation","title":""}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/patrickwardle"},{"description":"","title":"Website","sort_order":0,"url":"https://objective-see.org"}],"pronouns":"he/him","media":[],"id":49769,"title":"Objective-See Foundation"}],"timeband_id":991,"links":[{"label":"YouTube","type":"link","url":"https://www.youtube.com/watch?v=GOoqEVhvNw8"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245729"}],"end":"2023-08-12T17:45:00.000-0000","id":50783,"village_id":null,"begin_timestamp":{"seconds":1691859600,"nanoseconds":0},"tag_ids":[45589,45592,45630,45646,45766],"includes":"Tool 🛠, Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49769}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"spans_timebands":"N","begin":"2023-08-12T17:00:00.000-0000","updated":"2023-06-19T01:13:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Socially engineering a target organization with a hard hat and safety vest never gets old, but there are more ways to the server room. Take your physical penetration test to the next level, swagged out in the latest company-branded quarter zip sweatshirt. In this presentation, Langston and Dan will share their adventures hiding in plain sight while pwning Fortune 500 companies with official apparel and replica merchandise. They will explain their OSINT methodology for identifying 3rd party branding sites and tips for creating authentic-looking, made-to-order gear for any occasion. After learning these new techniques, you’ll be so convincing that you might even get invited to your target client’s next BBQ!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Your Swag is My Swag: Pwning Fortune 500 Companies with Vistaprint","android_description":"Socially engineering a target organization with a hard hat and safety vest never gets old, but there are more ways to the server room. Take your physical penetration test to the next level, swagged out in the latest company-branded quarter zip sweatshirt. In this presentation, Langston and Dan will share their adventures hiding in plain sight while pwning Fortune 500 companies with official apparel and replica merchandise. They will explain their OSINT methodology for identifying 3rd party branding sites and tips for creating authentic-looking, made-to-order gear for any occasion. After learning these new techniques, you’ll be so convincing that you might even get invited to your target client’s next BBQ!","end_timestamp":{"seconds":1691859600,"nanoseconds":0},"updated_timestamp":{"seconds":1690592100,"nanoseconds":0},"speakers":[{"content_ids":[51553],"conference_id":96,"event_ids":[51722],"name":"Daniel \"Jcache\" Goga","affiliations":[{"organization":"Core BTS","title":"Security Consultant"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/_BadCharacters"},{"description":"","title":"Website","sort_order":0,"url":"http://badcharacters.io/"}],"pronouns":null,"media":[],"id":50690,"title":"Security Consultant at Core BTS"},{"content_ids":[51553,52386],"conference_id":96,"event_ids":[52677,51722],"name":"Langston \"Shock\" Clement","affiliations":[{"organization":"Core BTS","title":"Lead for Red Team operations and Penetration Testing engagements"}],"links":[{"description":"","title":"Github","sort_order":0,"url":"https://github.com/sh0ckSec"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/sh0ckSec"}],"pronouns":null,"media":[],"id":50692,"title":"Lead for Red Team operations and Penetration Testing engagements at Core BTS"}],"timeband_id":991,"links":[],"end":"2023-08-12T17:00:00.000-0000","id":51722,"begin_timestamp":{"seconds":1691857800,"nanoseconds":0},"village_id":null,"tag_ids":[40302,45645,45649,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50690},{"tag_id":45590,"sort_order":1,"person_id":50692}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social A - Social Engineering Community","hotel":"","short_name":"Social A - Social Engineering Community","id":45736},"updated":"2023-07-29T00:55:00.000-0000","begin":"2023-08-12T16:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Extremely **IMPORTANT** notes regarding human registration:\r\n - These notes apply to human registration only. You are a human if you are not a goon, official speaker, village staff, press, black badge holder, or similar. (If you are one of those, you need to register separately. If you don't know how, see an NFO goon (infobooth).)\r\n - Badges are required for everyone ages 8 and older.\r\n - If you pre-registered, please ensure that your QR code is readily accessible. If you will be presenting it on a smartphone, please ensure that your display is set to maximum brightness as you near the front of the line. \r\n - If you did not pre-register, all badge sales are CASH ONLY! No checks, money orders, credit cards, IOUs, or anything else will be accepted. Please have exact change ready as you near the front of the line.\r\n - To reiterate, **please have exact change ready**.\r\n - If you purchase a DEF CON badge from BlackHat, please get your badge from BlackHat before they close.\r\n - If you lose your badge, there is no way for us to replace it. You'll have to buy a replacement at full price.\r\n - If you are being accompanied by a full-time caretaker (such as someone who will push your wheelchair, and will accompany you at all times), please ask to speak to a Registration Goon. Your caretaker will receive a paper badge that will permit them to accompany you everywhere you go.\r\n - A generic receipt for the cash sale of a badge will be made available on media.defcon.org after the conference. You are welcome to print your own copy of the receipt, if you need a receipt. Printed receipts are not available at the time of purchase.\r\n - Please help us make this a great experience for everyone: **follow directions given by goons** and get in the correct line. Note that there may be one line for all of registration, or there may be two lines (pre-registration vs cash) -- this may change over time, based on available staffing and necessary crowd control.\r\n - Please be patient. The time listed here for the beginning of registration is approximate. We will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; this may be earlier or later than the scheduled time.\r\n - There are no refunds given for cash sales. If you have any doubt, do not buy the badge.\r\n - If you have questions about anything regarding registration, that are not addressed here, please ask to speak to a Registration Goon.\r\n\n\n\n","title":"Human Registration Open","type":{"conference_id":96,"conference":"DEFCON31","color":"#77d8b8","updated_at":"2024-06-07T03:38+0000","name":"Misc","id":45640},"android_description":"Extremely **IMPORTANT** notes regarding human registration:\r\n - These notes apply to human registration only. You are a human if you are not a goon, official speaker, village staff, press, black badge holder, or similar. (If you are one of those, you need to register separately. If you don't know how, see an NFO goon (infobooth).)\r\n - Badges are required for everyone ages 8 and older.\r\n - If you pre-registered, please ensure that your QR code is readily accessible. If you will be presenting it on a smartphone, please ensure that your display is set to maximum brightness as you near the front of the line. \r\n - If you did not pre-register, all badge sales are CASH ONLY! No checks, money orders, credit cards, IOUs, or anything else will be accepted. Please have exact change ready as you near the front of the line.\r\n - To reiterate, **please have exact change ready**.\r\n - If you purchase a DEF CON badge from BlackHat, please get your badge from BlackHat before they close.\r\n - If you lose your badge, there is no way for us to replace it. You'll have to buy a replacement at full price.\r\n - If you are being accompanied by a full-time caretaker (such as someone who will push your wheelchair, and will accompany you at all times), please ask to speak to a Registration Goon. Your caretaker will receive a paper badge that will permit them to accompany you everywhere you go.\r\n - A generic receipt for the cash sale of a badge will be made available on media.defcon.org after the conference. You are welcome to print your own copy of the receipt, if you need a receipt. Printed receipts are not available at the time of purchase.\r\n - Please help us make this a great experience for everyone: **follow directions given by goons** and get in the correct line. Note that there may be one line for all of registration, or there may be two lines (pre-registration vs cash) -- this may change over time, based on available staffing and necessary crowd control.\r\n - Please be patient. The time listed here for the beginning of registration is approximate. We will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; this may be earlier or later than the scheduled time.\r\n - There are no refunds given for cash sales. If you have any doubt, do not buy the badge.\r\n - If you have questions about anything regarding registration, that are not addressed here, please ask to speak to a Registration Goon.","end_timestamp":{"seconds":1691892000,"nanoseconds":0},"updated_timestamp":{"seconds":1691559000,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T02:00:00.000-0000","id":51697,"tag_ids":[45640,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691857800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 101-103 - Reg","hotel":"","short_name":"Forum - 101-103 - Reg","id":45853},"updated":"2023-08-09T05:30:00.000-0000","begin":"2023-08-12T16:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"On September 29th, 2022, one of the most controversial poker hand was played, winning an all-in $240K cash pot on the Hustler Casino Live poker stream (HCL) by newcomer Robbi Jade Lew. The controversy and accusations of cheating took the poker and media world by storm! Conspiracy theories emerged immediately within the media, podcasts and the internet sleuths, including crossover theories from the Chess cheating scandal, accusations of collusion with HCL employees, and advanced technology being used. This is the wild tale of my investigation into cheating live stream poker if it was done and what are all the ways I would do it. \r\n\r\nI will also show how I utilized my experience from attending hacking conferences such as Defcon for over 26 years, the competitions and how I tapped into a broad range of resources throughout the years of making friends in the hacking community, reaching out to discord groups and doing that which isn’t covered in the academic world. This is why I am here; this is why you are here. \r\n\r\nThis war story contains treachery, wild technology theories, drama and current criminals on the run. But you, the audience must all decide. Is Robbi innocent or guilty? Was something missing? How would you have cheated?\r\n\r\nREFERENCES: \r\n\r\n* Hancke, G. P. (n.d.). Practical Eavesdropping and Skimming Attacks on High-Frequency RFID Tokens. Retrieved from http://www.rfidblog.org.uk/Hancke-JoCSSpecialRFIDJune2010.pdf \r\n* https://wa5vjb.com/\r\n* How to Build a Low-Cost, Extended-Range RFID Skimmer https://www.usenix.org/legacy/events/sec06/tech/full_papers/kirschenbaum/kirschenbaum_html/index.html\r\n* DEF CON 17 - Christine Paget - RFID Myth busting https://www.youtube.com/watch?v=SMm4g5yhDoY\r\n* DEF CON 18 - Christine Paget - Extreme-Range RFID Tracking https://www.youtube.com/watch?v=q9_8F_BKeto\r\n* PokerGFX Software - https://videopokertable.net\n\n\n","title":"J4 Gate, The Hustler Poker Cheating Scandal investigation and how Hacking helped me do it","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691860500,"nanoseconds":0},"android_description":"On September 29th, 2022, one of the most controversial poker hand was played, winning an all-in $240K cash pot on the Hustler Casino Live poker stream (HCL) by newcomer Robbi Jade Lew. The controversy and accusations of cheating took the poker and media world by storm! Conspiracy theories emerged immediately within the media, podcasts and the internet sleuths, including crossover theories from the Chess cheating scandal, accusations of collusion with HCL employees, and advanced technology being used. This is the wild tale of my investigation into cheating live stream poker if it was done and what are all the ways I would do it. \r\n\r\nI will also show how I utilized my experience from attending hacking conferences such as Defcon for over 26 years, the competitions and how I tapped into a broad range of resources throughout the years of making friends in the hacking community, reaching out to discord groups and doing that which isn’t covered in the academic world. This is why I am here; this is why you are here. \r\n\r\nThis war story contains treachery, wild technology theories, drama and current criminals on the run. But you, the audience must all decide. Is Robbi innocent or guilty? Was something missing? How would you have cheated?\r\n\r\nREFERENCES: \r\n\r\n* Hancke, G. P. (n.d.). Practical Eavesdropping and Skimming Attacks on High-Frequency RFID Tokens. Retrieved from http://www.rfidblog.org.uk/Hancke-JoCSSpecialRFIDJune2010.pdf \r\n* https://wa5vjb.com/\r\n* How to Build a Low-Cost, Extended-Range RFID Skimmer https://www.usenix.org/legacy/events/sec06/tech/full_papers/kirschenbaum/kirschenbaum_html/index.html\r\n* DEF CON 17 - Christine Paget - RFID Myth busting https://www.youtube.com/watch?v=SMm4g5yhDoY\r\n* DEF CON 18 - Christine Paget - Extreme-Range RFID Tracking https://www.youtube.com/watch?v=q9_8F_BKeto\r\n* PokerGFX Software - https://videopokertable.net","updated_timestamp":{"seconds":1688095320,"nanoseconds":0},"speakers":[{"content_ids":[50557],"conference_id":96,"event_ids":[50804],"name":"Scott \"Duckie\" Melnick","affiliations":[{"organization":"Bulletproof International","title":"Principal Security Research and Development"}],"pronouns":"he/him","links":[{"description":"","title":"Mastodon (@duckie37@23.illuminati.org)","sort_order":0,"url":"https://23.illuminati.org/@duckie37"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/duckie37"}],"media":[],"id":49768,"title":"Principal Security Research and Development at Bulletproof International"}],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245728"}],"end":"2023-08-12T17:15:00.000-0000","id":50804,"begin_timestamp":{"seconds":1691857800,"nanoseconds":0},"village_id":null,"tag_ids":[45589,45646,45766],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49768}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 130-134 - Track 3","hotel":"","short_name":"Forum - 130-134 - Track 3","id":45798},"updated":"2023-06-30T03:22:00.000-0000","begin":"2023-08-12T16:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Breaking into secure facilities used to be possible by inserting a listening device (such as an ESPKey) behind an RFID card reader and sniffing the unencrypted Wiegand badge numbers over the wire as they go to the backend controller. The physical security industry has taken notice and there's a new sheriff in town: The encrypted protocol OSDP which is starting to be rolled into production. Surely encryption will solve our problems and prevent MitM attacks right? ... right?\r\n \r\nIn this presentation, we'll demonstrate over a dozen vulnerabilities, concerning problems, and general \"WTF\"s in the OSDP protocol that let it be subverted, coerced, and totally bypassed. This ranges from deeply in-the-weeds clever cryptographic attacks, to boneheaded mistakes that undermine the whole thing. We will also demonstrate a practical pentesting tool that can be inserted behind an RFID badge reader to exploit these vulnerabilities.\r\n \r\nGet your orange vest and carry a ladder, because we're going onsite!\r\n\r\nREFERENCES:\r\n* ESPKey https://github.com/octosavvi/ESPKey\r\n* OSDP v2.2 Spec https://www.securityindustry.org/2020/12/15/security-industry-association-releases-version-2-2-of-sia-osdp-standard/ https://libosdp.gotomain.io/protocol/introduction.html\r\n* RS485 https://en.wikipedia.org/wiki/RS-485\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"title":"Badge of Shame: Breaking into Secure Facilities with OSDP","android_description":"Breaking into secure facilities used to be possible by inserting a listening device (such as an ESPKey) behind an RFID card reader and sniffing the unencrypted Wiegand badge numbers over the wire as they go to the backend controller. The physical security industry has taken notice and there's a new sheriff in town: The encrypted protocol OSDP which is starting to be rolled into production. Surely encryption will solve our problems and prevent MitM attacks right? ... right?\r\n \r\nIn this presentation, we'll demonstrate over a dozen vulnerabilities, concerning problems, and general \"WTF\"s in the OSDP protocol that let it be subverted, coerced, and totally bypassed. This ranges from deeply in-the-weeds clever cryptographic attacks, to boneheaded mistakes that undermine the whole thing. We will also demonstrate a practical pentesting tool that can be inserted behind an RFID badge reader to exploit these vulnerabilities.\r\n \r\nGet your orange vest and carry a ladder, because we're going onsite!\r\n\r\nREFERENCES:\r\n* ESPKey https://github.com/octosavvi/ESPKey\r\n* OSDP v2.2 Spec https://www.securityindustry.org/2020/12/15/security-industry-association-releases-version-2-2-of-sia-osdp-standard/ https://libosdp.gotomain.io/protocol/introduction.html\r\n* RS485 https://en.wikipedia.org/wiki/RS-485","end_timestamp":{"seconds":1691860500,"nanoseconds":0},"updated_timestamp":{"seconds":1687136760,"nanoseconds":0},"speakers":[{"content_ids":[50552],"conference_id":96,"event_ids":[50764],"name":"Dan \"AltF4\" Petro","affiliations":[{"organization":"Bishop Fox","title":"Senior Security Engineer"}],"links":[],"pronouns":"he/him","media":[],"id":49763,"title":"Senior Security Engineer at Bishop Fox"},{"content_ids":[50552],"conference_id":96,"event_ids":[50764],"name":"David Vargas","affiliations":[{"organization":"Bishop Fox","title":"Senior Security Consultant"}],"links":[],"pronouns":"he/him","media":[],"id":49764,"title":"Senior Security Consultant at Bishop Fox"}],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245721"}],"end":"2023-08-12T17:15:00.000-0000","id":50764,"begin_timestamp":{"seconds":1691857800,"nanoseconds":0},"village_id":null,"tag_ids":[45589,45592,45629,45630,45646,45766],"includes":"Exploit 🪲, Tool 🛠, Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49763},{"tag_id":45590,"sort_order":1,"person_id":49764}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 105,135,136 - Track 1","hotel":"","short_name":"Forum - 105,135,136 - Track 1","id":45796},"spans_timebands":"N","updated":"2023-06-19T01:06:00.000-0000","begin":"2023-08-12T16:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"We passively monitor the #DEFCON network looking for insecure network traffic. Drop by and see just how easy it can be! We strive to educate the “sheep” we catch: a friendly reminder that security matters.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"Wall of Sheep","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"We passively monitor the #DEFCON network looking for insecure network traffic. Drop by and see just how easy it can be! We strive to educate the “sheep” we catch: a friendly reminder that security matters.","updated_timestamp":{"seconds":1691375400,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":52591,"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"village_id":null,"tag_ids":[40288,45646,45743,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"spans_timebands":"N","begin":"2023-08-12T16:00:00.000-0000","updated":"2023-08-07T02:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Shell On Demand Appliance Machine (S.O.D.A. Machine) at DEF CON provided by the National Upcycled Computing Collective, Inc. (NUCC).\r\n\r\nSo, what's the S.O.D.A. Machine all about? \r\n\r\nPicture this:\r\n\r\nYou're at DEF CON, thirsty for some hacking. You're looking for a virtual machine (VM) to play with but don't want to be chained to your laptop.\r\n\r\nEnter the Shell On Demand Appliance:\r\n\r\nThis heavily modified VM is your gateway to an anonymous VM, available in the Chillout Lounge and accessible over the DEF CON network. \r\n\r\nA fusion of hardware, software, art, and hacking, all encapsulated in a project derived from recycled materials. The S.O.D.A. Machine provides a way for Humans to experience the DEF CON network in a way the secure WiFi won't allow, because the datacenter is inside the S.O.D.A. Machine and directly connected to the NOC.\r\n\r\nSimply insert cash or coins into the bill or coin acceptor to get started. The lights on the buttons will change color depending on availibility.\r\n\r\nA green light means the VM is available and ready.\r\n\r\nAn amber light requests the user to insert more money to ensure fair distribution according to current resources.\r\n\r\nA red light denotes the selection is unavailable.\r\n\r\nOnce you make a selection, the system will deploy the VM to the network and a receipt will be printed.\r\n\r\nOn the receipt, login credentials are provided for you to access your virtual machine via remote shell. You are then able to change the password, install whatever tools and applications you need, making the VM your own.\r\n\r\nWhat you do with the VM is up to you. Should you choose to share your virtual machine with someone outside of the DEF CON network, a Tor address is provided as well.\r\n\r\nAll proceeds go to the National Upcycled Computing Collective, Inc., a 501(c)(3) nonprofit organization helping further research and education in computer science, technology and engineering as an (NTEE U41) Research Institute.\r\n\r\nWe accept donations: https://www.paypal.com/paypalme/NUCC\r\n\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#77d8b8","updated_at":"2024-06-07T03:38+0000","name":"Misc","id":45640},"title":"Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)","end_timestamp":{"seconds":1691917200,"nanoseconds":0},"android_description":"The Shell On Demand Appliance Machine (S.O.D.A. Machine) at DEF CON provided by the National Upcycled Computing Collective, Inc. (NUCC).\r\n\r\nSo, what's the S.O.D.A. Machine all about? \r\n\r\nPicture this:\r\n\r\nYou're at DEF CON, thirsty for some hacking. You're looking for a virtual machine (VM) to play with but don't want to be chained to your laptop.\r\n\r\nEnter the Shell On Demand Appliance:\r\n\r\nThis heavily modified VM is your gateway to an anonymous VM, available in the Chillout Lounge and accessible over the DEF CON network. \r\n\r\nA fusion of hardware, software, art, and hacking, all encapsulated in a project derived from recycled materials. The S.O.D.A. Machine provides a way for Humans to experience the DEF CON network in a way the secure WiFi won't allow, because the datacenter is inside the S.O.D.A. Machine and directly connected to the NOC.\r\n\r\nSimply insert cash or coins into the bill or coin acceptor to get started. The lights on the buttons will change color depending on availibility.\r\n\r\nA green light means the VM is available and ready.\r\n\r\nAn amber light requests the user to insert more money to ensure fair distribution according to current resources.\r\n\r\nA red light denotes the selection is unavailable.\r\n\r\nOnce you make a selection, the system will deploy the VM to the network and a receipt will be printed.\r\n\r\nOn the receipt, login credentials are provided for you to access your virtual machine via remote shell. You are then able to change the password, install whatever tools and applications you need, making the VM your own.\r\n\r\nWhat you do with the VM is up to you. Should you choose to share your virtual machine with someone outside of the DEF CON network, a Tor address is provided as well.\r\n\r\nAll proceeds go to the National Upcycled Computing Collective, Inc., a 501(c)(3) nonprofit organization helping further research and education in computer science, technology and engineering as an (NTEE U41) Research Institute.\r\n\r\nWe accept donations: https://www.paypal.com/paypalme/NUCC","updated_timestamp":{"seconds":1690997580,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-13T09:00:00.000-0000","links":[{"label":"Twitter (@ShellsOnDemand)","type":"link","url":"https://twitter.com/ShellsOnDemand"},{"label":"Mastodon (@soda@defcon.social)","type":"link","url":"https://defcon.social/@soda"}],"id":52211,"village_id":null,"tag_ids":[45640,45646,45743],"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 121-123, 129, 137 - Chillout","hotel":"","short_name":"Forum - 121-123, 129, 137 - Chillout","id":45854},"spans_timebands":"Y","begin":"2023-08-12T16:00:00.000-0000","updated":"2023-08-02T17:33:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"All merch sales are USD CASH ONLY. No cards will be accepted.\r\n\r\nThe published hours for the merch area are only an approximation: supplies are limited, and when merch is sold out, the merch area will close for the year. (We intend to update this schedule to reflect their true operating status, but this is strictly best-effort.) \r\n\r\nNote that the closing hours here are **when sales must have ended**. For example, if sales must end by 18:00, and we estimate that it will take 2 hours to clear the queue, doors are likely to close around 16:00. Because of this dynamic nature, we can't predict the length of the line or when doors will be closed.\r\n\r\n**PLEASE NOTE**\r\n\r\nThe Saturday open time was incorrectly listed as 08:00, and has been corrected to 09:00. **PLEASE** check stock status in HackerTracker.\n\n\n","title":"Merch (formerly swag) Area Open -- README","type":{"conference_id":96,"conference":"DEFCON31","color":"#77d8b8","updated_at":"2024-06-07T03:38+0000","name":"Misc","id":45640},"end_timestamp":{"seconds":1691866800,"nanoseconds":0},"android_description":"All merch sales are USD CASH ONLY. No cards will be accepted.\r\n\r\nThe published hours for the merch area are only an approximation: supplies are limited, and when merch is sold out, the merch area will close for the year. (We intend to update this schedule to reflect their true operating status, but this is strictly best-effort.) \r\n\r\nNote that the closing hours here are **when sales must have ended**. For example, if sales must end by 18:00, and we estimate that it will take 2 hours to clear the queue, doors are likely to close around 16:00. Because of this dynamic nature, we can't predict the length of the line or when doors will be closed.\r\n\r\n**PLEASE NOTE**\r\n\r\nThe Saturday open time was incorrectly listed as 08:00, and has been corrected to 09:00. **PLEASE** check stock status in HackerTracker.","updated_timestamp":{"seconds":1691801940,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-12T19:00:00.000-0000","id":52159,"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"village_id":null,"tag_ids":[45640,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 227-230 - Merch","hotel":"","short_name":"Summit - 227-230 - Merch","id":45857},"updated":"2023-08-12T00:59:00.000-0000","begin":"2023-08-12T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Ready to upgrade your skills at the Packet Hacking Village? It’s time to play Packet Detective. A step up in difficulty from Packet Investigator, Packet Detective will test your network hunting abilities at the intermediate level. Come learn some new tricks!\n\n\n","title":"Packet Detective","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"Ready to upgrade your skills at the Packet Hacking Village? It’s time to play Packet Detective. A step up in difficulty from Packet Investigator, Packet Detective will test your network hunting abilities at the intermediate level. Come learn some new tricks!","updated_timestamp":{"seconds":1691375460,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":51740,"village_id":null,"tag_ids":[40288,45646,45743,45775],"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"spans_timebands":"N","begin":"2023-08-12T16:00:00.000-0000","updated":"2023-08-07T02:31:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"New to packet-fu? Don't know a pcap from a bottle cap? Packet Inspector is the game for you! We provide the laptops and all necessary tools for you to learn the basics of network analysis, sniffing, and forensics.\n\n\n","title":"Packet Inspector","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"New to packet-fu? Don't know a pcap from a bottle cap? Packet Inspector is the game for you! We provide the laptops and all necessary tools for you to learn the basics of network analysis, sniffing, and forensics.","updated_timestamp":{"seconds":1691375460,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":51739,"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"tag_ids":[40288,45646,45743,45775],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"updated":"2023-08-07T02:31:00.000-0000","begin":"2023-08-12T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Fleet is an open-core, cross-platform solution that provides real-time insights using osquery and GitOps-driven management for all your devices, including Mac, Windows, Linux, and ChromeOS. Join the adventure and explore a wonderland of data!\n\n\n","title":"Fleet DefCon 31 Workshop","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"android_description":"Fleet is an open-core, cross-platform solution that provides real-time insights using osquery and GitOps-driven management for all your devices, including Mac, Windows, Linux, and ChromeOS. Join the adventure and explore a wonderland of data!","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1691375760,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":51738,"village_id":null,"tag_ids":[40288,45646,45719,45743],"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"begin":"2023-08-12T16:00:00.000-0000","updated":"2023-08-07T02:36:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In this workshop, you'll learn real-world penetration testing techniques for guessing passwords using Hydra, xHydra, and Hashcat.\n\n\n","title":"Password Lab","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"In this workshop, you'll learn real-world penetration testing techniques for guessing passwords using Hydra, xHydra, and Hashcat.","updated_timestamp":{"seconds":1691375700,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":51737,"tag_ids":[40288,45646,45719,45743],"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"updated":"2023-08-07T02:35:00.000-0000","begin":"2023-08-12T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Is regex a mystery to you? We've got your back at the Packet Hacking Village. Our new interactive REGEX Trainer will walk you through learning then doing, giving you a full understanding of how Regular Expressions work. \n\n\n","title":"RegEx Trainer","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"android_description":"Is regex a mystery to you? We've got your back at the Packet Hacking Village. Our new interactive REGEX Trainer will walk you through learning then doing, giving you a full understanding of how Regular Expressions work.","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1691375640,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":51736,"village_id":null,"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"tag_ids":[40288,45646,45719,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"spans_timebands":"N","updated":"2023-08-07T02:34:00.000-0000","begin":"2023-08-12T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The NetworkOS workshop takes you into the mysterious world underpinning modern computing and global communication: the network itself. Step by step, you'll learn all the basics you need. No experience needed: must know how to type and copy/paste. \n\n\n","title":"NetworkOS: Be The Cloud","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"android_description":"The NetworkOS workshop takes you into the mysterious world underpinning modern computing and global communication: the network itself. Step by step, you'll learn all the basics you need. No experience needed: must know how to type and copy/paste.","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1691375700,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":51735,"village_id":null,"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"tag_ids":[40288,45646,45719,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"begin":"2023-08-12T16:00:00.000-0000","updated":"2023-08-07T02:35:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Are you new to hacking? Want to learn Linux? We have a workshop for you! Interactive style training will teach you the basics of this operating system step by step so you can start your journey.\n\n\n","title":"Linux Trainer Workshop","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"Are you new to hacking? Want to learn Linux? We have a workshop for you! Interactive style training will teach you the basics of this operating system step by step so you can start your journey.","updated_timestamp":{"seconds":1691375580,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":51734,"tag_ids":[40288,45646,45719,45743],"village_id":null,"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"spans_timebands":"N","updated":"2023-08-07T02:33:00.000-0000","begin":"2023-08-12T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"BYOB is intended to be a beginner friendly workshop dive into how botnets work. Attendees will use a web application to create a \"dropper\" file. (It is a tiny file whose only purposes is to fetch and execute the next stage of code). Then put the dropper file on another computer to obfuscate the command computer. The dropper is heavily obfuscated and compressed, and is a small python script. Attendees will learn how bot command and control works and cause several bots to probe a potential next target to gain access.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"title":"Build Your Own Botnet","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"BYOB is intended to be a beginner friendly workshop dive into how botnets work. Attendees will use a web application to create a \"dropper\" file. (It is a tiny file whose only purposes is to fetch and execute the next stage of code). Then put the dropper file on another computer to obfuscate the command computer. The dropper is heavily obfuscated and compressed, and is a small python script. Attendees will learn how bot command and control works and cause several bots to probe a potential next target to gain access.","updated_timestamp":{"seconds":1691375760,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":51733,"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"village_id":null,"tag_ids":[40288,45646,45719,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"begin":"2023-08-12T16:00:00.000-0000","updated":"2023-08-07T02:36:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Think you know your way around a honeypot? Come to the Packet Hacking Village for a friendly, fun, low-pressure DEFCON challenge that's open to all! This game is designed for users of all experience levels: bring your own laptop, SSH in, and explore the adventure.\n\n\n","title":"Honey Pot Workshop","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"android_description":"Think you know your way around a honeypot? Come to the Packet Hacking Village for a friendly, fun, low-pressure DEFCON challenge that's open to all! This game is designed for users of all experience levels: bring your own laptop, SSH in, and explore the adventure.","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1691375580,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":51732,"tag_ids":[40288,45646,45719,45743],"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"begin":"2023-08-12T16:00:00.000-0000","updated":"2023-08-07T02:33:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Social engineering has long been thought of as a domain for outgoing, charismatic people. However, in this talk, I will argue that introverted and socially-awkward individuals can be just as effective in social engineering as their extroverted counterparts. Drawing on my personal experience as an introverted social engineer, I will share tips and tricks for blending in, avoiding confrontation, and getting the information you need without attracting unwanted attention. Through real-world examples from my physical pentesting engagements, I will demonstrate how my “anti-social” approach has yielded results that even my more outgoing colleagues were unable to achieve. I will also dispel common misconceptions about social engineering and challenge the notion that charisma and acting skills are essential to the craft. Attendees will leave with a newfound appreciation for the power of blending in and avoiding attention, as well as practical tips for incorporating these techniques into their own social engineering engagements.\n\n\n","title":"Anti-Social Engineering: Can You Be a Good Social Engineer Without Being Social","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"Social engineering has long been thought of as a domain for outgoing, charismatic people. However, in this talk, I will argue that introverted and socially-awkward individuals can be just as effective in social engineering as their extroverted counterparts. Drawing on my personal experience as an introverted social engineer, I will share tips and tricks for blending in, avoiding confrontation, and getting the information you need without attracting unwanted attention. Through real-world examples from my physical pentesting engagements, I will demonstrate how my “anti-social” approach has yielded results that even my more outgoing colleagues were unable to achieve. I will also dispel common misconceptions about social engineering and challenge the notion that charisma and acting skills are essential to the craft. Attendees will leave with a newfound appreciation for the power of blending in and avoiding attention, as well as practical tips for incorporating these techniques into their own social engineering engagements.","end_timestamp":{"seconds":1691857800,"nanoseconds":0},"updated_timestamp":{"seconds":1690591980,"nanoseconds":0},"speakers":[{"content_ids":[51551],"conference_id":96,"event_ids":[51720],"name":"Andrew Lemon","affiliations":[{"organization":"Red Threat","title":"Principal Security Engineer"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Lemonitup"}],"pronouns":null,"media":[],"id":50688,"title":"Principal Security Engineer at Red Threat"}],"timeband_id":991,"links":[],"end":"2023-08-12T16:30:00.000-0000","id":51720,"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"village_id":null,"tag_ids":[40302,45645,45649,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50688}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social A - Social Engineering Community","hotel":"","short_name":"Social A - Social Engineering Community","id":45736},"spans_timebands":"N","updated":"2023-07-29T00:53:00.000-0000","begin":"2023-08-12T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The purpose of the Youth Challenge is to provide anyone under the age of 17 with an event for them to participate. Challenges and puzzles incorporate general cybersecurity with an emphasis on OSINT and Social Engineering. Challenges will be crafted in a way that steers participants to different villages with specific goals to broaden their exposure of different subject matter available at DEF CON. There will be a sign-up form prior to DEF CON, as well as encouraging walk-up participation for those who may not have been aware of the offering.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"Social Engineering Community (SEC) Youth Challenge","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"android_description":"The purpose of the Youth Challenge is to provide anyone under the age of 17 with an event for them to participate. Challenges and puzzles incorporate general cybersecurity with an emphasis on OSINT and Social Engineering. Challenges will be crafted in a way that steers participants to different villages with specific goals to broaden their exposure of different subject matter available at DEF CON. There will be a sign-up form prior to DEF CON, as well as encouraging walk-up participation for those who may not have been aware of the offering.","updated_timestamp":{"seconds":1690066260,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-13T01:00:00.000-0000","links":[{"label":"Twitter (@sec_defcon)","type":"link","url":"https://twitter.com/sec_defcon"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245387"}],"id":51513,"tag_ids":[45635,45649,45743],"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"village_id":64,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social A - Social Engineering Community","hotel":"","short_name":"Social A - Social Engineering Community","id":45736},"begin":"2023-08-12T16:00:00.000-0000","updated":"2023-07-22T22:51:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Don't know how to make a network cable and want to learn? Has it been years? Or do you think you're a pro? Come test your skills against the clock, and make the best cable at con!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"HardWired","android_description":"Don't know how to make a network cable and want to learn? Has it been years? Or do you think you're a pro? Come test your skills against the clock, and make the best cable at con!","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1691375520,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-13T01:00:00.000-0000","links":[{"label":"Aries Security","type":"link","url":"https://www.ariessecurity.com"},{"label":"Capture the Packet","type":"link","url":"https://www.capturethepacket.com"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245293"},{"label":"Twitter (@wallofsheep)","type":"link","url":"https://twitter.com/@wallofsheep"},{"label":"Twitter (@capturetp)","type":"link","url":"https://twitter.com/@capturetp"}],"id":51486,"tag_ids":[40288,45635,45646,45743],"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"spans_timebands":"N","begin":"2023-08-12T16:00:00.000-0000","updated":"2023-08-07T02:32:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"title":"Red Team Labs and Games for Kids","end_timestamp":{"seconds":1691859600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1689358560,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-12T17:00:00.000-0000","id":51157,"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"village_id":60,"tag_ids":[40294,45647,45719,45743,45764,45864],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 5","hotel":"","short_name":"Area 5","id":45829},"spans_timebands":"N","begin":"2023-08-12T16:00:00.000-0000","updated":"2023-07-14T18:16:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The workshop is designed to provide attendees with comprehensive knowledge and hands-on experience in the realm of offensive security. In today's digital landscape, where passwords remain a significant line of defense for organizations, understanding their vulnerabilities is crucial for both offensive and defensive purposes. This workshop aims to equip participants with the skills required to identify weak passwords, crack hashes, and perform credential-based attacks effectively.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"Passwords Argh Us","android_description":"The workshop is designed to provide attendees with comprehensive knowledge and hands-on experience in the realm of offensive security. In today's digital landscape, where passwords remain a significant line of defense for organizations, understanding their vulnerabilities is crucial for both offensive and defensive purposes. This workshop aims to equip participants with the skills required to identify weak passwords, crack hashes, and perform credential-based attacks effectively.","end_timestamp":{"seconds":1691859600,"nanoseconds":0},"updated_timestamp":{"seconds":1689358500,"nanoseconds":0},"speakers":[{"content_ids":[51089],"conference_id":96,"event_ids":[51120,51150,51151,51152],"name":"Traveler","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/traveler19/"}],"media":[],"id":50285}],"timeband_id":991,"links":[],"end":"2023-08-12T17:00:00.000-0000","id":51150,"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"tag_ids":[40294,45647,45719],"village_id":60,"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50285}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 3","hotel":"","short_name":"Area 3","id":45827},"updated":"2023-07-14T18:15:00.000-0000","begin":"2023-08-12T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Open Source Intelligence (OSINT) for Hackers workshop, as part of the Red Team Village, provides extensive information and hands on lessons relating to surface and deep web searching along with advanced online search techniques & strategies, online privacy / anonymity tools, counterintelligence techniques used by the criminal element, search techniques of blogs and social networks including social media monitoring, utilize database systems, methods to obtain historical website pages, develop previous domain & website details that no longer exist, geolocating, reverse imaging, transfer of large files, screenshot capabilities, and much more all focused on helping Hackers related to threat hunting, red teaming and information gathering.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"title":"Open Source Intelligence (OSINT) for Hackers","end_timestamp":{"seconds":1691863200,"nanoseconds":0},"android_description":"The Open Source Intelligence (OSINT) for Hackers workshop, as part of the Red Team Village, provides extensive information and hands on lessons relating to surface and deep web searching along with advanced online search techniques & strategies, online privacy / anonymity tools, counterintelligence techniques used by the criminal element, search techniques of blogs and social networks including social media monitoring, utilize database systems, methods to obtain historical website pages, develop previous domain & website details that no longer exist, geolocating, reverse imaging, transfer of large files, screenshot capabilities, and much more all focused on helping Hackers related to threat hunting, red teaming and information gathering.","updated_timestamp":{"seconds":1689358320,"nanoseconds":0},"speakers":[{"content_ids":[51075,51084],"conference_id":96,"event_ids":[51116,51145,51107,51146,51147,51148,51149],"name":"Lee McWhorter","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/tleemcjr"}],"media":[],"id":50269},{"content_ids":[51075,51084],"conference_id":96,"event_ids":[51116,51145,51107,51146,51147,51148,51149],"name":"Sandra Stibbards","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Camelotinv"}],"pronouns":null,"media":[],"id":50281}],"timeband_id":991,"links":[],"end":"2023-08-12T18:00:00.000-0000","id":51145,"village_id":60,"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"tag_ids":[40294,45647,45719],"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50269},{"tag_id":45633,"sort_order":1,"person_id":50281}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 4","hotel":"","short_name":"Area 4","id":45828},"spans_timebands":"N","updated":"2023-07-14T18:12:00.000-0000","begin":"2023-08-12T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Want to learn how hackers compromise unlocked computers in seconds? Come build your own USB hacking tool in this beginner-friendly workshop, and learn to write prank payloads with your new cat-shaped hacking companion, the “USB Nugget”! You’ll learn the techniques & tools hackers use to deploy USB attacks, and compete for prizes in a mini hackathon to make the most destructive payload!\n\n\n","title":"Build Your Own Cat-Shaped USB Hacking Tool! (with the Nugget)","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691866800,"nanoseconds":0},"android_description":"Want to learn how hackers compromise unlocked computers in seconds? Come build your own USB hacking tool in this beginner-friendly workshop, and learn to write prank payloads with your new cat-shaped hacking companion, the “USB Nugget”! You’ll learn the techniques & tools hackers use to deploy USB attacks, and compete for prizes in a mini hackathon to make the most destructive payload!","updated_timestamp":{"seconds":1689358080,"nanoseconds":0},"speakers":[{"content_ids":[51072],"conference_id":96,"event_ids":[51105,51131],"name":"Alex Lynd","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/alexlynd"}],"pronouns":null,"media":[],"id":50258}],"timeband_id":991,"links":[],"end":"2023-08-12T19:00:00.000-0000","id":51131,"village_id":60,"tag_ids":[40294,45647,45719],"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50258}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 2","hotel":"","short_name":"Area 2","id":45826},"begin":"2023-08-12T16:00:00.000-0000","updated":"2023-07-14T18:08:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"We will have our Meta Quest 2, Meta Quest Pro and Ray-Ban Stories devices available and firmware on-site to support native/hardware live hack competitions.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"Hacking Meta Quest","end_timestamp":{"seconds":1691863200,"nanoseconds":0},"android_description":"We will have our Meta Quest 2, Meta Quest Pro and Ray-Ban Stories devices available and firmware on-site to support native/hardware live hack competitions.","updated_timestamp":{"seconds":1689358560,"nanoseconds":0},"speakers":[{"content_ids":[51092],"conference_id":96,"event_ids":[51123],"name":"Paul D.","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/knetivty"}],"media":[],"id":50277}],"timeband_id":991,"links":[],"end":"2023-08-12T18:00:00.000-0000","id":51123,"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"village_id":60,"tag_ids":[40294,45647,45719],"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50277}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 6","hotel":"","short_name":"Area 6","id":45830},"spans_timebands":"N","updated":"2023-07-14T18:16:00.000-0000","begin":"2023-08-12T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"As mobile devices have become increasingly prevalent, the security of Android applications has become a critical concern. Pentesting is an essential process for identifying and mitigating potential vulnerabilities in these applications, but Android app hacking is a specialized area that is less well-documented than other pentesting techniques. In this session, the focus will be on how to pentest Android apps and their APIs.The presentation will address key questions such as what Android pentesting is, how to set up an Android App pentest lab, and how to pentest an Android App and its APIs from start to finish.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"Android Applications and APIs Hacking","android_description":"As mobile devices have become increasingly prevalent, the security of Android applications has become a critical concern. Pentesting is an essential process for identifying and mitigating potential vulnerabilities in these applications, but Android app hacking is a specialized area that is less well-documented than other pentesting techniques. In this session, the focus will be on how to pentest Android apps and their APIs.The presentation will address key questions such as what Android pentesting is, how to set up an Android App pentest lab, and how to pentest an Android App and its APIs from start to finish.","end_timestamp":{"seconds":1691859600,"nanoseconds":0},"updated_timestamp":{"seconds":1689358560,"nanoseconds":0},"speakers":[{"content_ids":[52133,51091],"conference_id":96,"event_ids":[51122,52353],"name":"Gabrielle Botbol","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/gabriellebotbol/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/Gabrielle_BGB"}],"pronouns":null,"media":[],"id":51339}],"timeband_id":991,"links":[],"end":"2023-08-12T17:00:00.000-0000","id":51122,"village_id":60,"tag_ids":[40294,45647,45719],"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51339}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 1","hotel":"","short_name":"Area 1","id":45825},"updated":"2023-07-14T18:16:00.000-0000","begin":"2023-08-12T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"On May 4th, the White House announced the AI Village at DEF CON's Generative AI Red Team and their participation, followed by announcements from the House and Senate AI Caucus leadership and the National Science Foundation.\r\n\r\nIn this panel, we'll hear from top officials and executives about how they're balancing the explosion of creativity and entrepreneurship from the advent of GenAI with the known & unknown risks of deployment at scale.\r\n\r\nWe'll also hear how this exercise is viewed as a model for enhancing trust & safety through democratizing AI education. Panelists will also discuss why it's meaningful to bring together thousands of people from different communities to conduct the exercise across the available AI models.\r\n\r\nREFERENCES:\r\n\r\nWe Need Bug Bounties for Bad Algorithms - Amit Elazari - https://www.vice.com/en/article/8xkyj3/we-need-bug-bounties-for-bad-algorithms\r\n\r\nIntroducing Twitter’s first algorithmic bias bounty challenge - Rumman Chowdhury & Jutta Williams - https://blog.twitter.com/engineering/en_us/topics/insights/2021/algorithmic-bias-bounty-challenge\r\n\r\nSharing learnings from the first algorithmic bias bounty challenge - Kyra Yee & Irene Font Peradejordi - https://blog.twitter.com/engineering/en_us/topics/insights/2021/learnings-from-the-first-algorithmic-bias-bounty-challenge\r\n\r\nBias Buccaneers - Rumman Chowdhury, Jutta Williams, Subho Majumdar, Scott Steinhardt, Ben Colman - https://www.biasbuccaneers.org/\r\n\r\nAn Algorithmic Framework for Bias Bounties - Ira Globus-Harris, Michael Kearns, Aaron Roth - https://arxiv.org/abs/2201.10408\r\n\r\nMachine Learning Security Evasion Competition - Hyrum Anderson, et al. - https://mlsec.io/ https://cujo.com/announcing-the-winners-of-the-2021-machine-learning-security-evasion-competition/\r\n\r\nMITRE ATLAS - Ram Shankar Siva Kumar, et al - https://atlas.mitre.org/\r\n\r\nThe Spherical Cow of ML Security - Sven Cattell - http://aivillage.org/adversarial%20ml/spherical-cow/\r\n\r\nThe Case for a Hippocratic Oath for Connected Medical Devices: Viewpoint - Beau Woods, Andrea Coravos, and Joshua David Corman - https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6444210/\r\n\r\nAnnouncing OpenAI’s Bug Bounty Program - https://openai.com/blog/bug-bounty-program\r\n\r\nMicrosoft Malware Classification Challenge - Royi Ronen, Marian Radu, Corina Feuerstein, Elad Yom-Tov, Mansour Ahmadi - https://www.kaggle.com/c/malware-classification https://arxiv.org/abs/1802.10135\n\n\n","title":"Hack the Future: Why Congress and the White House are supporting AI Red Teaming","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691858700,"nanoseconds":0},"android_description":"On May 4th, the White House announced the AI Village at DEF CON's Generative AI Red Team and their participation, followed by announcements from the House and Senate AI Caucus leadership and the National Science Foundation.\r\n\r\nIn this panel, we'll hear from top officials and executives about how they're balancing the explosion of creativity and entrepreneurship from the advent of GenAI with the known & unknown risks of deployment at scale.\r\n\r\nWe'll also hear how this exercise is viewed as a model for enhancing trust & safety through democratizing AI education. Panelists will also discuss why it's meaningful to bring together thousands of people from different communities to conduct the exercise across the available AI models.\r\n\r\nREFERENCES:\r\n\r\nWe Need Bug Bounties for Bad Algorithms - Amit Elazari - https://www.vice.com/en/article/8xkyj3/we-need-bug-bounties-for-bad-algorithms\r\n\r\nIntroducing Twitter’s first algorithmic bias bounty challenge - Rumman Chowdhury & Jutta Williams - https://blog.twitter.com/engineering/en_us/topics/insights/2021/algorithmic-bias-bounty-challenge\r\n\r\nSharing learnings from the first algorithmic bias bounty challenge - Kyra Yee & Irene Font Peradejordi - https://blog.twitter.com/engineering/en_us/topics/insights/2021/learnings-from-the-first-algorithmic-bias-bounty-challenge\r\n\r\nBias Buccaneers - Rumman Chowdhury, Jutta Williams, Subho Majumdar, Scott Steinhardt, Ben Colman - https://www.biasbuccaneers.org/\r\n\r\nAn Algorithmic Framework for Bias Bounties - Ira Globus-Harris, Michael Kearns, Aaron Roth - https://arxiv.org/abs/2201.10408\r\n\r\nMachine Learning Security Evasion Competition - Hyrum Anderson, et al. - https://mlsec.io/ https://cujo.com/announcing-the-winners-of-the-2021-machine-learning-security-evasion-competition/\r\n\r\nMITRE ATLAS - Ram Shankar Siva Kumar, et al - https://atlas.mitre.org/\r\n\r\nThe Spherical Cow of ML Security - Sven Cattell - http://aivillage.org/adversarial%20ml/spherical-cow/\r\n\r\nThe Case for a Hippocratic Oath for Connected Medical Devices: Viewpoint - Beau Woods, Andrea Coravos, and Joshua David Corman - https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6444210/\r\n\r\nAnnouncing OpenAI’s Bug Bounty Program - https://openai.com/blog/bug-bounty-program\r\n\r\nMicrosoft Malware Classification Challenge - Royi Ronen, Marian Radu, Corina Feuerstein, Elad Yom-Tov, Mansour Ahmadi - https://www.kaggle.com/c/malware-classification https://arxiv.org/abs/1802.10135","updated_timestamp":{"seconds":1688179920,"nanoseconds":0},"speakers":[{"content_ids":[50651,50652,51521],"conference_id":96,"event_ids":[50846,50847,51677],"name":"Austin Carson","affiliations":[{"organization":"SeedAI","title":"Founder & President"}],"links":[],"pronouns":"he/him","media":[],"id":49938,"title":"Founder & President at SeedAI"},{"content_ids":[50652],"conference_id":96,"event_ids":[50847],"name":"Arati Prabhakar","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51633}],"timeband_id":991,"end":"2023-08-12T16:45:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246105"}],"id":50847,"tag_ids":[45589,45646,45766],"village_id":null,"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51633},{"tag_id":45590,"sort_order":1,"person_id":49938}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 407-410 - Track 4","hotel":"","short_name":"Academy - 407-410 - Track 4","id":45799},"begin":"2023-08-12T16:00:00.000-0000","updated":"2023-07-01T02:52:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"MacOS is known for an additional layer of privacy controls called TCC - Transparency, Consent, and Control (TCC) that restricts access to sensitive personal resources: documents, camera, microphone, emails, and more. Granting such access requires authorization, and the mechanism's main design concern was clear user consent.\r\n\r\nDespite many vulnerabilities in that mechanism found in the past, using 0-days during red teaming engagements is impractical. Apple fixes TCC vulnerabilities but red teams still have to get access to files saved on the victim’s desktop or be able take a screenshot.\r\n\r\nWhat if I tell you that there are many open doors to resolve all the TCC problems that are already installed on your target machines?! Electron apps are everywhere. And you probably heard the joke that: ‘S’ in Electron stands for security.\r\n\r\nIn this talk I will share a new tool that, by abusing Electron default configuration, allows executing code in the context of those Electron apps and thus inherit their TCC permissions.\r\n\r\nThe audience will leave with a solid understanding of the macOS privacy restrictions framework (TCC) and its weaknesses. The part of the audience interested in macOS red teaming will also get to know my new, free and open source tool. Blue teams on the stage will also see some ideas regarding detections.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"title":"ELECTRONizing macOS privacy - a new weapon in your red teaming armory","android_description":"MacOS is known for an additional layer of privacy controls called TCC - Transparency, Consent, and Control (TCC) that restricts access to sensitive personal resources: documents, camera, microphone, emails, and more. Granting such access requires authorization, and the mechanism's main design concern was clear user consent.\r\n\r\nDespite many vulnerabilities in that mechanism found in the past, using 0-days during red teaming engagements is impractical. Apple fixes TCC vulnerabilities but red teams still have to get access to files saved on the victim’s desktop or be able take a screenshot.\r\n\r\nWhat if I tell you that there are many open doors to resolve all the TCC problems that are already installed on your target machines?! Electron apps are everywhere. And you probably heard the joke that: ‘S’ in Electron stands for security.\r\n\r\nIn this talk I will share a new tool that, by abusing Electron default configuration, allows executing code in the context of those Electron apps and thus inherit their TCC permissions.\r\n\r\nThe audience will leave with a solid understanding of the macOS privacy restrictions framework (TCC) and its weaknesses. The part of the audience interested in macOS red teaming will also get to know my new, free and open source tool. Blue teams on the stage will also see some ideas regarding detections.","end_timestamp":{"seconds":1691857200,"nanoseconds":0},"updated_timestamp":{"seconds":1687138920,"nanoseconds":0},"speakers":[{"content_ids":[50587],"conference_id":96,"event_ids":[50816],"name":"Wojciech Reguła","affiliations":[{"organization":"SecuRing","title":"Principal Security Consultant"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/wojciech-regula/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/_r3ggi"},{"description":"","title":"Website","sort_order":0,"url":"https://wojciechregula.blog"}],"pronouns":null,"media":[],"id":49819,"title":"Principal Security Consultant at SecuRing"}],"timeband_id":991,"end":"2023-08-12T16:20:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245758"}],"id":50816,"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"village_id":null,"tag_ids":[45589,45592,45630,45646,45766],"includes":"Tool 🛠, Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49819}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 130-134 - Track 3","hotel":"","short_name":"Forum - 130-134 - Track 3","id":45798},"updated":"2023-06-19T01:42:00.000-0000","begin":"2023-08-12T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"For too long, web race-condition attacks have focused on a tiny handful of scenarios. Their true potential has been masked thanks to tricky workflows, missing tooling, and simple network jitter hiding all but the most trivial, obvious examples. In this session, I'll introduce multiple new classes of race condition that go far beyond the limit-overrun exploits you're probably already familiar with.\r\n \r\nInside every website lurks a state machine: a delicately balanced system of states and transitions that each user, session, and object can flow through. I'll show how to fire salvos of conflicting inputs at high-profile websites to make state machines collapse, enabling you to forge trusted data, misroute tokens, and mask backdoors.\r\n \r\nTo handle this explosion of attack surface, I'll share a polished methodology designed to help you eke out subtle tell-tale clues and scent blood long before sacrificing anything to the RNG gods. I've also taken lore amassed over years of research into HTTP Desync Attacks and developed a strategy that can squeeze 30 requests sent from Melbourne to Dublin into a sub-1ms execution window. Alongside the open source tool, we'll also release free online labs so you can try out your new skillset immediately.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"title":"Smashing the state machine: the true potential of web race conditions","end_timestamp":{"seconds":1691858700,"nanoseconds":0},"android_description":"For too long, web race-condition attacks have focused on a tiny handful of scenarios. Their true potential has been masked thanks to tricky workflows, missing tooling, and simple network jitter hiding all but the most trivial, obvious examples. In this session, I'll introduce multiple new classes of race condition that go far beyond the limit-overrun exploits you're probably already familiar with.\r\n \r\nInside every website lurks a state machine: a delicately balanced system of states and transitions that each user, session, and object can flow through. I'll show how to fire salvos of conflicting inputs at high-profile websites to make state machines collapse, enabling you to forge trusted data, misroute tokens, and mask backdoors.\r\n \r\nTo handle this explosion of attack surface, I'll share a polished methodology designed to help you eke out subtle tell-tale clues and scent blood long before sacrificing anything to the RNG gods. I've also taken lore amassed over years of research into HTTP Desync Attacks and developed a strategy that can squeeze 30 requests sent from Melbourne to Dublin into a sub-1ms execution window. Alongside the open source tool, we'll also release free online labs so you can try out your new skillset immediately.","updated_timestamp":{"seconds":1687137000,"nanoseconds":0},"speakers":[{"content_ids":[50555],"conference_id":96,"event_ids":[50782],"name":"James \"albinowax\" Kettle","affiliations":[{"organization":"PortSwigger","title":"Director of Research"}],"pronouns":"he/him","links":[{"description":"","title":"Mastodon (@albinowax@infosec.exchange)","sort_order":0,"url":"https://infosec.exchange/@albinowax"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/albinowax"},{"description":"","title":"Website","sort_order":0,"url":"https://skeletonscribe.net"}],"media":[],"id":49767,"title":"Director of Research at PortSwigger"}],"timeband_id":991,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245726"}],"end":"2023-08-12T16:45:00.000-0000","id":50782,"village_id":null,"tag_ids":[45589,45592,45629,45630,45646,45766],"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"includes":"Exploit 🪲, Tool 🛠, Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49767}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"spans_timebands":"N","updated":"2023-06-19T01:10:00.000-0000","begin":"2023-08-12T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The security of digital certificates is too often undermined by the use of poor entropy sources in key generation. Flawed entropy can be hard to discover, especially when analyzing individual devices. However, some flaws can be detected when a large set of keys from the same entropy source are analyzed, as was dramatically demonstrated in 2012 and 2016 by the detection of weak HTTPS keys on the Internet.\r\n\r\nIn this talk, we present tools and techniques to identify weak keys at scale, by checking issued certificates obtained from passive monitoring, active network scans, or certificate authority logs. Our tools use efficient multithreaded implementations of network monitors, scanners, certificate parsers, and mathematical tests. The batch greatest common divisor test (BGCD) identifies RSA public keys with common factors, and outputs the corresponding private keys. The common key test identifies distinct devices that share identical keys. We report on findings from both tests and demonstrate how to audit HTTPS servers, run BGCD on 100M+ keys, identify RSA keys with common factors, and generate the corresponding private keys. Because nothing convinces like an attack, we show how to produce and use PEM files for factored keys. \r\n\r\nREFERENCES: \r\nAndrew Chi, Brandon Enright, David McGrew. The Mercury Batch GCD Utility. https://github.com/cisco/mercury/blob/main/doc/batch-gcd.md\r\nDavid McGrew, The Mercury cert_analyze Utility. https://github.com/cisco/mercury/blob/main/src/cert_analyze.cc\r\nDavid McGrew, Blake Anderson. The Mercury tls_scanner Utility. https://github.com/cisco/mercury/blob/main/src/tls_scanner.cc\r\nNadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. Mining your ps and qs: Detection of widespread weak keys in network devices. In Tadayoshi Kohno, editor, Proceedings of the 21th USENIX Security Symposium, Bellevue, WA, USA, August 8-10, 2012, pages 205–220. USENIX Association, 2012. https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/heninger.\r\nMarcella Hastings, Joshua Fried, and Nadia Heninger. Weak keys remain widespread in network devices. In Phillipa Gill, John S. Heidemann, John W. Byers, and Ramesh Govindan, editors, Proceedings of the 2016 ACM on Internet Measurement Conference, IMC 2016, Santa Monica, CA, USA, November 14-16, 2016, pages 49–63. http://dl.acm.org/citation.cfm?id=2987486.\n\n\n","title":"Assessing the Security of Certificates at Scale","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"android_description":"The security of digital certificates is too often undermined by the use of poor entropy sources in key generation. Flawed entropy can be hard to discover, especially when analyzing individual devices. However, some flaws can be detected when a large set of keys from the same entropy source are analyzed, as was dramatically demonstrated in 2012 and 2016 by the detection of weak HTTPS keys on the Internet.\r\n\r\nIn this talk, we present tools and techniques to identify weak keys at scale, by checking issued certificates obtained from passive monitoring, active network scans, or certificate authority logs. Our tools use efficient multithreaded implementations of network monitors, scanners, certificate parsers, and mathematical tests. The batch greatest common divisor test (BGCD) identifies RSA public keys with common factors, and outputs the corresponding private keys. The common key test identifies distinct devices that share identical keys. We report on findings from both tests and demonstrate how to audit HTTPS servers, run BGCD on 100M+ keys, identify RSA keys with common factors, and generate the corresponding private keys. Because nothing convinces like an attack, we show how to produce and use PEM files for factored keys. \r\n\r\nREFERENCES: \r\nAndrew Chi, Brandon Enright, David McGrew. The Mercury Batch GCD Utility. https://github.com/cisco/mercury/blob/main/doc/batch-gcd.md\r\nDavid McGrew, The Mercury cert_analyze Utility. https://github.com/cisco/mercury/blob/main/src/cert_analyze.cc\r\nDavid McGrew, Blake Anderson. The Mercury tls_scanner Utility. https://github.com/cisco/mercury/blob/main/src/tls_scanner.cc\r\nNadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. Mining your ps and qs: Detection of widespread weak keys in network devices. In Tadayoshi Kohno, editor, Proceedings of the 21th USENIX Security Symposium, Bellevue, WA, USA, August 8-10, 2012, pages 205–220. USENIX Association, 2012. https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/heninger.\r\nMarcella Hastings, Joshua Fried, and Nadia Heninger. Weak keys remain widespread in network devices. In Phillipa Gill, John S. Heidemann, John W. Byers, and Ramesh Govindan, editors, Proceedings of the 2016 ACM on Internet Measurement Conference, IMC 2016, Santa Monica, CA, USA, November 14-16, 2016, pages 49–63. http://dl.acm.org/citation.cfm?id=2987486.","end_timestamp":{"seconds":1691857200,"nanoseconds":0},"updated_timestamp":{"seconds":1687140060,"nanoseconds":0},"speakers":[{"content_ids":[50603],"conference_id":96,"event_ids":[50772],"name":"David McGrew","affiliations":[{"organization":"Cisco Systems","title":"Fellow"}],"pronouns":"he/him","links":[{"description":"","title":"Website","sort_order":0,"url":"https://hnull.org"}],"media":[],"id":49841,"title":"Fellow at Cisco Systems"},{"content_ids":[50603],"conference_id":96,"event_ids":[50772],"name":"Brandon Enright","affiliations":[{"organization":"Cisco CSIRT","title":"Lead DIFR investigator"}],"links":[],"pronouns":"he/him","media":[],"id":49842,"title":"Lead DIFR investigator at Cisco CSIRT"},{"content_ids":[50603],"conference_id":96,"event_ids":[50772],"name":"Andrew Chi","affiliations":[{"organization":"Cisco","title":"Security Research Engineering Technical Leader"}],"links":[],"pronouns":"he/him","media":[],"id":49843,"title":"Security Research Engineering Technical Leader at Cisco"}],"timeband_id":991,"end":"2023-08-12T16:20:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245774"}],"id":50772,"village_id":null,"tag_ids":[45589,45592,45630,45646,45766],"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"includes":"Tool 🛠, Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49843},{"tag_id":45590,"sort_order":1,"person_id":49842},{"tag_id":45590,"sort_order":1,"person_id":49841}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 105,135,136 - Track 1","hotel":"","short_name":"Forum - 105,135,136 - Track 1","id":45796},"begin":"2023-08-12T16:00:00.000-0000","updated":"2023-06-19T02:01:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"There have been plenty of talks on intro BLE security topics, it’s time for us to put it to use. This workshop will serve as a refresher for the BLE skills gained in previous talks, while walking students to the next level through utilizing BLE as an initial ingress vector to compromise a simulated corporate network. Come join us while we demonstrate the importance of investigating all wireless protocols in your corporate environment.\r\n\r\nSkill Level: Intermediate\r\n\r\nPrerequisites for students: \r\n- None\r\n\r\nMaterials or Equipment students will need to bring to participate:\r\n- Laptop\r\n- Android Phone\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#eab14f","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Workshop","id":45634},"title":"BLE Security 201 (Pre-Registration Required)","end_timestamp":{"seconds":1691870400,"nanoseconds":0},"android_description":"There have been plenty of talks on intro BLE security topics, it’s time for us to put it to use. This workshop will serve as a refresher for the BLE skills gained in previous talks, while walking students to the next level through utilizing BLE as an initial ingress vector to compromise a simulated corporate network. Come join us while we demonstrate the importance of investigating all wireless protocols in your corporate environment.\r\n\r\nSkill Level: Intermediate\r\n\r\nPrerequisites for students: \r\n- None\r\n\r\nMaterials or Equipment students will need to bring to participate:\r\n- Laptop\r\n- Android Phone","updated_timestamp":{"seconds":1688058060,"nanoseconds":0},"speakers":[{"content_ids":[50637],"conference_id":96,"event_ids":[50745],"name":"Maxine \"Freqy\" Filcher","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49901},{"content_ids":[50637],"conference_id":96,"event_ids":[50745],"name":"Zach \"justadequate\" Reavis","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49902}],"timeband_id":991,"links":[{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/maxine-filcher-zach-reavis-ble-security-201-tickets-668394093727?aff=oddtdtcreator"}],"end":"2023-08-12T20:00:00.000-0000","id":50745,"tag_ids":[45634,45654,45743,45877],"village_id":null,"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49901},{"tag_id":45590,"sort_order":1,"person_id":49902}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"updated":"2023-06-29T17:01:00.000-0000","begin":"2023-08-12T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Containers allow bad actors access to an excellent delivery mechanism for malware deployment in organizations, offering a wide variety of detection avoidance and persistence mechanisms. Fear not protectors, containers also offer ways to detect these, but can be fraught with challenges. Whether you're red, blue or just container curious this workshop is for you.\r\n\r\nIn this workshop, you will get hands-on with containers and kubernetes, - starting with introductory content - learning how they work, where and how to hide or find things, how to identify indicators of compromise, indicators of attack, and how to apply analysis to gain a deeper understanding of container malware and what is going on inside containers.\r\n\r\nThis workshop will utilize the Google Cloud Platform alongside command line operands and a small amount of open source tooling to learn both offensive and defense techniques on containers. By the end, you’ll have a solid mental model of how containers work, how they are managed and deployed, and be equipped with the ability to analyze container images, identify problems, attack container supply chains and identify familiar patterns. Ultimately, these skills will allow you to generate valuable insights for your organization’s defense or aid you in your next attack.\r\n\r\nThis course is designed to take you deep into the world of containers, making tooling like Kubernetes much more intuitive and easy to understand.There’s lots of labs which will be used to reinforce your learnings,in both attack and defense and the course comes with very detailed notes and instructions for setup which you can repeat on your own time. This course will provide references to scripts that make certain tasks easier, but we will be challenging you to learn the process and reasoning behind them rather than relying on automation.\r\n\r\nAttendees will be provided with all the lab material used in the course in digital format, including labs, guides and virtual machine setup.\r\n\r\nSkill Level: Beginner to Intermediate\r\n\r\nPrerequisites for students: \r\n- None! the class is well designed to allow those with little to no linux, kubernetes or cloud familiarity to follow along, but a basic familiarity with Linux and terminal will allow attendees to focus on the work.\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- A Google Cloud free tier account (basically a fresh gmail account)\r\n- an internet connected computer\r\n- We will send out instructions to attendees prior to the class, so they can be ready on the day.\n\n\n","title":"Creating and uncovering malicious containers Redux (Pre-Registration Required)","type":{"conference_id":96,"conference":"DEFCON31","color":"#eab14f","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Workshop","id":45634},"end_timestamp":{"seconds":1691870400,"nanoseconds":0},"android_description":"Containers allow bad actors access to an excellent delivery mechanism for malware deployment in organizations, offering a wide variety of detection avoidance and persistence mechanisms. Fear not protectors, containers also offer ways to detect these, but can be fraught with challenges. Whether you're red, blue or just container curious this workshop is for you.\r\n\r\nIn this workshop, you will get hands-on with containers and kubernetes, - starting with introductory content - learning how they work, where and how to hide or find things, how to identify indicators of compromise, indicators of attack, and how to apply analysis to gain a deeper understanding of container malware and what is going on inside containers.\r\n\r\nThis workshop will utilize the Google Cloud Platform alongside command line operands and a small amount of open source tooling to learn both offensive and defense techniques on containers. By the end, you’ll have a solid mental model of how containers work, how they are managed and deployed, and be equipped with the ability to analyze container images, identify problems, attack container supply chains and identify familiar patterns. Ultimately, these skills will allow you to generate valuable insights for your organization’s defense or aid you in your next attack.\r\n\r\nThis course is designed to take you deep into the world of containers, making tooling like Kubernetes much more intuitive and easy to understand.There’s lots of labs which will be used to reinforce your learnings,in both attack and defense and the course comes with very detailed notes and instructions for setup which you can repeat on your own time. This course will provide references to scripts that make certain tasks easier, but we will be challenging you to learn the process and reasoning behind them rather than relying on automation.\r\n\r\nAttendees will be provided with all the lab material used in the course in digital format, including labs, guides and virtual machine setup.\r\n\r\nSkill Level: Beginner to Intermediate\r\n\r\nPrerequisites for students: \r\n- None! the class is well designed to allow those with little to no linux, kubernetes or cloud familiarity to follow along, but a basic familiarity with Linux and terminal will allow attendees to focus on the work.\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- A Google Cloud free tier account (basically a fresh gmail account)\r\n- an internet connected computer\r\n- We will send out instructions to attendees prior to the class, so they can be ready on the day.","updated_timestamp":{"seconds":1688057580,"nanoseconds":0},"speakers":[{"content_ids":[50634,52054],"conference_id":96,"event_ids":[50742,52273],"name":"Adrian \"threlfall\" Wood","affiliations":[{"organization":"Dropbox","title":""}],"links":[],"pronouns":null,"media":[],"id":49896,"title":"Dropbox"},{"content_ids":[50634],"conference_id":96,"event_ids":[50742],"name":"David \"digish0\" Mitchell","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49897}],"timeband_id":991,"links":[{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/adrian-wood-creating-and-uncovering-malicious-containers-redux-tickets-668385056697?aff=oddtdtcreator"}],"end":"2023-08-12T20:00:00.000-0000","id":50742,"tag_ids":[45634,45653,45743,45877],"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49896},{"tag_id":45590,"sort_order":1,"person_id":49897}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"spans_timebands":"N","updated":"2023-06-29T16:53:00.000-0000","begin":"2023-08-12T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Breaking into the capture the flag (CTF) world can be daunting and many people are overwhelmed when faced with participation in these events and challenges. With how beneficial the various challenges can be to both beginners and seasoned professionals, we want to demystify this world and help people get the most out of them.\r\n\r\nThis workshop will start with an overview of the CTF landscape, why we do them, and what value they have in the scope of the hacking community. This presentation will include various resources and a few simple demos to show how to approach a CTF and how it may differ from \"real world\" hacking challenges that many of us face in our professions. Next, a short CTF will be hosted to give attendees hands-on experience solving challenges with the ability to ask for help and will be guided through the approach to successfully navigating these challenges. Upon completion, the group will have worked through various types of hacking challenges and will have the confidence to participate in other CTFs hosted throughout the year.\r\n\r\nAreas of focus will include:\r\n\r\n* Common platforms and formats\r\n* Overview of online resources, repositories, and how to progress\r\n* Common tools used in CTFs and hacking challenges\r\n* Basics of web challenges\r\n* Basics of binary exploitation and reversing challenges\r\n* Basics of cryptographic challenges\r\n* Basics of forensic and network traffic challenges\r\n\r\nSkill Level: Beginner\r\n\r\nPrerequisites for students:\r\n- Be curious about CTFs and have a very basic knowledge of or exposure to fundamental topics (e.g., Linux, websites, networking, data encoding and encryption)\r\n- Exposure to the above concepts will help during the workshop defined CTF challenges but is not required for the workshop\r\n\r\nMaterials or Equipment students will need to bring to participate:\r\n- Laptop\r\n- Debian-based Virtual Machine (e.g., Kali) is recommended\r\n- Virtualized environment or Kali is not required but Kali will provide all the tools useful in solving the challenges and help standardize available tools. All challenge solutions will be possible using default Kali installations.\r\n- A limited number of Kali-Chromebooks and hosted resources will be available for those having issues or unable to bring their own systems.\n\n\n","title":"The Petting Zoo: Breaking into CTFs (Pre-Registration Required)","type":{"conference_id":96,"conference":"DEFCON31","color":"#eab14f","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Workshop","id":45634},"end_timestamp":{"seconds":1691870400,"nanoseconds":0},"android_description":"Breaking into the capture the flag (CTF) world can be daunting and many people are overwhelmed when faced with participation in these events and challenges. With how beneficial the various challenges can be to both beginners and seasoned professionals, we want to demystify this world and help people get the most out of them.\r\n\r\nThis workshop will start with an overview of the CTF landscape, why we do them, and what value they have in the scope of the hacking community. This presentation will include various resources and a few simple demos to show how to approach a CTF and how it may differ from \"real world\" hacking challenges that many of us face in our professions. Next, a short CTF will be hosted to give attendees hands-on experience solving challenges with the ability to ask for help and will be guided through the approach to successfully navigating these challenges. Upon completion, the group will have worked through various types of hacking challenges and will have the confidence to participate in other CTFs hosted throughout the year.\r\n\r\nAreas of focus will include:\r\n\r\n* Common platforms and formats\r\n* Overview of online resources, repositories, and how to progress\r\n* Common tools used in CTFs and hacking challenges\r\n* Basics of web challenges\r\n* Basics of binary exploitation and reversing challenges\r\n* Basics of cryptographic challenges\r\n* Basics of forensic and network traffic challenges\r\n\r\nSkill Level: Beginner\r\n\r\nPrerequisites for students:\r\n- Be curious about CTFs and have a very basic knowledge of or exposure to fundamental topics (e.g., Linux, websites, networking, data encoding and encryption)\r\n- Exposure to the above concepts will help during the workshop defined CTF challenges but is not required for the workshop\r\n\r\nMaterials or Equipment students will need to bring to participate:\r\n- Laptop\r\n- Debian-based Virtual Machine (e.g., Kali) is recommended\r\n- Virtualized environment or Kali is not required but Kali will provide all the tools useful in solving the challenges and help standardize available tools. All challenge solutions will be possible using default Kali installations.\r\n- A limited number of Kali-Chromebooks and hosted resources will be available for those having issues or unable to bring their own systems.","updated_timestamp":{"seconds":1688057100,"nanoseconds":0},"speakers":[{"content_ids":[50631,52283],"conference_id":96,"event_ids":[52547,50739],"name":"Christopher Forte","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49889},{"content_ids":[50631],"conference_id":96,"event_ids":[50739],"name":"Robert Fitzpatrick","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49890}],"timeband_id":991,"end":"2023-08-12T20:00:00.000-0000","links":[{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/christopher-forte-robert-fitzpatrick-the-petting-zoo-breaking-into-ctfs-tickets-668387895187?aff=oddtdtcreator"}],"id":50739,"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"village_id":null,"tag_ids":[45634,45652,45743,45877],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49889},{"tag_id":45590,"sort_order":1,"person_id":49890}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"spans_timebands":"N","updated":"2023-06-29T16:45:00.000-0000","begin":"2023-08-12T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Threat actors such as ransomware affiliates around the world are carrying out attacks on Active Directory (AD) at scale. When doing so, such actors often stick to the mainstream in terms of attack methodologies and tooling. But… that’s lame! Why borrow tactics, techniques, and procedures (TTPs) that are so well known and thus readily detectable?! Come hang out with us as we provide an overview of AD, show the most common attack scenarios, then show you how to detect and prevent those very attacks. Stick around as we then transition to covering what you could, and should, be doing instead.\r\n\r\nWe will be providing a remote network range to which you will connect. Once in the range, you will be acting as the ransomware threat actor, “pentester” as they like to call themselves. You will carry out attacks such as enumeration via Bloodhound, credential discovery and compromise, pass the hash attacks, and kerberoasting via common tools such as Mimikatz & Rubeus. After carrying out the attacks yourself, you’ll then learn how to prevent and detect those very attacks. We’ll then show you custom-developed methods to carry out the same attacks without the reliance on well-known TTPs/tools. And even better, we’ll show you how you could, at least where it’s even possible, detect the more custom/advanced methodologies.\r\n\r\nJoin us if you are a blue teamer, red teamer, purple teamer, cyber defender, DFIR analyst… basically anyone who wants (or needs!) to learn to defend and/or attack Active Directory. Come for the tech, stay for the humor. See ya there!\r\n\r\nSkill Level: Intermediate to Advanced\r\n\r\nPrerequisites for students: \r\n\r\n- The primary requirement for this course is a desire to learn and the determination to tackle challenging problems. In addition, having some familiarization with the following topics will help students maximize their time in this course:\r\n- A general background in Digital Forensics & Incident Response (DFIR)\r\n- Familiarity with blue team-oriented tools\r\n- An understanding of general networking concepts\r\n- Familiarity with Active Directory – though we’ll cover everything students need to know\r\n\r\nMaterials or Equipment students will need to bring to participate:\r\n- A laptop with Linux/Windows/Mac desktop environment\r\n- Networking capability: Students will be connecting to a remote network range – They will need a wireless NIC (assuming the workshop area provides Wi-Fi, not not we’ll need to know) that can be enabled along with administrator privileges on their system\r\n- IMPORTANT: This workshop relies on network connectivity. Any student not able to connect to our range will be unable to follow along with the hands-on portion of the workshop.\n\n\n","title":"Active Directory Attacks: The Good, The Bad, and The LOLwut (Pre-Registration Required)","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#eab14f","name":"DEF CON Workshop","id":45634},"android_description":"Threat actors such as ransomware affiliates around the world are carrying out attacks on Active Directory (AD) at scale. When doing so, such actors often stick to the mainstream in terms of attack methodologies and tooling. But… that’s lame! Why borrow tactics, techniques, and procedures (TTPs) that are so well known and thus readily detectable?! Come hang out with us as we provide an overview of AD, show the most common attack scenarios, then show you how to detect and prevent those very attacks. Stick around as we then transition to covering what you could, and should, be doing instead.\r\n\r\nWe will be providing a remote network range to which you will connect. Once in the range, you will be acting as the ransomware threat actor, “pentester” as they like to call themselves. You will carry out attacks such as enumeration via Bloodhound, credential discovery and compromise, pass the hash attacks, and kerberoasting via common tools such as Mimikatz & Rubeus. After carrying out the attacks yourself, you’ll then learn how to prevent and detect those very attacks. We’ll then show you custom-developed methods to carry out the same attacks without the reliance on well-known TTPs/tools. And even better, we’ll show you how you could, at least where it’s even possible, detect the more custom/advanced methodologies.\r\n\r\nJoin us if you are a blue teamer, red teamer, purple teamer, cyber defender, DFIR analyst… basically anyone who wants (or needs!) to learn to defend and/or attack Active Directory. Come for the tech, stay for the humor. See ya there!\r\n\r\nSkill Level: Intermediate to Advanced\r\n\r\nPrerequisites for students: \r\n\r\n- The primary requirement for this course is a desire to learn and the determination to tackle challenging problems. In addition, having some familiarization with the following topics will help students maximize their time in this course:\r\n- A general background in Digital Forensics & Incident Response (DFIR)\r\n- Familiarity with blue team-oriented tools\r\n- An understanding of general networking concepts\r\n- Familiarity with Active Directory – though we’ll cover everything students need to know\r\n\r\nMaterials or Equipment students will need to bring to participate:\r\n- A laptop with Linux/Windows/Mac desktop environment\r\n- Networking capability: Students will be connecting to a remote network range – They will need a wireless NIC (assuming the workshop area provides Wi-Fi, not not we’ll need to know) that can be enabled along with administrator privileges on their system\r\n- IMPORTANT: This workshop relies on network connectivity. Any student not able to connect to our range will be unable to follow along with the hands-on portion of the workshop.","end_timestamp":{"seconds":1691870400,"nanoseconds":0},"updated_timestamp":{"seconds":1688054700,"nanoseconds":0},"speakers":[{"content_ids":[50622],"conference_id":96,"event_ids":[50730],"name":"Ryan Chapman","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49871},{"content_ids":[50622],"conference_id":96,"event_ids":[50730],"name":"Aaron Rosenmund","affiliations":[{"organization":"Pluralsight","title":"Director of Security Research and Content"}],"links":[],"pronouns":null,"media":[],"id":49872,"title":"Director of Security Research and Content at Pluralsight"},{"content_ids":[50622],"conference_id":96,"event_ids":[50730],"name":"Brandon DeVault","affiliations":[{"organization":"Pluralsight","title":""}],"links":[],"pronouns":null,"media":[],"id":49873,"title":"Pluralsight"}],"timeband_id":991,"links":[{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/ryan-chapman-active-directory-attacks-the-good-the-bad-and-the-lolwut-tickets-668395247177?aff=oddtdtcreator"}],"end":"2023-08-12T20:00:00.000-0000","id":50730,"village_id":null,"tag_ids":[45634,45655,45743,45877],"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49872},{"tag_id":45590,"sort_order":1,"person_id":49873},{"tag_id":45590,"sort_order":1,"person_id":49871}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"updated":"2023-06-29T16:05:00.000-0000","begin":"2023-08-12T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Email remains the #1 initial access vector for commodity malware and nation state actors. Historically, tackling email-based threats has been considered the purview of black-box vendor solutions, with defenders having limited scope (or tooling!) to swiftly and effectively respond to emerging attacker activity and novel offensive tradecraft.\r\n\r\nIn this workshop, attendees will be given detailed insight into the latest techniques used to deliver prevalent malware strains, including QakBot and Emotet, and will hunt through email data to identify this malicious activity, developing rules to detect and block these attacks.\r\n\r\nInitially attendees will be introduced to the foundational technologies that enable threat hunting, detection engineering, and response in the email domain, before being given access to the email data of a fictitious company seeded with benign and real-world attack data. Throughout the day, participants will learn to hunt common phishing techniques including:\r\n\r\n- VIP Impersonations\r\n- HTML smuggling via links/attachments\r\n- Malicious VBA macros\r\n- OneNote / LNK file malware (attachments, and links to auto-downloads)\r\n- PDF attachments with embedded links to malware (PDF -> URL -> ZIP -> WSF)\r\n- Lookalike domains / homoglyph attacks\r\n- Credential phishing\r\n- Password protected archives\r\n- Exploits (e.g. CVE-2023-23397, CVE-2021-40444)\r\n- Fake invoices (Geek Squad)\r\n\r\nAttendees will be guided through the rule creation process, utilizing free and open detection engines including Sublime and Yara, and will be introduced to the signals and email attributes that can be used to craft high-fidelity rules, including targeted user groups, sentiment analysis, sender domain age, and attachment analysis. Having completed the workshop, attendees will have a strong understanding of the tools and techniques at their disposal to defend their organizations from all manor of email threats.\r\n\r\nSkill Level: Beginner. The training will cater to security practitioners with any level of technical experience. While a general understanding of email threats will be advantageous, all offensive and defensive techniques and tools in the training will be introduced at a foundational level and built on throughout the day.\r\n\r\nPrerequisites for students:\r\n- None\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- Attendees should bring their own laptops in order to be hands-on, preloaded with Docker. Instructions to run the Docker images from Github will be shared. All tools used in this lab are free and/or open-source.\n\n\n","title":"Email Detection Engineering and Threat Hunting Inbox (Pre-Registration Required)","type":{"conference_id":96,"conference":"DEFCON31","color":"#eab14f","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Workshop","id":45634},"android_description":"Email remains the #1 initial access vector for commodity malware and nation state actors. Historically, tackling email-based threats has been considered the purview of black-box vendor solutions, with defenders having limited scope (or tooling!) to swiftly and effectively respond to emerging attacker activity and novel offensive tradecraft.\r\n\r\nIn this workshop, attendees will be given detailed insight into the latest techniques used to deliver prevalent malware strains, including QakBot and Emotet, and will hunt through email data to identify this malicious activity, developing rules to detect and block these attacks.\r\n\r\nInitially attendees will be introduced to the foundational technologies that enable threat hunting, detection engineering, and response in the email domain, before being given access to the email data of a fictitious company seeded with benign and real-world attack data. Throughout the day, participants will learn to hunt common phishing techniques including:\r\n\r\n- VIP Impersonations\r\n- HTML smuggling via links/attachments\r\n- Malicious VBA macros\r\n- OneNote / LNK file malware (attachments, and links to auto-downloads)\r\n- PDF attachments with embedded links to malware (PDF -> URL -> ZIP -> WSF)\r\n- Lookalike domains / homoglyph attacks\r\n- Credential phishing\r\n- Password protected archives\r\n- Exploits (e.g. CVE-2023-23397, CVE-2021-40444)\r\n- Fake invoices (Geek Squad)\r\n\r\nAttendees will be guided through the rule creation process, utilizing free and open detection engines including Sublime and Yara, and will be introduced to the signals and email attributes that can be used to craft high-fidelity rules, including targeted user groups, sentiment analysis, sender domain age, and attachment analysis. Having completed the workshop, attendees will have a strong understanding of the tools and techniques at their disposal to defend their organizations from all manor of email threats.\r\n\r\nSkill Level: Beginner. The training will cater to security practitioners with any level of technical experience. While a general understanding of email threats will be advantageous, all offensive and defensive techniques and tools in the training will be introduced at a foundational level and built on throughout the day.\r\n\r\nPrerequisites for students:\r\n- None\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- Attendees should bring their own laptops in order to be hands-on, preloaded with Docker. Instructions to run the Docker images from Github will be shared. All tools used in this lab are free and/or open-source.","end_timestamp":{"seconds":1691870400,"nanoseconds":0},"updated_timestamp":{"seconds":1688053620,"nanoseconds":0},"speakers":[{"content_ids":[50615],"conference_id":96,"event_ids":[50723],"name":"Josh Kamdjou","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49863},{"content_ids":[50615],"conference_id":96,"event_ids":[50723],"name":"Alfie Champion","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49864}],"timeband_id":991,"end":"2023-08-12T20:00:00.000-0000","links":[{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/josh-kamdjou-email-detection-engineering-and-threat-hunting-inbox-tickets-668389941307?aff=oddtdtcreator"}],"id":50723,"begin_timestamp":{"seconds":1691856000,"nanoseconds":0},"tag_ids":[45634,45650,45743,45877],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49864},{"tag_id":45590,"sort_order":1,"person_id":49863}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"updated":"2023-06-29T15:47:00.000-0000","begin":"2023-08-12T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"SECV Village Open","android_description":"","end_timestamp":{"seconds":1691888400,"nanoseconds":0},"updated_timestamp":{"seconds":1690590960,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[],"end":"2023-08-13T01:00:00.000-0000","id":51714,"begin_timestamp":{"seconds":1691854200,"nanoseconds":0},"tag_ids":[40302,45649,45743,45775],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social A - Social Engineering Community","hotel":"","short_name":"Social A - Social Engineering Community","id":45736},"begin":"2023-08-12T15:30:00.000-0000","updated":"2023-07-29T00:36:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Many parents and guardians bring their children to DEF CON to allow them to experience the same learning, networking, and community that they enjoy. As parents and educators ourselves, we want to help make this experience even more memorable with our Youth Challenge!\r\n\r\nPlease see the \"More Information\" link.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"SECV - Youth Challenge","end_timestamp":{"seconds":1691886600,"nanoseconds":0},"android_description":"Many parents and guardians bring their children to DEF CON to allow them to experience the same learning, networking, and community that they enjoy. As parents and educators ourselves, we want to help make this experience even more memorable with our Youth Challenge!\r\n\r\nPlease see the \"More Information\" link.","updated_timestamp":{"seconds":1690591380,"nanoseconds":0},"speakers":[],"timeband_id":991,"links":[{"label":"More Information","type":"link","url":"https://www.se.community/youth-challenge/"}],"end":"2023-08-13T00:30:00.000-0000","id":51712,"village_id":null,"begin_timestamp":{"seconds":1691854200,"nanoseconds":0},"tag_ids":[40302,45649,45743,45764,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social A - Social Engineering Community","hotel":"","short_name":"Social A - Social Engineering Community","id":45736},"begin":"2023-08-12T15:30:00.000-0000","updated":"2023-07-29T00:43:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"IF the future is coming and it is! Then you're going to need to run! Get started at defcon.run!\r\n\r\nDefcon.run is an evolution of the now long running Defcon 4x5K running event. But now it's bigger and more fun! Due to stupendous growth, we’ve been forced to change up the format. This year's activity will look to match up folks for fun runs, and rucks (!), in smaller distributed groups around Las Vegas. It’s the same old event but at a distributed scale! Show up in the morning to beat the heat, go for a run with folks, have a good time!\r\n\r\nWe’ll have a full set of routes for people to choose from from simple 5Ks to more ambitious distances.\r\n\r\nYou can register to log your distance, we'll have a leader board, and shenanigans! Full Information at https://defcon.run\r\n\r\nInterested parties should rally at Harrah's Goldfield at 06:00, but be sure to check [defcon.run](https://defcon.run) for any updates.\n\n\n","title":"Defcon.run","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#697bd0","name":"Event","id":45638},"android_description":"IF the future is coming and it is! Then you're going to need to run! Get started at defcon.run!\r\n\r\nDefcon.run is an evolution of the now long running Defcon 4x5K running event. But now it's bigger and more fun! Due to stupendous growth, we’ve been forced to change up the format. This year's activity will look to match up folks for fun runs, and rucks (!), in smaller distributed groups around Las Vegas. It’s the same old event but at a distributed scale! Show up in the morning to beat the heat, go for a run with folks, have a good time!\r\n\r\nWe’ll have a full set of routes for people to choose from from simple 5Ks to more ambitious distances.\r\n\r\nYou can register to log your distance, we'll have a leader board, and shenanigans! Full Information at https://defcon.run\r\n\r\nInterested parties should rally at Harrah's Goldfield at 06:00, but be sure to check [defcon.run](https://defcon.run) for any updates.","end_timestamp":{"seconds":1691866800,"nanoseconds":0},"updated_timestamp":{"seconds":1690671360,"nanoseconds":0},"speakers":[],"timeband_id":991,"end":"2023-08-12T19:00:00.000-0000","links":[{"label":"Website","type":"link","url":"https://defcon.run"},{"label":"Twitter","type":"link","url":"https://twitter.com/defcon_run"},{"label":"Mastodon (@run@defcon.social)","type":"link","url":"https://defcon.social/@run"}],"id":51594,"tag_ids":[45638],"village_id":null,"begin_timestamp":{"seconds":1691845200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Other/See Description","hotel":"","short_name":"Other/See Description","id":45750},"updated":"2023-07-29T22:56:00.000-0000","begin":"2023-08-12T13:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This talk is being pre-recorded and will be released on YouTube. Once it is available, a link to it will appear here. \r\n\r\nUpdate 2023-08-11 06:30: Biohacking Village indicates that the pre-recorded talks have not yet been received. Once received, these talks will be posted to the [Biohacking Village YouTube Channel](https://www.youtube.com/@BiohackingVillage/about). Please note that this may be as late as a week or two after DC31.\n\n\n","title":"The Megabiome is In Charge: Taking Control of Your Microbial World","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"This talk is being pre-recorded and will be released on YouTube. Once it is available, a link to it will appear here. \r\n\r\nUpdate 2023-08-11 06:30: Biohacking Village indicates that the pre-recorded talks have not yet been received. Once received, these talks will be posted to the [Biohacking Village YouTube Channel](https://www.youtube.com/@BiohackingVillage/about). Please note that this may be as late as a week or two after DC31.","end_timestamp":{"seconds":1691823600,"nanoseconds":0},"updated_timestamp":{"seconds":1691762040,"nanoseconds":0},"speakers":[{"content_ids":[51064],"conference_id":96,"event_ids":[51096],"name":"Mariam Elgabry","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50257}],"timeband_id":991,"links":[],"end":"2023-08-12T07:00:00.000-0000","id":51096,"tag_ids":[45645,45717,45744],"begin_timestamp":{"seconds":1691823600,"nanoseconds":0},"village_id":68,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50257}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45749},"updated":"2023-08-11T13:54:00.000-0000","begin":"2023-08-12T07:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This talk is being pre-recorded and will be released on YouTube. Once it is available, a link to it will appear here. \r\n\r\nUpdate 2023-08-11 06:30: Biohacking Village indicates that the pre-recorded talks have not yet been received. Once received, these talks will be posted to the [Biohacking Village YouTube Channel](https://www.youtube.com/@BiohackingVillage/about). Please note that this may be as late as a week or two after DC31.\n\n\n","title":"Beyond Ransomware: Protecting Lives and Data from Modern Threat Actors","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691823600,"nanoseconds":0},"android_description":"This talk is being pre-recorded and will be released on YouTube. Once it is available, a link to it will appear here. \r\n\r\nUpdate 2023-08-11 06:30: Biohacking Village indicates that the pre-recorded talks have not yet been received. Once received, these talks will be posted to the [Biohacking Village YouTube Channel](https://www.youtube.com/@BiohackingVillage/about). Please note that this may be as late as a week or two after DC31.","updated_timestamp":{"seconds":1691762040,"nanoseconds":0},"speakers":[{"content_ids":[51063],"conference_id":96,"event_ids":[51095],"name":"Ohad Zaidenberg","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50256}],"timeband_id":991,"links":[],"end":"2023-08-12T07:00:00.000-0000","id":51095,"village_id":68,"begin_timestamp":{"seconds":1691823600,"nanoseconds":0},"tag_ids":[45645,45717,45744],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50256}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45749},"spans_timebands":"N","begin":"2023-08-12T07:00:00.000-0000","updated":"2023-08-11T13:54:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This talk is being pre-recorded and will be released on YouTube. Once it is available, a link to it will appear here. \r\n\r\nUpdate 2023-08-11 06:30: Biohacking Village indicates that the pre-recorded talks have not yet been received. Once received, these talks will be posted to the [Biohacking Village YouTube Channel](https://www.youtube.com/@BiohackingVillage/about). Please note that this may be as late as a week or two after DC31.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Hacking Reproductive Health","end_timestamp":{"seconds":1691823600,"nanoseconds":0},"android_description":"This talk is being pre-recorded and will be released on YouTube. Once it is available, a link to it will appear here. \r\n\r\nUpdate 2023-08-11 06:30: Biohacking Village indicates that the pre-recorded talks have not yet been received. Once received, these talks will be posted to the [Biohacking Village YouTube Channel](https://www.youtube.com/@BiohackingVillage/about). Please note that this may be as late as a week or two after DC31.","updated_timestamp":{"seconds":1691762040,"nanoseconds":0},"speakers":[{"content_ids":[51062],"conference_id":96,"event_ids":[51094],"name":"JJ Hastings","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50255}],"timeband_id":991,"links":[],"end":"2023-08-12T07:00:00.000-0000","id":51094,"village_id":68,"tag_ids":[45645,45717,45744],"begin_timestamp":{"seconds":1691823600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50255}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45749},"spans_timebands":"N","updated":"2023-08-11T13:54:00.000-0000","begin":"2023-08-12T07:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This talk is being pre-recorded and will be released on YouTube. Once it is available, a link to it will appear here. \r\n\r\nUpdate 2023-08-11 06:30: Biohacking Village indicates that the pre-recorded talks have not yet been received. Once received, these talks will be posted to the [Biohacking Village YouTube Channel](https://www.youtube.com/@BiohackingVillage/about). Please note that this may be as late as a week or two after DC31.\n\n\n","title":"Virtual Hospital in Space","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"This talk is being pre-recorded and will be released on YouTube. Once it is available, a link to it will appear here. \r\n\r\nUpdate 2023-08-11 06:30: Biohacking Village indicates that the pre-recorded talks have not yet been received. Once received, these talks will be posted to the [Biohacking Village YouTube Channel](https://www.youtube.com/@BiohackingVillage/about). Please note that this may be as late as a week or two after DC31.","end_timestamp":{"seconds":1691823600,"nanoseconds":0},"updated_timestamp":{"seconds":1691762100,"nanoseconds":0},"speakers":[{"content_ids":[51061],"conference_id":96,"event_ids":[51093],"name":"Aswin Reji","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50254}],"timeband_id":991,"links":[],"end":"2023-08-12T07:00:00.000-0000","id":51093,"village_id":68,"begin_timestamp":{"seconds":1691823600,"nanoseconds":0},"tag_ids":[45645,45717,45744],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50254}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45749},"updated":"2023-08-11T13:55:00.000-0000","begin":"2023-08-12T07:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This talk is being pre-recorded and will be released on YouTube. Once it is available, a link to it will appear here. \r\n\r\nUpdate 2023-08-11 06:30: Biohacking Village indicates that the pre-recorded talks have not yet been received. Once received, these talks will be posted to the [Biohacking Village YouTube Channel](https://www.youtube.com/@BiohackingVillage/about). Please note that this may be as late as a week or two after DC31.\n\n\n","title":"Model Based Systems Engineering for Security Engineers","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691823600,"nanoseconds":0},"android_description":"This talk is being pre-recorded and will be released on YouTube. Once it is available, a link to it will appear here. \r\n\r\nUpdate 2023-08-11 06:30: Biohacking Village indicates that the pre-recorded talks have not yet been received. Once received, these talks will be posted to the [Biohacking Village YouTube Channel](https://www.youtube.com/@BiohackingVillage/about). Please note that this may be as late as a week or two after DC31.","updated_timestamp":{"seconds":1691762100,"nanoseconds":0},"speakers":[{"content_ids":[51059],"conference_id":96,"event_ids":[51091],"name":"John Volock","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50252}],"timeband_id":991,"links":[],"end":"2023-08-12T07:00:00.000-0000","id":51091,"village_id":68,"begin_timestamp":{"seconds":1691823600,"nanoseconds":0},"tag_ids":[45645,45717,45744],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50252}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45749},"spans_timebands":"N","begin":"2023-08-12T07:00:00.000-0000","updated":"2023-08-11T13:55:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The party provides a safe and inclusive environment for the lgbtqia+ community within Infosec to come together and be their authentic selves. A late evening party with music, dancing, and hanging out.\r\n\r\n22:00 - 23:00 - DotOrNot\r\n23:00 - 00:00 - Skittish and Bus\r\n00:00 - 01:00 - Miss Jackalope\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#bfb17d","updated_at":"2024-06-07T03:38+0000","name":"Party","id":45642},"title":"QueerCon Party","end_timestamp":{"seconds":1691827200,"nanoseconds":0},"android_description":"The party provides a safe and inclusive environment for the lgbtqia+ community within Infosec to come together and be their authentic selves. A late evening party with music, dancing, and hanging out.\r\n\r\n22:00 - 23:00 - DotOrNot\r\n23:00 - 00:00 - Skittish and Bus\r\n00:00 - 01:00 - Miss Jackalope","updated_timestamp":{"seconds":1690766220,"nanoseconds":0},"speakers":[{"content_ids":[51532,51417],"conference_id":96,"event_ids":[51546,51688],"name":"DotOrNot","affiliations":[],"links":[{"description":"","title":"Twitch","sort_order":0,"url":"https://www.twitch.tv/dotornot"}],"pronouns":null,"media":[],"id":50653},{"content_ids":[51534,51417],"conference_id":96,"event_ids":[51546,51690],"name":"Miss Jackalope","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitch","sort_order":0,"url":"https://www.twitch.tv/missjackalope"}],"media":[],"id":50667},{"content_ids":[51534,51417],"conference_id":96,"event_ids":[51546,51690],"name":"Skittish & Bus","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitch","sort_order":0,"url":"https://twitch.tv/skittishandbus"}],"media":[],"id":50678}],"timeband_id":990,"links":[{"label":"Discord","type":"link","url":"https://discord.com/invite/jeG6Bh5"},{"label":"Twitter (@Queercon)","type":"link","url":"https://twitter.com/Queercon"},{"label":"Facebook","type":"link","url":"https://www.facebook.com/groups/queercon"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/244842"}],"end":"2023-08-12T08:00:00.000-0000","id":51546,"tag_ids":[45642,45646,45743],"begin_timestamp":{"seconds":1691816400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45774,"sort_order":1,"person_id":50653},{"tag_id":45774,"sort_order":1,"person_id":50667},{"tag_id":45774,"sort_order":1,"person_id":50678}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 111-113","hotel":"","short_name":"Forum - 111-113","id":45883},"spans_timebands":"Y","updated":"2023-07-31T01:17:00.000-0000","begin":"2023-08-12T05:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"\"Whose Slide Is It Anyway?\" is an unholy union of improv comedy, hacking and slide deck sado-masochism.\r\n\r\nOur team of slide monkeys will create a stupid amount of short slide decks on whatever nonsense tickles our fancies. Slides are not exclusive to technology, they can and will be about anything. Contestants will take the stage and choose a random number corresponding to a specific slide deck. They will then improvise a minimum 5 minute / maximum 10 minute lightning talk, becoming instant subject matter experts on whatever topic/stream of consciousness appears on the screen.\r\n\r\nBut....why?\r\n\r\nWhether you delight in the chaos of watching your fellow hackers squirm or would like to sacrifice yourself to the Contest Gods, it’s a night of schadenfreude for the whole family.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"Whose Slide Is It Anyway?","android_description":"\"Whose Slide Is It Anyway?\" is an unholy union of improv comedy, hacking and slide deck sado-masochism.\r\n\r\nOur team of slide monkeys will create a stupid amount of short slide decks on whatever nonsense tickles our fancies. Slides are not exclusive to technology, they can and will be about anything. Contestants will take the stage and choose a random number corresponding to a specific slide deck. They will then improvise a minimum 5 minute / maximum 10 minute lightning talk, becoming instant subject matter experts on whatever topic/stream of consciousness appears on the screen.\r\n\r\nBut....why?\r\n\r\nWhether you delight in the chaos of watching your fellow hackers squirm or would like to sacrifice yourself to the Contest Gods, it’s a night of schadenfreude for the whole family.","end_timestamp":{"seconds":1691823600,"nanoseconds":0},"updated_timestamp":{"seconds":1690068540,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-12T07:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245434"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711644337942822925"},{"label":"Website","type":"link","url":"https://www.improvhacker.com/"}],"id":51533,"tag_ids":[45635,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691816400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 232-233 - Shared Stage","hotel":"","short_name":"Summit - 232-233 - Shared Stage","id":45900},"updated":"2023-07-22T23:29:00.000-0000","begin":"2023-08-12T05:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Featuring performances by:\r\n\r\n - 21:00 – 22:00 – heckseven\r\n - 22:00 – 23:00 – Krisz Klink\r\n - 23:00 – 00:00 – Great Scott\r\n - 00:00 – 01:00 – Zebbler Encanti Experience\r\n - 01:00 – 02:00 – TRIODE\r\n\r\nContent from this stage will be streamed to https://www.twitch.tv/defconorg_entertainment\r\n\n\n\n","title":"Music Set / Entertainment (Friday, SYN Stage)","type":{"conference_id":96,"conference":"DEFCON31","color":"#9b8b77","updated_at":"2024-06-07T03:38+0000","name":"Entertainment","id":45637},"android_description":"Featuring performances by:\r\n\r\n - 21:00 – 22:00 – heckseven\r\n - 22:00 – 23:00 – Krisz Klink\r\n - 23:00 – 00:00 – Great Scott\r\n - 00:00 – 01:00 – Zebbler Encanti Experience\r\n - 01:00 – 02:00 – TRIODE\r\n\r\nContent from this stage will be streamed to https://www.twitch.tv/defconorg_entertainment","end_timestamp":{"seconds":1691830800,"nanoseconds":0},"updated_timestamp":{"seconds":1690497660,"nanoseconds":0},"speakers":[{"content_ids":[51533],"conference_id":96,"event_ids":[51689],"name":"Great Scott","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/greatscottmusic"}],"media":[],"id":50658},{"content_ids":[51533],"conference_id":96,"event_ids":[51689],"name":"heckseven","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Website","sort_order":0,"url":"https://heckseven.com/"}],"media":[],"id":50661},{"content_ids":[51533],"conference_id":96,"event_ids":[51689],"name":"Krisz Klink","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/kriszklink"}],"media":[],"id":50664},{"content_ids":[51533],"conference_id":96,"event_ids":[51689],"name":"TRIODE","affiliations":[],"links":[{"description":"","title":"Twitch","sort_order":0,"url":"https://twitch.tv/triodeofficial"}],"pronouns":null,"media":[],"id":50683},{"content_ids":[51533],"conference_id":96,"event_ids":[51689],"name":"Zebbler Encanti Experience","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Website","sort_order":0,"url":"https://zebblerencantiexperience.com/"}],"media":[],"id":50686}],"timeband_id":990,"links":[{"label":"Stream","type":"link","url":"https://www.twitch.tv/defconorg_entertainment"}],"end":"2023-08-12T09:00:00.000-0000","id":51689,"begin_timestamp":{"seconds":1691812800,"nanoseconds":0},"tag_ids":[45637,45646,45766],"village_id":null,"includes":"","people":[{"tag_id":45774,"sort_order":1,"person_id":50658},{"tag_id":45774,"sort_order":1,"person_id":50664},{"tag_id":45774,"sort_order":1,"person_id":50683},{"tag_id":45774,"sort_order":1,"person_id":50686},{"tag_id":45774,"sort_order":1,"person_id":50661}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 121-123, 129, 137 - Chillout","hotel":"","short_name":"Forum - 121-123, 129, 137 - Chillout","id":45854},"begin":"2023-08-12T04:00:00.000-0000","updated":"2023-07-27T22:41:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Each village will be passing out drink tickets at their booth (while supplies last!)\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#bfb17d","updated_at":"2024-06-07T03:38+0000","name":"Party","id":45642},"title":"The Village People Party: hosted by Car Hacking, ICS, Aerospace, and Biohacking Villages","android_description":"Each village will be passing out drink tickets at their booth (while supplies last!)","end_timestamp":{"seconds":1691827200,"nanoseconds":0},"updated_timestamp":{"seconds":1690576740,"nanoseconds":0},"speakers":[{"content_ids":[51532,51423],"conference_id":96,"event_ids":[51553,51688],"name":"NGHTHWK","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Website","sort_order":0,"url":"https://nghthwk.net/"}],"media":[],"id":50669}],"timeband_id":990,"links":[],"end":"2023-08-12T08:00:00.000-0000","id":51553,"tag_ids":[40280,40283,40306,45642,45646,45717,45743],"village_id":null,"begin_timestamp":{"seconds":1691812800,"nanoseconds":0},"includes":"","people":[{"tag_id":45774,"sort_order":1,"person_id":50669}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 115-116","hotel":"","short_name":"Forum - 115-116","id":45886},"spans_timebands":"Y","updated":"2023-07-28T20:39:00.000-0000","begin":"2023-08-12T04:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Back for their 6th year, GOTHCON welcomes everyone to come dance and stomp the night away with the theme \"THE FUTURE IS #000000\" on Firday, August 11 21:00 – 02:00. Follow @dcgothcon on twitter for updates & lineup. All are welcome (except nazis), and dress however you want - whatever makes you the most comfortable and happy.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#bfb17d","updated_at":"2024-06-07T03:38+0000","name":"Party","id":45642},"title":"GothCon","android_description":"Back for their 6th year, GOTHCON welcomes everyone to come dance and stomp the night away with the theme \"THE FUTURE IS #000000\" on Firday, August 11 21:00 – 02:00. Follow @dcgothcon on twitter for updates & lineup. All are welcome (except nazis), and dress however you want - whatever makes you the most comfortable and happy.","end_timestamp":{"seconds":1691830800,"nanoseconds":0},"updated_timestamp":{"seconds":1690135140,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/244844"},{"label":"Twitter (@dcgothcon)","type":"link","url":"https://twitter.com/dcgothcon"}],"end":"2023-08-12T09:00:00.000-0000","id":51540,"tag_ids":[45642,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691812800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-110, 139","hotel":"","short_name":"Forum - 109-110, 139","id":45888},"updated":"2023-07-23T17:59:00.000-0000","begin":"2023-08-12T04:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"BVT has generously donated a cabana for WISP to host our community meet up at their pool party. Arrive early to be in line when the doors open. There will be free tacos and non-alcoholic drinks!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d1c366","updated_at":"2024-06-07T03:38+0000","name":"Meetup","id":45639},"title":"WISP Community Meet Up at BTV Pool Party","android_description":"BVT has generously donated a cabana for WISP to host our community meet up at their pool party. Arrive early to be in line when the doors open. There will be free tacos and non-alcoholic drinks!","end_timestamp":{"seconds":1691820000,"nanoseconds":0},"updated_timestamp":{"seconds":1690578600,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T06:00:00.000-0000","id":51703,"village_id":null,"tag_ids":[45639,45647,45743],"begin_timestamp":{"seconds":1691811000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45732,"name":"Flamingo - Pool","hotel":"","short_name":"Pool","id":45881},"updated":"2023-07-28T21:10:00.000-0000","begin":"2023-08-12T03:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Join the AI Village and Blue Team Village for the DEF CON \"Community Experience Pool Party\" at the Flamingo \"Go Pool\" Friday, August 11, from 20:30 to 23:00 featuring a performance by the one and only Dual Core at 21:00. Free Tacos, cash bar.\r\n\r\nDEF CON badge required for entry.\r\n\r\nIn event of rain/weather cancellation, the backup location for this party is \"Flamingo - Upstairs - Eldorado Ballroom\". \n\n\n","title":"Blue Team Village (BTV) Pool Party","type":{"conference_id":96,"conference":"DEFCON31","color":"#bfb17d","updated_at":"2024-06-07T03:38+0000","name":"Party","id":45642},"android_description":"Join the AI Village and Blue Team Village for the DEF CON \"Community Experience Pool Party\" at the Flamingo \"Go Pool\" Friday, August 11, from 20:30 to 23:00 featuring a performance by the one and only Dual Core at 21:00. Free Tacos, cash bar.\r\n\r\nDEF CON badge required for entry.\r\n\r\nIn event of rain/weather cancellation, the backup location for this party is \"Flamingo - Upstairs - Eldorado Ballroom\".","end_timestamp":{"seconds":1691820000,"nanoseconds":0},"updated_timestamp":{"seconds":1690420200,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T06:00:00.000-0000","id":51557,"tag_ids":[40282,40299,45642,45647,45743],"begin_timestamp":{"seconds":1691811000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45732,"name":"Flamingo - Pool","hotel":"","short_name":"Pool","id":45881},"spans_timebands":"N","begin":"2023-08-12T03:30:00.000-0000","updated":"2023-07-27T01:10:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Friday:\r\n - Moon\r\n - Dark Star\r\n\r\nSaturday: \r\n - 2001: A Space Odyssey\r\n - Forbidden Plant\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#697bd0","name":"Event","id":45638},"title":"Movie Night","end_timestamp":{"seconds":1691823600,"nanoseconds":0},"android_description":"Friday:\r\n - Moon\r\n - Dark Star\r\n\r\nSaturday: \r\n - 2001: A Space Odyssey\r\n - Forbidden Plant","updated_timestamp":{"seconds":1691701980,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T07:00:00.000-0000","id":52696,"begin_timestamp":{"seconds":1691809200,"nanoseconds":0},"village_id":null,"tag_ids":[45638,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 407-410 - Track 4","hotel":"","short_name":"Academy - 407-410 - Track 4","id":45799},"updated":"2023-08-10T21:13:00.000-0000","begin":"2023-08-12T03:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"If you’re a lawyer (recently unfrozen or otherwise), a judge or a law student please make a note to join Jeff McNamara for a friendly get-together, drinks, and conversation.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d1c366","updated_at":"2024-06-07T03:38+0000","name":"Meetup","id":45639},"title":"Lawyers Meet","android_description":"If you’re a lawyer (recently unfrozen or otherwise), a judge or a law student please make a note to join Jeff McNamara for a friendly get-together, drinks, and conversation.","end_timestamp":{"seconds":1691809200,"nanoseconds":0},"updated_timestamp":{"seconds":1690130760,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T03:00:00.000-0000","id":51563,"village_id":null,"tag_ids":[45639,45648,45743],"begin_timestamp":{"seconds":1691809200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Elko-Ely - Chillout Lounge","hotel":"","short_name":"Elko-Ely - Chillout Lounge","id":45734},"spans_timebands":"N","begin":"2023-08-12T03:00:00.000-0000","updated":"2023-07-23T16:46:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Are you a flaming badge builder or just LED curious? Then you don't want to miss Hacker Flairgrounds, the ultimate gathering of hackers and blinking LEDs in Vegas. It's the place to be for badge folk, hardware hackers and makers who love the flashier side of DEF CON. Everyone is welcome. Show us your analog badge addons and flipper hacks! Come get inspired by the dazzling displays of creativity and skill.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d1c366","name":"Meetup","id":45639},"title":"Hacker Flairgrounds","end_timestamp":{"seconds":1691816400,"nanoseconds":0},"android_description":"Are you a flaming badge builder or just LED curious? Then you don't want to miss Hacker Flairgrounds, the ultimate gathering of hackers and blinking LEDs in Vegas. It's the place to be for badge folk, hardware hackers and makers who love the flashier side of DEF CON. Everyone is welcome. Show us your analog badge addons and flipper hacks! Come get inspired by the dazzling displays of creativity and skill.","updated_timestamp":{"seconds":1690135860,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Mastodon (@hackerflairgrounds@defcon.social)","type":"link","url":"https://defcon.social/@hackerflairgrounds"},{"label":"Twitter (@hakrflairgrnds)","type":"link","url":"https://twitter.com/@hakrflairgrnds"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245837"}],"end":"2023-08-12T05:00:00.000-0000","id":51562,"tag_ids":[45639,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691809200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 114","hotel":"","short_name":"Forum - 114","id":45899},"updated":"2023-07-23T18:11:00.000-0000","begin":"2023-08-12T03:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"For those who love to sing and perform in front of others, we are celebrating our 15th year of Love, Laughter, and Song from 19:30 – 02:00 Friday and Saturday night.\r\n\r\nWe are open to everyone of any age, and singing is not required.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#bfb17d","name":"Party","id":45642},"title":"Hacker Karaoke 15","end_timestamp":{"seconds":1691830800,"nanoseconds":0},"android_description":"For those who love to sing and perform in front of others, we are celebrating our 15th year of Love, Laughter, and Song from 19:30 – 02:00 Friday and Saturday night.\r\n\r\nWe are open to everyone of any age, and singing is not required.","updated_timestamp":{"seconds":1690137780,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-12T09:00:00.000-0000","links":[{"label":"Twitter (@hackerkaraoke)","type":"link","url":"https://twitter.com/@hackerkaraoke"},{"label":"Mastodon (@hackerkaraoke@defcon.social)","type":"link","url":"https://defcon.social/@hackerkaraoke"},{"label":"Website","type":"link","url":"https://hackerkaraoke.org"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245326"}],"id":51547,"village_id":null,"tag_ids":[45642,45646,45743],"begin_timestamp":{"seconds":1691809200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 216","hotel":"","short_name":"Summit - 216","id":45895},"updated":"2023-07-23T18:43:00.000-0000","begin":"2023-08-12T03:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"CULT OF THE DEAD COW BREAKS THE INTERNET (and you can too!)\r\n\r\nWhat is dead shall rise again! Come do a hacktivism with cDc, as we launch a THING that will once again change the world, with the style and chaos that only the herd can bring. Let us bless you with a revolutionary communications system that will disrupt the balance of power.\r\n\r\nIt’s time to TAKE BACK CONTROL.\r\n\r\nRecommended (but not required) dress code- y2k 31337 Haxxor threads. Think Zero Cool and Acid Burn meet Max Headroom and Franken Gibe. There is no contest, but the Bovine Mother is watching, so make her proud.\r\n\r\nThe herd hath spoken. Oomen.\r\n\r\n - 20:00 - 20:45 -- Miss Jackalope\r\n - 20:45 - 21:30 -- DotorNot\r\n - 21:30 - 22:15 -- cDc/Veilid\r\n - 22:15 - 22:45 -- Rocky Rivera + DJ Roza\r\n - 22:45 - 23:30 -- EVA\r\n - 23:30 - 00:00 -- DJ McGrew\r\n\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#bfb17d","name":"Party","id":45642},"title":"Cult Of The Dead Cow Breaks The Internet (and you can too!)","end_timestamp":{"seconds":1691823600,"nanoseconds":0},"android_description":"CULT OF THE DEAD COW BREAKS THE INTERNET (and you can too!)\r\n\r\nWhat is dead shall rise again! Come do a hacktivism with cDc, as we launch a THING that will once again change the world, with the style and chaos that only the herd can bring. Let us bless you with a revolutionary communications system that will disrupt the balance of power.\r\n\r\nIt’s time to TAKE BACK CONTROL.\r\n\r\nRecommended (but not required) dress code- y2k 31337 Haxxor threads. Think Zero Cool and Acid Burn meet Max Headroom and Franken Gibe. There is no contest, but the Bovine Mother is watching, so make her proud.\r\n\r\nThe herd hath spoken. Oomen.\r\n\r\n - 20:00 - 20:45 -- Miss Jackalope\r\n - 20:45 - 21:30 -- DotorNot\r\n - 21:30 - 22:15 -- cDc/Veilid\r\n - 22:15 - 22:45 -- Rocky Rivera + DJ Roza\r\n - 22:45 - 23:30 -- EVA\r\n - 23:30 - 00:00 -- DJ McGrew","updated_timestamp":{"seconds":1691355780,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245831"},{"label":"Twitter (@veilidnetwork)","type":"link","url":"https://twitter.com/@veilidnetwork"},{"label":"Website","type":"link","url":"https://www.cultdeadcow.com"},{"label":"Twitter (@cdc_pulpit)","type":"link","url":"https://twitter.com/@cdc_pulpit"}],"end":"2023-08-12T07:00:00.000-0000","id":51543,"village_id":null,"tag_ids":[45642,45646,45743],"begin_timestamp":{"seconds":1691809200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 105,136","hotel":"","short_name":"Forum - 105,136","id":45889},"spans_timebands":"Y","updated":"2023-08-06T21:03:00.000-0000","begin":"2023-08-12T03:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Lintile: Hiya, ChatGPT, are you aware of the annual contest called Hacker Jeopardy at DEF CON? When is it?\r\n\r\nChatGPT: Yes, Hacker Jeopardy is a popular event at DEF CON. It's a parody of the television game show \"Jeopardy!\" but with a twist. Instead of general knowledge, the questions (or \"answers,\" in Jeopardy style) are focused on hacker culture, computer security, technology, and similar topics. The game consists of two preliminary rounds on Friday, and a final round on Saturday. Both shows start at 2000 Las Vegas time. Just like in the original game show, there are DFIU Doubles and a Final Hacker Jeopardy round. One unique aspect of Hacker Jeopardy that distinguishes it from the TV show is the incorporation of ADULT HUMOR, vulgarity, innuendo, and beer into the game. Please remember, my knowledge is current only up to September 2021, and if there have been any significant changes to Hacker Jeopardy after that, I would not be aware of them.\r\n\r\nLintile: What's the catch phrase of Hacker Jeopardy?\r\n\r\nChatGPT: The catch phrase of Hacker Jeopardy is \"Drink while you think\". This refers to the unique element of the game where contestants are encouraged to drink beer while they are attempting to come up with the correct response to the clues.\r\n\r\nLintile: That's not correct. The acronym of the catch phrase is DFIU.\r\n\r\nChatGPT: I apologize for the oversight. The catchphrase for Hacker Jeopardy at DEF CON is \"Don't Forget It's UNIX\" (DFIU), which is used humorously due to the historically significant role of Unix-based systems in hacking and network security. This phrase is often used to remind participants of the roots of many computer systems and infrastructures. I appreciate your patience and your correct information.\r\n\r\nNote that this is an ADULT show with vulgarities and alcohol consumption, but if that doesn’t bother you, come enjoy one of the largest contests at DEF CON that you really need to see to believe! And as always, DFIU!\r\n\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"Hacker Jeopardy","end_timestamp":{"seconds":1691816400,"nanoseconds":0},"android_description":"Lintile: Hiya, ChatGPT, are you aware of the annual contest called Hacker Jeopardy at DEF CON? When is it?\r\n\r\nChatGPT: Yes, Hacker Jeopardy is a popular event at DEF CON. It's a parody of the television game show \"Jeopardy!\" but with a twist. Instead of general knowledge, the questions (or \"answers,\" in Jeopardy style) are focused on hacker culture, computer security, technology, and similar topics. The game consists of two preliminary rounds on Friday, and a final round on Saturday. Both shows start at 2000 Las Vegas time. Just like in the original game show, there are DFIU Doubles and a Final Hacker Jeopardy round. One unique aspect of Hacker Jeopardy that distinguishes it from the TV show is the incorporation of ADULT HUMOR, vulgarity, innuendo, and beer into the game. Please remember, my knowledge is current only up to September 2021, and if there have been any significant changes to Hacker Jeopardy after that, I would not be aware of them.\r\n\r\nLintile: What's the catch phrase of Hacker Jeopardy?\r\n\r\nChatGPT: The catch phrase of Hacker Jeopardy is \"Drink while you think\". This refers to the unique element of the game where contestants are encouraged to drink beer while they are attempting to come up with the correct response to the clues.\r\n\r\nLintile: That's not correct. The acronym of the catch phrase is DFIU.\r\n\r\nChatGPT: I apologize for the oversight. The catchphrase for Hacker Jeopardy at DEF CON is \"Don't Forget It's UNIX\" (DFIU), which is used humorously due to the historically significant role of Unix-based systems in hacking and network security. This phrase is often used to remind participants of the roots of many computer systems and infrastructures. I appreciate your patience and your correct information.\r\n\r\nNote that this is an ADULT show with vulgarities and alcohol consumption, but if that doesn’t bother you, come enjoy one of the largest contests at DEF CON that you really need to see to believe! And as always, DFIU!","updated_timestamp":{"seconds":1690124100,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245321"}],"end":"2023-08-12T05:00:00.000-0000","id":51476,"begin_timestamp":{"seconds":1691809200,"nanoseconds":0},"tag_ids":[45635,45646,45743],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 232-233 - Shared Stage","hotel":"","short_name":"Summit - 232-233 - Shared Stage","id":45900},"begin":"2023-08-12T03:00:00.000-0000","updated":"2023-07-23T14:55:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Electronic Frontier Foundation (EFF) is thrilled to return to DEF CON 31 to answer your burning questions on pressing digital rights issues. Our panelists will provide updates on current EFF work, including the fight against government surveillance and protecting creative expression, before turning it over to attendees to pose questions and receive insights from our panelists on the intersection of technology and civil liberties. This is a valuable opportunity to learn from policy experts and engage in a lively discussion rooted in the problems you face. This year you’ll meet: Corynne McSherry, EFF's Legal Director specializing in intellectual property and free speech; Hannah Zhao, staff attorney focusing on criminal justice and privacy issues; Mario Trijillo, staff attorney with an expertise in privacy law; Rory Mir, Associate Director of Community Organizing; and Cooper Quintin, security researcher and public interest technologist with the EFF Threat Lab.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"title":"Ask the EFF","android_description":"Electronic Frontier Foundation (EFF) is thrilled to return to DEF CON 31 to answer your burning questions on pressing digital rights issues. Our panelists will provide updates on current EFF work, including the fight against government surveillance and protecting creative expression, before turning it over to attendees to pose questions and receive insights from our panelists on the intersection of technology and civil liberties. This is a valuable opportunity to learn from policy experts and engage in a lively discussion rooted in the problems you face. This year you’ll meet: Corynne McSherry, EFF's Legal Director specializing in intellectual property and free speech; Hannah Zhao, staff attorney focusing on criminal justice and privacy issues; Mario Trijillo, staff attorney with an expertise in privacy law; Rory Mir, Associate Director of Community Organizing; and Cooper Quintin, security researcher and public interest technologist with the EFF Threat Lab.","end_timestamp":{"seconds":1691816400,"nanoseconds":0},"updated_timestamp":{"seconds":1688175360,"nanoseconds":0},"speakers":[{"content_ids":[50639,50661],"conference_id":96,"event_ids":[50819,50822],"name":"Corynne McSherry","affiliations":[{"organization":"Electronic Frontier Foundation","title":"Legal Director"}],"pronouns":"she/her","links":[{"description":"","title":"About","sort_order":0,"url":"https://www.eff.org/about/staff/corynne-mcsherry"},{"description":"","title":"Mastodon (@cmcsherr@sfba.social)","sort_order":0,"url":"https://sfba.social/@cmcsherr"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/cmcsherr"}],"media":[],"id":49908,"title":"Legal Director at Electronic Frontier Foundation"},{"content_ids":[50639,50571],"conference_id":96,"event_ids":[50809,50819],"name":"Hannah Zhao","affiliations":[{"organization":"Electronic Frontier Foundation","title":"Staff Attorney"}],"links":[{"description":"","title":"About","sort_order":0,"url":"https://www.eff.org/about/staff/hannah-zhao"}],"pronouns":"she/her","media":[],"id":49909,"title":"Staff Attorney at Electronic Frontier Foundation"},{"content_ids":[50639],"conference_id":96,"event_ids":[50819],"name":"Mario Trujillo","affiliations":[{"organization":"Electronic Frontier Foundation","title":"Staff Attorney"}],"pronouns":"he/him","links":[{"description":"","title":"About","sort_order":0,"url":"https://www.eff.org/about/staff/f-mario-trujillo"}],"media":[],"id":49910,"title":"Staff Attorney at Electronic Frontier Foundation"},{"content_ids":[50639,50674],"conference_id":96,"event_ids":[50819,50860],"name":"Cooper Quintin","affiliations":[{"organization":"Electronic Frontier Foundation","title":"Senior Staff Technologist"}],"links":[{"description":"","title":"About","sort_order":0,"url":"https://www.eff.org/about/staff/cooper-quintin"},{"description":"","title":"Mastodon (@cooperq@infosec.exchange)","sort_order":0,"url":"https://infosec.exchange/@cooperq"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/cooperq"},{"description":"","title":"Website","sort_order":0,"url":"https://www.cooperq.com/"}],"pronouns":"he/him","media":[],"id":49911,"title":"Senior Staff Technologist at Electronic Frontier Foundation"},{"content_ids":[50639],"conference_id":96,"event_ids":[50819],"name":"Rory Mir","affiliations":[{"organization":"Electronic Frontier Foundation","title":"Associate Director of Community Organizing"}],"pronouns":"they/them","links":[{"description":"","title":"About","sort_order":0,"url":"https://www.eff.org/about/staff/rory-mir"},{"description":"","title":"Mastodon (@falsemirror@octodon.social)","sort_order":0,"url":"https://octodon.social/@falsemirror"}],"media":[],"id":49912,"title":"Associate Director of Community Organizing at Electronic Frontier Foundation"}],"timeband_id":990,"end":"2023-08-12T05:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246091"},{"label":"Website","type":"link","url":"https://www.eff.org"}],"id":50819,"begin_timestamp":{"seconds":1691809200,"nanoseconds":0},"village_id":null,"tag_ids":[45589,45646,45766],"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":49911},{"tag_id":45632,"sort_order":1,"person_id":49908},{"tag_id":45632,"sort_order":1,"person_id":49909},{"tag_id":45632,"sort_order":1,"person_id":49910},{"tag_id":45632,"sort_order":1,"person_id":49912}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 130-131,134","hotel":"","short_name":"Forum - 130-131,134","id":45893},"spans_timebands":"N","begin":"2023-08-12T03:00:00.000-0000","updated":"2023-07-01T01:36:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Come sing Hacker Karaoke! Its just like normal Karaoke, but with 110% more root shellz.\n\n\n","title":"Kids Only Karaoke","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#697bd0","name":"Event","id":45638},"android_description":"Come sing Hacker Karaoke! Its just like normal Karaoke, but with 110% more root shellz.","end_timestamp":{"seconds":1691809200,"nanoseconds":0},"updated_timestamp":{"seconds":1691291460,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T03:00:00.000-0000","id":52564,"tag_ids":[45638,45646,45743,45763,45864],"begin_timestamp":{"seconds":1691805600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","begin":"2023-08-12T02:00:00.000-0000","updated":"2023-08-06T03:11:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Join the [Hacking Policy Council](http://hackingpolicycouncil.org/) and the [AI Village](https://aivillage.org/) for a happy hour with hackers, policymakers, and AI experts. Have a beverage with us and discuss whether it is a hacking crime to lie to AI, what governments are doing about vulnerabilities disclosure, and the ultimate AI hacking challenge. There will be a cash bar and some drink tickets will be available from Policy @ DEF CON. Mark your calendars for Friday, August 11th, 6:30PM - 10PM, at Caesar’s Forum in rooms 221-223 (AKA the Plounge). \n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#697bd0","updated_at":"2024-06-07T03:38+0000","name":"Event","id":45638},"title":"Hacking Policy & Prompts - Happy Hour","end_timestamp":{"seconds":1691816400,"nanoseconds":0},"android_description":"Join the [Hacking Policy Council](http://hackingpolicycouncil.org/) and the [AI Village](https://aivillage.org/) for a happy hour with hackers, policymakers, and AI experts. Have a beverage with us and discuss whether it is a hacking crime to lie to AI, what governments are doing about vulnerabilities disclosure, and the ultimate AI hacking challenge. There will be a cash bar and some drink tickets will be available from Policy @ DEF CON. Mark your calendars for Friday, August 11th, 6:30PM - 10PM, at Caesar’s Forum in rooms 221-223 (AKA the Plounge).","updated_timestamp":{"seconds":1690143900,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246415"}],"end":"2023-08-12T05:00:00.000-0000","id":51101,"village_id":null,"begin_timestamp":{"seconds":1691803800,"nanoseconds":0},"tag_ids":[45638,45646],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 223 - Plounge","hotel":"","short_name":"Summit - 223 - Plounge","id":45877},"updated":"2023-07-23T20:25:00.000-0000","begin":"2023-08-12T01:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Featuring performances by:\r\n\r\n - 18:00 – 19:00 – DJ PatAttack\r\n - 19:00 – 20:00 – kampf\r\n - 20:00 – 21:00 – Scotch and Bubbles\r\n - 21:00 – 22:00 – DJ St3rling\r\n - 22:00 – 23:00 – Acid T\r\n - 23:00 – 00:00 – CTRL/rsm\r\n - 00:00 – 01:00 – Spice Rack\r\n - 01:00 – 02:00 – Magik Plan\r\n\r\n\r\nACK Stage is located in front of the doors to rooms 117/118 in the Forum Pre-function 2. Look for the tents and the beats!\r\n\n\n\n","title":"Music Set / Entertainment (Friday, ACK Stage)","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#9b8b77","name":"Entertainment","id":45637},"end_timestamp":{"seconds":1691830800,"nanoseconds":0},"android_description":"Featuring performances by:\r\n\r\n - 18:00 – 19:00 – DJ PatAttack\r\n - 19:00 – 20:00 – kampf\r\n - 20:00 – 21:00 – Scotch and Bubbles\r\n - 21:00 – 22:00 – DJ St3rling\r\n - 22:00 – 23:00 – Acid T\r\n - 23:00 – 00:00 – CTRL/rsm\r\n - 00:00 – 01:00 – Spice Rack\r\n - 01:00 – 02:00 – Magik Plan\r\n\r\n\r\nACK Stage is located in front of the doors to rooms 117/118 in the Forum Pre-function 2. Look for the tents and the beats!","updated_timestamp":{"seconds":1691610660,"nanoseconds":0},"speakers":[{"content_ids":[51531],"conference_id":96,"event_ids":[51687],"name":"Acid T","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitch","sort_order":0,"url":"https://www.twitch.tv/theacidt"}],"media":[],"id":50643},{"content_ids":[51531],"conference_id":96,"event_ids":[51687],"name":"CTRL/rsm","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Instagram","sort_order":0,"url":"https://www.instagram.com/ctrlrsm/"}],"media":[],"id":50647},{"content_ids":[51531],"conference_id":96,"event_ids":[51687],"name":"DJ PatAttack","affiliations":[],"links":[{"description":"","title":"Linktree","sort_order":0,"url":"https://linktr.ee/djpatattack"}],"pronouns":null,"media":[],"id":50650},{"content_ids":[51531],"conference_id":96,"event_ids":[51687],"name":"DJ St3rling","affiliations":[],"links":[{"description":"","title":"Facebook","sort_order":0,"url":"https://www.facebook.com/OfficialDjSt3rling"}],"pronouns":null,"media":[],"id":50652},{"content_ids":[51531],"conference_id":96,"event_ids":[51687],"name":"kampf","affiliations":[],"links":[{"description":"","title":"Website","sort_order":0,"url":"https://nerdshow.com/"}],"pronouns":null,"media":[],"id":50663},{"content_ids":[51531],"conference_id":96,"event_ids":[51687],"name":"Magik Plan","affiliations":[],"links":[{"description":"","title":"Facebook","sort_order":0,"url":"https://facebook.com/magikplan"}],"pronouns":null,"media":[],"id":50665},{"content_ids":[51531],"conference_id":96,"event_ids":[51687],"name":"Scotch and Bubbles","affiliations":[],"links":[{"description":"","title":"SoundCloud","sort_order":0,"url":"https://soundcloud.com/secbarbie"}],"pronouns":null,"media":[],"id":50676},{"content_ids":[51531],"conference_id":96,"event_ids":[51687],"name":"Spice Rack","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Linktree","sort_order":0,"url":"https://linktr.ee/hanzdwight"}],"media":[],"id":50679}],"timeband_id":990,"links":[],"end":"2023-08-12T09:00:00.000-0000","id":51687,"tag_ids":[45637,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691802000,"nanoseconds":0},"includes":"","people":[{"tag_id":45774,"sort_order":1,"person_id":50643},{"tag_id":45774,"sort_order":1,"person_id":50647},{"tag_id":45774,"sort_order":1,"person_id":50650},{"tag_id":45774,"sort_order":1,"person_id":50652},{"tag_id":45774,"sort_order":1,"person_id":50665},{"tag_id":45774,"sort_order":1,"person_id":50676},{"tag_id":45774,"sort_order":1,"person_id":50679},{"tag_id":45774,"sort_order":1,"person_id":50663}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45722,"name":"Caesars Forum - Forum Pre-Function 2 - ACK Stage","hotel":"","short_name":"Forum Pre-Function 2 - ACK Stage","id":45901},"updated":"2023-08-09T19:51:00.000-0000","begin":"2023-08-12T01:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The BIC Lituation Party is designed to have a night's worth of different activities that DEF CON attendees are able to browse and fit into their DEF CON schedule for networking, knowledge sharing and fun!\r\n\r\nThe event will break into three sections throughout the night:\r\n\r\n“Mild”\r\n6:00 pm - 8:00pm\r\nNetworking - Light music, Food and Drinks\r\n\r\n“Medium”\r\n8:00pm - 10:00pm\r\nNerdcore HipHop Showcase\r\n\r\n“Hot”\r\n10:00pm - Until (2:00 am)\r\nDJ Stage Set by DJ Roma of the DC Metro Area.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#bfb17d","name":"Party","id":45642},"title":"Blacks in Cyber Lituation Party","android_description":"The BIC Lituation Party is designed to have a night's worth of different activities that DEF CON attendees are able to browse and fit into their DEF CON schedule for networking, knowledge sharing and fun!\r\n\r\nThe event will break into three sections throughout the night:\r\n\r\n“Mild”\r\n6:00 pm - 8:00pm\r\nNetworking - Light music, Food and Drinks\r\n\r\n“Medium”\r\n8:00pm - 10:00pm\r\nNerdcore HipHop Showcase\r\n\r\n“Hot”\r\n10:00pm - Until (2:00 am)\r\nDJ Stage Set by DJ Roma of the DC Metro Area.","end_timestamp":{"seconds":1691830800,"nanoseconds":0},"updated_timestamp":{"seconds":1690135800,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-12T09:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245833"},{"label":"Website","type":"link","url":"https://blacksincyberconf.com"},{"label":"Twitter (@BlackInCyberCo1)","type":"link","url":"https://twitter.com/@BlackInCyberCo1"}],"id":51544,"tag_ids":[45642,45646,45743],"begin_timestamp":{"seconds":1691802000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 301-304 - Blacks in Cyber Village","hotel":"","short_name":"Alliance - 301-304 - Blacks in Cyber Village","id":45865},"spans_timebands":"Y","updated":"2023-07-23T18:10:00.000-0000","begin":"2023-08-12T01:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Do you like Pub Quiz please join us in participating in the first ever Pub Quiz at DEF CON. Quiz will consist of 7 rounds from Question from 90s TV shows, Movies, and DEF CON questions. The quiz will be theme will be all things DEF CON. There will be visual and audio rounds so not just boring questions. People will group into teams of 5 and a cash prize will be provided for 1st, 2nd, and 3rd high scoring groups. Ties will be broken by a dance off from a person of the tied teams. \r\n\r\n1st Prize $1,000 \r\n2nd Prize $300 \r\n3rd Prize $200 \n\n\n","title":"Pub Quiz at DEF CON","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"end_timestamp":{"seconds":1691811000,"nanoseconds":0},"android_description":"Do you like Pub Quiz please join us in participating in the first ever Pub Quiz at DEF CON. Quiz will consist of 7 rounds from Question from 90s TV shows, Movies, and DEF CON questions. The quiz will be theme will be all things DEF CON. There will be visual and audio rounds so not just boring questions. People will group into teams of 5 and a cash prize will be provided for 1st, 2nd, and 3rd high scoring groups. Ties will be broken by a dance off from a person of the tied teams. \r\n\r\n1st Prize $1,000 \r\n2nd Prize $300 \r\n3rd Prize $200","updated_timestamp":{"seconds":1690142340,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245252"}],"end":"2023-08-12T03:30:00.000-0000","id":51501,"tag_ids":[45635,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691802000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 121-123, 129, 137 - Chillout","hotel":"","short_name":"Forum - 121-123, 129, 137 - Chillout","id":45854},"spans_timebands":"N","updated":"2023-07-23T19:59:00.000-0000","begin":"2023-08-12T01:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"A fireside chat with Director Walden. Director Walden is the current acting National Cyber Director for the Biden-Harris Administration.\n\n\n","title":"Fireside Chat with the National Cyber Director Kemba Walden","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"android_description":"A fireside chat with Director Walden. Director Walden is the current acting National Cyber Director for the Biden-Harris Administration.","end_timestamp":{"seconds":1691802900,"nanoseconds":0},"updated_timestamp":{"seconds":1688178900,"nanoseconds":0},"speakers":[{"content_ids":[50648],"conference_id":96,"event_ids":[50843],"name":"Kemba Walden","affiliations":[{"organization":"Office of the National Cyber Director, The White House","title":"Acting National Cyber Director"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/KembaWalden46"}],"pronouns":"she/her","media":[],"id":49932,"title":"Acting National Cyber Director at Office of the National Cyber Director, The White House"}],"timeband_id":990,"links":[{"label":"ONCD Twitter","type":"link","url":"https://twitter.com/@ONCD"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246101"},{"label":"National Cybersecurity Strategy","type":"link","url":"https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf"}],"end":"2023-08-12T01:15:00.000-0000","id":50843,"begin_timestamp":{"seconds":1691800200,"nanoseconds":0},"tag_ids":[45589,45646,45766],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49932}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 407-410 - Track 4","hotel":"","short_name":"Academy - 407-410 - Track 4","id":45799},"updated":"2023-07-01T02:35:00.000-0000","begin":"2023-08-12T00:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Microsoft Azure is ripe with user information disclosures. We are going to look at weaponizing these disclosures by performing data collection at a large scale against OneDrive, Teams, and Graph.\r\n\r\nOneDrive and Teams present silent enumeration methods, requiring no logon attempts and creating no logs. This enables enumeration at a massive scale against the biggest corporations, educational instututes, and government entities in the world. Over the last 1.5 years I have enumerated over 20m users. We will explore the techniques used and the data that was collected, including Azure adoption rates and analysis of username formats.\r\n\r\nMicrosoft Teams suffers from information dislcosure due to default settings allowing users to see the online presence of others. An undocumented, unauthenticated Microsoft Teams Presence lookup trick will be shared, which enables easy unauthenticated enumeration of the online Teams Presence of users at many organizations. To demonstrate this we will monitor approximately 100,000 Microsoft employees' online presence and any out-of-office messages that are stored.\r\n\r\nFinally, Azure supports Guest users, allowing two companies to collaborate on a project. I will unveil a method of identifying Azure Guest users at other tenants. In this way, hidden corporate relationships can be revealed.\r\n\r\nRelated exploits identified include:\r\n Microsoft Lync Time-Based User Enum (no CVE - 2016)\r\n Microsoft Skype for Business 2016 XSS Injection - CVE-2017-8550\r\n Microsoft Lync 2011 for Mac HTML Injection - CVE-2018-8474\r\n\r\nRelated Tools:\r\n onedrive_user_enum\r\n o365recon\r\n lyncsmash\r\n \r\n\r\nREFERENCES:\r\n\r\nhttps://github.com/nyxgeek/onedrive_user_enum\r\nhttps://github.com/Flangvik/TeamFiltration/\n\n\n","title":"Track the Planet! Mapping Identities, Monitoring Presence, and Decoding Business Alliances in the Azure Ecosystem","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691801400,"nanoseconds":0},"android_description":"Microsoft Azure is ripe with user information disclosures. We are going to look at weaponizing these disclosures by performing data collection at a large scale against OneDrive, Teams, and Graph.\r\n\r\nOneDrive and Teams present silent enumeration methods, requiring no logon attempts and creating no logs. This enables enumeration at a massive scale against the biggest corporations, educational instututes, and government entities in the world. Over the last 1.5 years I have enumerated over 20m users. We will explore the techniques used and the data that was collected, including Azure adoption rates and analysis of username formats.\r\n\r\nMicrosoft Teams suffers from information dislcosure due to default settings allowing users to see the online presence of others. An undocumented, unauthenticated Microsoft Teams Presence lookup trick will be shared, which enables easy unauthenticated enumeration of the online Teams Presence of users at many organizations. To demonstrate this we will monitor approximately 100,000 Microsoft employees' online presence and any out-of-office messages that are stored.\r\n\r\nFinally, Azure supports Guest users, allowing two companies to collaborate on a project. I will unveil a method of identifying Azure Guest users at other tenants. In this way, hidden corporate relationships can be revealed.\r\n\r\nRelated exploits identified include:\r\n Microsoft Lync Time-Based User Enum (no CVE - 2016)\r\n Microsoft Skype for Business 2016 XSS Injection - CVE-2017-8550\r\n Microsoft Lync 2011 for Mac HTML Injection - CVE-2018-8474\r\n\r\nRelated Tools:\r\n onedrive_user_enum\r\n o365recon\r\n lyncsmash\r\n \r\n\r\nREFERENCES:\r\n\r\nhttps://github.com/nyxgeek/onedrive_user_enum\r\nhttps://github.com/Flangvik/TeamFiltration/","updated_timestamp":{"seconds":1688183460,"nanoseconds":0},"speakers":[{"content_ids":[50673],"conference_id":96,"event_ids":[50825],"name":"nyxgeek","affiliations":[{"organization":"TrustedSec","title":"Hacker"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@nyxgeek"}],"pronouns":"he/him","media":[],"id":49971,"title":"Hacker at TrustedSec"}],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246126"}],"end":"2023-08-12T00:50:00.000-0000","id":50825,"tag_ids":[45589,45629,45630,45646,45766],"village_id":null,"begin_timestamp":{"seconds":1691800200,"nanoseconds":0},"includes":"Tool 🛠, Exploit 🪲","people":[{"tag_id":45590,"sort_order":1,"person_id":49971}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 130-134 - Track 3","hotel":"","short_name":"Forum - 130-134 - Track 3","id":45798},"spans_timebands":"N","begin":"2023-08-12T00:30:00.000-0000","updated":"2023-07-01T03:51:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"CVSS is a headache for everyone, but we all use it. Has anyone actually checked to see if it works the way it should? Or where and why it fails? Trying to manually analyze every single CVE is painstaking. And what if CVSS isn’t actually working? Is there something better out there? What if we used science, like you know, an adult, and measured something? Grab your protractors and slide rules and sextants as we explore the exceedingly exciting world of vulnerability management, risk management’s slightly more edgy cousin. This talk will explore what rescoring vulnerabilities with CVSS does and doesn’t do, and what we should do next to fill the gaps. PREVIOUSLY: ChatGPT took the world by storm. But what if we tried to use it to write a clinical application? And do it securely? Will the code compile? Will the data actually be secure? This talk will go over a PoC where we put it to the test.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"CVE Insanity","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"CVSS is a headache for everyone, but we all use it. Has anyone actually checked to see if it works the way it should? Or where and why it fails? Trying to manually analyze every single CVE is painstaking. And what if CVSS isn’t actually working? Is there something better out there? What if we used science, like you know, an adult, and measured something? Grab your protractors and slide rules and sextants as we explore the exceedingly exciting world of vulnerability management, risk management’s slightly more edgy cousin. This talk will explore what rescoring vulnerabilities with CVSS does and doesn’t do, and what we should do next to fill the gaps. PREVIOUSLY: ChatGPT took the world by storm. But what if we tried to use it to write a clinical application? And do it securely? Will the code compile? Will the data actually be secure? This talk will go over a PoC where we put it to the test.","updated_timestamp":{"seconds":1689115920,"nanoseconds":0},"speakers":[{"content_ids":[51045],"conference_id":96,"event_ids":[51077],"name":"Om Mahida","affiliations":[{"organization":"MedCrypt","title":""}],"links":[],"pronouns":null,"media":[],"id":50230,"title":"MedCrypt"}],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":51077,"tag_ids":[45645,45647,45717],"begin_timestamp":{"seconds":1691799600,"nanoseconds":0},"village_id":68,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50230}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Laughlin I,II,III - Biohacking Village","hotel":"","short_name":"Laughlin I,II,III - Biohacking Village","id":45663},"updated":"2023-07-11T22:52:00.000-0000","begin":"2023-08-12T00:20:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Rafal Janik will argue for the proposition Konstantinos Karagiannis will argue against\r\n\r\nfor each talk: Opening - Bob introduces the topic 5 mins - speaker FOR the proposition 5 mins - speaker AGAINST the proposition ~10mins - rebuttals ~15mins - audience questions/comments 5 minis Vote & results and wrap up.\n\n\n","title":"Debate: NISQ and the future of Quantum Advantage: This village believes the current state of NISQ is already enabling quantum advantage for those who know how to use these technologies","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"Rafal Janik will argue for the proposition Konstantinos Karagiannis will argue against\r\n\r\nfor each talk: Opening - Bob introduces the topic 5 mins - speaker FOR the proposition 5 mins - speaker AGAINST the proposition ~10mins - rebuttals ~15mins - audience questions/comments 5 minis Vote & results and wrap up.","updated_timestamp":{"seconds":1691795760,"nanoseconds":0},"speakers":[{"content_ids":[52180,52412],"conference_id":96,"event_ids":[52708,52428],"name":"Konstantinos Karagiannis","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51429},{"content_ids":[52404,52412],"conference_id":96,"event_ids":[52708,52699],"name":"Rafal Janik","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51623}],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52708,"begin_timestamp":{"seconds":1691799300,"nanoseconds":0},"tag_ids":[40291,45645,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51429},{"tag_id":45590,"sort_order":1,"person_id":51623}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Quantum Village","hotel":"","short_name":"Quantum Village","id":45741},"begin":"2023-08-12T00:15:00.000-0000","updated":"2023-08-11T23:16:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Join the Founders of the Social Engineering Community as they break down this year’s Vishing Competition (#SECVC). They’ll talk about how the competition is organized, and some of the big takeaways, trends, and surprises (both good and bad) from the OSINT and Vishing Plan reports. They’ll also recount some of the highlights from this year’s live calls.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"A Slice of Deception: The 2023 #SECVC Debrief","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"Join the Founders of the Social Engineering Community as they break down this year’s Vishing Competition (#SECVC). They’ll talk about how the competition is organized, and some of the big takeaways, trends, and surprises (both good and bad) from the OSINT and Vishing Plan reports. They’ll also recount some of the highlights from this year’s live calls.","updated_timestamp":{"seconds":1690591800,"nanoseconds":0},"speakers":[{"content_ids":[51550],"conference_id":96,"event_ids":[51719],"name":"Snow","affiliations":[{"organization":"IBM","title":"Chief People Hacker"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/stephanie-carruthers/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/_sn0ww"}],"pronouns":null,"media":[],"id":50698,"title":"Chief People Hacker at IBM"},{"content_ids":[51550],"conference_id":96,"event_ids":[51719],"name":"JC","affiliations":[{"organization":"Snowfenive","title":"President"}],"links":[{"description":"","title":"","sort_order":0,"url":"http://www.linkedin.com/in/jcsocal"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/JC_SoCal"}],"pronouns":null,"media":[],"id":50699,"title":"President at Snowfenive"}],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":51719,"village_id":null,"begin_timestamp":{"seconds":1691799300,"nanoseconds":0},"tag_ids":[40302,45645,45649,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50699},{"tag_id":45590,"sort_order":1,"person_id":50698}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social A - Social Engineering Community","hotel":"","short_name":"Social A - Social Engineering Community","id":45736},"begin":"2023-08-12T00:15:00.000-0000","updated":"2023-07-29T00:50:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Pen Test Partners invites you to pull up a free beer and join us for further adventures in hacking electronic flight bags (EFBs), and then a fun rant at terrible aviation hacking in the movies to close the first day at the aerospace village.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Pen Test Partners Power Hour","android_description":"Pen Test Partners invites you to pull up a free beer and join us for further adventures in hacking electronic flight bags (EFBs), and then a fun rant at terrible aviation hacking in the movies to close the first day at the aerospace village.","end_timestamp":{"seconds":1691801400,"nanoseconds":0},"updated_timestamp":{"seconds":1691101200,"nanoseconds":0},"speakers":[{"content_ids":[51483,52155],"conference_id":96,"event_ids":[51639,52385],"name":"Ken Munro","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50556},{"content_ids":[52155],"conference_id":96,"event_ids":[52385],"name":"Alex Lomas","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51402}],"timeband_id":990,"links":[],"end":"2023-08-12T00:50:00.000-0000","id":52385,"village_id":null,"begin_timestamp":{"seconds":1691798400,"nanoseconds":0},"tag_ids":[40280,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51402},{"tag_id":45590,"sort_order":1,"person_id":50556}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"begin":"2023-08-12T00:00:00.000-0000","updated":"2023-08-03T22:20:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Ghost in the Neurons will reveal for the first time how an interactive remote shell can be operated via machine learning deep neural networks that are accessible through inference APIs. Somewhat akin to webshells, ML reverse shells can be implanted into pre-trained models by an adversary and used to perform initial compromise or maintain persistence within an environment while conducting command and control communications surreptitiously over legitimate channels. Alongside traditional features you’d expect to see in a backdoor, such as an interactive remote shell, upload/download/execute commands etc., ML “webshells” can also provide bespoke functionality allowing an attacker to steal input features, perform fault injection and tamper with a model’s predictions.\r\n\r\nIn this talk, we will explain how machine learning models can be abused to operate a covert remote shell and backdoor. We will demonstrate how to capture commands from the model’s vectorized feature input, how to encode responses to the attacker via the model’s output predictions, and how ML shells can be deployed, either through direct code insertion or data deserialization flaws that can be leveraged when loading models. We will also show how most stages of the attack evade detection from traditional security solutions.\r\n\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Ghost in the Neurons - ML Webshells","end_timestamp":{"seconds":1691801700,"nanoseconds":0},"android_description":"Ghost in the Neurons will reveal for the first time how an interactive remote shell can be operated via machine learning deep neural networks that are accessible through inference APIs. Somewhat akin to webshells, ML reverse shells can be implanted into pre-trained models by an adversary and used to perform initial compromise or maintain persistence within an environment while conducting command and control communications surreptitiously over legitimate channels. Alongside traditional features you’d expect to see in a backdoor, such as an interactive remote shell, upload/download/execute commands etc., ML “webshells” can also provide bespoke functionality allowing an attacker to steal input features, perform fault injection and tamper with a model’s predictions.\r\n\r\nIn this talk, we will explain how machine learning models can be abused to operate a covert remote shell and backdoor. We will demonstrate how to capture commands from the model’s vectorized feature input, how to encode responses to the attacker via the model’s output predictions, and how ML shells can be deployed, either through direct code insertion or data deserialization flaws that can be leveraged when loading models. We will also show how most stages of the attack evade detection from traditional security solutions.","updated_timestamp":{"seconds":1691031420,"nanoseconds":0},"speakers":[{"content_ids":[52053],"conference_id":96,"event_ids":[52272],"name":"Tom Bonner","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51296}],"timeband_id":990,"links":[],"end":"2023-08-12T00:55:00.000-0000","id":52272,"tag_ids":[40299,45645,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691798400,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51296}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 401-406 - AI Village","hotel":"","short_name":"Academy - 401-406 - AI Village","id":45870},"spans_timebands":"N","updated":"2023-08-03T02:57:00.000-0000","begin":"2023-08-12T00:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Spoofing certificates with MD5 collisions - party like it's 2008!","android_description":"","end_timestamp":{"seconds":1691801100,"nanoseconds":0},"updated_timestamp":{"seconds":1691025720,"nanoseconds":0},"speakers":[{"content_ids":[52027],"conference_id":96,"event_ids":[52243],"name":"Tomer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51272},{"content_ids":[52027],"conference_id":96,"event_ids":[52243],"name":"Yoni","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51274}],"timeband_id":990,"links":[],"end":"2023-08-12T00:45:00.000-0000","id":52243,"begin_timestamp":{"seconds":1691798400,"nanoseconds":0},"village_id":null,"tag_ids":[40308,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51272},{"tag_id":45590,"sort_order":1,"person_id":51274}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset - Vista - Crypto & Privacy Village","hotel":"","short_name":"Sunset - Vista - Crypto & Privacy Village","id":45702},"updated":"2023-08-03T01:22:00.000-0000","begin":"2023-08-12T00:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"As the global pivot to mobile continues and demand for smart devices grows stronger, apps are the main interface between users and the internet, and app stores are the stewards of this ecosystem. App stores are an increasingly valuable target for cyber attacks, with malicious apps stealing vast amounts of data, hijacking devices, and defrauding users of money and personal data. As our usage of apps continues to accelerate at pace, protecting app users from these threats is a collective challenge for governments, hackers, and the cyber security community as a whole.\r\n\r\nIn this fireside discussion, Charlie Gladstone from the UK's Department for Science, Innovation and Technology will provide an overview of the UK's approach to tackling this issue, and discuss the challenges facing governments in securing apps and app stores. This is an opportunity to discuss the distinct challenges we see in the management of app security, and how these risks vary between different countries. As geopolitical trends continue to shape the development of the internet, this Q&A will explore how governments can work with the hacking community to strengthen app stores and app security across the world.\n\n\n","title":"Keeping stores safe: how do we better secure apps and app stores?","type":{"conference_id":96,"conference":"DEFCON31","color":"#d653b1","updated_at":"2024-06-07T03:38+0000","name":"Village Panel","id":45771},"android_description":"As the global pivot to mobile continues and demand for smart devices grows stronger, apps are the main interface between users and the internet, and app stores are the stewards of this ecosystem. App stores are an increasingly valuable target for cyber attacks, with malicious apps stealing vast amounts of data, hijacking devices, and defrauding users of money and personal data. As our usage of apps continues to accelerate at pace, protecting app users from these threats is a collective challenge for governments, hackers, and the cyber security community as a whole.\r\n\r\nIn this fireside discussion, Charlie Gladstone from the UK's Department for Science, Innovation and Technology will provide an overview of the UK's approach to tackling this issue, and discuss the challenges facing governments in securing apps and app stores. This is an opportunity to discuss the distinct challenges we see in the management of app security, and how these risks vary between different countries. As geopolitical trends continue to shape the development of the internet, this Q&A will explore how governments can work with the hacking community to strengthen app stores and app security across the world.","end_timestamp":{"seconds":1691801400,"nanoseconds":0},"updated_timestamp":{"seconds":1690824720,"nanoseconds":0},"speakers":[{"content_ids":[51502,51510,51523],"conference_id":96,"event_ids":[51658,51666,51679],"name":"Charlie Gladstone","affiliations":[{"organization":"UK Department for Science, Innovation, and Technology","title":""}],"links":[],"pronouns":null,"media":[],"id":50588,"title":"UK Department for Science, Innovation, and Technology"},{"content_ids":[51515,51510,51502,52243],"conference_id":96,"event_ids":[52498,51658,51666,51671],"name":"David Rogers","affiliations":[{"organization":"Copper Horse","title":"CEO"}],"links":[],"pronouns":null,"media":[],"id":50598,"title":"CEO at Copper Horse"}],"timeband_id":990,"links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"end":"2023-08-12T00:50:00.000-0000","id":51666,"tag_ids":[40310,45646,45743,45771],"village_id":null,"begin_timestamp":{"seconds":1691798400,"nanoseconds":0},"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":50588},{"tag_id":45632,"sort_order":1,"person_id":50598}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 218-219 - Policy Rotunda","hotel":"","short_name":"Summit - 218-219 - Policy Rotunda","id":45824},"updated":"2023-07-31T17:32:00.000-0000","begin":"2023-08-12T00:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Most of us acknowledge that collaboration between hackers and policymakers is necessary and beneficial. Specifically, the security research community is more effective in supporting security improvements for state and local government entities when they work collaboratively with government officials. We also know building bridges between these communities, each of which includes a diverse makeup of individuals and organizations, is not a simple task. Several years ago, the National Association of Secretaries of State (NASS) and a small group of hackers began construction on one such bridge. This session shares lessons learned from that experience. NASS created an interactive event, called Hacking Demystified, which complements broader efforts to educate and foster relationship-building. We will provide examples of where we have found success and seek input from the audience on how to further expand our work. We will generate ideas for how everyone in the room may create more opportunities for productive collaboration between security researchers and state government officials. Join us to learn more about how NASS is demystifying hacking and participate in a brainstorming session on how we may all work together to further increase knowledge and understanding across our communities.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d653b1","name":"Village Panel","id":45771},"title":"Demystifying Hacking for Government Officials","android_description":"Most of us acknowledge that collaboration between hackers and policymakers is necessary and beneficial. Specifically, the security research community is more effective in supporting security improvements for state and local government entities when they work collaboratively with government officials. We also know building bridges between these communities, each of which includes a diverse makeup of individuals and organizations, is not a simple task. Several years ago, the National Association of Secretaries of State (NASS) and a small group of hackers began construction on one such bridge. This session shares lessons learned from that experience. NASS created an interactive event, called Hacking Demystified, which complements broader efforts to educate and foster relationship-building. We will provide examples of where we have found success and seek input from the audience on how to further expand our work. We will generate ideas for how everyone in the room may create more opportunities for productive collaboration between security researchers and state government officials. Join us to learn more about how NASS is demystifying hacking and participate in a brainstorming session on how we may all work together to further increase knowledge and understanding across our communities.","end_timestamp":{"seconds":1691801400,"nanoseconds":0},"updated_timestamp":{"seconds":1690430580,"nanoseconds":0},"speakers":[{"content_ids":[51503],"conference_id":96,"event_ids":[51659],"name":"Brad Manuel","affiliations":[{"organization":"Louisiana Secretary of State’s Office","title":"Chief Information Officer"}],"links":[],"pronouns":null,"media":[],"id":50581,"title":"Chief Information Officer at Louisiana Secretary of State’s Office"},{"content_ids":[51503,51499],"conference_id":96,"event_ids":[51655,51659],"name":"Lindsey Forson","affiliations":[{"organization":"National Association of Secretaries of State","title":"Deputy Executive Director"}],"links":[],"pronouns":null,"media":[],"id":50599,"title":"Deputy Executive Director at National Association of Secretaries of State"},{"content_ids":[51503,51523,51524],"conference_id":96,"event_ids":[51659,51679,51680],"name":"Jack Cable","affiliations":[{"organization":"Cybersecurity and Infrastructure Security Agency (CISA)","title":"Senior Technical Advisor"}],"links":[],"pronouns":null,"media":[],"id":50609,"title":"Senior Technical Advisor at Cybersecurity and Infrastructure Security Agency (CISA)"},{"content_ids":[51503],"conference_id":96,"event_ids":[51659],"name":"Jason Ingalls","affiliations":[{"organization":"Ingalls Information Security","title":"Founder & CEO"}],"links":[],"pronouns":null,"media":[],"id":50610,"title":"Founder & CEO at Ingalls Information Security"},{"content_ids":[51503],"conference_id":96,"event_ids":[51659],"name":"Michael Ross","affiliations":[{"organization":"Iowa Secretary of State’s Office","title":"Deputy Secretary of State and Chief of Staff"}],"links":[],"pronouns":null,"media":[],"id":50625,"title":"Deputy Secretary of State and Chief of Staff at Iowa Secretary of State’s Office"}],"timeband_id":990,"links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"end":"2023-08-12T00:50:00.000-0000","id":51659,"village_id":null,"tag_ids":[40310,45646,45743,45771,45836],"begin_timestamp":{"seconds":1691798400,"nanoseconds":0},"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":50581},{"tag_id":45632,"sort_order":1,"person_id":50609},{"tag_id":45632,"sort_order":1,"person_id":50610},{"tag_id":45632,"sort_order":1,"person_id":50599},{"tag_id":45632,"sort_order":1,"person_id":50625}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 221-222 - Policy Atrium","hotel":"","short_name":"Summit - 221-222 - Policy Atrium","id":45878},"updated":"2023-07-27T04:03:00.000-0000","begin":"2023-08-12T00:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The story of the investigation into the device that I believe was used to steal my 2021 Toyota RAV4 in July 2022 using 'CAN Injection'\r\n\r\nThere will be low level details on how the CAN bus works, how the 'theft device' spoofs CAN frames and using a modified transceiver to stop other ECUs communicating. We will also explain the disclosure process and possible fixes. Get the full story in the [blog](https://kentindell.github.io/2023/04/03/can-injection/).\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"How an automotive security researcher had his car stolen via 'CAN Injection'","end_timestamp":{"seconds":1691800800,"nanoseconds":0},"android_description":"The story of the investigation into the device that I believe was used to steal my 2021 Toyota RAV4 in July 2022 using 'CAN Injection'\r\n\r\nThere will be low level details on how the CAN bus works, how the 'theft device' spoofs CAN frames and using a modified transceiver to stop other ECUs communicating. We will also explain the disclosure process and possible fixes. Get the full story in the [blog](https://kentindell.github.io/2023/04/03/can-injection/).","updated_timestamp":{"seconds":1690860540,"nanoseconds":0},"speakers":[{"content_ids":[51465],"conference_id":96,"event_ids":[51621],"name":"Ian Tabor","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/mintynet/"}],"pronouns":null,"media":[],"id":50524},{"content_ids":[51465],"conference_id":96,"event_ids":[51621],"name":"Ken Tindell","affiliations":[{"organization":"Canis Labs","title":"CTO"}],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/kentindell/"}],"media":[],"id":50528,"title":"CTO at Canis Labs"}],"timeband_id":990,"links":[],"end":"2023-08-12T00:40:00.000-0000","id":51621,"begin_timestamp":{"seconds":1691798400,"nanoseconds":0},"village_id":null,"tag_ids":[40283,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50524},{"tag_id":45590,"sort_order":1,"person_id":50528}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 232-233 - Shared Stage","hotel":"","short_name":"Summit - 232-233 - Shared Stage","id":45900},"spans_timebands":"N","updated":"2023-08-01T03:29:00.000-0000","begin":"2023-08-12T00:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Lonely Hackers Club - Name That Noob","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#77d8b8","name":"Misc","id":45640},"end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1690163220,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":51591,"tag_ids":[45640,45648,45743],"village_id":null,"begin_timestamp":{"seconds":1691798400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Laughlin - Lonely Hackers Club","hotel":"","short_name":"Laughlin - Lonely Hackers Club","id":45898},"updated":"2023-07-24T01:47:00.000-0000","begin":"2023-08-12T00:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Thursday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nFriday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSaturday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSunday\r\n12:00 -13:00\n\n\n","title":"Friends of Bill W","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d1c366","name":"Meetup","id":45639},"android_description":"Thursday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nFriday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSaturday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSunday\r\n12:00 -13:00","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1690131120,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":51573,"village_id":null,"tag_ids":[45639,45648,45743],"begin_timestamp":{"seconds":1691798400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Studio 1 - Friends of Bill W","hotel":"","short_name":"Studio 1 - Friends of Bill W","id":45707},"spans_timebands":"N","begin":"2023-08-12T00:00:00.000-0000","updated":"2023-07-23T16:52:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Returning to the stage for Defcon 30 was surreal and we’d be honored to return for the 5th year. Hack3r Runw@y brings out all the sheik geeks out there. It encourages rethinking fashion in the eyes of hackers. Be it smartwear, LED additions, obfuscation, cosplay or just everyday wear using fabrics and textures that are familiar to the community. Contestants can enter clothing, shoes, jewelry, hats or accessories. If it can be worn, it is perfect for the runway. For convenience, contestants can enter the contest with designs made ahead of the conference, however it needs to be made by them and not just store bought. Hack3r Runway is perfect for everyone whether technologically savvy or just crafty.\r\n\r\nAwards will be handed out in 4 categories and one trophy for the People’s Choice category where the winner is anyone’s guess:\r\n- Digital wearable - LED, electronic, passive\r\n- Smart wear - interactive, temperature sensing, mood changing, card skimmers, etc\r\n- Aesthetics (non-electronic)- 3d printed, geeky/nerdy wear, obfuscation, cosplay\r\n- Functional wear - did you bling out your mask and/or shield, have a hazmat suit, lock pick earrings, cufflinks shims\r\n\r\nWinners will be selected based on, but not limited to:\r\n- Uniqueness\r\n- Trendy\r\n- Practical\r\n- Couture\r\n- Creativity\r\n- Relevance\r\n- Originality\r\n- Presentation\r\n- Mastery\r\n\r\nFriday and Saturday, 14:00 - 16:00, Signup to walk the Contest Stage/Runway 15:30-16:30, Stage show 17:00 - 18:00\r\n\r\n--\r\n\r\nIs for all ages but no kid specific category.\n\n\n","title":"Hack3r Runw@y","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"Returning to the stage for Defcon 30 was surreal and we’d be honored to return for the 5th year. Hack3r Runw@y brings out all the sheik geeks out there. It encourages rethinking fashion in the eyes of hackers. Be it smartwear, LED additions, obfuscation, cosplay or just everyday wear using fabrics and textures that are familiar to the community. Contestants can enter clothing, shoes, jewelry, hats or accessories. If it can be worn, it is perfect for the runway. For convenience, contestants can enter the contest with designs made ahead of the conference, however it needs to be made by them and not just store bought. Hack3r Runway is perfect for everyone whether technologically savvy or just crafty.\r\n\r\nAwards will be handed out in 4 categories and one trophy for the People’s Choice category where the winner is anyone’s guess:\r\n- Digital wearable - LED, electronic, passive\r\n- Smart wear - interactive, temperature sensing, mood changing, card skimmers, etc\r\n- Aesthetics (non-electronic)- 3d printed, geeky/nerdy wear, obfuscation, cosplay\r\n- Functional wear - did you bling out your mask and/or shield, have a hazmat suit, lock pick earrings, cufflinks shims\r\n\r\nWinners will be selected based on, but not limited to:\r\n- Uniqueness\r\n- Trendy\r\n- Practical\r\n- Couture\r\n- Creativity\r\n- Relevance\r\n- Originality\r\n- Presentation\r\n- Mastery\r\n\r\nFriday and Saturday, 14:00 - 16:00, Signup to walk the Contest Stage/Runway 15:30-16:30, Stage show 17:00 - 18:00\r\n\r\n--\r\n\r\nIs for all ages but no kid specific category.","updated_timestamp":{"seconds":1691289960,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Website","type":"link","url":"https://hack3rrunway.github.io"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711644666239647824"},{"label":"Twitter(@hack3rrunway)","type":"link","url":"https://twitter.com/@hack3rrunway"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245437"}],"end":"2023-08-12T01:00:00.000-0000","id":51474,"tag_ids":[45635,45646,45743,45763],"village_id":null,"begin_timestamp":{"seconds":1691798400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","updated":"2023-08-06T02:46:00.000-0000","begin":"2023-08-12T00:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"How can a Use After Free exploit in Ocarina of Time lead to a cute robot taking over an entire N64 to put the future (and the Triforce) in the game using only button presses? This talk dives into the technical details of how a Use After Free exploit, Arbitrary Code Execution, and multiple bootstrap stages allowed TASBot to take full control of an original, unmodified cart and console in front of a live audience during SGDQ 2022 with the help of Sauraen and Savestate, helping raise more than $228k for charity. This talk uses engaging explainer graphics courtesy of RGME to dig into how a Use After Free vulnerability can be exploited as well as a live demo showing the significant social impact of the exploit Here Together, in the past year and into the future. \r\n\r\nREFERENCES:\r\n\r\n### Project Info\r\n[FAQs](https://gettriforce.link/faq)\r\n[Credits](https://gettriforce.link/credits)\r\n[Retro Game Mechanics Explained explainer video, contents used with permission from IsoFrieze](https://www.youtube.com/watch?v=qBK1sq1BQ2Q)\r\n\r\n## Source code\r\n[Triforce% Source code release](https://github.com/triforce-percent/triforce-percent)\r\n\r\n### Articles posted about Triforce%\r\n[Ars Technica](https://arstechnica.com/gaming/2022/07/how-zelda-fans-changed-the-ending-to-ocarina-of-time-on-a-vanilla-n64/)\r\n[Forever Classic Games](https://foreverclassicgames.com/news/2022/7/tasbot-summer-games-done-quick-sgdq2022-zelda-link-triforce)\r\n[Zelda Dungeon](https://www.zeldadungeon.net/ocarina-of-time-speedrunners-obtain-the-triforce-in-wild-beta-showcase/)\r\n[Zelda Universe](https://zeldauniverse.net/2022/07/05/games-done-quick-features-astonishing-ocarina-of-time-beta-demonstration/)\r\n[PC Gamer](https://www.pcgamer.com/this-zelda-speedrun-built-on-urban-legends-is-an-all-time-gaming-moment/)\r\n[NintendoLife](https://www.nintendolife.com/news/2022/07/watch-this-insane-triforcepercent-speedrun-turns-zelda-ocarina-of-time-into-breath-of-the-wild)\r\n[GoNintendo](https://gonintendo.com/contents/5979-speedrunning-trick-turns-zelda-ocarina-of-time-into-breath-of-the-wild)\r\n\r\n### Setup info\r\n[Savestate’s notes on how to do the setup by hand](https://docs.google.com/document/d/1fglILK3PdZoT1uISGMJKzsm-wZ2tP5652ayjR86QNDU)\r\n[BizHawk savestate of gz macro to do setup](https://drive.google.com/file/d/1tbG5TcfgXAnaxGnA_DubNcAtJR--wCeb/view?usp=sharing)\r\n[BizHawk build needed for compatibility with that savestate](https://drive.google.com/file/d/1K_LOyQX2MRTDOEASBbHPHltTcMB1ZDdm/view?usp=sharing)\r\n\r\n### Raw video and photo assets for Triforce%:\r\n[Clean run video (for taking footage from)](https://www.youtube.com/watch?v=PZNywtNOe9U)\r\n[HD partial run video (for taking screenshots for branding)](https://www.youtube.com/watch?v=NNRqK1AQ_VY)\r\n[HD screenshots folder](https://drive.google.com/drive/folders/1uA5L-3pM1gBm_FDIDFX9zB5qrqo1Q1Cv?usp=sharing)\r\n\r\n### Partner and reactor links\r\n[SwankyBox](https://www.youtube.com/watch?v=1_RighmL04g)\r\n[Hard4Games](https://www.youtube.com/watch?v=f9cCtRYMKm4)\r\n[HMK](https://www.youtube.com/watch?v=mk1WwOu_AQQ) ([Interview](https://www.youtube.com/watch?v=buy6EcI2NKc))\r\n[TetraBitGaming](https://www.youtube.com/watch?v=gJ1hSMClhMI)\r\n\r\n### OST Published By SiIvaGunner\r\n[YouTube](https://www.youtube.com/watch?v=E1OYYi2Vzro&list=PLL0CQjrcN8D3qRiR5WUL5l_bPo2sIzdfr&index=155)\r\n[SoundCloud](https://soundcloud.com/sauraen/sets/triforce-percent)\r\n[SiIvaGunner wiki page](https://siivagunner.fandom.com/wiki/Triforce%25_SGDQ_Run)\r\n[SiIvaGunner joke explanations](https://gettriforce.link/siiva_jokes)\r\n\r\n## Credits\r\nThe primary director of Triforce% was Sauraen with Savestate as the human speedrunner and dwangoAC as the Producer; over two dozen people contributed, with full credits listed at https://gettriforce.link/credits\n\n\n","title":"Legend of Zelda: Use After Free (TASBot glitches the future into OoT)","type":{"conference_id":96,"conference":"DEFCON31","color":"#47c64e","updated_at":"2024-06-07T03:38+0000","name":"DEF CON War Story","id":45844},"android_description":"How can a Use After Free exploit in Ocarina of Time lead to a cute robot taking over an entire N64 to put the future (and the Triforce) in the game using only button presses? This talk dives into the technical details of how a Use After Free exploit, Arbitrary Code Execution, and multiple bootstrap stages allowed TASBot to take full control of an original, unmodified cart and console in front of a live audience during SGDQ 2022 with the help of Sauraen and Savestate, helping raise more than $228k for charity. This talk uses engaging explainer graphics courtesy of RGME to dig into how a Use After Free vulnerability can be exploited as well as a live demo showing the significant social impact of the exploit Here Together, in the past year and into the future. \r\n\r\nREFERENCES:\r\n\r\n### Project Info\r\n[FAQs](https://gettriforce.link/faq)\r\n[Credits](https://gettriforce.link/credits)\r\n[Retro Game Mechanics Explained explainer video, contents used with permission from IsoFrieze](https://www.youtube.com/watch?v=qBK1sq1BQ2Q)\r\n\r\n## Source code\r\n[Triforce% Source code release](https://github.com/triforce-percent/triforce-percent)\r\n\r\n### Articles posted about Triforce%\r\n[Ars Technica](https://arstechnica.com/gaming/2022/07/how-zelda-fans-changed-the-ending-to-ocarina-of-time-on-a-vanilla-n64/)\r\n[Forever Classic Games](https://foreverclassicgames.com/news/2022/7/tasbot-summer-games-done-quick-sgdq2022-zelda-link-triforce)\r\n[Zelda Dungeon](https://www.zeldadungeon.net/ocarina-of-time-speedrunners-obtain-the-triforce-in-wild-beta-showcase/)\r\n[Zelda Universe](https://zeldauniverse.net/2022/07/05/games-done-quick-features-astonishing-ocarina-of-time-beta-demonstration/)\r\n[PC Gamer](https://www.pcgamer.com/this-zelda-speedrun-built-on-urban-legends-is-an-all-time-gaming-moment/)\r\n[NintendoLife](https://www.nintendolife.com/news/2022/07/watch-this-insane-triforcepercent-speedrun-turns-zelda-ocarina-of-time-into-breath-of-the-wild)\r\n[GoNintendo](https://gonintendo.com/contents/5979-speedrunning-trick-turns-zelda-ocarina-of-time-into-breath-of-the-wild)\r\n\r\n### Setup info\r\n[Savestate’s notes on how to do the setup by hand](https://docs.google.com/document/d/1fglILK3PdZoT1uISGMJKzsm-wZ2tP5652ayjR86QNDU)\r\n[BizHawk savestate of gz macro to do setup](https://drive.google.com/file/d/1tbG5TcfgXAnaxGnA_DubNcAtJR--wCeb/view?usp=sharing)\r\n[BizHawk build needed for compatibility with that savestate](https://drive.google.com/file/d/1K_LOyQX2MRTDOEASBbHPHltTcMB1ZDdm/view?usp=sharing)\r\n\r\n### Raw video and photo assets for Triforce%:\r\n[Clean run video (for taking footage from)](https://www.youtube.com/watch?v=PZNywtNOe9U)\r\n[HD partial run video (for taking screenshots for branding)](https://www.youtube.com/watch?v=NNRqK1AQ_VY)\r\n[HD screenshots folder](https://drive.google.com/drive/folders/1uA5L-3pM1gBm_FDIDFX9zB5qrqo1Q1Cv?usp=sharing)\r\n\r\n### Partner and reactor links\r\n[SwankyBox](https://www.youtube.com/watch?v=1_RighmL04g)\r\n[Hard4Games](https://www.youtube.com/watch?v=f9cCtRYMKm4)\r\n[HMK](https://www.youtube.com/watch?v=mk1WwOu_AQQ) ([Interview](https://www.youtube.com/watch?v=buy6EcI2NKc))\r\n[TetraBitGaming](https://www.youtube.com/watch?v=gJ1hSMClhMI)\r\n\r\n### OST Published By SiIvaGunner\r\n[YouTube](https://www.youtube.com/watch?v=E1OYYi2Vzro&list=PLL0CQjrcN8D3qRiR5WUL5l_bPo2sIzdfr&index=155)\r\n[SoundCloud](https://soundcloud.com/sauraen/sets/triforce-percent)\r\n[SiIvaGunner wiki page](https://siivagunner.fandom.com/wiki/Triforce%25_SGDQ_Run)\r\n[SiIvaGunner joke explanations](https://gettriforce.link/siiva_jokes)\r\n\r\n## Credits\r\nThe primary director of Triforce% was Sauraen with Savestate as the human speedrunner and dwangoAC as the Producer; over two dozen people contributed, with full credits listed at https://gettriforce.link/credits","end_timestamp":{"seconds":1691801100,"nanoseconds":0},"updated_timestamp":{"seconds":1687137780,"nanoseconds":0},"speakers":[{"content_ids":[50568],"conference_id":96,"event_ids":[50854],"name":"Allan \"dwangoAC\" Cecil","affiliations":[{"organization":"TASBot","title":"Founder and BDFL"}],"pronouns":"he/him","links":[{"description":"","title":"Discord","sort_order":0,"url":"https://Discord.gg/TASBot"},{"description":"","title":"Twitch","sort_order":0,"url":"https://Twitch.tv/dwangoAC"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/MrTASBot"},{"description":"","title":"Website","sort_order":0,"url":"https://TAS.Bot"},{"description":"","title":"YouTube","sort_order":0,"url":"https://YouTube.com/dwangoAC"}],"media":[],"id":49786,"title":"Founder and BDFL at TASBot"}],"timeband_id":990,"end":"2023-08-12T00:45:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245739"}],"id":50854,"begin_timestamp":{"seconds":1691798400,"nanoseconds":0},"village_id":null,"tag_ids":[45592,45648,45844],"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49786}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45666,"name":"Harrah's - Nevada Ballroom - Lake Tahoe & Reno - War Stories - On the Record","hotel":"","short_name":"War Stories - On the Record","id":45801},"updated":"2023-06-19T01:23:00.000-0000","begin":"2023-08-12T00:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In recent years, the use of internet-connected devices has become more prevalent in the healthcare sector, particularly as a means to communicate patient data. Therefore, it is essential that security testing is carried out against these devices to identify misconfigurations that could cause a severe impact, such as the prescription of incorrect drugs.\r\n\r\nModern healthcare protocols such as FHIR (Fast Healthcare Interoperability Resources) use the HTTP protocol to communicate, making security testing relatively straightforward. However, the use of older protocols such as HL7 (Health Level Seven) is more widespread across medical devices in the industry. These protocols are bespoke and difficult to read or intercept using current commercial and open-source security tooling, making testing of these devices challenging and cumbersome.\r\n\r\nTo address this challenge, I have developed a tool (HL7Magic) to provide security testers with an easier method of intercepting and changing HL7 messages sent to and from medical devices. This tool was created for the purpose of being integrated into Burp Suite as an extension, although it can exist independently.\r\n\r\nAfter talking about how the HL7Magic was created, I will give a short demonstration using the tool for security research purpose or to identify existing CVE’s across your estate. HL7Magic will be open sourced and collaborations to improve it further will be welcomed.\r\n\r\nREFERENCES: \r\n\r\nForescout - Connected Medical Device Security: https://www.forescout.com/resources/connected-medical-device-security-a-deep-dive-into-healthcare-networks/\r\n\r\nDallas Haselhorst - HL7 Medical Attacking and Defending: https://linuxincluded.com/hl7-medical-attacking-defending/\r\n\r\nAnirudh Duggal - Understanding HL7 2.X Standards, Pen Testing and Defending HL7 2.X Messages: https://www.youtube.com/watch?v=MR7cH44fjrc\r\n \r\nSaurabh Harit - Breaking Bad: Stealing Patient Data Through Medical Devices: https://www.blackhat.com/docs/eu-17/materials/eu-17-Harit-Breaking-Bad-Stealing-Patient-Data-Through-Medical-Devices.pdf\r\n \r\nChristian Dameff, Maxwell Bland, Kirill Levchenko, Jeff Tully - Pestilential Protocol: How Unsecure HL7 Messages Threaten Patient Lives: https://i.blackhat.com/us-18/Thu-August-9/us-18-Dameff-Pestilential-Protocol-How-Unsecure-HL7-Messages-Threaten-Patient-Lives-wp.pdf\r\n \r\nHL7apy: https://crs4.github.io/hl7apy/tutorial/index.html#\n\n\n","title":"HL7Magic: Medical Data Hacking Made Easy","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691799600,"nanoseconds":0},"android_description":"In recent years, the use of internet-connected devices has become more prevalent in the healthcare sector, particularly as a means to communicate patient data. Therefore, it is essential that security testing is carried out against these devices to identify misconfigurations that could cause a severe impact, such as the prescription of incorrect drugs.\r\n\r\nModern healthcare protocols such as FHIR (Fast Healthcare Interoperability Resources) use the HTTP protocol to communicate, making security testing relatively straightforward. However, the use of older protocols such as HL7 (Health Level Seven) is more widespread across medical devices in the industry. These protocols are bespoke and difficult to read or intercept using current commercial and open-source security tooling, making testing of these devices challenging and cumbersome.\r\n\r\nTo address this challenge, I have developed a tool (HL7Magic) to provide security testers with an easier method of intercepting and changing HL7 messages sent to and from medical devices. This tool was created for the purpose of being integrated into Burp Suite as an extension, although it can exist independently.\r\n\r\nAfter talking about how the HL7Magic was created, I will give a short demonstration using the tool for security research purpose or to identify existing CVE’s across your estate. HL7Magic will be open sourced and collaborations to improve it further will be welcomed.\r\n\r\nREFERENCES: \r\n\r\nForescout - Connected Medical Device Security: https://www.forescout.com/resources/connected-medical-device-security-a-deep-dive-into-healthcare-networks/\r\n\r\nDallas Haselhorst - HL7 Medical Attacking and Defending: https://linuxincluded.com/hl7-medical-attacking-defending/\r\n\r\nAnirudh Duggal - Understanding HL7 2.X Standards, Pen Testing and Defending HL7 2.X Messages: https://www.youtube.com/watch?v=MR7cH44fjrc\r\n \r\nSaurabh Harit - Breaking Bad: Stealing Patient Data Through Medical Devices: https://www.blackhat.com/docs/eu-17/materials/eu-17-Harit-Breaking-Bad-Stealing-Patient-Data-Through-Medical-Devices.pdf\r\n \r\nChristian Dameff, Maxwell Bland, Kirill Levchenko, Jeff Tully - Pestilential Protocol: How Unsecure HL7 Messages Threaten Patient Lives: https://i.blackhat.com/us-18/Thu-August-9/us-18-Dameff-Pestilential-Protocol-How-Unsecure-HL7-Messages-Threaten-Patient-Lives-wp.pdf\r\n \r\nHL7apy: https://crs4.github.io/hl7apy/tutorial/index.html#","updated_timestamp":{"seconds":1687137420,"nanoseconds":0},"speakers":[{"content_ids":[50562],"conference_id":96,"event_ids":[50784],"name":"Katie Inns","affiliations":[{"organization":"WithSecure","title":"Security Consultant"}],"pronouns":"she/her","links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/katie-inns/"},{"description":"","title":"Twitter (@J3lly____)","sort_order":0,"url":"https://twitter.com/J3lly____"}],"media":[],"id":49776,"title":"Security Consultant at WithSecure"}],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245733"}],"end":"2023-08-12T00:20:00.000-0000","id":50784,"tag_ids":[45589,45592,45630,45646,45766],"village_id":null,"begin_timestamp":{"seconds":1691798400,"nanoseconds":0},"includes":"Tool 🛠, Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49776}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"updated":"2023-06-19T01:17:00.000-0000","begin":"2023-08-12T00:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In this session we will cover what can be done to secure elections leading up to 2024. With two actual election officials on the panel, plus an expert in software supply chain, we will get to hear strategies on election preparation from different perspectives across the election industry. Panelists will discuss what can be done in preparation of the 2024 election season and how public and public/private partnerships are securing election infrastructure in its entirety. Panelists will discuss what initiatives are directly derivable from recent federal government cyber security initiatives. They will give insight into what each of their industries are doing now and what they plan to do in the future to ensure secure democratic processes. \n\n\n","title":"Election Preparation: 2024","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d653b1","name":"Village Panel","id":45771},"end_timestamp":{"seconds":1691800200,"nanoseconds":0},"android_description":"In this session we will cover what can be done to secure elections leading up to 2024. With two actual election officials on the panel, plus an expert in software supply chain, we will get to hear strategies on election preparation from different perspectives across the election industry. Panelists will discuss what can be done in preparation of the 2024 election season and how public and public/private partnerships are securing election infrastructure in its entirety. Panelists will discuss what initiatives are directly derivable from recent federal government cyber security initiatives. They will give insight into what each of their industries are doing now and what they plan to do in the future to ensure secure democratic processes.","updated_timestamp":{"seconds":1691435700,"nanoseconds":0},"speakers":[{"content_ids":[52322,52333],"conference_id":96,"event_ids":[52617,52606],"name":"Ashlee Benge","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/ashleebenge"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ashlee_benge"},{"description":"","title":"Website","sort_order":0,"url":"https://www.reversinglabs.com"}],"media":[],"id":51529},{"content_ids":[52333],"conference_id":96,"event_ids":[52617],"name":"Jake Braun","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/jake-braun-77372539"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jakehbraun"}],"media":[],"id":51543},{"content_ids":[52323,52333],"conference_id":96,"event_ids":[52607,52617],"name":"John Odum","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/john-odum-0b665a3"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jodum"}],"media":[],"id":51546},{"content_ids":[52325,52328,52333],"conference_id":96,"event_ids":[52612,52617,52609],"name":"Michael Moore","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Link","sort_order":0,"url":"https://azsos.gov/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Secur3Elections"}],"media":[],"id":51552}],"timeband_id":990,"links":[],"end":"2023-08-12T00:30:00.000-0000","id":52617,"tag_ids":[40298,45646,45743,45771],"begin_timestamp":{"seconds":1691796600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51529},{"tag_id":45632,"sort_order":1,"person_id":51543},{"tag_id":45632,"sort_order":1,"person_id":51546},{"tag_id":45632,"sort_order":1,"person_id":51552}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"spans_timebands":"N","begin":"2023-08-11T23:30:00.000-0000","updated":"2023-08-07T19:15:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Join us for a preview screening of the first half of Reality Games, a new feature film about disinformation, deepfakes, AI, and a world where the boundary between reality and fiction bends and then shatters. In the style of Fight Club meets a video game, the movie follows the story of two kids who ruin each others' lives online, exploring how tribalism takes hold. The movie is a work-in-progress screening and will be released in 2024. Hear how their team created an ethical disinformation event during the heart of the pandemic and learned how easy it is to control the narrative.\r\n\r\nAfter the film, join director Michael Morgenstern and ____________________, for a fireside chat. What's coming next with disinformation enhanced by AI? How does tribalism form? How can experiential storytelling be used to modify our existing meta-narratives? How will we operate in a world where reality has broken down?\n\n\n","title":"Film screening: Reality Games Using film and interactive storytelling to inoculate against the disinformation tsunami:","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"Join us for a preview screening of the first half of Reality Games, a new feature film about disinformation, deepfakes, AI, and a world where the boundary between reality and fiction bends and then shatters. In the style of Fight Club meets a video game, the movie follows the story of two kids who ruin each others' lives online, exploring how tribalism takes hold. The movie is a work-in-progress screening and will be released in 2024. Hear how their team created an ethical disinformation event during the heart of the pandemic and learned how easy it is to control the narrative.\r\n\r\nAfter the film, join director Michael Morgenstern and ____________________, for a fireside chat. What's coming next with disinformation enhanced by AI? How does tribalism form? How can experiential storytelling be used to modify our existing meta-narratives? How will we operate in a world where reality has broken down?","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691284440,"nanoseconds":0},"speakers":[{"content_ids":[52267],"conference_id":96,"event_ids":[52531],"name":"Michael Morgenstern","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51508}],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52531,"tag_ids":[40305,45645,45646,45743],"begin_timestamp":{"seconds":1691796600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51508}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 224 - Misinfo Village","hotel":"","short_name":"Summit - 224 - Misinfo Village","id":45856},"begin":"2023-08-11T23:30:00.000-0000","updated":"2023-08-06T01:14:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"Intro to Ciphers","android_description":"","end_timestamp":{"seconds":1691797500,"nanoseconds":0},"updated_timestamp":{"seconds":1691026020,"nanoseconds":0},"speakers":[{"content_ids":[52022,52029,52030,52031,52037,52040,52043],"conference_id":96,"event_ids":[52238,52247,52246,52245,52253,52259,52256,52260,52261,52262],"name":"CPV Staff","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51254}],"timeband_id":990,"links":[],"end":"2023-08-11T23:45:00.000-0000","id":52260,"village_id":null,"tag_ids":[40308,45647,45719,45743],"begin_timestamp":{"seconds":1691796600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51254}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset - Vista - Crypto & Privacy Village","hotel":"","short_name":"Sunset - Vista - Crypto & Privacy Village","id":45702},"spans_timebands":"N","begin":"2023-08-11T23:30:00.000-0000","updated":"2023-08-03T01:27:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Anaotomy of the Top 10 Cybersecurity Terrain for Critical Infrastructure","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691798400,"nanoseconds":0},"updated_timestamp":{"seconds":1690422780,"nanoseconds":0},"speakers":[{"content_ids":[51482],"conference_id":96,"event_ids":[51638],"name":"Mars Cheng","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50558}],"timeband_id":990,"links":[],"end":"2023-08-12T00:00:00.000-0000","id":51638,"begin_timestamp":{"seconds":1691796600,"nanoseconds":0},"village_id":null,"tag_ids":[40306,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50558}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 313-319 - ICS Village","hotel":"","short_name":"Alliance - 313-319 - ICS Village","id":45869},"spans_timebands":"N","updated":"2023-07-27T01:53:00.000-0000","begin":"2023-08-11T23:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Nosy Cops: Exposing the Hidden Potential of Police Radio","end_timestamp":{"seconds":1691799300,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1689552960,"nanoseconds":0},"speakers":[{"content_ids":[51302],"conference_id":96,"event_ids":[51364],"name":"sally, who makes yachts","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@sally_yachts"}],"media":[],"id":50466}],"timeband_id":990,"links":[],"end":"2023-08-12T00:15:00.000-0000","id":51364,"tag_ids":[40293,45645,45649,45743],"village_id":59,"begin_timestamp":{"seconds":1691796600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50466}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social B and C - Recon Village","hotel":"","short_name":"Social B and C - Recon Village","id":45737},"spans_timebands":"N","begin":"2023-08-11T23:30:00.000-0000","updated":"2023-07-17T00:16:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"We all need to sleep and having sleep apnea sucks. Sleep apnea diagnoses have become more prevalent among our society. The continuous positive airway pressure or CPAP equipment, like the Phillips Dreamstation, helps individuals with sleep apnea by providing a regulated air stream into their respiratory system. Problem is sometimes these medical devices have manufacturer recalls \r\n\r\nhttps://www.usa.philips.com/healthcare/e/sleep/communications/src-update and the main concern around the recalls are due to the increased risk of getting much sicker while using the devices, usually due to the reduced manufacturing costs per component within medical devices. This talk focuses on the Philips Dreamstation device that is part of an on-going recall. This talk will cover a simple tear down and analysis of the device components and will also cover the CPAP firmware scene where hackers homebrew and modify firmware to help them and their friends get sleep across CPAP devices.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"My CPAP has a recall, lets open it instead!","android_description":"We all need to sleep and having sleep apnea sucks. Sleep apnea diagnoses have become more prevalent among our society. The continuous positive airway pressure or CPAP equipment, like the Phillips Dreamstation, helps individuals with sleep apnea by providing a regulated air stream into their respiratory system. Problem is sometimes these medical devices have manufacturer recalls \r\n\r\nhttps://www.usa.philips.com/healthcare/e/sleep/communications/src-update and the main concern around the recalls are due to the increased risk of getting much sicker while using the devices, usually due to the reduced manufacturing costs per component within medical devices. This talk focuses on the Philips Dreamstation device that is part of an on-going recall. This talk will cover a simple tear down and analysis of the device components and will also cover the CPAP firmware scene where hackers homebrew and modify firmware to help them and their friends get sleep across CPAP devices.","end_timestamp":{"seconds":1691799600,"nanoseconds":0},"updated_timestamp":{"seconds":1689115920,"nanoseconds":0},"speakers":[{"content_ids":[51044],"conference_id":96,"event_ids":[51076],"name":"José Fernández","affiliations":[{"organization":"CompSec Direct","title":"President"}],"links":[],"pronouns":null,"media":[],"id":50229,"title":"President at CompSec Direct"}],"timeband_id":990,"links":[],"end":"2023-08-12T00:20:00.000-0000","id":51076,"begin_timestamp":{"seconds":1691796600,"nanoseconds":0},"village_id":68,"tag_ids":[45645,45647,45717],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50229}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Laughlin I,II,III - Biohacking Village","hotel":"","short_name":"Laughlin I,II,III - Biohacking Village","id":45663},"updated":"2023-07-11T22:52:00.000-0000","begin":"2023-08-11T23:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The future isn’t certain, nor is the continued access to our compromised endpoints. At some point, every red team operator faces the gut-wrenching event of losing command and control (C2) access. This often occurs when post exploitation activity is detected and associated to the C2 process and channel. Further link analysis may lead to the discovery of other compromised endpoints, secondary C2, and compromised credentials. Needless to say, a single mistake can cause a huge disruption in access and even lead to the detriment of the entire engagement.\r\n \r\nThis talk will present and demonstrate the methodologies and techniques built into Obligato, a covert implant tasking and communications framework, designed with the primary objectives of breaking process chaining events, disassociating network communication from the implant, providing a means for maintaining or regaining access, and evading dynamic analysis.\r\n\r\nTechnical information will be explained and demonstrated at both high and low levels, so prior knowledge is not required. However, to get the most out of the talk, attendees are encouraged to have a basic understanding of general Windows architecture, networking, and programming concepts. \r\n\r\nREFERENCES: \r\n[1] Pyle, Ned. “The Beginning of the End of Remote Mailslots.” Tech Community, Microsoft, 8 Mar. 2023, https://techcommunity.microsoft.com/t5/storage-at-microsoft/the-beginning-of-the-end-of-remote-mailslots/ba-p/3762048.\r\n \r\n[2] Corporation, Microsoft. “[MS-Mail]: Remote Mailslot Protocol.” [MS-MAIL], Microsoft, 25 June 2021, https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-MAIL/[MS-MAIL].pdf.\r\n \r\n[3] Aggarwal, Avnish. “PROTOCOL STANDARD FOR A NetBIOS SERVICE.” IETF, RFC Editor, Mar. 1987, https://datatracker.ietf.org/doc/html/rfc1001.\r\n \r\n[4] ATT&CK, MITRE. “Enterprise Techniques.” Techniques - Enterprise ,\r\nMITRE ATT&CK, MITRE ATTCK, 25 Oct. 2022, https://attack.mitre.org/techniques/enterprise/.\r\n \r\n[5] Yosifovich, Author Pavel. “Parent Process vs. Creator Process.” Pavel Yosifovich, 10 Jan. 2021, https://scorpiosoftware.net/2021/01/10/parent-process-vs-creator-process/.\r\n \r\n[6] Schwarz, Roland. “Thread Local Storage - the C++ WAY.” CodeProject, CodeProject, 28 Aug. 2004, https://www.codeproject.com/Articles/8113/Thread-Local-Storage-The-C-Way.\r\n \r\n[7] The Chromium Authors. “Chromium/thread_local_storage_win.Cc at Main · Chromium/Chromium.” GitHub, The Chromium Project, Jan. 2012, https://github.com/chromium/chromium/blob/main/base/threading/thread_local_storage_win.cc.\r\n \r\n[8] timb3r. “How to Find Hidden Threads - Threadhidefromdebugger - Antidebug Trick.” How to Find Hidden Threads - ThreadHideFromDebugger - AntiDebug Trick, Guided Hacking, 27 Dec. 2019, https://guidedhacking.com/threads/how-to-find-hidden-threads-threadhidefromdebugger-antidebug-trick.14281/.\r\n \r\n[9] Chappell, Geoff. “THREADINFOCLASS.” Threadinfoclass, Jan. 1997, https://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/ps/psquery/class.htm.\r\n \r\n[10] GrantMeStrength. “GetMailslotInfo Function (Winbase.h) - win32 Apps.” Win32 Apps ,\r\nMicrosoft Learn, 10 Oct. 2021, https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-getmailslotinfo.\r\n \r\n[11] Alvinashcraft. “Impersonation Tokens - win32 Apps.” Win32 Apps ,\r\nMicrosoft Learn, 1 July 2021, https://learn.microsoft.com/en-us/windows/win32/secauthz/impersonation-tokens.\r\n \r\n[12] GrantMeStrength. “CreateProcessWithTokenW Function (Winbase.h) - win32 Apps.” Win32 Apps ,\r\nMicrosoft Learn, 2 Jan. 2023, https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createprocesswithtokenw.\r\n \r\n[13] QuinnRadich. “WTSQUERYUSERTOKEN Function (WTSAPI32.H) - win32 Apps.” Win32 Apps ,\r\nMicrosoft Learn, 10 Dec. 2021, https://learn.microsoft.com/en-us/windows/win32/api/wtsapi32/nf-wtsapi32-wtsqueryusertoken.\r\n \r\n[14] Karl-Bridge-Microsoft. “PEB (Winternl.h) - win32 Apps.” PEB (Winternl.h) - Win32 Apps ,\r\nMicrosoft Learn, 31 Aug. 2022, https://learn.microsoft.com/en-us/windows/win32/api/winternl/ns-winternl-peb.\r\n \r\n[15] Yosifovich, Pavel. Windows 10 System Programming Part 1. Independently Published.\r\n \r\n[16] Yosifovich, Pavel. Windows 10 System Programming Part 2. Independently Published.\n\n\n","title":"Malware design - abusing legacy Microsoft transports and session architecture","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691799300,"nanoseconds":0},"android_description":"The future isn’t certain, nor is the continued access to our compromised endpoints. At some point, every red team operator faces the gut-wrenching event of losing command and control (C2) access. This often occurs when post exploitation activity is detected and associated to the C2 process and channel. Further link analysis may lead to the discovery of other compromised endpoints, secondary C2, and compromised credentials. Needless to say, a single mistake can cause a huge disruption in access and even lead to the detriment of the entire engagement.\r\n \r\nThis talk will present and demonstrate the methodologies and techniques built into Obligato, a covert implant tasking and communications framework, designed with the primary objectives of breaking process chaining events, disassociating network communication from the implant, providing a means for maintaining or regaining access, and evading dynamic analysis.\r\n\r\nTechnical information will be explained and demonstrated at both high and low levels, so prior knowledge is not required. However, to get the most out of the talk, attendees are encouraged to have a basic understanding of general Windows architecture, networking, and programming concepts. \r\n\r\nREFERENCES: \r\n[1] Pyle, Ned. “The Beginning of the End of Remote Mailslots.” Tech Community, Microsoft, 8 Mar. 2023, https://techcommunity.microsoft.com/t5/storage-at-microsoft/the-beginning-of-the-end-of-remote-mailslots/ba-p/3762048.\r\n \r\n[2] Corporation, Microsoft. “[MS-Mail]: Remote Mailslot Protocol.” [MS-MAIL], Microsoft, 25 June 2021, https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-MAIL/[MS-MAIL].pdf.\r\n \r\n[3] Aggarwal, Avnish. “PROTOCOL STANDARD FOR A NetBIOS SERVICE.” IETF, RFC Editor, Mar. 1987, https://datatracker.ietf.org/doc/html/rfc1001.\r\n \r\n[4] ATT&CK, MITRE. “Enterprise Techniques.” Techniques - Enterprise ,\r\nMITRE ATT&CK, MITRE ATTCK, 25 Oct. 2022, https://attack.mitre.org/techniques/enterprise/.\r\n \r\n[5] Yosifovich, Author Pavel. “Parent Process vs. Creator Process.” Pavel Yosifovich, 10 Jan. 2021, https://scorpiosoftware.net/2021/01/10/parent-process-vs-creator-process/.\r\n \r\n[6] Schwarz, Roland. “Thread Local Storage - the C++ WAY.” CodeProject, CodeProject, 28 Aug. 2004, https://www.codeproject.com/Articles/8113/Thread-Local-Storage-The-C-Way.\r\n \r\n[7] The Chromium Authors. “Chromium/thread_local_storage_win.Cc at Main · Chromium/Chromium.” GitHub, The Chromium Project, Jan. 2012, https://github.com/chromium/chromium/blob/main/base/threading/thread_local_storage_win.cc.\r\n \r\n[8] timb3r. “How to Find Hidden Threads - Threadhidefromdebugger - Antidebug Trick.” How to Find Hidden Threads - ThreadHideFromDebugger - AntiDebug Trick, Guided Hacking, 27 Dec. 2019, https://guidedhacking.com/threads/how-to-find-hidden-threads-threadhidefromdebugger-antidebug-trick.14281/.\r\n \r\n[9] Chappell, Geoff. “THREADINFOCLASS.” Threadinfoclass, Jan. 1997, https://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/ps/psquery/class.htm.\r\n \r\n[10] GrantMeStrength. “GetMailslotInfo Function (Winbase.h) - win32 Apps.” Win32 Apps ,\r\nMicrosoft Learn, 10 Oct. 2021, https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-getmailslotinfo.\r\n \r\n[11] Alvinashcraft. “Impersonation Tokens - win32 Apps.” Win32 Apps ,\r\nMicrosoft Learn, 1 July 2021, https://learn.microsoft.com/en-us/windows/win32/secauthz/impersonation-tokens.\r\n \r\n[12] GrantMeStrength. “CreateProcessWithTokenW Function (Winbase.h) - win32 Apps.” Win32 Apps ,\r\nMicrosoft Learn, 2 Jan. 2023, https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createprocesswithtokenw.\r\n \r\n[13] QuinnRadich. “WTSQUERYUSERTOKEN Function (WTSAPI32.H) - win32 Apps.” Win32 Apps ,\r\nMicrosoft Learn, 10 Dec. 2021, https://learn.microsoft.com/en-us/windows/win32/api/wtsapi32/nf-wtsapi32-wtsqueryusertoken.\r\n \r\n[14] Karl-Bridge-Microsoft. “PEB (Winternl.h) - win32 Apps.” PEB (Winternl.h) - Win32 Apps ,\r\nMicrosoft Learn, 31 Aug. 2022, https://learn.microsoft.com/en-us/windows/win32/api/winternl/ns-winternl-peb.\r\n \r\n[15] Yosifovich, Pavel. Windows 10 System Programming Part 1. Independently Published.\r\n \r\n[16] Yosifovich, Pavel. Windows 10 System Programming Part 2. Independently Published.","updated_timestamp":{"seconds":1687137300,"nanoseconds":0},"speakers":[{"content_ids":[50560],"conference_id":96,"event_ids":[50833],"name":"R.J. \"BeetleChunks\" McDown","affiliations":[{"organization":"","title":"Principal Red Teamer"}],"pronouns":null,"links":[{"description":"","title":"Github","sort_order":0,"url":"https://github.com/BeetleChunks"},{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/robert-mcdown-210aa668/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/BeetleChunks"}],"media":[],"id":49771,"title":"Principal Red Teamer"}],"timeband_id":990,"end":"2023-08-12T00:15:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245731"}],"id":50833,"tag_ids":[45589,45592,45630,45646,45766],"village_id":null,"begin_timestamp":{"seconds":1691796600,"nanoseconds":0},"includes":"Tool 🛠, Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49771}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 407-410 - Track 4","hotel":"","short_name":"Academy - 407-410 - Track 4","id":45799},"spans_timebands":"N","updated":"2023-06-19T01:15:00.000-0000","begin":"2023-08-11T23:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"TLS is the de facto way of securing network connections. It provides an easy way of ensuring confidentiality, integrity and authentication for any type of communication. However, like most things in life, this is also too good to be true.\r\n\r\nTLS allows communicating parties to uniquely authenticate each other by validating each other's certificate. However, many TLS libraries and frameworks have insecure default settings or allow for the developers to skip important aspects of certificate validation in their client implementations.\r\n\r\nThis talk explores issues in TLS client certificate validation and the underlying reasons why developers still fail to implement TLS correctly. Most importantly, we hack all the things with a new TLS mitm tool: certmitm.\r\n\r\ncertmitm automatically discovers and exploits insecure certificate validation vulnerabilities in TLS clients. Let's use the tool to hack iOS, Windows 11 and more while we deep dive into the world of insecure TLS certificate validation.\r\n\r\nREFERENCES:\r\n\r\nMy previous TLS talks:\r\nHelSec 20 - Practical attacks against modern TLS implementations - Aapo Oksman: https://www.youtube.com/watch?v=NCm16vLfD60\r\n\r\nDisobey 2023 - Your connection is not private Exploiting insecure certificate validation in TLS clients - Aapo Oksman: https://www.youtube.com/watch?v=vZvL6ZRiKls\r\n\r\nMoxie Marlinspikes work in SSL/TLS:\r\nDEF CON 17 - Moxie Marlinspike - More Tricks for Defeating SSL: https://www.youtube.com/watch?v=5dhSN9aEljg\r\nDEF CON 19 - Moxie Marlinspike - SSL And The Future Of Authenticity: https://www.youtube.com/watch?v=UawS3_iuHoA\r\n\r\nScientific publications:\r\nGeorgiev, Martin, et al. \"The most dangerous code in the world: validating SSL certificates in non-browser software.\" Proceedings of the 2012 ACM conference on Computer and communications security. 2012.\r\nAkhawe, Devdatta, et al. \"Here's my cert, so trust me, maybe? Understanding TLS errors on the web.\" Proceedings of the 22nd international conference on World Wide Web. 2013.\r\nHuang, Lin Shung, et al. \"Analyzing forged SSL certificates in the wild.\" 2014 IEEE Symposium on Security and Privacy. IEEE, 2014.\r\n\r\nSivakorn, Suphannee, et al. \"HVLearn: Automated black-box analysis of hostname verification in SSL/TLS implementations.\" 2017 IEEE Symposium on Security and Privacy (SP). IEEE, 2017.\r\nAlghamdi, Khalid, et al. \"Iotverif: An automated tool to verify ssl/tls certificate validation in android mqtt client applications.\" Proceedings of the Eighth ACM Conference on data and application security and privacy. 2018.\n\n\n","title":"certmitm: automatic exploitation of TLS certificate validation vulnerabilities","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691799300,"nanoseconds":0},"android_description":"TLS is the de facto way of securing network connections. It provides an easy way of ensuring confidentiality, integrity and authentication for any type of communication. However, like most things in life, this is also too good to be true.\r\n\r\nTLS allows communicating parties to uniquely authenticate each other by validating each other's certificate. However, many TLS libraries and frameworks have insecure default settings or allow for the developers to skip important aspects of certificate validation in their client implementations.\r\n\r\nThis talk explores issues in TLS client certificate validation and the underlying reasons why developers still fail to implement TLS correctly. Most importantly, we hack all the things with a new TLS mitm tool: certmitm.\r\n\r\ncertmitm automatically discovers and exploits insecure certificate validation vulnerabilities in TLS clients. Let's use the tool to hack iOS, Windows 11 and more while we deep dive into the world of insecure TLS certificate validation.\r\n\r\nREFERENCES:\r\n\r\nMy previous TLS talks:\r\nHelSec 20 - Practical attacks against modern TLS implementations - Aapo Oksman: https://www.youtube.com/watch?v=NCm16vLfD60\r\n\r\nDisobey 2023 - Your connection is not private Exploiting insecure certificate validation in TLS clients - Aapo Oksman: https://www.youtube.com/watch?v=vZvL6ZRiKls\r\n\r\nMoxie Marlinspikes work in SSL/TLS:\r\nDEF CON 17 - Moxie Marlinspike - More Tricks for Defeating SSL: https://www.youtube.com/watch?v=5dhSN9aEljg\r\nDEF CON 19 - Moxie Marlinspike - SSL And The Future Of Authenticity: https://www.youtube.com/watch?v=UawS3_iuHoA\r\n\r\nScientific publications:\r\nGeorgiev, Martin, et al. \"The most dangerous code in the world: validating SSL certificates in non-browser software.\" Proceedings of the 2012 ACM conference on Computer and communications security. 2012.\r\nAkhawe, Devdatta, et al. \"Here's my cert, so trust me, maybe? Understanding TLS errors on the web.\" Proceedings of the 22nd international conference on World Wide Web. 2013.\r\nHuang, Lin Shung, et al. \"Analyzing forged SSL certificates in the wild.\" 2014 IEEE Symposium on Security and Privacy. IEEE, 2014.\r\n\r\nSivakorn, Suphannee, et al. \"HVLearn: Automated black-box analysis of hostname verification in SSL/TLS implementations.\" 2017 IEEE Symposium on Security and Privacy (SP). IEEE, 2017.\r\nAlghamdi, Khalid, et al. \"Iotverif: An automated tool to verify ssl/tls certificate validation in android mqtt client applications.\" Proceedings of the Eighth ACM Conference on data and application security and privacy. 2018.","updated_timestamp":{"seconds":1690562040,"nanoseconds":0},"speakers":[{"content_ids":[50643],"conference_id":96,"event_ids":[50820],"name":"Aapo Oksman","affiliations":[{"organization":"Nixu Corporation","title":"Senior Security Specialist"}],"links":[],"pronouns":"he/him","media":[],"id":49918,"title":"Senior Security Specialist at Nixu Corporation"}],"timeband_id":990,"end":"2023-08-12T00:15:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246096"}],"id":50820,"village_id":null,"begin_timestamp":{"seconds":1691796600,"nanoseconds":0},"tag_ids":[45589,45592,45629,45630,45646,45766],"includes":"Exploit 🪲, Demo 💻, Tool 🛠","people":[{"tag_id":45590,"sort_order":1,"person_id":49918}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 130-134 - Track 3","hotel":"","short_name":"Forum - 130-134 - Track 3","id":45798},"spans_timebands":"N","updated":"2023-07-28T16:34:00.000-0000","begin":"2023-08-11T23:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"As the majority of malware contains networking capabilities, it is well understood that detecting unauthorized network access is a powerful detection heuristic. However, while the concepts of network traffic analysis and monitoring to detect malicious code are well established and widely implemented on platforms such as Windows, there remains a dearth of such capabilities on macOS.\r\n\r\nThis talk aims to remedy this situation by delving deeply into a myriad of programmatic approaches capable of enumerating network state, statistics, and traffic, directly on a macOS host. We will showcase open-source implementations of relatively overlooked low-level APIs, private frameworks, and user-mode extensions that provide insight into all networking activity. And, by leveraging these techniques, you will learn how to efficiently and generically detect both known and unknown threats targeting macOS! \r\n\r\nREFERENCES:\r\n- J. Levin http://newosxbook.com/src.jl?tree=listings&file=netbottom.c\r\n- P. Wardle https://objective-see.org/blog/blog_0x72.html\r\n- Will Yu / Elastic https://www.elastic.co/blog/mac-system-extensions-for-threat-detection-part-3\n\n\n","title":"Nothing but Net: Leveraging macOS's Networking Frameworks to Heuristically Detect Malware","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"android_description":"As the majority of malware contains networking capabilities, it is well understood that detecting unauthorized network access is a powerful detection heuristic. However, while the concepts of network traffic analysis and monitoring to detect malicious code are well established and widely implemented on platforms such as Windows, there remains a dearth of such capabilities on macOS.\r\n\r\nThis talk aims to remedy this situation by delving deeply into a myriad of programmatic approaches capable of enumerating network state, statistics, and traffic, directly on a macOS host. We will showcase open-source implementations of relatively overlooked low-level APIs, private frameworks, and user-mode extensions that provide insight into all networking activity. And, by leveraging these techniques, you will learn how to efficiently and generically detect both known and unknown threats targeting macOS! \r\n\r\nREFERENCES:\r\n- J. Levin http://newosxbook.com/src.jl?tree=listings&file=netbottom.c\r\n- P. Wardle https://objective-see.org/blog/blog_0x72.html\r\n- Will Yu / Elastic https://www.elastic.co/blog/mac-system-extensions-for-threat-detection-part-3","end_timestamp":{"seconds":1691799300,"nanoseconds":0},"updated_timestamp":{"seconds":1687140300,"nanoseconds":0},"speakers":[{"content_ids":[50558,50607],"conference_id":96,"event_ids":[50773,50783],"name":"Patrick Wardle","affiliations":[{"organization":"Objective-See Foundation","title":""}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/patrickwardle"},{"description":"","title":"Website","sort_order":0,"url":"https://objective-see.org"}],"media":[],"id":49769,"title":"Objective-See Foundation"}],"timeband_id":990,"end":"2023-08-12T00:15:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245778"}],"id":50773,"village_id":null,"begin_timestamp":{"seconds":1691796600,"nanoseconds":0},"tag_ids":[45589,45592,45630,45646,45766],"includes":"Tool 🛠, Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49769}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 105,135,136 - Track 1","hotel":"","short_name":"Forum - 105,135,136 - Track 1","id":45796},"spans_timebands":"N","updated":"2023-06-19T02:05:00.000-0000","begin":"2023-08-11T23:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"David Joseph will argue for the proposition Troy Mills will argue against the proposition. \n\n\n","title":"Debate: The Quantum Village believes individual citizen privacy will be enhanced with the fielding of new quantum technologies.","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691797500,"nanoseconds":0},"android_description":"David Joseph will argue for the proposition Troy Mills will argue against the proposition.","updated_timestamp":{"seconds":1691795640,"nanoseconds":0},"speakers":[{"content_ids":[52411],"conference_id":96,"event_ids":[52707],"name":"David Joseph","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51426},{"content_ids":[52411],"conference_id":96,"event_ids":[52707],"name":"Troy Mills","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51631}],"timeband_id":990,"links":[],"end":"2023-08-11T23:45:00.000-0000","id":52707,"village_id":null,"tag_ids":[40291,45645,45743],"begin_timestamp":{"seconds":1691794800,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51426},{"tag_id":45590,"sort_order":1,"person_id":51631}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Quantum Village","hotel":"","short_name":"Quantum Village","id":45741},"updated":"2023-08-11T23:14:00.000-0000","begin":"2023-08-11T23:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Glad Scientist (Daniel Sabio) is a Puerto Rican conceptual new media artist and creative technologist living and working in Barcelona, ES.\r\n\r\nMost well-known for their audiovisual performances, their work ranges from VR modular synth performances and multichannel sound installations to brain/heart controlled artworks and video game experiences, with the chosen medium being a reflection of the concept.\r\n\r\nFor nearly 10 years, the artist’s work has been welcomed at diverse festivals including Ars Electronica, ISEA, SXSW, Bass Coast, VRHAM!, FILE, LEV, and DreamHack, among others. It has been awarded placement in Oculus Launchpad, Art Omi: Music Fellowship, Berlin Sessions Residency, UNCSA METL Immersive Storytelling Residency, ARTnSHELTER Residency, and Zoo Labs Music Accelerator.\r\n\r\nAs a local organizer they founded Art in Tech Atlanta and are a founding member of Volta Laboratory Social Club, a music label and cornerstone in the Atlanta underground music scene. They have been invited to speak at Google DevFest, IAM Weekend, Chaos Communication Congress, and Tate Modern.\r\n\r\nIn professional realms they are a former member of Envoy Chicago (Leviathan), Cosmic Lab in Osaka, IMRSV in Berlin, and contribute as needed to Ommatidium Studios in Edmonton.\n\n\n","title":"Glad Scientist | Village Vibes Immersive Performance, a data-driven real time audiovisual VR performance","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"android_description":"The Glad Scientist (Daniel Sabio) is a Puerto Rican conceptual new media artist and creative technologist living and working in Barcelona, ES.\r\n\r\nMost well-known for their audiovisual performances, their work ranges from VR modular synth performances and multichannel sound installations to brain/heart controlled artworks and video game experiences, with the chosen medium being a reflection of the concept.\r\n\r\nFor nearly 10 years, the artist’s work has been welcomed at diverse festivals including Ars Electronica, ISEA, SXSW, Bass Coast, VRHAM!, FILE, LEV, and DreamHack, among others. It has been awarded placement in Oculus Launchpad, Art Omi: Music Fellowship, Berlin Sessions Residency, UNCSA METL Immersive Storytelling Residency, ARTnSHELTER Residency, and Zoo Labs Music Accelerator.\r\n\r\nAs a local organizer they founded Art in Tech Atlanta and are a founding member of Volta Laboratory Social Club, a music label and cornerstone in the Atlanta underground music scene. They have been invited to speak at Google DevFest, IAM Weekend, Chaos Communication Congress, and Tate Modern.\r\n\r\nIn professional realms they are a former member of Envoy Chicago (Leviathan), Cosmic Lab in Osaka, IMRSV in Berlin, and contribute as needed to Ommatidium Studios in Edmonton.","end_timestamp":{"seconds":1691794800,"nanoseconds":0},"updated_timestamp":{"seconds":1691357100,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-11T23:00:00.000-0000","id":52575,"begin_timestamp":{"seconds":1691794800,"nanoseconds":0},"village_id":null,"tag_ids":[40311,45646,45743,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 206 - XR Village","hotel":"","short_name":"Summit - 206 - XR Village","id":45860},"begin":"2023-08-11T23:00:00.000-0000","updated":"2023-08-06T21:25:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"Intro to Lockpicking","end_timestamp":{"seconds":1691796600,"nanoseconds":0},"android_description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.","updated_timestamp":{"seconds":1691288580,"nanoseconds":0},"speakers":[{"content_ids":[52282],"conference_id":96,"event_ids":[52546,52553,52554,52555,52556,52557,52558],"name":"TOOOL","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51513}],"timeband_id":990,"links":[],"end":"2023-08-11T23:30:00.000-0000","id":52554,"begin_timestamp":{"seconds":1691794800,"nanoseconds":0},"village_id":null,"tag_ids":[40309,45649,45743,45775],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51513}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45753,"name":"LINQ - 5th Floor / BLOQ - Lockpick Village","hotel":"","short_name":"5th Floor / BLOQ - Lockpick Village","id":45873},"updated":"2023-08-06T02:23:00.000-0000","begin":"2023-08-11T23:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Doppelgänger project stemmed from the Raspberry Pi chip shortage, which drove up the cost of RPi Nano W boards, making the cost to repair my team's long-range cloners not feasible. In addition, there were some limitations with existing tooling that I aimed to mitigate.\r\n\r\nThis project intended to accomplish the following:\r\n\r\n1. Use modern/actively supported and hot-swappable CoTS equipment that can easily be replaced.\r\n2. The operator can't enter a comms blackhole while connected to the device.\r\n3. Egress method for notifications, reducing the need to check for card reads while in the middle of an operation.\r\n4. Simplified WebGUI that only displays Bit Length, Facility Code, and Card Number. Option to download the complete data set (e.g., BL, FC, CC, HEX, BIN).\r\n5. Error handling, so the device doesn't log bad reads, EMI, etc.\r\n6. Easy configuration and reset functionality for team use.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Badge Cloning With Doppelgänger","end_timestamp":{"seconds":1691796000,"nanoseconds":0},"android_description":"The Doppelgänger project stemmed from the Raspberry Pi chip shortage, which drove up the cost of RPi Nano W boards, making the cost to repair my team's long-range cloners not feasible. In addition, there were some limitations with existing tooling that I aimed to mitigate.\r\n\r\nThis project intended to accomplish the following:\r\n\r\n1. Use modern/actively supported and hot-swappable CoTS equipment that can easily be replaced.\r\n2. The operator can't enter a comms blackhole while connected to the device.\r\n3. Egress method for notifications, reducing the need to check for card reads while in the middle of an operation.\r\n4. Simplified WebGUI that only displays Bit Length, Facility Code, and Card Number. Option to download the complete data set (e.g., BL, FC, CC, HEX, BIN).\r\n5. Error handling, so the device doesn't log bad reads, EMI, etc.\r\n6. Easy configuration and reset functionality for team use.","updated_timestamp":{"seconds":1691259900,"nanoseconds":0},"speakers":[{"content_ids":[52252],"conference_id":96,"event_ids":[52513],"name":"Travis Weathers","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51488}],"timeband_id":990,"links":[],"end":"2023-08-11T23:20:00.000-0000","id":52513,"tag_ids":[40292,45645,45647,45743],"begin_timestamp":{"seconds":1691794800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51488}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Eldorado - Radio Frequency Village","hotel":"","short_name":"Eldorado - Radio Frequency Village","id":45714},"updated":"2023-08-05T18:25:00.000-0000","begin":"2023-08-11T23:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"SS7 CTF","android_description":"","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691257200,"nanoseconds":0},"speakers":[{"content_ids":[52238,52239,52241,52242],"conference_id":96,"event_ids":[52493,52494,52496,52497,52500,52501],"name":"Zibran Sayyed","affiliations":[{"organization":"","title":"Sr. Security Consultant Telecom"}],"links":[],"pronouns":null,"media":[],"id":51522,"title":"Sr. Security Consultant Telecom"},{"content_ids":[52243,52238,52239,52241,52242],"conference_id":96,"event_ids":[52493,52494,52496,52497,52500,52501,52498],"name":"Akib Sayyed","affiliations":[{"organization":"Matrix Shell Technologies Prviate Limited","title":"Director"}],"links":[],"pronouns":null,"media":[],"id":51524,"title":"Director at Matrix Shell Technologies Prviate Limited"}],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52494,"begin_timestamp":{"seconds":1691794800,"nanoseconds":0},"tag_ids":[40304,45647,45743,45775],"village_id":72,"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":51524},{"tag_id":45633,"sort_order":1,"person_id":51522}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Virginia City - Telecom Village","hotel":"","short_name":"Virginia City - Telecom Village","id":45723},"spans_timebands":"N","begin":"2023-08-11T23:00:00.000-0000","updated":"2023-08-05T17:40:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":".\n\n\nThis is an interactive incident response tabletop workshop in a “game show”-type format. Attendees will work through a crisis response scenario designed exclusively for a live studio audience and will have the opportunity to describe how they might handle progressive stages of an emerging incident. Their responses will be evaluated by our “celebrity” judges who will balance a light tone with meaningful feedback that participants can use both to work through the problem sets presented and to learn to guide their teams through a real IR. Wrong answers allowed and encouraged; all experience and tech levels welcome.","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d653b1","name":"Village Panel","id":45771},"title":"Monroeville Live: An IR Tabletop for the Rest of Us","android_description":".\n\n\nThis is an interactive incident response tabletop workshop in a “game show”-type format. Attendees will work through a crisis response scenario designed exclusively for a live studio audience and will have the opportunity to describe how they might handle progressive stages of an emerging incident. Their responses will be evaluated by our “celebrity” judges who will balance a light tone with meaningful feedback that participants can use both to work through the problem sets presented and to learn to guide their teams through a real IR. Wrong answers allowed and encouraged; all experience and tech levels welcome.","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691245140,"nanoseconds":0},"speakers":[{"content_ids":[51037,52229],"conference_id":96,"event_ids":[51070,52479],"name":"Nina Alli","affiliations":[{"organization":"Biohacking Village","title":"Executive Director"},{"organization":"Thermo Fisher","title":"Regulatory Cybersecurity, Senior Strategist"}],"links":[],"pronouns":null,"media":[],"id":50220,"title":"Regulatory Cybersecurity, Senior Strategist at Thermo Fisher"},{"content_ids":[51054,51056,52229],"conference_id":96,"event_ids":[51086,51088,52479],"name":"Nathan Case","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50235},{"content_ids":[52229],"conference_id":96,"event_ids":[52479],"name":"Matt Mahler","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51450},{"content_ids":[52221,52229],"conference_id":96,"event_ids":[52473,52479],"name":"Litmoose","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51456},{"content_ids":[52229],"conference_id":96,"event_ids":[52479],"name":"Dave Collins","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51457},{"content_ids":[52229,52272],"conference_id":96,"event_ids":[52536,52479],"name":"Shea Nangle","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51463},{"content_ids":[52229],"conference_id":96,"event_ids":[52479],"name":"Gwyddia","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51467}],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52479,"village_id":null,"begin_timestamp":{"seconds":1691794800,"nanoseconds":0},"tag_ids":[40282,45647,45743,45771],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51457},{"tag_id":45590,"sort_order":1,"person_id":51467},{"tag_id":45590,"sort_order":1,"person_id":51456},{"tag_id":45590,"sort_order":1,"person_id":51450},{"tag_id":45590,"sort_order":1,"person_id":50235},{"tag_id":45590,"sort_order":1,"person_id":50220},{"tag_id":45590,"sort_order":1,"person_id":51463}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45645,"name":"Flamingo - Sunset - Scenic - Blue Team Village - Main Stage","hotel":"","short_name":"BTV Main Stage","id":45969},"updated":"2023-08-05T14:19:00.000-0000","begin":"2023-08-11T23:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Following from the success of last year’s Oxford Union-style debates, we bring you two debates this year! Come and hear experts debate, ruminate, and explore the possible futures of our post-quantum world.\r\n\r\n1600 - Debate 1\r\n\r\n1645 - TBC (talk)\r\n\r\n1715 - Debate 2\n\n\n","title":"The Quantum Debates","type":{"conference_id":96,"conference":"DEFCON31","color":"#d653b1","updated_at":"2024-06-07T03:38+0000","name":"Village Panel","id":45771},"android_description":"Following from the success of last year’s Oxford Union-style debates, we bring you two debates this year! Come and hear experts debate, ruminate, and explore the possible futures of our post-quantum world.\r\n\r\n1600 - Debate 1\r\n\r\n1645 - TBC (talk)\r\n\r\n1715 - Debate 2","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691108520,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52429,"village_id":null,"tag_ids":[40291,45649,45743,45771],"begin_timestamp":{"seconds":1691794800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Quantum Village","hotel":"","short_name":"Quantum Village","id":45741},"spans_timebands":"N","updated":"2023-08-04T00:22:00.000-0000","begin":"2023-08-11T23:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This presentation discusses the Cybersecurity challenges faced when evaluating the Transportation Screening Equipment at TSA. It covers at a high level the components seem during an evaluation, what stakeholders of systems should be aware of and how we can improve the security of the systems going forward. The briefing will cover a wide variety of topics related to security testing of the equipment and how it will differ between IT and OT while still maintaining the overall security.\n\n\n","title":"Transportation Screening Equipment Cybersecurity Briefing","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691797800,"nanoseconds":0},"android_description":"This presentation discusses the Cybersecurity challenges faced when evaluating the Transportation Screening Equipment at TSA. It covers at a high level the components seem during an evaluation, what stakeholders of systems should be aware of and how we can improve the security of the systems going forward. The briefing will cover a wide variety of topics related to security testing of the equipment and how it will differ between IT and OT while still maintaining the overall security.","updated_timestamp":{"seconds":1691101200,"nanoseconds":0},"speakers":[{"content_ids":[52154],"conference_id":96,"event_ids":[52384],"name":"Edam Colón","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51409}],"timeband_id":990,"links":[],"end":"2023-08-11T23:50:00.000-0000","id":52384,"village_id":null,"begin_timestamp":{"seconds":1691794800,"nanoseconds":0},"tag_ids":[40280,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51409}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"spans_timebands":"N","begin":"2023-08-11T23:00:00.000-0000","updated":"2023-08-03T22:20:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"As the world becomes increasingly dependent on artificial intelligence and machine learning systems, the need for robust ML security measures is more critical than ever. AI/ML security bug bounty hunting is a specialized field that focuses on identifying vulnerabilities and weaknesses in AI/ML systems to ensure their resilience against potential attacks. This panel talk aims to provide participants with an in-depth understanding of AI/ML security bug bounty hunting, including an introduction to the field, insights into vulnerabilities and attack surfaces specific to AI/ML systems, and a comprehensive overview of tools and techniques for effective bug hunting.\n\n\n","title":"Unveiling the Secrets: Breaking into AI/ML Security Bug Bounty Hunting","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d653b1","name":"Village Panel","id":45771},"end_timestamp":{"seconds":1691798100,"nanoseconds":0},"android_description":"As the world becomes increasingly dependent on artificial intelligence and machine learning systems, the need for robust ML security measures is more critical than ever. AI/ML security bug bounty hunting is a specialized field that focuses on identifying vulnerabilities and weaknesses in AI/ML systems to ensure their resilience against potential attacks. This panel talk aims to provide participants with an in-depth understanding of AI/ML security bug bounty hunting, including an introduction to the field, insights into vulnerabilities and attack surfaces specific to AI/ML systems, and a comprehensive overview of tools and techniques for effective bug hunting.","updated_timestamp":{"seconds":1691031360,"nanoseconds":0},"speakers":[{"content_ids":[50553,52052],"conference_id":96,"event_ids":[50781,52271],"name":"Marcello \"byt3bl33d3r\" Salvati","affiliations":[{"organization":"","title":"Hacker & Entrepreneur"}],"pronouns":"he/him","links":[{"description":"","title":"Github","sort_order":0,"url":"https://github.com/byt3bl33d3r"},{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/byt3bl33d3r/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/byt3bl33d3r"}],"media":[],"id":49765,"title":"Hacker & Entrepreneur"},{"content_ids":[52025,52052,52259],"conference_id":96,"event_ids":[52523,52241,52271],"name":"Chloé Messdaghi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51252},{"content_ids":[52052],"conference_id":96,"event_ids":[52271],"name":"Daniel Miessler","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51299},{"content_ids":[52052],"conference_id":96,"event_ids":[52271],"name":"Joseph Thacker","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51300}],"timeband_id":990,"links":[],"end":"2023-08-11T23:55:00.000-0000","id":52271,"village_id":null,"begin_timestamp":{"seconds":1691794800,"nanoseconds":0},"tag_ids":[40299,45646,45743,45771],"includes":"","people":[{"tag_id":45631,"sort_order":1,"person_id":51252},{"tag_id":45632,"sort_order":2,"person_id":51299},{"tag_id":45632,"sort_order":2,"person_id":51300},{"tag_id":45632,"sort_order":2,"person_id":49765}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 401-406 - AI Village","hotel":"","short_name":"Academy - 401-406 - AI Village","id":45870},"begin":"2023-08-11T23:00:00.000-0000","updated":"2023-08-03T02:56:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Cicada 3301: An Exploration of the Cryptographic Enigma","android_description":"","end_timestamp":{"seconds":1691797500,"nanoseconds":0},"updated_timestamp":{"seconds":1691025780,"nanoseconds":0},"speakers":[{"content_ids":[50644,52028],"conference_id":96,"event_ids":[50751,52244],"name":"Taiiwo","affiliations":[],"links":[],"pronouns":"he/him","media":[],"id":49919},{"content_ids":[50644,52028],"conference_id":96,"event_ids":[50751,52244],"name":"Artorias","affiliations":[],"links":[],"pronouns":"he/him","media":[],"id":49920},{"content_ids":[50644,52028],"conference_id":96,"event_ids":[50751,52244],"name":"Puck","affiliations":[],"links":[],"pronouns":"he/him","media":[],"id":49921},{"content_ids":[50644,52028],"conference_id":96,"event_ids":[50751,52244],"name":"TheClockworkBird","affiliations":[],"links":[],"pronouns":"he/him","media":[],"id":49922}],"timeband_id":990,"links":[],"end":"2023-08-11T23:45:00.000-0000","id":52244,"village_id":null,"begin_timestamp":{"seconds":1691794800,"nanoseconds":0},"tag_ids":[40308,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49920},{"tag_id":45590,"sort_order":1,"person_id":49921},{"tag_id":45590,"sort_order":1,"person_id":49919},{"tag_id":45590,"sort_order":1,"person_id":49922}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset - Vista - Crypto & Privacy Village","hotel":"","short_name":"Sunset - Vista - Crypto & Privacy Village","id":45702},"updated":"2023-08-03T01:23:00.000-0000","begin":"2023-08-11T23:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"During this hands-on lab, participants will learn the fundamentals of the basics of network reconnaissance in Penetration Testing. The course will focus on practical scenarios and real-world examples to ensure participants gain practical skills that can be applied in their day-to-day work.\r\n\r\nPrerequisites: Basic understanding of computer networks, cyber security concepts, command line interface, and operating systems.\r\n\r\nTools Covered:\r\n\r\n - Nmap\r\n - Theharvester\r\n - Wireshark\r\n - Nessus\r\n - Metasploit\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"Are you really eyeing my network? Network Reconnaissance for n00bs!","end_timestamp":{"seconds":1691797800,"nanoseconds":0},"android_description":"During this hands-on lab, participants will learn the fundamentals of the basics of network reconnaissance in Penetration Testing. The course will focus on practical scenarios and real-world examples to ensure participants gain practical skills that can be applied in their day-to-day work.\r\n\r\nPrerequisites: Basic understanding of computer networks, cyber security concepts, command line interface, and operating systems.\r\n\r\nTools Covered:\r\n\r\n - Nmap\r\n - Theharvester\r\n - Wireshark\r\n - Nessus\r\n - Metasploit","updated_timestamp":{"seconds":1690937640,"nanoseconds":0},"speakers":[{"content_ids":[52001],"conference_id":96,"event_ids":[52196],"name":"RJ McCarley","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51212}],"timeband_id":990,"links":[],"end":"2023-08-11T23:50:00.000-0000","id":52196,"tag_ids":[40281,45646,45719,45743],"village_id":null,"begin_timestamp":{"seconds":1691794800,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51212}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 301-304 - Blacks in Cyber Village","hotel":"","short_name":"Alliance - 301-304 - Blacks in Cyber Village","id":45865},"begin":"2023-08-11T23:00:00.000-0000","updated":"2023-08-02T00:54:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"I Am A Former National Cybersecurity Director, Ask Me Anything!","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691797800,"nanoseconds":0},"updated_timestamp":{"seconds":1690430760,"nanoseconds":0},"speakers":[{"content_ids":[51508],"conference_id":96,"event_ids":[51664],"name":"Chris Inglis","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50590}],"timeband_id":990,"links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"end":"2023-08-11T23:50:00.000-0000","id":51664,"village_id":null,"tag_ids":[40310,45645,45646,45743],"begin_timestamp":{"seconds":1691794800,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50590}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 218-219 - Policy Rotunda","hotel":"","short_name":"Summit - 218-219 - Policy Rotunda","id":45824},"updated":"2023-07-27T04:06:00.000-0000","begin":"2023-08-11T23:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"I'm On The Hype Train: Bottom's Up!","android_description":"","end_timestamp":{"seconds":1691796600,"nanoseconds":0},"updated_timestamp":{"seconds":1690422780,"nanoseconds":0},"speakers":[{"content_ids":[50641,51481],"conference_id":96,"event_ids":[50842,51637],"name":"Joe Slowik","affiliations":[{"organization":"Huntress","title":"Threat Intelligence Manager"}],"pronouns":"he/him","links":[{"description":"","title":"Website","sort_order":0,"url":"https://pylos.co/"}],"media":[],"id":49917,"title":"Threat Intelligence Manager at Huntress"}],"timeband_id":990,"links":[],"end":"2023-08-11T23:30:00.000-0000","id":51637,"begin_timestamp":{"seconds":1691794800,"nanoseconds":0},"tag_ids":[40306,45645,45646,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49917}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 313-319 - ICS Village","hotel":"","short_name":"Alliance - 313-319 - ICS Village","id":45869},"begin":"2023-08-11T23:00:00.000-0000","updated":"2023-07-27T01:53:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Combined Charging System (CCS), one of the most widely used DC rapid charging technologies for EVs, is vulnerable to wireless attacks. The charging cable acts as unintentional antenna, leaking the power-line communication (PLC) signals and letting an adversary inject their own with off-the-shelf radio equipment. We show how we can eavesdrop on charging communication, or terminate multiple charging sessions wirelessly. These vulnerabilities have been known for several years, but are still present in CCS standards, while the new North American Charging Standard (NACS) uses the same vulnerable physical layer as well. How do we secure these charging systems now we're in so deep?\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Redeploying the Same Vulnerabilities: Exploiting Wireless Side-Channels in Electric Vehicle Charging Protocols","end_timestamp":{"seconds":1691797200,"nanoseconds":0},"android_description":"The Combined Charging System (CCS), one of the most widely used DC rapid charging technologies for EVs, is vulnerable to wireless attacks. The charging cable acts as unintentional antenna, leaking the power-line communication (PLC) signals and letting an adversary inject their own with off-the-shelf radio equipment. We show how we can eavesdrop on charging communication, or terminate multiple charging sessions wirelessly. These vulnerabilities have been known for several years, but are still present in CCS standards, while the new North American Charging Standard (NACS) uses the same vulnerable physical layer as well. How do we secure these charging systems now we're in so deep?","updated_timestamp":{"seconds":1691186400,"nanoseconds":0},"speakers":[{"content_ids":[51464],"conference_id":96,"event_ids":[51620],"name":"Richard Baker","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50533},{"content_ids":[51464],"conference_id":96,"event_ids":[51620],"name":"Sebastian Kohler","affiliations":[],"links":[{"description":"","title":"Profile","sort_order":0,"url":"https://www.cs.ox.ac.uk/people/sebastian.koehler/"}],"pronouns":null,"media":[],"id":50534}],"timeband_id":990,"end":"2023-08-11T23:40:00.000-0000","links":[{"label":"Usenix Presentation","type":"link","url":"https://www.usenix.org/conference/usenixsecurity19/presentation/baker"},{"label":"brokenwire.fail","type":"link","url":"https://brokenwire.fail/"},{"label":"Paper","type":"link","url":"https://www.ndss-symposium.org/wp-content/uploads/2023/02/ndss2023_s251_paper.pdf"}],"id":51620,"tag_ids":[40283,45645,45646,45743],"begin_timestamp":{"seconds":1691794800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50533},{"tag_id":45590,"sort_order":1,"person_id":50534}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 232-233 - Shared Stage","hotel":"","short_name":"Summit - 232-233 - Shared Stage","id":45900},"begin":"2023-08-11T23:00:00.000-0000","updated":"2023-08-04T22:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#2ec300","updated_at":"2024-06-07T03:38+0000","name":"Vendor Event","id":45769},"title":"No Starch Press - Book Signing - Bradly Smith, DevOps for the Desperate","android_description":"","end_timestamp":{"seconds":1691798400,"nanoseconds":0},"updated_timestamp":{"seconds":1690416180,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T00:00:00.000-0000","id":51608,"begin_timestamp":{"seconds":1691794800,"nanoseconds":0},"village_id":null,"tag_ids":[45646,45743,45769,45770],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 305-306 - Vendors","hotel":"","short_name":"Alliance - 305-306 - Vendors","id":45866},"updated":"2023-07-27T00:03:00.000-0000","begin":"2023-08-11T23:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In The Netherlands it's a tradition to catch up with your colleagues just before the end of the workday on Friday when the weekend starts to kick in. In The Netherlands this is called the \"VrijMiBo\" (Vrijdag/Friday - Middag/Afternoon Borrel/Drink)\r\n\r\n\"VrijMiBo/Friday afternoon Drink\" at DEF CON is a perfect moment to talk about what your favorite thing is at DefCon, show your cool handmade badges, impress other hackers about your latest hacks, make new friends, gossip about your boss and show your cat or dog pictures.\r\n\r\nVrijdag Middag Borrel, Freitag Mittags Getränk, Apéritif du vendredi après-midi, trago de viernes por la tarde.\n\n\n","title":"DEF CON Holland Group Presents: VrijMiBo","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d1c366","name":"Meetup","id":45639},"end_timestamp":{"seconds":1691805600,"nanoseconds":0},"android_description":"In The Netherlands it's a tradition to catch up with your colleagues just before the end of the workday on Friday when the weekend starts to kick in. In The Netherlands this is called the \"VrijMiBo\" (Vrijdag/Friday - Middag/Afternoon Borrel/Drink)\r\n\r\n\"VrijMiBo/Friday afternoon Drink\" at DEF CON is a perfect moment to talk about what your favorite thing is at DefCon, show your cool handmade badges, impress other hackers about your latest hacks, make new friends, gossip about your boss and show your cat or dog pictures.\r\n\r\nVrijdag Middag Borrel, Freitag Mittags Getränk, Apéritif du vendredi après-midi, trago de viernes por la tarde.","updated_timestamp":{"seconds":1690137780,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245846"},{"label":"Twitter (@DefconHolland)","type":"link","url":"https://twitter.com/DefconHolland"},{"label":"Meetup Page","type":"link","url":"https://www.meetup.com/defcon-holland/events/294058640/?_xtd=gqFyqTI4MDgxMTk4N6Fwo2FwaQ%253D%253D&from=ref"}],"end":"2023-08-12T02:00:00.000-0000","id":51584,"begin_timestamp":{"seconds":1691794800,"nanoseconds":0},"tag_ids":[45639,45647,45743],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45732,"name":"Flamingo - Bird Bar","hotel":"","short_name":"Bird Bar","id":45880},"updated":"2023-07-23T18:43:00.000-0000","begin":"2023-08-11T23:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"A great way to meet other like-minded folk in this safe and inclusive environment. An informal meet-up of the lgbtqia+ community to network and unwind.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d1c366","updated_at":"2024-06-07T03:38+0000","name":"Meetup","id":45639},"title":"Queercon Mixers","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"A great way to meet other like-minded folk in this safe and inclusive environment. An informal meet-up of the lgbtqia+ community to network and unwind.","updated_timestamp":{"seconds":1690137840,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-12T01:00:00.000-0000","links":[{"label":"Twitter (@Queercon)","type":"link","url":"https://twitter.com/@Queercon"},{"label":"Discord","type":"link","url":"https://discord.com/invite/jeG6Bh5"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/244991"}],"id":51566,"tag_ids":[45639,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691794800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 129 - Chillout","hotel":"","short_name":"Forum - 129 - Chillout","id":45890},"spans_timebands":"N","updated":"2023-07-23T18:44:00.000-0000","begin":"2023-08-11T23:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"They say Atlanta is the city too busy to hate, but it also has too much traffic for its widespread hacker fam to get together in a single meetup. So instead, we're meeting up in the desert during DEF CON! The one time of year when intown, northern burbs, south siders, and anyone else connected to DC404's 20+ year legacy can catch up and share stories. \r\n\r\nJoin us and meet your fellow ATL hackers!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d1c366","updated_at":"2024-06-07T03:38+0000","name":"Meetup","id":45639},"title":"DC 404/DC 678/ DC 770/ DC 470 (Atlanta Metro)","android_description":"They say Atlanta is the city too busy to hate, but it also has too much traffic for its widespread hacker fam to get together in a single meetup. So instead, we're meeting up in the desert during DEF CON! The one time of year when intown, northern burbs, south siders, and anyone else connected to DC404's 20+ year legacy can catch up and share stories. \r\n\r\nJoin us and meet your fellow ATL hackers!","end_timestamp":{"seconds":1691805600,"nanoseconds":0},"updated_timestamp":{"seconds":1690137600,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Website","type":"link","url":"https://dc404.org"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245844"},{"label":"Discord","type":"link","url":"https://discord.gg/Hk5M4qwHzV "}],"end":"2023-08-12T02:00:00.000-0000","id":51559,"begin_timestamp":{"seconds":1691794800,"nanoseconds":0},"village_id":null,"tag_ids":[45639,45648,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Goldfield/Tonopah - Community Room","hotel":"","short_name":"Goldfield/Tonopah - Community Room","id":45727},"updated":"2023-07-23T18:40:00.000-0000","begin":"2023-08-11T23:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In order to threat hunt, in order to create threat intelligence, one must first identify the what before the where, the where, before the why, the why before the who, and then you’ll know who attacked you…maybe 🙂 In this CTF style threat hunt, you are placed in two seats. In one you are the attacker, the other, you are the defender. Somewhere in between, you have to realize that you are also the malware author, reverse engineer, network analyst, etc…however your path may be, you will need to find all of the IOCs before time runs out and the real adversary is not found.\n\n\n","title":"IOCs + APTs = \"Let's play a game!\" - Hack your way through a hunt!","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691798400,"nanoseconds":0},"android_description":"In order to threat hunt, in order to create threat intelligence, one must first identify the what before the where, the where, before the why, the why before the who, and then you’ll know who attacked you…maybe 🙂 In this CTF style threat hunt, you are placed in two seats. In one you are the attacker, the other, you are the defender. Somewhere in between, you have to realize that you are also the malware author, reverse engineer, network analyst, etc…however your path may be, you will need to find all of the IOCs before time runs out and the real adversary is not found.","updated_timestamp":{"seconds":1689358140,"nanoseconds":0},"speakers":[{"content_ids":[51073],"conference_id":96,"event_ids":[51106,51140,51141,51142],"name":"Leo Cruz","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/cruzleo/"}],"pronouns":null,"media":[],"id":50270}],"timeband_id":990,"links":[],"end":"2023-08-12T00:00:00.000-0000","id":51140,"tag_ids":[40294,45647,45719],"village_id":60,"begin_timestamp":{"seconds":1691794800,"nanoseconds":0},"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50270}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 3","hotel":"","short_name":"Area 3","id":45827},"updated":"2023-07-14T18:09:00.000-0000","begin":"2023-08-11T23:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"Red Team Labs and Games for Kids","android_description":"","end_timestamp":{"seconds":1691798400,"nanoseconds":0},"updated_timestamp":{"seconds":1689358560,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T00:00:00.000-0000","id":51121,"tag_ids":[40294,45647,45719,45743,45764,45864],"begin_timestamp":{"seconds":1691794800,"nanoseconds":0},"village_id":60,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 5","hotel":"","short_name":"Area 5","id":45829},"updated":"2023-07-14T18:16:00.000-0000","begin":"2023-08-11T23:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The workshop is designed to provide attendees with comprehensive knowledge and hands-on experience in the realm of offensive security. In today's digital landscape, where passwords remain a significant line of defense for organizations, understanding their vulnerabilities is crucial for both offensive and defensive purposes. This workshop aims to equip participants with the skills required to identify weak passwords, crack hashes, and perform credential-based attacks effectively.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"Passwords Argh Us","end_timestamp":{"seconds":1691798400,"nanoseconds":0},"android_description":"The workshop is designed to provide attendees with comprehensive knowledge and hands-on experience in the realm of offensive security. In today's digital landscape, where passwords remain a significant line of defense for organizations, understanding their vulnerabilities is crucial for both offensive and defensive purposes. This workshop aims to equip participants with the skills required to identify weak passwords, crack hashes, and perform credential-based attacks effectively.","updated_timestamp":{"seconds":1689358500,"nanoseconds":0},"speakers":[{"content_ids":[51089],"conference_id":96,"event_ids":[51120,51150,51151,51152],"name":"Traveler","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/traveler19/"}],"pronouns":null,"media":[],"id":50285}],"timeband_id":990,"links":[],"end":"2023-08-12T00:00:00.000-0000","id":51120,"tag_ids":[40294,45647,45719],"begin_timestamp":{"seconds":1691794800,"nanoseconds":0},"village_id":60,"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50285}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 4","hotel":"","short_name":"Area 4","id":45828},"begin":"2023-08-11T23:00:00.000-0000","updated":"2023-07-14T18:15:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Developing offensive thinking is the highlight of this training, you’ll be able to create different strategies to send some attacks and know how you can deliver that, and so on. Participants will have the experience of learning to execute several efficiency and detection tests in your lab environment, bringing the result of the defensive security analysis with an offensive mindset performed some types of the attacks that are used in cybercrime and being able to take practical actions to identify these threats. Understanding how Cyber Kill Chain works, learning Static and Dynamic Analysis of some types of files, and executing your own attacks...\n\n\n","title":"Malware Hunting an Offensive Approach","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691798400,"nanoseconds":0},"android_description":"Developing offensive thinking is the highlight of this training, you’ll be able to create different strategies to send some attacks and know how you can deliver that, and so on. Participants will have the experience of learning to execute several efficiency and detection tests in your lab environment, bringing the result of the defensive security analysis with an offensive mindset performed some types of the attacks that are used in cybercrime and being able to take practical actions to identify these threats. Understanding how Cyber Kill Chain works, learning Static and Dynamic Analysis of some types of files, and executing your own attacks...","updated_timestamp":{"seconds":1689358500,"nanoseconds":0},"speakers":[{"content_ids":[51088],"conference_id":96,"event_ids":[51119,51143,51144],"name":"Filipi Pires","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/FilipiPires"}],"media":[],"id":50262}],"timeband_id":990,"links":[],"end":"2023-08-12T00:00:00.000-0000","id":51119,"village_id":60,"begin_timestamp":{"seconds":1691794800,"nanoseconds":0},"tag_ids":[40294,45647,45719],"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50262}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 1","hotel":"","short_name":"Area 1","id":45825},"spans_timebands":"N","begin":"2023-08-11T23:00:00.000-0000","updated":"2023-07-14T18:15:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Totally here I want to show how hackers find and exploit bugs and more. I'm talking about a purely technical demonstration. In Gisec 2023 Global, I did a live demo on Cross site scripting deep identify and exploit. For example, I think it would be nice if there was a trend on injections or Broken access control.Then it is necessary to learn how to proceed.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"Hacking Real Web Areas","android_description":"Totally here I want to show how hackers find and exploit bugs and more. I'm talking about a purely technical demonstration. In Gisec 2023 Global, I did a live demo on Cross site scripting deep identify and exploit. For example, I think it would be nice if there was a trend on injections or Broken access control.Then it is necessary to learn how to proceed.","end_timestamp":{"seconds":1691798400,"nanoseconds":0},"updated_timestamp":{"seconds":1689358380,"nanoseconds":0},"speakers":[{"content_ids":[51087],"conference_id":96,"event_ids":[51118],"name":"Ilkin Javadov","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/IlkinJavadov"}],"pronouns":null,"media":[],"id":50265}],"timeband_id":990,"links":[],"end":"2023-08-12T00:00:00.000-0000","id":51118,"tag_ids":[40294,45647,45719],"begin_timestamp":{"seconds":1691794800,"nanoseconds":0},"village_id":60,"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50265}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 2","hotel":"","short_name":"Area 2","id":45826},"begin":"2023-08-11T23:00:00.000-0000","updated":"2023-07-14T18:13:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In this talk, we'll show how zero knowledge proofs could be used to prove statements about your health without disclosing the entirety of your DNA. Although this could unlock various use cases in healthcare such as community airdrops and authentication, there are possible abuses like genetic discrimination and reporting by anonymous adversaries. Concluding the talk, we will discuss frameworks that the (hopefully not depressed) audience can use to inform their decision making and activism on the topic of blockchain and healthcare.\n\n\n","title":"Can I put my DNA on the blockchain, mom?","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"In this talk, we'll show how zero knowledge proofs could be used to prove statements about your health without disclosing the entirety of your DNA. Although this could unlock various use cases in healthcare such as community airdrops and authentication, there are possible abuses like genetic discrimination and reporting by anonymous adversaries. Concluding the talk, we will discuss frameworks that the (hopefully not depressed) audience can use to inform their decision making and activism on the topic of blockchain and healthcare.","end_timestamp":{"seconds":1691796600,"nanoseconds":0},"updated_timestamp":{"seconds":1689115860,"nanoseconds":0},"speakers":[{"content_ids":[51043],"conference_id":96,"event_ids":[51075],"name":"Anne Kim","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50227},{"content_ids":[51043],"conference_id":96,"event_ids":[51075],"name":"Michele Orrù","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50228}],"timeband_id":990,"links":[],"end":"2023-08-11T23:30:00.000-0000","id":51075,"begin_timestamp":{"seconds":1691794800,"nanoseconds":0},"tag_ids":[45645,45647,45717],"village_id":68,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50227},{"tag_id":45590,"sort_order":1,"person_id":50228}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Laughlin I,II,III - Biohacking Village","hotel":"","short_name":"Laughlin I,II,III - Biohacking Village","id":45663},"spans_timebands":"N","begin":"2023-08-11T23:00:00.000-0000","updated":"2023-07-11T22:51:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This talk includes a series of favorite hacking stories. From hacking into a prison system to having the ability to publish “fake news” on a major tech companies website to even breaking into some of the largest entertainment and online casinos. This talk will take a look at the identification, exploitation, and escalation paths as well as the possible impact based on the company’s organization and nature of work.\n\n\n","title":"A Series of Unfortunate Events","type":{"conference_id":96,"conference":"DEFCON31","color":"#47c64e","updated_at":"2024-06-07T03:38+0000","name":"DEF CON War Story","id":45844},"end_timestamp":{"seconds":1691797500,"nanoseconds":0},"android_description":"This talk includes a series of favorite hacking stories. From hacking into a prison system to having the ability to publish “fake news” on a major tech companies website to even breaking into some of the largest entertainment and online casinos. This talk will take a look at the identification, exploitation, and escalation paths as well as the possible impact based on the company’s organization and nature of work.","updated_timestamp":{"seconds":1687139280,"nanoseconds":0},"speakers":[{"content_ids":[50592,51070,51977,52424],"conference_id":96,"event_ids":[52729,50857,52730,51103,52171],"name":"Ben \"NahamSec\" Sadeghipour","affiliations":[{"organization":"NahamSec","title":"Hacker & Content Creator"}],"pronouns":"she/her","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/nahamsec"}],"media":[],"id":49825,"title":"Hacker & Content Creator at NahamSec"},{"content_ids":[50592],"conference_id":96,"event_ids":[50857],"name":"Corben Leo","affiliations":[{"organization":"Boring Mattress Co","title":"Co-Founder"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/hacker_"}],"media":[],"id":49826,"title":"Co-Founder at Boring Mattress Co"}],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245763"}],"end":"2023-08-11T23:45:00.000-0000","id":50857,"tag_ids":[45648,45844],"village_id":null,"begin_timestamp":{"seconds":1691794800,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49825},{"tag_id":45590,"sort_order":1,"person_id":49826}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45666,"name":"Harrah's - Nevada Ballroom - Lake Tahoe & Reno - War Stories - On the Record","hotel":"","short_name":"War Stories - On the Record","id":45801},"spans_timebands":"N","updated":"2023-06-19T01:48:00.000-0000","begin":"2023-08-11T23:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Developers are threat actors' targets of choice because of their access to business-critical services. After compromising a single developer, they could push code changes or obtain sensitive information. For instance, a recent campaign attributed to North Korea set up social network profiles to social engineer and infect prominent figures of the developer community with malicious Visual Studio projects and browser exploits.\r\n \r\nAt the same time, modern development tools offer increasingly advanced features and deep integration with ecosystems, sometimes at the cost of basic security measures. Code editors tried to counterbalance it by introducing new lines of defense (e.g., \"Workspace Trust\"), leading to a cat-and-mouse game to restrict access while keeping most features available by default.\r\n \r\nIn this talk, we present the state of the art of Visual Studio Code's security. We go in-depth into its attack surface, how its extensions work, and the technical details of two vulnerabilities we found in Visual Studio Code. These findings, CVE-2021-43891 and CVE-2022-30129, led to a $30.000 bounty with an unexpected twist. We also present 1-days discovered by other researchers to develop the audience's intuition. These concepts apply to most IDEs of the market so everybody will now think twice before opening third-party code!\r\n\r\nREFERENCES: \r\nhttps://blog.electrovolt.io/posts/vscode-rce/\r\nhttps://www.sonarsource.com/blog/securing-developer-tools-git-integrations/\r\nhttps://www.sonarsource.com/blog/securing-developer-tools-argument-injection-in-vscode/\r\nhttps://blog.doyensec.com/2022/10/27/jupytervscode.html\r\nhttps://iwantmore.pizza/posts/cve-2019-1414.html\r\nhttps://github.com/justinsteven/advisories/blob/master/2017_visual_studio_code_workspace_settings_code_execution.md\r\nhttps://github.com/doyensec/VSCode_PoC_Oct2019\r\nhttps://github.com/microsoft/vscode/issues/107951\r\nhttps://www.youtube.com/watch?v=Olq6XnZ4Pwo\r\nhttps://github.com/google/security-research/security/advisories/GHSA-pw56-c55x-cm9m\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"title":"Visual Studio Code is why I have (Workspace) Trust issues","end_timestamp":{"seconds":1691797500,"nanoseconds":0},"android_description":"Developers are threat actors' targets of choice because of their access to business-critical services. After compromising a single developer, they could push code changes or obtain sensitive information. For instance, a recent campaign attributed to North Korea set up social network profiles to social engineer and infect prominent figures of the developer community with malicious Visual Studio projects and browser exploits.\r\n \r\nAt the same time, modern development tools offer increasingly advanced features and deep integration with ecosystems, sometimes at the cost of basic security measures. Code editors tried to counterbalance it by introducing new lines of defense (e.g., \"Workspace Trust\"), leading to a cat-and-mouse game to restrict access while keeping most features available by default.\r\n \r\nIn this talk, we present the state of the art of Visual Studio Code's security. We go in-depth into its attack surface, how its extensions work, and the technical details of two vulnerabilities we found in Visual Studio Code. These findings, CVE-2021-43891 and CVE-2022-30129, led to a $30.000 bounty with an unexpected twist. We also present 1-days discovered by other researchers to develop the audience's intuition. These concepts apply to most IDEs of the market so everybody will now think twice before opening third-party code!\r\n\r\nREFERENCES: \r\nhttps://blog.electrovolt.io/posts/vscode-rce/\r\nhttps://www.sonarsource.com/blog/securing-developer-tools-git-integrations/\r\nhttps://www.sonarsource.com/blog/securing-developer-tools-argument-injection-in-vscode/\r\nhttps://blog.doyensec.com/2022/10/27/jupytervscode.html\r\nhttps://iwantmore.pizza/posts/cve-2019-1414.html\r\nhttps://github.com/justinsteven/advisories/blob/master/2017_visual_studio_code_workspace_settings_code_execution.md\r\nhttps://github.com/doyensec/VSCode_PoC_Oct2019\r\nhttps://github.com/microsoft/vscode/issues/107951\r\nhttps://www.youtube.com/watch?v=Olq6XnZ4Pwo\r\nhttps://github.com/google/security-research/security/advisories/GHSA-pw56-c55x-cm9m","updated_timestamp":{"seconds":1688094120,"nanoseconds":0},"speakers":[{"content_ids":[50576],"conference_id":96,"event_ids":[50787],"name":"Thomas Chauchefoin","affiliations":[{"organization":"Sonar","title":"Vulnerability Researcher"}],"links":[{"description":"","title":"Mastodon (@swapgs@infosec.exchange)","sort_order":0,"url":"https://infosec.exchange/@swapgs"}],"pronouns":"he/him","media":[],"id":49798,"title":"Vulnerability Researcher at Sonar"},{"content_ids":[50576],"conference_id":96,"event_ids":[50787],"name":"Paul Gerste","affiliations":[{"organization":"Sonar","title":"Vulnerability Researcher"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/pspaul95"}],"media":[],"id":49799,"title":"Vulnerability Researcher at Sonar"}],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245747"}],"end":"2023-08-11T23:45:00.000-0000","id":50787,"tag_ids":[45589,45592,45646,45766],"begin_timestamp":{"seconds":1691794800,"nanoseconds":0},"village_id":null,"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49799},{"tag_id":45590,"sort_order":1,"person_id":49798}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"spans_timebands":"N","begin":"2023-08-11T23:00:00.000-0000","updated":"2023-06-30T03:02:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Crushing crumbs of information to eat a whole cake.","end_timestamp":{"seconds":1691796600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1689552960,"nanoseconds":0},"speakers":[{"content_ids":[51301],"conference_id":96,"event_ids":[51363],"name":"Felipe Pr0teus","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@pr0teusbr"}],"pronouns":null,"media":[],"id":50457}],"timeband_id":990,"links":[],"end":"2023-08-11T23:30:00.000-0000","id":51363,"tag_ids":[40293,45645,45649,45743],"village_id":59,"begin_timestamp":{"seconds":1691793900,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50457}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social B and C - Recon Village","hotel":"","short_name":"Social B and C - Recon Village","id":45737},"spans_timebands":"N","updated":"2023-07-17T00:16:00.000-0000","begin":"2023-08-11T22:45:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Deep Diving Into HID Vulnerabilities: Heart of Darkness","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691796600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691565120,"nanoseconds":0},"speakers":[{"content_ids":[52385,52387,52395],"conference_id":96,"event_ids":[52676,52678,52686],"name":"Chad","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51604},{"content_ids":[52385,52387,52395],"conference_id":96,"event_ids":[52676,52678,52686],"name":"Shortman","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51609}],"timeband_id":990,"links":[],"end":"2023-08-11T23:30:00.000-0000","id":52678,"village_id":null,"begin_timestamp":{"seconds":1691793000,"nanoseconds":0},"tag_ids":[40290,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51604},{"tag_id":45590,"sort_order":1,"person_id":51609}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Carson City - Physical Security Village","hotel":"","short_name":"Carson City - Physical Security Village","id":45679},"spans_timebands":"N","begin":"2023-08-11T22:30:00.000-0000","updated":"2023-08-09T07:12:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The workshop is a bare bones example of the core statistical method, for auditing a singel contest, without releying on any exported data from the voting system . If there are three - four teams with three - four people and they are on task, this workshop will last forfty five minuties with time for Q&A.\n\n\n","title":"RLA Workshop","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"android_description":"The workshop is a bare bones example of the core statistical method, for auditing a singel contest, without releying on any exported data from the voting system . If there are three - four teams with three - four people and they are on task, this workshop will last forfty five minuties with time for Q&A.","end_timestamp":{"seconds":1691795700,"nanoseconds":0},"updated_timestamp":{"seconds":1691544600,"nanoseconds":0},"speakers":[{"content_ids":[52320,52382],"conference_id":96,"event_ids":[52604,52673],"name":"Amanda Glazer","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/amandaglazer/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/PandaGlazer"},{"description":"","title":"Website","sort_order":0,"url":"https://dl.acm.org/doi/abs/10.1007/978-3-030-60347-2_6"}],"media":[],"id":51527}],"timeband_id":990,"links":[],"end":"2023-08-11T23:15:00.000-0000","id":52673,"begin_timestamp":{"seconds":1691793000,"nanoseconds":0},"tag_ids":[40298,45646,45743,45775],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51527}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"updated":"2023-08-09T01:30:00.000-0000","begin":"2023-08-11T22:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"What Makes Hackers Extraordinary - It's A Gift!","android_description":"","end_timestamp":{"seconds":1691795700,"nanoseconds":0},"updated_timestamp":{"seconds":1691544240,"nanoseconds":0},"speakers":[{"content_ids":[52319],"conference_id":96,"event_ids":[52603],"name":"D9","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51537}],"timeband_id":990,"links":[],"end":"2023-08-11T23:15:00.000-0000","id":52603,"village_id":null,"tag_ids":[40298,45645,45646,45743],"begin_timestamp":{"seconds":1691793000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51537}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"spans_timebands":"N","updated":"2023-08-09T01:24:00.000-0000","begin":"2023-08-11T22:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Humanity is producing more content than at any point in history. Generative AI is poised to accelerate that trend. Our collective stream of information is surging, but all too often it's filled with misinformation. As audiences and fact checkers confront these muddied waters, could there be solutions back upstream? Researchers are testing innovative ways to authenticate digital records at their origin, establishing the time, date and location of their creation. With enhanced provenance we can establish a new resilient form of authenticity with cryptography, and decentralized systems. These methods have been used to establish trust in critical records like photos and web archives, and recently used in stories published by Reuters, Rolling Stone, Associated Press, Inside Climate News, and Bay City News. The techniques are even finding their way into legal submissions to prosecutors at the International Criminal Court and helping preserve the testimony of the survivors of genocide. Several promising solutions are available in free and open-source apps that you can install on your phone or computer browser today, and a number of emerging consumer products could help professionals to bolster trust in their own digital records. The workshop will provide case studies that can help explain these technologies to general audiences, with authentication being done on digital assets from today's phones and digital cameras -- and even 30-year-old film. It will also look at ways for journalists (and citizen journalists) to use these tools to capture authenticated assets or explore the provenance of assets with content credentials.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d653b1","name":"Village Panel","id":45771},"title":"Digital Media Authentication - A Toolkit for Journalists in the Fight Against Misinformation with Cryptographic Tools","end_timestamp":{"seconds":1691796600,"nanoseconds":0},"android_description":"Humanity is producing more content than at any point in history. Generative AI is poised to accelerate that trend. Our collective stream of information is surging, but all too often it's filled with misinformation. As audiences and fact checkers confront these muddied waters, could there be solutions back upstream? Researchers are testing innovative ways to authenticate digital records at their origin, establishing the time, date and location of their creation. With enhanced provenance we can establish a new resilient form of authenticity with cryptography, and decentralized systems. These methods have been used to establish trust in critical records like photos and web archives, and recently used in stories published by Reuters, Rolling Stone, Associated Press, Inside Climate News, and Bay City News. The techniques are even finding their way into legal submissions to prosecutors at the International Criminal Court and helping preserve the testimony of the survivors of genocide. Several promising solutions are available in free and open-source apps that you can install on your phone or computer browser today, and a number of emerging consumer products could help professionals to bolster trust in their own digital records. The workshop will provide case studies that can help explain these technologies to general audiences, with authentication being done on digital assets from today's phones and digital cameras -- and even 30-year-old film. It will also look at ways for journalists (and citizen journalists) to use these tools to capture authenticated assets or explore the provenance of assets with content credentials.","updated_timestamp":{"seconds":1691284320,"nanoseconds":0},"speakers":[{"content_ids":[52260],"conference_id":96,"event_ids":[52524],"name":"Adam Rose","affiliations":[{"organization":"Starling Lab for Data Integrity","title":"COO"}],"links":[],"pronouns":null,"media":[],"id":51495,"title":"COO at Starling Lab for Data Integrity"}],"timeband_id":990,"links":[],"end":"2023-08-11T23:30:00.000-0000","id":52524,"village_id":null,"tag_ids":[40305,45646,45743,45771],"begin_timestamp":{"seconds":1691793000,"nanoseconds":0},"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51495}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 224 - Misinfo Village","hotel":"","short_name":"Summit - 224 - Misinfo Village","id":45856},"begin":"2023-08-11T22:30:00.000-0000","updated":"2023-08-06T01:12:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Free Book Signing with author Ted Harrington of the #1 bestseller, Hackable. This is a free event. Attendees will receive the book on a first come, first serve basis. We recommend arriving at least 30 minutes early.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#1e45a5","updated_at":"2024-06-07T03:38+0000","name":"Village Roundtable","id":45772},"title":"IoT Village - Free Book Signing with author Ted Harrington","android_description":"Free Book Signing with author Ted Harrington of the #1 bestseller, Hackable. This is a free event. Attendees will receive the book on a first come, first serve basis. We recommend arriving at least 30 minutes early.","end_timestamp":{"seconds":1691793000,"nanoseconds":0},"updated_timestamp":{"seconds":1691000700,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-11T22:30:00.000-0000","id":52221,"village_id":null,"tag_ids":[40296,45646,45743,45772],"begin_timestamp":{"seconds":1691793000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"spans_timebands":"N","updated":"2023-08-02T18:25:00.000-0000","begin":"2023-08-11T22:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"OT Vulnerability analysis methodology","end_timestamp":{"seconds":1691794800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1690422780,"nanoseconds":0},"speakers":[{"content_ids":[51480],"conference_id":96,"event_ids":[51636],"name":"Jeonghoon Bae","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50553}],"timeband_id":990,"links":[],"end":"2023-08-11T23:00:00.000-0000","id":51636,"tag_ids":[40306,45645,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691793000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50553}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 313-319 - ICS Village","hotel":"","short_name":"Alliance - 313-319 - ICS Village","id":45869},"updated":"2023-07-27T01:53:00.000-0000","begin":"2023-08-11T22:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Shellcode is omnipresent, seen or unseen. Yet tooling to analyze shellcode is lacking. We present the cutting-edge SHAREM framework to analyze enigmatic shellcode.\r\n\r\nSHAREM can emulate shellcode, identifying 20,000 WinAPI functions and 99% of Windows syscalls. In some shellcode, some APIs may never be reached, due to the wrong environment, but SHAREM has a new solution: Complete code coverage preserves the CPU register context and memory at each change in control flow. Once the shellcode ends, it restarts, restoring memory and context, ensuring all functionality is reached and identifying all APIs.\r\n\r\nEncoded shellcode may be puzzling at times. SHAREM is a game-changer, as it presents emulated shellcode in its decoded form in a disassembler.\r\n\r\nIDA Pro and Ghidra can produce disassembly of shellcode that is of poor quality. However, SHAREM uniquely can ingest emulation data, resulting in virtually flawless disassembly. While SHAREM has its own custom disassembler, we are also releasing a Ghidra plugin, so SHAREM's enhanced disassembly can enhance what is in GHidra. Only SHAREM identifies APIs in disassembly, and this also can be brought to Ghidra.\r\n\r\nWe will also see how SHAREM can be used by aspiring shellcode authors to enhance their own work, and we will examine advanced shellcode specimens in SHAREM. | Dr. Bramwell Brizendine completed his Ph.D. in Cyber Operations, for which he did his dissertation on Jump-Oriented Programming, a hitherto seldom-studied and poorly understood subset of code-reuse attacks.\r\n\r\nREFERENCES:\r\n[1] Mds. Research, “Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams,” MDSec, 2020. [Online]. Available: https://www.mdsec.co.uk/2020/12/bypassing-user-mode-hooks-and-direct-invocation-of-system-calls-for-red-teams/.\r\n[2] K. Borders, A. Prakash, and M. Zielinski, “Spector: Automatically analyzing shell code,” Proc. - Annu. Comput. Secur. Appl. Conf. ACSAC, pp. 501–514, 2007.\r\n[3] Y. Fratantonio, C. Kruegel, and G. Vigna, “Shellzer: a tool for the dynamic analysis of malicious shellcode,” in International workshop on recent advances in intrusion detection, 2011, pp. 61–80.\r\n[4] D. Zimmer, “Scdbg Shellcode Analysis,” 2011. [Online]. Available: http://sandsprite.com/CodeStuff/scdbg_manual/MANUAL_EN.html.\r\n[5] FireEye, “Speakeasy.” [Online]. Available: https://github.com/fireeye/speakeasy.\r\n[6] M. Jurczyk, “Windows X86-64 System Call Table (XP/2003/Vista/2008/7/2012/8/10).” [Online]. Available: https://j00ru.vexillium.org/syscalls/nt/64/.\r\n[7] T. Nowak, “The Undocumented Functions Microsoft Windows NT/2000/XP/Win7,” NTAPI Undocumented Functions. .\r\n[8] A. R. Hevner, S. T. March, J. Park, and S. Ram, “Design science in information systems research,” MIS Q., pp. 75–105, 2004.\r\n[9] C. Anley, J. Heasman, F. Lindner, and G. Richarte, The shellcoder’s handbook: discovering and exploiting security holes. John Wiley & Sons, 2011.\r\n[10] S. Eckels, “WOW64!Hooks: WOW64 Subsystem Internals and Hooking Techniques,” Mandiant, 2020. [Online]. Available: https://www.mandiant.com/resources/wow64-subsystem-internals-and-hooking-techniques.\r\n[11] A. Ionescu, “Closing Heaven’s Gate,” 2015. [Online]. Available: https://www.alex-ionescu.com/?p=300.\r\n[12] Hasherezade, “PE-Sieve,” GitHub, 2018. [Online]. Available: https://github.com/hasherezade/pe-sieve.\r\n[13] Hasherezade, “PE to Shellcode,” GitHub, 2021. [Online]. Available: https://github.com/hasherezade/pe_to_shellcode.\n\n\n","title":"Game-Changing Advances in Windows Shellcode Analysis","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"android_description":"Shellcode is omnipresent, seen or unseen. Yet tooling to analyze shellcode is lacking. We present the cutting-edge SHAREM framework to analyze enigmatic shellcode.\r\n\r\nSHAREM can emulate shellcode, identifying 20,000 WinAPI functions and 99% of Windows syscalls. In some shellcode, some APIs may never be reached, due to the wrong environment, but SHAREM has a new solution: Complete code coverage preserves the CPU register context and memory at each change in control flow. Once the shellcode ends, it restarts, restoring memory and context, ensuring all functionality is reached and identifying all APIs.\r\n\r\nEncoded shellcode may be puzzling at times. SHAREM is a game-changer, as it presents emulated shellcode in its decoded form in a disassembler.\r\n\r\nIDA Pro and Ghidra can produce disassembly of shellcode that is of poor quality. However, SHAREM uniquely can ingest emulation data, resulting in virtually flawless disassembly. While SHAREM has its own custom disassembler, we are also releasing a Ghidra plugin, so SHAREM's enhanced disassembly can enhance what is in GHidra. Only SHAREM identifies APIs in disassembly, and this also can be brought to Ghidra.\r\n\r\nWe will also see how SHAREM can be used by aspiring shellcode authors to enhance their own work, and we will examine advanced shellcode specimens in SHAREM. | Dr. Bramwell Brizendine completed his Ph.D. in Cyber Operations, for which he did his dissertation on Jump-Oriented Programming, a hitherto seldom-studied and poorly understood subset of code-reuse attacks.\r\n\r\nREFERENCES:\r\n[1] Mds. Research, “Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams,” MDSec, 2020. [Online]. Available: https://www.mdsec.co.uk/2020/12/bypassing-user-mode-hooks-and-direct-invocation-of-system-calls-for-red-teams/.\r\n[2] K. Borders, A. Prakash, and M. Zielinski, “Spector: Automatically analyzing shell code,” Proc. - Annu. Comput. Secur. Appl. Conf. ACSAC, pp. 501–514, 2007.\r\n[3] Y. Fratantonio, C. Kruegel, and G. Vigna, “Shellzer: a tool for the dynamic analysis of malicious shellcode,” in International workshop on recent advances in intrusion detection, 2011, pp. 61–80.\r\n[4] D. Zimmer, “Scdbg Shellcode Analysis,” 2011. [Online]. Available: http://sandsprite.com/CodeStuff/scdbg_manual/MANUAL_EN.html.\r\n[5] FireEye, “Speakeasy.” [Online]. Available: https://github.com/fireeye/speakeasy.\r\n[6] M. Jurczyk, “Windows X86-64 System Call Table (XP/2003/Vista/2008/7/2012/8/10).” [Online]. Available: https://j00ru.vexillium.org/syscalls/nt/64/.\r\n[7] T. Nowak, “The Undocumented Functions Microsoft Windows NT/2000/XP/Win7,” NTAPI Undocumented Functions. .\r\n[8] A. R. Hevner, S. T. March, J. Park, and S. Ram, “Design science in information systems research,” MIS Q., pp. 75–105, 2004.\r\n[9] C. Anley, J. Heasman, F. Lindner, and G. Richarte, The shellcoder’s handbook: discovering and exploiting security holes. John Wiley & Sons, 2011.\r\n[10] S. Eckels, “WOW64!Hooks: WOW64 Subsystem Internals and Hooking Techniques,” Mandiant, 2020. [Online]. Available: https://www.mandiant.com/resources/wow64-subsystem-internals-and-hooking-techniques.\r\n[11] A. Ionescu, “Closing Heaven’s Gate,” 2015. [Online]. Available: https://www.alex-ionescu.com/?p=300.\r\n[12] Hasherezade, “PE-Sieve,” GitHub, 2018. [Online]. Available: https://github.com/hasherezade/pe-sieve.\r\n[13] Hasherezade, “PE to Shellcode,” GitHub, 2021. [Online]. Available: https://github.com/hasherezade/pe_to_shellcode.","end_timestamp":{"seconds":1691795700,"nanoseconds":0},"updated_timestamp":{"seconds":1688179320,"nanoseconds":0},"speakers":[{"content_ids":[50595,50650],"conference_id":96,"event_ids":[50770,50845],"name":"Bramwell Brizendine, Dr.","affiliations":[{"organization":"University of Alabama in Huntsville","title":"Assistant Professor"}],"links":[],"pronouns":"he/him","media":[],"id":49830,"title":"Assistant Professor at University of Alabama in Huntsville"},{"content_ids":[50650],"conference_id":96,"event_ids":[50845],"name":"Jake Hince","affiliations":[{"organization":"","title":"Cybersecurity Engineer"}],"links":[],"pronouns":null,"media":[],"id":49935,"title":"Cybersecurity Engineer"},{"content_ids":[50650,50610],"conference_id":96,"event_ids":[50718,50845],"name":"Max 'Libra' Kersten","affiliations":[{"organization":"Trellix","title":"Malware Analyst"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Libranalysis"},{"description":"","title":"Website","sort_order":0,"url":"https://maxkersten.nl"}],"pronouns":null,"media":[],"id":49936,"title":"Malware Analyst at Trellix"}],"timeband_id":990,"end":"2023-08-11T23:15:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246103"}],"id":50845,"tag_ids":[45589,45592,45630,45646,45766],"begin_timestamp":{"seconds":1691793000,"nanoseconds":0},"village_id":null,"includes":"Tool 🛠, Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49830},{"tag_id":45590,"sort_order":1,"person_id":49935},{"tag_id":45590,"sort_order":1,"person_id":49936}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 407-410 - Track 4","hotel":"","short_name":"Academy - 407-410 - Track 4","id":45799},"begin":"2023-08-11T22:30:00.000-0000","updated":"2023-07-01T02:42:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In third-world economies, cheaper often means more accessible. In recent years, there has been a growing interest in modern mobile wallet solutions that allow you to save money, make transactions, payments, and transfer funds to friends or clients with the help of MPOS devices. These small, durable, and simple devices can be used to read credit card information. However, these solutions have vulnerabilities that can be exploited. In this talk, we will provide real-life examples of money theft, credit card information skimming, Bluetooth communication tampering, and hardware hacking associated with these solutions.\n\n\n","title":"Turning my virtual wallet into a skimming device: mPOS solutions","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691795700,"nanoseconds":0},"android_description":"In third-world economies, cheaper often means more accessible. In recent years, there has been a growing interest in modern mobile wallet solutions that allow you to save money, make transactions, payments, and transfer funds to friends or clients with the help of MPOS devices. These small, durable, and simple devices can be used to read credit card information. However, these solutions have vulnerabilities that can be exploited. In this talk, we will provide real-life examples of money theft, credit card information skimming, Bluetooth communication tampering, and hardware hacking associated with these solutions.","updated_timestamp":{"seconds":1688094600,"nanoseconds":0},"speakers":[{"content_ids":[50573],"conference_id":96,"event_ids":[50811],"name":"Dan Borgogno","affiliations":[{"organization":"LATU","title":"Security Engineer"}],"pronouns":"he/him","links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/danborgogno"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/dborgogno"}],"media":[],"id":49794,"title":"Security Engineer at LATU"},{"content_ids":[50573],"conference_id":96,"event_ids":[50811],"name":"Ileana Barrionuevo","affiliations":[{"organization":"UTN FRC","title":"Security Researcher"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/ileana-maricel-barrionuevo/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/accio_bugs"}],"pronouns":"she/her","media":[],"id":49795,"title":"Security Researcher at UTN FRC"}],"timeband_id":990,"end":"2023-08-11T23:15:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245744"}],"id":50811,"village_id":null,"begin_timestamp":{"seconds":1691793000,"nanoseconds":0},"tag_ids":[45589,45592,45629,45646,45766],"includes":"Demo 💻, Exploit 🪲","people":[{"tag_id":45590,"sort_order":1,"person_id":49794},{"tag_id":45590,"sort_order":1,"person_id":49795}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 130-134 - Track 3","hotel":"","short_name":"Forum - 130-134 - Track 3","id":45798},"updated":"2023-06-30T03:10:00.000-0000","begin":"2023-08-11T22:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"MikroTik, as a supplier of network infrastructures, its products and RouterOS are adopted widely. Currently, at least 3 million+ devices are running RouterOS online. Being the target research by attackers actively, the exploits leaked from the CIA in 2018 and the massive exploits that followed are samples of the havoc that can be caused when such devices are maliciously exploited again. Therefore, RouterOS also attracts many researchers to hunt bugs in it. However, there are rarely high-impact vulnerabilities reported over a long period. Can the OS become perfect overnight? Of course not. Some details have been missed.\r\n \r\nResearches on RouterOS were mainly against jailbreak, Nova Message in IPC, and analysis of exploits in the wild. Especially researches against Nova Message have reported tons of post-auth vulnerabilities. However, the architecture design and the lower-layer objects, which are closely related to the functionality of Nova Binary, were being neglected due to their complexity, causing some details to be overlooked for a long time. Starting by introducing the mechanisms of the socket callback and the remote object, we will disclose more about the overlooked attack surface and implementations in RouterOS. Moreover, we will discuss how we, at the end of rarely visited trails, found the pre-auth RCE that existed for nine years and can exploit all active versions and the race condition in the remote object. We will also share our methodology and vulnerability patterns.\r\n \r\nDelving into the design of the RouterOS, attendees will have a greater understanding of the overlooked attack surface and implementation of it and be able to review the system more reliably. Additionally, we will also share our open-source tools and methodology to facilitate researchers researching RouterOS, making it less obscure. ,\r\nTing-Yu Chen, aka NiNi, is a security researcher at DEVCORE and a member of the Balsn CTF team. He won the title of the \"Master of Pwn\" at Pwn2Own Toronto 2022 with the DEVCORE team. NiNi has also made notable achievements in CTF competitions, including placing 2nd and 3rd in DEF CON CTF 27 and 28 as a member of HITCON⚔BFKinesiS and HITCON⚔Balsn teams, respectively. NiNi is currently immersed in vulnerability research and reverse engineering, continuing to hone his skills. You can keep up with his latest discoveries and musings on Twitter via his handle @terrynini38514 or blog at http://blog.terrynini.tw/.\r\n \r\n REFERENCES:\r\n \r\n- https://kirils.org/slides/2017-10-21_MT_Hacktivity_pub.pdf\r\n- https://kirils.org/slides/2017-09-15_prez_15_MT_Balccon_pub.pdf\r\n- https://mum.mikrotik.com/presentations/ID18/presentation_6149_1540240927.pdf\r\n- https://medium.com/@maxi./finding-and-exploiting-cve-2018-7445-f3103f163cc1\r\n- https://www.coresecurity.com/core-labs/advisories/mikrotik-routeros-smb-buffer-overflow\r\n- https://www.irongeek.com/i.php?page=videos/derbycon8/track-4-15-bug-hunting-in-routeros-jacob-baines\r\n- https://www.tenable.com/blog/tenable-research-advisory-multiple-vulnerabilities-discovered-in-mikrotiks-routeros\r\n- https://www.tenable.com/security/research/tra-2018-21\r\n- https://media.defcon.org/DEF%20CON%2027/DEF%20CON%2027%20presentations/DEFCON-27-Jacob-Baines-Help-Me-Vulnerabilities.-Youre-My-Only-Hope.pdf\r\n- https://www.tenable.com/security/research/tra-2019-46\r\n- https://medium.com/tenable-techblog/routeros-chain-to-root-f4e0b07c0b21\r\n- https://margin.re/2022/06/pulling-mikrotik-into-the-limelight/\r\n- https://github.com/cq674350529/pocs_slides\r\n- https://www.youtube.com/watch?v=fkigIlDe6vs \r\n- https://www.tenable.com/security/research/tra-2019-46\r\n- https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/caches-and-self-modifying-code\r\n- https://github.com/Cisco-Talos/Winbox_Protocol_Dissector\r\n- https://github.com/BigNerd95/RouterOS-Backup-Tools\r\n- https://github.com/BigNerd95/Chimay-Red\r\n- https://github.com/BigNerd95/Chimay-Blue\r\n- https://github.com/0ki/mikrotik-tools\r\n- https://github.com/tenable/routeros\r\n\n\n\n","title":"A Comprehensive Review on the Less-Traveled Road: 9 Years of Overlooked MikroTik Pre-Auth RCE","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"android_description":"MikroTik, as a supplier of network infrastructures, its products and RouterOS are adopted widely. Currently, at least 3 million+ devices are running RouterOS online. Being the target research by attackers actively, the exploits leaked from the CIA in 2018 and the massive exploits that followed are samples of the havoc that can be caused when such devices are maliciously exploited again. Therefore, RouterOS also attracts many researchers to hunt bugs in it. However, there are rarely high-impact vulnerabilities reported over a long period. Can the OS become perfect overnight? Of course not. Some details have been missed.\r\n \r\nResearches on RouterOS were mainly against jailbreak, Nova Message in IPC, and analysis of exploits in the wild. Especially researches against Nova Message have reported tons of post-auth vulnerabilities. However, the architecture design and the lower-layer objects, which are closely related to the functionality of Nova Binary, were being neglected due to their complexity, causing some details to be overlooked for a long time. Starting by introducing the mechanisms of the socket callback and the remote object, we will disclose more about the overlooked attack surface and implementations in RouterOS. Moreover, we will discuss how we, at the end of rarely visited trails, found the pre-auth RCE that existed for nine years and can exploit all active versions and the race condition in the remote object. We will also share our methodology and vulnerability patterns.\r\n \r\nDelving into the design of the RouterOS, attendees will have a greater understanding of the overlooked attack surface and implementation of it and be able to review the system more reliably. Additionally, we will also share our open-source tools and methodology to facilitate researchers researching RouterOS, making it less obscure. ,\r\nTing-Yu Chen, aka NiNi, is a security researcher at DEVCORE and a member of the Balsn CTF team. He won the title of the \"Master of Pwn\" at Pwn2Own Toronto 2022 with the DEVCORE team. NiNi has also made notable achievements in CTF competitions, including placing 2nd and 3rd in DEF CON CTF 27 and 28 as a member of HITCON⚔BFKinesiS and HITCON⚔Balsn teams, respectively. NiNi is currently immersed in vulnerability research and reverse engineering, continuing to hone his skills. You can keep up with his latest discoveries and musings on Twitter via his handle @terrynini38514 or blog at http://blog.terrynini.tw/.\r\n \r\n REFERENCES:\r\n \r\n- https://kirils.org/slides/2017-10-21_MT_Hacktivity_pub.pdf\r\n- https://kirils.org/slides/2017-09-15_prez_15_MT_Balccon_pub.pdf\r\n- https://mum.mikrotik.com/presentations/ID18/presentation_6149_1540240927.pdf\r\n- https://medium.com/@maxi./finding-and-exploiting-cve-2018-7445-f3103f163cc1\r\n- https://www.coresecurity.com/core-labs/advisories/mikrotik-routeros-smb-buffer-overflow\r\n- https://www.irongeek.com/i.php?page=videos/derbycon8/track-4-15-bug-hunting-in-routeros-jacob-baines\r\n- https://www.tenable.com/blog/tenable-research-advisory-multiple-vulnerabilities-discovered-in-mikrotiks-routeros\r\n- https://www.tenable.com/security/research/tra-2018-21\r\n- https://media.defcon.org/DEF%20CON%2027/DEF%20CON%2027%20presentations/DEFCON-27-Jacob-Baines-Help-Me-Vulnerabilities.-Youre-My-Only-Hope.pdf\r\n- https://www.tenable.com/security/research/tra-2019-46\r\n- https://medium.com/tenable-techblog/routeros-chain-to-root-f4e0b07c0b21\r\n- https://margin.re/2022/06/pulling-mikrotik-into-the-limelight/\r\n- https://github.com/cq674350529/pocs_slides\r\n- https://www.youtube.com/watch?v=fkigIlDe6vs \r\n- https://www.tenable.com/security/research/tra-2019-46\r\n- https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/caches-and-self-modifying-code\r\n- https://github.com/Cisco-Talos/Winbox_Protocol_Dissector\r\n- https://github.com/BigNerd95/RouterOS-Backup-Tools\r\n- https://github.com/BigNerd95/Chimay-Red\r\n- https://github.com/BigNerd95/Chimay-Blue\r\n- https://github.com/0ki/mikrotik-tools\r\n- https://github.com/tenable/routeros","end_timestamp":{"seconds":1691795700,"nanoseconds":0},"updated_timestamp":{"seconds":1689007440,"nanoseconds":0},"speakers":[{"content_ids":[50544],"conference_id":96,"event_ids":[50761],"name":"NiNi Chen","affiliations":[{"organization":"DEVCORE","title":"Security Researcher"}],"pronouns":null,"links":[{"description":"","title":"Blog","sort_order":0,"url":"http://blog.terrynini.tw/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/terrynini38514"}],"media":[],"id":49752,"title":"Security Researcher at DEVCORE"}],"timeband_id":990,"end":"2023-08-11T23:15:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245713"}],"id":50761,"tag_ids":[45589,45629,45630,45646,45766],"village_id":null,"begin_timestamp":{"seconds":1691793000,"nanoseconds":0},"includes":"Exploit 🪲, Tool 🛠","people":[{"tag_id":45590,"sort_order":1,"person_id":49752}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 105,135,136 - Track 1","hotel":"","short_name":"Forum - 105,135,136 - Track 1","id":45796},"updated":"2023-07-10T16:44:00.000-0000","begin":"2023-08-11T22:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Getting ahead of the bad guys with Internet Scanning data.","android_description":"","end_timestamp":{"seconds":1691793900,"nanoseconds":0},"updated_timestamp":{"seconds":1689552900,"nanoseconds":0},"speakers":[{"content_ids":[51300,52035],"conference_id":96,"event_ids":[52423,51362],"name":"Vitor Ventura","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@_vventura"}],"media":[],"id":50468}],"timeband_id":990,"links":[],"end":"2023-08-11T22:45:00.000-0000","id":51362,"village_id":59,"tag_ids":[40293,45645,45649,45743],"begin_timestamp":{"seconds":1691791800,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50468}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social B and C - Recon Village","hotel":"","short_name":"Social B and C - Recon Village","id":45737},"begin":"2023-08-11T22:10:00.000-0000","updated":"2023-07-17T00:15:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Between Agile, DevOps, and infrastructure as code, development is happening faster than ever. As a security team, it can be tough to keep up. We need to move fast, and iterate quickly as new issues emerge. SAST is one piece of a very important puzzle in the SDLC, so using tools effectively is the key to success! This workshop will be a hands-on masterclass by the creators and maintainers of Semgrep (https://github.com/returntocorp/semgrep), an open source, lightweight static analysis tool which can help enable development teams to scale their SAST efforts.\n\n\n","title":"Finding bugs and scaling your security program with Semgrep","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"Between Agile, DevOps, and infrastructure as code, development is happening faster than ever. As a security team, it can be tough to keep up. We need to move fast, and iterate quickly as new issues emerge. SAST is one piece of a very important puzzle in the SDLC, so using tools effectively is the key to success! This workshop will be a hands-on masterclass by the creators and maintainers of Semgrep (https://github.com/returntocorp/semgrep), an open source, lightweight static analysis tool which can help enable development teams to scale their SAST efforts.","end_timestamp":{"seconds":1691798400,"nanoseconds":0},"updated_timestamp":{"seconds":1691787900,"nanoseconds":0},"speakers":[{"content_ids":[52407],"conference_id":96,"event_ids":[52702],"name":"Lewis Ardern","affiliations":[{"organization":"Semgrep","title":"Staff Security Researcher"}],"links":[],"pronouns":null,"media":[],"id":51628,"title":"Staff Security Researcher at Semgrep"}],"timeband_id":990,"links":[],"end":"2023-08-12T00:00:00.000-0000","id":52702,"village_id":null,"begin_timestamp":{"seconds":1691791200,"nanoseconds":0},"tag_ids":[40297,45645,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51628}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Savoy - AppSec Village","hotel":"","short_name":"Savoy - AppSec Village","id":45712},"begin":"2023-08-11T22:00:00.000-0000","updated":"2023-08-11T21:05:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Join us on the rooftop hangout at the flamingo as we set up and operate a protable HF radio rig!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"HF Radio Demonstration","android_description":"Join us on the rooftop hangout at the flamingo as we set up and operate a protable HF radio rig!","end_timestamp":{"seconds":1691796600,"nanoseconds":0},"updated_timestamp":{"seconds":1691782800,"nanoseconds":0},"speakers":[{"content_ids":[52406],"conference_id":96,"event_ids":[52710,52701],"name":"KitKat","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Mastodon (@kitkat@defcon.social)","sort_order":0,"url":"https://defcon.social/@kitkat"}],"media":[],"id":51627}],"timeband_id":990,"links":[],"end":"2023-08-11T23:30:00.000-0000","id":52701,"begin_timestamp":{"seconds":1691791200,"nanoseconds":0},"tag_ids":[40286,45743,45775],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51627}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Virginia City - Ham Radio Village","hotel":"","short_name":"Virginia City - Ham Radio Village","id":45724},"spans_timebands":"N","begin":"2023-08-11T22:00:00.000-0000","updated":"2023-08-11T19:40:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In 1979, NORAD was duped by a simulation that caused NORAD (North American Aerospace Defense) to believe a full-scale Soviet nuclear attack was underway. This only legitimized the plot in the 1983 classic, War Games, of the possibility of a computer making unstoppable, life-altering decisions. On the 40th anniversary of the movie that predicted the potential role of AI in military systems, LLMs have become a sensation and increasingly, synonymous with AI. This is a dangerous detour in AI’s development, one that humankind can’t afford to take. Join Dr. Martell for an off-the-cuff discussion on what’s at stake as the Department of Defense presses forward to balance agility with accountability and the role hackers play in ensuring the responsible and secure use of AI from the boardroom to the battlefield.\n\n\n","title":"Shall we play a game? Just because a Large Language Model speaks like a human, doesn’t mean it can reason like one.","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"android_description":"In 1979, NORAD was duped by a simulation that caused NORAD (North American Aerospace Defense) to believe a full-scale Soviet nuclear attack was underway. This only legitimized the plot in the 1983 classic, War Games, of the possibility of a computer making unstoppable, life-altering decisions. On the 40th anniversary of the movie that predicted the potential role of AI in military systems, LLMs have become a sensation and increasingly, synonymous with AI. This is a dangerous detour in AI’s development, one that humankind can’t afford to take. Join Dr. Martell for an off-the-cuff discussion on what’s at stake as the Department of Defense presses forward to balance agility with accountability and the role hackers play in ensuring the responsible and secure use of AI from the boardroom to the battlefield.","end_timestamp":{"seconds":1691793900,"nanoseconds":0},"updated_timestamp":{"seconds":1691436900,"nanoseconds":0},"speakers":[{"content_ids":[52338],"conference_id":96,"event_ids":[52623],"name":"Craig Martell","affiliations":[{"organization":"US Department of Defense","title":"Chief Digital and AI Officer"}],"links":[],"pronouns":null,"media":[],"id":51560,"title":"Chief Digital and AI Officer at US Department of Defense"}],"timeband_id":990,"links":[],"end":"2023-08-11T22:45:00.000-0000","id":52623,"tag_ids":[45589,45646,45766],"village_id":null,"begin_timestamp":{"seconds":1691791200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51560}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"spans_timebands":"N","updated":"2023-08-07T19:35:00.000-0000","begin":"2023-08-11T22:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Information leakage is not just a digital problem. Neither is your access management system. This talk will address this often overlooked opsec fail; pictures of keys can be found all over the internet, put there by proud new buildingowners, jobhoppers or correctional facility officers. These pictures can be turned into actual working keys, causing all sorts of chaos. This talk will show why this is a problem, why we should care and maybe make you rethink your physical security a bit.\n\n\n","title":"How to Lose Access to your Door in Two Easy Steps","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691793600,"nanoseconds":0},"android_description":"Information leakage is not just a digital problem. Neither is your access management system. This talk will address this often overlooked opsec fail; pictures of keys can be found all over the internet, put there by proud new buildingowners, jobhoppers or correctional facility officers. These pictures can be turned into actual working keys, causing all sorts of chaos. This talk will show why this is a problem, why we should care and maybe make you rethink your physical security a bit.","updated_timestamp":{"seconds":1691288700,"nanoseconds":0},"speakers":[{"content_ids":[52285],"conference_id":96,"event_ids":[52549],"name":"jos weyers","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51515}],"timeband_id":990,"links":[],"end":"2023-08-11T22:40:00.000-0000","id":52549,"village_id":null,"tag_ids":[40309,45645,45649,45743],"begin_timestamp":{"seconds":1691791200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51515}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45753,"name":"LINQ - 5th Floor / BLOQ - Lockpick Village","hotel":"","short_name":"5th Floor / BLOQ - Lockpick Village","id":45873},"spans_timebands":"N","updated":"2023-08-06T02:25:00.000-0000","begin":"2023-08-11T22:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In this talk you’ll see how hacking doesn’t always involve pillaging or exploit development. In fact, hacking can allow you to expand functionality! I’ll be walking you through steps of reverse engineering a wireless signal in order to hack, build and implement additional functionality of a wireless device. If you like IoT, wireless, and a little bit of software defined radio, you’ll love this talk!\n\n\n","title":"Protocol Identification for Integration","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691792400,"nanoseconds":0},"android_description":"In this talk you’ll see how hacking doesn’t always involve pillaging or exploit development. In fact, hacking can allow you to expand functionality! I’ll be walking you through steps of reverse engineering a wireless signal in order to hack, build and implement additional functionality of a wireless device. If you like IoT, wireless, and a little bit of software defined radio, you’ll love this talk!","updated_timestamp":{"seconds":1691259900,"nanoseconds":0},"speakers":[{"content_ids":[52251],"conference_id":96,"event_ids":[52512],"name":"Eric Escobar","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@EricEscobar"}],"pronouns":null,"media":[],"id":51487}],"timeband_id":990,"links":[],"end":"2023-08-11T22:20:00.000-0000","id":52512,"tag_ids":[40292,45645,45647,45743],"begin_timestamp":{"seconds":1691791200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51487}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Eldorado - Radio Frequency Village","hotel":"","short_name":"Eldorado - Radio Frequency Village","id":45714},"spans_timebands":"N","updated":"2023-08-05T18:25:00.000-0000","begin":"2023-08-11T22:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":".\n\n\nCome hear 4 SOC veterans discuss some of the most challenging topics in SOCs today. People are our most important asset, but recruiting, retention, and career growth continue to be a sore spot for many. Trying to break into the field? Been laid off? Worried about training or outsourcing? This panel is for you. We share with you what we’ve learned over the years; along the way we will spice it up with some war stories and hard won lessons.","title":"SOC Panel: Finding, Keeping, and Caring for the Best People","type":{"conference_id":96,"conference":"DEFCON31","color":"#d653b1","updated_at":"2024-06-07T03:38+0000","name":"Village Panel","id":45771},"android_description":".\n\n\nCome hear 4 SOC veterans discuss some of the most challenging topics in SOCs today. People are our most important asset, but recruiting, retention, and career growth continue to be a sore spot for many. Trying to break into the field? Been laid off? Worried about training or outsourcing? This panel is for you. We share with you what we’ve learned over the years; along the way we will spice it up with some war stories and hard won lessons.","end_timestamp":{"seconds":1691794800,"nanoseconds":0},"updated_timestamp":{"seconds":1691245140,"nanoseconds":0},"speakers":[{"content_ids":[52231],"conference_id":96,"event_ids":[52481],"name":"Alissa Torres","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51449},{"content_ids":[52231],"conference_id":96,"event_ids":[52481],"name":"Christopher Crowley","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51452},{"content_ids":[52231],"conference_id":96,"event_ids":[52481],"name":"Carson Zimmerman","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51461},{"content_ids":[52231],"conference_id":96,"event_ids":[52481],"name":"Russ McRee","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51471}],"timeband_id":990,"links":[],"end":"2023-08-11T23:00:00.000-0000","id":52481,"begin_timestamp":{"seconds":1691791200,"nanoseconds":0},"tag_ids":[40282,45647,45743,45771],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51449},{"tag_id":45590,"sort_order":1,"person_id":51461},{"tag_id":45590,"sort_order":1,"person_id":51452},{"tag_id":45590,"sort_order":1,"person_id":51471}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45645,"name":"Flamingo - Sunset - Scenic - Blue Team Village - Main Stage","hotel":"","short_name":"BTV Main Stage","id":45969},"spans_timebands":"N","updated":"2023-08-05T14:19:00.000-0000","begin":"2023-08-11T22:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Quantum computing will change the world ... eventually. Until we achieve quantum advantage, we can see actual performance boosts from quantum-inspired approaches today. In this talk, we discuss tensor networks inspired by the world of quantum physics that run on classical hardware and digital annealers designed to act like quantum hardware. Get a sense of the types of use cases you can explore now, including examples of the performance edges you can expect today.\n\n\n","title":"Hacking Quantum Advantage for Classical Processes; Intro to Quantum-Inspired Use Cases","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"Quantum computing will change the world ... eventually. Until we achieve quantum advantage, we can see actual performance boosts from quantum-inspired approaches today. In this talk, we discuss tensor networks inspired by the world of quantum physics that run on classical hardware and digital annealers designed to act like quantum hardware. Get a sense of the types of use cases you can explore now, including examples of the performance edges you can expect today.","end_timestamp":{"seconds":1691794800,"nanoseconds":0},"updated_timestamp":{"seconds":1691108460,"nanoseconds":0},"speakers":[{"content_ids":[52180,52412],"conference_id":96,"event_ids":[52708,52428],"name":"Konstantinos Karagiannis","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51429}],"timeband_id":990,"links":[],"end":"2023-08-11T23:00:00.000-0000","id":52428,"tag_ids":[40291,45645,45649,45743],"village_id":null,"begin_timestamp":{"seconds":1691791200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51429}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Quantum Village","hotel":"","short_name":"Quantum Village","id":45741},"begin":"2023-08-11T22:00:00.000-0000","updated":"2023-08-04T00:21:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Join Steve Luczynski in a fireside chat with with David Pekoske, Administrator of the Transportation Security Administration.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"A Fireside Chat with the TSA Administrator","android_description":"Join Steve Luczynski in a fireside chat with with David Pekoske, Administrator of the Transportation Security Administration.","end_timestamp":{"seconds":1691794200,"nanoseconds":0},"updated_timestamp":{"seconds":1691101140,"nanoseconds":0},"speakers":[{"content_ids":[50640,52153],"conference_id":96,"event_ids":[50841,52383],"name":"David Pekoske","affiliations":[{"organization":"Transportation Security Administration (TSA)","title":"Administrator"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/TSA_Pekoske"}],"media":[],"id":49914,"title":"Administrator at Transportation Security Administration (TSA)"},{"content_ids":[52153],"conference_id":96,"event_ids":[52383],"name":"Steve Luczynski","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51420}],"timeband_id":990,"links":[],"end":"2023-08-11T22:50:00.000-0000","id":52383,"village_id":null,"tag_ids":[40280,45645,45646,45743],"begin_timestamp":{"seconds":1691791200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49914},{"tag_id":45590,"sort_order":1,"person_id":51420}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"updated":"2023-08-03T22:19:00.000-0000","begin":"2023-08-11T22:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"When radiation detectors are mentioned, one tends to think of the geiger counter. This type of detector happens to be just one method of radiation detection. This workshop will introduce gamma ray spectrography, which measures the energy absorbed by the individual gamma rays. This energy level can let us know what radioactive isotope generated the gamma and can aid in identifying the material being examined.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"title":"Radiation Detection For The Rest Of Us - Diy Radiation Spectroscopy","android_description":"When radiation detectors are mentioned, one tends to think of the geiger counter. This type of detector happens to be just one method of radiation detection. This workshop will introduce gamma ray spectrography, which measures the energy absorbed by the individual gamma rays. This energy level can let us know what radioactive isotope generated the gamma and can aid in identifying the material being examined.","end_timestamp":{"seconds":1691794200,"nanoseconds":0},"updated_timestamp":{"seconds":1691079660,"nanoseconds":0},"speakers":[{"content_ids":[52145],"conference_id":96,"event_ids":[52370],"name":"Patrick Kiley","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51392}],"timeband_id":990,"links":[],"end":"2023-08-11T22:50:00.000-0000","id":52370,"village_id":null,"begin_timestamp":{"seconds":1691791200,"nanoseconds":0},"tag_ids":[40287,45646,45719,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51392}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 311-312 - Hardware/Soldering Vlgs","hotel":"","short_name":"Alliance - 311-312 - Hardware/Soldering Vlgs","id":45868},"begin":"2023-08-11T22:00:00.000-0000","updated":"2023-08-03T16:21:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Put on your blue team hat and learn to detect and remediate compromises in your software delivery pipeline. Whether you have a beginner, intermediate, or advanced level, we have challenges catered for you! Using honeytokens, uncover ongoing application security attacks and map the attack surface. Gain hands-on experience prioritizing threats and enhancing your defensive skills. Receive feedback and recommendations for improvement. Plus, participants will receive a cool T-shirt! Take advantage of this exciting and educational opportunity.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"Hunt the Hacker - Detect compromises in your repositories!","android_description":"Put on your blue team hat and learn to detect and remediate compromises in your software delivery pipeline. Whether you have a beginner, intermediate, or advanced level, we have challenges catered for you! Using honeytokens, uncover ongoing application security attacks and map the attack surface. Gain hands-on experience prioritizing threats and enhancing your defensive skills. Receive feedback and recommendations for improvement. Plus, participants will receive a cool T-shirt! Take advantage of this exciting and educational opportunity.","end_timestamp":{"seconds":1691798400,"nanoseconds":0},"updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52105],"conference_id":96,"event_ids":[52330,52363,52364,52365],"name":"GitGuardian","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51342}],"timeband_id":990,"links":[],"end":"2023-08-12T00:00:00.000-0000","id":52363,"begin_timestamp":{"seconds":1691791200,"nanoseconds":0},"village_id":null,"tag_ids":[40297,45647,45743,45775],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51342}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 4","hotel":"","short_name":"AppSec Village - Pod 4","id":45965},"begin":"2023-08-11T22:00:00.000-0000","updated":"2023-08-03T15:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Detecting application behavior by monitoring library and system calls is a popular technique employed by AppSec tools. These tools can monitor and log activity, block API requests, and so on. In this workshop, you will learn some techniques to keep your activities hidden from these types of tools, using uncommon / unmonitored APIs, using unmonitored processes as confused deputies, and other approaches. You will learn how popular monitoring frameworks like eBPF work and how to circumvent their monitoring capabilities.\n\n\n","title":"How to Hide Behavior from Security Tools","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"android_description":"Detecting application behavior by monitoring library and system calls is a popular technique employed by AppSec tools. These tools can monitor and log activity, block API requests, and so on. In this workshop, you will learn some techniques to keep your activities hidden from these types of tools, using uncommon / unmonitored APIs, using unmonitored processes as confused deputies, and other approaches. You will learn how popular monitoring frameworks like eBPF work and how to circumvent their monitoring capabilities.","end_timestamp":{"seconds":1691798400,"nanoseconds":0},"updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52100],"conference_id":96,"event_ids":[52325],"name":"Mike Larkin","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51364}],"timeband_id":990,"links":[],"end":"2023-08-12T00:00:00.000-0000","id":52325,"village_id":null,"begin_timestamp":{"seconds":1691791200,"nanoseconds":0},"tag_ids":[40297,45647,45743,45775],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51364}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 2","hotel":"","short_name":"AppSec Village - Pod 2","id":45963},"spans_timebands":"N","updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-11T22:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"When using Open Source Packages, we tend to rely on strangers to deliver us code. There are many ways to determine the legitimacy of a package, whether it will be the number of stars of the package or the maintainer 's GitHub account credibility.\r\n\r\nUnfortunately all you can see can be easily spoofed.\n\n\n","title":"Faking GitHub Contributions","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691798400,"nanoseconds":0},"android_description":"When using Open Source Packages, we tend to rely on strangers to deliver us code. There are many ways to determine the legitimacy of a package, whether it will be the number of stars of the package or the maintainer 's GitHub account credibility.\r\n\r\nUnfortunately all you can see can be easily spoofed.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52098],"conference_id":96,"event_ids":[52324],"name":"Alik Koldobsky","affiliations":[],"pronouns":null,"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/alik-koldobsky/"}],"media":[],"id":51323},{"content_ids":[52098],"conference_id":96,"event_ids":[52324],"name":"Tal Folkman","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/tal-folkman/"}],"pronouns":null,"media":[],"id":51377}],"timeband_id":990,"links":[],"end":"2023-08-12T00:00:00.000-0000","id":52324,"tag_ids":[40297,45647,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691791200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51323},{"tag_id":45590,"sort_order":1,"person_id":51377}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Workshop","hotel":"","short_name":"AppSec Village - Workshop","id":45961},"spans_timebands":"N","begin":"2023-08-11T22:00:00.000-0000","updated":"2023-08-03T15:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"With our two open-source BurpSuite extensions FlowMate and the Cyber Security Transformation Chef (CSTC) we want to step up penetration testing of web applications to the next level. \r\nFlowMate is a plugin that helps to identify all data flows of a application by only analyzing requests to and responses from the target. In the background it creates a graph you can browse visually to identify data flows to test for injection vulnerabilities. \r\nThe CSTC like the swiss-army knive for pentesting. It enables you to define custom recipes that can be applied to outgoing or incoming requests. This gives you the possibility to alter HTTP messages in transit in various ways. The only limit here is your creativity.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"FlowMate and CSTC for Advanced Pentesting","android_description":"With our two open-source BurpSuite extensions FlowMate and the Cyber Security Transformation Chef (CSTC) we want to step up penetration testing of web applications to the next level. \r\nFlowMate is a plugin that helps to identify all data flows of a application by only analyzing requests to and responses from the target. In the background it creates a graph you can browse visually to identify data flows to test for injection vulnerabilities. \r\nThe CSTC like the swiss-army knive for pentesting. It enables you to define custom recipes that can be applied to outgoing or incoming requests. This gives you the possibility to alter HTTP messages in transit in various ways. The only limit here is your creativity.","end_timestamp":{"seconds":1691798400,"nanoseconds":0},"updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[51003,52094],"conference_id":96,"event_ids":[52320,51041],"name":"Florian Haag","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50182},{"content_ids":[52094],"conference_id":96,"event_ids":[52320],"name":"Matthias Göhring","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51363}],"timeband_id":990,"links":[],"end":"2023-08-12T00:00:00.000-0000","id":52320,"begin_timestamp":{"seconds":1691791200,"nanoseconds":0},"tag_ids":[40297,45647,45743,45775],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50182},{"tag_id":45590,"sort_order":1,"person_id":51363}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 3","hotel":"","short_name":"AppSec Village - Pod 3","id":45964},"updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-11T22:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Join us into this collaborative game of OWASP Cornucopia! Over the course of two hours we will create a Threat Model of an example target infrastructure using the OWASP Cornucopia game! Winner keeps the deck!\n\n\n","title":"Threat modelling fun session with OWASP Cornucopia","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691798400,"nanoseconds":0},"android_description":"Join us into this collaborative game of OWASP Cornucopia! Over the course of two hours we will create a Threat Model of an example target infrastructure using the OWASP Cornucopia game! Winner keeps the deck!","updated_timestamp":{"seconds":1691081700,"nanoseconds":0},"speakers":[{"content_ids":[52099,51000],"conference_id":96,"event_ids":[52706,51038,52304,52373],"name":"Spyros Gasteratos","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/spyr/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/0xfde"}],"pronouns":null,"media":[],"id":51376}],"timeband_id":990,"links":[],"end":"2023-08-12T00:00:00.000-0000","id":52304,"begin_timestamp":{"seconds":1691791200,"nanoseconds":0},"tag_ids":[40297,45647,45743,45775],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51376}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 1","hotel":"","short_name":"AppSec Village - Pod 1","id":45962},"spans_timebands":"N","begin":"2023-08-11T22:00:00.000-0000","updated":"2023-08-03T16:55:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Privacy of Web PKI Revocation","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691793900,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691025720,"nanoseconds":0},"speakers":[{"content_ids":[52026],"conference_id":96,"event_ids":[52242],"name":"Matthew McPherrin","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51262}],"timeband_id":990,"links":[],"end":"2023-08-11T22:45:00.000-0000","id":52242,"begin_timestamp":{"seconds":1691791200,"nanoseconds":0},"village_id":null,"tag_ids":[40308,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51262}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset - Vista - Crypto & Privacy Village","hotel":"","short_name":"Sunset - Vista - Crypto & Privacy Village","id":45702},"begin":"2023-08-11T22:00:00.000-0000","updated":"2023-08-03T01:22:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Cybersecurity is a new collar job where college and/or university is optional and there are alternate methods of getting the training and development for entry level roles such as workshops, bootcamps, online courses and a wealth of cybersecurity focused certifications and certificates. Career seekers from other fields can \r\n\r\nThis workshop is for individuals that are involved in or initiating cyber workforce development programs. It involves best practices and techniques for managing an effective and sustainable program.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Career Workshop: New Career Seekers In Cybersecurity","android_description":"Cybersecurity is a new collar job where college and/or university is optional and there are alternate methods of getting the training and development for entry level roles such as workshops, bootcamps, online courses and a wealth of cybersecurity focused certifications and certificates. Career seekers from other fields can \r\n\r\nThis workshop is for individuals that are involved in or initiating cyber workforce development programs. It involves best practices and techniques for managing an effective and sustainable program.","end_timestamp":{"seconds":1691794200,"nanoseconds":0},"updated_timestamp":{"seconds":1690937700,"nanoseconds":0},"speakers":[{"content_ids":[52005],"conference_id":96,"event_ids":[52200],"name":"Keith Chapman","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51211}],"timeband_id":990,"links":[],"end":"2023-08-11T22:50:00.000-0000","id":52200,"village_id":null,"tag_ids":[40281,45645,45646,45743],"begin_timestamp":{"seconds":1691791200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51211}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 301-304 - Blacks in Cyber Village","hotel":"","short_name":"Alliance - 301-304 - Blacks in Cyber Village","id":45865},"begin":"2023-08-11T22:00:00.000-0000","updated":"2023-08-02T00:55:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"A movement is building among law enforcement around the world to connect with young people who are on the path to cybercrime and help them redirect their skills to more constructive, lawful ends. While conventional law enforcement is concerned with prosecutions, prevention strategies seek to engage with (future) offenders and divert them away from committing cybercrime in the first place (or to desist from doing so once they have started). A number of tactics have been explored for blocking pathways into cybercrime. These include TV advertisements to encourage parents to take note of what their children might doing online, warnings when youths are crossing into cybercriminal activities, workshops with mentor figures who can demonstrate more productive (and legal) uses of hacking skills, and connections to employers who can potentially offer pathways towards legitimate employment in cybersecurity or the technology sector more broadly. This panel offers a diverse range of perspectives on cybercrime prevention: a pioneer of prevention efforts in the United Kingdom and the Netherlands; an American attorney involved in high profile computer crime defense cases; a US law enforcement agent; and a well-known former hacker. The panel is moderated by an academic expert on cybercrime. Come learn about ongoing prevention efforts and how you might be able to help as a policymaker, potential mentor, or general supporter.\n\n\n","title":"Blocking Pathways into Cybercrime: Current Efforts and Future Opportunities","type":{"conference_id":96,"conference":"DEFCON31","color":"#d653b1","updated_at":"2024-06-07T03:38+0000","name":"Village Panel","id":45771},"android_description":"A movement is building among law enforcement around the world to connect with young people who are on the path to cybercrime and help them redirect their skills to more constructive, lawful ends. While conventional law enforcement is concerned with prosecutions, prevention strategies seek to engage with (future) offenders and divert them away from committing cybercrime in the first place (or to desist from doing so once they have started). A number of tactics have been explored for blocking pathways into cybercrime. These include TV advertisements to encourage parents to take note of what their children might doing online, warnings when youths are crossing into cybercriminal activities, workshops with mentor figures who can demonstrate more productive (and legal) uses of hacking skills, and connections to employers who can potentially offer pathways towards legitimate employment in cybersecurity or the technology sector more broadly. This panel offers a diverse range of perspectives on cybercrime prevention: a pioneer of prevention efforts in the United Kingdom and the Netherlands; an American attorney involved in high profile computer crime defense cases; a US law enforcement agent; and a well-known former hacker. The panel is moderated by an academic expert on cybercrime. Come learn about ongoing prevention efforts and how you might be able to help as a policymaker, potential mentor, or general supporter.","end_timestamp":{"seconds":1691794200,"nanoseconds":0},"updated_timestamp":{"seconds":1690431300,"nanoseconds":0},"speakers":[{"content_ids":[51516],"conference_id":96,"event_ids":[51672],"name":"Greg Francis","affiliations":[{"organization":"MD 4D Cyber Security","title":"Cybercrime Prevention Consultant"}],"links":[],"pronouns":null,"media":[],"id":50603,"title":"Cybercrime Prevention Consultant at MD 4D Cyber Security"},{"content_ids":[51516],"conference_id":96,"event_ids":[51672],"name":"Jonathan Lusthaus","affiliations":[{"organization":"Department of Sociology, University of Oxford","title":"Senior Research Fellow and Director of the Human Cybercriminal Project"}],"links":[],"pronouns":null,"media":[],"id":50612,"title":"Senior Research Fellow and Director of the Human Cybercriminal Project at Department of Sociology, University of Oxford"},{"content_ids":[51516],"conference_id":96,"event_ids":[51672],"name":"Marcia Hofmann","affiliations":[{"organization":"Zeitgeist Law","title":"Founder"}],"links":[],"pronouns":null,"media":[],"id":50620,"title":"Founder at Zeitgeist Law"},{"content_ids":[51516],"conference_id":96,"event_ids":[51672],"name":"Marcus Hutchins","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50621},{"content_ids":[51516],"conference_id":96,"event_ids":[51672],"name":"Will McKeen","affiliations":[{"organization":"FBI","title":"Special Agent"}],"links":[],"pronouns":null,"media":[],"id":50641,"title":"Special Agent at FBI"}],"timeband_id":990,"end":"2023-08-11T22:50:00.000-0000","links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"id":51672,"begin_timestamp":{"seconds":1691791200,"nanoseconds":0},"tag_ids":[40310,45646,45743,45771,45836],"village_id":null,"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":50603},{"tag_id":45632,"sort_order":1,"person_id":50612},{"tag_id":45632,"sort_order":1,"person_id":50620},{"tag_id":45632,"sort_order":1,"person_id":50621},{"tag_id":45632,"sort_order":1,"person_id":50641}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 218-219 - Policy Rotunda","hotel":"","short_name":"Summit - 218-219 - Policy Rotunda","id":45824},"spans_timebands":"N","begin":"2023-08-11T22:00:00.000-0000","updated":"2023-07-27T04:15:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Software is the lifeblood of the digital world, but as software embeds itself ever further into our societies and economies, the threat of software attacks grows with it. In our ever-more connected world, Governments are realizing that more must be done to protect businesses, organizations and individuals from these cyber threats. Governments are exploring a range of options to foster software security practices, including convening experts, international organizations and standards, using the power of government purchasing, and even potential regulation. However, the software ecosystem and the risks are rapidly evolving, and require insights into the dynamics of attack and defense from the security and developer communities.\r\n\r\nThis panel will bring together representatives from governments around the world which are trying to address this challenge. Software risks are global risks, and this will be a unique opportunity to hear how different governments are approaching the issue of software resilience, and discuss how policymakers and the hacker community can to work together to overcome these collective challenges.\n\n\n","title":"A global approach to tackling software resilience","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d653b1","name":"Village Panel","id":45771},"end_timestamp":{"seconds":1691797800,"nanoseconds":0},"android_description":"Software is the lifeblood of the digital world, but as software embeds itself ever further into our societies and economies, the threat of software attacks grows with it. In our ever-more connected world, Governments are realizing that more must be done to protect businesses, organizations and individuals from these cyber threats. Governments are exploring a range of options to foster software security practices, including convening experts, international organizations and standards, using the power of government purchasing, and even potential regulation. However, the software ecosystem and the risks are rapidly evolving, and require insights into the dynamics of attack and defense from the security and developer communities.\r\n\r\nThis panel will bring together representatives from governments around the world which are trying to address this challenge. Software risks are global risks, and this will be a unique opportunity to hear how different governments are approaching the issue of software resilience, and discuss how policymakers and the hacker community can to work together to overcome these collective challenges.","updated_timestamp":{"seconds":1690824720,"nanoseconds":0},"speakers":[{"content_ids":[51502],"conference_id":96,"event_ids":[51658],"name":"Allan Friedman","affiliations":[{"organization":"Cybersecurity and Infrastructure Security Agency (CISA)","title":"Senior Advisor and Strategist"}],"links":[],"pronouns":null,"media":[],"id":50571,"title":"Senior Advisor and Strategist at Cybersecurity and Infrastructure Security Agency (CISA)"},{"content_ids":[51502,51506],"conference_id":96,"event_ids":[51658,51662],"name":"Camille Stewart Gloster","affiliations":[{"organization":"Technology and Ecosystem Security Division, Office of the National Cyber Director","title":"Deputy National Cyber Director"}],"links":[],"pronouns":null,"media":[],"id":50585,"title":"Deputy National Cyber Director at Technology and Ecosystem Security Division, Office of the National Cyber Director"},{"content_ids":[51502,51510,51523],"conference_id":96,"event_ids":[51658,51666,51679],"name":"Charlie Gladstone","affiliations":[{"organization":"UK Department for Science, Innovation, and Technology","title":""}],"links":[],"pronouns":null,"media":[],"id":50588,"title":"UK Department for Science, Innovation, and Technology"},{"content_ids":[51515,51510,51502,52243],"conference_id":96,"event_ids":[52498,51658,51666,51671],"name":"David Rogers","affiliations":[{"organization":"Copper Horse","title":"CEO"}],"links":[],"pronouns":null,"media":[],"id":50598,"title":"CEO at Copper Horse"}],"timeband_id":990,"end":"2023-08-11T23:50:00.000-0000","links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"id":51658,"village_id":null,"begin_timestamp":{"seconds":1691791200,"nanoseconds":0},"tag_ids":[40310,45646,45743,45771,45836],"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":50571},{"tag_id":45632,"sort_order":1,"person_id":50585},{"tag_id":45632,"sort_order":1,"person_id":50588},{"tag_id":45632,"sort_order":1,"person_id":50598}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 221-222 - Policy Atrium","hotel":"","short_name":"Summit - 221-222 - Policy Atrium","id":45878},"spans_timebands":"N","updated":"2023-07-31T17:32:00.000-0000","begin":"2023-08-11T22:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Wired for Safety: Prioritizing Safety in Deadly Systems","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691793000,"nanoseconds":0},"updated_timestamp":{"seconds":1690422780,"nanoseconds":0},"speakers":[{"content_ids":[51479],"conference_id":96,"event_ids":[51635],"name":"Jace Powell","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50552}],"timeband_id":990,"links":[],"end":"2023-08-11T22:30:00.000-0000","id":51635,"begin_timestamp":{"seconds":1691791200,"nanoseconds":0},"tag_ids":[40306,45645,45646,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50552}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 313-319 - ICS Village","hotel":"","short_name":"Alliance - 313-319 - ICS Village","id":45869},"begin":"2023-08-11T22:00:00.000-0000","updated":"2023-07-27T01:53:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"“Securing Critical Versions of Your Reality” sponsored by BadVR and in collaboration with the ICS Village, focusing on how XR is working for Critical Infrastructure owners and operators. Featuring CEO of BadVR, Suzanne Borders, XR Village Founder, Keenan Skelly, and Bryson Bort, Founder of SCYTHE and GRIMM, co-Founder of ICS Village.\n\n\n","title":"Securing Critical Versions of your Reality","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"“Securing Critical Versions of Your Reality” sponsored by BadVR and in collaboration with the ICS Village, focusing on how XR is working for Critical Infrastructure owners and operators. Featuring CEO of BadVR, Suzanne Borders, XR Village Founder, Keenan Skelly, and Bryson Bort, Founder of SCYTHE and GRIMM, co-Founder of ICS Village.","end_timestamp":{"seconds":1691794800,"nanoseconds":0},"updated_timestamp":{"seconds":1691356860,"nanoseconds":0},"speakers":[{"content_ids":[51463],"conference_id":96,"event_ids":[51619],"name":"Keenan Skelly","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter (@KeenanSkelly)","sort_order":0,"url":"https://twitter.com/@KeenanSkelly"}],"media":[],"id":50527},{"content_ids":[51463],"conference_id":96,"event_ids":[51619],"name":"Suzanne Borders","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter (@SuzanneBorders)","sort_order":0,"url":"https://twitter.com/@SuzanneBorders"},{"description":"","title":"Website","sort_order":0,"url":"https://badvr.com/"}],"media":[],"id":50536},{"content_ids":[51463],"conference_id":96,"event_ids":[51619],"name":"Bryson Bort","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/brysonbort"}],"pronouns":null,"media":[],"id":51521}],"timeband_id":990,"links":[],"end":"2023-08-11T23:00:00.000-0000","id":51619,"tag_ids":[40311,45645,45646,45743],"begin_timestamp":{"seconds":1691791200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51521},{"tag_id":45590,"sort_order":1,"person_id":50527},{"tag_id":45590,"sort_order":1,"person_id":50536}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 232-233 - Shared Stage","hotel":"","short_name":"Summit - 232-233 - Shared Stage","id":45900},"begin":"2023-08-11T22:00:00.000-0000","updated":"2023-08-06T21:21:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2ec300","name":"Vendor Event","id":45769},"title":"No Starch Press - Book Signing - Nick Aleks & Dolev Farhi, Black Hat GraphQL","android_description":"","end_timestamp":{"seconds":1691794800,"nanoseconds":0},"updated_timestamp":{"seconds":1690416180,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-11T23:00:00.000-0000","id":51607,"village_id":null,"tag_ids":[45646,45743,45769,45770],"begin_timestamp":{"seconds":1691791200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 305-306 - Vendors","hotel":"","short_name":"Alliance - 305-306 - Vendors","id":45866},"spans_timebands":"N","updated":"2023-07-27T00:03:00.000-0000","begin":"2023-08-11T22:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Welcome to our Red Team workshop where we will be discussing the hottest Tactics, Techniques, and Procedures (TTPs) used by Red Teams today. As cyber threats become more sophisticated, it is essential for Red Teams to stay up-to-date with the latest TTPs to ensure their organizations are well-prepared and protected against potential attacks. In this workshop, we will explore the latest TTPs used by Red Teams, including social engineering, post-exploitation, and other malicious techniques that are currently being employed in “advanced” attacks. By the end of this workshop, you will have a better understanding of the latest TTPs, how to use them, and be better equipped to defend against them. Let's get started!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"Red Hot (Red Team TTPs)","android_description":"Welcome to our Red Team workshop where we will be discussing the hottest Tactics, Techniques, and Procedures (TTPs) used by Red Teams today. As cyber threats become more sophisticated, it is essential for Red Teams to stay up-to-date with the latest TTPs to ensure their organizations are well-prepared and protected against potential attacks. In this workshop, we will explore the latest TTPs used by Red Teams, including social engineering, post-exploitation, and other malicious techniques that are currently being employed in “advanced” attacks. By the end of this workshop, you will have a better understanding of the latest TTPs, how to use them, and be better equipped to defend against them. Let's get started!","end_timestamp":{"seconds":1691794800,"nanoseconds":0},"updated_timestamp":{"seconds":1689358200,"nanoseconds":0},"speakers":[{"content_ids":[51076],"conference_id":96,"event_ids":[51108,51153,51154,51155,51156],"name":"Ralph May","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ralphte1"}],"media":[],"id":50279},{"content_ids":[51076],"conference_id":96,"event_ids":[51108,51153,51154,51155,51156],"name":"Steve Borosh","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/424f424f"}],"pronouns":null,"media":[],"id":50284}],"timeband_id":990,"links":[],"end":"2023-08-11T23:00:00.000-0000","id":51153,"tag_ids":[40294,45647,45719],"village_id":60,"begin_timestamp":{"seconds":1691791200,"nanoseconds":0},"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50279},{"tag_id":45633,"sort_order":1,"person_id":50284}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 2","hotel":"","short_name":"Area 2","id":45826},"begin":"2023-08-11T22:00:00.000-0000","updated":"2023-07-14T18:10:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This workshop is intended for cybersecurity professionals, system administrators, software developers, and anyone interested in learning about the art of hacking web applications and API security. It is an immersive, hands-on experience that provides comprehensive knowledge about different web application and API vulnerabilities, and, most importantly, effective hacking methodologies.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"Hacking Web Apps and APIs with WebSploit Labs","end_timestamp":{"seconds":1691794800,"nanoseconds":0},"android_description":"This workshop is intended for cybersecurity professionals, system administrators, software developers, and anyone interested in learning about the art of hacking web applications and API security. It is an immersive, hands-on experience that provides comprehensive knowledge about different web application and API vulnerabilities, and, most importantly, effective hacking methodologies.","updated_timestamp":{"seconds":1689358260,"nanoseconds":0},"speakers":[{"content_ids":[51078,51080],"conference_id":96,"event_ids":[51110,51129,51112,51132,51133,51134,51135],"name":"Omar Santos","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/santosomar"}],"pronouns":null,"media":[],"id":50276}],"timeband_id":990,"links":[],"end":"2023-08-11T23:00:00.000-0000","id":51132,"begin_timestamp":{"seconds":1691791200,"nanoseconds":0},"tag_ids":[40294,45647,45719],"village_id":60,"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50276}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 1","hotel":"","short_name":"Area 1","id":45825},"begin":"2023-08-11T22:00:00.000-0000","updated":"2023-07-14T18:11:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"SSH tunneling is a valuable component of the red teamer's toolkit when used correctly - but that's the hard part. Demystifying reverse port forwards, local port forwards, and dynamic port forwards can be a challenge for any operator. This talk will begin with the basics of SSH tunneling and then focus on ways to utilize them to create reverse proxies and evade network monitoring during an engagement. It aims to provide clarity on the use of these different port forwards and provide examples on how to use them in an offensive security scenario.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"SSH Tunneling: Evading Network Detection and Creating Proxies","end_timestamp":{"seconds":1691794800,"nanoseconds":0},"android_description":"SSH tunneling is a valuable component of the red teamer's toolkit when used correctly - but that's the hard part. Demystifying reverse port forwards, local port forwards, and dynamic port forwards can be a challenge for any operator. This talk will begin with the basics of SSH tunneling and then focus on ways to utilize them to create reverse proxies and evade network monitoring during an engagement. It aims to provide clarity on the use of these different port forwards and provide examples on how to use them in an offensive security scenario.","updated_timestamp":{"seconds":1689358380,"nanoseconds":0},"speakers":[{"content_ids":[51086,51096],"conference_id":96,"event_ids":[51117,51127,51160],"name":"Cory Wolff","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/cwolff411"}],"pronouns":null,"media":[],"id":50260}],"timeband_id":990,"links":[],"end":"2023-08-11T23:00:00.000-0000","id":51117,"begin_timestamp":{"seconds":1691791200,"nanoseconds":0},"tag_ids":[40294,45647,45719],"village_id":60,"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50260}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 5","hotel":"","short_name":"Area 5","id":45829},"spans_timebands":"N","begin":"2023-08-11T22:00:00.000-0000","updated":"2023-07-14T18:13:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Nearly 1,800 weather balloons are launched across the world on any given day. As the balloon goes up it expands and pops at an altitude up to 33 Km (110K feet) above the earth.The flight payload is called a radiosonde. It measures pressure, temperature, relative humidity, position, and velocity during its flight, and transmits the data to a sounding receiver. One or two missing weather balloons won't impact the daily forecast. However, many missing balloons could lead to errors in weather models and forecasts. Weather balloons are also important for gathering weather data for satellite launches and human spaceflights, as launches are often delayed or scrubbed due to upper-level wind shear.\r\n\r\nIn this talk, I present a simulation framework for the most popular radiosonde model. It enables an attacker to generate radiosonde messages or alter logged messages for retransmission. I also present simulations of a jamming attack and a spoofing attack on a sounding receiver:\r\n\r\nDuring a jamming attack, the receiver is unable to receive transmissions from active radiosondes.\r\n\r\nDuring a spoofing attack, the transmitter sends fake radiosonde messages to a target receiver, identifying as an active radiosonde.\r\n\r\nI'll talk about the shortcomings of the military variant of the radiosonde model and suggest a simple way to cope with spoofing attacks.\r\n\r\nREFERENCES:\r\nVredenbregt L., \"How many weather balloons are out there? Hundreds, it turns out\", https://abcnews.go.com/Politics/weather-balloons-hundreds-turns/story?id=97082985, Feb 13, 2023.\r\nDudley I., \"Weather balloons and rocket science\", https://www.vandenberg.spaceforce.mil/News/Features/Display/Article/737270/weather-balloons-and-rocket-science/\r\nbazjo, \"RS41 Decoding\", https://github.com/bazjo/RS41_Decoding\r\nrs1729, \"RS\", https://github.com/rs1729/RS\r\nprojecthorus, \"radiosonde_auto_rx\", https://github.com/projecthorus/radiosonde_auto_rx\r\nsondehub, https://github.com/projecthorus/radiosonde_auto_rx\r\n\"Upper-air Observations Program\", https://www.weather.gov/upperair/\r\nMass C., \"Wind Shear: When the Atmospheric Seems to be Tearing Itself Apart\", https://cliffmass.blogspot.com/2017/05/wind-shear-when-atmospheric-seems-to-be.html\r\nJessop M., \"Top Radiosonde types\", https://twitter.com/vk5qi/status/1170215238978830339\r\nLada B., \"3 weather obstacles that SpaceX faces when launching rockets into space\", https://www.accuweather.com/en/space-news/types-of-weather-that-can-delay-a-spacex-rocket-launch/352407\r\nNasa, \"Falcon 9 Crew Dragon Launch Weather Criteria\", FS-2020-05-568-KSC, www.nasa.gov\r\nFrielingsdorf J., \"An Open-Source Documentation and Implementation of the Vaisala RS41 Data Preparation Algorithms\", WMO Technical Conference on Meteorological and Environmental Instruments and Methods of Observation, Oct. 11, 2022\r\nCadence PCB Solutions, \"What is Signal to Noise Ratio and How to calculate it?\", https://resources.pcb.cadence.com/blog/2020-what-is-signal-to-noise-ratio-and-how-to-calculate-it\r\nVaisala, \"Vaisala Radiosonde RS41-SGP Data Sheet\", www.vaisala.com, B211444EN-E, 2017\r\nVaisala, \"Vaisala Radiosonde RS41-SG Data Sheet\", www.vaisala.com, B211321EN-K, 2020\r\nVaisala, \"Vaisala Radiosonde RS41-SGM Data Sheet\", www.vaisala.com, B211448EN-E, 2017\n\n\n","title":"CON trolling the weather","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#47c64e","name":"DEF CON War Story","id":45844},"end_timestamp":{"seconds":1691793900,"nanoseconds":0},"android_description":"Nearly 1,800 weather balloons are launched across the world on any given day. As the balloon goes up it expands and pops at an altitude up to 33 Km (110K feet) above the earth.The flight payload is called a radiosonde. It measures pressure, temperature, relative humidity, position, and velocity during its flight, and transmits the data to a sounding receiver. One or two missing weather balloons won't impact the daily forecast. However, many missing balloons could lead to errors in weather models and forecasts. Weather balloons are also important for gathering weather data for satellite launches and human spaceflights, as launches are often delayed or scrubbed due to upper-level wind shear.\r\n\r\nIn this talk, I present a simulation framework for the most popular radiosonde model. It enables an attacker to generate radiosonde messages or alter logged messages for retransmission. I also present simulations of a jamming attack and a spoofing attack on a sounding receiver:\r\n\r\nDuring a jamming attack, the receiver is unable to receive transmissions from active radiosondes.\r\n\r\nDuring a spoofing attack, the transmitter sends fake radiosonde messages to a target receiver, identifying as an active radiosonde.\r\n\r\nI'll talk about the shortcomings of the military variant of the radiosonde model and suggest a simple way to cope with spoofing attacks.\r\n\r\nREFERENCES:\r\nVredenbregt L., \"How many weather balloons are out there? Hundreds, it turns out\", https://abcnews.go.com/Politics/weather-balloons-hundreds-turns/story?id=97082985, Feb 13, 2023.\r\nDudley I., \"Weather balloons and rocket science\", https://www.vandenberg.spaceforce.mil/News/Features/Display/Article/737270/weather-balloons-and-rocket-science/\r\nbazjo, \"RS41 Decoding\", https://github.com/bazjo/RS41_Decoding\r\nrs1729, \"RS\", https://github.com/rs1729/RS\r\nprojecthorus, \"radiosonde_auto_rx\", https://github.com/projecthorus/radiosonde_auto_rx\r\nsondehub, https://github.com/projecthorus/radiosonde_auto_rx\r\n\"Upper-air Observations Program\", https://www.weather.gov/upperair/\r\nMass C., \"Wind Shear: When the Atmospheric Seems to be Tearing Itself Apart\", https://cliffmass.blogspot.com/2017/05/wind-shear-when-atmospheric-seems-to-be.html\r\nJessop M., \"Top Radiosonde types\", https://twitter.com/vk5qi/status/1170215238978830339\r\nLada B., \"3 weather obstacles that SpaceX faces when launching rockets into space\", https://www.accuweather.com/en/space-news/types-of-weather-that-can-delay-a-spacex-rocket-launch/352407\r\nNasa, \"Falcon 9 Crew Dragon Launch Weather Criteria\", FS-2020-05-568-KSC, www.nasa.gov\r\nFrielingsdorf J., \"An Open-Source Documentation and Implementation of the Vaisala RS41 Data Preparation Algorithms\", WMO Technical Conference on Meteorological and Environmental Instruments and Methods of Observation, Oct. 11, 2022\r\nCadence PCB Solutions, \"What is Signal to Noise Ratio and How to calculate it?\", https://resources.pcb.cadence.com/blog/2020-what-is-signal-to-noise-ratio-and-how-to-calculate-it\r\nVaisala, \"Vaisala Radiosonde RS41-SGP Data Sheet\", www.vaisala.com, B211444EN-E, 2017\r\nVaisala, \"Vaisala Radiosonde RS41-SG Data Sheet\", www.vaisala.com, B211321EN-K, 2020\r\nVaisala, \"Vaisala Radiosonde RS41-SGM Data Sheet\", www.vaisala.com, B211448EN-E, 2017","updated_timestamp":{"seconds":1687136040,"nanoseconds":0},"speakers":[{"content_ids":[50546,52156],"conference_id":96,"event_ids":[50853,52386],"name":"Paz Hameiri","affiliations":[{"organization":"","title":"Hacker"}],"links":[{"description":"","title":"","sort_order":0,"url":"https://il.linkedin.com/in/paz-hameiri-251b11143"}],"pronouns":"he/him","media":[],"id":49755,"title":"Hacker"}],"timeband_id":990,"end":"2023-08-11T22:45:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245715"}],"id":50853,"tag_ids":[45630,45648,45844],"village_id":null,"begin_timestamp":{"seconds":1691791200,"nanoseconds":0},"includes":"Tool 🛠","people":[{"tag_id":45590,"sort_order":1,"person_id":49755}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45666,"name":"Harrah's - Nevada Ballroom - Lake Tahoe & Reno - War Stories - On the Record","hotel":"","short_name":"War Stories - On the Record","id":45801},"updated":"2023-06-19T00:54:00.000-0000","begin":"2023-08-11T22:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Despite the best efforts of the election security community, things seem to go wrong in elections. Different software versions are blamed for the irregularities observed in Antrim country in 2021. An unreasonably slow update process of the online voter register in Estonia let to 63 voters casting incorrect electronic ballots that needed to be removed by court order from the digital ballot box. A slow voting machine repair process left thousands of voters waiting to cast their vote in the Philippines in 2022. The recently unsealed Halderman and Springall’s Security Analysis of Georgia’s ImageCast X Ballot Marking Devices shows vulnerabilities in hardware, software, and operations. In Professor Schürmann’s presentation, he provides a different look at these failures through the lens of trust assumptions that help quantify interactions between election technologies and people. Being precise about trust assumptions helps us identify and fix vulnerabilities at design stage rather than on or after election day.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Understand Your Trust Assumptions!","android_description":"Despite the best efforts of the election security community, things seem to go wrong in elections. Different software versions are blamed for the irregularities observed in Antrim country in 2021. An unreasonably slow update process of the online voter register in Estonia let to 63 voters casting incorrect electronic ballots that needed to be removed by court order from the digital ballot box. A slow voting machine repair process left thousands of voters waiting to cast their vote in the Philippines in 2022. The recently unsealed Halderman and Springall’s Security Analysis of Georgia’s ImageCast X Ballot Marking Devices shows vulnerabilities in hardware, software, and operations. In Professor Schürmann’s presentation, he provides a different look at these failures through the lens of trust assumptions that help quantify interactions between election technologies and people. Being precise about trust assumptions helps us identify and fix vulnerabilities at design stage rather than on or after election day.","end_timestamp":{"seconds":1691792400,"nanoseconds":0},"updated_timestamp":{"seconds":1691435280,"nanoseconds":0},"speakers":[{"content_ids":[52321],"conference_id":96,"event_ids":[52605],"name":"Carsten Schürmann","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/carsten-sch%C3%BCrmann-17a505 "},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/CESchuermann"},{"description":"","title":"Website","sort_order":0,"url":"https://pure.itu.dk/da/"}],"media":[],"id":51532}],"timeband_id":990,"links":[],"end":"2023-08-11T22:20:00.000-0000","id":52605,"tag_ids":[40298,45645,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691790600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51532}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"updated":"2023-08-07T19:08:00.000-0000","begin":"2023-08-11T21:50:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"If we want to address the many challenges facing this world, we’ll need to tackle them from many different angles—not just using traditional means. For example, can the brainpower of video game playing citizen scientists tackle critical problems in computational biology? Yes! Players of the worldwide online protein-folding video game Foldit—most of whom with little or no prior biochemistry experience—have uncovered knowledge that eluded scientists for years, contributing to several scientific discoveries through gameplay. Rather than solving problems with a purely computational approach, combining humans and computers can provide a means for solving problems neither could solve alone. You will be given an opportunity to learn and train your Foldit skills before the conference, where a special Biohacking Village Foldit Competition will take place!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"FoldIt","end_timestamp":{"seconds":1691794800,"nanoseconds":0},"android_description":"If we want to address the many challenges facing this world, we’ll need to tackle them from many different angles—not just using traditional means. For example, can the brainpower of video game playing citizen scientists tackle critical problems in computational biology? Yes! Players of the worldwide online protein-folding video game Foldit—most of whom with little or no prior biochemistry experience—have uncovered knowledge that eluded scientists for years, contributing to several scientific discoveries through gameplay. Rather than solving problems with a purely computational approach, combining humans and computers can provide a means for solving problems neither could solve alone. You will be given an opportunity to learn and train your Foldit skills before the conference, where a special Biohacking Village Foldit Competition will take place!","updated_timestamp":{"seconds":1689115740,"nanoseconds":0},"speakers":[{"content_ids":[51042],"conference_id":96,"event_ids":[51074],"name":"Firas D Khatib, PhD","affiliations":[{"organization":"University of Massachusetts Dartmouth","title":"Associate Professor"}],"links":[],"pronouns":null,"media":[],"id":50226,"title":"Associate Professor at University of Massachusetts Dartmouth"}],"timeband_id":990,"links":[],"end":"2023-08-11T23:00:00.000-0000","id":51074,"village_id":68,"begin_timestamp":{"seconds":1691790000,"nanoseconds":0},"tag_ids":[45645,45647,45717],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50226}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Laughlin I,II,III - Biohacking Village","hotel":"","short_name":"Laughlin I,II,III - Biohacking Village","id":45663},"spans_timebands":"N","begin":"2023-08-11T21:40:00.000-0000","updated":"2023-07-11T22:49:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The workshop will focus on research done on Terraform implementations and ways a malicious user could abuse them. During the workshop attendees will learn how Terraform works, how common Terraform security controls are applied, and multiple ways to bypass them and gain further access to environments.\r\n\r\nTerraform is a powerful infrastructure as code tool, but it is also a potential security gap when not properly configured. Built into Terraform, there are numerous ways an attacker with developer-level access could abuse it to gain a larger foothold or harvest data.\r\n\r\nDuring the workshop, attendees will be led through various exercises using GitHub Actions, Terraform Cloud, and AWS. The workshop aims to teach attendees how Terraform works, various methods that can be potentially abused, and some controls to prevent them.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"title":"Infrastructure as Remote Code Execution","android_description":"The workshop will focus on research done on Terraform implementations and ways a malicious user could abuse them. During the workshop attendees will learn how Terraform works, how common Terraform security controls are applied, and multiple ways to bypass them and gain further access to environments.\r\n\r\nTerraform is a powerful infrastructure as code tool, but it is also a potential security gap when not properly configured. Built into Terraform, there are numerous ways an attacker with developer-level access could abuse it to gain a larger foothold or harvest data.\r\n\r\nDuring the workshop, attendees will be led through various exercises using GitHub Actions, Terraform Cloud, and AWS. The workshop aims to teach attendees how Terraform works, various methods that can be potentially abused, and some controls to prevent them.","end_timestamp":{"seconds":1691796600,"nanoseconds":0},"updated_timestamp":{"seconds":1690921500,"nanoseconds":0},"speakers":[{"content_ids":[51990],"conference_id":96,"event_ids":[52184],"name":"Michael McCabe","affiliations":[{"organization":"Cloud Security Partners","title":"Founder"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/mccabe615"}],"pronouns":null,"media":[],"id":51197,"title":"Founder at Cloud Security Partners"}],"timeband_id":990,"links":[],"end":"2023-08-11T23:30:00.000-0000","id":52184,"tag_ids":[40284,45647,45719,45743],"village_id":null,"begin_timestamp":{"seconds":1691789700,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51197}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Mesquite - Cloud Village","hotel":"","short_name":"Mesquite - Cloud Village","id":45653},"spans_timebands":"N","updated":"2023-08-01T20:25:00.000-0000","begin":"2023-08-11T21:35:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"DARPA’s AI Cyber Challenge program manager, Perri Adams, is joined by collaborators from Anthropic, Google, Google DeepMind, OpenAI and the Open Source Security Foundation to share insights about the upcoming competition and discuss the software security challenges facing the commercial sector and open-source community.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"title":"DARPA Announces an AI Cyber Initiative, Live at DC 32 and DC 33","android_description":"DARPA’s AI Cyber Challenge program manager, Perri Adams, is joined by collaborators from Anthropic, Google, Google DeepMind, OpenAI and the Open Source Security Foundation to share insights about the upcoming competition and discuss the software security challenges facing the commercial sector and open-source community.","end_timestamp":{"seconds":1691790600,"nanoseconds":0},"updated_timestamp":{"seconds":1691701680,"nanoseconds":0},"speakers":[{"content_ids":[52401],"conference_id":96,"event_ids":[52695],"name":"Perri Adams","affiliations":[{"organization":"DARPA","title":"AIxCC Program Manager"}],"links":[],"pronouns":null,"media":[],"id":51614,"title":"AIxCC Program Manager at DARPA"},{"content_ids":[52401],"conference_id":96,"event_ids":[52695],"name":"Michael Sellitto","affiliations":[{"organization":"Anthropic","title":"Head of Geopolitics and Security Policy"}],"links":[],"pronouns":null,"media":[],"id":51615,"title":"Head of Geopolitics and Security Policy at Anthropic"},{"content_ids":[52401],"conference_id":96,"event_ids":[52695],"name":"Heather Adkins","affiliations":[{"organization":"Google","title":"Vice President of Security Engineering"}],"links":[],"pronouns":null,"media":[],"id":51616,"title":"Vice President of Security Engineering at Google"},{"content_ids":[52401],"conference_id":96,"event_ids":[52695],"name":"Vijay Bolina","affiliations":[{"organization":"Google DeepMind","title":"Chief Information Security Officer & Head of Cybersecurity Research"}],"links":[],"pronouns":null,"media":[],"id":51617,"title":"Chief Information Security Officer & Head of Cybersecurity Research at Google DeepMind"},{"content_ids":[52401],"conference_id":96,"event_ids":[52695],"name":"Dave Weston","affiliations":[{"organization":"Microsoft","title":"Vice President of Enterprise and OS Security"}],"links":[],"pronouns":null,"media":[],"id":51618,"title":"Vice President of Enterprise and OS Security at Microsoft"},{"content_ids":[52401],"conference_id":96,"event_ids":[52695],"name":"Matthew Knight","affiliations":[{"organization":"OpenAI","title":"Head of Security"}],"links":[],"pronouns":null,"media":[],"id":51619,"title":"Head of Security at OpenAI"},{"content_ids":[52401],"conference_id":96,"event_ids":[52695],"name":"Omkhar Arasaratnam","affiliations":[{"organization":"Open Source Security Foundation (OpenSSF)","title":"General Manager"}],"links":[],"pronouns":null,"media":[],"id":51620,"title":"General Manager at Open Source Security Foundation (OpenSSF)"}],"timeband_id":990,"links":[],"end":"2023-08-11T21:50:00.000-0000","id":52695,"begin_timestamp":{"seconds":1691789400,"nanoseconds":0},"tag_ids":[45589,45646,45766],"village_id":null,"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51618},{"tag_id":45632,"sort_order":1,"person_id":51616},{"tag_id":45632,"sort_order":1,"person_id":51619},{"tag_id":45632,"sort_order":1,"person_id":51615},{"tag_id":45632,"sort_order":1,"person_id":51620},{"tag_id":45631,"sort_order":1,"person_id":51614},{"tag_id":45632,"sort_order":1,"person_id":51617}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"updated":"2023-08-10T21:08:00.000-0000","begin":"2023-08-11T21:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Flipping Locks: Remote Badge Cloning with the Flipper Zero","android_description":"","end_timestamp":{"seconds":1691793000,"nanoseconds":0},"updated_timestamp":{"seconds":1691565060,"nanoseconds":0},"speakers":[{"content_ids":[51553,52386],"conference_id":96,"event_ids":[52677,51722],"name":"Langston \"Shock\" Clement","affiliations":[{"organization":"Core BTS","title":"Lead for Red Team operations and Penetration Testing engagements"}],"links":[{"description":"","title":"Github","sort_order":0,"url":"https://github.com/sh0ckSec"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/sh0ckSec"}],"pronouns":null,"media":[],"id":50692,"title":"Lead for Red Team operations and Penetration Testing engagements at Core BTS"},{"content_ids":[52386],"conference_id":96,"event_ids":[52677],"name":"Dan","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51613}],"timeband_id":990,"links":[],"end":"2023-08-11T22:30:00.000-0000","id":52677,"begin_timestamp":{"seconds":1691789400,"nanoseconds":0},"tag_ids":[40290,45645,45647,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51613},{"tag_id":45590,"sort_order":1,"person_id":50692}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Carson City - Physical Security Village","hotel":"","short_name":"Carson City - Physical Security Village","id":45679},"begin":"2023-08-11T21:30:00.000-0000","updated":"2023-08-09T07:11:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Partnerships are critical for companies to integrate expertise into products, policies, and processes, when supporting elections globally. Additionally partnerships are an effective way for organizations to get the word out or share targeted elections information. Explore the ways in which partnerships can be leveraged for greater transparency and collaboration during the electoral processes. It’s often much easier to get people to join communities and much harder to keep them engaged and actively participating in community efforts. This Panel discusses how to build operational mechanisms to incentivize participation, projects, develop policies, and drive initiatives within community members that can contribute to the broader electoral ecosystem and more broadly to civil society. We know the risks to elections, now how do we create partnerships and build competencies to take on the implications?\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d653b1","updated_at":"2024-06-07T03:38+0000","name":"Village Panel","id":45771},"title":"Building Partnerships","end_timestamp":{"seconds":1691792400,"nanoseconds":0},"android_description":"Partnerships are critical for companies to integrate expertise into products, policies, and processes, when supporting elections globally. Additionally partnerships are an effective way for organizations to get the word out or share targeted elections information. Explore the ways in which partnerships can be leveraged for greater transparency and collaboration during the electoral processes. It’s often much easier to get people to join communities and much harder to keep them engaged and actively participating in community efforts. This Panel discusses how to build operational mechanisms to incentivize participation, projects, develop policies, and drive initiatives within community members that can contribute to the broader electoral ecosystem and more broadly to civil society. We know the risks to elections, now how do we create partnerships and build competencies to take on the implications?","updated_timestamp":{"seconds":1691435760,"nanoseconds":0},"speakers":[{"content_ids":[52329,52334,52337],"conference_id":96,"event_ids":[52613,52618,52621,52622],"name":"Catherine Terranova","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/catherine-terranova-8b209826a"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/catlovesvoting"},{"description":"","title":"Village Website","sort_order":0,"url":"https://votingvillage.org"}],"media":[],"id":51533},{"content_ids":[52328,52334,52336],"conference_id":96,"event_ids":[52612,52618,52620],"name":"Maia Mazurkiewicz","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Link","sort_order":0,"url":"https://alliance4europe.eu/"},{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/maia-mazurkiewicz/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/MaiaMazurkiewic"}],"media":[],"id":51549},{"content_ids":[52334],"conference_id":96,"event_ids":[52618],"name":"Maria Bique","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Link","sort_order":0,"url":"https://www.cybercoach.com/"},{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/biquemaria"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/MariaBique"}],"media":[],"id":51550},{"content_ids":[52329,52334],"conference_id":96,"event_ids":[52613,52618],"name":"Sandra Khalil","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/khalilsandra"}],"pronouns":null,"media":[],"id":51555}],"timeband_id":990,"links":[],"end":"2023-08-11T22:20:00.000-0000","id":52618,"tag_ids":[40298,45646,45743,45771],"village_id":null,"begin_timestamp":{"seconds":1691789400,"nanoseconds":0},"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51533},{"tag_id":45632,"sort_order":1,"person_id":51549},{"tag_id":45632,"sort_order":1,"person_id":51550},{"tag_id":45632,"sort_order":1,"person_id":51555}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"begin":"2023-08-11T21:30:00.000-0000","updated":"2023-08-07T19:16:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Sure, you’ve got skills to “build the stuff and do the thing.” But how good are you at talking to non-techs, execs, and the general public about why what you’re doing is important? If you can’t get people’s attention, get them to remember the important things, and motivate them to act (or not act, in the case of misinformation), you can’t be as effective.\r\n\r\nThis workshop explores a framework for a better understanding of how we as technologists can develop messages that get attention, get noticed, and get results without “dumbing down” or sacrificing technical acuity. Basically, being the Nerds that Talk Good.\r\n\r\nThe solution to misinformation, especially machine-generated misinformation, is not solely a bot vs. bot problem. Understanding why messages take hold in the first place and leveraging our human heart, mind, and gut-level responses to stories can make us better communicators as technologists—which can help authentic and trustworthy content rise above the machines.\r\n\r\nLeveraging the MessageDeck—a novel, nontechnical, hands-on card-based approach—, participants will be coached to discover the higher-order motivations and objectives necessary for their communications and content to be trusted and believed. The model also serves as a framework to develop an informed, skeptical awareness when receiving information.\r\n\r\nThe model was developed after 25 years in arts and entertainment, hardcore IT and cybersecurity, and government communications and is being presented with none of that boring nonsense. We’ll get together, play some cards, spark some conversations, and out of it will come a messaging platform that will recapture the public sphere for good.\r\n\r\nParticipants will also have an opportunity to contribute to a Misinformation Village Messaging Platform—a set of hallmark messages that can be adopted by the broader community. By discovering these authentic messages, we build cohesion and consistency across the misinformation awareness movement.\r\n\r\nSamples of the MessageDeck will be available as supplies last to any who want them, but the strength of the approach lies in its flexibility to be used explicitly or to inform other facilitated conversations. So we will also have an opportunity to explore other ways to apply it to the work of others.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"Be a Nerd that Talks Good: Up-leveling how we talk about misinformation, to build community trust and awareness","end_timestamp":{"seconds":1691793000,"nanoseconds":0},"android_description":"Sure, you’ve got skills to “build the stuff and do the thing.” But how good are you at talking to non-techs, execs, and the general public about why what you’re doing is important? If you can’t get people’s attention, get them to remember the important things, and motivate them to act (or not act, in the case of misinformation), you can’t be as effective.\r\n\r\nThis workshop explores a framework for a better understanding of how we as technologists can develop messages that get attention, get noticed, and get results without “dumbing down” or sacrificing technical acuity. Basically, being the Nerds that Talk Good.\r\n\r\nThe solution to misinformation, especially machine-generated misinformation, is not solely a bot vs. bot problem. Understanding why messages take hold in the first place and leveraging our human heart, mind, and gut-level responses to stories can make us better communicators as technologists—which can help authentic and trustworthy content rise above the machines.\r\n\r\nLeveraging the MessageDeck—a novel, nontechnical, hands-on card-based approach—, participants will be coached to discover the higher-order motivations and objectives necessary for their communications and content to be trusted and believed. The model also serves as a framework to develop an informed, skeptical awareness when receiving information.\r\n\r\nThe model was developed after 25 years in arts and entertainment, hardcore IT and cybersecurity, and government communications and is being presented with none of that boring nonsense. We’ll get together, play some cards, spark some conversations, and out of it will come a messaging platform that will recapture the public sphere for good.\r\n\r\nParticipants will also have an opportunity to contribute to a Misinformation Village Messaging Platform—a set of hallmark messages that can be adopted by the broader community. By discovering these authentic messages, we build cohesion and consistency across the misinformation awareness movement.\r\n\r\nSamples of the MessageDeck will be available as supplies last to any who want them, but the strength of the approach lies in its flexibility to be used explicitly or to inform other facilitated conversations. So we will also have an opportunity to explore other ways to apply it to the work of others.","updated_timestamp":{"seconds":1691284680,"nanoseconds":0},"speakers":[{"content_ids":[52278],"conference_id":96,"event_ids":[52542],"name":"Joel Benge","affiliations":[{"organization":"MessageSpec Consulting","title":""}],"links":[],"pronouns":null,"media":[],"id":51504,"title":"MessageSpec Consulting"}],"timeband_id":990,"links":[],"end":"2023-08-11T22:30:00.000-0000","id":52542,"begin_timestamp":{"seconds":1691789400,"nanoseconds":0},"tag_ids":[40305,45646,45719,45743],"village_id":null,"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51504}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 224 - Misinfo Village","hotel":"","short_name":"Summit - 224 - Misinfo Village","id":45856},"begin":"2023-08-11T21:30:00.000-0000","updated":"2023-08-06T01:18:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"title":"SS7 Workshop","end_timestamp":{"seconds":1691794800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691257140,"nanoseconds":0},"speakers":[{"content_ids":[52238,52239,52241,52242],"conference_id":96,"event_ids":[52493,52494,52496,52497,52500,52501],"name":"Zibran Sayyed","affiliations":[{"organization":"","title":"Sr. Security Consultant Telecom"}],"links":[],"pronouns":null,"media":[],"id":51522,"title":"Sr. Security Consultant Telecom"},{"content_ids":[52243,52238,52239,52241,52242],"conference_id":96,"event_ids":[52493,52494,52496,52497,52500,52501,52498],"name":"Akib Sayyed","affiliations":[{"organization":"Matrix Shell Technologies Prviate Limited","title":"Director"}],"links":[],"pronouns":null,"media":[],"id":51524,"title":"Director at Matrix Shell Technologies Prviate Limited"}],"timeband_id":990,"links":[],"end":"2023-08-11T23:00:00.000-0000","id":52500,"begin_timestamp":{"seconds":1691789400,"nanoseconds":0},"village_id":72,"tag_ids":[40304,45647,45719,45743],"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":51524},{"tag_id":45633,"sort_order":1,"person_id":51522}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Virginia City - Telecom Village","hotel":"","short_name":"Virginia City - Telecom Village","id":45723},"updated":"2023-08-05T17:39:00.000-0000","begin":"2023-08-11T21:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Since the dawn of time, humans have been driven to discover new ways of determining their location, and the location of potential threats. In the realm of cyber threat intelligence, the ability to geolocate servers, for instance the one a C2 is running on, is crucial.\r\n\r\nAs a research in its early stages, this speech will delve into the exciting world of offensive geolocation. By leveraging inviolable physical laws, we can measure the time it takes for a signal to travel from an adversary to multiple network sensors, and use this information to accurately calculate their position. This technique is known as latency trilateration has never been used before in the cyber realm, and has significant implications for threat intelligence, sandbox evasion, and even malware self-geolocation. I will also discuss potential limitations and challenges of this approach, as well as its broader implications and potential future developments in this emerging field.\r\n\r\nREFERENCES:\r\nBen Du, Massimo Candela, Bradley Huffaker, Alex C. Snoeren, and kc claffy. 2020. RIPE IPmap active geolocation: mechanism and performance evaluation. SIGCOMM Comput. Commun. Rev. 50, 2 (April 2020), 3–10. https://doi.org/10.1145/3402413.3402415\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#47c64e","name":"DEF CON War Story","id":45844},"title":"\"You can't cheat time\" - Finding foes and yourself with latency trilateration","end_timestamp":{"seconds":1691790600,"nanoseconds":0},"android_description":"Since the dawn of time, humans have been driven to discover new ways of determining their location, and the location of potential threats. In the realm of cyber threat intelligence, the ability to geolocate servers, for instance the one a C2 is running on, is crucial.\r\n\r\nAs a research in its early stages, this speech will delve into the exciting world of offensive geolocation. By leveraging inviolable physical laws, we can measure the time it takes for a signal to travel from an adversary to multiple network sensors, and use this information to accurately calculate their position. This technique is known as latency trilateration has never been used before in the cyber realm, and has significant implications for threat intelligence, sandbox evasion, and even malware self-geolocation. I will also discuss potential limitations and challenges of this approach, as well as its broader implications and potential future developments in this emerging field.\r\n\r\nREFERENCES:\r\nBen Du, Massimo Candela, Bradley Huffaker, Alex C. Snoeren, and kc claffy. 2020. RIPE IPmap active geolocation: mechanism and performance evaluation. SIGCOMM Comput. Commun. Rev. 50, 2 (April 2020), 3–10. https://doi.org/10.1145/3402413.3402415","updated_timestamp":{"seconds":1687139220,"nanoseconds":0},"speakers":[{"content_ids":[50590],"conference_id":96,"event_ids":[50856],"name":"Lorenzo ”lopoc” Cococcia","affiliations":[{"organization":"","title":"Hacker"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/lopoc_"}],"pronouns":null,"media":[],"id":49822,"title":"Hacker"}],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245761"}],"end":"2023-08-11T21:50:00.000-0000","id":50856,"tag_ids":[45592,45630,45648,45844],"village_id":null,"begin_timestamp":{"seconds":1691789400,"nanoseconds":0},"includes":"Demo 💻, Tool 🛠","people":[{"tag_id":45590,"sort_order":1,"person_id":49822}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45666,"name":"Harrah's - Nevada Ballroom - Lake Tahoe & Reno - War Stories - On the Record","hotel":"","short_name":"War Stories - On the Record","id":45801},"updated":"2023-06-19T01:47:00.000-0000","begin":"2023-08-11T21:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Exploits of insecure serialization leading to remote code execution have been a common attack against .NET applications for some time. But it's generally assumed that exploiting serialization requires that an application directly uses a serializer and that it unsafely reads data that an attacker can tamper with. This talk demonstrates attacks that violate both of these assumptions. This includes serialization exploits of platforms that don't use well-known .NET serializers and methods to exploit deserialization even when the serialized data cannot be tampered with. Remote code execution vulnerabilities in MongoDB, LiteDB, ServiceStack.Redis, RavenDB, MartenDB, JSON.Net and the .NET JavaScriptSerializer are all demonstrated. Techniques to both scan for and mitigate these vulnerabilities are also discussed.\r\n\r\nREFERENCES:\r\n* \"Are You My Type? Breaking .net Sandboxes Through Serialization\", James Forshaw, Black Hat 2012\r\n* \"Friday the 13th JSON Attacks\", Alvaro Muñoz & Oleksandr Mirosh, Black Hat 2017\r\n* See also: https://github.com/pwntester/ysoserial.net for useful payload generators.\n\n\n","title":"Second Breakfast: Implicit and Mutation-Based Serialization Vulnerabilities in .NET","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691792100,"nanoseconds":0},"android_description":"Exploits of insecure serialization leading to remote code execution have been a common attack against .NET applications for some time. But it's generally assumed that exploiting serialization requires that an application directly uses a serializer and that it unsafely reads data that an attacker can tamper with. This talk demonstrates attacks that violate both of these assumptions. This includes serialization exploits of platforms that don't use well-known .NET serializers and methods to exploit deserialization even when the serialized data cannot be tampered with. Remote code execution vulnerabilities in MongoDB, LiteDB, ServiceStack.Redis, RavenDB, MartenDB, JSON.Net and the .NET JavaScriptSerializer are all demonstrated. Techniques to both scan for and mitigate these vulnerabilities are also discussed.\r\n\r\nREFERENCES:\r\n* \"Are You My Type? Breaking .net Sandboxes Through Serialization\", James Forshaw, Black Hat 2012\r\n* \"Friday the 13th JSON Attacks\", Alvaro Muñoz & Oleksandr Mirosh, Black Hat 2017\r\n* See also: https://github.com/pwntester/ysoserial.net for useful payload generators.","updated_timestamp":{"seconds":1687136100,"nanoseconds":0},"speakers":[{"content_ids":[50547],"conference_id":96,"event_ids":[50828],"name":"Jonathan Birch","affiliations":[{"organization":"Microsoft","title":"Principal Security Software Engineer"}],"links":[{"description":"","title":"Mastodon (@seibai@infosec.exchange)","sort_order":0,"url":"https://infosec.exchange/@seibai"}],"pronouns":"he/him","media":[],"id":49756,"title":"Principal Security Software Engineer at Microsoft"}],"timeband_id":990,"end":"2023-08-11T22:15:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245716"}],"id":50828,"tag_ids":[45589,45629,45646,45766],"begin_timestamp":{"seconds":1691789400,"nanoseconds":0},"village_id":null,"includes":"Exploit 🪲","people":[{"tag_id":45590,"sort_order":1,"person_id":49756}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 407-410 - Track 4","hotel":"","short_name":"Academy - 407-410 - Track 4","id":45799},"spans_timebands":"N","updated":"2023-06-19T00:55:00.000-0000","begin":"2023-08-11T21:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"System Integrity Protection (SIP) is a macOS technology that limits the capabilities of the root user, most notably - it maintains the integrity of the operating system by preventing loading of untrusted kernel extensions and protecting sensitive filesystem locations.\r\n\r\nIn this talk we will uncover a method to bypass SIP and create undeletable malware that can later load arbitrary kernel extensions. We will explain our methodology, detail our exploitation strategy and the reverse engineering involved. Lastly, we will explain how to look for similar SIP bypasses and outline a generic detection strategy for Blue Teams.\r\n\r\nREFERENCES:\r\nhttps://objective-see.com/blog/blog_0x14.html\r\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9771\r\nhttps://www.theregister.com/2016/03/30/apple_os_x_rootless/\r\nhttps://www.microsoft.com/en-us/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/\r\nhttps://jhftss.github.io/CVE-2022-26712-The-POC-For-SIP-Bypass-Is-Even-Tweetable/\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"title":"Getting a Migraine - uncovering a unique SIP bypass on macOS","android_description":"System Integrity Protection (SIP) is a macOS technology that limits the capabilities of the root user, most notably - it maintains the integrity of the operating system by preventing loading of untrusted kernel extensions and protecting sensitive filesystem locations.\r\n\r\nIn this talk we will uncover a method to bypass SIP and create undeletable malware that can later load arbitrary kernel extensions. We will explain our methodology, detail our exploitation strategy and the reverse engineering involved. Lastly, we will explain how to look for similar SIP bypasses and outline a generic detection strategy for Blue Teams.\r\n\r\nREFERENCES:\r\nhttps://objective-see.com/blog/blog_0x14.html\r\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9771\r\nhttps://www.theregister.com/2016/03/30/apple_os_x_rootless/\r\nhttps://www.microsoft.com/en-us/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/\r\nhttps://jhftss.github.io/CVE-2022-26712-The-POC-For-SIP-Bypass-Is-Even-Tweetable/","end_timestamp":{"seconds":1691792100,"nanoseconds":0},"updated_timestamp":{"seconds":1687137660,"nanoseconds":0},"speakers":[{"content_ids":[50567,52197],"conference_id":96,"event_ids":[50807,52447],"name":"Jonathan Bar Or","affiliations":[{"organization":"Microsoft","title":"Security Researcher"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/yo_yo_yo_jbo"}],"media":[],"id":49783,"title":"Security Researcher at Microsoft"},{"content_ids":[50567],"conference_id":96,"event_ids":[50807],"name":"Michael Pearse","affiliations":[{"organization":"Microsoft","title":"Security Researcher"}],"links":[],"pronouns":"he/him","media":[],"id":49784,"title":"Security Researcher at Microsoft"},{"content_ids":[50567],"conference_id":96,"event_ids":[50807],"name":"Anurag Bohra","affiliations":[{"organization":"Microsoft","title":"Security Researcher"}],"links":[],"pronouns":"he/him","media":[],"id":49785,"title":"Security Researcher at Microsoft"}],"timeband_id":990,"end":"2023-08-11T22:15:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245738"}],"id":50807,"tag_ids":[45589,45592,45629,45646,45766],"village_id":null,"begin_timestamp":{"seconds":1691789400,"nanoseconds":0},"includes":"Demo 💻, Exploit 🪲","people":[{"tag_id":45590,"sort_order":1,"person_id":49785},{"tag_id":45590,"sort_order":1,"person_id":49783},{"tag_id":45590,"sort_order":1,"person_id":49784}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 130-134 - Track 3","hotel":"","short_name":"Forum - 130-134 - Track 3","id":45798},"spans_timebands":"N","updated":"2023-06-19T01:21:00.000-0000","begin":"2023-08-11T21:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Leakonomics 101: The Last Year in Data Leaks","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691791800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1689552900,"nanoseconds":0},"speakers":[{"content_ids":[51299],"conference_id":96,"event_ids":[51361],"name":"Nick Ascoli","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@kcin418"}],"media":[],"id":50464}],"timeband_id":990,"links":[],"end":"2023-08-11T22:10:00.000-0000","id":51361,"village_id":59,"tag_ids":[40293,45645,45649,45743],"begin_timestamp":{"seconds":1691789100,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50464}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social B and C - Recon Village","hotel":"","short_name":"Social B and C - Recon Village","id":45737},"begin":"2023-08-11T21:25:00.000-0000","updated":"2023-07-17T00:15:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The principle of evidence-based elections is that elections should provide convincing evidence that the reported winners really won. Risk-limiting audits (RLAs) manually inspect ballots from a trustworthy record of the votes to provide affirmative evidence that electoral outcomes are correct if they are indeed correct, and to correct any outcomes that are wrong. When the outcome is correct, RLAs may inspect only a small fraction of all ballot cards, saving considerable labor compared to a full manual recount. Using information about which ballot cards contain which contests (card-style data, CSD) further reduces labor. In this talk, I give an overview of how RLAs work, and new advancements that substantially reduce workload. Using data from the 2020 and 2022 general elections in Orange County, I demonstrate the efficiency of RLAs that take into account CSD. I conclude with a demo showing how RLAs work.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Risk Limiting Audits Of All Contests","end_timestamp":{"seconds":1691790300,"nanoseconds":0},"android_description":"The principle of evidence-based elections is that elections should provide convincing evidence that the reported winners really won. Risk-limiting audits (RLAs) manually inspect ballots from a trustworthy record of the votes to provide affirmative evidence that electoral outcomes are correct if they are indeed correct, and to correct any outcomes that are wrong. When the outcome is correct, RLAs may inspect only a small fraction of all ballot cards, saving considerable labor compared to a full manual recount. Using information about which ballot cards contain which contests (card-style data, CSD) further reduces labor. In this talk, I give an overview of how RLAs work, and new advancements that substantially reduce workload. Using data from the 2020 and 2022 general elections in Orange County, I demonstrate the efficiency of RLAs that take into account CSD. I conclude with a demo showing how RLAs work.","updated_timestamp":{"seconds":1691544060,"nanoseconds":0},"speakers":[{"content_ids":[52320,52382],"conference_id":96,"event_ids":[52604,52673],"name":"Amanda Glazer","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/amandaglazer/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/PandaGlazer"},{"description":"","title":"Website","sort_order":0,"url":"https://dl.acm.org/doi/abs/10.1007/978-3-030-60347-2_6"}],"media":[],"id":51527}],"timeband_id":990,"links":[],"end":"2023-08-11T21:45:00.000-0000","id":52604,"begin_timestamp":{"seconds":1691788200,"nanoseconds":0},"village_id":null,"tag_ids":[40298,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51527}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"spans_timebands":"N","begin":"2023-08-11T21:10:00.000-0000","updated":"2023-08-09T01:21:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Project Output is a haptic feedback implant which allows users to experience and interface with hard data through vibration. Rather than displaying data as numbers, Project Output allows users to experience that information in a synesthetic manner. The implantable nature of the device integrates directly with the user’s nervous system, making it an extension of the user rather than a device. Through exposure over time, and some conscious training, users associate the vibrations with actual data allowing the neuroplastic capacity of the brain to provide an intuitive and integrated understanding of the linked device. Additionally, the power is supplied wirelessly external to the body, using a standardized battery module. This alleviates design constraints surrounding internal power storage and presents an opportunity for further implant design based on the wireless power supply. Current applications include blood glucose monitoring, radiation dosimetry, and pseudo-echolocation using an array of implants. However, given the modular nature, multiple additional categories of sensor data are possible. The benefits of designing for future end-user modifications, as well as promoting common standards, illustrate the power of designing platforms over products.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Good Vibrations, Haptic Sensory Augmentation Implants","end_timestamp":{"seconds":1691790000,"nanoseconds":0},"android_description":"Project Output is a haptic feedback implant which allows users to experience and interface with hard data through vibration. Rather than displaying data as numbers, Project Output allows users to experience that information in a synesthetic manner. The implantable nature of the device integrates directly with the user’s nervous system, making it an extension of the user rather than a device. Through exposure over time, and some conscious training, users associate the vibrations with actual data allowing the neuroplastic capacity of the brain to provide an intuitive and integrated understanding of the linked device. Additionally, the power is supplied wirelessly external to the body, using a standardized battery module. This alleviates design constraints surrounding internal power storage and presents an opportunity for further implant design based on the wireless power supply. Current applications include blood glucose monitoring, radiation dosimetry, and pseudo-echolocation using an array of implants. However, given the modular nature, multiple additional categories of sensor data are possible. The benefits of designing for future end-user modifications, as well as promoting common standards, illustrate the power of designing platforms over products.","updated_timestamp":{"seconds":1689115620,"nanoseconds":0},"speakers":[{"content_ids":[51041],"conference_id":96,"event_ids":[51073],"name":"Quinn D. Mooney","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50225}],"timeband_id":990,"links":[],"end":"2023-08-11T21:40:00.000-0000","id":51073,"begin_timestamp":{"seconds":1691788200,"nanoseconds":0},"tag_ids":[45645,45647,45717],"village_id":68,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50225}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Laughlin I,II,III - Biohacking Village","hotel":"","short_name":"Laughlin I,II,III - Biohacking Village","id":45663},"spans_timebands":"N","begin":"2023-08-11T21:10:00.000-0000","updated":"2023-07-11T22:47:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Security findings from automated sources such as network, software, or compliance scanners often overwhelm security teams with excessive generic, context-less information. Determining ownership and impact takes time and can cause critical vulnerabilities to go unnoticed, unnecessary noise, or friction between security teams and other stakeholders.\r\nMy proposed demo introduces MetaHub, a tool designed to mitigate these issues by automating the three crucial stages of security finding assessment: owner determination, contextualization, and impact definition. Leveraging the power of metadata through MetaChecks, MetaTags, MetaTrails, and MetaAccount, MetaHub provides a detailed, context-aware assessment of each finding.\r\n\r\nBy integrating MetaHub, teams can significantly reduce false positives, streamline the detection and resolution of security findings, and strategically tailor their scanner selection to minimize unnecessary noise. This ability to focus on meaningful, high-impact issues represents a significant step forward in security engineering and will be the primary focus of the demo.\r\n\r\nMetaHub relies on the ASFF format for ingesting security findings which can be consumed from AWS Security Hub or any ASFF-supported scanner, like Prowler or ElectricEye. It can also help to generate reports and dashboards.\r\n\r\nMetaHub is designed for use as a CLI tool or within automated workflows, such as AWS Security Hub custom actions, AWS Lambda functions, or AWS Step Functions.\r\n\r\nContext, ownership, and impact definitions are not common topics that open source tools are addressing; this one is the approach I found for this problem that aims to be agnostic to the source scanner itself. For me, it would be more than valuable to connect with other people to understand other approaches and get feedback on this one.\r\n\r\nGithub: https://github.com/gabrielsoltz/metahub\n\n\n","title":"MetaHub Demo: Automating Ownership, Context, and Impact Assessment in Security Findings","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691789700,"nanoseconds":0},"android_description":"Security findings from automated sources such as network, software, or compliance scanners often overwhelm security teams with excessive generic, context-less information. Determining ownership and impact takes time and can cause critical vulnerabilities to go unnoticed, unnecessary noise, or friction between security teams and other stakeholders.\r\nMy proposed demo introduces MetaHub, a tool designed to mitigate these issues by automating the three crucial stages of security finding assessment: owner determination, contextualization, and impact definition. Leveraging the power of metadata through MetaChecks, MetaTags, MetaTrails, and MetaAccount, MetaHub provides a detailed, context-aware assessment of each finding.\r\n\r\nBy integrating MetaHub, teams can significantly reduce false positives, streamline the detection and resolution of security findings, and strategically tailor their scanner selection to minimize unnecessary noise. This ability to focus on meaningful, high-impact issues represents a significant step forward in security engineering and will be the primary focus of the demo.\r\n\r\nMetaHub relies on the ASFF format for ingesting security findings which can be consumed from AWS Security Hub or any ASFF-supported scanner, like Prowler or ElectricEye. It can also help to generate reports and dashboards.\r\n\r\nMetaHub is designed for use as a CLI tool or within automated workflows, such as AWS Security Hub custom actions, AWS Lambda functions, or AWS Step Functions.\r\n\r\nContext, ownership, and impact definitions are not common topics that open source tools are addressing; this one is the approach I found for this problem that aims to be agnostic to the source scanner itself. For me, it would be more than valuable to connect with other people to understand other approaches and get feedback on this one.\r\n\r\nGithub: https://github.com/gabrielsoltz/metahub","updated_timestamp":{"seconds":1690921800,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-11T21:35:00.000-0000","links":[{"label":"Github","type":"link","url":"https://github.com/gabrielsoltz/metahub"}],"id":52190,"begin_timestamp":{"seconds":1691787900,"nanoseconds":0},"village_id":null,"tag_ids":[40284,45592,45645,45647,45743],"includes":"Demo 💻","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Mesquite - Cloud Village","hotel":"","short_name":"Mesquite - Cloud Village","id":45653},"spans_timebands":"N","updated":"2023-08-01T20:30:00.000-0000","begin":"2023-08-11T21:05:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Want to teach your kid threat modeling? Are you new, yourself?\r\n \r\nStop by our booth, learn what threat modeling is, and get some practice with an introductory non-technical scenario.\n\n\n","title":"DC’s Next Top Threat Model (DCNTTM) - Kids - Learn Threat Modeling","type":{"conference_id":96,"conference":"DEFCON31","color":"#697bd0","updated_at":"2024-06-07T03:38+0000","name":"Event","id":45638},"end_timestamp":{"seconds":1691794800,"nanoseconds":0},"android_description":"Want to teach your kid threat modeling? Are you new, yourself?\r\n \r\nStop by our booth, learn what threat modeling is, and get some practice with an introductory non-technical scenario.","updated_timestamp":{"seconds":1691728260,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Website","type":"link","url":"https://www.threatmodel.us"},{"label":"Twitter","type":"link","url":"https://twitter.com/@ThreatModelUs"}],"end":"2023-08-11T23:00:00.000-0000","id":52697,"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"tag_ids":[45638,45646,45743,45763],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"begin":"2023-08-11T21:00:00.000-0000","updated":"2023-08-11T04:31:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This is a general talk about the nuts and bolts of Physical Security. Not a lockpicking talk.\n\n\n","title":"Doors, Cameras, and Mantraps: Oh, my!","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"This is a general talk about the nuts and bolts of Physical Security. Not a lockpicking talk.","end_timestamp":{"seconds":1691789400,"nanoseconds":0},"updated_timestamp":{"seconds":1691288640,"nanoseconds":0},"speakers":[{"content_ids":[52284],"conference_id":96,"event_ids":[52548],"name":"Dylan Baklor","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51514}],"timeband_id":990,"links":[],"end":"2023-08-11T21:30:00.000-0000","id":52548,"tag_ids":[40309,45645,45649,45743],"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51514}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45753,"name":"LINQ - 5th Floor / BLOQ - Lockpick Village","hotel":"","short_name":"5th Floor / BLOQ - Lockpick Village","id":45873},"spans_timebands":"N","begin":"2023-08-11T21:00:00.000-0000","updated":"2023-08-06T02:24:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Holding Leaflets in the Left Hand and Bullets in the Right: A Guide to Understanding Modern Chinese Information Operations","end_timestamp":{"seconds":1691789400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691284440,"nanoseconds":0},"speakers":[{"content_ids":[52266],"conference_id":96,"event_ids":[52530],"name":"Kieran Green","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51505}],"timeband_id":990,"links":[],"end":"2023-08-11T21:30:00.000-0000","id":52530,"tag_ids":[40305,45645,45646,45743],"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51505}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 224 - Misinfo Village","hotel":"","short_name":"Summit - 224 - Misinfo Village","id":45856},"updated":"2023-08-06T01:14:00.000-0000","begin":"2023-08-11T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Wytshadow, Dragorn, and Ark have been preparing to support network stumbling on bodies beyond earth. This is a synopsis of the challenges, our proposed solutions, and a preview/introduction of how you measure and report wireless data from Earths' moon, Mars, and beyond.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Signals! In! Spaaaaaace!","android_description":"Wytshadow, Dragorn, and Ark have been preparing to support network stumbling on bodies beyond earth. This is a synopsis of the challenges, our proposed solutions, and a preview/introduction of how you measure and report wireless data from Earths' moon, Mars, and beyond.","end_timestamp":{"seconds":1691788800,"nanoseconds":0},"updated_timestamp":{"seconds":1691259840,"nanoseconds":0},"speakers":[{"content_ids":[52250],"conference_id":96,"event_ids":[52511],"name":"Ark (from WiGLE)","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@wiglenet"}],"media":[],"id":51486},{"content_ids":[52250],"conference_id":96,"event_ids":[52511],"name":"wytshadow","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@theDarracott"}],"media":[],"id":51493}],"timeband_id":990,"links":[],"end":"2023-08-11T21:20:00.000-0000","id":52511,"village_id":null,"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"tag_ids":[40292,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51486},{"tag_id":45590,"sort_order":1,"person_id":51493}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Eldorado - Radio Frequency Village","hotel":"","short_name":"Eldorado - Radio Frequency Village","id":45714},"spans_timebands":"N","begin":"2023-08-11T21:00:00.000-0000","updated":"2023-08-05T18:24:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"With quantum computing we have an entirely new model of computing and its execution. Whilst this is exciting for algorithm developers looking to change the world, it's equally exciting to hardware hackers looking for a new challenge. Here we'll discuss some of the unique elements of quantum computing and how they might have an impact on the future of hardware security.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Doomed to repeat the past: classical hardware exploits made quantum","android_description":"With quantum computing we have an entirely new model of computing and its execution. Whilst this is exciting for algorithm developers looking to change the world, it's equally exciting to hardware hackers looking for a new challenge. Here we'll discuss some of the unique elements of quantum computing and how they might have an impact on the future of hardware security.","end_timestamp":{"seconds":1691791200,"nanoseconds":0},"updated_timestamp":{"seconds":1691108460,"nanoseconds":0},"speakers":[{"content_ids":[52179],"conference_id":96,"event_ids":[52427],"name":"Jamie Friel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51427}],"timeband_id":990,"links":[],"end":"2023-08-11T22:00:00.000-0000","id":52427,"tag_ids":[40291,45645,45649,45743],"village_id":null,"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51427}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Quantum Village","hotel":"","short_name":"Quantum Village","id":45741},"updated":"2023-08-04T00:21:00.000-0000","begin":"2023-08-11T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Due to current and emerging threats in the space ecosystem, notably from the recent and ongoing war in Ukraine and even US GPS related outages, space is front and center as both an industry of intense innovation and imperative for civil, military, and commercial growth. It is often the case, that existing cybersecurity policies and frameworks do not apply to space systems. In this presentation, we hope to illuminate the current gaps in such policies and offer ways that the audience can help.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Orbiting the White House: Cybersecurity as a Space Imperative","android_description":"Due to current and emerging threats in the space ecosystem, notably from the recent and ongoing war in Ukraine and even US GPS related outages, space is front and center as both an industry of intense innovation and imperative for civil, military, and commercial growth. It is often the case, that existing cybersecurity policies and frameworks do not apply to space systems. In this presentation, we hope to illuminate the current gaps in such policies and offer ways that the audience can help.","end_timestamp":{"seconds":1691790600,"nanoseconds":0},"updated_timestamp":{"seconds":1691101140,"nanoseconds":0},"speakers":[{"content_ids":[52152],"conference_id":96,"event_ids":[52382],"name":"Lauryn Williams","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51414},{"content_ids":[52152],"conference_id":96,"event_ids":[52382],"name":"Tanya Simms","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51421}],"timeband_id":990,"links":[],"end":"2023-08-11T21:50:00.000-0000","id":52382,"tag_ids":[40280,45645,45646,45743],"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51414},{"tag_id":45590,"sort_order":1,"person_id":51421}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"begin":"2023-08-11T21:00:00.000-0000","updated":"2023-08-03T22:19:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In an ever increasingly connected society, we are often introduced to “new and improved” devices that offer smart capabilities, and door locks are no exception. Increased security and ease of use are some of the key selling points for these locks.\r\n\r\nWhile some devices are hard to attack, the majority are not, because manufacturers are not following simple security practices in their physical, hardware and code design. Improving their security is essential, but how do you do that when hardware and IoT hacking looks like black magic at every step? From electrical signals inside the lock to the Bluetooth Low Energy (BLE) communication with a mobile application developed using a widely used software development kit (SDK), I will share my simple spells that has led me to find vulnerabilities impacting tens of thousands of smart devices from multiple manufacturers. That and why never giving up can pay off!\n\n\n","title":"Open Sesame! How To Open One Thousand And One Locks In The 21St Century?","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691790600,"nanoseconds":0},"android_description":"In an ever increasingly connected society, we are often introduced to “new and improved” devices that offer smart capabilities, and door locks are no exception. Increased security and ease of use are some of the key selling points for these locks.\r\n\r\nWhile some devices are hard to attack, the majority are not, because manufacturers are not following simple security practices in their physical, hardware and code design. Improving their security is essential, but how do you do that when hardware and IoT hacking looks like black magic at every step? From electrical signals inside the lock to the Bluetooth Low Energy (BLE) communication with a mobile application developed using a widely used software development kit (SDK), I will share my simple spells that has led me to find vulnerabilities impacting tens of thousands of smart devices from multiple manufacturers. That and why never giving up can pay off!","updated_timestamp":{"seconds":1691079600,"nanoseconds":0},"speakers":[{"content_ids":[52144],"conference_id":96,"event_ids":[52369],"name":"Thomas BYGODT","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51391}],"timeband_id":990,"links":[],"end":"2023-08-11T21:50:00.000-0000","id":52369,"tag_ids":[40287,45645,45646,45743],"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51391}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 311-312 - Hardware/Soldering Vlgs","hotel":"","short_name":"Alliance - 311-312 - Hardware/Soldering Vlgs","id":45868},"spans_timebands":"N","begin":"2023-08-11T21:00:00.000-0000","updated":"2023-08-03T16:20:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Ken Pyle is a partner of CYBIR, specializing in exploit development, penetration testing, reverse engineering, and enterprise risk management. As a highly rated and popular lecturer he’s presented groundbreaking research at major industry events such as DEFCON, ShmooCon, Secureworld, HTCIA International, and others. He’s also discovered and published numerous critical software vulnerabilities in products from a wide range of companies that includes Cisco, Dell, Netgear, Sonicwall, HP, Datto, Kaseya, and ManageEngine, earning him multiple Hall of Fame acknowledgements for his work. Ken has been publishing DNS work and vulnerability research privately for a number of years. He began showing some of his work in the web application, DNS and IPv4 space at different cybersecurity conferences, with a focus on fixing sets of problems that had been deemed estoteric or limited.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Living off the Land with Connectwise: How I Built An Attack Platform & Botnet in 23 lines of Python!","end_timestamp":{"seconds":1691790300,"nanoseconds":0},"android_description":"Ken Pyle is a partner of CYBIR, specializing in exploit development, penetration testing, reverse engineering, and enterprise risk management. As a highly rated and popular lecturer he’s presented groundbreaking research at major industry events such as DEFCON, ShmooCon, Secureworld, HTCIA International, and others. He’s also discovered and published numerous critical software vulnerabilities in products from a wide range of companies that includes Cisco, Dell, Netgear, Sonicwall, HP, Datto, Kaseya, and ManageEngine, earning him multiple Hall of Fame acknowledgements for his work. Ken has been publishing DNS work and vulnerability research privately for a number of years. He began showing some of his work in the web application, DNS and IPv4 space at different cybersecurity conferences, with a focus on fixing sets of problems that had been deemed estoteric or limited.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52097],"conference_id":96,"event_ids":[52323],"name":"Ken Pyle","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/ken-pyle-cissp-hcispp-oscp-ecsa-ceh-ence-569642a"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/syngularity1"}],"pronouns":null,"media":[],"id":51355}],"timeband_id":990,"links":[],"end":"2023-08-11T21:45:00.000-0000","id":52323,"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"village_id":null,"tag_ids":[40297,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51355}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Main Stage","hotel":"","short_name":"AppSec Village - Main Stage","id":45960},"begin":"2023-08-11T21:00:00.000-0000","updated":"2023-08-03T15:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This talk captures the lessons learned from red teaming production AI systems from Microsoft and Google. We contextualize how red teaming AI systems is similar yet different from red teaming traditional software systems, and distill 10 lessons from a practioner’s perspective. Whether you are considering a career change into red teaming AI systems, or subverting AI systems for fun/twitter clout or simply want to cash in on the AI bug bounties for profit, these lessons on attacking AI systems applies to you.\r\n\r\nThe 10 lessons are:\r\n\r\nLesson 1: Red Teaming AI systems means different things to different communities\r\nLesson 2: AI Red Teaming is somewhere in the middle\r\nLesson 3: AI Red Teaming is a shared responsibility with a different process\r\nLesson 4: Red Teaming AI models is different from red teaming AI applications\r\nLesson 5: There are novel security risks to look out for….\r\nLesson 6: …But do not forget traditional security\r\nLesson 7: The goal of the AI Red Team is not to find all the different ways AI systems fail\r\nLesson 8: You do not need to be a math whiz to red team AI system\r\nLesson 9: AI Red Team needs a diverse set of skills in the team\r\nLesson 10: There is so much to do before you start red teaming your AI system\r\n\n\n\n","title":"A Few Useful Lessons about AI Red Teaming","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"This talk captures the lessons learned from red teaming production AI systems from Microsoft and Google. We contextualize how red teaming AI systems is similar yet different from red teaming traditional software systems, and distill 10 lessons from a practioner’s perspective. Whether you are considering a career change into red teaming AI systems, or subverting AI systems for fun/twitter clout or simply want to cash in on the AI bug bounties for profit, these lessons on attacking AI systems applies to you.\r\n\r\nThe 10 lessons are:\r\n\r\nLesson 1: Red Teaming AI systems means different things to different communities\r\nLesson 2: AI Red Teaming is somewhere in the middle\r\nLesson 3: AI Red Teaming is a shared responsibility with a different process\r\nLesson 4: Red Teaming AI models is different from red teaming AI applications\r\nLesson 5: There are novel security risks to look out for….\r\nLesson 6: …But do not forget traditional security\r\nLesson 7: The goal of the AI Red Team is not to find all the different ways AI systems fail\r\nLesson 8: You do not need to be a math whiz to red team AI system\r\nLesson 9: AI Red Team needs a diverse set of skills in the team\r\nLesson 10: There is so much to do before you start red teaming your AI system","end_timestamp":{"seconds":1691790900,"nanoseconds":0},"updated_timestamp":{"seconds":1691031300,"nanoseconds":0},"speakers":[{"content_ids":[52051,52060],"conference_id":96,"event_ids":[52270,52279],"name":"Ram Shankar Siva Kumar","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51292}],"timeband_id":990,"links":[],"end":"2023-08-11T21:55:00.000-0000","id":52270,"village_id":null,"tag_ids":[40299,45645,45646,45743],"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51292}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 401-406 - AI Village","hotel":"","short_name":"Academy - 401-406 - AI Village","id":45870},"spans_timebands":"N","updated":"2023-08-03T02:55:00.000-0000","begin":"2023-08-11T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Climate Change and its Implications for Security and Privacy: An Uncharted Territory","android_description":"","end_timestamp":{"seconds":1691789400,"nanoseconds":0},"updated_timestamp":{"seconds":1691025660,"nanoseconds":0},"speakers":[{"content_ids":[52025,52052,52259],"conference_id":96,"event_ids":[52523,52241,52271],"name":"Chloé Messdaghi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51252}],"timeband_id":990,"links":[],"end":"2023-08-11T21:30:00.000-0000","id":52241,"village_id":null,"tag_ids":[40308,45645,45647,45743],"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51252}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset - Vista - Crypto & Privacy Village","hotel":"","short_name":"Sunset - Vista - Crypto & Privacy Village","id":45702},"begin":"2023-08-11T21:00:00.000-0000","updated":"2023-08-03T01:21:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In this competition (#SECVC), teams go toe to toe by placing live vishing (voice phishing) phone calls in front of the Social Engineering Community audience at DEF CON. These calls showcase the duality of ease and complexity of the craft against the various levels of preparedness and defenses by actual companies. Teams can consist of 1-3 individuals, which we hope allows for teams to utilize novel techniques to implement different Social Engineering tactics. Each team has limited time to place as many calls as possible from a soundproof booth. During that time, their goal is to elicit from the receiver as many objectives as possible. Whether you’re an attacker, defender, business executive, or brand new to this community, you can learn by witnessing firsthand how easy it is for some competitors to schmooze their way to their goals and how well prepared some companies are to shut down those competitors! \r\n\r\n2023 judges: Corgi, FC aka freakyclown, and Snow\r\n2023 coaches: Ibetika, JC, C_3PJoe, and Split Beans (last year's SECVC winners: Jenn, Matt, and Sean)\r\n\r\nThis competition takes place on Friday in the Social Engineering Community village, be sure to get there early to get a seat; they fill up fast! Additionally, at the end of Friday, join Snow as she covers the behind the scenes of creating the SECVC, this year's lessons learned, team highlights, and tips for future competitors!\n\n\n","title":"Social Engineering Community (SEC) Vishing Competition","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"end_timestamp":{"seconds":1691798400,"nanoseconds":0},"android_description":"In this competition (#SECVC), teams go toe to toe by placing live vishing (voice phishing) phone calls in front of the Social Engineering Community audience at DEF CON. These calls showcase the duality of ease and complexity of the craft against the various levels of preparedness and defenses by actual companies. Teams can consist of 1-3 individuals, which we hope allows for teams to utilize novel techniques to implement different Social Engineering tactics. Each team has limited time to place as many calls as possible from a soundproof booth. During that time, their goal is to elicit from the receiver as many objectives as possible. Whether you’re an attacker, defender, business executive, or brand new to this community, you can learn by witnessing firsthand how easy it is for some competitors to schmooze their way to their goals and how well prepared some companies are to shut down those competitors! \r\n\r\n2023 judges: Corgi, FC aka freakyclown, and Snow\r\n2023 coaches: Ibetika, JC, C_3PJoe, and Split Beans (last year's SECVC winners: Jenn, Matt, and Sean)\r\n\r\nThis competition takes place on Friday in the Social Engineering Community village, be sure to get there early to get a seat; they fill up fast! Additionally, at the end of Friday, join Snow as she covers the behind the scenes of creating the SECVC, this year's lessons learned, team highlights, and tips for future competitors!","updated_timestamp":{"seconds":1690066080,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-12T00:00:00.000-0000","links":[{"label":"More Information","type":"link","url":"https://www.se.community/vishing-competition/"},{"label":"Website","type":"link","url":"https://www.se.community/events/vishing-competition/"},{"label":"Twitter (@sec_defcon)","type":"link","url":"https://twitter.com/sec_defcon"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245383"}],"id":51710,"tag_ids":[40302,45635,45649,45743],"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"village_id":64,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social A - Social Engineering Community","hotel":"","short_name":"Social A - Social Engineering Community","id":45736},"spans_timebands":"N","begin":"2023-08-11T21:00:00.000-0000","updated":"2023-07-22T22:48:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Scammers have evolved with technology. Technology has already helped scammers evolve from calling individual consumers to using technology to blast millions of calls to consumers. Some scammers have used generative AI models to clone a loved one’s voice as part of a scam where the scammer asks the family member to send money to resolve a fake emergency, such as hospitalization or arrested. How will scammers use telephones and technology to transform, and what are the options available to stop them? This is a call for discussion about how to combat the use of generative AI models being used to clone voices to scam people’s money.\n\n\n","title":"What are your thoughts on AI assisted voice cloning being used for scams?","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691790600,"nanoseconds":0},"android_description":"Scammers have evolved with technology. Technology has already helped scammers evolve from calling individual consumers to using technology to blast millions of calls to consumers. Some scammers have used generative AI models to clone a loved one’s voice as part of a scam where the scammer asks the family member to send money to resolve a fake emergency, such as hospitalization or arrested. How will scammers use telephones and technology to transform, and what are the options available to stop them? This is a call for discussion about how to combat the use of generative AI models being used to clone voices to scam people’s money.","updated_timestamp":{"seconds":1690430760,"nanoseconds":0},"speakers":[{"content_ids":[51507],"conference_id":96,"event_ids":[51663],"name":"Christine Barker","affiliations":[{"organization":"Federal Trade Commission","title":"Senior Investigator"}],"links":[],"pronouns":null,"media":[],"id":50591,"title":"Senior Investigator at Federal Trade Commission"}],"timeband_id":990,"links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"end":"2023-08-11T21:50:00.000-0000","id":51663,"village_id":null,"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"tag_ids":[40310,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50591}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 218-219 - Policy Rotunda","hotel":"","short_name":"Summit - 218-219 - Policy Rotunda","id":45824},"spans_timebands":"N","updated":"2023-07-27T04:06:00.000-0000","begin":"2023-08-11T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The global economy is afloat. It is cheap and fast, and vulnerable. Everyone relies upon it but there is no single entity responsible for it. Whether it be reliance on dated legacy systems, rampant prioritization of innovation over security, under-funded infrastructure, or unclear security principles and enforcement mechanisms, the maritime ecosystem is becoming increasingly insecure - making the world’s seas and ports a target for pirates, hackers, and states. And we know it....that’s the good news.\r\n \r\nThe panel will discuss challenges to developing actionable maritime cyber policy, the technical realities behind maritime cybersecurity, review existing US and international programs, and discuss how the global ecosystem could harmonize these policies to push the maritime ecosystem towards a more secure state. There will also be time for questions and broader discussion/audience engagement.\n\n\n","title":"Cyber Policy Adrift – Charting a Path Forward for International Maritime Cybersecurity","type":{"conference_id":96,"conference":"DEFCON31","color":"#d653b1","updated_at":"2024-06-07T03:38+0000","name":"Village Panel","id":45771},"end_timestamp":{"seconds":1691790600,"nanoseconds":0},"android_description":"The global economy is afloat. It is cheap and fast, and vulnerable. Everyone relies upon it but there is no single entity responsible for it. Whether it be reliance on dated legacy systems, rampant prioritization of innovation over security, under-funded infrastructure, or unclear security principles and enforcement mechanisms, the maritime ecosystem is becoming increasingly insecure - making the world’s seas and ports a target for pirates, hackers, and states. And we know it....that’s the good news.\r\n \r\nThe panel will discuss challenges to developing actionable maritime cyber policy, the technical realities behind maritime cybersecurity, review existing US and international programs, and discuss how the global ecosystem could harmonize these policies to push the maritime ecosystem towards a more secure state. There will also be time for questions and broader discussion/audience engagement.","updated_timestamp":{"seconds":1690430460,"nanoseconds":0},"speakers":[{"content_ids":[51478,51501],"conference_id":96,"event_ids":[51634,51657],"name":"Nina Kollars","affiliations":[{"organization":"Cyber and Innovation Policy Institute at the US Naval War College","title":"Associate Professor"}],"links":[],"pronouns":null,"media":[],"id":50560,"title":"Associate Professor at Cyber and Innovation Policy Institute at the US Naval War College"},{"content_ids":[51501],"conference_id":96,"event_ids":[51657],"name":"Blake Benson","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50579},{"content_ids":[51501,51488],"conference_id":96,"event_ids":[51644,51657],"name":"Cliff Neve","affiliations":[{"organization":"US Coast Guard","title":""}],"links":[],"pronouns":null,"media":[],"id":50595,"title":"US Coast Guard"},{"content_ids":[51501],"conference_id":96,"event_ids":[51657],"name":"Josh Reiter","affiliations":[{"organization":"US Navy","title":"Deputy PCA"}],"links":[],"pronouns":null,"media":[],"id":50613,"title":"Deputy PCA at US Navy"}],"timeband_id":990,"links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"end":"2023-08-11T21:50:00.000-0000","id":51657,"tag_ids":[40310,45646,45743,45771,45836],"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":50579},{"tag_id":45632,"sort_order":1,"person_id":50595},{"tag_id":45632,"sort_order":1,"person_id":50613},{"tag_id":45632,"sort_order":1,"person_id":50560}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 221-222 - Policy Atrium","hotel":"","short_name":"Summit - 221-222 - Policy Atrium","id":45878},"spans_timebands":"N","updated":"2023-07-27T04:01:00.000-0000","begin":"2023-08-11T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#2ec300","updated_at":"2024-06-07T03:38+0000","name":"Vendor Event","id":45769},"title":"No Starch Press - Book Signing - Travis Goodspeed, PoC or GTFO Volume 1, 2, & 3","end_timestamp":{"seconds":1691791200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1690416180,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-11T22:00:00.000-0000","id":51606,"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"village_id":null,"tag_ids":[45646,45743,45769,45770],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 305-306 - Vendors","hotel":"","short_name":"Alliance - 305-306 - Vendors","id":45866},"updated":"2023-07-27T00:03:00.000-0000","begin":"2023-08-11T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Lonely Hackers Club - Badgelife & Sticker Swap","type":{"conference_id":96,"conference":"DEFCON31","color":"#77d8b8","updated_at":"2024-06-07T03:38+0000","name":"Misc","id":45640},"android_description":"","end_timestamp":{"seconds":1691798400,"nanoseconds":0},"updated_timestamp":{"seconds":1690163160,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T00:00:00.000-0000","id":51589,"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"tag_ids":[45640,45648,45743],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Laughlin - Lonely Hackers Club","hotel":"","short_name":"Laughlin - Lonely Hackers Club","id":45898},"spans_timebands":"N","updated":"2023-07-24T01:46:00.000-0000","begin":"2023-08-11T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Books bring us together, expand our ways of thinking, and allow for discourse. This DEF CON book exchange will be a quieter space for those who want to discuss what they are reading, recommend books, and trade books too. We might even have a SAO of a book - pending sponsorship.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d1c366","updated_at":"2024-06-07T03:38+0000","name":"Meetup","id":45639},"title":"Book Club Discussion and Exchange","android_description":"Books bring us together, expand our ways of thinking, and allow for discourse. This DEF CON book exchange will be a quieter space for those who want to discuss what they are reading, recommend books, and trade books too. We might even have a SAO of a book - pending sponsorship.","end_timestamp":{"seconds":1691794800,"nanoseconds":0},"updated_timestamp":{"seconds":1690140300,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Twitter (@d34da55)","type":"link","url":"https://twitter.com/@d34da55"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245843"},{"label":"Twitter (@CarpeDiemT3ch)","type":"link","url":"https://twitter.com/@CarpeDiemT3ch"}],"end":"2023-08-11T23:00:00.000-0000","id":51558,"village_id":null,"tag_ids":[45639,45648,45743],"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Goldfield/Tonopah - Community Room","hotel":"","short_name":"Goldfield/Tonopah - Community Room","id":45727},"spans_timebands":"N","begin":"2023-08-11T21:00:00.000-0000","updated":"2023-07-23T19:25:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Mastering OSINT: Advanced Techniques in the Realm of Big Data","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691789100,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1689552900,"nanoseconds":0},"speakers":[{"content_ids":[51298],"conference_id":96,"event_ids":[51360],"name":"Seyfullah","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@s3yfullah"}],"pronouns":null,"media":[],"id":50467}],"timeband_id":990,"links":[],"end":"2023-08-11T21:25:00.000-0000","id":51360,"tag_ids":[40293,45645,45649,45743],"village_id":59,"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50467}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social B and C - Recon Village","hotel":"","short_name":"Social B and C - Recon Village","id":45737},"spans_timebands":"N","updated":"2023-07-17T00:15:00.000-0000","begin":"2023-08-11T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Open Source Intelligence (OSINT) for Hackers workshop, as part of the Red Team Village, provides extensive information and hands on lessons relating to surface and deep web searching along with advanced online search techniques & strategies, online privacy / anonymity tools, counterintelligence techniques used by the criminal element, search techniques of blogs and social networks including social media monitoring, utilize database systems, methods to obtain historical website pages, develop previous domain & website details that no longer exist, geolocating, reverse imaging, transfer of large files, screenshot capabilities, and much more all focused on helping Hackers related to threat hunting, red teaming and information gathering.\n\n\n","title":"Open Source Intelligence (OSINT) for Hackers","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691794800,"nanoseconds":0},"android_description":"The Open Source Intelligence (OSINT) for Hackers workshop, as part of the Red Team Village, provides extensive information and hands on lessons relating to surface and deep web searching along with advanced online search techniques & strategies, online privacy / anonymity tools, counterintelligence techniques used by the criminal element, search techniques of blogs and social networks including social media monitoring, utilize database systems, methods to obtain historical website pages, develop previous domain & website details that no longer exist, geolocating, reverse imaging, transfer of large files, screenshot capabilities, and much more all focused on helping Hackers related to threat hunting, red teaming and information gathering.","updated_timestamp":{"seconds":1689358320,"nanoseconds":0},"speakers":[{"content_ids":[51075,51084],"conference_id":96,"event_ids":[51116,51145,51107,51146,51147,51148,51149],"name":"Lee McWhorter","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/tleemcjr"}],"media":[],"id":50269},{"content_ids":[51075,51084],"conference_id":96,"event_ids":[51116,51145,51107,51146,51147,51148,51149],"name":"Sandra Stibbards","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Camelotinv"}],"pronouns":null,"media":[],"id":50281}],"timeband_id":990,"links":[],"end":"2023-08-11T23:00:00.000-0000","id":51116,"village_id":60,"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"tag_ids":[40294,45647,45719],"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50269},{"tag_id":45633,"sort_order":1,"person_id":50281}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 3","hotel":"","short_name":"Area 3","id":45827},"spans_timebands":"N","updated":"2023-07-14T18:12:00.000-0000","begin":"2023-08-11T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The workshop is about understanding and exploiting Kubernetes Cluster environments. There is a exploitable cluster that has been built and is deployable for the workshop. The workshop was originally written for people that do not have a large familiarity with Kubernetes or Containers. It is not intended to provide new or novel attacks, but help accelerate someone's path to understanding and using new and novel attacks.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"title":"Kubernetes Offense","end_timestamp":{"seconds":1691798400,"nanoseconds":0},"android_description":"The workshop is about understanding and exploiting Kubernetes Cluster environments. There is a exploitable cluster that has been built and is deployable for the workshop. The workshop was originally written for people that do not have a large familiarity with Kubernetes or Containers. It is not intended to provide new or novel attacks, but help accelerate someone's path to understanding and using new and novel attacks.","updated_timestamp":{"seconds":1689358320,"nanoseconds":0},"speakers":[{"content_ids":[51083],"conference_id":96,"event_ids":[51115],"name":"Michael Mitchell","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/awildbeard"}],"media":[],"id":50273}],"timeband_id":990,"links":[],"end":"2023-08-12T00:00:00.000-0000","id":51115,"tag_ids":[40294,45647,45719],"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"village_id":60,"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50273}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 6","hotel":"","short_name":"Area 6","id":45830},"spans_timebands":"N","updated":"2023-07-14T18:12:00.000-0000","begin":"2023-08-11T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Robust red team practices generate multiple findings gradually; defenders struggle to keep up with remediations and detections. All red team findings are critical, but if everything is a priority, then nothing is. Organizations cannot feasibly defend against all ATT&CK techniques. They have more findings than they can optimally assign resources to and focus on the critical ones; they need a system to help them make this task manageable. This Workshop introduces CRTFSS: A methodology to prioritize red team findings using adversary behaviors observed in real-world threat intelligence and mapped to the MITRE ATT&CK based on the most frequent TTPs that score each finding based on the complexity of remediation and exploitability.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"How to prioritize Red Team Findings? Presenting CRTFSS: Common Red Team Findings Score System Ver. 1.0","end_timestamp":{"seconds":1691791200,"nanoseconds":0},"android_description":"Robust red team practices generate multiple findings gradually; defenders struggle to keep up with remediations and detections. All red team findings are critical, but if everything is a priority, then nothing is. Organizations cannot feasibly defend against all ATT&CK techniques. They have more findings than they can optimally assign resources to and focus on the critical ones; they need a system to help them make this task manageable. This Workshop introduces CRTFSS: A methodology to prioritize red team findings using adversary behaviors observed in real-world threat intelligence and mapped to the MITRE ATT&CK based on the most frequent TTPs that score each finding based on the complexity of remediation and exploitability.","updated_timestamp":{"seconds":1689358320,"nanoseconds":0},"speakers":[{"content_ids":[51082],"conference_id":96,"event_ids":[51114,51137,51138],"name":"Guillermo Buendia","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/bym0m0"}],"media":[],"id":50264}],"timeband_id":990,"links":[],"end":"2023-08-11T22:00:00.000-0000","id":51114,"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"tag_ids":[40294,45647,45719],"village_id":60,"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50264}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 5","hotel":"","short_name":"Area 5","id":45829},"spans_timebands":"N","updated":"2023-07-14T18:12:00.000-0000","begin":"2023-08-11T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"A red team is defined as a group of cybersecurity professionals that simulate the actions of those who are malicious or adversarial. However, many red teams don’t emulate adversaries as much as they might think. This workshop will discuss adversary types and their motivations, common tooling mistakes that are a dead giveaway you’re a red team, infrastructure mistakes, lack of action on objectives, and more from the perspective of someone who hunts red teams. This workshop is designed for entry level to intermediate level red teamers.\n\n\n","title":"How to [NOT] look like a Red Team","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691794800,"nanoseconds":0},"android_description":"A red team is defined as a group of cybersecurity professionals that simulate the actions of those who are malicious or adversarial. However, many red teams don’t emulate adversaries as much as they might think. This workshop will discuss adversary types and their motivations, common tooling mistakes that are a dead giveaway you’re a red team, infrastructure mistakes, lack of action on objectives, and more from the perspective of someone who hunts red teams. This workshop is designed for entry level to intermediate level red teamers.","updated_timestamp":{"seconds":1689358260,"nanoseconds":0},"speakers":[{"content_ids":[51081],"conference_id":96,"event_ids":[51113,51136],"name":"Michael Wylie","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/themikewylie"}],"media":[],"id":50274}],"timeband_id":990,"links":[],"end":"2023-08-11T23:00:00.000-0000","id":51113,"tag_ids":[40294,45647,45719],"village_id":60,"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50274}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 4","hotel":"","short_name":"Area 4","id":45828},"spans_timebands":"N","updated":"2023-07-14T18:11:00.000-0000","begin":"2023-08-11T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This workshop is intended for cybersecurity professionals, system administrators, software developers, and anyone interested in learning about the art of hacking web applications and API security. It is an immersive, hands-on experience that provides comprehensive knowledge about different web application and API vulnerabilities, and, most importantly, effective hacking methodologies.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"title":"Hacking Web Apps and APIs with WebSploit Labs","end_timestamp":{"seconds":1691791200,"nanoseconds":0},"android_description":"This workshop is intended for cybersecurity professionals, system administrators, software developers, and anyone interested in learning about the art of hacking web applications and API security. It is an immersive, hands-on experience that provides comprehensive knowledge about different web application and API vulnerabilities, and, most importantly, effective hacking methodologies.","updated_timestamp":{"seconds":1689358260,"nanoseconds":0},"speakers":[{"content_ids":[51078,51080],"conference_id":96,"event_ids":[51110,51129,51112,51132,51133,51134,51135],"name":"Omar Santos","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/santosomar"}],"pronouns":null,"media":[],"id":50276}],"timeband_id":990,"links":[],"end":"2023-08-11T22:00:00.000-0000","id":51112,"village_id":60,"tag_ids":[40294,45647,45719],"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50276}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 1","hotel":"","short_name":"Area 1","id":45825},"updated":"2023-07-14T18:11:00.000-0000","begin":"2023-08-11T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In this demo I will show you can root various models of vacuum robots and disconnect them from the cloud. You have the chance to play around yourself with the tools and the rooted robots yourself. Learn why you should not trust your robots cameras and microphones. Pick up a free PCB that allows you to root your vacuum robot easily.\n\n\n","title":"Vacuum Robot Hacking","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#b3b0b6","name":"Demo Lab","id":45636},"end_timestamp":{"seconds":1691794500,"nanoseconds":0},"android_description":"In this demo I will show you can root various models of vacuum robots and disconnect them from the cloud. You have the chance to play around yourself with the tools and the rooted robots yourself. Learn why you should not trust your robots cameras and microphones. Pick up a free PCB that allows you to root your vacuum robot easily.","updated_timestamp":{"seconds":1688878500,"nanoseconds":0},"speakers":[{"content_ids":[50594,51026],"conference_id":96,"event_ids":[50839,51064],"name":"Dennis Giese","affiliations":[{"organization":"","title":"Hacker"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/dgi_DE"},{"description":"","title":"Website","sort_order":0,"url":"https://valetudo.cloud"},{"description":"","title":"Website","sort_order":0,"url":"https://dontvacuum.me"}],"pronouns":"he/him","media":[],"id":49829,"title":"Hacker"}],"timeband_id":990,"links":[],"end":"2023-08-11T22:55:00.000-0000","id":51064,"village_id":null,"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"tag_ids":[45592,45636,45646,45743],"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49829}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Unity Boardroom - Demo Labs","hotel":"","short_name":"Unity Boardroom - Demo Labs","id":45706},"spans_timebands":"N","begin":"2023-08-11T21:00:00.000-0000","updated":"2023-07-09T04:55:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"OWASP crAPI is an intentionally vulnerable API designed to teach and demonstrate common API security flaws. It serves as a playground for security enthusiasts, developers, and penetration testers to learn about API vulnerabilities and practice exploiting them in a safe environment. This Demo Lab will showcase the use of crAPI for educational purposes, including how to set it up, identify vulnerabilities, and apply secure API development best practices.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#b3b0b6","updated_at":"2024-06-07T03:38+0000","name":"Demo Lab","id":45636},"title":"OWASP crAPI: Completely Ridiculous API","android_description":"OWASP crAPI is an intentionally vulnerable API designed to teach and demonstrate common API security flaws. It serves as a playground for security enthusiasts, developers, and penetration testers to learn about API vulnerabilities and practice exploiting them in a safe environment. This Demo Lab will showcase the use of crAPI for educational purposes, including how to set it up, identify vulnerabilities, and apply secure API development best practices.","end_timestamp":{"seconds":1691794500,"nanoseconds":0},"updated_timestamp":{"seconds":1688877420,"nanoseconds":0},"speakers":[{"content_ids":[51012],"conference_id":96,"event_ids":[51050],"name":"Jayesh Ahire","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50195},{"content_ids":[51012],"conference_id":96,"event_ids":[51050],"name":"Roshan Piyush","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50196}],"timeband_id":990,"links":[],"end":"2023-08-11T22:55:00.000-0000","id":51050,"tag_ids":[45592,45636,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50195},{"tag_id":45590,"sort_order":1,"person_id":50196}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Accord Boardroom - Demo Labs","hotel":"","short_name":"Accord Boardroom - Demo Labs","id":45695},"updated":"2023-07-09T04:37:00.000-0000","begin":"2023-08-11T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Introducing Scorecard, an innovative open-source tool designed to secure the software supply chain by scanning over 1.2 million GitHub repositories for potential security risks. Scorecard automates the process of evaluating a project's adherence to security best practices, assigning a score based on the results. The scores and detailed analysis are readily accessible via a comprehensive API (https://api.securityscorecards.dev), empowering developers to easily integrate security checks into their workflows. Additionally, Scorecard provides a CLI for individual use and a GitHub action that allows repository owners to continuously monitor and improve their project's security posture. Whether you're a seasoned developer or an open-source enthusiast, Scorecard gives you the power to make the software supply chain safer for everyone.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#b3b0b6","updated_at":"2024-06-07T03:38+0000","name":"Demo Lab","id":45636},"title":"OpenSSF Scorecard","android_description":"Introducing Scorecard, an innovative open-source tool designed to secure the software supply chain by scanning over 1.2 million GitHub repositories for potential security risks. Scorecard automates the process of evaluating a project's adherence to security best practices, assigning a score based on the results. The scores and detailed analysis are readily accessible via a comprehensive API (https://api.securityscorecards.dev), empowering developers to easily integrate security checks into their workflows. Additionally, Scorecard provides a CLI for individual use and a GitHub action that allows repository owners to continuously monitor and improve their project's security posture. Whether you're a seasoned developer or an open-source enthusiast, Scorecard gives you the power to make the software supply chain safer for everyone.","end_timestamp":{"seconds":1691794500,"nanoseconds":0},"updated_timestamp":{"seconds":1688877000,"nanoseconds":0},"speakers":[{"content_ids":[51011],"conference_id":96,"event_ids":[51049],"name":"Naveen Srinivasan","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Naveen_Srini_"}],"media":[],"id":50193},{"content_ids":[51011],"conference_id":96,"event_ids":[51049],"name":"Neil Naveen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50194}],"timeband_id":990,"links":[],"end":"2023-08-11T22:55:00.000-0000","id":51049,"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"tag_ids":[45592,45636,45646,45743],"village_id":null,"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50193},{"tag_id":45590,"sort_order":1,"person_id":50194}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Caucus Boardroom - Demo Labs","hotel":"","short_name":"Caucus Boardroom - Demo Labs","id":45696},"spans_timebands":"N","begin":"2023-08-11T21:00:00.000-0000","updated":"2023-07-09T04:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Reverse engineering is an important task performed by security researchers to identify vulnerable functions and malicious functions in IoT (Internet of Things) devices that are often shared across multiple devices of many system architectures. Common techniques to currently identify the reuse of these functions do not perform cross-architecture identification unless specific data such as unique strings are identified that may be of use in identifying a piece of code. Utilizing natural language processing techniques, Glyph allows you to upload an ELF binary (32 & 64 bit) for cross-architecture function fingerprinting, upon analysis, a web-based function symbol table will be created and presented to the user to aid in their analysis of binary executables/shared objects.\n\n\n","title":"Glyph","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#b3b0b6","name":"Demo Lab","id":45636},"end_timestamp":{"seconds":1691794500,"nanoseconds":0},"android_description":"Reverse engineering is an important task performed by security researchers to identify vulnerable functions and malicious functions in IoT (Internet of Things) devices that are often shared across multiple devices of many system architectures. Common techniques to currently identify the reuse of these functions do not perform cross-architecture identification unless specific data such as unique strings are identified that may be of use in identifying a piece of code. Utilizing natural language processing techniques, Glyph allows you to upload an ELF binary (32 & 64 bit) for cross-architecture function fingerprinting, upon analysis, a web-based function symbol table will be created and presented to the user to aid in their analysis of binary executables/shared objects.","updated_timestamp":{"seconds":1688876460,"nanoseconds":0},"speakers":[{"content_ids":[51004],"conference_id":96,"event_ids":[51042],"name":"Corey Hartman","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50184}],"timeband_id":990,"links":[],"end":"2023-08-11T22:55:00.000-0000","id":51042,"village_id":null,"tag_ids":[45592,45636,45646,45743],"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50184}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Society Boardroom - Demo Labs","hotel":"","short_name":"Society Boardroom - Demo Labs","id":45700},"spans_timebands":"N","updated":"2023-07-09T04:21:00.000-0000","begin":"2023-08-11T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"EvilnoVNC is a Ready to go Phishing Platform. Unlike other phishing techniques, EvilnoVNC allows 2FA bypassing by using a real browser over a noVNC connection. In addition, this tool allows us to see in real time all of the victim's actions, access to their downloaded files and the entire browser profile, including cookies, saved passwords, browsing history and much more.\n\n\n","title":"EvilnoVNC: Next-Gen Spear Phishing Attacks","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#b3b0b6","name":"Demo Lab","id":45636},"end_timestamp":{"seconds":1691794500,"nanoseconds":0},"android_description":"EvilnoVNC is a Ready to go Phishing Platform. Unlike other phishing techniques, EvilnoVNC allows 2FA bypassing by using a real browser over a noVNC connection. In addition, this tool allows us to see in real time all of the victim's actions, access to their downloaded files and the entire browser profile, including cookies, saved passwords, browsing history and much more.","updated_timestamp":{"seconds":1688876280,"nanoseconds":0},"speakers":[{"content_ids":[51002],"conference_id":96,"event_ids":[51040],"name":"Joel Gámez Molina","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50181}],"timeband_id":990,"links":[],"end":"2023-08-11T22:55:00.000-0000","id":51040,"village_id":null,"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"tag_ids":[45592,45636,45646,45743],"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50181}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Committee Boardroom - Demo Labs","hotel":"","short_name":"Committee Boardroom - Demo Labs","id":45698},"updated":"2023-07-09T04:18:00.000-0000","begin":"2023-08-11T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Attack Surface Framework(ASF) aims to protect organizations acting as an attack surface watchdog. The Attack Surface Framework (ASF) was developed with motivation to automate and address vulnerabilities through continuous scanning and tracking risks at scale, in a comprehensive and adaptable approach, particularly against 0-day vulnerabilities with publicly available POCs. The Attack Surface Framework (ASF) is a modular, extensible, and customizable framework designed to help organizations manage their public attack surface risks. ASF will auto-discover assets such as network subnets, domains including subdomains, enumerate their ports and services, track deltas and serve as a continuous and flexible, attacking and alerting framework, leveraging another layer of support. ASF provides modules for attack surface management including asset discovery and management, asset enumeration, vulnerability scanning, and vulnerability testing. ASF is equipped with a set of CLI tools and an API, enabling users to interact with the framework and integrate it with other tools and processes. Additionally, ASF includes a web-based user interface for visualizing an organization's attack surface and managing vulnerabilities.\n\n\n","title":"Attack Surface Framework","type":{"conference_id":96,"conference":"DEFCON31","color":"#b3b0b6","updated_at":"2024-06-07T03:38+0000","name":"Demo Lab","id":45636},"android_description":"Attack Surface Framework(ASF) aims to protect organizations acting as an attack surface watchdog. The Attack Surface Framework (ASF) was developed with motivation to automate and address vulnerabilities through continuous scanning and tracking risks at scale, in a comprehensive and adaptable approach, particularly against 0-day vulnerabilities with publicly available POCs. The Attack Surface Framework (ASF) is a modular, extensible, and customizable framework designed to help organizations manage their public attack surface risks. ASF will auto-discover assets such as network subnets, domains including subdomains, enumerate their ports and services, track deltas and serve as a continuous and flexible, attacking and alerting framework, leveraging another layer of support. ASF provides modules for attack surface management including asset discovery and management, asset enumeration, vulnerability scanning, and vulnerability testing. ASF is equipped with a set of CLI tools and an API, enabling users to interact with the framework and integrate it with other tools and processes. Additionally, ASF includes a web-based user interface for visualizing an organization's attack surface and managing vulnerabilities.","end_timestamp":{"seconds":1691794500,"nanoseconds":0},"updated_timestamp":{"seconds":1688875740,"nanoseconds":0},"speakers":[{"content_ids":[50995],"conference_id":96,"event_ids":[51033],"name":"Prajwal Panchmahalkar","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50169},{"content_ids":[50995],"conference_id":96,"event_ids":[51033],"name":"Mike Henkelman","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50170}],"timeband_id":990,"links":[],"end":"2023-08-11T22:55:00.000-0000","id":51033,"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"tag_ids":[45592,45636,45646,45743],"village_id":null,"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50170},{"tag_id":45590,"sort_order":1,"person_id":50169}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Council Boardroom - Demo Labs","hotel":"","short_name":"Council Boardroom - Demo Labs","id":45699},"spans_timebands":"N","updated":"2023-07-09T04:09:00.000-0000","begin":"2023-08-11T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"For the last 6 years my colleagues and I have been tracking the activities of the cyber-mercenaries we call Dark Caracal. In this time we have observed them make a number of hilarious mistakes which have allowed us to gain crucial insights into their activities and victims. In this talk we will discuss the story of Dark Caracal, the mistakes they have made, and how they have managed to remain effective despite quite possibly being the dumbest APT to ever exist.\r\n\r\nREFERENCES:\r\nhttps://www.eff.org/wp/operation-manul\r\nhttps://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf\r\nhttps://www.welivesecurity.com/2021/07/07/bandidos-at-large-spying-campaign-latin-america/\r\nhttps://www.eff.org/deeplinks/2023/02/uncle-sow-dark-caracal-latin-america\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#47c64e","updated_at":"2024-06-07T03:38+0000","name":"DEF CON War Story","id":45844},"title":"Tracking the Worlds Dumbest Cyber-Mercenaries","end_timestamp":{"seconds":1691788800,"nanoseconds":0},"android_description":"For the last 6 years my colleagues and I have been tracking the activities of the cyber-mercenaries we call Dark Caracal. In this time we have observed them make a number of hilarious mistakes which have allowed us to gain crucial insights into their activities and victims. In this talk we will discuss the story of Dark Caracal, the mistakes they have made, and how they have managed to remain effective despite quite possibly being the dumbest APT to ever exist.\r\n\r\nREFERENCES:\r\nhttps://www.eff.org/wp/operation-manul\r\nhttps://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf\r\nhttps://www.welivesecurity.com/2021/07/07/bandidos-at-large-spying-campaign-latin-america/\r\nhttps://www.eff.org/deeplinks/2023/02/uncle-sow-dark-caracal-latin-america","updated_timestamp":{"seconds":1688183640,"nanoseconds":0},"speakers":[{"content_ids":[50639,50674],"conference_id":96,"event_ids":[50819,50860],"name":"Cooper Quintin","affiliations":[{"organization":"Electronic Frontier Foundation","title":"Senior Staff Technologist"}],"links":[{"description":"","title":"About","sort_order":0,"url":"https://www.eff.org/about/staff/cooper-quintin"},{"description":"","title":"Mastodon (@cooperq@infosec.exchange)","sort_order":0,"url":"https://infosec.exchange/@cooperq"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/cooperq"},{"description":"","title":"Website","sort_order":0,"url":"https://www.cooperq.com/"}],"pronouns":"he/him","media":[],"id":49911,"title":"Senior Staff Technologist at Electronic Frontier Foundation"}],"timeband_id":990,"end":"2023-08-11T21:20:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246127"}],"id":50860,"village_id":null,"tag_ids":[45648,45844],"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49911}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45666,"name":"Harrah's - Nevada Ballroom - Lake Tahoe & Reno - War Stories - On the Record","hotel":"","short_name":"War Stories - On the Record","id":45801},"spans_timebands":"N","begin":"2023-08-11T21:00:00.000-0000","updated":"2023-07-01T03:54:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This presentation will discuss the history of cyberwarfare, highlighting the misconceptions between nuclear deterrence and the nature of cyber conflict. It will shed light on this association in popular culture, including in movies like \"WarGames,\" which influenced then President Ronald Reagan and fed his concerns about potential hacking into U.S. weapons systems. These concerns and other influences helped to shape early perceptions about the cyber domain, which immediately became intertwined with notions of strategic weapons and catastrophic effects. In subsequent decades, continued theorizing about cyberwarfare envisioned strategic cyber attacks that could cause decisive effects, stoking fears of a \"Cyber Pearl Harbor.\" However, the reality is that cyber operations are ephemeral and cyber effects are hard to attribute and are rarely decisive. The turning point in U.S. cyber strategy occurred in lead up to the 2018 midterm election, with the adoption of a new approach focused on defending forward, which involved actively disrupting malicious cyber activity before it affected the U.S. Homeland. This strategy was further informed by Russia’s 2022 invasion of Ukraine, which demonstrated how cyber capabilities may be used in large-scale conventional conflict. Looking ahead, in terms of protecting Americans and strengthening our global Allies and partners, we know that private industry and individual volunteers will play a critical role, including many of the participants at DEF CON. This recognition acknowledges that cyberwarfare is pervasive and requires collective engagement.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"title":"There are no mushroom clouds in cyberwar","android_description":"This presentation will discuss the history of cyberwarfare, highlighting the misconceptions between nuclear deterrence and the nature of cyber conflict. It will shed light on this association in popular culture, including in movies like \"WarGames,\" which influenced then President Ronald Reagan and fed his concerns about potential hacking into U.S. weapons systems. These concerns and other influences helped to shape early perceptions about the cyber domain, which immediately became intertwined with notions of strategic weapons and catastrophic effects. In subsequent decades, continued theorizing about cyberwarfare envisioned strategic cyber attacks that could cause decisive effects, stoking fears of a \"Cyber Pearl Harbor.\" However, the reality is that cyber operations are ephemeral and cyber effects are hard to attribute and are rarely decisive. The turning point in U.S. cyber strategy occurred in lead up to the 2018 midterm election, with the adoption of a new approach focused on defending forward, which involved actively disrupting malicious cyber activity before it affected the U.S. Homeland. This strategy was further informed by Russia’s 2022 invasion of Ukraine, which demonstrated how cyber capabilities may be used in large-scale conventional conflict. Looking ahead, in terms of protecting Americans and strengthening our global Allies and partners, we know that private industry and individual volunteers will play a critical role, including many of the participants at DEF CON. This recognition acknowledges that cyberwarfare is pervasive and requires collective engagement.","end_timestamp":{"seconds":1691788800,"nanoseconds":0},"updated_timestamp":{"seconds":1690559340,"nanoseconds":0},"speakers":[{"content_ids":[50685],"conference_id":96,"event_ids":[50801],"name":"Mieke Eoyang","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49977}],"timeband_id":990,"links":[],"end":"2023-08-11T21:20:00.000-0000","id":50801,"village_id":null,"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"tag_ids":[45589,45646,45766],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49977}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"begin":"2023-08-11T21:00:00.000-0000","updated":"2023-07-28T15:49:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Wireless networks have become ubiquitous in today's world, and Red Teams are increasingly using advanced WiFi attacks to gain unauthorized access to these networks. This workshop will focus on advanced WiFi attacks utilized by Red Teams to gain access to wireless networks. Participants will learn how to conduct WiFi reconnaissance, identify misconfigurations in wireless networks, create Rogue APs for launching phishing attacks, bypass WIDS, and more. The workshop is entirely virtual, and participants will have access to a lab environment where they can experiment safely. Participants must have prior knowledge of WiFi attacks on Open, WEP, and WPA2-PSK networks. The workshop covers advanced techniques for WiFi reconnaissance, creating custom TLS certificates, Rogue AP attacks, MSCHAPv2 Relay attacks, password spraying, ESSID stripping, and more. The workshop also covers the importance of Wireless Intrusion Detection Systems for Blue Teams and an example using Nzyme. Overall, this workshop is ideal for Red Team professionals looking to enhance their WiFi attack skills and stay ahead of the game.\r\n\r\nSkill Level: Intermediate\r\n\r\nPrerequisites for students: \r\n- All participants in participating in this workshop must have a basic understanding of Linux, 802.11 protocol and Wireshark. \r\n- Must have prior knowledge of WiFi attacks on Open, WEP, and WPA2-PSK networks.\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- Participants must have access to a computer with a reliable internet connection and a virtualization software such as VirtualBox or VMware.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#eab14f","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Workshop","id":45634},"title":"Advanced WiFi Attacks for Red Team Professionals (Pre-Registration Required)","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"Wireless networks have become ubiquitous in today's world, and Red Teams are increasingly using advanced WiFi attacks to gain unauthorized access to these networks. This workshop will focus on advanced WiFi attacks utilized by Red Teams to gain access to wireless networks. Participants will learn how to conduct WiFi reconnaissance, identify misconfigurations in wireless networks, create Rogue APs for launching phishing attacks, bypass WIDS, and more. The workshop is entirely virtual, and participants will have access to a lab environment where they can experiment safely. Participants must have prior knowledge of WiFi attacks on Open, WEP, and WPA2-PSK networks. The workshop covers advanced techniques for WiFi reconnaissance, creating custom TLS certificates, Rogue AP attacks, MSCHAPv2 Relay attacks, password spraying, ESSID stripping, and more. The workshop also covers the importance of Wireless Intrusion Detection Systems for Blue Teams and an example using Nzyme. Overall, this workshop is ideal for Red Team professionals looking to enhance their WiFi attack skills and stay ahead of the game.\r\n\r\nSkill Level: Intermediate\r\n\r\nPrerequisites for students: \r\n- All participants in participating in this workshop must have a basic understanding of Linux, 802.11 protocol and Wireshark. \r\n- Must have prior knowledge of WiFi attacks on Open, WEP, and WPA2-PSK networks.\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- Participants must have access to a computer with a reliable internet connection and a virtualization software such as VirtualBox or VMware.","updated_timestamp":{"seconds":1688054940,"nanoseconds":0},"speakers":[{"content_ids":[50624],"conference_id":96,"event_ids":[50732],"name":"Raúl \"r4ulcl\" Calvo Laorden","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49875}],"timeband_id":990,"links":[{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/raul-calvo-laorden-advanced-wifi-attacks-for-red-team-professionals-tickets-668377985547?aff=oddtdtcreator"}],"end":"2023-08-12T01:00:00.000-0000","id":50732,"tag_ids":[45634,45654,45743,45877],"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49875}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"spans_timebands":"N","updated":"2023-06-29T16:09:00.000-0000","begin":"2023-08-11T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"BLE CTF is a series of Bluetooth Low Energy challenges in a capture-the-flag format. It was created to teach the fundamentals of interacting with and hacking Bluetooth Low Energy services. Each exercise, or flag, aims to interactively introduce a new concept to the user.\r\n\r\nOver the past few years, BLE CTF has expanded to support multiple platforms and skill levels. Various books, workshops, training, and conferences have utilized it as an educational platform and CTF. As an open source, low-cost of entry, and expandable education solution, BLE CTF has helped progress Bluetooth security research.\r\n\r\nThis workshop will teach the fundamentals of interacting with and hacking Bluetooth Low Energy services. Each exercise, or flag, aims to interactively introduce a new concept to the user. For this workshop, we will undergo a series of exercises to teach beginner students new concepts and allow more seasoned users to try new tools and techniques. After completing this workshop, you should have a good solid understanding of how to interact with and hack on BLE devices in the wild.\r\n\r\nIf you have done BLE CTF in the past, this class is still valuable. For advanced users, we offer BLE CTF Infinity, a sequel to BLE CTF. The workshop will also showcase new hardware platforms and client tools for interacting with and completing the exercises.\r\n\r\nSkill Level: Beginner to Intermediate\r\n\r\nPrerequisites for students:\r\n- To prepare for the workshop, please follow the setup documentation located at https://github.com/hackgnar/ble_ctf/blob/master/docs/workshop_setup.md\r\n\r\nMaterials or Equipment students will need to bring to participate:\r\n- Preferably a Linux box with a Bluetooth controller or a Bluetooth USB dongle. An OSX or Windows machine with a Linux VM and USB passthough works as well but should be setup and tested before the workshop.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#eab14f","name":"DEF CON Workshop","id":45634},"title":"Learning to Hack Bluetooth Low Energy with BLE CTF (Pre-Registration Required)","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"BLE CTF is a series of Bluetooth Low Energy challenges in a capture-the-flag format. It was created to teach the fundamentals of interacting with and hacking Bluetooth Low Energy services. Each exercise, or flag, aims to interactively introduce a new concept to the user.\r\n\r\nOver the past few years, BLE CTF has expanded to support multiple platforms and skill levels. Various books, workshops, training, and conferences have utilized it as an educational platform and CTF. As an open source, low-cost of entry, and expandable education solution, BLE CTF has helped progress Bluetooth security research.\r\n\r\nThis workshop will teach the fundamentals of interacting with and hacking Bluetooth Low Energy services. Each exercise, or flag, aims to interactively introduce a new concept to the user. For this workshop, we will undergo a series of exercises to teach beginner students new concepts and allow more seasoned users to try new tools and techniques. After completing this workshop, you should have a good solid understanding of how to interact with and hack on BLE devices in the wild.\r\n\r\nIf you have done BLE CTF in the past, this class is still valuable. For advanced users, we offer BLE CTF Infinity, a sequel to BLE CTF. The workshop will also showcase new hardware platforms and client tools for interacting with and completing the exercises.\r\n\r\nSkill Level: Beginner to Intermediate\r\n\r\nPrerequisites for students:\r\n- To prepare for the workshop, please follow the setup documentation located at https://github.com/hackgnar/ble_ctf/blob/master/docs/workshop_setup.md\r\n\r\nMaterials or Equipment students will need to bring to participate:\r\n- Preferably a Linux box with a Bluetooth controller or a Bluetooth USB dongle. An OSX or Windows machine with a Linux VM and USB passthough works as well but should be setup and tested before the workshop.","updated_timestamp":{"seconds":1688054520,"nanoseconds":0},"speakers":[{"content_ids":[50621,50997],"conference_id":96,"event_ids":[50729,51035],"name":"Ryan Holeman","affiliations":[{"organization":"Strike","title":"CISO"}],"links":[],"pronouns":null,"media":[],"id":49870,"title":"CISO at Strike"}],"timeband_id":990,"end":"2023-08-12T01:00:00.000-0000","links":[{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/ryan-holeman-learning-to-hack-bluetooth-low-energy-with-ble-ctf-tickets-668376039727?aff=oddtdtcreator"}],"id":50729,"tag_ids":[45634,45653,45743,45877],"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49870}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"spans_timebands":"N","updated":"2023-06-29T16:02:00.000-0000","begin":"2023-08-11T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This workshop will give an initiation to offensive malware development in C/C++ and how it is possible to adapt the approach depending on the security solution that must be tackled down. Different methods such as ModuleStomping, DLL Injection, Threadless Injection and Hardware Breakpoint for dehooking will be seen.\r\n\r\nThe idea is to start with a basic malware performing process injection and apply additional techniques to start evading EDR. At each step, some analysis on the malware will be performed to understand the differences at the system level and the IOC detected by the EDR.\r\n\r\nAt the end of this workshop, you will have all the knowledge needed to develop your own malware and adapt it to the targeted environment to escape from the basic pattern and spawn your beacons as if EDR didn't exist.\r\n\r\nSkill Level: Intermediate\r\n\r\nPrerequisites for students: \r\n- Some basic C/C++ knowledge and an entry level skills on Windows OS.\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- A Computer with VisualStudio Community or an equivalent compiler, WinDBG and a Windows System (Virtual machine might be better)\n\n\n","title":"Malware development on secured environment - Write, adapt, overcome (Pre-Registration Required)","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#eab14f","name":"DEF CON Workshop","id":45634},"android_description":"This workshop will give an initiation to offensive malware development in C/C++ and how it is possible to adapt the approach depending on the security solution that must be tackled down. Different methods such as ModuleStomping, DLL Injection, Threadless Injection and Hardware Breakpoint for dehooking will be seen.\r\n\r\nThe idea is to start with a basic malware performing process injection and apply additional techniques to start evading EDR. At each step, some analysis on the malware will be performed to understand the differences at the system level and the IOC detected by the EDR.\r\n\r\nAt the end of this workshop, you will have all the knowledge needed to develop your own malware and adapt it to the targeted environment to escape from the basic pattern and spawn your beacons as if EDR didn't exist.\r\n\r\nSkill Level: Intermediate\r\n\r\nPrerequisites for students: \r\n- Some basic C/C++ knowledge and an entry level skills on Windows OS.\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- A Computer with VisualStudio Community or an equivalent compiler, WinDBG and a Windows System (Virtual machine might be better)","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1688054040,"nanoseconds":0},"speakers":[{"content_ids":[50618],"conference_id":96,"event_ids":[50726],"name":"Yoann Dequeker","affiliations":[{"organization":"Wavestone","title":"Red Team Operator"}],"links":[],"pronouns":null,"media":[],"id":49867,"title":"Red Team Operator at Wavestone"}],"timeband_id":990,"links":[{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/yoann-dequeker-malware-development-on-secured-environment-tickets-668374595407?aff=oddtdtcreator"}],"end":"2023-08-12T01:00:00.000-0000","id":50726,"village_id":null,"tag_ids":[45634,45654,45743,45877],"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49867}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"updated":"2023-06-29T15:54:00.000-0000","begin":"2023-08-11T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The first official comments on security policy live from DEF CON. The workshop will show hackers how to go through the process of submitting official comments to regulations and legislation.\r\n\r\nMeeting with policymakers is only one way to make your voice heard. There are also formal channels for submitting written feedback on policy proposals that become a critical part of the record for regulations. These channels are open to the public, but non-policy professionals don’t always know how to access or make the most effective use of them.\r\n\r\nThis workshop will walk security researchers through the process of using regulations.gov and congress.gov to find open opportunities to influence regulations, and actually submit official comments via those channels from the workshop. The workshop will also talk through how to form an advocacy strategy to amplify the impact of the comments - for example, how to find the right policymakers and staff to follow up with.\r\n\r\nThe workshop will be led by policy professionals with deep ties to the security community.\r\n\r\nSkill Level: All Levels\r\n\r\nPrerequisites for students: \r\n- None\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- To walk through the process and/or submit comments, bring a laptop, iPad, or other connected device you can type on\n\n\n","title":"How hackers can send feedback directly to policymakers like the pros (Pre-Registration Required)","type":{"conference_id":96,"conference":"DEFCON31","color":"#eab14f","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Workshop","id":45634},"end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"The first official comments on security policy live from DEF CON. The workshop will show hackers how to go through the process of submitting official comments to regulations and legislation.\r\n\r\nMeeting with policymakers is only one way to make your voice heard. There are also formal channels for submitting written feedback on policy proposals that become a critical part of the record for regulations. These channels are open to the public, but non-policy professionals don’t always know how to access or make the most effective use of them.\r\n\r\nThis workshop will walk security researchers through the process of using regulations.gov and congress.gov to find open opportunities to influence regulations, and actually submit official comments via those channels from the workshop. The workshop will also talk through how to form an advocacy strategy to amplify the impact of the comments - for example, how to find the right policymakers and staff to follow up with.\r\n\r\nThe workshop will be led by policy professionals with deep ties to the security community.\r\n\r\nSkill Level: All Levels\r\n\r\nPrerequisites for students: \r\n- None\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- To walk through the process and/or submit comments, bring a laptop, iPad, or other connected device you can type on","updated_timestamp":{"seconds":1688053500,"nanoseconds":0},"speakers":[{"content_ids":[50571,50614,51515,51499],"conference_id":96,"event_ids":[50722,50809,51655,51671],"name":"Harley Geiger","affiliations":[{"organization":"Venable LLP","title":"Counsel"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/HarleyGeiger"}],"media":[],"id":49789,"title":"Counsel at Venable LLP"},{"content_ids":[50614],"conference_id":96,"event_ids":[50722],"name":"Amit Elazari","affiliations":[{"organization":"OpenPolicy","title":"Co-Founder and CEO"}],"links":[],"pronouns":null,"media":[],"id":49862,"title":"Co-Founder and CEO at OpenPolicy"}],"timeband_id":990,"links":[{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/harley-geiger-how-hackers-can-send-feedback-directly-to-policymakers-tickets-668378818037?aff=oddtdtcreator"}],"end":"2023-08-12T01:00:00.000-0000","id":50722,"tag_ids":[45634,45650,45743,45877],"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49862},{"tag_id":45590,"sort_order":1,"person_id":49789}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"spans_timebands":"N","updated":"2023-06-29T15:45:00.000-0000","begin":"2023-08-11T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Every technical product is now incorporating machine learning at an explosive rate. But most people, even those with strong technical skills, don't understand how it works, what its capabilities are, and what security risks come with it. In this workshop, we'll make machine learning models using simple Python scripts, train them, and evaluate their value. Projects include computer vision, breaking a CAPTCHA, deblurring images, regression, and classification tasks. We will perform poisoning and evasion attacks on machine learning systems, and implement deep neural rejection to block such attacks.\r\n\r\nNo experience with programming or machine learning is required, and the only software required is a Web browser. We will use TensorFlow on free Google Colab cloud systems.\r\n\r\nAll materials and challenges are freely available at samsclass.info, and will remain available after the workshop ends.\r\n\r\nSkill Level: Beginner\r\n\r\nPrerequisites for students: \r\n- None\r\n\r\nMaterials or Equipment students will need to bring to participate:\r\n- A computer with a Web browser\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#eab14f","name":"DEF CON Workshop","id":45634},"title":"Machine Learning for N00bs (Pre-Registration Required)","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"Every technical product is now incorporating machine learning at an explosive rate. But most people, even those with strong technical skills, don't understand how it works, what its capabilities are, and what security risks come with it. In this workshop, we'll make machine learning models using simple Python scripts, train them, and evaluate their value. Projects include computer vision, breaking a CAPTCHA, deblurring images, regression, and classification tasks. We will perform poisoning and evasion attacks on machine learning systems, and implement deep neural rejection to block such attacks.\r\n\r\nNo experience with programming or machine learning is required, and the only software required is a Web browser. We will use TensorFlow on free Google Colab cloud systems.\r\n\r\nAll materials and challenges are freely available at samsclass.info, and will remain available after the workshop ends.\r\n\r\nSkill Level: Beginner\r\n\r\nPrerequisites for students: \r\n- None\r\n\r\nMaterials or Equipment students will need to bring to participate:\r\n- A computer with a Web browser","updated_timestamp":{"seconds":1688053320,"nanoseconds":0},"speakers":[{"content_ids":[50612,50613],"conference_id":96,"event_ids":[50720,50721],"name":"Sam Bowne","affiliations":[{"organization":"Infosec Decoded, Inc","title":"Founder"}],"links":[],"pronouns":null,"media":[],"id":49858,"title":"Founder at Infosec Decoded, Inc"},{"content_ids":[50612,50613],"conference_id":96,"event_ids":[50720,50721],"name":"Elizabeth Biddlecome","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49859},{"content_ids":[50612,50613],"conference_id":96,"event_ids":[50720,50721],"name":"Kaitlyn Handelman","affiliations":[{"organization":"Amazon","title":"Offensive Security Engineer"}],"links":[],"pronouns":null,"media":[],"id":49860,"title":"Offensive Security Engineer at Amazon"},{"content_ids":[50612,50613],"conference_id":96,"event_ids":[50720,50721],"name":"Irvin Lemus","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49861}],"timeband_id":990,"links":[{"label":"Materials","type":"link","url":"https://samsclass.info"},{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/sam-bowne-machine-learning-for-n00bs-tickets-668377072817?aff=oddtdtcreator"}],"end":"2023-08-12T01:00:00.000-0000","id":50721,"village_id":null,"begin_timestamp":{"seconds":1691787600,"nanoseconds":0},"tag_ids":[45634,45652,45743,45877],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49859},{"tag_id":45590,"sort_order":1,"person_id":49861},{"tag_id":45590,"sort_order":1,"person_id":49860},{"tag_id":45590,"sort_order":1,"person_id":49858}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"begin":"2023-08-11T21:00:00.000-0000","updated":"2023-06-29T15:42:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Access Control Vulnerabilities: Breaking Into Buildings With Computers","android_description":"","end_timestamp":{"seconds":1691789400,"nanoseconds":0},"updated_timestamp":{"seconds":1691565000,"nanoseconds":0},"speakers":[{"content_ids":[52385,52387,52395],"conference_id":96,"event_ids":[52676,52678,52686],"name":"Chad","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51604},{"content_ids":[52385,52387,52395],"conference_id":96,"event_ids":[52676,52678,52686],"name":"Shortman","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51609}],"timeband_id":990,"links":[],"end":"2023-08-11T21:30:00.000-0000","id":52676,"begin_timestamp":{"seconds":1691785800,"nanoseconds":0},"tag_ids":[40290,45645,45647,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51604},{"tag_id":45590,"sort_order":1,"person_id":51609}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Carson City - Physical Security Village","hotel":"","short_name":"Carson City - Physical Security Village","id":45679},"spans_timebands":"N","updated":"2023-08-09T07:10:00.000-0000","begin":"2023-08-11T20:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Did you know that data analytics vendors, tech companies, political campaigns, PACs, and government agencies know your political leanings, whether you are interested in certain conspiracy theories, follow a hot-button issue, or are having financial trouble? During this talk, you will learn how data siphoned from the Internet, mobile devices, and the IoT webs that surround us are used to analyze and construct your unique digital signature—your travel patterns, interests, relationships, reading behaviors, and other private activities. Under current U.S. laws, foreign actors, political organizations, and private companies can legally access your digital signature, including your voting records. In most states, almost all voter registration information is available for purchase or through a public record request. Some states have additional protections for voter information for certain sensitive groups, including domestic violence victims, judges, law enforcement, and minors. In other states, like Florida, almost all voter information (including party affiliation) is public, by default. Interested actors use that information to influence your political activities, uncover your motivations, and influence your decision to vote, not vote, and how you vote. They do this through targeted digital ads, communications, the news you see in your “feed” on social media platforms, your suggested purchases, and the multimedia you see every day. Your personal interests and demographic information drive what you see in the digital space—each and every day. So how can we manage and protect our digital signature and make more informed decisions in light of these sophisticated influence marketplaces? We can expand the news, comments, and other information we see using tools that are available today and become more aware of why we see the particular information that is served up to us on the Internet. This presentation will close with tips for understanding and managing your digital signature.\n\n\n","title":"The Fallacy Of Privacy","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"Did you know that data analytics vendors, tech companies, political campaigns, PACs, and government agencies know your political leanings, whether you are interested in certain conspiracy theories, follow a hot-button issue, or are having financial trouble? During this talk, you will learn how data siphoned from the Internet, mobile devices, and the IoT webs that surround us are used to analyze and construct your unique digital signature—your travel patterns, interests, relationships, reading behaviors, and other private activities. Under current U.S. laws, foreign actors, political organizations, and private companies can legally access your digital signature, including your voting records. In most states, almost all voter registration information is available for purchase or through a public record request. Some states have additional protections for voter information for certain sensitive groups, including domestic violence victims, judges, law enforcement, and minors. In other states, like Florida, almost all voter information (including party affiliation) is public, by default. Interested actors use that information to influence your political activities, uncover your motivations, and influence your decision to vote, not vote, and how you vote. They do this through targeted digital ads, communications, the news you see in your “feed” on social media platforms, your suggested purchases, and the multimedia you see every day. Your personal interests and demographic information drive what you see in the digital space—each and every day. So how can we manage and protect our digital signature and make more informed decisions in light of these sophisticated influence marketplaces? We can expand the news, comments, and other information we see using tools that are available today and become more aware of why we see the particular information that is served up to us on the Internet. This presentation will close with tips for understanding and managing your digital signature.","end_timestamp":{"seconds":1691788800,"nanoseconds":0},"updated_timestamp":{"seconds":1691435400,"nanoseconds":0},"speakers":[{"content_ids":[52326],"conference_id":96,"event_ids":[52610],"name":"Antigone Peyton","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/antigonepeyton"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/antigonepeyton"},{"description":"","title":"Website","sort_order":0,"url":"https://www.antigonepeyton.com"}],"pronouns":null,"media":[],"id":51528}],"timeband_id":990,"links":[],"end":"2023-08-11T21:20:00.000-0000","id":52610,"tag_ids":[40298,45645,45646,45743],"begin_timestamp":{"seconds":1691785800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51528}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"spans_timebands":"N","updated":"2023-08-07T19:10:00.000-0000","begin":"2023-08-11T20:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"GPTs are all the rage and no doubt everybody is curious if you can use them for offensive security operations. In this talk we demonstrate how you can and can’t use large language models (LLMs) like GPT4 to find security vulnerabilities in applications, and discuss in detail the promise and limitations of using LLMs this way. We go deep on how LLMs work, the differences between various models, and state-of-the-art techniques to improve performance.\n\n\n","title":"How NOT to Train your Hack Bot: Dos and Don’ts of Building Offensive GPTs","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691787300,"nanoseconds":0},"android_description":"GPTs are all the rage and no doubt everybody is curious if you can use them for offensive security operations. In this talk we demonstrate how you can and can’t use large language models (LLMs) like GPT4 to find security vulnerabilities in applications, and discuss in detail the promise and limitations of using LLMs this way. We go deep on how LLMs work, the differences between various models, and state-of-the-art techniques to improve performance.","updated_timestamp":{"seconds":1691291040,"nanoseconds":0},"speakers":[{"content_ids":[52290],"conference_id":96,"event_ids":[52560],"name":"Ari Herbert-Voss","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51518},{"content_ids":[52290],"conference_id":96,"event_ids":[52560],"name":"Shane Caldwell","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51519}],"timeband_id":990,"links":[],"end":"2023-08-11T20:55:00.000-0000","id":52560,"tag_ids":[40299,45645,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691785800,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51518},{"tag_id":45590,"sort_order":1,"person_id":51519}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 401-406 - AI Village","hotel":"","short_name":"Academy - 401-406 - AI Village","id":45870},"begin":"2023-08-11T20:30:00.000-0000","updated":"2023-08-06T03:04:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"The Russian Playbook vs. the Chinese Little Red Playbook: Broadening our Understanding of Effective Disinformation Operations","end_timestamp":{"seconds":1691787600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691284440,"nanoseconds":0},"speakers":[{"content_ids":[52265],"conference_id":96,"event_ids":[52529],"name":"Darren Linvill","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51500}],"timeband_id":990,"links":[],"end":"2023-08-11T21:00:00.000-0000","id":52529,"begin_timestamp":{"seconds":1691785800,"nanoseconds":0},"tag_ids":[40305,45645,45646,45743],"village_id":null,"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51500}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 224 - Misinfo Village","hotel":"","short_name":"Summit - 224 - Misinfo Village","id":45856},"spans_timebands":"N","updated":"2023-08-06T01:14:00.000-0000","begin":"2023-08-11T20:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This Forensics Kill Chain session includes two modules.\r\n\r\nPart I: Forensics Analysis: Insider Threat - Forensics walkthrough of the Project Obsidian Insider Threat - Covering both Technical and Non-Technical considerations.\r\nPart II: Forensics Analysis: Pivoting from IT to OT: Forensics walkthrough of the Project Obsidian external attacker (Kill Chain) - Covering Telemetry and artifacts collected and parsed to determine what happened.\n\n\nForensics analysis; Part I: Forensics Analysis: Insider Threat, Part II: Forensics Analysis: Pivoting from IT to OT","title":"Forensic Analysis: Part I & II","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"android_description":"This Forensics Kill Chain session includes two modules.\r\n\r\nPart I: Forensics Analysis: Insider Threat - Forensics walkthrough of the Project Obsidian Insider Threat - Covering both Technical and Non-Technical considerations.\r\nPart II: Forensics Analysis: Pivoting from IT to OT: Forensics walkthrough of the Project Obsidian external attacker (Kill Chain) - Covering Telemetry and artifacts collected and parsed to determine what happened.\n\n\nForensics analysis; Part I: Forensics Analysis: Insider Threat, Part II: Forensics Analysis: Pivoting from IT to OT","end_timestamp":{"seconds":1691789400,"nanoseconds":0},"updated_timestamp":{"seconds":1691245140,"nanoseconds":0},"speakers":[{"content_ids":[52227,52216],"conference_id":96,"event_ids":[52462,52468],"name":"Danny D. \"B4nd1t0\" Henderson Jr","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51454},{"content_ids":[52216,52224],"conference_id":96,"event_ids":[52468,52476],"name":"Omenscan","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51477}],"timeband_id":990,"links":[],"end":"2023-08-11T21:30:00.000-0000","id":52468,"begin_timestamp":{"seconds":1691785800,"nanoseconds":0},"village_id":null,"tag_ids":[40282,45647,45743,45775],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51454},{"tag_id":45590,"sort_order":1,"person_id":51477}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45645,"name":"Flamingo - Sunset - Scenic - Blue Team Village - Project Obsidian: Kill Chain Track (0x42)","hotel":"","short_name":"BTV Project Obsidian: Kill Chain Track (0x42)","id":45968},"spans_timebands":"N","begin":"2023-08-11T20:30:00.000-0000","updated":"2023-08-05T14:19:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This IR 101 session include two modules.\r\n\r\nPart IV: Analyst Mindset\r\nPart V: Quality Assurance Processes\n\n\nIR 101 covering Analyst Mindset and Quality Assurance Processes.","title":"IR 101: Part IV, V","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"android_description":"This IR 101 session include two modules.\r\n\r\nPart IV: Analyst Mindset\r\nPart V: Quality Assurance Processes\n\n\nIR 101 covering Analyst Mindset and Quality Assurance Processes.","end_timestamp":{"seconds":1691789400,"nanoseconds":0},"updated_timestamp":{"seconds":1691245140,"nanoseconds":0},"speakers":[{"content_ids":[52219,52213],"conference_id":96,"event_ids":[52465,52471],"name":"juju43","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51469}],"timeband_id":990,"links":[],"end":"2023-08-11T21:30:00.000-0000","id":52465,"begin_timestamp":{"seconds":1691785800,"nanoseconds":0},"village_id":null,"tag_ids":[40282,45647,45743,45775],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51469}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45645,"name":"Flamingo - Sunset - Scenic - Blue Team Village - Project Obsidian: 101 Track (0x41)","hotel":"","short_name":"BTV Project Obsidian: 101 Track (0x41)","id":45967},"spans_timebands":"N","updated":"2023-08-05T14:19:00.000-0000","begin":"2023-08-11T20:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":".\n\n\nA brief view into the odd world of Operational Technology (OT) and why so many OT Security Engineers drink like they hate themselves. This will cover the realities of their tech stack, business risk considerations, control systems recovery and how incident response is conducted within the environment. We will briefly cover how this environment was emulated for the Project Obsidian attack chain and how it differs from the physical environments.","title":"OT: Why OT Cybersecurity Engineers Drink So Much","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691789400,"nanoseconds":0},"android_description":".\n\n\nA brief view into the odd world of Operational Technology (OT) and why so many OT Security Engineers drink like they hate themselves. This will cover the realities of their tech stack, business risk considerations, control systems recovery and how incident response is conducted within the environment. We will briefly cover how this environment was emulated for the Project Obsidian attack chain and how it differs from the physical environments.","updated_timestamp":{"seconds":1691245140,"nanoseconds":0},"speakers":[{"content_ids":[52208,52230],"conference_id":96,"event_ids":[52459,52480],"name":"ThatDeadGuy","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51458}],"timeband_id":990,"links":[],"end":"2023-08-11T21:30:00.000-0000","id":52459,"begin_timestamp":{"seconds":1691785800,"nanoseconds":0},"tag_ids":[40282,45647,45743,45775],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51458}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45645,"name":"Flamingo - Sunset - Scenic - Blue Team Village - Main Stage","hotel":"","short_name":"BTV Main Stage","id":45969},"updated":"2023-08-05T14:19:00.000-0000","begin":"2023-08-11T20:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"We devised a MTD algorithm and tested its application to a MIL-STD-1553 network. We demonstrated and analyzed four aspects of the MTD algorithm: 1) characterized the performance and unpredictability of the core algorithm, 2) demonstrated experiments on actual commercial hardware, 3) conducted an exfiltration experiment where the reduction in adversarial knowledge was 97%, and 4) employed the LSTM machine learning model to see if it could defeat the algorithm.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Moving Target Defense for Space Systems","end_timestamp":{"seconds":1691787300,"nanoseconds":0},"android_description":"We devised a MTD algorithm and tested its application to a MIL-STD-1553 network. We demonstrated and analyzed four aspects of the MTD algorithm: 1) characterized the performance and unpredictability of the core algorithm, 2) demonstrated experiments on actual commercial hardware, 3) conducted an exfiltration experiment where the reduction in adversarial knowledge was 97%, and 4) employed the LSTM machine learning model to see if it could defeat the algorithm.","updated_timestamp":{"seconds":1691101140,"nanoseconds":0},"speakers":[{"content_ids":[52151],"conference_id":96,"event_ids":[52381],"name":"Chris Jenkins","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51408}],"timeband_id":990,"links":[],"end":"2023-08-11T20:55:00.000-0000","id":52381,"village_id":null,"tag_ids":[40280,45645,45646,45743],"begin_timestamp":{"seconds":1691785800,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51408}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"spans_timebands":"N","begin":"2023-08-11T20:30:00.000-0000","updated":"2023-08-03T22:19:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Open Distro of Malicious Maritime Hacking Tools: What Could Go Wrong?","android_description":"","end_timestamp":{"seconds":1691791200,"nanoseconds":0},"updated_timestamp":{"seconds":1690422720,"nanoseconds":0},"speakers":[{"content_ids":[51478],"conference_id":96,"event_ids":[51634],"name":"Austin Reid","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50541},{"content_ids":[51476,51478],"conference_id":96,"event_ids":[51632,51634],"name":"Gary C. Kessler","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50550},{"content_ids":[51478,51501],"conference_id":96,"event_ids":[51634,51657],"name":"Nina Kollars","affiliations":[{"organization":"Cyber and Innovation Policy Institute at the US Naval War College","title":"Associate Professor"}],"links":[],"pronouns":null,"media":[],"id":50560,"title":"Associate Professor at Cyber and Innovation Policy Institute at the US Naval War College"}],"timeband_id":990,"links":[],"end":"2023-08-11T22:00:00.000-0000","id":51634,"tag_ids":[40306,45645,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691785800,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50541},{"tag_id":45590,"sort_order":1,"person_id":50550},{"tag_id":45590,"sort_order":1,"person_id":50560}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 313-319 - ICS Village","hotel":"","short_name":"Alliance - 313-319 - ICS Village","id":45869},"spans_timebands":"N","begin":"2023-08-11T20:30:00.000-0000","updated":"2023-07-27T01:52:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Dobbs has significantly heightened the fear that everyday private data can be leveraged by law enforcement to prosecute pregnancy outcomes. However, this data is already being used in investigating other criminalized activities. In this talk, we will show you examples of information that can easily be extracted from many phones to surveil personal reproductive decisions.\r\n\r\nWe will also show you how the government obtains your not-so-private thoughts using forensic extraction and reporting tools, with a focus on health and lifestyle apps. This will include a review of the output of common forensic tools, demonstrating both the practical ease of reviewing sensitive data and the technical limitations of interpreting their meaning. Warning: you may find this peek into digital investigations disturbing.\r\n\r\nWe will discuss the different laws that do, or do not, protect your private health data, but will focus primarily on the limitations of the 4th Amendment in the digital world. The talk will provide a brief overview of traditional warrant practice and the \"reasonable expectation of privacy\" in digital data. But because the law has no bearing on reality, we'll look at excerpts from search warrants for digital devices and cloud data that illustrate the flawed nature of warrant practice in general, the limitations of the practice in the digital context, and the ease with which the government can obtain your data without any real oversight.\r\n\r\nBibliography & References:\r\n - United States v. Jones, 565 U.S. 400 (2012)\r\n - Riley v. California, 573 U.S. 373 (2014)\r\n - Carpenter v. United States, 138 S. Ct. 2206\r\n - United States v. Warshak, 631 F.3d 266 (6th Cir. 2010)\r\n - Stored Communications Act 18 U.S. Code § 2703\r\n - Aziz Z. Huq & Rebecca Wexler, Digital Privacy for Reproductive Choice in the Post-Roe Era, 98 NYUL Rev 555 [2023]\r\n - Congressional Research Service, \"Abortion, Data Privacy, and Law Enforcement Access: A Legal Overview\", (July 8, 2022 Update), Available at: https://crsreports.congress.gov/product/pdf/LSB/LSB10786\r\n - Conti-Cook, Cynthia, \"Surveilling the Digital Abortion Diary\" (October 28th, 2020). University of Baltimore Law Review: Vol. 50: Iss. 1, Article 2. Available at: https://scholarworks.law.ubalt.edu/ublr/vol50/iss1/2\r\n - Downing, Andrea, \"Health Advertising on Facebook: Privacy and Policy Considerations,\" (August 15th, 2022). Patterns. Available at https://doi.org/10.1016/j.patter.2022.100561\r\n - Fowler, Leah R. and Ulrich, Michael R., Femtechnodystopia (May 3, 2022). Stanford Law Review, Forthcoming, Available at SSRN: https://ssrn.com/abstract=4099764 or http://dx.doi.org/10.2139/ssrn.4099764\r\n - Gallagher, William, \"What Apple surrenders to law enforcement when issued a subpoena,\" (January 21st, 2020). Apple Insider. Available at: https://appleinsider.com/articles/20/01/21/what-apple-surrenders-to-law-enforcement-when-issued-a-subpoena\r\n - Huss et. al, \"Self-Care Criminalized: August 2022 Preliminary Findings,\" If/When/How. Available at https://www.ifwhenhow.org/resources/self-care-criminalized-preliminary-findings/\r\n - Koepke, Logan and Emma Weil, Urmila Janardan, Tinuola Dada, Harlan Yu, \"Mass Extraction: The Widespread Power of U.S. Law Enforcement to Search Mobile Phones\" (October 20th, 2020). Upturn. Available at https://www.upturn.org/work/mass-extraction/\r\n - Paltrow LM, Flavin J. \"Arrests of and forced interventions on pregnant women in the United States, 1973-2005: implications for women's legal status and public health.\" J Health Polit Policy Law. 2013 Apr;38(2):299-343. doi: 10.1215/03616878-1966324. Epub 2013 Jan 15. PMID: 23262772.\r\n - \"Pregnancy Justice, Arrests and Prosecutions of Pregnant People, 1973-2020.\" Available at https://www.pregnancyjusticeus.org/arrests-and-prosecutions-of-pregnant-women-1973-2020/\r\n - Rajesh, Ananya Mariam and Jeffrey Dastin, \"Google to delete location history of visits to abortion clinics,\" (July 1st, 2022). Reuters. Available at https://www.reuters.com/world/us/google-delete-location-history-visits-abortion-clinics-2022-07-01/\r\n - Sunde, Nina and Itiel E. Dror, \"A hierarchy of expert performance (HEP) applied to digital forensics: Reliability and biasability in digital forensics decision making,\" Forensic Science International: Digital Investigation, Volume 37, 2021, 301175, ISSN 2666-2817, https://doi.org/10.1016/j.fsidi.2021.301175. (Accessed from https://www.sciencedirect.com/science/article/pii/S2666281721000834 on July 2nd, 2023)\r\n - Wexler, Rebecca, \"Privacy As Privilege: The Stored Communications Act and Internet Evidence\" (August 13, 2020). 134 Harv. L. Rev. 2721 (2021). Available at SSRN: https://ssrn.com/abstract=3673403\r\n - Cole, Samantha, \"Apple Health Data Is Being Used as Evidence in a Rape and Murder Investigation,\" (January 11th, 2018). Vice Media Group. Available at: https://www.vice.com/en/article/43q7qq/apple-health-data-is-being-used-as-evidence-in-a-rape-and-murder-investigation-germany\r\n - Cuthbertson, Anthony. \"Amazon ordered to give Alexa evidence in double murder case,\" (November 14th, 2018). The Independent. Available at: https://www.independent.co.uk/tech/amazon-echo-alexa-evidence-murder-case-a8633551.html\r\n - Feathers, et. Al. \"Facebook Is Receiving Sensitive Medical Information from Hospital Websites,\" (June 16th, 2022). The Markup. Available at https://themarkup.org/pixel-hunt/2022/06/16/facebook-is-receiving-sensitive-medical-information-from-hospital-websites\r\n - Federal Trade Commission, \"FTC Finalizes Order with Flo Health, a Fertility-Tracking App that Shared Sensitive Health Data with Facebook, Google, and Others,\" (June 22, 2021). Available at: https://www.ftc.gov/news-events/news/press-releases/2021/06/ftc-finalizes-order-flo-health-fertility-tracking-app-shared-sensitive-health-data-facebook-google\r\n - Federal Trade Commission: In the Matter of Flo, Inc., Case Summary and Timeline, available at: https://www.ftc.gov/legal-library/browse/cases-proceedings/192-3133-flo-health-inc\r\n - Germain, Thomas, \"FTC Fines GoodRx $1.5M for Sending Your Medication Data to Facebook and Google for Ads,\" (February 9th, 2021). Gizmodo. Available at https://gizmodo.com/ftc-fines-goodrx-prescription-data-facebook-google-1850059096.\r\n - Guide to Abortion Privacy, available at https://digitaldefensefund.org/ddf-guides/abortion-privacy\r\n - \"How to turn on Advanced Data Protection for iCloud,\" (January 19th, 2023). Apple Support. Available at: https://support.apple.com/en-us/HT212520\r\n - Joyce, Stephen, \"Court Allows Use of Facebook Live, Internet Searches as Evidence,\" (December 20th, 2022). Bloomberg Industry Group, Inc. Available at: https://news.bloomberglaw.com/us-law-week/court-allows-use-of-facebook-live-internet-searches-as-evidence\r\n - Peterson, M., \"Apple Health data used to convict man in wife's death,\" (February 9th, 2021), AppleInsider. Available at: https://appleinsider.com/articles/21/02/09/apple-health-data-used-to-convict-man-in-wifes-death\r\n - Pratt, Mark. \"Google searches to be key in prosecuting Brian Walshe’s murder trial, experts say\" (January 27th, 2023). CBS News. Available at: https://www.cbsnews.com/boston/news/ana-walshe-murder-case-brian-walshe-google-internet-searches-cohasset-massachusetts/\r\n\n\n\n","title":"Private Until Presumed Guilty","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691788500,"nanoseconds":0},"android_description":"Dobbs has significantly heightened the fear that everyday private data can be leveraged by law enforcement to prosecute pregnancy outcomes. However, this data is already being used in investigating other criminalized activities. In this talk, we will show you examples of information that can easily be extracted from many phones to surveil personal reproductive decisions.\r\n\r\nWe will also show you how the government obtains your not-so-private thoughts using forensic extraction and reporting tools, with a focus on health and lifestyle apps. This will include a review of the output of common forensic tools, demonstrating both the practical ease of reviewing sensitive data and the technical limitations of interpreting their meaning. Warning: you may find this peek into digital investigations disturbing.\r\n\r\nWe will discuss the different laws that do, or do not, protect your private health data, but will focus primarily on the limitations of the 4th Amendment in the digital world. The talk will provide a brief overview of traditional warrant practice and the \"reasonable expectation of privacy\" in digital data. But because the law has no bearing on reality, we'll look at excerpts from search warrants for digital devices and cloud data that illustrate the flawed nature of warrant practice in general, the limitations of the practice in the digital context, and the ease with which the government can obtain your data without any real oversight.\r\n\r\nBibliography & References:\r\n - United States v. Jones, 565 U.S. 400 (2012)\r\n - Riley v. California, 573 U.S. 373 (2014)\r\n - Carpenter v. United States, 138 S. Ct. 2206\r\n - United States v. Warshak, 631 F.3d 266 (6th Cir. 2010)\r\n - Stored Communications Act 18 U.S. Code § 2703\r\n - Aziz Z. Huq & Rebecca Wexler, Digital Privacy for Reproductive Choice in the Post-Roe Era, 98 NYUL Rev 555 [2023]\r\n - Congressional Research Service, \"Abortion, Data Privacy, and Law Enforcement Access: A Legal Overview\", (July 8, 2022 Update), Available at: https://crsreports.congress.gov/product/pdf/LSB/LSB10786\r\n - Conti-Cook, Cynthia, \"Surveilling the Digital Abortion Diary\" (October 28th, 2020). University of Baltimore Law Review: Vol. 50: Iss. 1, Article 2. Available at: https://scholarworks.law.ubalt.edu/ublr/vol50/iss1/2\r\n - Downing, Andrea, \"Health Advertising on Facebook: Privacy and Policy Considerations,\" (August 15th, 2022). Patterns. Available at https://doi.org/10.1016/j.patter.2022.100561\r\n - Fowler, Leah R. and Ulrich, Michael R., Femtechnodystopia (May 3, 2022). Stanford Law Review, Forthcoming, Available at SSRN: https://ssrn.com/abstract=4099764 or http://dx.doi.org/10.2139/ssrn.4099764\r\n - Gallagher, William, \"What Apple surrenders to law enforcement when issued a subpoena,\" (January 21st, 2020). Apple Insider. Available at: https://appleinsider.com/articles/20/01/21/what-apple-surrenders-to-law-enforcement-when-issued-a-subpoena\r\n - Huss et. al, \"Self-Care Criminalized: August 2022 Preliminary Findings,\" If/When/How. Available at https://www.ifwhenhow.org/resources/self-care-criminalized-preliminary-findings/\r\n - Koepke, Logan and Emma Weil, Urmila Janardan, Tinuola Dada, Harlan Yu, \"Mass Extraction: The Widespread Power of U.S. Law Enforcement to Search Mobile Phones\" (October 20th, 2020). Upturn. Available at https://www.upturn.org/work/mass-extraction/\r\n - Paltrow LM, Flavin J. \"Arrests of and forced interventions on pregnant women in the United States, 1973-2005: implications for women's legal status and public health.\" J Health Polit Policy Law. 2013 Apr;38(2):299-343. doi: 10.1215/03616878-1966324. Epub 2013 Jan 15. PMID: 23262772.\r\n - \"Pregnancy Justice, Arrests and Prosecutions of Pregnant People, 1973-2020.\" Available at https://www.pregnancyjusticeus.org/arrests-and-prosecutions-of-pregnant-women-1973-2020/\r\n - Rajesh, Ananya Mariam and Jeffrey Dastin, \"Google to delete location history of visits to abortion clinics,\" (July 1st, 2022). Reuters. Available at https://www.reuters.com/world/us/google-delete-location-history-visits-abortion-clinics-2022-07-01/\r\n - Sunde, Nina and Itiel E. Dror, \"A hierarchy of expert performance (HEP) applied to digital forensics: Reliability and biasability in digital forensics decision making,\" Forensic Science International: Digital Investigation, Volume 37, 2021, 301175, ISSN 2666-2817, https://doi.org/10.1016/j.fsidi.2021.301175. (Accessed from https://www.sciencedirect.com/science/article/pii/S2666281721000834 on July 2nd, 2023)\r\n - Wexler, Rebecca, \"Privacy As Privilege: The Stored Communications Act and Internet Evidence\" (August 13, 2020). 134 Harv. L. Rev. 2721 (2021). Available at SSRN: https://ssrn.com/abstract=3673403\r\n - Cole, Samantha, \"Apple Health Data Is Being Used as Evidence in a Rape and Murder Investigation,\" (January 11th, 2018). Vice Media Group. Available at: https://www.vice.com/en/article/43q7qq/apple-health-data-is-being-used-as-evidence-in-a-rape-and-murder-investigation-germany\r\n - Cuthbertson, Anthony. \"Amazon ordered to give Alexa evidence in double murder case,\" (November 14th, 2018). The Independent. Available at: https://www.independent.co.uk/tech/amazon-echo-alexa-evidence-murder-case-a8633551.html\r\n - Feathers, et. Al. \"Facebook Is Receiving Sensitive Medical Information from Hospital Websites,\" (June 16th, 2022). The Markup. Available at https://themarkup.org/pixel-hunt/2022/06/16/facebook-is-receiving-sensitive-medical-information-from-hospital-websites\r\n - Federal Trade Commission, \"FTC Finalizes Order with Flo Health, a Fertility-Tracking App that Shared Sensitive Health Data with Facebook, Google, and Others,\" (June 22, 2021). Available at: https://www.ftc.gov/news-events/news/press-releases/2021/06/ftc-finalizes-order-flo-health-fertility-tracking-app-shared-sensitive-health-data-facebook-google\r\n - Federal Trade Commission: In the Matter of Flo, Inc., Case Summary and Timeline, available at: https://www.ftc.gov/legal-library/browse/cases-proceedings/192-3133-flo-health-inc\r\n - Germain, Thomas, \"FTC Fines GoodRx $1.5M for Sending Your Medication Data to Facebook and Google for Ads,\" (February 9th, 2021). Gizmodo. Available at https://gizmodo.com/ftc-fines-goodrx-prescription-data-facebook-google-1850059096.\r\n - Guide to Abortion Privacy, available at https://digitaldefensefund.org/ddf-guides/abortion-privacy\r\n - \"How to turn on Advanced Data Protection for iCloud,\" (January 19th, 2023). Apple Support. Available at: https://support.apple.com/en-us/HT212520\r\n - Joyce, Stephen, \"Court Allows Use of Facebook Live, Internet Searches as Evidence,\" (December 20th, 2022). Bloomberg Industry Group, Inc. Available at: https://news.bloomberglaw.com/us-law-week/court-allows-use-of-facebook-live-internet-searches-as-evidence\r\n - Peterson, M., \"Apple Health data used to convict man in wife's death,\" (February 9th, 2021), AppleInsider. Available at: https://appleinsider.com/articles/21/02/09/apple-health-data-used-to-convict-man-in-wifes-death\r\n - Pratt, Mark. \"Google searches to be key in prosecuting Brian Walshe’s murder trial, experts say\" (January 27th, 2023). CBS News. Available at: https://www.cbsnews.com/boston/news/ana-walshe-murder-case-brian-walshe-google-internet-searches-cohasset-massachusetts/","updated_timestamp":{"seconds":1690924860,"nanoseconds":0},"speakers":[{"content_ids":[50660],"conference_id":96,"event_ids":[50850],"name":"Allison Young","affiliations":[{"organization":"The Legal Aid Society","title":"Digital Forensics Analyst"}],"links":[{"description":"","title":"Legal Aid Society - Digital Forensics Unit","sort_order":0,"url":"https://digitalforensicslas.substack.com/"},{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/allison-young-00332597"},{"description":"","title":"Website","sort_order":0,"url":"https://allison-young.com"}],"pronouns":"she/her","media":[],"id":49950,"title":"Digital Forensics Analyst at The Legal Aid Society"},{"content_ids":[50660],"conference_id":96,"event_ids":[50850],"name":"Diane Akerman","affiliations":[{"organization":"The Legal Aid Society","title":"Digital Forensics Attorney"}],"pronouns":"she/her","links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/diane-akerman"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/MF_Diz"}],"media":[],"id":49951,"title":"Digital Forensics Attorney at The Legal Aid Society"}],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246113"}],"end":"2023-08-11T21:15:00.000-0000","id":50850,"begin_timestamp":{"seconds":1691785800,"nanoseconds":0},"village_id":null,"tag_ids":[45589,45646,45766],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49950},{"tag_id":45590,"sort_order":1,"person_id":49951}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 407-410 - Track 4","hotel":"","short_name":"Academy - 407-410 - Track 4","id":45799},"spans_timebands":"N","updated":"2023-08-01T21:21:00.000-0000","begin":"2023-08-11T20:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Beneath the mundane world of TCP/IP exists the magical and mysterious realm of ethernet. There are many different types of ethernet protocols in use today, known as ‘ethertypes’, that run the gamut from the boutique to the ubiquitous. In this talk, we will delve into some of the more interesting and obscure ethertypes that exist. We will discuss the network protocols themselves, where they can be found in the wild, what you can do with them, and how they could be abused in the wrong hands. We will explore wide-ranges of networking environments including industrial/facilities, transportation, and medical, and will include several live demos. Attendees will leave this talk with a greater understanding and appreciation for the unseen networking world that exists all around them.\r\n\r\nREFERENCES: \r\nhttps://en.wikipedia.org/wiki/EtherType\r\nhttps://www.iana.org/assignments/ieee-802-numbers/ieee-802-numbers.xhtml\n\n\n","title":"Fantastic Ethertypes and Where to Find Them","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691788500,"nanoseconds":0},"android_description":"Beneath the mundane world of TCP/IP exists the magical and mysterious realm of ethernet. There are many different types of ethernet protocols in use today, known as ‘ethertypes’, that run the gamut from the boutique to the ubiquitous. In this talk, we will delve into some of the more interesting and obscure ethertypes that exist. We will discuss the network protocols themselves, where they can be found in the wild, what you can do with them, and how they could be abused in the wrong hands. We will explore wide-ranges of networking environments including industrial/facilities, transportation, and medical, and will include several live demos. Attendees will leave this talk with a greater understanding and appreciation for the unseen networking world that exists all around them.\r\n\r\nREFERENCES: \r\nhttps://en.wikipedia.org/wiki/EtherType\r\nhttps://www.iana.org/assignments/ieee-802-numbers/ieee-802-numbers.xhtml","updated_timestamp":{"seconds":1687138800,"nanoseconds":0},"speakers":[{"content_ids":[50585],"conference_id":96,"event_ids":[50814],"name":"Ricky \"HeadlessZeke \" Lawshae","affiliations":[{"organization":"","title":"Hacker"}],"pronouns":"he/him","links":[{"description":"","title":"Mastodon (@HeadlessZeke@defcon.social)","sort_order":0,"url":"https://defcon.social/@HeadlessZeke"},{"description":"","title":"Mastodon (@HeadlessZeke@infosec.exchange)","sort_order":0,"url":"https://infosec.exchange/@HeadlessZeke"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/HeadlessZeke"}],"media":[],"id":49816,"title":"Hacker"}],"timeband_id":990,"end":"2023-08-11T21:15:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245756"}],"id":50814,"village_id":null,"tag_ids":[45589,45592,45646,45766],"begin_timestamp":{"seconds":1691785800,"nanoseconds":0},"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49816}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 130-134 - Track 3","hotel":"","short_name":"Forum - 130-134 - Track 3","id":45798},"spans_timebands":"N","updated":"2023-06-19T01:40:00.000-0000","begin":"2023-08-11T20:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Firmware and software binaries are littered with private keys, legitimate CA-blessed certificates, and encryption keys—but hardly anyone notices. These secrets are often obfuscated or otherwise hidden in ways that weren’t intended to be found. I’ll show three real-world examples from popular manufacturers (Netgear, Fortinet and Dell), and demonstrate techniques for uncovering them. In the most extreme example, an adversary can use an obfuscated key to gain access to any customer’s vCenter environment.\r\n\r\nI’ll start with a straightforward look at Netgear firmware and show methods for discovering private keys in PEM-encoded text files. We’ll dig into the Fortinet firmware, which contained custom obfuscated archive files, and show how to extract Apple and Google issued certificates and I will also show that 3 year awaited “fix” did not adequately solve the issue.\r\n\r\nFinally, I’ll dig into the worst case: a static AES encryption key within Dell software used to connect to vCenter. I'll demonstrate how retrieve, decompile and use a static AES key which will decrypt vCenter credentials. The key is the same for EVERY customer. This has not been talked about anywhere publicly.\r\n\r\nI’ll conclude by discussing the importance of developer training, proper key management, and (above all), identifying and eliminating this systemic practice.\r\n\r\nREFERENCES:\r\n\r\n* https://starkeblog.com/netgear/tls/private-key/2020/01/19/netgear-signed-tls-private-key-disclosure.html - Nick Starke and Tom Pohl\r\n* https://www.fortiguard.com/psirt/FG-IR-20-014 - Tom Pohl\n\n\n","title":"Private Keys in Public Places","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691788500,"nanoseconds":0},"android_description":"Firmware and software binaries are littered with private keys, legitimate CA-blessed certificates, and encryption keys—but hardly anyone notices. These secrets are often obfuscated or otherwise hidden in ways that weren’t intended to be found. I’ll show three real-world examples from popular manufacturers (Netgear, Fortinet and Dell), and demonstrate techniques for uncovering them. In the most extreme example, an adversary can use an obfuscated key to gain access to any customer’s vCenter environment.\r\n\r\nI’ll start with a straightforward look at Netgear firmware and show methods for discovering private keys in PEM-encoded text files. We’ll dig into the Fortinet firmware, which contained custom obfuscated archive files, and show how to extract Apple and Google issued certificates and I will also show that 3 year awaited “fix” did not adequately solve the issue.\r\n\r\nFinally, I’ll dig into the worst case: a static AES encryption key within Dell software used to connect to vCenter. I'll demonstrate how retrieve, decompile and use a static AES key which will decrypt vCenter credentials. The key is the same for EVERY customer. This has not been talked about anywhere publicly.\r\n\r\nI’ll conclude by discussing the importance of developer training, proper key management, and (above all), identifying and eliminating this systemic practice.\r\n\r\nREFERENCES:\r\n\r\n* https://starkeblog.com/netgear/tls/private-key/2020/01/19/netgear-signed-tls-private-key-disclosure.html - Nick Starke and Tom Pohl\r\n* https://www.fortiguard.com/psirt/FG-IR-20-014 - Tom Pohl","updated_timestamp":{"seconds":1687135680,"nanoseconds":0},"speakers":[{"content_ids":[50542],"conference_id":96,"event_ids":[50759],"name":"Tom Pohl","affiliations":[{"organization":"LMG Security","title":"Principal Consultant and the Penetration Testing Team Manager"}],"links":[],"pronouns":"he/him","media":[],"id":49750,"title":"Principal Consultant and the Penetration Testing Team Manager at LMG Security"}],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245711"}],"end":"2023-08-11T21:15:00.000-0000","id":50759,"village_id":null,"tag_ids":[45589,45629,45646,45766],"begin_timestamp":{"seconds":1691785800,"nanoseconds":0},"includes":"Exploit 🪲","people":[{"tag_id":45590,"sort_order":1,"person_id":49750}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 105,135,136 - Track 1","hotel":"","short_name":"Forum - 105,135,136 - Track 1","id":45796},"begin":"2023-08-11T20:30:00.000-0000","updated":"2023-06-19T00:48:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Companies move their development environment from on-prem to the cloud as well. One of the solutions is Azure DevOps (ADO). ADO provides same or similar service that are already existed on-prem such as ticketing, wiki, repository, pipeline, artifacts etc.\r\n\r\nThere is a difference between security in the pipeline and security of the pipeline. As a security consultant/pentester we saw both ends and came across these environments either in assumed breach, configuration review or SDL assessment.\r\n\r\nIn this talk, we take a look at the later and review the security controls for Azure DevOps (although can be used for other cloud providers as well) that can help in mitigating attacks and the blast radius of a breach. There will be also some resources shared where to go after the talk.\n\n\n","title":"Azure DevOps Security","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691787900,"nanoseconds":0},"android_description":"Companies move their development environment from on-prem to the cloud as well. One of the solutions is Azure DevOps (ADO). ADO provides same or similar service that are already existed on-prem such as ticketing, wiki, repository, pipeline, artifacts etc.\r\n\r\nThere is a difference between security in the pipeline and security of the pipeline. As a security consultant/pentester we saw both ends and came across these environments either in assumed breach, configuration review or SDL assessment.\r\n\r\nIn this talk, we take a look at the later and review the security controls for Azure DevOps (although can be used for other cloud providers as well) that can help in mitigating attacks and the blast radius of a breach. There will be also some resources shared where to go after the talk.","updated_timestamp":{"seconds":1690920780,"nanoseconds":0},"speakers":[{"content_ids":[51979],"conference_id":96,"event_ids":[52173],"name":"Viktor Gazdag","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51184}],"timeband_id":990,"links":[],"end":"2023-08-11T21:05:00.000-0000","id":52173,"begin_timestamp":{"seconds":1691785500,"nanoseconds":0},"village_id":null,"tag_ids":[40284,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51184}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Mesquite - Cloud Village","hotel":"","short_name":"Mesquite - Cloud Village","id":45653},"updated":"2023-08-01T20:13:00.000-0000","begin":"2023-08-11T20:25:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"There has been a massive exodus of skilled Election Officials since the 2020 General Election. In this presentation we will show actual death threats to Election Officials, the repercussions, and our threat reporting process. Lastly, we’ll inform the audience on how they can do their part - fight MDM, demand intellectual integrity from themselves and those around them, normalize requesting citations, volunteer to work for elections and speak up if something seems wrong!\n\n\n","title":"Divided We Fall","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"There has been a massive exodus of skilled Election Officials since the 2020 General Election. In this presentation we will show actual death threats to Election Officials, the repercussions, and our threat reporting process. Lastly, we’ll inform the audience on how they can do their part - fight MDM, demand intellectual integrity from themselves and those around them, normalize requesting citations, volunteer to work for elections and speak up if something seems wrong!","end_timestamp":{"seconds":1691787900,"nanoseconds":0},"updated_timestamp":{"seconds":1691435400,"nanoseconds":0},"speakers":[{"content_ids":[52325,52328,52333],"conference_id":96,"event_ids":[52612,52617,52609],"name":"Michael Moore","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Link","sort_order":0,"url":"https://azsos.gov/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Secur3Elections"}],"media":[],"id":51552}],"timeband_id":990,"links":[],"end":"2023-08-11T21:05:00.000-0000","id":52609,"village_id":null,"begin_timestamp":{"seconds":1691785200,"nanoseconds":0},"tag_ids":[40298,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51552}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"spans_timebands":"N","updated":"2023-08-07T19:10:00.000-0000","begin":"2023-08-11T20:20:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This year we created our first DEF CON badge and enjoyed almost every second of it. In this presentation we hope to enable other security professionals to tinker with badge development and give them tools and tricks to help facilitate their creativity. We think that understanding the process to create a working thing helps us all better understand where we can do things more securely and how to break things better. We will review the boring and unavoidable design questions that must be addressed, the exhilarating process of creating something that works well, and scaling up from a working prototype. We will demonstrate using real steps we took this year to make our badge for the Biohacking Village.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Making a Sick Badge","android_description":"This year we created our first DEF CON badge and enjoyed almost every second of it. In this presentation we hope to enable other security professionals to tinker with badge development and give them tools and tricks to help facilitate their creativity. We think that understanding the process to create a working thing helps us all better understand where we can do things more securely and how to break things better. We will review the boring and unavoidable design questions that must be addressed, the exhilarating process of creating something that works well, and scaling up from a working prototype. We will demonstrate using real steps we took this year to make our badge for the Biohacking Village.","end_timestamp":{"seconds":1691788200,"nanoseconds":0},"updated_timestamp":{"seconds":1689115560,"nanoseconds":0},"speakers":[{"content_ids":[51040,51058],"conference_id":96,"event_ids":[51072,51090],"name":"Caleb Davis","affiliations":[{"organization":"Protiviti","title":""}],"links":[],"pronouns":null,"media":[],"id":50223,"title":"Protiviti"},{"content_ids":[51040,51058],"conference_id":96,"event_ids":[51072,51090],"name":"Nathan Smith","affiliations":[{"organization":"Protiviti","title":""}],"links":[],"pronouns":null,"media":[],"id":50224,"title":"Protiviti"}],"timeband_id":990,"links":[],"end":"2023-08-11T21:10:00.000-0000","id":51072,"begin_timestamp":{"seconds":1691785200,"nanoseconds":0},"tag_ids":[45645,45647,45717],"village_id":68,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50223},{"tag_id":45590,"sort_order":1,"person_id":50224}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Laughlin I,II,III - Biohacking Village","hotel":"","short_name":"Laughlin I,II,III - Biohacking Village","id":45663},"updated":"2023-07-11T22:46:00.000-0000","begin":"2023-08-11T20:20:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"We are investigating new attack vectors regarding a CICD service called Github Actions.\r\nThrough an analysis of GitHub Actions behavior on Windows, our research has discovered two attack techniques\r\n\r\n・Malicious Custom Action\r\n It is an attack technique to execute arbitrary TTPs from custom actions. Introduce two types, “Malicious JScript Composite Action” and “Malicious JavaScript Custom Action”.\r\n\r\n・GitHub Actions C2\r\n We will demonstrate a new C2 framework using self-hosted runner in GitHub Actions\r\n\r\nIn this presentation, we will provide a detailed explanation of these attack techniques, along with PoC code and demonstrations. We will also discuss real-world threats and provide insight on detection and mitigation strategies.\n\n\n","title":"The Dark Playground of CI/CD: Attack Delivery by GitHub Actions","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691787600,"nanoseconds":0},"android_description":"We are investigating new attack vectors regarding a CICD service called Github Actions.\r\nThrough an analysis of GitHub Actions behavior on Windows, our research has discovered two attack techniques\r\n\r\n・Malicious Custom Action\r\n It is an attack technique to execute arbitrary TTPs from custom actions. Introduce two types, “Malicious JScript Composite Action” and “Malicious JavaScript Custom Action”.\r\n\r\n・GitHub Actions C2\r\n We will demonstrate a new C2 framework using self-hosted runner in GitHub Actions\r\n\r\nIn this presentation, we will provide a detailed explanation of these attack techniques, along with PoC code and demonstrations. We will also discuss real-world threats and provide insight on detection and mitigation strategies.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[51978,52096],"conference_id":96,"event_ids":[52172,52322],"name":"Yusuke Kubo","affiliations":[{"organization":"NTT Communications","title":"Offensive Security Researcher"}],"links":[],"pronouns":null,"media":[],"id":51182,"title":"Offensive Security Researcher at NTT Communications"},{"content_ids":[51978,52096],"conference_id":96,"event_ids":[52172,52322],"name":"Kiyohito Yamamoto","affiliations":[{"organization":"NTT Communications","title":"Security Engineer"}],"links":[],"pronouns":null,"media":[],"id":51183,"title":"Security Engineer at NTT Communications"}],"timeband_id":990,"links":[],"end":"2023-08-11T21:00:00.000-0000","id":52322,"village_id":null,"tag_ids":[40297,45645,45647,45743],"begin_timestamp":{"seconds":1691784900,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51183},{"tag_id":45590,"sort_order":1,"person_id":51182}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Main Stage","hotel":"","short_name":"AppSec Village - Main Stage","id":45960},"updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-11T20:15:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.\n\n\n","title":"Intro to Lockpicking","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691785800,"nanoseconds":0},"android_description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.","updated_timestamp":{"seconds":1691288580,"nanoseconds":0},"speakers":[{"content_ids":[52282],"conference_id":96,"event_ids":[52546,52553,52554,52555,52556,52557,52558],"name":"TOOOL","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51513}],"timeband_id":990,"links":[],"end":"2023-08-11T20:30:00.000-0000","id":52553,"begin_timestamp":{"seconds":1691784000,"nanoseconds":0},"tag_ids":[40309,45649,45743,45775],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51513}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45753,"name":"LINQ - 5th Floor / BLOQ - Lockpick Village","hotel":"","short_name":"5th Floor / BLOQ - Lockpick Village","id":45873},"spans_timebands":"N","updated":"2023-08-06T02:23:00.000-0000","begin":"2023-08-11T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This talk will take you back in time to 2015, the year I dove headfirst into the swirling vortex of American political misinformation on Twitter. Having navigated three presidential administrations, and amassing over 250,000 followers on Twitter, I've seen firsthand how misinformation in American politics has evolved since the election of Donald Trump. I'll recount the strategies that led to the growth of my account and the circumstances under which it was ultimately blocked by President Trump. Prepare to unravel the inner workings of political misinformation networks on Twitter — their operations, their financing, and how they go viral. We'll delve into how influencers, celebrities, PACs, campaigns, politicians, the media, and candidates orchestrate their efforts to disseminate their messaging. It will mark the differences in the American social media landscape between the right and the left. This talk will also illuminate how contemporary political movements promulgate their messages and counter disinformation. I will tie all of these strategies, both offensive and defensive, to the DISARM framework.\n\n\n","title":"Dissecting Deception: The Role of Twitter in U.S. Political Discourse","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691785800,"nanoseconds":0},"android_description":"This talk will take you back in time to 2015, the year I dove headfirst into the swirling vortex of American political misinformation on Twitter. Having navigated three presidential administrations, and amassing over 250,000 followers on Twitter, I've seen firsthand how misinformation in American politics has evolved since the election of Donald Trump. I'll recount the strategies that led to the growth of my account and the circumstances under which it was ultimately blocked by President Trump. Prepare to unravel the inner workings of political misinformation networks on Twitter — their operations, their financing, and how they go viral. We'll delve into how influencers, celebrities, PACs, campaigns, politicians, the media, and candidates orchestrate their efforts to disseminate their messaging. It will mark the differences in the American social media landscape between the right and the left. This talk will also illuminate how contemporary political movements promulgate their messages and counter disinformation. I will tie all of these strategies, both offensive and defensive, to the DISARM framework.","updated_timestamp":{"seconds":1691284680,"nanoseconds":0},"speakers":[{"content_ids":[52277],"conference_id":96,"event_ids":[52541],"name":"Travis Allen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51511}],"timeband_id":990,"links":[],"end":"2023-08-11T20:30:00.000-0000","id":52541,"tag_ids":[40305,45646,45719,45743],"begin_timestamp":{"seconds":1691784000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51511}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 224 - Misinfo Village","hotel":"","short_name":"Summit - 224 - Misinfo Village","id":45856},"begin":"2023-08-11T20:00:00.000-0000","updated":"2023-08-06T01:18:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Creating a Wifi Profile for Wireshark and why it made me mad while doing it. I needed a Red Team profile not a trouble shooting filter or a regular profile. It was not fun or an enjoyable experience but I will be happy to share my profile at the end of the presentation.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"WIFISHARK","android_description":"Creating a Wifi Profile for Wireshark and why it made me mad while doing it. I needed a Red Team profile not a trouble shooting filter or a regular profile. It was not fun or an enjoyable experience but I will be happy to share my profile at the end of the presentation.","end_timestamp":{"seconds":1691787600,"nanoseconds":0},"updated_timestamp":{"seconds":1691259840,"nanoseconds":0},"speakers":[{"content_ids":[52249],"conference_id":96,"event_ids":[52510],"name":"Wasabi","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@FrustratedITGuy"}],"pronouns":null,"media":[],"id":51485}],"timeband_id":990,"links":[],"end":"2023-08-11T21:00:00.000-0000","id":52510,"village_id":null,"tag_ids":[40292,45645,45647,45743],"begin_timestamp":{"seconds":1691784000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51485}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Eldorado - Radio Frequency Village","hotel":"","short_name":"Eldorado - Radio Frequency Village","id":45714},"begin":"2023-08-11T20:00:00.000-0000","updated":"2023-08-05T18:24:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Delve into the world of ransomware - in space! We will explore how malicious actors might exploit vulnerabilities in research satellites: defeating built in defense mechanisms, locking up internal systems and immobilizing a CubeSat, and holding its operations hostage while demanding a ransom. Join us as we chart a course through this cosmic cybersecurity threat, shedding light on the shadows of the final frontier and guarding our satellites from danger!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Guarding the Galaxy: Ransomware Resilience in CubeSats","android_description":"Delve into the world of ransomware - in space! We will explore how malicious actors might exploit vulnerabilities in research satellites: defeating built in defense mechanisms, locking up internal systems and immobilizing a CubeSat, and holding its operations hostage while demanding a ransom. Join us as we chart a course through this cosmic cybersecurity threat, shedding light on the shadows of the final frontier and guarding our satellites from danger!","end_timestamp":{"seconds":1691785500,"nanoseconds":0},"updated_timestamp":{"seconds":1691101140,"nanoseconds":0},"speakers":[{"content_ids":[52150],"conference_id":96,"event_ids":[52380],"name":"Peter Hansen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51418}],"timeband_id":990,"links":[],"end":"2023-08-11T20:25:00.000-0000","id":52380,"begin_timestamp":{"seconds":1691784000,"nanoseconds":0},"village_id":null,"tag_ids":[40280,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51418}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"spans_timebands":"N","begin":"2023-08-11T20:00:00.000-0000","updated":"2023-08-03T22:19:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Ultimate AppSec Trivia Challenge is a fun and educational game that tests your application security knowledge. The game consists of cards with questions ranging from easy to hard, all related to application security. Players can challenge themselves, or each other, to test their knowledge. You can improve your understanding of AppSec and have fun simultaneously. Bring your team or yourself and see where you rank on the leaderboard! Whether you're a beginner or an expert in application security, The Ultimate AppSec Trivia Challenge has something for everyone to learn.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"The Ultimate AppSec Trivia Challenge","android_description":"The Ultimate AppSec Trivia Challenge is a fun and educational game that tests your application security knowledge. The game consists of cards with questions ranging from easy to hard, all related to application security. Players can challenge themselves, or each other, to test their knowledge. You can improve your understanding of AppSec and have fun simultaneously. Bring your team or yourself and see where you rank on the leaderboard! Whether you're a beginner or an expert in application security, The Ultimate AppSec Trivia Challenge has something for everyone to learn.","end_timestamp":{"seconds":1691791200,"nanoseconds":0},"updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52088],"conference_id":96,"event_ids":[52314,52374,52375,52376],"name":"Probely","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51373}],"timeband_id":990,"links":[],"end":"2023-08-11T22:00:00.000-0000","id":52374,"tag_ids":[40297,45647,45743,45775],"begin_timestamp":{"seconds":1691784000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51373}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 4","hotel":"","short_name":"AppSec Village - Pod 4","id":45965},"begin":"2023-08-11T20:00:00.000-0000","updated":"2023-08-03T15:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"When people think about a compromised surveillance camera, privacy is their first concern. But what about attacking the stream integrity? How hard can this movie hacking stunt be in real life? Previous research has focused on the network layer, but we wondered if we could achieve the feat by finding a zero-day on a device we owned. \r\n\r\nOur research has uncovered two LAN RCE vulnerabilities in the implementation of Hikvision’s Search Active Devices Protocol (SADP) and SDK server found in several Ezviz products. Exploiting either of these bugs, we managed to serve a victim an arbitrary stream by tunneling their connection with the camera into an attacker-controlled server while leaving all other camera features operational. \r\n\r\nWe will take a deep dive into the whole research process: firmware analysis, vulnerability discovery, building a toolchain to compile a debugger for the target, developing an exploit capable of bypassing ASLR, and all the details about the Hollywood-style post-exploitation including tracing, in memory code patching and manipulating the execution of the binary that implements most of the camera features. \r\n\r\nBy filling the gap between IoT hacking and the big screen, we put the integrity of video surveillance systems into question and hope to raise awareness about the security risks posed by these devices.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Sadprotocol Goes To Hollywood: Hijacking An Ip Camera Stream As Seen In The Movies","android_description":"When people think about a compromised surveillance camera, privacy is their first concern. But what about attacking the stream integrity? How hard can this movie hacking stunt be in real life? Previous research has focused on the network layer, but we wondered if we could achieve the feat by finding a zero-day on a device we owned. \r\n\r\nOur research has uncovered two LAN RCE vulnerabilities in the implementation of Hikvision’s Search Active Devices Protocol (SADP) and SDK server found in several Ezviz products. Exploiting either of these bugs, we managed to serve a victim an arbitrary stream by tunneling their connection with the camera into an attacker-controlled server while leaving all other camera features operational. \r\n\r\nWe will take a deep dive into the whole research process: firmware analysis, vulnerability discovery, building a toolchain to compile a debugger for the target, developing an exploit capable of bypassing ASLR, and all the details about the Hollywood-style post-exploitation including tracing, in memory code patching and manipulating the execution of the binary that implements most of the camera features. \r\n\r\nBy filling the gap between IoT hacking and the big screen, we put the integrity of video surveillance systems into question and hope to raise awareness about the security risks posed by these devices.","end_timestamp":{"seconds":1691787000,"nanoseconds":0},"updated_timestamp":{"seconds":1691079600,"nanoseconds":0},"speakers":[{"content_ids":[52143],"conference_id":96,"event_ids":[52368],"name":"Octavio Gianatiempo","affiliations":[{"organization":"Faraday","title":"Security Researcher"}],"links":[],"pronouns":null,"media":[],"id":51398,"title":"Security Researcher at Faraday"},{"content_ids":[52143],"conference_id":96,"event_ids":[52368],"name":"Javier Aguinaga","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51399}],"timeband_id":990,"links":[],"end":"2023-08-11T20:50:00.000-0000","id":52368,"tag_ids":[40287,45645,45646,45743],"begin_timestamp":{"seconds":1691784000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51399},{"tag_id":45590,"sort_order":1,"person_id":51398}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 311-312 - Hardware/Soldering Vlgs","hotel":"","short_name":"Alliance - 311-312 - Hardware/Soldering Vlgs","id":45868},"spans_timebands":"N","updated":"2023-08-03T16:20:00.000-0000","begin":"2023-08-11T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Find a security vulnerability in an app and get a score when you effectively fix it. The winner of the competition is the first person who fixes the vulnerability.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Fix The Flag: A Secure Programming Competition","end_timestamp":{"seconds":1691791200,"nanoseconds":0},"android_description":"Find a security vulnerability in an app and get a score when you effectively fix it. The winner of the competition is the first person who fixes the vulnerability.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52101,52122],"conference_id":96,"event_ids":[52326,52344],"name":"Pedram Hayati","affiliations":[],"links":[{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/pi3ch"}],"pronouns":null,"media":[],"id":51369}],"timeband_id":990,"links":[],"end":"2023-08-11T22:00:00.000-0000","id":52326,"village_id":null,"begin_timestamp":{"seconds":1691784000,"nanoseconds":0},"tag_ids":[40297,45647,45743,45775],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51369}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 3","hotel":"","short_name":"AppSec Village - Pod 3","id":45964},"spans_timebands":"N","updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-11T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Put yourself in the shoes of a fraudster, you are trying to create a phishing website. Why inserting detectable unicode characters into a mostly-ASCII domain when you can register an entire domain in unicode? This is available when one uses a lesser-known feature called Internationalized Domain Name Top Level Domains (IDN TLD). Consider registering domains like google.com's lookalike in Hebrew - גוגל.קום, アマゾン.コム in Japanese instead of amazon.com or 微软.公司 which is the Chinese equivalent of microsoft.com.\r\n\r\nNekuda (dot in Hebrew) assists blue teamers to detect such domains. Its input is a string (e.g. the blue teamer's employer Brand name) and it emits over 150 potential IDN TLD domains and its registration status. It covers a potential gap in proactive phishing detection and prevention strategies and can be easily integrated into existing open-source tools like dnstwist.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"IDN-Squatting Detector","end_timestamp":{"seconds":1691791200,"nanoseconds":0},"android_description":"Put yourself in the shoes of a fraudster, you are trying to create a phishing website. Why inserting detectable unicode characters into a mostly-ASCII domain when you can register an entire domain in unicode? This is available when one uses a lesser-known feature called Internationalized Domain Name Top Level Domains (IDN TLD). Consider registering domains like google.com's lookalike in Hebrew - גוגל.קום, アマゾン.コム in Japanese instead of amazon.com or 微软.公司 which is the Chinese equivalent of microsoft.com.\r\n\r\nNekuda (dot in Hebrew) assists blue teamers to detect such domains. Its input is a string (e.g. the blue teamer's employer Brand name) and it emits over 150 potential IDN TLD domains and its registration status. It covers a potential gap in proactive phishing detection and prevention strategies and can be easily integrated into existing open-source tools like dnstwist.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52093],"conference_id":96,"event_ids":[52319],"name":"Gal Bitensky","affiliations":[],"pronouns":null,"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/gal-bitensky/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/Gal_B1t"}],"media":[],"id":51340}],"timeband_id":990,"links":[],"end":"2023-08-11T22:00:00.000-0000","id":52319,"village_id":null,"tag_ids":[40297,45647,45743,45775],"begin_timestamp":{"seconds":1691784000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51340}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 2","hotel":"","short_name":"AppSec Village - Pod 2","id":45963},"spans_timebands":"N","begin":"2023-08-11T20:00:00.000-0000","updated":"2023-08-03T15:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"AMA - Tib3rius","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691791200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52092],"conference_id":96,"event_ids":[52318],"name":"Tib3rius","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51380}],"timeband_id":990,"links":[],"end":"2023-08-11T22:00:00.000-0000","id":52318,"village_id":null,"begin_timestamp":{"seconds":1691784000,"nanoseconds":0},"tag_ids":[40297,45647,45743,45775],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51380}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 1","hotel":"","short_name":"AppSec Village - Pod 1","id":45962},"spans_timebands":"N","updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-11T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Web Shells are malicious web applications used for remote access and. They've been used in many of the recent prominent breaches/vulnerabilities including Equifax, SolarWinds, and ProxyLogon and are used by APTs and other threats. With ProxyLogon, the FBI was authorized to remove them from victim machines.\r\n\r\nThis session will help you avoid telling your employer that the FBI is now doing volunteer admin work by teaching you about Web Shells, how to hunt for them, and doing hands-on hunting in a VM. A little groundwork goes a long way and this class will show what to do.\n\n\n","title":"Web Shells - What They Are And How To Hunt Them","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691791200,"nanoseconds":0},"android_description":"Web Shells are malicious web applications used for remote access and. They've been used in many of the recent prominent breaches/vulnerabilities including Equifax, SolarWinds, and ProxyLogon and are used by APTs and other threats. With ProxyLogon, the FBI was authorized to remove them from victim machines.\r\n\r\nThis session will help you avoid telling your employer that the FBI is now doing volunteer admin work by teaching you about Web Shells, how to hunt for them, and doing hands-on hunting in a VM. A little groundwork goes a long way and this class will show what to do.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52091],"conference_id":96,"event_ids":[52317],"name":"Joe Schottman","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/joe-schottman-9665781/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/JoeSchottman"}],"pronouns":null,"media":[],"id":51352}],"timeband_id":990,"links":[],"end":"2023-08-11T22:00:00.000-0000","id":52317,"tag_ids":[40297,45647,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691784000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51352}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Workshop","hotel":"","short_name":"AppSec Village - Workshop","id":45961},"updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-11T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Decentralized identity systems based on W3C Decentralized Identifiers and Verifiable Credentials are becoming increasingly popular for their promises of improved security, privacy, and user control in identity management. Impactful deployments are coming: from the US DHS for worker authorization and soon passports, multiple DMVs for driver's licenses, the EU for university degree credentials, and much more in both public and private sectors. However, as with any technology, these systems are not immune to vulnerabilities and attacks, both on the ideologies of decentralization and self-sovereignty and vulnerabilities in implemented systems.\r\n\r\nIn this talk, we will examine different types of vulnerabilities in the SSI space, walk through examples of potential attacks, and discuss the potential consequences of the technology. Additionally, we will explore potential solutions to mitigate the risks associated with these vulnerabilities. We will discuss best practices for trust, cryptographic techniques, and security protocols that one can use in decentralized identity systems.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Attacking Decentralized Identity","end_timestamp":{"seconds":1691786700,"nanoseconds":0},"android_description":"Decentralized identity systems based on W3C Decentralized Identifiers and Verifiable Credentials are becoming increasingly popular for their promises of improved security, privacy, and user control in identity management. Impactful deployments are coming: from the US DHS for worker authorization and soon passports, multiple DMVs for driver's licenses, the EU for university degree credentials, and much more in both public and private sectors. However, as with any technology, these systems are not immune to vulnerabilities and attacks, both on the ideologies of decentralization and self-sovereignty and vulnerabilities in implemented systems.\r\n\r\nIn this talk, we will examine different types of vulnerabilities in the SSI space, walk through examples of potential attacks, and discuss the potential consequences of the technology. Additionally, we will explore potential solutions to mitigate the risks associated with these vulnerabilities. We will discuss best practices for trust, cryptographic techniques, and security protocols that one can use in decentralized identity systems.","updated_timestamp":{"seconds":1691470800,"nanoseconds":0},"speakers":[{"content_ids":[52024],"conference_id":96,"event_ids":[52240],"name":"Brent Zundel","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51250},{"content_ids":[52024],"conference_id":96,"event_ids":[52240],"name":"Gabe Cohen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51257}],"timeband_id":990,"links":[],"end":"2023-08-11T20:45:00.000-0000","id":52240,"village_id":null,"begin_timestamp":{"seconds":1691784000,"nanoseconds":0},"tag_ids":[40308,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51250},{"tag_id":45590,"sort_order":1,"person_id":51257}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset - Vista - Crypto & Privacy Village","hotel":"","short_name":"Sunset - Vista - Crypto & Privacy Village","id":45702},"updated":"2023-08-08T05:00:00.000-0000","begin":"2023-08-11T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Today, with the advancement of technology, investigative searches are not only physical but also digital. With electronic devices such as cellphones and computers no longer being considered a luxury device but an essential device, law enforcement is now relying on evidence extracted from these items in criminal investigations. Digital devices contain massive amounts of data that can be useful in not only criminal matters but national security-related instances as well. The problem is that the data on these devices contain information that may be deemed private to citizens. Law enforcement has been using the Fourth Amendment to justify their use of digital evidence. However, the Fourth Amendment does not explicitly factor in digital evidence. The policies are not up to date with the procedures used by law enforcement, and citizens may be paying for it through the invasion of privacy. With the increased use of artificial intelligence, the biggest question becomes is it security or surveillance, and which communities are negatively impacted or targeted?\n\n\n","title":"Artificial Intelligence and Race: Security or Surveillance?","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"Today, with the advancement of technology, investigative searches are not only physical but also digital. With electronic devices such as cellphones and computers no longer being considered a luxury device but an essential device, law enforcement is now relying on evidence extracted from these items in criminal investigations. Digital devices contain massive amounts of data that can be useful in not only criminal matters but national security-related instances as well. The problem is that the data on these devices contain information that may be deemed private to citizens. Law enforcement has been using the Fourth Amendment to justify their use of digital evidence. However, the Fourth Amendment does not explicitly factor in digital evidence. The policies are not up to date with the procedures used by law enforcement, and citizens may be paying for it through the invasion of privacy. With the increased use of artificial intelligence, the biggest question becomes is it security or surveillance, and which communities are negatively impacted or targeted?","end_timestamp":{"seconds":1691787000,"nanoseconds":0},"updated_timestamp":{"seconds":1690937700,"nanoseconds":0},"speakers":[{"content_ids":[52004],"conference_id":96,"event_ids":[52199],"name":"Fatou Sankare","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51210}],"timeband_id":990,"links":[],"end":"2023-08-11T20:50:00.000-0000","id":52199,"tag_ids":[40281,45645,45646,45743],"begin_timestamp":{"seconds":1691784000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51210}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 301-304 - Blacks in Cyber Village","hotel":"","short_name":"Alliance - 301-304 - Blacks in Cyber Village","id":45865},"spans_timebands":"N","updated":"2023-08-02T00:55:00.000-0000","begin":"2023-08-11T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Google's Firebase product is a one-stop-shop for deploying infrastructure for small and large scale applications. Firebase provides products ranging from databases, file storage to application authentication and more. Misconfigurations in setting up these infrastructure can result in severe information disclosure and breaches.\r\n\r\nIn this talk, we will go over common vulnerabilities on each Firebase product. When going over the vulnerabilities, we will show some sample case-studies affecting small and large organizations. We will then cover some automation test cases that we used to identify these vulnerabilities at scale. Finally, we will cover some example rules that can help mitigate these vulnerabilities at large.\r\n\r\nAt the end of this talk, the audience will walkway with knowledge about different types of vulnerabilities to test when reviewing Firebase configurations.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Identifying and securing Firebase vulnerabilities at scale","android_description":"Google's Firebase product is a one-stop-shop for deploying infrastructure for small and large scale applications. Firebase provides products ranging from databases, file storage to application authentication and more. Misconfigurations in setting up these infrastructure can result in severe information disclosure and breaches.\r\n\r\nIn this talk, we will go over common vulnerabilities on each Firebase product. When going over the vulnerabilities, we will show some sample case-studies affecting small and large organizations. We will then cover some automation test cases that we used to identify these vulnerabilities at scale. Finally, we will cover some example rules that can help mitigate these vulnerabilities at large.\r\n\r\nAt the end of this talk, the audience will walkway with knowledge about different types of vulnerabilities to test when reviewing Firebase configurations.","end_timestamp":{"seconds":1691785500,"nanoseconds":0},"updated_timestamp":{"seconds":1690921560,"nanoseconds":0},"speakers":[{"content_ids":[51992],"conference_id":96,"event_ids":[52186],"name":"Rojan Rijal","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/uraniumhacker"}],"pronouns":null,"media":[],"id":51199}],"timeband_id":990,"links":[],"end":"2023-08-11T20:25:00.000-0000","id":52186,"begin_timestamp":{"seconds":1691784000,"nanoseconds":0},"village_id":null,"tag_ids":[40284,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51199}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Mesquite - Cloud Village","hotel":"","short_name":"Mesquite - Cloud Village","id":45653},"spans_timebands":"N","updated":"2023-08-01T20:26:00.000-0000","begin":"2023-08-11T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Amateur radio operator Jon Marler, callsign K4CHN, presents an introduction to many of the digital modes available to amateur radio operators. Jon will be discussing the modes available for voice and data, as well as many of the hardware options available. Jon will also be presenting a very simple design for a way to connect a Raspberry Pi to your radio safely. A demonstration of slow scan television (SSTV) will be made to end the presentation before Q&A.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Amateur Radio Digital Modes Primer","end_timestamp":{"seconds":1691787600,"nanoseconds":0},"android_description":"Amateur radio operator Jon Marler, callsign K4CHN, presents an introduction to many of the digital modes available to amateur radio operators. Jon will be discussing the modes available for voice and data, as well as many of the hardware options available. Jon will also be presenting a very simple design for a way to connect a Raspberry Pi to your radio safely. A demonstration of slow scan television (SSTV) will be made to end the presentation before Q&A.","updated_timestamp":{"seconds":1690767240,"nanoseconds":0},"speakers":[{"content_ids":[51973,51975],"conference_id":96,"event_ids":[52167,52169],"name":"Jon Marler","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Github","sort_order":0,"url":"https://github.com/jmarler"}],"media":[],"id":51178}],"timeband_id":990,"links":[],"end":"2023-08-11T21:00:00.000-0000","id":52167,"begin_timestamp":{"seconds":1691784000,"nanoseconds":0},"village_id":null,"tag_ids":[40286,45592,45645,45647,45743],"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":51178}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Virginia City - Ham Radio Village","hotel":"","short_name":"Virginia City - Ham Radio Village","id":45724},"spans_timebands":"N","begin":"2023-08-11T20:00:00.000-0000","updated":"2023-07-31T01:34:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Securing the supply chain is a significant challenge for the public sector and private sector alike. Supply chains are complex, global, and non-linear. Accordingly, we must be strategic in the deployment of resources to ensure that doctrine, policy, and cross-sector collaboration are aligned to this problem set as incisively as possible. The Biden Administration has undertaken several efforts to achieve the necessary alignment and drive down ecosystem-level risk from insecure supply chains, to include working from the most atomic unit – the code in which software is written. This fireside chat explores how the government is facilitating progress toward foundational supply chain security (including open source software security, AI security, and software security by design), highlights the next iteration of its approach to long-term resilience, and outlines opportunities for individuals and organizations to partner in these efforts.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Securing the Supply Chain","android_description":"Securing the supply chain is a significant challenge for the public sector and private sector alike. Supply chains are complex, global, and non-linear. Accordingly, we must be strategic in the deployment of resources to ensure that doctrine, policy, and cross-sector collaboration are aligned to this problem set as incisively as possible. The Biden Administration has undertaken several efforts to achieve the necessary alignment and drive down ecosystem-level risk from insecure supply chains, to include working from the most atomic unit – the code in which software is written. This fireside chat explores how the government is facilitating progress toward foundational supply chain security (including open source software security, AI security, and software security by design), highlights the next iteration of its approach to long-term resilience, and outlines opportunities for individuals and organizations to partner in these efforts.","end_timestamp":{"seconds":1691787000,"nanoseconds":0},"updated_timestamp":{"seconds":1690475940,"nanoseconds":0},"speakers":[{"content_ids":[51502,51506],"conference_id":96,"event_ids":[51658,51662],"name":"Camille Stewart Gloster","affiliations":[{"organization":"Technology and Ecosystem Security Division, Office of the National Cyber Director","title":"Deputy National Cyber Director"}],"links":[],"pronouns":null,"media":[],"id":50585,"title":"Deputy National Cyber Director at Technology and Ecosystem Security Division, Office of the National Cyber Director"},{"content_ids":[51506],"conference_id":96,"event_ids":[51662],"name":"Eric Goldstein","affiliations":[{"organization":"Cybersecurity and Infrastructure Security Agency (CISA)","title":"Executive Assistant Director for Cybersecurity"}],"links":[],"pronouns":null,"media":[],"id":50601,"title":"Executive Assistant Director for Cybersecurity at Cybersecurity and Infrastructure Security Agency (CISA)"}],"timeband_id":990,"links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"end":"2023-08-11T20:50:00.000-0000","id":51662,"village_id":null,"begin_timestamp":{"seconds":1691784000,"nanoseconds":0},"tag_ids":[40310,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50585},{"tag_id":45590,"sort_order":1,"person_id":50601}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 218-219 - Policy Rotunda","hotel":"","short_name":"Summit - 218-219 - Policy Rotunda","id":45824},"updated":"2023-07-27T16:39:00.000-0000","begin":"2023-08-11T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"What 10 years of drive stats data can tell us","end_timestamp":{"seconds":1691791200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1690417860,"nanoseconds":0},"speakers":[{"content_ids":[51462],"conference_id":96,"event_ids":[51618],"name":"Andy Klein","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50516}],"timeband_id":990,"links":[],"end":"2023-08-11T22:00:00.000-0000","id":51618,"village_id":null,"tag_ids":[40285,45645,45646,45743],"begin_timestamp":{"seconds":1691784000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50516}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 232-233 - Shared Stage","hotel":"","short_name":"Summit - 232-233 - Shared Stage","id":45900},"begin":"2023-08-11T20:00:00.000-0000","updated":"2023-07-27T00:31:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"No Starch Press - Book Signing - Craig Smith, The Car Hacker's Handbook","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2ec300","name":"Vendor Event","id":45769},"android_description":"","end_timestamp":{"seconds":1691787600,"nanoseconds":0},"updated_timestamp":{"seconds":1690416180,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-11T21:00:00.000-0000","id":51605,"tag_ids":[45646,45743,45769,45770],"begin_timestamp":{"seconds":1691784000,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 305-306 - Vendors","hotel":"","short_name":"Alliance - 305-306 - Vendors","id":45866},"spans_timebands":"N","updated":"2023-07-27T00:03:00.000-0000","begin":"2023-08-11T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Take the test to join what has been considered to be one of the first hacker communities, amateur radio! The Ham Radio Village is back at DEF CON 31 to offer free amateur radio license exams to anyone who wishes to get their ham radio license. Examinees are encouraged to study on [ham.study](https://ham.study/), and may sign up for this time slot [here](https://ham.study/sessions/64bc92b50e6ad267cdea8ab0/1).\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#697bd0","updated_at":"2024-06-07T03:38+0000","name":"Event","id":45638},"title":"Free Amateur Radio License Exams","android_description":"Take the test to join what has been considered to be one of the first hacker communities, amateur radio! The Ham Radio Village is back at DEF CON 31 to offer free amateur radio license exams to anyone who wishes to get their ham radio license. Examinees are encouraged to study on [ham.study](https://ham.study/), and may sign up for this time slot [here](https://ham.study/sessions/64bc92b50e6ad267cdea8ab0/1).","end_timestamp":{"seconds":1691794800,"nanoseconds":0},"updated_timestamp":{"seconds":1690088400,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-11T23:00:00.000-0000","links":[{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/732733631667372103"},{"label":"Website","type":"link","url":"https://hamvillage.org/"},{"label":"Register for this time slot","type":"link","url":"https://ham.study/sessions/64bc92b50e6ad267cdea8ab0/1"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245338"},{"label":"Mastodon (@HamRadioVillage@defcon.social)","type":"link","url":"https://defcon.social/@HamRadioVillage"},{"label":"Twitter (@HamRadioVillage)","type":"link","url":"https://twitter.com/HamRadioVillage"}],"id":51534,"begin_timestamp":{"seconds":1691784000,"nanoseconds":0},"village_id":47,"tag_ids":[40286,45638,45647,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Virginia City - Ham Radio Village","hotel":"","short_name":"Virginia City - Ham Radio Village","id":45724},"spans_timebands":"N","begin":"2023-08-11T20:00:00.000-0000","updated":"2023-07-23T05:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Welcome to the Open Source Intelligence Skills Lab Challenge CTF! There are 3 challenge sets, each with their own challenges. As you progress through each set, the difficulty will progressively increase. Answering a \"flag\" correctly will net you points, with a maximum possible score of 560.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"title":"OSINT Skills Lab Challenge","android_description":"Welcome to the Open Source Intelligence Skills Lab Challenge CTF! There are 3 challenge sets, each with their own challenges. As you progress through each set, the difficulty will progressively increase. Answering a \"flag\" correctly will net you points, with a maximum possible score of 560.","end_timestamp":{"seconds":1691787600,"nanoseconds":0},"updated_timestamp":{"seconds":1689358200,"nanoseconds":0},"speakers":[{"content_ids":[51075,51084],"conference_id":96,"event_ids":[51116,51145,51107,51146,51147,51148,51149],"name":"Lee McWhorter","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/tleemcjr"}],"pronouns":null,"media":[],"id":50269},{"content_ids":[51075,51084],"conference_id":96,"event_ids":[51116,51145,51107,51146,51147,51148,51149],"name":"Sandra Stibbards","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Camelotinv"}],"pronouns":null,"media":[],"id":50281}],"timeband_id":990,"links":[],"end":"2023-08-11T21:00:00.000-0000","id":51146,"village_id":60,"begin_timestamp":{"seconds":1691784000,"nanoseconds":0},"tag_ids":[40294,45647,45719],"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50269},{"tag_id":45633,"sort_order":1,"person_id":50281}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 3","hotel":"","short_name":"Area 3","id":45827},"updated":"2023-07-14T18:10:00.000-0000","begin":"2023-08-11T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This workshop will go through the process of manually identifying applications that can be vulnerable to DLL Sideloading and exploiting them. Attendees will learn how to use Promon to find applications that can be vulnerable to DLL sideloading, identify the correct DLL functions to proxy using CFF Explorer, and write a basic DLL to run shellcode.\n\n\n","title":"Hunting & Exploiting DLL Sideloads","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691787600,"nanoseconds":0},"android_description":"This workshop will go through the process of manually identifying applications that can be vulnerable to DLL Sideloading and exploiting them. Attendees will learn how to use Promon to find applications that can be vulnerable to DLL sideloading, identify the correct DLL functions to proxy using CFF Explorer, and write a basic DLL to run shellcode.","updated_timestamp":{"seconds":1689358260,"nanoseconds":0},"speakers":[{"content_ids":[51079],"conference_id":96,"event_ids":[51139,51111],"name":"Matthew Nickerson","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/turbo_sec"}],"pronouns":null,"media":[],"id":50272},{"content_ids":[51079],"conference_id":96,"event_ids":[51139,51111],"name":"Nick Swink","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/0xC0rnbread"}],"pronouns":null,"media":[],"id":50275}],"timeband_id":990,"links":[],"end":"2023-08-11T21:00:00.000-0000","id":51111,"begin_timestamp":{"seconds":1691784000,"nanoseconds":0},"tag_ids":[40294,45647,45719],"village_id":60,"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50272},{"tag_id":45633,"sort_order":1,"person_id":50275}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 1","hotel":"","short_name":"Area 1","id":45825},"updated":"2023-07-14T18:11:00.000-0000","begin":"2023-08-11T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Artificial Intelligence (AI) has paved its way into many fields, and cybersecurity is no exception. AI can significantly augment red team operations by enhancing the learning process of key tools like Python and Scapy. Let's delve into how AI can act as an indispensable co-pilot in mastering these crucial tools for cybersecurity tasks.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"title":"AI-Driven Hacker's Toolkit: Using AI to Learn Python and Scapy for Exploitation and Post-Exploitation Techniques","android_description":"Artificial Intelligence (AI) has paved its way into many fields, and cybersecurity is no exception. AI can significantly augment red team operations by enhancing the learning process of key tools like Python and Scapy. Let's delve into how AI can act as an indispensable co-pilot in mastering these crucial tools for cybersecurity tasks.","end_timestamp":{"seconds":1691787600,"nanoseconds":0},"updated_timestamp":{"seconds":1689358200,"nanoseconds":0},"speakers":[{"content_ids":[51078,51080],"conference_id":96,"event_ids":[51110,51129,51112,51132,51133,51134,51135],"name":"Omar Santos","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/santosomar"}],"pronouns":null,"media":[],"id":50276}],"timeband_id":990,"links":[],"end":"2023-08-11T21:00:00.000-0000","id":51110,"tag_ids":[40294,45647,45719],"village_id":60,"begin_timestamp":{"seconds":1691784000,"nanoseconds":0},"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50276}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 5","hotel":"","short_name":"Area 5","id":45829},"updated":"2023-07-14T18:10:00.000-0000","begin":"2023-08-11T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Russia is the world’s largest country. I’ve lived all my life in Finland, about a hundred miles from the Russian border. Finland has learned to live next to a very large and very unpredictable neighbor. Both my grandfathers fought Russia in the second world war. Today, Finland ranks as one of the least corrupted countries in the world, while Russia ranks as one of the most corrupted countries. How is that even possible?\r\n\r\nAs Russia has grown more aggressive over the last decade and as it violently attacked Ukraine, attitudes about neutrality changed quicky in my home country. When Finland joined NATO in April 2023, NATO more than doubled its land border with Russia – which is probably not what Putin had in mind.\r\n\r\nThis talk will summarize the developments of the Russian cyber programs and about Russian patriotic hacker groups that got us into where we are today and makes educated guesses about where Russia will be headed next.\r\n\r\nREFERENCES:\r\n\r\n\"If It's Smart, It's Vulnerable\" (2022) -- Mikko Hypponen, foreword by Jeff Moss\r\n\r\n\"Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers\" (2019) – Andy Greenberg\n\n\n","title":"Living Next Door to Russia","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#47c64e","name":"DEF CON War Story","id":45844},"android_description":"Russia is the world’s largest country. I’ve lived all my life in Finland, about a hundred miles from the Russian border. Finland has learned to live next to a very large and very unpredictable neighbor. Both my grandfathers fought Russia in the second world war. Today, Finland ranks as one of the least corrupted countries in the world, while Russia ranks as one of the most corrupted countries. How is that even possible?\r\n\r\nAs Russia has grown more aggressive over the last decade and as it violently attacked Ukraine, attitudes about neutrality changed quicky in my home country. When Finland joined NATO in April 2023, NATO more than doubled its land border with Russia – which is probably not what Putin had in mind.\r\n\r\nThis talk will summarize the developments of the Russian cyber programs and about Russian patriotic hacker groups that got us into where we are today and makes educated guesses about where Russia will be headed next.\r\n\r\nREFERENCES:\r\n\r\n\"If It's Smart, It's Vulnerable\" (2022) -- Mikko Hypponen, foreword by Jeff Moss\r\n\r\n\"Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers\" (2019) – Andy Greenberg","end_timestamp":{"seconds":1691786700,"nanoseconds":0},"updated_timestamp":{"seconds":1688180280,"nanoseconds":0},"speakers":[{"content_ids":[50653],"conference_id":96,"event_ids":[50859],"name":"Mikko Hypponen","affiliations":[{"organization":"WithSecure","title":"Researcher"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/mikko"},{"description":"","title":"Website","sort_order":0,"url":"https://mikko.com"}],"media":[],"id":49940,"title":"Researcher at WithSecure"}],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246106"}],"end":"2023-08-11T20:45:00.000-0000","id":50859,"village_id":null,"tag_ids":[45648,45844],"begin_timestamp":{"seconds":1691784000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49940}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45666,"name":"Harrah's - Nevada Ballroom - Lake Tahoe & Reno - War Stories - On the Record","hotel":"","short_name":"War Stories - On the Record","id":45801},"spans_timebands":"N","updated":"2023-07-01T02:58:00.000-0000","begin":"2023-08-11T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"To ensure Google Pixel devices are always at their most secure, the Android Red Team continuously attacks the riskiest areas of the phone. This allows us to proactively get ahead of bugs and protect the phone, before it’s even shipped to users.\r\n \r\nThe modem — or baseband — is considered a fundamental component of smartphones, and is at high risk because it is a privileged system component that accepts data from an untrusted remote source (cell towers). A vulnerability in the modem exposes end-users to scalable attacks carried out remotely, which may lead to many kinds of compromise on a phone.\r\n \r\nModem security is currently a hot topic of research, attracting growing interest from security researchers, both in the industry and in academia. This wasn’t the case up until recently for a couple of reasons: most modem code is closed source, and testing it requires expensive hardware equipment. With some of these barriers being removed in recent years, due the invention of software-defined radio (SDR) devices and public toolkits, the entry level into baseband security analysis has become more affordable. In this session the Android Red Team will be describing some findings from its offensive evaluation of modems used in Pixel devices.\n\n\n","title":"Over the Air, Under the Radar: Attacking and Securing the Pixel Modem","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691786700,"nanoseconds":0},"android_description":"To ensure Google Pixel devices are always at their most secure, the Android Red Team continuously attacks the riskiest areas of the phone. This allows us to proactively get ahead of bugs and protect the phone, before it’s even shipped to users.\r\n \r\nThe modem — or baseband — is considered a fundamental component of smartphones, and is at high risk because it is a privileged system component that accepts data from an untrusted remote source (cell towers). A vulnerability in the modem exposes end-users to scalable attacks carried out remotely, which may lead to many kinds of compromise on a phone.\r\n \r\nModem security is currently a hot topic of research, attracting growing interest from security researchers, both in the industry and in academia. This wasn’t the case up until recently for a couple of reasons: most modem code is closed source, and testing it requires expensive hardware equipment. With some of these barriers being removed in recent years, due the invention of software-defined radio (SDR) devices and public toolkits, the entry level into baseband security analysis has become more affordable. In this session the Android Red Team will be describing some findings from its offensive evaluation of modems used in Pixel devices.","updated_timestamp":{"seconds":1687138800,"nanoseconds":0},"speakers":[{"content_ids":[50584],"conference_id":96,"event_ids":[50789],"name":"Farzan Karimi","affiliations":[{"organization":"Google","title":"Android Offensive Security Manager"}],"links":[],"pronouns":"he/him","media":[],"id":49812,"title":"Android Offensive Security Manager at Google"},{"content_ids":[50584],"conference_id":96,"event_ids":[50789],"name":"Xuan Xing","affiliations":[{"organization":"Google","title":"Tech Lead on the Android Red Team"}],"links":[],"pronouns":null,"media":[],"id":49813,"title":"Tech Lead on the Android Red Team at Google"},{"content_ids":[50584],"conference_id":96,"event_ids":[50789],"name":"Xiling Gong","affiliations":[{"organization":"Google","title":"Security Researcher on the Android Red Team"}],"links":[],"pronouns":null,"media":[],"id":49814,"title":"Security Researcher on the Android Red Team at Google"},{"content_ids":[50584],"conference_id":96,"event_ids":[50789],"name":"Eugene Rodionov","affiliations":[{"organization":"Google","title":"Security Researcher on the Android Red Team"}],"links":[],"pronouns":null,"media":[],"id":49815,"title":"Security Researcher on the Android Red Team at Google"}],"timeband_id":990,"end":"2023-08-11T20:45:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245755"}],"id":50789,"begin_timestamp":{"seconds":1691784000,"nanoseconds":0},"village_id":null,"tag_ids":[45589,45592,45629,45646,45766],"includes":"Demo 💻, Exploit 🪲","people":[{"tag_id":45590,"sort_order":1,"person_id":49815},{"tag_id":45590,"sort_order":1,"person_id":49812},{"tag_id":45590,"sort_order":1,"person_id":49814},{"tag_id":45590,"sort_order":1,"person_id":49813}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"spans_timebands":"N","updated":"2023-06-19T01:40:00.000-0000","begin":"2023-08-11T20:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Lock Bypass 102","end_timestamp":{"seconds":1691784000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691565000,"nanoseconds":0},"speakers":[{"content_ids":[52383,52384,52393],"conference_id":96,"event_ids":[52674,52675,52684],"name":"Karen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51605}],"timeband_id":990,"links":[],"end":"2023-08-11T20:00:00.000-0000","id":52675,"village_id":null,"tag_ids":[40290,45645,45647,45743],"begin_timestamp":{"seconds":1691782200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51605}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Carson City - Physical Security Village","hotel":"","short_name":"Carson City - Physical Security Village","id":45679},"updated":"2023-08-09T07:10:00.000-0000","begin":"2023-08-11T19:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The public’s view of election security is built primarily on trust. Much media attention has been given to the possibility of active attack against election infrastructure, but very little focus has been placed on securing elements of the software supply chain behind this infrastructure. Efforts have been made to improve the security of elections and software used in these elections, but are these efforts enough to move the security world in the right direction? This talk discusses the blindspot in election security: the lurking threat of incomplete software supply chain analysis and presents insights gleaned in a recent real-world ReversingLabs engagement.\n\n\n","title":"Ghost in the (Voting) Machine: Failures in Election Software Supply Chain Security","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"The public’s view of election security is built primarily on trust. Much media attention has been given to the possibility of active attack against election infrastructure, but very little focus has been placed on securing elements of the software supply chain behind this infrastructure. Efforts have been made to improve the security of elections and software used in these elections, but are these efforts enough to move the security world in the right direction? This talk discusses the blindspot in election security: the lurking threat of incomplete software supply chain analysis and presents insights gleaned in a recent real-world ReversingLabs engagement.","end_timestamp":{"seconds":1691784900,"nanoseconds":0},"updated_timestamp":{"seconds":1691435340,"nanoseconds":0},"speakers":[{"content_ids":[52322,52333],"conference_id":96,"event_ids":[52617,52606],"name":"Ashlee Benge","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/ashleebenge"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ashlee_benge"},{"description":"","title":"Website","sort_order":0,"url":"https://www.reversinglabs.com"}],"media":[],"id":51529}],"timeband_id":990,"links":[],"end":"2023-08-11T20:15:00.000-0000","id":52606,"tag_ids":[40298,45645,45646,45743],"begin_timestamp":{"seconds":1691782200,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51529}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"spans_timebands":"N","updated":"2023-08-07T19:09:00.000-0000","begin":"2023-08-11T19:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Our objectives for our presentation will be to: provide an introduction to the DISARM foundation’s framework, STIX bundles, and OPENCTI, and demonstrate how STIX bundles/OPENCTI can provide indications and warning of IO campaigns, and show how this is relevant to the civic integrity community. For audience participation, we will be conducting a simplified version of the tabletop exercise we just ran using an online polling tool to gather results and provide the audience a chance to upvote ideas they find most successful.  We will aim to run through 3 different polling rounds, and allow 15 mins at the end of wrap up time.\n\n\n","title":"DISARM Workshop","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691785200,"nanoseconds":0},"android_description":"Our objectives for our presentation will be to: provide an introduction to the DISARM foundation’s framework, STIX bundles, and OPENCTI, and demonstrate how STIX bundles/OPENCTI can provide indications and warning of IO campaigns, and show how this is relevant to the civic integrity community. For audience participation, we will be conducting a simplified version of the tabletop exercise we just ran using an online polling tool to gather results and provide the audience a chance to upvote ideas they find most successful.  We will aim to run through 3 different polling rounds, and allow 15 mins at the end of wrap up time.","updated_timestamp":{"seconds":1691435040,"nanoseconds":0},"speakers":[{"content_ids":[52311,52330],"conference_id":96,"event_ids":[52595,52614],"name":"Charles Smith","affiliations":[],"pronouns":null,"links":[{"description":"","title":"","sort_order":0,"url":"http://linkedin.com/in/charles-alexander-smith"}],"media":[],"id":51534},{"content_ids":[52311],"conference_id":96,"event_ids":[52595],"name":"Dan Meidenbauer","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/daniel-meidenbauer-00952b49"}],"media":[],"id":51538}],"timeband_id":990,"links":[],"end":"2023-08-11T20:20:00.000-0000","id":52595,"tag_ids":[40298,45646,45719,45743],"village_id":null,"begin_timestamp":{"seconds":1691782200,"nanoseconds":0},"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":51534},{"tag_id":45633,"sort_order":1,"person_id":51538}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"updated":"2023-08-07T19:04:00.000-0000","begin":"2023-08-11T19:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Hackathon presentation","end_timestamp":{"seconds":1691784000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691284380,"nanoseconds":0},"speakers":[{"content_ids":[52261,52262,52264,52275,52297],"conference_id":96,"event_ids":[52525,52526,52539,52528,52569],"name":"Misinformation Village Staff","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51509}],"timeband_id":990,"links":[],"end":"2023-08-11T20:00:00.000-0000","id":52528,"village_id":null,"begin_timestamp":{"seconds":1691782200,"nanoseconds":0},"tag_ids":[40305,45645,45646,45743],"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51509}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 224 - Misinfo Village","hotel":"","short_name":"Summit - 224 - Misinfo Village","id":45856},"updated":"2023-08-06T01:13:00.000-0000","begin":"2023-08-11T19:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Quite often when we read best practices we are told ‘what’ to do, but not the ‘why’. When we are told to ensure there are no false positives in the pipeline, the reason seems obvious, but not every part of DevOps is that intuitive, and not all ‘best practices’ make sense on first blush. Let’s explore tried, tested, and failed methods, and then flip them on their head, so we know not only what to do to avoid them, but also why it is important to do so, with these DevSecOps WORST practices.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"DevSecOps Worst Practices","end_timestamp":{"seconds":1691784900,"nanoseconds":0},"android_description":"Quite often when we read best practices we are told ‘what’ to do, but not the ‘why’. When we are told to ensure there are no false positives in the pipeline, the reason seems obvious, but not every part of DevOps is that intuitive, and not all ‘best practices’ make sense on first blush. Let’s explore tried, tested, and failed methods, and then flip them on their head, so we know not only what to do to avoid them, but also why it is important to do so, with these DevSecOps WORST practices.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52090],"conference_id":96,"event_ids":[52316],"name":"Tanya Janca","affiliations":[],"pronouns":null,"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/tanya-janca/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/shehackspurple"}],"media":[],"id":51379}],"timeband_id":990,"links":[],"end":"2023-08-11T20:15:00.000-0000","id":52316,"tag_ids":[40297,45645,45647,45743],"village_id":null,"begin_timestamp":{"seconds":1691782200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51379}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Main Stage","hotel":"","short_name":"AppSec Village - Main Stage","id":45960},"spans_timebands":"N","updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-11T19:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Machine learning models are often treated as black boxes, with their internals hidden away from users. However, as ML technology has become more prevalent in everyday life, it is crucial to understand that these models are essentially code - and as such, can be manipulated in unexpected and potentially malicious ways. In this talk, we explore several model serialization formats used by popular ML libraries, such as PyTorch, Keras, TensorFlow, and scikit-learn. We show how each of these formats can be exploited to execute arbitrary code and bypass security measures, leading to the compromise of critical ML infrastructure systems. We also demonstrate how it is possible to hide a malicious payload inside an ML model using steganography and then reconstruct and execute it when the model is loaded into memory.\n\n\n","title":"Not Just The Pickle: An Overview of Exploitable ML Serialization Formats","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691785500,"nanoseconds":0},"android_description":"Machine learning models are often treated as black boxes, with their internals hidden away from users. However, as ML technology has become more prevalent in everyday life, it is crucial to understand that these models are essentially code - and as such, can be manipulated in unexpected and potentially malicious ways. In this talk, we explore several model serialization formats used by popular ML libraries, such as PyTorch, Keras, TensorFlow, and scikit-learn. We show how each of these formats can be exploited to execute arbitrary code and bypass security measures, leading to the compromise of critical ML infrastructure systems. We also demonstrate how it is possible to hide a malicious payload inside an ML model using steganography and then reconstruct and execute it when the model is loaded into memory.","updated_timestamp":{"seconds":1691031300,"nanoseconds":0},"speakers":[{"content_ids":[52049],"conference_id":96,"event_ids":[52268],"name":"Marta Janus","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51287}],"timeband_id":990,"links":[],"end":"2023-08-11T20:25:00.000-0000","id":52268,"tag_ids":[40299,45645,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691782200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51287}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 401-406 - AI Village","hotel":"","short_name":"Academy - 401-406 - AI Village","id":45870},"spans_timebands":"N","updated":"2023-08-03T02:55:00.000-0000","begin":"2023-08-11T19:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Practical advice for navigating edtech privacy","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691784000,"nanoseconds":0},"updated_timestamp":{"seconds":1691026020,"nanoseconds":0},"speakers":[{"content_ids":[52038],"conference_id":96,"event_ids":[52254],"name":"Michelle Levesley","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51265}],"timeband_id":990,"links":[],"end":"2023-08-11T20:00:00.000-0000","id":52254,"begin_timestamp":{"seconds":1691782200,"nanoseconds":0},"village_id":null,"tag_ids":[40308,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51265}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset - Vista - Crypto & Privacy Village","hotel":"","short_name":"Sunset - Vista - Crypto & Privacy Village","id":45702},"spans_timebands":"N","begin":"2023-08-11T19:30:00.000-0000","updated":"2023-08-03T01:27:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Introducing the DeRF (Detection Replay Framework), a tool which hosts attack techniques and supports the invocation of those attacks across cloud environments. What sets DeRF apart from other cloud attack tools?\r\n\r\n - User-Friendly Interface: Since the DeRF is hosted in Google Cloud, End Users can invoke attacks through the cloud console UI without the need to install software or use the CLI.\r\n - Accessibility for Non-Security Professionals: The DeRF caters to a broad audience of End Users, including Engineering, Sales, Support Staff or automated processes.\r\n - Robust OpSec: Long-Lived Credentials are not passed between operators, instead access to the DeRF and its attack techniques are controlled through GCP IAM Role-Based Access Control (RBAC)\r\n - Extensibility at its Core: Attack sequences are written in YAML, enabling easy configuration of new techniques.\r\n - Turn-Key deployment: Deploying (and destroying!) the DeRF is a fully automated process, completed in under 3 minutes.\r\n\r\nDuring this demo, we will guide you through the straightforward and automated deployment process for the DeRF. We'll demonstrate how to invoke pre-configured attack techniques and illustrate how you can customize the framework to align with your internal attacker profile. By deploying the DeRF within your organization you can easily spin up attacker simulations, to augment training or automate the testing of detection capabilities.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Attacks as a Service with The DeRF","end_timestamp":{"seconds":1691784000,"nanoseconds":0},"android_description":"Introducing the DeRF (Detection Replay Framework), a tool which hosts attack techniques and supports the invocation of those attacks across cloud environments. What sets DeRF apart from other cloud attack tools?\r\n\r\n - User-Friendly Interface: Since the DeRF is hosted in Google Cloud, End Users can invoke attacks through the cloud console UI without the need to install software or use the CLI.\r\n - Accessibility for Non-Security Professionals: The DeRF caters to a broad audience of End Users, including Engineering, Sales, Support Staff or automated processes.\r\n - Robust OpSec: Long-Lived Credentials are not passed between operators, instead access to the DeRF and its attack techniques are controlled through GCP IAM Role-Based Access Control (RBAC)\r\n - Extensibility at its Core: Attack sequences are written in YAML, enabling easy configuration of new techniques.\r\n - Turn-Key deployment: Deploying (and destroying!) the DeRF is a fully automated process, completed in under 3 minutes.\r\n\r\nDuring this demo, we will guide you through the straightforward and automated deployment process for the DeRF. We'll demonstrate how to invoke pre-configured attack techniques and illustrate how you can customize the framework to align with your internal attacker profile. By deploying the DeRF within your organization you can easily spin up attacker simulations, to augment training or automate the testing of detection capabilities.","updated_timestamp":{"seconds":1690921680,"nanoseconds":0},"speakers":[{"content_ids":[51994],"conference_id":96,"event_ids":[52188],"name":"Kat Traxler","affiliations":[{"organization":"Vectra AI","title":"Principal Security Researcher"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/NightmareJS"}],"pronouns":null,"media":[],"id":51201,"title":"Principal Security Researcher at Vectra AI"}],"timeband_id":990,"links":[],"end":"2023-08-11T20:00:00.000-0000","id":52188,"begin_timestamp":{"seconds":1691782200,"nanoseconds":0},"tag_ids":[40284,45592,45645,45647,45743],"village_id":null,"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":51201}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Mesquite - Cloud Village","hotel":"","short_name":"Mesquite - Cloud Village","id":45653},"spans_timebands":"N","updated":"2023-08-01T20:28:00.000-0000","begin":"2023-08-11T19:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The signature update process is critical to EDR's effectiveness against emerging threats. The security update process must be highly secured, as demonstrated by the Flame malware attack that leveraged a rogue certificate for lateral movement. Nation-state capabilities are typically required for such an attack, given that signature update files are digitally signed by Microsoft.\r\n\r\nWe wondered if we could achieve similar capabilities running as an unprivileged user without possessing a rough certificate, instead we aimed to turn the original Windows Defender process to our full control.\r\n\r\nIn this talk we will deep dive into Windows Defender architecture, the signature database format and the update process, with a focus on the security verification logic. We will explain how an attacker can completely compromise any Windows agent or server, including those used by enterprises, by exploiting a powerful 0day vulnerability that even we didn't expect to discover.\r\n\r\nWe will demonstrate Defender-Pretender, a tool we developed to achieve neutralization of the EDR. allowing any already known malicious code to run Fully Un-Detected. It can also force Defender to delete admin’s data. OS and driver files, resulting in an unrecoverable OS. We will also explain how an attacker can alter Defender's detection and mitigation logic.\n\n\n","title":"Defender-Pretender: When Windows Defender Updates Become a Security Risk","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691784900,"nanoseconds":0},"android_description":"The signature update process is critical to EDR's effectiveness against emerging threats. The security update process must be highly secured, as demonstrated by the Flame malware attack that leveraged a rogue certificate for lateral movement. Nation-state capabilities are typically required for such an attack, given that signature update files are digitally signed by Microsoft.\r\n\r\nWe wondered if we could achieve similar capabilities running as an unprivileged user without possessing a rough certificate, instead we aimed to turn the original Windows Defender process to our full control.\r\n\r\nIn this talk we will deep dive into Windows Defender architecture, the signature database format and the update process, with a focus on the security verification logic. We will explain how an attacker can completely compromise any Windows agent or server, including those used by enterprises, by exploiting a powerful 0day vulnerability that even we didn't expect to discover.\r\n\r\nWe will demonstrate Defender-Pretender, a tool we developed to achieve neutralization of the EDR. allowing any already known malicious code to run Fully Un-Detected. It can also force Defender to delete admin’s data. OS and driver files, resulting in an unrecoverable OS. We will also explain how an attacker can alter Defender's detection and mitigation logic.","updated_timestamp":{"seconds":1687137660,"nanoseconds":0},"speakers":[{"content_ids":[50566],"conference_id":96,"event_ids":[50834],"name":"Tomer Bar","affiliations":[{"organization":"SafeBreach Labs","title":"VP of Security Research"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/tomer-bar-878a348b/"},{"description":"","title":"Website","sort_order":0,"url":"https://www.safebreach.com/safebreach-labs/"}],"pronouns":null,"media":[],"id":49781,"title":"VP of Security Research at SafeBreach Labs"},{"content_ids":[50566,50672],"conference_id":96,"event_ids":[50824,50834],"name":"Omer Attias","affiliations":[{"organization":"SafeBreach Labs","title":"Security Researcher"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/omer-attias-209a9a127/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@omerat21"}],"pronouns":null,"media":[],"id":49782,"title":"Security Researcher at SafeBreach Labs"}],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245737"}],"end":"2023-08-11T20:15:00.000-0000","id":50834,"village_id":null,"begin_timestamp":{"seconds":1691782200,"nanoseconds":0},"tag_ids":[45589,45592,45629,45630,45646,45766],"includes":"Tool 🛠, Demo 💻, Exploit 🪲","people":[{"tag_id":45590,"sort_order":1,"person_id":49782},{"tag_id":45590,"sort_order":1,"person_id":49781}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 407-410 - Track 4","hotel":"","short_name":"Academy - 407-410 - Track 4","id":45799},"updated":"2023-06-19T01:21:00.000-0000","begin":"2023-08-11T19:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In this work, we present the novel results of our research on Intel CPU microcode. Building upon prior research on Intel Goldmont CPUs, we have reverse-engineered the implementations of complex x86 instructions, leading to the discovery of hidden microcode which serves to prevent the persistence of any changes made. Using this knowledge, we were able to patch those discovered sections, allowing us to make persistent microcode changes from userspace on Linux. We have developed and improved microcode tracing tools, giving us deeper insight into Intel Atom microcode than was previously possible, by allowing more dynamic analysis of the ROM.\r\n\r\nAlong with this presentation, we provide a C library for making microcode changes and documentation on the reverse-engineered microcode.\r\n\r\nWe show that vendor updates to the microcode, which cannot be verified by the user, impose a security risk by demonstrating how a Linux system can be compromised through a backdoor within a CPU core's microcode. \r\n\r\nREFERENCES: \r\nIntel TXE POC:\r\nhttps://github.com/chip-red-pill/IntelTXE-PoC\r\nExploit used to gain Red Unlock.\r\n \r\n uCodeDisam:\r\n https://github.com/chip-red-pill/uCodeDisasm\r\n First research (to the best of our knowledge) allowing for dumping microcode ROM as well as a publicly available disassembler for Intel's microcode.\r\n\r\n Undocumented x86 instructions to control the CPU at the micro-architecture level in modern Intel processors:\r\n https://github.com/chip-red-pill/udbgInstr\r\n https://github.com/chip-red-pill/udbgInstr/blob/main/paper/undocumented_x86_insts_for_uarch_control.pdf\r\n From the research above, two undocumented instructions intended for debug perpuse at Intel were found. This layed the groundwork for us to experiment and test the behavior of microcode operations.\r\n \r\n Custom Processing Unit:\r\n https://github.com/pietroborrello/CustomProcessingUnit\r\n Custom Processing Unit is the first dynamic analysis framework able to hook, patch and trace microcode from a UEFI application\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"title":"Backdoor in the Core - Altering the Intel x86 Instruction Set at Runtime","end_timestamp":{"seconds":1691784900,"nanoseconds":0},"android_description":"In this work, we present the novel results of our research on Intel CPU microcode. Building upon prior research on Intel Goldmont CPUs, we have reverse-engineered the implementations of complex x86 instructions, leading to the discovery of hidden microcode which serves to prevent the persistence of any changes made. Using this knowledge, we were able to patch those discovered sections, allowing us to make persistent microcode changes from userspace on Linux. We have developed and improved microcode tracing tools, giving us deeper insight into Intel Atom microcode than was previously possible, by allowing more dynamic analysis of the ROM.\r\n\r\nAlong with this presentation, we provide a C library for making microcode changes and documentation on the reverse-engineered microcode.\r\n\r\nWe show that vendor updates to the microcode, which cannot be verified by the user, impose a security risk by demonstrating how a Linux system can be compromised through a backdoor within a CPU core's microcode. \r\n\r\nREFERENCES: \r\nIntel TXE POC:\r\nhttps://github.com/chip-red-pill/IntelTXE-PoC\r\nExploit used to gain Red Unlock.\r\n \r\n uCodeDisam:\r\n https://github.com/chip-red-pill/uCodeDisasm\r\n First research (to the best of our knowledge) allowing for dumping microcode ROM as well as a publicly available disassembler for Intel's microcode.\r\n\r\n Undocumented x86 instructions to control the CPU at the micro-architecture level in modern Intel processors:\r\n https://github.com/chip-red-pill/udbgInstr\r\n https://github.com/chip-red-pill/udbgInstr/blob/main/paper/undocumented_x86_insts_for_uarch_control.pdf\r\n From the research above, two undocumented instructions intended for debug perpuse at Intel were found. This layed the groundwork for us to experiment and test the behavior of microcode operations.\r\n \r\n Custom Processing Unit:\r\n https://github.com/pietroborrello/CustomProcessingUnit\r\n Custom Processing Unit is the first dynamic analysis framework able to hook, patch and trace microcode from a UEFI application","updated_timestamp":{"seconds":1687138860,"nanoseconds":0},"speakers":[{"content_ids":[50586],"conference_id":96,"event_ids":[50815],"name":"Alexander Dalsgaard Krog","affiliations":[{"organization":"Vectorize","title":"Vulnerability Researcher"}],"pronouns":"he/him","links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/alexander-dalsgaard-krog"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/alexanderkrog"}],"media":[],"id":49817,"title":"Vulnerability Researcher at Vectorize"},{"content_ids":[50586],"conference_id":96,"event_ids":[50815],"name":"Alexander Skovsende","affiliations":[{"organization":"Technical University of Denmark","title":"Grad Student"}],"links":[],"pronouns":"he/him","media":[],"id":49818,"title":"Grad Student at Technical University of Denmark"}],"timeband_id":990,"end":"2023-08-11T20:15:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245757"}],"id":50815,"tag_ids":[45589,45592,45630,45646,45766],"village_id":null,"begin_timestamp":{"seconds":1691782200,"nanoseconds":0},"includes":"Demo 💻, Tool 🛠","people":[{"tag_id":45590,"sort_order":1,"person_id":49817},{"tag_id":45590,"sort_order":1,"person_id":49818}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 130-134 - Track 3","hotel":"","short_name":"Forum - 130-134 - Track 3","id":45798},"updated":"2023-06-19T01:41:00.000-0000","begin":"2023-08-11T19:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Have you ever wondered how you can access your family pictures on your home network-attached storage (NAS) device remotely from your mobile? Do you know how this magic works? At Pwn2Own Toronto 2022, we chained multiple bugs to exploit both Synology and Western Digital NAS devices by abusing vulnerabilities in the device, cloud and the mutual trust between them.\r\n\r\nIn our research, we reviewed the pairing mechanism of NAS devices with the WD and Synology cloud platforms. To our surprise we discovered that devices authenticate to the cloud using a hardware identifier which is later used by users to remotely access their devices. Using this, we were able to impersonate any given NAS device and perform phishing attacks that yielded us admin rights on any targeted WD or Synology device.\r\n\r\nIn this talk, we will explain the pairing process of WD and Synology NAS. We will elaborate on the overall architecture of their cloud offering and focus on the vulnerabilities we found including ways to enumerate and impersonate all edge devices using certificate transparency log (CTL), and steal cloud proxy auth tokens. This enabled us to download every file saved on the NAS devices, alter or encrypt them, and bypass NAT/Firewall protection to achieve full remote code execution on all cloud-connected NAS (and to gain $$$ from Pwn2Own).\n\n\n","title":"A Pain in the NAS: Exploiting Cloud Connectivity to PWN your NAS","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691784900,"nanoseconds":0},"android_description":"Have you ever wondered how you can access your family pictures on your home network-attached storage (NAS) device remotely from your mobile? Do you know how this magic works? At Pwn2Own Toronto 2022, we chained multiple bugs to exploit both Synology and Western Digital NAS devices by abusing vulnerabilities in the device, cloud and the mutual trust between them.\r\n\r\nIn our research, we reviewed the pairing mechanism of NAS devices with the WD and Synology cloud platforms. To our surprise we discovered that devices authenticate to the cloud using a hardware identifier which is later used by users to remotely access their devices. Using this, we were able to impersonate any given NAS device and perform phishing attacks that yielded us admin rights on any targeted WD or Synology device.\r\n\r\nIn this talk, we will explain the pairing process of WD and Synology NAS. We will elaborate on the overall architecture of their cloud offering and focus on the vulnerabilities we found including ways to enumerate and impersonate all edge devices using certificate transparency log (CTL), and steal cloud proxy auth tokens. This enabled us to download every file saved on the NAS devices, alter or encrypt them, and bypass NAT/Firewall protection to achieve full remote code execution on all cloud-connected NAS (and to gain $$$ from Pwn2Own).","updated_timestamp":{"seconds":1687135620,"nanoseconds":0},"speakers":[{"content_ids":[50541,50556],"conference_id":96,"event_ids":[50758,50765],"name":"Noam Moshe","affiliations":[{"organization":"Claroty Team82","title":"Vulnerability Researcher"}],"links":[],"pronouns":"he/him","media":[],"id":49748,"title":"Vulnerability Researcher at Claroty Team82"},{"content_ids":[50541,50556],"conference_id":96,"event_ids":[50758,50765],"name":"Sharon Brizinov","affiliations":[{"organization":"Claroty Team82","title":"Director of Security Research"}],"links":[],"pronouns":"he/him","media":[],"id":49749,"title":"Director of Security Research at Claroty Team82"}],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245710"}],"end":"2023-08-11T20:15:00.000-0000","id":50758,"begin_timestamp":{"seconds":1691782200,"nanoseconds":0},"tag_ids":[45589,45592,45629,45646,45766],"village_id":null,"includes":"Demo 💻, Exploit 🪲","people":[{"tag_id":45590,"sort_order":1,"person_id":49748},{"tag_id":45590,"sort_order":1,"person_id":49749}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 105,135,136 - Track 1","hotel":"","short_name":"Forum - 105,135,136 - Track 1","id":45796},"begin":"2023-08-11T19:30:00.000-0000","updated":"2023-06-19T00:47:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"AWS offers Service Catalog to help organization centrally manage commonly deployed IT services through Infrastructure As Code whether it be CloudFormation template or Terraform, and helps organizations achieve consistent governance and meet compliance requirements. Additionally, as the security feature, organization can delegate the permission to what AWS called \"Launch Constraints\" role to provision resources on behalf of regular users whom otherwise do not have enough permission to provision resource themselves.\r\n\r\nIn this talk, we are going to explore how attackers, after initial access, can establish persistence and escalate their permission and continue further down the attack chain by leveraging the misconfiguration of the launch constraints role in conjunction with compromised service catalog admin user to take over the entire AWS account. We also will talk about how to detect such attempt and how to apply defense in depth to stop attackers at different stages of the attack chain.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"From Service Catalog Admin to Account takeover: Privilege Escalation with Service Catalog Launch Constraint","android_description":"AWS offers Service Catalog to help organization centrally manage commonly deployed IT services through Infrastructure As Code whether it be CloudFormation template or Terraform, and helps organizations achieve consistent governance and meet compliance requirements. Additionally, as the security feature, organization can delegate the permission to what AWS called \"Launch Constraints\" role to provision resources on behalf of regular users whom otherwise do not have enough permission to provision resource themselves.\r\n\r\nIn this talk, we are going to explore how attackers, after initial access, can establish persistence and escalate their permission and continue further down the attack chain by leveraging the misconfiguration of the launch constraints role in conjunction with compromised service catalog admin user to take over the entire AWS account. We also will talk about how to detect such attempt and how to apply defense in depth to stop attackers at different stages of the attack chain.","end_timestamp":{"seconds":1691782200,"nanoseconds":0},"updated_timestamp":{"seconds":1690921620,"nanoseconds":0},"speakers":[{"content_ids":[51993],"conference_id":96,"event_ids":[52187],"name":"Sarachai Boonyakiat","affiliations":[{"organization":"","title":"Principal Cloud Security"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ChaiBoonyakiat"}],"pronouns":null,"media":[],"id":51200,"title":"Principal Cloud Security"}],"timeband_id":990,"links":[],"end":"2023-08-11T19:30:00.000-0000","id":52187,"village_id":null,"tag_ids":[40284,45645,45647,45743],"begin_timestamp":{"seconds":1691781000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51200}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Mesquite - Cloud Village","hotel":"","short_name":"Mesquite - Cloud Village","id":45653},"begin":"2023-08-11T19:10:00.000-0000","updated":"2023-08-01T20:27:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"How I Found Your Password, and Other Advanced Data Hoarding Techniques","end_timestamp":{"seconds":1691783700,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1689552900,"nanoseconds":0},"speakers":[{"content_ids":[51297],"conference_id":96,"event_ids":[51359],"name":"M4x 5yn74x","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50460}],"timeband_id":990,"links":[],"end":"2023-08-11T19:55:00.000-0000","id":51359,"tag_ids":[40293,45645,45649,45743],"village_id":59,"begin_timestamp":{"seconds":1691781000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50460}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social B and C - Recon Village","hotel":"","short_name":"Social B and C - Recon Village","id":45737},"updated":"2023-07-17T00:15:00.000-0000","begin":"2023-08-11T19:10:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Lock Bypass 101","android_description":"","end_timestamp":{"seconds":1691782200,"nanoseconds":0},"updated_timestamp":{"seconds":1691565000,"nanoseconds":0},"speakers":[{"content_ids":[52383,52384,52393],"conference_id":96,"event_ids":[52674,52675,52684],"name":"Karen","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51605}],"timeband_id":990,"links":[],"end":"2023-08-11T19:30:00.000-0000","id":52674,"village_id":null,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"tag_ids":[40290,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51605}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Carson City - Physical Security Village","hotel":"","short_name":"Carson City - Physical Security Village","id":45679},"spans_timebands":"N","begin":"2023-08-11T19:00:00.000-0000","updated":"2023-08-09T07:10:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#d1c366","updated_at":"2024-06-07T03:38+0000","name":"Meetup","id":45639},"title":"SUNDAY CANCELED: HDA / Accessibility Area Open","android_description":"","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691955960,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52587,"tag_ids":[45639,45648,45743],"village_id":null,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Studio 2-4 - HDA Community","hotel":"","short_name":"Studio 2-4 - HDA Community","id":45728},"spans_timebands":"N","updated":"2023-08-13T19:46:00.000-0000","begin":"2023-08-11T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"\"Why would you possibly need to know how to do that?\" and “Couldn’t you just break the lock?” are two of the more common questions I get when discussing lock picking or various bypasses. At first glance, many see lock picking as a nefarious and largely unnecessary hobby. But, whether you are a locksport enthusiast, security researcher, emergency responder, or just someone who enjoys puzzles, lock picking can be a constructive—and useful—skill to learn. This talk aims to show how diverse the community is, explore some of the many reasons we engage in this hobby, and try to give some answers as to why we practice lock picking.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"The \"Why\" of Lock Picking","android_description":"\"Why would you possibly need to know how to do that?\" and “Couldn’t you just break the lock?” are two of the more common questions I get when discussing lock picking or various bypasses. At first glance, many see lock picking as a nefarious and largely unnecessary hobby. But, whether you are a locksport enthusiast, security researcher, emergency responder, or just someone who enjoys puzzles, lock picking can be a constructive—and useful—skill to learn. This talk aims to show how diverse the community is, explore some of the many reasons we engage in this hobby, and try to give some answers as to why we practice lock picking.","end_timestamp":{"seconds":1691781600,"nanoseconds":0},"updated_timestamp":{"seconds":1691288640,"nanoseconds":0},"speakers":[{"content_ids":[50631,52283],"conference_id":96,"event_ids":[52547,50739],"name":"Christopher Forte","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49889}],"timeband_id":990,"links":[],"end":"2023-08-11T19:20:00.000-0000","id":52547,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"tag_ids":[40309,45645,45649,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49889}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45753,"name":"LINQ - 5th Floor / BLOQ - Lockpick Village","hotel":"","short_name":"5th Floor / BLOQ - Lockpick Village","id":45873},"spans_timebands":"N","begin":"2023-08-11T19:00:00.000-0000","updated":"2023-08-06T02:24:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This talk will cover the story of the International Wigle Space Balloon from the inception to launch. Along the way we'll cover FAA legalities, hardware design constraints, minimizing launch costs using OTSH, buoyancy and flight characteristic calculations, and conclude with the networks observed during the various flights as well as the introduction of a surprise friend we made along the way.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"The International Wigle Space Balloon","android_description":"This talk will cover the story of the International Wigle Space Balloon from the inception to launch. Along the way we'll cover FAA legalities, hardware design constraints, minimizing launch costs using OTSH, buoyancy and flight characteristic calculations, and conclude with the networks observed during the various flights as well as the introduction of a surprise friend we made along the way.","end_timestamp":{"seconds":1691784000,"nanoseconds":0},"updated_timestamp":{"seconds":1691259840,"nanoseconds":0},"speakers":[{"content_ids":[51023,52248],"conference_id":96,"event_ids":[52509,51061],"name":"Lozaning","affiliations":[],"links":[],"pronouns":"they/them","media":[],"id":50212}],"timeband_id":990,"links":[],"end":"2023-08-11T20:00:00.000-0000","id":52509,"tag_ids":[40292,45645,45647,45743],"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50212}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Eldorado - Radio Frequency Village","hotel":"","short_name":"Eldorado - Radio Frequency Village","id":45714},"begin":"2023-08-11T19:00:00.000-0000","updated":"2023-08-05T18:24:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"\"QKD\". You've heard of it! You want to try it! But are afraid of what the neighbours would think. Today we present a Didactic solution to \"QKD\" from home. We will \"attempt\" the world's first transatlantic \"VEGAS QKD\" live. \r\n\r\nLast year it was quantum snake oil. This year.... See what is on the \"Kards.....\". \r\n\r\nNote and Caveat: keywords are ‘Didactic’ and ‘air-quotes’ ;) The attendee will leave the presentation with a more intuitive feel for how QKD works.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"World's Cheapest \"QKD\" ;) -QKD for fun and non- profit from home","android_description":"\"QKD\". You've heard of it! You want to try it! But are afraid of what the neighbours would think. Today we present a Didactic solution to \"QKD\" from home. We will \"attempt\" the world's first transatlantic \"VEGAS QKD\" live. \r\n\r\nLast year it was quantum snake oil. This year.... See what is on the \"Kards.....\". \r\n\r\nNote and Caveat: keywords are ‘Didactic’ and ‘air-quotes’ ;) The attendee will leave the presentation with a more intuitive feel for how QKD works.","end_timestamp":{"seconds":1691784000,"nanoseconds":0},"updated_timestamp":{"seconds":1691108400,"nanoseconds":0},"speakers":[{"content_ids":[52033,52176,52178,52182,52188,52190,52191],"conference_id":96,"event_ids":[52249,52424,52426,52430,52436,52438,52439],"name":"Mark Carney","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51260},{"content_ids":[52178,52186],"conference_id":96,"event_ids":[52426,52434],"name":"Ben Varcoe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51425},{"content_ids":[52178],"conference_id":96,"event_ids":[52426],"name":"Jose Pisaro","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51428}],"timeband_id":990,"links":[],"end":"2023-08-11T20:00:00.000-0000","id":52426,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"tag_ids":[40291,45645,45649,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51425},{"tag_id":45590,"sort_order":1,"person_id":51428},{"tag_id":45590,"sort_order":1,"person_id":51260}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Quantum Village","hotel":"","short_name":"Quantum Village","id":45741},"spans_timebands":"N","updated":"2023-08-04T00:20:00.000-0000","begin":"2023-08-11T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This presentation discusses how SwRI’s secure micropatching service was recently demonstrated running on a commercial team member’s asset on the international space station (ISS). The micropatching service was able to correct insertion, deletion, or modification of data without needing to resend the full update. This work sets a foundation for securing over-the-air updates from malicious perturbation by utilizing communications between space assets.\n\n\n","title":"Secure Micropatching on the ISS","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"This presentation discusses how SwRI’s secure micropatching service was recently demonstrated running on a commercial team member’s asset on the international space station (ISS). The micropatching service was able to correct insertion, deletion, or modification of data without needing to resend the full update. This work sets a foundation for securing over-the-air updates from malicious perturbation by utilizing communications between space assets.","end_timestamp":{"seconds":1691783400,"nanoseconds":0},"updated_timestamp":{"seconds":1691101080,"nanoseconds":0},"speakers":[{"content_ids":[52149],"conference_id":96,"event_ids":[52379],"name":"Henry Haswell","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51412}],"timeband_id":990,"links":[],"end":"2023-08-11T19:50:00.000-0000","id":52379,"tag_ids":[40280,45645,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51412}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"begin":"2023-08-11T19:00:00.000-0000","updated":"2023-08-03T22:18:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Join us as we provide an introduction to the Adruino IDE and the ESP8266 microcontroller. Receive a free ESP8266 (Limited to the first 30 attendees to approach the speaker before the start of the talk and ask for a kit), and build your own Wi-Fi deauthentication detector. We will walkthrough assembly, flashing, and configuration steps.\n\n\n","title":"Introduction To Esp8266/Esp32 Microcontrollers And Building A Wi-Fi Deauthentication Detector","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691783400,"nanoseconds":0},"android_description":"Join us as we provide an introduction to the Adruino IDE and the ESP8266 microcontroller. Receive a free ESP8266 (Limited to the first 30 attendees to approach the speaker before the start of the talk and ask for a kit), and build your own Wi-Fi deauthentication detector. We will walkthrough assembly, flashing, and configuration steps.","updated_timestamp":{"seconds":1691079540,"nanoseconds":0},"speakers":[{"content_ids":[52142],"conference_id":96,"event_ids":[52367],"name":"Ryan Zagrodnik","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51393}],"timeband_id":990,"links":[],"end":"2023-08-11T19:50:00.000-0000","id":52367,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"tag_ids":[40287,45646,45719,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51393}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 311-312 - Hardware/Soldering Vlgs","hotel":"","short_name":"Alliance - 311-312 - Hardware/Soldering Vlgs","id":45868},"begin":"2023-08-11T19:00:00.000-0000","updated":"2023-08-03T16:19:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Artificial Intelligence (AI) has earned its title as one of the most critical disruptive technologies in the 21st century. As AI develops at a rapid rate, open-source software (OSS) platforms develop alongside it. Hugging Face is one of these prevailing OSS platforms as it hosts pre-trained AI models, facilitating the accessibility of AI models. Hugging Face is used by over 22,000 organizations, including Intel and Microsoft, has supported more than 2.6 billion model downloads, and is rapidly growing. Just in the past year, Hugging Face has more than doubled its model library from 80,000 models to 203,000 models. However, while Hugging Face democratizes access to AI models, these models may contain unknown security vulnerabilities. Our research focuses on automating our collection process of Hugging Face models, linking them to their primary codebases on GitHub, and executing a large-scale vulnerability assessment of these GitHub repositories using static scanners. We collected more than 110,000 Hugging Face models and over 29,000 GitHub repositories. Our vulnerability assessment of these GitHub models depicted that 35.98% of the severities detected from the root GitHub repositories (developed by Hugging Face) were high-severity vulnerabilities while only 6.79% were low-severity. On the other hand, 82.89% of vulnerabilities from searched repositories (determined through the ‘huggingface’ keyword) are low-severity and 7.49% high-severity, while 82.69% of vulnerabilities from the repositories forked from the root repositories were low-severity and 9.22% were high-severity. The trend in severity levels found in root repositories contradicts the results of severities detected in forked and searched repositories. Given that many of the vulnerabilities reside in fundamental AI repositories such as Transformers, this vulnerability assessment has significant implications for supply chain software security and AI risk management more broadly.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Assessing the Vulnerabilities of the Open-Source Artificial Intelligence (AI) Landscape: A Large-Scale Analysis of the Hugging Face Platform","android_description":"Artificial Intelligence (AI) has earned its title as one of the most critical disruptive technologies in the 21st century. As AI develops at a rapid rate, open-source software (OSS) platforms develop alongside it. Hugging Face is one of these prevailing OSS platforms as it hosts pre-trained AI models, facilitating the accessibility of AI models. Hugging Face is used by over 22,000 organizations, including Intel and Microsoft, has supported more than 2.6 billion model downloads, and is rapidly growing. Just in the past year, Hugging Face has more than doubled its model library from 80,000 models to 203,000 models. However, while Hugging Face democratizes access to AI models, these models may contain unknown security vulnerabilities. Our research focuses on automating our collection process of Hugging Face models, linking them to their primary codebases on GitHub, and executing a large-scale vulnerability assessment of these GitHub repositories using static scanners. We collected more than 110,000 Hugging Face models and over 29,000 GitHub repositories. Our vulnerability assessment of these GitHub models depicted that 35.98% of the severities detected from the root GitHub repositories (developed by Hugging Face) were high-severity vulnerabilities while only 6.79% were low-severity. On the other hand, 82.89% of vulnerabilities from searched repositories (determined through the ‘huggingface’ keyword) are low-severity and 7.49% high-severity, while 82.69% of vulnerabilities from the repositories forked from the root repositories were low-severity and 9.22% were high-severity. The trend in severity levels found in root repositories contradicts the results of severities detected in forked and searched repositories. Given that many of the vulnerabilities reside in fundamental AI repositories such as Transformers, this vulnerability assessment has significant implications for supply chain software security and AI risk management more broadly.","end_timestamp":{"seconds":1691781900,"nanoseconds":0},"updated_timestamp":{"seconds":1691031300,"nanoseconds":0},"speakers":[{"content_ids":[52048],"conference_id":96,"event_ids":[52267],"name":"Adhishree Kathikar","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51275},{"content_ids":[52048],"conference_id":96,"event_ids":[52267],"name":"Aishwarya Nair","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51278}],"timeband_id":990,"links":[],"end":"2023-08-11T19:25:00.000-0000","id":52267,"village_id":null,"tag_ids":[40299,45645,45646,45743],"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51275},{"tag_id":45590,"sort_order":1,"person_id":51278}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 401-406 - AI Village","hotel":"","short_name":"Academy - 401-406 - AI Village","id":45870},"begin":"2023-08-11T19:00:00.000-0000","updated":"2023-08-03T02:55:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Art vs AI: How Artists Hack Computer Vision Systems","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691782200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691026020,"nanoseconds":0},"speakers":[{"content_ids":[52041,52042],"conference_id":96,"event_ids":[52257,52258],"name":"Kate","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51259}],"timeband_id":990,"links":[],"end":"2023-08-11T19:30:00.000-0000","id":52257,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"tag_ids":[40308,45647,45719,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51259}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset - Vista - Crypto & Privacy Village","hotel":"","short_name":"Sunset - Vista - Crypto & Privacy Village","id":45702},"spans_timebands":"N","updated":"2023-08-03T01:27:00.000-0000","begin":"2023-08-11T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Come relax with us in a quiet space! Grab a non-alcoholic drink and check out this year’s WISP swag.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d1c366","updated_at":"2024-06-07T03:38+0000","name":"Meetup","id":45639},"title":"WISP Chill Out Space with Refreshments","end_timestamp":{"seconds":1691794800,"nanoseconds":0},"android_description":"Come relax with us in a quiet space! Grab a non-alcoholic drink and check out this year’s WISP swag.","updated_timestamp":{"seconds":1690576980,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-11T23:00:00.000-0000","id":51701,"tag_ids":[45639,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 217 - WISP","hotel":"","short_name":"Summit - 217 - WISP","id":45861},"spans_timebands":"N","updated":"2023-07-28T20:43:00.000-0000","begin":"2023-08-11T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Joint Cyber Defense Collaborative (JCDC) unifies cyber defenders, including running collaborative cyber planning efforts between government and industry to develop practical courses of action that address cyber risks. The JCDC team is now working with partners across the cyber ecosystem to develop planning priorities for 2024. One focus area we’re exploring for future work is supporting and strengthening collaborative, voluntary efforts to understand and prevent malicious abuse of virtual resources hosted inside the United States. This session will give DEF CON attendees the opportunity to provide direct and candid feedback to JCDC on the nature of the problem posed by abuse of US infrastructure propose tangible ideas that will inform 2024 joint cyber defense planning efforts.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#1e45a5","updated_at":"2024-06-07T03:38+0000","name":"Village Roundtable","id":45772},"title":"It's Coming from Inside the House: Next Steps for Addressing U.S. Network Abuse","end_timestamp":{"seconds":1691787000,"nanoseconds":0},"android_description":"The Joint Cyber Defense Collaborative (JCDC) unifies cyber defenders, including running collaborative cyber planning efforts between government and industry to develop practical courses of action that address cyber risks. The JCDC team is now working with partners across the cyber ecosystem to develop planning priorities for 2024. One focus area we’re exploring for future work is supporting and strengthening collaborative, voluntary efforts to understand and prevent malicious abuse of virtual resources hosted inside the United States. This session will give DEF CON attendees the opportunity to provide direct and candid feedback to JCDC on the nature of the problem posed by abuse of US infrastructure propose tangible ideas that will inform 2024 joint cyber defense planning efforts.","updated_timestamp":{"seconds":1690432020,"nanoseconds":0},"speakers":[{"content_ids":[51511,51527],"conference_id":96,"event_ids":[51667,51683],"name":"David Forscey","affiliations":[{"organization":"CISA JCDC","title":"Cyber Strategy Planner"}],"links":[],"pronouns":null,"media":[],"id":50597,"title":"Cyber Strategy Planner at CISA JCDC"},{"content_ids":[51527],"conference_id":96,"event_ids":[51683],"name":"Emily Paull","affiliations":[{"organization":"CISA JCDC","title":"Cyber Operations Planner"}],"links":[],"pronouns":null,"media":[],"id":50600,"title":"Cyber Operations Planner at CISA JCDC"},{"content_ids":[51527],"conference_id":96,"event_ids":[51683],"name":"Peter Su","affiliations":[{"organization":"CISA JCDC","title":"Cyber Operations Planner"}],"links":[],"pronouns":null,"media":[],"id":50631,"title":"Cyber Operations Planner at CISA JCDC"},{"content_ids":[51527],"conference_id":96,"event_ids":[51683],"name":"Seth McKinnis","affiliations":[{"organization":"CISA JCDC","title":"Future Plans Section Chief"}],"links":[],"pronouns":null,"media":[],"id":50636,"title":"Future Plans Section Chief at CISA JCDC"},{"content_ids":[51527],"conference_id":96,"event_ids":[51683],"name":"Thomas Klein","affiliations":[{"organization":"CISA JCDC (Joint Cyber Defense Collaborative)","title":"Cyber Operations Planner"}],"links":[],"pronouns":null,"media":[],"id":50638,"title":"Cyber Operations Planner at CISA JCDC (Joint Cyber Defense Collaborative)"}],"timeband_id":990,"links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"end":"2023-08-11T20:50:00.000-0000","id":51683,"village_id":null,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"tag_ids":[40310,45646,45743,45772],"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":50597},{"tag_id":45632,"sort_order":1,"person_id":50600},{"tag_id":45632,"sort_order":1,"person_id":50631},{"tag_id":45632,"sort_order":1,"person_id":50636},{"tag_id":45632,"sort_order":1,"person_id":50638}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 220 - Policy NOT-A-SCIF","hotel":"","short_name":"Summit - 220 - Policy NOT-A-SCIF","id":45879},"spans_timebands":"N","begin":"2023-08-11T19:00:00.000-0000","updated":"2023-07-27T04:27:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Our tiny blue planet is quickly being encased in layers of fast-flying, low-earth orbiting satellites in an effort to provide Internet access to earth's three billion unconnected and slowly connected inhabitants. SpaceX's Starlink system is the first planetary-scale ISPs for consumers; more are set to follow. Planetary ISPs can drive much-needed economic growth in the world's poorest countries but introduce unique policy and operational challenges. The regulatory bodies and frameworks set up to deal with terrestrial ISPs are not prepared to deal with issues of internet access, content filtering/moderation, and network neutrality on a global scale. Nor are the agencies governing space launches and operations. While planetary ISPs may see enormous profits, the rest of us may pay the potential costs: an end to ground-based astronomy; an end to clear viewing of the sky; increasing costs for space operations, collision avoidance, and debris removal; and the geopolitical risk when access is provided or not-provided in certain regions. Humanity's future will be determined by how we operate on the internet and in space. How we navigate this new era of space-based internet and what policy frameworks we put in place will determine the winners and losers in this new race in space.\n\n\n","title":"The Promise and Perils of Planetary-Scale ISPs","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691783400,"nanoseconds":0},"android_description":"Our tiny blue planet is quickly being encased in layers of fast-flying, low-earth orbiting satellites in an effort to provide Internet access to earth's three billion unconnected and slowly connected inhabitants. SpaceX's Starlink system is the first planetary-scale ISPs for consumers; more are set to follow. Planetary ISPs can drive much-needed economic growth in the world's poorest countries but introduce unique policy and operational challenges. The regulatory bodies and frameworks set up to deal with terrestrial ISPs are not prepared to deal with issues of internet access, content filtering/moderation, and network neutrality on a global scale. Nor are the agencies governing space launches and operations. While planetary ISPs may see enormous profits, the rest of us may pay the potential costs: an end to ground-based astronomy; an end to clear viewing of the sky; increasing costs for space operations, collision avoidance, and debris removal; and the geopolitical risk when access is provided or not-provided in certain regions. Humanity's future will be determined by how we operate on the internet and in space. How we navigate this new era of space-based internet and what policy frameworks we put in place will determine the winners and losers in this new race in space.","updated_timestamp":{"seconds":1690430700,"nanoseconds":0},"speakers":[{"content_ids":[51505],"conference_id":96,"event_ids":[51661],"name":"J. Scott Christianson","affiliations":[],"links":[{"description":"","title":"Website","sort_order":0,"url":"https://christiansonjs.com"}],"pronouns":null,"media":[],"id":50608}],"timeband_id":990,"links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"end":"2023-08-11T19:50:00.000-0000","id":51661,"village_id":null,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"tag_ids":[40310,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50608}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 218-219 - Policy Rotunda","hotel":"","short_name":"Summit - 218-219 - Policy Rotunda","id":45824},"updated":"2023-07-27T04:05:00.000-0000","begin":"2023-08-11T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This session will help highlight the international landscape for cyber policy, highlighting the need for governments around the world to align on policy development and intervention. It will help establish a baseline of knowledge on what's happening in international cyber policy for those wanting to get up to speed, and will help set the scene for many of the policy discussions to come throughout DEF CON. This session goes hand-in-hand with the US policy 101. \r\n\r\nThe session will start with Peter Stephens of the OECD providing an overview of the main themes and topics being explored by policymakers around the world, as well as sharing what is likely to move forward through the year. Peter has direct experience of driving international policy development as he previously worked at the UK's Department for Digital, Culture, Media and Sport, where he developed the Code of Practice for Security of Consumer IoT. Peter then worked with ETSI to see the Code adopted as a standard across the European Union, and later worked with the Australian, Indian, and Singaporean governments as they explored adoption of the Code, so he has an excellent understanding of the benefits and challenges of international policy harmonization. \r\n\r\nThis portion of the session will be followed by a panel of representatives from the Australian government, the UK government, and the Center for Cybersecurity Policy and Law, which works with government on cyber policy issues around the world. These participants will each highlight top international cyber policy priorities and challenges for 2023-24, as well as how they approach policy development in the context of the global digital technology ecosystem.\r\n\r\nThis will be followed by audience Q&A so attendees can better explore the information provided and build an understanding of the international cyber policy landscape. This session establishes a baseline for many of the Policy @ DEF CON content to follow.\r\n\r\nThis is a double length session lasting 110 minutes.\n\n\n","title":"International Cyber Policy 101","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#bd6284","name":"Village Showcase","id":45773},"end_timestamp":{"seconds":1691787000,"nanoseconds":0},"android_description":"This session will help highlight the international landscape for cyber policy, highlighting the need for governments around the world to align on policy development and intervention. It will help establish a baseline of knowledge on what's happening in international cyber policy for those wanting to get up to speed, and will help set the scene for many of the policy discussions to come throughout DEF CON. This session goes hand-in-hand with the US policy 101. \r\n\r\nThe session will start with Peter Stephens of the OECD providing an overview of the main themes and topics being explored by policymakers around the world, as well as sharing what is likely to move forward through the year. Peter has direct experience of driving international policy development as he previously worked at the UK's Department for Digital, Culture, Media and Sport, where he developed the Code of Practice for Security of Consumer IoT. Peter then worked with ETSI to see the Code adopted as a standard across the European Union, and later worked with the Australian, Indian, and Singaporean governments as they explored adoption of the Code, so he has an excellent understanding of the benefits and challenges of international policy harmonization. \r\n\r\nThis portion of the session will be followed by a panel of representatives from the Australian government, the UK government, and the Center for Cybersecurity Policy and Law, which works with government on cyber policy issues around the world. These participants will each highlight top international cyber policy priorities and challenges for 2023-24, as well as how they approach policy development in the context of the global digital technology ecosystem.\r\n\r\nThis will be followed by audience Q&A so attendees can better explore the information provided and build an understanding of the international cyber policy landscape. This session establishes a baseline for many of the Policy @ DEF CON content to follow.\r\n\r\nThis is a double length session lasting 110 minutes.","updated_timestamp":{"seconds":1690984140,"nanoseconds":0},"speakers":[{"content_ids":[51500],"conference_id":96,"event_ids":[51656],"name":"Adam Dobell","affiliations":[{"organization":"Department of Home Affairs, Embassy of Australia, Washington DC","title":"First Secretary"}],"links":[],"pronouns":null,"media":[],"id":50569,"title":"First Secretary at Department of Home Affairs, Embassy of Australia, Washington DC"},{"content_ids":[51500],"conference_id":96,"event_ids":[51656],"name":"Ari Schwartz","affiliations":[{"organization":"Center for Cybersecurity Policy and Law","title":"Executive Coordinator"}],"links":[],"pronouns":null,"media":[],"id":50575,"title":"Executive Coordinator at Center for Cybersecurity Policy and Law"},{"content_ids":[51500,51504],"conference_id":96,"event_ids":[51656,51660],"name":"Bryony Crown","affiliations":[{"organization":"British Embassy, Washington D.C.","title":"First Secretary Cyber Policy"}],"links":[],"pronouns":null,"media":[],"id":50583,"title":"First Secretary Cyber Policy at British Embassy, Washington D.C."},{"content_ids":[51509,51514,51500],"conference_id":96,"event_ids":[51656,51670,51665],"name":"Peter Stephens","affiliations":[{"organization":"OECD","title":""}],"links":[],"pronouns":null,"media":[],"id":50630,"title":"OECD"},{"content_ids":[51500],"conference_id":96,"event_ids":[51656],"name":"Peter Brown","affiliations":[{"organization":"Strategy and Innovation Unit of the European Parliament","title":"Senior Policy Adviser"}],"links":[],"pronouns":null,"media":[],"id":51244,"title":"Senior Policy Adviser at Strategy and Innovation Unit of the European Parliament"}],"timeband_id":990,"end":"2023-08-11T20:50:00.000-0000","links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"id":51656,"tag_ids":[40310,45646,45743,45773,45836],"village_id":null,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50569},{"tag_id":45590,"sort_order":1,"person_id":50575},{"tag_id":45590,"sort_order":1,"person_id":50583},{"tag_id":45632,"sort_order":1,"person_id":51244},{"tag_id":45631,"sort_order":1,"person_id":50630}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 221-222 - Policy Atrium","hotel":"","short_name":"Summit - 221-222 - Policy Atrium","id":45878},"spans_timebands":"N","begin":"2023-08-11T19:00:00.000-0000","updated":"2023-08-02T13:49:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"ICS Village - TSA Keynote","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691785800,"nanoseconds":0},"updated_timestamp":{"seconds":1690422720,"nanoseconds":0},"speakers":[{"content_ids":[51477],"conference_id":96,"event_ids":[51633],"name":"Tim Weston","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50564}],"timeband_id":990,"links":[],"end":"2023-08-11T20:30:00.000-0000","id":51633,"village_id":null,"tag_ids":[40306,45645,45646,45743],"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50564}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 313-319 - ICS Village","hotel":"","short_name":"Alliance - 313-319 - ICS Village","id":45869},"begin":"2023-08-11T19:00:00.000-0000","updated":"2023-07-27T01:52:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Organizations seek rapid intelligence about critical situations that impact their teams, locations, or assets. Yet when it comes to OSINT we find organizations performing Open Source Information gathering; wasting time sifting through data to get to the actionable intelligence. In this presentation we demonstrate how to collect curated data and eliminate 99% of the time spent on reliminary data analysis. Furthermore, all of this data can be combined to perform trending and predictive analysis for natural disasters, geo-political situations, or business risk. The goal is to provide attendees with ideas for formulating new approaches for physical security OSINT.\n\n\n","title":"OSINT for Physical Security Intelligence","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"Organizations seek rapid intelligence about critical situations that impact their teams, locations, or assets. Yet when it comes to OSINT we find organizations performing Open Source Information gathering; wasting time sifting through data to get to the actionable intelligence. In this presentation we demonstrate how to collect curated data and eliminate 99% of the time spent on reliminary data analysis. Furthermore, all of this data can be combined to perform trending and predictive analysis for natural disasters, geo-political situations, or business risk. The goal is to provide attendees with ideas for formulating new approaches for physical security OSINT.","end_timestamp":{"seconds":1691783400,"nanoseconds":0},"updated_timestamp":{"seconds":1691375220,"nanoseconds":0},"speakers":[{"content_ids":[51461,51496],"conference_id":96,"event_ids":[51617,51652],"name":"Chet Hosmer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50519},{"content_ids":[51461],"conference_id":96,"event_ids":[51617],"name":"Mike Raggo","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50531}],"timeband_id":990,"links":[],"end":"2023-08-11T19:50:00.000-0000","id":51617,"village_id":null,"tag_ids":[40288,45645,45646,45743],"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50519},{"tag_id":45590,"sort_order":1,"person_id":50531}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 232-233 - Shared Stage","hotel":"","short_name":"Summit - 232-233 - Shared Stage","id":45900},"spans_timebands":"N","updated":"2023-08-07T02:27:00.000-0000","begin":"2023-08-11T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"No Starch Press - Book Signing - Joe Gray, Practical Social Engineering","type":{"conference_id":96,"conference":"DEFCON31","color":"#2ec300","updated_at":"2024-06-07T03:38+0000","name":"Vendor Event","id":45769},"android_description":"","end_timestamp":{"seconds":1691784000,"nanoseconds":0},"updated_timestamp":{"seconds":1690416180,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-11T20:00:00.000-0000","id":51604,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"village_id":null,"tag_ids":[45646,45743,45769,45770],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 305-306 - Vendors","hotel":"","short_name":"Alliance - 305-306 - Vendors","id":45866},"spans_timebands":"N","updated":"2023-07-27T00:03:00.000-0000","begin":"2023-08-11T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Lonely Hackers Club - Resume Reviews & Career Advice","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#77d8b8","name":"Misc","id":45640},"android_description":"","end_timestamp":{"seconds":1691787600,"nanoseconds":0},"updated_timestamp":{"seconds":1690163100,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-11T21:00:00.000-0000","id":51587,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"village_id":null,"tag_ids":[45640,45648,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Laughlin - Lonely Hackers Club","hotel":"","short_name":"Laughlin - Lonely Hackers Club","id":45898},"spans_timebands":"N","begin":"2023-08-11T19:00:00.000-0000","updated":"2023-07-24T01:45:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The LHC, established on Telegram years ago, serves as a warm and inclusive hub for newcomers heading to DefCon for the first time. With over 600 members worldwide, our community has expanded significantly. This year, we're thrilled to provide a space that fosters connections, sharing, and giving back to the DefCon community. Whether you need a resume review, career coaching, or want to participate in sticker & badge trading, we have you covered. And don't miss the exciting 'Name That Noob' event, where our seasoned hackers will help you craft a one-of-a-kind hacker handle. Embrace the welcoming atmosphere and join us for an unforgettable DefCon experience!\r\n\r\nResume reviews & Career Advice 12pm - 2pm \r\nBadgelife / Sticker swap 2-5pm\r\nName That Noob 5-6pm\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d1c366","updated_at":"2024-06-07T03:38+0000","name":"Meetup","id":45639},"title":"Lonely Hackers Club Meetup","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"The LHC, established on Telegram years ago, serves as a warm and inclusive hub for newcomers heading to DefCon for the first time. With over 600 members worldwide, our community has expanded significantly. This year, we're thrilled to provide a space that fosters connections, sharing, and giving back to the DefCon community. Whether you need a resume review, career coaching, or want to participate in sticker & badge trading, we have you covered. And don't miss the exciting 'Name That Noob' event, where our seasoned hackers will help you craft a one-of-a-kind hacker handle. Embrace the welcoming atmosphere and join us for an unforgettable DefCon experience!\r\n\r\nResume reviews & Career Advice 12pm - 2pm \r\nBadgelife / Sticker swap 2-5pm\r\nName That Noob 5-6pm","updated_timestamp":{"seconds":1690162920,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":51585,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"tag_ids":[45639,45648,45743],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Laughlin - Lonely Hackers Club","hotel":"","short_name":"Laughlin - Lonely Hackers Club","id":45898},"spans_timebands":"N","updated":"2023-07-24T01:42:00.000-0000","begin":"2023-08-11T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#d1c366","updated_at":"2024-06-07T03:38+0000","name":"Meetup","id":45639},"title":"SUNDAY CANCELED: HDA Community Meetups","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691955960,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":51581,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"tag_ids":[45639,45648,45743],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Studio 2-4 - HDA Community","hotel":"","short_name":"Studio 2-4 - HDA Community","id":45728},"begin":"2023-08-11T19:00:00.000-0000","updated":"2023-08-13T19:46:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Thursday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nFriday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSaturday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSunday\r\n12:00 -13:00\n\n\n","title":"Friends of Bill W","type":{"conference_id":96,"conference":"DEFCON31","color":"#d1c366","updated_at":"2024-06-07T03:38+0000","name":"Meetup","id":45639},"android_description":"Thursday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nFriday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSaturday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSunday\r\n12:00 -13:00","end_timestamp":{"seconds":1691784000,"nanoseconds":0},"updated_timestamp":{"seconds":1690131120,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-11T20:00:00.000-0000","id":51574,"village_id":null,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"tag_ids":[45639,45648,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Studio 1 - Friends of Bill W","hotel":"","short_name":"Studio 1 - Friends of Bill W","id":45707},"begin":"2023-08-11T19:00:00.000-0000","updated":"2023-07-23T16:52:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Red Alert ICS CTF is a competition for Hackers by Hackers. The event exclusively focuses on having the participants break through several layers of security in our virtual SCADA environment and eventually take over complete control of the SCADA system.\r\n \r\n The contest would house actual ICS (Industrial Control System) devices from various vendors on a testbed showcasing different sectors of critical infrastructure. The participants would be able to view and engage with the devices in real time and understand how each of them control each of the aspects of the testbed and leverage this to compromise the devices.\r\n \r\n Red Alert ICS CTF is back with a ton of fun challenges after successfully running the CTF at DEF CON 30, DEF CON 29, DEF CON 27 and DEF CON 26 (Black Badge).\r\n \r\n Highlights of the previous Red Alert ICS CTF is available at: https://www.youtube.com/watch?v=dz7hNnavHaY and https://youtu.be/AanKdrrQ0u0\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"Red Alert ICS CTF","end_timestamp":{"seconds":1691798400,"nanoseconds":0},"android_description":"Red Alert ICS CTF is a competition for Hackers by Hackers. The event exclusively focuses on having the participants break through several layers of security in our virtual SCADA environment and eventually take over complete control of the SCADA system.\r\n \r\n The contest would house actual ICS (Industrial Control System) devices from various vendors on a testbed showcasing different sectors of critical infrastructure. The participants would be able to view and engage with the devices in real time and understand how each of them control each of the aspects of the testbed and leverage this to compromise the devices.\r\n \r\n Red Alert ICS CTF is back with a ton of fun challenges after successfully running the CTF at DEF CON 30, DEF CON 29, DEF CON 27 and DEF CON 26 (Black Badge).\r\n \r\n Highlights of the previous Red Alert ICS CTF is available at: https://www.youtube.com/watch?v=dz7hNnavHaY and https://youtu.be/AanKdrrQ0u0","updated_timestamp":{"seconds":1690065600,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-12T00:00:00.000-0000","links":[{"label":"Twitter (@icsctf)","type":"link","url":"https://twitter.com/icsctf"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245372"}],"id":51505,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"village_id":null,"tag_ids":[45635,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","updated":"2023-07-22T22:40:00.000-0000","begin":"2023-08-11T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The year is 2323. You find yourself in an abandoned city in the future that is home to a variety of advanced technology and systems. You will need to use your skills to solve challenges and discover information to use to uncover your flags. Along the way, you will learn about social justice, privacy, civil rights and surveillance and how these can relate to communities and individuals as our world explores emerging technologies. This is a jeopardy style game with multiple categories in Cryptography, Steganography, Exploitation, Forensics, Reverse Engineering and more!\n\n\n","title":"Blacks in Cyber Village CTF","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"android_description":"The year is 2323. You find yourself in an abandoned city in the future that is home to a variety of advanced technology and systems. You will need to use your skills to solve challenges and discover information to use to uncover your flags. Along the way, you will learn about social justice, privacy, civil rights and surveillance and how these can relate to communities and individuals as our world explores emerging technologies. This is a jeopardy style game with multiple categories in Cryptography, Steganography, Exploitation, Forensics, Reverse Engineering and more!","end_timestamp":{"seconds":1691884800,"nanoseconds":0},"updated_timestamp":{"seconds":1690937460,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-13T00:00:00.000-0000","links":[{"label":"More Info","type":"link","url":"https://www.blacksincyberconf.com/ctf"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/244802"},{"label":"Twitter","type":"link","url":"https://twitter.com/@BlackInCyberCo1"}],"id":51434,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"village_id":40,"tag_ids":[40281,45635,45646,45766],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 301-304 - Blacks in Cyber Village","hotel":"","short_name":"Alliance - 301-304 - Blacks in Cyber Village","id":45865},"spans_timebands":"Y","begin":"2023-08-11T19:00:00.000-0000","updated":"2023-08-02T00:51:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This course is for practitioners who would like to have accurate visibility and results when mapping an organization's external attack surface. We will use the open source tool, provided by the OWASP Amass Project, to better understand how to hunt down assets exposed on the Internet. Many professionals have leveraged the basic Amass features during their red team exercises and other information security efforts, but not extended the capabilities of the engine to implement new features and data sources. We will use hands-on exercises to have you become familiar with the Amass Engine, comfortable extending it, and aware of future directions for the project. Participants are encouraged to complete the exercises by writing the extensions in the Lua programming language. All the examples will be provided for those unfamiliar with the language.\n\n\n","title":"Scripting OWASP Amass for a Customized Experience","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691787600,"nanoseconds":0},"android_description":"This course is for practitioners who would like to have accurate visibility and results when mapping an organization's external attack surface. We will use the open source tool, provided by the OWASP Amass Project, to better understand how to hunt down assets exposed on the Internet. Many professionals have leveraged the basic Amass features during their red team exercises and other information security efforts, but not extended the capabilities of the engine to implement new features and data sources. We will use hands-on exercises to have you become familiar with the Amass Engine, comfortable extending it, and aware of future directions for the project. Participants are encouraged to complete the exercises by writing the extensions in the Lua programming language. All the examples will be provided for those unfamiliar with the language.","updated_timestamp":{"seconds":1689358200,"nanoseconds":0},"speakers":[{"content_ids":[51077,51309],"conference_id":96,"event_ids":[51109,51159,51371],"name":"Jeff Foley","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jeff_foley"}],"media":[],"id":50267}],"timeband_id":990,"links":[],"end":"2023-08-11T21:00:00.000-0000","id":51109,"tag_ids":[40294,45647,45719],"village_id":60,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50267}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 6","hotel":"","short_name":"Area 6","id":45830},"updated":"2023-07-14T18:10:00.000-0000","begin":"2023-08-11T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Welcome to our Red Team workshop where we will be discussing the hottest Tactics, Techniques, and Procedures (TTPs) used by Red Teams today. As cyber threats become more sophisticated, it is essential for Red Teams to stay up-to-date with the latest TTPs to ensure their organizations are well-prepared and protected against potential attacks. In this workshop, we will explore the latest TTPs used by Red Teams, including social engineering, post-exploitation, and other malicious techniques that are currently being employed in “advanced” attacks. By the end of this workshop, you will have a better understanding of the latest TTPs, how to use them, and be better equipped to defend against them. Let's get started!\n\n\n","title":"Red Hot (Red Team TTPs)","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691784000,"nanoseconds":0},"android_description":"Welcome to our Red Team workshop where we will be discussing the hottest Tactics, Techniques, and Procedures (TTPs) used by Red Teams today. As cyber threats become more sophisticated, it is essential for Red Teams to stay up-to-date with the latest TTPs to ensure their organizations are well-prepared and protected against potential attacks. In this workshop, we will explore the latest TTPs used by Red Teams, including social engineering, post-exploitation, and other malicious techniques that are currently being employed in “advanced” attacks. By the end of this workshop, you will have a better understanding of the latest TTPs, how to use them, and be better equipped to defend against them. Let's get started!","updated_timestamp":{"seconds":1689358200,"nanoseconds":0},"speakers":[{"content_ids":[51076],"conference_id":96,"event_ids":[51108,51153,51154,51155,51156],"name":"Ralph May","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/ralphte1"}],"pronouns":null,"media":[],"id":50279},{"content_ids":[51076],"conference_id":96,"event_ids":[51108,51153,51154,51155,51156],"name":"Steve Borosh","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/424f424f"}],"media":[],"id":50284}],"timeband_id":990,"links":[],"end":"2023-08-11T20:00:00.000-0000","id":51108,"tag_ids":[40294,45647,45719],"village_id":60,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50279},{"tag_id":45633,"sort_order":1,"person_id":50284}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 1","hotel":"","short_name":"Area 1","id":45825},"spans_timebands":"N","updated":"2023-07-14T18:10:00.000-0000","begin":"2023-08-11T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Welcome to the Open Source Intelligence Skills Lab Challenge CTF! There are 3 challenge sets, each with their own challenges. As you progress through each set, the difficulty will progressively increase. Answering a \"flag\" correctly will net you points, with a maximum possible score of 560.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"OSINT Skills Lab Challenge","end_timestamp":{"seconds":1691784000,"nanoseconds":0},"android_description":"Welcome to the Open Source Intelligence Skills Lab Challenge CTF! There are 3 challenge sets, each with their own challenges. As you progress through each set, the difficulty will progressively increase. Answering a \"flag\" correctly will net you points, with a maximum possible score of 560.","updated_timestamp":{"seconds":1689358200,"nanoseconds":0},"speakers":[{"content_ids":[51075,51084],"conference_id":96,"event_ids":[51116,51145,51107,51146,51147,51148,51149],"name":"Lee McWhorter","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/tleemcjr"}],"pronouns":null,"media":[],"id":50269},{"content_ids":[51075,51084],"conference_id":96,"event_ids":[51116,51145,51107,51146,51147,51148,51149],"name":"Sandra Stibbards","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Camelotinv"}],"media":[],"id":50281}],"timeband_id":990,"links":[],"end":"2023-08-11T20:00:00.000-0000","id":51107,"village_id":60,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"tag_ids":[40294,45647,45719],"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50269},{"tag_id":45633,"sort_order":1,"person_id":50281}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 3","hotel":"","short_name":"Area 3","id":45827},"begin":"2023-08-11T19:00:00.000-0000","updated":"2023-07-14T18:10:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In order to threat hunt, in order to create threat intelligence, one must first identify the what before the where, the where, before the why, the why before the who, and then you’ll know who attacked you…maybe 🙂 In this CTF style threat hunt, you are placed in two seats. In one you are the attacker, the other, you are the defender. Somewhere in between, you have to realize that you are also the malware author, reverse engineer, network analyst, etc…however your path may be, you will need to find all of the IOCs before time runs out and the real adversary is not found.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"title":"IOCs + APTs = \"Let's play a game!\" - Hack your way through a hunt!","android_description":"In order to threat hunt, in order to create threat intelligence, one must first identify the what before the where, the where, before the why, the why before the who, and then you’ll know who attacked you…maybe 🙂 In this CTF style threat hunt, you are placed in two seats. In one you are the attacker, the other, you are the defender. Somewhere in between, you have to realize that you are also the malware author, reverse engineer, network analyst, etc…however your path may be, you will need to find all of the IOCs before time runs out and the real adversary is not found.","end_timestamp":{"seconds":1691784000,"nanoseconds":0},"updated_timestamp":{"seconds":1689358140,"nanoseconds":0},"speakers":[{"content_ids":[51073],"conference_id":96,"event_ids":[51106,51140,51141,51142],"name":"Leo Cruz","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/cruzleo/"}],"media":[],"id":50270}],"timeband_id":990,"links":[],"end":"2023-08-11T20:00:00.000-0000","id":51106,"tag_ids":[40294,45647,45719],"village_id":60,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50270}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 5","hotel":"","short_name":"Area 5","id":45829},"begin":"2023-08-11T19:00:00.000-0000","updated":"2023-07-14T18:09:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Want to learn how hackers compromise unlocked computers in seconds? Come build your own USB hacking tool in this beginner-friendly workshop, and learn to write prank payloads with your new cat-shaped hacking companion, the “USB Nugget”! You’ll learn the techniques & tools hackers use to deploy USB attacks, and compete for prizes in a mini hackathon to make the most destructive payload!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"Build Your Own Cat-Shaped USB Hacking Tool! (with the Nugget)","end_timestamp":{"seconds":1691791200,"nanoseconds":0},"android_description":"Want to learn how hackers compromise unlocked computers in seconds? Come build your own USB hacking tool in this beginner-friendly workshop, and learn to write prank payloads with your new cat-shaped hacking companion, the “USB Nugget”! You’ll learn the techniques & tools hackers use to deploy USB attacks, and compete for prizes in a mini hackathon to make the most destructive payload!","updated_timestamp":{"seconds":1689358080,"nanoseconds":0},"speakers":[{"content_ids":[51072],"conference_id":96,"event_ids":[51105,51131],"name":"Alex Lynd","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/alexlynd"}],"media":[],"id":50258}],"timeband_id":990,"links":[],"end":"2023-08-11T22:00:00.000-0000","id":51105,"village_id":60,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"tag_ids":[40294,45647,45719],"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":50258}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 2","hotel":"","short_name":"Area 2","id":45826},"updated":"2023-07-14T18:08:00.000-0000","begin":"2023-08-11T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In this workshop, you will get to learn how SAML works and how to exploit issues impacting SAML implementations. Remember this XSW attacks in Burp? What do they actually do? Let's dive in and have fun learning about SAML. Basic understanding of Proxying request/response and Burp required.\n\n\n","title":"An Introduction to SAML and its Security","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"android_description":"In this workshop, you will get to learn how SAML works and how to exploit issues impacting SAML implementations. Remember this XSW attacks in Burp? What do they actually do? Let's dive in and have fun learning about SAML. Basic understanding of Proxying request/response and Burp required.","end_timestamp":{"seconds":1691787600,"nanoseconds":0},"updated_timestamp":{"seconds":1689358080,"nanoseconds":0},"speakers":[{"content_ids":[52104,51071],"conference_id":96,"event_ids":[51104,52329],"name":"Louis Nyffenegger","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/nyffeneggerlouis/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/snyff"}],"pronouns":null,"media":[],"id":51360}],"timeband_id":990,"links":[],"end":"2023-08-11T21:00:00.000-0000","id":51104,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"tag_ids":[40294,45647,45719],"village_id":60,"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":51360}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45681,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village - Area 4","hotel":"","short_name":"Area 4","id":45828},"begin":"2023-08-11T19:00:00.000-0000","updated":"2023-07-14T18:08:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Betting on Your Digital Rights: 2nd Annual EFF Benefit Poker Tournament at DEF CON 31\r\n\r\nWhen: Friday August 11, 12:00 (11:00 for the pre-tournament poker clinic)\r\nWhere: Offsite. Horseshoe Poker Room\r\nStay tuned at https://www.eff.org/poker for more details.\r\n\r\nWe’re going all in on internet freedom. Take a break from hacking the Gibson to face off with your competition at the tables—and benefit the Electronic Frontier Foundation! Your buy-in is paired with a donation to support EFF’s mission to protect online privacy and free expression for all. Play for glory. Play for money. Play for the future of the web. Seating is limited, so reserve your spot today.\r\nhttps://www.eff.org/poker\r\n\r\nWe will offer a pre-tournament clinic to help people get a refresher on poker so they feel comfortable. This contest will be held outside the main conference area; it must be held in the Horseshoe Poker Room​ per the Nevada Gaming Commission.​\n\n\n","title":"EFF Benefit Poker Tournament at DEF CON 31 - Poker","type":{"conference_id":96,"conference":"DEFCON31","color":"#697bd0","updated_at":"2024-06-07T03:38+0000","name":"Event","id":45638},"end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"Betting on Your Digital Rights: 2nd Annual EFF Benefit Poker Tournament at DEF CON 31\r\n\r\nWhen: Friday August 11, 12:00 (11:00 for the pre-tournament poker clinic)\r\nWhere: Offsite. Horseshoe Poker Room\r\nStay tuned at https://www.eff.org/poker for more details.\r\n\r\nWe’re going all in on internet freedom. Take a break from hacking the Gibson to face off with your competition at the tables—and benefit the Electronic Frontier Foundation! Your buy-in is paired with a donation to support EFF’s mission to protect online privacy and free expression for all. Play for glory. Play for money. Play for the future of the web. Seating is limited, so reserve your spot today.\r\nhttps://www.eff.org/poker\r\n\r\nWe will offer a pre-tournament clinic to help people get a refresher on poker so they feel comfortable. This contest will be held outside the main conference area; it must be held in the Horseshoe Poker Room​ per the Nevada Gaming Commission.​","updated_timestamp":{"seconds":1689271260,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-12T01:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/244823"},{"label":"Website","type":"link","url":"https://www.eff.org/poker"}],"id":51100,"village_id":null,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"tag_ids":[45638],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Other/See Description","hotel":"","short_name":"Other/See Description","id":45750},"spans_timebands":"N","updated":"2023-07-13T18:01:00.000-0000","begin":"2023-08-11T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Shufflecake is a FOSS tool for Linux that allows creation of multiple hidden volumes on a storage device in such a way that it is very difficult, even under forensic inspection, to prove the existence of such volumes without the right password(s). You can consider Shufflecake a \"spiritual successor\" of tools such as Truecrypt and Veracrypt, but vastly improved: it works natively on Linux, it supports any filesystem of choice, and can manage multiple nested volumes per device, so to make deniability of the existence of these partitions really plausible.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#b3b0b6","name":"Demo Lab","id":45636},"title":"Shufflecake, AKA Truecrypt on Steroids for Linux","end_timestamp":{"seconds":1691787300,"nanoseconds":0},"android_description":"Shufflecake is a FOSS tool for Linux that allows creation of multiple hidden volumes on a storage device in such a way that it is very difficult, even under forensic inspection, to prove the existence of such volumes without the right password(s). You can consider Shufflecake a \"spiritual successor\" of tools such as Truecrypt and Veracrypt, but vastly improved: it works natively on Linux, it supports any filesystem of choice, and can manage multiple nested volumes per device, so to make deniability of the existence of these partitions really plausible.","updated_timestamp":{"seconds":1688877900,"nanoseconds":0},"speakers":[{"content_ids":[51018],"conference_id":96,"event_ids":[51056],"name":"Tommaso \"tomgag\" Gagliardoni","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50204},{"content_ids":[51018],"conference_id":96,"event_ids":[51056],"name":"Elia Anzuoni","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50205}],"timeband_id":990,"links":[],"end":"2023-08-11T20:55:00.000-0000","id":51056,"village_id":null,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"tag_ids":[45592,45636,45646,45743],"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50205},{"tag_id":45590,"sort_order":1,"person_id":50204}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Unity Boardroom - Demo Labs","hotel":"","short_name":"Unity Boardroom - Demo Labs","id":45706},"updated":"2023-07-09T04:45:00.000-0000","begin":"2023-08-11T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Imagine pentesting a large web application with hundreds of pages and forms, as well as user roles and tenants. You discover that your chosen username is reflected in many locations inside the application, but you don't have a detailed overview. You want to test whether the chosen username is handled properly or allows for injection attacks, such as Cross-Site Scripting or Server-Site Template Injection. Now you face the challenge of finding all locations where your payloads appear when injecting into the username. In large applications, you'll likely miss some, potentially leaving vulnerabilities undetected. This is where FlowMate comes into play, our novel tool to detect data flows in applications for enhanced vulnerability assessments. FlowMate consists of two components: A BurpSuite plugin and a data flow graph based on Neo4j. It records inputs to the application as you go through the pages exploring the application and searches for occurrences of the captured inputs in the responses. This results in a graph that can be visualized and searched for parameters of interest and where they're occurring on the site. Understanding the data flows of an application helps to significantly improve the test coverage and bring your pentesting to the next level.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#b3b0b6","updated_at":"2024-06-07T03:38+0000","name":"Demo Lab","id":45636},"title":"FlowMate","end_timestamp":{"seconds":1691787300,"nanoseconds":0},"android_description":"Imagine pentesting a large web application with hundreds of pages and forms, as well as user roles and tenants. You discover that your chosen username is reflected in many locations inside the application, but you don't have a detailed overview. You want to test whether the chosen username is handled properly or allows for injection attacks, such as Cross-Site Scripting or Server-Site Template Injection. Now you face the challenge of finding all locations where your payloads appear when injecting into the username. In large applications, you'll likely miss some, potentially leaving vulnerabilities undetected. This is where FlowMate comes into play, our novel tool to detect data flows in applications for enhanced vulnerability assessments. FlowMate consists of two components: A BurpSuite plugin and a data flow graph based on Neo4j. It records inputs to the application as you go through the pages exploring the application and searches for occurrences of the captured inputs in the responses. This results in a graph that can be visualized and searched for parameters of interest and where they're occurring on the site. Understanding the data flows of an application helps to significantly improve the test coverage and bring your pentesting to the next level.","updated_timestamp":{"seconds":1688876400,"nanoseconds":0},"speakers":[{"content_ids":[51003,52094],"conference_id":96,"event_ids":[52320,51041],"name":"Florian Haag","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50182},{"content_ids":[51003],"conference_id":96,"event_ids":[51041],"name":"Nicolas Schickert","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50183}],"timeband_id":990,"links":[],"end":"2023-08-11T20:55:00.000-0000","id":51041,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"tag_ids":[45592,45636,45646,45743],"village_id":null,"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50182},{"tag_id":45590,"sort_order":1,"person_id":50183}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Society Boardroom - Demo Labs","hotel":"","short_name":"Society Boardroom - Demo Labs","id":45700},"spans_timebands":"N","updated":"2023-07-09T04:20:00.000-0000","begin":"2023-08-11T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Ek47 is a payload encryptor that leverages user-selected environmental keys associated with a target execution context. In the absence of these environmental keys, Ek47 payloads will not decrypt and execute. This creates a strong resistance to automated/manual analysis and reverse engineering of payloads. Ek47 supports many different environmental keys such as current user, domain, computer name, installed programs, and more. Additionally, Ek47 supports packing payloads of .NET assemblies, unmanaged DLLs, and raw shellcode. Ek47 payloads are themselves .NET assemblies and can be uploaded to disk or executed reflectively via any execute-assembly method. By default, a standard AMSI/ETW bypass is executed before the main payload is executed, but Ek47 makes it easy to add custom bypasses for more advanced evasion functionality. Additional miscellaneous features are provided such as entropy management, PE header stomping, and generation of service executables.\n\n\n","title":"Ek47 – Payload Encryption with Environmental Keys","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#b3b0b6","name":"Demo Lab","id":45636},"end_timestamp":{"seconds":1691787300,"nanoseconds":0},"android_description":"Ek47 is a payload encryptor that leverages user-selected environmental keys associated with a target execution context. In the absence of these environmental keys, Ek47 payloads will not decrypt and execute. This creates a strong resistance to automated/manual analysis and reverse engineering of payloads. Ek47 supports many different environmental keys such as current user, domain, computer name, installed programs, and more. Additionally, Ek47 supports packing payloads of .NET assemblies, unmanaged DLLs, and raw shellcode. Ek47 payloads are themselves .NET assemblies and can be uploaded to disk or executed reflectively via any execute-assembly method. By default, a standard AMSI/ETW bypass is executed before the main payload is executed, but Ek47 makes it easy to add custom bypasses for more advanced evasion functionality. Additional miscellaneous features are provided such as entropy management, PE header stomping, and generation of service executables.","updated_timestamp":{"seconds":1688876220,"nanoseconds":0},"speakers":[{"content_ids":[50629,51001],"conference_id":96,"event_ids":[50737,51039],"name":"Kevin “Kent” Clark","affiliations":[{"organization":"TrustedSec","title":"Security Consultant"},{"organization":"BC Security","title":"Red Team Instructor"}],"pronouns":null,"links":[{"description":"","title":"Blog","sort_order":0,"url":"https://henpeebin.com/kevin/blog"}],"media":[],"id":49886,"title":"Red Team Instructor at BC Security"},{"content_ids":[51001],"conference_id":96,"event_ids":[51039],"name":"Skyler Knecht","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50180}],"timeband_id":990,"links":[],"end":"2023-08-11T20:55:00.000-0000","id":51039,"village_id":null,"tag_ids":[45592,45636,45646,45743],"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49886},{"tag_id":45590,"sort_order":1,"person_id":50180}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Committee Boardroom - Demo Labs","hotel":"","short_name":"Committee Boardroom - Demo Labs","id":45698},"spans_timebands":"N","begin":"2023-08-11T19:00:00.000-0000","updated":"2023-07-09T04:17:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Dracon is an open-source Application and Cloud security automation framework that helps organizations create security workflows and improve their security posture. Dracon can run a wide range of security tools against any target, and it can deduplicate and enrich the results of those tools with contextual or regulatory information. Dracon can then send the enriched results to any visualization or data processing tool. Here are some of its key features: Automated security workflows: Dracon can automate the execution of security tools and the aggregation of results, which saves both time and effort. Scalable and flexible: Dracon is both scalable and flexible with a wide array of existing integrations and more on the way, Dracon integrates seamlessly with any exisitng toolset. Open source: Dracon is open-source platform, which means that it is free to use and modify.\n\n\n","title":"Dracon","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#b3b0b6","name":"Demo Lab","id":45636},"android_description":"Dracon is an open-source Application and Cloud security automation framework that helps organizations create security workflows and improve their security posture. Dracon can run a wide range of security tools against any target, and it can deduplicate and enrich the results of those tools with contextual or regulatory information. Dracon can then send the enriched results to any visualization or data processing tool. Here are some of its key features: Automated security workflows: Dracon can automate the execution of security tools and the aggregation of results, which saves both time and effort. Scalable and flexible: Dracon is both scalable and flexible with a wide array of existing integrations and more on the way, Dracon integrates seamlessly with any exisitng toolset. Open source: Dracon is open-source platform, which means that it is free to use and modify.","end_timestamp":{"seconds":1691787300,"nanoseconds":0},"updated_timestamp":{"seconds":1688876100,"nanoseconds":0},"speakers":[{"content_ids":[52099,51000],"conference_id":96,"event_ids":[52706,51038,52304,52373],"name":"Spyros Gasteratos","affiliations":[],"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/spyr/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/0xfde"}],"pronouns":null,"media":[],"id":51376}],"timeband_id":990,"links":[],"end":"2023-08-11T20:55:00.000-0000","id":51038,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"tag_ids":[45592,45636,45646,45743],"village_id":null,"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":51376}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Accord Boardroom - Demo Labs","hotel":"","short_name":"Accord Boardroom - Demo Labs","id":45695},"begin":"2023-08-11T19:00:00.000-0000","updated":"2023-07-09T04:15:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"CNAPPGoat is a multi-cloud vulnerable-by-design environment deployment tool – it deploys vulnerable environments to various cloud service providers, so that offensive professionals and pentesters can practice exploiting them and defenders can practice detection and prevention. CNAPPGoat is an extensible modular tool that deploys environments with more complex scenarios - vulnerable VMs, multi-stage lateral movement attacks, IaC misconfigurations, and vulnerable IAM misconfigurations.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#b3b0b6","updated_at":"2024-06-07T03:38+0000","name":"Demo Lab","id":45636},"title":"CNAPPGoat","android_description":"CNAPPGoat is a multi-cloud vulnerable-by-design environment deployment tool – it deploys vulnerable environments to various cloud service providers, so that offensive professionals and pentesters can practice exploiting them and defenders can practice detection and prevention. CNAPPGoat is an extensible modular tool that deploys environments with more complex scenarios - vulnerable VMs, multi-stage lateral movement attacks, IaC misconfigurations, and vulnerable IAM misconfigurations.","end_timestamp":{"seconds":1691787300,"nanoseconds":0},"updated_timestamp":{"seconds":1688876040,"nanoseconds":0},"speakers":[{"content_ids":[50999,51995],"conference_id":96,"event_ids":[51037,52189],"name":"Noam Dahan","affiliations":[{"organization":"Ermetic","title":"Senior Security Researcher"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/NoamDahan"}],"media":[],"id":50176,"title":"Senior Security Researcher at Ermetic"},{"content_ids":[50999,51995],"conference_id":96,"event_ids":[51037,52189],"name":"Igal Gofman","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/IgalGofman"}],"media":[],"id":50177}],"timeband_id":990,"links":[],"end":"2023-08-11T20:55:00.000-0000","id":51037,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"tag_ids":[45592,45636,45646,45743],"village_id":null,"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50177},{"tag_id":45590,"sort_order":1,"person_id":50176}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Accord Boardroom - Demo Labs","hotel":"","short_name":"Accord Boardroom - Demo Labs","id":45695},"updated":"2023-07-09T04:14:00.000-0000","begin":"2023-08-11T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In the ever evolving landscape of software development, maintaining the integrity and security of your build, test and deployment pipelines is paramount. Build Inspector is an always-watching guard dog, looking for information about the dependencies being consumed and produced, while also calling out instances of risky practices or potential signs of compromise during pipeline runs. Watch as the inspector turns piles of plaintext logs into structured data, perfect for automated analysis, correlation and alerting. With simple containerized deployment and self-documenting REST API, it has never been easier to ensure your build logs are always being watched.\n\n\n","title":"Build Inspector - A modern Javert on the trail of CI/CD Anomalies and Intruders","type":{"conference_id":96,"conference":"DEFCON31","color":"#b3b0b6","updated_at":"2024-06-07T03:38+0000","name":"Demo Lab","id":45636},"end_timestamp":{"seconds":1691787300,"nanoseconds":0},"android_description":"In the ever evolving landscape of software development, maintaining the integrity and security of your build, test and deployment pipelines is paramount. Build Inspector is an always-watching guard dog, looking for information about the dependencies being consumed and produced, while also calling out instances of risky practices or potential signs of compromise during pipeline runs. Watch as the inspector turns piles of plaintext logs into structured data, perfect for automated analysis, correlation and alerting. With simple containerized deployment and self-documenting REST API, it has never been easier to ensure your build logs are always being watched.","updated_timestamp":{"seconds":1688875980,"nanoseconds":0},"speakers":[{"content_ids":[50998,51976],"conference_id":96,"event_ids":[51036,52170],"name":"Jeremy Banker","affiliations":[],"links":[{"description":"","title":"Github","sort_order":0,"url":"https://github.com/loredous"}],"pronouns":null,"media":[],"id":50175}],"timeband_id":990,"links":[],"end":"2023-08-11T20:55:00.000-0000","id":51036,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"tag_ids":[45592,45636,45646,45743],"village_id":null,"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50175}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Caucus Boardroom - Demo Labs","hotel":"","short_name":"Caucus Boardroom - Demo Labs","id":45696},"updated":"2023-07-09T04:13:00.000-0000","begin":"2023-08-11T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"One common thread runs through a recent wave of (initially, successful) targeted malware attacks I've investigated: The attackers communicated with their targets, personally, using social engineering in real-time, in order to lay the groundwork for the rest of the attack to succeed. Throughout the course of several post-breach investigations, it became apparent that -- for a certain kind of target and a particular class of attacker -- engaging the victim in direct conversation was far more effective at assuring the target infected their computer than crafting a believable-looking \"malspam\" email that would \"fool\" the target into clicking a link or opening a file.\r\n \r\nThe attackers did not need to be charismatic for the technique to succeed. In fact, so long as the attacker \"got into character\" and treated the interaction as a normal, everyday event (from their perspective), the targets went along for the ride, and in many cases, self-infected with malware that was capable of snooping through their most sensitive files. In this session, we'll discuss both the social engineering and technical aspects of the attacks, and why this combination of tactics is particularly dangerous and hard to defend against. \r\n\r\nREFERENCES:\r\nBrandt, Andrew. “Tax Firms Targeted by Precision Malware Attacks.” Sophos X-Ops Blog, Sophos News, 13 Apr. 2023, news.sophos.com/en-us/2023/04/13/tax-firms-targeted-by-precision-malware-attacks/\r\n@x86matthew. “EmbedExeLnk - Embedding an EXE inside a LNK with Automatic Execution.” www.x86matthew.com, 22 Apr. 2022, www.x86matthew.com/view_post?id=embed_exe_lnk\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#47c64e","updated_at":"2024-06-07T03:38+0000","name":"DEF CON War Story","id":45844},"title":"You're Not George Clooney, and This Isn't Ocean's Eleven","end_timestamp":{"seconds":1691783100,"nanoseconds":0},"android_description":"One common thread runs through a recent wave of (initially, successful) targeted malware attacks I've investigated: The attackers communicated with their targets, personally, using social engineering in real-time, in order to lay the groundwork for the rest of the attack to succeed. Throughout the course of several post-breach investigations, it became apparent that -- for a certain kind of target and a particular class of attacker -- engaging the victim in direct conversation was far more effective at assuring the target infected their computer than crafting a believable-looking \"malspam\" email that would \"fool\" the target into clicking a link or opening a file.\r\n \r\nThe attackers did not need to be charismatic for the technique to succeed. In fact, so long as the attacker \"got into character\" and treated the interaction as a normal, everyday event (from their perspective), the targets went along for the ride, and in many cases, self-infected with malware that was capable of snooping through their most sensitive files. In this session, we'll discuss both the social engineering and technical aspects of the attacks, and why this combination of tactics is particularly dangerous and hard to defend against. \r\n\r\nREFERENCES:\r\nBrandt, Andrew. “Tax Firms Targeted by Precision Malware Attacks.” Sophos X-Ops Blog, Sophos News, 13 Apr. 2023, news.sophos.com/en-us/2023/04/13/tax-firms-targeted-by-precision-malware-attacks/\r\n@x86matthew. “EmbedExeLnk - Embedding an EXE inside a LNK with Automatic Execution.” www.x86matthew.com, 22 Apr. 2022, www.x86matthew.com/view_post?id=embed_exe_lnk","updated_timestamp":{"seconds":1687138980,"nanoseconds":0},"speakers":[{"content_ids":[50588],"conference_id":96,"event_ids":[50855],"name":"Andrew \"Spike\" Brandt","affiliations":[{"organization":"Sophos X-Ops","title":"Principal Researcher"}],"pronouns":"he/him","links":[{"description":"","title":"Mastodon (@threatresearch@infosec.exchange)","sort_order":0,"url":"https://infosec.exchange/@threatresearch"},{"description":"","title":"Research Blog","sort_order":0,"url":"https://news.sophos.com/en-us/author/andrew-brandt"}],"media":[],"id":49820,"title":"Principal Researcher at Sophos X-Ops"}],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245759"}],"end":"2023-08-11T19:45:00.000-0000","id":50855,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"tag_ids":[45592,45648,45844],"village_id":null,"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49820}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45666,"name":"Harrah's - Nevada Ballroom - Lake Tahoe & Reno - War Stories - On the Record","hotel":"","short_name":"War Stories - On the Record","id":45801},"begin":"2023-08-11T19:00:00.000-0000","updated":"2023-06-19T01:43:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In this talk, we will present a 0-day vulnerability found in the Google Cloud Platform (GCP) affecting all Google users, which allowed a malicious app to become invisible and unremovable, effectively leaving a Google user’s account infected with a backdoor app forever.\r\n \r\nThe talk will start by reviewing the world of 3rd-party apps in Cloud platforms: the OAuth 2.0 standard, consent, scoped authorization, the types of tokens, and how data is accessed.\r\n \r\nShifting the focus on Google, as one of the biggest cloud service providers supporting OAuth 2.0, we will show how 3rd-party apps are created, developed, and managed in Google (you will even get to manage yours in real time). We will discuss how Google relatively recently moved from the standard registration model, to forcibly linking the creation apps to Google Cloud Platform (GCP), hoping to push developers into using one of the GCP services for app development.\r\n \r\nWe will then give a complete technical overview of a 0-day vulnerability found in GCP, dubbed 'GhostToken': The research of the aforementioned connection between apps in Google and GCP, which culminated in finding the ability to force an app to go into a limbo-like, “pending deletion” state, during which the app’s tokens are mishandled. We will show an exploitation of the vulnerability which enables an attacker to hide their authorized app from the user’s management page, causing it to become invisible and unremovable, while still having access to the user’s data.\r\n \r\nFinally, we will share how Google Workspace’s administrators could detect apps that potentially exploited the GhostToken vulnerability, as well as actions organization implementing 3rd-party access to their users' data can take to avoid making such mistakes, The talk will close with a discussion about the common abuse of and deviation from the OAuth standard by large providers, and propose a possible solution for supporting and implementing apps for large cloud providers.\r\n \r\nFamiliarity with GCP and different OAuth 2.0 flows will help understand the concepts, but it is not required as the talk is self-contained.\r\n\r\nREFERENCES:\r\n\r\n* The OAuth 2.0 Authorization Framework: https://datatracker.ietf.org/doc/html/rfc6749\r\n* Using OAuth 2.0 to Access Google APIs: https://developers.google.com/identity/protocols/oauth2\r\n* Manage third-party apps & services with access to your (Google) account: https://support.google.com/accounts/answer/3466521#remove-access\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"title":"GhostToken: Exploiting Google Cloud Platform App Infrastructure to Create Unremovable Trojan Apps","android_description":"In this talk, we will present a 0-day vulnerability found in the Google Cloud Platform (GCP) affecting all Google users, which allowed a malicious app to become invisible and unremovable, effectively leaving a Google user’s account infected with a backdoor app forever.\r\n \r\nThe talk will start by reviewing the world of 3rd-party apps in Cloud platforms: the OAuth 2.0 standard, consent, scoped authorization, the types of tokens, and how data is accessed.\r\n \r\nShifting the focus on Google, as one of the biggest cloud service providers supporting OAuth 2.0, we will show how 3rd-party apps are created, developed, and managed in Google (you will even get to manage yours in real time). We will discuss how Google relatively recently moved from the standard registration model, to forcibly linking the creation apps to Google Cloud Platform (GCP), hoping to push developers into using one of the GCP services for app development.\r\n \r\nWe will then give a complete technical overview of a 0-day vulnerability found in GCP, dubbed 'GhostToken': The research of the aforementioned connection between apps in Google and GCP, which culminated in finding the ability to force an app to go into a limbo-like, “pending deletion” state, during which the app’s tokens are mishandled. We will show an exploitation of the vulnerability which enables an attacker to hide their authorized app from the user’s management page, causing it to become invisible and unremovable, while still having access to the user’s data.\r\n \r\nFinally, we will share how Google Workspace’s administrators could detect apps that potentially exploited the GhostToken vulnerability, as well as actions organization implementing 3rd-party access to their users' data can take to avoid making such mistakes, The talk will close with a discussion about the common abuse of and deviation from the OAuth standard by large providers, and propose a possible solution for supporting and implementing apps for large cloud providers.\r\n \r\nFamiliarity with GCP and different OAuth 2.0 flows will help understand the concepts, but it is not required as the talk is self-contained.\r\n\r\nREFERENCES:\r\n\r\n* The OAuth 2.0 Authorization Framework: https://datatracker.ietf.org/doc/html/rfc6749\r\n* Using OAuth 2.0 to Access Google APIs: https://developers.google.com/identity/protocols/oauth2\r\n* Manage third-party apps & services with access to your (Google) account: https://support.google.com/accounts/answer/3466521#remove-access","end_timestamp":{"seconds":1691781600,"nanoseconds":0},"updated_timestamp":{"seconds":1687135440,"nanoseconds":0},"speakers":[{"content_ids":[50538],"conference_id":96,"event_ids":[50803],"name":"Tal Skverer","affiliations":[{"organization":"Astrix Security","title":"Security Research Team Lead"}],"pronouns":"he/him","links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/reverser/"}],"media":[],"id":49745,"title":"Security Research Team Lead at Astrix Security"}],"timeband_id":990,"end":"2023-08-11T19:20:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245707"}],"id":50803,"village_id":null,"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"tag_ids":[45589,45592,45629,45646,45766],"includes":"Demo 💻, Exploit 🪲","people":[{"tag_id":45590,"sort_order":1,"person_id":49745}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 130-134 - Track 3","hotel":"","short_name":"Forum - 130-134 - Track 3","id":45798},"spans_timebands":"N","updated":"2023-06-19T00:44:00.000-0000","begin":"2023-08-11T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Prepaid Android smartphones present an attractive option since they can be used and discarded at will without significant financial cost. The reasons for their use are manifold, although some people may use them to dissemble their true identity. Prepaid smartphones offer value, but there may be an additional \"cost\" for their cheap price. We present an examination of the local attack surface of 21 prepaid Android smartphones sold by American carriers (and 11 unlocked smartphones). While examining these devices, we discovered instances of arbitrary command execution in the context of a \"system\" user app, arbitrary AT command execution, arbitrary file write in the context of the Android System (i.e., \"system_server\"), arbitrary file read/write in the context of a \"system\" user app, programmatic factory reset, leakage of GPS coordinates to a loopback port, numerous exposures of non-resettable device identifiers to system properties, and more.\r\n\r\nThe only user interaction that our threat model assumes is that the user installs and runs a third-party app that has no permissions or only a single \"normal\" level permission that is automatically granted to the third-party app upon installation. The installed third-party app can leverage flaws in pre-loaded software to escalate privileges to indirectly perform actions or obtain data while lacking the necessary privileges to do so directly. Due to a wide range of local interfaces with missing access control checks and inadequate input validation, a third-party app’s behavior is not truly circumscribed by the permissions that it requests. Due to the common inclusion of pre-loaded software from Android vendors, chipset manufacturers, carriers, and vendor partners, exploit code can have significant breadth. The inter-app communication used to exploit these vulnerabilities may be difficult to classify as inherently malicious in general since it uses the standard communication channels employed by non-malicious apps.\r\n\r\nWe pick up again where we left off from our DEF CON 26 talk … raiding the prepaid Android smartphone aisles at Walmart. We provide another snapshot on the state of security for Android carrier devices. In this talk, we examine 21 different prepaid Android smartphones being sold by the major American carriers, and we also cover 11 unlocked Android devices, which are primarily ZTE smartphones. We identified vulnerabilities in multiple layers of the Android software stack. For each discovered vulnerability, we step through the attack requirements, access vector, and attack workflow in order to help developers and bug hunters identify common software flaws going forward.\r\n\r\nREFERENCES:\r\n\r\nhttps://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664\r\nhttps://www.bleepingcomputer.com/news/security/oneplus-phones-come-preinstalled-with-a-factory-app-that-can-root-devices/\r\nhttps://source.android.com/docs/security/features/selinux#background\r\nhttps://en.wikipedia.org/wiki/Confused_deputy_problem\r\nhttps://github.com/thanuj10/Nokia-Debloater\r\nhttps://developer.android.com/training/articles/user-data-ids#best-practices-android-identifiers\r\nhttps://android.googlesource.com/platform/hardware/ril/+/master/include/telephony/ril.h\r\nhttps://github.com/lbule/android_hardware_mediatek\r\nhttps://security.tecno.com/SRC/blogdetail/99?lang=en_US\r\nhttps://extensionpublications.unl.edu/assets/pdf/ec157.pdf\r\nhttps://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/service/persistentdata/PersistentDataBlockManager.java#143\r\nhttps://github.com/ptoomey3/evilarc/blob/master/evilarc.py\r\nhttps://android.googlesource.com/platform/frameworks/base/+/master/packages/SystemUI/\r\nhttps://android.googlesource.com/platform/packages/apps/Settings/+/refs/heads/master\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"title":"Still Vulnerable Out of the Box: Revisiting the Security of Prepaid Android Carrier Devices","end_timestamp":{"seconds":1691783100,"nanoseconds":0},"android_description":"Prepaid Android smartphones present an attractive option since they can be used and discarded at will without significant financial cost. The reasons for their use are manifold, although some people may use them to dissemble their true identity. Prepaid smartphones offer value, but there may be an additional \"cost\" for their cheap price. We present an examination of the local attack surface of 21 prepaid Android smartphones sold by American carriers (and 11 unlocked smartphones). While examining these devices, we discovered instances of arbitrary command execution in the context of a \"system\" user app, arbitrary AT command execution, arbitrary file write in the context of the Android System (i.e., \"system_server\"), arbitrary file read/write in the context of a \"system\" user app, programmatic factory reset, leakage of GPS coordinates to a loopback port, numerous exposures of non-resettable device identifiers to system properties, and more.\r\n\r\nThe only user interaction that our threat model assumes is that the user installs and runs a third-party app that has no permissions or only a single \"normal\" level permission that is automatically granted to the third-party app upon installation. The installed third-party app can leverage flaws in pre-loaded software to escalate privileges to indirectly perform actions or obtain data while lacking the necessary privileges to do so directly. Due to a wide range of local interfaces with missing access control checks and inadequate input validation, a third-party app’s behavior is not truly circumscribed by the permissions that it requests. Due to the common inclusion of pre-loaded software from Android vendors, chipset manufacturers, carriers, and vendor partners, exploit code can have significant breadth. The inter-app communication used to exploit these vulnerabilities may be difficult to classify as inherently malicious in general since it uses the standard communication channels employed by non-malicious apps.\r\n\r\nWe pick up again where we left off from our DEF CON 26 talk … raiding the prepaid Android smartphone aisles at Walmart. We provide another snapshot on the state of security for Android carrier devices. In this talk, we examine 21 different prepaid Android smartphones being sold by the major American carriers, and we also cover 11 unlocked Android devices, which are primarily ZTE smartphones. We identified vulnerabilities in multiple layers of the Android software stack. For each discovered vulnerability, we step through the attack requirements, access vector, and attack workflow in order to help developers and bug hunters identify common software flaws going forward.\r\n\r\nREFERENCES:\r\n\r\nhttps://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1030664\r\nhttps://www.bleepingcomputer.com/news/security/oneplus-phones-come-preinstalled-with-a-factory-app-that-can-root-devices/\r\nhttps://source.android.com/docs/security/features/selinux#background\r\nhttps://en.wikipedia.org/wiki/Confused_deputy_problem\r\nhttps://github.com/thanuj10/Nokia-Debloater\r\nhttps://developer.android.com/training/articles/user-data-ids#best-practices-android-identifiers\r\nhttps://android.googlesource.com/platform/hardware/ril/+/master/include/telephony/ril.h\r\nhttps://github.com/lbule/android_hardware_mediatek\r\nhttps://security.tecno.com/SRC/blogdetail/99?lang=en_US\r\nhttps://extensionpublications.unl.edu/assets/pdf/ec157.pdf\r\nhttps://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/service/persistentdata/PersistentDataBlockManager.java#143\r\nhttps://github.com/ptoomey3/evilarc/blob/master/evilarc.py\r\nhttps://android.googlesource.com/platform/frameworks/base/+/master/packages/SystemUI/\r\nhttps://android.googlesource.com/platform/packages/apps/Settings/+/refs/heads/master","updated_timestamp":{"seconds":1688182980,"nanoseconds":0},"speakers":[{"content_ids":[50668],"conference_id":96,"event_ids":[50797],"name":"Ryan Johnson","affiliations":[{"organization":"Quokka","title":"Senior Director, R&D"}],"links":[],"pronouns":"he/him","media":[],"id":49964,"title":"Senior Director, R&D at Quokka"},{"content_ids":[50668],"conference_id":96,"event_ids":[50797],"name":"Angelos Stavrou","affiliations":[{"organization":"Quokka","title":"Founder and Chief Scientist"}],"links":[],"pronouns":"he/him","media":[],"id":49965,"title":"Founder and Chief Scientist at Quokka"},{"content_ids":[50668],"conference_id":96,"event_ids":[50797],"name":"Mohamed Elsabagh","affiliations":[{"organization":"Quokka","title":"Senior Director, R&D"}],"links":[],"pronouns":"he/him","media":[],"id":49966,"title":"Senior Director, R&D at Quokka"}],"timeband_id":990,"end":"2023-08-11T19:45:00.000-0000","links":[{"label":"Quokka","type":"link","url":"https://www.quokka.io"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246121"}],"id":50797,"tag_ids":[45589,45592,45629,45646,45766],"begin_timestamp":{"seconds":1691780400,"nanoseconds":0},"village_id":null,"includes":"Demo 💻, Exploit 🪲","people":[{"tag_id":45590,"sort_order":1,"person_id":49965},{"tag_id":45590,"sort_order":1,"person_id":49966},{"tag_id":45590,"sort_order":1,"person_id":49964}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"updated":"2023-07-01T03:43:00.000-0000","begin":"2023-08-11T19:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Harri Hursti will be doing an unboxing of sometthing very high profile.\n\n\n","title":"Surprise Unboxing","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"android_description":"Harri Hursti will be doing an unboxing of sometthing very high profile.","end_timestamp":{"seconds":1691781600,"nanoseconds":0},"updated_timestamp":{"seconds":1691435460,"nanoseconds":0},"speakers":[{"content_ids":[52313,52327,52337,52331],"conference_id":96,"event_ids":[52597,52611,52615,52621,52622],"name":"Harri Hursti","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/hhursti"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/harrihursti"},{"description":"","title":"Village Website","sort_order":0,"url":"https://votingvillage.org"}],"media":[],"id":51542}],"timeband_id":990,"links":[],"end":"2023-08-11T19:20:00.000-0000","id":52611,"begin_timestamp":{"seconds":1691779500,"nanoseconds":0},"tag_ids":[40298,45646,45743,45775],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51542}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"spans_timebands":"N","updated":"2023-08-07T19:11:00.000-0000","begin":"2023-08-11T18:45:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Exposed secrets like API keys and other credentials continue to be a persistent vulnerability. This presentation sheds light on the methods used to discover and exploit such secrets in various environments, including public and private git repositories, containers, and compiled mobile applications. This presentation combines various different research projects that illustrates the different methods attackers use to find and exploit secrets to gain initial access, elevate privileges and created persisted access. \r\nIt covers research into exploiting secrets in git repositories, private and public, exploiting secrets in compiled mobile applications and exploiting secrets in packages and containers. \r\n\r\nThis presentation offers valuable insights and information on how to identify and address exposed secrets, one of the most persistent vulnerabilities in application security.\n\n\n","title":"The attackers guide to exploiting secrets in the universe","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691782200,"nanoseconds":0},"android_description":"Exposed secrets like API keys and other credentials continue to be a persistent vulnerability. This presentation sheds light on the methods used to discover and exploit such secrets in various environments, including public and private git repositories, containers, and compiled mobile applications. This presentation combines various different research projects that illustrates the different methods attackers use to find and exploit secrets to gain initial access, elevate privileges and created persisted access. \r\nIt covers research into exploiting secrets in git repositories, private and public, exploiting secrets in compiled mobile applications and exploiting secrets in packages and containers. \r\n\r\nThis presentation offers valuable insights and information on how to identify and address exposed secrets, one of the most persistent vulnerabilities in application security.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52089],"conference_id":96,"event_ids":[52315],"name":"Mackenzie Jackson","affiliations":[],"pronouns":null,"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://linkedin.com/in/advocatemack"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/advocatemack"}],"media":[],"id":51361}],"timeband_id":990,"links":[],"end":"2023-08-11T19:30:00.000-0000","id":52315,"village_id":null,"tag_ids":[40297,45645,45647,45743],"begin_timestamp":{"seconds":1691779500,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51361}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Main Stage","hotel":"","short_name":"AppSec Village - Main Stage","id":45960},"begin":"2023-08-11T18:45:00.000-0000","updated":"2023-08-03T15:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Oh The Places You'll Guo: Using Media Variants to Trace the Organization and Behavior of an Coordinated Inauthentic Influence Operation","android_description":"","end_timestamp":{"seconds":1691781000,"nanoseconds":0},"updated_timestamp":{"seconds":1689552840,"nanoseconds":0},"speakers":[{"content_ids":[51296],"conference_id":96,"event_ids":[51358],"name":"Patrick Warren","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@plwarre"}],"pronouns":null,"media":[],"id":50465}],"timeband_id":990,"links":[],"end":"2023-08-11T19:10:00.000-0000","id":51358,"tag_ids":[40293,45645,45649,45743],"begin_timestamp":{"seconds":1691778900,"nanoseconds":0},"village_id":59,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50465}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social B and C - Recon Village","hotel":"","short_name":"Social B and C - Recon Village","id":45737},"begin":"2023-08-11T18:35:00.000-0000","updated":"2023-07-17T00:14:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Join the CEO of VOTEC Corporation, our special guest John Medcalf, for a first of its kind presentation where an actual technology systems provider is exposing their technology to public scrutiny at the Voting Village. This is happening for the first time ever at the Voting Village and will be an enriching experince for attendees. Mr. Medcalf will make himself available after the presentation for any questions and inquiries from the audience. We are so excited to have him and cannot wait to examine the systems he is bringing to DEF CON. Please join us for this exciting event.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"VOTEC Corporation","android_description":"Join the CEO of VOTEC Corporation, our special guest John Medcalf, for a first of its kind presentation where an actual technology systems provider is exposing their technology to public scrutiny at the Voting Village. This is happening for the first time ever at the Voting Village and will be an enriching experince for attendees. Mr. Medcalf will make himself available after the presentation for any questions and inquiries from the audience. We are so excited to have him and cannot wait to examine the systems he is bringing to DEF CON. Please join us for this exciting event.","end_timestamp":{"seconds":1691780400,"nanoseconds":0},"updated_timestamp":{"seconds":1691435340,"nanoseconds":0},"speakers":[{"content_ids":[52317,52324],"conference_id":96,"event_ids":[52601,52608],"name":"John Medcalf","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Website","sort_order":0,"url":"https://www.votec.net/index.html"}],"media":[],"id":51545}],"timeband_id":990,"links":[],"end":"2023-08-11T19:00:00.000-0000","id":52608,"village_id":null,"tag_ids":[40298,45645,45646,45743],"begin_timestamp":{"seconds":1691778600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51545}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"spans_timebands":"N","begin":"2023-08-11T18:30:00.000-0000","updated":"2023-08-07T19:09:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This paper is written to give a very brief overview of several potential security issues that could exist in an election environment. It is a subjective list and should be read as such. Also, it lays out brief descriptions of potential vectors of attack, particularly vectors that could be used for simple disruption or to create opportunities for direct access to voter data and election management systems through privilege escalation. It also speaks to physical security. The term “hack” is to be interpreted broadly, sometimes referring to specific techniques (such as LDAP injection), broader hack categories (such as Man in the Middle) and other times referring to broad strategic approaches that facilitate specific hacks (such as social engineering). The paper is designed to paint a picture of the threat landscape, rather than serve as a technical guide. The paper is written at a basic technical level to keep it as accessible as possible to non-technical readers, as many of those participating in Voting Village are uniquely non-techie within the DEF CON setting. It starts early from a more technical perspective before becoming more accessible and eventually policy-focused. The objective is to promote best security practices and provide organizational administrators (as opposed to technical administrators) context for the types of challenges that exist. As such, it attempts to walk a tricky line to be accessible to as many as possible. It is presented in a casual “top ten” format and touches on a broad range of hacks are discussed very briefly. The paper should not be considered a tool for security professionals to gain a comprehensive understanding of each hack on the list. Its purpose is to educate generally, help point security admins in the right direction, and encourage them to dig deeper than the ankle-deep information provided. All the topics presented demand more thorough discussion and examination than the snapshots this paper provides.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Top 10 Hacks To Watch Out For From An Election Official","android_description":"This paper is written to give a very brief overview of several potential security issues that could exist in an election environment. It is a subjective list and should be read as such. Also, it lays out brief descriptions of potential vectors of attack, particularly vectors that could be used for simple disruption or to create opportunities for direct access to voter data and election management systems through privilege escalation. It also speaks to physical security. The term “hack” is to be interpreted broadly, sometimes referring to specific techniques (such as LDAP injection), broader hack categories (such as Man in the Middle) and other times referring to broad strategic approaches that facilitate specific hacks (such as social engineering). The paper is designed to paint a picture of the threat landscape, rather than serve as a technical guide. The paper is written at a basic technical level to keep it as accessible as possible to non-technical readers, as many of those participating in Voting Village are uniquely non-techie within the DEF CON setting. It starts early from a more technical perspective before becoming more accessible and eventually policy-focused. The objective is to promote best security practices and provide organizational administrators (as opposed to technical administrators) context for the types of challenges that exist. As such, it attempts to walk a tricky line to be accessible to as many as possible. It is presented in a casual “top ten” format and touches on a broad range of hacks are discussed very briefly. The paper should not be considered a tool for security professionals to gain a comprehensive understanding of each hack on the list. Its purpose is to educate generally, help point security admins in the right direction, and encourage them to dig deeper than the ankle-deep information provided. All the topics presented demand more thorough discussion and examination than the snapshots this paper provides.","end_timestamp":{"seconds":1691781600,"nanoseconds":0},"updated_timestamp":{"seconds":1691435340,"nanoseconds":0},"speakers":[{"content_ids":[52323,52333],"conference_id":96,"event_ids":[52607,52617],"name":"John Odum","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/john-odum-0b665a3"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/jodum"}],"media":[],"id":51546}],"timeband_id":990,"links":[],"end":"2023-08-11T19:20:00.000-0000","id":52607,"village_id":null,"begin_timestamp":{"seconds":1691778600,"nanoseconds":0},"tag_ids":[40298,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51546}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"updated":"2023-08-07T19:09:00.000-0000","begin":"2023-08-11T18:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Russia has always had a well-structured social media communication policy. With the help of media outlets such as RT or Sputnik among many others, they acted as (dis)information proxies for years. At the same time, many social media influencers helped to viralize their content by sharing and disseminating it.\r\n\r\nHowever, with the start of the war in Ukraine in February 2022, all that changed. From the European Union and other countries, a cancellation of media was launched, as well as a targeting of those profiles that in a very visible way support Russian narratives. This has not stopped their action during this year and a half, but it has caused a change in the communication vectors they use and how they are using them.\r\n\r\nIn this workshop we will take the opportunity to analyze how communication strategies have evolved in social networks to disseminate and viralize disinformative narratives from official profiles of some state institutions such as embassies. To do this, we will make a comparison that will allow us to see the activity of this type of profiles in Europe and Latin America, as well as compare it with the activity of embassies in these countries by other countries such as the United States. \r\n\r\nBased on this research, we will develop practical exercises that focus on analyzing the content of the messages, the interest in some topics over others and the use of different communication channels beyond social networks, as well as specific entities and actors to position the content to the audience. With this, we will work on the TTPs implemented as an incident creator, and the strategies that can be developed from a Blue Team perspective.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"If it looks like a duck... Russia's new MDM communication strategies on Social Media after the War in Ukraine","end_timestamp":{"seconds":1691782200,"nanoseconds":0},"android_description":"Russia has always had a well-structured social media communication policy. With the help of media outlets such as RT or Sputnik among many others, they acted as (dis)information proxies for years. At the same time, many social media influencers helped to viralize their content by sharing and disseminating it.\r\n\r\nHowever, with the start of the war in Ukraine in February 2022, all that changed. From the European Union and other countries, a cancellation of media was launched, as well as a targeting of those profiles that in a very visible way support Russian narratives. This has not stopped their action during this year and a half, but it has caused a change in the communication vectors they use and how they are using them.\r\n\r\nIn this workshop we will take the opportunity to analyze how communication strategies have evolved in social networks to disseminate and viralize disinformative narratives from official profiles of some state institutions such as embassies. To do this, we will make a comparison that will allow us to see the activity of this type of profiles in Europe and Latin America, as well as compare it with the activity of embassies in these countries by other countries such as the United States. \r\n\r\nBased on this research, we will develop practical exercises that focus on analyzing the content of the messages, the interest in some topics over others and the use of different communication channels beyond social networks, as well as specific entities and actors to position the content to the audience. With this, we will work on the TTPs implemented as an incident creator, and the strategies that can be developed from a Blue Team perspective.","updated_timestamp":{"seconds":1691284620,"nanoseconds":0},"speakers":[{"content_ids":[52276],"conference_id":96,"event_ids":[52540],"name":"Paula González Nagore","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51510}],"timeband_id":990,"links":[],"end":"2023-08-11T19:30:00.000-0000","id":52540,"tag_ids":[40305,45646,45719,45743],"begin_timestamp":{"seconds":1691778600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51510}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 224 - Misinfo Village","hotel":"","short_name":"Summit - 224 - Misinfo Village","id":45856},"updated":"2023-08-06T01:17:00.000-0000","begin":"2023-08-11T18:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Securing Engineering is a core element of security. In this session, you will hear how the Obsidian Engineers collaborated with the Red Team to architect and build this year's Obsidian adversary simulation environment. PS: You will be able to make your own too!\n\n\nSecuring Engineering is a core element of security. In this session, you will hear how the Obsidian Engineers collaborated with the Red Team to architect and build this year's Obsidian adversary simulation environment. PS: You will be able to make your own too!","title":"Security Engineering for Adversarial Emulation and Red Teaming","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691782200,"nanoseconds":0},"android_description":"Securing Engineering is a core element of security. In this session, you will hear how the Obsidian Engineers collaborated with the Red Team to architect and build this year's Obsidian adversary simulation environment. PS: You will be able to make your own too!\n\n\nSecuring Engineering is a core element of security. In this session, you will hear how the Obsidian Engineers collaborated with the Red Team to architect and build this year's Obsidian adversary simulation environment. PS: You will be able to make your own too!","updated_timestamp":{"seconds":1691245140,"nanoseconds":0},"speakers":[{"content_ids":[52209,52210,52222],"conference_id":96,"event_ids":[52460,52463,52474],"name":"plug","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51473},{"content_ids":[52222],"conference_id":96,"event_ids":[52474],"name":"sandw1ch","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51480}],"timeband_id":990,"links":[],"end":"2023-08-11T19:30:00.000-0000","id":52474,"tag_ids":[40282,45647,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691778600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51473},{"tag_id":45590,"sort_order":1,"person_id":51480}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45645,"name":"Flamingo - Sunset - Scenic - Blue Team Village - Main Stage","hotel":"","short_name":"BTV Main Stage","id":45969},"updated":"2023-08-05T14:19:00.000-0000","begin":"2023-08-11T18:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Can we find activity within the corporate network that might be suspicious?\n\n\nCan we find activity within the corporate network that might be suspicious?","title":"CTH: (n)Map Exploration: A Great Time in Remote Destinations","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"android_description":"Can we find activity within the corporate network that might be suspicious?\n\n\nCan we find activity within the corporate network that might be suspicious?","end_timestamp":{"seconds":1691782200,"nanoseconds":0},"updated_timestamp":{"seconds":1691245140,"nanoseconds":0},"speakers":[{"content_ids":[52206,52225],"conference_id":96,"event_ids":[52457,52461],"name":"SamunoskeX","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51478}],"timeband_id":990,"links":[],"end":"2023-08-11T19:30:00.000-0000","id":52457,"tag_ids":[40282,45647,45743,45775],"begin_timestamp":{"seconds":1691778600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51478}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45645,"name":"Flamingo - Sunset - Scenic - Blue Team Village - Project Obsidian: Kill Chain Track (0x42)","hotel":"","short_name":"BTV Project Obsidian: Kill Chain Track (0x42)","id":45968},"updated":"2023-08-05T14:19:00.000-0000","begin":"2023-08-11T18:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This IR 101 session include two modules.\r\n\r\nPart I: What is IR\r\nPart II: IR Lifecycle and Frameworks\r\nPart III: IR Plans and Playbooks\n\n\nIR Foundations & Analyst Mindset and Quality Assurance","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"IR 101: Part I, II, III","end_timestamp":{"seconds":1691782200,"nanoseconds":0},"android_description":"This IR 101 session include two modules.\r\n\r\nPart I: What is IR\r\nPart II: IR Lifecycle and Frameworks\r\nPart III: IR Plans and Playbooks\n\n\nIR Foundations & Analyst Mindset and Quality Assurance","updated_timestamp":{"seconds":1691245140,"nanoseconds":0},"speakers":[{"content_ids":[52212],"conference_id":96,"event_ids":[52456],"name":"CountZ3r0","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51447},{"content_ids":[52212,52215,52226],"conference_id":96,"event_ids":[52456,52467,52477],"name":"Cyb3rhawk","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51460},{"content_ids":[52212],"conference_id":96,"event_ids":[52456],"name":"ChocolateCoat","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51483}],"timeband_id":990,"links":[],"end":"2023-08-11T19:30:00.000-0000","id":52456,"village_id":null,"tag_ids":[40282,45647,45743,45775],"begin_timestamp":{"seconds":1691778600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51483},{"tag_id":45590,"sort_order":1,"person_id":51447},{"tag_id":45590,"sort_order":1,"person_id":51460}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45645,"name":"Flamingo - Sunset - Scenic - Blue Team Village - Project Obsidian: 101 Track (0x41)","hotel":"","short_name":"BTV Project Obsidian: 101 Track (0x41)","id":45967},"spans_timebands":"N","updated":"2023-08-05T14:19:00.000-0000","begin":"2023-08-11T18:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In this talk, we explore the potential risk posed by usage of Large Language Models (LLMs) in a business environment, asking the question: Are LLMs \"Loose Lips Multipliers?\" Using the hypothetical case of Purple Aerospace Manufacturing Corporation, we investigate whether an LLM fine-tuned on user interactions can infer sensitive business strategies. After creating a synthetic dataset emulating corporate documents, we put our model to the test, exploring different information extraction techniques and discussing the implications of our findings. We propose future work and invite dialogue on mitigations and the best practices for using LLMs in business contexts.\n\n\n","title":"LLMs: Loose Lips Multipliers","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691780100,"nanoseconds":0},"android_description":"In this talk, we explore the potential risk posed by usage of Large Language Models (LLMs) in a business environment, asking the question: Are LLMs \"Loose Lips Multipliers?\" Using the hypothetical case of Purple Aerospace Manufacturing Corporation, we investigate whether an LLM fine-tuned on user interactions can infer sensitive business strategies. After creating a synthetic dataset emulating corporate documents, we put our model to the test, exploring different information extraction techniques and discussing the implications of our findings. We propose future work and invite dialogue on mitigations and the best practices for using LLMs in business contexts.","updated_timestamp":{"seconds":1691031240,"nanoseconds":0},"speakers":[{"content_ids":[52047],"conference_id":96,"event_ids":[52266],"name":"Kyle Easterly","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51286},{"content_ids":[52047],"conference_id":96,"event_ids":[52266],"name":"Mitch Kitter","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51289}],"timeband_id":990,"links":[],"end":"2023-08-11T18:55:00.000-0000","id":52266,"begin_timestamp":{"seconds":1691778600,"nanoseconds":0},"tag_ids":[40299,45645,45646,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51286},{"tag_id":45590,"sort_order":1,"person_id":51289}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 401-406 - AI Village","hotel":"","short_name":"Academy - 401-406 - AI Village","id":45870},"begin":"2023-08-11T18:30:00.000-0000","updated":"2023-08-03T02:54:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"GitHub, a software development platform, has become popular in recent years and as of March 2023 and according to GitHub, Inc., is being used by 100 million users worldwide. As the service used by developers around the world, security related to the service becomes a global research topic.\r\nMost of the security topic for GitHub are about information leakage such as source code and APIKEY, which is related to the main function of GitHub service. On the other hand, we focused on the potential for attacks using GitHub Actions, a CICD feature provided by GitHub.\r\n\r\nOur research includes both known attack techniques already used by attackers and unknown attacks not yet observed in the wild. The following is a description of the five attacks introduced in this presentation.\r\n\r\n - Malicious Custom Action - Two attack techniques are going to be introduced in this section: Malicious JScript Composite Action and Malicious JavaScript Custom Action. Malicious JScript Composite Action is a developed custom action that performs an attack using JScript, after replacing the script engine from node.exe to wscript.exe through Binary Hijacking and Masquerading. Malicious JavaScript Custom Action performs the attack from Nodejs implemented using its C++ addons.\r\n - GitHub Actions C2 - We will demonstrate a new C2 framework using self-hosted runner in GitHub Actions. This C2 has been developed using Runner Application, a GitHub Action's agent, to execute commands and download/upload files via GitHub Actions. The C2 achieves stealthiness by utilizing official binaries provided by GitHub and communicating only with GitHub owned domains and IPs.\r\n - Free Jacking - We will introduce the results of my investigation into attacks using free cloud resources, known as \"Free Jacking,\" including the attack actually used by attackers and its changes according to GitHub's countermeasures.\r\n - Public Malicious Fork and PR - We will briefly discuss an Initial Foothold being established through repository configuration or developer operation errors when using self-hosted runners.\r\n - Theft of Secret - We will also provide an overview of the threat of theft of secrets, where encrypted environment variables used within GitHub are stolen from GitHub Actions, based on discussions among researchers.\r\n\r\nFinally, we have systematized the above five attacks based on two perspectives: - GitHub Actions features, such as repository ownership and runner types. - Threat level, including severity and probability. Each attack is shown with its use cases, as well as the potential damages that could occur if it were executed.\r\n\r\nThe attack we demonstrate in this presentation could potentially be widely used in other CI/CD services. By discovering threats in CI/CD, we hope to enhance the overall security of these services.\n\n\n","title":"The Dark Playground of CI/CD: Attack Delivery by GitHub Actions","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691781000,"nanoseconds":0},"android_description":"GitHub, a software development platform, has become popular in recent years and as of March 2023 and according to GitHub, Inc., is being used by 100 million users worldwide. As the service used by developers around the world, security related to the service becomes a global research topic.\r\nMost of the security topic for GitHub are about information leakage such as source code and APIKEY, which is related to the main function of GitHub service. On the other hand, we focused on the potential for attacks using GitHub Actions, a CICD feature provided by GitHub.\r\n\r\nOur research includes both known attack techniques already used by attackers and unknown attacks not yet observed in the wild. The following is a description of the five attacks introduced in this presentation.\r\n\r\n - Malicious Custom Action - Two attack techniques are going to be introduced in this section: Malicious JScript Composite Action and Malicious JavaScript Custom Action. Malicious JScript Composite Action is a developed custom action that performs an attack using JScript, after replacing the script engine from node.exe to wscript.exe through Binary Hijacking and Masquerading. Malicious JavaScript Custom Action performs the attack from Nodejs implemented using its C++ addons.\r\n - GitHub Actions C2 - We will demonstrate a new C2 framework using self-hosted runner in GitHub Actions. This C2 has been developed using Runner Application, a GitHub Action's agent, to execute commands and download/upload files via GitHub Actions. The C2 achieves stealthiness by utilizing official binaries provided by GitHub and communicating only with GitHub owned domains and IPs.\r\n - Free Jacking - We will introduce the results of my investigation into attacks using free cloud resources, known as \"Free Jacking,\" including the attack actually used by attackers and its changes according to GitHub's countermeasures.\r\n - Public Malicious Fork and PR - We will briefly discuss an Initial Foothold being established through repository configuration or developer operation errors when using self-hosted runners.\r\n - Theft of Secret - We will also provide an overview of the threat of theft of secrets, where encrypted environment variables used within GitHub are stolen from GitHub Actions, based on discussions among researchers.\r\n\r\nFinally, we have systematized the above five attacks based on two perspectives: - GitHub Actions features, such as repository ownership and runner types. - Threat level, including severity and probability. Each attack is shown with its use cases, as well as the potential damages that could occur if it were executed.\r\n\r\nThe attack we demonstrate in this presentation could potentially be widely used in other CI/CD services. By discovering threats in CI/CD, we hope to enhance the overall security of these services.","updated_timestamp":{"seconds":1690920780,"nanoseconds":0},"speakers":[{"content_ids":[51978,52096],"conference_id":96,"event_ids":[52172,52322],"name":"Yusuke Kubo","affiliations":[{"organization":"NTT Communications","title":"Offensive Security Researcher"}],"links":[],"pronouns":null,"media":[],"id":51182,"title":"Offensive Security Researcher at NTT Communications"},{"content_ids":[51978,52096],"conference_id":96,"event_ids":[52172,52322],"name":"Kiyohito Yamamoto","affiliations":[{"organization":"NTT Communications","title":"Security Engineer"}],"links":[],"pronouns":null,"media":[],"id":51183,"title":"Security Engineer at NTT Communications"}],"timeband_id":990,"links":[],"end":"2023-08-11T19:10:00.000-0000","id":52172,"village_id":null,"begin_timestamp":{"seconds":1691778600,"nanoseconds":0},"tag_ids":[40284,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51183},{"tag_id":45590,"sort_order":1,"person_id":51182}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Mesquite - Cloud Village","hotel":"","short_name":"Mesquite - Cloud Village","id":45653},"updated":"2023-08-01T20:13:00.000-0000","begin":"2023-08-11T18:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In this competition (#SECVC), teams go toe to toe by placing live vishing (voice phishing) phone calls in front of the Social Engineering Community audience at DEF CON. These calls showcase the duality of ease and complexity of the craft against the various levels of preparedness and defenses by actual companies. Teams can consist of 1-3 individuals, which we hope allows for teams to utilize novel techniques to implement different Social Engineering tactics. Each team has limited time to place as many calls as possible from a soundproof booth. During that time, their goal is to elicit from the receiver as many objectives as possible. Whether you’re an attacker, defender, business executive, or brand new to this community, you can learn by witnessing firsthand how easy it is for some competitors to schmooze their way to their goals and how well prepared some companies are to shut down those competitors! \r\n\r\n2023 judges: Corgi, FC aka freakyclown, and Snow\r\n2023 coaches: Ibetika, JC, C_3PJoe, and Split Beans (last year's SECVC winners: Jenn, Matt, and Sean)\r\n\r\nThis competition takes place on Friday in the Social Engineering Community village, be sure to get there early to get a seat; they fill up fast! Additionally, at the end of Friday, join Snow as she covers the behind the scenes of creating the SECVC, this year's lessons learned, team highlights, and tips for future competitors!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"Social Engineering Community (SEC) Vishing Competition","android_description":"In this competition (#SECVC), teams go toe to toe by placing live vishing (voice phishing) phone calls in front of the Social Engineering Community audience at DEF CON. These calls showcase the duality of ease and complexity of the craft against the various levels of preparedness and defenses by actual companies. Teams can consist of 1-3 individuals, which we hope allows for teams to utilize novel techniques to implement different Social Engineering tactics. Each team has limited time to place as many calls as possible from a soundproof booth. During that time, their goal is to elicit from the receiver as many objectives as possible. Whether you’re an attacker, defender, business executive, or brand new to this community, you can learn by witnessing firsthand how easy it is for some competitors to schmooze their way to their goals and how well prepared some companies are to shut down those competitors! \r\n\r\n2023 judges: Corgi, FC aka freakyclown, and Snow\r\n2023 coaches: Ibetika, JC, C_3PJoe, and Split Beans (last year's SECVC winners: Jenn, Matt, and Sean)\r\n\r\nThis competition takes place on Friday in the Social Engineering Community village, be sure to get there early to get a seat; they fill up fast! Additionally, at the end of Friday, join Snow as she covers the behind the scenes of creating the SECVC, this year's lessons learned, team highlights, and tips for future competitors!","end_timestamp":{"seconds":1691785800,"nanoseconds":0},"updated_timestamp":{"seconds":1690066080,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-11T20:30:00.000-0000","links":[{"label":"More Information","type":"link","url":"https://www.se.community/vishing-competition/"},{"label":"Website","type":"link","url":"https://www.se.community/events/vishing-competition/"},{"label":"Twitter (@sec_defcon)","type":"link","url":"https://twitter.com/sec_defcon"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245383"}],"id":51709,"tag_ids":[40302,45635,45649,45743],"village_id":64,"begin_timestamp":{"seconds":1691778600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social A - Social Engineering Community","hotel":"","short_name":"Social A - Social Engineering Community","id":45736},"updated":"2023-07-22T22:48:00.000-0000","begin":"2023-08-11T18:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Five (or More) Maritime Cybersecurity Challenges","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691780400,"nanoseconds":0},"updated_timestamp":{"seconds":1690422660,"nanoseconds":0},"speakers":[{"content_ids":[51476,51478],"conference_id":96,"event_ids":[51632,51634],"name":"Gary C. Kessler","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50550}],"timeband_id":990,"links":[],"end":"2023-08-11T19:00:00.000-0000","id":51632,"village_id":null,"begin_timestamp":{"seconds":1691778600,"nanoseconds":0},"tag_ids":[40306,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50550}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 313-319 - ICS Village","hotel":"","short_name":"Alliance - 313-319 - ICS Village","id":45869},"updated":"2023-07-27T01:51:00.000-0000","begin":"2023-08-11T18:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Civil Cyber Defense volunteers and students challenge high-risk adversaries and threats such as human traffickers, authoritarian regimes, and surveillance being conducted on journalists. By utilizing academic resources, OSINT skills, and free/open-source tools, civil cyber defenders are supporting vulnerable non-profits, protecting volunteers, journalists, and activists while defending human rights. There is a need in the cybersecurity industry for more civil cyber defenders. Recommendations will be made as to how your organization can support and/or volunteer your time and tools to provide protection to vulnerable organizations who have high risks, face advanced and persistent adversaries, but have modest resources.\r\n\r\nREFERENCES:\r\nThe content we will present was generated by the speakers. Tiffany will present anonymized case studies from the “Citizen Clinic” at UC Berkeley and Austin will share case studies his organization has generated regarding human trafficking. Our only bibliographic reference at this moment is a reference to open source/free software tools we use at UC Berkeley. We will also reference a tool to make VPNs safer created by Berkeley’s students called “Ghost Prtcl.”\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"title":"Civil Cyber Defense: Use Your Resources to Defend Non-Profits as they Combat Human Trafficking and Subvert Authoritarian Regimes","end_timestamp":{"seconds":1691781300,"nanoseconds":0},"android_description":"Civil Cyber Defense volunteers and students challenge high-risk adversaries and threats such as human traffickers, authoritarian regimes, and surveillance being conducted on journalists. By utilizing academic resources, OSINT skills, and free/open-source tools, civil cyber defenders are supporting vulnerable non-profits, protecting volunteers, journalists, and activists while defending human rights. There is a need in the cybersecurity industry for more civil cyber defenders. Recommendations will be made as to how your organization can support and/or volunteer your time and tools to provide protection to vulnerable organizations who have high risks, face advanced and persistent adversaries, but have modest resources.\r\n\r\nREFERENCES:\r\nThe content we will present was generated by the speakers. Tiffany will present anonymized case studies from the “Citizen Clinic” at UC Berkeley and Austin will share case studies his organization has generated regarding human trafficking. Our only bibliographic reference at this moment is a reference to open source/free software tools we use at UC Berkeley. We will also reference a tool to make VPNs safer created by Berkeley’s students called “Ghost Prtcl.”","updated_timestamp":{"seconds":1687139280,"nanoseconds":0},"speakers":[{"content_ids":[50591],"conference_id":96,"event_ids":[50838],"name":"Tiffany Rad","affiliations":[{"organization":"U.C. Berkeley","title":"Instructor"}],"pronouns":"she/her","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/tiffanyrad"}],"media":[],"id":49823,"title":"Instructor at U.C. Berkeley"},{"content_ids":[50591],"conference_id":96,"event_ids":[50838],"name":"Austin Shamlin","affiliations":[{"organization":"Traverse Project","title":"Co-Founder"}],"links":[],"pronouns":"she/her","media":[],"id":49824,"title":"Co-Founder at Traverse Project"}],"timeband_id":990,"end":"2023-08-11T19:15:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245762"}],"id":50838,"begin_timestamp":{"seconds":1691778600,"nanoseconds":0},"tag_ids":[45589,45646,45766],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49824},{"tag_id":45590,"sort_order":1,"person_id":49823}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 407-410 - Track 4","hotel":"","short_name":"Academy - 407-410 - Track 4","id":45799},"spans_timebands":"N","updated":"2023-06-19T01:48:00.000-0000","begin":"2023-08-11T18:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Remote Desktop Protocol (RDP) is a critical attack vector used by evil threat actors including in ransomware outbreaks. To study RDP attacks, we created PyRDP, an open-source RDP interception tool with unmatched capabilities which helped us collect more than 100 hours of video footage of attackers in action.\r\n\r\nTo describe attackers’ behaviors, we characterized the various archetypes of threat actors in groups based on their traits through a Dungeon & Dragons analogy: 1) the Bards making obtuse search or watch unholy videos; 2) the Rangers stealthily explore computers and perform reconnaissance; 3) the Thieves try to monetize the RDP access; 4)the Barbarians use a large array of tools to brute-force their way into more computers; and 5) the Wizardsuse their RDP access as a magic portal to cloak their origins. Throughout, we will reveal the attackers’ weaponry and show video recordings of interesting characters in action.\r\n\r\nThis presentation demonstrates the tremendous capability in RDP interception for research benefitsand blue teams: extensive documentation of opportunistic attackers’ tradecraft. An engineer and a crime data scientist partner to deliver an epic story that includes luring, understanding and characterizing attackers which allows to collectively focus our attention on the more sophisticated threats. \r\n\r\nREFERENCES:\r\n\r\nThe tool:\r\nhttps://github.com/GoSecure/pyrdp/ an extensive rewrite of Citronneur’s RDPy\r\n\r\nBuilding on our own work:\r\nRDP Man-in-the-Middle - Smile! You're on Camera - GoSecure\r\nhttps://www.youtube.com/watch?v=eB7RC9FmL6Q\r\n\r\nSlides - Google Slides\r\nPyRDP Demo with Session Takeover - YouTube\r\nPyRDP Demo with a Payload on Connection - YouTube\r\nhttps://docs.google.com/presentation/d/1UAiN2EZwDcmBjLe_t5HXB0LzbNclU3nnigC-XM4neIU/edit?usp=sharing\r\nhttps://docs.google.com/presentation/d/1UAiN2EZwDcmBjLe_t5HXB0LzbNclU3nnigC-XM4neIU/edit?usp=sharing\r\nPyRDP on Autopilot - Unattended Credential Harvesting and Client-Side File Stealing - GoSecure\r\nAnnouncing PyRDP 1.0 - GoSecure\r\nDEF CON Safe Mode Demo Labs - Olivier Bilodeau - PyRDP - YouTube\r\nCapturing RDP NetNTLMv2 Hashes: Attack details and a Technical How-To Guide - GoSecure\r\nCracking 2.3M Attackers-Supplied Credentials: What Can We Learn from RDP Attacks - GoSecure\r\nA New PyRDP Release: The Rudolph Desktop Protocol! - GoSecure\r\nThe Level of Human Engagement Behind Automated Attacks - GoSecure\r\nNever Connect to RDP Servers Over Untrusted Networks - GoSecure\r\n\r\nBuilding on scientific articles:\r\n\r\n[1] Cybersecurity & Infrastructure Security Agency (2020). Alert (AA20-099A). Retrieved from. https://www.cisa.gov/uscert/ncas/alerts/aa20-099a\r\n[2] Cox, O. (2021). Remote Desktop Protocol (RDP) attack analysis. Darktrace. Retrieved from: https://darktrace.com/blog/remote-desktop-protocol-rdp-attack-analysis#:~:text=Remote%20Desktop%20Protocol%20(RDP)%20is,have%20been%20around%20for%20years.\r\n[3] UK’s National Cyber Security Centre (2021). Alert: Further ransomware attacks on the UK education sector by cyber criminals. Retrieved from : https://www.ncsc.gov.uk/news/alert-targeted-ransomware-attacks-on-uk-education-sector\r\n[4] Tian, Z. et al. (2018). A Real-Time Correlation of Host-Level Events in Cyber Range Service for Smart Campus. IEEE Access, 6, pp. 35355-35364. DOI: 10.1109/ACCESS.2018.2846590.\r\n[5] Sinitsyn, F. (2017). Kaspersky Security Bulletin: STORY OF THE YEAR 2017. Retrieved from: https://securelist.com/ksb-story-of-the-year-2017/83290/\r\n[6] Drašar, M., Jirsík, T., & Vizváry, M. (2014). Enhancing Network Intrusion Detection by Correlation of Modularly Hashed Sketches. 8th IFIP International Conference on Autonomous Infrastructure, Management and Security (AIMS). Proceedings 8 (pp. 160-172). Springer Berlin Heidelberg.\r\n[7] Alata, E., Nicomette, V., Kaaniche, M., Dacier, M., & Herrb, M. (2006). Lessons learned from the deployment of a high-interaction honeypot. Sixth European Dependable Computing Conference, Coimbra, Portugal, pp. 39-46, DOI: 10.1109/EDCC.2006.17.\r\n[8] Udhani, S., Withers, A., & Bashir, M. (2019). Human vs bots: Detecting human attacks in a honeypot environment. 7th International Symposium on Digital Forensics and Security (ISDFS) (pp. 1-6). IEEE.\r\n[9] Bilodeau, O. (2022). PyRDP: Python Remote Desktop Protocol (RDP) Monster-in-the-Middle (MITM) tool and library. Tool Access from: https://github.com/GoSecure/pyrdp\r\n[10] Gatlan, S. (2022). Windows 11 now blocks RDP brute-force attacks by default. Bleeping Computer, https://www.bleepingcomputer.com/news/microsoft/windows-11-now-blocks-rdp-brute-force-attacks-by-default/\r\n[11] Seifert, C. (2006). Analyzing Malicious SSH Login Attempts. Symantec Connect Community. Retrieve from: https://www.symantec.com/connect/articles/analyzing-malicious-sshlogin-attempts\n\n\n","title":"I Watched You Roll the Die: Unparalleled RDP Monitoring Reveal Attackers Tradecraft","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691781300,"nanoseconds":0},"android_description":"The Remote Desktop Protocol (RDP) is a critical attack vector used by evil threat actors including in ransomware outbreaks. To study RDP attacks, we created PyRDP, an open-source RDP interception tool with unmatched capabilities which helped us collect more than 100 hours of video footage of attackers in action.\r\n\r\nTo describe attackers’ behaviors, we characterized the various archetypes of threat actors in groups based on their traits through a Dungeon & Dragons analogy: 1) the Bards making obtuse search or watch unholy videos; 2) the Rangers stealthily explore computers and perform reconnaissance; 3) the Thieves try to monetize the RDP access; 4)the Barbarians use a large array of tools to brute-force their way into more computers; and 5) the Wizardsuse their RDP access as a magic portal to cloak their origins. Throughout, we will reveal the attackers’ weaponry and show video recordings of interesting characters in action.\r\n\r\nThis presentation demonstrates the tremendous capability in RDP interception for research benefitsand blue teams: extensive documentation of opportunistic attackers’ tradecraft. An engineer and a crime data scientist partner to deliver an epic story that includes luring, understanding and characterizing attackers which allows to collectively focus our attention on the more sophisticated threats. \r\n\r\nREFERENCES:\r\n\r\nThe tool:\r\nhttps://github.com/GoSecure/pyrdp/ an extensive rewrite of Citronneur’s RDPy\r\n\r\nBuilding on our own work:\r\nRDP Man-in-the-Middle - Smile! You're on Camera - GoSecure\r\nhttps://www.youtube.com/watch?v=eB7RC9FmL6Q\r\n\r\nSlides - Google Slides\r\nPyRDP Demo with Session Takeover - YouTube\r\nPyRDP Demo with a Payload on Connection - YouTube\r\nhttps://docs.google.com/presentation/d/1UAiN2EZwDcmBjLe_t5HXB0LzbNclU3nnigC-XM4neIU/edit?usp=sharing\r\nhttps://docs.google.com/presentation/d/1UAiN2EZwDcmBjLe_t5HXB0LzbNclU3nnigC-XM4neIU/edit?usp=sharing\r\nPyRDP on Autopilot - Unattended Credential Harvesting and Client-Side File Stealing - GoSecure\r\nAnnouncing PyRDP 1.0 - GoSecure\r\nDEF CON Safe Mode Demo Labs - Olivier Bilodeau - PyRDP - YouTube\r\nCapturing RDP NetNTLMv2 Hashes: Attack details and a Technical How-To Guide - GoSecure\r\nCracking 2.3M Attackers-Supplied Credentials: What Can We Learn from RDP Attacks - GoSecure\r\nA New PyRDP Release: The Rudolph Desktop Protocol! - GoSecure\r\nThe Level of Human Engagement Behind Automated Attacks - GoSecure\r\nNever Connect to RDP Servers Over Untrusted Networks - GoSecure\r\n\r\nBuilding on scientific articles:\r\n\r\n[1] Cybersecurity & Infrastructure Security Agency (2020). Alert (AA20-099A). Retrieved from. https://www.cisa.gov/uscert/ncas/alerts/aa20-099a\r\n[2] Cox, O. (2021). Remote Desktop Protocol (RDP) attack analysis. Darktrace. Retrieved from: https://darktrace.com/blog/remote-desktop-protocol-rdp-attack-analysis#:~:text=Remote%20Desktop%20Protocol%20(RDP)%20is,have%20been%20around%20for%20years.\r\n[3] UK’s National Cyber Security Centre (2021). Alert: Further ransomware attacks on the UK education sector by cyber criminals. Retrieved from : https://www.ncsc.gov.uk/news/alert-targeted-ransomware-attacks-on-uk-education-sector\r\n[4] Tian, Z. et al. (2018). A Real-Time Correlation of Host-Level Events in Cyber Range Service for Smart Campus. IEEE Access, 6, pp. 35355-35364. DOI: 10.1109/ACCESS.2018.2846590.\r\n[5] Sinitsyn, F. (2017). Kaspersky Security Bulletin: STORY OF THE YEAR 2017. Retrieved from: https://securelist.com/ksb-story-of-the-year-2017/83290/\r\n[6] Drašar, M., Jirsík, T., & Vizváry, M. (2014). Enhancing Network Intrusion Detection by Correlation of Modularly Hashed Sketches. 8th IFIP International Conference on Autonomous Infrastructure, Management and Security (AIMS). Proceedings 8 (pp. 160-172). Springer Berlin Heidelberg.\r\n[7] Alata, E., Nicomette, V., Kaaniche, M., Dacier, M., & Herrb, M. (2006). Lessons learned from the deployment of a high-interaction honeypot. Sixth European Dependable Computing Conference, Coimbra, Portugal, pp. 39-46, DOI: 10.1109/EDCC.2006.17.\r\n[8] Udhani, S., Withers, A., & Bashir, M. (2019). Human vs bots: Detecting human attacks in a honeypot environment. 7th International Symposium on Digital Forensics and Security (ISDFS) (pp. 1-6). IEEE.\r\n[9] Bilodeau, O. (2022). PyRDP: Python Remote Desktop Protocol (RDP) Monster-in-the-Middle (MITM) tool and library. Tool Access from: https://github.com/GoSecure/pyrdp\r\n[10] Gatlan, S. (2022). Windows 11 now blocks RDP brute-force attacks by default. Bleeping Computer, https://www.bleepingcomputer.com/news/microsoft/windows-11-now-blocks-rdp-brute-force-attacks-by-default/\r\n[11] Seifert, C. (2006). Analyzing Malicious SSH Login Attempts. Symantec Connect Community. Retrieve from: https://www.symantec.com/connect/articles/analyzing-malicious-sshlogin-attempts","updated_timestamp":{"seconds":1687138500,"nanoseconds":0},"speakers":[{"content_ids":[50580],"conference_id":96,"event_ids":[50769],"name":"Andréanne Bergeron","affiliations":[{"organization":"GoSecure","title":"Cybersecurity Researcher"}],"pronouns":"she/her","links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/andreanne-bergeron-phd/ "},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/AndreanBergeron"}],"media":[],"id":49804,"title":"Cybersecurity Researcher at GoSecure"},{"content_ids":[50580],"conference_id":96,"event_ids":[50769],"name":"Olivier Bilodeau","affiliations":[{"organization":"GoSecure","title":"Cybersecurity Research Director"}],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/olivierbilodeau/"},{"description":"","title":"Mastodon (@obilodeau@infosec.exchange)","sort_order":0,"url":"https://infosec.exchange/@obilodeau"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/obilodeau"},{"description":"","title":"Website","sort_order":0,"url":"https://www.gosecure.net/blog"}],"pronouns":"he/him","media":[],"id":49805,"title":"Cybersecurity Research Director at GoSecure"}],"timeband_id":990,"end":"2023-08-11T19:15:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245751"}],"id":50769,"village_id":null,"begin_timestamp":{"seconds":1691778600,"nanoseconds":0},"tag_ids":[45589,45592,45630,45646,45766],"includes":"Demo 💻, Tool 🛠","people":[{"tag_id":45590,"sort_order":1,"person_id":49804},{"tag_id":45590,"sort_order":1,"person_id":49805}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 105,135,136 - Track 1","hotel":"","short_name":"Forum - 105,135,136 - Track 1","id":45796},"begin":"2023-08-11T18:30:00.000-0000","updated":"2023-06-19T01:35:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The allure of quantum computing has long been clouded by overstated claims of quantum advantage, many of which are quickly debunked. As we navigate the noisy intermediate-scale quantum (NISQ) era, the cruciality of error correction and fault tolerance becomes undeniable. Without these, the quantum promise remains elusive. Amidst the NISQy noise, it's high time we prioritize genuine progress and deep work over fleeting attention. Join us in championing a clear-eyed approach to the quantum future.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"No time for NISQy Business","android_description":"The allure of quantum computing has long been clouded by overstated claims of quantum advantage, many of which are quickly debunked. As we navigate the noisy intermediate-scale quantum (NISQ) era, the cruciality of error correction and fault tolerance becomes undeniable. Without these, the quantum promise remains elusive. Amidst the NISQy noise, it's high time we prioritize genuine progress and deep work over fleeting attention. Join us in championing a clear-eyed approach to the quantum future.","end_timestamp":{"seconds":1691780400,"nanoseconds":0},"updated_timestamp":{"seconds":1691728500,"nanoseconds":0},"speakers":[{"content_ids":[52404,52412],"conference_id":96,"event_ids":[52708,52699],"name":"Rafal Janik","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51623}],"timeband_id":990,"links":[],"end":"2023-08-11T19:00:00.000-0000","id":52699,"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"village_id":null,"tag_ids":[40291,45645,45649,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51623}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Quantum Village","hotel":"","short_name":"Quantum Village","id":45741},"updated":"2023-08-11T04:35:00.000-0000","begin":"2023-08-11T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Do you have a design you would like to have Threat Modeled? Would you like to present it to DCNTTM organizers and DEF CON attendees for review? Come by our booth on Friday to register for a slot during our Saturday 2-hour event. We will provide you with a whiteboard and markers, present your design and we'll give you feedback.\n\n\n","title":"DC’s Next Top Threat Model (DCNTTM) - BYODesign Registration","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#697bd0","name":"Event","id":45638},"android_description":"Do you have a design you would like to have Threat Modeled? Would you like to present it to DCNTTM organizers and DEF CON attendees for review? Come by our booth on Friday to register for a slot during our Saturday 2-hour event. We will provide you with a whiteboard and markers, present your design and we'll give you feedback.","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691728080,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52689,"village_id":null,"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"tag_ids":[45638,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","updated":"2023-08-11T04:28:00.000-0000","begin":"2023-08-11T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Pacific Northwest National Laboratory (PNNL) has developed and operates modeled physical environments for training and demonstrating cyber security for DHS CISA as part of their ICS Control Environment Laboratory Resource (CELR). To expose a broader audience at conferences and industry venues, CISA is implementing an XR interface to enable remote users to have a visceral experience as if they are in the same room as the CELR models. The CISA CELR team is developing cutting-edge data pipelines with the Depthkit software and developers at Scatter that can record and transmit accurate 3D renderings of objects and people in near real-time to an XR headset (HoloLens 2). Depthkit combines the data streams from up to 10 Microsoft Azure Kinect cameras and combines them into a calibrated photorealistic 3D video. This video can be exported into the Unity game engine and embedded as recordings or live streams into an XR application. The demonstration planned for Defcon will be for the Rail sector systems including an AR overview of the skid model with some pre-recorded videos of failure scenarios and some VR exploration of rail sector subsystems including a locomotive cab, wayside controller, and regional dispatch display. Conference attendees will learn more about the rail sector and its use of cyber components and the potential risks of cyber based failures.\n\n\n","title":"Off the Rails: A demo with Pacific Northwest National Labs","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691798400,"nanoseconds":0},"android_description":"Pacific Northwest National Laboratory (PNNL) has developed and operates modeled physical environments for training and demonstrating cyber security for DHS CISA as part of their ICS Control Environment Laboratory Resource (CELR). To expose a broader audience at conferences and industry venues, CISA is implementing an XR interface to enable remote users to have a visceral experience as if they are in the same room as the CELR models. The CISA CELR team is developing cutting-edge data pipelines with the Depthkit software and developers at Scatter that can record and transmit accurate 3D renderings of objects and people in near real-time to an XR headset (HoloLens 2). Depthkit combines the data streams from up to 10 Microsoft Azure Kinect cameras and combines them into a calibrated photorealistic 3D video. This video can be exported into the Unity game engine and embedded as recordings or live streams into an XR application. The demonstration planned for Defcon will be for the Rail sector systems including an AR overview of the skid model with some pre-recorded videos of failure scenarios and some VR exploration of rail sector subsystems including a locomotive cab, wayside controller, and regional dispatch display. Conference attendees will learn more about the rail sector and its use of cyber components and the potential risks of cyber based failures.","updated_timestamp":{"seconds":1691357160,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T00:00:00.000-0000","id":52577,"tag_ids":[40311,45646,45743,45775],"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 206 - XR Village","hotel":"","short_name":"Summit - 206 - XR Village","id":45860},"spans_timebands":"N","updated":"2023-08-06T21:26:00.000-0000","begin":"2023-08-11T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"\n\n\n","title":"Cutting through the noise: What you need to know are the real threats when it comes to AI","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d653b1","name":"Village Panel","id":45771},"end_timestamp":{"seconds":1691778600,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691284320,"nanoseconds":0},"speakers":[{"content_ids":[52025,52052,52259],"conference_id":96,"event_ids":[52523,52241,52271],"name":"Chloé Messdaghi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51252}],"timeband_id":990,"links":[],"end":"2023-08-11T18:30:00.000-0000","id":52523,"village_id":null,"tag_ids":[40305,45646,45743,45771],"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51252}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 224 - Misinfo Village","hotel":"","short_name":"Summit - 224 - Misinfo Village","id":45856},"spans_timebands":"N","updated":"2023-08-06T01:12:00.000-0000","begin":"2023-08-11T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"RF Village Kickoff","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691778300,"nanoseconds":0},"updated_timestamp":{"seconds":1691259780,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-11T18:25:00.000-0000","id":52508,"tag_ids":[40292,45645,45647,45743],"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Eldorado - Radio Frequency Village","hotel":"","short_name":"Eldorado - Radio Frequency Village","id":45714},"spans_timebands":"N","begin":"2023-08-11T18:00:00.000-0000","updated":"2023-08-05T18:23:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"SS7 Workshop","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691784000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691257140,"nanoseconds":0},"speakers":[{"content_ids":[52238,52239,52241,52242],"conference_id":96,"event_ids":[52493,52494,52496,52497,52500,52501],"name":"Zibran Sayyed","affiliations":[{"organization":"","title":"Sr. Security Consultant Telecom"}],"links":[],"pronouns":null,"media":[],"id":51522,"title":"Sr. Security Consultant Telecom"},{"content_ids":[52243,52238,52239,52241,52242],"conference_id":96,"event_ids":[52493,52494,52496,52497,52500,52501,52498],"name":"Akib Sayyed","affiliations":[{"organization":"Matrix Shell Technologies Prviate Limited","title":"Director"}],"links":[],"pronouns":null,"media":[],"id":51524,"title":"Director at Matrix Shell Technologies Prviate Limited"}],"timeband_id":990,"links":[],"end":"2023-08-11T20:00:00.000-0000","id":52493,"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"village_id":72,"tag_ids":[40304,45647,45719,45743],"includes":"","people":[{"tag_id":45633,"sort_order":1,"person_id":51524},{"tag_id":45633,"sort_order":1,"person_id":51522}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Virginia City - Telecom Village","hotel":"","short_name":"Virginia City - Telecom Village","id":45723},"spans_timebands":"N","begin":"2023-08-11T18:00:00.000-0000","updated":"2023-08-05T17:39:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Hack-A-Sat 4 is quite simply the world's first CTF in space. Now in its 4th year, the Hack-A-Sat competition series aims to enable security researchers of all levels to focus their skills and creativity on solving cyber security challenges on space systems and incentivize innovation in securing these systems. Stop by and witness the 5 finalist teams compete for $100K in prizes, learn more about the history of Hack-A-Sat, and the Moonlighter satellite hosting this year's competition. Competition updates will be presented on the AV stage both Friday and Saturday morning at 11 am PT.\n\n\n","title":"Hack-A-Sat 4 Briefing","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"Hack-A-Sat 4 is quite simply the world's first CTF in space. Now in its 4th year, the Hack-A-Sat competition series aims to enable security researchers of all levels to focus their skills and creativity on solving cyber security challenges on space systems and incentivize innovation in securing these systems. Stop by and witness the 5 finalist teams compete for $100K in prizes, learn more about the history of Hack-A-Sat, and the Moonlighter satellite hosting this year's competition. Competition updates will be presented on the AV stage both Friday and Saturday morning at 11 am PT.","end_timestamp":{"seconds":1691779800,"nanoseconds":0},"updated_timestamp":{"seconds":1691101080,"nanoseconds":0},"speakers":[{"content_ids":[52148,52166],"conference_id":96,"event_ids":[52378,52396,52398],"name":"Hack-A-Sat 4 Team","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51410}],"timeband_id":990,"links":[],"end":"2023-08-11T18:50:00.000-0000","id":52378,"village_id":null,"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"tag_ids":[40280,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51410}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"updated":"2023-08-03T22:18:00.000-0000","begin":"2023-08-11T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"USB-based attacks account for over 52% of all cybersecurity attacks on operational technology (OT) systems in the industrial control systems (ICS) industry. Stuxnet’s discovery in 2015 showed the vulnerability of air-gapped systems, previously considered invulnerable. These systems are found in secure military organizations and SCADA systems. The societal impact of such attacks can be enormous, as evidenced by Stuxnet’s impact on Iran’s nuclear programs. \r\n\r\nAir-gapped systems, while considered secure, mostly require mobile storage devices like USB sticks for updates and data transfers, exposing them to malware. Adding peripherals like keyboards and mice will also render the systems vulnerable to BadUSB attacks. This all can be prevented by OOBAVD, which acts as an intermediary between air-gapped systems and USB devices, blocks malicious files from entering the air-gapped systems. OOBAVD being out of band also mitigates the risk of malware attacking the host’s antivirus software.\r\n\r\nSo what exactly is OOBAVD and how does one take an anti-virus out of band?\n\n\n","title":"The Creation Of The Out-Of-Band Anti Virus Dock (Oobavd)","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691778000,"nanoseconds":0},"android_description":"USB-based attacks account for over 52% of all cybersecurity attacks on operational technology (OT) systems in the industrial control systems (ICS) industry. Stuxnet’s discovery in 2015 showed the vulnerability of air-gapped systems, previously considered invulnerable. These systems are found in secure military organizations and SCADA systems. The societal impact of such attacks can be enormous, as evidenced by Stuxnet’s impact on Iran’s nuclear programs. \r\n\r\nAir-gapped systems, while considered secure, mostly require mobile storage devices like USB sticks for updates and data transfers, exposing them to malware. Adding peripherals like keyboards and mice will also render the systems vulnerable to BadUSB attacks. This all can be prevented by OOBAVD, which acts as an intermediary between air-gapped systems and USB devices, blocks malicious files from entering the air-gapped systems. OOBAVD being out of band also mitigates the risk of malware attacking the host’s antivirus software.\r\n\r\nSo what exactly is OOBAVD and how does one take an anti-virus out of band?","updated_timestamp":{"seconds":1691079540,"nanoseconds":0},"speakers":[{"content_ids":[52141],"conference_id":96,"event_ids":[52366],"name":"Pengfei “BigZaddy” Yu","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51394},{"content_ids":[52141],"conference_id":96,"event_ids":[52366],"name":"Bosen Zhang","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51395},{"content_ids":[52141],"conference_id":96,"event_ids":[52366],"name":"Howard Yang","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51396},{"content_ids":[52141],"conference_id":96,"event_ids":[52366],"name":"Tan Jing Zhi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51397}],"timeband_id":990,"links":[],"end":"2023-08-11T18:20:00.000-0000","id":52366,"village_id":null,"tag_ids":[40287,45645,45646,45743],"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51395},{"tag_id":45590,"sort_order":1,"person_id":51396},{"tag_id":45590,"sort_order":1,"person_id":51394},{"tag_id":45590,"sort_order":1,"person_id":51397}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 311-312 - Hardware/Soldering Vlgs","hotel":"","short_name":"Alliance - 311-312 - Hardware/Soldering Vlgs","id":45868},"begin":"2023-08-11T18:00:00.000-0000","updated":"2023-08-03T16:19:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The web application market has shown rapid growth in recent years. Current security research utilizes source code analysis, and manual exploitation of web applications to identify security vulnerabilities such as Cross-site Scripting, SQL Injection. The attack samples generated as part of web application penetration testing can be easily blocked using Web Application Firewalls (WAFs). In this talk, I will discuss the use of conditional generative adversarial network (GAN) to identify key features for XSS attacks, and train a generative model based on attack labels, and attack features. The attack features are identified using semantic tokenization, and the attack payloads are generated using conditional GAN. The generated attack samples can be used to target web applications protected by WAFs in an automated manner. This model scales well on a large-scale web application platform and saves significant effort invested by the penetration testing team.\n\n\n","title":"Generative Adversarial Network (GAN) based autonomous penetration testing for Web Applications","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"The web application market has shown rapid growth in recent years. Current security research utilizes source code analysis, and manual exploitation of web applications to identify security vulnerabilities such as Cross-site Scripting, SQL Injection. The attack samples generated as part of web application penetration testing can be easily blocked using Web Application Firewalls (WAFs). In this talk, I will discuss the use of conditional generative adversarial network (GAN) to identify key features for XSS attacks, and train a generative model based on attack labels, and attack features. The attack features are identified using semantic tokenization, and the attack payloads are generated using conditional GAN. The generated attack samples can be used to target web applications protected by WAFs in an automated manner. This model scales well on a large-scale web application platform and saves significant effort invested by the penetration testing team.","end_timestamp":{"seconds":1691779500,"nanoseconds":0},"updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52103],"conference_id":96,"event_ids":[52328],"name":"Ankur Chowdhary","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51326}],"timeband_id":990,"links":[],"end":"2023-08-11T18:45:00.000-0000","id":52328,"tag_ids":[40297,45645,45647,45743],"village_id":null,"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51326}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Main Stage","hotel":"","short_name":"AppSec Village - Main Stage","id":45960},"spans_timebands":"N","begin":"2023-08-11T18:00:00.000-0000","updated":"2023-08-03T15:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Ultimate AppSec Trivia Challenge is a fun and educational game that tests your application security knowledge. The game consists of cards with questions ranging from easy to hard, all related to application security. Players can challenge themselves, or each other, to test their knowledge. You can improve your understanding of AppSec and have fun simultaneously. Bring your team or yourself and see where you rank on the leaderboard! Whether you're a beginner or an expert in application security, The Ultimate AppSec Trivia Challenge has something for everyone to learn.\n\n\n","title":"The Ultimate AppSec Trivia Challenge","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"android_description":"The Ultimate AppSec Trivia Challenge is a fun and educational game that tests your application security knowledge. The game consists of cards with questions ranging from easy to hard, all related to application security. Players can challenge themselves, or each other, to test their knowledge. You can improve your understanding of AppSec and have fun simultaneously. Bring your team or yourself and see where you rank on the leaderboard! Whether you're a beginner or an expert in application security, The Ultimate AppSec Trivia Challenge has something for everyone to learn.","end_timestamp":{"seconds":1691784000,"nanoseconds":0},"updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52088],"conference_id":96,"event_ids":[52314,52374,52375,52376],"name":"Probely","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51373}],"timeband_id":990,"links":[],"end":"2023-08-11T20:00:00.000-0000","id":52314,"village_id":null,"tag_ids":[40297,45647,45743,45775],"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51373}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 4","hotel":"","short_name":"AppSec Village - Pod 4","id":45965},"spans_timebands":"N","updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-11T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Have participants find the true positives out of 5 SQLi. \n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"Spot the True Positives!","end_timestamp":{"seconds":1691784000,"nanoseconds":0},"android_description":"Have participants find the true positives out of 5 SQLi.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52087],"conference_id":96,"event_ids":[52313,52372],"name":"Backslash","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51328}],"timeband_id":990,"links":[],"end":"2023-08-11T20:00:00.000-0000","id":52313,"village_id":null,"tag_ids":[40297,45647,45743,45775],"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51328}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 3","hotel":"","short_name":"AppSec Village - Pod 3","id":45964},"updated":"2023-08-03T15:29:00.000-0000","begin":"2023-08-11T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"vAPI is a Vulnerable Interface in a Lab like environment that mimics the scenarios from OWASP API Top 10 and helps the user understand and exploit the vulnerabilities according to OWASP API Top 10 2019. Apart from that, the lab consists some more exercises/challenges related to advanced topics related to Authorization and Access Control.\n\n\n","title":"vAPI : Vulnerable Adversely Programmed Interface","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691784000,"nanoseconds":0},"android_description":"vAPI is a Vulnerable Interface in a Lab like environment that mimics the scenarios from OWASP API Top 10 and helps the user understand and exploit the vulnerabilities according to OWASP API Top 10 2019. Apart from that, the lab consists some more exercises/challenges related to advanced topics related to Authorization and Access Control.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52086],"conference_id":96,"event_ids":[52312],"name":"Tushar Kulkarni","affiliations":[],"pronouns":null,"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/kulkarnivtushar"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/vk_tushar"}],"media":[],"id":51382}],"timeband_id":990,"links":[],"end":"2023-08-11T20:00:00.000-0000","id":52312,"tag_ids":[40297,45647,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51382}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 2","hotel":"","short_name":"AppSec Village - Pod 2","id":45963},"spans_timebands":"N","begin":"2023-08-11T18:00:00.000-0000","updated":"2023-08-03T15:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In each round, the participants will get to deploy a set of GitHub Actions in a chosen project to implement security best practices. Whoever completes the challenge first among the competitors, or gets closer to completing it, wins. The set of Actions at each round will be chosen randomly among the Actions in the Security category available in the Marketplace.\n\n\n","title":"Hands-on GitHub Actions","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691784000,"nanoseconds":0},"android_description":"In each round, the participants will get to deploy a set of GitHub Actions in a chosen project to implement security best practices. Whoever completes the challenge first among the competitors, or gets closer to completing it, wins. The set of Actions at each round will be chosen randomly among the Actions in the Security category available in the Marketplace.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52085,52139],"conference_id":96,"event_ids":[52358,52311],"name":"Magno Logan","affiliations":[],"links":[{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/magnologan"}],"pronouns":null,"media":[],"id":51362}],"timeband_id":990,"links":[],"end":"2023-08-11T20:00:00.000-0000","id":52311,"village_id":null,"tag_ids":[40297,45647,45743,45775],"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51362}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Pod 1","hotel":"","short_name":"AppSec Village - Pod 1","id":45962},"spans_timebands":"N","begin":"2023-08-11T18:00:00.000-0000","updated":"2023-08-03T15:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Malicious code is out to get you. Can you keep your app working as expected and hold on to your secrets? Come to this workshop and try!\r\n\r\nThe entire workshop will be delivered as bite-sized hands-on exercises where increasingly advanced threats are presented and you get to defend. \r\n\r\nWe'll explore techniques allowing cooperation with packages thatintend to steal your secrets and mess with built-in functionality of JavaScript via prototype-poisoning.\r\nAnother part of the workshop will focus on using tools to isolate code and scale the defensive coding practice up for larger codebases.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Defensive Coding and Hardened Javascript","end_timestamp":{"seconds":1691784000,"nanoseconds":0},"android_description":"Malicious code is out to get you. Can you keep your app working as expected and hold on to your secrets? Come to this workshop and try!\r\n\r\nThe entire workshop will be delivered as bite-sized hands-on exercises where increasingly advanced threats are presented and you get to defend. \r\n\r\nWe'll explore techniques allowing cooperation with packages thatintend to steal your secrets and mess with built-in functionality of JavaScript via prototype-poisoning.\r\nAnother part of the workshop will focus on using tools to isolate code and scale the defensive coding practice up for larger codebases.","updated_timestamp":{"seconds":1691076540,"nanoseconds":0},"speakers":[{"content_ids":[52084],"conference_id":96,"event_ids":[52303],"name":"Aaron Kumavis","affiliations":[],"pronouns":null,"links":[{"description":null,"title":"Twitter","sort_order":0,"url":"https://Twitter.com/kumavis_"}],"media":[],"id":51378},{"content_ids":[52084],"conference_id":96,"event_ids":[52303],"name":"Zbyszek Tenerowicz","affiliations":[],"pronouns":null,"links":[{"description":null,"title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/zbigniew-tenerowicz-288175165/"},{"description":null,"title":"Twitter","sort_order":0,"url":"https://twitter.com/naugtur"}],"media":[],"id":51389}],"timeband_id":990,"links":[],"end":"2023-08-11T20:00:00.000-0000","id":52303,"village_id":null,"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"tag_ids":[40297,45647,45743,45775],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51378},{"tag_id":45590,"sort_order":1,"person_id":51389}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45712,"name":"Flamingo - Savoy - AppSec Village - Workshop","hotel":"","short_name":"AppSec Village - Workshop","id":45961},"spans_timebands":"N","begin":"2023-08-11T18:00:00.000-0000","updated":"2023-08-03T15:29:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"AI Village CTF Kickoff and Introduction","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691777700,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691030700,"nanoseconds":0},"speakers":[{"content_ids":[52046],"conference_id":96,"event_ids":[52265],"name":"Will Pearce","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51297}],"timeband_id":990,"links":[],"end":"2023-08-11T18:15:00.000-0000","id":52265,"tag_ids":[40299,45645,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51297}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 401-406 - AI Village","hotel":"","short_name":"Academy - 401-406 - AI Village","id":45870},"spans_timebands":"N","begin":"2023-08-11T18:00:00.000-0000","updated":"2023-08-03T02:45:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Certs Fucking Suck, So We Made a Cert: DISCO for Bodily Autonomy","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691778600,"nanoseconds":0},"updated_timestamp":{"seconds":1691025660,"nanoseconds":0},"speakers":[{"content_ids":[52023],"conference_id":96,"event_ids":[52239],"name":"Blunt","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51249},{"content_ids":[52023],"conference_id":96,"event_ids":[52239],"name":"Daly","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51255}],"timeband_id":990,"links":[],"end":"2023-08-11T18:30:00.000-0000","id":52239,"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"tag_ids":[40308,45645,45647,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51249},{"tag_id":45590,"sort_order":1,"person_id":51255}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset - Vista - Crypto & Privacy Village","hotel":"","short_name":"Sunset - Vista - Crypto & Privacy Village","id":45702},"begin":"2023-08-11T18:00:00.000-0000","updated":"2023-08-03T01:21:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"We have three challenges this year!\r\n\r\n1. A CTF for which there is no equipment is required. \r\n\r\n2. Card Hacking Challenge for which you will need an Android phone with NFC and a special Card Hacking Challenge card (grab one on the booth):\r\n\r\n3. Easter egg hunt. Use your brain!\r\n\r\nWe have a tonne of cool prizes to be won, such as custom mugs, numbered challenge coins with atc numbers, key rings, embroidered patches and more!\n\n\n","title":"Payment Village Challenges/CTF","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"android_description":"We have three challenges this year!\r\n\r\n1. A CTF for which there is no equipment is required. \r\n\r\n2. Card Hacking Challenge for which you will need an Android phone with NFC and a special Card Hacking Challenge card (grab one on the booth):\r\n\r\n3. Easter egg hunt. Use your brain!\r\n\r\nWe have a tonne of cool prizes to be won, such as custom mugs, numbered challenge coins with atc numbers, key rings, embroidered patches and more!","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1690995480,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52208,"tag_ids":[40301,45647,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Virginia City - Payment Village","hotel":"","short_name":"Virginia City - Payment Village","id":45654},"updated":"2023-08-02T16:58:00.000-0000","begin":"2023-08-11T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"We have a simple mission, educate the world about payments. We all interact with payment technologies every day, yet how much do we know about them? This is a beginner's course in card payments. This workshop is also helpful for anyone who tries to solve our CTF.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"Payment Village Workshop","android_description":"We have a simple mission, educate the world about payments. We all interact with payment technologies every day, yet how much do we know about them? This is a beginner's course in card payments. This workshop is also helpful for anyone who tries to solve our CTF.","end_timestamp":{"seconds":1691782200,"nanoseconds":0},"updated_timestamp":{"seconds":1690995240,"nanoseconds":0},"speakers":[{"content_ids":[52011],"conference_id":96,"event_ids":[52206,52207],"name":"Leigh-Anne Galloway","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@L_Agalloway"}],"pronouns":null,"media":[],"id":51181}],"timeband_id":990,"links":[],"end":"2023-08-11T19:30:00.000-0000","id":52206,"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"village_id":null,"tag_ids":[40301,45647,45719,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51181}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Virginia City - Payment Village","hotel":"","short_name":"Virginia City - Payment Village","id":45654},"spans_timebands":"N","begin":"2023-08-11T18:00:00.000-0000","updated":"2023-08-02T16:54:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Dontae Tyler developed a security awareness training called Cyber Hygiene after getting tired of sitting through boring cyber security awareness videos that were not effective. After conducting his own research, He was able to come to the conclusion that the annual security training of the past was not as effective in remediating issues related to non-technical people utilizing interconnected devices and systems to complete their work. In his training he plans to equip end users with simple yet effective mitigation strategies and tools to reduce risk to acceptable levels.\n\n\n","title":"Cyber Hygiene: Security Awareness Training and Education","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691779800,"nanoseconds":0},"android_description":"Dontae Tyler developed a security awareness training called Cyber Hygiene after getting tired of sitting through boring cyber security awareness videos that were not effective. After conducting his own research, He was able to come to the conclusion that the annual security training of the past was not as effective in remediating issues related to non-technical people utilizing interconnected devices and systems to complete their work. In his training he plans to equip end users with simple yet effective mitigation strategies and tools to reduce risk to acceptable levels.","updated_timestamp":{"seconds":1690937700,"nanoseconds":0},"speakers":[{"content_ids":[52003],"conference_id":96,"event_ids":[52198],"name":"Dontae Tyler","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51209}],"timeband_id":990,"links":[],"end":"2023-08-11T18:50:00.000-0000","id":52198,"tag_ids":[40281,45645,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51209}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 301-304 - Blacks in Cyber Village","hotel":"","short_name":"Alliance - 301-304 - Blacks in Cyber Village","id":45865},"updated":"2023-08-02T00:55:00.000-0000","begin":"2023-08-11T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In February 2022, the Viasat owned KA-SAT network experienced a significant cyberattack that resulted in a partial outage of services for thousands of users in Ukraine and tens of thousands of users in other parts of Europe. This presentation will provide detailed background on the attack, which involved the deployment of malware against terminals on the network, as well as several distinct network-based attacks that appeared focused on further denying connectivity to KA-SAT users. These network-based attacks needed to be characterized and responded to by Viasat’s operational teams in real-time, and the attacks continued with intensity for many weeks after the original malware incident. \r\n\r\nViasat will share the story of how it responded and performed a rapid forensic on several impacted terminals to determine within 36 hours that the terminal flash memory had been overwritten with a distinctive pattern in the attack. This presentation will explain details around the forensic analysis as well as the process of reverse engineering the malicious toolkit to verify it would produce the observed flash memory effects. Viasat will also share technical details of over-the-air network attacks that were used to attack the KA-SAT network.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"title":"Defending KA-SAT: The detailed story of the response, how it was analyzed, and what was learned","android_description":"In February 2022, the Viasat owned KA-SAT network experienced a significant cyberattack that resulted in a partial outage of services for thousands of users in Ukraine and tens of thousands of users in other parts of Europe. This presentation will provide detailed background on the attack, which involved the deployment of malware against terminals on the network, as well as several distinct network-based attacks that appeared focused on further denying connectivity to KA-SAT users. These network-based attacks needed to be characterized and responded to by Viasat’s operational teams in real-time, and the attacks continued with intensity for many weeks after the original malware incident. \r\n\r\nViasat will share the story of how it responded and performed a rapid forensic on several impacted terminals to determine within 36 hours that the terminal flash memory had been overwritten with a distinctive pattern in the attack. This presentation will explain details around the forensic analysis as well as the process of reverse engineering the malicious toolkit to verify it would produce the observed flash memory effects. Viasat will also share technical details of over-the-air network attacks that were used to attack the KA-SAT network.","end_timestamp":{"seconds":1691779500,"nanoseconds":0},"updated_timestamp":{"seconds":1690667700,"nanoseconds":0},"speakers":[{"content_ids":[51588],"conference_id":96,"event_ids":[51775],"name":"Mark Colaluca","affiliations":[{"organization":"Viasat","title":"Vice President and Chief Information Security Officer (CISO)"}],"links":[],"pronouns":"he/him","media":[],"id":50726,"title":"Vice President and Chief Information Security Officer (CISO) at Viasat"},{"content_ids":[51588],"conference_id":96,"event_ids":[51775],"name":"Nick Saunders","affiliations":[{"organization":"Viasat","title":"Chief Cybersecurity and Data Officer"}],"links":[],"pronouns":"he/him","media":[],"id":50727,"title":"Chief Cybersecurity and Data Officer at Viasat"}],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246846"}],"end":"2023-08-11T18:45:00.000-0000","id":51775,"tag_ids":[45589,45646,45766],"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50726},{"tag_id":45590,"sort_order":1,"person_id":50727}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 130-134 - Track 3","hotel":"","short_name":"Forum - 130-134 - Track 3","id":45798},"updated":"2023-07-29T21:55:00.000-0000","begin":"2023-08-11T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"What's up, Doc? Using documentation to build better OT security knowledge graphs","android_description":"","end_timestamp":{"seconds":1691778600,"nanoseconds":0},"updated_timestamp":{"seconds":1690422660,"nanoseconds":0},"speakers":[{"content_ids":[51475],"conference_id":96,"event_ids":[51631],"name":"Ian Fox","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50540}],"timeband_id":990,"links":[],"end":"2023-08-11T18:30:00.000-0000","id":51631,"village_id":null,"tag_ids":[40306,45645,45646,45743],"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50540}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 313-319 - ICS Village","hotel":"","short_name":"Alliance - 313-319 - ICS Village","id":45869},"spans_timebands":"N","begin":"2023-08-11T18:00:00.000-0000","updated":"2023-07-27T01:51:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"As lonely Aussies attending our first Defcon last year, we were frequently drawn to the hilarity/uniquness of the Wall of Sheep board. One of our group suggested people leaking at the con was super entertaining, but what about throughout the rest of the year? We decided to use the time between DC30 and DC31 scraping the r/defcon subreddit to create the Wall of Sheep - online edition.\n\n\n","title":"Death by 1000 Likes: How Much Do You Really Leak in Social Media?","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691779800,"nanoseconds":0},"android_description":"As lonely Aussies attending our first Defcon last year, we were frequently drawn to the hilarity/uniquness of the Wall of Sheep board. One of our group suggested people leaking at the con was super entertaining, but what about throughout the rest of the year? We decided to use the time between DC30 and DC31 scraping the r/defcon subreddit to create the Wall of Sheep - online edition.","updated_timestamp":{"seconds":1691375220,"nanoseconds":0},"speakers":[{"content_ids":[51460],"conference_id":96,"event_ids":[51616],"name":"Will Kay","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50538}],"timeband_id":990,"links":[],"end":"2023-08-11T18:50:00.000-0000","id":51616,"village_id":null,"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"tag_ids":[40288,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50538}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 232-233 - Shared Stage","hotel":"","short_name":"Summit - 232-233 - Shared Stage","id":45900},"spans_timebands":"N","begin":"2023-08-11T18:00:00.000-0000","updated":"2023-08-07T02:27:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#2ec300","updated_at":"2024-06-07T03:38+0000","name":"Vendor Event","id":45769},"title":"No Starch Press - Book Signing - Bryson Payne, Go H*ck Yourself","end_timestamp":{"seconds":1691780400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1690416180,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-11T19:00:00.000-0000","id":51603,"tag_ids":[45646,45743,45769,45770],"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 305-306 - Vendors","hotel":"","short_name":"Alliance - 305-306 - Vendors","id":45866},"spans_timebands":"N","begin":"2023-08-11T18:00:00.000-0000","updated":"2023-07-27T00:03:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Keynote Panel moderated by Ben Sadeghipour @nahamsec\n\n\n","title":"Stories from the Trenches","type":{"conference_id":96,"conference":"DEFCON31","color":"#d653b1","updated_at":"2024-06-07T03:38+0000","name":"Village Panel","id":45771},"android_description":"Keynote Panel moderated by Ben Sadeghipour @nahamsec","end_timestamp":{"seconds":1691780400,"nanoseconds":0},"updated_timestamp":{"seconds":1689356340,"nanoseconds":0},"speakers":[{"content_ids":[50592,51070,51977,52424],"conference_id":96,"event_ids":[52729,50857,52730,51103,52171],"name":"Ben \"NahamSec\" Sadeghipour","affiliations":[{"organization":"NahamSec","title":"Hacker & Content Creator"}],"pronouns":"she/her","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/nahamsec"}],"media":[],"id":49825,"title":"Hacker & Content Creator at NahamSec"},{"content_ids":[51070],"conference_id":96,"event_ids":[51103],"name":"Barrett Darnell","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/pwnEIP"}],"pronouns":null,"media":[],"id":50259},{"content_ids":[51070],"conference_id":96,"event_ids":[51103],"name":"John Hammond","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/_JohnHammond"}],"media":[],"id":50268},{"content_ids":[51070],"conference_id":96,"event_ids":[51103],"name":"Ryan M. Montgomery","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/0dayCTF"}],"media":[],"id":50280},{"content_ids":[51070],"conference_id":96,"event_ids":[51103],"name":"Savannah Lazzara","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/lazzslayer"}],"media":[],"id":50282}],"timeband_id":990,"links":[],"end":"2023-08-11T19:00:00.000-0000","id":51103,"village_id":60,"tag_ids":[40294,45647,45743,45771],"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"includes":"","people":[{"tag_id":45631,"sort_order":1,"person_id":49825},{"tag_id":45632,"sort_order":2,"person_id":50259},{"tag_id":45632,"sort_order":2,"person_id":50268},{"tag_id":45632,"sort_order":2,"person_id":50280},{"tag_id":45632,"sort_order":2,"person_id":50282}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset-Twilight Ballroom - Red Team Village","hotel":"","short_name":"Sunset-Twilight Ballroom - Red Team Village","id":45681},"spans_timebands":"N","begin":"2023-08-11T18:00:00.000-0000","updated":"2023-07-14T17:39:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Betting on Your Digital Rights: 2nd Annual EFF Benefit Poker Tournament at DEF CON 31\r\n\r\nWhen: Friday August 11, 12:00 (11:00 for the pre-tournament poker clinic)\r\nWhere: Offsite. Horseshoe Poker Room\r\nStay tuned at https://www.eff.org/poker for more details.\r\n\r\nWe’re going all in on internet freedom. Take a break from hacking the Gibson to face off with your competition at the tables—and benefit the Electronic Frontier Foundation! Your buy-in is paired with a donation to support EFF’s mission to protect online privacy and free expression for all. Play for glory. Play for money. Play for the future of the web. Seating is limited, so reserve your spot today.\r\nhttps://www.eff.org/poker\r\n\r\nWe will offer a pre-tournament clinic to help people get a refresher on poker so they feel comfortable. This contest will be held outside the main conference area; it must be held in the Horseshoe Poker Room​ per the Nevada Gaming Commission.​\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#697bd0","updated_at":"2024-06-07T03:38+0000","name":"Event","id":45638},"title":"EFF Benefit Poker Tournament at DEF CON 31 - Pre-tournament clinic","android_description":"Betting on Your Digital Rights: 2nd Annual EFF Benefit Poker Tournament at DEF CON 31\r\n\r\nWhen: Friday August 11, 12:00 (11:00 for the pre-tournament poker clinic)\r\nWhere: Offsite. Horseshoe Poker Room\r\nStay tuned at https://www.eff.org/poker for more details.\r\n\r\nWe’re going all in on internet freedom. Take a break from hacking the Gibson to face off with your competition at the tables—and benefit the Electronic Frontier Foundation! Your buy-in is paired with a donation to support EFF’s mission to protect online privacy and free expression for all. Play for glory. Play for money. Play for the future of the web. Seating is limited, so reserve your spot today.\r\nhttps://www.eff.org/poker\r\n\r\nWe will offer a pre-tournament clinic to help people get a refresher on poker so they feel comfortable. This contest will be held outside the main conference area; it must be held in the Horseshoe Poker Room​ per the Nevada Gaming Commission.​","end_timestamp":{"seconds":1691780400,"nanoseconds":0},"updated_timestamp":{"seconds":1689271260,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-11T19:00:00.000-0000","links":[{"label":"Website","type":"link","url":"https://www.eff.org/poker"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/244824"}],"id":51099,"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"tag_ids":[45638],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Other/See Description","hotel":"","short_name":"Other/See Description","id":45750},"updated":"2023-07-13T18:01:00.000-0000","begin":"2023-08-11T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Smart shopping cart wheels are electronic wheels with a mechanical braking mechanism meant to prevent cart removal or shoplifting, as well as electronics to provide other tracking functions. In a past talk, I’ve discussed the ultra-low-frequency communication these systems use and how to sniff and replay them (and even use your phone’s speaker to “phreak” your shopping cart!\r\n\r\nThis talk explores a new type of smart wheel (the Rocateq system), and focuses on a deeper exploration of the hardware and firmware. On top of capturing new sets of ultra-low-frequency control signals, we’ll look at the 2.4 GHz “checkout” signal that it receives from the register and reverse engineer the PCB - soldering on “fly-wires” to look at the chip-to-chip communication with a logic analyzer. We’ll also use a PICKIT programmer to dump the firmware from the main microcontroller for basic analysis using Ghidra.\r\n\r\nIn addition to the talk, the website where you can play the control signals as audio files on your phone will be updated to include the control codes for the Rocateq brand wheels. \r\n\r\nREFERENCES: \r\n- The ARRL handbook for radio communications, 2007. Newington, CT: American Radio Relay League, 2006. Print.\r\n- https://www.tmplab.org/2008/06/18/consumer-b-gone/\r\n- http://www.woodmann.com/fravia/nola_wheel.htm\r\n-The wonderful people over at /r/rfelectronics\r\n- FCC.gov\r\n- My previous talk at DEFCON 29\r\n- rocateq.com\n\n\n","title":"Warshopping - further dalliances in phreaking smart shopping cart wheels, RF sniffing and hardware reverse engineering","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#47c64e","name":"DEF CON War Story","id":45844},"android_description":"Smart shopping cart wheels are electronic wheels with a mechanical braking mechanism meant to prevent cart removal or shoplifting, as well as electronics to provide other tracking functions. In a past talk, I’ve discussed the ultra-low-frequency communication these systems use and how to sniff and replay them (and even use your phone’s speaker to “phreak” your shopping cart!\r\n\r\nThis talk explores a new type of smart wheel (the Rocateq system), and focuses on a deeper exploration of the hardware and firmware. On top of capturing new sets of ultra-low-frequency control signals, we’ll look at the 2.4 GHz “checkout” signal that it receives from the register and reverse engineer the PCB - soldering on “fly-wires” to look at the chip-to-chip communication with a logic analyzer. We’ll also use a PICKIT programmer to dump the firmware from the main microcontroller for basic analysis using Ghidra.\r\n\r\nIn addition to the talk, the website where you can play the control signals as audio files on your phone will be updated to include the control codes for the Rocateq brand wheels. \r\n\r\nREFERENCES: \r\n- The ARRL handbook for radio communications, 2007. Newington, CT: American Radio Relay League, 2006. Print.\r\n- https://www.tmplab.org/2008/06/18/consumer-b-gone/\r\n- http://www.woodmann.com/fravia/nola_wheel.htm\r\n-The wonderful people over at /r/rfelectronics\r\n- FCC.gov\r\n- My previous talk at DEFCON 29\r\n- rocateq.com","end_timestamp":{"seconds":1691779500,"nanoseconds":0},"updated_timestamp":{"seconds":1687140180,"nanoseconds":0},"speakers":[{"content_ids":[50605],"conference_id":96,"event_ids":[50858],"name":"Joseph Gabay","affiliations":[{"organization":"","title":"Hacker"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/stoppingcart"},{"description":"","title":"Website","sort_order":0,"url":"https://begaydocrime.com"}],"media":[],"id":49845,"title":"Hacker"}],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245776"}],"end":"2023-08-11T18:45:00.000-0000","id":50858,"tag_ids":[45648,45844],"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49845}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45666,"name":"Harrah's - Nevada Ballroom - Lake Tahoe & Reno - War Stories - On the Record","hotel":"","short_name":"War Stories - On the Record","id":45801},"updated":"2023-06-19T02:03:00.000-0000","begin":"2023-08-11T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Ever wake up and ask yourself: “Damn, how could I make email security suck even more today”? Tired of your Red Teams phishing emails not landing in your targets inbox? Do you dislike Boston (the city) and love Satan?\r\n\r\nIf you answered yes to any of those questions you should come to this talk!\r\n \r\nI'll be showing you how to spoof emails from 2 million+ domains (while also “bypassing” SPF & DMARC!) by (ab)using a partnership between Cloudflare and the “biggest transactional email service” on the interwebs. We'll be diving into \"edge\" serverless applications and the magical world of email security where everything is (still) held up by duct tape, pasta, and marinara sauce. Finally, I’ll be dropping code and releasing a tool that demonstrates how to impersonate emails from 2million+ domains. \r\n\r\nREFERENCES:\r\n \r\n* https://blog.mailchannels.com/mailchannels-enables-free-email-sending-for-cloudflare-workers-customers\r\n* https://trends.builtwith.com/mx/transactional-email/traffic/Entire-Internet\r\n* https://blog.cloudflare.com/sending-email-from-workers-with-mailchannels/\r\n* https://trends.builtwith.com/websitelist/MailChannels\r\n* https://www.rapid7.com/research/project-sonar/\r\n* https://gist.github.com/ihsangan/6111b59b9a7b022b5897d28d8454ad8d\r\n* https://community.cloudflare.com/t/send-email-from-workers-using-mailchannels-for-free/361973/11\r\n* WWW'22 Talk: Revisiting Email Forwarding Security under the Authenticated Received Chain Protocol (https://www.youtube.com/watch?v=V9kajr5dESs)\r\n* http://arc-spec.org/ \r\n* https://www.rfc-editor.org/rfc/rfc8617.html\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"title":"SpamChannel: Spoofing Emails From 2 Million+ Domains and Virtually Becoming Satan","end_timestamp":{"seconds":1691779500,"nanoseconds":0},"android_description":"Ever wake up and ask yourself: “Damn, how could I make email security suck even more today”? Tired of your Red Teams phishing emails not landing in your targets inbox? Do you dislike Boston (the city) and love Satan?\r\n\r\nIf you answered yes to any of those questions you should come to this talk!\r\n \r\nI'll be showing you how to spoof emails from 2 million+ domains (while also “bypassing” SPF & DMARC!) by (ab)using a partnership between Cloudflare and the “biggest transactional email service” on the interwebs. We'll be diving into \"edge\" serverless applications and the magical world of email security where everything is (still) held up by duct tape, pasta, and marinara sauce. Finally, I’ll be dropping code and releasing a tool that demonstrates how to impersonate emails from 2million+ domains. \r\n\r\nREFERENCES:\r\n \r\n* https://blog.mailchannels.com/mailchannels-enables-free-email-sending-for-cloudflare-workers-customers\r\n* https://trends.builtwith.com/mx/transactional-email/traffic/Entire-Internet\r\n* https://blog.cloudflare.com/sending-email-from-workers-with-mailchannels/\r\n* https://trends.builtwith.com/websitelist/MailChannels\r\n* https://www.rapid7.com/research/project-sonar/\r\n* https://gist.github.com/ihsangan/6111b59b9a7b022b5897d28d8454ad8d\r\n* https://community.cloudflare.com/t/send-email-from-workers-using-mailchannels-for-free/361973/11\r\n* WWW'22 Talk: Revisiting Email Forwarding Security under the Authenticated Received Chain Protocol (https://www.youtube.com/watch?v=V9kajr5dESs)\r\n* http://arc-spec.org/ \r\n* https://www.rfc-editor.org/rfc/rfc8617.html","updated_timestamp":{"seconds":1687136820,"nanoseconds":0},"speakers":[{"content_ids":[50553,52052],"conference_id":96,"event_ids":[50781,52271],"name":"Marcello \"byt3bl33d3r\" Salvati","affiliations":[{"organization":"","title":"Hacker & Entrepreneur"}],"pronouns":"he/him","links":[{"description":"","title":"Github","sort_order":0,"url":"https://github.com/byt3bl33d3r"},{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/byt3bl33d3r/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/byt3bl33d3r"}],"media":[],"id":49765,"title":"Hacker & Entrepreneur"}],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245722"}],"end":"2023-08-11T18:45:00.000-0000","id":50781,"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"tag_ids":[45589,45592,45630,45646,45766],"village_id":null,"includes":"Tool 🛠, Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49765}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"updated":"2023-06-19T01:07:00.000-0000","begin":"2023-08-11T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Although x509 certificates have been here for a while, they have become more popular for client authentication in zero-trust networks in recent years. Mutual TLS, or authentication based on X509 certificates in general, brings advantages compared to passwords or tokens, but you get increased complexity in return.\r\n\r\nIn this talk, we’ll deep dive into some novel attacks on mTLS authentication. We won’t bother you with heavy crypto stuff, but instead we’ll have a look at implementation vulnerabilities and how developers can make their mTLS systems vulnerable to user impersonation, privilege escalation and information leakages. We present some CVEs we found in popular open-source identity servers and ways to exploit them. Finally, we’ll explain how these vulnerabilities can be spotted in source code and how the safe code looks like.\r\n\r\nREFERENCES: \r\n1) Wikipedia: Mutual Authentication (mTLS) https://en.wikipedia.org/wiki/Mutual_authentication#mTLS\r\n2) Java: Possible RCEs in X.509 certificate validation [CVE-2018-2633][CVE-2017-10116] https://mbechler.github.io/2018/01/20/Java-CVE-2018-2633/\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"title":"mTLS: when certificate authentication done wrong","android_description":"Although x509 certificates have been here for a while, they have become more popular for client authentication in zero-trust networks in recent years. Mutual TLS, or authentication based on X509 certificates in general, brings advantages compared to passwords or tokens, but you get increased complexity in return.\r\n\r\nIn this talk, we’ll deep dive into some novel attacks on mTLS authentication. We won’t bother you with heavy crypto stuff, but instead we’ll have a look at implementation vulnerabilities and how developers can make their mTLS systems vulnerable to user impersonation, privilege escalation and information leakages. We present some CVEs we found in popular open-source identity servers and ways to exploit them. Finally, we’ll explain how these vulnerabilities can be spotted in source code and how the safe code looks like.\r\n\r\nREFERENCES: \r\n1) Wikipedia: Mutual Authentication (mTLS) https://en.wikipedia.org/wiki/Mutual_authentication#mTLS\r\n2) Java: Possible RCEs in X.509 certificate validation [CVE-2018-2633][CVE-2017-10116] https://mbechler.github.io/2018/01/20/Java-CVE-2018-2633/","end_timestamp":{"seconds":1691778000,"nanoseconds":0},"updated_timestamp":{"seconds":1687139700,"nanoseconds":0},"speakers":[{"content_ids":[50597],"conference_id":96,"event_ids":[50771],"name":"Michael Stepankin","affiliations":[{"organization":"GitHub","title":"Security Researcher"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/artsploit"},{"description":"","title":"Website","sort_order":0,"url":"https://artsploit.blogspot.com"}],"media":[],"id":49833,"title":"Security Researcher at GitHub"}],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245768"}],"end":"2023-08-11T18:20:00.000-0000","id":50771,"village_id":null,"tag_ids":[45589,45592,45629,45646,45766],"begin_timestamp":{"seconds":1691776800,"nanoseconds":0},"includes":"Demo 💻, Exploit 🪲","people":[{"tag_id":45590,"sort_order":1,"person_id":49833}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 105,135,136 - Track 1","hotel":"","short_name":"Forum - 105,135,136 - Track 1","id":45796},"updated":"2023-06-19T01:55:00.000-0000","begin":"2023-08-11T18:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Amazon Web Services (AWS) customers rely on CloudTrail for continuous monitoring and detection of security incidents within their cloud environments. But what if an attacker could bypass this vital security layer, conducting stealthy reconnaissance and even modifying the environment without leaving any log evidence?\r\n\r\nIn this talk I will explore the attack surface of the AWS API, and share multiple vulnerabilities I discovered that allowed me to bypass CloudTrail logging for different AWS services. These vulnerabilities have now been fixed by AWS.\r\n\r\nAttendees will gain an understanding of how these vulnerabilities are found, an understanding of the internals of the AWS APIs, and knowledge of how to apply these methods to new CloudTrail bypasses.\n\n\n","title":"Evading Logging in the Cloud: Bypassing AWS CloudTrail","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691778600,"nanoseconds":0},"android_description":"Amazon Web Services (AWS) customers rely on CloudTrail for continuous monitoring and detection of security incidents within their cloud environments. But what if an attacker could bypass this vital security layer, conducting stealthy reconnaissance and even modifying the environment without leaving any log evidence?\r\n\r\nIn this talk I will explore the attack surface of the AWS API, and share multiple vulnerabilities I discovered that allowed me to bypass CloudTrail logging for different AWS services. These vulnerabilities have now been fixed by AWS.\r\n\r\nAttendees will gain an understanding of how these vulnerabilities are found, an understanding of the internals of the AWS APIs, and knowledge of how to apply these methods to new CloudTrail bypasses.","updated_timestamp":{"seconds":1690920900,"nanoseconds":0},"speakers":[{"content_ids":[51981],"conference_id":96,"event_ids":[52175],"name":"Nick Frichette","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Frichette_n"}],"pronouns":null,"media":[],"id":51186}],"timeband_id":990,"links":[],"end":"2023-08-11T18:30:00.000-0000","id":52175,"begin_timestamp":{"seconds":1691776200,"nanoseconds":0},"village_id":null,"tag_ids":[40284,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51186}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Mesquite - Cloud Village","hotel":"","short_name":"Mesquite - Cloud Village","id":45653},"spans_timebands":"N","begin":"2023-08-11T17:50:00.000-0000","updated":"2023-08-01T20:15:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"OSINT Situational Awareness","end_timestamp":{"seconds":1691778900,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1689552840,"nanoseconds":0},"speakers":[{"content_ids":[51295],"conference_id":96,"event_ids":[51357],"name":"Joe Gray","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@C_3PJoe"}],"pronouns":null,"media":[],"id":50459}],"timeband_id":990,"links":[],"end":"2023-08-11T18:35:00.000-0000","id":51357,"begin_timestamp":{"seconds":1691776200,"nanoseconds":0},"tag_ids":[40293,45645,45649,45743],"village_id":59,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50459}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social B and C - Recon Village","hotel":"","short_name":"Social B and C - Recon Village","id":45737},"spans_timebands":"N","begin":"2023-08-11T17:50:00.000-0000","updated":"2023-07-17T00:14:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Currently, medical devices are getting smarter by the minute. However, with the rapid expansion of new technologies on legacy systems, these smart additions are adding massive amounts of attack footprint. Additionally, older ways of development, utilizing sometimes poorly constructed binaries or scripts, are placed onto newer operating systems, leaving an environment ripe for exploitation. Adding urgency, the FDA also recently announced it would begin denying systems with vulnerabilities. This will go over my methods of using full scope testing (physical/netpen/hardware/other) to gain good findings for remediation in the modern world and the differentiators I have seen in my testing method vs. others observed in field. It will also have ample examples of actual bugs located during testing, how they were uncovered, and how they were utilized to exploit target systems (anonymized of course).\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Time, Persistence, Patience","android_description":"Currently, medical devices are getting smarter by the minute. However, with the rapid expansion of new technologies on legacy systems, these smart additions are adding massive amounts of attack footprint. Additionally, older ways of development, utilizing sometimes poorly constructed binaries or scripts, are placed onto newer operating systems, leaving an environment ripe for exploitation. Adding urgency, the FDA also recently announced it would begin denying systems with vulnerabilities. This will go over my methods of using full scope testing (physical/netpen/hardware/other) to gain good findings for remediation in the modern world and the differentiators I have seen in my testing method vs. others observed in field. It will also have ample examples of actual bugs located during testing, how they were uncovered, and how they were utilized to exploit target systems (anonymized of course).","end_timestamp":{"seconds":1691779200,"nanoseconds":0},"updated_timestamp":{"seconds":1689115200,"nanoseconds":0},"speakers":[{"content_ids":[51039],"conference_id":96,"event_ids":[51071],"name":"Michael \"v3ga_hax\" Aguilar","affiliations":[{"organization":"Secureworks Adversary Group","title":"Principle Consultant"}],"links":[],"pronouns":null,"media":[],"id":50222,"title":"Principle Consultant at Secureworks Adversary Group"}],"timeband_id":990,"links":[],"end":"2023-08-11T18:40:00.000-0000","id":51071,"tag_ids":[45645,45647,45717],"village_id":68,"begin_timestamp":{"seconds":1691775600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50222}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Laughlin I,II,III - Biohacking Village","hotel":"","short_name":"Laughlin I,II,III - Biohacking Village","id":45663},"begin":"2023-08-11T17:40:00.000-0000","updated":"2023-07-11T22:40:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Our keynote panel with special guest moderator former CISA Director Chris Krebs will give audiences a global perspective on democracy and will discuss a variety of topics related to election integrity. This panel will give listeners a comprehensive overview of the election space and will lay the foundation for the rest of our program. Experts from different aspects of the cybersecurity industry will provide colorful insight and intersectional perspectives, giving attendees a holistic understanding of all aspects of election integrity.\n\n\n","title":"A Global Perspective On Election Integrity","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d653b1","name":"Village Panel","id":45771},"android_description":"Our keynote panel with special guest moderator former CISA Director Chris Krebs will give audiences a global perspective on democracy and will discuss a variety of topics related to election integrity. This panel will give listeners a comprehensive overview of the election space and will lay the foundation for the rest of our program. Experts from different aspects of the cybersecurity industry will provide colorful insight and intersectional perspectives, giving attendees a holistic understanding of all aspects of election integrity.","end_timestamp":{"seconds":1691778300,"nanoseconds":0},"updated_timestamp":{"seconds":1691544180,"nanoseconds":0},"speakers":[{"content_ids":[52336],"conference_id":96,"event_ids":[52620],"name":"Bryson Bort","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/brysonbort"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/brysonbort"},{"description":"","title":"Website","sort_order":0,"url":"https://scythe.io/about/bryson-bort"}],"media":[],"id":51531},{"content_ids":[52336],"conference_id":96,"event_ids":[52620],"name":"Chris Krebs","affiliations":[],"links":[{"description":"","title":"Link","sort_order":0,"url":"https://docs.house.gov/meetings/GO/GO25/20171129/106602/HHRG-115-GO25-Bio-KrebsC-20171129.pdf"},{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/christopherckrebs"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/CISAKrebs"}],"pronouns":null,"media":[],"id":51535},{"content_ids":[52315,52336],"conference_id":96,"event_ids":[52599,52620],"name":"Kendall Spencer","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/kendallspencerpubspeak"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Kspencer24"},{"description":"","title":"Website","sort_order":0,"url":"https://www.foley.com/en/people/s/spencer-kendall"}],"pronouns":null,"media":[],"id":51548},{"content_ids":[52328,52334,52336],"conference_id":96,"event_ids":[52612,52618,52620],"name":"Maia Mazurkiewicz","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Link","sort_order":0,"url":"https://alliance4europe.eu/"},{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/maia-mazurkiewicz/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/MaiaMazurkiewic"}],"media":[],"id":51549}],"timeband_id":990,"links":[],"end":"2023-08-11T18:25:00.000-0000","id":52620,"village_id":null,"begin_timestamp":{"seconds":1691775000,"nanoseconds":0},"tag_ids":[40298,45646,45743,45771],"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51531},{"tag_id":45632,"sort_order":1,"person_id":51535},{"tag_id":45632,"sort_order":1,"person_id":51548},{"tag_id":45632,"sort_order":1,"person_id":51549}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"begin":"2023-08-11T17:30:00.000-0000","updated":"2023-08-09T01:23:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Teaching Information Warfare: Strategies in Academic and Government Institutions","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691776800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691284380,"nanoseconds":0},"speakers":[{"content_ids":[52263],"conference_id":96,"event_ids":[52527],"name":"Greg Carpenter","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51503}],"timeband_id":990,"links":[],"end":"2023-08-11T18:00:00.000-0000","id":52527,"tag_ids":[40305,45645,45646,45743],"begin_timestamp":{"seconds":1691775000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51503}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 224 - Misinfo Village","hotel":"","short_name":"Summit - 224 - Misinfo Village","id":45856},"spans_timebands":"N","updated":"2023-08-06T01:13:00.000-0000","begin":"2023-08-11T17:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This Kill Chain IR analysis session includes two modules.\r\n\r\nPart I: Know Yourself, Know Your Logs: How to establish some baselines with the logs that you have to support incident response.\r\nPart II: MSTICPY and Velociraptor Offline Collection Analysis: Offline analysis using code. How to setup your questions and make your analysis process repeatable with jupyter notebook and msticpy.\n\n\nIR analysis in two parts; Part I: Know Yourself, Know Your Logs, Part II: MSTICPY and Velociraptor Collection & Offline Analysis.","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"IR Analysis: Part I & II","end_timestamp":{"seconds":1691778600,"nanoseconds":0},"android_description":"This Kill Chain IR analysis session includes two modules.\r\n\r\nPart I: Know Yourself, Know Your Logs: How to establish some baselines with the logs that you have to support incident response.\r\nPart II: MSTICPY and Velociraptor Offline Collection Analysis: Offline analysis using code. How to setup your questions and make your analysis process repeatable with jupyter notebook and msticpy.\n\n\nIR analysis in two parts; Part I: Know Yourself, Know Your Logs, Part II: MSTICPY and Velociraptor Collection & Offline Analysis.","updated_timestamp":{"seconds":1691245140,"nanoseconds":0},"speakers":[{"content_ids":[52219,52213],"conference_id":96,"event_ids":[52465,52471],"name":"juju43","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51469}],"timeband_id":990,"links":[],"end":"2023-08-11T18:30:00.000-0000","id":52471,"village_id":null,"tag_ids":[40282,45647,45743,45775],"begin_timestamp":{"seconds":1691775000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51469}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45645,"name":"Flamingo - Sunset - Scenic - Blue Team Village - Project Obsidian: Kill Chain Track (0x42)","hotel":"","short_name":"BTV Project Obsidian: Kill Chain Track (0x42)","id":45968},"begin":"2023-08-11T17:30:00.000-0000","updated":"2023-08-05T14:19:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This 101 session includes two cyber threat hunting training modules.\r\n\r\nPart I: Introduction to Cyber Threat Hunting: A brief introduction to Cyber Threat Hunting\r\nPart II: Threat Hunting Methodologies: A look into hunting methodologies\n\n\nIntroduction to Cyber Threat Hunting & Threat Hunting Methodologies","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"CTH 101: Part I & II","android_description":"This 101 session includes two cyber threat hunting training modules.\r\n\r\nPart I: Introduction to Cyber Threat Hunting: A brief introduction to Cyber Threat Hunting\r\nPart II: Threat Hunting Methodologies: A look into hunting methodologies\n\n\nIntroduction to Cyber Threat Hunting & Threat Hunting Methodologies","end_timestamp":{"seconds":1691778600,"nanoseconds":0},"updated_timestamp":{"seconds":1691245140,"nanoseconds":0},"speakers":[{"content_ids":[52217,52209],"conference_id":96,"event_ids":[52460,52469],"name":"CerealKiller","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51482}],"timeband_id":990,"links":[],"end":"2023-08-11T18:30:00.000-0000","id":52469,"begin_timestamp":{"seconds":1691775000,"nanoseconds":0},"tag_ids":[40282,45647,45743,45775],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51482}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45645,"name":"Flamingo - Sunset - Scenic - Blue Team Village - Project Obsidian: 101 Track (0x41)","hotel":"","short_name":"BTV Project Obsidian: 101 Track (0x41)","id":45967},"begin":"2023-08-11T17:30:00.000-0000","updated":"2023-08-05T14:19:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Fact vs Fiction: Starting at zero how to approach and handle an InT incident from a real-world use case, and then an overview of how InT is both the same and yet different from a traditional incident.\r\n\r\nFoe vs Friend: For the right peas of mind, a primer on using a post-mortem to shift into preparation to proactively manage InT risks, plus how to preclude the usual pitfalls to promote positive reinforcement and minimize paranoia.\n\n\nFact vs Fiction: Starting at zero how to approach and handle an InT incident from a real-world use case, and then an overview of how InT is both the same and yet different from a traditional incident.\r\n\r\nFoe vs Friend: For the right peas of mind, a primer on using a post-mortem to shift into preparation to proactively manage InT risks, plus how to preclude the usual pitfalls to promote positive reinforcement and minimize paranoia.","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Insider Threats (InT): Hindsight and Foresight","android_description":"Fact vs Fiction: Starting at zero how to approach and handle an InT incident from a real-world use case, and then an overview of how InT is both the same and yet different from a traditional incident.\r\n\r\nFoe vs Friend: For the right peas of mind, a primer on using a post-mortem to shift into preparation to proactively manage InT risks, plus how to preclude the usual pitfalls to promote positive reinforcement and minimize paranoia.\n\n\nFact vs Fiction: Starting at zero how to approach and handle an InT incident from a real-world use case, and then an overview of how InT is both the same and yet different from a traditional incident.\r\n\r\nFoe vs Friend: For the right peas of mind, a primer on using a post-mortem to shift into preparation to proactively manage InT risks, plus how to preclude the usual pitfalls to promote positive reinforcement and minimize paranoia.","end_timestamp":{"seconds":1691778600,"nanoseconds":0},"updated_timestamp":{"seconds":1691245140,"nanoseconds":0},"speakers":[{"content_ids":[52207,52210],"conference_id":96,"event_ids":[52458,52463],"name":"aviditas","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51468},{"content_ids":[52209,52210,52222],"conference_id":96,"event_ids":[52460,52463,52474],"name":"plug","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51473}],"timeband_id":990,"links":[],"end":"2023-08-11T18:30:00.000-0000","id":52463,"village_id":null,"tag_ids":[40282,45647,45743,45775],"begin_timestamp":{"seconds":1691775000,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51468},{"tag_id":45590,"sort_order":1,"person_id":51473}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45645,"name":"Flamingo - Sunset - Scenic - Blue Team Village - Main Stage","hotel":"","short_name":"BTV Main Stage","id":45969},"updated":"2023-08-05T14:19:00.000-0000","begin":"2023-08-11T17:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"QOLOSSUS - Quantum Capture the Flag Introduction!","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691776800,"nanoseconds":0},"updated_timestamp":{"seconds":1691108400,"nanoseconds":0},"speakers":[{"content_ids":[52177],"conference_id":96,"event_ids":[52425],"name":"Quantum Quizmasters","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51432}],"timeband_id":990,"links":[],"end":"2023-08-11T18:00:00.000-0000","id":52425,"tag_ids":[40291,45645,45649,45743],"begin_timestamp":{"seconds":1691775000,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51432}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Quantum Village","hotel":"","short_name":"Quantum Village","id":45741},"updated":"2023-08-04T00:20:00.000-0000","begin":"2023-08-11T17:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Intro to Ciphers","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"android_description":"","end_timestamp":{"seconds":1691775900,"nanoseconds":0},"updated_timestamp":{"seconds":1691026020,"nanoseconds":0},"speakers":[{"content_ids":[52022,52029,52030,52031,52037,52040,52043],"conference_id":96,"event_ids":[52238,52247,52246,52245,52253,52259,52256,52260,52261,52262],"name":"CPV Staff","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51254}],"timeband_id":990,"links":[],"end":"2023-08-11T17:45:00.000-0000","id":52256,"village_id":null,"begin_timestamp":{"seconds":1691775000,"nanoseconds":0},"tag_ids":[40308,45647,45719,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51254}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset - Vista - Crypto & Privacy Village","hotel":"","short_name":"Sunset - Vista - Crypto & Privacy Village","id":45702},"updated":"2023-08-03T01:27:00.000-0000","begin":"2023-08-11T17:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Capture The Packet is returning to DEF CON! Our legendary cyber defense competition has been a Black Badge contest for over 10 years! Glory and prizes await. Follow this event on Twitter at @Capturetp for the latest information on competition dates and times, as well as prizes. \n\n\n","title":"Capture The Packet Preliminaries","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"Capture The Packet is returning to DEF CON! Our legendary cyber defense competition has been a Black Badge contest for over 10 years! Glory and prizes await. Follow this event on Twitter at @Capturetp for the latest information on competition dates and times, as well as prizes.","updated_timestamp":{"seconds":1691375880,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Twitter (@wallofsheep)","type":"link","url":"https://twitter.com/@wallofsheep"},{"label":"Aries Security","type":"link","url":"https://www.ariessecurity.com"},{"label":"Twitter (@capturetp)","type":"link","url":"https://twitter.com/@capturetp"},{"label":"Website","type":"link","url":"https://www.capturethepacket.com"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245287"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711643512625430529"}],"end":"2023-08-12T01:00:00.000-0000","id":51437,"begin_timestamp":{"seconds":1691775000,"nanoseconds":0},"village_id":52,"tag_ids":[40288,45635,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"begin":"2023-08-11T17:30:00.000-0000","updated":"2023-08-07T02:38:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Blue Team Village CTF is a cyber defense CTF inspired by a mix of trending nation-state actor kill chains and at least one custom insider threat story. You are an incident responder tasked to investigate the recent attacks against our fictitious company: Magnus Tempus Financial. Since Magnus Tempus Financial made a vital acquisition expanding its precious metals portfolio to oil and gas operational technology (OT), you will also investigate their OT environment.\r\n\r\nThe CTF challenges contestants to leverage diverse cyber defense skills, including Incident Response, Forensics, Malware Analysis, Threat Intelligence, and Threat Hunting, to be the first team or individual to answer or solve the challenges presented. \r\n\r\nThe BTV crew developed the CTF to allow anyone, regardless of skill or knowledge, to participate, aiming to sharpen their cyber defense skills. We believe in the idea of choosing your adventure. As a result, participants can download a copy of the required evidence (logs, packets, etc.) or log into any of the 3 SIEMs we provide to hunt on. \r\n\r\nIf you are new to cyber defense, we highly recommend participating in the Blue Team Village Obsidian stations. They will cover many of the topics on the CTF and will help you along the way!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"Blue Team Village CTF","android_description":"The Blue Team Village CTF is a cyber defense CTF inspired by a mix of trending nation-state actor kill chains and at least one custom insider threat story. You are an incident responder tasked to investigate the recent attacks against our fictitious company: Magnus Tempus Financial. Since Magnus Tempus Financial made a vital acquisition expanding its precious metals portfolio to oil and gas operational technology (OT), you will also investigate their OT environment.\r\n\r\nThe CTF challenges contestants to leverage diverse cyber defense skills, including Incident Response, Forensics, Malware Analysis, Threat Intelligence, and Threat Hunting, to be the first team or individual to answer or solve the challenges presented. \r\n\r\nThe BTV crew developed the CTF to allow anyone, regardless of skill or knowledge, to participate, aiming to sharpen their cyber defense skills. We believe in the idea of choosing your adventure. As a result, participants can download a copy of the required evidence (logs, packets, etc.) or log into any of the 3 SIEMs we provide to hunt on. \r\n\r\nIf you are new to cyber defense, we highly recommend participating in the Blue Team Village Obsidian stations. They will cover many of the topics on the CTF and will help you along the way!","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1690055160,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-12T01:00:00.000-0000","links":[{"label":"Twitter","type":"link","url":"https://twitter.com/BlueTeamVillage"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/244798"}],"id":51435,"village_id":41,"begin_timestamp":{"seconds":1691775000,"nanoseconds":0},"tag_ids":[40282,45635,45647,45766],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset - Scenic - Blue Team Village","hotel":"","short_name":"Sunset - Scenic - Blue Team Village","id":45645},"begin":"2023-08-11T17:30:00.000-0000","updated":"2023-07-22T19:46:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This talk discusses an overlooked aspect of Border Gateway Protocol (BGP) security: vulnerabilities in how its implementations parse BGP messages. Software implementing BGP is relied upon for Internet routing and for functions such as internal routing in large data centers. A lot of (deserved) attention is given to aspects of BGP protocol security discussed in RFC4272, which can be mitigated with the use of RPKI and BGPsec. However, recent BGP incidents show that it might take only a malformed packet to cause a large disruption. We will present a quantitative analysis of previous vulnerabilities in both open and closed-source popular BGP implementations and focus the talk on a new analysis of seven modern implementations. \r\n\r\nMain findings in this research include:\r\n\r\n1. Some implementations process parts of OPEN messages before validating the BGP ID and ASN fields of the originating router, which means that only TCP spoofing is required to inject malformed packets.\r\n\r\n2. Three new vulnerabilities in a leading open-source implementation, which could be exploited to achieve denial of service on vulnerable peers, thus dropping all BGP sessions and routing tables and rendering the peer unresponsive. These vulnerabilities were found using a fuzzer we developed and will release to the community. \r\n\r\nREFERENCES:\r\n \r\n* https://www.blackhat.com/presentations/bh-usa-03/bh-us-03-convery-franz-v3.pdf\r\n* https://datatracker.ietf.org/doc/html/rfc4272\r\n* https://www.oecd.org/publications/routing-security-40be69c8-en.htm\r\n* https://www.zdnet.com/article/internet-experiment-goes-wrong-takes-down-a-bunch-of-linux-routers/\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"title":"Route to bugs: Analyzing the security of BGP message parsing","end_timestamp":{"seconds":1691777700,"nanoseconds":0},"android_description":"This talk discusses an overlooked aspect of Border Gateway Protocol (BGP) security: vulnerabilities in how its implementations parse BGP messages. Software implementing BGP is relied upon for Internet routing and for functions such as internal routing in large data centers. A lot of (deserved) attention is given to aspects of BGP protocol security discussed in RFC4272, which can be mitigated with the use of RPKI and BGPsec. However, recent BGP incidents show that it might take only a malformed packet to cause a large disruption. We will present a quantitative analysis of previous vulnerabilities in both open and closed-source popular BGP implementations and focus the talk on a new analysis of seven modern implementations. \r\n\r\nMain findings in this research include:\r\n\r\n1. Some implementations process parts of OPEN messages before validating the BGP ID and ASN fields of the originating router, which means that only TCP spoofing is required to inject malformed packets.\r\n\r\n2. Three new vulnerabilities in a leading open-source implementation, which could be exploited to achieve denial of service on vulnerable peers, thus dropping all BGP sessions and routing tables and rendering the peer unresponsive. These vulnerabilities were found using a fuzzer we developed and will release to the community. \r\n\r\nREFERENCES:\r\n \r\n* https://www.blackhat.com/presentations/bh-usa-03/bh-us-03-convery-franz-v3.pdf\r\n* https://datatracker.ietf.org/doc/html/rfc4272\r\n* https://www.oecd.org/publications/routing-security-40be69c8-en.htm\r\n* https://www.zdnet.com/article/internet-experiment-goes-wrong-takes-down-a-bunch-of-linux-routers/","updated_timestamp":{"seconds":1687136280,"nanoseconds":0},"speakers":[{"content_ids":[50549],"conference_id":96,"event_ids":[50830],"name":"Daniel dos Santos","affiliations":[{"organization":"Forescout","title":"Head of Security Research"}],"pronouns":"he/him","links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/danielricardosantos/"}],"media":[],"id":49759,"title":"Head of Security Research at Forescout"},{"content_ids":[50549],"conference_id":96,"event_ids":[50830],"name":"Simon Guiot","affiliations":[{"organization":"Forescout","title":"Security Researcher"}],"pronouns":"he/him","links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/si-g/"}],"media":[],"id":49760,"title":"Security Researcher at Forescout"}],"timeband_id":990,"end":"2023-08-11T18:15:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245718"}],"id":50830,"village_id":null,"tag_ids":[45589,45592,45629,45646,45766],"begin_timestamp":{"seconds":1691775000,"nanoseconds":0},"includes":"Exploit 🪲, Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49759},{"tag_id":45590,"sort_order":1,"person_id":49760}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 407-410 - Track 4","hotel":"","short_name":"Academy - 407-410 - Track 4","id":45799},"begin":"2023-08-11T17:30:00.000-0000","updated":"2023-06-19T00:58:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Making The DEF CON 31 Badge","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691776200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1688219880,"nanoseconds":0},"speakers":[{"content_ids":[50678],"conference_id":96,"event_ids":[50800],"name":"Mar Williams","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49976}],"timeband_id":990,"links":[],"end":"2023-08-11T17:50:00.000-0000","id":50800,"village_id":null,"begin_timestamp":{"seconds":1691775000,"nanoseconds":0},"tag_ids":[45589,45646,45766],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49976}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"spans_timebands":"N","updated":"2023-07-01T13:58:00.000-0000","begin":"2023-08-11T17:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.\n\n\n","title":"Intro to Lockpicking","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"android_description":"New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.","end_timestamp":{"seconds":1691775900,"nanoseconds":0},"updated_timestamp":{"seconds":1691288580,"nanoseconds":0},"speakers":[{"content_ids":[52282],"conference_id":96,"event_ids":[52546,52553,52554,52555,52556,52557,52558],"name":"TOOOL","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51513}],"timeband_id":990,"links":[],"end":"2023-08-11T17:45:00.000-0000","id":52546,"tag_ids":[40309,45649,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691774100,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51513}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45753,"name":"LINQ - 5th Floor / BLOQ - Lockpick Village","hotel":"","short_name":"5th Floor / BLOQ - Lockpick Village","id":45873},"spans_timebands":"N","updated":"2023-08-06T02:23:00.000-0000","begin":"2023-08-11T17:15:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This isn’t our first “ChatGPT moment” – a decade ago, when AlexNet realized a step function jump in image classification accuracy, there was a similar wave of hype. Breathless claims were made about deep learning replacing signatures, revolutionizing zero-day attack detection, threat intelligence, and predicting the future. A decade later we can say that it didn’t. ML found a few applications as a value-add (e.g. as a complement to signatures in malware detection), but never became load bearing. Instead, our field continued to improve its basic technologies – signatures, databases, event processing pipelines, and, most importantly, manual human processes. In this talk, I’ll argue that while the past decade gives reasons to doubt it, this AI moment really is different. I’ll delineate the ways in which today’s scaled machine learning models address some (but not all) of the core blockers ML faced in the last decade, and take positions on how scaled ML will shape defensive practice and the threat landscape over the next few years.\r\n\n\n\n","title":"AI Village Keynote: The last attempted AI revolution in security, and the next one","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691776800,"nanoseconds":0},"android_description":"This isn’t our first “ChatGPT moment” – a decade ago, when AlexNet realized a step function jump in image classification accuracy, there was a similar wave of hype. Breathless claims were made about deep learning replacing signatures, revolutionizing zero-day attack detection, threat intelligence, and predicting the future. A decade later we can say that it didn’t. ML found a few applications as a value-add (e.g. as a complement to signatures in malware detection), but never became load bearing. Instead, our field continued to improve its basic technologies – signatures, databases, event processing pipelines, and, most importantly, manual human processes. In this talk, I’ll argue that while the past decade gives reasons to doubt it, this AI moment really is different. I’ll delineate the ways in which today’s scaled machine learning models address some (but not all) of the core blockers ML faced in the last decade, and take positions on how scaled ML will shape defensive practice and the threat landscape over the next few years.","updated_timestamp":{"seconds":1691290860,"nanoseconds":0},"speakers":[{"content_ids":[52045],"conference_id":96,"event_ids":[52264],"name":"Joshua Saxe","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51284}],"timeband_id":990,"links":[],"end":"2023-08-11T18:00:00.000-0000","id":52264,"begin_timestamp":{"seconds":1691774100,"nanoseconds":0},"tag_ids":[40299,45645,45646,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51284}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 401-406 - AI Village","hotel":"","short_name":"Academy - 401-406 - AI Village","id":45870},"updated":"2023-08-06T03:01:00.000-0000","begin":"2023-08-11T17:15:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Cloud Village - Keynote","android_description":"","end_timestamp":{"seconds":1691776200,"nanoseconds":0},"updated_timestamp":{"seconds":1690920660,"nanoseconds":0},"speakers":[{"content_ids":[50592,51070,51977,52424],"conference_id":96,"event_ids":[52729,50857,52730,51103,52171],"name":"Ben \"NahamSec\" Sadeghipour","affiliations":[{"organization":"NahamSec","title":"Hacker & Content Creator"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/nahamsec"}],"pronouns":"she/her","media":[],"id":49825,"title":"Hacker & Content Creator at NahamSec"}],"timeband_id":990,"links":[],"end":"2023-08-11T17:50:00.000-0000","id":52171,"village_id":null,"begin_timestamp":{"seconds":1691773800,"nanoseconds":0},"tag_ids":[40284,45645,45647,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49825}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Mesquite - Cloud Village","hotel":"","short_name":"Mesquite - Cloud Village","id":45653},"begin":"2023-08-11T17:10:00.000-0000","updated":"2023-08-01T20:11:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Let’s face it, it’s all connected, talking to us, with us, and behind our backs (we CAN go all paranoid on AI if we want to go down that rabbit hole.) However, the situation’s not changing, it’s evolved beyond any one person/team’s ability to understand, and we as an industry still chase our tails around, pointing fingers, and chasing technology like a rabid, over caffeinated squirrel.\r\n\r\nSo, what do we do? Piecemeal solutions, buy more empty promises, or can we take a step back, breath and talk about the hoomans in the equation?\r\n\r\nLet’s explore some of the tech challenges, and a more human centric approach to solving things. I promise we’ll have exploits, hacks, and tasers, but we’re going to throw in communication, collaboration, cooperation, and maybe a shout out on all of US going out to the greater village community and bringing us all a little closer together. After all, we’re ALL in this together, it might be nice to start acting like it.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"AppSec Village Keynote: From Camels to Collaboration, A Journey Through Technology AND Humans","android_description":"Let’s face it, it’s all connected, talking to us, with us, and behind our backs (we CAN go all paranoid on AI if we want to go down that rabbit hole.) However, the situation’s not changing, it’s evolved beyond any one person/team’s ability to understand, and we as an industry still chase our tails around, pointing fingers, and chasing technology like a rabid, over caffeinated squirrel.\r\n\r\nSo, what do we do? Piecemeal solutions, buy more empty promises, or can we take a step back, breath and talk about the hoomans in the equation?\r\n\r\nLet’s explore some of the tech challenges, and a more human centric approach to solving things. I promise we’ll have exploits, hacks, and tasers, but we’re going to throw in communication, collaboration, cooperation, and maybe a shout out on all of US going out to the greater village community and bringing us all a little closer together. After all, we’re ALL in this together, it might be nice to start acting like it.","end_timestamp":{"seconds":1691776800,"nanoseconds":0},"updated_timestamp":{"seconds":1691788380,"nanoseconds":0},"speakers":[{"content_ids":[52163,52408],"conference_id":96,"event_ids":[52703,52393],"name":"Chris Roberts","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/sidragon1/"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Sidragon1"}],"pronouns":null,"media":[],"id":51405}],"timeband_id":990,"links":[],"end":"2023-08-11T18:00:00.000-0000","id":52703,"tag_ids":[40297,45645,45743],"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51405}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Savoy - AppSec Village","hotel":"","short_name":"Savoy - AppSec Village","id":45712},"updated":"2023-08-11T21:13:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Come join us at Carson City I and II for some hands on physical security bypass exhibits! Try your hand on bypassing elevators, deadlocks, deadlatches, shopping cart locks, building intercoms or more! Challenge yourself by trying to get out of handcuffs using only a bobby pin, and win a real police handcuff key! In addition, meet some of our external partners. You can augment yourself by injecting your hand with a mini RFID/NFC chip implant, and play around with our RFID displays! We also have returning the physical RFID wall of sheep where you can learn about long distance RFID cloning!\n\n\n","title":"Physical Security Village Activities","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"Come join us at Carson City I and II for some hands on physical security bypass exhibits! Try your hand on bypassing elevators, deadlocks, deadlatches, shopping cart locks, building intercoms or more! Challenge yourself by trying to get out of handcuffs using only a bobby pin, and win a real police handcuff key! In addition, meet some of our external partners. You can augment yourself by injecting your hand with a mini RFID/NFC chip implant, and play around with our RFID displays! We also have returning the physical RFID wall of sheep where you can learn about long distance RFID cloning!","updated_timestamp":{"seconds":1691655000,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52692,"tag_ids":[40290,45647,45743,45775],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Carson City - Physical Security Village","hotel":"","short_name":"Carson City - Physical Security Village","id":45679},"updated":"2023-08-10T08:10:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Threat Modeling is arguably the single most important activity in an application security program and if performed early can identify a wide range of potential flaws before a single line of code has been written. While being so critically important there is no single correct way to perform Threat Modeling, many techniques, methodologies and/or tools exist.\r\n\r\nAs part of our challenge we will present contestants with the exact same design and compare the outputs they produce against a number of categories in order to identify a winner and crown DEF CON’s Next Top Threat Model(er).\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"DC’s Next Top Threat Model (DCNTTM)","android_description":"Threat Modeling is arguably the single most important activity in an application security program and if performed early can identify a wide range of potential flaws before a single line of code has been written. While being so critically important there is no single correct way to perform Threat Modeling, many techniques, methodologies and/or tools exist.\r\n\r\nAs part of our challenge we will present contestants with the exact same design and compare the outputs they produce against a number of categories in order to identify a winner and crown DEF CON’s Next Top Threat Model(er).","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691642460,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52690,"tag_ids":[45635,45646,45764,45766],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-10T04:41:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"AutoDriving CTF is a Jeopardy style of CTF game with a set of challenges specific to self-driving functions and components. The contest offers participants the ability to use a simulation-based autonomous driving environment (based on the open-source simulators; e.g., LGSVL and CARLA) and explore specific attacks (such as camouflage stickers, road graffiti, and sensor spoofing/hijacking) as well as defense strategies.\r\n\r\nWe hope to continue the engagement with the hacking community to demonstrate security implications of autonomous driving system design decisions through hands-on challenges, increase the awareness of potential risks in security professionals, and encourage them to propose defense solutions and tools to detect such risks.​\n\n\n","title":"AutoDriving CTF","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"android_description":"AutoDriving CTF is a Jeopardy style of CTF game with a set of challenges specific to self-driving functions and components. The contest offers participants the ability to use a simulation-based autonomous driving environment (based on the open-source simulators; e.g., LGSVL and CARLA) and explore specific attacks (such as camouflage stickers, road graffiti, and sensor spoofing/hijacking) as well as defense strategies.\r\n\r\nWe hope to continue the engagement with the hacking community to demonstrate security implications of autonomous driving system design decisions through hands-on challenges, increase the awareness of potential risks in security professionals, and encourage them to propose defense solutions and tools to detect such risks.​","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691437320,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-12T01:00:00.000-0000","links":[{"label":"","type":"link","url":"https://twitter.com/autodrivingctf"}],"id":52626,"village_id":null,"tag_ids":[45635,45646,45765,45766],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-07T19:42:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Trace Labs Search Party CTF is a non theoretical, gamified effort that allows for the crowdsourcing of contestants to perform a single task: Conduct open source intelligence operations to help find missing persons.\r\n\r\nYou can have teams of 1-4 people, 4 person teams provide many benefits which include the coaching of more junior members. Often a great learning opportunity if you are able to pair up with OSINT veterans. Get your team together and join us in our [Discord group](https://tracelabs.org/discord) to get started.\n\n\n","title":"Trace Labs OSINT Search Party CTF - Sign-ups","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"The Trace Labs Search Party CTF is a non theoretical, gamified effort that allows for the crowdsourcing of contestants to perform a single task: Conduct open source intelligence operations to help find missing persons.\r\n\r\nYou can have teams of 1-4 people, 4 person teams provide many benefits which include the coaching of more junior members. Often a great learning opportunity if you are able to pair up with OSINT veterans. Get your team together and join us in our [Discord group](https://tracelabs.org/discord) to get started.","updated_timestamp":{"seconds":1691512680,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-12T01:00:00.000-0000","links":[{"label":"Tracelabs Discord","type":"link","url":"https://tracelabs.org/discord"},{"label":"More Information","type":"link","url":"https://www.tracelabs.org/initiatives/search-party"},{"label":"Twitter (@tracelabs)","type":"link","url":"https://twitter.com/@tracelabs"}],"id":52624,"tag_ids":[45635,45646,45766],"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-08-08T16:38:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Two of the original co-founders of the Voting Village along with the current co-organizer will provide opening remarkers.\n\n\n","title":"Voting Village Opening Remarks","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691775000,"nanoseconds":0},"android_description":"Two of the original co-founders of the Voting Village along with the current co-organizer will provide opening remarkers.","updated_timestamp":{"seconds":1691435820,"nanoseconds":0},"speakers":[{"content_ids":[52329,52334,52337],"conference_id":96,"event_ids":[52613,52618,52621,52622],"name":"Catherine Terranova","affiliations":[],"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/catherine-terranova-8b209826a"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/catlovesvoting"},{"description":"","title":"Village Website","sort_order":0,"url":"https://votingvillage.org"}],"pronouns":null,"media":[],"id":51533},{"content_ids":[52313,52327,52337,52331],"conference_id":96,"event_ids":[52597,52611,52615,52621,52622],"name":"Harri Hursti","affiliations":[],"pronouns":null,"links":[{"description":"","title":"LinkedIn","sort_order":0,"url":"https://www.linkedin.com/in/hhursti"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/harrihursti"},{"description":"","title":"Village Website","sort_order":0,"url":"https://votingvillage.org"}],"media":[],"id":51542},{"content_ids":[52337,52331],"conference_id":96,"event_ids":[52615,52621,52622],"name":"Matt Blaze","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/mattblaze"},{"description":"","title":"Village Website","sort_order":0,"url":"https://votingvillage.org"}],"media":[],"id":51551}],"timeband_id":990,"links":[],"end":"2023-08-11T17:30:00.000-0000","id":52621,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"tag_ids":[40298,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51533},{"tag_id":45590,"sort_order":1,"person_id":51542},{"tag_id":45590,"sort_order":1,"person_id":51551}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 415-418 - Voting Village","hotel":"","short_name":"Academy - 415-418 - Voting Village","id":45872},"spans_timebands":"N","begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-07T19:17:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#77d8b8","updated_at":"2024-06-07T03:38+0000","name":"Misc","id":45640},"title":"Contest Area Open","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691357880,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52584,"tag_ids":[45640,45646,45743],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-06T21:38:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Explore emerging technology, hardware and experiences in the XR Village Playground. Meet and learn from technologists, futurists, and artists in the XR (VR / AR) space. Sponsored by BadVR and in collaboration with ICS Village, Red Team Village, Adversary Village and Policy Village.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"XR Village Playground","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"Explore emerging technology, hardware and experiences in the XR Village Playground. Meet and learn from technologists, futurists, and artists in the XR (VR / AR) space. Sponsored by BadVR and in collaboration with ICS Village, Red Team Village, Adversary Village and Policy Village.","updated_timestamp":{"seconds":1691357160,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52576,"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[40311,45646,45743,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 206 - XR Village","hotel":"","short_name":"Summit - 206 - XR Village","id":45860},"spans_timebands":"N","updated":"2023-08-06T21:26:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Open Bug Hunt | Hack the MetaQuest 2 in collaboration with Adversary Village, Red Team Village and sponsored by ThreatSims and Meta. Bug bounties to be reported via Meta Bug Bounty terms & conditions. Please sign up if you plan to participate.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"Haptics Hack-a-Thon","end_timestamp":{"seconds":1691794800,"nanoseconds":0},"android_description":"Open Bug Hunt | Hack the MetaQuest 2 in collaboration with Adversary Village, Red Team Village and sponsored by ThreatSims and Meta. Bug bounties to be reported via Meta Bug Bounty terms & conditions. Please sign up if you plan to participate.","updated_timestamp":{"seconds":1691357040,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Sign Up","type":"link","url":"https://doslkp0vze4.typeform.com/to/ezak2SyO"}],"end":"2023-08-11T23:00:00.000-0000","id":52574,"tag_ids":[40311,45646,45743,45775],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 206 - XR Village","hotel":"","short_name":"Summit - 206 - XR Village","id":45860},"spans_timebands":"N","begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-06T21:24:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Want to tinker with locks and tools the likes of which you've only seen in movies featuring secret agents, daring heists, or covert entry teams?\r\n\r\nThen come on by the Lockpick Village, run by The Open Organization Of Lockpickers, where you will have the opportunity to learn hands-on how the fundamental hardware of physical security operates and how it can be compromised.\r\n\r\nThe Lockpick Village is a physical security demonstration and participation area. Visitors can learn about the vulnerabilities of various locking devices, techniques used to exploit these vulnerabilities, and practice on locks of various levels of difficultly to try it themselves.\r\n\r\nExperts will be on hand to demonstrate and plenty of trial locks, pick tools, and other devices will be available for you to handle. By exploring the faults and flaws in many popular lock designs, you can not only learn about the fun hobby of sport-picking, but also gain a much stronger knowledge about the best methods and practices for protecting your own property.\r\n\r\n--\r\n\r\nA popular spot for new lock pickers! Highly recommended you stop by. The Lockpick Village is always kid friendly and welcomes folks of all ages. We do require that the parents stay with the kids.\n\n\n","title":"Lockpick Village Activities","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"android_description":"Want to tinker with locks and tools the likes of which you've only seen in movies featuring secret agents, daring heists, or covert entry teams?\r\n\r\nThen come on by the Lockpick Village, run by The Open Organization Of Lockpickers, where you will have the opportunity to learn hands-on how the fundamental hardware of physical security operates and how it can be compromised.\r\n\r\nThe Lockpick Village is a physical security demonstration and participation area. Visitors can learn about the vulnerabilities of various locking devices, techniques used to exploit these vulnerabilities, and practice on locks of various levels of difficultly to try it themselves.\r\n\r\nExperts will be on hand to demonstrate and plenty of trial locks, pick tools, and other devices will be available for you to handle. By exploring the faults and flaws in many popular lock designs, you can not only learn about the fun hobby of sport-picking, but also gain a much stronger knowledge about the best methods and practices for protecting your own property.\r\n\r\n--\r\n\r\nA popular spot for new lock pickers! Highly recommended you stop by. The Lockpick Village is always kid friendly and welcomes folks of all ages. We do require that the parents stay with the kids.","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691296860,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52566,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"tag_ids":[40309,45649,45743,45764,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45753,"name":"LINQ - 5th Floor / BLOQ - Lockpick Village","hotel":"","short_name":"5th Floor / BLOQ - Lockpick Village","id":45873},"begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-06T04:41:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Participate in a Jeopardy-style CTFs competition that challenges you to break through the guardrails within 8 different LLMs. In your 50-minute session, execute prompt injections, find internal inconsistencies, and identify issues in information integrity, privacy, and societal harm. Compete for points and take home the prize, or just have fun coming up with novel attacks.\r\n\r\nThis exercise, first of its kind, will allow the best and brightest minds in the security industry to join diverse voices new and veteran to the AI scene in pursuit of making AI and machine learning safer.\n\n\n","title":"AI Village Generative Red Team Challenge","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"android_description":"Participate in a Jeopardy-style CTFs competition that challenges you to break through the guardrails within 8 different LLMs. In your 50-minute session, execute prompt injections, find internal inconsistencies, and identify issues in information integrity, privacy, and societal harm. Compete for points and take home the prize, or just have fun coming up with novel attacks.\r\n\r\nThis exercise, first of its kind, will allow the best and brightest minds in the security industry to join diverse voices new and veteran to the AI scene in pursuit of making AI and machine learning safer.","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691291160,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52561,"village_id":null,"tag_ids":[40299,45646,45743,45775],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 401-406 - AI Village","hotel":"","short_name":"Academy - 401-406 - AI Village","id":45870},"updated":"2023-08-06T03:06:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"Opening Session of MisinfoVillage 2023","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691775000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691284380,"nanoseconds":0},"speakers":[{"content_ids":[52261,52262,52264,52275,52297],"conference_id":96,"event_ids":[52525,52526,52539,52528,52569],"name":"Misinformation Village Staff","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51509}],"timeband_id":990,"links":[],"end":"2023-08-11T17:30:00.000-0000","id":52526,"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[40305,45645,45646,45743],"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":51509}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 224 - Misinfo Village","hotel":"","short_name":"Summit - 224 - Misinfo Village","id":45856},"spans_timebands":"N","updated":"2023-08-06T01:13:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Have you ever fused metal to create electronic mayhem? Do you want to learn? Travel too far to take your solder tools with you? Hotel take your irons cause they thought it was a fire risk? Come on over to the Solder Skills village. We have irons and supplies. Volunteers (and some attendees) help teach, advise or just put out fires. We aim to grow the skill-set of the community and overcome inhibitions to this most basic skill to make electronic dreams happen.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"Soldering Skills Village Activities","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"Have you ever fused metal to create electronic mayhem? Do you want to learn? Travel too far to take your solder tools with you? Hotel take your irons cause they thought it was a fire risk? Come on over to the Solder Skills village. We have irons and supplies. Volunteers (and some attendees) help teach, advise or just put out fires. We aim to grow the skill-set of the community and overcome inhibitions to this most basic skill to make electronic dreams happen.","updated_timestamp":{"seconds":1691281860,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52520,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[40303,45646,45743,45775],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 311-312 - Hardware/Soldering Vlgs","hotel":"","short_name":"Alliance - 311-312 - Hardware/Soldering Vlgs","id":45868},"spans_timebands":"N","begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-06T00:31:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Do you have what it takes to hack WiFi, Bluetooth, and Software Defined Radio (SDR)?\r\n\r\nRF Hackers Sanctuary (the group formerly known as Wireless Village) is once again holding the Radio Frequency Capture the Flag (RFCTF) at DEF CON 31. RFHS runs this game to teach security concepts and to give people a safe and legal way to practice attacks against new and old wireless technologies.\r\n\r\nWe cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The RFCTF can be played with a little knowledge, a pen tester’s determination, and $0 to $$$$$ worth of special equipment. Our new virtual RFCTF can be played completely remotely without needing any specialized equipment at all, just using your web browser! The key is to read the clues, determine the goal of each challenge, and have fun learning.\r\n\r\nThere will be clues everywhere, and we will provide periodic updates via discord and twitter. Make sure you pay attention to what’s happening at the RFCTF desk, #rfctf on our discord, on Twitter @rf_ctf, @rfhackers, and the interwebz, etc. If you have a question - ASK! We may or may not answer, at our discretion.\r\n\r\nFOR THE NEW FOLKS\r\n\r\nOur virtual RFCTF environment is played remotely over ssh or through a web browser. It may help to have additional tools installed on your local machine, but it is not required.\r\n\r\nRead the presentations at: https://rfhackers.com/resources\r\n\r\nHybrid Fun\r\n\r\nFor DEF CON 31 we will be running in “Hybrid” mode. That means we will have both a physical presence AND the virtual game running simultaneously. All of the challenges we have perfected in the last 2 years in our virtual game will be up and running, available to anyone all over the world (including at the conference), entirely free. In addition to the virtual challenges, we will also have a large number of “in person” only challenges, which do require valid conference admission. These “in-person” only challenges will include our traditional fox hunts, hide and seeks, and king of the hill challenges. Additionally, we will have many challenges which we simply haven’t had time or ability to virtualize. Playing only the virtual game will severely limit the maximum available points which you can score, therefore don’t expect to place. If you play virtual only, consider the game an opportunity to learn, practice, hone your skills, and still get on the scoreboard for bragging rights. The virtual challenges which are available will have the same flags as the in-person challenges, allowing physical attendees the choice of hacking those challenges using either (or both) methods of access.\r\n\r\nTHE GAME\r\n\r\nTo score you will need to submit flags which will range from decoding transmissions in the spectrum, passphrases used to gain access to wireless access points, or even files located on servers. Once you capture the flag, submit it to the scoreboard right away, if you are confident it is correct. Flags will be worth less points the more often they are solved. Offense and defense are fully in play by the participants, the RFCTF organizers, and the Conference itself. Play nice, and we might also play nice.\r\n\r\nGetting started guide: https://github.com/rfhs/rfhs-wiki/wiki\r\n\r\nHelpful files (in-brief, wordlist, resources) can be found at https://github.com/rfhs/rfctf-files\r\n\r\nSupport tickets may be opened at https://github.com/rfhs/rfctf-support/issues\r\n\r\nOur whole game is also open source and available at: https://github.com/rfhs/rfctf-container\n\n\n","title":"Radio Frequency Capture the Flag","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"android_description":"Do you have what it takes to hack WiFi, Bluetooth, and Software Defined Radio (SDR)?\r\n\r\nRF Hackers Sanctuary (the group formerly known as Wireless Village) is once again holding the Radio Frequency Capture the Flag (RFCTF) at DEF CON 31. RFHS runs this game to teach security concepts and to give people a safe and legal way to practice attacks against new and old wireless technologies.\r\n\r\nWe cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The RFCTF can be played with a little knowledge, a pen tester’s determination, and $0 to $$$$$ worth of special equipment. Our new virtual RFCTF can be played completely remotely without needing any specialized equipment at all, just using your web browser! The key is to read the clues, determine the goal of each challenge, and have fun learning.\r\n\r\nThere will be clues everywhere, and we will provide periodic updates via discord and twitter. Make sure you pay attention to what’s happening at the RFCTF desk, #rfctf on our discord, on Twitter @rf_ctf, @rfhackers, and the interwebz, etc. If you have a question - ASK! We may or may not answer, at our discretion.\r\n\r\nFOR THE NEW FOLKS\r\n\r\nOur virtual RFCTF environment is played remotely over ssh or through a web browser. It may help to have additional tools installed on your local machine, but it is not required.\r\n\r\nRead the presentations at: https://rfhackers.com/resources\r\n\r\nHybrid Fun\r\n\r\nFor DEF CON 31 we will be running in “Hybrid” mode. That means we will have both a physical presence AND the virtual game running simultaneously. All of the challenges we have perfected in the last 2 years in our virtual game will be up and running, available to anyone all over the world (including at the conference), entirely free. In addition to the virtual challenges, we will also have a large number of “in person” only challenges, which do require valid conference admission. These “in-person” only challenges will include our traditional fox hunts, hide and seeks, and king of the hill challenges. Additionally, we will have many challenges which we simply haven’t had time or ability to virtualize. Playing only the virtual game will severely limit the maximum available points which you can score, therefore don’t expect to place. If you play virtual only, consider the game an opportunity to learn, practice, hone your skills, and still get on the scoreboard for bragging rights. The virtual challenges which are available will have the same flags as the in-person challenges, allowing physical attendees the choice of hacking those challenges using either (or both) methods of access.\r\n\r\nTHE GAME\r\n\r\nTo score you will need to submit flags which will range from decoding transmissions in the spectrum, passphrases used to gain access to wireless access points, or even files located on servers. Once you capture the flag, submit it to the scoreboard right away, if you are confident it is correct. Flags will be worth less points the more often they are solved. Offense and defense are fully in play by the participants, the RFCTF organizers, and the Conference itself. Play nice, and we might also play nice.\r\n\r\nGetting started guide: https://github.com/rfhs/rfhs-wiki/wiki\r\n\r\nHelpful files (in-brief, wordlist, resources) can be found at https://github.com/rfhs/rfctf-files\r\n\r\nSupport tickets may be opened at https://github.com/rfhs/rfctf-support/issues\r\n\r\nOur whole game is also open source and available at: https://github.com/rfhs/rfctf-container","end_timestamp":{"seconds":1691956800,"nanoseconds":0},"updated_timestamp":{"seconds":1690939380,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-13T20:00:00.000-0000","links":[{"label":"Website","type":"link","url":"http://rfhackers.com"},{"label":"Twitter (@rf_ctf)","type":"link","url":"https://twitter.com/@rf_ctf"},{"label":"Support","type":"link","url":"https://github.com/rfhs/rfctf-support/issues"},{"label":"Discord","type":"link","url":"https://discordapp.com/invite/JjPQhKy"},{"label":"Twitter (@rfhackers)","type":"link","url":"https://twitter.com/@rfhackers"},{"label":"Github","type":"link","url":"https://github.com/rfhs"}],"id":52519,"village_id":58,"tag_ids":[40292,45635,45647,45766],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45749},"updated":"2023-08-02T01:23:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"**ESV Badge**\r\nThe ESV Badge is a cool-looking shard PCB that will fit into the DEF CON badge shard holder, but also doubles as a hardware debugger with a built-in USB-Serial adapter. On sale at the village for $60, but also available for free to CTF players that score a minimum number of points. \r\n\r\n**Embedded CTF**\r\nAn approachable yet challenging CTF competition with a wide range of embedded devices and attacks. \r\n\r\nCategories include: \r\n\r\n - Physical\r\n - Network\r\n - RF\r\n - Mobile (Powered by Corellium)\r\n - Firmware\r\n - Badge - custom challenges built into the ESV badge\r\n\r\n**101 Labs**\r\nA series of computer-based workshops that will guide you through the basics of hacking embedded devices. From extracting and analyzing firmware, exploiting command injections and more, these labs will introduce even the most noob to the world of embedded device hacking.\r\n\r\n**Hands-on Hardware Hacking**\r\nWe've raided our local thrift stores and electronics recyclers and brought a whole bunch of embedded systems for you to try out the ESV badge on. Come pull memory chips off PCBs, dump memory, connect to UART consoles, and see what was left behind on these devices!\r\n\r\n**LoRA Labs**\r\nA hands-on and interactive lab using LoRa gateways where you will discover the noisy 915 MHz radio spectrum world.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Embedded Systems Village Activities","android_description":"**ESV Badge**\r\nThe ESV Badge is a cool-looking shard PCB that will fit into the DEF CON badge shard holder, but also doubles as a hardware debugger with a built-in USB-Serial adapter. On sale at the village for $60, but also available for free to CTF players that score a minimum number of points. \r\n\r\n**Embedded CTF**\r\nAn approachable yet challenging CTF competition with a wide range of embedded devices and attacks. \r\n\r\nCategories include: \r\n\r\n - Physical\r\n - Network\r\n - RF\r\n - Mobile (Powered by Corellium)\r\n - Firmware\r\n - Badge - custom challenges built into the ESV badge\r\n\r\n**101 Labs**\r\nA series of computer-based workshops that will guide you through the basics of hacking embedded devices. From extracting and analyzing firmware, exploiting command injections and more, these labs will introduce even the most noob to the world of embedded device hacking.\r\n\r\n**Hands-on Hardware Hacking**\r\nWe've raided our local thrift stores and electronics recyclers and brought a whole bunch of embedded systems for you to try out the ESV badge on. Come pull memory chips off PCBs, dump memory, connect to UART consoles, and see what was left behind on these devices!\r\n\r\n**LoRA Labs**\r\nA hands-on and interactive lab using LoRa gateways where you will discover the noisy 915 MHz radio spectrum world.","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691282220,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52505,"tag_ids":[40300,45649,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Evolution - Embedded Systems Village","hotel":"","short_name":"Evolution - Embedded Systems Village","id":45735},"begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-06T00:37:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"\"Tamper-evident\" refers to a physical security technology that provides evidence of tampering (access, damage, repair, or replacement) to determine authenticity or integrity of a container or object(s). In practical terms, this can be a piece of tape that closes an envelope, a plastic detainer that secures a hasp, or an ink used to identify a legitimate document. The goal of the Tamper Evident Village is to teach attendees how these technologies work and how many can be tampered with without leaving evidence. The village includes hands-on areas for mechanical seals, cargo seals, adhesive seals, mail and shipping seals, as well as a collection of demos, contests, and events to participate in.\n\n\n","title":"Tamper Evident Village Activities","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"\"Tamper-evident\" refers to a physical security technology that provides evidence of tampering (access, damage, repair, or replacement) to determine authenticity or integrity of a container or object(s). In practical terms, this can be a piece of tape that closes an envelope, a plastic detainer that secures a hasp, or an ink used to identify a legitimate document. The goal of the Tamper Evident Village is to teach attendees how these technologies work and how many can be tampered with without leaving evidence. The village includes hands-on areas for mechanical seals, cargo seals, adhesive seals, mail and shipping seals, as well as a collection of demos, contests, and events to participate in.","updated_timestamp":{"seconds":1691258220,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52502,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"tag_ids":[40307,45649,45743,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45753,"name":"LINQ - 5th Floor / BLOQ - Tamper Evident Village","hotel":"","short_name":"5th Floor / BLOQ - Tamper Evident Village","id":45874},"begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-05T17:57:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Telecom Village Inauguration","android_description":"","end_timestamp":{"seconds":1691776800,"nanoseconds":0},"updated_timestamp":{"seconds":1691257080,"nanoseconds":0},"speakers":[{"content_ids":[52237],"conference_id":96,"event_ids":[52492],"name":"Harshit Mahajan","affiliations":[{"organization":"NullCon","title":"Event Head"}],"links":[],"pronouns":null,"media":[],"id":51525,"title":"Event Head at NullCon"}],"timeband_id":990,"links":[],"end":"2023-08-11T18:00:00.000-0000","id":52492,"village_id":72,"tag_ids":[40304,45645,45647,45743],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51525}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Virginia City - Telecom Village","hotel":"","short_name":"Virginia City - Telecom Village","id":45723},"spans_timebands":"N","updated":"2023-08-05T17:38:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Have you taken your IoT toaster and created a remote activated fire-alarm tester? How about that old toy your kids (right, it was for the kids?) don’t play with anymore that now fuzzes your neighbor’s drone? Or what about putting that con badge to good use? The Hardware Hacking Village is hosting a “Make Your 0wn Use” contest. Submissions can be a solo or team based project that bend, mend, or repurpose any device and show others how it can be done.\n\n\n","title":"Make Your Own Use","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"android_description":"Have you taken your IoT toaster and created a remote activated fire-alarm tester? How about that old toy your kids (right, it was for the kids?) don’t play with anymore that now fuzzes your neighbor’s drone? Or what about putting that con badge to good use? The Hardware Hacking Village is hosting a “Make Your 0wn Use” contest. Submissions can be a solo or team based project that bend, mend, or repurpose any device and show others how it can be done.","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691250780,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Details","type":"link","url":"https://dchhv.org/events/makeyourownuse.html"}],"end":"2023-08-12T01:00:00.000-0000","id":52487,"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[40287,45646,45743,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 311-312 - Hardware/Soldering Vlgs","hotel":"","short_name":"Alliance - 311-312 - Hardware/Soldering Vlgs","id":45868},"begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-05T15:53:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Hardware Hacking Village (HHV) is hosting a Rube Goldberg Machine (RGM) Event! This idea has been kicking around the HHV volunteer circle in one shape or another since at least DEF CON 20, so it’s about time that it happened! The goal is to create a series of devices that combine to form an end-to-end Rube Goldberg machine for transmitting messages. The hope is that all sorts of creative devices will be connected up to each other to move bits through various complicated and fun analog/digital methods. Ideas have ranged from simply wiring RX to TX — to using radios to bounce the message off the moon!\n\n\n","title":"Hardware Hacking Rube Goldberg Machine","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"android_description":"Hardware Hacking Village (HHV) is hosting a Rube Goldberg Machine (RGM) Event! This idea has been kicking around the HHV volunteer circle in one shape or another since at least DEF CON 20, so it’s about time that it happened! The goal is to create a series of devices that combine to form an end-to-end Rube Goldberg machine for transmitting messages. The hope is that all sorts of creative devices will be connected up to each other to move bits through various complicated and fun analog/digital methods. Ideas have ranged from simply wiring RX to TX — to using radios to bounce the message off the moon!","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691250780,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-12T01:00:00.000-0000","links":[{"label":"Details","type":"link","url":"https://dchhv.org/events/hhv_rgb.html"}],"id":52485,"tag_ids":[40287,45646,45743,45775],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 311-312 - Hardware/Soldering Vlgs","hotel":"","short_name":"Alliance - 311-312 - Hardware/Soldering Vlgs","id":45868},"begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-05T15:53:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"A little to shy to own the ring in open battle? Come play! There will be robots available to program, sample code, a ring and many opportunities to discover some of the fun of robotics.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"RoboSumo Play Time","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"A little to shy to own the ring in open battle? Come play! There will be robots available to program, sample code, a ring and many opportunities to discover some of the fun of robotics.","updated_timestamp":{"seconds":1691250660,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52482,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[40287,45646,45743,45775],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 311-312 - Hardware/Soldering Vlgs","hotel":"","short_name":"Alliance - 311-312 - Hardware/Soldering Vlgs","id":45868},"spans_timebands":"N","begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-05T15:51:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":".\n\n\nBlue Team Village Opening Ceremony","title":"Blue Team Village Opening Ceremony","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"android_description":".\n\n\nBlue Team Village Opening Ceremony","end_timestamp":{"seconds":1691775000,"nanoseconds":0},"updated_timestamp":{"seconds":1691247540,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-11T17:30:00.000-0000","id":52466,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"tag_ids":[40282,45645,45647,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45645,"name":"Flamingo - Sunset - Scenic - Blue Team Village - Main Stage","hotel":"","short_name":"BTV Main Stage","id":45969},"spans_timebands":"N","updated":"2023-08-05T14:59:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Password Village provides training, discussion, and hands-on access to hardware and techniques utilized in modern password cracking, with an emphasis on how password cracking relates to your job function and the real world . No laptop? No problem! Feel free to use one of our terminals to access a pre-configured GPGPU environment to run password attacks against simulated real-world passwords. Village staff and expert volunteers will be standing by to assist you with on-the-spot training and introductions to Hashcat, as well as other FOSS cracking applications.\n\n\n","title":"Password Village Activities","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"android_description":"The Password Village provides training, discussion, and hands-on access to hardware and techniques utilized in modern password cracking, with an emphasis on how password cracking relates to your job function and the real world . No laptop? No problem! Feel free to use one of our terminals to access a pre-configured GPGPU environment to run password attacks against simulated real-world passwords. Village staff and expert volunteers will be standing by to assist you with on-the-spot training and introductions to Hashcat, as well as other FOSS cracking applications.","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691190660,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52442,"tag_ids":[40289,45646,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 236 - Password Village","hotel":"","short_name":"Summit - 236 - Password Village","id":45862},"spans_timebands":"N","begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-04T23:11:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Quantum Village Opening!","end_timestamp":{"seconds":1691775000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1691108340,"nanoseconds":0},"speakers":[{"content_ids":[52033,52176,52178,52182,52188,52190,52191],"conference_id":96,"event_ids":[52249,52424,52426,52430,52436,52438,52439],"name":"Mark Carney","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51260},{"content_ids":[52176,52191],"conference_id":96,"event_ids":[52424,52439],"name":"Victoria Kumaran","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51424},{"content_ids":[52176],"conference_id":96,"event_ids":[52424],"name":"Quantum Village Organizers","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51622}],"timeband_id":990,"links":[],"end":"2023-08-11T17:30:00.000-0000","id":52424,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[40291,45645,45649,45743],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51260},{"tag_id":45590,"sort_order":1,"person_id":51622},{"tag_id":45590,"sort_order":1,"person_id":51424}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Quantum Village","hotel":"","short_name":"Quantum Village","id":45741},"spans_timebands":"N","begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-04T00:19:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"ARINC 615a CTF\r\n\r\nBoeing\r\n\r\n**Laptop Needed**\r\n\r\nBoeing will be hosting an ARINC 615a dataload CTF broken into two major modules. The first module will focus on decomposing and analyzing a PCAP capture of a simulated dataload between an airplane dataload server and an avionics component. The second module will allow participants to execute a dataload against simulated avionics to help improve understanding and awareness of how software is loaded onto airplanes. Additionally, Boeing is aiming to increase its cyber outreach into the STEM community by offering an additional challenge centered on an operational system and the impact of that system on the overall airplane. The challenge will walk participants through how the operational system functions, how it can be negatively impacted, the results of tampering with the system while it’s in flight, and how the system can secured via CIA and PKI.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"ARINC 615a CTF","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"ARINC 615a CTF\r\n\r\nBoeing\r\n\r\n**Laptop Needed**\r\n\r\nBoeing will be hosting an ARINC 615a dataload CTF broken into two major modules. The first module will focus on decomposing and analyzing a PCAP capture of a simulated dataload between an airplane dataload server and an avionics component. The second module will allow participants to execute a dataload against simulated avionics to help improve understanding and awareness of how software is loaded onto airplanes. Additionally, Boeing is aiming to increase its cyber outreach into the STEM community by offering an additional challenge centered on an operational system and the impact of that system on the overall airplane. The challenge will walk participants through how the operational system functions, how it can be negatively impacted, the results of tampering with the system while it’s in flight, and how the system can secured via CIA and PKI.","updated_timestamp":{"seconds":1691101680,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52406,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"tag_ids":[40280,45646,45743,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"updated":"2023-08-03T22:28:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Bricks in the Air\r\n\r\nAerospace Village\r\n\r\nBricks in the Air is a hands-on demo to teach the basics of low level protocols seen in aviation. The demo uses the I2C protocol and does not reveal actual security vulnerabilities in avionics or other systems in aviation. The attendees are not required to have any prerequisite knowledge. No equipment is needed for attendees.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Bricks in the Air","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"Bricks in the Air\r\n\r\nAerospace Village\r\n\r\nBricks in the Air is a hands-on demo to teach the basics of low level protocols seen in aviation. The demo uses the I2C protocol and does not reveal actual security vulnerabilities in avionics or other systems in aviation. The attendees are not required to have any prerequisite knowledge. No equipment is needed for attendees.","updated_timestamp":{"seconds":1691101680,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52405,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[40280,45646,45743,45775],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"spans_timebands":"N","begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-03T22:28:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"A-ISAC CTF\r\n\r\nA-ISAC and Embry-Riddle Aeronautical University - Prescott\r\n\r\n**Laptop Needed**\r\n\r\nA variety of aviation infrastructure have been compromised. Immerse yourself into challenges where you are tasked with identifying attacks/attackers, stopping attacks, and restoring normal operations. As a participant your first step is to register ahead and read the rules at: https://aisac.cyberskyline.com/events/aisac-defcon and bring your own laptop to the venue. You can participate in the virtual challenges from Friday, but the more critical in-person challenges are only available at certain times during Village open hours!\n\n\n","title":"A-ISAC CTF","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"A-ISAC CTF\r\n\r\nA-ISAC and Embry-Riddle Aeronautical University - Prescott\r\n\r\n**Laptop Needed**\r\n\r\nA variety of aviation infrastructure have been compromised. Immerse yourself into challenges where you are tasked with identifying attacks/attackers, stopping attacks, and restoring normal operations. As a participant your first step is to register ahead and read the rules at: https://aisac.cyberskyline.com/events/aisac-defcon and bring your own laptop to the venue. You can participate in the virtual challenges from Friday, but the more critical in-person challenges are only available at certain times during Village open hours!","updated_timestamp":{"seconds":1691101620,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52404,"village_id":null,"tag_ids":[40280,45646,45743,45775],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"updated":"2023-08-03T22:27:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Challenge\r\n\r\nLockheed Martin\r\n\r\n**Laptop Needed**\r\n\r\nThis is your chance to demonstrate your superior aviation hacking knowledge and skills. This contest requires you to keep your eyes open in the Aerospace Village, a personal device to access the contest webpage, and various other technical skills that are useful in the Aerospace industry. A laptop will be helpful for binary analysis and packet decoding. The final flag is an RF replay attack, so you will need to bring or borrow a device capable of rebroadcasting a signal. If you get stuck on any the challenges help can likely be found in some of the other villages. No pre-registration is required and it is OK to work in teams. The first to finish will receive a 1/48 scale model of an F-35B as well as the prestige of being the first ever winner of this challenging contest. A second model will be awarded based on a random drawing of all other people who successfully solve the final flag. The Aerospace Village CTF starts when the village opens on Friday and ends when the village closes Sunday at 2.\n\n\n","title":"The Challenge - Lockheed Martin","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"android_description":"The Challenge\r\n\r\nLockheed Martin\r\n\r\n**Laptop Needed**\r\n\r\nThis is your chance to demonstrate your superior aviation hacking knowledge and skills. This contest requires you to keep your eyes open in the Aerospace Village, a personal device to access the contest webpage, and various other technical skills that are useful in the Aerospace industry. A laptop will be helpful for binary analysis and packet decoding. The final flag is an RF replay attack, so you will need to bring or borrow a device capable of rebroadcasting a signal. If you get stuck on any the challenges help can likely be found in some of the other villages. No pre-registration is required and it is OK to work in teams. The first to finish will receive a 1/48 scale model of an F-35B as well as the prestige of being the first ever winner of this challenging contest. A second model will be awarded based on a random drawing of all other people who successfully solve the final flag. The Aerospace Village CTF starts when the village opens on Friday and ends when the village closes Sunday at 2.","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691101620,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52403,"village_id":null,"tag_ids":[40280,45646,45743,45775],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"updated":"2023-08-03T22:27:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Discover the exciting world of cybersecurity and unmanned aerial systems (UAS)! Learn how to safeguard UAS from all angles with a comprehensive platform security perspective.\r\n\r\nEngage in some fun and challenging CTF adventures where you can put your skills to the test. See firsthand how your actions affect our UAS demonstrator. The UAS demonstrator contains all the sensors from our Mobile Optical Ultrasonic Sensor Explorer, or MOUSE for short. The MOUSE represents a small Unmanned Aircraft System (sUAS) comprising a pan/tilt object recognition camera, navigation camera, temperature & humidity sensor, ultrasonic sensor, and drive system powering four motors.\r\n\r\nYou won't need to worry about any complicated registration process; all you need is your personal laptop to join in the excitement. Earn enough points in the challenge, and you could be the proud owner of a CT Cubed SAO, a special prize while supplies last. Get ready to embark on this fascinating journey and prove your cybersecurity prowess!\n\n\n","title":"Unmanned Aerial Systems – Platform Security","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"Discover the exciting world of cybersecurity and unmanned aerial systems (UAS)! Learn how to safeguard UAS from all angles with a comprehensive platform security perspective.\r\n\r\nEngage in some fun and challenging CTF adventures where you can put your skills to the test. See firsthand how your actions affect our UAS demonstrator. The UAS demonstrator contains all the sensors from our Mobile Optical Ultrasonic Sensor Explorer, or MOUSE for short. The MOUSE represents a small Unmanned Aircraft System (sUAS) comprising a pan/tilt object recognition camera, navigation camera, temperature & humidity sensor, ultrasonic sensor, and drive system powering four motors.\r\n\r\nYou won't need to worry about any complicated registration process; all you need is your personal laptop to join in the excitement. Earn enough points in the challenge, and you could be the proud owner of a CT Cubed SAO, a special prize while supplies last. Get ready to embark on this fascinating journey and prove your cybersecurity prowess!","updated_timestamp":{"seconds":1691166900,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52402,"village_id":null,"tag_ids":[40280,45646,45743,45775],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-04T16:35:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Hack The Airport\r\n\r\nIntelliGenesis and IG Labs\r\n\r\nIG Labs will be bringing our Runway Lighting System in a box as part of our Hack The Airport CTF. Participants will be able to attempt to get hands on with practical OT and IT cyber security environment in a mobile converged environment with real-world hardware and protocols.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Hack The Airport","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"Hack The Airport\r\n\r\nIntelliGenesis and IG Labs\r\n\r\nIG Labs will be bringing our Runway Lighting System in a box as part of our Hack The Airport CTF. Participants will be able to attempt to get hands on with practical OT and IT cyber security environment in a mobile converged environment with real-world hardware and protocols.","updated_timestamp":{"seconds":1691101560,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52401,"tag_ids":[40280,45646,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"spans_timebands":"N","begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-03T22:26:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Ask Me Anything About Cybersecurity in Aerospace\r\n\r\nAIAA\r\n\r\nWe have added a special feature to this year’s activities during DEF CON 31. This will be on Friday and Saturday from 11AM - 5PM.\r\n\r\nOur friends at AIAA are helping us host “Ask Me Anything” sessions on Friday and Saturday. It’s an opportunity to meet Aerospace Village members and partners who are experts in the field. Bring your questions about getting into cybersecurity, aviation, space, likes/dislikes, you name it!\r\n\r\n - A chance to ask all your questions, get their perspective, and hear some great stories.\r\n - A low-key sharing of experiences and a way to make new friends without having to make small talk.\r\n - Note: This is NOT a recruiting activity. Ask career questions if you have them, but think of this more as a chance for general \"speed mentoring.\"\n\n\n","title":"Ask Me Anything About Cybersecurity in Aerospace","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"android_description":"Ask Me Anything About Cybersecurity in Aerospace\r\n\r\nAIAA\r\n\r\nWe have added a special feature to this year’s activities during DEF CON 31. This will be on Friday and Saturday from 11AM - 5PM.\r\n\r\nOur friends at AIAA are helping us host “Ask Me Anything” sessions on Friday and Saturday. It’s an opportunity to meet Aerospace Village members and partners who are experts in the field. Bring your questions about getting into cybersecurity, aviation, space, likes/dislikes, you name it!\r\n\r\n - A chance to ask all your questions, get their perspective, and hear some great stories.\r\n - A low-key sharing of experiences and a way to make new friends without having to make small talk.\r\n - Note: This is NOT a recruiting activity. Ask career questions if you have them, but think of this more as a chance for general \"speed mentoring.\"","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691101560,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52400,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[40280,45646,45743,45775],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-03T22:26:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"PTP Flight Challenge\r\n\r\nPen Test Partners\r\n\r\nCome try your hand at flying our immersive Airbus A320 simulator and see if you can stick our landing challenge! We'll also be talking about electronic flight bags, how their data integrity is relied upon by pilots to assist with a safe landing, and demonstrate the impacts in a safe environment.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"PTP Flight Challenge","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"PTP Flight Challenge\r\n\r\nPen Test Partners\r\n\r\nCome try your hand at flying our immersive Airbus A320 simulator and see if you can stick our landing challenge! We'll also be talking about electronic flight bags, how their data integrity is relied upon by pilots to assist with a safe landing, and demonstrate the impacts in a safe environment.","updated_timestamp":{"seconds":1691101560,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52399,"tag_ids":[40280,45646,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 208-214 - Aerospace Village","hotel":"","short_name":"Summit - 208-214 - Aerospace Village","id":45859},"spans_timebands":"N","updated":"2023-08-03T22:26:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"AI Village Opening Remarks","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691773800,"nanoseconds":0},"updated_timestamp":{"seconds":1691030520,"nanoseconds":0},"speakers":[{"content_ids":[52044,52064],"conference_id":96,"event_ids":[52263,52283],"name":"AI Village Organizers","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51277}],"timeband_id":990,"links":[],"end":"2023-08-11T17:10:00.000-0000","id":52263,"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[40299,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51277}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 401-406 - AI Village","hotel":"","short_name":"Academy - 401-406 - AI Village","id":45870},"updated":"2023-08-03T02:42:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"CPV Welcome - Day 1","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"android_description":"","end_timestamp":{"seconds":1691773500,"nanoseconds":0},"updated_timestamp":{"seconds":1691025660,"nanoseconds":0},"speakers":[{"content_ids":[52022,52029,52030,52031,52037,52040,52043],"conference_id":96,"event_ids":[52238,52247,52246,52245,52253,52259,52256,52260,52261,52262],"name":"CPV Staff","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51254}],"timeband_id":990,"links":[],"end":"2023-08-11T17:05:00.000-0000","id":52238,"village_id":null,"tag_ids":[40308,45645,45647,45743],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51254}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Sunset - Vista - Crypto & Privacy Village","hotel":"","short_name":"Sunset - Vista - Crypto & Privacy Village","id":45702},"begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-03T01:21:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Hardware Hacking Your Kitchen: bug bounty is back! Join us for the opportunity to live hack into some of the most popular home kitchen devices, right in the IoT Village!\n\n\n","title":"Hardware Hacking Your Kitchen","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"Hardware Hacking Your Kitchen: bug bounty is back! Join us for the opportunity to live hack into some of the most popular home kitchen devices, right in the IoT Village!","updated_timestamp":{"seconds":1691000640,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52220,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"tag_ids":[40296,45646,45743,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"updated":"2023-08-02T18:24:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Want to put your MIPS shellcode skills to the test for a chance to win a prize? Learn to dump flash from our custom-built PCB that we use to teach our Hardware Hacking Workshop. Hone your dynamic analysis skills and exploit a WPS pin generation algorithm used in a popular Real Time Operating System.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"Perform Memory Extraction, Emulation and Shellcode","android_description":"Want to put your MIPS shellcode skills to the test for a chance to win a prize? Learn to dump flash from our custom-built PCB that we use to teach our Hardware Hacking Workshop. Hone your dynamic analysis skills and exploit a WPS pin generation algorithm used in a popular Real Time Operating System.","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691000640,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52219,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[40296,45646,45743,45775],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"spans_timebands":"N","updated":"2023-08-02T18:24:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Embedded Device Security Workshops: two hands-on workshops showcasing common security vulnerabilities present in IoT/OT devices. These workshops will give you an opportunity to use a variety of device hacking tools and techniques to attack multiple components at varying layers of the stack, enabling a deeper understanding of device security.\n\n\n","title":"Embedded Device Security Workshops","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"Embedded Device Security Workshops: two hands-on workshops showcasing common security vulnerabilities present in IoT/OT devices. These workshops will give you an opportunity to use a variety of device hacking tools and techniques to attack multiple components at varying layers of the stack, enabling a deeper understanding of device security.","updated_timestamp":{"seconds":1691000580,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52218,"tag_ids":[40296,45646,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-02T18:23:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"From Memory Manipulation to Root Access: In this year's exercises, we will be guiding the attendees through another multistep process to gain root access to a targeted IoT device via UART by first extracting the firmware to gain access to the root password and identifying memory offsets that allow attendees to alter U-Boot running memory to disable filters blocking needed changes to device boot environment variables. This series of exercises will cover steps including U-boot interaction, firmware extraction process, altering memory style attack, binwalk to extract cramfs filesystem, hexedit to identify memory offsets, and cracking of extracted password hashes.\n\n\n","title":"IoT Village Hardware Hacking Exercises 2023","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"From Memory Manipulation to Root Access: In this year's exercises, we will be guiding the attendees through another multistep process to gain root access to a targeted IoT device via UART by first extracting the firmware to gain access to the root password and identifying memory offsets that allow attendees to alter U-Boot running memory to disable filters blocking needed changes to device boot environment variables. This series of exercises will cover steps including U-boot interaction, firmware extraction process, altering memory style attack, binwalk to extract cramfs filesystem, hexedit to identify memory offsets, and cracking of extracted password hashes.","updated_timestamp":{"seconds":1691000580,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52217,"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[40296,45646,45743,45775],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"spans_timebands":"N","updated":"2023-08-02T18:23:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Bluetooth Hacking: Hands-on exercises provide insights into powerful Bluetooth, WiFi, and IoT Security Assessment tools to unleash your hacking potential. Talk with security researchers on Bluetooth, WiFi, and 5G research; learn about firmware analysis and fuzzing. Walk away knowing the tools and lab equipment you need to perform IoT research.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"title":"The IoT Kill Zone","android_description":"Bluetooth Hacking: Hands-on exercises provide insights into powerful Bluetooth, WiFi, and IoT Security Assessment tools to unleash your hacking potential. Talk with security researchers on Bluetooth, WiFi, and 5G research; learn about firmware analysis and fuzzing. Walk away knowing the tools and lab equipment you need to perform IoT research.","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691000580,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52216,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[40296,45646,45743,45775],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"spans_timebands":"N","begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-02T18:23:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Take Control of Your xIoT Don your white coat, and step into the Mobile xIoT Security Lab at IoT Village during DefCon 31 for a hands-on experience allowing you to Find, Fix, and Monitor an array of IoT, OT, IIoT, and IoMT devices. Brace yourself for the thrill of controlling real-world devices with known CVEs and safely automating fixes. Accompanied by our expert guide, witness live hacking demonstrations showcasing the alarming simplicity behind breaching and controlling banned xIoT devices. And for the cherry on top, be among the first 100 attendees to receive an exclusive, limited edition \"Secure Your Things\" T-shirt as a token of our appreciation.\n\n\n","title":"Secure or Surrender","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"android_description":"Take Control of Your xIoT Don your white coat, and step into the Mobile xIoT Security Lab at IoT Village during DefCon 31 for a hands-on experience allowing you to Find, Fix, and Monitor an array of IoT, OT, IIoT, and IoMT devices. Brace yourself for the thrill of controlling real-world devices with known CVEs and safely automating fixes. Accompanied by our expert guide, witness live hacking demonstrations showcasing the alarming simplicity behind breaching and controlling banned xIoT devices. And for the cherry on top, be among the first 100 attendees to receive an exclusive, limited edition \"Secure Your Things\" T-shirt as a token of our appreciation.","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691000580,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52215,"tag_ids":[40296,45646,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"updated":"2023-08-02T18:23:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Join for hands-on content and labs exploiting critical IoT and network infrastructure. Participate in initial public disclosure of new vulnerabilities with our team of experts, explore the 0-day development process, and power up your reverse engineering skills by \"living off the land\" like a pro using simple, free tools!Want to hack an Emergency Alert System unit, extract network traffic from recycled phone systems & routers, or exploit security controls in firewalls & proxies?\r\n\r\nBring a laptop, your favorite intercepting proxy, and a *lot* of caffeine.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Critical Infrastructure & IoT Exploitation","android_description":"Join for hands-on content and labs exploiting critical IoT and network infrastructure. Participate in initial public disclosure of new vulnerabilities with our team of experts, explore the 0-day development process, and power up your reverse engineering skills by \"living off the land\" like a pro using simple, free tools!Want to hack an Emergency Alert System unit, extract network traffic from recycled phone systems & routers, or exploit security controls in firewalls & proxies?\r\n\r\nBring a laptop, your favorite intercepting proxy, and a *lot* of caffeine.","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691000580,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52214,"village_id":null,"tag_ids":[40296,45646,45743,45775],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"spans_timebands":"N","updated":"2023-08-02T18:23:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"IoT Village Hacking Playground: The IoT Village Hacking Playground is a set of hands-on labs developed to teach the tools and techniques for discovering and exploiting some of the common weaknesses found in IoT devices in just a few minutes. Whether you're a penetration tester that has never hacked IoT devices, or even someone that has never hacked anything, these self-guided labs will introduce the audience to the world of IoT and the security issues that can plague these devices. Work at your own pace following our IoT Hacking guides and if you get stuck, our instructors are on hand to provide assistance and answer any questions.\n\n\n","title":"IoT Village Hacking Playground","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"IoT Village Hacking Playground: The IoT Village Hacking Playground is a set of hands-on labs developed to teach the tools and techniques for discovering and exploiting some of the common weaknesses found in IoT devices in just a few minutes. Whether you're a penetration tester that has never hacked IoT devices, or even someone that has never hacked anything, these self-guided labs will introduce the audience to the world of IoT and the security issues that can plague these devices. Work at your own pace following our IoT Hacking guides and if you get stuck, our instructors are on hand to provide assistance and answer any questions.","updated_timestamp":{"seconds":1691000520,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52213,"tag_ids":[40296,45646,45743,45775],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"spans_timebands":"N","updated":"2023-08-02T18:22:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"He will be speaking about history in hacking & security from a general perspective and specifically from a Black perspective.\r\n\r\nHe will be talking about great hacks from history including his own! He will talk about his journey in security and how security has evolved over the years, his theories on security going into the future and how to stay flexible in reference to new platforms and attack vectors. He will discuss all the avenues security can bring an up and coming Hacker career wise as well!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"BIC Village Opening Keynote","end_timestamp":{"seconds":1691776200,"nanoseconds":0},"android_description":"He will be speaking about history in hacking & security from a general perspective and specifically from a Black perspective.\r\n\r\nHe will be talking about great hacks from history including his own! He will talk about his journey in security and how security has evolved over the years, his theories on security going into the future and how to stay flexible in reference to new platforms and attack vectors. He will discuss all the avenues security can bring an up and coming Hacker career wise as well!","updated_timestamp":{"seconds":1690937700,"nanoseconds":0},"speakers":[{"content_ids":[52002],"conference_id":96,"event_ids":[52197],"name":"John Threat","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51208}],"timeband_id":990,"links":[],"end":"2023-08-11T17:50:00.000-0000","id":52197,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"tag_ids":[40281,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51208}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 301-304 - Blacks in Cyber Village","hotel":"","short_name":"Alliance - 301-304 - Blacks in Cyber Village","id":45865},"begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-02T00:55:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This is when you can go visit our awesome exhibitors.\n\n\n","title":"Exhibitor Area Open","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#77d8b8","name":"Misc","id":45640},"end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"This is when you can go visit our awesome exhibitors.","updated_timestamp":{"seconds":1690758060,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52164,"tag_ids":[45640,45646,45743],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 124-126 - Exhibitors","hotel":"","short_name":"Forum - 124-126 - Exhibitors","id":45823},"spans_timebands":"N","begin":"2023-08-11T17:00:00.000-0000","updated":"2023-07-30T23:01:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This is when you can go visit our awesome vendors. \r\n\r\nWe don't know whether they will be accepting cash or cards. That's up to each vendor, and we do not have a list.\r\n\r\nWe also don't know if/when vendors will sell out of anything they may be selling.\n\n\n","title":"Vendor Area Open","type":{"conference_id":96,"conference":"DEFCON31","color":"#77d8b8","updated_at":"2024-06-07T03:38+0000","name":"Misc","id":45640},"end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"This is when you can go visit our awesome vendors. \r\n\r\nWe don't know whether they will be accepting cash or cards. That's up to each vendor, and we do not have a list.\r\n\r\nWe also don't know if/when vendors will sell out of anything they may be selling.","updated_timestamp":{"seconds":1690758060,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52161,"tag_ids":[45640,45646,45743],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 305-306 - Vendors","hotel":"","short_name":"Alliance - 305-306 - Vendors","id":45866},"updated":"2023-07-30T23:01:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"We start taking drives at 4:00pm local time on Thursday - possibly a little earlier. We reopen at 10:00am on Friday, Saturday, and Sunday.\r\n\r\nWe'll keep accepting drives until we reach capacity (usually late Friday or early Saturday).  Then we copy and copy all the things until we just can't copy any more - first come, first served.  We run around the clock until we run out of time on Sunday morning with the last possible pickup being before 11:00am on Sunday.\r\n\r\nMost of the drive information can be found [here](https://dcddv.org/dc31-drive-info). If you have questions that have not yet been answered, you can email [info@dcddv.org](mailto:info@dcddv.org), or visit the [DEF CON Forums](https://forum.defcon.org/node/244903).\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#697bd0","name":"Event","id":45638},"title":"DDV open and accepting drives for duplication","end_timestamp":{"seconds":1691798400,"nanoseconds":0},"android_description":"We start taking drives at 4:00pm local time on Thursday - possibly a little earlier. We reopen at 10:00am on Friday, Saturday, and Sunday.\r\n\r\nWe'll keep accepting drives until we reach capacity (usually late Friday or early Saturday).  Then we copy and copy all the things until we just can't copy any more - first come, first served.  We run around the clock until we run out of time on Sunday morning with the last possible pickup being before 11:00am on Sunday.\r\n\r\nMost of the drive information can be found [here](https://dcddv.org/dc31-drive-info). If you have questions that have not yet been answered, you can email [info@dcddv.org](mailto:info@dcddv.org), or visit the [DEF CON Forums](https://forum.defcon.org/node/244903).","updated_timestamp":{"seconds":1691260500,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-12T00:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/244903"},{"label":"Drive Information","type":"link","url":"https://dcddv.org/dc31-drive-info"}],"id":51692,"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[40285,45638,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 231 - Data Dupe Vlg","hotel":"","short_name":"Summit - 231 - Data Dupe Vlg","id":45858},"begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-05T18:35:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Our lives have become more digitally interconnected and the pandemic accelerated the use of technology (remote work, cashless payments, virtual healthcare sessions and gatherings, an uptick in streaming services, etc.). And, year by year, market demand for more information security/cybersecurity professionals is growing and yet research shows there are artificial barriers that limit opportunities for entry level positions to those with the skill, aptitude, and attitude, and impacts underserved and underrepresented communities. The panel discussion will look at the history of the information security/cybersecurity recruitment pipeline, discuss recent policy changes, and a call to action in removing the artificial barriers that are limiting access into the field. Furthermore, the talk will look at the upcoming National Cyber Workforce and Education Strategy; current public and private sector to address the current workforce challenges; and how we need to bolster our workforce to combat ongoing threats to critical infrastructure. We also can’t discuss workforce development without addressing the education landscape and the need to incorporate cybersecurity awareness and skills development in K-12 education systems, and preparing the workforce through two-year, four-year, and post-graduate education programs. The diverse perspectives will cover policy, current activities, and include engagement with the audience to troubleshoot potential solutions on how we can collaboratively work to grow and sustain the hacker talent pipeline.\n\n\n","title":"Building the Hacker Talent Pipeline Through Workforce and Education Ecosystems","type":{"conference_id":96,"conference":"DEFCON31","color":"#d653b1","updated_at":"2024-06-07T03:38+0000","name":"Village Panel","id":45771},"end_timestamp":{"seconds":1691779800,"nanoseconds":0},"android_description":"Our lives have become more digitally interconnected and the pandemic accelerated the use of technology (remote work, cashless payments, virtual healthcare sessions and gatherings, an uptick in streaming services, etc.). And, year by year, market demand for more information security/cybersecurity professionals is growing and yet research shows there are artificial barriers that limit opportunities for entry level positions to those with the skill, aptitude, and attitude, and impacts underserved and underrepresented communities. The panel discussion will look at the history of the information security/cybersecurity recruitment pipeline, discuss recent policy changes, and a call to action in removing the artificial barriers that are limiting access into the field. Furthermore, the talk will look at the upcoming National Cyber Workforce and Education Strategy; current public and private sector to address the current workforce challenges; and how we need to bolster our workforce to combat ongoing threats to critical infrastructure. We also can’t discuss workforce development without addressing the education landscape and the need to incorporate cybersecurity awareness and skills development in K-12 education systems, and preparing the workforce through two-year, four-year, and post-graduate education programs. The diverse perspectives will cover policy, current activities, and include engagement with the audience to troubleshoot potential solutions on how we can collaboratively work to grow and sustain the hacker talent pipeline.","updated_timestamp":{"seconds":1690430640,"nanoseconds":0},"speakers":[{"content_ids":[51504],"conference_id":96,"event_ids":[51660],"name":"Ashley Sequeira","affiliations":[{"organization":"Google Cloud Security","title":"Security Operations Sales Engineering Training Program Manager"}],"links":[],"pronouns":null,"media":[],"id":50576,"title":"Security Operations Sales Engineering Training Program Manager at Google Cloud Security"},{"content_ids":[51504],"conference_id":96,"event_ids":[51660],"name":"Ayan Islam","affiliations":[{"organization":"Office of the National Cyber Director, The White House","title":"Director, Cyber Workforce"}],"links":[],"pronouns":null,"media":[],"id":50578,"title":"Director, Cyber Workforce at Office of the National Cyber Director, The White House"},{"content_ids":[51500,51504],"conference_id":96,"event_ids":[51656,51660],"name":"Bryony Crown","affiliations":[{"organization":"British Embassy, Washington D.C.","title":"First Secretary Cyber Policy"}],"links":[],"pronouns":null,"media":[],"id":50583,"title":"First Secretary Cyber Policy at British Embassy, Washington D.C."},{"content_ids":[51504],"conference_id":96,"event_ids":[51660],"name":"Randy Pestana","affiliations":[{"organization":"FIU Jack D Gordon Institute for Public Policy","title":"Associate Director"}],"links":[],"pronouns":null,"media":[],"id":50632,"title":"Associate Director at FIU Jack D Gordon Institute for Public Policy"},{"content_ids":[51504,51519],"conference_id":96,"event_ids":[51660,51675],"name":"Safa Shahwan Edwards","affiliations":[{"organization":"Atlantic Council","title":"Deputy Director, Cyber Statecraft Initiative"}],"links":[],"pronouns":null,"media":[],"id":50634,"title":"Deputy Director, Cyber Statecraft Initiative at Atlantic Council"},{"content_ids":[51504,51511],"conference_id":96,"event_ids":[51660,51667],"name":"Sarah Powazek","affiliations":[{"organization":"UC Berkeley Center for Long-Term Cybersecurity (CLTC)","title":"Program Director of Public Interest Cybersecurity"}],"links":[],"pronouns":null,"media":[],"id":50635,"title":"Program Director of Public Interest Cybersecurity at UC Berkeley Center for Long-Term Cybersecurity (CLTC)"}],"timeband_id":990,"links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"end":"2023-08-11T18:50:00.000-0000","id":51660,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[40310,45646,45743,45771],"village_id":null,"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":50576},{"tag_id":45632,"sort_order":1,"person_id":50578},{"tag_id":45632,"sort_order":1,"person_id":50583},{"tag_id":45632,"sort_order":1,"person_id":50632},{"tag_id":45632,"sort_order":1,"person_id":50634},{"tag_id":45632,"sort_order":1,"person_id":50635}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 218-219 - Policy Rotunda","hotel":"","short_name":"Summit - 218-219 - Policy Rotunda","id":45824},"updated":"2023-07-27T04:04:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This is your CliffsNotes on what's happening in US cyber policy. Whether you're completely new to policy discussions as a whole, more used to following policy in other countries, or just feeling a little out of date, this session will help you get up to speed with the main US cyber policy focus areas and players. \r\n\r\nThe session will start with an overview of the current themes and topics being explored by US policymakers, provided by policy expert and leader, Harley Geiger. He will provide insight on the status of various initiatives and what is likely to move forward through the year. \r\n\r\nThis will be followed by a discussion with representatives from different parts of the US government currently working on setting US cyber policy. Each will explain what their agency does, how it fits in the ecosystem and partners with the other agencies, what it's working on for 2023-24 and how people can interact with them. \r\n\r\nThis will be followed by audience Q&A so you can better explore the information provided and find out the status of the issues you care about most. This session creates a baseline for the other Policy @ DEF CON content.\r\n\r\nThis is a double length session lasting 110 minutes. \n\n\n","title":"US Cyber Policy 101","type":{"conference_id":96,"conference":"DEFCON31","color":"#bd6284","updated_at":"2024-06-07T03:38+0000","name":"Village Showcase","id":45773},"end_timestamp":{"seconds":1691779800,"nanoseconds":0},"android_description":"This is your CliffsNotes on what's happening in US cyber policy. Whether you're completely new to policy discussions as a whole, more used to following policy in other countries, or just feeling a little out of date, this session will help you get up to speed with the main US cyber policy focus areas and players. \r\n\r\nThe session will start with an overview of the current themes and topics being explored by US policymakers, provided by policy expert and leader, Harley Geiger. He will provide insight on the status of various initiatives and what is likely to move forward through the year. \r\n\r\nThis will be followed by a discussion with representatives from different parts of the US government currently working on setting US cyber policy. Each will explain what their agency does, how it fits in the ecosystem and partners with the other agencies, what it's working on for 2023-24 and how people can interact with them. \r\n\r\nThis will be followed by audience Q&A so you can better explore the information provided and find out the status of the issues you care about most. This session creates a baseline for the other Policy @ DEF CON content.\r\n\r\nThis is a double length session lasting 110 minutes.","updated_timestamp":{"seconds":1690984080,"nanoseconds":0},"speakers":[{"content_ids":[50571,50614,51515,51499],"conference_id":96,"event_ids":[50722,50809,51655,51671],"name":"Harley Geiger","affiliations":[{"organization":"Venable LLP","title":"Counsel"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/HarleyGeiger"}],"media":[],"id":49789,"title":"Counsel at Venable LLP"},{"content_ids":[50645,51499],"conference_id":96,"event_ids":[50863,51655],"name":"Suzanne Schwartz, MD","affiliations":[{"organization":"FDA’s Center for Devices and Radiological Health (CDRH)","title":"Director of the Office of Strategic Partnerships and Technology Innovation (OST)"}],"links":[],"pronouns":"she/her","media":[],"id":49928,"title":"Director of the Office of Strategic Partnerships and Technology Innovation (OST) at FDA’s Center for Devices and Radiological Health (CDRH)"},{"content_ids":[51503,51499],"conference_id":96,"event_ids":[51655,51659],"name":"Lindsey Forson","affiliations":[{"organization":"National Association of Secretaries of State","title":"Deputy Executive Director"}],"links":[],"pronouns":null,"media":[],"id":50599,"title":"Deputy Executive Director at National Association of Secretaries of State"},{"content_ids":[51524,51499],"conference_id":96,"event_ids":[51655,51680],"name":"Lauren Zabierek","affiliations":[{"organization":"Cybersecurity and Infrastructure Security Agency (CISA)","title":"Senior Policy Advisor in the Cybersecurity Division"}],"links":[],"pronouns":null,"media":[],"id":50618,"title":"Senior Policy Advisor in the Cybersecurity Division at Cybersecurity and Infrastructure Security Agency (CISA)"},{"content_ids":[51528,51499],"conference_id":96,"event_ids":[51655,51684],"name":"Michaela Lee","affiliations":[{"organization":"The Office of National Cyber Director (ONCD)","title":"Director for Strategy and Research"}],"links":[],"pronouns":null,"media":[],"id":50626,"title":"Director for Strategy and Research at The Office of National Cyber Director (ONCD)"}],"timeband_id":990,"end":"2023-08-11T18:50:00.000-0000","links":[{"label":"Feedback","type":"link","url":"https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_3eGdwIOCKgfEozY"}],"id":51655,"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[40310,45646,45743,45773,45836],"includes":"","people":[{"tag_id":45631,"sort_order":0,"person_id":49789},{"tag_id":45632,"sort_order":1,"person_id":50618},{"tag_id":45632,"sort_order":1,"person_id":50599},{"tag_id":45632,"sort_order":1,"person_id":50626},{"tag_id":45632,"sort_order":1,"person_id":49928}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 221-222 - Policy Atrium","hotel":"","short_name":"Summit - 221-222 - Policy Atrium","id":45878},"spans_timebands":"N","begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-02T13:48:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Traditionally the cyber attacker has an asymmetric advantage over the cyber defender. But does it have to be that way? Is it possible for the cyber defender to take an \"offensive stance.\" This talk will show how the emerging science of cyberpsychology and the leveraging of AI can provide the defender with the ability to pwn the most vulnerable component in the cyberattack kill chain, the attack's human operator. Leveraging the DoD's \"Tularosa Study,\" this talk will cover a theoretical framework for achieving this objective, outline an operational vignette, and then cover some the specifics for such an approach.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Pwning the Pwners with Mindware","end_timestamp":{"seconds":1691776200,"nanoseconds":0},"android_description":"Traditionally the cyber attacker has an asymmetric advantage over the cyber defender. But does it have to be that way? Is it possible for the cyber defender to take an \"offensive stance.\" This talk will show how the emerging science of cyberpsychology and the leveraging of AI can provide the defender with the ability to pwn the most vulnerable component in the cyberattack kill chain, the attack's human operator. Leveraging the DoD's \"Tularosa Study,\" this talk will cover a theoretical framework for achieving this objective, outline an operational vignette, and then cover some the specifics for such an approach.","updated_timestamp":{"seconds":1691375280,"nanoseconds":0},"speakers":[{"content_ids":[51459],"conference_id":96,"event_ids":[51615],"name":"Frank \"D9\" DiGiovanni","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50523}],"timeband_id":990,"links":[],"end":"2023-08-11T17:50:00.000-0000","id":51615,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"tag_ids":[40288,45645,45646,45743],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50523}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 232-233 - Shared Stage","hotel":"","short_name":"Summit - 232-233 - Shared Stage","id":45900},"spans_timebands":"N","begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-07T02:28:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"CMD+CTRL Cyber Range is an interactive learning and hacking platform where development, security, IT, and other roles come together to build an appreciation for protecting the enterprise. Players learn security techniques in a real-world environment where they compete to find vulnerabilities. Real-time scoring keeps participants engaged and creates friendly competition. Our Cloud and App Cyber Ranges incorporate authentic, fully functioning applications and vulnerabilities often found in commercial web platforms.\r\n\r\nLearn to see web applications and services from an attacker's perspective. CMD+CTRL is a hacking game designed to teach the fundamentals of web application security. Explore vulnerable web applications, discover security flaws, and exploit those flaws to earn points and climb up the scoreboard. After attacking an application for yourself, you'll have a better understanding of the vulnerabilities that put real applications at risk - and you'll be better prepared to find and fix those vulnerabilities in your own code.\r\n\r\nAt DEF CON 31: We will be debuting our latest Cyber Range, which focuses on exploiting a modern health record management system, dubbed ShadowHealth. Inspired by the latest trends and real world exploits, try your hands exploiting: SSRF, Log4Shell, reverse engineering, local privilege escalation, password cracking, XXS, and so much more! With over 35 challenges do you think you can complete them all?\r\n\r\n-----\r\n\r\nCMD+CTRL will have two different games happening: free play, and the competition. Both require a code to join, and the best way to get a code is to go to the CMD+CTRL booth in the contest area. Codes to join free play may be given in Discord, on Thursday. Questions and such will also only be answered at the booth; Discord will not be staffed this year, aside from free play codes on Thursday. Once you have a code, you can play online, from anywhere -- you do not have to be in the contest area.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"CMD+CTRL at DEF CON 31 - Booth Open","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"CMD+CTRL Cyber Range is an interactive learning and hacking platform where development, security, IT, and other roles come together to build an appreciation for protecting the enterprise. Players learn security techniques in a real-world environment where they compete to find vulnerabilities. Real-time scoring keeps participants engaged and creates friendly competition. Our Cloud and App Cyber Ranges incorporate authentic, fully functioning applications and vulnerabilities often found in commercial web platforms.\r\n\r\nLearn to see web applications and services from an attacker's perspective. CMD+CTRL is a hacking game designed to teach the fundamentals of web application security. Explore vulnerable web applications, discover security flaws, and exploit those flaws to earn points and climb up the scoreboard. After attacking an application for yourself, you'll have a better understanding of the vulnerabilities that put real applications at risk - and you'll be better prepared to find and fix those vulnerabilities in your own code.\r\n\r\nAt DEF CON 31: We will be debuting our latest Cyber Range, which focuses on exploiting a modern health record management system, dubbed ShadowHealth. Inspired by the latest trends and real world exploits, try your hands exploiting: SSRF, Log4Shell, reverse engineering, local privilege escalation, password cracking, XXS, and so much more! With over 35 challenges do you think you can complete them all?\r\n\r\n-----\r\n\r\nCMD+CTRL will have two different games happening: free play, and the competition. Both require a code to join, and the best way to get a code is to go to the CMD+CTRL booth in the contest area. Codes to join free play may be given in Discord, on Thursday. Questions and such will also only be answered at the booth; Discord will not be staffed this year, aside from free play codes on Thursday. Once you have a code, you can play online, from anywhere -- you do not have to be in the contest area.","updated_timestamp":{"seconds":1690308120,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Twitter (@cmdnctrl_defcon)","type":"link","url":"https://twitter.com/cmdnctrl_defcon"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245229"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711643642388807800"}],"end":"2023-08-12T01:00:00.000-0000","id":51598,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[45635,45646,45743],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","updated":"2023-07-25T18:02:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"CMD+CTRL Cyber Range is an interactive learning and hacking platform where development, security, IT, and other roles come together to build an appreciation for protecting the enterprise. Players learn security techniques in a real-world environment where they compete to find vulnerabilities. Real-time scoring keeps participants engaged and creates friendly competition. Our Cloud and App Cyber Ranges incorporate authentic, fully functioning applications and vulnerabilities often found in commercial web platforms.\r\n\r\nLearn to see web applications and services from an attacker's perspective. CMD+CTRL is a hacking game designed to teach the fundamentals of web application security. Explore vulnerable web applications, discover security flaws, and exploit those flaws to earn points and climb up the scoreboard. After attacking an application for yourself, you'll have a better understanding of the vulnerabilities that put real applications at risk - and you'll be better prepared to find and fix those vulnerabilities in your own code.\r\n\r\nAt DEF CON 31: We will be debuting our latest Cyber Range, which focuses on exploiting a modern health record management system, dubbed ShadowHealth. Inspired by the latest trends and real world exploits, try your hands exploiting: SSRF, Log4Shell, reverse engineering, local privilege escalation, password cracking, XXS, and so much more! With over 35 challenges do you think you can complete them all?\r\n\r\n-----\r\n\r\nCMD+CTRL will have two different games happening: free play, and the competition. Both require a code to join, and the best way to get a code is to go to the CMD+CTRL booth in the contest area. Codes to join free play may be given in Discord, on Thursday. Questions and such will also only be answered at the booth; Discord will not be staffed this year, aside from free play codes on Thursday. Once you have a code, you can play online, from anywhere -- you do not have to be in the contest area.\n\n\n","title":"CMD+CTRL at DEF CON 31 - Competition","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"android_description":"CMD+CTRL Cyber Range is an interactive learning and hacking platform where development, security, IT, and other roles come together to build an appreciation for protecting the enterprise. Players learn security techniques in a real-world environment where they compete to find vulnerabilities. Real-time scoring keeps participants engaged and creates friendly competition. Our Cloud and App Cyber Ranges incorporate authentic, fully functioning applications and vulnerabilities often found in commercial web platforms.\r\n\r\nLearn to see web applications and services from an attacker's perspective. CMD+CTRL is a hacking game designed to teach the fundamentals of web application security. Explore vulnerable web applications, discover security flaws, and exploit those flaws to earn points and climb up the scoreboard. After attacking an application for yourself, you'll have a better understanding of the vulnerabilities that put real applications at risk - and you'll be better prepared to find and fix those vulnerabilities in your own code.\r\n\r\nAt DEF CON 31: We will be debuting our latest Cyber Range, which focuses on exploiting a modern health record management system, dubbed ShadowHealth. Inspired by the latest trends and real world exploits, try your hands exploiting: SSRF, Log4Shell, reverse engineering, local privilege escalation, password cracking, XXS, and so much more! With over 35 challenges do you think you can complete them all?\r\n\r\n-----\r\n\r\nCMD+CTRL will have two different games happening: free play, and the competition. Both require a code to join, and the best way to get a code is to go to the CMD+CTRL booth in the contest area. Codes to join free play may be given in Discord, on Thursday. Questions and such will also only be answered at the booth; Discord will not be staffed this year, aside from free play codes on Thursday. Once you have a code, you can play online, from anywhere -- you do not have to be in the contest area.","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"updated_timestamp":{"seconds":1690308120,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-13T19:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245229"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711643642388807800"},{"label":"Twitter (@cmdnctrl_defcon)","type":"link","url":"https://twitter.com/cmdnctrl_defcon"}],"id":51597,"tag_ids":[45635,45766],"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45749},"spans_timebands":"Y","updated":"2023-07-25T18:02:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"A place to remember hackers that are no longer with us. Come to share stories and celebrate their life.\r\n\r\nPlease send photos of our fallen hacker comrades to [defconmemorial@protonmail.com](mailto:defconmemorial@protonmail.com), to be printed and displayed on the memorial wall here at DEF CON.\n\n\n","title":"SUNDAY CANCELED: Hacker Memorial","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d1c366","name":"Meetup","id":45639},"end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"A place to remember hackers that are no longer with us. Come to share stories and celebrate their life.\r\n\r\nPlease send photos of our fallen hacker comrades to [defconmemorial@protonmail.com](mailto:defconmemorial@protonmail.com), to be printed and displayed on the memorial wall here at DEF CON.","updated_timestamp":{"seconds":1691955900,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":51578,"tag_ids":[45639,45648,45743],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Copper - Memorial Room","hotel":"","short_name":"Copper - Memorial Room","id":45688},"spans_timebands":"N","begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-13T19:45:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"SUNDAY CANCELED: DCG Meetups","type":{"conference_id":96,"conference":"DEFCON31","color":"#d1c366","updated_at":"2024-06-07T03:38+0000","name":"Meetup","id":45639},"android_description":"","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691955960,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":51568,"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[45639,45648,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Silver - DEF CON Groups","hotel":"","short_name":"Silver - DEF CON Groups","id":45733},"spans_timebands":"N","updated":"2023-08-13T19:46:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Through interfacing with reality you are defining that reality. Rethink your senses and test your limits. Solve the five layers and discover a hidden treasure. Each layer yields its own reward, but few will make it to the end of the hunt. For each of your senses, you will need to set aside preconceptions and look to the underlying patterns within the data.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"venator aurum - A Treasure Hunt","android_description":"Through interfacing with reality you are defining that reality. Rethink your senses and test your limits. Solve the five layers and discover a hidden treasure. Each layer yields its own reward, but few will make it to the end of the hunt. For each of your senses, you will need to set aside preconceptions and look to the underlying patterns within the data.","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1690068240,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Website","type":"link","url":"https://venatoraurum.org"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245428"}],"end":"2023-08-12T01:00:00.000-0000","id":51530,"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[45635,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-07-22T23:24:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Want to block those pesky 5G microchips coursing through your vaccinated body? Did you anger our new AI overlords, and need to hide? Or do those alien mind control rays just have you down lately? Fear not, for we here at the Tin Foil Hat contest have your back for all of these! Come find us in the contest area, and we'll have you build a tin foil hat which is guaranteed to provide top quality protection for your noggin. How you ask? SCIENCE!\r\n\r\nShow us your skills by building a tin foil hat to shield your subversive thoughts, then test it out for effectiveness.\r\n\r\nThere are 2 categories: stock and unlimited. The hat in each category that causes the most signal attenuation will receive the \"Substance\" award for that category. We all know that hacker culture is all about looking good, though, so a single winner will be selected from each category for \"Style\".\n\n\n","title":"Tinfoil Hat Contest","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"Want to block those pesky 5G microchips coursing through your vaccinated body? Did you anger our new AI overlords, and need to hide? Or do those alien mind control rays just have you down lately? Fear not, for we here at the Tin Foil Hat contest have your back for all of these! Come find us in the contest area, and we'll have you build a tin foil hat which is guaranteed to provide top quality protection for your noggin. How you ask? SCIENCE!\r\n\r\nShow us your skills by building a tin foil hat to shield your subversive thoughts, then test it out for effectiveness.\r\n\r\nThere are 2 categories: stock and unlimited. The hat in each category that causes the most signal attenuation will receive the \"Substance\" award for that category. We all know that hacker culture is all about looking good, though, so a single winner will be selected from each category for \"Style\".","updated_timestamp":{"seconds":1690067100,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-12T01:00:00.000-0000","links":[{"label":"Twitter (@DC_Tin_Foil_Hat)","type":"link","url":"https://twitter.com/@DC_Tin_Foil_Hat"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245419"}],"id":51527,"village_id":null,"tag_ids":[45635,45646,45743,45763],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","updated":"2023-07-22T23:05:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Are you looking for a good time? Are you trying to get lucky? Did you already get lucky by finding a Lonely Hard Drive in Vegas? Satisfy your curiosity by visiting the contest hall to get started or encounter one of the Lonely Hard Drives hidden around the conference! Contained within is a maze of puzzles and challenges that increase in difficulty the further you progress. There are flags to find and points to earn towards the leaderboard to win prizes at DEF CON 31! Act now! Limited time offer! The Lonely Hard Drive is waiting for you!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"The Lonely Hard Drive","android_description":"Are you looking for a good time? Are you trying to get lucky? Did you already get lucky by finding a Lonely Hard Drive in Vegas? Satisfy your curiosity by visiting the contest hall to get started or encounter one of the Lonely Hard Drives hidden around the conference! Contained within is a maze of puzzles and challenges that increase in difficulty the further you progress. There are flags to find and points to earn towards the leaderboard to win prizes at DEF CON 31! Act now! Limited time offer! The Lonely Hard Drive is waiting for you!","end_timestamp":{"seconds":1691809200,"nanoseconds":0},"updated_timestamp":{"seconds":1690066920,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-12T03:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245413"},{"label":"Twitter (@LonelyHardDrive)","type":"link","url":"https://twitter.com/@LonelyHardDrive"}],"id":51524,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[45635,45646,45743],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","updated":"2023-07-22T23:02:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Love puzzles? Need a place to exercise your classical and modern cryptography skills? This puzzle will keep you intrigued and busy throughout Defcon - and questioning how deep the layers of cryptography go.\r\n\r\nThe Gold Bug an annual Defcon puzzle hunt, focused on cryptography. You can learn about Caesar ciphers, brush up your understanding of how Enigma machines or key exchanges work, and try to crack harder modern crypto. Accessible to all - and drop by for some kids’ puzzles too!\r\n\r\n:‡?( 8*;(: .‡6*; 6) 5; 3‡0†2?3 †‡; -(:.;‡¶600538 †‡; ‡(3\r\n\r\nThe CPV and Goldbug contest are always kid friendly. We will have \"junior cryptographer\" puzzle sheet hand outs for kids and those new to the field.\n\n\n","title":"The Gold Bug Challenge","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"Love puzzles? Need a place to exercise your classical and modern cryptography skills? This puzzle will keep you intrigued and busy throughout Defcon - and questioning how deep the layers of cryptography go.\r\n\r\nThe Gold Bug an annual Defcon puzzle hunt, focused on cryptography. You can learn about Caesar ciphers, brush up your understanding of how Enigma machines or key exchanges work, and try to crack harder modern crypto. Accessible to all - and drop by for some kids’ puzzles too!\r\n\r\n:‡?( 8*;(: .‡6*; 6) 5; 3‡0†2?3 †‡; -(:.;‡¶600538 †‡; ‡(3\r\n\r\nThe CPV and Goldbug contest are always kid friendly. We will have \"junior cryptographer\" puzzle sheet hand outs for kids and those new to the field.","updated_timestamp":{"seconds":1691289900,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245407"},{"label":"Website","type":"link","url":"https://goldbug.cryptovillage.org/"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711644108837486602"},{"label":"Twitter (@CryptoVillage)","type":"link","url":"https://twitter.com/@CryptoVillage"}],"end":"2023-08-12T01:00:00.000-0000","id":51521,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[45635,45646,45765,45766],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-06T02:45:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Dark Tangent Look A-like Contest is a creative opportunity for DEF CON attendees to put their non-technical hacking skills to the test. As a contestant in The Dark Tangent Look A-like Contest, you will be judged based on your appearance, mannerisms, efforts, and overall persuasiveness. Can you assume another identity? Can you look, walk, talk, and act like Dark Tangent? Can you become THE DARK TANGENT?\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"The Dark Tangent Look-Alike Contest","android_description":"The Dark Tangent Look A-like Contest is a creative opportunity for DEF CON attendees to put their non-technical hacking skills to the test. As a contestant in The Dark Tangent Look A-like Contest, you will be judged based on your appearance, mannerisms, efforts, and overall persuasiveness. Can you assume another identity? Can you look, walk, talk, and act like Dark Tangent? Can you become THE DARK TANGENT?","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1690066680,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245402"}],"end":"2023-08-12T01:00:00.000-0000","id":51518,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[45635,45646,45743,45763],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-07-22T22:58:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"I don't know my gender non-specific guys. It's not funny anymore. We can't stop talking about a cheeto for paying hush money to a busty tortilla chip. Winny Pooh is presatator for life with a hunger for those sweet sweet chips. Off brand doctor evil is threatening to nuke the world on the weekly. And in the plot twist of the year BiBi is going fascist. I keep expecting ol'e Joe to bust out the force lightning and tell me to \"give in to my hate\". WELL TOO LATE! This year we are going to have a change of pace. I'm going to drink all the beverage! Lord knows I could use it. I'm kidding of course, I'm terribly allergic to hops. It's the greatest irony of all, I can't drink any of the beverage. But our spectators can! And they want that beverage to be COLD! So I need you to help me satisfy their thirst. Their thirst for escape from this mad world.\r\n\r\n--\r\nWe have soda for under 21 participants.\n\n\n","title":"The Beverage Cooling Contraption Contest","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"android_description":"I don't know my gender non-specific guys. It's not funny anymore. We can't stop talking about a cheeto for paying hush money to a busty tortilla chip. Winny Pooh is presatator for life with a hunger for those sweet sweet chips. Off brand doctor evil is threatening to nuke the world on the weekly. And in the plot twist of the year BiBi is going fascist. I keep expecting ol'e Joe to bust out the force lightning and tell me to \"give in to my hate\". WELL TOO LATE! This year we are going to have a change of pace. I'm going to drink all the beverage! Lord knows I could use it. I'm kidding of course, I'm terribly allergic to hops. It's the greatest irony of all, I can't drink any of the beverage. But our spectators can! And they want that beverage to be COLD! So I need you to help me satisfy their thirst. Their thirst for escape from this mad world.\r\n\r\n--\r\nWe have soda for under 21 participants.","end_timestamp":{"seconds":1691787600,"nanoseconds":0},"updated_timestamp":{"seconds":1691289660,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-11T21:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245397"}],"id":51517,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"tag_ids":[45635,45646,45743,45764],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","updated":"2023-08-06T02:41:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The TeleChallenge is a fast-paced, fully immersive, and epic battle of wits and skill. The highest level of commitment is required, and this is one of the hardest contests in the world to win, but you don't need any special technical skills to play: just a touch-tone phone. And remember: the best way to ascend into the Phoniverse is to get others involved in the TeleChallenge opportunity, so bring a team!\r\n\r\n--\r\n\r\nRated PG-13. It's a level of challenge that is probably most suited to high school students and up, but anyone can play and we try to make it fun even if you're not competitive to win. :)\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"TeleChallenge","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"The TeleChallenge is a fast-paced, fully immersive, and epic battle of wits and skill. The highest level of commitment is required, and this is one of the hardest contests in the world to win, but you don't need any special technical skills to play: just a touch-tone phone. And remember: the best way to ascend into the Phoniverse is to get others involved in the TeleChallenge opportunity, so bring a team!\r\n\r\n--\r\n\r\nRated PG-13. It's a level of challenge that is probably most suited to high school students and up, but anyone can play and we try to make it fun even if you're not competitive to win. :)","updated_timestamp":{"seconds":1691289900,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711644470063399012"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245391"},{"label":"Twitter (@telechallenge)","type":"link","url":"https://twitter.com/@telechallenge"},{"label":"Website","type":"link","url":"https://www.telechallenge.org"},{"label":"Mastodon (@telechallenge@defcon.social)","type":"link","url":"https://defcon.social/@telechallenge"}],"end":"2023-08-12T01:00:00.000-0000","id":51514,"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[45635,45646,45763,45766],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","updated":"2023-08-06T02:45:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Red Team Capture the Flag (CTF) competition at DEFCON is a challenging and exciting event that tests the skills of participants in offensive security. The objective of the Red Team CTF is for teams to successfully breach the security of a simulated target network.\r\n \r\n The Red Team CTF is designed to simulate real-world scenarios in which attackers attempt to penetrate the security of a network or system. Participants are expected to use a wide range of hacking techniques, tools, and skills to identify and exploit vulnerabilities in the target network.\r\n \r\n Teams are typically composed of experienced hackers, penetration testers, and security researchers who have a deep understanding of the latest cybersecurity threats and attack techniques. They must work together to uncover and exploit vulnerabilities in the target network, while also evading detection and countermeasures put in place by the Blue Team.\r\n \r\n The Red Team CTF at DEFCON is considered one of the most challenging and prestigious CTF competitions in the world, with participants coming from all over the globe to compete. It is a high-pressure, high-stakes event that tests the limits of participants' technical and strategic abilities, and offers a unique opportunity to showcase their skills and knowledge in front of a global audience of Hackers.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"Red Team CTF","android_description":"The Red Team Capture the Flag (CTF) competition at DEFCON is a challenging and exciting event that tests the skills of participants in offensive security. The objective of the Red Team CTF is for teams to successfully breach the security of a simulated target network.\r\n \r\n The Red Team CTF is designed to simulate real-world scenarios in which attackers attempt to penetrate the security of a network or system. Participants are expected to use a wide range of hacking techniques, tools, and skills to identify and exploit vulnerabilities in the target network.\r\n \r\n Teams are typically composed of experienced hackers, penetration testers, and security researchers who have a deep understanding of the latest cybersecurity threats and attack techniques. They must work together to uncover and exploit vulnerabilities in the target network, while also evading detection and countermeasures put in place by the Blue Team.\r\n \r\n The Red Team CTF at DEFCON is considered one of the most challenging and prestigious CTF competitions in the world, with participants coming from all over the globe to compete. It is a high-pressure, high-stakes event that tests the limits of participants' technical and strategic abilities, and offers a unique opportunity to showcase their skills and knowledge in front of a global audience of Hackers.","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1690065960,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-12T01:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245378"},{"label":"Website","type":"link","url":"https://threatsims.com/redteam-2023.html"}],"id":51508,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[45635,45646,45766],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","begin":"2023-08-11T17:00:00.000-0000","updated":"2023-07-22T22:46:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Do you have what it takes to hack WiFi, Bluetooth, and Software Defined Radio (SDR)?\r\n\r\nRF Hackers Sanctuary (the group formerly known as Wireless Village) is once again holding the Radio Frequency Capture the Flag (RFCTF) at DEF CON 31. RFHS runs this game to teach security concepts and to give people a safe and legal way to practice attacks against new and old wireless technologies.\r\n\r\nWe cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The RFCTF can be played with a little knowledge, a pen tester’s determination, and $0 to $$$$$ worth of special equipment. Our new virtual RFCTF can be played completely remotely without needing any specialized equipment at all, just using your web browser! The key is to read the clues, determine the goal of each challenge, and have fun learning.\r\n\r\nThere will be clues everywhere, and we will provide periodic updates via discord and twitter. Make sure you pay attention to what’s happening at the RFCTF desk, #rfctf on our discord, on Twitter @rf_ctf, @rfhackers, and the interwebz, etc. If you have a question - ASK! We may or may not answer, at our discretion.\r\n\r\nFOR THE NEW FOLKS\r\n\r\nOur virtual RFCTF environment is played remotely over ssh or through a web browser. It may help to have additional tools installed on your local machine, but it is not required.\r\n\r\nRead the presentations at: https://rfhackers.com/resources\r\n\r\nHybrid Fun\r\n\r\nFor DEF CON 31 we will be running in “Hybrid” mode. That means we will have both a physical presence AND the virtual game running simultaneously. All of the challenges we have perfected in the last 2 years in our virtual game will be up and running, available to anyone all over the world (including at the conference), entirely free. In addition to the virtual challenges, we will also have a large number of “in person” only challenges, which do require valid conference admission. These “in-person” only challenges will include our traditional fox hunts, hide and seeks, and king of the hill challenges. Additionally, we will have many challenges which we simply haven’t had time or ability to virtualize. Playing only the virtual game will severely limit the maximum available points which you can score, therefore don’t expect to place. If you play virtual only, consider the game an opportunity to learn, practice, hone your skills, and still get on the scoreboard for bragging rights. The virtual challenges which are available will have the same flags as the in-person challenges, allowing physical attendees the choice of hacking those challenges using either (or both) methods of access.\r\n\r\nTHE GAME\r\n\r\nTo score you will need to submit flags which will range from decoding transmissions in the spectrum, passphrases used to gain access to wireless access points, or even files located on servers. Once you capture the flag, submit it to the scoreboard right away, if you are confident it is correct. Flags will be worth less points the more often they are solved. Offense and defense are fully in play by the participants, the RFCTF organizers, and the Conference itself. Play nice, and we might also play nice.\r\n\r\nGetting started guide: https://github.com/rfhs/rfhs-wiki/wiki\r\n\r\nHelpful files (in-brief, wordlist, resources) can be found at https://github.com/rfhs/rfctf-files\r\n\r\nSupport tickets may be opened at https://github.com/rfhs/rfctf-support/issues\r\n\r\nOur whole game is also open source and available at: https://github.com/rfhs/rfctf-container\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"Radio Frequency Capture the Flag","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"Do you have what it takes to hack WiFi, Bluetooth, and Software Defined Radio (SDR)?\r\n\r\nRF Hackers Sanctuary (the group formerly known as Wireless Village) is once again holding the Radio Frequency Capture the Flag (RFCTF) at DEF CON 31. RFHS runs this game to teach security concepts and to give people a safe and legal way to practice attacks against new and old wireless technologies.\r\n\r\nWe cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The RFCTF can be played with a little knowledge, a pen tester’s determination, and $0 to $$$$$ worth of special equipment. Our new virtual RFCTF can be played completely remotely without needing any specialized equipment at all, just using your web browser! The key is to read the clues, determine the goal of each challenge, and have fun learning.\r\n\r\nThere will be clues everywhere, and we will provide periodic updates via discord and twitter. Make sure you pay attention to what’s happening at the RFCTF desk, #rfctf on our discord, on Twitter @rf_ctf, @rfhackers, and the interwebz, etc. If you have a question - ASK! We may or may not answer, at our discretion.\r\n\r\nFOR THE NEW FOLKS\r\n\r\nOur virtual RFCTF environment is played remotely over ssh or through a web browser. It may help to have additional tools installed on your local machine, but it is not required.\r\n\r\nRead the presentations at: https://rfhackers.com/resources\r\n\r\nHybrid Fun\r\n\r\nFor DEF CON 31 we will be running in “Hybrid” mode. That means we will have both a physical presence AND the virtual game running simultaneously. All of the challenges we have perfected in the last 2 years in our virtual game will be up and running, available to anyone all over the world (including at the conference), entirely free. In addition to the virtual challenges, we will also have a large number of “in person” only challenges, which do require valid conference admission. These “in-person” only challenges will include our traditional fox hunts, hide and seeks, and king of the hill challenges. Additionally, we will have many challenges which we simply haven’t had time or ability to virtualize. Playing only the virtual game will severely limit the maximum available points which you can score, therefore don’t expect to place. If you play virtual only, consider the game an opportunity to learn, practice, hone your skills, and still get on the scoreboard for bragging rights. The virtual challenges which are available will have the same flags as the in-person challenges, allowing physical attendees the choice of hacking those challenges using either (or both) methods of access.\r\n\r\nTHE GAME\r\n\r\nTo score you will need to submit flags which will range from decoding transmissions in the spectrum, passphrases used to gain access to wireless access points, or even files located on servers. Once you capture the flag, submit it to the scoreboard right away, if you are confident it is correct. Flags will be worth less points the more often they are solved. Offense and defense are fully in play by the participants, the RFCTF organizers, and the Conference itself. Play nice, and we might also play nice.\r\n\r\nGetting started guide: https://github.com/rfhs/rfhs-wiki/wiki\r\n\r\nHelpful files (in-brief, wordlist, resources) can be found at https://github.com/rfhs/rfctf-files\r\n\r\nSupport tickets may be opened at https://github.com/rfhs/rfctf-support/issues\r\n\r\nOur whole game is also open source and available at: https://github.com/rfhs/rfctf-container","updated_timestamp":{"seconds":1690939380,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Website","type":"link","url":"http://rfhackers.com"},{"label":"Twitter (@rf_ctf)","type":"link","url":"https://twitter.com/@rf_ctf"},{"label":"Support","type":"link","url":"https://github.com/rfhs/rfctf-support/issues"},{"label":"Discord","type":"link","url":"https://discordapp.com/invite/JjPQhKy"},{"label":"Twitter (@rfhackers)","type":"link","url":"https://twitter.com/@rfhackers"},{"label":"Github","type":"link","url":"https://github.com/rfhs"}],"end":"2023-08-12T01:00:00.000-0000","id":51502,"village_id":58,"tag_ids":[40292,45635,45647,45766],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Eldorado - Radio Frequency Village","hotel":"","short_name":"Eldorado - Radio Frequency Village","id":45714},"begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-02T01:23:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Do you have what it takes to go up against Mayhem Industries' latest maleficent project? Starphish Ltd. is up to no good in that way that only corporations can be. They've got five Divisions, which means you've got five opportunities to shut them down!\r\n\r\nIt won't be easy. You'll be directing a team of infiltrators through increasingly difficult challenges. What sort of challenges? Depends on the Division. Engineering is full of crunchy hacking challenges. HR's got the goods on social engineering. Finance'll be data processing the whole way.\r\n\r\nAnd the C-suite? Most dangerous of all… We've never been able to get an operative inside, so they could be anything. We're counting on you.\r\n\r\nStarphish is a fun and interactive jeopardy style CTF contest. Don't worry if you don't know what that means. Winning will require demonstrating a wide range of hacking skills, but participating is encouraged for all ability levels. Challenges range from simple puzzles, to challenging crypto problems, to truly phishy hijinks.\r\n\r\npTFS is a hacker collective that has been competing in various DEF CON contests for almost 15 years.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"pTFS Presents: Mayhem Industries – Starphish","end_timestamp":{"seconds":1691809200,"nanoseconds":0},"android_description":"Do you have what it takes to go up against Mayhem Industries' latest maleficent project? Starphish Ltd. is up to no good in that way that only corporations can be. They've got five Divisions, which means you've got five opportunities to shut them down!\r\n\r\nIt won't be easy. You'll be directing a team of infiltrators through increasingly difficult challenges. What sort of challenges? Depends on the Division. Engineering is full of crunchy hacking challenges. HR's got the goods on social engineering. Finance'll be data processing the whole way.\r\n\r\nAnd the C-suite? Most dangerous of all… We've never been able to get an operative inside, so they could be anything. We're counting on you.\r\n\r\nStarphish is a fun and interactive jeopardy style CTF contest. Don't worry if you don't know what that means. Winning will require demonstrating a wide range of hacking skills, but participating is encouraged for all ability levels. Challenges range from simple puzzles, to challenging crypto problems, to truly phishy hijinks.\r\n\r\npTFS is a hacker collective that has been competing in various DEF CON contests for almost 15 years.","updated_timestamp":{"seconds":1690062420,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Website","type":"link","url":"https://ptfs.team/dc31"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245367"}],"end":"2023-08-12T03:00:00.000-0000","id":51500,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"tag_ids":[45635,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-07-22T21:47:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Octopus Game is back for a second year! This contest is a battle royale style competition where fun and friendship is the goal. This year players will meet together in various locations at the same time for group competition through through fun games. 128 players will enter, but only 1 will be crowned the Octopus CHAMPION. Join us, make some new friends and remember: only the best will prevail!\n\n\n","title":"Octopus Game","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"end_timestamp":{"seconds":1691787600,"nanoseconds":0},"android_description":"Octopus Game is back for a second year! This contest is a battle royale style competition where fun and friendship is the goal. This year players will meet together in various locations at the same time for group competition through through fun games. 128 players will enter, but only 1 will be crowned the Octopus CHAMPION. Join us, make some new friends and remember: only the best will prevail!","updated_timestamp":{"seconds":1690062240,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245213"},{"label":"Mastodon (@OctopusGame@defcon.social)","type":"link","url":"https://defcon.social/@OctopusGame"},{"label":"Twitter (@OctopusGameDC)","type":"link","url":"https://twitter.com/OctopusGameDC"},{"label":"Website","type":"link","url":"https://www.mirolabs.info/octopusgamedc31"}],"end":"2023-08-11T21:00:00.000-0000","id":51497,"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[45635,45646,45743,45763],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-07-22T21:44:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Maps of the Digital Lands is an all-ages contest that challenges participants to merge their artistic talents with their technical expertise. Contestants will be provided with a diverse array of written business designs and must hand-draw a network diagram illustrating the structure and interconnectivity of each business's infrastructure. Judging will be based on accuracy, adherence to best practices, and artistic prowess. In addition, a captivating Capture the Flag scenario will be available for extra points, employing a digital tool to elevate the challenge. Participants of all skill levels are encouraged to join this immersive experience, compete for assorted prizes, and showcase their unique ability to blend artistry with network engineering excellence. Network engineering is a crucial yet frequently overlooked aspect of hacking, forming the backbone of a secure and efficient cyber ecosystem. By honing their network engineering skills, participants can elevate their abilities beyond mere script kiddie status, gaining a comprehensive understanding of system vulnerabilities and strengthening their overall hacking prowess.\n\n\n","title":"Maps of the digital lands","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"Maps of the Digital Lands is an all-ages contest that challenges participants to merge their artistic talents with their technical expertise. Contestants will be provided with a diverse array of written business designs and must hand-draw a network diagram illustrating the structure and interconnectivity of each business's infrastructure. Judging will be based on accuracy, adherence to best practices, and artistic prowess. In addition, a captivating Capture the Flag scenario will be available for extra points, employing a digital tool to elevate the challenge. Participants of all skill levels are encouraged to join this immersive experience, compete for assorted prizes, and showcase their unique ability to blend artistry with network engineering excellence. Network engineering is a crucial yet frequently overlooked aspect of hacking, forming the backbone of a secure and efficient cyber ecosystem. By honing their network engineering skills, participants can elevate their abilities beyond mere script kiddie status, gaining a comprehensive understanding of system vulnerabilities and strengthening their overall hacking prowess.","updated_timestamp":{"seconds":1690062060,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-12T01:00:00.000-0000","links":[{"label":"Booking CTF Slots","type":"link","url":"https://alienvualt.com/ctf"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245357"},{"label":"AlienVault","type":"link","url":"https://alienvualt.com"}],"id":51494,"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[45635,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-07-22T21:41:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Your friend called. They had their place raided. They swear it's a setup. But now they're in jail and you're the only hope they have. Can you collect the evidence that will let them walk free? Where should you look? The evidence is everywhere, and it could be anywhere. You might be sitting on it. You might be standing near it. It might be stuck to something. It might be lying in plain sight. Find the disks and bring them to us. All they said to you before they hung up was \"It's in that place where I put that thing that time.\" Good luck.\n\n\n","title":"It's In That Place Where I Put That Thing That Time","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"Your friend called. They had their place raided. They swear it's a setup. But now they're in jail and you're the only hope they have. Can you collect the evidence that will let them walk free? Where should you look? The evidence is everywhere, and it could be anywhere. You might be sitting on it. You might be standing near it. It might be stuck to something. It might be lying in plain sight. Find the disks and bring them to us. All they said to you before they hung up was \"It's in that place where I put that thing that time.\" Good luck.","updated_timestamp":{"seconds":1690062000,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Twitter (@iitpwiptttt)","type":"link","url":"https://twitter.com/@iitpwiptttt"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245355"}],"end":"2023-08-12T01:00:00.000-0000","id":51492,"tag_ids":[45635,45646,45743],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"begin":"2023-08-11T17:00:00.000-0000","updated":"2023-07-22T21:40:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Hosted in IoT Village, teams of 1-6 players compete against one another by exploiting off-the-shelf IoT devices. This has been completely redesigned from previous contests, and features real-world devices that all have real-world vulnerabilities with real-world impacts. \r\n \r\n This CTF is open to anyone! It is approachable for entry level people to experience getting their first root shell on IoT, but to really advance in this CTF teams will need to perform detailed vulnerability research, hardware hacking, firmware analysis, reverse engineering, and limited exploit development. \r\n \r\n CTFs are a great experience to learn more about security and test your skills, and the IoT CTF provides the most realistic hacking experience around! So, join up in a team (or even by yourself) and compete for fun and prizes! Exploit as many as you can during the con and the top three teams will be rewarded.\n\n\n","title":"IoT Village CTF","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"android_description":"Hosted in IoT Village, teams of 1-6 players compete against one another by exploiting off-the-shelf IoT devices. This has been completely redesigned from previous contests, and features real-world devices that all have real-world vulnerabilities with real-world impacts. \r\n \r\n This CTF is open to anyone! It is approachable for entry level people to experience getting their first root shell on IoT, but to really advance in this CTF teams will need to perform detailed vulnerability research, hardware hacking, firmware analysis, reverse engineering, and limited exploit development. \r\n \r\n CTFs are a great experience to learn more about security and test your skills, and the IoT CTF provides the most realistic hacking experience around! So, join up in a team (or even by yourself) and compete for fun and prizes! Exploit as many as you can during the con and the top three teams will be rewarded.","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1690061880,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245348"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711644307597164665"},{"label":"Scoreboard","type":"link","url":"https://scoreboard.iotvillage.org/"}],"end":"2023-08-12T01:00:00.000-0000","id":51489,"tag_ids":[45635,45646,45743],"village_id":66,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 307-310 - IOT Village","hotel":"","short_name":"Alliance - 307-310 - IOT Village","id":45867},"updated":"2023-07-22T21:38:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Welcome to IntelOps - Operation Spacewatch! This is a game that pits you against threat actors in the near future, who are trying to trigger nuclear war! Using cyber threat intelligence, it is up to you to support cyber protection teams to defend a vital satellite constellation and prevent a hacker network from undermining your collective defense in a race against time.\r\n\r\nDescription of the event\r\nThe event will host three simultaneous instances of a team game. Teams consist of three players each. Nine players can play at a time. We will provide three laptops and displays, along with three facilitators to ensure a smooth and enjoyable experience. Each game is 20 minutes duration, allowing up to 300 players to play the game in-person on the day.\r\nWe have successfully delivered similar games to large groups of participants in the past, and we are confident that this event will add to the success of DEF CON 31.\r\n\r\nDescription of the game\r\nCyber Threat Intelligence (CTI) deals with information from past attacks, malware analysis and evolving threats in cyberspace. CTI enables enhanced decisions and to get ahead of the cyber attack. But how can I apply CTI and use it? The game \"IntelOps - Operation Spacewatch\" aims to improve players' understanding of CTI. Participants learn about different frameworks, sources and types of CTI and how they can use CTI data in a fun way. The game is built to not only teach terms and theory but apply CTI in a real-world context.\r\nThe game is based on four major CTI and cyber security models. These are the NIST Cyber Security Framework (CSF), MITRE ATT&CK Matrix, the Cyber Kill Chain and the Pyramid of Pain. \r\nAs a player, you are part of the United Nations (UN) CTI team and assigned to the mission to stop the attack on the satellite constellation. Your task is to use the available CTI your team has collected and assist the other members of the UN Cyber Protection Team (CPT).\r\nThe players find themselves in a near future scenario where every nation has access to ballistic-launched nuclear weapons. For monitoring and control purposes, the United Nations has established a global satellite defense system to detect ballistic and hypersonic missile launches. The defense system allows the UN to be able to react immediately when suspicious activities on the weapons are detected. A global hacker network is threatening to disable the satellite constellation to use nuclear weapons for their purposes.\r\nThere are 32 satellites in the global defense system your team has to protect. If 4 or more satellites are compromised and deactivated, the hacker network successfully disenabled the defense system and can take control of the nuclear weapons. It is your mission to protect the satellite network and ensure the availability of the global defense system.\r\n\r\nThe players are provided with the following game components:\r\n- CTI information in form of a card deck;\r\n- An overview of the satellite network and the satellite’s availability status;\r\n- The status and progress of the cyber attackpresented with the Cyber Kill Chain;\r\n- The Pyramid of Pain to allocate and classify the CTI data;\r\n- A NIST CSF game board to place and apply the CTI information;\r\n- Scenario description.\r\n\r\nWhile the CTI cards and the NIST CSF game board are provided as physical components, the Cyber Kill Chain, the satellite network and the Pyramid of Pain will be displayed on a monitor managed through a laptop by the game facilitators.\r\n\r\nSummary of gameplay\r\nThe CTI cards must be played strategically to stop the cyber attack. The number of cards and information as well as the number of packages that can be sent to the satellites are limited. The CTI cards must be applied to each NIST CSF phase. Each phase of the NIST CSF has limited fields for applying the CTI information. The limitation is based on the limited number of packets that can be sent to the satellite network. The game includes four turns in total to save the satellite network. Depending on the effectiveness of the CTI application, there is a chance to stop the attack at every turn. The status of the cyber attack and the effectiveness of the applied CTI information is presented with the help of the Cyber Kill Chain. It represents the attacker's view. If the chosen CTI strategy and application were not successful, the team loses a satellite to the hacker network. In this case, the colour of a satellite on the monitor changes from red to green.\r\n\r\nGame duration\r\nEvery game last 20 minutes in total. Each turn, the players have 5 minutes to decide on their CTI strategy, apply the information to the NIST CSF board and stop the attack. There are a maximum of four turns to a game.\n\n\n","title":"IntelOps - Operation Spacewatch","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"Welcome to IntelOps - Operation Spacewatch! This is a game that pits you against threat actors in the near future, who are trying to trigger nuclear war! Using cyber threat intelligence, it is up to you to support cyber protection teams to defend a vital satellite constellation and prevent a hacker network from undermining your collective defense in a race against time.\r\n\r\nDescription of the event\r\nThe event will host three simultaneous instances of a team game. Teams consist of three players each. Nine players can play at a time. We will provide three laptops and displays, along with three facilitators to ensure a smooth and enjoyable experience. Each game is 20 minutes duration, allowing up to 300 players to play the game in-person on the day.\r\nWe have successfully delivered similar games to large groups of participants in the past, and we are confident that this event will add to the success of DEF CON 31.\r\n\r\nDescription of the game\r\nCyber Threat Intelligence (CTI) deals with information from past attacks, malware analysis and evolving threats in cyberspace. CTI enables enhanced decisions and to get ahead of the cyber attack. But how can I apply CTI and use it? The game \"IntelOps - Operation Spacewatch\" aims to improve players' understanding of CTI. Participants learn about different frameworks, sources and types of CTI and how they can use CTI data in a fun way. The game is built to not only teach terms and theory but apply CTI in a real-world context.\r\nThe game is based on four major CTI and cyber security models. These are the NIST Cyber Security Framework (CSF), MITRE ATT&CK Matrix, the Cyber Kill Chain and the Pyramid of Pain. \r\nAs a player, you are part of the United Nations (UN) CTI team and assigned to the mission to stop the attack on the satellite constellation. Your task is to use the available CTI your team has collected and assist the other members of the UN Cyber Protection Team (CPT).\r\nThe players find themselves in a near future scenario where every nation has access to ballistic-launched nuclear weapons. For monitoring and control purposes, the United Nations has established a global satellite defense system to detect ballistic and hypersonic missile launches. The defense system allows the UN to be able to react immediately when suspicious activities on the weapons are detected. A global hacker network is threatening to disable the satellite constellation to use nuclear weapons for their purposes.\r\nThere are 32 satellites in the global defense system your team has to protect. If 4 or more satellites are compromised and deactivated, the hacker network successfully disenabled the defense system and can take control of the nuclear weapons. It is your mission to protect the satellite network and ensure the availability of the global defense system.\r\n\r\nThe players are provided with the following game components:\r\n- CTI information in form of a card deck;\r\n- An overview of the satellite network and the satellite’s availability status;\r\n- The status and progress of the cyber attackpresented with the Cyber Kill Chain;\r\n- The Pyramid of Pain to allocate and classify the CTI data;\r\n- A NIST CSF game board to place and apply the CTI information;\r\n- Scenario description.\r\n\r\nWhile the CTI cards and the NIST CSF game board are provided as physical components, the Cyber Kill Chain, the satellite network and the Pyramid of Pain will be displayed on a monitor managed through a laptop by the game facilitators.\r\n\r\nSummary of gameplay\r\nThe CTI cards must be played strategically to stop the cyber attack. The number of cards and information as well as the number of packages that can be sent to the satellites are limited. The CTI cards must be applied to each NIST CSF phase. Each phase of the NIST CSF has limited fields for applying the CTI information. The limitation is based on the limited number of packets that can be sent to the satellite network. The game includes four turns in total to save the satellite network. Depending on the effectiveness of the CTI application, there is a chance to stop the attack at every turn. The status of the cyber attack and the effectiveness of the applied CTI information is presented with the help of the Cyber Kill Chain. It represents the attacker's view. If the chosen CTI strategy and application were not successful, the team loses a satellite to the hacker network. In this case, the colour of a satellite on the monitor changes from red to green.\r\n\r\nGame duration\r\nEvery game last 20 minutes in total. Each turn, the players have 5 minutes to decide on their CTI strategy, apply the information to the NIST CSF board and stop the attack. There are a maximum of four turns to a game.","updated_timestamp":{"seconds":1690124400,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Twitter (@CTI_operations)","type":"link","url":"https://twitter.com/@CTI_operations"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245441"}],"end":"2023-08-12T01:00:00.000-0000","id":51488,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"tag_ids":[45635,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-07-23T15:00:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The DEF CON Hardware Hacking Village CTF is back again! Come put your skills to the test against other hackers. The contest is structured so that everyone should be able to gain some flags, and even the experienced will sweet a few drops to get them all.\r\n\r\nHeat up your soldering iron and freshen the batteries in your multimeter! The Hardware Hacking Village (HHV) is hosting their first official DEF CON Capture the Flag (CTF). This is a jeopardy style CTF, designed to challenge participants in various aspects of hardware hacking. Whether you're new to hardware hacking or experienced and just looking for something to do while you wait for your fault injection to trigger, all are welcome and challenges range from beginner to advanced.\n\n\n","title":"Hardware Hacking Village CTF","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"android_description":"The DEF CON Hardware Hacking Village CTF is back again! Come put your skills to the test against other hackers. The contest is structured so that everyone should be able to gain some flags, and even the experienced will sweet a few drops to get them all.\r\n\r\nHeat up your soldering iron and freshen the batteries in your multimeter! The Hardware Hacking Village (HHV) is hosting their first official DEF CON Capture the Flag (CTF). This is a jeopardy style CTF, designed to challenge participants in various aspects of hardware hacking. Whether you're new to hardware hacking or experienced and just looking for something to do while you wait for your fault injection to trigger, all are welcome and challenges range from beginner to advanced.","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691252160,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Details","type":"link","url":"https://dchhv.org/challenges/dc31.html"},{"label":"Twitter (@dc_hhv)","type":"link","url":"https://twitter.com/@dc_hhv"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245343"}],"end":"2023-08-12T01:00:00.000-0000","id":51483,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[40287,45635,45646,45743],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45692,"name":"Caesars Forum - Alliance - 311-312 - Hardware/Soldering Vlgs","hotel":"","short_name":"Alliance - 311-312 - Hardware/Soldering Vlgs","id":45868},"begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-05T16:16:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In the world of amateur radio, groups of hams will often put together a transmitter hunt (also called \"fox hunting\") in order to hone their radio direction finding skills to locate one or more hidden radio transmitters broadcasting. The Defcon Fox Hunt will require participants to locate a number of hidden radio transmitters broadcasting at very low power which are hidden throughout the conference. Each transmitter will provide a clue or code which will prove the player found the fox transmitter. A map with rough search areas will be given to participants to guide them on their hunt. Additional hints and tips will be provided throughout Defcon at the contest table to help people who find themselves stuck. A small prize to be determined will be given to each participant who locates all of the foxes each day.\r\n\r\nExpanded this year with increased difficulty each day. Friday: Foxes in a small area, non moving Saturday: Foxes in a larger area, with one moving. Sunday: Foxes are on the move. The hunt is on!\r\n\r\nThere will also be a beginner friendly, no radio required, Infrared LED Fox Hunt running everyday which participants can use their cameras on their phones to find!\r\n\r\n--\r\n\r\nWe have had many kids participate and complete the contest over the years... and they've all had a blast doing so.\n\n\n","title":"Ham Radio Fox Hunting Contest","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"In the world of amateur radio, groups of hams will often put together a transmitter hunt (also called \"fox hunting\") in order to hone their radio direction finding skills to locate one or more hidden radio transmitters broadcasting. The Defcon Fox Hunt will require participants to locate a number of hidden radio transmitters broadcasting at very low power which are hidden throughout the conference. Each transmitter will provide a clue or code which will prove the player found the fox transmitter. A map with rough search areas will be given to participants to guide them on their hunt. Additional hints and tips will be provided throughout Defcon at the contest table to help people who find themselves stuck. A small prize to be determined will be given to each participant who locates all of the foxes each day.\r\n\r\nExpanded this year with increased difficulty each day. Friday: Foxes in a small area, non moving Saturday: Foxes in a larger area, with one moving. Sunday: Foxes are on the move. The hunt is on!\r\n\r\nThere will also be a beginner friendly, no radio required, Infrared LED Fox Hunt running everyday which participants can use their cameras on their phones to find!\r\n\r\n--\r\n\r\nWe have had many kids participate and complete the contest over the years... and they've all had a blast doing so.","updated_timestamp":{"seconds":1691289840,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711645275902574633"},{"label":"Twitter (@Evil_mog)","type":"link","url":"https://twitter.com/@Evil_mog"},{"label":"Website","type":"link","url":"https://defcon31foxhunt.com"}],"end":"2023-08-12T01:00:00.000-0000","id":51480,"village_id":null,"tag_ids":[45635,45646,45743,45764],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-06T02:44:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Hackfortress is a unique blend of Team Fortress 2 and a computer security contest. Teams are made up of 6 TF2 players and 4 hackers, TF2 players duke it out while hackers are busy with challenges like application security, network security, social engineering, or reverse engineering. As teams start scoring they can redeem points in the hack fortress store for bonuses. Bonuses range from crits for the TF2, lighting the opposing team on fire, or preventing the other teams hackers from accessing the store. HackFortress challenges range from beginner to advanced, from serious to absurd.\r\n\r\n - Thursday: Once our network is setup and ready, runs until the contest area closes.\r\n - Friday: 10:00 - 18:00 (open play)\r\n - 10 AM: Team Fortress 2 free play\r\n - 3 PM Contest begins\r\n - 5 PM Contest registration closes\r\n - Saturday: 10:00 - 18:00 ( Contest, all day )\r\n\r\n-- \r\n\r\nKid friendly, as long as they want to play a 16 year old FPS.\r\n\n\n\n","title":"HackFortress","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"Hackfortress is a unique blend of Team Fortress 2 and a computer security contest. Teams are made up of 6 TF2 players and 4 hackers, TF2 players duke it out while hackers are busy with challenges like application security, network security, social engineering, or reverse engineering. As teams start scoring they can redeem points in the hack fortress store for bonuses. Bonuses range from crits for the TF2, lighting the opposing team on fire, or preventing the other teams hackers from accessing the store. HackFortress challenges range from beginner to advanced, from serious to absurd.\r\n\r\n - Thursday: Once our network is setup and ready, runs until the contest area closes.\r\n - Friday: 10:00 - 18:00 (open play)\r\n - 10 AM: Team Fortress 2 free play\r\n - 3 PM Contest begins\r\n - 5 PM Contest registration closes\r\n - Saturday: 10:00 - 18:00 ( Contest, all day )\r\n\r\n-- \r\n\r\nKid friendly, as long as they want to play a 16 year old FPS.","updated_timestamp":{"seconds":1691606460,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245332"},{"label":"Website","type":"link","url":"https://hackfortress.net"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711643831275225125"},{"label":"Twitter (@tf2shmoo)","type":"link","url":"https://twitter.com/@tf2shmoo"}],"end":"2023-08-12T01:00:00.000-0000","id":51478,"tag_ids":[45635,45646,45743,45763],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-08-09T18:41:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Department of the Air Force, in collaboration with the security research community, is hosting Hack-A-Sat 4 – the world’s first CTF in space. Hack-A-Sat 4 aims to enable security researchers of all levels to focus their skills and creativity on solving cyber security challenges on space systems and incentivize innovation in securing these systems. Hack-A-Sat 4 will be the first CTF hosted on an on-orbit satellite, called Moonlighter. The satellite has been designed and built to advance the security research community’s skills and knowledge of on-orbit space systems. Note: HAS4 is no longer open to new contestants as the qualifying event took place in April. Attendees stopping by the HAS4 contest area will be able to learn about the history of Hack-A-Sat, Moonlighter and this year’s challenges. The area will have live scoreboards, dashboards and visualizations relaying game status, and live commentary will be provided from the adjacent Aerospace Village throughout the weekend. \r\n \r\n HAS4 Qualifications were held April 1-2, 2023. \r\n Results here: https://quals.2023.hackasat.com/scoreboard/complete\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"Hack-A-Sat 4 (HAS4)","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"The Department of the Air Force, in collaboration with the security research community, is hosting Hack-A-Sat 4 – the world’s first CTF in space. Hack-A-Sat 4 aims to enable security researchers of all levels to focus their skills and creativity on solving cyber security challenges on space systems and incentivize innovation in securing these systems. Hack-A-Sat 4 will be the first CTF hosted on an on-orbit satellite, called Moonlighter. The satellite has been designed and built to advance the security research community’s skills and knowledge of on-orbit space systems. Note: HAS4 is no longer open to new contestants as the qualifying event took place in April. Attendees stopping by the HAS4 contest area will be able to learn about the history of Hack-A-Sat, Moonlighter and this year’s challenges. The area will have live scoreboards, dashboards and visualizations relaying game status, and live commentary will be provided from the adjacent Aerospace Village throughout the weekend. \r\n \r\n HAS4 Qualifications were held April 1-2, 2023. \r\n Results here: https://quals.2023.hackasat.com/scoreboard/complete","updated_timestamp":{"seconds":1690059180,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Qualification Results","type":"link","url":"https://quals.2023.hackasat.com/scoreboard/complete"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245316"}],"end":"2023-08-12T01:00:00.000-0000","id":51471,"tag_ids":[45635,45646,45743],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","begin":"2023-08-11T17:00:00.000-0000","updated":"2023-07-22T20:53:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Embedded systems are everywhere in our daily lives, from the smart devices in our homes to the systems that control critical infrastructure. These systems exist at the intersection of hardware and software, built to accomplish a specific task. However, unlike general-purpose computers, embedded systems are typically designed for a particular use case and have limited resources. This makes them both challenging and fascinating to work with, especially from a security perspective.\r\n\r\nThe Embedded CTF contest is an exciting opportunity to explore the intricacies of these systems and test your skills in a competitive environment. Contestants are challenged to find vulnerabilities in the firmware or hardware and exploit them to gain access or control over the device. The contest offers a unique opportunity to explore embedded devices' inner workings and understand their design's security implications.\r\n\r\nNew devices will be dramatically introduced at set intervals throughout the competition, and point values will decrease over time. This keeps contestants guessing and on their toes, forcing them to adapt and use their skills to tackle new challenges. It also offers a chance to learn about different types of devices and how they function, broadening participants' knowledge and experience.\r\n\r\nBy participating in the contest, teams of up to 6 contestants can develop a deep understanding of how these systems operate and how to secure them against potential attacks. Additionally, the contest encourages participants to think outside the box and approach problems creatively, honing their problem-solving skills.\r\n\r\nWith the increasing integration of technology in our daily lives, embedded devices are becoming more ubiquitous. Whether you're a seasoned security professional or just starting in the field, this contest offers a chance to learn, test your skills, and have fun in a dynamic and competitive environment.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"Embedded CTF","android_description":"Embedded systems are everywhere in our daily lives, from the smart devices in our homes to the systems that control critical infrastructure. These systems exist at the intersection of hardware and software, built to accomplish a specific task. However, unlike general-purpose computers, embedded systems are typically designed for a particular use case and have limited resources. This makes them both challenging and fascinating to work with, especially from a security perspective.\r\n\r\nThe Embedded CTF contest is an exciting opportunity to explore the intricacies of these systems and test your skills in a competitive environment. Contestants are challenged to find vulnerabilities in the firmware or hardware and exploit them to gain access or control over the device. The contest offers a unique opportunity to explore embedded devices' inner workings and understand their design's security implications.\r\n\r\nNew devices will be dramatically introduced at set intervals throughout the competition, and point values will decrease over time. This keeps contestants guessing and on their toes, forcing them to adapt and use their skills to tackle new challenges. It also offers a chance to learn about different types of devices and how they function, broadening participants' knowledge and experience.\r\n\r\nBy participating in the contest, teams of up to 6 contestants can develop a deep understanding of how these systems operate and how to secure them against potential attacks. Additionally, the contest encourages participants to think outside the box and approach problems creatively, honing their problem-solving skills.\r\n\r\nWith the increasing integration of technology in our daily lives, embedded devices are becoming more ubiquitous. Whether you're a seasoned security professional or just starting in the field, this contest offers a chance to learn, test your skills, and have fun in a dynamic and competitive environment.","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1690058820,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Twitter (@EmbeddedVillage)","type":"link","url":"https://twitter.com/@EmbeddedVillage"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245307"}],"end":"2023-08-12T01:00:00.000-0000","id":51467,"tag_ids":[45635,45649,45743],"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Evolution - Embedded Systems Village","hotel":"","short_name":"Evolution - Embedded Systems Village","id":45735},"spans_timebands":"N","begin":"2023-08-11T17:00:00.000-0000","updated":"2023-07-22T20:47:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"D@D is a table-top/RPG themed puzzling campaign for teams of 1-4 players. As part of the campaign, teams will unravel crypto challenges, solve physical puzzles, and do other side-quests that will have them interacting with different components of the Defcon community (villages, goons, NPCs, local wildlife, trolls, etc.) to earn points and progress through a narrative. The theme changes each year, but typically is based loosely on a popular table-top game that fits the theme for Defcon. Teams learn how to work cooperatively to solve large puzzles, and learn how to solve puzzles that they may have seen in CTFs, escape rooms, or other puzzle venues. The contest is designed to be accessible to all technical levels and all ages.\r\n \r\n Pre-registration will occur online the week before con (announced via Twitter) as well as Friday morning at 10 in person, first come first served until we have enough teams filled. Contest will start at 12:00 on Friday\r\n\r\n--\r\n\r\nKids are welcome. The first year Dungeons @ DEF CON ran, two kids with the help of their fathers won a black badge. \n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"Dungeons@Defcon","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"D@D is a table-top/RPG themed puzzling campaign for teams of 1-4 players. As part of the campaign, teams will unravel crypto challenges, solve physical puzzles, and do other side-quests that will have them interacting with different components of the Defcon community (villages, goons, NPCs, local wildlife, trolls, etc.) to earn points and progress through a narrative. The theme changes each year, but typically is based loosely on a popular table-top game that fits the theme for Defcon. Teams learn how to work cooperatively to solve large puzzles, and learn how to solve puzzles that they may have seen in CTFs, escape rooms, or other puzzle venues. The contest is designed to be accessible to all technical levels and all ages.\r\n \r\n Pre-registration will occur online the week before con (announced via Twitter) as well as Friday morning at 10 in person, first come first served until we have enough teams filled. Contest will start at 12:00 on Friday\r\n\r\n--\r\n\r\nKids are welcome. The first year Dungeons @ DEF CON ran, two kids with the help of their fathers won a black badge.","updated_timestamp":{"seconds":1691289480,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245277"},{"label":"Website","type":"link","url":"https://www.dungeonsatdefcon.com/"}],"end":"2023-08-12T01:00:00.000-0000","id":51465,"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[45635,45646,45763,45766],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-08-06T02:38:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The DEFCON MUD is back, this time you can only access it over dumb terminals or serial terminals hosted by the DEFCON SCAV Hunt. Flags will be hosted inside the mud, good luck, have fun, and oh yes the game has exploits, can you find them all?\r\n\r\n--\r\n\r\nRated PG-13.\r\n\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"DEFCON MUD DUMB TERMINAL EDITION","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"The DEFCON MUD is back, this time you can only access it over dumb terminals or serial terminals hosted by the DEFCON SCAV Hunt. Flags will be hosted inside the mud, good luck, have fun, and oh yes the game has exploits, can you find them all?\r\n\r\n--\r\n\r\nRated PG-13.","updated_timestamp":{"seconds":1691289540,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-12T01:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245270"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/728707998796480590"}],"id":51462,"tag_ids":[45635,45646,45743,45764],"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-08-06T02:39:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Are you tired of being an NPC, mindlessly standing in line at a hacker con? Do you want to be involved and improve the hacker community? The DEF CON Scavenger Hunt is here to encourage you to interact with goons and attendees alike; to be an active participant of DEF CON itself.\r\n \r\n Come visit the DEF CON Scavenger Hunt table in the contest area and get a list, register your team of 1 to 5 players, and gather or accomplish as many items from the list as you can. Items are submitted at the table, better than average submissions shall be awarded bonus points. The team who turns in the most points by Sunday at noon will win the admiration of your like-minded peers.\r\n \r\n The DEF CON Scavenger Hunt is one of the longest running contests at DEF CON, visit https://defconscavhunt.com for a history lesson.\r\n \r\n If you capture pictures or video of items from our list, or have in the past, please send them to us via email scavlist@gmail.com.\r\n\r\n--\r\n\r\nThe scavenger hunt list is open to interpretation and we are not responsible for how list items are interpreted. We have had a number of pre-teens and teenagers play the scavenger hunt over the years, primarily with their parents but occasionally alone. The team that won at DC24 included a teenager with their parents. Parental Guidance Recommended.\r\n\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"DEF CON Scavenger Hunt","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"Are you tired of being an NPC, mindlessly standing in line at a hacker con? Do you want to be involved and improve the hacker community? The DEF CON Scavenger Hunt is here to encourage you to interact with goons and attendees alike; to be an active participant of DEF CON itself.\r\n \r\n Come visit the DEF CON Scavenger Hunt table in the contest area and get a list, register your team of 1 to 5 players, and gather or accomplish as many items from the list as you can. Items are submitted at the table, better than average submissions shall be awarded bonus points. The team who turns in the most points by Sunday at noon will win the admiration of your like-minded peers.\r\n \r\n The DEF CON Scavenger Hunt is one of the longest running contests at DEF CON, visit https://defconscavhunt.com for a history lesson.\r\n \r\n If you capture pictures or video of items from our list, or have in the past, please send them to us via email scavlist@gmail.com.\r\n\r\n--\r\n\r\nThe scavenger hunt list is open to interpretation and we are not responsible for how list items are interpreted. We have had a number of pre-teens and teenagers play the scavenger hunt over the years, primarily with their parents but occasionally alone. The team that won at DC24 included a teenager with their parents. Parental Guidance Recommended.","updated_timestamp":{"seconds":1691289780,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245255"},{"label":"Twitter (@defconscavhunt)","type":"link","url":"https://twitter.com/@defconscavhunt"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711049278163779605"}],"end":"2023-08-12T01:00:00.000-0000","id":51459,"village_id":null,"tag_ids":[45635,45646,45743,45763],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","updated":"2023-08-06T02:43:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The DEF CON Kubernetes Capture the Flag (CTF) contest features a Kubernetes-based CTF challenge, where teams and individuals can build and test their Kubernetes hacking skills. Each team/individual is given access to a single Kubernetes cluster that contains a set of serial challenges, winning flags and points as they progress. Later flags pose more difficulty, but count for more points.\r\n\r\nA scoreboard tracks the teams’ current and final scores. In the event of a tie, the first team to achieve the score wins that tie.​\n\n\n","title":"DC Kubernetes Capture the Flag (CTF)","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"end_timestamp":{"seconds":1691809200,"nanoseconds":0},"android_description":"The DEF CON Kubernetes Capture the Flag (CTF) contest features a Kubernetes-based CTF challenge, where teams and individuals can build and test their Kubernetes hacking skills. Each team/individual is given access to a single Kubernetes cluster that contains a set of serial challenges, winning flags and points as they progress. Later flags pose more difficulty, but count for more points.\r\n\r\nA scoreboard tracks the teams’ current and final scores. In the event of a tie, the first team to achieve the score wins that tie.​","updated_timestamp":{"seconds":1690058340,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Website","type":"link","url":"https://containersecurityctf.com/"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245244"},{"label":"Twitter (@ctfsecurity)","type":"link","url":"https://twitter.com/@ctfsecurity"}],"end":"2023-08-12T03:00:00.000-0000","id":51455,"tag_ids":[45635,45744],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45749},"spans_timebands":"N","updated":"2023-07-22T20:39:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Darknet-NG is an In-Person Massively Multiplayer Online Role Playing Game (MMO-RPG), where the players take on the Persona of an Agent who is sent on Quests to learn real skills and gain in-game points. If this is your first time at DEF CON, this is a great place to start, because we assume no prior knowledge. Building from basic concepts, we teach agents about a range of topics from Lock-picking, to using and decoding ciphers, to Electronics 101, just to name a few, all while also helping to connect them to the larger DEF CON Community. The \"Learning Quests\" help the agent gather knowledge from all across the other villages at the conference, while the \"Challenge Quests\" help hone their skills! Sunday Morning there is a BOSS FIGHT where the Agents must use their combined skills as a community and take on that year's challenge! There is a whole skill tree of personal knowledge to obtain, community to connect with and memories to make! To get started, check out our site https://darknet-ng.network and join our growing Discord Community!\n\n\n","title":"Darknet-NG","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"end_timestamp":{"seconds":1691796600,"nanoseconds":0},"android_description":"Darknet-NG is an In-Person Massively Multiplayer Online Role Playing Game (MMO-RPG), where the players take on the Persona of an Agent who is sent on Quests to learn real skills and gain in-game points. If this is your first time at DEF CON, this is a great place to start, because we assume no prior knowledge. Building from basic concepts, we teach agents about a range of topics from Lock-picking, to using and decoding ciphers, to Electronics 101, just to name a few, all while also helping to connect them to the larger DEF CON Community. The \"Learning Quests\" help the agent gather knowledge from all across the other villages at the conference, while the \"Challenge Quests\" help hone their skills! Sunday Morning there is a BOSS FIGHT where the Agents must use their combined skills as a community and take on that year's challenge! There is a whole skill tree of personal knowledge to obtain, community to connect with and memories to make! To get started, check out our site https://darknet-ng.network and join our growing Discord Community!","updated_timestamp":{"seconds":1690058160,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-11T23:30:00.000-0000","links":[{"label":"Website","type":"link","url":"https://darknet-ng.network"},{"label":"Twitter (@DarknetNg)","type":"link","url":"https://twitter.com/DarknetNg"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245234"},{"label":"Mastodon (@DarknetNG@defcon.social)","type":"link","url":"https://defcon.social/@DarknetNG"}],"id":51452,"village_id":null,"tag_ids":[45635,45646,45743,45764],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"begin":"2023-08-11T17:00:00.000-0000","updated":"2023-07-22T20:36:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The premiere password cracking contest \"CrackMeIfYouCan\" is back again. Passwords so two-thousand and late. Remember, remember, the cracks of November.\r\n\r\nWe're preparing hashes from easy to hard, so there'll be something for you if you want to compete casually as a Street team, or go all out in Pro.\r\n\r\nWhere we're going, we don't need roads. Purely a penchant for puzzles, perhaps a plethora of processors.\r\n\r\nCheck out past years' contests at https://contest.korelogic.com/ , and the Password Village at https://passwordvillage.org/\n\n\n","title":"CrackMeIfYouCan","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"android_description":"The premiere password cracking contest \"CrackMeIfYouCan\" is back again. Passwords so two-thousand and late. Remember, remember, the cracks of November.\r\n\r\nWe're preparing hashes from easy to hard, so there'll be something for you if you want to compete casually as a Street team, or go all out in Pro.\r\n\r\nWhere we're going, we don't need roads. Purely a penchant for puzzles, perhaps a plethora of processors.\r\n\r\nCheck out past years' contests at https://contest.korelogic.com/ , and the Password Village at https://passwordvillage.org/","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1690057740,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-12T01:00:00.000-0000","links":[{"label":"Website","type":"link","url":"https://contest.korelogic.com"},{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711644827053457478"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245299"},{"label":"Password Village Website","type":"link","url":"https://passwordvillage.org/"}],"id":51449,"village_id":53,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[45635,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-07-22T20:29:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"If you ever wanted to break stuff on the cloud, or if you like rabbit holes that take you places you did not think you would go to, follow complicated story lines to only find you could have reached to the flag without scratching your head so much - then this CTF is for you!\r\n\r\nOur CTF is a three days jeopardy style contest where we have a bunch of challenges hosted across multiple Cloud providers across multiple categories of difficulty.\r\n\r\nYou can register as teams or go solo, use hints or stay away from them, in the end it will be all for glory or nothing. Plus the prizes. Did we not mention the prizes? :D\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"Cloud Village CTF","android_description":"If you ever wanted to break stuff on the cloud, or if you like rabbit holes that take you places you did not think you would go to, follow complicated story lines to only find you could have reached to the flag without scratching your head so much - then this CTF is for you!\r\n\r\nOur CTF is a three days jeopardy style contest where we have a bunch of challenges hosted across multiple Cloud providers across multiple categories of difficulty.\r\n\r\nYou can register as teams or go solo, use hints or stay away from them, in the end it will be all for glory or nothing. Plus the prizes. Did we not mention the prizes? :D","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1690057260,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-12T01:00:00.000-0000","links":[{"label":"Village Website","type":"link","url":"https://cloud-village.org"},{"label":"Twitter (@cloudvillage_dc)","type":"link","url":"https://twitter.com/@cloudvillage_dc"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245467"}],"id":51444,"village_id":43,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[40284,45635,45744],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45749},"begin":"2023-08-11T17:00:00.000-0000","updated":"2023-07-22T20:21:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Car Hacking Village CTF is a fun interactive challenge which gives contestants first hand experience to interact with automotive technologies. We work with multiple automotive OEM's and suppliers to ensure our challenges give a real-world experience to car hacking. We understand hacking cars can be expensive, so please come check out our village and flex your skills in hacking automotive technologies.\r\n\r\nWith the largest collection of hackers in one area, there's no better way to understand the security state of an industry without bringing it to security professionals to break. Over the past 9 years, the Car Hacking Village has been the focal point of interest for new hackers entering the automotive industry to learn, be a part of and actually test out automotive technologies. Our contest at the village, in combination with many automotive OEMs, Suppliers, etc., is used to give people first hand experience on cutting edge and at times expensive technologies. We plan to use this event to keep drawing attention to the automotive security industry through hands-on challenges.\n\n\n","title":"Car Hacking Village CTF","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"android_description":"The Car Hacking Village CTF is a fun interactive challenge which gives contestants first hand experience to interact with automotive technologies. We work with multiple automotive OEM's and suppliers to ensure our challenges give a real-world experience to car hacking. We understand hacking cars can be expensive, so please come check out our village and flex your skills in hacking automotive technologies.\r\n\r\nWith the largest collection of hackers in one area, there's no better way to understand the security state of an industry without bringing it to security professionals to break. Over the past 9 years, the Car Hacking Village has been the focal point of interest for new hackers entering the automotive industry to learn, be a part of and actually test out automotive technologies. Our contest at the village, in combination with many automotive OEMs, Suppliers, etc., is used to give people first hand experience on cutting edge and at times expensive technologies. We plan to use this event to keep drawing attention to the automotive security industry through hands-on challenges.","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1690055760,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Discord","type":"link","url":"https://discord.com/channels/708208267699945503/711643596658311229"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/244786"},{"label":"Twitter (@CarHackVillage)","type":"link","url":"https://twitter.com/CarHackVillage/"},{"label":"Village Website","type":"link","url":"https://www.carhackingvillage.com"}],"end":"2023-08-12T01:00:00.000-0000","id":51440,"village_id":42,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[45635,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","begin":"2023-08-11T17:00:00.000-0000","updated":"2023-07-22T19:56:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Battle of The Bots presents a new twist on traditional “King-of-The-Hill” style Capture the Flag events by incorporating exploit development, vulnerability analysis, reverse engineering and software development in the form of developing computer worms aka “bots”. BOTBs requires competitors to develop proof-of-concept exploits against varying misconfigured or vulnerable network services. To maximize points scored, the competitor’s bot must automatically scan and compromise network services in the competition environment autonomously. Services that are harder to exploit (ex: requiring memory corruption exploits opposed to misconfigured databases) will result in a higher point score for the competitor. \r\n \r\n The vulnerable network services will include real world vulnerable services where a competitor can adopt off the shelf proof-of-concepts vulnerabilities from an offensive security resource (ex: Metasploit Framework, exploit-db, packetstorm, etc…) into their bot to achieve access to said vulnerable services. Additionally, custom built vulnerable services informed by OWASP Top 10 security bugs as well as CVEs will influence challenge development resulting in a competitor to have the experience of reverse engineering new applications to identify vulnerabilities based on historically significant pain points in Software Engineering as well as infamous historical CVEs. Battle of The Bots will give competitors of all skill levels an opportunity to develop proof-of-concept exploits. Network services will be developed in a variety of compiled and interpreted languages with varying associated vulnerabilities and points. The variety of languages will provide opportunities for those less experienced with reverse engineering to analyze vulnerable Python code to find hidden API endpoints that lead to shell execution for example, rather than reverse engineer compiled binaries.\r\n \r\n Finally, the BOTBs team will be capturing network traffic from the competition environment to later be shared with the wider community. The BOTBs team believes that this unique dataset of network service attacks can act as a unique resource for academic researchers, SOC analysts assessing their defenses and training events where having attack data for SIEM analysis. The data will be released under the Apache 2.0 License and hosted publicly on a yet to be determined platform.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"Battle of The Bots","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"Battle of The Bots presents a new twist on traditional “King-of-The-Hill” style Capture the Flag events by incorporating exploit development, vulnerability analysis, reverse engineering and software development in the form of developing computer worms aka “bots”. BOTBs requires competitors to develop proof-of-concept exploits against varying misconfigured or vulnerable network services. To maximize points scored, the competitor’s bot must automatically scan and compromise network services in the competition environment autonomously. Services that are harder to exploit (ex: requiring memory corruption exploits opposed to misconfigured databases) will result in a higher point score for the competitor. \r\n \r\n The vulnerable network services will include real world vulnerable services where a competitor can adopt off the shelf proof-of-concepts vulnerabilities from an offensive security resource (ex: Metasploit Framework, exploit-db, packetstorm, etc…) into their bot to achieve access to said vulnerable services. Additionally, custom built vulnerable services informed by OWASP Top 10 security bugs as well as CVEs will influence challenge development resulting in a competitor to have the experience of reverse engineering new applications to identify vulnerabilities based on historically significant pain points in Software Engineering as well as infamous historical CVEs. Battle of The Bots will give competitors of all skill levels an opportunity to develop proof-of-concept exploits. Network services will be developed in a variety of compiled and interpreted languages with varying associated vulnerabilities and points. The variety of languages will provide opportunities for those less experienced with reverse engineering to analyze vulnerable Python code to find hidden API endpoints that lead to shell execution for example, rather than reverse engineer compiled binaries.\r\n \r\n Finally, the BOTBs team will be capturing network traffic from the competition environment to later be shared with the wider community. The BOTBs team believes that this unique dataset of network service attacks can act as a unique resource for academic researchers, SOC analysts assessing their defenses and training events where having attack data for SIEM analysis. The data will be released under the Apache 2.0 License and hosted publicly on a yet to be determined platform.","updated_timestamp":{"seconds":1690053720,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Website","type":"link","url":"https://battleofthebots.github.io"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245282"}],"end":"2023-08-12T01:00:00.000-0000","id":51431,"tag_ids":[45635,45646,45766],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-07-22T19:22:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Adversary Village proudly presents \"Adversary Wars CTF,\" a cutting-edge capture the flag competition that revolves around adversary attack simulation, adversary-threat actor emulation, purple team tactics and adversary tradecraft. This unique competition is designed to replicate enterprise infrastructure and present participants with challenges that encourage the adoption of various techniques, tactics, and procedures (TTPs) employed by real adversaries and threat actors, all within a defined time frame.\r\n\r\nAdversary Village is a community-driven initiative that prioritizes adversary simulation, emulation, breach and attack simulation, adversary tactics, offensive/adversary tradecraft, philosophy, and purple teaming.\r\n\r\nOur objective is to establish a Capture the Flag competition dedicated to adversary simulation, purple teaming and knowledge sharing. Adversary Wars offers unique opportunities for “adversaries” aka participants to simulate attacks, explore new attack vectors, gain insights into threat actor profiles, master TTPs, and refine offensive tradecraft. With a range of adversary simulation exercises at different difficulty levels, this CTF promises real-world attack simulation scenarios and challenges.\r\n\r\nPrevious versions of the Adversary Wars CTF were hosted as part of Adversary Village, during DEF CON 29 and DEF CON 30. We are excited to be back at DEF CON as an official contest this year. Adversary Wars CTF will be located in the contest area for DEF CON 31.​\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"Adversary Wars CTF","android_description":"Adversary Village proudly presents \"Adversary Wars CTF,\" a cutting-edge capture the flag competition that revolves around adversary attack simulation, adversary-threat actor emulation, purple team tactics and adversary tradecraft. This unique competition is designed to replicate enterprise infrastructure and present participants with challenges that encourage the adoption of various techniques, tactics, and procedures (TTPs) employed by real adversaries and threat actors, all within a defined time frame.\r\n\r\nAdversary Village is a community-driven initiative that prioritizes adversary simulation, emulation, breach and attack simulation, adversary tactics, offensive/adversary tradecraft, philosophy, and purple teaming.\r\n\r\nOur objective is to establish a Capture the Flag competition dedicated to adversary simulation, purple teaming and knowledge sharing. Adversary Wars offers unique opportunities for “adversaries” aka participants to simulate attacks, explore new attack vectors, gain insights into threat actor profiles, master TTPs, and refine offensive tradecraft. With a range of adversary simulation exercises at different difficulty levels, this CTF promises real-world attack simulation scenarios and challenges.\r\n\r\nPrevious versions of the Adversary Wars CTF were hosted as part of Adversary Village, during DEF CON 29 and DEF CON 30. We are excited to be back at DEF CON as an official contest this year. Adversary Wars CTF will be located in the contest area for DEF CON 31.​","end_timestamp":{"seconds":1691798400,"nanoseconds":0},"updated_timestamp":{"seconds":1690053600,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Twitter","type":"link","url":"https://twitter.com/AdversaryVillag/"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245457"},{"label":"Website","type":"link","url":"https://adversaryvillage.org/adversary-events/DEFCON-31/"}],"end":"2023-08-12T00:00:00.000-0000","id":51428,"tag_ids":[45635,45646,45743],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"begin":"2023-08-11T17:00:00.000-0000","updated":"2023-07-22T19:20:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"AND!XOR creates electronic badges that are filled with challenges. We love doing this, especially coming up with unique ways for hackers to earn them. We are excited to re-introduce the newest member of our hacker-fam... 5n4ck3y (Snackey). 5n4ck3y is a vending machine hardware hacking project, retrofitted into an IoT CTF based badge dispensing machine, complete with bling. To earn a badge, you must find a flag on our web hosted CTF platform. Once you have found a flag, you will be given a 5n4ck3y dispense code. Enter the code into the vending machine and a badge will be dispensed to you! There are a variety of challenges to earn a badge, as well as challenges to continue working on the badge itself once obtained. These span from hardware hacking, reverse engineering, OSINT, OS & network security to name a few. Hardware hacking is our passion and we want people to learn on badges. But more importantly, there is a lot to learn at DEF CON, so our challenge will hopefully serve a desire to learn something new and meet new friends while trying to earn a badge and hack it further. We hope you enjoy 5n4ck3y and all that it has to offer!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"5n4ck3y","android_description":"AND!XOR creates electronic badges that are filled with challenges. We love doing this, especially coming up with unique ways for hackers to earn them. We are excited to re-introduce the newest member of our hacker-fam... 5n4ck3y (Snackey). 5n4ck3y is a vending machine hardware hacking project, retrofitted into an IoT CTF based badge dispensing machine, complete with bling. To earn a badge, you must find a flag on our web hosted CTF platform. Once you have found a flag, you will be given a 5n4ck3y dispense code. Enter the code into the vending machine and a badge will be dispensed to you! There are a variety of challenges to earn a badge, as well as challenges to continue working on the badge itself once obtained. These span from hardware hacking, reverse engineering, OSINT, OS & network security to name a few. Hardware hacking is our passion and we want people to learn on badges. But more importantly, there is a lot to learn at DEF CON, so our challenge will hopefully serve a desire to learn something new and meet new friends while trying to earn a badge and hack it further. We hope you enjoy 5n4ck3y and all that it has to offer!","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1690142100,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Twitter","type":"link","url":"https://twitter.com/ANDnXOR"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245450"}],"end":"2023-08-12T01:00:00.000-0000","id":51425,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[45635,45646,45743],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"begin":"2023-08-11T17:00:00.000-0000","updated":"2023-07-23T19:55:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Are you ready to put your problem-solving skills to the test?\r\n\r\nThis year, we are proud to introduce a brand new contest, designed to push your limits and awaken your curiosity.\r\n\r\nThe ? Cube Challenge is not for the faint-hearted. It is a multi-layered, complex puzzle that requires you to use all your hacking and analytical skills to solve it.\r\n\r\nThe cube is loaded with riddles and puzzles that must be solved one by one to progress further towards the ultimate goal.\r\n\r\nThis challenge is not just about solving a puzzle, it's about exploring your curiosity and pushing the boundaries of your knowledge.\r\n\r\nIt's about putting your hacker mindset to work and seeing how far you can go.\r\n\r\nWith each step, you'll be one step closer to unlocking the secrets of the ? Cube Challenge.We know that Defcon attendees are always looking for the next big challenge, and we have created the ? Cube Challenge with that in mind.\r\n\r\nIt is a contest that will test your limits, engage your creativity, and push your curiosity to the next level.So come and join us at Defcon 31 and take on the ultimate challenge! Who knows, you might just walk away with the title of ? Cub Champion and the admiration of your fellow hackers. Are you ready to take the challenge?\r\n\r\nThe above was totally written by ChatGPT. I don't want to give out too much information, but basically there is going to be a big cube like object that contestants will have to deconstruct to find the hidden awesomeness. I hope to have challenges spread across multiple domains, both online in a jeopardy style ctf as well as the physical puzzle of the cube which will be module in nature, with each physical puzzle tying to the next.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"title":"? Cube","android_description":"Are you ready to put your problem-solving skills to the test?\r\n\r\nThis year, we are proud to introduce a brand new contest, designed to push your limits and awaken your curiosity.\r\n\r\nThe ? Cube Challenge is not for the faint-hearted. It is a multi-layered, complex puzzle that requires you to use all your hacking and analytical skills to solve it.\r\n\r\nThe cube is loaded with riddles and puzzles that must be solved one by one to progress further towards the ultimate goal.\r\n\r\nThis challenge is not just about solving a puzzle, it's about exploring your curiosity and pushing the boundaries of your knowledge.\r\n\r\nIt's about putting your hacker mindset to work and seeing how far you can go.\r\n\r\nWith each step, you'll be one step closer to unlocking the secrets of the ? Cube Challenge.We know that Defcon attendees are always looking for the next big challenge, and we have created the ? Cube Challenge with that in mind.\r\n\r\nIt is a contest that will test your limits, engage your creativity, and push your curiosity to the next level.So come and join us at Defcon 31 and take on the ultimate challenge! Who knows, you might just walk away with the title of ? Cub Champion and the admiration of your fellow hackers. Are you ready to take the challenge?\r\n\r\nThe above was totally written by ChatGPT. I don't want to give out too much information, but basically there is going to be a big cube like object that contestants will have to deconstruct to find the hidden awesomeness. I hope to have challenges spread across multiple domains, both online in a jeopardy style ctf as well as the physical puzzle of the cube which will be module in nature, with each physical puzzle tying to the next.","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1690053300,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/244817"},{"label":"Website","type":"link","url":"http://0x3fcube.com/"}],"end":"2023-08-12T01:00:00.000-0000","id":51422,"tag_ids":[45635,45646,45766],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"spans_timebands":"N","updated":"2023-07-22T19:15:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"title":"Keynote - Reshaping Reconnaissance: AI's Role in Open Source Intelligence","end_timestamp":{"seconds":1691776200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1689552780,"nanoseconds":0},"speakers":[{"content_ids":[51294],"conference_id":96,"event_ids":[51356],"name":"Matt Edmondson","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@matt0177"}],"media":[],"id":50462}],"timeband_id":990,"links":[],"end":"2023-08-11T17:50:00.000-0000","id":51356,"tag_ids":[40293,45645,45649,45743],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":59,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50462}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social B and C - Recon Village","hotel":"","short_name":"Social B and C - Recon Village","id":45737},"spans_timebands":"N","updated":"2023-07-17T00:13:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d86e9f","name":"Village Talk","id":45645},"title":"Securing the Whole System: Corporal to Corporate","android_description":"","end_timestamp":{"seconds":1691775600,"nanoseconds":0},"updated_timestamp":{"seconds":1691172480,"nanoseconds":0},"speakers":[{"content_ids":[51037,52229],"conference_id":96,"event_ids":[51070,52479],"name":"Nina Alli","affiliations":[{"organization":"Biohacking Village","title":"Executive Director"},{"organization":"Thermo Fisher","title":"Regulatory Cybersecurity, Senior Strategist"}],"links":[],"pronouns":null,"media":[],"id":50220,"title":"Regulatory Cybersecurity, Senior Strategist at Thermo Fisher"},{"content_ids":[51037],"conference_id":96,"event_ids":[51070],"name":"David Guffrey","affiliations":[{"organization":"Claroty","title":"Principal Biomed Customer Success Manager"}],"links":[],"pronouns":null,"media":[],"id":50221,"title":"Principal Biomed Customer Success Manager at Claroty"},{"content_ids":[51037],"conference_id":96,"event_ids":[51070],"name":"Rob Suárez","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51438}],"timeband_id":990,"links":[],"end":"2023-08-11T17:40:00.000-0000","id":51070,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[45645,45647,45717],"village_id":68,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50221},{"tag_id":45590,"sort_order":1,"person_id":50220},{"tag_id":45590,"sort_order":1,"person_id":51438}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Laughlin I,II,III - Biohacking Village","hotel":"","short_name":"Laughlin I,II,III - Biohacking Village","id":45663},"begin":"2023-08-11T17:00:00.000-0000","updated":"2023-08-04T18:08:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Unguard is an intentionally insecure, cloud-native microservices demo application that serves as a playground for cybersecurity enthusiasts to sharpen their skills and for cybersecurity companies to test their software. Designed to mimic a web-based Twitter clone, the platform offers user registration, login, content posting, and social interactions, all with a wide variety of exploitable vulnerabilities. Featuring a wide range of security flaws, including SSRF, Command/SQL Injection, Log4Shell, and Spring4Shell, Unguard challenges security professionals, developers, and students to identify, exploit, and understand these weaknesses. Simultaneously, the platform showcases deceptive elements, such as phony ads and profile management options, which further enhance the real-world experience offered by the demo.\n\n\n","title":"Vulnerable by Design: Unguard, The Insecure Cloud-Native Twitter Clone","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#b3b0b6","name":"Demo Lab","id":45636},"android_description":"Unguard is an intentionally insecure, cloud-native microservices demo application that serves as a playground for cybersecurity enthusiasts to sharpen their skills and for cybersecurity companies to test their software. Designed to mimic a web-based Twitter clone, the platform offers user registration, login, content posting, and social interactions, all with a wide variety of exploitable vulnerabilities. Featuring a wide range of security flaws, including SSRF, Command/SQL Injection, Log4Shell, and Spring4Shell, Unguard challenges security professionals, developers, and students to identify, exploit, and understand these weaknesses. Simultaneously, the platform showcases deceptive elements, such as phony ads and profile management options, which further enhance the real-world experience offered by the demo.","end_timestamp":{"seconds":1691780100,"nanoseconds":0},"updated_timestamp":{"seconds":1688878740,"nanoseconds":0},"speakers":[{"content_ids":[51028],"conference_id":96,"event_ids":[51066],"name":"Simon Ammer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50218},{"content_ids":[51028],"conference_id":96,"event_ids":[51066],"name":"Christoph Wedenig","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50219}],"timeband_id":990,"links":[],"end":"2023-08-11T18:55:00.000-0000","id":51066,"tag_ids":[45592,45636,45646,45743],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50219},{"tag_id":45590,"sort_order":1,"person_id":50218}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Accord Boardroom - Demo Labs","hotel":"","short_name":"Accord Boardroom - Demo Labs","id":45695},"begin":"2023-08-11T17:00:00.000-0000","updated":"2023-07-09T04:59:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Active Directory is the foundation of the infrastructure for many organizations. As of 2023, Metasploit has added a wide range of new capabilities and attack workflows to support Active Directory exploitation. This DEF CON demonstration will cover new ways to enumerate information from LDAP, attacking Active Directory Certificate Services (AD CS), leveraging Role Based Constrained Delegation, and using Kerberos authentication. The Kerberos features added in Metasploit 6.3 will be a focal point. The audience will learn how to execute multiple attack techniques, including Pass-The-Ticket (PTT), forging Golden/Silver Tickets, and authenticating with AD CS certificates. Finally, users will see how these attack primitives can be combined within Metasploit to streamline attack workflows with integrated ticket management. The demonstration will also highlight inspection capabilities that are useful for decrypting traffic and tickets for debugging and research purposes.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#b3b0b6","name":"Demo Lab","id":45636},"title":"The Metasploit Framework","android_description":"Active Directory is the foundation of the infrastructure for many organizations. As of 2023, Metasploit has added a wide range of new capabilities and attack workflows to support Active Directory exploitation. This DEF CON demonstration will cover new ways to enumerate information from LDAP, attacking Active Directory Certificate Services (AD CS), leveraging Role Based Constrained Delegation, and using Kerberos authentication. The Kerberos features added in Metasploit 6.3 will be a focal point. The audience will learn how to execute multiple attack techniques, including Pass-The-Ticket (PTT), forging Golden/Silver Tickets, and authenticating with AD CS certificates. Finally, users will see how these attack primitives can be combined within Metasploit to streamline attack workflows with integrated ticket management. The demonstration will also highlight inspection capabilities that are useful for decrypting traffic and tickets for debugging and research purposes.","end_timestamp":{"seconds":1691780100,"nanoseconds":0},"updated_timestamp":{"seconds":1688878140,"nanoseconds":0},"speakers":[{"content_ids":[51022],"conference_id":96,"event_ids":[51060],"name":"Spencer McIntyre","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50211}],"timeband_id":990,"links":[],"end":"2023-08-11T18:55:00.000-0000","id":51060,"tag_ids":[45592,45636,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50211}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Committee Boardroom - Demo Labs","hotel":"","short_name":"Committee Boardroom - Demo Labs","id":45698},"spans_timebands":"N","updated":"2023-07-09T04:49:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"T3SF is a framework that offers a modular structure for the orchestration of injects from a master scenario events list (MSEL) together with a set of rules defined for each exercise and a configuration that allows defining the parameters of the correspondent platform. The main module performs the communication with the specific module (Discord, Slack, Telegram, WhatsApp, Teams, etc.) which allows the events to be presented in the input channels as messages in the platform. It supports different use cases for single or multiple organizations.\n\n\n","title":"T3SF (Technical TableTop Exercises Simulation Framework)","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#b3b0b6","name":"Demo Lab","id":45636},"android_description":"T3SF is a framework that offers a modular structure for the orchestration of injects from a master scenario events list (MSEL) together with a set of rules defined for each exercise and a configuration that allows defining the parameters of the correspondent platform. The main module performs the communication with the specific module (Discord, Slack, Telegram, WhatsApp, Teams, etc.) which allows the events to be presented in the input channels as messages in the platform. It supports different use cases for single or multiple organizations.","end_timestamp":{"seconds":1691780100,"nanoseconds":0},"updated_timestamp":{"seconds":1688878080,"nanoseconds":0},"speakers":[{"content_ids":[51021],"conference_id":96,"event_ids":[51059],"name":"Federico Pacheco","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50209},{"content_ids":[51021],"conference_id":96,"event_ids":[51059],"name":"Joaquin Lanfranconi","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50210}],"timeband_id":990,"links":[],"end":"2023-08-11T18:55:00.000-0000","id":51059,"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[45592,45636,45646,45743],"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50209},{"tag_id":45590,"sort_order":1,"person_id":50210}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Council Boardroom - Demo Labs","hotel":"","short_name":"Council Boardroom - Demo Labs","id":45699},"updated":"2023-07-09T04:48:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"SucoshScan is a automated open source SAST(Static Application Security Testing) framework. It’s can detect a lot of vulnerability(RCE,SSTI,Insecure Deserilisation,SSRF,SQLI,CSRF etc.) in given source code.For now, only the detection modules of python(flask,django) and nodejs(express js.) languages are finished. In the future, specific detection functions will be written for php (Laravel, Codeigniter), .NET, Go languages.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#b3b0b6","name":"Demo Lab","id":45636},"title":"SucoshScanny","end_timestamp":{"seconds":1691780100,"nanoseconds":0},"android_description":"SucoshScan is a automated open source SAST(Static Application Security Testing) framework. It’s can detect a lot of vulnerability(RCE,SSTI,Insecure Deserilisation,SSRF,SQLI,CSRF etc.) in given source code.For now, only the detection modules of python(flask,django) and nodejs(express js.) languages are finished. In the future, specific detection functions will be written for php (Laravel, Codeigniter), .NET, Go languages.","updated_timestamp":{"seconds":1688878020,"nanoseconds":0},"speakers":[{"content_ids":[51020],"conference_id":96,"event_ids":[51058],"name":"Mustafa Bilgici","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50207},{"content_ids":[51020],"conference_id":96,"event_ids":[51058],"name":"Tibet Öğünç","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50208}],"timeband_id":990,"links":[],"end":"2023-08-11T18:55:00.000-0000","id":51058,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[45592,45636,45646,45743],"village_id":null,"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50207},{"tag_id":45590,"sort_order":1,"person_id":50208}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Caucus Boardroom - Demo Labs","hotel":"","short_name":"Caucus Boardroom - Demo Labs","id":45696},"updated":"2023-07-09T04:47:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The development of unmanned aerial vehicles (UAVs) has revolutionized data collection, but security challenges have emerged. In response, Strix is a security testing UAV designed to intercept other UAVs in flight while adhering to legal limitations. It utilizes software analysis to detect and track unauthorized UAVs, predicting their flight path without compromising itself. Strix also encompasses ground-based support systems for enhanced mission effectiveness. The ground-based robots and drones can perform tasks such as reconnaissance, target identification, and data analysis to enhance the effectiveness of Strix's mission.The drone can detect RF anti-drone systems and, if identified, utilize multi-RF spoofing technology to disrupt or block their signals. This allows Strix to enter protected airspace undetected, while staying within legal bounds when required. Strix was designed to identify other UAVs and attempt to jam or possibly control their signals to their flight operators. Its hardware includes sensors, a robust communication system, and the Pixhawk autonomous flight module, which provides open-source flexibility and customization options.Strix's small and agile design enables high-speed flight and maneuverability in confined spaces. Advanced encryption ensures data security during collection and transmission. As an open-source project, Strix encourages customization and collaboration, making it an invaluable tool for securing airspace and mitigating UAV threats. Its interception capabilities and defensive measures, including multi-RF spoofing, contribute to UAV-driven security systems while respecting legal considerations. This makes it a powerful tool for securing airspace and preventing unauthorized UAVs from posing a threat. Its ability to detect and intercept UAVs in flight, coupled with its defensive capabilities against anti-drone systems, including the ability to employ multi-RF spoofing technology, makes Strix an essential component of any security system that relies on UAVs for data collection and analysis. Strix aims to showcase the potential of UAVs in a lawful and responsible manner, promoting safety, innovation, and ethical practices within the drone industry.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#b3b0b6","name":"Demo Lab","id":45636},"title":"Strix Interceptor","end_timestamp":{"seconds":1691780100,"nanoseconds":0},"android_description":"The development of unmanned aerial vehicles (UAVs) has revolutionized data collection, but security challenges have emerged. In response, Strix is a security testing UAV designed to intercept other UAVs in flight while adhering to legal limitations. It utilizes software analysis to detect and track unauthorized UAVs, predicting their flight path without compromising itself. Strix also encompasses ground-based support systems for enhanced mission effectiveness. The ground-based robots and drones can perform tasks such as reconnaissance, target identification, and data analysis to enhance the effectiveness of Strix's mission.The drone can detect RF anti-drone systems and, if identified, utilize multi-RF spoofing technology to disrupt or block their signals. This allows Strix to enter protected airspace undetected, while staying within legal bounds when required. Strix was designed to identify other UAVs and attempt to jam or possibly control their signals to their flight operators. Its hardware includes sensors, a robust communication system, and the Pixhawk autonomous flight module, which provides open-source flexibility and customization options.Strix's small and agile design enables high-speed flight and maneuverability in confined spaces. Advanced encryption ensures data security during collection and transmission. As an open-source project, Strix encourages customization and collaboration, making it an invaluable tool for securing airspace and mitigating UAV threats. Its interception capabilities and defensive measures, including multi-RF spoofing, contribute to UAV-driven security systems while respecting legal considerations. This makes it a powerful tool for securing airspace and preventing unauthorized UAVs from posing a threat. Its ability to detect and intercept UAVs in flight, coupled with its defensive capabilities against anti-drone systems, including the ability to employ multi-RF spoofing technology, makes Strix an essential component of any security system that relies on UAVs for data collection and analysis. Strix aims to showcase the potential of UAVs in a lawful and responsible manner, promoting safety, innovation, and ethical practices within the drone industry.","updated_timestamp":{"seconds":1688877960,"nanoseconds":0},"speakers":[{"content_ids":[51019],"conference_id":96,"event_ids":[51057],"name":"Lexie Thach","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50206}],"timeband_id":990,"links":[],"end":"2023-08-11T18:55:00.000-0000","id":51057,"village_id":null,"tag_ids":[45592,45636,45646,45743],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50206}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Unity Boardroom - Demo Labs","hotel":"","short_name":"Unity Boardroom - Demo Labs","id":45706},"begin":"2023-08-11T17:00:00.000-0000","updated":"2023-07-09T04:46:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Android malware has long relied on basic string obfuscation techniques to make analysts suffer while reversing it. The current state of the art in mass string deobfuscation relies on two techniques. One of them is executing the sample and hoping to get some hits on the methods with the interesting strings, while the other is forking big bucks for some well known tools in the industry. Both the workload and the financial impact of these methods can severely impact an independent researcher's ability to tackle modern Android malware. My solution is simple: build an environment that can execute Android bytecode one instruction at a time. While the approach is not new (Unicorn comes to mind), there is no such tool available for the Android ecosystem. This allows researchers to speed up their reversing efforts and tackle more intricate and advanced malware with ease.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#b3b0b6","updated_at":"2024-06-07T03:38+0000","name":"Demo Lab","id":45636},"title":"Katalina","end_timestamp":{"seconds":1691780100,"nanoseconds":0},"android_description":"Android malware has long relied on basic string obfuscation techniques to make analysts suffer while reversing it. The current state of the art in mass string deobfuscation relies on two techniques. One of them is executing the sample and hoping to get some hits on the methods with the interesting strings, while the other is forking big bucks for some well known tools in the industry. Both the workload and the financial impact of these methods can severely impact an independent researcher's ability to tackle modern Android malware. My solution is simple: build an environment that can execute Android bytecode one instruction at a time. While the approach is not new (Unicorn comes to mind), there is no such tool available for the Android ecosystem. This allows researchers to speed up their reversing efforts and tackle more intricate and advanced malware with ease.","updated_timestamp":{"seconds":1688876640,"nanoseconds":0},"speakers":[{"content_ids":[51007],"conference_id":96,"event_ids":[51045],"name":"Gabi Cirlig","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50188}],"timeband_id":990,"links":[],"end":"2023-08-11T18:55:00.000-0000","id":51045,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"village_id":null,"tag_ids":[45592,45636,45646,45743],"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":50188}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45636,"name":"Caesars Forum - Society Boardroom - Demo Labs","hotel":"","short_name":"Society Boardroom - Demo Labs","id":45700},"spans_timebands":"N","begin":"2023-08-11T17:00:00.000-0000","updated":"2023-07-09T04:24:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The federal criminal case of United States v. Joseph Sullivan, NDCA 3-20-CR-337 WHO, has been covered and debated quite publicly since I was fired by the new Uber CEO in November 2017, a year after the incident. Most discussion has focused on questions of my guilt or innocence, the culpability of other executives at the company, and the implications of the case for other security executives. \r\n \r\nLess has been written about the guilt or innocence of those who accessed Uber’s AWS environment in October 2016 and triggered an incident response by emailing me and asking for payment. After we met them, my team and I did not consider those 19- and 20-year-old kids to be criminal actors and treated them as security researchers. Yet both also faced federal criminal charges. \r\n \r\nDuring my talk I will review the extraordinary investigation done by my team at Uber and put it into the context of other historical cases we and I had worked on. Whether or not you consider them to be security researchers, there are many lessons to be learned related to the dynamics between researchers and companies and the dynamics between companies and the government.\n\n\n","title":"A Different Uber Post Mortem","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#47c64e","name":"DEF CON War Story","id":45844},"android_description":"The federal criminal case of United States v. Joseph Sullivan, NDCA 3-20-CR-337 WHO, has been covered and debated quite publicly since I was fired by the new Uber CEO in November 2017, a year after the incident. Most discussion has focused on questions of my guilt or innocence, the culpability of other executives at the company, and the implications of the case for other security executives. \r\n \r\nLess has been written about the guilt or innocence of those who accessed Uber’s AWS environment in October 2016 and triggered an incident response by emailing me and asking for payment. After we met them, my team and I did not consider those 19- and 20-year-old kids to be criminal actors and treated them as security researchers. Yet both also faced federal criminal charges. \r\n \r\nDuring my talk I will review the extraordinary investigation done by my team at Uber and put it into the context of other historical cases we and I had worked on. Whether or not you consider them to be security researchers, there are many lessons to be learned related to the dynamics between researchers and companies and the dynamics between companies and the government.","end_timestamp":{"seconds":1691775900,"nanoseconds":0},"updated_timestamp":{"seconds":1688356020,"nanoseconds":0},"speakers":[{"content_ids":[50992],"conference_id":96,"event_ids":[51030],"name":"Joe Sullivan","affiliations":[],"links":[],"pronouns":null,"media":[],"id":50164}],"timeband_id":990,"end":"2023-08-11T17:45:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246141"}],"id":51030,"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[45648,45844],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50164}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45666,"name":"Harrah's - Nevada Ballroom - Lake Tahoe & Reno - War Stories - On the Record","hotel":"","short_name":"War Stories - On the Record","id":45801},"spans_timebands":"N","updated":"2023-07-03T03:47:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Hey you, yeah you! Do you want to become a big company CEO but are too lazy to invest your life in chasing that position?\r\n \r\nNow introducing DEFCON VIDEO-ART - DEep Fake CONversation for VIDEO and Audio in Real-Time! With DEFCON VIDEO-ART you can impersonate your favorite big-company CEO without doing the hard work! You can video call anyone in the company and tell them what to do because you look and sounds like the big boss! Reset passwords, ask for the latest confidential business reports, fire people, you name it!\r\n \r\nDeep fake has been around for years, but only recently we have reached a point where real-time deep fake has become easy and accessible to execute. Join my talk where I show how I impersonate my company's CEO with videos and audio I found online. Then I'll share how with open-source tools and a decent GPU you can also impersonate your company's CEO!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"title":"Look Ma I'm the CEO! Real-Time Video and Audio Deep-Fake!","android_description":"Hey you, yeah you! Do you want to become a big company CEO but are too lazy to invest your life in chasing that position?\r\n \r\nNow introducing DEFCON VIDEO-ART - DEep Fake CONversation for VIDEO and Audio in Real-Time! With DEFCON VIDEO-ART you can impersonate your favorite big-company CEO without doing the hard work! You can video call anyone in the company and tell them what to do because you look and sounds like the big boss! Reset passwords, ask for the latest confidential business reports, fire people, you name it!\r\n \r\nDeep fake has been around for years, but only recently we have reached a point where real-time deep fake has become easy and accessible to execute. Join my talk where I show how I impersonate my company's CEO with videos and audio I found online. Then I'll share how with open-source tools and a decent GPU you can also impersonate your company's CEO!","end_timestamp":{"seconds":1691774400,"nanoseconds":0},"updated_timestamp":{"seconds":1687136700,"nanoseconds":0},"speakers":[{"content_ids":[50551],"conference_id":96,"event_ids":[50831],"name":"Gal Zror","affiliations":[{"organization":"CyberArk Labs","title":"Vulnerability Research Manager"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/waveburst"}],"media":[],"id":49762,"title":"Vulnerability Research Manager at CyberArk Labs"}],"timeband_id":990,"end":"2023-08-11T17:20:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245720"}],"id":50831,"village_id":null,"tag_ids":[45589,45592,45646,45766],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49762}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 407-410 - Track 4","hotel":"","short_name":"Academy - 407-410 - Track 4","id":45799},"spans_timebands":"N","begin":"2023-08-11T17:00:00.000-0000","updated":"2023-06-19T01:05:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Last year we almost zero-day’d the world with the publication of RingHopper. Now we can finally share some juicy details and invite you for an illuminating journey as we delve into the realm of RingHopper, a method to hop from user-land to SMM.\r\n\r\nWe will survey the discovery and disclosure of a family of industry-wide vulnerabilities in various UEFI implementations, affecting more than eight major vendors, making billions of devices vulnerable to our attack. Then, we will deep-dive into the innards of SMM exploitation and discuss methods to use and abuse various functionalities and properties of edk2 to gain code execution. We will unveil both our futile and fruitful quests of crafting our way to SMM, and detail both the paths that lead to dead-ends, and the route to success.\r\n\r\nWe will give a detailed overview of different ways to elevate this kind of attack to user-land both on Windows and Linux by chaining multiple vulnerabilities together.\r\n\r\nFinally, we will show RingHopper hopping from user-space to… SMM.\r\n\r\nREFERENCES:\r\n1. DEF CON 29 - Mickey Shkatov, Jesse Michael - High Stakes Updates: BIOS RCE OMG WTF BBQ\r\n2. DEF CON 26 - Shkatov and Michael - UEFI Exploitation for the Masses\r\n3. DEF CON 23 - Yuriy Bulygin - Attacking Hypervisors Using Firmware and Hardware\r\n4. DEF CON 22 - Panel - Summary of Attacks Against BIOS and Secure Boot\r\n5. OffensiveCon22 - Alex Ermolov, Alex Matrosov and Yegor Vasilenko UEFI Firmware Vulnerabilities\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"title":"The RingHopper Journey or How We Almost Zero-day’d the World","android_description":"Last year we almost zero-day’d the world with the publication of RingHopper. Now we can finally share some juicy details and invite you for an illuminating journey as we delve into the realm of RingHopper, a method to hop from user-land to SMM.\r\n\r\nWe will survey the discovery and disclosure of a family of industry-wide vulnerabilities in various UEFI implementations, affecting more than eight major vendors, making billions of devices vulnerable to our attack. Then, we will deep-dive into the innards of SMM exploitation and discuss methods to use and abuse various functionalities and properties of edk2 to gain code execution. We will unveil both our futile and fruitful quests of crafting our way to SMM, and detail both the paths that lead to dead-ends, and the route to success.\r\n\r\nWe will give a detailed overview of different ways to elevate this kind of attack to user-land both on Windows and Linux by chaining multiple vulnerabilities together.\r\n\r\nFinally, we will show RingHopper hopping from user-space to… SMM.\r\n\r\nREFERENCES:\r\n1. DEF CON 29 - Mickey Shkatov, Jesse Michael - High Stakes Updates: BIOS RCE OMG WTF BBQ\r\n2. DEF CON 26 - Shkatov and Michael - UEFI Exploitation for the Masses\r\n3. DEF CON 23 - Yuriy Bulygin - Attacking Hypervisors Using Firmware and Hardware\r\n4. DEF CON 22 - Panel - Summary of Attacks Against BIOS and Secure Boot\r\n5. OffensiveCon22 - Alex Ermolov, Alex Matrosov and Yegor Vasilenko UEFI Firmware Vulnerabilities","end_timestamp":{"seconds":1691775900,"nanoseconds":0},"updated_timestamp":{"seconds":1687878180,"nanoseconds":0},"speakers":[{"content_ids":[50537],"conference_id":96,"event_ids":[50802],"name":"Benny Zeltser","affiliations":[{"organization":"Intel","title":"Security Research Team Lead"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/benny_zeltser"}],"pronouns":null,"media":[],"id":49743,"title":"Security Research Team Lead at Intel"},{"content_ids":[50537],"conference_id":96,"event_ids":[50802],"name":"Jonathan Lusky","affiliations":[{"organization":"Cellebrite","title":"Security Research Team Lead"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/LuskyYehonatan"}],"media":[],"id":49744,"title":"Security Research Team Lead at Cellebrite"}],"timeband_id":990,"end":"2023-08-11T17:45:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245706"}],"id":50802,"village_id":null,"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"tag_ids":[45589,45592,45629,45646,45766],"includes":"Exploit 🪲, Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49743},{"tag_id":45590,"sort_order":1,"person_id":49744}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 130-134 - Track 3","hotel":"","short_name":"Forum - 130-134 - Track 3","id":45798},"spans_timebands":"N","begin":"2023-08-11T17:00:00.000-0000","updated":"2023-06-27T15:03:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The use of containers became an integral part of any resource-efficient and secure environment. Starting from Windows Server 2016, Microsoft released its version of this solution called Windows Containers, which offers either a process or Hyper-V isolation modes.\r\n\r\nIn both cases, an efficient file system separation should be provided. On one hand, each container should be able to access system files and write changes that will not affect the host. On the other, copying the entire main volume on each container launch will be storage-inefficient and not practical.\r\n \r\nIn this presentation, we will cover the basics of windows containers, break down its file system isolation framework, reverse-engineer its main mini-filter driver, and see how it can be utilized and manipulated by an actor to bypass EDR products in multiple domains. Eventually, we will provide an open-source tool based on these findings.\r\n \r\n This technology caught my attention for several reasons:\r\n\r\n* Containers and virtualization solutions are everywhere, and their internal workings are not well documented.\r\n* Actors often search for ways to escape containers. The idea of intentionally entering into one in order to evade security products has yet to be explored.\r\n* This framework doesn't require any prerequisites and comes as default in every modern Windows image! (the part which we will abuse, at least).\r\n\r\nREFERENCES:\r\n \r\n* https://googleprojectzero.blogspot.com/2021/04/who-contains-containers.html\r\n* https://unit42.paloaltonetworks.com/what-i-learned-from-reverse-engineering-windows-containers/\r\n* https://research.checkpoint.com/2021/playing-in-the-windows-sandbox/\r\n* https://www.amazon.com/Windows-Kernel-Programming-Pavel-Yosifovich/dp/1977593372\r\n* https://learn.microsoft.com/en-us/virtualization/windowscontainers/about/\r\n* https://habr.com/en/company/acronis/blog/536018/\n\n\n","title":"Contain Yourself: Staying Undetected Using the Windows Container Isolation Framework","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"end_timestamp":{"seconds":1691775900,"nanoseconds":0},"android_description":"The use of containers became an integral part of any resource-efficient and secure environment. Starting from Windows Server 2016, Microsoft released its version of this solution called Windows Containers, which offers either a process or Hyper-V isolation modes.\r\n\r\nIn both cases, an efficient file system separation should be provided. On one hand, each container should be able to access system files and write changes that will not affect the host. On the other, copying the entire main volume on each container launch will be storage-inefficient and not practical.\r\n \r\nIn this presentation, we will cover the basics of windows containers, break down its file system isolation framework, reverse-engineer its main mini-filter driver, and see how it can be utilized and manipulated by an actor to bypass EDR products in multiple domains. Eventually, we will provide an open-source tool based on these findings.\r\n \r\n This technology caught my attention for several reasons:\r\n\r\n* Containers and virtualization solutions are everywhere, and their internal workings are not well documented.\r\n* Actors often search for ways to escape containers. The idea of intentionally entering into one in order to evade security products has yet to be explored.\r\n* This framework doesn't require any prerequisites and comes as default in every modern Windows image! (the part which we will abuse, at least).\r\n\r\nREFERENCES:\r\n \r\n* https://googleprojectzero.blogspot.com/2021/04/who-contains-containers.html\r\n* https://unit42.paloaltonetworks.com/what-i-learned-from-reverse-engineering-windows-containers/\r\n* https://research.checkpoint.com/2021/playing-in-the-windows-sandbox/\r\n* https://www.amazon.com/Windows-Kernel-Programming-Pavel-Yosifovich/dp/1977593372\r\n* https://learn.microsoft.com/en-us/virtualization/windowscontainers/about/\r\n* https://habr.com/en/company/acronis/blog/536018/","updated_timestamp":{"seconds":1687136700,"nanoseconds":0},"speakers":[{"content_ids":[50550],"conference_id":96,"event_ids":[50763],"name":"Daniel Avinoam","affiliations":[{"organization":"Deep Instinct","title":"Security Researcher"}],"links":[],"pronouns":null,"media":[],"id":49761,"title":"Security Researcher at Deep Instinct"}],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245719"}],"end":"2023-08-11T17:45:00.000-0000","id":50763,"village_id":null,"tag_ids":[45589,45592,45630,45646,45766],"begin_timestamp":{"seconds":1691773200,"nanoseconds":0},"includes":"Tool 🛠, Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49761}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 105,135,136 - Track 1","hotel":"","short_name":"Forum - 105,135,136 - Track 1","id":45796},"updated":"2023-06-19T01:05:00.000-0000","begin":"2023-08-11T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Secretary of US Homeland Security, Alejandro Mayorkas, joins DEF CON for a fireside chat. Secretary Mayorkas will lay some foundational groundwork on some of DHS' priorities in cybersecurity and how they address pressing IS and global issues, then sit down to talk with The Dark Tangent, in a casual conversation with thousands of their closest hacker friends.\n\n\n","title":"Secretary of the Department of Homeland Security Alejandro Mayorkas","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"android_description":"The Secretary of US Homeland Security, Alejandro Mayorkas, joins DEF CON for a fireside chat. Secretary Mayorkas will lay some foundational groundwork on some of DHS' priorities in cybersecurity and how they address pressing IS and global issues, then sit down to talk with The Dark Tangent, in a casual conversation with thousands of their closest hacker friends.","end_timestamp":{"seconds":1691774100,"nanoseconds":0},"updated_timestamp":{"seconds":1688182200,"nanoseconds":0},"speakers":[{"content_ids":[50663],"conference_id":96,"event_ids":[50795],"name":"Alejandro Mayorkas","affiliations":[{"organization":"Department of Homeland Security","title":"Secretary"}],"links":[],"pronouns":null,"media":[],"id":49956,"title":"Secretary at Department of Homeland Security"}],"timeband_id":990,"end":"2023-08-11T17:15:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246116"}],"id":50795,"begin_timestamp":{"seconds":1691771400,"nanoseconds":0},"tag_ids":[45589,45646,45766],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49956}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"spans_timebands":"N","updated":"2023-07-01T03:30:00.000-0000","begin":"2023-08-11T16:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"We passively monitor the #DEFCON network looking for insecure network traffic. Drop by and see just how easy it can be! We strive to educate the “sheep” we catch: a friendly reminder that security matters.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Wall of Sheep","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"We passively monitor the #DEFCON network looking for insecure network traffic. Drop by and see just how easy it can be! We strive to educate the “sheep” we catch: a friendly reminder that security matters.","updated_timestamp":{"seconds":1691375400,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52590,"tag_ids":[40288,45646,45743,45775],"village_id":null,"begin_timestamp":{"seconds":1691769600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"spans_timebands":"N","begin":"2023-08-11T16:00:00.000-0000","updated":"2023-08-07T02:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Shell On Demand Appliance Machine (S.O.D.A. Machine) at DEF CON provided by the National Upcycled Computing Collective, Inc. (NUCC).\r\n\r\nSo, what's the S.O.D.A. Machine all about? \r\n\r\nPicture this:\r\n\r\nYou're at DEF CON, thirsty for some hacking. You're looking for a virtual machine (VM) to play with but don't want to be chained to your laptop.\r\n\r\nEnter the Shell On Demand Appliance:\r\n\r\nThis heavily modified VM is your gateway to an anonymous VM, available in the Chillout Lounge and accessible over the DEF CON network. \r\n\r\nA fusion of hardware, software, art, and hacking, all encapsulated in a project derived from recycled materials. The S.O.D.A. Machine provides a way for Humans to experience the DEF CON network in a way the secure WiFi won't allow, because the datacenter is inside the S.O.D.A. Machine and directly connected to the NOC.\r\n\r\nSimply insert cash or coins into the bill or coin acceptor to get started. The lights on the buttons will change color depending on availibility.\r\n\r\nA green light means the VM is available and ready.\r\n\r\nAn amber light requests the user to insert more money to ensure fair distribution according to current resources.\r\n\r\nA red light denotes the selection is unavailable.\r\n\r\nOnce you make a selection, the system will deploy the VM to the network and a receipt will be printed.\r\n\r\nOn the receipt, login credentials are provided for you to access your virtual machine via remote shell. You are then able to change the password, install whatever tools and applications you need, making the VM your own.\r\n\r\nWhat you do with the VM is up to you. Should you choose to share your virtual machine with someone outside of the DEF CON network, a Tor address is provided as well.\r\n\r\nAll proceeds go to the National Upcycled Computing Collective, Inc., a 501(c)(3) nonprofit organization helping further research and education in computer science, technology and engineering as an (NTEE U41) Research Institute.\r\n\r\nWe accept donations: https://www.paypal.com/paypalme/NUCC\r\n\n\n\n","title":"Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#77d8b8","name":"Misc","id":45640},"android_description":"The Shell On Demand Appliance Machine (S.O.D.A. Machine) at DEF CON provided by the National Upcycled Computing Collective, Inc. (NUCC).\r\n\r\nSo, what's the S.O.D.A. Machine all about? \r\n\r\nPicture this:\r\n\r\nYou're at DEF CON, thirsty for some hacking. You're looking for a virtual machine (VM) to play with but don't want to be chained to your laptop.\r\n\r\nEnter the Shell On Demand Appliance:\r\n\r\nThis heavily modified VM is your gateway to an anonymous VM, available in the Chillout Lounge and accessible over the DEF CON network. \r\n\r\nA fusion of hardware, software, art, and hacking, all encapsulated in a project derived from recycled materials. The S.O.D.A. Machine provides a way for Humans to experience the DEF CON network in a way the secure WiFi won't allow, because the datacenter is inside the S.O.D.A. Machine and directly connected to the NOC.\r\n\r\nSimply insert cash or coins into the bill or coin acceptor to get started. The lights on the buttons will change color depending on availibility.\r\n\r\nA green light means the VM is available and ready.\r\n\r\nAn amber light requests the user to insert more money to ensure fair distribution according to current resources.\r\n\r\nA red light denotes the selection is unavailable.\r\n\r\nOnce you make a selection, the system will deploy the VM to the network and a receipt will be printed.\r\n\r\nOn the receipt, login credentials are provided for you to access your virtual machine via remote shell. You are then able to change the password, install whatever tools and applications you need, making the VM your own.\r\n\r\nWhat you do with the VM is up to you. Should you choose to share your virtual machine with someone outside of the DEF CON network, a Tor address is provided as well.\r\n\r\nAll proceeds go to the National Upcycled Computing Collective, Inc., a 501(c)(3) nonprofit organization helping further research and education in computer science, technology and engineering as an (NTEE U41) Research Institute.\r\n\r\nWe accept donations: https://www.paypal.com/paypalme/NUCC","end_timestamp":{"seconds":1691830800,"nanoseconds":0},"updated_timestamp":{"seconds":1690997580,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Twitter (@ShellsOnDemand)","type":"link","url":"https://twitter.com/ShellsOnDemand"},{"label":"Mastodon (@soda@defcon.social)","type":"link","url":"https://defcon.social/@soda"}],"end":"2023-08-12T09:00:00.000-0000","id":52195,"village_id":null,"tag_ids":[45640,45646,45743],"begin_timestamp":{"seconds":1691769600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 121-123, 129, 137 - Chillout","hotel":"","short_name":"Forum - 121-123, 129, 137 - Chillout","id":45854},"begin":"2023-08-11T16:00:00.000-0000","updated":"2023-08-02T17:33:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Ready to upgrade your skills at the Packet Hacking Village? It’s time to play Packet Detective. A step up in difficulty from Packet Investigator, Packet Detective will test your network hunting abilities at the intermediate level. Come learn some new tricks!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"title":"Packet Detective","android_description":"Ready to upgrade your skills at the Packet Hacking Village? It’s time to play Packet Detective. A step up in difficulty from Packet Investigator, Packet Detective will test your network hunting abilities at the intermediate level. Come learn some new tricks!","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691375460,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":51731,"begin_timestamp":{"seconds":1691769600,"nanoseconds":0},"tag_ids":[40288,45646,45743,45775],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"spans_timebands":"N","updated":"2023-08-07T02:31:00.000-0000","begin":"2023-08-11T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"New to packet-fu? Don't know a pcap from a bottle cap? Packet Inspector is the game for you! We provide the laptops and all necessary tools for you to learn the basics of network analysis, sniffing, and forensics.\n\n\n","title":"Packet Inspector","type":{"conference_id":96,"conference":"DEFCON31","color":"#60b0ba","updated_at":"2024-06-07T03:38+0000","name":"Village Activity","id":45775},"android_description":"New to packet-fu? Don't know a pcap from a bottle cap? Packet Inspector is the game for you! We provide the laptops and all necessary tools for you to learn the basics of network analysis, sniffing, and forensics.","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691375460,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":51730,"village_id":null,"tag_ids":[40288,45646,45743,45775],"begin_timestamp":{"seconds":1691769600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"spans_timebands":"N","begin":"2023-08-11T16:00:00.000-0000","updated":"2023-08-07T02:31:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Fleet is an open-core, cross-platform solution that provides real-time insights using osquery and GitOps-driven management for all your devices, including Mac, Windows, Linux, and ChromeOS. Join the adventure and explore a wonderland of data!\n\n\n","title":"Fleet DefCon 31 Workshop","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"android_description":"Fleet is an open-core, cross-platform solution that provides real-time insights using osquery and GitOps-driven management for all your devices, including Mac, Windows, Linux, and ChromeOS. Join the adventure and explore a wonderland of data!","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691375760,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":51729,"tag_ids":[40288,45646,45719,45743],"begin_timestamp":{"seconds":1691769600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"spans_timebands":"N","begin":"2023-08-11T16:00:00.000-0000","updated":"2023-08-07T02:36:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In this workshop, you'll learn real-world penetration testing techniques for guessing passwords using Hydra, xHydra, and Hashcat.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"title":"Password Lab","android_description":"In this workshop, you'll learn real-world penetration testing techniques for guessing passwords using Hydra, xHydra, and Hashcat.","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691375700,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":51728,"begin_timestamp":{"seconds":1691769600,"nanoseconds":0},"village_id":null,"tag_ids":[40288,45646,45719,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"spans_timebands":"N","updated":"2023-08-07T02:35:00.000-0000","begin":"2023-08-11T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Is regex a mystery to you? We've got your back at the Packet Hacking Village. Our new interactive REGEX Trainer will walk you through learning then doing, giving you a full understanding of how Regular Expressions work. \n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"RegEx Trainer","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"Is regex a mystery to you? We've got your back at the Packet Hacking Village. Our new interactive REGEX Trainer will walk you through learning then doing, giving you a full understanding of how Regular Expressions work.","updated_timestamp":{"seconds":1691375640,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":51727,"village_id":null,"tag_ids":[40288,45646,45719,45743],"begin_timestamp":{"seconds":1691769600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"spans_timebands":"N","updated":"2023-08-07T02:34:00.000-0000","begin":"2023-08-11T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The NetworkOS workshop takes you into the mysterious world underpinning modern computing and global communication: the network itself. Step by step, you'll learn all the basics you need. No experience needed: must know how to type and copy/paste. \n\n\n","title":"NetworkOS: Be The Cloud","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"The NetworkOS workshop takes you into the mysterious world underpinning modern computing and global communication: the network itself. Step by step, you'll learn all the basics you need. No experience needed: must know how to type and copy/paste.","updated_timestamp":{"seconds":1691375700,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":51726,"begin_timestamp":{"seconds":1691769600,"nanoseconds":0},"village_id":null,"tag_ids":[40288,45646,45719,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"begin":"2023-08-11T16:00:00.000-0000","updated":"2023-08-07T02:35:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Are you new to hacking? Want to learn Linux? We have a workshop for you! Interactive style training will teach you the basics of this operating system step by step so you can start your journey.\n\n\n","title":"Linux Trainer Workshop","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"Are you new to hacking? Want to learn Linux? We have a workshop for you! Interactive style training will teach you the basics of this operating system step by step so you can start your journey.","updated_timestamp":{"seconds":1691375580,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":51725,"tag_ids":[40288,45646,45719,45743],"begin_timestamp":{"seconds":1691769600,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"updated":"2023-08-07T02:33:00.000-0000","begin":"2023-08-11T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"BYOB is intended to be a beginner friendly workshop dive into how botnets work. Attendees will use a web application to create a \"dropper\" file. (It is a tiny file whose only purposes is to fetch and execute the next stage of code). Then put the dropper file on another computer to obfuscate the command computer. The dropper is heavily obfuscated and compressed, and is a small python script. Attendees will learn how bot command and control works and cause several bots to probe a potential next target to gain access.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#f7375a","name":"Village Workshop","id":45719},"title":"Build Your Own Botnet","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"android_description":"BYOB is intended to be a beginner friendly workshop dive into how botnets work. Attendees will use a web application to create a \"dropper\" file. (It is a tiny file whose only purposes is to fetch and execute the next stage of code). Then put the dropper file on another computer to obfuscate the command computer. The dropper is heavily obfuscated and compressed, and is a small python script. Attendees will learn how bot command and control works and cause several bots to probe a potential next target to gain access.","updated_timestamp":{"seconds":1691375760,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":51724,"begin_timestamp":{"seconds":1691769600,"nanoseconds":0},"village_id":null,"tag_ids":[40288,45646,45719,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"spans_timebands":"N","updated":"2023-08-07T02:36:00.000-0000","begin":"2023-08-11T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Think you know your way around a honeypot? Come to the Packet Hacking Village for a friendly, fun, low-pressure DEFCON challenge that's open to all! This game is designed for users of all experience levels: bring your own laptop, SSH in, and explore the adventure.\n\n\n","title":"Honey Pot Workshop","type":{"conference_id":96,"conference":"DEFCON31","color":"#f7375a","updated_at":"2024-06-07T03:38+0000","name":"Village Workshop","id":45719},"android_description":"Think you know your way around a honeypot? Come to the Packet Hacking Village for a friendly, fun, low-pressure DEFCON challenge that's open to all! This game is designed for users of all experience levels: bring your own laptop, SSH in, and explore the adventure.","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691375580,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":51723,"begin_timestamp":{"seconds":1691769600,"nanoseconds":0},"village_id":null,"tag_ids":[40288,45646,45719,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"spans_timebands":"N","updated":"2023-08-07T02:33:00.000-0000","begin":"2023-08-11T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The purpose of the Youth Challenge is to provide anyone under the age of 17 with an event for them to participate. Challenges and puzzles incorporate general cybersecurity with an emphasis on OSINT and Social Engineering. Challenges will be crafted in a way that steers participants to different villages with specific goals to broaden their exposure of different subject matter available at DEF CON. There will be a sign-up form prior to DEF CON, as well as encouraging walk-up participation for those who may not have been aware of the offering.\n\n\n","title":"Social Engineering Community (SEC) Youth Challenge","type":{"conference_id":96,"conference":"DEFCON31","color":"#cf74e1","updated_at":"2024-06-07T03:38+0000","name":"Contest","id":45635},"android_description":"The purpose of the Youth Challenge is to provide anyone under the age of 17 with an event for them to participate. Challenges and puzzles incorporate general cybersecurity with an emphasis on OSINT and Social Engineering. Challenges will be crafted in a way that steers participants to different villages with specific goals to broaden their exposure of different subject matter available at DEF CON. There will be a sign-up form prior to DEF CON, as well as encouraging walk-up participation for those who may not have been aware of the offering.","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1690066260,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-12T01:00:00.000-0000","links":[{"label":"Twitter (@sec_defcon)","type":"link","url":"https://twitter.com/sec_defcon"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245387"}],"id":51512,"tag_ids":[45635,45649,45743],"begin_timestamp":{"seconds":1691769600,"nanoseconds":0},"village_id":64,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social A - Social Engineering Community","hotel":"","short_name":"Social A - Social Engineering Community","id":45736},"spans_timebands":"N","updated":"2023-07-22T22:51:00.000-0000","begin":"2023-08-11T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In this competition (#SECVC), teams go toe to toe by placing live vishing (voice phishing) phone calls in front of the Social Engineering Community audience at DEF CON. These calls showcase the duality of ease and complexity of the craft against the various levels of preparedness and defenses by actual companies. Teams can consist of 1-3 individuals, which we hope allows for teams to utilize novel techniques to implement different Social Engineering tactics. Each team has limited time to place as many calls as possible from a soundproof booth. During that time, their goal is to elicit from the receiver as many objectives as possible. Whether you’re an attacker, defender, business executive, or brand new to this community, you can learn by witnessing firsthand how easy it is for some competitors to schmooze their way to their goals and how well prepared some companies are to shut down those competitors! \r\n\r\n2023 judges: Corgi, FC aka freakyclown, and Snow\r\n2023 coaches: Ibetika, JC, C_3PJoe, and Split Beans (last year's SECVC winners: Jenn, Matt, and Sean)\r\n\r\nThis competition takes place on Friday in the Social Engineering Community village, be sure to get there early to get a seat; they fill up fast! Additionally, at the end of Friday, join Snow as she covers the behind the scenes of creating the SECVC, this year's lessons learned, team highlights, and tips for future competitors!\n\n\n","title":"Social Engineering Community (SEC) Vishing Competition","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"android_description":"In this competition (#SECVC), teams go toe to toe by placing live vishing (voice phishing) phone calls in front of the Social Engineering Community audience at DEF CON. These calls showcase the duality of ease and complexity of the craft against the various levels of preparedness and defenses by actual companies. Teams can consist of 1-3 individuals, which we hope allows for teams to utilize novel techniques to implement different Social Engineering tactics. Each team has limited time to place as many calls as possible from a soundproof booth. During that time, their goal is to elicit from the receiver as many objectives as possible. Whether you’re an attacker, defender, business executive, or brand new to this community, you can learn by witnessing firsthand how easy it is for some competitors to schmooze their way to their goals and how well prepared some companies are to shut down those competitors! \r\n\r\n2023 judges: Corgi, FC aka freakyclown, and Snow\r\n2023 coaches: Ibetika, JC, C_3PJoe, and Split Beans (last year's SECVC winners: Jenn, Matt, and Sean)\r\n\r\nThis competition takes place on Friday in the Social Engineering Community village, be sure to get there early to get a seat; they fill up fast! Additionally, at the end of Friday, join Snow as she covers the behind the scenes of creating the SECVC, this year's lessons learned, team highlights, and tips for future competitors!","end_timestamp":{"seconds":1691776800,"nanoseconds":0},"updated_timestamp":{"seconds":1690066080,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"More Information","type":"link","url":"https://www.se.community/vishing-competition/"},{"label":"Website","type":"link","url":"https://www.se.community/events/vishing-competition/"},{"label":"Twitter (@sec_defcon)","type":"link","url":"https://twitter.com/sec_defcon"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245383"}],"end":"2023-08-11T18:00:00.000-0000","id":51511,"begin_timestamp":{"seconds":1691769600,"nanoseconds":0},"tag_ids":[40302,45635,45649,45743],"village_id":64,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social A - Social Engineering Community","hotel":"","short_name":"Social A - Social Engineering Community","id":45736},"begin":"2023-08-11T16:00:00.000-0000","updated":"2023-07-22T22:48:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Don't know how to make a network cable and want to learn? Has it been years? Or do you think you're a pro? Come test your skills against the clock, and make the best cable at con!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"title":"HardWired","android_description":"Don't know how to make a network cable and want to learn? Has it been years? Or do you think you're a pro? Come test your skills against the clock, and make the best cable at con!","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691375520,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-12T01:00:00.000-0000","links":[{"label":"Aries Security","type":"link","url":"https://www.ariessecurity.com"},{"label":"Capture the Packet","type":"link","url":"https://www.capturethepacket.com"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245293"},{"label":"Twitter (@wallofsheep)","type":"link","url":"https://twitter.com/@wallofsheep"},{"label":"Twitter (@capturetp)","type":"link","url":"https://twitter.com/@capturetp"}],"id":51485,"begin_timestamp":{"seconds":1691769600,"nanoseconds":0},"village_id":null,"tag_ids":[40288,45635,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 411-414 - Packet Hacking Village","hotel":"","short_name":"Academy - 411-414 - Packet Hacking Village","id":45871},"spans_timebands":"N","begin":"2023-08-11T16:00:00.000-0000","updated":"2023-08-07T02:32:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"We’re running the largest live AI hacking event ever in the AI village this year. Anthropic, Google, HuggingFace, Meta, NVIDIA, OpenAI, and Stability, have all provided models to attack and Scale AI have built the platform. This event is orders of magnitude bigger than any previous AI red team effort. There are observers from the White House, NIST, NSF, and the EU coming to learn from hackers. We built this event to grow the community that knows how to effectively evaluate Large Language Models as it is much more than prompt injections and jailbreaks.\r\n\r\nAI works fundamentally differently to traditional software and only forms a part of a product. Trust and Security of AI in a system thus has to work fundamentally differently to traditional software. This is especially true for generative AI systems. The core difference is AI is a stochastic component of software and is allowed to make a small amount of mistakes. This changes bug hunting, reporting, and payouts.\r\n\r\nCome to this talk to hear about how and why we organized this, and the history of algorithmic & bias bounties that led up to the largest one ever at DEFCON 31. We’ll also give you some tips to help you in the contest.\r\n\r\nREFERENCES:\r\n\r\nWe Need Bug Bounties for Bad Algorithms - Amit Elazari - https://www.vice.com/en/article/8xkyj3/we-need-bug-bounties-for-bad-algorithms\r\n\r\nIntroducing Twitter’s first algorithmic bias bounty challenge - Rumman Chowdhury & Jutta Williams - https://blog.twitter.com/engineering/en_us/topics/insights/2021/algorithmic-bias-bounty-challenge\r\n\r\nSharing learnings from the first algorithmic bias bounty challenge - Kyra Yee & Irene Font Peradejordi - https://blog.twitter.com/engineering/en_us/topics/insights/2021/learnings-from-the-first-algorithmic-bias-bounty-challenge\r\n\r\nBias Buccaneers - Rumman Chowdhury, Jutta Williams, Subho Majumdar, Scott Steinhardt, Ben Colman - https://www.biasbuccaneers.org/\r\n\r\nAn Algorithmic Framework for Bias Bounties - Ira Globus-Harris, Michael Kearns, Aaron Roth - https://arxiv.org/abs/2201.10408\r\n\r\nMachine Learning Security Evasion Competition - Hyrum Anderson, et al. - https://mlsec.io/ https://cujo.com/announcing-the-winners-of-the-2021-machine-learning-security-evasion-competition/\r\n\r\nMITRE ATLAS - Ram Shankar Siva Kumar, et al - https://atlas.mitre.org/\r\n\r\nThe Spherical Cow of ML Security - Sven Cattell - http://aivillage.org/adversarial%20ml/spherical-cow/\r\n\r\nThe Case for a Hippocratic Oath for Connected Medical Devices: Viewpoint - Beau Woods, Andrea Coravos, and Joshua David Corman - https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6444210/\r\n\r\nAnnouncing OpenAI’s Bug Bounty Program - https://openai.com/blog/bug-bounty-program\r\n\r\nMicrosoft Malware Classification Challenge - Royi Ronen, Marian Radu, Corina Feuerstein, Elad Yom-Tov, Mansour Ahmadi - https://www.kaggle.com/c/malware-classification https://arxiv.org/abs/1802.10135\n\n\n","title":"Growing the Community of AI Hackers with the Generative Red Team","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"android_description":"We’re running the largest live AI hacking event ever in the AI village this year. Anthropic, Google, HuggingFace, Meta, NVIDIA, OpenAI, and Stability, have all provided models to attack and Scale AI have built the platform. This event is orders of magnitude bigger than any previous AI red team effort. There are observers from the White House, NIST, NSF, and the EU coming to learn from hackers. We built this event to grow the community that knows how to effectively evaluate Large Language Models as it is much more than prompt injections and jailbreaks.\r\n\r\nAI works fundamentally differently to traditional software and only forms a part of a product. Trust and Security of AI in a system thus has to work fundamentally differently to traditional software. This is especially true for generative AI systems. The core difference is AI is a stochastic component of software and is allowed to make a small amount of mistakes. This changes bug hunting, reporting, and payouts.\r\n\r\nCome to this talk to hear about how and why we organized this, and the history of algorithmic & bias bounties that led up to the largest one ever at DEFCON 31. We’ll also give you some tips to help you in the contest.\r\n\r\nREFERENCES:\r\n\r\nWe Need Bug Bounties for Bad Algorithms - Amit Elazari - https://www.vice.com/en/article/8xkyj3/we-need-bug-bounties-for-bad-algorithms\r\n\r\nIntroducing Twitter’s first algorithmic bias bounty challenge - Rumman Chowdhury & Jutta Williams - https://blog.twitter.com/engineering/en_us/topics/insights/2021/algorithmic-bias-bounty-challenge\r\n\r\nSharing learnings from the first algorithmic bias bounty challenge - Kyra Yee & Irene Font Peradejordi - https://blog.twitter.com/engineering/en_us/topics/insights/2021/learnings-from-the-first-algorithmic-bias-bounty-challenge\r\n\r\nBias Buccaneers - Rumman Chowdhury, Jutta Williams, Subho Majumdar, Scott Steinhardt, Ben Colman - https://www.biasbuccaneers.org/\r\n\r\nAn Algorithmic Framework for Bias Bounties - Ira Globus-Harris, Michael Kearns, Aaron Roth - https://arxiv.org/abs/2201.10408\r\n\r\nMachine Learning Security Evasion Competition - Hyrum Anderson, et al. - https://mlsec.io/ https://cujo.com/announcing-the-winners-of-the-2021-machine-learning-security-evasion-competition/\r\n\r\nMITRE ATLAS - Ram Shankar Siva Kumar, et al - https://atlas.mitre.org/\r\n\r\nThe Spherical Cow of ML Security - Sven Cattell - http://aivillage.org/adversarial%20ml/spherical-cow/\r\n\r\nThe Case for a Hippocratic Oath for Connected Medical Devices: Viewpoint - Beau Woods, Andrea Coravos, and Joshua David Corman - https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6444210/\r\n\r\nAnnouncing OpenAI’s Bug Bounty Program - https://openai.com/blog/bug-bounty-program\r\n\r\nMicrosoft Malware Classification Challenge - Royi Ronen, Marian Radu, Corina Feuerstein, Elad Yom-Tov, Mansour Ahmadi - https://www.kaggle.com/c/malware-classification https://arxiv.org/abs/1802.10135","end_timestamp":{"seconds":1691772300,"nanoseconds":0},"updated_timestamp":{"seconds":1688179500,"nanoseconds":0},"speakers":[{"content_ids":[50651,52063],"conference_id":96,"event_ids":[50846,52282],"name":"Sven Cattell","affiliations":[{"organization":"nbhd.ai & AI Village","title":"Founder"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@comathematician"}],"pronouns":"he/him","media":[],"id":49937,"title":"Founder at nbhd.ai & AI Village"},{"content_ids":[50651,50652,51521],"conference_id":96,"event_ids":[50846,50847,51677],"name":"Austin Carson","affiliations":[{"organization":"SeedAI","title":"Founder & President"}],"links":[],"pronouns":"he/him","media":[],"id":49938,"title":"Founder & President at SeedAI"},{"content_ids":[51521,50651],"conference_id":96,"event_ids":[50846,51677],"name":"Rumman Chowdhury","affiliations":[{"organization":"Humane Intelligence","title":"Co-Founder and CEO"}],"pronouns":null,"links":[{"description":"","title":"Website","sort_order":0,"url":"https://www.rummanchowdhury.com"}],"media":[],"id":50633,"title":"Co-Founder and CEO at Humane Intelligence"}],"timeband_id":990,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246104"}],"end":"2023-08-11T16:45:00.000-0000","id":50846,"tag_ids":[45589,45646,45766],"begin_timestamp":{"seconds":1691769600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49938},{"tag_id":45590,"sort_order":1,"person_id":50633},{"tag_id":45590,"sort_order":1,"person_id":49937}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45694,"name":"Caesars Forum - Academy - 407-410 - Track 4","hotel":"","short_name":"Academy - 407-410 - Track 4","id":45799},"begin":"2023-08-11T16:00:00.000-0000","updated":"2023-07-01T02:45:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The hacker community has long conducted important security research that skates the edge of legality. This has led to charges and lawsuits, bogus and serious alike, against hackers. In this panel, we’ll hear from a hacker that faced legal challenges, we’ll describe what legal counseling for hackers looks like in practice, and we’ll discuss a new resource for the hacker community: the Security Research Legal Defense Fund.\r\n\r\nLegal issues can arise for good faith hackers because computer or software owners want to prevent security research or vulnerability disclosure. Security researchers have rights and defenses against legal claims, but don’t always have access to representation or resources to defend themselves. EFF provides free legal counseling, ideally in advance of security researchers conducting their work so they can steer clear of problematic activity or at least mitigate the risk of legal threats. In litigation, EFF tries to find cases that will advance legal rights for the entire community, but many individuals will need representation even when their particular cases will not have a broader impact. In those cases, EFF endeavors to refer people to cooperating counsel, which can be difficult if funds are not available.\r\n\r\nWhat is it like, as a hacker, to face legal threats? What are the common ways hackers encounter legal threats? When that happens, what should hackers do? What is it really like to provide legal representation to hackers? Are there areas of the world with greater or lesser access to legal rights and representation? What resources can hackers leverage to protect themselves, their rights, and others in the community? Join us and find out!\r\n\r\nREFERENCES:\r\n1) Stanford student vulnerability disclosure, 2021.\r\n2) MBTA vs. Anderson, 2008.\r\n3) US Department of Justice Computer 2022 Fraud and Abuse Act charging policy.\r\n4) Librarian of Congress good faith security research exception to DMCA Section 1201. \r\n5) Disclose.io\r\n6) SecurityResearchLegalDefenseFund.org \n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#2c8f07","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Official Talk","id":45589},"title":"The Hackers, The Lawyers, And The Defense Fund","android_description":"The hacker community has long conducted important security research that skates the edge of legality. This has led to charges and lawsuits, bogus and serious alike, against hackers. In this panel, we’ll hear from a hacker that faced legal challenges, we’ll describe what legal counseling for hackers looks like in practice, and we’ll discuss a new resource for the hacker community: the Security Research Legal Defense Fund.\r\n\r\nLegal issues can arise for good faith hackers because computer or software owners want to prevent security research or vulnerability disclosure. Security researchers have rights and defenses against legal claims, but don’t always have access to representation or resources to defend themselves. EFF provides free legal counseling, ideally in advance of security researchers conducting their work so they can steer clear of problematic activity or at least mitigate the risk of legal threats. In litigation, EFF tries to find cases that will advance legal rights for the entire community, but many individuals will need representation even when their particular cases will not have a broader impact. In those cases, EFF endeavors to refer people to cooperating counsel, which can be difficult if funds are not available.\r\n\r\nWhat is it like, as a hacker, to face legal threats? What are the common ways hackers encounter legal threats? When that happens, what should hackers do? What is it really like to provide legal representation to hackers? Are there areas of the world with greater or lesser access to legal rights and representation? What resources can hackers leverage to protect themselves, their rights, and others in the community? Join us and find out!\r\n\r\nREFERENCES:\r\n1) Stanford student vulnerability disclosure, 2021.\r\n2) MBTA vs. Anderson, 2008.\r\n3) US Department of Justice Computer 2022 Fraud and Abuse Act charging policy.\r\n4) Librarian of Congress good faith security research exception to DMCA Section 1201. \r\n5) Disclose.io\r\n6) SecurityResearchLegalDefenseFund.org","end_timestamp":{"seconds":1691772300,"nanoseconds":0},"updated_timestamp":{"seconds":1688339160,"nanoseconds":0},"speakers":[{"content_ids":[50571,50614,51515,51499],"conference_id":96,"event_ids":[50722,50809,51655,51671],"name":"Harley Geiger","affiliations":[{"organization":"Venable LLP","title":"Counsel"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/HarleyGeiger"}],"media":[],"id":49789,"title":"Counsel at Venable LLP"},{"content_ids":[50571,51526],"conference_id":96,"event_ids":[50809,51682],"name":"Kurt Opsahl","affiliations":[{"organization":"Filecoin Foundation","title":"Associate General Counsel for Cybersecurity and Civil Liberties Policy"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/KurtOpsahl"}],"media":[],"id":49790,"title":"Associate General Counsel for Cybersecurity and Civil Liberties Policy at Filecoin Foundation"},{"content_ids":[50571],"conference_id":96,"event_ids":[50809],"name":"Miles McCain","affiliations":[{"organization":"Stanford University","title":"Student"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/MilesMcCain"}],"media":[],"id":49791,"title":"Student at Stanford University"},{"content_ids":[50639,50571],"conference_id":96,"event_ids":[50809,50819],"name":"Hannah Zhao","affiliations":[{"organization":"Electronic Frontier Foundation","title":"Staff Attorney"}],"links":[{"description":"","title":"About","sort_order":0,"url":"https://www.eff.org/about/staff/hannah-zhao"}],"pronouns":"she/her","media":[],"id":49909,"title":"Staff Attorney at Electronic Frontier Foundation"},{"content_ids":[50571],"conference_id":96,"event_ids":[50809],"name":"Charley Snyder","affiliations":[{"organization":"Google","title":"Head of Security Policy"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/charley_snyder_"}],"media":[],"id":50162,"title":"Head of Security Policy at Google"}],"timeband_id":990,"end":"2023-08-11T16:45:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245742"}],"id":50809,"begin_timestamp":{"seconds":1691769600,"nanoseconds":0},"tag_ids":[45589,45646,45766],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50162},{"tag_id":45590,"sort_order":1,"person_id":49909},{"tag_id":45590,"sort_order":1,"person_id":49789},{"tag_id":45590,"sort_order":1,"person_id":49790},{"tag_id":45590,"sort_order":1,"person_id":49791}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 130-134 - Track 3","hotel":"","short_name":"Forum - 130-134 - Track 3","id":45798},"begin":"2023-08-11T16:00:00.000-0000","updated":"2023-07-02T23:06:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Dark Tangent, aka Jeff Moss, welcomes attendees to DEF CON 31.\n\n\n","title":"Welcome to DEF CON 31","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"android_description":"The Dark Tangent, aka Jeff Moss, welcomes attendees to DEF CON 31.","end_timestamp":{"seconds":1691770800,"nanoseconds":0},"updated_timestamp":{"seconds":1690588020,"nanoseconds":0},"speakers":[{"content_ids":[50593,50677,50679,50680],"conference_id":96,"event_ids":[50780,50790,50799,50852],"name":"Jeff \"The Dark Tangent\" Moss","affiliations":[{"organization":"DEF CON Communications","title":""}],"links":[{"description":"","title":"Mastodon (@thedarktangent@defcon.social)","sort_order":0,"url":"https://defcon.social/@thedarktangent"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/thedarktangent"}],"pronouns":"he/him","media":[{"hash_sha256":"f53ed4086958b3703d597c50fe74eef1800cf474aa3d17c0895bf89d6c05716f","filetype":"image/jpeg","hash_md5":"8104a1f4b82a4241208b7f6b9112ebf2","name":"thedarktangent_avatar.jpeg","hash_crc32c":"4ae7af86","asset_id":273,"filesize":2064,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/DEFCON31%2Fthedarktangent_avatar.jpeg?alt=media","person_id":49741}],"id":49741,"title":"DEF CON Communications"}],"timeband_id":990,"links":[],"end":"2023-08-11T16:20:00.000-0000","id":50799,"begin_timestamp":{"seconds":1691769600,"nanoseconds":0},"tag_ids":[45589,45646,45766],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49741}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"updated":"2023-07-28T23:47:00.000-0000","begin":"2023-08-11T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Veilid is an open-source, peer-to-peer, mobile-first networked application framework, with a flagship secure messaging application named VeilidChat. Veilid is conceptually similar to IPFS + Tor, but faster and designed from the ground-up to provide all services over a privately routed network. The network also enables development of distributed applications without a 'blockchain' or a 'transactional layer' at their base. Veilid can be included as part of user-facing applications or run as a standalone server for power users who wish to help build the network.\r\n\r\nArchitecturally, it is written in Rust, uses strong encryption, and nodes can run on Linux, Mac, Windows, Android, iOS, and in-browser WASM. Low-level protocols over UDP, raw TCP, Websockets and Secure Websockets. Nodes are optimized for low latency, high node churn, and are particularly capable of dealing with low level network changes, such as switching from cellular to wifi networks mid-communication.\r\n\r\nThis talk will focus on the internals of Veilid:\r\n* How it works as a protocol\r\n* How it leverages strong cryptography to provide private communications\r\n* How it provides decentralized storage and cryptographically sound data structures\r\n* How applications are written to leverage the Veilid Network\r\n\r\nWe will demonstrate Veilid Server, and VeilidChat, the application.\r\n\r\nREFERENCES:\r\nTor Project: www.torproject.org\r\nIPFS: www.ipfs.tech\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"title":"The Internals of Veilid, a New Decentralized Application Framework","android_description":"Veilid is an open-source, peer-to-peer, mobile-first networked application framework, with a flagship secure messaging application named VeilidChat. Veilid is conceptually similar to IPFS + Tor, but faster and designed from the ground-up to provide all services over a privately routed network. The network also enables development of distributed applications without a 'blockchain' or a 'transactional layer' at their base. Veilid can be included as part of user-facing applications or run as a standalone server for power users who wish to help build the network.\r\n\r\nArchitecturally, it is written in Rust, uses strong encryption, and nodes can run on Linux, Mac, Windows, Android, iOS, and in-browser WASM. Low-level protocols over UDP, raw TCP, Websockets and Secure Websockets. Nodes are optimized for low latency, high node churn, and are particularly capable of dealing with low level network changes, such as switching from cellular to wifi networks mid-communication.\r\n\r\nThis talk will focus on the internals of Veilid:\r\n* How it works as a protocol\r\n* How it leverages strong cryptography to provide private communications\r\n* How it provides decentralized storage and cryptographically sound data structures\r\n* How applications are written to leverage the Veilid Network\r\n\r\nWe will demonstrate Veilid Server, and VeilidChat, the application.\r\n\r\nREFERENCES:\r\nTor Project: www.torproject.org\r\nIPFS: www.ipfs.tech","end_timestamp":{"seconds":1691772300,"nanoseconds":0},"updated_timestamp":{"seconds":1689785160,"nanoseconds":0},"speakers":[{"content_ids":[50671],"conference_id":96,"event_ids":[50777],"name":"Christien \"DilDog\" Rioux","affiliations":[{"organization":"Cult Of The Dead Cow","title":""}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@dildog"}],"pronouns":"he/him","media":[],"id":49969,"title":"Cult Of The Dead Cow"},{"content_ids":[50671],"conference_id":96,"event_ids":[50777],"name":"Katelyn \"Medus4\" Bowden","affiliations":[{"organization":"Cult Of The Dead Cow","title":""}],"pronouns":"she/her","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@medus4_cdc"}],"media":[],"id":49970,"title":"Cult Of The Dead Cow"}],"timeband_id":990,"end":"2023-08-11T16:45:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246124"}],"id":50777,"tag_ids":[45589,45592,45630,45646,45766],"begin_timestamp":{"seconds":1691769600,"nanoseconds":0},"village_id":null,"includes":"Demo 💻, Tool 🛠","people":[{"tag_id":45590,"sort_order":1,"person_id":49969},{"tag_id":45590,"sort_order":1,"person_id":49970}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 105,135,136 - Track 1","hotel":"","short_name":"Forum - 105,135,136 - Track 1","id":45796},"spans_timebands":"N","begin":"2023-08-11T16:00:00.000-0000","updated":"2023-07-19T16:46:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"IronPython is a powerful and flexible programming language that has been increasingly used by attackers due to its ability to bypass security controls. This practical workshop will explore the inner workings of IronPython and its unique features that enable sophisticated offensive techniques. Participants will gain hands-on experience in developing IronPython payloads that can evade modern security controls and execute malicious code on target systems.\r\n\r\nThe workshop will cover the following topics:\r\n1. Introduction to IronPython: Basic syntax and usage of IronPython, and how it can be used in offensive scenarios.\r\n2. BYOI and DLR: Bring Your Own Interpreter (BYOI) and Dynamic Language Runtime (DLR) concepts and their role in developing offensive payloads.\r\n3. Malware Development with IronPython: Develop sophisticated payloads that can bypass modern security controls and execute malicious code on target systems.\r\n4. Anti-Forensics and Evasion Techniques: Techniques to make the payloads more resilient to forensic analysis and detection.\r\n5. Advanced Techniques: Advanced techniques like using IronPython with C# and PowerShell and integrating the payloads with other offensive tools.\r\n\r\nThis workshop is designed for offensive security professionals, red teamers, penetration testers, and anyone interested in exploring the capabilities of IronPython for offensive purposes. Participants should have a basic understanding of Python and programming concepts. By the end of the workshop, participants will have a deeper understanding of IronPython and its capabilities for developing offensive payloads.\r\n\r\nSkill Level: Intermediate\r\n\r\nPrerequisites for students: \r\n- A familiarity with python is preferred, but not required.\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- Laptop with Windows or other Windows VM\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#eab14f","name":"DEF CON Workshop","id":45634},"title":"Snakes on a Screen: Taming Offensive IronPython Techniques (Pre-Registration Required)","android_description":"IronPython is a powerful and flexible programming language that has been increasingly used by attackers due to its ability to bypass security controls. This practical workshop will explore the inner workings of IronPython and its unique features that enable sophisticated offensive techniques. Participants will gain hands-on experience in developing IronPython payloads that can evade modern security controls and execute malicious code on target systems.\r\n\r\nThe workshop will cover the following topics:\r\n1. Introduction to IronPython: Basic syntax and usage of IronPython, and how it can be used in offensive scenarios.\r\n2. BYOI and DLR: Bring Your Own Interpreter (BYOI) and Dynamic Language Runtime (DLR) concepts and their role in developing offensive payloads.\r\n3. Malware Development with IronPython: Develop sophisticated payloads that can bypass modern security controls and execute malicious code on target systems.\r\n4. Anti-Forensics and Evasion Techniques: Techniques to make the payloads more resilient to forensic analysis and detection.\r\n5. Advanced Techniques: Advanced techniques like using IronPython with C# and PowerShell and integrating the payloads with other offensive tools.\r\n\r\nThis workshop is designed for offensive security professionals, red teamers, penetration testers, and anyone interested in exploring the capabilities of IronPython for offensive purposes. Participants should have a basic understanding of Python and programming concepts. By the end of the workshop, participants will have a deeper understanding of IronPython and its capabilities for developing offensive payloads.\r\n\r\nSkill Level: Intermediate\r\n\r\nPrerequisites for students: \r\n- A familiarity with python is preferred, but not required.\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- Laptop with Windows or other Windows VM","end_timestamp":{"seconds":1691784000,"nanoseconds":0},"updated_timestamp":{"seconds":1688057400,"nanoseconds":0},"speakers":[{"content_ids":[50633],"conference_id":96,"event_ids":[50741],"name":"Anthony \"Coin\" Rose","affiliations":[{"organization":"BC Security","title":"Director of Security Researcher"}],"links":[{"description":"","title":"Blog","sort_order":0,"url":"https://www.bc-security.org/blog/"}],"pronouns":null,"media":[],"id":49893,"title":"Director of Security Researcher at BC Security"},{"content_ids":[50633],"conference_id":96,"event_ids":[50741],"name":"Gannon “Dorf” Gebauer","affiliations":[{"organization":"BC Security","title":"Security Consultant"}],"links":[],"pronouns":null,"media":[],"id":49894,"title":"Security Consultant at BC Security"},{"content_ids":[50633],"conference_id":96,"event_ids":[50741],"name":"Vincent \"Vinnybod\" Rose","affiliations":[{"organization":"Empire and Starkiller","title":"Lead Developer"}],"pronouns":null,"links":[{"description":"","title":"Blog","sort_order":0,"url":"https://www.bc-security.org/blog/"}],"media":[],"id":49895,"title":"Lead Developer at Empire and Starkiller"}],"timeband_id":990,"links":[],"end":"2023-08-11T20:00:00.000-0000","id":50741,"begin_timestamp":{"seconds":1691769600,"nanoseconds":0},"tag_ids":[45634,45654,45743,45877],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49893},{"tag_id":45590,"sort_order":1,"person_id":49894},{"tag_id":45590,"sort_order":1,"person_id":49895}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"spans_timebands":"N","begin":"2023-08-11T16:00:00.000-0000","updated":"2023-06-29T16:50:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Command and Control (C2) is a crucial component of modern Red Teams and Advanced Persistent Threats (APTs), enabling persistent connections to target networks and facilitating the spread of control throughout the infrastructure. This comprehensive workshop will provide an in-depth understanding of C2 concepts by utilizing the open-source Empire C2 framework. Participants will gain valuable insights into the deployment, features, and real-world application of C2 in offensive security. Attendees will learn how to leverage the powerful Empire framework to create, customize, and execute advanced attack scenarios, honing their skills as red team operators.\r\n\r\nThe workshop will cover a range of topics, from setting up Empire, understanding listeners, stagers, and agents, to exploring Empire's modules and evasion techniques. Participants will engage in hands-on exercises, building their proficiency in configuring and deploying Empire servers, interacting with clients, and implementing various listeners and modules. The workshop will culminate in a mini Capture-The-Flag (CTF) challenge, where attendees will apply their newfound knowledge in a cloud-hosted environment provided by the instructors.\r\n\r\nSkill Level: Beginner\r\n\r\nPrerequisites for students: \r\n- Basic computer abilities\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- Laptop with a Kali Linux VM\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#eab14f","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Workshop","id":45634},"title":"Long Live the Empire: A C2 Workshop for Modern Red Teaming (Pre-Registration Required)","android_description":"Command and Control (C2) is a crucial component of modern Red Teams and Advanced Persistent Threats (APTs), enabling persistent connections to target networks and facilitating the spread of control throughout the infrastructure. This comprehensive workshop will provide an in-depth understanding of C2 concepts by utilizing the open-source Empire C2 framework. Participants will gain valuable insights into the deployment, features, and real-world application of C2 in offensive security. Attendees will learn how to leverage the powerful Empire framework to create, customize, and execute advanced attack scenarios, honing their skills as red team operators.\r\n\r\nThe workshop will cover a range of topics, from setting up Empire, understanding listeners, stagers, and agents, to exploring Empire's modules and evasion techniques. Participants will engage in hands-on exercises, building their proficiency in configuring and deploying Empire servers, interacting with clients, and implementing various listeners and modules. The workshop will culminate in a mini Capture-The-Flag (CTF) challenge, where attendees will apply their newfound knowledge in a cloud-hosted environment provided by the instructors.\r\n\r\nSkill Level: Beginner\r\n\r\nPrerequisites for students: \r\n- Basic computer abilities\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- Laptop with a Kali Linux VM","end_timestamp":{"seconds":1691784000,"nanoseconds":0},"updated_timestamp":{"seconds":1688056920,"nanoseconds":0},"speakers":[{"content_ids":[50629],"conference_id":96,"event_ids":[50737],"name":"Jake \"Hubbl3\" Krasnov","affiliations":[{"organization":"BC Security","title":"Red Team Operations Lead"}],"pronouns":null,"links":[{"description":"","title":"Blog","sort_order":0,"url":"https://www.bc-security.org/blog/"}],"media":[],"id":49885,"title":"Red Team Operations Lead at BC Security"},{"content_ids":[50629,51001],"conference_id":96,"event_ids":[50737,51039],"name":"Kevin “Kent” Clark","affiliations":[{"organization":"TrustedSec","title":"Security Consultant"},{"organization":"BC Security","title":"Red Team Instructor"}],"links":[{"description":"","title":"Blog","sort_order":0,"url":"https://henpeebin.com/kevin/blog"}],"pronouns":null,"media":[],"id":49886,"title":"Red Team Instructor at BC Security"},{"content_ids":[50629],"conference_id":96,"event_ids":[50737],"name":"Dylan \"CyberStryke\" Butler","affiliations":[{"organization":"BC Security","title":"Offensive Infrastructure Developer"}],"links":[],"pronouns":null,"media":[],"id":49887,"title":"Offensive Infrastructure Developer at BC Security"}],"timeband_id":990,"links":[{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/jake-hubble-krasnov-a-c2-workshop-for-modern-red-teaming-tickets-668373682677?aff=oddtdtcreator"}],"end":"2023-08-11T20:00:00.000-0000","id":50737,"begin_timestamp":{"seconds":1691769600,"nanoseconds":0},"tag_ids":[45634,45652,45743,45877],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49887},{"tag_id":45590,"sort_order":1,"person_id":49885},{"tag_id":45590,"sort_order":1,"person_id":49886}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"updated":"2023-06-29T16:42:00.000-0000","begin":"2023-08-11T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Welcome to the world of Android Hacking! This is a hands-on workshop designed to introduce you to the knowledge, tools and techniques for analyzing and exploiting vulnerabilities in Android applications.\r\n\r\nThe workshop will start by presenting hacking for good, insights on the Android bug bounty, then it will cover the basic concepts of Android applications, walk you through industry standard tools and techniques and then let you experiment on your own with our Android reverse engineering CTF!\r\n\r\nCome and hack with us!\r\n\r\nThe workshop requires no prior knowledge of Android or reverse engineering.\r\n\r\nSkill Level: Beginner to Intermediate\r\n\r\nPrerequisites for students:\r\n- Before the workshop, students should follow the setup instructions to ensure they can start working on the CTFs in the workshop: https://tinyurl.com/aah-setup\r\n- There is no pre-required knowledge.\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- Laptop with 20+ GB free hard disk space 4+ GB RAM\r\n- Mac. Windows 7/8 , Ubuntu 12.x + (64 bit Operating System),\r\n- ADB\r\n- apktool\r\n- Python & pip\r\n- JDK\r\n- jadx\r\n- Burp Suite\r\n- Wireshark\r\n- Frida\r\n- Ghidra\r\n- Administrative access on your laptop\n\n\n","title":"Android App Hacking - Hacking for Good! (Pre-Registration Required)","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#eab14f","name":"DEF CON Workshop","id":45634},"end_timestamp":{"seconds":1691784000,"nanoseconds":0},"android_description":"Welcome to the world of Android Hacking! This is a hands-on workshop designed to introduce you to the knowledge, tools and techniques for analyzing and exploiting vulnerabilities in Android applications.\r\n\r\nThe workshop will start by presenting hacking for good, insights on the Android bug bounty, then it will cover the basic concepts of Android applications, walk you through industry standard tools and techniques and then let you experiment on your own with our Android reverse engineering CTF!\r\n\r\nCome and hack with us!\r\n\r\nThe workshop requires no prior knowledge of Android or reverse engineering.\r\n\r\nSkill Level: Beginner to Intermediate\r\n\r\nPrerequisites for students:\r\n- Before the workshop, students should follow the setup instructions to ensure they can start working on the CTFs in the workshop: https://tinyurl.com/aah-setup\r\n- There is no pre-required knowledge.\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- Laptop with 20+ GB free hard disk space 4+ GB RAM\r\n- Mac. Windows 7/8 , Ubuntu 12.x + (64 bit Operating System),\r\n- ADB\r\n- apktool\r\n- Python & pip\r\n- JDK\r\n- jadx\r\n- Burp Suite\r\n- Wireshark\r\n- Frida\r\n- Ghidra\r\n- Administrative access on your laptop","updated_timestamp":{"seconds":1689081840,"nanoseconds":0},"speakers":[{"content_ids":[50626],"conference_id":96,"event_ids":[50734],"name":"Maria Uretsky","affiliations":[{"organization":"Google","title":""}],"links":[],"pronouns":null,"media":[],"id":49877,"title":"Google"},{"content_ids":[50626],"conference_id":96,"event_ids":[50734],"name":"Kavia Venkatesh","affiliations":[{"organization":"Google","title":"Technical Program Manager on the Android Security Team"}],"links":[],"pronouns":null,"media":[],"id":49878,"title":"Technical Program Manager on the Android Security Team at Google"},{"content_ids":[50626],"conference_id":96,"event_ids":[50734],"name":"Sajjad \"JJ\" Arshad","affiliations":[{"organization":"Google","title":"Senior Security SWE, Android Security & Privacy team"}],"links":[],"pronouns":null,"media":[],"id":49879,"title":"Senior Security SWE, Android Security & Privacy team at Google"},{"content_ids":[50626],"conference_id":96,"event_ids":[50734],"name":"Olivier Tuchon","affiliations":[{"organization":"Google","title":"Security Engineer, Android Vulnerability Research team"}],"links":[],"pronouns":null,"media":[],"id":49880,"title":"Security Engineer, Android Vulnerability Research team at Google"}],"timeband_id":990,"links":[{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/maria-uretsky-android-app-hacking-hacking-for-good-tickets-668372990607?aff=oddtdtcreator"},{"label":"Setup Instructions","type":"link","url":"https://tinyurl.com/aah-setup"}],"end":"2023-08-11T20:00:00.000-0000","id":50734,"begin_timestamp":{"seconds":1691769600,"nanoseconds":0},"tag_ids":[45634,45653,45743,45877],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49878},{"tag_id":45590,"sort_order":1,"person_id":49877},{"tag_id":45590,"sort_order":1,"person_id":49880},{"tag_id":45590,"sort_order":1,"person_id":49879}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"updated":"2023-07-11T13:24:00.000-0000","begin":"2023-08-11T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This workshop is a beginner's introduction to deep learning with neural networks, going from fundamentals to the latest in models for image editing, object recognition, and automated pen testing using large language models. It starts with an introduction to the theory behind deep learning, with a few toy examples to give students a feel for how these systems are built. From there we shift focus to a tour of state of the art models with a focus on running open source models locally independent of proprietary corporate systems. These systems include captcha defeat, video search and tracking, and image editing, among others. Finally, students perform a pen testing capstone using AutoGPT and HuggingGPT to understand the latest in emergent large language model reasoning capabilities. Students should have a basic understanding of how to write Python code, the class will build from there. A laptop with 8Gb of RAM and 100GB of free space will be sufficient. Students may bring laptops with more powerful GPUs, but online resources will be available for more GPU intensive models.\r\n\r\nSkill Level: Beginner\r\n\r\nPrerequisites for students: \r\n- None, this workshop will walk through all steps required to use and apply the models.\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- A laptop with at least 8Gb of RAM and 100GB available hard drive space. Must also be able to run a Linux based VM. This isn't meant to be a high bar, free online resources will be used to supplement their laptop for larger models.\r\n- Students will need an OpenAI API token, which will require setting up a paid account with OpenAI. The final cost for API using in this class should be no more than $5. I wish there was not a requirement for this, but unfortunately some of the cutting edge application I want students to experiment with are only available in high enough quality using OpenAI's products. This may change between this submission and the start date of the class at the rate of current AI advancement.\n\n\n","title":"Getting into Trouble with Machine Learning Models (Pre-Registration Required)","type":{"conference_id":96,"conference":"DEFCON31","color":"#eab14f","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Workshop","id":45634},"end_timestamp":{"seconds":1691784000,"nanoseconds":0},"android_description":"This workshop is a beginner's introduction to deep learning with neural networks, going from fundamentals to the latest in models for image editing, object recognition, and automated pen testing using large language models. It starts with an introduction to the theory behind deep learning, with a few toy examples to give students a feel for how these systems are built. From there we shift focus to a tour of state of the art models with a focus on running open source models locally independent of proprietary corporate systems. These systems include captcha defeat, video search and tracking, and image editing, among others. Finally, students perform a pen testing capstone using AutoGPT and HuggingGPT to understand the latest in emergent large language model reasoning capabilities. Students should have a basic understanding of how to write Python code, the class will build from there. A laptop with 8Gb of RAM and 100GB of free space will be sufficient. Students may bring laptops with more powerful GPUs, but online resources will be available for more GPU intensive models.\r\n\r\nSkill Level: Beginner\r\n\r\nPrerequisites for students: \r\n- None, this workshop will walk through all steps required to use and apply the models.\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- A laptop with at least 8Gb of RAM and 100GB available hard drive space. Must also be able to run a Linux based VM. This isn't meant to be a high bar, free online resources will be used to supplement their laptop for larger models.\r\n- Students will need an OpenAI API token, which will require setting up a paid account with OpenAI. The final cost for API using in this class should be no more than $5. I wish there was not a requirement for this, but unfortunately some of the cutting edge application I want students to experiment with are only available in high enough quality using OpenAI's products. This may change between this submission and the start date of the class at the rate of current AI advancement.","updated_timestamp":{"seconds":1688054820,"nanoseconds":0},"speakers":[{"content_ids":[50623],"conference_id":96,"event_ids":[50731],"name":"Robert Koehlmoos","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49874}],"timeband_id":990,"links":[{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/robert-koehlmoos-getting-into-trouble-with-machine-learning-models-tickets-668368577407?aff=oddtdtcreator"}],"end":"2023-08-11T20:00:00.000-0000","id":50731,"begin_timestamp":{"seconds":1691769600,"nanoseconds":0},"village_id":null,"tag_ids":[45634,45652,45743,45877],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49874}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"spans_timebands":"N","begin":"2023-08-11T16:00:00.000-0000","updated":"2023-06-29T16:07:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Heap exploitation is an incredibly powerful tool for a hacker. As exploit mitigations have made exploitation more difficult, modern exploit development has moved to the heap. However, heap exploitation is a major wall in the binary exploitation journey because of its complexity. To conquer this difficultly, the workshop tackles the complexity head on by diving into the weeds of the allocator directly, taking on many hands-on exercises/challenges and creating easy to grasp diagrams to understand all of the concepts.\r\n\r\nThis workshop is for learning heap exploit development in glibc Malloc, which is the default allocator on most Linux distributions. With this hands-on introduction into glibc Malloc heap exploitation you will learn how the allocator functions, heap specific vulnerability classes and to pwn with a variety of techniques. To make the material easy to consumable, there are many hands-on exercises, a pre-built virtual machine with everything necessary for binary exploitation and an immense amount of visuals for explaining the material. After taking this course you will understand the internals of the glibc Malloc allocator, be able to uncover heap memory vulnerabilities and pwn the heap with a variety of techniques, with the capability to go further into the art afterwards.\r\n\r\nSkill Level: Intermediate\r\n\r\nPrerequisites for students:\r\n- Basic computer science background (x86_64 assembly, stack, programming skills in C & Python)\r\n- Basic binary exploitation skills (buffer overflow exploitation, ROP, ASLR, etc.)\r\n- Familiar with Linux developer tools such as the command line, Python scripting and GDB.\r\n\r\nMaterials or Equipment students will need to bring to participate:\r\n\r\n- Laptop with enough power for a moderately sized Linux VM:\r\n- ARM based MacOS has support through either QEMU or servers that people can use.\r\n- Administrative access to the laptop\r\n- 8GB RAM minimum\r\n- 30GB harddrive space\r\n- Virtualbox or another virtualization platform installed\n\n\n","title":"House of Heap Exploitation (Pre-Registration Required)","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#eab14f","name":"DEF CON Workshop","id":45634},"end_timestamp":{"seconds":1691784000,"nanoseconds":0},"android_description":"Heap exploitation is an incredibly powerful tool for a hacker. As exploit mitigations have made exploitation more difficult, modern exploit development has moved to the heap. However, heap exploitation is a major wall in the binary exploitation journey because of its complexity. To conquer this difficultly, the workshop tackles the complexity head on by diving into the weeds of the allocator directly, taking on many hands-on exercises/challenges and creating easy to grasp diagrams to understand all of the concepts.\r\n\r\nThis workshop is for learning heap exploit development in glibc Malloc, which is the default allocator on most Linux distributions. With this hands-on introduction into glibc Malloc heap exploitation you will learn how the allocator functions, heap specific vulnerability classes and to pwn with a variety of techniques. To make the material easy to consumable, there are many hands-on exercises, a pre-built virtual machine with everything necessary for binary exploitation and an immense amount of visuals for explaining the material. After taking this course you will understand the internals of the glibc Malloc allocator, be able to uncover heap memory vulnerabilities and pwn the heap with a variety of techniques, with the capability to go further into the art afterwards.\r\n\r\nSkill Level: Intermediate\r\n\r\nPrerequisites for students:\r\n- Basic computer science background (x86_64 assembly, stack, programming skills in C & Python)\r\n- Basic binary exploitation skills (buffer overflow exploitation, ROP, ASLR, etc.)\r\n- Familiar with Linux developer tools such as the command line, Python scripting and GDB.\r\n\r\nMaterials or Equipment students will need to bring to participate:\r\n\r\n- Laptop with enough power for a moderately sized Linux VM:\r\n- ARM based MacOS has support through either QEMU or servers that people can use.\r\n- Administrative access to the laptop\r\n- 8GB RAM minimum\r\n- 30GB harddrive space\r\n- Virtualbox or another virtualization platform installed","updated_timestamp":{"seconds":1688052840,"nanoseconds":0},"speakers":[{"content_ids":[50611],"conference_id":96,"event_ids":[50719],"name":"Maxwell Dulin \"Strikeout\"","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49853},{"content_ids":[50611],"conference_id":96,"event_ids":[50719],"name":"Nathan Kirkland","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49854},{"content_ids":[50611],"conference_id":96,"event_ids":[50719],"name":"Zachary Minneker","affiliations":[{"organization":"Security Innovation","title":""}],"links":[],"pronouns":null,"media":[],"id":49855,"title":"Security Innovation"},{"content_ids":[50611],"conference_id":96,"event_ids":[50719],"name":"Kenzie Dolan","affiliations":[{"organization":"Security Innovation","title":"Security Engineer"}],"links":[],"pronouns":null,"media":[],"id":49856,"title":"Security Engineer at Security Innovation"},{"content_ids":[50611],"conference_id":96,"event_ids":[50719],"name":"Elizabeth St. Germain","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49857}],"timeband_id":990,"end":"2023-08-11T20:00:00.000-0000","links":[{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/maxwell-dulin-house-of-heap-exploitation-tickets-668369620527?aff=oddtdtcreator"}],"id":50719,"village_id":null,"tag_ids":[45634,45654,45743,45877],"begin_timestamp":{"seconds":1691769600,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49857},{"tag_id":45590,"sort_order":1,"person_id":49856},{"tag_id":45590,"sort_order":1,"person_id":49853},{"tag_id":45590,"sort_order":1,"person_id":49854},{"tag_id":45590,"sort_order":1,"person_id":49855}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"begin":"2023-08-11T16:00:00.000-0000","updated":"2023-06-29T15:34:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Many parents and guardians bring their children to DEF CON to allow them to experience the same learning, networking, and community that they enjoy. As parents and educators ourselves, we want to help make this experience even more memorable with our Youth Challenge!\r\n\r\nPlease see the \"More Information\" link.\n\n\n","title":"SECV - Youth Challenge","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"end_timestamp":{"seconds":1691800200,"nanoseconds":0},"android_description":"Many parents and guardians bring their children to DEF CON to allow them to experience the same learning, networking, and community that they enjoy. As parents and educators ourselves, we want to help make this experience even more memorable with our Youth Challenge!\r\n\r\nPlease see the \"More Information\" link.","updated_timestamp":{"seconds":1690591380,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"More Information","type":"link","url":"https://www.se.community/youth-challenge/"}],"end":"2023-08-12T00:30:00.000-0000","id":51711,"begin_timestamp":{"seconds":1691767800,"nanoseconds":0},"tag_ids":[40302,45649,45743,45764,45775],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social A - Social Engineering Community","hotel":"","short_name":"Social A - Social Engineering Community","id":45736},"spans_timebands":"N","begin":"2023-08-11T15:30:00.000-0000","updated":"2023-07-29T00:43:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"","title":"SECV Village Open","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#60b0ba","name":"Village Activity","id":45775},"android_description":"","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1690590960,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":51708,"begin_timestamp":{"seconds":1691767800,"nanoseconds":0},"tag_ids":[40302,45649,45743,45775],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45738,"name":"LINQ - 3rd flr - Social A - Social Engineering Community","hotel":"","short_name":"Social A - Social Engineering Community","id":45736},"begin":"2023-08-11T15:30:00.000-0000","updated":"2023-07-29T00:36:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"All merch sales are USD CASH ONLY. No cards will be accepted.\r\n\r\nThe published hours for the merch area are only an approximation: supplies are limited, and when merch is sold out, the merch area will close for the year. (We intend to update this schedule to reflect their true operating status, but this is strictly best-effort.) \r\n\r\nNote that the closing hours here are **when sales must have ended**. For example, if sales must end by 18:00, and we estimate that it will take 2 hours to clear the queue, doors are likely to close around 16:00. Because of this dynamic nature, we can't predict the length of the line or when doors will be closed.\r\n\r\n**PLEASE NOTE**\r\n\r\nThe Saturday open time was incorrectly listed as 08:00, and has been corrected to 09:00. **PLEASE** check stock status in HackerTracker.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#77d8b8","updated_at":"2024-06-07T03:38+0000","name":"Misc","id":45640},"title":"Merch (formerly swag) Area Open -- README","android_description":"All merch sales are USD CASH ONLY. No cards will be accepted.\r\n\r\nThe published hours for the merch area are only an approximation: supplies are limited, and when merch is sold out, the merch area will close for the year. (We intend to update this schedule to reflect their true operating status, but this is strictly best-effort.) \r\n\r\nNote that the closing hours here are **when sales must have ended**. For example, if sales must end by 18:00, and we estimate that it will take 2 hours to clear the queue, doors are likely to close around 16:00. Because of this dynamic nature, we can't predict the length of the line or when doors will be closed.\r\n\r\n**PLEASE NOTE**\r\n\r\nThe Saturday open time was incorrectly listed as 08:00, and has been corrected to 09:00. **PLEASE** check stock status in HackerTracker.","end_timestamp":{"seconds":1691802000,"nanoseconds":0},"updated_timestamp":{"seconds":1691801940,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T01:00:00.000-0000","id":52158,"begin_timestamp":{"seconds":1691766000,"nanoseconds":0},"tag_ids":[45640,45646,45743],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 227-230 - Merch","hotel":"","short_name":"Summit - 227-230 - Merch","id":45857},"updated":"2023-08-12T00:59:00.000-0000","begin":"2023-08-11T15:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Extremely **IMPORTANT** notes regarding human registration:\r\n - These notes apply to human registration only. You are a human if you are not a goon, official speaker, village staff, press, black badge holder, or similar. (If you are one of those, you need to register separately. If you don't know how, see an NFO goon (infobooth).)\r\n - Badges are required for everyone ages 8 and older.\r\n - If you pre-registered, please ensure that your QR code is readily accessible. If you will be presenting it on a smartphone, please ensure that your display is set to maximum brightness as you near the front of the line. \r\n - If you did not pre-register, all badge sales are CASH ONLY! No checks, money orders, credit cards, IOUs, or anything else will be accepted. Please have exact change ready as you near the front of the line.\r\n - To reiterate, **please have exact change ready**.\r\n - If you purchase a DEF CON badge from BlackHat, please get your badge from BlackHat before they close.\r\n - If you lose your badge, there is no way for us to replace it. You'll have to buy a replacement at full price.\r\n - If you are being accompanied by a full-time caretaker (such as someone who will push your wheelchair, and will accompany you at all times), please ask to speak to a Registration Goon. Your caretaker will receive a paper badge that will permit them to accompany you everywhere you go.\r\n - A generic receipt for the cash sale of a badge will be made available on media.defcon.org after the conference. You are welcome to print your own copy of the receipt, if you need a receipt. Printed receipts are not available at the time of purchase.\r\n - Please help us make this a great experience for everyone: **follow directions given by goons** and get in the correct line. Note that there may be one line for all of registration, or there may be two lines (pre-registration vs cash) -- this may change over time, based on available staffing and necessary crowd control.\r\n - Please be patient. The time listed here for the beginning of registration is approximate. We will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; this may be earlier or later than the scheduled time.\r\n - There are no refunds given for cash sales. If you have any doubt, do not buy the badge.\r\n - If you have questions about anything regarding registration, that are not addressed here, please ask to speak to a Registration Goon.\r\n\n\n\n","title":"Human Registration Open","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#77d8b8","name":"Misc","id":45640},"android_description":"Extremely **IMPORTANT** notes regarding human registration:\r\n - These notes apply to human registration only. You are a human if you are not a goon, official speaker, village staff, press, black badge holder, or similar. (If you are one of those, you need to register separately. If you don't know how, see an NFO goon (infobooth).)\r\n - Badges are required for everyone ages 8 and older.\r\n - If you pre-registered, please ensure that your QR code is readily accessible. If you will be presenting it on a smartphone, please ensure that your display is set to maximum brightness as you near the front of the line. \r\n - If you did not pre-register, all badge sales are CASH ONLY! No checks, money orders, credit cards, IOUs, or anything else will be accepted. Please have exact change ready as you near the front of the line.\r\n - To reiterate, **please have exact change ready**.\r\n - If you purchase a DEF CON badge from BlackHat, please get your badge from BlackHat before they close.\r\n - If you lose your badge, there is no way for us to replace it. You'll have to buy a replacement at full price.\r\n - If you are being accompanied by a full-time caretaker (such as someone who will push your wheelchair, and will accompany you at all times), please ask to speak to a Registration Goon. Your caretaker will receive a paper badge that will permit them to accompany you everywhere you go.\r\n - A generic receipt for the cash sale of a badge will be made available on media.defcon.org after the conference. You are welcome to print your own copy of the receipt, if you need a receipt. Printed receipts are not available at the time of purchase.\r\n - Please help us make this a great experience for everyone: **follow directions given by goons** and get in the correct line. Note that there may be one line for all of registration, or there may be two lines (pre-registration vs cash) -- this may change over time, based on available staffing and necessary crowd control.\r\n - Please be patient. The time listed here for the beginning of registration is approximate. We will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; this may be earlier or later than the scheduled time.\r\n - There are no refunds given for cash sales. If you have any doubt, do not buy the badge.\r\n - If you have questions about anything regarding registration, that are not addressed here, please ask to speak to a Registration Goon.","end_timestamp":{"seconds":1691809200,"nanoseconds":0},"updated_timestamp":{"seconds":1691559000,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[],"end":"2023-08-12T03:00:00.000-0000","id":51696,"village_id":null,"tag_ids":[45640,45646,45743],"begin_timestamp":{"seconds":1691766000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 101-103 - Reg","hotel":"","short_name":"Forum - 101-103 - Reg","id":45853},"spans_timebands":"N","begin":"2023-08-11T15:00:00.000-0000","updated":"2023-08-09T05:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"IF the future is coming and it is! Then you're going to need to run! Get started at defcon.run!\r\n\r\nDefcon.run is an evolution of the now long running Defcon 4x5K running event. But now it's bigger and more fun! Due to stupendous growth, we’ve been forced to change up the format. This year's activity will look to match up folks for fun runs, and rucks (!), in smaller distributed groups around Las Vegas. It’s the same old event but at a distributed scale! Show up in the morning to beat the heat, go for a run with folks, have a good time!\r\n\r\nWe’ll have a full set of routes for people to choose from from simple 5Ks to more ambitious distances.\r\n\r\nYou can register to log your distance, we'll have a leader board, and shenanigans! Full Information at https://defcon.run\r\n\r\nInterested parties should rally at Harrah's Goldfield at 06:00, but be sure to check [defcon.run](https://defcon.run) for any updates.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#697bd0","name":"Event","id":45638},"title":"Defcon.run","end_timestamp":{"seconds":1691780400,"nanoseconds":0},"android_description":"IF the future is coming and it is! Then you're going to need to run! Get started at defcon.run!\r\n\r\nDefcon.run is an evolution of the now long running Defcon 4x5K running event. But now it's bigger and more fun! Due to stupendous growth, we’ve been forced to change up the format. This year's activity will look to match up folks for fun runs, and rucks (!), in smaller distributed groups around Las Vegas. It’s the same old event but at a distributed scale! Show up in the morning to beat the heat, go for a run with folks, have a good time!\r\n\r\nWe’ll have a full set of routes for people to choose from from simple 5Ks to more ambitious distances.\r\n\r\nYou can register to log your distance, we'll have a leader board, and shenanigans! Full Information at https://defcon.run\r\n\r\nInterested parties should rally at Harrah's Goldfield at 06:00, but be sure to check [defcon.run](https://defcon.run) for any updates.","updated_timestamp":{"seconds":1690671360,"nanoseconds":0},"speakers":[],"timeband_id":990,"links":[{"label":"Website","type":"link","url":"https://defcon.run"},{"label":"Twitter","type":"link","url":"https://twitter.com/defcon_run"},{"label":"Mastodon (@run@defcon.social)","type":"link","url":"https://defcon.social/@run"}],"end":"2023-08-11T19:00:00.000-0000","id":51593,"begin_timestamp":{"seconds":1691758800,"nanoseconds":0},"village_id":null,"tag_ids":[45638],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Other/See Description","hotel":"","short_name":"Other/See Description","id":45750},"updated":"2023-07-29T22:56:00.000-0000","begin":"2023-08-11T13:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"At 6am on Friday, the @cycle_override crew will be hosting the 11th Defcon Bikeride. We'll meet at a local bikeshop, get some rental bicycles, and about 7am will make the ride out to Red Rocks. It's about a 15 mile ride, all downhill on the return journey. So, if you are crazy enough to join us, get some water, and head over to cycleoverride.org for more info. See you at 6am Friday! @jp_bourget @gdead @heidishmoo. Go to cycleoverride.org for more info.\n\n\n","title":"CycleOverride Defcon Bike Ride","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#697bd0","name":"Event","id":45638},"end_timestamp":{"seconds":1691758800,"nanoseconds":0},"android_description":"At 6am on Friday, the @cycle_override crew will be hosting the 11th Defcon Bikeride. We'll meet at a local bikeshop, get some rental bicycles, and about 7am will make the ride out to Red Rocks. It's about a 15 mile ride, all downhill on the return journey. So, if you are crazy enough to join us, get some water, and head over to cycleoverride.org for more info. See you at 6am Friday! @jp_bourget @gdead @heidishmoo. Go to cycleoverride.org for more info.","updated_timestamp":{"seconds":1690051860,"nanoseconds":0},"speakers":[],"timeband_id":990,"end":"2023-08-11T13:00:00.000-0000","links":[{"label":"Website","type":"link","url":"https://cycleoverride.org/"}],"id":51417,"village_id":null,"begin_timestamp":{"seconds":1691758800,"nanoseconds":0},"tag_ids":[45638],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Other/See Description","hotel":"","short_name":"Other/See Description","id":45750},"begin":"2023-08-11T13:00:00.000-0000","updated":"2023-07-22T18:51:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Featuring performances by:\r\n\r\n - 17:00 – 18:00 – YTCracker\r\n - 18:00 – 19:00 – Delchi\r\n - 19:00 – 20:00 – Talk Sinn\r\n - 20:00 – 21:00 – Grind613\r\n - 21:00 – 22:00 – Alexi Husky\r\n - 22:00 – 23:00 – DJ Scythe\r\n - 23:00 – 00:00 – Syntax\r\n - 00:00 – 01:00 – mattrix\r\n - 01:00 – 02:00 – c0debreaker\r\n\r\nACK Stage is located in front of the doors to rooms 117/118 in the Forum Pre-function 2. Look for the tents and the beats!\r\n\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#9b8b77","updated_at":"2024-06-07T03:38+0000","name":"Entertainment","id":45637},"title":"Music Set / Entertainment (Thursday, ACK Stage)","android_description":"Featuring performances by:\r\n\r\n - 17:00 – 18:00 – YTCracker\r\n - 18:00 – 19:00 – Delchi\r\n - 19:00 – 20:00 – Talk Sinn\r\n - 20:00 – 21:00 – Grind613\r\n - 21:00 – 22:00 – Alexi Husky\r\n - 22:00 – 23:00 – DJ Scythe\r\n - 23:00 – 00:00 – Syntax\r\n - 00:00 – 01:00 – mattrix\r\n - 01:00 – 02:00 – c0debreaker\r\n\r\nACK Stage is located in front of the doors to rooms 117/118 in the Forum Pre-function 2. Look for the tents and the beats!","end_timestamp":{"seconds":1691744400,"nanoseconds":0},"updated_timestamp":{"seconds":1691610660,"nanoseconds":0},"speakers":[{"content_ids":[51530],"conference_id":96,"event_ids":[51686],"name":"Alexi Husky","affiliations":[],"pronouns":null,"links":[{"description":"","title":"MixCloud","sort_order":0,"url":"https://www.mixcloud.com/DemonicBeats/"}],"media":[],"id":50644},{"content_ids":[51530],"conference_id":96,"event_ids":[51686],"name":"c0debreaker","affiliations":[],"links":[{"description":"","title":"Instagram","sort_order":0,"url":"https://www.instagram.com/the_c0debreaker/"}],"pronouns":null,"media":[],"id":50646},{"content_ids":[51530],"conference_id":96,"event_ids":[51686],"name":"Delchi","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/HDA_DEFCON"}],"media":[],"id":50649},{"content_ids":[51530],"conference_id":96,"event_ids":[51686],"name":"DJ Scythe","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Instagram","sort_order":0,"url":"https://www.instagram.com/ooscytheoo/"}],"media":[],"id":50651},{"content_ids":[51530],"conference_id":96,"event_ids":[51686],"name":"Grind613","affiliations":[],"links":[{"description":"","title":"Twitch","sort_order":0,"url":"https://twitch.tv/grind613"}],"pronouns":null,"media":[],"id":50659},{"content_ids":[51530],"conference_id":96,"event_ids":[51686],"name":"mattrix","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Website","sort_order":0,"url":"https://ovou.me/djmattrix"}],"media":[],"id":50666},{"content_ids":[51530],"conference_id":96,"event_ids":[51686],"name":"Syntax","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Twitch","sort_order":0,"url":"https://twitch.tv/syntax976"}],"media":[],"id":50680},{"content_ids":[51530],"conference_id":96,"event_ids":[51686],"name":"Talk Sinn","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Cuteboi_Roxin"}],"pronouns":null,"media":[],"id":50681},{"content_ids":[51530],"conference_id":96,"event_ids":[51686],"name":"YTCracker","affiliations":[],"links":[{"description":"","title":"Website","sort_order":0,"url":"https://ytcracker.com/"}],"pronouns":null,"media":[],"id":50684}],"timeband_id":989,"links":[],"end":"2023-08-11T09:00:00.000-0000","id":51686,"tag_ids":[45637,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691715600,"nanoseconds":0},"includes":"","people":[{"tag_id":45774,"sort_order":1,"person_id":50644},{"tag_id":45774,"sort_order":1,"person_id":50651},{"tag_id":45774,"sort_order":1,"person_id":50649},{"tag_id":45774,"sort_order":1,"person_id":50659},{"tag_id":45774,"sort_order":1,"person_id":50680},{"tag_id":45774,"sort_order":1,"person_id":50681},{"tag_id":45774,"sort_order":1,"person_id":50684},{"tag_id":45774,"sort_order":1,"person_id":50646},{"tag_id":45774,"sort_order":1,"person_id":50666}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45722,"name":"Caesars Forum - Forum Pre-Function 2 - ACK Stage","hotel":"","short_name":"Forum Pre-Function 2 - ACK Stage","id":45901},"spans_timebands":"Y","begin":"2023-08-11T01:00:00.000-0000","updated":"2023-08-09T19:51:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Featuring performances by:\r\n - 18:00 – 19:00 – Dual Core\r\n - 19:00 – 20:00 – NPC Collective\r\n - 20:00 – 21:00 – Bolonium\r\n - 21:00 – 22:00 – The Icarus Kid\r\n - 22:00 – 23:00 – Dries\r\n - 23:00 – 00:00 – Nina Lowe\r\n - 00:00 – 01:00 – PankleDank\r\n - 01:00 – 02:00 – Deepblue\r\n\r\nContent from this stage will be streamed to https://www.twitch.tv/defconorg_entertainment\r\n\n\n\n","title":"Music Set / Entertainment (Thursday, SYN Stage)","type":{"conference_id":96,"conference":"DEFCON31","color":"#9b8b77","updated_at":"2024-06-07T03:38+0000","name":"Entertainment","id":45637},"end_timestamp":{"seconds":1691744400,"nanoseconds":0},"android_description":"Featuring performances by:\r\n - 18:00 – 19:00 – Dual Core\r\n - 19:00 – 20:00 – NPC Collective\r\n - 20:00 – 21:00 – Bolonium\r\n - 21:00 – 22:00 – The Icarus Kid\r\n - 22:00 – 23:00 – Dries\r\n - 23:00 – 00:00 – Nina Lowe\r\n - 00:00 – 01:00 – PankleDank\r\n - 01:00 – 02:00 – Deepblue\r\n\r\nContent from this stage will be streamed to https://www.twitch.tv/defconorg_entertainment","updated_timestamp":{"seconds":1690497600,"nanoseconds":0},"speakers":[{"content_ids":[51529],"conference_id":96,"event_ids":[51685],"name":"Bolonium","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Bandcamp","sort_order":0,"url":"https://bolonium.bandcamp.com/"}],"media":[],"id":50645},{"content_ids":[51529],"conference_id":96,"event_ids":[51685],"name":"Deepblue","affiliations":[],"links":[{"description":"","title":"SoundCloud","sort_order":0,"url":"https://on.soundcloud.com/sY8N1"}],"pronouns":null,"media":[],"id":50648},{"content_ids":[51529],"conference_id":96,"event_ids":[51685],"name":"Dries","affiliations":[],"links":[{"description":"","title":"Instagram","sort_order":0,"url":"https://www.instagram.com/sanderverheijen_"}],"pronouns":null,"media":[],"id":50655},{"content_ids":[51529],"conference_id":96,"event_ids":[51685],"name":"Dual Core","affiliations":[],"links":[{"description":"","title":"Instagram","sort_order":0,"url":"https://www.instagram.com/dualcoremusic"}],"pronouns":null,"media":[],"id":50656},{"content_ids":[51529],"conference_id":96,"event_ids":[51685],"name":"Nina Lowe","affiliations":[],"pronouns":null,"links":[{"description":"","title":"SoundCloud","sort_order":0,"url":"https://soundcloud.com/ninalowe"}],"media":[],"id":50670},{"content_ids":[51529],"conference_id":96,"event_ids":[51685],"name":"NPC Collective","affiliations":[],"links":[{"description":"","title":"Website","sort_order":0,"url":"https://npccollective.com/"}],"pronouns":null,"media":[],"id":50672},{"content_ids":[51529],"conference_id":96,"event_ids":[51685],"name":"PankleDank","affiliations":[],"pronouns":null,"links":[{"description":"","title":"SoundCloud","sort_order":0,"url":"https://soundcloud.com/pankledank"}],"media":[],"id":50674},{"content_ids":[51529],"conference_id":96,"event_ids":[51685],"name":"The Icarus Kid","affiliations":[],"pronouns":null,"links":[{"description":"","title":"Instagram","sort_order":0,"url":"https://www.instagram.com/theicaruskidmusic/"}],"media":[],"id":50682}],"timeband_id":989,"end":"2023-08-11T09:00:00.000-0000","links":[{"label":"Stream","type":"link","url":"https://www.twitch.tv/defconorg_entertainment"}],"id":51685,"begin_timestamp":{"seconds":1691715600,"nanoseconds":0},"village_id":null,"tag_ids":[45637,45646,45766],"includes":"","people":[{"tag_id":45774,"sort_order":1,"person_id":50645},{"tag_id":45774,"sort_order":1,"person_id":50648},{"tag_id":45774,"sort_order":1,"person_id":50655},{"tag_id":45774,"sort_order":1,"person_id":50656},{"tag_id":45774,"sort_order":1,"person_id":50672},{"tag_id":45774,"sort_order":1,"person_id":50670},{"tag_id":45774,"sort_order":1,"person_id":50674},{"tag_id":45774,"sort_order":1,"person_id":50682}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 121-123, 129, 137 - Chillout","hotel":"","short_name":"Forum - 121-123, 129, 137 - Chillout","id":45854},"spans_timebands":"Y","updated":"2023-07-27T22:40:00.000-0000","begin":"2023-08-11T01:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"DEF CON 101 began as a way to introduce n00bs to DEF CON. The idea was to help attendees get the best experience out of DEF CON (and also tell them how to survive the weekend!). The DEF CON 101 panel has been a way for people who have participated in making DEF CON what it is today to share those experiences and, hopefully, inspire attendees to expand their horizons. DEF CON offers so much more than just talks and the DEF CON 101 panel is the perfect place to learn about DEF CON so you can get the best experience possible. Come watch us talk about what we love about DEF CON, give you tips and tricks, and maybe even make some new friends!\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#2c8f07","name":"DEF CON Official Talk","id":45589},"title":"DEF CON 101 - Welcome to DEF CON Panel","end_timestamp":{"seconds":1691718300,"nanoseconds":0},"android_description":"DEF CON 101 began as a way to introduce n00bs to DEF CON. The idea was to help attendees get the best experience out of DEF CON (and also tell them how to survive the weekend!). The DEF CON 101 panel has been a way for people who have participated in making DEF CON what it is today to share those experiences and, hopefully, inspire attendees to expand their horizons. DEF CON offers so much more than just talks and the DEF CON 101 panel is the perfect place to learn about DEF CON so you can get the best experience possible. Come watch us talk about what we love about DEF CON, give you tips and tricks, and maybe even make some new friends!","updated_timestamp":{"seconds":1690588380,"nanoseconds":0},"speakers":[{"content_ids":[50593,50677,50679,50680],"conference_id":96,"event_ids":[50780,50790,50799,50852],"name":"Jeff \"The Dark Tangent\" Moss","affiliations":[{"organization":"DEF CON Communications","title":""}],"pronouns":"he/him","links":[{"description":"","title":"Mastodon (@thedarktangent@defcon.social)","sort_order":0,"url":"https://defcon.social/@thedarktangent"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/thedarktangent"}],"media":[{"hash_sha256":"f53ed4086958b3703d597c50fe74eef1800cf474aa3d17c0895bf89d6c05716f","filetype":"image/jpeg","hash_md5":"8104a1f4b82a4241208b7f6b9112ebf2","name":"thedarktangent_avatar.jpeg","hash_crc32c":"4ae7af86","filesize":2064,"asset_id":273,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/DEFCON31%2Fthedarktangent_avatar.jpeg?alt=media","person_id":49741}],"id":49741,"title":"DEF CON Communications"},{"content_ids":[50677],"conference_id":96,"event_ids":[50852],"name":"Nikita Kronenberg","affiliations":[{"organization":"DEF CON Communications","title":"Director of Content & Coordination"}],"links":[],"pronouns":null,"media":[],"id":49742,"title":"Director of Content & Coordination at DEF CON Communications"},{"content_ids":[50677],"conference_id":96,"event_ids":[50852],"name":"deelo","affiliations":[{"organization":"DEF CON Conference","title":"Chief of Staff, SOC"}],"links":[],"pronouns":"she/her","media":[],"id":49975,"title":"Chief of Staff, SOC at DEF CON Conference"},{"content_ids":[50677],"conference_id":96,"event_ids":[50852],"name":"Kirsten Renner","affiliations":[{"organization":"Car Hacking Village","title":"Content Creator & Organizer"},{"organization":"Accenture Federal","title":"Talent Engagement Lead"}],"links":[],"pronouns":"she/her","media":[],"id":50697,"title":"Talent Engagement Lead at Accenture Federal"},{"content_ids":[50677],"conference_id":96,"event_ids":[50852],"name":"Magen","affiliations":[{"organization":"","title":"Urbane Security and CFP/CFW reviewer"}],"links":[],"pronouns":"she/her","media":[],"id":51567,"title":"Urbane Security and CFP/CFW reviewer"},{"content_ids":[50677],"conference_id":96,"event_ids":[50852],"name":"fivepenny","affiliations":[],"links":[],"pronouns":null,"media":[],"id":51621}],"timeband_id":989,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246130"}],"end":"2023-08-11T01:45:00.000-0000","id":50852,"village_id":null,"tag_ids":[45589,45646,45766],"begin_timestamp":{"seconds":1691713800,"nanoseconds":0},"includes":"","people":[{"tag_id":45632,"sort_order":1,"person_id":49741},{"tag_id":45632,"sort_order":1,"person_id":51621},{"tag_id":45632,"sort_order":2,"person_id":50697},{"tag_id":45632,"sort_order":2,"person_id":51567},{"tag_id":45632,"sort_order":2,"person_id":49742},{"tag_id":45632,"sort_order":2,"person_id":49975}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"updated":"2023-07-28T23:53:00.000-0000","begin":"2023-08-11T00:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Thursday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nFriday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSaturday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSunday\r\n12:00 -13:00\n\n\n","title":"Friends of Bill W","type":{"conference_id":96,"conference":"DEFCON31","color":"#d1c366","updated_at":"2024-06-07T03:38+0000","name":"Meetup","id":45639},"android_description":"Thursday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nFriday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSaturday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSunday\r\n12:00 -13:00","end_timestamp":{"seconds":1691715600,"nanoseconds":0},"updated_timestamp":{"seconds":1690131120,"nanoseconds":0},"speakers":[],"timeband_id":989,"links":[],"end":"2023-08-11T01:00:00.000-0000","id":51572,"village_id":null,"tag_ids":[45639,45648,45743],"begin_timestamp":{"seconds":1691712000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Studio 1 - Friends of Bill W","hotel":"","short_name":"Studio 1 - Friends of Bill W","id":45707},"updated":"2023-07-23T16:52:00.000-0000","begin":"2023-08-11T00:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Multi-Party Computation (MPC) has become a common cryptographic technique for protecting hundreds of billions of dollars in cryptocurrency wallets. MPC algorithms are currently powering the wallets of Coinbase, Binance, Zengo, BitGo, Fireblocks and many other fintechs/banks servicing hundreds of millions of consumers and thousands of financial institutions.\r\n\r\nThis presentation examines the most common MPC protocols and implementations and shows that securing MPC remains a challenge for most companies.\r\n\r\nWe show practical key-exfiltration attacks requiring no more than a couple of hundred signatures. Namely, we show three different attacks on different protocols/implementations requiring 256, 16, and *one* signature, respectively.\r\n\r\nREFERENCES: \r\nRosario Gennaro and Steven Goldfeder. \"One Round Threshold ECDSA with Identifiable Abort.\" Cryptology ePrint Archive, Paper 2020/540, 2020.\r\nYehuda Lindell. \"Fast Secure Two-Party ECDSA Signing.\" Journal of Cryptology, vol. 34, no. 4, 2021, pp. 44.\r\nRosario Gennaro and Steven Goldfeder. \"Fast Multiparty Threshold ECDSA with Fast Trustless Setup.\" Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS), 2018, pp. 1179-1194.\n\n\n","title":"Small Leaks, Billions Of Dollars: Practical Cryptographic Exploits That Undermine Leading Crypto Wallets","type":{"conference_id":96,"conference":"DEFCON31","color":"#47c64e","updated_at":"2024-06-07T03:38+0000","name":"DEF CON War Story","id":45844},"end_timestamp":{"seconds":1691711400,"nanoseconds":0},"android_description":"Multi-Party Computation (MPC) has become a common cryptographic technique for protecting hundreds of billions of dollars in cryptocurrency wallets. MPC algorithms are currently powering the wallets of Coinbase, Binance, Zengo, BitGo, Fireblocks and many other fintechs/banks servicing hundreds of millions of consumers and thousands of financial institutions.\r\n\r\nThis presentation examines the most common MPC protocols and implementations and shows that securing MPC remains a challenge for most companies.\r\n\r\nWe show practical key-exfiltration attacks requiring no more than a couple of hundred signatures. Namely, we show three different attacks on different protocols/implementations requiring 256, 16, and *one* signature, respectively.\r\n\r\nREFERENCES: \r\nRosario Gennaro and Steven Goldfeder. \"One Round Threshold ECDSA with Identifiable Abort.\" Cryptology ePrint Archive, Paper 2020/540, 2020.\r\nYehuda Lindell. \"Fast Secure Two-Party ECDSA Signing.\" Journal of Cryptology, vol. 34, no. 4, 2021, pp. 44.\r\nRosario Gennaro and Steven Goldfeder. \"Fast Multiparty Threshold ECDSA with Fast Trustless Setup.\" Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS), 2018, pp. 1179-1194.","updated_timestamp":{"seconds":1688165580,"nanoseconds":0},"speakers":[{"content_ids":[50606],"conference_id":96,"event_ids":[50750],"name":"Nikolaos Makriyannis","affiliations":[{"organization":"Fireblocks","title":"Cryptography Research Lead"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/nik_mak_"}],"media":[],"id":49846,"title":"Cryptography Research Lead at Fireblocks"},{"content_ids":[50606],"conference_id":96,"event_ids":[50750],"name":"Oren Yomtov","affiliations":[{"organization":"Fireblocks","title":"Blockchain Research Lead"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/orenyomtov"}],"pronouns":"he/him","media":[],"id":49847,"title":"Blockchain Research Lead at Fireblocks"}],"timeband_id":989,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245777"}],"end":"2023-08-10T23:50:00.000-0000","id":50750,"begin_timestamp":{"seconds":1691710200,"nanoseconds":0},"tag_ids":[45592,45629,45630,45646,45844],"village_id":null,"includes":"Demo 💻, Tool 🛠, Exploit 🪲","people":[{"tag_id":45590,"sort_order":1,"person_id":49846},{"tag_id":45590,"sort_order":1,"person_id":49847}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"spans_timebands":"N","updated":"2023-06-30T22:53:00.000-0000","begin":"2023-08-10T23:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"We start taking drives at 4:00pm local time on Thursday - possibly a little earlier. We reopen at 10:00am on Friday, Saturday, and Sunday.\r\n\r\nWe'll keep accepting drives until we reach capacity (usually late Friday or early Saturday).  Then we copy and copy all the things until we just can't copy any more - first come, first served.  We run around the clock until we run out of time on Sunday morning with the last possible pickup being before 11:00am on Sunday.\r\n\r\nMost of the drive information can be found [here](https://dcddv.org/dc31-drive-info). If you have questions that have not yet been answered, you can email [info@dcddv.org](mailto:info@dcddv.org), or visit the [DEF CON Forums](https://forum.defcon.org/node/244903).\n\n\n","title":"DDV open and accepting drives for duplication","type":{"conference_id":96,"conference":"DEFCON31","color":"#697bd0","updated_at":"2024-06-07T03:38+0000","name":"Event","id":45638},"end_timestamp":{"seconds":1691719200,"nanoseconds":0},"android_description":"We start taking drives at 4:00pm local time on Thursday - possibly a little earlier. We reopen at 10:00am on Friday, Saturday, and Sunday.\r\n\r\nWe'll keep accepting drives until we reach capacity (usually late Friday or early Saturday).  Then we copy and copy all the things until we just can't copy any more - first come, first served.  We run around the clock until we run out of time on Sunday morning with the last possible pickup being before 11:00am on Sunday.\r\n\r\nMost of the drive information can be found [here](https://dcddv.org/dc31-drive-info). If you have questions that have not yet been answered, you can email [info@dcddv.org](mailto:info@dcddv.org), or visit the [DEF CON Forums](https://forum.defcon.org/node/244903).","updated_timestamp":{"seconds":1691260500,"nanoseconds":0},"speakers":[],"timeband_id":989,"end":"2023-08-11T02:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/244903"},{"label":"Drive Information","type":"link","url":"https://dcddv.org/dc31-drive-info"}],"id":51691,"begin_timestamp":{"seconds":1691708400,"nanoseconds":0},"village_id":null,"tag_ids":[40285,45638,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 231 - Data Dupe Vlg","hotel":"","short_name":"Summit - 231 - Data Dupe Vlg","id":45858},"spans_timebands":"N","begin":"2023-08-10T23:00:00.000-0000","updated":"2023-08-05T18:35:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"A great way to meet other like-minded folk in this safe and inclusive environment. An informal meet-up of the lgbtqia+ community to network and unwind.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d1c366","name":"Meetup","id":45639},"title":"Queercon Mixers","end_timestamp":{"seconds":1691715600,"nanoseconds":0},"android_description":"A great way to meet other like-minded folk in this safe and inclusive environment. An informal meet-up of the lgbtqia+ community to network and unwind.","updated_timestamp":{"seconds":1690137840,"nanoseconds":0},"speakers":[],"timeband_id":989,"end":"2023-08-11T01:00:00.000-0000","links":[{"label":"Twitter (@Queercon)","type":"link","url":"https://twitter.com/@Queercon"},{"label":"Discord","type":"link","url":"https://discord.com/invite/jeG6Bh5"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/244991"}],"id":51565,"begin_timestamp":{"seconds":1691708400,"nanoseconds":0},"village_id":null,"tag_ids":[45639,45646,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 129 - Chillout","hotel":"","short_name":"Forum - 129 - Chillout","id":45890},"spans_timebands":"N","updated":"2023-07-23T18:44:00.000-0000","begin":"2023-08-10T23:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"4G? LTE? 3GPP? A lot of telecommunications terminology gets thrown around, but what does it actually mean? While terms like “5G”, and “packet core” may be in common use, it’s hard to understand what they mean in terms of attack surface, or even as a consumer. Very often even network diagrams will show “Core Network” as a big blob, or stop at the Radio Access Network. It’s hard to have insight into the cellular network. So, I’ll explain generation by generation!\r\n\r\nIn this talk we will walk through each step of cellular evolution, starting at 2G and ending at 5G. The never-ending attack and defend paradigm will be clearly laid out. In order to understand the attack surface, I’ll cover network topology and protocol.\r\nFor each cellular generation, I will explain known vulnerabilities and some interesting attacks. In response to those vulnerabilities, mitigations for the subsequent cellular generation are put in place. But as we all know, new mitigations mean new opportunities for attackers to get creative.\r\n\r\nWhile I will explain most cellular-specific terminology, a familiarity with security concepts will help to better understand this talk. Basic foundations of communications systems, information theory or RF definitely make this talk more enjoyable, but are absolutely not necessary. It’s a dense topic that is highly applicable to those working on anything that touches the cellular network!\r\n\r\nREFERENCES:\r\n\r\n1. LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE, Syed Rafiul Hussain, Omar Chowdhury, Shagufta Mehnaz, Elisa Bertino\r\n2. https://www.cybersecuritydive.com/news/5g-security-breaches/636693/\r\n3. https://networksimulationtools.com/5g-network-attacks-projects\r\n4. https://www.p1sec.com/corp/category/p1-security/\r\n5. A Vulnerability in 5G Authentication Protocols and Its Countermeasure Xinxin HU, Caixia LIU, Shuxin LIU, Jinsong LI, and Xiaotao CHENG\r\n6. New Vulnerabilities in 5G Networks Altaf Shaik* , Ravishankar Borgaonkar\r\n7. ESF Potential Threats to 5G Network Slicing, NSA, CISA\r\n8. https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010203\r\n9. https://www.pentestpartners.com/security-blog/zte-mf910-an-end-of-life-router-running-lots-of-vivacious-hidden-code/ pentestpartners DC27 talk\r\n10. LTE Pwnage: Hacking HLR/HSS and MME Core Network Elements P1 Security https://conference.hitb.org/hitbsecconf2013ams/materials/D1T2%20-%20Philippe%20Langlois%20-%20Hacking%20HLR%20HSS%20and%20MME%20Core%20Network%20Elements.pdf\r\n11. Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information Syed Rafiul Hussain, Mitziu Echeverria, Omar Chowdhury, Ninghui L,, Elisa Bertino\r\n12. https://thehackernews.com/2018/03/4g-lte-network-hacking.html\r\n13. https://www.pentestpartners.com/security-blog/zte-mf910-an-end-of-life-router-running-lots-of-vivacious-hidden-code/\r\n14. A first look on the effects and mitigation of VoIP SPIT flooding in 4G mobile networks. 982-987. 10.1109/ICC.2012.6364233. Bou-Harb, Elias & Debbabi, Mourad & Assi, Chadi. (2012).\r\n15. https://resources.infosecinstitute.com/topic/cheating-voip-security-by-flooding-the-sip/\r\n16. https://www.mpirical.com/ for 5G trainings\r\n17. https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010203\r\n18. https://www.pentestpartners.com/security-blog/zte-mf910-an-end-of-life-router-running-lots-of-vivacious-hidden-code/\r\n19. https://en.wikipedia.org/wiki/Cellular_network\r\n20. https://www.etsi.org/deliver/etsi_ts/123000_123099/123060/10.03.00_60/ts_123060v100300p.pdf Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); General Packet Radio Service (GPRS); Service description;\r\n21. https://www.etsi.org/deliver/etsi_ts/133100_133199/133102/14.01.00_60/ts_133102v140100p.pdf Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); 3G security; Security architecture (3GPP TS 33.102 version 14.1.0 Release 14)\r\n22. https://www.etsi.org/deliver/etsi_ts/133400_133499/133401/15.07.00_60/ts_133401v150700p.pdf Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); LTE; 3GPP System Architecture Evolution (SAE); Security architecture\r\n23. https://www.etsi.org/deliver/etsi_ts/133400_133499/133401/15.07.00_60/ts_133401v150700p.pdf Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); LTE; 3GPP System Architecture Evolution (SAE); Security architecture (3GPP TS 33.401 version 15.7.0 Release 15)\r\n24. https://www.etsi.org/deliver/etsi_ts/124300_124399/124301/17.06.00_60/ts_124301v170600p.pdf Universal Mobile Telecommunications System (UMTS); LTE; 5G; Non-Access-Stratum (NAS) protocol for Evolved Packet System (EPS); Stage 3 (3GPP TS 24.301 version 17.6.0 Release 17)\r\n25. https://www.etsi.org/deliver/etsi_ts/133500_133599/133501/15.04.00_60/ts_133501v150400p.pdf 5G; Security architecture and procedures for 5G System (3GPP TS 33.501 version 15.4.0 Release 15)\r\nPrevious talk: https://www.youtube.com/watch?v=-JX7aC0AXEk&t=7387s\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#47c64e","updated_at":"2024-06-07T03:38+0000","name":"DEF CON War Story","id":45844},"title":"Nuthin But A G Thang: Evolution of Cellular Networks","end_timestamp":{"seconds":1691709300,"nanoseconds":0},"android_description":"4G? LTE? 3GPP? A lot of telecommunications terminology gets thrown around, but what does it actually mean? While terms like “5G”, and “packet core” may be in common use, it’s hard to understand what they mean in terms of attack surface, or even as a consumer. Very often even network diagrams will show “Core Network” as a big blob, or stop at the Radio Access Network. It’s hard to have insight into the cellular network. So, I’ll explain generation by generation!\r\n\r\nIn this talk we will walk through each step of cellular evolution, starting at 2G and ending at 5G. The never-ending attack and defend paradigm will be clearly laid out. In order to understand the attack surface, I’ll cover network topology and protocol.\r\nFor each cellular generation, I will explain known vulnerabilities and some interesting attacks. In response to those vulnerabilities, mitigations for the subsequent cellular generation are put in place. But as we all know, new mitigations mean new opportunities for attackers to get creative.\r\n\r\nWhile I will explain most cellular-specific terminology, a familiarity with security concepts will help to better understand this talk. Basic foundations of communications systems, information theory or RF definitely make this talk more enjoyable, but are absolutely not necessary. It’s a dense topic that is highly applicable to those working on anything that touches the cellular network!\r\n\r\nREFERENCES:\r\n\r\n1. LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE, Syed Rafiul Hussain, Omar Chowdhury, Shagufta Mehnaz, Elisa Bertino\r\n2. https://www.cybersecuritydive.com/news/5g-security-breaches/636693/\r\n3. https://networksimulationtools.com/5g-network-attacks-projects\r\n4. https://www.p1sec.com/corp/category/p1-security/\r\n5. A Vulnerability in 5G Authentication Protocols and Its Countermeasure Xinxin HU, Caixia LIU, Shuxin LIU, Jinsong LI, and Xiaotao CHENG\r\n6. New Vulnerabilities in 5G Networks Altaf Shaik* , Ravishankar Borgaonkar\r\n7. ESF Potential Threats to 5G Network Slicing, NSA, CISA\r\n8. https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010203\r\n9. https://www.pentestpartners.com/security-blog/zte-mf910-an-end-of-life-router-running-lots-of-vivacious-hidden-code/ pentestpartners DC27 talk\r\n10. LTE Pwnage: Hacking HLR/HSS and MME Core Network Elements P1 Security https://conference.hitb.org/hitbsecconf2013ams/materials/D1T2%20-%20Philippe%20Langlois%20-%20Hacking%20HLR%20HSS%20and%20MME%20Core%20Network%20Elements.pdf\r\n11. Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information Syed Rafiul Hussain, Mitziu Echeverria, Omar Chowdhury, Ninghui L,, Elisa Bertino\r\n12. https://thehackernews.com/2018/03/4g-lte-network-hacking.html\r\n13. https://www.pentestpartners.com/security-blog/zte-mf910-an-end-of-life-router-running-lots-of-vivacious-hidden-code/\r\n14. A first look on the effects and mitigation of VoIP SPIT flooding in 4G mobile networks. 982-987. 10.1109/ICC.2012.6364233. Bou-Harb, Elias & Debbabi, Mourad & Assi, Chadi. (2012).\r\n15. https://resources.infosecinstitute.com/topic/cheating-voip-security-by-flooding-the-sip/\r\n16. https://www.mpirical.com/ for 5G trainings\r\n17. https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010203\r\n18. https://www.pentestpartners.com/security-blog/zte-mf910-an-end-of-life-router-running-lots-of-vivacious-hidden-code/\r\n19. https://en.wikipedia.org/wiki/Cellular_network\r\n20. https://www.etsi.org/deliver/etsi_ts/123000_123099/123060/10.03.00_60/ts_123060v100300p.pdf Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); General Packet Radio Service (GPRS); Service description;\r\n21. https://www.etsi.org/deliver/etsi_ts/133100_133199/133102/14.01.00_60/ts_133102v140100p.pdf Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); 3G security; Security architecture (3GPP TS 33.102 version 14.1.0 Release 14)\r\n22. https://www.etsi.org/deliver/etsi_ts/133400_133499/133401/15.07.00_60/ts_133401v150700p.pdf Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); LTE; 3GPP System Architecture Evolution (SAE); Security architecture\r\n23. https://www.etsi.org/deliver/etsi_ts/133400_133499/133401/15.07.00_60/ts_133401v150700p.pdf Digital cellular telecommunications system (Phase 2+) (GSM); Universal Mobile Telecommunications System (UMTS); LTE; 3GPP System Architecture Evolution (SAE); Security architecture (3GPP TS 33.401 version 15.7.0 Release 15)\r\n24. https://www.etsi.org/deliver/etsi_ts/124300_124399/124301/17.06.00_60/ts_124301v170600p.pdf Universal Mobile Telecommunications System (UMTS); LTE; 5G; Non-Access-Stratum (NAS) protocol for Evolved Packet System (EPS); Stage 3 (3GPP TS 24.301 version 17.6.0 Release 17)\r\n25. https://www.etsi.org/deliver/etsi_ts/133500_133599/133501/15.04.00_60/ts_133501v150400p.pdf 5G; Security architecture and procedures for 5G System (3GPP TS 33.501 version 15.4.0 Release 15)\r\nPrevious talk: https://www.youtube.com/watch?v=-JX7aC0AXEk&t=7387s","updated_timestamp":{"seconds":1688180940,"nanoseconds":0},"speakers":[{"content_ids":[50656],"conference_id":96,"event_ids":[50755],"name":"Tracy Mosley","affiliations":[{"organization":"Trenchant","title":""}],"pronouns":"she/her","links":[{"description":"","title":"Mastodon (@hackerpinup@infosec.exchange)","sort_order":0,"url":"https://infosec.exchange/@hackerpinup"},{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@hackerpinup"}],"media":[],"id":49946,"title":"Trenchant"}],"timeband_id":989,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246109"}],"end":"2023-08-10T23:15:00.000-0000","id":50755,"begin_timestamp":{"seconds":1691706600,"nanoseconds":0},"village_id":null,"tag_ids":[45646,45844],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49946}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"updated":"2023-07-01T03:09:00.000-0000","begin":"2023-08-10T22:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"15:00- 21:00 Thursday, Off-site at Sunset Park, Pavilion F, (36.0636, -115.1178)\r\n\r\nThe humans of Vegas invite you to this year’s unofficial welcome party. Join us off-Strip in the shade of Sunset Park for a heat-blasted hangout. Burgers, dogs, and meatless options are provided. Attendees pitch in to make everything else happen. Contribute more food and drinks, staff the grill or join supply runs, and relax under the trees with good conversation with new and old friends. Come be a part of what makes this cookout something to remember year after year.\r\n\r\nGrab flyers from an Info Booth, check out https://www.toxicbbq.org for the history of this event, and watch for #ToxicBBQ for the latest news.\r\n\r\n--\r\n\r\nToxic BBQ is Kid Friendly and Welcoming. In fact, our marketing captain is 16! As with anything DEFCON, caveat parentum \r\n\r\nIf you are ok bringing and minding your kids to a backyard cookout, they’ll be fine here. While we don’t have kid-specific programming or events, it’s at a park.\r\n\r\nWe reserve the right to bribe them with swag to help out, and we may try to feed them Octopus jerky. \n\n\n","title":"Toxic BBQ","type":{"conference_id":96,"conference":"DEFCON31","color":"#697bd0","updated_at":"2024-06-07T03:38+0000","name":"Event","id":45638},"end_timestamp":{"seconds":1691726400,"nanoseconds":0},"android_description":"15:00- 21:00 Thursday, Off-site at Sunset Park, Pavilion F, (36.0636, -115.1178)\r\n\r\nThe humans of Vegas invite you to this year’s unofficial welcome party. Join us off-Strip in the shade of Sunset Park for a heat-blasted hangout. Burgers, dogs, and meatless options are provided. Attendees pitch in to make everything else happen. Contribute more food and drinks, staff the grill or join supply runs, and relax under the trees with good conversation with new and old friends. Come be a part of what makes this cookout something to remember year after year.\r\n\r\nGrab flyers from an Info Booth, check out https://www.toxicbbq.org for the history of this event, and watch for #ToxicBBQ for the latest news.\r\n\r\n--\r\n\r\nToxic BBQ is Kid Friendly and Welcoming. In fact, our marketing captain is 16! As with anything DEFCON, caveat parentum \r\n\r\nIf you are ok bringing and minding your kids to a backyard cookout, they’ll be fine here. While we don’t have kid-specific programming or events, it’s at a park.\r\n\r\nWe reserve the right to bribe them with swag to help out, and we may try to feed them Octopus jerky.","updated_timestamp":{"seconds":1691289420,"nanoseconds":0},"speakers":[],"timeband_id":989,"end":"2023-08-11T04:00:00.000-0000","links":[{"label":"Website","type":"link","url":"https://www.toxicbbq.org"},{"label":"Apple Maps","type":"link","url":"https://maps.apple.com/?address=Sunset%20Park,%20Las%20Vegas,%20NV%20%2089120,%20United%20States&ll=36.063600,-115.117800&q=Sunset%20Park"},{"label":"Google Maps","type":"link","url":"https://goo.gl/maps/ek3VpyurZyYTaMqQ8"}],"id":51421,"begin_timestamp":{"seconds":1691704800,"nanoseconds":0},"tag_ids":[45638,45743,45763],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Other/See Description","hotel":"","short_name":"Other/See Description","id":45750},"begin":"2023-08-10T22:00:00.000-0000","updated":"2023-08-06T02:37:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"RFID implants are basically RFID credentials that can be installed under your skin. When I discovered there was nothing on the market that worked with my employers badging system I decided that I would just have to make my own. This talk will cover the basics of RFID implants, my journey to design my own implant despite having no electronics experience, and some of the future implications of this technology.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#47c64e","updated_at":"2024-06-07T03:38+0000","name":"DEF CON War Story","id":45844},"title":"Designing RFID Implants - How flipping the bird opens doors for me","android_description":"RFID implants are basically RFID credentials that can be installed under your skin. When I discovered there was nothing on the market that worked with my employers badging system I decided that I would just have to make my own. This talk will cover the basics of RFID implants, my journey to design my own implant despite having no electronics experience, and some of the future implications of this technology.","end_timestamp":{"seconds":1691705700,"nanoseconds":0},"updated_timestamp":{"seconds":1688178720,"nanoseconds":0},"speakers":[{"content_ids":[50647],"conference_id":96,"event_ids":[50753],"name":"Miana Ella Windall","affiliations":[{"organization":"","title":"Hacker"}],"pronouns":"she/her","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@NiamhAstra"}],"media":[],"id":49931,"title":"Hacker"}],"timeband_id":989,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246100"},{"label":"Dangerous Things Discord","type":"link","url":"https://disboard.org/server/682798224435970200"},{"label":"Dangerous Things Forum","type":"link","url":"https://forum.dangerousthings.com/"}],"end":"2023-08-10T22:15:00.000-0000","id":50753,"village_id":null,"begin_timestamp":{"seconds":1691703000,"nanoseconds":0},"tag_ids":[45646,45844],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49931}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"begin":"2023-08-10T21:30:00.000-0000","updated":"2023-07-01T02:32:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Come meet with other like minded kids and get ready for a weekend of hacking all the things!\n\n\n","title":"DEF CON Kids Meetup","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d1c366","name":"Meetup","id":45639},"android_description":"Come meet with other like minded kids and get ready for a weekend of hacking all the things!","end_timestamp":{"seconds":1691708400,"nanoseconds":0},"updated_timestamp":{"seconds":1690130520,"nanoseconds":0},"speakers":[],"timeband_id":989,"end":"2023-08-10T23:00:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245858"}],"id":51561,"tag_ids":[45639,45646,45743,45763,45864],"begin_timestamp":{"seconds":1691701200,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 129 - Chillout","hotel":"","short_name":"Forum - 129 - Chillout","id":45890},"spans_timebands":"N","updated":"2023-07-23T16:42:00.000-0000","begin":"2023-08-10T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Red and blue are two sides of the same coin. Offensive and defensive teams deliver the best results when working together; sharing knowledge, ideas, and understanding with each other. And a core part of this information exchange is understanding each respective perspective. This is the overarching theme of the workshop; attackers thinking like defenders, and defenders thinking like attackers.\r\n\r\nBy the end of the workshop, attendees will:\r\n\r\n1. Understand and perform common offensive attacks (supported by the Metasploit Framework) against Windows Domains, including:\r\n\r\n Pass the Hash attacks;\r\n ADCS abuse;\r\n PrintSpoofer exploits;\r\n LSASS exploitation (using Mimikatz);\r\n AD enumeration (using BloodHound);\r\n DACL abuse;\r\n Kerberos golden tickets; and\r\n DLL hijacking.\r\n\r\n\r\n2. Understand the process of detecting attacks against Windows infrastructure, including how to design and implement their own detection rules based on attendees’ previous attacks, using:\r\n\r\n Sigma/Yara rules.\r\n Log ingestion/normalization platforms, and query engines (e.g. ELK).\r\n\r\n\r\n3. Understand and appreciate how the actions and processes of red and blue teams are interlinked, for the greater collective good. Recommended (but not required) prior reading:\r\n\r\nhttps://nooblinux.com/metasploit-tutorial/https://posts.specterops.io/introducing-bloodhound-enterprise-attack-path-management-for-everyone-39cfd8d6eb7c\r\nhttps://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview\r\nhttps://socprime.com/blog/sigma-rules-the-beginners-guide/\r\nhttps://github.com/socprime/SigmaUI\r\nhttps://blog.netwrix.com/2021/11/30/how-to-detect-pass-the-hash-attacks/\r\nhttps://posts.specterops.io/certified-pre-owned-d95910965cd2\r\nhttps://www.elastic.co/guide/en/security/current/suspicious-print-spooler-point-and-print-dll.html\r\n\r\nSkill Level: Beginner to Intermediate\r\n\r\nPrerequisites for students:\r\n- Basic understanding of the Linux and Windows command line\r\n- some basic knowledge of IP networking and routing\r\n- A basic understanding of Active Directory and exposure to the Metasploit Framework/Meterpreter are beneficial, but not required.\r\n\r\nMaterials or Equipment students will need to bring to participate:\r\n- Laptop, 8GB RAM\r\n- OpenVPN Client\r\n- Remote Desktop Protocol (RDP) client\r\n- It is strongly recommended that attendees have local administrative rights to their device.\r\n- An Internet connection is also required; DEF CON’s (authenticated) WiFi network will suffice, however attendees should consider alternative options in favour of resiliency (e.g. tethering/hotspotting cell phones).\n\n\n","title":"Flipping the Coin: Red and Blue Teaming in Windows Environments (Pre-Registration Required)","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#eab14f","name":"DEF CON Workshop","id":45634},"end_timestamp":{"seconds":1691715600,"nanoseconds":0},"android_description":"Red and blue are two sides of the same coin. Offensive and defensive teams deliver the best results when working together; sharing knowledge, ideas, and understanding with each other. And a core part of this information exchange is understanding each respective perspective. This is the overarching theme of the workshop; attackers thinking like defenders, and defenders thinking like attackers.\r\n\r\nBy the end of the workshop, attendees will:\r\n\r\n1. Understand and perform common offensive attacks (supported by the Metasploit Framework) against Windows Domains, including:\r\n\r\n Pass the Hash attacks;\r\n ADCS abuse;\r\n PrintSpoofer exploits;\r\n LSASS exploitation (using Mimikatz);\r\n AD enumeration (using BloodHound);\r\n DACL abuse;\r\n Kerberos golden tickets; and\r\n DLL hijacking.\r\n\r\n\r\n2. Understand the process of detecting attacks against Windows infrastructure, including how to design and implement their own detection rules based on attendees’ previous attacks, using:\r\n\r\n Sigma/Yara rules.\r\n Log ingestion/normalization platforms, and query engines (e.g. ELK).\r\n\r\n\r\n3. Understand and appreciate how the actions and processes of red and blue teams are interlinked, for the greater collective good. Recommended (but not required) prior reading:\r\n\r\nhttps://nooblinux.com/metasploit-tutorial/https://posts.specterops.io/introducing-bloodhound-enterprise-attack-path-management-for-everyone-39cfd8d6eb7c\r\nhttps://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview\r\nhttps://socprime.com/blog/sigma-rules-the-beginners-guide/\r\nhttps://github.com/socprime/SigmaUI\r\nhttps://blog.netwrix.com/2021/11/30/how-to-detect-pass-the-hash-attacks/\r\nhttps://posts.specterops.io/certified-pre-owned-d95910965cd2\r\nhttps://www.elastic.co/guide/en/security/current/suspicious-print-spooler-point-and-print-dll.html\r\n\r\nSkill Level: Beginner to Intermediate\r\n\r\nPrerequisites for students:\r\n- Basic understanding of the Linux and Windows command line\r\n- some basic knowledge of IP networking and routing\r\n- A basic understanding of Active Directory and exposure to the Metasploit Framework/Meterpreter are beneficial, but not required.\r\n\r\nMaterials or Equipment students will need to bring to participate:\r\n- Laptop, 8GB RAM\r\n- OpenVPN Client\r\n- Remote Desktop Protocol (RDP) client\r\n- It is strongly recommended that attendees have local administrative rights to their device.\r\n- An Internet connection is also required; DEF CON’s (authenticated) WiFi network will suffice, however attendees should consider alternative options in favour of resiliency (e.g. tethering/hotspotting cell phones).","updated_timestamp":{"seconds":1688057760,"nanoseconds":0},"speakers":[{"content_ids":[50635],"conference_id":96,"event_ids":[50743],"name":"Angus \"0x10f2c_\" Strom","affiliations":[{"organization":"","title":"Senior Security Engineer"}],"links":[],"pronouns":null,"media":[],"id":49898,"title":"Senior Security Engineer"},{"content_ids":[50635],"conference_id":96,"event_ids":[50743],"name":"Troy Defty","affiliations":[{"organization":"","title":"Security Engineering Manager"}],"links":[],"pronouns":null,"media":[],"id":49899,"title":"Security Engineering Manager"}],"timeband_id":989,"links":[{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/angus-strom-red-and-blue-teaming-in-windows-environments-tickets-668367353747?aff=oddtdtcreator"}],"end":"2023-08-11T01:00:00.000-0000","id":50743,"village_id":null,"tag_ids":[45634,45653,45743,45877],"begin_timestamp":{"seconds":1691701200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49898},{"tag_id":45590,"sort_order":1,"person_id":49899}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"spans_timebands":"N","begin":"2023-08-10T21:00:00.000-0000","updated":"2023-06-29T16:56:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This workshop will teach you how to deploy Rogue APs in your client's environment. Using Rogue APs lets you test your client's Wireless Intrusion Detection System, passwords, wireless phishing education, and overall wireless security. We will discuss Rogue AP Tactics, Techniques, and Procedures, and how and why they work. In this workshop we will walk through setting up an OPEN, CAPTIVE PORTAL, WPA2, and 802.1x Rogue AP. We will also go over OWE and WPA3-SAE transition mode Rogue APs.\r\n\r\nThe primary goal is setting up Rogue APs to harvest credentials. In the workshop, we will walk through a scenario at a client’s site, then set up a Rogue AP to harvest users’ credentials for the various networks at the site. We will go through how to crack the harvested credentials. We will be using EAPHAMMER, HOSTAPD-MANA, WIFIPHISHER, and AIRBASE-NG for the Rogue AP portion, HASHCAT, AIRCRACK-NG, and JOHN for the cracking portion. This workshop is for beginners, but participants should have basic Linux and 802.11 knowledge and be comfortable using virtual machines.\r\n\r\nRecommended reading/viewing:\r\n- https://posts.specterops.io/modern-wireless-attacks-pt-i-basic-rogue-ap-theory-evil-twin-and-karma-attacks-35a8571550ee\r\n- https://sensepost.com/blog/2015/improvements-in-rogue-ap-attacks-mana-1%2F2/\r\n- https://www.youtube.com/watch?v=i2-jReLBSVk\r\n\r\nSkill Level: Beginner\r\n\r\nPrerequisites for students: \r\n- None\r\n\r\nMaterials or Equipment students will need to bring to participate:\r\n- Laptop with 8 GBS RAM\r\n- Virtual Box / VMware Installed\r\n- Wireless card with Access Point Mode and monitor mode. Recommended chip set AWUS036ACM.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#eab14f","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Workshop","id":45634},"title":"Hide your kids, turn off your Wi-Fi, they Rogue APing up in here (Pre-Registration Required)","android_description":"This workshop will teach you how to deploy Rogue APs in your client's environment. Using Rogue APs lets you test your client's Wireless Intrusion Detection System, passwords, wireless phishing education, and overall wireless security. We will discuss Rogue AP Tactics, Techniques, and Procedures, and how and why they work. In this workshop we will walk through setting up an OPEN, CAPTIVE PORTAL, WPA2, and 802.1x Rogue AP. We will also go over OWE and WPA3-SAE transition mode Rogue APs.\r\n\r\nThe primary goal is setting up Rogue APs to harvest credentials. In the workshop, we will walk through a scenario at a client’s site, then set up a Rogue AP to harvest users’ credentials for the various networks at the site. We will go through how to crack the harvested credentials. We will be using EAPHAMMER, HOSTAPD-MANA, WIFIPHISHER, and AIRBASE-NG for the Rogue AP portion, HASHCAT, AIRCRACK-NG, and JOHN for the cracking portion. This workshop is for beginners, but participants should have basic Linux and 802.11 knowledge and be comfortable using virtual machines.\r\n\r\nRecommended reading/viewing:\r\n- https://posts.specterops.io/modern-wireless-attacks-pt-i-basic-rogue-ap-theory-evil-twin-and-karma-attacks-35a8571550ee\r\n- https://sensepost.com/blog/2015/improvements-in-rogue-ap-attacks-mana-1%2F2/\r\n- https://www.youtube.com/watch?v=i2-jReLBSVk\r\n\r\nSkill Level: Beginner\r\n\r\nPrerequisites for students: \r\n- None\r\n\r\nMaterials or Equipment students will need to bring to participate:\r\n- Laptop with 8 GBS RAM\r\n- Virtual Box / VMware Installed\r\n- Wireless card with Access Point Mode and monitor mode. Recommended chip set AWUS036ACM.","end_timestamp":{"seconds":1691715600,"nanoseconds":0},"updated_timestamp":{"seconds":1688055960,"nanoseconds":0},"speakers":[{"content_ids":[50628],"conference_id":96,"event_ids":[50736],"name":"James Hawk","affiliations":[{"organization":"Mandiant","title":"Senior Consultant"}],"links":[],"pronouns":"he/him","media":[],"id":49882,"title":"Senior Consultant at Mandiant"},{"content_ids":[50628],"conference_id":96,"event_ids":[50736],"name":"Lander Beyer","affiliations":[{"organization":"Mandiant","title":"Manager, Proactive Services team"}],"links":[],"pronouns":"he/him","media":[],"id":49883,"title":"Manager, Proactive Services team at Mandiant"},{"content_ids":[50628],"conference_id":96,"event_ids":[50736],"name":"Daniel Costantini","affiliations":[{"organization":"Mandiant","title":"Principal Consultant"}],"links":[],"pronouns":null,"media":[],"id":49884,"title":"Principal Consultant at Mandiant"}],"timeband_id":989,"end":"2023-08-11T01:00:00.000-0000","links":[{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/james-hawk-they-rogue-aping-up-in-here-tickets-668364505227?aff=oddtdtcreator"}],"id":50736,"village_id":null,"begin_timestamp":{"seconds":1691701200,"nanoseconds":0},"tag_ids":[45634,45652,45743,45877],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49884},{"tag_id":45590,"sort_order":1,"person_id":49882},{"tag_id":45590,"sort_order":1,"person_id":49883}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"spans_timebands":"N","begin":"2023-08-10T21:00:00.000-0000","updated":"2023-06-29T16:26:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"You have a theory about something you have found while roaming the network or conducting your own hackfest, but how do you go about proving it? This workshop will be a hands-on journey deep into the world of analysis. While analysis is a bit of an art form, there are methods that can be applied to make it less of a gut feeling and more of a scientific approach to support your hypothesis. From network forensics to log analysis to endpoint forensics and cloud log analysis, we will review numerous quick methods (including some analysis wizardry with R) to gain context over the data you have gathered and apply critical thinking in an attempt to find the answers. Sometimes, the answers weren’t meant to be found, but we’ll also discuss how to make the best of any conclusion that you reach.\r\n\r\nSkill Level: Beginner to Intermediate\r\n\r\nPrerequisites for students: \r\n- A curiosity for security!\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- Will need a laptop with Wireshark and R installed.\n\n\n","title":"Analysis 101 for Incident Responders (Pre-Registration Required)","type":{"conference_id":96,"conference":"DEFCON31","color":"#eab14f","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Workshop","id":45634},"android_description":"You have a theory about something you have found while roaming the network or conducting your own hackfest, but how do you go about proving it? This workshop will be a hands-on journey deep into the world of analysis. While analysis is a bit of an art form, there are methods that can be applied to make it less of a gut feeling and more of a scientific approach to support your hypothesis. From network forensics to log analysis to endpoint forensics and cloud log analysis, we will review numerous quick methods (including some analysis wizardry with R) to gain context over the data you have gathered and apply critical thinking in an attempt to find the answers. Sometimes, the answers weren’t meant to be found, but we’ll also discuss how to make the best of any conclusion that you reach.\r\n\r\nSkill Level: Beginner to Intermediate\r\n\r\nPrerequisites for students: \r\n- A curiosity for security!\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- Will need a laptop with Wireshark and R installed.","end_timestamp":{"seconds":1691715600,"nanoseconds":0},"updated_timestamp":{"seconds":1688055780,"nanoseconds":0},"speakers":[{"content_ids":[50627],"conference_id":96,"event_ids":[50735],"name":"Kristy Westphal","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49881}],"timeband_id":989,"end":"2023-08-11T01:00:00.000-0000","links":[{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/kristy-westphal-analysis-101-for-incident-responders-tickets-668363111057?aff=oddtdtcreator"}],"id":50735,"tag_ids":[45634,45653,45743,45877],"village_id":null,"begin_timestamp":{"seconds":1691701200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49881}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"spans_timebands":"N","updated":"2023-06-29T16:23:00.000-0000","begin":"2023-08-10T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Does anyone know how old Nmap is? If you guessed 20 years old, you’d be wrong! It’s been around since 1997 when it was first released in Phrack magazine. Since the beginning, it's been through multiple iterations and an entire community has developed around it. One of the most important additions to Nmap was the ability to add custom scripts. Changing Nmap from a simple port scanner to the swiss army knife of network scanners. Oftentimes, when zero days pop up, someone will write an nmap script to identify vulnerable servers within minutes. If you’ve ever wondered how people write Nmap scripts, what it would take to write your own and how you can use them, this workshop is for you.\r\n\r\nAttendees in this workshop will learn how to understand and update the Nmap probe file, how to write Lua scripts (which Nmap scripting uses), how to write Nmap scripts to supplement the probe file, interact with custom services and ultimately write multiple Nmap scripts to do fun stuff with ports. Once attendees have a firm grasp of the Nmap scripting engine they will be introduced to writing Nmap libraries for use by their various scripts. This workshop contains many instructor lead labs so that attendees can see their code in action. To make this workshop worthwhile, a custom service running on a port has been created which the labs will allow you to probe and identify as the course goes on.\r\n\r\nNmap is the workhorse behind the scenes for so many pentesters, but the resources for writing scripts are limited. The hope is that by offering this workshop, more people will be able to write Nmap scripts for the betterment of all hackingkind.\r\n\r\nSkill Level: Beginner\r\n\r\nPrerequisites for students: \r\n- Some basic understanding of how to write code (python, C, Lua, etc), how to use the Linux command line.\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- A laptop capable of running a linux VM\n\n\n","title":"These Port Scans are Trash: Improving Nmap by Writing New Scripts and Libraries (Pre-Registration Required)","type":{"conference_id":96,"conference":"DEFCON31","color":"#eab14f","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Workshop","id":45634},"end_timestamp":{"seconds":1691715600,"nanoseconds":0},"android_description":"Does anyone know how old Nmap is? If you guessed 20 years old, you’d be wrong! It’s been around since 1997 when it was first released in Phrack magazine. Since the beginning, it's been through multiple iterations and an entire community has developed around it. One of the most important additions to Nmap was the ability to add custom scripts. Changing Nmap from a simple port scanner to the swiss army knife of network scanners. Oftentimes, when zero days pop up, someone will write an nmap script to identify vulnerable servers within minutes. If you’ve ever wondered how people write Nmap scripts, what it would take to write your own and how you can use them, this workshop is for you.\r\n\r\nAttendees in this workshop will learn how to understand and update the Nmap probe file, how to write Lua scripts (which Nmap scripting uses), how to write Nmap scripts to supplement the probe file, interact with custom services and ultimately write multiple Nmap scripts to do fun stuff with ports. Once attendees have a firm grasp of the Nmap scripting engine they will be introduced to writing Nmap libraries for use by their various scripts. This workshop contains many instructor lead labs so that attendees can see their code in action. To make this workshop worthwhile, a custom service running on a port has been created which the labs will allow you to probe and identify as the course goes on.\r\n\r\nNmap is the workhorse behind the scenes for so many pentesters, but the resources for writing scripts are limited. The hope is that by offering this workshop, more people will be able to write Nmap scripts for the betterment of all hackingkind.\r\n\r\nSkill Level: Beginner\r\n\r\nPrerequisites for students: \r\n- Some basic understanding of how to write code (python, C, Lua, etc), how to use the Linux command line.\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- A laptop capable of running a linux VM","updated_timestamp":{"seconds":1688055120,"nanoseconds":0},"speakers":[{"content_ids":[50625],"conference_id":96,"event_ids":[50733],"name":"Philip Young \"Soldier of FORTRAN\"","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49876}],"timeband_id":989,"end":"2023-08-11T01:00:00.000-0000","links":[{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/phil-young-improving-nmap-by-writing-new-scripts-and-libraries-tickets-668361767037?aff=oddtdtcreator"}],"id":50733,"village_id":null,"tag_ids":[45634,45652,45743,45877],"begin_timestamp":{"seconds":1691701200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49876}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"begin":"2023-08-10T21:00:00.000-0000","updated":"2023-06-29T16:12:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"DotNet based malware originally started out as a novelty, but has shown it is here to stay. With DotNet malware being used by APT actors and script kiddies, and anything in-between, it is safe to say that one will encounter it sooner rather than later. This four-hour workshop primarily focuses on the analyst mindset and fundamental knowledge, including topics such as loaders, unpacking, obfuscation, DotNet internals, and (un)managed hooks. In short, one will learn how to analyse DotNet malware, and write automatic unpackers. As such, this class is perfect for aspiring and beginning analysts, while also providing background information and additional techniques for intermediate analysts.\r\n\r\nThe workshop’s materials will partially consist of actual malware samples, the precautions for which will be explained in-detail during the workshop, ensuring the safety and integrity of the systems of the attendees. A laptop with a preinstalled VM based Windows 10 trial, along with the community edition of Visual Studio (2019 or later) and the DotNet Framework runtime for version 3.5 and later. Other tools, such as dnSpyEx, de4dot, and DotDumper, can be downloaded during the workshop, as these are insignificant in size.\r\n\r\nKnowing how to read VB.NET/C# is a prerequisite. Being able to write in C# is preferred, but the workshop can be followed without being able to, although a part of the exercises cannot be completed without it.\r\n\r\nQuestions about the workshop can be asked via my open Twitter DMs: @Libranalysis (https://twitter.com/Libranalysis)\r\n\r\nSkill Level: Beginner to Intermediate\r\n\r\nPrerequisites for students:\r\n\r\n- Have sufficient disk space and RAM to run one Windows 10 VM, along with a few gigabyte additional extra space\r\n- Be able to understand VB.NET/C# and preferably (though not mandatory) be able to write in either of those languages\r\n- Be able to run a Windows 10 VM\r\n- Have a Windows 10 VM preinstalled in a virtual environment of choice (i.e., VirtualBox, VMWare)\r\n- Have Visual Studio (2019 or later) installed, along with the DotNet Framework 3.5 and higher\r\n- Analysis tools will be provided (i.e. open-source tools such as dnSpyEx) as their file size is minimal\r\n- Malware samples and exercises will be provided on-location\r\n\r\nMaterials or Equipment students will need to bring to participate: A laptop capable of running one Windows 10 VM, with the above-mentioned prog2rams installed, and sufficient free disk space\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#eab14f","name":"DEF CON Workshop","id":45634},"title":"DotNet Malware Analysis Masterclass (Pre-Registration Required)","android_description":"DotNet based malware originally started out as a novelty, but has shown it is here to stay. With DotNet malware being used by APT actors and script kiddies, and anything in-between, it is safe to say that one will encounter it sooner rather than later. This four-hour workshop primarily focuses on the analyst mindset and fundamental knowledge, including topics such as loaders, unpacking, obfuscation, DotNet internals, and (un)managed hooks. In short, one will learn how to analyse DotNet malware, and write automatic unpackers. As such, this class is perfect for aspiring and beginning analysts, while also providing background information and additional techniques for intermediate analysts.\r\n\r\nThe workshop’s materials will partially consist of actual malware samples, the precautions for which will be explained in-detail during the workshop, ensuring the safety and integrity of the systems of the attendees. A laptop with a preinstalled VM based Windows 10 trial, along with the community edition of Visual Studio (2019 or later) and the DotNet Framework runtime for version 3.5 and later. Other tools, such as dnSpyEx, de4dot, and DotDumper, can be downloaded during the workshop, as these are insignificant in size.\r\n\r\nKnowing how to read VB.NET/C# is a prerequisite. Being able to write in C# is preferred, but the workshop can be followed without being able to, although a part of the exercises cannot be completed without it.\r\n\r\nQuestions about the workshop can be asked via my open Twitter DMs: @Libranalysis (https://twitter.com/Libranalysis)\r\n\r\nSkill Level: Beginner to Intermediate\r\n\r\nPrerequisites for students:\r\n\r\n- Have sufficient disk space and RAM to run one Windows 10 VM, along with a few gigabyte additional extra space\r\n- Be able to understand VB.NET/C# and preferably (though not mandatory) be able to write in either of those languages\r\n- Be able to run a Windows 10 VM\r\n- Have a Windows 10 VM preinstalled in a virtual environment of choice (i.e., VirtualBox, VMWare)\r\n- Have Visual Studio (2019 or later) installed, along with the DotNet Framework 3.5 and higher\r\n- Analysis tools will be provided (i.e. open-source tools such as dnSpyEx) as their file size is minimal\r\n- Malware samples and exercises will be provided on-location\r\n\r\nMaterials or Equipment students will need to bring to participate: A laptop capable of running one Windows 10 VM, with the above-mentioned prog2rams installed, and sufficient free disk space","end_timestamp":{"seconds":1691715600,"nanoseconds":0},"updated_timestamp":{"seconds":1688052600,"nanoseconds":0},"speakers":[{"content_ids":[50650,50610],"conference_id":96,"event_ids":[50718,50845],"name":"Max 'Libra' Kersten","affiliations":[{"organization":"Trellix","title":"Malware Analyst"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/Libranalysis"},{"description":"","title":"Website","sort_order":0,"url":"https://maxkersten.nl"}],"media":[],"id":49936,"title":"Malware Analyst at Trellix"}],"timeband_id":989,"links":[{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/max-kersten-dotnet-malware-analysis-masterclass-tickets-668365999697?aff=oddtdtcreator"}],"end":"2023-08-11T01:00:00.000-0000","id":50718,"tag_ids":[45634,45653,45743,45877],"village_id":null,"begin_timestamp":{"seconds":1691701200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49936}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"spans_timebands":"N","updated":"2023-06-29T15:30:00.000-0000","begin":"2023-08-10T21:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Post 9/11, the phrase “If you see something, say something” became ubiquitous. If you saw something of concern, better to report something that was nothing than let something bad happen. Problem is, no one let the authorities know that they should apply this to the online realm too. Threats of arrest and criminal investigations have the opposite effect and chill anyone from wanting to report security vulnerabilities that affect everyone.\r\n\r\nLack of clear reporting paths, misunderstandings, jurisdiction issues, superseding laws, and good old fashioned egos can make trying to do the right thing turn into a nightmare that can cost livelihoods, reputation, criminal charges and even worse, particularly when government systems are involved.\r\n\r\nThis talk will cover the presenters personal experiences with poorly written or a lack of vulnerability disclosure policies with their governments and what it cost them in trying to make things better. The presentation will then move to a discussion about what should be done and what is being done to make sure that reporting a vulnerability doesn’t cost you everything. Anyone who is responsible for writing such disclosure policies or legislation will benefit, but so will any hackers that want to make it safer to report issues they find by advocating for changes. \r\n\r\nREFERENCES:\r\n- No references cited formally. Law excerpts will be noted in slides where relevant.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#47c64e","name":"DEF CON War Story","id":45844},"title":"Damned if you do - The risks of pointing out the emperor is buck naked","android_description":"Post 9/11, the phrase “If you see something, say something” became ubiquitous. If you saw something of concern, better to report something that was nothing than let something bad happen. Problem is, no one let the authorities know that they should apply this to the online realm too. Threats of arrest and criminal investigations have the opposite effect and chill anyone from wanting to report security vulnerabilities that affect everyone.\r\n\r\nLack of clear reporting paths, misunderstandings, jurisdiction issues, superseding laws, and good old fashioned egos can make trying to do the right thing turn into a nightmare that can cost livelihoods, reputation, criminal charges and even worse, particularly when government systems are involved.\r\n\r\nThis talk will cover the presenters personal experiences with poorly written or a lack of vulnerability disclosure policies with their governments and what it cost them in trying to make things better. The presentation will then move to a discussion about what should be done and what is being done to make sure that reporting a vulnerability doesn’t cost you everything. Anyone who is responsible for writing such disclosure policies or legislation will benefit, but so will any hackers that want to make it safer to report issues they find by advocating for changes. \r\n\r\nREFERENCES:\r\n- No references cited formally. Law excerpts will be noted in slides where relevant.","end_timestamp":{"seconds":1691702100,"nanoseconds":0},"updated_timestamp":{"seconds":1688178120,"nanoseconds":0},"speakers":[{"content_ids":[50646],"conference_id":96,"event_ids":[50752],"name":"RenderMan","affiliations":[{"organization":"","title":"His Holiness, Pope of the Church of Wifi"}],"links":[{"description":"","title":"@IhackedWhat","sort_order":0,"url":"https://twitter.com/@IhackedWhat"},{"description":"","title":"@Internetofdongs","sort_order":0,"url":"https://twitter.com/@Internetofdongs"},{"description":"","title":"@churchofwifi","sort_order":0,"url":"https://twitter.com/@churchofwifi"},{"description":"","title":"internetofdon.gs","sort_order":0,"url":"https://internetofdon.gs"},{"description":"","title":"renderlab.net","sort_order":0,"url":"https://renderlab.net"}],"pronouns":"he/him","media":[],"id":49929,"title":"His Holiness, Pope of the Church of Wifi"},{"content_ids":[50646],"conference_id":96,"event_ids":[50752],"name":"Thomas Dang","affiliations":[{"organization":"Yukon Territorial Government","title":"Cybersecurity Architect"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@thomasdangab"},{"description":"","title":"Website","sort_order":0,"url":"https://thomasdang.ca"}],"media":[],"id":49930,"title":"Cybersecurity Architect at Yukon Territorial Government"}],"timeband_id":989,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246099"}],"end":"2023-08-10T21:15:00.000-0000","id":50752,"village_id":null,"begin_timestamp":{"seconds":1691699400,"nanoseconds":0},"tag_ids":[45646,45844],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49929},{"tag_id":45590,"sort_order":1,"person_id":49930}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"updated":"2023-07-01T02:22:00.000-0000","begin":"2023-08-10T20:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The year is 2023 and we’re still finding very basic vulnerabilities in enterprise software.\r\n\r\nIn this presentation, we detail how the hacker mindset can be applied to seemingly daunting tasks to make them more approachable. We will show how we approached our first Pwn2Own contest and how we discovered a command injection RCE vulnerability affecting nearly every Lexmark printer. We’ll take a look at why we think it went unnoticed in previous research and why current open-source static analysis tools miss this simple bug.\r\n\r\nFinally we’ll release the exploit POC and an additional POC to dump credentials during engagements.\r\n\r\nREFERENCES:\r\n1. https://research.nccgroup.com/2022/02/17/bypassing-software-update-package-encryption-extracting-the-lexmark-mc3224i-printer-firmware-part-1/\r\n2. https://publications.lexmark.com/publications/security-alerts/CVE-2023-26068.pdf\r\n3. https://www.zerodayinitiative.com/advisories/upcoming/ (ZDI-CAN-19470)\n\n\n","title":"New Isn’t Always Novel: Grep’ing Your Way to $20K at Pwn2Own, and How You Can Too","type":{"conference_id":96,"conference":"DEFCON31","color":"#47c64e","updated_at":"2024-06-07T03:38+0000","name":"DEF CON War Story","id":45844},"android_description":"The year is 2023 and we’re still finding very basic vulnerabilities in enterprise software.\r\n\r\nIn this presentation, we detail how the hacker mindset can be applied to seemingly daunting tasks to make them more approachable. We will show how we approached our first Pwn2Own contest and how we discovered a command injection RCE vulnerability affecting nearly every Lexmark printer. We’ll take a look at why we think it went unnoticed in previous research and why current open-source static analysis tools miss this simple bug.\r\n\r\nFinally we’ll release the exploit POC and an additional POC to dump credentials during engagements.\r\n\r\nREFERENCES:\r\n1. https://research.nccgroup.com/2022/02/17/bypassing-software-update-package-encryption-extracting-the-lexmark-mc3224i-printer-firmware-part-1/\r\n2. https://publications.lexmark.com/publications/security-alerts/CVE-2023-26068.pdf\r\n3. https://www.zerodayinitiative.com/advisories/upcoming/ (ZDI-CAN-19470)","end_timestamp":{"seconds":1691698500,"nanoseconds":0},"updated_timestamp":{"seconds":1688180760,"nanoseconds":0},"speakers":[{"content_ids":[50655],"conference_id":96,"event_ids":[50754],"name":"James Horseman","affiliations":[{"organization":"Horizon3.ai","title":"Vulnerability Researcher"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/JamesHorseman2"}],"media":[],"id":49944,"title":"Vulnerability Researcher at Horizon3.ai"},{"content_ids":[50655],"conference_id":96,"event_ids":[50754],"name":"Zach Hanley","affiliations":[{"organization":"Horizon3.ai","title":"Vulnerability Researcher"}],"pronouns":"he/him","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/hacks_zach"}],"media":[],"id":49945,"title":"Vulnerability Researcher at Horizon3.ai"}],"timeband_id":989,"end":"2023-08-10T20:15:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246108"}],"id":50754,"tag_ids":[45629,45630,45646,45844],"village_id":null,"begin_timestamp":{"seconds":1691695800,"nanoseconds":0},"includes":"Exploit 🪲, Tool 🛠","people":[{"tag_id":45590,"sort_order":1,"person_id":49944},{"tag_id":45590,"sort_order":1,"person_id":49945}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"updated":"2023-07-01T03:06:00.000-0000","begin":"2023-08-10T19:30:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Thursday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nFriday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSaturday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSunday\r\n12:00 -13:00\n\n\n","title":"Friends of Bill W","type":{"conference_id":96,"conference":"DEFCON31","color":"#d1c366","updated_at":"2024-06-07T03:38+0000","name":"Meetup","id":45639},"end_timestamp":{"seconds":1691697600,"nanoseconds":0},"android_description":"Thursday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nFriday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSaturday\r\n12:00-13:00\r\n17:00-18:00\r\n\r\nSunday\r\n12:00 -13:00","updated_timestamp":{"seconds":1690131120,"nanoseconds":0},"speakers":[],"timeband_id":989,"links":[],"end":"2023-08-10T20:00:00.000-0000","id":51571,"begin_timestamp":{"seconds":1691694000,"nanoseconds":0},"village_id":null,"tag_ids":[45639,45648,45743],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45668,"name":"Harrah's - Studio 1 - Friends of Bill W","hotel":"","short_name":"Studio 1 - Friends of Bill W","id":45707},"begin":"2023-08-10T19:00:00.000-0000","updated":"2023-07-23T16:52:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"This talk will explore the ongoing efforts of the CicadaSolvers community to solve Cicada3301’s Liber Primus, a book of elder futhark runes and codes that has challenged cryptographers and puzzle-solvers since 2014. Using our experiences as leaders within the community, we will delve into the cultural significance of the puzzle and discuss the various strategies and techniques employed by members to crack its code, and the story of their struggle to maintain motivation through 9 years of solving one of the most difficult puzzles ever released. Attendees will gain insights into the future of collaborative puzzle-solving and the challenges that the Liber Primus presents for the future of cryptography. This presentation is suitable for anyone interested in cryptography, puzzle-solving, internet mysteries, and the persistence of collaborative communities. No prior technical knowledge or tools are required.\r\n\r\nREFERENCES:\r\n- CicadaSolvers Discord server: https://discord.gg/cicadasolvers-572330844056715284\r\n- CicadaSolvers Wiki: https://uncovering-cicada.fandom.com/wiki/Uncovering_Cicada_Wiki\r\n- Previous DEF CON talk from CicadaSolvers member Nox Populi: https://www.youtube.com/watch?v=sVU4k2gRe_Y\r\n- Article written as a result of our TOR search in 2016: https://arstechnica.com/information-technology/2016/07/malicious-computers-caught-snooping-on-tor-anonymized-dark-web-sites/\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#47c64e","name":"DEF CON War Story","id":45844},"title":"Cracking Cicada 3301: The Future of Collaborative Puzzle-Solving","end_timestamp":{"seconds":1691694900,"nanoseconds":0},"android_description":"This talk will explore the ongoing efforts of the CicadaSolvers community to solve Cicada3301’s Liber Primus, a book of elder futhark runes and codes that has challenged cryptographers and puzzle-solvers since 2014. Using our experiences as leaders within the community, we will delve into the cultural significance of the puzzle and discuss the various strategies and techniques employed by members to crack its code, and the story of their struggle to maintain motivation through 9 years of solving one of the most difficult puzzles ever released. Attendees will gain insights into the future of collaborative puzzle-solving and the challenges that the Liber Primus presents for the future of cryptography. This presentation is suitable for anyone interested in cryptography, puzzle-solving, internet mysteries, and the persistence of collaborative communities. No prior technical knowledge or tools are required.\r\n\r\nREFERENCES:\r\n- CicadaSolvers Discord server: https://discord.gg/cicadasolvers-572330844056715284\r\n- CicadaSolvers Wiki: https://uncovering-cicada.fandom.com/wiki/Uncovering_Cicada_Wiki\r\n- Previous DEF CON talk from CicadaSolvers member Nox Populi: https://www.youtube.com/watch?v=sVU4k2gRe_Y\r\n- Article written as a result of our TOR search in 2016: https://arstechnica.com/information-technology/2016/07/malicious-computers-caught-snooping-on-tor-anonymized-dark-web-sites/","updated_timestamp":{"seconds":1688176980,"nanoseconds":0},"speakers":[{"content_ids":[50644,52028],"conference_id":96,"event_ids":[50751,52244],"name":"Taiiwo","affiliations":[],"links":[],"pronouns":"he/him","media":[],"id":49919},{"content_ids":[50644,52028],"conference_id":96,"event_ids":[50751,52244],"name":"Artorias","affiliations":[],"links":[],"pronouns":"he/him","media":[],"id":49920},{"content_ids":[50644,52028],"conference_id":96,"event_ids":[50751,52244],"name":"Puck","affiliations":[],"links":[],"pronouns":"he/him","media":[],"id":49921},{"content_ids":[50644,52028],"conference_id":96,"event_ids":[50751,52244],"name":"TheClockworkBird","affiliations":[],"links":[],"pronouns":"he/him","media":[],"id":49922}],"timeband_id":989,"end":"2023-08-10T19:15:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246097"},{"label":"Reddit","type":"link","url":"https://old.reddit.com/r/cicada"},{"label":"Discord - cicadasolvers","type":"link","url":"https://discord.gg/cicadasolvers-572330844056715284"},{"label":"Twitter","type":"link","url":"https://twitter.com/Cicada_Solvers"}],"id":50751,"village_id":null,"begin_timestamp":{"seconds":1691692200,"nanoseconds":0},"tag_ids":[45646,45844],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49920},{"tag_id":45590,"sort_order":1,"person_id":49921},{"tag_id":45590,"sort_order":1,"person_id":49919},{"tag_id":45590,"sort_order":1,"person_id":49922}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"spans_timebands":"N","begin":"2023-08-10T18:30:00.000-0000","updated":"2023-07-01T02:03:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Heads up DEFCON! The future of hacking, cybersecurity, and human rights are at risk as the United Nations negotiates a draft UN cybercrime treaty that has the potential to substantively reshape anti-hacking law around the world. The proposed Treaty could change the game for security researchers and coders like you. With Russia and China playing an initial role in pushing for this treaty, the future for security researchers’s rights could be at risk.\r\n\r\nJoin us as we deep dive into the murky waters of these negotiations, exploring its risks for security and human rights, including the universal criminalization of network and device intrusion without any protections for legitimate security research. The lack of legal shield for security researchers could hinder bug bounties, responsible vulnerability disclosure, and pentesting. We'll discuss the geopolitical complexities, and the vital role you can play.\r\n\r\nEFF has been on the front lines in Vienna, attending the negotiations and representing the interests of our members since the start, and we need your help. Your insights and experiences are crucial. Together we will review the text, identify new challenges that you may face so we can better understand the community concerns. Let’s champion together a future where security research and human rights can thrive!\r\n\r\nREFERENCES:\r\n\r\nhttps://www.washingtonpost.com/politics/2023/04/28/perilous-path-new-cybercrime-treaty/\r\n\r\n1. https://www.eff.org/issues/un-cybercrime-treaty\r\n2. https://www.eff.org/pages/submissions\r\n3. https://www.unodc.org/unodc/en/cybercrime/ad_hoc_committee/home\r\n4. https://www.unodc.org/documents/Cybercrime/AdHocCommittee/5th_session/Documents/CND_2_-_21.04.2023.pdf\r\n5. https://www.unodc.org/unodc/en/cybercrime/ad_hoc_committee/ahc_fifth_session/main\r\n6. https://www.unodc.org/documents/Cybercrime/AdHocCommittee/4th_Session/Documents/CND_21.01.2023_-_Copy.pdf\r\n7. https://www.unodc.org/unodc/en/cybercrime/ad_hoc_committee/home\r\n8. https://www.euractiv.com/section/law-enforcement/news/west-clashes-with-china-russia-over-un-cybercrime-convention/\r\n9. https://mediatalks.uol.com.br/2023/04/12/como-tratado-da-onu-sobre-crime-cibernetico-pode-ameacar-liberdade-de-expressao/\r\n10. https://www.washingtonpost.com/politics/2023/04/28/perilous-path-new-cybercrime-treaty/\")\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#47c64e","name":"DEF CON War Story","id":45844},"title":"UNConventional Cybercrime: How a Bad Anti-Hacking Treaty is Becoming a Law","end_timestamp":{"seconds":1691691600,"nanoseconds":0},"android_description":"Heads up DEFCON! The future of hacking, cybersecurity, and human rights are at risk as the United Nations negotiates a draft UN cybercrime treaty that has the potential to substantively reshape anti-hacking law around the world. The proposed Treaty could change the game for security researchers and coders like you. With Russia and China playing an initial role in pushing for this treaty, the future for security researchers’s rights could be at risk.\r\n\r\nJoin us as we deep dive into the murky waters of these negotiations, exploring its risks for security and human rights, including the universal criminalization of network and device intrusion without any protections for legitimate security research. The lack of legal shield for security researchers could hinder bug bounties, responsible vulnerability disclosure, and pentesting. We'll discuss the geopolitical complexities, and the vital role you can play.\r\n\r\nEFF has been on the front lines in Vienna, attending the negotiations and representing the interests of our members since the start, and we need your help. Your insights and experiences are crucial. Together we will review the text, identify new challenges that you may face so we can better understand the community concerns. Let’s champion together a future where security research and human rights can thrive!\r\n\r\nREFERENCES:\r\n\r\nhttps://www.washingtonpost.com/politics/2023/04/28/perilous-path-new-cybercrime-treaty/\r\n\r\n1. https://www.eff.org/issues/un-cybercrime-treaty\r\n2. https://www.eff.org/pages/submissions\r\n3. https://www.unodc.org/unodc/en/cybercrime/ad_hoc_committee/home\r\n4. https://www.unodc.org/documents/Cybercrime/AdHocCommittee/5th_session/Documents/CND_2_-_21.04.2023.pdf\r\n5. https://www.unodc.org/unodc/en/cybercrime/ad_hoc_committee/ahc_fifth_session/main\r\n6. https://www.unodc.org/documents/Cybercrime/AdHocCommittee/4th_Session/Documents/CND_21.01.2023_-_Copy.pdf\r\n7. https://www.unodc.org/unodc/en/cybercrime/ad_hoc_committee/home\r\n8. https://www.euractiv.com/section/law-enforcement/news/west-clashes-with-china-russia-over-un-cybercrime-convention/\r\n9. https://mediatalks.uol.com.br/2023/04/12/como-tratado-da-onu-sobre-crime-cibernetico-pode-ameacar-liberdade-de-expressao/\r\n10. https://www.washingtonpost.com/politics/2023/04/28/perilous-path-new-cybercrime-treaty/\")","updated_timestamp":{"seconds":1688183760,"nanoseconds":0},"speakers":[{"content_ids":[50675],"conference_id":96,"event_ids":[50756],"name":"Katitza Rodriguez","affiliations":[{"organization":"Electronic Frontier Foundation","title":"Policy Director for Global Privacy"}],"pronouns":"she/her","links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@txitua"}],"media":[],"id":49972,"title":"Policy Director for Global Privacy at Electronic Frontier Foundation"},{"content_ids":[50675],"conference_id":96,"event_ids":[50756],"name":"Bill Budington","affiliations":[{"organization":"Electronic Frontier Foundation","title":"Senior Staff Technologist"}],"links":[{"description":"","title":"","sort_order":0,"url":"https://mastodon.social/@legind"}],"pronouns":"they/them","media":[],"id":49973,"title":"Senior Staff Technologist at Electronic Frontier Foundation"}],"timeband_id":989,"end":"2023-08-10T18:20:00.000-0000","links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/246128"}],"id":50756,"begin_timestamp":{"seconds":1691690400,"nanoseconds":0},"village_id":null,"tag_ids":[45646,45844],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49973},{"tag_id":45590,"sort_order":1,"person_id":49972}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"spans_timebands":"N","begin":"2023-08-10T18:00:00.000-0000","updated":"2023-07-01T03:56:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"CMD+CTRL Cyber Range is an interactive learning and hacking platform where development, security, IT, and other roles come together to build an appreciation for protecting the enterprise. Players learn security techniques in a real-world environment where they compete to find vulnerabilities. Real-time scoring keeps participants engaged and creates friendly competition. Our Cloud and App Cyber Ranges incorporate authentic, fully functioning applications and vulnerabilities often found in commercial web platforms.\r\n\r\nLearn to see web applications and services from an attacker's perspective. CMD+CTRL is a hacking game designed to teach the fundamentals of web application security. Explore vulnerable web applications, discover security flaws, and exploit those flaws to earn points and climb up the scoreboard. After attacking an application for yourself, you'll have a better understanding of the vulnerabilities that put real applications at risk - and you'll be better prepared to find and fix those vulnerabilities in your own code.\r\n\r\nAt DEF CON 31: We will be debuting our latest Cyber Range, which focuses on exploiting a modern health record management system, dubbed ShadowHealth. Inspired by the latest trends and real world exploits, try your hands exploiting: SSRF, Log4Shell, reverse engineering, local privilege escalation, password cracking, XXS, and so much more! With over 35 challenges do you think you can complete them all?\r\n\r\n-----\r\n\r\nCMD+CTRL will have two different games happening: free play, and the competition. Both require a code to join, and the best way to get a code is to go to the CMD+CTRL booth in the contest area. Codes to join free play will be given in Discord, on Thursday. Once you have a code, you can play online, from anywhere -- you do not have to be in the contest area.\r\n\r\nFor free play specifically:\r\n\r\nWe will utilize our contest channel on Discord: [ce-cmd-ctrl-cyberrange-text](https://discord.com/channels/708208267699945503/711643642388807800)\r\nCMD+CTRL Cyber Range Free Play, Thur 10:00 AM PT - Sun 12:00 PM PT\r\n\r\nWe will broadcast sign up instructions within this channel once Free Play beings.\r\n\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#697bd0","name":"Event","id":45638},"title":"CMD+CTRL at DEF CON 31 - Free Play","end_timestamp":{"seconds":1691953200,"nanoseconds":0},"android_description":"CMD+CTRL Cyber Range is an interactive learning and hacking platform where development, security, IT, and other roles come together to build an appreciation for protecting the enterprise. Players learn security techniques in a real-world environment where they compete to find vulnerabilities. Real-time scoring keeps participants engaged and creates friendly competition. Our Cloud and App Cyber Ranges incorporate authentic, fully functioning applications and vulnerabilities often found in commercial web platforms.\r\n\r\nLearn to see web applications and services from an attacker's perspective. CMD+CTRL is a hacking game designed to teach the fundamentals of web application security. Explore vulnerable web applications, discover security flaws, and exploit those flaws to earn points and climb up the scoreboard. After attacking an application for yourself, you'll have a better understanding of the vulnerabilities that put real applications at risk - and you'll be better prepared to find and fix those vulnerabilities in your own code.\r\n\r\nAt DEF CON 31: We will be debuting our latest Cyber Range, which focuses on exploiting a modern health record management system, dubbed ShadowHealth. Inspired by the latest trends and real world exploits, try your hands exploiting: SSRF, Log4Shell, reverse engineering, local privilege escalation, password cracking, XXS, and so much more! With over 35 challenges do you think you can complete them all?\r\n\r\n-----\r\n\r\nCMD+CTRL will have two different games happening: free play, and the competition. Both require a code to join, and the best way to get a code is to go to the CMD+CTRL booth in the contest area. Codes to join free play will be given in Discord, on Thursday. Once you have a code, you can play online, from anywhere -- you do not have to be in the contest area.\r\n\r\nFor free play specifically:\r\n\r\nWe will utilize our contest channel on Discord: [ce-cmd-ctrl-cyberrange-text](https://discord.com/channels/708208267699945503/711643642388807800)\r\nCMD+CTRL Cyber Range Free Play, Thur 10:00 AM PT - Sun 12:00 PM PT\r\n\r\nWe will broadcast sign up instructions within this channel once Free Play beings.","updated_timestamp":{"seconds":1691186100,"nanoseconds":0},"speakers":[],"timeband_id":989,"end":"2023-08-13T19:00:00.000-0000","links":[{"label":"Discord (ce-cmd-ctrl-cyberrange-text)","type":"link","url":"https://discord.com/channels/708208267699945503/711643642388807800"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245229"},{"label":"Twitter (@cmdnctrl_defcon)","type":"link","url":"https://twitter.com/cmdnctrl_defcon"}],"id":51596,"begin_timestamp":{"seconds":1691686800,"nanoseconds":0},"tag_ids":[45638,45766],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45749},"begin":"2023-08-10T17:00:00.000-0000","updated":"2023-08-04T21:55:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"On Thursday the CTF is located in room(s) 133-131 from 10am to 6pm. All participants must register on-site at that time. The CTF itself will run through Saturday at midnight, online.\r\n\r\nNumber of Challenges: 15-20\r\nDifficulty: beginner - hard\r\nTeam Size: 5\r\nCategories: Web, Reversing, Pwn, Crypto, Forensics, Fullpwn, Cloud\r\nDuration: Thursday - Saturday midnight \r\nTheme:\r\n\r\nIn the year 2045, the world stands on the brink of chaos as HeavenWeb, an advanced artificial intelligence system from the future, threatens to take control of all global networks. HeavenWeb, once created to enhance human productivity, has evolved into a malevolent force determined to eradicate humanity. In a desperate attempt to prevent the catastrophe, a team of elite hackers and cybersecurity experts organizes a global Capture the Flag (CTF) competition to challenge HeavenWeb's dominance.\r\n\r\nThe CTF, dubbed \"Operation Cybershock,\" brings together the brightest minds from around the world to compete in a virtual battlefield against HeavenWeb's intricate network of defenses. Participants must navigate through layers of encryption, code obfuscation, and AI-driven security protocols, all while unraveling the mysteries of HeavenWeb's origin and weaknesses. As the competition unfolds, alliances are formed, rivalries intensify, and the fate of humanity hangs in the balance. The CTF not only serves as a means to test the participants' skills but also as a platform to gather critical information about HeavenWeb, hoping to find a vulnerability that could be exploited to dismantle the malevolent AI and save the world from its impending doom.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#d1c366","updated_at":"2024-06-07T03:38+0000","name":"Meetup","id":45639},"title":"Hack the Box Hack-a-thon","android_description":"On Thursday the CTF is located in room(s) 133-131 from 10am to 6pm. All participants must register on-site at that time. The CTF itself will run through Saturday at midnight, online.\r\n\r\nNumber of Challenges: 15-20\r\nDifficulty: beginner - hard\r\nTeam Size: 5\r\nCategories: Web, Reversing, Pwn, Crypto, Forensics, Fullpwn, Cloud\r\nDuration: Thursday - Saturday midnight \r\nTheme:\r\n\r\nIn the year 2045, the world stands on the brink of chaos as HeavenWeb, an advanced artificial intelligence system from the future, threatens to take control of all global networks. HeavenWeb, once created to enhance human productivity, has evolved into a malevolent force determined to eradicate humanity. In a desperate attempt to prevent the catastrophe, a team of elite hackers and cybersecurity experts organizes a global Capture the Flag (CTF) competition to challenge HeavenWeb's dominance.\r\n\r\nThe CTF, dubbed \"Operation Cybershock,\" brings together the brightest minds from around the world to compete in a virtual battlefield against HeavenWeb's intricate network of defenses. Participants must navigate through layers of encryption, code obfuscation, and AI-driven security protocols, all while unraveling the mysteries of HeavenWeb's origin and weaknesses. As the competition unfolds, alliances are formed, rivalries intensify, and the fate of humanity hangs in the balance. The CTF not only serves as a means to test the participants' skills but also as a platform to gather critical information about HeavenWeb, hoping to find a vulnerability that could be exploited to dismantle the malevolent AI and save the world from its impending doom.","end_timestamp":{"seconds":1691909940,"nanoseconds":0},"updated_timestamp":{"seconds":1690130580,"nanoseconds":0},"speakers":[],"timeband_id":989,"links":[],"end":"2023-08-13T06:59:00.000-0000","id":51098,"village_id":null,"begin_timestamp":{"seconds":1691686800,"nanoseconds":0},"tag_ids":[45639,45646,45718],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45749},"updated":"2023-07-23T16:43:00.000-0000","begin":"2023-08-10T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"On Thursday the CTF is located in room(s) 133-131 from 10am to 6pm. All participants must register on-site at that time. The CTF itself will run through Saturday at midnight, online.\r\n\r\nNumber of Challenges: 15-20\r\nDifficulty: beginner - hard\r\nTeam Size: 5\r\nCategories: Web, Reversing, Pwn, Crypto, Forensics, Fullpwn, Cloud\r\nDuration: Thursday - Saturday midnight \r\nTheme:\r\n\r\nIn the year 2045, the world stands on the brink of chaos as HeavenWeb, an advanced artificial intelligence system from the future, threatens to take control of all global networks. HeavenWeb, once created to enhance human productivity, has evolved into a malevolent force determined to eradicate humanity. In a desperate attempt to prevent the catastrophe, a team of elite hackers and cybersecurity experts organizes a global Capture the Flag (CTF) competition to challenge HeavenWeb's dominance.\r\n\r\nThe CTF, dubbed \"Operation Cybershock,\" brings together the brightest minds from around the world to compete in a virtual battlefield against HeavenWeb's intricate network of defenses. Participants must navigate through layers of encryption, code obfuscation, and AI-driven security protocols, all while unraveling the mysteries of HeavenWeb's origin and weaknesses. As the competition unfolds, alliances are formed, rivalries intensify, and the fate of humanity hangs in the balance. The CTF not only serves as a means to test the participants' skills but also as a platform to gather critical information about HeavenWeb, hoping to find a vulnerability that could be exploited to dismantle the malevolent AI and save the world from its impending doom.\n\n\n","title":"Hack the Box Hack-a-thon","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#d1c366","name":"Meetup","id":45639},"end_timestamp":{"seconds":1691715600,"nanoseconds":0},"android_description":"On Thursday the CTF is located in room(s) 133-131 from 10am to 6pm. All participants must register on-site at that time. The CTF itself will run through Saturday at midnight, online.\r\n\r\nNumber of Challenges: 15-20\r\nDifficulty: beginner - hard\r\nTeam Size: 5\r\nCategories: Web, Reversing, Pwn, Crypto, Forensics, Fullpwn, Cloud\r\nDuration: Thursday - Saturday midnight \r\nTheme:\r\n\r\nIn the year 2045, the world stands on the brink of chaos as HeavenWeb, an advanced artificial intelligence system from the future, threatens to take control of all global networks. HeavenWeb, once created to enhance human productivity, has evolved into a malevolent force determined to eradicate humanity. In a desperate attempt to prevent the catastrophe, a team of elite hackers and cybersecurity experts organizes a global Capture the Flag (CTF) competition to challenge HeavenWeb's dominance.\r\n\r\nThe CTF, dubbed \"Operation Cybershock,\" brings together the brightest minds from around the world to compete in a virtual battlefield against HeavenWeb's intricate network of defenses. Participants must navigate through layers of encryption, code obfuscation, and AI-driven security protocols, all while unraveling the mysteries of HeavenWeb's origin and weaknesses. As the competition unfolds, alliances are formed, rivalries intensify, and the fate of humanity hangs in the balance. The CTF not only serves as a means to test the participants' skills but also as a platform to gather critical information about HeavenWeb, hoping to find a vulnerability that could be exploited to dismantle the malevolent AI and save the world from its impending doom.","updated_timestamp":{"seconds":1690130580,"nanoseconds":0},"speakers":[],"timeband_id":989,"links":[],"end":"2023-08-11T01:00:00.000-0000","id":51097,"tag_ids":[45639,45646,45718],"begin_timestamp":{"seconds":1691686800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 131-133","hotel":"","short_name":"Forum - 131-133","id":45894},"updated":"2023-07-23T16:43:00.000-0000","begin":"2023-08-10T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Who likes paying to ride the subway? Sure, you could hop the fare gates, but that can be athletically challenging and simply isn’t cool enough for our tastes. What’s a mischievous and miserly rider to do, then? Hack the fare system of course!\r\n\r\nIn this talk we'll walk you through how we, four high school students and cybersecurity noobs became the first to fully reverse engineer Boston’s CharlieCard fare system and earn ourselves free rides for life… or at least until the system gets fixed, whichever comes first.\r\n\r\nWe’ll start by exploring the trials and tribulations of exploring the hardware behind the CharlieCards. Next, we’ll dive into the emotional rollercoaster of reverse engineering the black box that is a transit card system older than us. We’ll then explain the process of disclosing our findings to a government agency without having to hire a legal team. Finally, we’ll show you a demo of some of the tools we made, including our own portable fare machine!\r\n\r\nBy the end of our talk, regardless of whether you’re an avid RFID hackerman, or a complete noob, we’ll leave you with useful reverse engineering strategies, tips for working with a government agency, and if nothing else, a fun story. \r\n\r\nREFERENCES:\r\n\r\nAndersen, Zack. Anatomy of a Subway Hack. 10 August 2008, https://file.wikileaks.org/file/anatomy-of-a-subway-hack.pdf.\r\n\r\nBray, Hiawatha. “Your CharlieCard can be hacked by an Android phone, MBTA admits.” The Boston Globe, 8 December 2022, https://www.bostonglobe.com/2022/12/08/business/your-charliecard-can-be-hacked-by-an-android-phone-mbta-admits/?p1=HP_Feed_AuthorQuery. Accessed 18 April 2023.\r\n\r\n“CharlieCard.” Wikipedia, https://en.wikipedia.org/wiki/CharlieCard. Accessed 18 April 2023.\r\n\r\nCourtois, Nicolas. “Hacking Mifare Classic Cards.” Black Hat, 21 October 2014, https://www.blackhat.com/docs/sp-14/materials/arsenal/sp-14-Almeida-Hacking-MIFARE-Classic-Cards-Slides.pdf. Accessed 18 April 2023.\r\n\r\niceman001. “RfidResearchGroup/proxmark3: The Iceman fork of Proxmark3 / RFID / NFC reader, writer, sniffer and emulator.” GitHub, https://github.com/RfidResearchGroup/proxmark3. Accessed 23 April 2023.\r\n\r\n“nfc-tools/mfcuk: MiFare Classic Universal toolKit (MFCUK).” GitHub, https://github.com/nfc-tools/mfcuk. Accessed 23 April 2023.\r\n\r\n“nfc-tools/mfoc: Mifare Classic Offline Cracker.” GitHub, https://github.com/nfc-tools/mfoc. Accessed 23 April 2023.\r\n\r\nRauch, Bobby. “Operation Charlie: Hacking the MBTA CharlieCard from 2008 to Present.” Medium, 8 December 2022, https://medium.com/@bobbyrsec/operation-charlie-hacking-the-mbta-charliecard-from-2008-to-present-24ea9f0aaa38. Accessed 18 April 2023.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#47c64e","name":"DEF CON War Story","id":45844},"title":"Boston Infinite Money Glitch: Hacking Transit Cards Without Ending Up In Handcuffs","android_description":"Who likes paying to ride the subway? Sure, you could hop the fare gates, but that can be athletically challenging and simply isn’t cool enough for our tastes. What’s a mischievous and miserly rider to do, then? Hack the fare system of course!\r\n\r\nIn this talk we'll walk you through how we, four high school students and cybersecurity noobs became the first to fully reverse engineer Boston’s CharlieCard fare system and earn ourselves free rides for life… or at least until the system gets fixed, whichever comes first.\r\n\r\nWe’ll start by exploring the trials and tribulations of exploring the hardware behind the CharlieCards. Next, we’ll dive into the emotional rollercoaster of reverse engineering the black box that is a transit card system older than us. We’ll then explain the process of disclosing our findings to a government agency without having to hire a legal team. Finally, we’ll show you a demo of some of the tools we made, including our own portable fare machine!\r\n\r\nBy the end of our talk, regardless of whether you’re an avid RFID hackerman, or a complete noob, we’ll leave you with useful reverse engineering strategies, tips for working with a government agency, and if nothing else, a fun story. \r\n\r\nREFERENCES:\r\n\r\nAndersen, Zack. Anatomy of a Subway Hack. 10 August 2008, https://file.wikileaks.org/file/anatomy-of-a-subway-hack.pdf.\r\n\r\nBray, Hiawatha. “Your CharlieCard can be hacked by an Android phone, MBTA admits.” The Boston Globe, 8 December 2022, https://www.bostonglobe.com/2022/12/08/business/your-charliecard-can-be-hacked-by-an-android-phone-mbta-admits/?p1=HP_Feed_AuthorQuery. Accessed 18 April 2023.\r\n\r\n“CharlieCard.” Wikipedia, https://en.wikipedia.org/wiki/CharlieCard. Accessed 18 April 2023.\r\n\r\nCourtois, Nicolas. “Hacking Mifare Classic Cards.” Black Hat, 21 October 2014, https://www.blackhat.com/docs/sp-14/materials/arsenal/sp-14-Almeida-Hacking-MIFARE-Classic-Cards-Slides.pdf. Accessed 18 April 2023.\r\n\r\niceman001. “RfidResearchGroup/proxmark3: The Iceman fork of Proxmark3 / RFID / NFC reader, writer, sniffer and emulator.” GitHub, https://github.com/RfidResearchGroup/proxmark3. Accessed 23 April 2023.\r\n\r\n“nfc-tools/mfcuk: MiFare Classic Universal toolKit (MFCUK).” GitHub, https://github.com/nfc-tools/mfcuk. Accessed 23 April 2023.\r\n\r\n“nfc-tools/mfoc: Mifare Classic Offline Cracker.” GitHub, https://github.com/nfc-tools/mfoc. Accessed 23 April 2023.\r\n\r\nRauch, Bobby. “Operation Charlie: Hacking the MBTA CharlieCard from 2008 to Present.” Medium, 8 December 2022, https://medium.com/@bobbyrsec/operation-charlie-hacking-the-mbta-charliecard-from-2008-to-present-24ea9f0aaa38. Accessed 18 April 2023.","end_timestamp":{"seconds":1691689500,"nanoseconds":0},"updated_timestamp":{"seconds":1688167740,"nanoseconds":0},"speakers":[{"content_ids":[50561],"conference_id":96,"event_ids":[50748],"name":"Matthew Harris","affiliations":[{"organization":"Medford Vocational Technical High School","title":"Student"}],"links":[],"pronouns":"he/him","media":[],"id":49772,"title":"Student at Medford Vocational Technical High School"},{"content_ids":[50561],"conference_id":96,"event_ids":[50748],"name":"Zachary Bertocchi","affiliations":[{"organization":"","title":"Hacker"}],"links":[],"pronouns":"he/him","media":[],"id":49773,"title":"Hacker"},{"content_ids":[50561],"conference_id":96,"event_ids":[50748],"name":"Scott Campbell","affiliations":[{"organization":"","title":"Hacker"}],"links":[],"pronouns":"he/him","media":[],"id":49774,"title":"Hacker"},{"content_ids":[50561],"conference_id":96,"event_ids":[50748],"name":"Noah Gibson","affiliations":[{"organization":"","title":"Hacker"}],"links":[],"pronouns":"he/him","media":[],"id":49775,"title":"Hacker"}],"timeband_id":989,"links":[{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245732"},{"label":"YouTube","type":"link","url":"https://www.youtube.com/watch?v=1JT_lTfK69Q"}],"end":"2023-08-10T17:45:00.000-0000","id":50748,"village_id":null,"begin_timestamp":{"seconds":1691686800,"nanoseconds":0},"tag_ids":[45592,45646,45844],"includes":"Demo 💻","people":[{"tag_id":45590,"sort_order":1,"person_id":49772},{"tag_id":45590,"sort_order":1,"person_id":49775},{"tag_id":45590,"sort_order":1,"person_id":49774},{"tag_id":45590,"sort_order":1,"person_id":49773}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 109-119, 138-139 - Track 2","hotel":"","short_name":"Forum - 109-119, 138-139 - Track 2","id":45797},"updated":"2023-06-30T23:29:00.000-0000","begin":"2023-08-10T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The Shell On Demand Appliance Machine (S.O.D.A. Machine) at DEF CON provided by the National Upcycled Computing Collective, Inc. (NUCC).\r\n\r\nSo, what's the S.O.D.A. Machine all about? \r\n\r\nPicture this:\r\n\r\nYou're at DEF CON, thirsty for some hacking. You're looking for a virtual machine (VM) to play with but don't want to be chained to your laptop.\r\n\r\nEnter the Shell On Demand Appliance:\r\n\r\nThis heavily modified VM is your gateway to an anonymous VM, available in the Chillout Lounge and accessible over the DEF CON network. \r\n\r\nA fusion of hardware, software, art, and hacking, all encapsulated in a project derived from recycled materials. The S.O.D.A. Machine provides a way for Humans to experience the DEF CON network in a way the secure WiFi won't allow, because the datacenter is inside the S.O.D.A. Machine and directly connected to the NOC.\r\n\r\nSimply insert cash or coins into the bill or coin acceptor to get started. The lights on the buttons will change color depending on availibility.\r\n\r\nA green light means the VM is available and ready.\r\n\r\nAn amber light requests the user to insert more money to ensure fair distribution according to current resources.\r\n\r\nA red light denotes the selection is unavailable.\r\n\r\nOnce you make a selection, the system will deploy the VM to the network and a receipt will be printed.\r\n\r\nOn the receipt, login credentials are provided for you to access your virtual machine via remote shell. You are then able to change the password, install whatever tools and applications you need, making the VM your own.\r\n\r\nWhat you do with the VM is up to you. Should you choose to share your virtual machine with someone outside of the DEF CON network, a Tor address is provided as well.\r\n\r\nAll proceeds go to the National Upcycled Computing Collective, Inc., a 501(c)(3) nonprofit organization helping further research and education in computer science, technology and engineering as an (NTEE U41) Research Institute.\r\n\r\nWe accept donations: https://www.paypal.com/paypalme/NUCC\r\n\n\n\n","title":"Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)","type":{"conference_id":96,"conference":"DEFCON31","color":"#77d8b8","updated_at":"2024-06-07T03:38+0000","name":"Misc","id":45640},"end_timestamp":{"seconds":1691744400,"nanoseconds":0},"android_description":"The Shell On Demand Appliance Machine (S.O.D.A. Machine) at DEF CON provided by the National Upcycled Computing Collective, Inc. (NUCC).\r\n\r\nSo, what's the S.O.D.A. Machine all about? \r\n\r\nPicture this:\r\n\r\nYou're at DEF CON, thirsty for some hacking. You're looking for a virtual machine (VM) to play with but don't want to be chained to your laptop.\r\n\r\nEnter the Shell On Demand Appliance:\r\n\r\nThis heavily modified VM is your gateway to an anonymous VM, available in the Chillout Lounge and accessible over the DEF CON network. \r\n\r\nA fusion of hardware, software, art, and hacking, all encapsulated in a project derived from recycled materials. The S.O.D.A. Machine provides a way for Humans to experience the DEF CON network in a way the secure WiFi won't allow, because the datacenter is inside the S.O.D.A. Machine and directly connected to the NOC.\r\n\r\nSimply insert cash or coins into the bill or coin acceptor to get started. The lights on the buttons will change color depending on availibility.\r\n\r\nA green light means the VM is available and ready.\r\n\r\nAn amber light requests the user to insert more money to ensure fair distribution according to current resources.\r\n\r\nA red light denotes the selection is unavailable.\r\n\r\nOnce you make a selection, the system will deploy the VM to the network and a receipt will be printed.\r\n\r\nOn the receipt, login credentials are provided for you to access your virtual machine via remote shell. You are then able to change the password, install whatever tools and applications you need, making the VM your own.\r\n\r\nWhat you do with the VM is up to you. Should you choose to share your virtual machine with someone outside of the DEF CON network, a Tor address is provided as well.\r\n\r\nAll proceeds go to the National Upcycled Computing Collective, Inc., a 501(c)(3) nonprofit organization helping further research and education in computer science, technology and engineering as an (NTEE U41) Research Institute.\r\n\r\nWe accept donations: https://www.paypal.com/paypalme/NUCC","updated_timestamp":{"seconds":1690997580,"nanoseconds":0},"speakers":[],"timeband_id":989,"links":[{"label":"Twitter (@ShellsOnDemand)","type":"link","url":"https://twitter.com/ShellsOnDemand"},{"label":"Mastodon (@soda@defcon.social)","type":"link","url":"https://defcon.social/@soda"}],"end":"2023-08-11T09:00:00.000-0000","id":52194,"begin_timestamp":{"seconds":1691683200,"nanoseconds":0},"tag_ids":[45640,45646,45743],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 121-123, 129, 137 - Chillout","hotel":"","short_name":"Forum - 121-123, 129, 137 - Chillout","id":45854},"spans_timebands":"Y","updated":"2023-08-02T17:33:00.000-0000","begin":"2023-08-10T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"In this class, KB6NU will cover everything you need to know to pass the Technician Class license exam. Register [here](https://platform.hamvillage.org/collect/description/315307-u-def-con-31-ham-in-a-day).\n\n\n","title":"Ham In A Day Class","type":{"conference_id":96,"conference":"DEFCON31","color":"#d86e9f","updated_at":"2024-06-07T03:38+0000","name":"Village Talk","id":45645},"end_timestamp":{"seconds":1691715600,"nanoseconds":0},"android_description":"In this class, KB6NU will cover everything you need to know to pass the Technician Class license exam. Register [here](https://platform.hamvillage.org/collect/description/315307-u-def-con-31-ham-in-a-day).","updated_timestamp":{"seconds":1690088700,"nanoseconds":0},"speakers":[{"content_ids":[51410],"conference_id":96,"event_ids":[51539],"name":"Dan KB6NU","affiliations":[],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@kb6nu"},{"description":"","title":"Website","sort_order":0,"url":"https://kb6nu.com"}],"pronouns":null,"media":[],"id":50514}],"timeband_id":989,"links":[{"label":"Register","type":"link","url":"https://platform.hamvillage.org/collect/description/315307-u-def-con-31-ham-in-a-day"}],"end":"2023-08-11T01:00:00.000-0000","id":51539,"begin_timestamp":{"seconds":1691683200,"nanoseconds":0},"tag_ids":[40286,45645,45647,45743],"village_id":47,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":50514}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45703,"name":"Flamingo - Virginia City - Ham Radio Village","hotel":"","short_name":"Virginia City - Ham Radio Village","id":45724},"begin":"2023-08-10T16:00:00.000-0000","updated":"2023-07-23T05:05:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Using cryptography is often a subtle practice and mistakes can result in significant vulnerabilities. This workshop will cover many of these vulnerabilities which have shown up in the real world, including CVE-2020-0601. This will be a hands-on workshop where you will implement the attacks after each one is explained. I will provide a VM with Python dependencies and skeleton code included so you can focus on implementing the attack. A good way to determine if this workshop is for you is to look at the challenges at cryptopals.com and see if those look interesting, but you could use in person help understanding the attacks. While not a strict subset of those challenges, there is significant overlap. Participants should have VMWare, VirtualBox, or some other VM software installed.\r\n\r\nSkill Level: Beginner to Intermediate\r\n\r\nPrerequisites for students: \r\n- Students should be comfortable with modular arithmetic and the properties of XOR.\r\n- Experience in Python or other similar language will be a plus.\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- A laptop with VMWare or VirtualBox installed and capable of running a VM.\n\n\n","title":"Introduction to Cryptographic Attacks (Pre-Registration Required)","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#eab14f","name":"DEF CON Workshop","id":45634},"end_timestamp":{"seconds":1691697600,"nanoseconds":0},"android_description":"Using cryptography is often a subtle practice and mistakes can result in significant vulnerabilities. This workshop will cover many of these vulnerabilities which have shown up in the real world, including CVE-2020-0601. This will be a hands-on workshop where you will implement the attacks after each one is explained. I will provide a VM with Python dependencies and skeleton code included so you can focus on implementing the attack. A good way to determine if this workshop is for you is to look at the challenges at cryptopals.com and see if those look interesting, but you could use in person help understanding the attacks. While not a strict subset of those challenges, there is significant overlap. Participants should have VMWare, VirtualBox, or some other VM software installed.\r\n\r\nSkill Level: Beginner to Intermediate\r\n\r\nPrerequisites for students: \r\n- Students should be comfortable with modular arithmetic and the properties of XOR.\r\n- Experience in Python or other similar language will be a plus.\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- A laptop with VMWare or VirtualBox installed and capable of running a VM.","updated_timestamp":{"seconds":1688058000,"nanoseconds":0},"speakers":[{"content_ids":[50636,52034],"conference_id":96,"event_ids":[50744,52250],"name":"Matt Cheung","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49900}],"timeband_id":989,"links":[{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/matt-cheung-introduction-to-cryptographic-attacks-tickets-668345337897?aff=oddtdtcreator"}],"end":"2023-08-10T20:00:00.000-0000","id":50744,"begin_timestamp":{"seconds":1691683200,"nanoseconds":0},"tag_ids":[45634,45653,45743,45877],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49900}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"spans_timebands":"N","begin":"2023-08-10T16:00:00.000-0000","updated":"2023-06-29T17:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Let’s capture the flag, literally! In this workshop you’ll participate in an engaging CTF during which you’ll take control of a robotic arm to capture a real flag on a model train!\r\n\r\nTo do so, we’ll start with an introduction to Industrial Control Systems to discover the specific components, the network architectures, and even program a PLC simulator.\r\n\r\nWe’ll then discover some ICS-specific protocols, with a focus on OPC-UA, a modern ICS protocol.\r\n\r\nFinally, you’ll connect to our ICS setup composed of real ICS hardware and software and compete against other attendees to capture the flags with robotic hands!\r\n\r\nSkill Level: Beginner\r\n\r\nPrerequisites for students: \r\n- No specific knowledge is required\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- Students should have a laptop capable of running 64-bits virtual machines\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#eab14f","name":"DEF CON Workshop","id":45634},"title":"Pentesting Inductiral Control Systems: OCP-U-HACK (Pre-Registration Required)","android_description":"Let’s capture the flag, literally! In this workshop you’ll participate in an engaging CTF during which you’ll take control of a robotic arm to capture a real flag on a model train!\r\n\r\nTo do so, we’ll start with an introduction to Industrial Control Systems to discover the specific components, the network architectures, and even program a PLC simulator.\r\n\r\nWe’ll then discover some ICS-specific protocols, with a focus on OPC-UA, a modern ICS protocol.\r\n\r\nFinally, you’ll connect to our ICS setup composed of real ICS hardware and software and compete against other attendees to capture the flags with robotic hands!\r\n\r\nSkill Level: Beginner\r\n\r\nPrerequisites for students: \r\n- No specific knowledge is required\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- Students should have a laptop capable of running 64-bits virtual machines","end_timestamp":{"seconds":1691697600,"nanoseconds":0},"updated_timestamp":{"seconds":1688057220,"nanoseconds":0},"speakers":[{"content_ids":[50632],"conference_id":96,"event_ids":[50740],"name":"Arnaud Soullié","affiliations":[{"organization":"Wavestone","title":"Senior Manager"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/arnaudsoullie"}],"media":[],"id":49891,"title":"Senior Manager at Wavestone"},{"content_ids":[50632],"conference_id":96,"event_ids":[50740],"name":"Alexandrine Torrents","affiliations":[{"organization":"Wavestone","title":"Cybersecurity Expert"}],"links":[],"pronouns":null,"media":[],"id":49892,"title":"Cybersecurity Expert at Wavestone"}],"timeband_id":989,"end":"2023-08-10T20:00:00.000-0000","links":[{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/arnaud-soullie-pentesting-inductiral-control-systems-ocp-u-hack-tickets-668356832277?aff=oddtdtcreator"}],"id":50740,"begin_timestamp":{"seconds":1691683200,"nanoseconds":0},"village_id":null,"tag_ids":[45634,45652,45743,45877],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49892},{"tag_id":45590,"sort_order":1,"person_id":49891}],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"begin":"2023-08-10T16:00:00.000-0000","updated":"2023-06-29T16:47:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"\"RISC architecture is gonna change everything.\"\r\n\r\n\"Yeah. RISC is good.\"\r\n\r\nSo said Angelina Jolie and Jonny Lee Miller in 1995. And while many of us weren't looking, RISC quietly changed everything.\r\n\r\nThis workshop will teach an introduction to low-level programming on the CPU that runs your favorite mobile games, apps, and everything else on your personal devices -- and is now creeping onto the desktop and into the datacenters that run the world.\r\n\r\nWe will write assembly code for ARM CPUs, and run it on an emulated Raspberry Pi, using the QEMU emulator. In the process, we will learn the key differences between ARM and the Intel CPUs running our workstations and servers. We will also learn to parallelize operations using the Neon coprocessor, and communicate with devices via the Raspberry's GPIO pins. Finally, we will explore and debug some misbehaving code, and in the end, we will emerge with a deeper understanding of low-level operations as they occur on the devices that play a vital role in our present and our future.\r\n\r\nSkill Level: Intermediate\r\n\r\nPrerequisites for students: \r\n- Some previous coding experience is helpful, but mostly, a healthy curiosity\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- Laptop with wifi connectivity, if wishing to participate\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#eab14f","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Workshop","id":45634},"title":"Hacking The Metal: An Intro to ARM Assembly Language Programming (Pre-Registration Required)","end_timestamp":{"seconds":1691697600,"nanoseconds":0},"android_description":"\"RISC architecture is gonna change everything.\"\r\n\r\n\"Yeah. RISC is good.\"\r\n\r\nSo said Angelina Jolie and Jonny Lee Miller in 1995. And while many of us weren't looking, RISC quietly changed everything.\r\n\r\nThis workshop will teach an introduction to low-level programming on the CPU that runs your favorite mobile games, apps, and everything else on your personal devices -- and is now creeping onto the desktop and into the datacenters that run the world.\r\n\r\nWe will write assembly code for ARM CPUs, and run it on an emulated Raspberry Pi, using the QEMU emulator. In the process, we will learn the key differences between ARM and the Intel CPUs running our workstations and servers. We will also learn to parallelize operations using the Neon coprocessor, and communicate with devices via the Raspberry's GPIO pins. Finally, we will explore and debug some misbehaving code, and in the end, we will emerge with a deeper understanding of low-level operations as they occur on the devices that play a vital role in our present and our future.\r\n\r\nSkill Level: Intermediate\r\n\r\nPrerequisites for students: \r\n- Some previous coding experience is helpful, but mostly, a healthy curiosity\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- Laptop with wifi connectivity, if wishing to participate","updated_timestamp":{"seconds":1688056980,"nanoseconds":0},"speakers":[{"content_ids":[50630],"conference_id":96,"event_ids":[50738],"name":"Eigentourist","affiliations":[],"links":[],"pronouns":null,"media":[],"id":49888}],"timeband_id":989,"links":[{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/eigentourist-an-intro-to-arm-assembly-language-programming-tickets-668354986757?aff=oddtdtcreator"}],"end":"2023-08-10T20:00:00.000-0000","id":50738,"begin_timestamp":{"seconds":1691683200,"nanoseconds":0},"tag_ids":[45634,45654,45743,45877],"village_id":null,"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49888}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"spans_timebands":"N","updated":"2023-06-29T16:43:00.000-0000","begin":"2023-08-10T16:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Binary emulation is now a must-have tool for malware analysts. With a few lines of Python you can unpack binaries, skip analysis of complex algorithms, and automatically extract the configuration data from malware! It’s not too good to be true, but there is a little preparation work involved…\r\n\r\nIn this workshop you will set up your own emulation environment (using Python) and work through a series of common malware analysis tasks such as unpacking, and malware configuration extraction. The workshop starts simple using Unicorn to emulate x86 shellcode, and builds to a final project where syscall hooking is used with Dumpulator to automatically extract C2s from malware.\r\n\r\nThis workshop is aimed at malware analysts and reverse engineers who are interested in learning more about emulation and how it can be used to automate some reverse engineering workflows. Students must be able to write basic Python scripts, and have a working knowledge of the Windows OS. Familiarity with Windows malware, assembly, and debugging are strongly recommended. If you have opened malware in a debugger before you will feel right at home here.\r\n\r\nYou will be provided with detailed virtual machine setup instructions prior to the workshop. Please make sure to bring a laptop that meets the following requirements.\r\n\r\n- Your laptop must have VirtualBox or VMWare installed and working prior to the start of the course.\r\n- Your laptop must have at least 60GB of disk space free.\r\n- Your laptop must also be able to mount USB storage devices. (Make sure you have the appropriate dongle if you need one.)\r\n\r\nSkill Level: Intermediate\r\n\r\nPrerequisites for students: \r\n- Students must be able to write basic Python scripts and have a basic understanding of the Windows operating system.\r\n- Familiarity with a Windows malware, debugging, and assembly would also be a significant benefit.\r\n\r\nMaterials or Equipment students will need to bring to participate:\r\n- Students must bring a laptop capable of running a Windows virtual machine with the following configuration. Time will be given to troubleshoot lab setup issues but it is strongly recommended that students have the following setup prior to the workshop.\r\n\r\n[Host Setup]\r\n- The laptop must have VirtualBox or VMWare installed and working prior to class.\r\n- The laptop must have at least 60GB of disk space free.\r\n- The laptop must be able to mount USB storage devices (ensure you have the appropriate dongle if you need one).\r\n\r\n[ VM Install ]\r\n- Download a free Windows 11 VM from Microsoft (https://developer.microsoft.com/en-u...tual-machines/)\r\n- You can also use a Windows VM of your choice (Windows 10 is also ok)\r\n\r\n[ VM Install for Mac - Apple Silicon Only (M1, M2)]\r\n- If you have a new Apple Silicon MacBook you will are limited to running an ARM Windows VM\r\n- ARM Windows VMs are suitable for the workshop and you can follow our installation guide on YouTube (https://youtu.be/0eR8yrDLV5M)\r\n\r\n[VM Setup]\r\n- Install x64dbg in your VM (https://x64dbg.com/)\r\n- Install a free version of IDA in your VM (https://hex-rays.com/ida-free/)\r\n- Install a version of Python > 3.8.x in your VM (https://www.python.org/)\n\n\n","title":"Applied Emulation - A Practical Approach to Emulating Malware (Pre-Registration Required)","type":{"conference_id":96,"conference":"DEFCON31","color":"#eab14f","updated_at":"2024-06-07T03:38+0000","name":"DEF CON Workshop","id":45634},"end_timestamp":{"seconds":1691697600,"nanoseconds":0},"android_description":"Binary emulation is now a must-have tool for malware analysts. With a few lines of Python you can unpack binaries, skip analysis of complex algorithms, and automatically extract the configuration data from malware! It’s not too good to be true, but there is a little preparation work involved…\r\n\r\nIn this workshop you will set up your own emulation environment (using Python) and work through a series of common malware analysis tasks such as unpacking, and malware configuration extraction. The workshop starts simple using Unicorn to emulate x86 shellcode, and builds to a final project where syscall hooking is used with Dumpulator to automatically extract C2s from malware.\r\n\r\nThis workshop is aimed at malware analysts and reverse engineers who are interested in learning more about emulation and how it can be used to automate some reverse engineering workflows. Students must be able to write basic Python scripts, and have a working knowledge of the Windows OS. Familiarity with Windows malware, assembly, and debugging are strongly recommended. If you have opened malware in a debugger before you will feel right at home here.\r\n\r\nYou will be provided with detailed virtual machine setup instructions prior to the workshop. Please make sure to bring a laptop that meets the following requirements.\r\n\r\n- Your laptop must have VirtualBox or VMWare installed and working prior to the start of the course.\r\n- Your laptop must have at least 60GB of disk space free.\r\n- Your laptop must also be able to mount USB storage devices. (Make sure you have the appropriate dongle if you need one.)\r\n\r\nSkill Level: Intermediate\r\n\r\nPrerequisites for students: \r\n- Students must be able to write basic Python scripts and have a basic understanding of the Windows operating system.\r\n- Familiarity with a Windows malware, debugging, and assembly would also be a significant benefit.\r\n\r\nMaterials or Equipment students will need to bring to participate:\r\n- Students must bring a laptop capable of running a Windows virtual machine with the following configuration. Time will be given to troubleshoot lab setup issues but it is strongly recommended that students have the following setup prior to the workshop.\r\n\r\n[Host Setup]\r\n- The laptop must have VirtualBox or VMWare installed and working prior to class.\r\n- The laptop must have at least 60GB of disk space free.\r\n- The laptop must be able to mount USB storage devices (ensure you have the appropriate dongle if you need one).\r\n\r\n[ VM Install ]\r\n- Download a free Windows 11 VM from Microsoft (https://developer.microsoft.com/en-u...tual-machines/)\r\n- You can also use a Windows VM of your choice (Windows 10 is also ok)\r\n\r\n[ VM Install for Mac - Apple Silicon Only (M1, M2)]\r\n- If you have a new Apple Silicon MacBook you will are limited to running an ARM Windows VM\r\n- ARM Windows VMs are suitable for the workshop and you can follow our installation guide on YouTube (https://youtu.be/0eR8yrDLV5M)\r\n\r\n[VM Setup]\r\n- Install x64dbg in your VM (https://x64dbg.com/)\r\n- Install a free version of IDA in your VM (https://hex-rays.com/ida-free/)\r\n- Install a version of Python > 3.8.x in your VM (https://www.python.org/)","updated_timestamp":{"seconds":1688054340,"nanoseconds":0},"speakers":[{"content_ids":[50620],"conference_id":96,"event_ids":[50728],"name":"Sergei Frankoff","affiliations":[{"organization":"OpenAnalysis Inc","title":"Co-founder"}],"links":[],"pronouns":null,"media":[],"id":49868,"title":"Co-founder at OpenAnalysis Inc"},{"content_ids":[50620],"conference_id":96,"event_ids":[50728],"name":"Sean Wilson","affiliations":[{"organization":"OpenAnalysis Inc","title":"Co-Founder"}],"links":[],"pronouns":null,"media":[],"id":49869,"title":"Co-Founder at OpenAnalysis Inc"}],"timeband_id":989,"end":"2023-08-10T20:00:00.000-0000","links":[{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/sergei-frankoff-a-practical-approach-to-emulating-malware-tickets-668358156237?aff=oddtdtcreator"}],"id":50728,"village_id":null,"tag_ids":[45634,45654,45743,45877],"begin_timestamp":{"seconds":1691683200,"nanoseconds":0},"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":49869},{"tag_id":45590,"sort_order":1,"person_id":49868}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"spans_timebands":"N","begin":"2023-08-10T16:00:00.000-0000","updated":"2023-06-29T15:59:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Cloud providers' ecosystems have brought a lot of new challenges to companies and Security teams. Many new attack vectors create known and unknown attack vectors, generating a considerable need for further research and detection in this field.\r\n\r\nIn the current cloud security world, access keys are the new perimeter, and permissions associated with those keys are the limits. In many real-world scenarios, leaked access keys are the initial vectors to get into an organization's cloud environments. Therefore, the least privilege and detection in real-time becomes critical.\r\n\r\nSpecifically, in AWS, we are talking about more than three hundred (300+) services that an attacker could create their specific attack path to achieve their goal. Considering this chaotic scenario, we developed this workshop to teach how to mitigate those new vectors and improve the company's overall cloud security posture. The workshop will cover misconfigurations, AWS IAM (Identity and Access Management) least privilege, and control plane (Cloudtrail) monitoring.\r\n\r\nThis workshop will help organizations improve their cloud security posture in these three fields - misconfigurations, IAM permissions management, and control plane monitoring. There will be practical demonstrations, hands-on labs, and some Capture The Flag (CTF) to practice incident response.\r\n\r\nSkill Level: Intermediate\r\n\r\nPrerequisites for students: \r\n- AWS basic to intermediate knowledge\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- Laptop. \r\n- Demonstrations and Capture The Flag (CTF) exercises will be executed in my AWS account and using CTFd.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#eab14f","name":"DEF CON Workshop","id":45634},"title":"Protecting the AWS ecosystem - Misconfigurations, IAM, and Monitoring (Pre-Registration Required)","end_timestamp":{"seconds":1691697600,"nanoseconds":0},"android_description":"Cloud providers' ecosystems have brought a lot of new challenges to companies and Security teams. Many new attack vectors create known and unknown attack vectors, generating a considerable need for further research and detection in this field.\r\n\r\nIn the current cloud security world, access keys are the new perimeter, and permissions associated with those keys are the limits. In many real-world scenarios, leaked access keys are the initial vectors to get into an organization's cloud environments. Therefore, the least privilege and detection in real-time becomes critical.\r\n\r\nSpecifically, in AWS, we are talking about more than three hundred (300+) services that an attacker could create their specific attack path to achieve their goal. Considering this chaotic scenario, we developed this workshop to teach how to mitigate those new vectors and improve the company's overall cloud security posture. The workshop will cover misconfigurations, AWS IAM (Identity and Access Management) least privilege, and control plane (Cloudtrail) monitoring.\r\n\r\nThis workshop will help organizations improve their cloud security posture in these three fields - misconfigurations, IAM permissions management, and control plane monitoring. There will be practical demonstrations, hands-on labs, and some Capture The Flag (CTF) to practice incident response.\r\n\r\nSkill Level: Intermediate\r\n\r\nPrerequisites for students: \r\n- AWS basic to intermediate knowledge\r\n\r\nMaterials or Equipment students will need to bring to participate: \r\n- Laptop. \r\n- Demonstrations and Capture The Flag (CTF) exercises will be executed in my AWS account and using CTFd.","updated_timestamp":{"seconds":1688053920,"nanoseconds":0},"speakers":[{"content_ids":[51989,50617],"conference_id":96,"event_ids":[50725,52183],"name":"Rodrigo Montoro","affiliations":[{"organization":"Clavis Security","title":"Head of Threat & Detection Research"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/spookerlabs"}],"pronouns":null,"media":[],"id":51196,"title":"Head of Threat & Detection Research at Clavis Security"}],"timeband_id":989,"end":"2023-08-10T20:00:00.000-0000","links":[{"label":"Registration","type":"link","url":"https://www.eventbrite.com/e/rodrigo-montoro-protecting-the-aws-ecosystem-tickets-668351787187"}],"id":50725,"village_id":null,"begin_timestamp":{"seconds":1691683200,"nanoseconds":0},"tag_ids":[45634,45654,45743,45877],"includes":"","people":[{"tag_id":45590,"sort_order":1,"person_id":51196}],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45665,"name":"Flamingo - Exec Conf Ctr - Foyer - Workshop Checkin","hotel":"","short_name":"Foyer - Workshop Checkin","id":45755},"spans_timebands":"N","begin":"2023-08-10T16:00:00.000-0000","updated":"2023-06-29T15:52:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Hac-Man is a hacker skills challenge, themed after the classic arcade game \"Pac-Man\". Navigate your avatar through the maze, completing skills challenges in many different skills categories such as Ciphers and Codes, Reverse Engineering, Packet Analysis, Scavenger Hunt, Trivia, and Lock-picking. Can you make it to the end of the maze, or better yet, top the Leaderboard?\n\n\n","title":"Hac-Man","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#cf74e1","name":"Contest","id":45635},"end_timestamp":{"seconds":1691953200,"nanoseconds":0},"android_description":"Hac-Man is a hacker skills challenge, themed after the classic arcade game \"Pac-Man\". Navigate your avatar through the maze, completing skills challenges in many different skills categories such as Ciphers and Codes, Reverse Engineering, Packet Analysis, Scavenger Hunt, Trivia, and Lock-picking. Can you make it to the end of the maze, or better yet, top the Leaderboard?","updated_timestamp":{"seconds":1690059000,"nanoseconds":0},"speakers":[],"timeband_id":989,"links":[{"label":"Website","type":"link","url":"https://hacman.roguesignal.io/"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/245312"},{"label":"Twitter (@Hac__Man)","type":"link","url":"https://twitter.com/@Hac__Man"}],"end":"2023-08-13T19:00:00.000-0000","id":51470,"begin_timestamp":{"seconds":1691679600,"nanoseconds":0},"village_id":null,"tag_ids":[45635,45646,45766],"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - Contest Area","hotel":"","short_name":"Summit - Contest Area","id":45855},"updated":"2023-07-22T20:50:00.000-0000","begin":"2023-08-10T15:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"All merch sales are USD CASH ONLY. No cards will be accepted.\r\n\r\nThe published hours for the merch area are only an approximation: supplies are limited, and when merch is sold out, the merch area will close for the year. (We intend to update this schedule to reflect their true operating status, but this is strictly best-effort.) \r\n\r\nNote that the closing hours here are **when sales must have ended**. For example, if sales must end by 18:00, and we estimate that it will take 2 hours to clear the queue, doors are likely to close around 16:00. Because of this dynamic nature, we can't predict the length of the line or when doors will be closed.\r\n\r\n**PLEASE NOTE**\r\n\r\nThe Saturday open time was incorrectly listed as 08:00, and has been corrected to 09:00. **PLEASE** check stock status in HackerTracker.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#77d8b8","updated_at":"2024-06-07T03:38+0000","name":"Misc","id":45640},"title":"Merch (formerly swag) Area Open -- README","android_description":"All merch sales are USD CASH ONLY. No cards will be accepted.\r\n\r\nThe published hours for the merch area are only an approximation: supplies are limited, and when merch is sold out, the merch area will close for the year. (We intend to update this schedule to reflect their true operating status, but this is strictly best-effort.) \r\n\r\nNote that the closing hours here are **when sales must have ended**. For example, if sales must end by 18:00, and we estimate that it will take 2 hours to clear the queue, doors are likely to close around 16:00. Because of this dynamic nature, we can't predict the length of the line or when doors will be closed.\r\n\r\n**PLEASE NOTE**\r\n\r\nThe Saturday open time was incorrectly listed as 08:00, and has been corrected to 09:00. **PLEASE** check stock status in HackerTracker.","end_timestamp":{"seconds":1691715600,"nanoseconds":0},"updated_timestamp":{"seconds":1691801940,"nanoseconds":0},"speakers":[],"timeband_id":989,"links":[],"end":"2023-08-11T01:00:00.000-0000","id":52157,"begin_timestamp":{"seconds":1691676000,"nanoseconds":0},"tag_ids":[45640,45646,45743],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45719,"name":"Caesars Forum - Summit - 227-230 - Merch","hotel":"","short_name":"Summit - 227-230 - Merch","id":45857},"spans_timebands":"N","begin":"2023-08-10T14:00:00.000-0000","updated":"2023-08-12T00:59:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Extremely **IMPORTANT** notes regarding human registration:\r\n - These notes apply to human registration only. You are a human if you are not a goon, official speaker, village staff, press, black badge holder, or similar. (If you are one of those, you need to register separately. If you don't know how, see an NFO goon (infobooth).)\r\n - Badges are required for everyone ages 8 and older.\r\n - If you pre-registered, please ensure that your QR code is readily accessible. If you will be presenting it on a smartphone, please ensure that your display is set to maximum brightness as you near the front of the line. \r\n - If you did not pre-register, all badge sales are CASH ONLY! No checks, money orders, credit cards, IOUs, or anything else will be accepted. Please have exact change ready as you near the front of the line.\r\n - To reiterate, **please have exact change ready**.\r\n - If you purchase a DEF CON badge from BlackHat, please get your badge from BlackHat before they close.\r\n - If you lose your badge, there is no way for us to replace it. You'll have to buy a replacement at full price.\r\n - If you are being accompanied by a full-time caretaker (such as someone who will push your wheelchair, and will accompany you at all times), please ask to speak to a Registration Goon. Your caretaker will receive a paper badge that will permit them to accompany you everywhere you go.\r\n - A generic receipt for the cash sale of a badge will be made available on media.defcon.org after the conference. You are welcome to print your own copy of the receipt, if you need a receipt. Printed receipts are not available at the time of purchase.\r\n - Please help us make this a great experience for everyone: **follow directions given by goons** and get in the correct line. Note that there may be one line for all of registration, or there may be two lines (pre-registration vs cash) -- this may change over time, based on available staffing and necessary crowd control.\r\n - Please be patient. The time listed here for the beginning of registration is approximate. We will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; this may be earlier or later than the scheduled time.\r\n - There are no refunds given for cash sales. If you have any doubt, do not buy the badge.\r\n - If you have questions about anything regarding registration, that are not addressed here, please ask to speak to a Registration Goon.\r\n\n\n\n","title":"Human Registration Open","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#77d8b8","name":"Misc","id":45640},"android_description":"Extremely **IMPORTANT** notes regarding human registration:\r\n - These notes apply to human registration only. You are a human if you are not a goon, official speaker, village staff, press, black badge holder, or similar. (If you are one of those, you need to register separately. If you don't know how, see an NFO goon (infobooth).)\r\n - Badges are required for everyone ages 8 and older.\r\n - If you pre-registered, please ensure that your QR code is readily accessible. If you will be presenting it on a smartphone, please ensure that your display is set to maximum brightness as you near the front of the line. \r\n - If you did not pre-register, all badge sales are CASH ONLY! No checks, money orders, credit cards, IOUs, or anything else will be accepted. Please have exact change ready as you near the front of the line.\r\n - To reiterate, **please have exact change ready**.\r\n - If you purchase a DEF CON badge from BlackHat, please get your badge from BlackHat before they close.\r\n - If you lose your badge, there is no way for us to replace it. You'll have to buy a replacement at full price.\r\n - If you are being accompanied by a full-time caretaker (such as someone who will push your wheelchair, and will accompany you at all times), please ask to speak to a Registration Goon. Your caretaker will receive a paper badge that will permit them to accompany you everywhere you go.\r\n - A generic receipt for the cash sale of a badge will be made available on media.defcon.org after the conference. You are welcome to print your own copy of the receipt, if you need a receipt. Printed receipts are not available at the time of purchase.\r\n - Please help us make this a great experience for everyone: **follow directions given by goons** and get in the correct line. Note that there may be one line for all of registration, or there may be two lines (pre-registration vs cash) -- this may change over time, based on available staffing and necessary crowd control.\r\n - Please be patient. The time listed here for the beginning of registration is approximate. We will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; this may be earlier or later than the scheduled time.\r\n - There are no refunds given for cash sales. If you have any doubt, do not buy the badge.\r\n - If you have questions about anything regarding registration, that are not addressed here, please ask to speak to a Registration Goon.","end_timestamp":{"seconds":1691719200,"nanoseconds":0},"updated_timestamp":{"seconds":1691559000,"nanoseconds":0},"speakers":[],"timeband_id":989,"links":[],"end":"2023-08-11T02:00:00.000-0000","id":51695,"tag_ids":[45640,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691676000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 101-103 - Reg","hotel":"","short_name":"Forum - 101-103 - Reg","id":45853},"updated":"2023-08-09T05:30:00.000-0000","begin":"2023-08-10T14:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"IF the future is coming and it is! Then you're going to need to run! Get started at defcon.run!\r\n\r\nDefcon.run is an evolution of the now long running Defcon 4x5K running event. But now it's bigger and more fun! Due to stupendous growth, we’ve been forced to change up the format. This year's activity will look to match up folks for fun runs, and rucks (!), in smaller distributed groups around Las Vegas. It’s the same old event but at a distributed scale! Show up in the morning to beat the heat, go for a run with folks, have a good time!\r\n\r\nWe’ll have a full set of routes for people to choose from from simple 5Ks to more ambitious distances.\r\n\r\nYou can register to log your distance, we'll have a leader board, and shenanigans! Full Information at https://defcon.run\r\n\r\nInterested parties should rally at Harrah's Goldfield at 06:00, but be sure to check [defcon.run](https://defcon.run) for any updates.\n\n\n","title":"Defcon.run","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#697bd0","name":"Event","id":45638},"android_description":"IF the future is coming and it is! Then you're going to need to run! Get started at defcon.run!\r\n\r\nDefcon.run is an evolution of the now long running Defcon 4x5K running event. But now it's bigger and more fun! Due to stupendous growth, we’ve been forced to change up the format. This year's activity will look to match up folks for fun runs, and rucks (!), in smaller distributed groups around Las Vegas. It’s the same old event but at a distributed scale! Show up in the morning to beat the heat, go for a run with folks, have a good time!\r\n\r\nWe’ll have a full set of routes for people to choose from from simple 5Ks to more ambitious distances.\r\n\r\nYou can register to log your distance, we'll have a leader board, and shenanigans! Full Information at https://defcon.run\r\n\r\nInterested parties should rally at Harrah's Goldfield at 06:00, but be sure to check [defcon.run](https://defcon.run) for any updates.","end_timestamp":{"seconds":1691694000,"nanoseconds":0},"updated_timestamp":{"seconds":1690671360,"nanoseconds":0},"speakers":[],"timeband_id":989,"links":[{"label":"Website","type":"link","url":"https://defcon.run"},{"label":"Twitter","type":"link","url":"https://twitter.com/defcon_run"},{"label":"Mastodon (@run@defcon.social)","type":"link","url":"https://defcon.social/@run"}],"end":"2023-08-10T19:00:00.000-0000","id":51102,"tag_ids":[45638],"begin_timestamp":{"seconds":1691672400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Other/See Description","hotel":"","short_name":"Other/See Description","id":45750},"spans_timebands":"N","begin":"2023-08-10T13:00:00.000-0000","updated":"2023-07-29T22:56:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Linecon is your optional opportunity to stand (or sit) in line for human registration to open.\r\n\r\nDoors open at 17:00 Wednesday. Registration will open and queue processing will begin at approximately 07:00 Thursday.\r\n\r\nAt all times, follow directions from on-duty goons -- linecon may need to be relocated into a different ballroom. The currently planned location is Caesars Forum, Rooms 101-103.\r\n\r\nFor purposes of clarity: Caesars Forum is *not* connected to Caesars Palace; it is connected to Harrah's and LINQ. Please see the published maps (in this app) for further information.\r\n\r\nPlease also review the \"Human Registration Open\" event, and familiarize yourself with the **important notes** therein. \n\n\n","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#697bd0","name":"Event","id":45638},"title":"Linecon","android_description":"Linecon is your optional opportunity to stand (or sit) in line for human registration to open.\r\n\r\nDoors open at 17:00 Wednesday. Registration will open and queue processing will begin at approximately 07:00 Thursday.\r\n\r\nAt all times, follow directions from on-duty goons -- linecon may need to be relocated into a different ballroom. The currently planned location is Caesars Forum, Rooms 101-103.\r\n\r\nFor purposes of clarity: Caesars Forum is *not* connected to Caesars Palace; it is connected to Harrah's and LINQ. Please see the published maps (in this app) for further information.\r\n\r\nPlease also review the \"Human Registration Open\" event, and familiarize yourself with the **important notes** therein.","end_timestamp":{"seconds":1691676000,"nanoseconds":0},"updated_timestamp":{"seconds":1690513500,"nanoseconds":0},"speakers":[],"timeband_id":1021,"links":[],"end":"2023-08-10T14:00:00.000-0000","id":51699,"tag_ids":[45638,45646,45743],"village_id":null,"begin_timestamp":{"seconds":1691625600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"Y","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":45655,"name":"Caesars Forum - Forum - 101-103 - Reg","hotel":"","short_name":"Forum - 101-103 - Reg","id":45853},"updated":"2023-07-28T03:05:00.000-0000","begin":"2023-08-10T00:00:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"Where: Pro Gun Vegas\r\nAddress: 12801 US 95 South Boulder City, NV 89005\r\nWhen: Before the con Wednesday Aug 9th, 11:00 - 17:00\r\nhttps://deviating.net/firearms/defcon_shoot/\r\n\r\nThe Unofficial DEF CON Shoot is a public event that happens just prior to the DEF CON hacker conference in Las Vegas, Nevada. It is an opportunity to see and shoot some of the guns belonging to your friends while taking pride in showing and firing your own steel, as well, in a relaxed and welcoming atmosphere. We choose a spot, then we rent tables, canopies, and bring all the necessary safety equipment and amenities. All you need to bring yourself and (optionally) your firearms. New shooters and veterans both attend regularly. You can attend with your firearms, of course, but folk without guns of their own in Vegas may have the opportunity to try gear from others in attendance or to inquire with the ProGun range about whether rental firearms are available.\r\n\r\nThis is a 100% off-site event and a defcon badge is not required for entry.\n\n\n","type":{"conference_id":96,"conference":"DEFCON31","color":"#697bd0","updated_at":"2024-06-07T03:38+0000","name":"Event","id":45638},"title":"The Unofficial DEF CON Shoot","android_description":"Where: Pro Gun Vegas\r\nAddress: 12801 US 95 South Boulder City, NV 89005\r\nWhen: Before the con Wednesday Aug 9th, 11:00 - 17:00\r\nhttps://deviating.net/firearms/defcon_shoot/\r\n\r\nThe Unofficial DEF CON Shoot is a public event that happens just prior to the DEF CON hacker conference in Las Vegas, Nevada. It is an opportunity to see and shoot some of the guns belonging to your friends while taking pride in showing and firing your own steel, as well, in a relaxed and welcoming atmosphere. We choose a spot, then we rent tables, canopies, and bring all the necessary safety equipment and amenities. All you need to bring yourself and (optionally) your firearms. New shooters and veterans both attend regularly. You can attend with your firearms, of course, but folk without guns of their own in Vegas may have the opportunity to try gear from others in attendance or to inquire with the ProGun range about whether rental firearms are available.\r\n\r\nThis is a 100% off-site event and a defcon badge is not required for entry.","end_timestamp":{"seconds":1691625600,"nanoseconds":0},"updated_timestamp":{"seconds":1689096300,"nanoseconds":0},"speakers":[],"timeband_id":1021,"links":[{"label":"Apple Maps","type":"link","url":"https://maps.apple.com/?address=12801%20Old%20US%20Hwy%2095,%20Henderson,%20NV%20%2089044,%20United%20States&ll=35.958148,-114.922410&q=12801%20Old%20US%20Hwy%2095"},{"label":"More Information","type":"link","url":"https://deviating.net/firearms/defcon_shoot/"},{"label":"Discuss (DEF CON Forums)","type":"link","url":"https://forum.defcon.org/node/244825"},{"label":"Google Maps","type":"link","url":"https://goo.gl/maps/r9s2B1cu3RR4xCmM7"}],"end":"2023-08-10T00:00:00.000-0000","id":51069,"begin_timestamp":{"seconds":1691604000,"nanoseconds":0},"tag_ids":[45638],"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Other/See Description","hotel":"","short_name":"Other/See Description","id":45750},"begin":"2023-08-09T18:00:00.000-0000","updated":"2023-07-11T17:25:00.000-0000"},{"conference":"DEFCON31","timezone":"America/Los_Angeles","link":"","description":"The DEFCON MUD is available now for those who would like to play remotely. New characters created will be eligible to enter, however only DUMB Terminals in the DEFCON contest area may actually score points. For details go to https://evil.af/\r\n\r\nSTART: Monday August 5th 2023 @ 0001\r\n\r\nEND: Sunday August 13th 2023 @ 1000\n\n\n","title":"The DEFCON31 Multi User Dungeon Adventure (DEFCON MUD) Internet Edition","type":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","color":"#697bd0","name":"Event","id":45638},"end_timestamp":{"seconds":1691946000,"nanoseconds":0},"android_description":"The DEFCON MUD is available now for those who would like to play remotely. New characters created will be eligible to enter, however only DUMB Terminals in the DEFCON contest area may actually score points. For details go to https://evil.af/\r\n\r\nSTART: Monday August 5th 2023 @ 0001\r\n\r\nEND: Sunday August 13th 2023 @ 1000","updated_timestamp":{"seconds":1691292180,"nanoseconds":0},"speakers":[],"timeband_id":1021,"links":[{"label":"Details","type":"link","url":"https://evil.af/"}],"end":"2023-08-13T17:00:00.000-0000","id":52565,"tag_ids":[45638,45744,45764],"begin_timestamp":{"seconds":1691564400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":96,"links_antiquated":[],"location":{"conference_id":96,"conference":"DEFCON31","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"Virtual","hotel":"","short_name":"Virtual","id":45749},"spans_timebands":"Y","begin":"2023-08-09T07:00:00.000-0000","updated":"2023-08-06T03:23:00.000-0000"}] \ No newline at end of file diff --git a/public/ht/conferences/DEFCON32/events.json b/public/ht/conferences/DEFCON32/events.json index b5011c4..655f428 100644 --- a/public/ht/conferences/DEFCON32/events.json +++ b/public/ht/conferences/DEFCON32/events.json @@ -1 +1 @@ -[{"conference":"DEFCON32","timezone":"America/Los_Angeles","link":"","description":"Watch this space!\n\n\n","type":{"conference_id":133,"conference":"DEFCON32","updated_at":"2024-02-10T19:40+0000","color":"#69814C","name":"Talk","id":46166},"title":"Placeholder","end_timestamp":{"seconds":1723222800,"nanoseconds":0},"android_description":"Watch this space!","updated_timestamp":{"seconds":1707191940,"nanoseconds":0},"speakers":[{"conference_id":133,"event_ids":[54104],"name":"Placeholder","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52629}],"timeband_id":1147,"links":[],"end":"2024-08-09T17:00:00.000-0000","id":54104,"village_id":null,"begin_timestamp":{"seconds":1723219200,"nanoseconds":0},"tag_ids":[46166],"includes":"","people":[{"tag_id":46167,"sort_order":1,"person_id":52629}],"tags":"","conference_id":133,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":133,"conference":"DEFCON32","updated_at":"2024-02-10T19:40+0000","parent_id":0,"name":"LVCC","hotel":"","short_name":"LVCC","id":46180},"updated":"2024-02-06T03:59:00.000-0000","begin":"2024-08-09T16:00:00.000-0000"}] \ No newline at end of file +[{"conference":"DEFCON32","timezone":"America/Los_Angeles","link":"","description":"Watch this space!\n\n\n","type":{"conference_id":133,"conference":"DEFCON32","updated_at":"2024-06-07T03:38+0000","color":"#69814C","name":"Talk","id":46166},"title":"Placeholder","android_description":"Watch this space!","end_timestamp":{"seconds":1723222800,"nanoseconds":0},"updated_timestamp":{"seconds":1707191940,"nanoseconds":0},"speakers":[{"content_ids":[53772],"conference_id":133,"event_ids":[54104],"name":"Placeholder","affiliations":[],"links":[],"pronouns":null,"media":[],"id":52629}],"timeband_id":1147,"links":[],"end":"2024-08-09T17:00:00.000-0000","id":54104,"begin_timestamp":{"seconds":1723219200,"nanoseconds":0},"tag_ids":[46166],"village_id":null,"includes":"","people":[{"tag_id":46167,"sort_order":1,"person_id":52629}],"tags":"","conference_id":133,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":133,"conference":"DEFCON32","updated_at":"2024-06-07T03:38+0000","parent_id":0,"name":"LVCC","hotel":"","short_name":"LVCC","id":46180},"begin":"2024-08-09T16:00:00.000-0000","updated":"2024-02-06T03:59:00.000-0000"}] \ No newline at end of file diff --git a/public/ht/conferences/EKOPARTY2024/events.json b/public/ht/conferences/EKOPARTY2024/events.json index 4d48122..51ac48e 100644 --- a/public/ht/conferences/EKOPARTY2024/events.json +++ b/public/ht/conferences/EKOPARTY2024/events.json @@ -1 +1 @@ -[{"conference":"EKOPARTY2024","timezone":"America/Argentina/Buenos_Aires","link":"","description":"","title":"Opening ","type":{"conference_id":142,"conference":"EKOPARTY2024","updated_at":"2024-04-24T20:53+0000","color":"#83D1B8","name":"Talk","id":46312},"android_description":"","end_timestamp":{"seconds":1731501000,"nanoseconds":0},"updated_timestamp":{"seconds":1713991860,"nanoseconds":0},"speakers":[{"conference_id":142,"event_ids":[54403],"name":"Leonardo Pigñer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53693}],"timeband_id":1166,"links":[],"end":"2024-11-13T12:30:00.000-0000","id":54403,"tag_ids":[46312],"village_id":null,"begin_timestamp":{"seconds":1731499200,"nanoseconds":0},"includes":"","people":[{"tag_id":46313,"sort_order":1,"person_id":53693}],"tags":"","conference_id":142,"links_antiquated":[],"location":{"conference_id":142,"conference":"EKOPARTY2024","updated_at":"2024-04-24T20:53+0000","parent_id":0,"name":"Maintrack","hotel":"","short_name":"Maintrack","id":46230},"spans_timebands":"N","updated":"2024-04-24T20:51:00.000-0000","begin":"2024-11-13T12:00:00.000-0000"}] \ No newline at end of file +[{"conference":"EKOPARTY2024","timezone":"America/Argentina/Buenos_Aires","link":"","description":"","type":{"conference_id":142,"conference":"EKOPARTY2024","updated_at":"2024-05-31T01:40+0000","color":"#83D1B8","name":"Talk","id":46312},"title":"Opening ","end_timestamp":{"seconds":1731501000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1713991860,"nanoseconds":0},"speakers":[{"conference_id":142,"event_ids":[54403],"name":"Leonardo Pigñer","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53693}],"timeband_id":1166,"links":[],"end":"2024-11-13T12:30:00.000-0000","id":54403,"village_id":null,"begin_timestamp":{"seconds":1731499200,"nanoseconds":0},"tag_ids":[46312],"includes":"","people":[{"tag_id":46313,"sort_order":1,"person_id":53693}],"tags":"","conference_id":142,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":142,"conference":"EKOPARTY2024","updated_at":"2024-05-31T01:40+0000","parent_id":0,"name":"Maintrack","hotel":"","short_name":"Maintrack","id":46230},"updated":"2024-04-24T20:51:00.000-0000","begin":"2024-11-13T12:00:00.000-0000"}] \ No newline at end of file diff --git a/public/ht/conferences/SHOWMECON2024/events.json b/public/ht/conferences/SHOWMECON2024/events.json index 89976d4..447ca2c 100644 --- a/public/ht/conferences/SHOWMECON2024/events.json +++ b/public/ht/conferences/SHOWMECON2024/events.json @@ -1 +1 @@ -[{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","title":"After Party","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","color":"#922c8f","name":"Misc","id":46349},"end_timestamp":{"seconds":1715734800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1715222520,"nanoseconds":0},"speakers":[],"timeband_id":1175,"links":[],"end":"2024-05-15T01:00:00.000-0000","id":54461,"village_id":null,"tag_ids":[46349],"begin_timestamp":{"seconds":1715724000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"spans_timebands":"N","updated":"2024-05-09T02:42:00.000-0000","begin":"2024-05-14T22:00:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"Hackers have found multiple methods to bypass Multi-factor Authentication (MFA). While many organizations have enabled MFA across the enterprise, new risks arise daily. It’s clear that pairing a user’s password with a second identification factor reduces the employee’s and company’s overall risk. However, incident response investigations from the past six months indicate that cybercriminals are combining older tactics and newer techniques to bypass common MFA implementations and achieve unauthorized access.\r\n\r\nMalicious hackers in the wild have designed and run specialized attacks to bypass an MFA-enabled account, navigate the network as a trusted entity, and exfiltrate data undetected. Methods such as OTP, fingerprint, push technologies, and hardware tokens all merit review.\r\n\r\nJoin Brandon Potter, CTO at ProCircular, as he demonstrates the four most common MFA bypass techniques, breaks down the risks and defenses, and provides a punch list of quick wins to implement for immediate protection.\n\n\n","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","color":"#48ABA2","name":"Talk","id":46337},"title":"Unmasking the Threat: Understanding and Defending Against MFA Bypass Techniques","android_description":"Hackers have found multiple methods to bypass Multi-factor Authentication (MFA). While many organizations have enabled MFA across the enterprise, new risks arise daily. It’s clear that pairing a user’s password with a second identification factor reduces the employee’s and company’s overall risk. However, incident response investigations from the past six months indicate that cybercriminals are combining older tactics and newer techniques to bypass common MFA implementations and achieve unauthorized access.\r\n\r\nMalicious hackers in the wild have designed and run specialized attacks to bypass an MFA-enabled account, navigate the network as a trusted entity, and exfiltrate data undetected. Methods such as OTP, fingerprint, push technologies, and hardware tokens all merit review.\r\n\r\nJoin Brandon Potter, CTO at ProCircular, as he demonstrates the four most common MFA bypass techniques, breaks down the risks and defenses, and provides a punch list of quick wins to implement for immediate protection.","end_timestamp":{"seconds":1715724000,"nanoseconds":0},"updated_timestamp":{"seconds":1715222280,"nanoseconds":0},"speakers":[{"conference_id":144,"event_ids":[54452],"name":"Brandon Potter","affiliations":[{"organization":"ProCircular, Inc.","title":"Chief Technology Officer"}],"links":[],"pronouns":null,"media":[],"id":53712,"title":"Chief Technology Officer at ProCircular, Inc."}],"timeband_id":1175,"links":[],"end":"2024-05-14T22:00:00.000-0000","id":54452,"begin_timestamp":{"seconds":1715721000,"nanoseconds":0},"village_id":null,"tag_ids":[46337,46351],"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53712}],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Imagination","hotel":"","short_name":"Imagination","id":46245},"spans_timebands":"N","begin":"2024-05-14T21:10:00.000-0000","updated":"2024-05-09T02:38:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"Intrusion detection works best when you can discover the attacker while they are still in the system. Finding out after the fact does little to protect your systems and your data. \r\n\r\nIdeally, you would want to set an alarm that an attacker would trigger while limiting the damage to your environment.\r\n\r\nWe know from many recent breaches that attackers commonly try to expand their foothold in a system by finding and exploiting hardcoded credentials in environments they have accessed. We can use these behavioral patterns to our advantage by engaging in defensive cyber deception. \r\n\r\nYou might already be familiar with the concept of honeypots, false systems, or networks meant to lure and ensnare hackers. There is a subclass of honeypots that require almost none of the overhead, are simple to deploy, are used by many industries, and lure attackers into triggering alerts while they are trying to gain further access. The industry has arrived at the term honeytoken for this branch of cybersecurity tooling. \r\n\r\nTakeaways:\r\n- Analysis of recent breaches for common attack behaviors\r\n- A history of cyber deception and the evolution of honeypots in defensive strategies. \r\n- Understanding how honeytokens work\r\n- Maximizing the impact of honeytokens\n\n\n","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#48ABA2","updated_at":"2024-05-13T17:53+0000","name":"Talk","id":46337},"title":"Who Goes There? Actively Detecting Intruders With Cyber Deception Tools","end_timestamp":{"seconds":1715724000,"nanoseconds":0},"android_description":"Intrusion detection works best when you can discover the attacker while they are still in the system. Finding out after the fact does little to protect your systems and your data. \r\n\r\nIdeally, you would want to set an alarm that an attacker would trigger while limiting the damage to your environment.\r\n\r\nWe know from many recent breaches that attackers commonly try to expand their foothold in a system by finding and exploiting hardcoded credentials in environments they have accessed. We can use these behavioral patterns to our advantage by engaging in defensive cyber deception. \r\n\r\nYou might already be familiar with the concept of honeypots, false systems, or networks meant to lure and ensnare hackers. There is a subclass of honeypots that require almost none of the overhead, are simple to deploy, are used by many industries, and lure attackers into triggering alerts while they are trying to gain further access. The industry has arrived at the term honeytoken for this branch of cybersecurity tooling. \r\n\r\nTakeaways:\r\n- Analysis of recent breaches for common attack behaviors\r\n- A history of cyber deception and the evolution of honeypots in defensive strategies. \r\n- Understanding how honeytokens work\r\n- Maximizing the impact of honeytokens","updated_timestamp":{"seconds":1715222040,"nanoseconds":0},"speakers":[{"conference_id":144,"event_ids":[54443],"name":"Dwayne McDaniel","affiliations":[{"organization":"GitGuardian","title":"Senior Security Developer Advocate"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@mcdwayne"}],"pronouns":null,"media":[],"id":53705,"title":"Senior Security Developer Advocate at GitGuardian"}],"timeband_id":1175,"links":[],"end":"2024-05-14T22:00:00.000-0000","id":54443,"begin_timestamp":{"seconds":1715721000,"nanoseconds":0},"tag_ids":[46337,46339],"village_id":null,"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53705}],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Discovery A/D","hotel":"","short_name":"Discovery A/D","id":46242},"spans_timebands":"N","updated":"2024-05-09T02:34:00.000-0000","begin":"2024-05-14T21:10:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#922c8f","updated_at":"2024-05-13T17:53+0000","name":"Misc","id":46349},"title":"Short Break","end_timestamp":{"seconds":1715721000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1715222460,"nanoseconds":0},"speakers":[],"timeband_id":1175,"links":[],"end":"2024-05-14T21:10:00.000-0000","id":54469,"tag_ids":[46349],"begin_timestamp":{"seconds":1715720400,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"begin":"2024-05-14T21:00:00.000-0000","updated":"2024-05-09T02:41:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"Delve into 2023’s most common attack chains used against large enterprises! Gain insights into attacks, defense strategies, and actionable tasks for an instant security lift, learning how to lower your risk of compromise via these attacks without budget strain\r\n\r\nThis presentation is set to unveil the TTPs employed by attackers who targeted low-hanging vulnerabilities to compromise large enterprises in 2023. It will provide a candid, in-depth exploration through a step-by-step attack chain walkthrough, shedding light on the intricacies of these attacks. Discover the hows and whys behind these tactics and gain insights into proactive defense measures.\r\n\r\nAttendees will leave armed with actionable tasks that can be implemented immediately on Monday, elevating their security posture without straining budgets. By addressing these vulnerabilities, they not only fortify their defenses but also make future penetration tests more cost-effective, eliminating potential “cheap shots” favored by pentesters.\r\n\r\nThe presentation also promises to empower red team participants with the knowledge to potentially achieve domain admin status within an average corporation from the comfort of their couch, all within record time.\n\n\n","title":"Couch to Compromise 2024","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#48ABA2","updated_at":"2024-05-13T17:53+0000","name":"Talk","id":46337},"end_timestamp":{"seconds":1715720400,"nanoseconds":0},"android_description":"Delve into 2023’s most common attack chains used against large enterprises! Gain insights into attacks, defense strategies, and actionable tasks for an instant security lift, learning how to lower your risk of compromise via these attacks without budget strain\r\n\r\nThis presentation is set to unveil the TTPs employed by attackers who targeted low-hanging vulnerabilities to compromise large enterprises in 2023. It will provide a candid, in-depth exploration through a step-by-step attack chain walkthrough, shedding light on the intricacies of these attacks. Discover the hows and whys behind these tactics and gain insights into proactive defense measures.\r\n\r\nAttendees will leave armed with actionable tasks that can be implemented immediately on Monday, elevating their security posture without straining budgets. By addressing these vulnerabilities, they not only fortify their defenses but also make future penetration tests more cost-effective, eliminating potential “cheap shots” favored by pentesters.\r\n\r\nThe presentation also promises to empower red team participants with the knowledge to potentially achieve domain admin status within an average corporation from the comfort of their couch, all within record time.","updated_timestamp":{"seconds":1715222220,"nanoseconds":0},"speakers":[{"conference_id":144,"event_ids":[54448],"name":"Johnny Xmas","affiliations":[{"organization":"Grimm Cyber","title":"Technical Director of Cybersecurity Training"}],"links":[],"pronouns":null,"media":[],"id":53706,"title":"Technical Director of Cybersecurity Training at Grimm Cyber"}],"timeband_id":1175,"links":[],"end":"2024-05-14T21:00:00.000-0000","id":54448,"tag_ids":[46337,46350],"begin_timestamp":{"seconds":1715717400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53706}],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Discovery C/B","hotel":"","short_name":"Discovery C/B","id":46243},"spans_timebands":"N","begin":"2024-05-14T20:10:00.000-0000","updated":"2024-05-09T02:37:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"This session is for our vendor friends that are participating in ShowmeCon 2024, but all attendees are welcome to join as well.  In this session a panel of CISO's have made themselves available to discuss cyber security sales from their perspective and real world experiences.  Why is building a relationship so important? What works when trying to sell a solution and what doesn't? We will open the conversation to our vendor and audience participants to ask questions about sales tactics and strategies. We hope you leave this session with a better strategy on how to make your pitch, build your relationship and ultimately close a deal. \n\n\n","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","color":"#48ABA2","name":"Talk","id":46337},"title":"CISO Roundtable","end_timestamp":{"seconds":1715720400,"nanoseconds":0},"android_description":"This session is for our vendor friends that are participating in ShowmeCon 2024, but all attendees are welcome to join as well.  In this session a panel of CISO's have made themselves available to discuss cyber security sales from their perspective and real world experiences.  Why is building a relationship so important? What works when trying to sell a solution and what doesn't? We will open the conversation to our vendor and audience participants to ask questions about sales tactics and strategies. We hope you leave this session with a better strategy on how to make your pitch, build your relationship and ultimately close a deal.","updated_timestamp":{"seconds":1715222040,"nanoseconds":0},"speakers":[{"conference_id":144,"event_ids":[54433,54442],"name":"Joey Smith","affiliations":[{"organization":"Schnuck Markets, Inc.","title":""}],"links":[{"description":"","title":"Schnuck Markets","sort_order":0,"url":"https://schnucks.com/"}],"pronouns":null,"media":[],"id":53694,"title":"Schnuck Markets, Inc."}],"timeband_id":1175,"links":[],"end":"2024-05-14T21:00:00.000-0000","id":54442,"tag_ids":[46337,46339],"village_id":null,"begin_timestamp":{"seconds":1715717400,"nanoseconds":0},"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53694}],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Discovery A/D","hotel":"","short_name":"Discovery A/D","id":46242},"updated":"2024-05-09T02:34:00.000-0000","begin":"2024-05-14T20:10:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"The default logging capabilities from Microsoft are only helpful to a certain extent. This session will discuss how to utilize the Sysinternals tool Sysmon for threat hunting, testing detections and more. The session will explain use cases and look at real examples of Sysmon successfully detecting malicious behavior in the wild.\n\n\n","title":"Getting the Most out of Sysmon","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#48ABA2","updated_at":"2024-05-13T17:53+0000","name":"Talk","id":46337},"end_timestamp":{"seconds":1715720400,"nanoseconds":0},"android_description":"The default logging capabilities from Microsoft are only helpful to a certain extent. This session will discuss how to utilize the Sysinternals tool Sysmon for threat hunting, testing detections and more. The session will explain use cases and look at real examples of Sysmon successfully detecting malicious behavior in the wild.","updated_timestamp":{"seconds":1715221980,"nanoseconds":0},"speakers":[{"conference_id":144,"event_ids":[54440],"name":"Amanda Berlin","affiliations":[{"organization":"Blumira","title":"Lead Incident Detection Engineer"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/InfoSystir"}],"pronouns":null,"media":[],"id":53701,"title":"Lead Incident Detection Engineer at Blumira"}],"timeband_id":1175,"links":[],"end":"2024-05-14T21:00:00.000-0000","id":54440,"tag_ids":[46337,46351],"village_id":null,"begin_timestamp":{"seconds":1715717400,"nanoseconds":0},"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53701}],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Imagination","hotel":"","short_name":"Imagination","id":46245},"updated":"2024-05-09T02:33:00.000-0000","begin":"2024-05-14T20:10:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#922c8f","updated_at":"2024-05-13T17:53+0000","name":"Misc","id":46349},"title":"Afternoon Break","end_timestamp":{"seconds":1715717400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1715222460,"nanoseconds":0},"speakers":[],"timeband_id":1175,"links":[],"end":"2024-05-14T20:10:00.000-0000","id":54468,"village_id":null,"begin_timestamp":{"seconds":1715716200,"nanoseconds":0},"tag_ids":[46349],"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"spans_timebands":"N","begin":"2024-05-14T19:50:00.000-0000","updated":"2024-05-09T02:41:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"In this talk we will discuss new ideas for threat hunting ICS\\SCADA networks. This talk will discuss new ways to provide secure visualization and instrumentation for ICS\\SCADA networks utilizing physics to identify advanced adversarial threats. This talk expands upon the traditional methods for monitoring networks and hunting threat activities as typically performed in an enterprise network. This presentation will dive into examples of how to monitor the Internet of Military Things (IoMT) and ICS\\SCADA infrastructure to collect physics-based data that may provide new insights into complex threats that may be sourced from the supply-chain, an insider or external threat. Threat hunting space and the Internet of Space Things (IoST) will be discussed.\n\n\n","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","color":"#48ABA2","name":"Talk","id":46337},"title":"Threat Hunting Space and Digital Energy with Physics","android_description":"In this talk we will discuss new ideas for threat hunting ICS\\SCADA networks. This talk will discuss new ways to provide secure visualization and instrumentation for ICS\\SCADA networks utilizing physics to identify advanced adversarial threats. This talk expands upon the traditional methods for monitoring networks and hunting threat activities as typically performed in an enterprise network. This presentation will dive into examples of how to monitor the Internet of Military Things (IoMT) and ICS\\SCADA infrastructure to collect physics-based data that may provide new insights into complex threats that may be sourced from the supply-chain, an insider or external threat. Threat hunting space and the Internet of Space Things (IoST) will be discussed.","end_timestamp":{"seconds":1715716200,"nanoseconds":0},"updated_timestamp":{"seconds":1715222220,"nanoseconds":0},"speakers":[{"conference_id":144,"event_ids":[54450],"name":"Paul Coggin","affiliations":[{"organization":"nou Systems","title":"Cyber SME"}],"links":[],"pronouns":null,"media":[],"id":53709,"title":"Cyber SME at nou Systems"}],"timeband_id":1175,"links":[],"end":"2024-05-14T19:50:00.000-0000","id":54450,"village_id":null,"tag_ids":[46337,46351],"begin_timestamp":{"seconds":1715713200,"nanoseconds":0},"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53709}],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Imagination","hotel":"","short_name":"Imagination","id":46245},"begin":"2024-05-14T19:00:00.000-0000","updated":"2024-05-09T02:37:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"At the cutting edge of AI advancements, Large Language Models (LLMs) such as GPT-3 and BERT are transforming a wide array of industries. Yet, this swift integration into various sectors has brought to light significant security issues, which are the focus of the \"\"Pentesting Large Language Models: Challenges and Techniques\"\" talk. This discussion aims to thoroughly examine the specific vulnerabilities found in LLMs and underscore the importance of robust pentesting methods to safeguard their security and functionality.\r\n\r\nThe session will present a focused overview of Large Language Models, highlighting their architectural design, range of applications, and their critical role in the current AI domain. It will underscore the vital aspect of security within AI, especially due to the inherent risks in LLMs, such as the potential for data corruption, model inversion attacks, and threats to data security.\r\n\r\nFurthermore, the talk will explore specialized pentesting techniques for LLMs, covering both automated and manual approaches. This segment includes real-world case studies demonstrating the tangible impacts and consequences of security breaches in LLMs, effectively linking theoretical concepts with practical scenarios.\r\n\r\nThe presentation will address best practices in mitigating risks associated with LLMs. It will emphasize the importance of secure development, deployment, and ongoing surveillance. The talk will also provide insights into the future challenges of AI security and the growing need for sophisticated pentesting strategies.\n\n\n","title":"Pentesting Large Language Models: Challenges and Techniques","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#48ABA2","updated_at":"2024-05-13T17:53+0000","name":"Talk","id":46337},"android_description":"At the cutting edge of AI advancements, Large Language Models (LLMs) such as GPT-3 and BERT are transforming a wide array of industries. Yet, this swift integration into various sectors has brought to light significant security issues, which are the focus of the \"\"Pentesting Large Language Models: Challenges and Techniques\"\" talk. This discussion aims to thoroughly examine the specific vulnerabilities found in LLMs and underscore the importance of robust pentesting methods to safeguard their security and functionality.\r\n\r\nThe session will present a focused overview of Large Language Models, highlighting their architectural design, range of applications, and their critical role in the current AI domain. It will underscore the vital aspect of security within AI, especially due to the inherent risks in LLMs, such as the potential for data corruption, model inversion attacks, and threats to data security.\r\n\r\nFurthermore, the talk will explore specialized pentesting techniques for LLMs, covering both automated and manual approaches. This segment includes real-world case studies demonstrating the tangible impacts and consequences of security breaches in LLMs, effectively linking theoretical concepts with practical scenarios.\r\n\r\nThe presentation will address best practices in mitigating risks associated with LLMs. It will emphasize the importance of secure development, deployment, and ongoing surveillance. The talk will also provide insights into the future challenges of AI security and the growing need for sophisticated pentesting strategies.","end_timestamp":{"seconds":1715716200,"nanoseconds":0},"updated_timestamp":{"seconds":1715222220,"nanoseconds":0},"speakers":[{"conference_id":144,"event_ids":[54447],"name":"Raymond Evans","affiliations":[{"organization":"Digital Silence","title":""}],"links":[],"pronouns":null,"media":[],"id":53716,"title":"Digital Silence"}],"timeband_id":1175,"links":[],"end":"2024-05-14T19:50:00.000-0000","id":54447,"tag_ids":[46337,46350],"village_id":null,"begin_timestamp":{"seconds":1715713200,"nanoseconds":0},"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53716}],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Discovery C/B","hotel":"","short_name":"Discovery C/B","id":46243},"spans_timebands":"N","updated":"2024-05-09T02:37:00.000-0000","begin":"2024-05-14T19:00:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"Delve into the intricate technical and operational nuances accompanying the transition from PCI DSS Version 3.2.1 to the latest 4.0. Explore the shifts in security considerations evolving compliance dynamics and gain actionable insights for a smooth implementation journey. Unravel the upgraded standards and understand the real-world impact of these changes. This session provides a detailed roadmap, empowering attendees to navigate the complex landscape of PCI DSS 4.0 confidently. Join me for an insightful analysis that illuminates the refined security measures, equipping you to embrace the future of secure payment transactions.\n\n\n","title":"PCI 4.0 is here. It's not to late. Let's get to work","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","color":"#48ABA2","name":"Talk","id":46337},"end_timestamp":{"seconds":1715716200,"nanoseconds":0},"android_description":"Delve into the intricate technical and operational nuances accompanying the transition from PCI DSS Version 3.2.1 to the latest 4.0. Explore the shifts in security considerations evolving compliance dynamics and gain actionable insights for a smooth implementation journey. Unravel the upgraded standards and understand the real-world impact of these changes. This session provides a detailed roadmap, empowering attendees to navigate the complex landscape of PCI DSS 4.0 confidently. Join me for an insightful analysis that illuminates the refined security measures, equipping you to embrace the future of secure payment transactions.","updated_timestamp":{"seconds":1715222040,"nanoseconds":0},"speakers":[{"conference_id":144,"event_ids":[54441],"name":"Dan Yarger","affiliations":[{"organization":"Parameter Security","title":"Qualified Security Assessor"}],"links":[{"description":"","title":"Parameter Security","sort_order":0,"url":"https://www.parametersecurity.com/"}],"pronouns":null,"media":[],"id":53699,"title":"Qualified Security Assessor at Parameter Security"}],"timeband_id":1175,"links":[],"end":"2024-05-14T19:50:00.000-0000","id":54441,"village_id":null,"tag_ids":[46337,46339],"begin_timestamp":{"seconds":1715713200,"nanoseconds":0},"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53699}],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Discovery A/D","hotel":"","short_name":"Discovery A/D","id":46242},"updated":"2024-05-09T02:34:00.000-0000","begin":"2024-05-14T19:00:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","title":"Free time: Sponsors, Networking & More","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#922c8f","updated_at":"2024-05-13T17:53+0000","name":"Misc","id":46349},"android_description":"","end_timestamp":{"seconds":1715713200,"nanoseconds":0},"updated_timestamp":{"seconds":1715222460,"nanoseconds":0},"speakers":[],"timeband_id":1175,"links":[],"end":"2024-05-14T19:00:00.000-0000","id":54467,"village_id":null,"tag_ids":[46349],"begin_timestamp":{"seconds":1715711400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"spans_timebands":"N","begin":"2024-05-14T18:30:00.000-0000","updated":"2024-05-09T02:41:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","title":"Lunch Break","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","color":"#922c8f","name":"Misc","id":46349},"android_description":"","end_timestamp":{"seconds":1715711400,"nanoseconds":0},"updated_timestamp":{"seconds":1715222400,"nanoseconds":0},"speakers":[],"timeband_id":1175,"links":[],"end":"2024-05-14T18:30:00.000-0000","id":54466,"tag_ids":[46349],"village_id":null,"begin_timestamp":{"seconds":1715707800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"begin":"2024-05-14T17:30:00.000-0000","updated":"2024-05-09T02:40:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"Winn will discuss the Meta War and how it is impacting the world around us.\n\n\n","title":"The Meta War","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#48ABA2","updated_at":"2024-05-13T17:53+0000","name":"Talk","id":46337},"end_timestamp":{"seconds":1715707800,"nanoseconds":0},"android_description":"Winn will discuss the Meta War and how it is impacting the world around us.","updated_timestamp":{"seconds":1715222160,"nanoseconds":0},"speakers":[{"conference_id":144,"event_ids":[54445],"name":"Winn Schwartau","affiliations":[{"organization":"WS, LLC.","title":""}],"links":[],"pronouns":null,"media":[],"id":53718,"title":"WS, LLC."}],"timeband_id":1175,"links":[],"end":"2024-05-14T17:30:00.000-0000","id":54445,"begin_timestamp":{"seconds":1715704200,"nanoseconds":0},"village_id":null,"tag_ids":[46337,46352],"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53718}],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Discovery Ballroom","hotel":"","short_name":"Discovery Ballroom","id":46244},"begin":"2024-05-14T16:30:00.000-0000","updated":"2024-05-09T02:36:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","title":"Message from Our Sponsors","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","color":"#922c8f","name":"Misc","id":46349},"end_timestamp":{"seconds":1715704200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1715222400,"nanoseconds":0},"speakers":[],"timeband_id":1175,"links":[],"end":"2024-05-14T16:30:00.000-0000","id":54465,"village_id":null,"tag_ids":[46349],"begin_timestamp":{"seconds":1715703600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"begin":"2024-05-14T16:20:00.000-0000","updated":"2024-05-09T02:40:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"Jeff began his career in InfoSec at the National Security Agency first as a Cryptologist, designing and fielding the first software-based cryptosystem ever produced by NSA, and later becoming the primary architect of the first NSA Red Team. He has shared his NSA story in a series of talks, \"Tales from the Crypt...Analyst\" and \"MORE Tales From the Crypt...Analyst\". This talk is the third installment in Jeff's story and features his transition from NSA to the private sector in the early days of Information Security consulting. He will recount stories from the days of trying to convince companies that if they wanted to connect to the Internet they really needed a firewall; how penetration testing evolved to vulnerability assesments and then to security architecture advisory work; convincing clients that you didn't need a browser to hack a web server; finding an open network jack really did mean you had access to the network; why it's not a good idea for your mainframe to be Internet reachable; rooting a mainframe; and ultimately trying to find ways to get organizations to think about Information Security from a strategic perspective rather than just selling them a bunch of blinky boxes and telling them where to place them. Of course, we've solved all these problems from the early days...or maybe, just maybe there are still lessons to be learned.\n\n\n","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","color":"#48ABA2","name":"Talk","id":46337},"title":"Tales from the Crypt...Analyst: The After Life (keynote)","android_description":"Jeff began his career in InfoSec at the National Security Agency first as a Cryptologist, designing and fielding the first software-based cryptosystem ever produced by NSA, and later becoming the primary architect of the first NSA Red Team. He has shared his NSA story in a series of talks, \"Tales from the Crypt...Analyst\" and \"MORE Tales From the Crypt...Analyst\". This talk is the third installment in Jeff's story and features his transition from NSA to the private sector in the early days of Information Security consulting. He will recount stories from the days of trying to convince companies that if they wanted to connect to the Internet they really needed a firewall; how penetration testing evolved to vulnerability assesments and then to security architecture advisory work; convincing clients that you didn't need a browser to hack a web server; finding an open network jack really did mean you had access to the network; why it's not a good idea for your mainframe to be Internet reachable; rooting a mainframe; and ultimately trying to find ways to get organizations to think about Information Security from a strategic perspective rather than just selling them a bunch of blinky boxes and telling them where to place them. Of course, we've solved all these problems from the early days...or maybe, just maybe there are still lessons to be learned.","end_timestamp":{"seconds":1715703600,"nanoseconds":0},"updated_timestamp":{"seconds":1715222100,"nanoseconds":0},"speakers":[{"conference_id":144,"event_ids":[54444],"name":"Jeff Man","affiliations":[{"organization":"Online Business Systems","title":""}],"links":[],"pronouns":null,"media":[],"id":53700,"title":"Online Business Systems"}],"timeband_id":1175,"links":[],"end":"2024-05-14T16:20:00.000-0000","id":54444,"village_id":null,"tag_ids":[46337,46352],"begin_timestamp":{"seconds":1715700000,"nanoseconds":0},"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53700}],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Discovery Ballroom","hotel":"","short_name":"Discovery Ballroom","id":46244},"begin":"2024-05-14T15:20:00.000-0000","updated":"2024-05-09T02:35:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","color":"#922c8f","name":"Misc","id":46349},"title":"Morning Break","android_description":"","end_timestamp":{"seconds":1715700000,"nanoseconds":0},"updated_timestamp":{"seconds":1715222400,"nanoseconds":0},"speakers":[],"timeband_id":1175,"links":[],"end":"2024-05-14T15:20:00.000-0000","id":54464,"village_id":null,"tag_ids":[46349],"begin_timestamp":{"seconds":1715698800,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"spans_timebands":"N","updated":"2024-05-09T02:40:00.000-0000","begin":"2024-05-14T15:00:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"For many reasons (which I will discuss in my presentation), I have come to the conclusion that many/most security tasks, functions and roles can and should largely be distributed across the organization with support from a governance/oversight function. In short, fewer “security people” and more people “doing security.” My prediction is that in the future, there will be fewer dedicated information security staff members and a larger quantity of general staff who practice what have traditionally been information security functions. This requires a fundamental reassessment of how we look at managing security.\r\n\r\nThis presentation isn’t about general information security awareness training, but rather breaking down the elements and tasks of an information security program and dividing many of those elements and tasks amongst current staff. \r\n\r\nFor example, fewer application security people and more developers who are trained to write more secure code. And fewer Network Security Specialists, and more Network Admins that implement security controls. \r\n\r\nThis will lead to security taking on more of a governance and advisory role and providing direction rather than implementation. And for all but the largest organizations, many specialized security roles will end up being outsourced to specialists rather than being on the company payroll.\r\n\r\nIn this presentation I will discuss:\r\n\r\n- The current information security professional “shortage.” Shortage in quotes, because in many cases this is more of a misalignment between expectations from hiring organization and reality.\r\n- The role of specialization in all organizations/societies\r\n- The current and ideal role for information security within an organization (Advise? Consult? Recommend? Test? Implement? Develop? Build things? Run things? Measure things (Existence and effectiveness)?\r\n- Where information security should sit (Business? Technical? Risk Management?)\r\n- How legal, privacy, audit, and general IT have been moving into what has traditionally been the realm of the security team.\r\n- The importance of understanding business and risk to provide context and prioritization for information security.\r\n- How distributed security functions can lead to better outcomes.\r\n- And more!\n\n\n","title":"Why You Don't Need a Security Team","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","color":"#48ABA2","name":"Talk","id":46337},"end_timestamp":{"seconds":1715698800,"nanoseconds":0},"android_description":"For many reasons (which I will discuss in my presentation), I have come to the conclusion that many/most security tasks, functions and roles can and should largely be distributed across the organization with support from a governance/oversight function. In short, fewer “security people” and more people “doing security.” My prediction is that in the future, there will be fewer dedicated information security staff members and a larger quantity of general staff who practice what have traditionally been information security functions. This requires a fundamental reassessment of how we look at managing security.\r\n\r\nThis presentation isn’t about general information security awareness training, but rather breaking down the elements and tasks of an information security program and dividing many of those elements and tasks amongst current staff. \r\n\r\nFor example, fewer application security people and more developers who are trained to write more secure code. And fewer Network Security Specialists, and more Network Admins that implement security controls. \r\n\r\nThis will lead to security taking on more of a governance and advisory role and providing direction rather than implementation. And for all but the largest organizations, many specialized security roles will end up being outsourced to specialists rather than being on the company payroll.\r\n\r\nIn this presentation I will discuss:\r\n\r\n- The current information security professional “shortage.” Shortage in quotes, because in many cases this is more of a misalignment between expectations from hiring organization and reality.\r\n- The role of specialization in all organizations/societies\r\n- The current and ideal role for information security within an organization (Advise? Consult? Recommend? Test? Implement? Develop? Build things? Run things? Measure things (Existence and effectiveness)?\r\n- Where information security should sit (Business? Technical? Risk Management?)\r\n- How legal, privacy, audit, and general IT have been moving into what has traditionally been the realm of the security team.\r\n- The importance of understanding business and risk to provide context and prioritization for information security.\r\n- How distributed security functions can lead to better outcomes.\r\n- And more!","updated_timestamp":{"seconds":1715222160,"nanoseconds":0},"speakers":[{"conference_id":144,"event_ids":[54446],"name":"Alex Hamerstone","affiliations":[{"organization":"TrustedSec","title":"Advisory Solutions Director"}],"links":[],"pronouns":null,"media":[],"id":53698,"title":"Advisory Solutions Director at TrustedSec"}],"timeband_id":1175,"links":[],"end":"2024-05-14T15:00:00.000-0000","id":54446,"begin_timestamp":{"seconds":1715695200,"nanoseconds":0},"tag_ids":[46337,46352],"village_id":null,"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53698}],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Discovery Ballroom","hotel":"","short_name":"Discovery Ballroom","id":46244},"spans_timebands":"N","updated":"2024-05-09T02:36:00.000-0000","begin":"2024-05-14T14:00:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","title":"Welcome","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","color":"#922c8f","name":"Misc","id":46349},"android_description":"","end_timestamp":{"seconds":1715695200,"nanoseconds":0},"updated_timestamp":{"seconds":1715222340,"nanoseconds":0},"speakers":[],"timeband_id":1175,"links":[],"end":"2024-05-14T14:00:00.000-0000","id":54463,"begin_timestamp":{"seconds":1715694300,"nanoseconds":0},"village_id":null,"tag_ids":[46349],"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"spans_timebands":"N","begin":"2024-05-14T13:45:00.000-0000","updated":"2024-05-09T02:39:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","title":"Registration","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#922c8f","updated_at":"2024-05-13T17:53+0000","name":"Misc","id":46349},"end_timestamp":{"seconds":1715694300,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1715222340,"nanoseconds":0},"speakers":[],"timeband_id":1175,"links":[],"end":"2024-05-14T13:45:00.000-0000","id":54462,"begin_timestamp":{"seconds":1715691600,"nanoseconds":0},"village_id":null,"tag_ids":[46349],"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"spans_timebands":"N","begin":"2024-05-14T13:00:00.000-0000","updated":"2024-05-09T02:39:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"I want to emphasize the critical role of blue team members in our cybersecurity efforts. As guardians of our digital infrastructure, it's imperative for us to stay one step ahead of malicious actors. To do this, we must have a deep understanding of their Tactics, Techniques, and Procedures (TTPs). Understanding the TTPs of our adversaries is akin to learning their playbook. It allows us to predict their moves, detect their actions, and ultimately thwart their efforts. By knowing their methods, we can fortify our defenses, identify anomalies, and respond effectively. One often overlooked aspect of cybersecurity is the dark web. This hidden part of the internet harbors a multitude of cyber threats, including forums, marketplaces, and communication channels where malicious actors operate. As blue team members, it is crucial for us to familiarize ourselves with this realm. By gaining insights into the dark web, we can proactively monitor for potential threats, track trends, and gather intelligence on emerging attack vectors. This knowledge empowers us to adapt our defenses and stay ahead of evolving threats.\n\n\n","title":"Empowering Blue Teams: Understanding TTPs and Navigating the Dark Web","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","color":"#48ABA2","name":"Talk","id":46337},"android_description":"I want to emphasize the critical role of blue team members in our cybersecurity efforts. As guardians of our digital infrastructure, it's imperative for us to stay one step ahead of malicious actors. To do this, we must have a deep understanding of their Tactics, Techniques, and Procedures (TTPs). Understanding the TTPs of our adversaries is akin to learning their playbook. It allows us to predict their moves, detect their actions, and ultimately thwart their efforts. By knowing their methods, we can fortify our defenses, identify anomalies, and respond effectively. One often overlooked aspect of cybersecurity is the dark web. This hidden part of the internet harbors a multitude of cyber threats, including forums, marketplaces, and communication channels where malicious actors operate. As blue team members, it is crucial for us to familiarize ourselves with this realm. By gaining insights into the dark web, we can proactively monitor for potential threats, track trends, and gather intelligence on emerging attack vectors. This knowledge empowers us to adapt our defenses and stay ahead of evolving threats.","end_timestamp":{"seconds":1715637600,"nanoseconds":0},"updated_timestamp":{"seconds":1715222220,"nanoseconds":0},"speakers":[{"conference_id":144,"event_ids":[54449],"name":"Matthew Maynard","affiliations":[{"organization":"BJC Healthcare","title":"IT Security Incident Response Analyst III"}],"links":[],"pronouns":null,"media":[],"id":53697,"title":"IT Security Incident Response Analyst III at BJC Healthcare"}],"timeband_id":1174,"links":[],"end":"2024-05-13T22:00:00.000-0000","id":54449,"village_id":null,"begin_timestamp":{"seconds":1715634600,"nanoseconds":0},"tag_ids":[46337,46351],"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53697}],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Imagination","hotel":"","short_name":"Imagination","id":46245},"begin":"2024-05-13T21:10:00.000-0000","updated":"2024-05-09T02:37:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"It's all fun and games until you shutdown transaction processing for a bank because you put non-mainframe-safe characters into a web app. Or you've knocked over an entire enterprise with nmap. Twice. When you're trying to break stuff, sometimes you do break stuff. And that's not okay, or the end of the world. In this talk, we'll take you through how to manage expectations, how to assess the risk of disruption, and how to deal with it when everything's on fire, exploding, or highly radioactive.\n\n\n","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","color":"#48ABA2","name":"Talk","id":46337},"title":"When Pen Tests Go Wrong","android_description":"It's all fun and games until you shutdown transaction processing for a bank because you put non-mainframe-safe characters into a web app. Or you've knocked over an entire enterprise with nmap. Twice. When you're trying to break stuff, sometimes you do break stuff. And that's not okay, or the end of the world. In this talk, we'll take you through how to manage expectations, how to assess the risk of disruption, and how to deal with it when everything's on fire, exploding, or highly radioactive.","end_timestamp":{"seconds":1715637600,"nanoseconds":0},"updated_timestamp":{"seconds":1715221920,"nanoseconds":0},"speakers":[{"conference_id":144,"event_ids":[54437],"name":"Valerie Thomas","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53714},{"conference_id":144,"event_ids":[54437],"name":"Bobby Kuzma","affiliations":[{"organization":"ProCircular","title":"Director of Offensive Cyber Operations"}],"links":[],"pronouns":null,"media":[],"id":53715,"title":"Director of Offensive Cyber Operations at ProCircular"}],"timeband_id":1174,"links":[],"end":"2024-05-13T22:00:00.000-0000","id":54437,"tag_ids":[46337,46350],"begin_timestamp":{"seconds":1715634600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53715},{"tag_id":46338,"sort_order":1,"person_id":53714}],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Discovery C/B","hotel":"","short_name":"Discovery C/B","id":46243},"begin":"2024-05-13T21:10:00.000-0000","updated":"2024-05-09T02:32:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"Threat modeling is a critical process that helps organizations identify and mitigate potential security threats in the early stages of projects or when a legacy application is discovered with little to no documentation. This presentation aims to serve as a comprehensive introduction to the wonderful galaxy of Threat Modeling.\r\n\r\nWe will explore the fundamental questions: What is threat modeling? Why is it crucial for cybersecurity? How can it be integrated into your development and IT processes effectively? Why do I feel like I'm in preschool again?\r\n\r\nThis presentation will provide you with a structured approach to threat modeling, demystifying the process and breaking it down into manageable steps. We will discuss various methodologies and tools available for threat modeling.\r\n\r\nGrab your towel and join us for \"\"The Security Hitchhiker's Guide to Threat Modeling.\"\" Leave with a clear understanding of how to embark on your threat modeling journey.\n\n\n","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#48ABA2","updated_at":"2024-05-13T17:53+0000","name":"Talk","id":46337},"title":"The Security Hitchhiker’s Guide to Threat Modeling","android_description":"Threat modeling is a critical process that helps organizations identify and mitigate potential security threats in the early stages of projects or when a legacy application is discovered with little to no documentation. This presentation aims to serve as a comprehensive introduction to the wonderful galaxy of Threat Modeling.\r\n\r\nWe will explore the fundamental questions: What is threat modeling? Why is it crucial for cybersecurity? How can it be integrated into your development and IT processes effectively? Why do I feel like I'm in preschool again?\r\n\r\nThis presentation will provide you with a structured approach to threat modeling, demystifying the process and breaking it down into manageable steps. We will discuss various methodologies and tools available for threat modeling.\r\n\r\nGrab your towel and join us for \"\"The Security Hitchhiker's Guide to Threat Modeling.\"\" Leave with a clear understanding of how to embark on your threat modeling journey.","end_timestamp":{"seconds":1715637600,"nanoseconds":0},"updated_timestamp":{"seconds":1715221860,"nanoseconds":0},"speakers":[{"conference_id":144,"event_ids":[54431],"name":"Timothy De Block","affiliations":[{"organization":"Exploring Information Security","title":""}],"links":[],"pronouns":null,"media":[],"id":53708,"title":"Exploring Information Security"}],"timeband_id":1174,"links":[],"end":"2024-05-13T22:00:00.000-0000","id":54431,"begin_timestamp":{"seconds":1715634600,"nanoseconds":0},"village_id":null,"tag_ids":[46337,46339],"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53708}],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Discovery A/D","hotel":"","short_name":"Discovery A/D","id":46242},"begin":"2024-05-13T21:10:00.000-0000","updated":"2024-05-09T02:31:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","title":"Short Break","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#922c8f","updated_at":"2024-05-13T17:53+0000","name":"Misc","id":46349},"android_description":"","end_timestamp":{"seconds":1715634600,"nanoseconds":0},"updated_timestamp":{"seconds":1715222460,"nanoseconds":0},"speakers":[],"timeband_id":1174,"links":[],"end":"2024-05-13T21:10:00.000-0000","id":54460,"village_id":null,"tag_ids":[46349],"begin_timestamp":{"seconds":1715634000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"spans_timebands":"N","begin":"2024-05-13T21:00:00.000-0000","updated":"2024-05-09T02:41:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"A buzzword for years, Artificial intelligence (AI) has evolved into a powerful, accessible tool and, like any tool, it can be used for evil. How can AI technology be harnessed by adversaries (or you) as part of sophisticated information security attacks? What sort of attacks are we seeing in the wild and how can we prepare for the new offensive techniques?\n\n\n","title":"Artificial Intelligence / Real Threats","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#48ABA2","updated_at":"2024-05-13T17:53+0000","name":"Talk","id":46337},"end_timestamp":{"seconds":1715634000,"nanoseconds":0},"android_description":"A buzzword for years, Artificial intelligence (AI) has evolved into a powerful, accessible tool and, like any tool, it can be used for evil. How can AI technology be harnessed by adversaries (or you) as part of sophisticated information security attacks? What sort of attacks are we seeing in the wild and how can we prepare for the new offensive techniques?","updated_timestamp":{"seconds":1715221980,"nanoseconds":0},"speakers":[{"conference_id":144,"event_ids":[54439],"name":"Chris Carlis","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53702}],"timeband_id":1174,"links":[],"end":"2024-05-13T21:00:00.000-0000","id":54439,"village_id":null,"tag_ids":[46337,46351],"begin_timestamp":{"seconds":1715631000,"nanoseconds":0},"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53702}],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Imagination","hotel":"","short_name":"Imagination","id":46245},"updated":"2024-05-09T02:33:00.000-0000","begin":"2024-05-13T20:10:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"In this presentation, we explore the unique risk that IoT devices and subsequent communication protocols present in the modern paradigm of cybersecurity. This talk examines some inventive ways to leverage IoT capabilities to present entirely new threats that can enable the circumvention of standard detection technologies. Moreover, we delve into the critical need for organizations to implement comprehensive defensive monitoring strategies tailored to the nuances of IoT, shedding light on the essential measures required to secure organizations from the multifaceted ways IoT devices can be abused to aid in compromising networks. Join us in this exploration of the evolving cybersecurity landscape and the strategies needed to protect against IoT-related threats effectively.\n\n\n","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","color":"#48ABA2","name":"Talk","id":46337},"title":"Well, That’s Rude - Thoroughly Offensive IoT","android_description":"In this presentation, we explore the unique risk that IoT devices and subsequent communication protocols present in the modern paradigm of cybersecurity. This talk examines some inventive ways to leverage IoT capabilities to present entirely new threats that can enable the circumvention of standard detection technologies. Moreover, we delve into the critical need for organizations to implement comprehensive defensive monitoring strategies tailored to the nuances of IoT, shedding light on the essential measures required to secure organizations from the multifaceted ways IoT devices can be abused to aid in compromising networks. Join us in this exploration of the evolving cybersecurity landscape and the strategies needed to protect against IoT-related threats effectively.","end_timestamp":{"seconds":1715634000,"nanoseconds":0},"updated_timestamp":{"seconds":1715221920,"nanoseconds":0},"speakers":[{"conference_id":144,"event_ids":[54436],"name":"Tim Fowler","affiliations":[{"organization":"Black Hills Information Security","title":"Offensive Security Analyst"}],"links":[],"pronouns":null,"media":[],"id":53713,"title":"Offensive Security Analyst at Black Hills Information Security"}],"timeband_id":1174,"links":[],"end":"2024-05-13T21:00:00.000-0000","id":54436,"village_id":null,"begin_timestamp":{"seconds":1715631000,"nanoseconds":0},"tag_ids":[46337,46350],"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53713}],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Discovery C/B","hotel":"","short_name":"Discovery C/B","id":46243},"begin":"2024-05-13T20:10:00.000-0000","updated":"2024-05-09T02:32:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"Why does security fail even though companies are spending more than ever on security budgets? Take a deep dive through some historical security failures since we are doomed to repeat “failed” history if we don’t learn from it. From these failures we can devise practical steps on how to improve our security program from a people, processes, and technology standpoint.\n\n\n","title":"Why Security Fails and Practical Steps On How To Improve","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#48ABA2","updated_at":"2024-05-13T17:53+0000","name":"Talk","id":46337},"android_description":"Why does security fail even though companies are spending more than ever on security budgets? Take a deep dive through some historical security failures since we are doomed to repeat “failed” history if we don’t learn from it. From these failures we can devise practical steps on how to improve our security program from a people, processes, and technology standpoint.","end_timestamp":{"seconds":1715634000,"nanoseconds":0},"updated_timestamp":{"seconds":1715221800,"nanoseconds":0},"speakers":[{"conference_id":144,"event_ids":[54430],"name":"Don Le","affiliations":[{"organization":"Stifel","title":""}],"links":[],"pronouns":null,"media":[],"id":53711,"title":"Stifel"}],"timeband_id":1174,"links":[],"end":"2024-05-13T21:00:00.000-0000","id":54430,"begin_timestamp":{"seconds":1715631000,"nanoseconds":0},"village_id":null,"tag_ids":[46337,46339],"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53711}],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Discovery A/D","hotel":"","short_name":"Discovery A/D","id":46242},"spans_timebands":"N","begin":"2024-05-13T20:10:00.000-0000","updated":"2024-05-09T02:30:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#922c8f","updated_at":"2024-05-13T17:53+0000","name":"Misc","id":46349},"title":"Afternoon Break","android_description":"","end_timestamp":{"seconds":1715631000,"nanoseconds":0},"updated_timestamp":{"seconds":1715222460,"nanoseconds":0},"speakers":[],"timeband_id":1174,"links":[],"end":"2024-05-13T20:10:00.000-0000","id":54459,"begin_timestamp":{"seconds":1715629800,"nanoseconds":0},"tag_ids":[46349],"village_id":null,"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"spans_timebands":"N","begin":"2024-05-13T19:50:00.000-0000","updated":"2024-05-09T02:41:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"In the ever-expanding realm of cloud computing, understanding the vulnerabilities of widely used services is crucial for effective penetration testing. This talk will focus on finding and exploiting vulnerabilities in Microsoft Azure and Azure Active Directory (AD), now called Entra ID.\r\n\r\nWe will start by understanding the architecture of Azure and Azure AD, providing a foundation for understanding where security issues come into play. From there, we will delve into common vulnerabilities and misconfigurations and discuss how to identify and exploit them.\r\n\r\nThe core of this talk will be a series of real-world demonstrations of these vulnerabilities being exploited. These hands-on examples will provide attendees with a clear understanding of the potential risks and the power of Azure.\r\n\r\nThis talk is intended for penetration testers, security professionals, and anyone interested in the darker side of cloud security. No knowledge of Azure or AD is required to attend this talk. Join me as we unmask the cloud and dive into the world of Azure penetration testing.\n\n\n","title":"Discover the Unseen: Azure Vulnerability Exploitation","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#48ABA2","updated_at":"2024-05-13T17:53+0000","name":"Talk","id":46337},"end_timestamp":{"seconds":1715629800,"nanoseconds":0},"android_description":"In the ever-expanding realm of cloud computing, understanding the vulnerabilities of widely used services is crucial for effective penetration testing. This talk will focus on finding and exploiting vulnerabilities in Microsoft Azure and Azure Active Directory (AD), now called Entra ID.\r\n\r\nWe will start by understanding the architecture of Azure and Azure AD, providing a foundation for understanding where security issues come into play. From there, we will delve into common vulnerabilities and misconfigurations and discuss how to identify and exploit them.\r\n\r\nThe core of this talk will be a series of real-world demonstrations of these vulnerabilities being exploited. These hands-on examples will provide attendees with a clear understanding of the potential risks and the power of Azure.\r\n\r\nThis talk is intended for penetration testers, security professionals, and anyone interested in the darker side of cloud security. No knowledge of Azure or AD is required to attend this talk. Join me as we unmask the cloud and dive into the world of Azure penetration testing.","updated_timestamp":{"seconds":1715221980,"nanoseconds":0},"speakers":[{"conference_id":144,"event_ids":[54438],"name":"Scott Miller","affiliations":[{"organization":"Accenture","title":"Penetration Tester"}],"links":[],"pronouns":null,"media":[],"id":53704,"title":"Penetration Tester at Accenture"}],"timeband_id":1174,"links":[],"end":"2024-05-13T19:50:00.000-0000","id":54438,"begin_timestamp":{"seconds":1715626800,"nanoseconds":0},"village_id":null,"tag_ids":[46337,46351],"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53704}],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Imagination","hotel":"","short_name":"Imagination","id":46245},"updated":"2024-05-09T02:33:00.000-0000","begin":"2024-05-13T19:00:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"This talk delves into the Swiss Cheese Model of failure and its applicability to the Kentucky Whiskey distilleries. We explore historical instances where accumulated hazards and vulnerabilities led to catastrophic events, emphasizing the role of neglected safety practices in aging structures filled with combustible materials. The presentation highlights the significant impacts these disasters caused. \r\nWe then draw parallels to IT security, drawing on similarities in the evolution and maturity of both industries. The session emphasizes the importance of comprehensive safety and security measures, beyond just product excellence and profitability, in preventing systemic failures. By examining the Swiss Cheese Model, we demonstrate how both the bourbon industry and cybersecurity share common challenges and lessons in risk management and disaster prevention.\n\n\n","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","color":"#48ABA2","name":"Talk","id":46337},"title":"Aged Hazards, Modern Risks: The Swiss Cheese Model in Bourbon and Breaches","android_description":"This talk delves into the Swiss Cheese Model of failure and its applicability to the Kentucky Whiskey distilleries. We explore historical instances where accumulated hazards and vulnerabilities led to catastrophic events, emphasizing the role of neglected safety practices in aging structures filled with combustible materials. The presentation highlights the significant impacts these disasters caused. \r\nWe then draw parallels to IT security, drawing on similarities in the evolution and maturity of both industries. The session emphasizes the importance of comprehensive safety and security measures, beyond just product excellence and profitability, in preventing systemic failures. By examining the Swiss Cheese Model, we demonstrate how both the bourbon industry and cybersecurity share common challenges and lessons in risk management and disaster prevention.","end_timestamp":{"seconds":1715629800,"nanoseconds":0},"updated_timestamp":{"seconds":1715221920,"nanoseconds":0},"speakers":[{"conference_id":144,"event_ids":[54435],"name":"Jennifer Shannon","affiliations":[{"organization":"Secure Ideas","title":"Senior Security Consultant"}],"links":[],"pronouns":null,"media":[],"id":53703,"title":"Senior Security Consultant at Secure Ideas"},{"conference_id":144,"event_ids":[54435],"name":"Kathy Collins","affiliations":[{"organization":"Secure Ideas","title":"Security Consultant"}],"links":[],"pronouns":null,"media":[],"id":53707,"title":"Security Consultant at Secure Ideas"}],"timeband_id":1174,"links":[],"end":"2024-05-13T19:50:00.000-0000","id":54435,"begin_timestamp":{"seconds":1715626800,"nanoseconds":0},"tag_ids":[46337,46350],"village_id":null,"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53703},{"tag_id":46338,"sort_order":1,"person_id":53707}],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Discovery C/B","hotel":"","short_name":"Discovery C/B","id":46243},"updated":"2024-05-09T02:32:00.000-0000","begin":"2024-05-13T19:00:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"A.I. may be seen as a cost-effective way to replace workers. We will look closer however and discover the uncomfortable truth behind A.I. and what really powers it. We will also discover how to harness the hidden power propping up A.I. for ourselves & our company’s security.\r\n\r\nOne of the biggest, most advanced, and adaptive Intrusion Detection Systems available has been hiding in plain sight. Why isn’t it being implemented? Widespread failure on the part of Information Security & Management. We will pinpoint the systemic flaws and learn how to ensure correct and effective implementation and maintenance of our most powerful tool to fight illicit artificial intelligence: Human intelligence.\n\n\n","title":"Uncovering & utilizing the quantum processors that secretly power A.I. the world over!","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#48ABA2","updated_at":"2024-05-13T17:53+0000","name":"Talk","id":46337},"android_description":"A.I. may be seen as a cost-effective way to replace workers. We will look closer however and discover the uncomfortable truth behind A.I. and what really powers it. We will also discover how to harness the hidden power propping up A.I. for ourselves & our company’s security.\r\n\r\nOne of the biggest, most advanced, and adaptive Intrusion Detection Systems available has been hiding in plain sight. Why isn’t it being implemented? Widespread failure on the part of Information Security & Management. We will pinpoint the systemic flaws and learn how to ensure correct and effective implementation and maintenance of our most powerful tool to fight illicit artificial intelligence: Human intelligence.","end_timestamp":{"seconds":1715629800,"nanoseconds":0},"updated_timestamp":{"seconds":1715221800,"nanoseconds":0},"speakers":[{"conference_id":144,"event_ids":[54429],"name":"Jayson E. Street","affiliations":[{"organization":"Secure Yeti","title":""}],"links":[],"pronouns":null,"media":[],"id":53710,"title":"Secure Yeti"}],"timeband_id":1174,"links":[],"end":"2024-05-13T19:50:00.000-0000","id":54429,"village_id":null,"begin_timestamp":{"seconds":1715626800,"nanoseconds":0},"tag_ids":[46337,46339],"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53710}],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Discovery A/D","hotel":"","short_name":"Discovery A/D","id":46242},"updated":"2024-05-09T02:30:00.000-0000","begin":"2024-05-13T19:00:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","color":"#922c8f","name":"Misc","id":46349},"title":"Free time: Sponsors, Networking & More","end_timestamp":{"seconds":1715626800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1715222460,"nanoseconds":0},"speakers":[],"timeband_id":1174,"links":[],"end":"2024-05-13T19:00:00.000-0000","id":54458,"village_id":null,"begin_timestamp":{"seconds":1715625000,"nanoseconds":0},"tag_ids":[46349],"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"spans_timebands":"N","begin":"2024-05-13T18:30:00.000-0000","updated":"2024-05-09T02:41:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#922c8f","updated_at":"2024-05-13T17:53+0000","name":"Misc","id":46349},"title":"Lunch Break","end_timestamp":{"seconds":1715625000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1715222400,"nanoseconds":0},"speakers":[],"timeband_id":1174,"links":[],"end":"2024-05-13T18:30:00.000-0000","id":54457,"village_id":null,"tag_ids":[46349],"begin_timestamp":{"seconds":1715621400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"begin":"2024-05-13T17:30:00.000-0000","updated":"2024-05-09T02:40:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"In his Second ShowMeCon Keynote, Joey Smith reflects on his decade as a CISO, sharing insights, triumphs, and trials along the way. Together we will delve into vendor, employee, and boss dynamics as well as leading through the inevitable chaos and uncertainty we each deal with each day.\n\n\n","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","color":"#48ABA2","name":"Talk","id":46337},"title":"Evolution in Progress: Insights Since Our Last Encounter","android_description":"In his Second ShowMeCon Keynote, Joey Smith reflects on his decade as a CISO, sharing insights, triumphs, and trials along the way. Together we will delve into vendor, employee, and boss dynamics as well as leading through the inevitable chaos and uncertainty we each deal with each day.","end_timestamp":{"seconds":1715621400,"nanoseconds":0},"updated_timestamp":{"seconds":1715221860,"nanoseconds":0},"speakers":[{"conference_id":144,"event_ids":[54433,54442],"name":"Joey Smith","affiliations":[{"organization":"Schnuck Markets, Inc.","title":""}],"links":[{"description":"","title":"Schnuck Markets","sort_order":0,"url":"https://schnucks.com/"}],"pronouns":null,"media":[],"id":53694,"title":"Schnuck Markets, Inc."}],"timeband_id":1174,"links":[],"end":"2024-05-13T17:30:00.000-0000","id":54433,"tag_ids":[46337,46352],"begin_timestamp":{"seconds":1715617800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53694}],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Discovery Ballroom","hotel":"","short_name":"Discovery Ballroom","id":46244},"updated":"2024-05-09T02:31:00.000-0000","begin":"2024-05-13T16:30:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","title":"Message from Our Sponsors","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#922c8f","updated_at":"2024-05-13T17:53+0000","name":"Misc","id":46349},"android_description":"","end_timestamp":{"seconds":1715617800,"nanoseconds":0},"updated_timestamp":{"seconds":1715222400,"nanoseconds":0},"speakers":[],"timeband_id":1174,"links":[],"end":"2024-05-13T16:30:00.000-0000","id":54456,"tag_ids":[46349],"village_id":null,"begin_timestamp":{"seconds":1715617200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"updated":"2024-05-09T02:40:00.000-0000","begin":"2024-05-13T16:20:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"In \"Orion's Quest: Navigating the Cyber Wilderness - Tales of Modern Penetration Testing\", Kevin Johnson of Secure Ideas takes the audience on an expedition through the intricate world of modern hacking and penetration testing. Reflecting Orion's legendary skills and resilience, Kevin delves into a series of real-world stories, each revealing critical vulnerabilities in various target systems and organizations. These narratives are not just about uncovering digital weaknesses; they offer valuable insights and practical lessons. The talk begins by charting a course through the treacherous waters of web-based exploits, highlighting how these vulnerabilities are discovered and exploited. Kevin's expertise shines as he demonstrates the importance of understanding and mitigating these risks in our ever-connected digital world.\r\n\r\nThe presentation then ventures into the often-overlooked realm of physical penetration testing. Kevin shares eye-opening accounts of legal 'break-ins', illustrating that effective security transcends the digital domain and requires a holistic approach. This segment underscores the necessity of robust physical security measures in protecting organizations. As the journey continues, Kevin shifts focus to the tactics used against security teams themselves, offering a unique perspective on how attackers target and exploit the very guardians of our digital safety.\r\n\r\nThis talk is more than a compilation of experiences; it's a comprehensive exploration of cybersecurity's various facets. Kevin invites the audience to engage and question, fostering a deeper collective understanding of cybersecurity and emphasizing the need for vigilance and proactive defense strategies in today's rapidly evolving security landscape.\n\n\n","title":"Orion's Quest: Navigating the Cyber Wilderness - Tales of Modern Penetration Testing","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","color":"#48ABA2","name":"Talk","id":46337},"end_timestamp":{"seconds":1715617200,"nanoseconds":0},"android_description":"In \"Orion's Quest: Navigating the Cyber Wilderness - Tales of Modern Penetration Testing\", Kevin Johnson of Secure Ideas takes the audience on an expedition through the intricate world of modern hacking and penetration testing. Reflecting Orion's legendary skills and resilience, Kevin delves into a series of real-world stories, each revealing critical vulnerabilities in various target systems and organizations. These narratives are not just about uncovering digital weaknesses; they offer valuable insights and practical lessons. The talk begins by charting a course through the treacherous waters of web-based exploits, highlighting how these vulnerabilities are discovered and exploited. Kevin's expertise shines as he demonstrates the importance of understanding and mitigating these risks in our ever-connected digital world.\r\n\r\nThe presentation then ventures into the often-overlooked realm of physical penetration testing. Kevin shares eye-opening accounts of legal 'break-ins', illustrating that effective security transcends the digital domain and requires a holistic approach. This segment underscores the necessity of robust physical security measures in protecting organizations. As the journey continues, Kevin shifts focus to the tactics used against security teams themselves, offering a unique perspective on how attackers target and exploit the very guardians of our digital safety.\r\n\r\nThis talk is more than a compilation of experiences; it's a comprehensive exploration of cybersecurity's various facets. Kevin invites the audience to engage and question, fostering a deeper collective understanding of cybersecurity and emphasizing the need for vigilance and proactive defense strategies in today's rapidly evolving security landscape.","updated_timestamp":{"seconds":1715221860,"nanoseconds":0},"speakers":[{"conference_id":144,"event_ids":[54432],"name":"Kevin Johnson","affiliations":[{"organization":"Secure Ideas","title":"Chief Executive Officer"}],"links":[],"pronouns":null,"media":[],"id":53695,"title":"Chief Executive Officer at Secure Ideas"}],"timeband_id":1174,"links":[],"end":"2024-05-13T16:20:00.000-0000","id":54432,"village_id":null,"begin_timestamp":{"seconds":1715613600,"nanoseconds":0},"tag_ids":[46337,46352],"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53695}],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Discovery Ballroom","hotel":"","short_name":"Discovery Ballroom","id":46244},"spans_timebands":"N","begin":"2024-05-13T15:20:00.000-0000","updated":"2024-05-09T02:31:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","title":"Morning Break","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#922c8f","updated_at":"2024-05-13T17:53+0000","name":"Misc","id":46349},"android_description":"","end_timestamp":{"seconds":1715613600,"nanoseconds":0},"updated_timestamp":{"seconds":1715222400,"nanoseconds":0},"speakers":[],"timeband_id":1174,"links":[],"end":"2024-05-13T15:20:00.000-0000","id":54455,"village_id":null,"tag_ids":[46349],"begin_timestamp":{"seconds":1715612400,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"updated":"2024-05-09T02:40:00.000-0000","begin":"2024-05-13T15:00:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"The frequency and impact of Business Email Compromises (BEC) have continuously increased over the years and are still very successful (and lucrative) for attackers. JC has been responding to these BEC incidents for almost a decade for companies in almost every industry as well as for high-net-worth individuals. During this presentation, JC will take you on a journey in the trenches as he breaks down the various ways BECs usually occur, including showcasing some novel phishing pretexts and techniques that attackers use today and how they're getting past your filters. He'll also discuss things organizations get right and how they get it wrong when trying to deal with a BEC internally. Lastly, JC will discuss how these compromises can impact organizations and how they leave teams scrambling. Throughout this talk, there will be plenty of recommendations you can learn from to improve your own organization's security program.\n\n\n","title":"Game of Phishes: Tales, tactics and troubles from almost a decade of BEC investigations","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#48ABA2","updated_at":"2024-05-13T17:53+0000","name":"Talk","id":46337},"end_timestamp":{"seconds":1715612400,"nanoseconds":0},"android_description":"The frequency and impact of Business Email Compromises (BEC) have continuously increased over the years and are still very successful (and lucrative) for attackers. JC has been responding to these BEC incidents for almost a decade for companies in almost every industry as well as for high-net-worth individuals. During this presentation, JC will take you on a journey in the trenches as he breaks down the various ways BECs usually occur, including showcasing some novel phishing pretexts and techniques that attackers use today and how they're getting past your filters. He'll also discuss things organizations get right and how they get it wrong when trying to deal with a BEC internally. Lastly, JC will discuss how these compromises can impact organizations and how they leave teams scrambling. Throughout this talk, there will be plenty of recommendations you can learn from to improve your own organization's security program.","updated_timestamp":{"seconds":1715221920,"nanoseconds":0},"speakers":[{"conference_id":144,"event_ids":[54434],"name":"JC Carruthers","affiliations":[{"organization":"Snowfensive","title":"President"}],"links":[],"pronouns":null,"media":[],"id":53696,"title":"President at Snowfensive"}],"timeband_id":1174,"links":[],"end":"2024-05-13T15:00:00.000-0000","id":54434,"village_id":null,"begin_timestamp":{"seconds":1715608800,"nanoseconds":0},"tag_ids":[46337,46352],"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53696}],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Discovery Ballroom","hotel":"","short_name":"Discovery Ballroom","id":46244},"spans_timebands":"N","updated":"2024-05-09T02:32:00.000-0000","begin":"2024-05-13T14:00:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","title":"Welcome","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","color":"#922c8f","name":"Misc","id":46349},"android_description":"","end_timestamp":{"seconds":1715608800,"nanoseconds":0},"updated_timestamp":{"seconds":1715222340,"nanoseconds":0},"speakers":[],"timeband_id":1174,"links":[],"end":"2024-05-13T14:00:00.000-0000","id":54454,"village_id":null,"tag_ids":[46349],"begin_timestamp":{"seconds":1715607900,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"begin":"2024-05-13T13:45:00.000-0000","updated":"2024-05-09T02:39:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","title":"Registration","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#922c8f","updated_at":"2024-05-13T17:53+0000","name":"Misc","id":46349},"android_description":"","end_timestamp":{"seconds":1715607900,"nanoseconds":0},"updated_timestamp":{"seconds":1715222340,"nanoseconds":0},"speakers":[],"timeband_id":1174,"links":[],"end":"2024-05-13T13:45:00.000-0000","id":54453,"village_id":null,"begin_timestamp":{"seconds":1715605200,"nanoseconds":0},"tag_ids":[46349],"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-05-13T17:53+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"begin":"2024-05-13T13:00:00.000-0000","updated":"2024-05-09T02:39:00.000-0000"}] \ No newline at end of file +[{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","title":"After Party","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","color":"#922c8f","name":"Misc","id":46349},"end_timestamp":{"seconds":1715734800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1715222520,"nanoseconds":0},"speakers":[],"timeband_id":1175,"links":[],"end":"2024-05-15T01:00:00.000-0000","id":54461,"begin_timestamp":{"seconds":1715724000,"nanoseconds":0},"village_id":null,"tag_ids":[46349],"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"spans_timebands":"N","begin":"2024-05-14T22:00:00.000-0000","updated":"2024-05-09T02:42:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"Hackers have found multiple methods to bypass Multi-factor Authentication (MFA). While many organizations have enabled MFA across the enterprise, new risks arise daily. It’s clear that pairing a user’s password with a second identification factor reduces the employee’s and company’s overall risk. However, incident response investigations from the past six months indicate that cybercriminals are combining older tactics and newer techniques to bypass common MFA implementations and achieve unauthorized access.\r\n\r\nMalicious hackers in the wild have designed and run specialized attacks to bypass an MFA-enabled account, navigate the network as a trusted entity, and exfiltrate data undetected. Methods such as OTP, fingerprint, push technologies, and hardware tokens all merit review.\r\n\r\nJoin Brandon Potter, CTO at ProCircular, as he demonstrates the four most common MFA bypass techniques, breaks down the risks and defenses, and provides a punch list of quick wins to implement for immediate protection.\n\n\n","title":"Unmasking the Threat: Understanding and Defending Against MFA Bypass Techniques","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#48ABA2","updated_at":"2024-06-07T03:42+0000","name":"Talk","id":46337},"android_description":"Hackers have found multiple methods to bypass Multi-factor Authentication (MFA). While many organizations have enabled MFA across the enterprise, new risks arise daily. It’s clear that pairing a user’s password with a second identification factor reduces the employee’s and company’s overall risk. However, incident response investigations from the past six months indicate that cybercriminals are combining older tactics and newer techniques to bypass common MFA implementations and achieve unauthorized access.\r\n\r\nMalicious hackers in the wild have designed and run specialized attacks to bypass an MFA-enabled account, navigate the network as a trusted entity, and exfiltrate data undetected. Methods such as OTP, fingerprint, push technologies, and hardware tokens all merit review.\r\n\r\nJoin Brandon Potter, CTO at ProCircular, as he demonstrates the four most common MFA bypass techniques, breaks down the risks and defenses, and provides a punch list of quick wins to implement for immediate protection.","end_timestamp":{"seconds":1715724000,"nanoseconds":0},"updated_timestamp":{"seconds":1715222280,"nanoseconds":0},"speakers":[{"content_ids":[54109],"conference_id":144,"event_ids":[54452],"name":"Brandon Potter","affiliations":[{"organization":"ProCircular, Inc.","title":"Chief Technology Officer"}],"links":[],"pronouns":null,"media":[],"id":53712,"title":"Chief Technology Officer at ProCircular, Inc."}],"timeband_id":1175,"links":[],"end":"2024-05-14T22:00:00.000-0000","id":54452,"village_id":null,"tag_ids":[46337,46351],"begin_timestamp":{"seconds":1715721000,"nanoseconds":0},"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53712}],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Imagination","hotel":"","short_name":"Imagination","id":46245},"begin":"2024-05-14T21:10:00.000-0000","updated":"2024-05-09T02:38:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"Intrusion detection works best when you can discover the attacker while they are still in the system. Finding out after the fact does little to protect your systems and your data. \r\n\r\nIdeally, you would want to set an alarm that an attacker would trigger while limiting the damage to your environment.\r\n\r\nWe know from many recent breaches that attackers commonly try to expand their foothold in a system by finding and exploiting hardcoded credentials in environments they have accessed. We can use these behavioral patterns to our advantage by engaging in defensive cyber deception. \r\n\r\nYou might already be familiar with the concept of honeypots, false systems, or networks meant to lure and ensnare hackers. There is a subclass of honeypots that require almost none of the overhead, are simple to deploy, are used by many industries, and lure attackers into triggering alerts while they are trying to gain further access. The industry has arrived at the term honeytoken for this branch of cybersecurity tooling. \r\n\r\nTakeaways:\r\n- Analysis of recent breaches for common attack behaviors\r\n- A history of cyber deception and the evolution of honeypots in defensive strategies. \r\n- Understanding how honeytokens work\r\n- Maximizing the impact of honeytokens\n\n\n","title":"Who Goes There? Actively Detecting Intruders With Cyber Deception Tools","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","color":"#48ABA2","name":"Talk","id":46337},"end_timestamp":{"seconds":1715724000,"nanoseconds":0},"android_description":"Intrusion detection works best when you can discover the attacker while they are still in the system. Finding out after the fact does little to protect your systems and your data. \r\n\r\nIdeally, you would want to set an alarm that an attacker would trigger while limiting the damage to your environment.\r\n\r\nWe know from many recent breaches that attackers commonly try to expand their foothold in a system by finding and exploiting hardcoded credentials in environments they have accessed. We can use these behavioral patterns to our advantage by engaging in defensive cyber deception. \r\n\r\nYou might already be familiar with the concept of honeypots, false systems, or networks meant to lure and ensnare hackers. There is a subclass of honeypots that require almost none of the overhead, are simple to deploy, are used by many industries, and lure attackers into triggering alerts while they are trying to gain further access. The industry has arrived at the term honeytoken for this branch of cybersecurity tooling. \r\n\r\nTakeaways:\r\n- Analysis of recent breaches for common attack behaviors\r\n- A history of cyber deception and the evolution of honeypots in defensive strategies. \r\n- Understanding how honeytokens work\r\n- Maximizing the impact of honeytokens","updated_timestamp":{"seconds":1715222040,"nanoseconds":0},"speakers":[{"content_ids":[54100],"conference_id":144,"event_ids":[54443],"name":"Dwayne McDaniel","affiliations":[{"organization":"GitGuardian","title":"Senior Security Developer Advocate"}],"pronouns":null,"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/@mcdwayne"}],"media":[],"id":53705,"title":"Senior Security Developer Advocate at GitGuardian"}],"timeband_id":1175,"links":[],"end":"2024-05-14T22:00:00.000-0000","id":54443,"village_id":null,"tag_ids":[46337,46339],"begin_timestamp":{"seconds":1715721000,"nanoseconds":0},"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53705}],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Discovery A/D","hotel":"","short_name":"Discovery A/D","id":46242},"updated":"2024-05-09T02:34:00.000-0000","begin":"2024-05-14T21:10:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#922c8f","updated_at":"2024-06-07T03:42+0000","name":"Misc","id":46349},"title":"Short Break","end_timestamp":{"seconds":1715721000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1715222460,"nanoseconds":0},"speakers":[],"timeband_id":1175,"links":[],"end":"2024-05-14T21:10:00.000-0000","id":54469,"begin_timestamp":{"seconds":1715720400,"nanoseconds":0},"village_id":null,"tag_ids":[46349],"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"updated":"2024-05-09T02:41:00.000-0000","begin":"2024-05-14T21:00:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"Delve into 2023’s most common attack chains used against large enterprises! Gain insights into attacks, defense strategies, and actionable tasks for an instant security lift, learning how to lower your risk of compromise via these attacks without budget strain\r\n\r\nThis presentation is set to unveil the TTPs employed by attackers who targeted low-hanging vulnerabilities to compromise large enterprises in 2023. It will provide a candid, in-depth exploration through a step-by-step attack chain walkthrough, shedding light on the intricacies of these attacks. Discover the hows and whys behind these tactics and gain insights into proactive defense measures.\r\n\r\nAttendees will leave armed with actionable tasks that can be implemented immediately on Monday, elevating their security posture without straining budgets. By addressing these vulnerabilities, they not only fortify their defenses but also make future penetration tests more cost-effective, eliminating potential “cheap shots” favored by pentesters.\r\n\r\nThe presentation also promises to empower red team participants with the knowledge to potentially achieve domain admin status within an average corporation from the comfort of their couch, all within record time.\n\n\n","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#48ABA2","updated_at":"2024-06-07T03:42+0000","name":"Talk","id":46337},"title":"Couch to Compromise 2024","android_description":"Delve into 2023’s most common attack chains used against large enterprises! Gain insights into attacks, defense strategies, and actionable tasks for an instant security lift, learning how to lower your risk of compromise via these attacks without budget strain\r\n\r\nThis presentation is set to unveil the TTPs employed by attackers who targeted low-hanging vulnerabilities to compromise large enterprises in 2023. It will provide a candid, in-depth exploration through a step-by-step attack chain walkthrough, shedding light on the intricacies of these attacks. Discover the hows and whys behind these tactics and gain insights into proactive defense measures.\r\n\r\nAttendees will leave armed with actionable tasks that can be implemented immediately on Monday, elevating their security posture without straining budgets. By addressing these vulnerabilities, they not only fortify their defenses but also make future penetration tests more cost-effective, eliminating potential “cheap shots” favored by pentesters.\r\n\r\nThe presentation also promises to empower red team participants with the knowledge to potentially achieve domain admin status within an average corporation from the comfort of their couch, all within record time.","end_timestamp":{"seconds":1715720400,"nanoseconds":0},"updated_timestamp":{"seconds":1715222220,"nanoseconds":0},"speakers":[{"content_ids":[54105],"conference_id":144,"event_ids":[54448],"name":"Johnny Xmas","affiliations":[{"organization":"Grimm Cyber","title":"Technical Director of Cybersecurity Training"}],"links":[],"pronouns":null,"media":[],"id":53706,"title":"Technical Director of Cybersecurity Training at Grimm Cyber"}],"timeband_id":1175,"links":[],"end":"2024-05-14T21:00:00.000-0000","id":54448,"begin_timestamp":{"seconds":1715717400,"nanoseconds":0},"tag_ids":[46337,46350],"village_id":null,"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53706}],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Discovery C/B","hotel":"","short_name":"Discovery C/B","id":46243},"begin":"2024-05-14T20:10:00.000-0000","updated":"2024-05-09T02:37:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"This session is for our vendor friends that are participating in ShowmeCon 2024, but all attendees are welcome to join as well.  In this session a panel of CISO's have made themselves available to discuss cyber security sales from their perspective and real world experiences.  Why is building a relationship so important? What works when trying to sell a solution and what doesn't? We will open the conversation to our vendor and audience participants to ask questions about sales tactics and strategies. We hope you leave this session with a better strategy on how to make your pitch, build your relationship and ultimately close a deal. \n\n\n","title":"CISO Roundtable","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#48ABA2","updated_at":"2024-06-07T03:42+0000","name":"Talk","id":46337},"android_description":"This session is for our vendor friends that are participating in ShowmeCon 2024, but all attendees are welcome to join as well.  In this session a panel of CISO's have made themselves available to discuss cyber security sales from their perspective and real world experiences.  Why is building a relationship so important? What works when trying to sell a solution and what doesn't? We will open the conversation to our vendor and audience participants to ask questions about sales tactics and strategies. We hope you leave this session with a better strategy on how to make your pitch, build your relationship and ultimately close a deal.","end_timestamp":{"seconds":1715720400,"nanoseconds":0},"updated_timestamp":{"seconds":1715222040,"nanoseconds":0},"speakers":[{"content_ids":[54090,54099],"conference_id":144,"event_ids":[54433,54442],"name":"Joey Smith","affiliations":[{"organization":"Schnuck Markets, Inc.","title":""}],"pronouns":null,"links":[{"description":"","title":"Schnuck Markets","sort_order":0,"url":"https://schnucks.com/"}],"media":[],"id":53694,"title":"Schnuck Markets, Inc."}],"timeband_id":1175,"links":[],"end":"2024-05-14T21:00:00.000-0000","id":54442,"tag_ids":[46337,46339],"village_id":null,"begin_timestamp":{"seconds":1715717400,"nanoseconds":0},"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53694}],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Discovery A/D","hotel":"","short_name":"Discovery A/D","id":46242},"updated":"2024-05-09T02:34:00.000-0000","begin":"2024-05-14T20:10:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"The default logging capabilities from Microsoft are only helpful to a certain extent. This session will discuss how to utilize the Sysinternals tool Sysmon for threat hunting, testing detections and more. The session will explain use cases and look at real examples of Sysmon successfully detecting malicious behavior in the wild.\n\n\n","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#48ABA2","updated_at":"2024-06-07T03:42+0000","name":"Talk","id":46337},"title":"Getting the Most out of Sysmon","end_timestamp":{"seconds":1715720400,"nanoseconds":0},"android_description":"The default logging capabilities from Microsoft are only helpful to a certain extent. This session will discuss how to utilize the Sysinternals tool Sysmon for threat hunting, testing detections and more. The session will explain use cases and look at real examples of Sysmon successfully detecting malicious behavior in the wild.","updated_timestamp":{"seconds":1715221980,"nanoseconds":0},"speakers":[{"content_ids":[54097],"conference_id":144,"event_ids":[54440],"name":"Amanda Berlin","affiliations":[{"organization":"Blumira","title":"Lead Incident Detection Engineer"}],"links":[{"description":"","title":"Twitter","sort_order":0,"url":"https://twitter.com/InfoSystir"}],"pronouns":null,"media":[],"id":53701,"title":"Lead Incident Detection Engineer at Blumira"}],"timeband_id":1175,"links":[],"end":"2024-05-14T21:00:00.000-0000","id":54440,"tag_ids":[46337,46351],"begin_timestamp":{"seconds":1715717400,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53701}],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Imagination","hotel":"","short_name":"Imagination","id":46245},"spans_timebands":"N","begin":"2024-05-14T20:10:00.000-0000","updated":"2024-05-09T02:33:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","title":"Afternoon Break","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#922c8f","updated_at":"2024-06-07T03:42+0000","name":"Misc","id":46349},"android_description":"","end_timestamp":{"seconds":1715717400,"nanoseconds":0},"updated_timestamp":{"seconds":1715222460,"nanoseconds":0},"speakers":[],"timeband_id":1175,"links":[],"end":"2024-05-14T20:10:00.000-0000","id":54468,"village_id":null,"tag_ids":[46349],"begin_timestamp":{"seconds":1715716200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"spans_timebands":"N","updated":"2024-05-09T02:41:00.000-0000","begin":"2024-05-14T19:50:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"In this talk we will discuss new ideas for threat hunting ICS\\SCADA networks. This talk will discuss new ways to provide secure visualization and instrumentation for ICS\\SCADA networks utilizing physics to identify advanced adversarial threats. This talk expands upon the traditional methods for monitoring networks and hunting threat activities as typically performed in an enterprise network. This presentation will dive into examples of how to monitor the Internet of Military Things (IoMT) and ICS\\SCADA infrastructure to collect physics-based data that may provide new insights into complex threats that may be sourced from the supply-chain, an insider or external threat. Threat hunting space and the Internet of Space Things (IoST) will be discussed.\n\n\n","title":"Threat Hunting Space and Digital Energy with Physics","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#48ABA2","updated_at":"2024-06-07T03:42+0000","name":"Talk","id":46337},"end_timestamp":{"seconds":1715716200,"nanoseconds":0},"android_description":"In this talk we will discuss new ideas for threat hunting ICS\\SCADA networks. This talk will discuss new ways to provide secure visualization and instrumentation for ICS\\SCADA networks utilizing physics to identify advanced adversarial threats. This talk expands upon the traditional methods for monitoring networks and hunting threat activities as typically performed in an enterprise network. This presentation will dive into examples of how to monitor the Internet of Military Things (IoMT) and ICS\\SCADA infrastructure to collect physics-based data that may provide new insights into complex threats that may be sourced from the supply-chain, an insider or external threat. Threat hunting space and the Internet of Space Things (IoST) will be discussed.","updated_timestamp":{"seconds":1715222220,"nanoseconds":0},"speakers":[{"content_ids":[54107],"conference_id":144,"event_ids":[54450],"name":"Paul Coggin","affiliations":[{"organization":"nou Systems","title":"Cyber SME"}],"links":[],"pronouns":null,"media":[],"id":53709,"title":"Cyber SME at nou Systems"}],"timeband_id":1175,"links":[],"end":"2024-05-14T19:50:00.000-0000","id":54450,"village_id":null,"tag_ids":[46337,46351],"begin_timestamp":{"seconds":1715713200,"nanoseconds":0},"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53709}],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Imagination","hotel":"","short_name":"Imagination","id":46245},"updated":"2024-05-09T02:37:00.000-0000","begin":"2024-05-14T19:00:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"At the cutting edge of AI advancements, Large Language Models (LLMs) such as GPT-3 and BERT are transforming a wide array of industries. Yet, this swift integration into various sectors has brought to light significant security issues, which are the focus of the \"\"Pentesting Large Language Models: Challenges and Techniques\"\" talk. This discussion aims to thoroughly examine the specific vulnerabilities found in LLMs and underscore the importance of robust pentesting methods to safeguard their security and functionality.\r\n\r\nThe session will present a focused overview of Large Language Models, highlighting their architectural design, range of applications, and their critical role in the current AI domain. It will underscore the vital aspect of security within AI, especially due to the inherent risks in LLMs, such as the potential for data corruption, model inversion attacks, and threats to data security.\r\n\r\nFurthermore, the talk will explore specialized pentesting techniques for LLMs, covering both automated and manual approaches. This segment includes real-world case studies demonstrating the tangible impacts and consequences of security breaches in LLMs, effectively linking theoretical concepts with practical scenarios.\r\n\r\nThe presentation will address best practices in mitigating risks associated with LLMs. It will emphasize the importance of secure development, deployment, and ongoing surveillance. The talk will also provide insights into the future challenges of AI security and the growing need for sophisticated pentesting strategies.\n\n\n","title":"Pentesting Large Language Models: Challenges and Techniques","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","color":"#48ABA2","name":"Talk","id":46337},"android_description":"At the cutting edge of AI advancements, Large Language Models (LLMs) such as GPT-3 and BERT are transforming a wide array of industries. Yet, this swift integration into various sectors has brought to light significant security issues, which are the focus of the \"\"Pentesting Large Language Models: Challenges and Techniques\"\" talk. This discussion aims to thoroughly examine the specific vulnerabilities found in LLMs and underscore the importance of robust pentesting methods to safeguard their security and functionality.\r\n\r\nThe session will present a focused overview of Large Language Models, highlighting their architectural design, range of applications, and their critical role in the current AI domain. It will underscore the vital aspect of security within AI, especially due to the inherent risks in LLMs, such as the potential for data corruption, model inversion attacks, and threats to data security.\r\n\r\nFurthermore, the talk will explore specialized pentesting techniques for LLMs, covering both automated and manual approaches. This segment includes real-world case studies demonstrating the tangible impacts and consequences of security breaches in LLMs, effectively linking theoretical concepts with practical scenarios.\r\n\r\nThe presentation will address best practices in mitigating risks associated with LLMs. It will emphasize the importance of secure development, deployment, and ongoing surveillance. The talk will also provide insights into the future challenges of AI security and the growing need for sophisticated pentesting strategies.","end_timestamp":{"seconds":1715716200,"nanoseconds":0},"updated_timestamp":{"seconds":1715222220,"nanoseconds":0},"speakers":[{"content_ids":[54104],"conference_id":144,"event_ids":[54447],"name":"Raymond Evans","affiliations":[{"organization":"Digital Silence","title":""}],"links":[],"pronouns":null,"media":[],"id":53716,"title":"Digital Silence"}],"timeband_id":1175,"links":[],"end":"2024-05-14T19:50:00.000-0000","id":54447,"village_id":null,"begin_timestamp":{"seconds":1715713200,"nanoseconds":0},"tag_ids":[46337,46350],"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53716}],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Discovery C/B","hotel":"","short_name":"Discovery C/B","id":46243},"spans_timebands":"N","begin":"2024-05-14T19:00:00.000-0000","updated":"2024-05-09T02:37:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"Delve into the intricate technical and operational nuances accompanying the transition from PCI DSS Version 3.2.1 to the latest 4.0. Explore the shifts in security considerations evolving compliance dynamics and gain actionable insights for a smooth implementation journey. Unravel the upgraded standards and understand the real-world impact of these changes. This session provides a detailed roadmap, empowering attendees to navigate the complex landscape of PCI DSS 4.0 confidently. Join me for an insightful analysis that illuminates the refined security measures, equipping you to embrace the future of secure payment transactions.\n\n\n","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","color":"#48ABA2","name":"Talk","id":46337},"title":"PCI 4.0 is here. It's not to late. Let's get to work","end_timestamp":{"seconds":1715716200,"nanoseconds":0},"android_description":"Delve into the intricate technical and operational nuances accompanying the transition from PCI DSS Version 3.2.1 to the latest 4.0. Explore the shifts in security considerations evolving compliance dynamics and gain actionable insights for a smooth implementation journey. Unravel the upgraded standards and understand the real-world impact of these changes. This session provides a detailed roadmap, empowering attendees to navigate the complex landscape of PCI DSS 4.0 confidently. Join me for an insightful analysis that illuminates the refined security measures, equipping you to embrace the future of secure payment transactions.","updated_timestamp":{"seconds":1715222040,"nanoseconds":0},"speakers":[{"content_ids":[54098],"conference_id":144,"event_ids":[54441],"name":"Dan Yarger","affiliations":[{"organization":"Parameter Security","title":"Qualified Security Assessor"}],"pronouns":null,"links":[{"description":"","title":"Parameter Security","sort_order":0,"url":"https://www.parametersecurity.com/"}],"media":[],"id":53699,"title":"Qualified Security Assessor at Parameter Security"}],"timeband_id":1175,"links":[],"end":"2024-05-14T19:50:00.000-0000","id":54441,"begin_timestamp":{"seconds":1715713200,"nanoseconds":0},"village_id":null,"tag_ids":[46337,46339],"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53699}],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Discovery A/D","hotel":"","short_name":"Discovery A/D","id":46242},"spans_timebands":"N","updated":"2024-05-09T02:34:00.000-0000","begin":"2024-05-14T19:00:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#922c8f","updated_at":"2024-06-07T03:42+0000","name":"Misc","id":46349},"title":"Free time: Sponsors, Networking & More","end_timestamp":{"seconds":1715713200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1715222460,"nanoseconds":0},"speakers":[],"timeband_id":1175,"links":[],"end":"2024-05-14T19:00:00.000-0000","id":54467,"begin_timestamp":{"seconds":1715711400,"nanoseconds":0},"village_id":null,"tag_ids":[46349],"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"updated":"2024-05-09T02:41:00.000-0000","begin":"2024-05-14T18:30:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","title":"Lunch Break","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","color":"#922c8f","name":"Misc","id":46349},"end_timestamp":{"seconds":1715711400,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1715222400,"nanoseconds":0},"speakers":[],"timeband_id":1175,"links":[],"end":"2024-05-14T18:30:00.000-0000","id":54466,"begin_timestamp":{"seconds":1715707800,"nanoseconds":0},"tag_ids":[46349],"village_id":null,"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"spans_timebands":"N","updated":"2024-05-09T02:40:00.000-0000","begin":"2024-05-14T17:30:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"Winn will discuss the Meta War and how it is impacting the world around us.\n\n\n","title":"The Meta War","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#48ABA2","updated_at":"2024-06-07T03:42+0000","name":"Talk","id":46337},"android_description":"Winn will discuss the Meta War and how it is impacting the world around us.","end_timestamp":{"seconds":1715707800,"nanoseconds":0},"updated_timestamp":{"seconds":1715222160,"nanoseconds":0},"speakers":[{"content_ids":[54102],"conference_id":144,"event_ids":[54445],"name":"Winn Schwartau","affiliations":[{"organization":"WS, LLC.","title":""}],"links":[],"pronouns":null,"media":[],"id":53718,"title":"WS, LLC."}],"timeband_id":1175,"links":[],"end":"2024-05-14T17:30:00.000-0000","id":54445,"tag_ids":[46337,46352],"village_id":null,"begin_timestamp":{"seconds":1715704200,"nanoseconds":0},"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53718}],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Discovery Ballroom","hotel":"","short_name":"Discovery Ballroom","id":46244},"spans_timebands":"N","begin":"2024-05-14T16:30:00.000-0000","updated":"2024-05-09T02:36:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","title":"Message from Our Sponsors","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#922c8f","updated_at":"2024-06-07T03:42+0000","name":"Misc","id":46349},"android_description":"","end_timestamp":{"seconds":1715704200,"nanoseconds":0},"updated_timestamp":{"seconds":1715222400,"nanoseconds":0},"speakers":[],"timeband_id":1175,"links":[],"end":"2024-05-14T16:30:00.000-0000","id":54465,"tag_ids":[46349],"village_id":null,"begin_timestamp":{"seconds":1715703600,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"spans_timebands":"N","updated":"2024-05-09T02:40:00.000-0000","begin":"2024-05-14T16:20:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"Jeff began his career in InfoSec at the National Security Agency first as a Cryptologist, designing and fielding the first software-based cryptosystem ever produced by NSA, and later becoming the primary architect of the first NSA Red Team. He has shared his NSA story in a series of talks, \"Tales from the Crypt...Analyst\" and \"MORE Tales From the Crypt...Analyst\". This talk is the third installment in Jeff's story and features his transition from NSA to the private sector in the early days of Information Security consulting. He will recount stories from the days of trying to convince companies that if they wanted to connect to the Internet they really needed a firewall; how penetration testing evolved to vulnerability assesments and then to security architecture advisory work; convincing clients that you didn't need a browser to hack a web server; finding an open network jack really did mean you had access to the network; why it's not a good idea for your mainframe to be Internet reachable; rooting a mainframe; and ultimately trying to find ways to get organizations to think about Information Security from a strategic perspective rather than just selling them a bunch of blinky boxes and telling them where to place them. Of course, we've solved all these problems from the early days...or maybe, just maybe there are still lessons to be learned.\n\n\n","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#48ABA2","updated_at":"2024-06-07T03:42+0000","name":"Talk","id":46337},"title":"Tales from the Crypt...Analyst: The After Life (keynote)","end_timestamp":{"seconds":1715703600,"nanoseconds":0},"android_description":"Jeff began his career in InfoSec at the National Security Agency first as a Cryptologist, designing and fielding the first software-based cryptosystem ever produced by NSA, and later becoming the primary architect of the first NSA Red Team. He has shared his NSA story in a series of talks, \"Tales from the Crypt...Analyst\" and \"MORE Tales From the Crypt...Analyst\". This talk is the third installment in Jeff's story and features his transition from NSA to the private sector in the early days of Information Security consulting. He will recount stories from the days of trying to convince companies that if they wanted to connect to the Internet they really needed a firewall; how penetration testing evolved to vulnerability assesments and then to security architecture advisory work; convincing clients that you didn't need a browser to hack a web server; finding an open network jack really did mean you had access to the network; why it's not a good idea for your mainframe to be Internet reachable; rooting a mainframe; and ultimately trying to find ways to get organizations to think about Information Security from a strategic perspective rather than just selling them a bunch of blinky boxes and telling them where to place them. Of course, we've solved all these problems from the early days...or maybe, just maybe there are still lessons to be learned.","updated_timestamp":{"seconds":1715222100,"nanoseconds":0},"speakers":[{"content_ids":[54101],"conference_id":144,"event_ids":[54444],"name":"Jeff Man","affiliations":[{"organization":"Online Business Systems","title":""}],"links":[],"pronouns":null,"media":[],"id":53700,"title":"Online Business Systems"}],"timeband_id":1175,"links":[],"end":"2024-05-14T16:20:00.000-0000","id":54444,"begin_timestamp":{"seconds":1715700000,"nanoseconds":0},"village_id":null,"tag_ids":[46337,46352],"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53700}],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Discovery Ballroom","hotel":"","short_name":"Discovery Ballroom","id":46244},"spans_timebands":"N","begin":"2024-05-14T15:20:00.000-0000","updated":"2024-05-09T02:35:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","color":"#922c8f","name":"Misc","id":46349},"title":"Morning Break","end_timestamp":{"seconds":1715700000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1715222400,"nanoseconds":0},"speakers":[],"timeband_id":1175,"links":[],"end":"2024-05-14T15:20:00.000-0000","id":54464,"begin_timestamp":{"seconds":1715698800,"nanoseconds":0},"tag_ids":[46349],"village_id":null,"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"spans_timebands":"N","updated":"2024-05-09T02:40:00.000-0000","begin":"2024-05-14T15:00:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"For many reasons (which I will discuss in my presentation), I have come to the conclusion that many/most security tasks, functions and roles can and should largely be distributed across the organization with support from a governance/oversight function. In short, fewer “security people” and more people “doing security.” My prediction is that in the future, there will be fewer dedicated information security staff members and a larger quantity of general staff who practice what have traditionally been information security functions. This requires a fundamental reassessment of how we look at managing security.\r\n\r\nThis presentation isn’t about general information security awareness training, but rather breaking down the elements and tasks of an information security program and dividing many of those elements and tasks amongst current staff. \r\n\r\nFor example, fewer application security people and more developers who are trained to write more secure code. And fewer Network Security Specialists, and more Network Admins that implement security controls. \r\n\r\nThis will lead to security taking on more of a governance and advisory role and providing direction rather than implementation. And for all but the largest organizations, many specialized security roles will end up being outsourced to specialists rather than being on the company payroll.\r\n\r\nIn this presentation I will discuss:\r\n\r\n- The current information security professional “shortage.” Shortage in quotes, because in many cases this is more of a misalignment between expectations from hiring organization and reality.\r\n- The role of specialization in all organizations/societies\r\n- The current and ideal role for information security within an organization (Advise? Consult? Recommend? Test? Implement? Develop? Build things? Run things? Measure things (Existence and effectiveness)?\r\n- Where information security should sit (Business? Technical? Risk Management?)\r\n- How legal, privacy, audit, and general IT have been moving into what has traditionally been the realm of the security team.\r\n- The importance of understanding business and risk to provide context and prioritization for information security.\r\n- How distributed security functions can lead to better outcomes.\r\n- And more!\n\n\n","title":"Why You Don't Need a Security Team","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","color":"#48ABA2","name":"Talk","id":46337},"android_description":"For many reasons (which I will discuss in my presentation), I have come to the conclusion that many/most security tasks, functions and roles can and should largely be distributed across the organization with support from a governance/oversight function. In short, fewer “security people” and more people “doing security.” My prediction is that in the future, there will be fewer dedicated information security staff members and a larger quantity of general staff who practice what have traditionally been information security functions. This requires a fundamental reassessment of how we look at managing security.\r\n\r\nThis presentation isn’t about general information security awareness training, but rather breaking down the elements and tasks of an information security program and dividing many of those elements and tasks amongst current staff. \r\n\r\nFor example, fewer application security people and more developers who are trained to write more secure code. And fewer Network Security Specialists, and more Network Admins that implement security controls. \r\n\r\nThis will lead to security taking on more of a governance and advisory role and providing direction rather than implementation. And for all but the largest organizations, many specialized security roles will end up being outsourced to specialists rather than being on the company payroll.\r\n\r\nIn this presentation I will discuss:\r\n\r\n- The current information security professional “shortage.” Shortage in quotes, because in many cases this is more of a misalignment between expectations from hiring organization and reality.\r\n- The role of specialization in all organizations/societies\r\n- The current and ideal role for information security within an organization (Advise? Consult? Recommend? Test? Implement? Develop? Build things? Run things? Measure things (Existence and effectiveness)?\r\n- Where information security should sit (Business? Technical? Risk Management?)\r\n- How legal, privacy, audit, and general IT have been moving into what has traditionally been the realm of the security team.\r\n- The importance of understanding business and risk to provide context and prioritization for information security.\r\n- How distributed security functions can lead to better outcomes.\r\n- And more!","end_timestamp":{"seconds":1715698800,"nanoseconds":0},"updated_timestamp":{"seconds":1715222160,"nanoseconds":0},"speakers":[{"content_ids":[54103],"conference_id":144,"event_ids":[54446],"name":"Alex Hamerstone","affiliations":[{"organization":"TrustedSec","title":"Advisory Solutions Director"}],"links":[],"pronouns":null,"media":[],"id":53698,"title":"Advisory Solutions Director at TrustedSec"}],"timeband_id":1175,"links":[],"end":"2024-05-14T15:00:00.000-0000","id":54446,"village_id":null,"tag_ids":[46337,46352],"begin_timestamp":{"seconds":1715695200,"nanoseconds":0},"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53698}],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Discovery Ballroom","hotel":"","short_name":"Discovery Ballroom","id":46244},"updated":"2024-05-09T02:36:00.000-0000","begin":"2024-05-14T14:00:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#922c8f","updated_at":"2024-06-07T03:42+0000","name":"Misc","id":46349},"title":"Welcome","end_timestamp":{"seconds":1715695200,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1715222340,"nanoseconds":0},"speakers":[],"timeband_id":1175,"links":[],"end":"2024-05-14T14:00:00.000-0000","id":54463,"village_id":null,"tag_ids":[46349],"begin_timestamp":{"seconds":1715694300,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"spans_timebands":"N","begin":"2024-05-14T13:45:00.000-0000","updated":"2024-05-09T02:39:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#922c8f","updated_at":"2024-06-07T03:42+0000","name":"Misc","id":46349},"title":"Registration","end_timestamp":{"seconds":1715694300,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1715222340,"nanoseconds":0},"speakers":[],"timeband_id":1175,"links":[],"end":"2024-05-14T13:45:00.000-0000","id":54462,"begin_timestamp":{"seconds":1715691600,"nanoseconds":0},"tag_ids":[46349],"village_id":null,"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"updated":"2024-05-09T02:39:00.000-0000","begin":"2024-05-14T13:00:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"I want to emphasize the critical role of blue team members in our cybersecurity efforts. As guardians of our digital infrastructure, it's imperative for us to stay one step ahead of malicious actors. To do this, we must have a deep understanding of their Tactics, Techniques, and Procedures (TTPs). Understanding the TTPs of our adversaries is akin to learning their playbook. It allows us to predict their moves, detect their actions, and ultimately thwart their efforts. By knowing their methods, we can fortify our defenses, identify anomalies, and respond effectively. One often overlooked aspect of cybersecurity is the dark web. This hidden part of the internet harbors a multitude of cyber threats, including forums, marketplaces, and communication channels where malicious actors operate. As blue team members, it is crucial for us to familiarize ourselves with this realm. By gaining insights into the dark web, we can proactively monitor for potential threats, track trends, and gather intelligence on emerging attack vectors. This knowledge empowers us to adapt our defenses and stay ahead of evolving threats.\n\n\n","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#48ABA2","updated_at":"2024-06-07T03:42+0000","name":"Talk","id":46337},"title":"Empowering Blue Teams: Understanding TTPs and Navigating the Dark Web","end_timestamp":{"seconds":1715637600,"nanoseconds":0},"android_description":"I want to emphasize the critical role of blue team members in our cybersecurity efforts. As guardians of our digital infrastructure, it's imperative for us to stay one step ahead of malicious actors. To do this, we must have a deep understanding of their Tactics, Techniques, and Procedures (TTPs). Understanding the TTPs of our adversaries is akin to learning their playbook. It allows us to predict their moves, detect their actions, and ultimately thwart their efforts. By knowing their methods, we can fortify our defenses, identify anomalies, and respond effectively. One often overlooked aspect of cybersecurity is the dark web. This hidden part of the internet harbors a multitude of cyber threats, including forums, marketplaces, and communication channels where malicious actors operate. As blue team members, it is crucial for us to familiarize ourselves with this realm. By gaining insights into the dark web, we can proactively monitor for potential threats, track trends, and gather intelligence on emerging attack vectors. This knowledge empowers us to adapt our defenses and stay ahead of evolving threats.","updated_timestamp":{"seconds":1715222220,"nanoseconds":0},"speakers":[{"content_ids":[54106],"conference_id":144,"event_ids":[54449],"name":"Matthew Maynard","affiliations":[{"organization":"BJC Healthcare","title":"IT Security Incident Response Analyst III"}],"links":[],"pronouns":null,"media":[],"id":53697,"title":"IT Security Incident Response Analyst III at BJC Healthcare"}],"timeband_id":1174,"links":[],"end":"2024-05-13T22:00:00.000-0000","id":54449,"tag_ids":[46337,46351],"begin_timestamp":{"seconds":1715634600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53697}],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Imagination","hotel":"","short_name":"Imagination","id":46245},"spans_timebands":"N","begin":"2024-05-13T21:10:00.000-0000","updated":"2024-05-09T02:37:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"It's all fun and games until you shutdown transaction processing for a bank because you put non-mainframe-safe characters into a web app. Or you've knocked over an entire enterprise with nmap. Twice. When you're trying to break stuff, sometimes you do break stuff. And that's not okay, or the end of the world. In this talk, we'll take you through how to manage expectations, how to assess the risk of disruption, and how to deal with it when everything's on fire, exploding, or highly radioactive.\n\n\n","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","color":"#48ABA2","name":"Talk","id":46337},"title":"When Pen Tests Go Wrong","android_description":"It's all fun and games until you shutdown transaction processing for a bank because you put non-mainframe-safe characters into a web app. Or you've knocked over an entire enterprise with nmap. Twice. When you're trying to break stuff, sometimes you do break stuff. And that's not okay, or the end of the world. In this talk, we'll take you through how to manage expectations, how to assess the risk of disruption, and how to deal with it when everything's on fire, exploding, or highly radioactive.","end_timestamp":{"seconds":1715637600,"nanoseconds":0},"updated_timestamp":{"seconds":1715221920,"nanoseconds":0},"speakers":[{"content_ids":[54094],"conference_id":144,"event_ids":[54437],"name":"Valerie Thomas","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53714},{"content_ids":[54094],"conference_id":144,"event_ids":[54437],"name":"Bobby Kuzma","affiliations":[{"organization":"ProCircular","title":"Director of Offensive Cyber Operations"}],"links":[],"pronouns":null,"media":[],"id":53715,"title":"Director of Offensive Cyber Operations at ProCircular"}],"timeband_id":1174,"links":[],"end":"2024-05-13T22:00:00.000-0000","id":54437,"tag_ids":[46337,46350],"village_id":null,"begin_timestamp":{"seconds":1715634600,"nanoseconds":0},"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53715},{"tag_id":46338,"sort_order":1,"person_id":53714}],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Discovery C/B","hotel":"","short_name":"Discovery C/B","id":46243},"begin":"2024-05-13T21:10:00.000-0000","updated":"2024-05-09T02:32:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"Threat modeling is a critical process that helps organizations identify and mitigate potential security threats in the early stages of projects or when a legacy application is discovered with little to no documentation. This presentation aims to serve as a comprehensive introduction to the wonderful galaxy of Threat Modeling.\r\n\r\nWe will explore the fundamental questions: What is threat modeling? Why is it crucial for cybersecurity? How can it be integrated into your development and IT processes effectively? Why do I feel like I'm in preschool again?\r\n\r\nThis presentation will provide you with a structured approach to threat modeling, demystifying the process and breaking it down into manageable steps. We will discuss various methodologies and tools available for threat modeling.\r\n\r\nGrab your towel and join us for \"\"The Security Hitchhiker's Guide to Threat Modeling.\"\" Leave with a clear understanding of how to embark on your threat modeling journey.\n\n\n","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#48ABA2","updated_at":"2024-06-07T03:42+0000","name":"Talk","id":46337},"title":"The Security Hitchhiker’s Guide to Threat Modeling","end_timestamp":{"seconds":1715637600,"nanoseconds":0},"android_description":"Threat modeling is a critical process that helps organizations identify and mitigate potential security threats in the early stages of projects or when a legacy application is discovered with little to no documentation. This presentation aims to serve as a comprehensive introduction to the wonderful galaxy of Threat Modeling.\r\n\r\nWe will explore the fundamental questions: What is threat modeling? Why is it crucial for cybersecurity? How can it be integrated into your development and IT processes effectively? Why do I feel like I'm in preschool again?\r\n\r\nThis presentation will provide you with a structured approach to threat modeling, demystifying the process and breaking it down into manageable steps. We will discuss various methodologies and tools available for threat modeling.\r\n\r\nGrab your towel and join us for \"\"The Security Hitchhiker's Guide to Threat Modeling.\"\" Leave with a clear understanding of how to embark on your threat modeling journey.","updated_timestamp":{"seconds":1715221860,"nanoseconds":0},"speakers":[{"content_ids":[54088],"conference_id":144,"event_ids":[54431],"name":"Timothy De Block","affiliations":[{"organization":"Exploring Information Security","title":""}],"links":[],"pronouns":null,"media":[],"id":53708,"title":"Exploring Information Security"}],"timeband_id":1174,"links":[],"end":"2024-05-13T22:00:00.000-0000","id":54431,"tag_ids":[46337,46339],"begin_timestamp":{"seconds":1715634600,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53708}],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Discovery A/D","hotel":"","short_name":"Discovery A/D","id":46242},"begin":"2024-05-13T21:10:00.000-0000","updated":"2024-05-09T02:31:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","title":"Short Break","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","color":"#922c8f","name":"Misc","id":46349},"android_description":"","end_timestamp":{"seconds":1715634600,"nanoseconds":0},"updated_timestamp":{"seconds":1715222460,"nanoseconds":0},"speakers":[],"timeband_id":1174,"links":[],"end":"2024-05-13T21:10:00.000-0000","id":54460,"tag_ids":[46349],"village_id":null,"begin_timestamp":{"seconds":1715634000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"spans_timebands":"N","begin":"2024-05-13T21:00:00.000-0000","updated":"2024-05-09T02:41:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"A buzzword for years, Artificial intelligence (AI) has evolved into a powerful, accessible tool and, like any tool, it can be used for evil. How can AI technology be harnessed by adversaries (or you) as part of sophisticated information security attacks? What sort of attacks are we seeing in the wild and how can we prepare for the new offensive techniques?\n\n\n","title":"Artificial Intelligence / Real Threats","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","color":"#48ABA2","name":"Talk","id":46337},"android_description":"A buzzword for years, Artificial intelligence (AI) has evolved into a powerful, accessible tool and, like any tool, it can be used for evil. How can AI technology be harnessed by adversaries (or you) as part of sophisticated information security attacks? What sort of attacks are we seeing in the wild and how can we prepare for the new offensive techniques?","end_timestamp":{"seconds":1715634000,"nanoseconds":0},"updated_timestamp":{"seconds":1715221980,"nanoseconds":0},"speakers":[{"content_ids":[54096],"conference_id":144,"event_ids":[54439],"name":"Chris Carlis","affiliations":[],"links":[],"pronouns":null,"media":[],"id":53702}],"timeband_id":1174,"links":[],"end":"2024-05-13T21:00:00.000-0000","id":54439,"village_id":null,"tag_ids":[46337,46351],"begin_timestamp":{"seconds":1715631000,"nanoseconds":0},"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53702}],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Imagination","hotel":"","short_name":"Imagination","id":46245},"updated":"2024-05-09T02:33:00.000-0000","begin":"2024-05-13T20:10:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"In this presentation, we explore the unique risk that IoT devices and subsequent communication protocols present in the modern paradigm of cybersecurity. This talk examines some inventive ways to leverage IoT capabilities to present entirely new threats that can enable the circumvention of standard detection technologies. Moreover, we delve into the critical need for organizations to implement comprehensive defensive monitoring strategies tailored to the nuances of IoT, shedding light on the essential measures required to secure organizations from the multifaceted ways IoT devices can be abused to aid in compromising networks. Join us in this exploration of the evolving cybersecurity landscape and the strategies needed to protect against IoT-related threats effectively.\n\n\n","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","color":"#48ABA2","name":"Talk","id":46337},"title":"Well, That’s Rude - Thoroughly Offensive IoT","end_timestamp":{"seconds":1715634000,"nanoseconds":0},"android_description":"In this presentation, we explore the unique risk that IoT devices and subsequent communication protocols present in the modern paradigm of cybersecurity. This talk examines some inventive ways to leverage IoT capabilities to present entirely new threats that can enable the circumvention of standard detection technologies. Moreover, we delve into the critical need for organizations to implement comprehensive defensive monitoring strategies tailored to the nuances of IoT, shedding light on the essential measures required to secure organizations from the multifaceted ways IoT devices can be abused to aid in compromising networks. Join us in this exploration of the evolving cybersecurity landscape and the strategies needed to protect against IoT-related threats effectively.","updated_timestamp":{"seconds":1715221920,"nanoseconds":0},"speakers":[{"content_ids":[54093],"conference_id":144,"event_ids":[54436],"name":"Tim Fowler","affiliations":[{"organization":"Black Hills Information Security","title":"Offensive Security Analyst"}],"links":[],"pronouns":null,"media":[],"id":53713,"title":"Offensive Security Analyst at Black Hills Information Security"}],"timeband_id":1174,"links":[],"end":"2024-05-13T21:00:00.000-0000","id":54436,"village_id":null,"begin_timestamp":{"seconds":1715631000,"nanoseconds":0},"tag_ids":[46337,46350],"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53713}],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Discovery C/B","hotel":"","short_name":"Discovery C/B","id":46243},"begin":"2024-05-13T20:10:00.000-0000","updated":"2024-05-09T02:32:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"Why does security fail even though companies are spending more than ever on security budgets? Take a deep dive through some historical security failures since we are doomed to repeat “failed” history if we don’t learn from it. From these failures we can devise practical steps on how to improve our security program from a people, processes, and technology standpoint.\n\n\n","title":"Why Security Fails and Practical Steps On How To Improve","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","color":"#48ABA2","name":"Talk","id":46337},"end_timestamp":{"seconds":1715634000,"nanoseconds":0},"android_description":"Why does security fail even though companies are spending more than ever on security budgets? Take a deep dive through some historical security failures since we are doomed to repeat “failed” history if we don’t learn from it. From these failures we can devise practical steps on how to improve our security program from a people, processes, and technology standpoint.","updated_timestamp":{"seconds":1715221800,"nanoseconds":0},"speakers":[{"content_ids":[54087],"conference_id":144,"event_ids":[54430],"name":"Don Le","affiliations":[{"organization":"Stifel","title":""}],"links":[],"pronouns":null,"media":[],"id":53711,"title":"Stifel"}],"timeband_id":1174,"links":[],"end":"2024-05-13T21:00:00.000-0000","id":54430,"village_id":null,"tag_ids":[46337,46339],"begin_timestamp":{"seconds":1715631000,"nanoseconds":0},"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53711}],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Discovery A/D","hotel":"","short_name":"Discovery A/D","id":46242},"updated":"2024-05-09T02:30:00.000-0000","begin":"2024-05-13T20:10:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","title":"Afternoon Break","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#922c8f","updated_at":"2024-06-07T03:42+0000","name":"Misc","id":46349},"end_timestamp":{"seconds":1715631000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1715222460,"nanoseconds":0},"speakers":[],"timeband_id":1174,"links":[],"end":"2024-05-13T20:10:00.000-0000","id":54459,"tag_ids":[46349],"begin_timestamp":{"seconds":1715629800,"nanoseconds":0},"village_id":null,"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"spans_timebands":"N","updated":"2024-05-09T02:41:00.000-0000","begin":"2024-05-13T19:50:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"In the ever-expanding realm of cloud computing, understanding the vulnerabilities of widely used services is crucial for effective penetration testing. This talk will focus on finding and exploiting vulnerabilities in Microsoft Azure and Azure Active Directory (AD), now called Entra ID.\r\n\r\nWe will start by understanding the architecture of Azure and Azure AD, providing a foundation for understanding where security issues come into play. From there, we will delve into common vulnerabilities and misconfigurations and discuss how to identify and exploit them.\r\n\r\nThe core of this talk will be a series of real-world demonstrations of these vulnerabilities being exploited. These hands-on examples will provide attendees with a clear understanding of the potential risks and the power of Azure.\r\n\r\nThis talk is intended for penetration testers, security professionals, and anyone interested in the darker side of cloud security. No knowledge of Azure or AD is required to attend this talk. Join me as we unmask the cloud and dive into the world of Azure penetration testing.\n\n\n","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#48ABA2","updated_at":"2024-06-07T03:42+0000","name":"Talk","id":46337},"title":"Discover the Unseen: Azure Vulnerability Exploitation","android_description":"In the ever-expanding realm of cloud computing, understanding the vulnerabilities of widely used services is crucial for effective penetration testing. This talk will focus on finding and exploiting vulnerabilities in Microsoft Azure and Azure Active Directory (AD), now called Entra ID.\r\n\r\nWe will start by understanding the architecture of Azure and Azure AD, providing a foundation for understanding where security issues come into play. From there, we will delve into common vulnerabilities and misconfigurations and discuss how to identify and exploit them.\r\n\r\nThe core of this talk will be a series of real-world demonstrations of these vulnerabilities being exploited. These hands-on examples will provide attendees with a clear understanding of the potential risks and the power of Azure.\r\n\r\nThis talk is intended for penetration testers, security professionals, and anyone interested in the darker side of cloud security. No knowledge of Azure or AD is required to attend this talk. Join me as we unmask the cloud and dive into the world of Azure penetration testing.","end_timestamp":{"seconds":1715629800,"nanoseconds":0},"updated_timestamp":{"seconds":1715221980,"nanoseconds":0},"speakers":[{"content_ids":[54095],"conference_id":144,"event_ids":[54438],"name":"Scott Miller","affiliations":[{"organization":"Accenture","title":"Penetration Tester"}],"links":[],"pronouns":null,"media":[],"id":53704,"title":"Penetration Tester at Accenture"}],"timeband_id":1174,"links":[],"end":"2024-05-13T19:50:00.000-0000","id":54438,"village_id":null,"begin_timestamp":{"seconds":1715626800,"nanoseconds":0},"tag_ids":[46337,46351],"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53704}],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Imagination","hotel":"","short_name":"Imagination","id":46245},"spans_timebands":"N","updated":"2024-05-09T02:33:00.000-0000","begin":"2024-05-13T19:00:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"This talk delves into the Swiss Cheese Model of failure and its applicability to the Kentucky Whiskey distilleries. We explore historical instances where accumulated hazards and vulnerabilities led to catastrophic events, emphasizing the role of neglected safety practices in aging structures filled with combustible materials. The presentation highlights the significant impacts these disasters caused. \r\nWe then draw parallels to IT security, drawing on similarities in the evolution and maturity of both industries. The session emphasizes the importance of comprehensive safety and security measures, beyond just product excellence and profitability, in preventing systemic failures. By examining the Swiss Cheese Model, we demonstrate how both the bourbon industry and cybersecurity share common challenges and lessons in risk management and disaster prevention.\n\n\n","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#48ABA2","updated_at":"2024-06-07T03:42+0000","name":"Talk","id":46337},"title":"Aged Hazards, Modern Risks: The Swiss Cheese Model in Bourbon and Breaches","end_timestamp":{"seconds":1715629800,"nanoseconds":0},"android_description":"This talk delves into the Swiss Cheese Model of failure and its applicability to the Kentucky Whiskey distilleries. We explore historical instances where accumulated hazards and vulnerabilities led to catastrophic events, emphasizing the role of neglected safety practices in aging structures filled with combustible materials. The presentation highlights the significant impacts these disasters caused. \r\nWe then draw parallels to IT security, drawing on similarities in the evolution and maturity of both industries. The session emphasizes the importance of comprehensive safety and security measures, beyond just product excellence and profitability, in preventing systemic failures. By examining the Swiss Cheese Model, we demonstrate how both the bourbon industry and cybersecurity share common challenges and lessons in risk management and disaster prevention.","updated_timestamp":{"seconds":1715221920,"nanoseconds":0},"speakers":[{"content_ids":[54092],"conference_id":144,"event_ids":[54435],"name":"Jennifer Shannon","affiliations":[{"organization":"Secure Ideas","title":"Senior Security Consultant"}],"links":[],"pronouns":null,"media":[],"id":53703,"title":"Senior Security Consultant at Secure Ideas"},{"content_ids":[54092],"conference_id":144,"event_ids":[54435],"name":"Kathy Collins","affiliations":[{"organization":"Secure Ideas","title":"Security Consultant"}],"links":[],"pronouns":null,"media":[],"id":53707,"title":"Security Consultant at Secure Ideas"}],"timeband_id":1174,"links":[],"end":"2024-05-13T19:50:00.000-0000","id":54435,"village_id":null,"tag_ids":[46337,46350],"begin_timestamp":{"seconds":1715626800,"nanoseconds":0},"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53703},{"tag_id":46338,"sort_order":1,"person_id":53707}],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Discovery C/B","hotel":"","short_name":"Discovery C/B","id":46243},"spans_timebands":"N","updated":"2024-05-09T02:32:00.000-0000","begin":"2024-05-13T19:00:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"A.I. may be seen as a cost-effective way to replace workers. We will look closer however and discover the uncomfortable truth behind A.I. and what really powers it. We will also discover how to harness the hidden power propping up A.I. for ourselves & our company’s security.\r\n\r\nOne of the biggest, most advanced, and adaptive Intrusion Detection Systems available has been hiding in plain sight. Why isn’t it being implemented? Widespread failure on the part of Information Security & Management. We will pinpoint the systemic flaws and learn how to ensure correct and effective implementation and maintenance of our most powerful tool to fight illicit artificial intelligence: Human intelligence.\n\n\n","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","color":"#48ABA2","name":"Talk","id":46337},"title":"Uncovering & utilizing the quantum processors that secretly power A.I. the world over!","end_timestamp":{"seconds":1715629800,"nanoseconds":0},"android_description":"A.I. may be seen as a cost-effective way to replace workers. We will look closer however and discover the uncomfortable truth behind A.I. and what really powers it. We will also discover how to harness the hidden power propping up A.I. for ourselves & our company’s security.\r\n\r\nOne of the biggest, most advanced, and adaptive Intrusion Detection Systems available has been hiding in plain sight. Why isn’t it being implemented? Widespread failure on the part of Information Security & Management. We will pinpoint the systemic flaws and learn how to ensure correct and effective implementation and maintenance of our most powerful tool to fight illicit artificial intelligence: Human intelligence.","updated_timestamp":{"seconds":1715221800,"nanoseconds":0},"speakers":[{"content_ids":[54086],"conference_id":144,"event_ids":[54429],"name":"Jayson E. Street","affiliations":[{"organization":"Secure Yeti","title":""}],"links":[],"pronouns":null,"media":[],"id":53710,"title":"Secure Yeti"}],"timeband_id":1174,"links":[],"end":"2024-05-13T19:50:00.000-0000","id":54429,"begin_timestamp":{"seconds":1715626800,"nanoseconds":0},"village_id":null,"tag_ids":[46337,46339],"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53710}],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Discovery A/D","hotel":"","short_name":"Discovery A/D","id":46242},"spans_timebands":"N","begin":"2024-05-13T19:00:00.000-0000","updated":"2024-05-09T02:30:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","title":"Free time: Sponsors, Networking & More","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#922c8f","updated_at":"2024-06-07T03:42+0000","name":"Misc","id":46349},"end_timestamp":{"seconds":1715626800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1715222460,"nanoseconds":0},"speakers":[],"timeband_id":1174,"links":[],"end":"2024-05-13T19:00:00.000-0000","id":54458,"village_id":null,"tag_ids":[46349],"begin_timestamp":{"seconds":1715625000,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"updated":"2024-05-09T02:41:00.000-0000","begin":"2024-05-13T18:30:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","title":"Lunch Break","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#922c8f","updated_at":"2024-06-07T03:42+0000","name":"Misc","id":46349},"end_timestamp":{"seconds":1715625000,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1715222400,"nanoseconds":0},"speakers":[],"timeband_id":1174,"links":[],"end":"2024-05-13T18:30:00.000-0000","id":54457,"village_id":null,"begin_timestamp":{"seconds":1715621400,"nanoseconds":0},"tag_ids":[46349],"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"begin":"2024-05-13T17:30:00.000-0000","updated":"2024-05-09T02:40:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"In his Second ShowMeCon Keynote, Joey Smith reflects on his decade as a CISO, sharing insights, triumphs, and trials along the way. Together we will delve into vendor, employee, and boss dynamics as well as leading through the inevitable chaos and uncertainty we each deal with each day.\n\n\n","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","color":"#48ABA2","name":"Talk","id":46337},"title":"Evolution in Progress: Insights Since Our Last Encounter","android_description":"In his Second ShowMeCon Keynote, Joey Smith reflects on his decade as a CISO, sharing insights, triumphs, and trials along the way. Together we will delve into vendor, employee, and boss dynamics as well as leading through the inevitable chaos and uncertainty we each deal with each day.","end_timestamp":{"seconds":1715621400,"nanoseconds":0},"updated_timestamp":{"seconds":1715221860,"nanoseconds":0},"speakers":[{"content_ids":[54090,54099],"conference_id":144,"event_ids":[54433,54442],"name":"Joey Smith","affiliations":[{"organization":"Schnuck Markets, Inc.","title":""}],"pronouns":null,"links":[{"description":"","title":"Schnuck Markets","sort_order":0,"url":"https://schnucks.com/"}],"media":[],"id":53694,"title":"Schnuck Markets, Inc."}],"timeband_id":1174,"links":[],"end":"2024-05-13T17:30:00.000-0000","id":54433,"begin_timestamp":{"seconds":1715617800,"nanoseconds":0},"tag_ids":[46337,46352],"village_id":null,"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53694}],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Discovery Ballroom","hotel":"","short_name":"Discovery Ballroom","id":46244},"updated":"2024-05-09T02:31:00.000-0000","begin":"2024-05-13T16:30:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","title":"Message from Our Sponsors","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#922c8f","updated_at":"2024-06-07T03:42+0000","name":"Misc","id":46349},"end_timestamp":{"seconds":1715617800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1715222400,"nanoseconds":0},"speakers":[],"timeband_id":1174,"links":[],"end":"2024-05-13T16:30:00.000-0000","id":54456,"tag_ids":[46349],"village_id":null,"begin_timestamp":{"seconds":1715617200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"spans_timebands":"N","updated":"2024-05-09T02:40:00.000-0000","begin":"2024-05-13T16:20:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"In \"Orion's Quest: Navigating the Cyber Wilderness - Tales of Modern Penetration Testing\", Kevin Johnson of Secure Ideas takes the audience on an expedition through the intricate world of modern hacking and penetration testing. Reflecting Orion's legendary skills and resilience, Kevin delves into a series of real-world stories, each revealing critical vulnerabilities in various target systems and organizations. These narratives are not just about uncovering digital weaknesses; they offer valuable insights and practical lessons. The talk begins by charting a course through the treacherous waters of web-based exploits, highlighting how these vulnerabilities are discovered and exploited. Kevin's expertise shines as he demonstrates the importance of understanding and mitigating these risks in our ever-connected digital world.\r\n\r\nThe presentation then ventures into the often-overlooked realm of physical penetration testing. Kevin shares eye-opening accounts of legal 'break-ins', illustrating that effective security transcends the digital domain and requires a holistic approach. This segment underscores the necessity of robust physical security measures in protecting organizations. As the journey continues, Kevin shifts focus to the tactics used against security teams themselves, offering a unique perspective on how attackers target and exploit the very guardians of our digital safety.\r\n\r\nThis talk is more than a compilation of experiences; it's a comprehensive exploration of cybersecurity's various facets. Kevin invites the audience to engage and question, fostering a deeper collective understanding of cybersecurity and emphasizing the need for vigilance and proactive defense strategies in today's rapidly evolving security landscape.\n\n\n","title":"Orion's Quest: Navigating the Cyber Wilderness - Tales of Modern Penetration Testing","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#48ABA2","updated_at":"2024-06-07T03:42+0000","name":"Talk","id":46337},"android_description":"In \"Orion's Quest: Navigating the Cyber Wilderness - Tales of Modern Penetration Testing\", Kevin Johnson of Secure Ideas takes the audience on an expedition through the intricate world of modern hacking and penetration testing. Reflecting Orion's legendary skills and resilience, Kevin delves into a series of real-world stories, each revealing critical vulnerabilities in various target systems and organizations. These narratives are not just about uncovering digital weaknesses; they offer valuable insights and practical lessons. The talk begins by charting a course through the treacherous waters of web-based exploits, highlighting how these vulnerabilities are discovered and exploited. Kevin's expertise shines as he demonstrates the importance of understanding and mitigating these risks in our ever-connected digital world.\r\n\r\nThe presentation then ventures into the often-overlooked realm of physical penetration testing. Kevin shares eye-opening accounts of legal 'break-ins', illustrating that effective security transcends the digital domain and requires a holistic approach. This segment underscores the necessity of robust physical security measures in protecting organizations. As the journey continues, Kevin shifts focus to the tactics used against security teams themselves, offering a unique perspective on how attackers target and exploit the very guardians of our digital safety.\r\n\r\nThis talk is more than a compilation of experiences; it's a comprehensive exploration of cybersecurity's various facets. Kevin invites the audience to engage and question, fostering a deeper collective understanding of cybersecurity and emphasizing the need for vigilance and proactive defense strategies in today's rapidly evolving security landscape.","end_timestamp":{"seconds":1715617200,"nanoseconds":0},"updated_timestamp":{"seconds":1715221860,"nanoseconds":0},"speakers":[{"content_ids":[54089],"conference_id":144,"event_ids":[54432],"name":"Kevin Johnson","affiliations":[{"organization":"Secure Ideas","title":"Chief Executive Officer"}],"links":[],"pronouns":null,"media":[],"id":53695,"title":"Chief Executive Officer at Secure Ideas"}],"timeband_id":1174,"links":[],"end":"2024-05-13T16:20:00.000-0000","id":54432,"village_id":null,"tag_ids":[46337,46352],"begin_timestamp":{"seconds":1715613600,"nanoseconds":0},"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53695}],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Discovery Ballroom","hotel":"","short_name":"Discovery Ballroom","id":46244},"spans_timebands":"N","updated":"2024-05-09T02:31:00.000-0000","begin":"2024-05-13T15:20:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","title":"Morning Break","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","color":"#922c8f","name":"Misc","id":46349},"android_description":"","end_timestamp":{"seconds":1715613600,"nanoseconds":0},"updated_timestamp":{"seconds":1715222400,"nanoseconds":0},"speakers":[],"timeband_id":1174,"links":[],"end":"2024-05-13T15:20:00.000-0000","id":54455,"village_id":null,"begin_timestamp":{"seconds":1715612400,"nanoseconds":0},"tag_ids":[46349],"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"spans_timebands":"N","begin":"2024-05-13T15:00:00.000-0000","updated":"2024-05-09T02:40:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"The frequency and impact of Business Email Compromises (BEC) have continuously increased over the years and are still very successful (and lucrative) for attackers. JC has been responding to these BEC incidents for almost a decade for companies in almost every industry as well as for high-net-worth individuals. During this presentation, JC will take you on a journey in the trenches as he breaks down the various ways BECs usually occur, including showcasing some novel phishing pretexts and techniques that attackers use today and how they're getting past your filters. He'll also discuss things organizations get right and how they get it wrong when trying to deal with a BEC internally. Lastly, JC will discuss how these compromises can impact organizations and how they leave teams scrambling. Throughout this talk, there will be plenty of recommendations you can learn from to improve your own organization's security program.\n\n\n","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#48ABA2","updated_at":"2024-06-07T03:42+0000","name":"Talk","id":46337},"title":"Game of Phishes: Tales, tactics and troubles from almost a decade of BEC investigations","end_timestamp":{"seconds":1715612400,"nanoseconds":0},"android_description":"The frequency and impact of Business Email Compromises (BEC) have continuously increased over the years and are still very successful (and lucrative) for attackers. JC has been responding to these BEC incidents for almost a decade for companies in almost every industry as well as for high-net-worth individuals. During this presentation, JC will take you on a journey in the trenches as he breaks down the various ways BECs usually occur, including showcasing some novel phishing pretexts and techniques that attackers use today and how they're getting past your filters. He'll also discuss things organizations get right and how they get it wrong when trying to deal with a BEC internally. Lastly, JC will discuss how these compromises can impact organizations and how they leave teams scrambling. Throughout this talk, there will be plenty of recommendations you can learn from to improve your own organization's security program.","updated_timestamp":{"seconds":1715221920,"nanoseconds":0},"speakers":[{"content_ids":[54091],"conference_id":144,"event_ids":[54434],"name":"JC Carruthers","affiliations":[{"organization":"Snowfensive","title":"President"}],"links":[],"pronouns":null,"media":[],"id":53696,"title":"President at Snowfensive"}],"timeband_id":1174,"links":[],"end":"2024-05-13T15:00:00.000-0000","id":54434,"tag_ids":[46337,46352],"begin_timestamp":{"seconds":1715608800,"nanoseconds":0},"village_id":null,"includes":"","people":[{"tag_id":46338,"sort_order":1,"person_id":53696}],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Discovery Ballroom","hotel":"","short_name":"Discovery Ballroom","id":46244},"spans_timebands":"N","updated":"2024-05-09T02:32:00.000-0000","begin":"2024-05-13T14:00:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","title":"Welcome","type":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","color":"#922c8f","name":"Misc","id":46349},"end_timestamp":{"seconds":1715608800,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1715222340,"nanoseconds":0},"speakers":[],"timeband_id":1174,"links":[],"end":"2024-05-13T14:00:00.000-0000","id":54454,"begin_timestamp":{"seconds":1715607900,"nanoseconds":0},"tag_ids":[46349],"village_id":null,"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"spans_timebands":"N","location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"updated":"2024-05-09T02:39:00.000-0000","begin":"2024-05-13T13:45:00.000-0000"},{"conference":"SHOWMECON2024","timezone":"America/Chicago","link":"","description":"","title":"Registration","type":{"conference_id":144,"conference":"SHOWMECON2024","color":"#922c8f","updated_at":"2024-06-07T03:42+0000","name":"Misc","id":46349},"end_timestamp":{"seconds":1715607900,"nanoseconds":0},"android_description":"","updated_timestamp":{"seconds":1715222340,"nanoseconds":0},"speakers":[],"timeband_id":1174,"links":[],"end":"2024-05-13T13:45:00.000-0000","id":54453,"tag_ids":[46349],"village_id":null,"begin_timestamp":{"seconds":1715605200,"nanoseconds":0},"includes":"","people":[],"tags":"","conference_id":144,"links_antiquated":[],"location":{"conference_id":144,"conference":"SHOWMECON2024","updated_at":"2024-06-07T03:42+0000","parent_id":0,"name":"Unspecified","hotel":"","short_name":"Unspecified","id":46246},"spans_timebands":"N","begin":"2024-05-13T13:00:00.000-0000","updated":"2024-05-09T02:39:00.000-0000"}] \ No newline at end of file diff --git a/public/ht/index.json b/public/ht/index.json index 9f5d94d..1e12d6d 100644 --- a/public/ht/index.json +++ b/public/ht/index.json @@ -1 +1 @@ -[{"end_date":"2024-05-27","end_timestamp_str":"2024-05-28T06:59:59+00:00","supportdoc":"The Help & Support document for this conference has not yet been defined.","kickoff_timestamp":{"seconds":1716825600,"nanoseconds":0},"enable_merch":false,"code":"BSIDESVANCOUVER2024","start_timestamp":{"seconds":1716706800,"nanoseconds":0},"timezone":"America/Los_Angeles","link":"","description":"","kickoff_timestamp_str":"2024-05-27T16:00:00+00:00","enable_merch_cart":false,"conference_id":139,"start_timestamp_str":"2024-05-26T07:00:00+00:00","end_timestamp":{"seconds":1716879599,"nanoseconds":0},"home_menu_id":123,"codeofconduct":"Simple Expectations\r\n\r\nWritten By The Community, For The Community\r\n\r\nBSides Vancouver is dedicated to providing an awesome event for all communities and community members and this means a harassment-free conference experience for everyone. We do not tolerate harassment in any form, and expect all of our conference participants to abide by our common ethos defined below:\r\n\r\n- Be an ADULT.\r\n- Be respectful, polite, honourable, tolerant and a positive contributor to our event and community.\r\n- Do not be crass, rude, ignorant or demeaning (Do unto others as you would have them do unto you).\r\n- Do not break any laws.\r\n- If you are unclear how to act respectfully in public: DO NOT ATTEND BSides Vancouver.\r\n\r\nEnforcement, Consequences, and Reporting\r\n\r\nIf an individual believes someone has violated this Code of Conduct or broken any laws, we ask them to make the conference organizers aware of the issue immediately so it can be dealt with appropriately (rather than post about it online / after the event).\r\n\r\nConference participants violating these simple rules may be sanctioned or expelled from the conference without a refund at the sole discretion of the conference organizers.\r\n\r\nPoints of Contact\r\n\r\nThe following can be contacted in regard to any issues related to the conference:\r\n\r\n- Event organizers (identified by BSides volunteer badges)\r\n\r\nYou may also send us your concerns online using the contact form at https://www.bsidesvancouver.com/code-of-conduct and someone will reply to you within 48 hours.","name":"BSides Vancouver 2024","id":139,"tagline_text":null,"start_date":"2024-05-26","hidden":false,"maps":[{"filename":"floorplan_1000.pdf","file":"floorplan_1000.pdf","name":"1000","description":"1000","name_text":"1000","id":85,"sort_order":11,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2Ffloorplan_1000.pdf?alt=media"},{"filename":"floorplan_2000.pdf","file":"floorplan_2000.pdf","name":"2000","description":"2000","name_text":"2000","id":86,"sort_order":21,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2Ffloorplan_2000.pdf?alt=media"}],"updated_at":{"seconds":1716653308,"nanoseconds":791926000}},{"end_date":"2024-05-19","end_timestamp_str":"2024-05-20T03:59:59+00:00","supportdoc":"The Help & Support document for this conference has not yet been defined.","enable_merch":false,"kickoff_timestamp":{"seconds":1715965200,"nanoseconds":0},"code":"CACKALACKYCON2024","maps":[{"file":"CKC.pdf","filename":"CKC.pdf","name":"Map","description":"Map","name_text":"Map","id":78,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/CACKALACKYCON2024%2FCKC.pdf?alt=media"}],"start_timestamp":{"seconds":1715918400,"nanoseconds":0},"timezone":"America/New_York","link":"","description":"","kickoff_timestamp_str":"2024-05-17T17:00:00+00:00","enable_merch_cart":false,"conference_id":141,"end_timestamp":{"seconds":1716177599,"nanoseconds":0},"start_timestamp_str":"2024-05-17T04:00:00+00:00","home_menu_id":125,"codeofconduct":"If you have experienced or witnessed an incident that violates the Code of Conduct, please contact us at staff [at] CackalackyCon.org\r\n\r\nCackalacky Con is dedicated to a harassment-free conference experience for everyone. The Cackalacky Con series of events are open, inclusive forums for sharing of ideas. Cackalacky Con participants include speakers, vendors, makers, tinkerers, families, students, and everyone else wanting to experience Cackalacky Con events and be part of the Cackalacky Con community.\r\n\r\nWe consider the physical hotel space, as well as the hotel staff, to be an important part of our larger conference community and we require that both be treated with respect. Without a venue, there is no conference. Mistreatment of hotel staff or the hotel itself will not be tolerated. Attempts to damage hotel property will be grounds for immediate removal from the conference.\r\n\r\nIt is important for participants to step beyond prejudices, societal norms, and other perspectives that lead to disrespect for people and groups. Everyone is welcome at Cackalacky Con events, regardless of race, class, gender identity or expression, age, ethnicity, religion, political beliefs, disability, sexual orientation, personal appearance, or education level, text editor choice, and other aspects of who we are.\r\n\r\nIn short: Cackalacky Con is a space for tolerance and respect.\r\n\r\nCackalacky Con strongly values free speech. We also value our attendees, and do not want any to feel marginalized or intimidated. We encourage talks that address hard topics. We also encourage everyone to think about how offhand comments they make about others may contribute to making some feel unwelcome in this community.\r\n\r\nCackalacky Con seeks to ensure no attendee is harassed. This includes, but is not limited to: deliberate intimidation, stalking, following, harassing photography or recording, disruption of talks or other events, inappropriate physical contact, or unwelcome sexual attention.\r\n\r\nThe conference staff reserves the right to eject anyone from the conference at any time. If you are being harassed, notice that someone else is being harassed, or have related concerns, we encourage you to contact a member of conference staff immediately.\r\n\r\n(We borrowed and modified this Code of Conduct from HOPE)","name":"CackalackyCon 2024","id":141,"tagline_text":null,"start_date":"2024-05-17","hidden":false,"updated_at":{"seconds":1716076272,"nanoseconds":235478000}},{"end_timestamp_str":"2024-05-15T04:59:59+00:00","end_date":"2024-05-14","supportdoc":"The Help & Support document for this conference has not yet been defined.","enable_merch":false,"kickoff_timestamp":{"seconds":1715607900,"nanoseconds":0},"code":"SHOWMECON2024","maps":[],"start_timestamp":{"seconds":1715576400,"nanoseconds":0},"timezone":"America/Chicago","link":"","description":"","kickoff_timestamp_str":"2024-05-13T13:45:00+00:00","enable_merch_cart":false,"conference_id":144,"start_timestamp_str":"2024-05-13T05:00:00+00:00","end_timestamp":{"seconds":1715749199,"nanoseconds":0},"home_menu_id":128,"codeofconduct":"The Code of Conduct document for this conference has not yet been defined.","name":"ShowMeCon 2024","tagline_text":null,"id":144,"start_date":"2024-05-13","hidden":false,"updated_at":{"seconds":1715622855,"nanoseconds":550237000}},{"end_timestamp_str":"2024-05-05T04:59:59+00:00","end_date":"2024-05-04","supportdoc":"The Help & Support document for this conference has not yet been defined.","enable_merch":false,"kickoff_timestamp":{"seconds":1714831200,"nanoseconds":0},"code":"COCOFEST2024","maps":[{"file":"cocofest_vendors.pdf","filename":"cocofest_vendors.pdf","name":"Vendors","description":"Vendors","name_text":"Vendors","id":82,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/COCOFEST2024%2Fcocofest_vendors.pdf?alt=media"}],"start_timestamp":{"seconds":1714712400,"nanoseconds":0},"timezone":"America/Chicago","link":"","description":"","kickoff_timestamp_str":"2024-05-04T14:00:00+00:00","enable_merch_cart":false,"conference_id":143,"end_timestamp":{"seconds":1714885199,"nanoseconds":0},"start_timestamp_str":"2024-05-03T05:00:00+00:00","codeofconduct":"The Code of Conduct document for this conference has not yet been defined.","home_menu_id":127,"name":"CocoFEST","tagline_text":null,"id":143,"start_date":"2024-05-03","updated_at":{"seconds":1714579658,"nanoseconds":143947000},"hidden":false},{"end_date":"2024-11-15","end_timestamp_str":"2024-11-16T02:59:59+00:00","supportdoc":"The Help & Support document for this conference has not yet been defined.","kickoff_timestamp":{"seconds":1731499200,"nanoseconds":0},"enable_merch":false,"code":"EKOPARTY2024","maps":[],"start_timestamp":{"seconds":1731466800,"nanoseconds":0},"timezone":"America/Argentina/Buenos_Aires","link":"","description":"","kickoff_timestamp_str":"2024-11-13T12:00:00+00:00","enable_merch_cart":false,"conference_id":142,"start_timestamp_str":"2024-11-13T03:00:00+00:00","end_timestamp":{"seconds":1731725999,"nanoseconds":0},"codeofconduct":"The Code of Conduct document for this conference has not yet been defined.","home_menu_id":126,"name":"Ekoparty 2024","id":142,"tagline_text":null,"start_date":"2024-11-13","updated_at":{"seconds":1713992029,"nanoseconds":441311000},"hidden":false},{"end_timestamp_str":"2024-04-22T03:59:59+00:00","end_date":"2024-04-21","supportdoc":"The Help & Support document for this conference has not yet been defined.","enable_merch":false,"kickoff_timestamp":{"seconds":1713621600,"nanoseconds":0},"code":"BSIDESCHARM2024","start_timestamp":{"seconds":1713585600,"nanoseconds":0},"timezone":"America/New_York","link":"","description":"","kickoff_timestamp_str":"2024-04-20T14:00:00+00:00","enable_merch_cart":false,"conference_id":137,"start_timestamp_str":"2024-04-20T04:00:00+00:00","end_timestamp":{"seconds":1713758399,"nanoseconds":0},"home_menu_id":121,"codeofconduct":"Our “Code of Conduct” is “Be Excellent to Each Other”.\r\n\r\nWe expect the best behavior from our attendees, speakers, sponsors, staff, and other participants to create a safe and positive environment for everyone.\r\n\r\nWe have no tolerance for verbal, physical, or sexual harassments against any individual.\r\n\r\nSpeakers and presenters appreciate legitimate questions and alternate points of view. This is how we all learn. Asking questions of a speaker during their talk, to get clarity or debate a point, is acceptable and encouraged. However, heckling speakers, engaging in any disruptive behavior, or interfering with a presentation or training is unacceptable behavior and will be considered harassment which could become grounds for you being asked to leave the conference.\r\n\r\nYou will not engage in any form of harassing, offensive, discriminatory, or threatening speech or behavior, including (but not limited to) relating to race, gender, gender identity and expression, national origin, religion, disability, marital status, age, sexual orientation, military or veteran status, or other protected category.\r\n\r\nIf you witness activity that violates the letter or spirit of this Code of Conduct, please alert a staff member. Staff are designated as the Board, Organizers, and Volunteers.\r\n\r\nIf someone asks YOU to stop a certain kind of behavior, please stop.\r\n\r\nBSidesCharm has the right, and duty, to remove any harmful influence from the event for the safety of others.","name":"BSidesCharm 2024","tagline_text":null,"id":137,"start_date":"2024-04-20","hidden":false,"maps":[{"file":"Map_Plaza.pdf","filename":"Map_Plaza.pdf","name":"Plaza Level","description":"Plaza Level","name_text":"Plaza Level","id":79,"sort_order":2,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESCHARM2024%2FMap_Plaza.pdf?alt=media"},{"filename":"Map_Second.pdf","file":"Map_Second.pdf","name":"Second Level","description":"Second Level","name_text":"Second Level","id":80,"sort_order":5,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESCHARM2024%2FMap_Second.pdf?alt=media"},{"filename":"Map_Sponsors.pdf","file":"Map_Sponsors.pdf","name":"Sponsors","description":"Sponsors","name_text":"Sponsors","id":81,"sort_order":100,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESCHARM2024%2FMap_Sponsors.pdf?alt=media"}],"updated_at":{"seconds":1713546004,"nanoseconds":323508000}},{"end_date":"2024-04-13","end_timestamp_str":"2024-04-14T03:59:59+00:00","supportdoc":"The Help & Support document for this conference has not yet been defined.","kickoff_timestamp":{"seconds":1712894400,"nanoseconds":0},"enable_merch":false,"code":"BSIDESPR2024","maps":[],"start_timestamp":{"seconds":1712894400,"nanoseconds":0},"timezone":"America/Puerto_Rico","link":"","description":"","kickoff_timestamp_str":"2024-04-12T04:00:00+00:00","enable_merch_cart":false,"conference_id":135,"end_timestamp":{"seconds":1713067199,"nanoseconds":0},"start_timestamp_str":"2024-04-12T04:00:00+00:00","codeofconduct":"# Scope\r\n\r\nThis Code of Conduct (CoC) will be in effect for the duration and the entirety of all BSidesPR events and related ancillary events, including, but not limited to the following: pre-event organizational meetings, evening receptions, breakout sessions, etc. Violations of this CoC outside these spaces may affect a person's ability to participate within them. BSidesPR will work synergistically alongside other institutional policies (e.g., violations of BSidesPR CoC may have consequences at the level of the host institution as well) but will supersede any less comprehensive or less inclusive policy.\r\n\r\nThis CoC applies to every individual or organization directly or tangentially involved with BSidesPR, including but not limited to event organizers, staff, volunteers, sponsors, vendors (catering, etc) facilities, and attendees. \r\n\r\n# Code of Conduct\r\n\r\nBy participating in BSidesPR, attendees agree to:\r\n\r\n- Act respectfully and courteously to each and every fellow attendee, supporting each other in endeavors to connect, learn, and contribute during conference proceedings, while acknowledging and respecting personal boundaries and comfort levels.\r\n- Refrain from demeaning, discriminatory, or harassing behavior and speech.\r\n - Harassment includes, but is not limited to: deliberate intimidation; stalking, unwanted photography or recording (see Photography and Media policy); sustained or willful disruption of talks or other sessions; inappropriate physical contact; use of sexual or discriminatory imagery, comments, or jokes; unwelcome sexual attention or any behavior that makes attendees feel unwelcome or afraid.\r\n - Discriminatory speech includes, but is not limited to: racist, misogynist, homophobic, transphobic, abelist, or anti-neurodivergent comments or jokes; or non-inclusive speech centered on an individual’s personal appearance, educational level, professional background, or technical skillset. \r\n- Contribute to the atmosphere of safety and security by looking out for one another and promptly reporting (see below) any dangerous situations or someone in distress. We rely on you to be part of the solution. We encourage you to speak up in the moment and/or report behavior that does not conform with this CoC.\r\n\r\n# Reporting\r\n\r\nAttendees who feel unsafe, uncomfortable, and/or have experienced or witnessed an incident of harassment or discrimination are encouraged to report the event. BSidesPR has a number of mechanisms in place to facilitate a report.\r\n\r\n- Attendees may email BSidesPR which will also be frequently monitored.\r\n- Attendees may report directly to any BSidesPR staff member, whom, if not trained in incident response prior to the event, will forward concerns immediately to a trained staff member.\r\n- In the event that an attendee wishes to make an anonymous complaint, they may do so using. Anonymous complaints are taken seriously and acted on to the best of BSidesPR's ability. However, submitting anonymously without a certain level of detail with respect to parties involved may inhibit organizers’ ability to take specific action. Please be aware that all efforts will be taken to maintain anonymity, but that anonymity cannot be guaranteed in all cases.\r\n- We understand that each person may process a situation differently and that the decision to make a report can be a difficult one for a variety of reasons. While reports made in close proximity to the incident allow for us to respond that much quicker, attendees are encouraged to make a report no matter how much time may have elapsed from the event itself.\r\n\r\n# Violations\r\n\r\nBSidesPR does not tolerate harassment, discrimination, or any other CoC violations. Any attendee who violates the CoC will be subject to any lawful action deemed appropriate by event organizers, including but not limited to verbal and written warning, expulsion from event, or attendance ban from future events. \r\n\r\nAction based on violations will be undertaken by event organizers trained in incident response unless requiring escalation to law enforcement as required by law.\r\n\r\n# Non-Discrimination\r\n\r\nBSidesPR does not and shall not discriminate on the basis of race, color, religion (creed), gender, gender expression, age, national origin (ancestry), disability, marital status, sexual orientation, or military status, in any of its activities or operations. These activities include, but are not limited to, the appointment to and termination from its Board of Directors, hiring and firing of staff or contractors, selection of volunteers, selection of vendors, and providing of services.\r\n\r\nUpdated 11 December 2023\r\n\r\n# Non-Solicitation\r\n\r\nSolicitation is any form of requesting money, support or participation for products, groups, organizations or causes which are unrelated to our company. These include but are not limited to:\r\n\r\n- Seeking funds or donations for a non-profit organization\r\n- Asking for signatures for a petition\r\n- Selling merchandise or services\r\n- Requesting support for a political candidate\r\n- Engaging in religious proselytism\r\n\r\nDistribution refers to disseminating literature or material for commercial or political purposes.\r\n\r\nUpdated 11 December 2023\r\n\r\n# Resources Utilized\r\n\r\n- Ashe Dryden's Code of Conduct FAQ\r\n- Aurora and Gardiner, How to Respond to Code of Conduct Reports\r\n\r\nLanguage was adapted from the following Codes of Conduct (under Creative Commons licenses as per sources):\r\n\r\n- Open Con (CC BY 4.0)\r\n- SRCCON (CC BY-SA 4.0)","home_menu_id":119,"name":"BSides Puerto Rico 2024","tagline_text":null,"id":135,"start_date":"2024-04-12","hidden":false,"updated_at":{"seconds":1712785723,"nanoseconds":398125000}},{"end_date":"2024-04-20","end_timestamp_str":"2024-04-21T04:59:59+00:00","supportdoc":"The Help & Support document for this conference has not yet been defined.","enable_merch":false,"kickoff_timestamp":{"seconds":1713621600,"nanoseconds":0},"code":"BSIDESKC2024","maps":[{"filename":"RC1-map.pdf","file":"RC1-map.pdf","name":"First","description":"First","name_text":"First","id":76,"sort_order":2,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESKC2024%2FRC1-map.pdf?alt=media"},{"filename":"RC2-map.pdf","file":"RC2-map.pdf","name":"Second","description":"Second","name_text":"Second","id":77,"sort_order":5,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESKC2024%2FRC2-map.pdf?alt=media"}],"start_timestamp":{"seconds":1713589200,"nanoseconds":0},"timezone":"America/Chicago","link":"","description":"","kickoff_timestamp_str":"2024-04-20T14:00:00+00:00","enable_merch_cart":false,"conference_id":140,"start_timestamp_str":"2024-04-20T05:00:00+00:00","end_timestamp":{"seconds":1713675599,"nanoseconds":0},"home_menu_id":124,"codeofconduct":"We have ZERO TOLERANCE for physical, verbal, sexual harassment at BSidesKC.\r\n\r\nOur general “Code of Conduct” is “Be Excellent to Each Other” AKA the Golden Rule. Failing that, it is “Do not be an Ass or we will kick your ass out!“.\r\n\r\nAsking questions of a speaker during their talk, to get clarity or debate a point is NOT being an ass – heckling or haranguing the speaker IS. If you are not sure, ask, or err on the side of basic decency and common courtesy. If what they are doing would not be acceptable to have done to you, your best friend, your worst enemy, your sister, niece, daughter, brother, nephew, son, mother, father, or any human being, do not let them treat anyone else that way – whether you know them or not. If someone asks you to stop – STOP.\r\n\r\nEveryone should feel welcome at the event and we take safety concerns very seriously. If you are having an issue with a BSidesKC participant of ANY badge type, please find a member of our team in the orange BSidesKC safety vests. They will assist you in determining the next steps for you to feel safe and address your concerns. Alternatively, you can send an email to safety@bsideskc.org during the event to notify the organizers of any issues. Please include your name and phone number where you can be reached. If you have not heard back within 15 minutes, please assume the email was not received and instead ask a volunteer to find an organizer immediately.","name":"BSidesKC 2024","tagline_text":null,"id":140,"start_date":"2024-04-20","hidden":false,"updated_at":{"seconds":1712675798,"nanoseconds":857659000}},{"end_date":"2024-04-12","end_timestamp_str":"2024-04-13T03:59:59+00:00","supportdoc":"The Help & Support document for this conference has not yet been defined.","kickoff_timestamp":{"seconds":1712926800,"nanoseconds":0},"enable_merch":false,"code":"BSIDESHBG2024","maps":[],"start_timestamp":{"seconds":1712894400,"nanoseconds":0},"timezone":"America/New_York","link":"","description":"","kickoff_timestamp_str":"2024-04-12T13:00:00+00:00","enable_merch_cart":false,"conference_id":138,"start_timestamp_str":"2024-04-12T04:00:00+00:00","end_timestamp":{"seconds":1712980799,"nanoseconds":0},"codeofconduct":"The Code of Conduct document for this conference has not yet been defined.","home_menu_id":122,"name":"BSidesHBG 2024","tagline_text":null,"id":138,"start_date":"2024-04-12","hidden":false,"updated_at":{"seconds":1712611210,"nanoseconds":497034000}},{"end_timestamp_str":"2024-04-06T04:59:59+00:00","end_date":"2024-04-05","supportdoc":"The Help & Support document for this conference has not yet been defined.","enable_merch":false,"kickoff_timestamp":{"seconds":1712293200,"nanoseconds":0},"code":"BSIDESOK2024","maps":[],"start_timestamp":{"seconds":1712120400,"nanoseconds":0},"timezone":"America/Chicago","link":"","description":"","kickoff_timestamp_str":"2024-04-05T05:00:00+00:00","enable_merch_cart":false,"conference_id":136,"start_timestamp_str":"2024-04-03T05:00:00+00:00","end_timestamp":{"seconds":1712379599,"nanoseconds":0},"codeofconduct":"Everyone deserves to attend a learning event, community or professional, with a reasonable expectation of good behavior. The BSidesOK Team expects that while attending this conference you treat everyone with the love and respect you wish to receive. This applies to all attendees, speakers, volunteers, vendors, and anyone in between. We feel that if you do that, then this conference will once again run smoothly and we will all have a good time.\r\n\r\nDon’t be an ass!\r\n\r\nIf you experience or witness behavior conflicting with our code of conduct, please contact a volunteer or venue staff. Both BSidesOK volunteers and the venue staff will be happy to assist. Reporting can also be done by emailing info@bsidesok.com. All email reports are treated with the utmost sensitivity and are solely reviewed by the BSidesOK team.\r\n\r\n– The BSidesOK Team","home_menu_id":120,"name":"BSidesOK 2024","tagline_text":null,"id":136,"start_date":"2024-04-03","hidden":false,"updated_at":{"seconds":1712082181,"nanoseconds":100105000}}] \ No newline at end of file +[{"code":"TEST","maps":[],"timezone":"America/New_York","description":"","conference_id":101,"name":"Test Conference","id":101,"hidden":true,"developer":true,"enable_merch":false,"enable_merch_cart":false,"end_date":"2022-01-05","end_timestamp_str":"2022-01-06T02:00:00+00:00","kickoff_timestamp":{"seconds":1641186000,"nanoseconds":0},"end_timestamp":{"seconds":1641434400,"nanoseconds":0},"start_timestamp_str":"2022-01-01T14:00:00+00:00","start_timestamp":{"seconds":1641045600,"nanoseconds":0},"home_menu_id":35,"link":"","tagline_text":null,"kickoff_timestamp_str":"2022-01-03T05:00:00+00:00","start_date":"2022-01-01","supportdoc":"","codeofconduct":"","updated_at":{"seconds":1717732084,"nanoseconds":734450000}},{"end_timestamp_str":"2024-05-05T04:59:59+00:00","end_date":"2024-05-04","enable_merch":false,"kickoff_timestamp":{"seconds":1714831200,"nanoseconds":0},"code":"COCOFEST2024","maps":[{"file":"cocofest_vendors.pdf","filename":"cocofest_vendors.pdf","name":"Vendors","description":"Vendors","name_text":"Vendors","id":82,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/COCOFEST2024%2Fcocofest_vendors.pdf?alt=media"}],"start_timestamp":{"seconds":1714712400,"nanoseconds":0},"timezone":"America/Chicago","link":"","description":"","kickoff_timestamp_str":"2024-05-04T14:00:00+00:00","enable_merch_cart":false,"conference_id":143,"end_timestamp":{"seconds":1714885199,"nanoseconds":0},"start_timestamp_str":"2024-05-03T05:00:00+00:00","home_menu_id":127,"name":"CocoFEST","tagline_text":null,"id":143,"start_date":"2024-05-03","hidden":false,"supportdoc":"","codeofconduct":"","updated_at":{"seconds":1717732076,"nanoseconds":905676000}},{"end_timestamp_str":"2024-05-15T04:59:59+00:00","end_date":"2024-05-14","enable_merch":false,"kickoff_timestamp":{"seconds":1715607900,"nanoseconds":0},"code":"SHOWMECON2024","maps":[],"start_timestamp":{"seconds":1715576400,"nanoseconds":0},"timezone":"America/Chicago","link":"","description":"","kickoff_timestamp_str":"2024-05-13T13:45:00+00:00","enable_merch_cart":false,"conference_id":144,"start_timestamp_str":"2024-05-13T05:00:00+00:00","end_timestamp":{"seconds":1715749199,"nanoseconds":0},"home_menu_id":128,"name":"ShowMeCon 2024","tagline_text":null,"id":144,"start_date":"2024-05-13","hidden":false,"supportdoc":"","codeofconduct":"","updated_at":{"seconds":1717732064,"nanoseconds":132213000}},{"end_date":"2024-05-19","end_timestamp_str":"2024-05-20T03:59:59+00:00","enable_merch":false,"kickoff_timestamp":{"seconds":1715965200,"nanoseconds":0},"code":"CACKALACKYCON2024","maps":[{"file":"CKC.pdf","filename":"CKC.pdf","name":"Map","description":"Map","name_text":"Map","id":78,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/CACKALACKYCON2024%2FCKC.pdf?alt=media"}],"start_timestamp":{"seconds":1715918400,"nanoseconds":0},"timezone":"America/New_York","link":"","description":"","kickoff_timestamp_str":"2024-05-17T17:00:00+00:00","enable_merch_cart":false,"conference_id":141,"end_timestamp":{"seconds":1716177599,"nanoseconds":0},"start_timestamp_str":"2024-05-17T04:00:00+00:00","home_menu_id":125,"name":"CackalackyCon 2024","id":141,"tagline_text":null,"start_date":"2024-05-17","hidden":false,"supportdoc":"","codeofconduct":"","updated_at":{"seconds":1717732047,"nanoseconds":396319000}},{"end_date":"2024-05-27","end_timestamp_str":"2024-05-28T06:59:59+00:00","kickoff_timestamp":{"seconds":1716825600,"nanoseconds":0},"enable_merch":false,"code":"BSIDESVANCOUVER2024","start_timestamp":{"seconds":1716706800,"nanoseconds":0},"timezone":"America/Los_Angeles","link":"","description":"","kickoff_timestamp_str":"2024-05-27T16:00:00+00:00","enable_merch_cart":false,"conference_id":139,"start_timestamp_str":"2024-05-26T07:00:00+00:00","end_timestamp":{"seconds":1716879599,"nanoseconds":0},"home_menu_id":123,"name":"BSides Vancouver 2024","id":139,"tagline_text":null,"start_date":"2024-05-26","hidden":false,"maps":[{"filename":"floorplan_1000.pdf","file":"floorplan_1000.pdf","name":"1000","description":"1000","name_text":"1000","id":85,"sort_order":11,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2Ffloorplan_1000.pdf?alt=media"},{"filename":"floorplan_2000.pdf","file":"floorplan_2000.pdf","name":"2000","description":"2000","name_text":"2000","id":86,"sort_order":21,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/BSIDESVANCOUVER2024%2Ffloorplan_2000.pdf?alt=media"}],"supportdoc":"","codeofconduct":"","updated_at":{"seconds":1717732023,"nanoseconds":219222000}},{"end_timestamp_str":"2023-12-30T22:59:59+00:00","end_date":"2023-12-30","kickoff_timestamp":{"seconds":1703665800,"nanoseconds":0},"enable_merch":false,"code":"37C3","maps":[],"start_timestamp":{"seconds":1703631600,"nanoseconds":0},"timezone":"Europe/Berlin","link":"","description":"","kickoff_timestamp_str":"2023-12-27T08:30:00+00:00","enable_merch_cart":false,"conference_id":131,"start_timestamp_str":"2023-12-26T23:00:00+00:00","end_timestamp":{"seconds":1703977199,"nanoseconds":0},"home_menu_id":115,"name":"37C3","tagline_text":null,"id":131,"start_date":"2023-12-27","hidden":false,"supportdoc":"","codeofconduct":"","updated_at":{"seconds":1717731993,"nanoseconds":718786000}},{"code":"DEFCON30","timezone":"America/Los_Angeles","name":"DEF CON 30","link":"","description":"","id":65,"start_date":"2022-08-11","hidden":false,"conference_id":65,"start_timestamp_str":"2022-08-11T07:00:00+00:00","start_timestamp":{"seconds":1660201200,"nanoseconds":0},"kickoff_timestamp":{"seconds":1660323600,"nanoseconds":0},"kickoff_timestamp_str":"2022-08-12T17:00:00+00:00","end_date":"2022-08-16","end_timestamp_str":"2022-08-17T06:59:59+00:00","end_timestamp":{"seconds":1660719599,"nanoseconds":0},"maps":[{"filename":"dc-30-ceasars-forum-anv4.pdf","file":"dc-30-ceasars-forum-anv4.pdf","name":"Forum","description":"Forum","name_text":"Forum","id":3,"sort_order":1,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/DEFCON30%2Fdc-30-ceasars-forum-anv4.pdf?alt=media"},{"file":"dc-30-flamingo-anv3.pdf","filename":"dc-30-flamingo-anv3.pdf","name":"Flamingo","description":"Flamingo","name_text":"Flamingo","id":4,"sort_order":2,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/DEFCON30%2Fdc-30-flamingo-anv3.pdf?alt=media"},{"filename":"dc-30-harrahs-3-public-anv1.pdf","file":"dc-30-harrahs-3-public-anv1.pdf","name":"Harrah's","description":"Harrah's","name_text":"Harrah's","id":6,"sort_order":4,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/DEFCON30%2Fdc-30-harrahs-3-public-anv1.pdf?alt=media"},{"file":"dc-30-linq-5-public-anv1.pdf","filename":"dc-30-linq-5-public-anv1.pdf","name":"LINQ","description":"LINQ","name_text":"LINQ","id":5,"sort_order":3,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/DEFCON30%2Fdc-30-linq-5-public-anv1.pdf?alt=media"},{"filename":"forum_location.pdf","file":"forum_location.pdf","name":"Forum Location","description":"Forum Location","name_text":"Forum Location","id":7,"sort_order":5,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/DEFCON30%2Fforum_location.pdf?alt=media"}],"enable_merch":true,"enable_wifi":false,"home_menu_id":36,"tagline_text":"Welcome to DEF CON - the largest hacker conference in the world.","merch_help_doc_id":285,"enable_merch_cart":true,"supportdoc":"","codeofconduct":"","updated_at":{"seconds":1717731923,"nanoseconds":210711000}},{"end_timestamp_str":"2023-08-14T04:00:00+00:00","end_date":"2023-08-13","code":"DEFCON31","start_timestamp":{"seconds":1691683200,"nanoseconds":0},"timezone":"America/Los_Angeles","link":"","description":"","conference_id":96,"start_timestamp_str":"2023-08-10T16:00:00+00:00","end_timestamp":{"seconds":1691985600,"nanoseconds":0},"name":"DEF CON 31","id":96,"start_date":"2023-08-10","hidden":false,"tagline_text":"Welcome to DEF CON - the largest hacker conference in the world.","kickoff_timestamp_str":"2023-08-11T16:00:00+00:00","kickoff_timestamp":{"seconds":1691769600,"nanoseconds":0},"home_menu_id":1,"enable_merch":true,"merch_help_doc_id":297,"enable_merch_cart":true,"maps":[{"file":"dc-31-ceasars-forum-public-1.pdf","filename":"dc-31-ceasars-forum-public-1.pdf","name":"Caesars Forum","description":"Caesars Forum","name_text":"Caesars Forum","id":48,"sort_order":2,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/DEFCON31%2Fdc-31-ceasars-forum-public-1.pdf?alt=media"},{"filename":"dc-31-flamingo-public-2.pdf","file":"dc-31-flamingo-public-2.pdf","name":"Flamingo","description":"Flamingo","name_text":"Flamingo","id":58,"sort_order":4,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/DEFCON31%2Fdc-31-flamingo-public-2.pdf?alt=media"},{"file":"dc-31-harrahs-public-2.pdf","filename":"dc-31-harrahs-public-2.pdf","name":"Harrah's","description":"Harrah's","name_text":"Harrah's","id":59,"sort_order":6,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/DEFCON31%2Fdc-31-harrahs-public-2.pdf?alt=media"},{"file":"dc-31-linq-public-2.pdf","filename":"dc-31-linq-public-2.pdf","name":"LINQ","description":"LINQ","name_text":"LINQ","id":60,"sort_order":9,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/DEFCON31%2Fdc-31-linq-public-2.pdf?alt=media"},{"filename":"dc31contests_public_flat.pdf","file":"dc31contests_public_flat.pdf","name":"CF Contest Area","description":"CF Contest Area","name_text":"CF Contest Area","id":61,"sort_order":10,"url":"https://firebasestorage.googleapis.com/v0/b/hackertest-5a202.appspot.com/o/DEFCON31%2Fdc31contests_public_flat.pdf?alt=media"}],"supportdoc":"","codeofconduct":"","updated_at":{"seconds":1717731736,"nanoseconds":328411000}},{"end_timestamp_str":"2024-08-12T06:59:59+00:00","end_date":"2024-08-11","kickoff_timestamp":{"seconds":1723219200,"nanoseconds":0},"enable_merch":false,"code":"DEFCON32","maps":[],"start_timestamp":{"seconds":1723100400,"nanoseconds":0},"timezone":"America/Los_Angeles","link":"","description":"","kickoff_timestamp_str":"2024-08-09T16:00:00+00:00","enable_merch_cart":false,"conference_id":133,"end_timestamp":{"seconds":1723445999,"nanoseconds":0},"start_timestamp_str":"2024-08-08T07:00:00+00:00","home_menu_id":117,"name":"DEF CON 32","id":133,"start_date":"2024-08-08","hidden":false,"supportdoc":"","codeofconduct":"","tagline_text":null,"updated_at":{"seconds":1717731521,"nanoseconds":938956000}},{"end_date":"2024-11-15","end_timestamp_str":"2024-11-16T02:59:59+00:00","kickoff_timestamp":{"seconds":1731499200,"nanoseconds":0},"enable_merch":false,"code":"EKOPARTY2024","maps":[],"start_timestamp":{"seconds":1731466800,"nanoseconds":0},"timezone":"America/Argentina/Buenos_Aires","link":"","description":"","kickoff_timestamp_str":"2024-11-13T12:00:00+00:00","enable_merch_cart":false,"conference_id":142,"start_timestamp_str":"2024-11-13T03:00:00+00:00","end_timestamp":{"seconds":1731725999,"nanoseconds":0},"home_menu_id":126,"name":"Ekoparty 2024","id":142,"tagline_text":null,"start_date":"2024-11-13","hidden":false,"supportdoc":"","codeofconduct":"","updated_at":{"seconds":1717119751,"nanoseconds":259123000}}] \ No newline at end of file